Sugargh0st Rat

Malware Profile Updated a month ago
Download STIX
Preview STIX
SugarGh0st RAT is a relatively new variant of the Gh0st RAT malware, first identified by researchers at Cisco Talos in November 2023. This Remote Access Trojan (RAT) has been used to carry out cyberespionage and surveillance campaigns against various targets, including government officials in Uzbekistan and South Korea. It shares code similarities with other malicious software like TunnelSpecter and SugarGh0st RAT, indicating possible connections between these threats. The RAT is often delivered via a self-extracting RAR file, which increases the likelihood of infection by eliminating the need for extra software. The SugarGh0st RAT has targeted a wide range of organizations, from U.S. telecommunications companies to international media organizations and South Asian government agencies. In most cases, the hackers have exploited publicly available email addresses to deliver the malware. Once inside the system, it can deploy a decoy document, a dynamic link library (DLL) loader, encrypted malware, and a malicious Visual Basic (VB) script for establishing persistence. The emergence of SugarGh0st RAT underscores the ongoing threat posed by cyberespionage activities. Notably, an unidentified group began using a modified version of this RAT to spy on targets in South Korea and the Ministry of Foreign Affairs in Uzbekistan. As such, organizations are advised to stay vigilant and implement robust cybersecurity measures to protect against these evolving threats.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
gh0st RAT
2
Gh0st RAT is a notorious malware that was originally developed by the C. Rufus Security Team in China and has been widely used for cyber espionage since its code leaked in 2008. This malicious software can infiltrate systems through suspicious downloads, emails, or websites, often without the user's
Gh0st
1
Gh0st is a form of malware, or malicious software, that has been used in a variety of cyber attacks to exploit and damage computer systems. Notably, it was used in Operation Diplomatic Specter, where the Gh0st RAT (Remote Access Trojan) sample and Specter malware family were deployed. The malware co
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Decoy
Loader
Chinese
Malware
Rat
Visual Basic
Tool
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Sugargh0stUnspecified
2
SugarGh0st is a malicious software (malware) variant first identified by Cisco Talos in November of the previous year. The malware, believed to be connected to China, has been deployed in cyberespionage campaigns primarily targeting the Ministry of Foreign Affairs in Uzbekistan and users in South Ko
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Sugargh0st Rat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
DARKReading
a month ago
'SneakyChef' APT Slices Up Foreign Affairs With SugarGh0st
BankInfoSecurity
2 months ago
Active Chinese Cyberespionage Campaign Rifling Email Servers
Unit42
2 months ago
Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia
DARKReading
2 months ago
CISO Corner: What Cyber Labor Shortage?; SEC Deadlines
BankInfoSecurity
2 months ago
Hackers Target US AI Experts With Customized RAT