Woody RAT: A new feature-rich malware spotted in the wild

Security researchers identified a new Remote Access Trojan we are calling Woody Rat that has been in the wild for at least one year. This advanced custom Rat is mainly the work of a threat actor that targets Russian entities by using lures in archive file format and more recently Office documents leveraging the Follina vulnerability.

REFERENCE: https://blog.malwarebytes.com/threat-intelligence/2022/08/woody-rat-a-new-feature-rich-malware-spotted-in-the-wild/

TAGS: remote access, woody rat, follina

ADVERSARY: Tonto

INDUSTRIES: Technology, Defense, Aerospace

TARGETED COUNTRY: Russian Federation

MALWARE FAMILIES: Woody, WoodyRAT

ATT&CK IDS: T1566 - Phishing, T1059 - Command and Scripting Interpreter, T1055 - Process Injection, T1057 - Process Discovery, T1083 - File and Directory Discovery, T1560 - Archive Collected Data, T1105 - Ingress Tool Transfer, T1106 - Native API, T1082 - System Information Discovery, T1573 - Encrypted Channel, T1102 - Web Service

Read More:

https://otx.alienvault.com/pulse/62eb7b904a723ca5c89506c2