A remote access trojan (RAT) that can gather data and carry out orders on infected devices is the foundation of this campaign. This campaign has been running for a number of years and uses a variety of tactics to get initial access, deliver payloads, and create a lasting presence within the networks of its victims. We shall go into further detail about the malware’s behavior at each level in this blog.
When the document is opened, a yellow prompt bar with the words “Enable Content” and some unclear Russian content appears. When the button is pressed, a VBA script starts and shows a Russian article titled “Western Assessments of the Progress of the Special Military Operation.”