After initial compromise, the execution of an AutoIT script that was used to perform process injection using a process hollowing technique. The injected process contained a novel RAT, which we dubbed “SuperBear” due to naming conventions in the code. We believe this to be a new campaign targeting civil society groups.

 

Click here for the full alert.