ChaChi: a New GoLang RAT

Security Alert
Published June 23, 2021

BlackBerry has identified a new type of malicious software written in the Go programming language as the operator of the PYSA ransomware campaign, which has been targeting education institutions across the United States and Canada.

MALWARE FAMILIES:
PYSAChashellChiselEkansMespinozaChaChi
ATT&CK IDS:
T1059.001 – PowerShellT1059.003 – Windows Command ShellT1569.002 – Service ExecutionT1543.003 – Windows ServiceT1027 – Obfuscated Files or InformationT1057 – Process DiscoveryT1082 – System Information DiscoveryT1572 – Protocol TunnelingT1071.001 – Web ProtocolsT1090.002 – External ProxyT1001 – Data ObfuscationT1008 – Fallback ChannelsT1573.001 – Symmetric CryptographyT1041 – Exfiltration Over C2 ChannelT1587.001 – MalwareT1583.001 – Domains

Related Content

Klingon RAT

Klingon RAT

With more malware written in Golang than ever before, the threat from Go-based Remote Access Trojans (RATs) has never...

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Ready to Simplify IT Management?

We will work with you to create a plan that meets your business needs, while helping you get more from your technology, with less work, and less worry about making it all run right.