ObliqueRAT

Description

(Talos) Cisco Talos has recently discovered a new campaign distributing a malicious remote access trojan (RAT) family we’re calling ‘ObliqueRAT.’ Cisco Talos also discovered a link between ObliqueRAT and another campaign from December 2019 distributing Crimson RAT sharing similar maldocs and macros. CrimsonRAT has been known to target diplomatic and government organizations in Southeast Asia.

Names

Name
ObliqueRAT
Oblique RAT

Category

Malware

Type

• Reconnaissance
• Backdoor
• Dropper
• Exfiltration

Information

• https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf
• https://securelist.com/transparent-tribe-part-2/98233/
• https://www.secrss.com/articles/24995
• https://blog.talosintelligence.com/2020/02/obliquerat-hits-victims-via-maldocs.html
• https://blog.talosintelligence.com/2021/02/obliquerat-new-campaign.html

Mitre Attack

• https://attack.mitre.org/software/S0644/

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.oblique_rat

Alienvault Otx

• https://otx.alienvault.com/browse/pulses?q=tag:obliquerat

Other Information

Uuid

4cd8fd56-3b1e-4e12-90b1-9dd8c4b84793

Last Card Change

2022-12-30