: Analysts have observed the group installing:
: The malware includes multiple layers of sandbox and analysis evasion, such as virtual machine detection (targeting VMware, VirtualBox, and QEMU) and anti-debugging checks. Indicators of Compromise (IoCs)
: Strains like Gh0st RAT for full system control.
: Installation of CoinMiners to exploit system hardware for cryptocurrency mining. Delivery and Execution
