Woody RAT

Malware updated a month ago (2024-11-29T13:32:25.846Z)
Download STIX
Preview STIX
Woody Rat is a malware that has been in the wild for at least a year, as identified by the Malwarebytes Threat Intelligence team. It is weaponized through a Microsoft Office document named Памятка.docx, exploiting the Follina (CVE-2022-30190) vulnerability to infiltrate systems. This malicious software can infect systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or hold data hostage for ransom. The distribution methods for Woody Rat have been primarily through archive files and Office documents using the Follina vulnerability. When this vulnerability became globally known, threat actors switched to it for payload distribution. The used lure is in Russian, named "Information security memo," which provides security practices for passwords and confidential information. Malwarebytes successfully blocked the Follina exploit being leveraged in the latest Woody Rat campaign. The threat actor appears to have targeted a Russian aerospace and defense entity known as OAK, based on a fake domain registered by them. A significant amount of CRT functions seem to be statically linked, generating noise and complicating analysis. However, some debugging information left by the threat actor allowed researchers to derive a name for this new Remote Access Trojan. Indicators of Compromise (IOCs) for Woody Rat and various associated entities have been documented, providing valuable resources for threat detection and prevention.
Description last updated: 2024-05-05T04:00:20.448Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Woody RAT Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
MITRE
a year ago