legal contact rss
 

Remcos RAT

In an article about a RAT, DarkReading writes how a (quite) old method is used to bypass UAC. So called mock directories are used. A corresponding "basics article" is also linked. You should definitely read it to check the SIEM for such patterns of "shadow directories"

zpqCMeb@6oxMpfGUyU_BL