Klingon RAT

Security Alert
Published June 17, 2021

With more malware written in Golang than ever before, the threat from Go-based Remote Access Trojans (RATs) has never been higher. Not only has the number of Go malware increased but also the sophistication of these threats. This is a technical analysis of an advanced RAT written in Go that Intezer is calling Klingon RAT. The RAT is well-featured and resilient due to its multiple methods of persistence and privilege escalation. It was determined that the RAT is being used by cybercriminals for financial gain. It is important to stay on top of this threat as it will degrade Antivirus security through killing targeted processes and hiding communications through encrypted channels.

 

MALWARE FAMILY:
Klingon
ATT&CK IDS:
T1059.001 – PowerShellT1059.003 – Windows Command ShellT1047 – Windows Management InstrumentationT1547.001 – Registry Run Keys / Startup FolderT1547.004 – Winlogon Helper DLLT1546.003 – Windows Management Instrumentation Event SubscriptionT1546.012 – Image File Execution Options InjectionT1053.005 – Scheduled TaskT1548.002 – Bypass User Account ControlT1562.001 – Disable or Modify ToolsT1070.004 – File DeletionT1003.001 – LSASS MemoryT1082 – System Information DiscoveryT1016 – System Network Configuration DiscoveryT1018 – Remote System DiscoveryT1571 – Non-Standard PortT1071.001 – Web Protocols

Related Content

Emerging Ransomware Groups

Emerging Ransomware Groups

Emerging Ransomware Groups: AvosLocker, Hive, HelloKitty, LockBit 2.0 A look at some of the emerging ransomware groups...

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Ready to Simplify IT Management?

We will work with you to create a plan that meets your business needs, while helping you get more from your technology, with less work, and less worry about making it all run right.