Rozena Backdoor Malware

Give us a call

+123 (4567) 890

Rozena Backdoor Malware Uses a Fileless Attack to Injecting Remote shell on Windows.

There are currently many methods of distribution of malware. Rozena is no different, so to distribute a previously undocumented backdoor named Rozena on Windows systems, a phishing campaign has recently been observed that leverages the recently disclosed Follina vulnerability.

The Microsoft Windows Support Diagnostic Tool (MSDT) is an application designed for remote code execution, resulting in a CVE-2022-30190 vulnerability published in May 2022.

A malicious external URL link can be embedded in a Microsoft Office document to trigger an exploit allowing attackers to inject a malware OLE object into the file. This method lures victims into clicking on the link or simply previewing the document.

CVE ID: CVE-2022-30190

Description: Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

Released: May 30, 2022

CVSS: 7.0

Affected platforms: Microsoft Windows

Impact parties: Microsoft Windows Users

Impact: Full Control of Affected Machine

Severity: Critical

Technical Analysis

Upon opening an infected document containing a Discord CDN URL as a starting point, the document connects to a Discord CDN URL to retrieve an HTML file (“index.htm”) as the result of the latest attack chain observed by Fortinet. 

Technical Analysis

Upon opening an infected document containing a Discord CDN URL as a starting point, the document connects to a Discord CDN URL to retrieve an HTML file (“index.htm”) as the result of the latest attack chain observed by Fortinet. 

#malware #microsoft #windows #html #cibersecurity #ciberseguridad

Credit. Pablo Palacios

shorturl.at/cdrwZ