"Red Teaming Tool Abused for Malware Deployment"

Threat actors are using MacroPack, a tool designed for red team exercises, to deploy malware. Cisco Talos researchers discovered several related Microsoft documents uploaded to VirusTotal between May and July 2024. All of them were created by a version of a payload generator framework, MacroPack. A variety of actors and countries, including China, Pakistan, Russia, and the US, uploaded the documents. The malicious files were used to deliver payloads, including the "Havoc" and "Brute Ratel" post-exploitation frameworks, as well as a new version of the "PhantomCore" Remote Access Trojan (RAT). This article continues to discuss the abuse of the MacroPack red teaming tool in deploying malware.

Infosecurity Magazine reports "Red Teaming Tool Abused for Malware Deployment"

Submitted by grigby1

Submitted by grigby1 CPVI on