Contact

New Trend in MSI File Abuse: New Use of MST Files to Deliver Tromas

NetmanageIT OpenCTI - opencti.netmanageit.com

New Trend in MSI File Abuse: New Use of MST Files to Deliver Tromas



SUMMARY :

The New OceanLotus group has reactivated after a year, employing a novel tactic of MSI file misuse. This APT campaign, targeting a domestic governmental enterprise, marks the first observed use of the MSI TRANSFORMS technique by an APT group. The attack utilizes a legitimate Microsoft installation package, exploiting the MST file to execute malicious code. The group has evolved its methods, shellcode-izing their RUST Trojan for improved memory countermeasures. The campaign's execution chain involves spear-phishing emails and employs DLL side-loading techniques. This new approach demonstrates the group's continued sophistication and adaptability in their cyber espionage activities.

OPENCTI LABELS :

spear-phishing,shellcode,dll side-loading,rust trojan,governmental targets,tromas,mst files,apt-q-31,msi abuse


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


New Trend in MSI File Abuse: New Use of MST Files to Deliver Tromas