Rancor threat group
This threat group is believed to be active since 2017 and has been targeting government institutions. This group has been known for targeted attacks in Southeast Asia in 2017 and 2018.
The Dudell malware
The Rancor threat group was observed to be propagating the Dudell malware using weaponized Microsoft Excel documents.
According to security experts, this custom malware has a number of capabilities including:
The malware steals victim information including IP address, hostname, and operating system details.
Security experts have published the indicators of compromise (IOCs) that you can monitor to stay protected from threats posed by the Dudell malware.