top of page
Search
Writer's pictureStormsec

Woody RAT: A new feature-rich malware spotted in the wild

Security researchers identified a new Remote Access Trojan we are calling Woody Rat that has been in the wild for at least one year. This advanced custom Rat is mainly the work of a threat actor that targets Russian entities by using lures in archive file format and more recently Office documents leveraging the Follina vulnerability.




ADVERSARY: Tonto



TARGETED COUNTRY: Russian Federation


MALWARE FAMILIES: Woody, WoodyRAT


ATT&CK IDS: T1566 - Phishing, T1059 - Command and Scripting Interpreter, T1055 - Process Injection, T1057 - Process Discovery, T1083 - File and Directory Discovery, T1560 - Archive Collected Data, T1105 - Ingress Tool Transfer, T1106 - Native API, T1082 - System Information Discovery, T1573 - Encrypted Channel, T1102 - Web Service


Read More:

0 views

Comments


Commenting has been turned off.
bottom of page