VileRAT: DeathStalker による外国および仮想通貨取引所への継続的なストライキ from securelist.com

図 13. VileRAT の第 1 段階の Python バイトコード。
VileRAT HTTP C2 protocol
VileRAT’s main C2 communication loop, as executed during Main C2 client mode (as described in VileRAT functionalities above), is quite straightforward and runs in a separate thread: