This report analyzes a sophisticated cyber threat campaign that utilizes template injection in Microsoft Office documents to distribute malware payloads including Remcos RAT and Agent Tesla. The attackers bypass email security using decoy documents that retrieve remote templates hosting malicious code leading to a multistage attack chain. Tactics involve obfuscated scripts, process injection, steganography, and living off the land binaries abuse. The campaign demonstrates adept understanding of evasion techniques and dynamic execution to compromise systems and exfiltrate data.

Click for details.