[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fEokaH22aBJEtjRywRVn90lBtU6URZQ9nrW8VACG27cg":3},{"article":4,"iocs":41},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":24,"category":25,"article_tags":28},"3cd12106-7148-4b42-ada6-af31da5a32c0","EtherRAT brought blockchain-backed C2 into this intrusion.\n\nA malicious MSI masquerading as Sysin...","etherrat-brought-blockchain-backed-c2-into-this-intrusion-a-malicious-msi-masque-1170d5","EtherRAT brought blockchain-backed C2 into this intrusion.\n\nA malicious MSI masquerading as Sysinternals RAMMap deployed EtherRAT, which used EtherHiding to retrieve Ethereum-hosted C2 config updates before pivoting to TryCloudflare infrastructure.\n\nFull report: https:\u002F\u002Ft.co\u002FvyR3PRxeYH","A malicious MSI installer disguised as Sysinternals RAMMap deployed EtherRAT, a remote access trojan that leverages EtherHiding to retrieve command-and-control configuration updates hosted on the Ethereum blockchain. After initial compromise, the malware pivoted to using TryCloudflare infrastructure for continued command delivery.","EtherRAT malware deployed via fake Sysinternals MSI uses blockchain C2 communications.",null,"https:\u002F\u002Fx.com\u002FTheDFIRReport\u002Fstatus\u002F2061421296156590181","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHJujvZGWkAAmlN6.jpg","2026-06-01T12:15:11+00:00","2026-06-01T13:00:09.589951+00:00",8,[18,21],{"name":19,"type":20},"Sysinternals RAMMap","product",{"name":22,"type":23},"Ethereum blockchain","technology","89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5",{"id":24,"icon":11,"name":26,"slug":27},"Malware","malware",[29,34,36],{"category":30},{"id":31,"icon":11,"name":32,"slug":33},"26b0b636-0e31-4db1-bffb-61bdf9f20a58","Supply Chain","supply-chain",{"category":35},{"id":24,"icon":11,"name":26,"slug":27},{"category":37},{"id":38,"icon":11,"name":39,"slug":40},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[42,45],{"type":27,"value":43,"context":44},"EtherRAT","Remote access trojan deployed via malicious MSI installer",{"type":27,"value":46,"context":47},"EtherHiding","Technique used to retrieve C2 configuration from Ethereum blockchain"]