Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
The Horns&Hooves campaign, active since March 2023, targets Russian businesses with malicious email attachments containing scripts that install NetSupport RAT or BurnsRAT. The campaign evolved through several versions, improving obfuscation and delivery methods. It uses decoy documents and legitimate-looking file names to trick users. The attackers, likely associated with the TA569 group, gain remote access to infected systems and potentially sell this access to other cybercriminals. The campaign has affected over a thousand users, primarily in Russia, and has been observed attempting to install additional malware like Rhadamanthys and Meduza stealers.
OPENCTI LABELS :
netsupport rat,remote access,burnsrat,meduza
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT