RAT Distributed as UUEncoding (UUE) File
June 11, 2024, 10:31 a.m.
Tags
External References
Description
This intelligence report describes a malicious operation where the Remcos Remote Access Trojan (RAT) is being disseminated through phishing emails containing an attachment exploiting the Unix-to-Unix Encoding (UUE) technique. The encoded file loads an obfuscated VBScript that fetches additional malicious components, leading to the deployment of the Remcos RAT on compromised systems. The report outlines the multi-stage infection process, providing technical details and indicators of compromise (IOCs) related to this campaign.
Date
Published: June 11, 2024, 10:11 a.m.
Created: June 11, 2024, 10:11 a.m.
Modified: June 11, 2024, 10:31 a.m.
Indicators
194.59.30.90
frabyst44habvous2.duckdns.org
frabyst44habvous1.duckdns.org
Attack Patterns
Remcos
T1059.005
T1059.001
T1059.007
T1562.001
T1057
T1105
T1204
T1056
T1195
T1059