216.73.217.80

Distribution of Malware Under the Guise of MS Office Cracked Versions (XMRig, OrcusRAT, etc.)

· Published 30/05/2024 07:10 · Modified 30/05/2024 07:31

Export JSON

Essential information

Published
30/05/2024 07:10
Modified
30/05/2024 07:31
Tags
2024-05-30 3proxy antiav cryptominer evasion loader orcusrat purecrypter xmrig
Related entities
11 observables, 15 techniques (mitre), 5 malware

Description

The report analyzes a campaign where threat actors distribute various malware strains like RATs, coinminers, and loaders disguised as cracked versions of popular software. South Korean systems are heavily targeted, with malware persisting via scheduled tasks and evading security products. Detailed technical analysis covers the attack flow, malware functionality, tactics, and infrastructure used in the campaign.

External references