Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Operation WinRAR Goldmouse

The attack campaign targets victims in the Middle East with malicious Microsoft Word documents located inside of an archive and takes advantage of a flaw in WinRAR. Once decompressed the malware creates an entry in the computers start up folder and is executed at next login or next reboot. The final payload is the njRAT backdoor which stops the local firewall and then starts a keylogger to steal sensitive information.
Name Modified Date Sources
Operation WinRAR Goldmouse 2019-04-25