As with many campaigns, this malware is spread through phishing techniques. This demonstrates the benefit of employing an email monitoring solution in an enterprise environment. Additionally, it demonstrates the need for constant – and recurring – user education on common phishing tactics and how to detect and protect against them. Apart from these general statements that can apply to most new campaigns, this RAT also demonstrates a few different techniques that are possible to monitor. For one, it is beneficial to monitor for any suspicious file creations in the startup folder, which would detect the BAT being created there to establish persistence. Another possible tactic to detect would be to alert for any attempts at stealing passwords or cookies from the browser. Further, it is beneficial to monitor for any popular reconnaissance commands being used.
https://www.bleepingcomputer.com/news/security/new-stealthy-python-rat-malware-targets-windows-in-attacks/
