HiveRAT communicates with a Command and Control (C2) server to receive instructions and exfiltrate stolen data. Security tools have identified specific signatures for HiveRAT's C2 traffic. Indicators of Compromise (IoCs) HIVERAT.rar or HiveRAT Cracked.exe Behaviors: Writing new executables to temporary folders.

Specifically targets browser-stored credentials and messaging client data, such as Discord tokens.

Reads the computer name and system information to identify the target.

May modify autorun registry keys to ensure it launches every time the computer restarts. 3. Network Activity (C2)

Includes features for monitoring the victim's desktop and keyboard activity.

The malware is typically delivered via phishing or malicious downloads in a compressed .rar format. Once extracted, the primary executable (often masquerading as a crack or tool) initiates the infection. 2. Core Capabilities