ChaChi: a New GoLang RAT

Published June 23, 2021

BlackBerry has identified a new type of malicious software written in the Go programming language as the operator of the PYSA ransomware campaign, which has been targeting education institutions across the United States and Canada.

REFERENCE:

https://blogs.blackberry.com/en/2021/06/pysa-loves-chachi-a-new-golang-rat

TAGS:

pysa, chashell, chisel, chachi, mespinoza, golang, ekans, http, RAT

INDUSTRIES:

Higher Education, Healthcare, Education

TARGETED COUNTRIES:

United States of America, France, United Kingdom of Great Britain and Northern Ireland

MALWARE FAMILIES:

PYSA, Chashell, Chisel, Ekans, Mespinoza, ChaChi

ATT&CK IDS:

T1059.001 – PowerShell, T1059.003 – Windows Command Shell, T1569.002 – Service Execution, T1543.003 – Windows Service, T1027 – Obfuscated Files or Information, T1057 – Process Discovery, T1082 – System Information Discovery, T1572 – Protocol Tunneling, T1071.001 – Web Protocols, T1090.002 – External Proxy, T1001 – Data Obfuscation, T1008 – Fallback Channels, T1573.001 – Symmetric Cryptography, T1041 – Exfiltration Over C2 Channel, T1587.001 – Malware, T1583.001 – Domains

0 Comments

Submit a Comment Cancel reply

Ready to Simplify IT Management?

We will work with you to create a plan that meets your business needs, while helping you get more from your technology, with less work, and less worry about making it all run right.

Get Started With Managed Services

Device Management

User Management

Security Management

Complete IT Management

ChaChi: a New GoLang RAT

Related Content

New JSSLoader Trojan Delivered Through XLL Files

New SysJoker Backdoor Targets Windows, Linux, and macOS

Widespread Credential Phishing Campaign

0 Comments

Submit a Comment Cancel reply

Ready to Simplify IT Management?