August 14, 2020

Who Needs a Horse When a RAT will Suffice?

The FBI strongly believes that Chinese government actors are using a combination of proxy servers and malware to infiltrate networks for exploitation.  The current threat, TAIDOOR, is a Remote Access Trojan (RAT) that is installed on the victim server as a dynamic library link (.dll) file containing two files.  The first is a file loader that decrypts and executes the second file, which is the RAT.  The Cybersecurity and Infrastructure Security Agency (CISA), FBI, and DOD have published a Malware Analysis Report that provides suggested response actions and mitigation techniques.  Evidence of malware activity should be flagged and reported to CISA or the FBI Cyber Watch and should be granted the highest priority for enhanced mitigation.

Entity:
Topic: