[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQAhBI1Nk3vXlipEQqGSqqZC_inNLd0V8LwW7c64JYPY":3},{"article":4,"iocs":41},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":21,"category":22,"article_tags":25},"cf6ade62-7b28-4709-bb71-3fac966a8933","\"EtherRAT was installed via a malicious MSI [...] then deployed The Gentlemen ransomware\"\nAlready...","etherrat-was-installed-via-a-malicious-msi-then-deployed-the-gentlemen-ransomwar-28f380","\"EtherRAT was installed via a malicious MSI [...] then deployed The Gentlemen ransomware\"\nAlready gave that sample to @smica83 in April...  Also gave him more samples like this, so if you are following him, could see more...\n🤷‍♂️ https:\u002F\u002Ft.co\u002FlZTC2ynxtN","Security researchers discovered EtherRAT, a remote access trojan, being delivered through malicious MSI (Windows Installer) packages, which subsequently deployed The Gentlemen ransomware. The samples were shared with security community members in April and additional variants are reportedly in circulation. This represents a multi-stage attack chain combining initial access and lateral movement with ransomware deployment.","EtherRAT remote access trojan deployed via malicious MSI installer before delivering The Gentlemen ransomware.",null,"https:\u002F\u002Fx.com\u002Fmalwrhunterteam\u002Fstatus\u002F2054247529462591552","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHIIkDE7WoAALsnM.png","2026-05-12T17:09:11+00:00","2026-05-12T18:00:16.107223+00:00",7,[18],{"name":19,"type":20},"Windows Installer (MSI)","technology","89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5",{"id":21,"icon":11,"name":23,"slug":24},"Malware","malware",[26,31,36],{"category":27},{"id":28,"icon":11,"name":29,"slug":30},"26b0b636-0e31-4db1-bffb-61bdf9f20a58","Supply Chain","supply-chain",{"category":32},{"id":33,"icon":11,"name":34,"slug":35},"7d8b5ab8-ea0b-4ced-ae97-ec251b86993a","Ransomware","ransomware",{"category":37},{"id":38,"icon":11,"name":39,"slug":40},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[42,45],{"type":24,"value":43,"context":44},"EtherRAT","Remote access trojan delivered via malicious MSI installer",{"type":24,"value":46,"context":47},"The Gentlemen","Ransomware deployed post-EtherRAT infection"]