Sugargh0st Rat

Malware updated 5 months ago (2024-06-22T00:17:47.493Z)

Download STIX

Preview STIX

SugarGh0st RAT is a relatively new variant of the Gh0st RAT malware, first identified by researchers at Cisco Talos in November 2023. This Remote Access Trojan (RAT) has been used to carry out cyberespionage and surveillance campaigns against various targets, including government officials in Uzbekistan and South Korea. It shares code similarities with other malicious software like TunnelSpecter and SugarGh0st RAT, indicating possible connections between these threats. The RAT is often delivered via a self-extracting RAR file, which increases the likelihood of infection by eliminating the need for extra software. The SugarGh0st RAT has targeted a wide range of organizations, from U.S. telecommunications companies to international media organizations and South Asian government agencies. In most cases, the hackers have exploited publicly available email addresses to deliver the malware. Once inside the system, it can deploy a decoy document, a dynamic link library (DLL) loader, encrypted malware, and a malicious Visual Basic (VB) script for establishing persistence. The emergence of SugarGh0st RAT underscores the ongoing threat posed by cyberespionage activities. Notably, an unidentified group began using a modified version of this RAT to spy on targets in South Korea and the Ministry of Foreign Affairs in Uzbekistan. As such, organizations are advised to stay vigilant and implement robust cybersecurity measures to protect against these evolving threats.

Description last updated: 2024-06-22T00:16:08.005Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
gh0st RAT is a possible alias for Sugargh0st Rat. Gh0st RAT is a malicious software (malware) that has been in use for over 15 years. It is an open-source remote access tool known for exploiting vulnerabilities in systems, most notably the PHP flaw which it targeted within 24 hours of disclosure. This malware was observed as part of Operation Diplo	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Sugargh0st Malware is associated with Sugargh0st Rat. SugarGh0st is a malicious software (malware) variant first identified by Cisco Talos in November of the previous year. The malware, believed to be connected to China, has been deployed in cyberespionage campaigns primarily targeting the Ministry of Foreign Affairs in Uzbekistan and users in South Ko	Unspecified	2

Source Document References

Information about the Sugargh0st Rat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	5 months ago	'SneakyChef' APT Slices Up Foreign Affairs With SugarGh0st
BankInfoSecurity	6 months ago	Active Chinese Cyberespionage Campaign Rifling Email Servers
Unit42	6 months ago	Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia
DARKReading	6 months ago	CISO Corner: What Cyber Labor Shortage?; SEC Deadlines
BankInfoSecurity	6 months ago	Hackers Target US AI Experts With Customized RAT