Attack on *stan: Your malware, my C2

This report analyzes KazakRAT, a Windows DLL remote access trojan deployed via MSI installers with regional decoys (Kazakh/Afghan), detailing its persistence (Run key + rundll32), unencrypted HTTP C2 beaconing (/as/include.php), command set (exec, info, disks, file exfiltration), multiple variants and correlated infrastructure; it provides IOCs (domains, IPs, SHA256s), a YARA rule, sinkhole telemetry of active victim beacons, and assesses likely low-maturity state-affiliated espionage activity targeting government and financial roles.