Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

RAT Distributed as UUEncoding (UUE) File

June 11, 2024, 10:31 a.m.

Description

This intelligence report describes a malicious operation where the Remcos Remote Access Trojan (RAT) is being disseminated through phishing emails containing an attachment exploiting the Unix-to-Unix Encoding (UUE) technique. The encoded file loads an obfuscated VBScript that fetches additional malicious components, leading to the deployment of the Remcos RAT on compromised systems. The report outlines the multi-stage infection process, providing technical details and indicators of compromise (IOCs) related to this campaign.

Date

Published: June 11, 2024, 10:11 a.m.

Created: June 11, 2024, 10:11 a.m.

Modified: June 11, 2024, 10:31 a.m.

Indicators

194.59.30.90

frabyst44habvous2.duckdns.org

frabyst44habvous1.duckdns.org

Attack Patterns

Remcos

T1059.005

T1059.001

T1059.007

T1562.001

T1057

T1105

T1204

T1056

T1195

T1059