November 30, 2023

A new malware campaign dubbed ObliqueRAT using malicious Microsoft Office documents to target government organizations in Southeast Asia , through a Email phishing campaign

The file name in the campaign is like one of Company-Terms.doc & DOT_JD_GM.doc“.if user opens the file it prompts for a password, once the file gets opened the below events will start processing

The malicious script then creates a shortcut in the Start-Up directory to achieve persistence if the machine is rebooted.

The second stage of the payload is ObliqueRAT which has various features & functions, the RAT communicates with the C&C server and then execute the commands.

The malware checks for the process named “Oblique” running on the infected machine, if already process is running then RAT will stop the execution.


  • Able to execute commands on the infected system
  • Exfiltrate files from the computer
  • An Attacker can drop additional files
  • Able to terminate any running process

Leave a Reply

%d bloggers like this: