Chinese Threat Actors Leverage Phishing and GuLoader to Distribute Remcos RAT

Threat Level – Red | Vulnerability Report
Download PDF

The malicious campaign described involves the distribution of a malicious PDF file through email, via phishing. The PDF file in this case redirects victims to a legitimate cloud-based platform, where they are prompted to download a ZIP file. Inside the ZIP file is a shortcut link, which when executed, uses PowerShell to download a heavily obfuscated VBS script known as GuLoader.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox