#ScrubCrypt

2024-04-10

The @FortiGuardLabs team recently uncovered a threat actor using #ScrubCrypt to spread VenomRAT along with multiple RATs.

Learn more 👉 ftnt.net/61104wXNTu

#cti #cybersecurity #threatintel

2024-04-08

Fortinet reports on a recent phishing campaign containing Scalable Vector Graphics (SVG) files. The malicious attachment downloads a ZIP file and begins the infection chain. ScrubCrypt, described as an "antivirus evasion tool", is used to load the final payload VenomRAT while maintaining a connection with the C2 server to install plugins like XWorm, NanoCore, RemcosRAT and a crypto wallet stealer. They provides detailed insights into how the threat actor distributes VenomRAT and other plugins. IOC listed. 🔗 fortinet.com/blog/threat-resea

#ScrubCrypt #VenomRAT #RemcosRAT #XWorm #NanoCore #threatintel #IOC

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst