ThunderShell
ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is employed here to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.
Advantage against detection
The "core" RAT doesn't require a second stage to be injected / loaded in memory.
Version 2.1.2 (11/01/2019)
[HIDE][Hidden Content]]