: Outbound connections to unknown IP addresses or suspicious domains.
: Spear-phishing emails disguised as legitimate CAD software updates or project files. 🔍 Technical Analysis
Analysis from security researchers (such as Any.Run and Joe Sandbox) reveals the following behavior: Execution Chain PartialCADApp.rar
"PartialCADApp.rar" is identified as a used in targeted cyberattacks, specifically linked to industrial espionage and infostealer campaigns . 🛡️ Executive Summary Threat Type : Trojan / Infostealer.
: The user downloads and extracts the .rar file. : Outbound connections to unknown IP addresses or
: Captures screenshots of the victim's desktop and logs keystrokes.
: Delete the .rar file and run a full system scan with updated EDR/Antivirus software. 🛡️ Executive Summary Threat Type : Trojan / Infostealer
: Connects to a remote Command and Control (C2) server to upload stolen files and receive further instructions. Indicators of Compromise (IoCs)