 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: PylangGhost| Names | PylangGhost | |
| Category | Malware | |
| Type | Backdoor | |
| Description | (Talos) As the Golang variant of the RAT is already well-documented, this blog focuses on the Python version and the similarities between the two. The initial stage consists of a command line which the fake webpage tells the unsuspecting user to copy, paste and execute. The command line uses either PowerShell Invoke-Webrequest or curl to download a ZIP file containing the PylangGhost modules as well as Visual Basic Script file. This script is responsible for unzipping the Python library stored in the “lib.zip file” and launching the trojan by running a renamed Python interpreter using the file “nvidia.py” as the Python program to run. | |
| Information | <https://blog.talosintelligence.com/python-version-of-golangghost-rat/> | |
Last change to this tool card: 28 June 2025
Download this tool card in JSON format
| Changed | Name | Country | Observed | ||
APT groups | |||||
 | ↳ Subgroup: Operation Contagious Interview |  | 2022-Jun 2025  |  | |
1 group listed (1 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |