: Immediately disconnect any machine where this file was detected from the network.
: Look for unauthorized cURL or tar commands in system audit logs. GOGITTER, GITSHELLPAD, and GOSHELL Analysis svchost.rar
: The actor uses the command tar -xvf svchost.rar to extract post-compromise tools. : Immediately disconnect any machine where this file
: Analysis on platforms like ANY.RUN has tagged variants of this archive with the Quasar RAT . svchost.rar