GhostWeaver is a fileless PowerShell RAT using GZip-compressed JSON over TLS1.0 on port 25658, linked to TA582/TAG-124. Four DGAs, CMSTPLUA UAC bypass and PEB masquerade observed. Active C2s documented. #GhostWeaver #TA582 #Pantera https://bit.ly/4unsp5A
1
0
0
0