As originally reported by TheRecord, Microsoft analysts are warning of a recent resurgence of the Java-based backdoor STRRAT. This backdoor was distributed over malspam containing malicious PDF attachments. STRRAT, written in Java, is a typical credential stealer with the addition of a custom shell/PowerShell command execution. Additionally, the rat allows attackers to install RDWrap, an open source RDP session tool. The RAT also renames file extensions on the system to “.crimson” however it doesn’t encrypt the files. Renaming the files fixes the change.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security