Researchers discovered a phishing campaign dubbed MULTISTORM that deploys commodity malware such as Warzone RAT and QuasarRAT using a custom Python-based downloader.
The campaign relies on OneDrive to store the malicious software and hide network traffic from security analysts.
The malicious software collected and exfiltrated sensitive information to command-and-control servers.
SkyWatchSM Alert Legend
Glesec Information Sharing Protocol
GLESEC CYBER SECURITY INCIDENT REPORTS are in compliance with the U.S. Department of Homeland Security (DHS) Traffic-Light Protocol (TLP).
Disclosure is Not Limited.
Limited Disclosure, Restricted Only to the Community.
Limited Disclosure, restricted to the Participant's Organization.
Not for Disclosure, Restricted/ Classified - Only Shared with US DHS.