Russian organizations attacked with new Woody RAT malware

Home/malicious cyber actors, Malicious extension, Malware, Security Advisory, Security Update, Woody RAT malware/Russian organizations attacked with new Woody RAT malware

Russian organizations attacked with new Woody RAT malware

On Wednesday, Hackers attacks Russian organizations with the newly discovered malware, allowing them to take control and steal information from compromised devices remotely.

According to Malwarebytes, one of the Russian organizations which were targeted using this Rat malware is a government-controlled defense corporation.

Woody RAT Malware

This advanced custom Rat is mainly the work of a threat actor that targets Russian entities by using lures in archive file format and more recently Office documents leveraging the Follina vulnerability.

This malware is currently delivered onto targets’ computers via phishing emails through two distribution methods:

ZIP archive files containing the malicious payload or microsoft office documents.

Woody Rat can also execute .NET code and PowerShell commands and scripts received from its C2 server using two DLLs named WoodySharpExecutor and WoodyPowerSession.

Once launched on a compromised device, the malware uses process hollowing to inject itself into a suspended Notepad process, deletes itself from the disk to evade detection from security products, and resumes the thread.

Malwarebytes is yet to attribute the malware and the attacks to a known threat group but said that a very short list of possible suspects includes Chinese and North Korean APTs.


Woody Rat:

  • 982ec24b5599373b65d7fec3b7b66e6afff4872847791cf3c5688f47bfcb8bf0
  • 66378c18e9da070629a2dbbf39e5277e539e043b2b912cc3fed0209c48215d0b
  • b65bc098b475996eaabbb02bb5fee19a18c6ff2eee0062353aff696356e73b7a
  • 43b15071268f757027cf27dd94675fdd8e771cdcd77df6d2530cb8e218acc2ce
  • 408f314b0a76a0d41c99db0cb957d10ea8367700c757b0160ea925d6d7b5dd8e
  • 0588c52582aad248cf0c43aa44a33980e3485f0621dba30445d8da45bba4f834
  • 5c5020ee0f7a5b78a6da74a3f58710cba62f727959f8ece795b0f47828e33e80
  • 3ba32825177d7c2aac957ff1fc5e78b64279aeb748790bc90634e792541de8d3
  • 9bc071fb6a1d9e72c50aec88b4317c3eb7c0f5ff5906b00aa00d9e720cbc828d

Follow Us on: Twitter, InstagramFacebook to get the latest security news!

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!