By Asheer Malhotra

  • Cisco Talos has observed an upgraded version of a malspam campaign known to distribute multiple remote access trojans (RATs).
  • The infection chain utilized in the attacks is highly modularized.
  • The attackers utilize publicly available infrastructure such as Bitly and Pastebin (spread over a number of accounts) to direct and host their attack components.
  • Network-based detection, although important, should be combined with endpoint protections to combat this threat and provide multiple layers of security.

What’s New?

Cisco Talos has observed a new Aggah campaign consisting of the distribution of malicious Microsoft Office documents (maldocs) via malicious spam (malspam) emails distributing a multi-stage infection to a target user’s endpoint.

The final payload of the infection consists of a variety of Remote-Access-Tool (RAT) families such as:

Read More>>


Talos Group

Talos Security Intelligence & Research Group