Names | TranslucentGh0st | |
Category | Malware | |
Type | Backdoor | |
Description | (<https://blogapp.bitdefender.com/labs/content/files/2024/05/Bitdefender-Report-DeepDive-creat7721-en_EN.pdf}Bitdefender>) A Variant of Gh0st RAT. The analysis and comparison of EtherealGh0st and TranslucentGh0st showed that TranslucentGh0st is the predecessor of the EtherealGh0st. The difference between these two is that TranslucentGh0st uses byte constants to determine the command to interpret. The c2 address is base64 encoded and encrypted with a byte-XOR with 0x28 and SUB 0xC. The port is hardcoded into the binary in plain. | |
Information | <https://blogapp.bitdefender.com/labs/content/files/2024/05/Bitdefender-Report-DeepDive-creat7721-en_EN.pdf> |
Last change to this tool card: 18 June 2024
Download this tool card in JSON format
Changed | Name | Country | Observed | ||
APT groups | |||||
Unfading Sea Haze | 2018 |
1 group listed (1 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |