Chinese Threat Actors Leverage Phishing and GuLoader to Distribute Remcos RAT

Threat Advisories

Chinese Threat Actors Leverage Phishing and GuLoader to Distribute Remcos RAT

Threat Level
Attack Report

For a detailed threat advisory, download the pdf file here

Summary

The malicious campaign described involves the distribution of a malicious PDF file through email, via phishing. The PDF file in this case redirects victims to a legitimate cloud-based platform, where they are prompted to download a ZIP file. Inside the ZIP file is a shortcut link, which when executed, uses PowerShell to download a heavily obfuscated VBS script known as GuLoader.

Sign up to receive our Weekly Threat Digest