Oilrig Leveraging AutoHotkey To Launch Keyloggers
released on 2023-02-06 @ 05:16:07 PM
In this intrusion from August 2022, we observed a compromise that was initiated with a Word document containing a malicious VBA macro, which established persistence and communication to a command and control server (C2). Upon performing initial discovery and user enumeration, the threat actor used AutoHotkey to launch a keylogger.