lazarus.day
Actors
Reports
Incidents
IoCs
Analytics
Actors
Reports
Incidents
IoCs
Support
#EtherRAT
Malware
2025-12-08 •
EtherRAT: DPRK uses novel Ethereum implant in React2Shell attacks
Share:
4
Tagged Reports
3
Unique Authors
122
Active Days
Tagged Reports
2026-04-08
Phatom Candle
Spoofed IT Tools Distribute EtherRAT in Highly Stealthy Campaign Suspected Linked to DPRK APT
#EtherRAT
#T1566
#T1102
#T1027
#T1547.001
#T1059
#T1001.003
#T1140
2026-03-25
e Sentire
EtherRAT & SYS_INFO Module: C2 on Ethereum (EtherHiding), Target Selection, CDN-Like Beacons
#ClickFix
#EtherHiding
#EtherRAT
2025-12-16
Sysdig
EtherRAT dissected: How a React2Shell implant delivers 5 payloads through blockchain C2
#CVE-2025-55182
#EtherRAT
#React2Shell
#Suspicious
2025-12-08
Sysdig
EtherRAT: DPRK uses novel Ethereum implant in React2Shell attacks
#CVE-2025-55182
#EtherRAT
#React2Shell
#Suspicious
« Back