Unveiling SpiceRAT: Latest tool targeting EMEA and Asia
June 24, 2024, 8:23 a.m.
Tags
External References
Description
Cisco Talos discovered a new remote access trojan (RAT) dubbed SpiceRAT, employed by the threat actor SneakyChef in a recent malicious campaign. The campaign targeted government agencies across multiple countries in Europe, the Middle East, Africa, and Asia. SpiceRAT was delivered alongside SugarGh0st malware through phishing emails with RAR attachments containing LNK or HTA files as initial vectors. SpiceRAT utilizes sideloading techniques, leveraging legitimate executables to load malicious components. It gathers system reconnaissance data, communicates with command-and-control servers, and can download additional plugins to expand its capabilities. The report details two infection chains, the malware's analysis, and indicators of compromise.
Date
Published: June 24, 2024, 8:03 a.m.
Created: June 24, 2024, 8:03 a.m.
Modified: June 24, 2024, 8:23 a.m.
Indicators
94.198.40.4
45.144.31.57
http://94.198.40.4/homepage/index.aspx
http://stock.adobe-service.net/homepage/index.aspx
http://45.144.31.57:80/S1VRB0HpMXR79eStog35igWKVTsdbx/chromeupdate.zip
stock.adobe-service.net
Attack Patterns
SugarGh0st
SpiceRAT
SneakyChef
T1119
T1136
T1070
T1574
T1547
T1105
T1036
T1027
T1195
T1566
T1059
Additional Informations
Government
Turkmenistan
Angola