mirror of
https://github.com/cert-orangecyberdefense/cti
synced 2026-06-08 22:47:22 +00:00
Mar-Pic
8 lines
893 B
Markdown
8 lines
893 B
Markdown
In March 2025, our Managed Threat Detection teams in Belgium identified a malicious infection chain leading to the delivery of a Remote Access Trojan (RAT) impacting one of our clients. Upon further analysis from Orange Cyberdefense CERT, a larger campaign impacting European organizations located in Spain, Portugal, Italy, France, Belgium and the Netherlands was discovered.
|
|
|
|
The threat actors behind this infection chain cluster relies on invoice-themed phishing for initial access and delivers a .jar file which corresponds to a version of Sorillus RAT.
|
|
|
|
The campaign was also covered in early May by Fortinet, which dubbed the malware “Ratty RAT”. Sorillus has also been previously detailed by Abnormal AI and eSentire.
|
|
|
|
Full article: https://www.orangecyberdefense.com/global/blog/cert-news/from-sambaspy-to-sorillus-dancing-through-a-multi-language-phishing-campaign-in-europe
|