Files packaged with Excel-DNA from which a dll containing 2 urls pointing to Discord is extracted. These download data files and encode them with XOR creating additional DLLs, which initiate the malware infection.
Kasperky: IronHusky targets Defense and IT companies with MysterySnail for cyber espionage purpose. The Chinese APT exploits the CVE-2021-40449 zero-day vulnerability in the Win32k kernel driver and the malware to escalate privileges
IronHusky, a Chinese APT, is attacking Defense and IT companies with MysterySnail, spread thanks to a zero-day vulnerability in the Windows Win32k kernel driver. It has been discovered by Kaspersky cybersecurity experts. The goal is cyber espionage through the malware and the CVE-2021-40449 flaw. MysterySnail, a RAT, is designed to collect and exfiltrate system information from compromised hosts before reaching out to its command-and-control server for further commands. It can perform various tasks on infected machines, ranging from spawning new processes and killing already running ones to launching interactive shells and launching a proxy server with support for up to 50 simultaneous connections.