Russian Organizations Targeted by Woody RAT
Industries: Aerospace, Defense | Level: Tactical | Source: Malwarebytes
Woody RAT (Remote Access Trojan) is the latest malware discovery by the Malwarebytes Threat Intelligence team. The malware appears active in the wild for at least a year, with its latest campaign observed to have targeted a Russian organization. "Based on a fake domain registered by the threat actors, we know that they tried to target a Russian aerospace and defense entity known as OAK." The malware appears to have a history of targeting Russian organizations as previous lure documents utilize themes specific to Russia. Woody RAT's primary distribution has been through phishing emails delivering archive files with weaponized Word documents. Lately, it has adopted the Follina vulnerability into its attack chain. Capabilities expected of a remote access trojan are present in Woody RAT such as the ability to capture host information, execute commands, download additional payloads, upload files and capture screenshots. With the current information available the malware attribution remains uncertain, however threat actors from China and North Korea are early speculators, due to historical attacks against Russia.
Anvilogic Use Cases:
- Compressed File Execution
- Malicious Document Execution
- CVE-2022-30190: Microsoft Office Code Execution Vulnerability