Experts from Cisco Talos discovered a new malware, tracked as ObliqueRAT, that appears a custom malware developed by a threat actor focused on government and diplomatic targets.
The malware was employed in targeted attacks against organizations in Southeast Asia
“Cisco Talos has recently discovered a new
The most recent campaign started in January 2020 and is still ongoing.
The threat actor uses phishing messages with weaponized Microsoft Office documents to deliver the RAT.
The malicious documents trick victims into inserting a password contained in the message to view their contents. The VB script in the
The malicious VB script included in the documents, once activated, will extract a malicious binary and drop an executable which drops the ObliqueRAT.
VBScript creates the following shortcut in the currently logged in user’s Start-Up directory to achieve persistence:
“The RAT ensures that only one instance of its process is running on the infected endpoint at any given time by creating and checking for a
The malware implements evasion and anti-analysis checks to avoid the execution of the implant on a Sandbox or to prevent the execution of the implant in a test environment.
“This campaign shows a threat actor conducting a targeted distribution of
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.