Brandefense
Digital Risk Protection Service
In this report prepared by Brandefense Intelligence Analysts, The malicious file named “megane_2018_1.8_ruhsat.rar”, which targets the employees of insurance companies operating in Turkey, has been examined. The malware attack, triggering RAT (Remote Access Trojan) is shared in the report with technical details.
It has features called “InfoStealer” in infected systems; It has been observed that users are engaged in activities aimed at obtaining personal and payment information. Examined technical features and behavior of malicious software; It is thought to be beneficial to cyber security products, SOC employees, and teams.
The characteristics of the malware’s activities in the infected systems; should be considered crucial know-how in the detection and prevention stages. Therefore, it is recommended that the IoC findings and YARA rules shared in the last sections of the report be saved to security devices and blocked indefinitely.
It is recommended to raise awareness of the institution’s employees against malicious software attacks carried out with similar goals and motivations and to provide basic level cyber security training for the employees.
Cyber Threat Intelligence Team