Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomware
The alert ties observed intrusions involving the EtherRat remote-access trojan and TukTuk command-and-control infrastructure to a final-stage deployment of Gentleman ransomware. The technical value is in the intrusion sequencing: EtherRat and TukTuk appear to function as earlier-stage access or operator-control components that precede ransomware execution, which gives defenders upstream telemetry to hunt before encryption begins. That linkage is useful for incident response because detections on either malware family can indicate a broader ransomware playbook rather than an isolated commodity infection. Even as a flash alert rather than a full root-cause exploit write-up, it provides actionable threat-intelligence on malware family relationships, C2 usage, and pre-ransomware activity.