216.73.216.86

Unveiling SpiceRAT: Latest tool targeting EMEA and Asia

· Published 24/06/2024 08:03 · Modified 24/06/2024 08:23

Export JSON

Essential information

Published
24/06/2024 08:03
Modified
24/06/2024 08:23
Tags
2024-06-24 phishing rat sideloading spicerat sugargh0st
Related entities
6 observables, 1 intrusion sets (apt), 11 techniques (mitre), 2 malware, 3 others

Description

Cisco Talos discovered a new remote access trojan () dubbed , employed by the threat actor SneakyChef in a recent malicious campaign. The campaign targeted government agencies across multiple countries in Europe, the Middle East, Africa, and Asia. was delivered alongside malware through emails with RAR attachments containing LNK or HTA files as initial vectors. utilizes techniques, leveraging legitimate executables to load malicious components. It gathers system reconnaissance data, communicates with command-and-control servers, and can download additional plugins to expand its capabilities. The report details two infection chains, the malware's analysis, and indicators of compromise.

External references