MiniUpdate RAT Abuses Azure C2 for Targeted Espionage
ID: 77e6ec64-b7e8-55f9-b756-aaeb3e57be56
STIX ID: report--77e6ec64-b7e8-55f9-b756-aaeb3e57be56
Feed Name: GBHackers
Threat Score
Unit42 documents a sophisticated Iran-linked APT campaign (Screening Serpens / UNC1549 / Smoke Sandstorm) deploying a new RAT family named MiniUpdate and an evolved MiniJunk V2 via targeted spear-phishing and DLL sideloading; the malware abuses .NET AppDomainManager hijacking and Azure-hosted C2s to evade EDR, maintain persistence, and exfiltrate data from organizations across the US, Israel, UAE, and other regional targets, with multiple IOCs and recommendations for defenders.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.