ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool TranslucentGh0st

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: TranslucentGh0st

NamesTranslucentGh0st
CategoryMalware
TypeBackdoor
Description(<https://blogapp.bitdefender.com/labs/content/files/2024/05/Bitdefender-Report-DeepDive-creat7721-en_EN.pdf}Bitdefender>) A Variant of Gh0st RAT. The analysis and comparison of EtherealGh0st and TranslucentGh0st showed that TranslucentGh0st is the predecessor of the EtherealGh0st. The difference between these two is that TranslucentGh0st uses byte constants to determine the command to interpret.
The c2 address is base64 encoded and encrypted with a byte-XOR with 0x28 and SUB 0xC. The port is hardcoded into the binary in plain.
Information<https://blogapp.bitdefender.com/labs/content/files/2024/05/Bitdefender-Report-DeepDive-creat7721-en_EN.pdf>

Last change to this tool card: 18 June 2024

Download this tool card in JSON format

Previous: TRANSLATEXT
Next: TreasureHunter

All groups using tool TranslucentGh0st

ChangedNameCountryObserved

APT groups

 Unfading Sea HazeChina2018 

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]