New Campaign Uses Remcos RAT to Exploit Victims
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A phishing campaign utilizing Remcos RAT has been detected. The attack begins with an email containing a malicious Excel document that exploits CVE-2017-0199. When opened, it downloads and executes an HTA file, which in turn downloads and runs a malicious EXE. This EXE uses PowerShell to load and execute obfuscated code, employing various anti-analysis techniques. The malware performs process hollowing to inject Remcos into a new process, maintaining persistence through registry modifications. Remcos then communicates with its C2 server, collecting system information and awaiting further commands. The RAT has extensive capabilities for remote control and data exfiltration from the victim's device.
OPENCTI LABELS :
powershell,rat,phishing,process hollowing,remcos,cve-2017-0199
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
New Campaign Uses Remcos RAT to Exploit Victims