"New Malware Woody RAT Has Been Targeting Russian Institutions"

Unidentified attackers have specifically targeted Russian businesses with malware that allows remote control and data theft from infected machines. According to Malwarebytes, one of the Russian enterprises targeted by this spyware is a government-controlled military company. Based on a fake domain registered by the threat actors, they attempted to target a Russian aerospace and defense entity known as OAK. Woody Rat, a Remote Access Trojan (RAT), has been used in cyberattacks for at least a year and has a wide range of capabilities. Currently, this malware is distributed through phishing emails that include either ZIP archive files containing the malicious payload or "Information security memo" Microsoft Office documents that drop the payloads via the Follina vulnerability. It can gather system data, display open directories and processes, execute instructions and files from its command-and-control (C2) server, download, upload, and erase files on infected computers, and capture screenshots. Woody Rat can also run.NET code, PowerShell commands, and scripts received from its C2 server by using two DLLs called WoodySharpExecutor and WoodyPowerSession. This article continues to discuss findings surrounding the new malware Woody RAT. 

CyberIntelMag reports "New Malware Woody RAT Has Been Targeting Russian Institutions"