Break down the business value of Binary Defense services into dollars and cents

Threat Watch

Share on facebook
Share on twitter
Share on linkedin

New Report Discloses RAT Campaign Using Public Cloud Infrastructure

Researchers at Cisco Talos published a report detailing a remote access trojan (RAT) campaign using public cloud services like Amazon and Microsoft that is estimated to have begun on October 26, 2021. The campaign utilizes the Nanocore, Netwire, and AsyncRAT remote access trojan variants. Initial exploitation is accomplished via phishing emails that contain a zip archive, which in turn contains a malicious ISO image with either a JavaScript, batch file, or VBscript loader. Registered subdomains at duckdns.org are utilized to avoid detection of payload downloads and command-and-control (C2) communication.

ANALYST NOTES