< back to blog

Test Blog for Training hello

Alejandro Magallon
Test Blog for Training hello
Published by:
Alejandro Magallon
@
linkedin
Test Blog for Training hello
@
linkedin
Test Blog for Training hello
Published:
December 12, 2025
Table of contents
falco feeds by sysdig

Falco Feeds extends the power of Falco by giving open source-focused companies access to expert-written rules that are continuously updated as new threats are discovered.

learn more
Green background with a circular icon on the left and three bullet points listing: Automatically detect threats, Eliminate rule maintenance, Stay compliant, with three black and white cursor arrows pointing at the text.

hello

This is not a code block

1This is a code block
Activity China-affiliated actors EtherRAT
Initial payload PowerShell commands Encrypted JavaScript
C2 infrastructure Hardcoded IPs/domains Blockchain-resolved
Persistence Minimal (Cobalt Strike beacon)

5 independent mechanisms
Primary tools Cobalt Strike, Sliver, Vshell Custom Node.js implant
Apparent objective Credential theft, initial access Long-term persistent access
Traffic pattern Known beacon signatures Disguised as static asset requests

Add your Title

Add your paragraph.

Add your CTA text

Activity China-affiliated actors EtherRAT
Initial payload PowerShell commands Encrypted JavaScript
C2 infrastructure Hardcoded IPs/domains Blockchain-resolved
Persistence Minimal (Cobalt Strike beacon)

5 independent mechanisms
Primary tools Cobalt Strike, Sliver, Vshell Custom Node.js implant
Apparent objective Credential theft, initial access Long-term persistent access
Traffic pattern Known beacon signatures Disguised as static asset requests
Made with HTML Tables

Updated by: Chelsea

About the author

Compliance
Open Source
featured resources

Test drive the right way to defend the cloud
with a security expert

GET A DEMO