Intro During routine hunting we stumble upon new Remote Administration Toolkit (RAT), named Venom RAT. Like with many such tools authors are conducting their business under false pretense of providing a tool to remotely manage your own computers. A one can see on a screen-shot above, this tool posses essential capabilities to manage your own computers such as Keyloger Stealer UAC Bypass Password Recovery (sealing) All those for small price of 150$ per month.

Intro Royal Road or 8.t is one of the most known RTF weaponizer, its used and shared mostly amongst Chinese speaking actors - there are also couple very good publications including one form nao_sec, Sebdraven and Anomali. It was on my todo list for some time, and thanks to recent twitter discussion as well as quarantine time i finally took a deeper look at it. We’ll go into how to quickly analyze RTF maldocs, quickly tear-down shellcode used and finally how to extract embedded payload.