New Trend in MSI File Abuse: New Use of MST Files to Deliver Tromas
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
The New OceanLotus group has reactivated after a year, employing a novel tactic of MSI file misuse. This APT campaign, targeting a domestic governmental enterprise, marks the first observed use of the MSI TRANSFORMS technique by an APT group. The attack utilizes a legitimate Microsoft installation package, exploiting the MST file to execute malicious code. The group has evolved its methods, shellcode-izing their RUST Trojan for improved memory countermeasures. The campaign's execution chain involves spear-phishing emails and employs DLL side-loading techniques. This new approach demonstrates the group's continued sophistication and adaptability in their cyber espionage activities.
OPENCTI LABELS :
spear-phishing,shellcode,dll side-loading,rust trojan,governmental targets,tromas,mst files,apt-q-31,msi abuse
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
New Trend in MSI File Abuse: New Use of MST Files to Deliver Tromas