PhantomCore, a cybercrime group identified as a significant threat to Russian and Belarusian firms, has evolved its tactics and tools since its initial attacks were detected around 2022. This group's ability to adapt and innovate in response to evolving cybersecurity landscapes is notable. Among its latest developments is the proprietary malware KermitRAT, designed for remote access, which exhibits diverse functionalities including command execution, data exfiltration, and detailed system information gathering. The malware can execute hidden commands via PowerShell or cmd, capture screenshots, and log keystrokes, all of which are stealthily transmitted to the attackers' command and control (C2) servers.