Dissecting Multi-Stage Infection Chains with AsyncRAT at the Cor

Summary CRIL came across a blog published by the Sekoia TDR team detailing a sophisticated phishing campaign that begins with malicious emails disguised as urgent invoices or orders. These emails contain .ms-library attachments that connect to remote...