Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomware In April, we observed an int...

Summary

In April, a domain-wide ransomware attack began with a malicious MSI installer disguised as Sysinternals RAMMap. The intrusion leveraged EtherRat and TukTuk C2 infrastructure to establish persistence before deploying The Gentleman ransomware across the victim's network.

Indicators of Compromise

• malware — EtherRat
• malware — TukTuk C2
• malware — The Gentleman

Entities