DeedRAT Backdoor Enhanced with Advanced Capabilities
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Chinese threat actors have launched a new phishing campaign using DeedRAT, a modular backdoor. The campaign exploits a DLL side-loading vulnerability in VIPRE Antivirus Premium's MambaSafeModeUI.exe. DeedRAT now includes a new NetAgent module, expanding its capabilities. The malware uses TCP for C2 communication and employs various persistence techniques. Notable features include a custom encryption algorithm using a linear congruential generator, API protection, and junk functions to confuse analysts. The backdoor's continued development and increased obfuscation suggest the threat actors are actively enhancing their tools and techniques.
OPENCTI LABELS :
backdoor,phishing,obfuscation,persistence,dll side-loading,antivirus exploitation,deedrat,netagent
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
DeedRAT Backdoor Enhanced with Advanced Capabilities