EtherRAT
According to sysdig, EtherRAT uses Ethereum smart contracts for C2 URL resolution. It establishes persistence through five independent mechanisms, ensuring survival across reboots and system maintenance (systemd, xdg, cron, bashrc, profile).
Last 7 days
No activity observed in the last 7 days.
Further Reading
EtherRAT dissected: How a React2Shell implant delivers 5 payloads through blockchain C2 | Sysdig
Sysdig TRT analyzes EtherRAT, a novel blockchain-based implant exploiting React2Shell, revealing credential theft, worm propagation, and forensic insights.
sysdig.com
EtherRAT: DPRK uses novel Ethereum implant in React2Shell attacks | Sysdig
Discover how the critical React2Shell vulnerability (CVE-2025-55182) is being actively exploited to deploy EtherRAT, a persistent access implant that uses Ethereum smart contracts for blockchain C2...
sysdig.com