Unveiling SpiceRAT: Latest tool targeting EMEA and Asia

Tags

External References

• https://blog.talosintelligence.com/
• https://otx.alienvault.com/

Description

Cisco Talos discovered a new remote access trojan (RAT) dubbed SpiceRAT, employed by the threat actor SneakyChef in a recent malicious campaign. The campaign targeted government agencies across multiple countries in Europe, the Middle East, Africa, and Asia. SpiceRAT was delivered alongside SugarGh0st malware through phishing emails with RAR attachments containing LNK or HTA files as initial vectors. SpiceRAT utilizes sideloading techniques, leveraging legitimate executables to load malicious components. It gathers system reconnaissance data, communicates with command-and-control servers, and can download additional plugins to expand its capabilities. The report details two infection chains, the malware's analysis, and indicators of compromise.

Date