ObliqueRAT

ObliqueRAT is a harmful malware that can infect computer systems through suspicious downloads, emails, or websites, often without the user's knowledge. Attackers leveraging ObliqueRAT have started hosting their malicious payloads on compromised websites to appear more legitimate. The group behind the malware was primarily targeting military and defense personnel but has recently expanded to diplomatic entities, defense contractors, research organizations, and conference attendees. Transparent Tribe, the group behind ObliqueRAT, has not changed its tactics, techniques, and procedures since 2020 but continues to implement new lures into its operational toolkit. The latest version of ObliqueRAT contains minor changes and no longer includes the "backed" command. Malicious macros are responsible for extracting the ZIP and subsequently the ObliqueRAT payload on the endpoint. In early 2021, adversaries used the Indian Industries Association's legitimate website to host ObliqueRAT artifacts. These new maldocs do not contain the ObliqueRAT payload directly embedded in the maldoc, as observed in previous campaigns. The malware can split large files of interest into smaller chunks to prepare them for exfiltration.