Moonrise RAT: A New Low-Detection Threat with High-Cost Consequences

This report analyzes Moonrise, a stealthy Go-based RAT that initially bypassed static detection and rapidly established WebSocket C2 connectivity; it documents observed commands and capabilities (process/file enumeration, remote execution, credential/clipboard theft, screen/webcam/audio capture, persistence and lifecycle management), provides multiple sample hashes and a C2 IP, and recommends behavior-based monitoring, sandbox execution, and TI-enrichment for earlier detection and containment.