Stories from the SoC Part 1: IDAT Loader to BruteRatel
released on 2024-04-01 @ 09:22:42 AM
This report provides an analysis of a recent malware campaign that begins with a drive-by download of a Rust binary, which then loads the IDAT malware loader. The IDAT loader injects the SecTop RAT, followed by deployment of the Brute Ratel C4 framework for command and control. Technical details are provided on the tactics, techniques and procedures used at each stage of the attack.