Blog | G5 Cyber Security

PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors

Azerbaijan government and energy sector likely targeted by an unknown actor. The actor uses Word documents to drop malware that allows remote control over the victims. The malware was distributed using URLs that mimic some Azerbaijan government domains. The droppers are Microsoft Word documents that deploy a Python-based remote access trojan (RAT) The actor collects files, passwords and even images from the webcam, using other tools that it deploys as needed. The operation seems to be manual, but it’s streamlined to deploy additional tools as needed and to avoid unnecessary steps.”]

Source: https://blog.talosintelligence.com/2020/04/poetrat-covid-19-lures.html

Exit mobile version