Rancor: Rancor, a group based out of China, currently being tracked by Palo Alto Networks’ Unit 42 is back again with a new malware dubbed Dudell. It is believed that this malware was created and used most recently in attacks that occurred between December 2018 and January 2019 that targeted Cambodian government organizations. The sample found by Unit 42 featured similarities to another malware associated with Rancor that was used against other Southeast Asian governments. The downloader is disguised as a Microsoft Excel document with the intent of running malicious macros and dropping second stage malware payloads.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased