SideCopy, a Pakistani threat group, targeted Indian Government Entities using a spear-phishing email containing a macro-enabled Word document. If the recipient opens the document and enables macros, it triggers the execution of malicious code, allowing SideCopy to gain initial access. The malware used is a new version of ReverseRAT, which has enhanced obfuscation and sleep calls to avoid detection.
Once ReverseRAT gains persistence, it enumerates the victim's device, collects data, encrypts it using RC4, and sends it to the Command and Control (C2) server. It waits for commands to execute on the target machine, and some of its functions include taking screenshots, downloading and executing files, and uploading files to the C2 server.
ThreatMon has a team of highly Threatmon's cutting-edge solution combines Threat Intelligence, External Attack Surface Intelligence, and Dark Web Intelligence to identify vulnerabilities and provide personalized security solutions for maximum security. ThreatMon identifies the distinctive nature of each business and provides bespoke solutions that cater to its specific needs.
The free trial of ThreatMon allows users to explore the product's security benefits. During this trial period, you can test Threat Intelligence data, detect threats to your organization and recommend security measures.
Start Free Trial