all InfoSec news
RemcosRAT Distributed Using Steganography
Malware Analysis, News and Indicators - Latest topics malware.news
AhnLab SEcurity intelligence Center (ASEC) has recently identified RemcosRAT being distributed using the steganography technique. Attacks begin with a Word document using the template injection technique, after which an RTF that exploits a vulnerability in the equation editor (EQNEDT32.EXE) is downloaded and executed.
Figure 1. A Word document containing an external link
The RTF file downloads a VBScript with the “.jpg” file extension from the C2 and another VBScript from “paste.ee”, a service similar to “Pastebin” where one can upload …
ahnlab asec attacks center distributed document downloads editor equation equation editor exploits external file injection injection technique intelligence link malware analysis remcosrat rtf security security intelligence steganography template template injection vulnerability word word document