Description
Security researchers have discovered a campaign distributing RemcosRAT through a sophisticated infection chain involving steganography techniques. The attack starts with a malicious Word document exploiting template injection, leading to the download of an RTF file that leverages an equation editor vulnerability. Subsequently, obfuscated scripts are fetched to ultimately execute RemcosRAT via process hollowing, evading detection. This intricate operation highlights the evolving tactics employed by threat actors to distribute malware.
Date
| Published | Created | Modified |
|---|---|---|
| May 8, 2024, 11:03 a.m. | May 8, 2024, 11:03 a.m. | May 8, 2024, 5:22 p.m. |
Indicators
http://ur8ly.com/asy2xr
Attack Patterns
RemcosRAT
T1036.003
T1059.005
T1055.002
T1059.003
T1059.001
T1027.005
T1059.007
T1204.002
T1566.001
T1055
T1140
T1027
T1059