Security researchers identified a new Remote Access Trojan we are calling Woody Rat that has been in the wild for at least one year. This advanced custom Rat is mainly the work of a threat actor that targets Russian entities by using lures in archive file format and more recently Office documents leveraging the Follina vulnerability.
TAGS: remote access, woody rat, follina
ADVERSARY: Tonto
INDUSTRIES: Technology, Defense, Aerospace
TARGETED COUNTRY: Russian Federation
MALWARE FAMILIES: Woody, WoodyRAT
ATT&CK IDS: T1566 - Phishing, T1059 - Command and Scripting Interpreter, T1055 - Process Injection, T1057 - Process Discovery, T1083 - File and Directory Discovery, T1560 - Archive Collected Data, T1105 - Ingress Tool Transfer, T1106 - Native API, T1082 - System Information Discovery, T1573 - Encrypted Channel, T1102 - Web Service
Read More:
Comments