This report compliments the available information about recent phishing campaigns that distribute Remcos by highlighting the way in which DBatLoader stages the RAT on infected systems. Further, the Ukrainian CERT has recently issued reports on Remcos RAT phishing campaigns targeting Ukrainian state institutions for espionage purposes using password-protected archives as email attachments. ![]() ![]() Threat actors typically distribute the RAT through phishing emails and stage it on systems using a variety of forms and methods.Įxamples include the use of the TrickGate loader stored in archive files, malicious ISO images, and URLs to VBScript scripts embedded in pictures. The feature-rich RAT Remcos is actively used by threat actors with cybercriminal and espionage motivations. In this blog post, we summarize our observations on these campaigns to equip defenders with the information they need to protect against this threat.ĭBatLoader is characterized by the abuse of public Cloud infrastructure to host its malware staging component. ![]() SentinelOne has been observing phishing campaigns that distribute the Remcos RAT using the DBatLoader malware loader to target predominantly Eastern European institutions and businesses.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |