Threats Tagged 'ratgopher'
View all threats tagged with 'ratgopher'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'ratgopher'
Click on any threat for detailed analysis and mitigation recommendations
GopherWhisper: A burrow full of malware 0 ESET researchers discovered a previously undocumented China-aligned APT group named GopherWhisper that targeted a governmental entity in Mongolia. The group employs a diverse arsenal of custom tools, predominantly written in Go, including backdoors LaxGopher, RatGopher, and BoxOfFriends, along with injectors JabGopher, exfiltration tool CompactGopher, loader FriendDelivery, and C++ backdoor SSLORDoor. The threat actors abuse legitimate services including Discord, Slack, Microsoft 365 Outlook, and file.io for command and control communications and data exfiltration. Through extraction of thousands of messages from compromised Slack and Discord channels, researchers gained valuable insights into the group's internal operations and post-compromise activities. Timestamp analysis of communications indicates operators work during UTC+8 business hours, aligning with China Standard Time, supporting attribution to China-aligned actors. Join the discussion | AlienVault OTX General | 04/23/2026, 14:37:50 UTC Added: 04/24/2026, 09:06:03 UTC |
Showing 1 to 1 of 1 result