Today > | 7 High | 22 Medium | 6 Low vulnerabilities   -   You can now download lists of IOCs here!

RemcosRAT Distributed Using Steganography

May 8, 2024, 5:22 p.m.

Description

Security researchers have discovered a campaign distributing RemcosRAT through a sophisticated infection chain involving steganography techniques. The attack starts with a malicious Word document exploiting template injection, leading to the download of an RTF file that leverages an equation editor vulnerability. Subsequently, obfuscated scripts are fetched to ultimately execute RemcosRAT via process hollowing, evading detection. This intricate operation highlights the evolving tactics employed by threat actors to distribute malware.

Date

Published: May 8, 2024, 11:03 a.m.

Created: May 8, 2024, 11:03 a.m.

Modified: May 8, 2024, 5:22 p.m.

Indicators

107.175.31.187

192.210.201.57

http://ur8ly.com/asy2xr

ur8ly.com

Attack Patterns

RemcosRAT

T1036.003

T1059.005

T1055.002

T1059.003

T1059.001

T1027.005

T1059.007

T1204.002

T1566.001

T1055

T1140

T1027

T1059