nico
//devdigest⚡️ Get Method Source Files at Runtime in .NET
OTX BotNew Remcos Campaign Distributed Through Fake Shipping Document
A new phishing campaign has been discovered that delivers a fileless variant of the Remcos RAT. The attack begins with an email impersonating a Vietnamese shipping company, luring victims to open a malicious Word document. This document retrieves a remote RTF file, exploits a vulnerability, and executes VBScript and PowerShell code, resulting in the in-memory loading of a .NET module. The module acts as both a loader and persistence mechanism for the Remcos payload. The Remcos variant (version 7.0.4 Pro) is downloaded into memory and injected into a legitimate system process via process hollowing. It offers extensive remote control capabilities across six categories, including system management, surveillance, networking, communication, and agent control. The analysis details the infection chain, payload structure, and Remcos features, providing insights into this sophisticated attack methodology.
Pulse ID: 696dfbff6ee9b76a0ddd3292
Pulse Link: https://otx.alienvault.com/pulse/696dfbff6ee9b76a0ddd3292
Pulse Author: AlienVault
Created: 2026-01-19 09:40:15
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #Email #InfoSec #NET #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #RTF #Remcos #RemcosRAT #VBS #Vietnam #Vulnerability #Word #bot #AlienVault
⚡️ How John Sped Up His Code by Switching from ImmutableList and ImmutableDictionary to ImmutableArray and FrozenDictionary
Linux EasyCome aggiornare a .NET 10.0.1 su Ubuntu 24.04 LTS con apt e perché conviene farlo per runtime, ASP.NET Core ed Entity Framework Core. #Microsoft #Net #Ubuntu #Linux
⚡️ F# emerges as the most token-efficient static language
