Reaver

Reaver is a malicious software (malware) that was discovered to share code with Mirage, another malware, as evidenced by a code reuse analysis report (SHA256: 28d6a9a709b9ead84aece250889a1687c07e19f6993325ba5295410a478da30a). Both of these malwares have been attributed to Chinese government-affiliated groups. This discovery was made during a VirusTotal hunting exercise, where a new version of the Remote Access Trojan (RAT) was found through a YARA signature created based on code unique to both Mirage and Reaver. Similar to its counterpart, Reaver operates by acquiring the IP or domain of the Command & Control (C&C) server, the port, name of the binary, a sleep timer, and what Palo Alto refers to as a "campaign identifier". These operations were detailed in a post by Palo Alto Networks' research center. This information allows the malware to effectively communicate with its C&C server, enabling it to carry out its malicious activities which include stealing personal data, disrupting operations, and potentially holding user data for ransom. The ties between Reaver, Mirage, and the Chinese government-affiliated groups reveal a sophisticated level of cyber espionage and threat activity. The shared code between Reaver and Mirage indicates a possible connection or common source, suggesting an organized, state-sponsored cyber operation. As such, it is crucial for individuals and organizations to maintain robust cybersecurity measures to protect against such threats.