By Asheer Malhotra.

  • Cisco Talos has observed a malware campaign that utilizes malicious Microsoft Office documents (maldocs) to spread a remote access trojan (RAT) we’re calling “ObliqueRAT.”
  • These maldocs use malicious macros to deliver the second stage RAT payload.
  • This campaign appears to target organizations in Southeast Asia.
  • Network based detection, although important, should be combined with endpoint protections to combat this threat and provide multiple layers of security.


What’s New?

Cisco Talos has recently discovered a new campaign distributing a malicious remote access trojan (RAT) family we’re calling “ObliqueRAT.” Cisco Talos also discovered a link between ObliqueRAT and another campaign from December 2019 distributing CrimsonRAT sharing similar maldocs and macros. CrimsonRAT has been known to target diplomatic and government organizations in Southeast Asia.

Read More>>


Talos Group

Talos Security Intelligence & Research Group