A previously undiscovered remote access trojan (RAT) is being used to target Farsi-speaking code developers in Iran. Dubbed CodeRAT, the new RAT is used in attacks targeting developers using a Microsoft Dynamic Data Exchange (DDE) exploit.
TARGETED COUNTRY: Iran, Islamic Republic of
MALWARE FAMILY: RAT
ATT&CK IDS: T1106 - Native API, T1070 - Indicator Removal on Host, T1113 - Screen Capture, T1059 - Command and Scripting Interpreter, T1090 - Proxy, T1559 - Inter-Process Communication, T1105 - Ingress Tool Transfer, T1057 - Process Discovery, T1083 - File and Directory Discovery, T1566 - Phishing
Read More:
Comments