EtherRAT (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

js.ether_rat (Back to overview)

EtherRAT

According to sysdig, EtherRAT uses Ethereum smart contracts for C2 URL resolution. It establishes persistence through five independent mechanisms, ensuring survival across reboots and system maintenance (systemd, xdg, cron, bashrc, profile).

References

2025-12-16 ⋅ sysdig ⋅ Sysdig Threat Research Team
EtherRAT dissected: How a React2Shell implant delivers 5 payloads through blockchain C2
EtherRAT

2025-12-08 ⋅ sysdig ⋅ Sysdig Threat Research Team
EtherRAT: DPRK uses novel Ethereum implant in React2Shell attacks
EtherRAT

There is no Yara-Signature yet.

EtherRAT Propose Change

References

EtherRAT