SentinelOne VS Remcos RAT (Using DropBox and OneNote) – Detection and Response

Remcos RAT, a remote control tool, has gained popularity among cybercriminals since its debut in 2018. It is sold commercially on underground forums and markets. The tool allows complete control over targeted machines and has been used in several high-profile attacks. Recently, attack campaigns have been observed using Microsoft OneNote attachments and documents to deliver the Remcos RAT. These attachments are delivered through phishing emails and malicious links to open repositories like Dropbox and OneDrive. Though OneNote does not support traditional macros, malicious attachments can be embedded in OneNote notebooks and launched on victims’ machines. This video shows how a malicious document hosted on Dropbox is installed to install Remcos RAT and how SentinelOne Singularity can prevent this malicious behavior. The SentinelOne platform detects and blocks these types of threats by analyzing the behavior of files and processes on a device. If it detects any suspicious activity, it can immediately take action to block the malware and prevent it from spreading.