PoetRAT: Malware Targeting Public and Private Sector Using Malicious Microsoft Word Documents

https://gbhackers.com/modified-poetrat-campaigns/

Security researchers observed multiple brand-new campaigns with modified PoetRAT targeting numerous public and economic sector in Azerbaijan.

The danger actor utilizes malicious word files to trick the victims into downloading the destructive file from temporary hosting providers.

Customized PoetRAT

You can follow us on Linkedin, Twitter, Facebook for day-to-day Cybersecurity and hacking news updates.

The risk star utilizes Word files to drop the malware, it also contains extra harmful macros, which in turn download additional payloads.

The RAT was observed earlier this year utilizing COVID-19 lures to target residents of Azerbaijan, Government, and Energy Sectors.

Numerous projects observed, in among the campaign, the word document includes blurred scripts and has the National Emblem of Azerbaijan in the top corners.

Previous variations of the PoetRAT Python interpreter to carry out the source code, however the new variation of the RAT utilizes Lua script.

As soon as the user opens the destructive files it drops Python interpreter and PoetRAT, likewise the new version uses HTTP protocol for C2 server interaction.

The RAT has tools to monitor the tough disk and to exfiltrate the information instantly, in addition to that it has additional RAT functions such as keyloggers, browser-focused password stealers, camera control applications, and other generic password stealers.

With all the campaigns the assailant continuous to targets VIPs and the public sector and attempts to exfiltrate delicate files from the jeopardized systems.

In another campaign, the word file declared to be from the State Service for Mobilization and Conscription of Azerbaijan.

Read

CoronaVirus Cyber Attack Panic– Threat Actors Targets Victims Worldwide

Chinese APT Hackers Exploit MS Word Bug to Drop Malware Via Weaponized Coronavirus Lure Documents

How Can The Coronavirus (COVID-19) Disrupt Cybersecurity Operations?