In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- xHunt Actor’s Cheat Sheet
December 4, 2019
Unit42 has been researching the xHunt attack campaign on Kuwaiti organizations for several months. Recently, we found evidence that the developers who created the Sakabota tool, which was previously discussed in the xHunt campaign, had carried out two sets of testing activities in July and August 2018 on Sakabota in an attempt to evade detection. These testing ...
- APAC’s Compromised Domains Fuel Emotet Campaign
December 4, 2019
Discovered in 2014, Emotet is one of the most prolific malware families, infecting computer systems globally through its mass campaigns of spam email that delivers malware (AKA malspam). These campaigns have been widely documented by many organizations, including how Emotet evolved from being a banking Trojan, to a malware loader with modular functionalities. The modular functionality ...
- APT review: what the world’s threat actors got up to in 2019
December 4, 2019
What were the most interesting developments in terms of APT activity during the year and what can we learn from them? This is not an easy question to answer, because researchers have only partial visibility and it´s impossible to fully understand the motivation for some attacks or the developments behind them. However, let´s try to approach ...
- Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign
December 4, 2019
In November 2019, Trend Micro published a blog analyzing an exploit kit we named Capesand that exploited Adobe Flash and Microsoft Internet Explorer flaws. During our analysis of the indicators of compromise (IoCs) in the deployed samples that were infecting the victim’s machines, we noticed some interesting characteristics: notably that these samples were making use of ...
- Buer, a new loader emerges in the underground marketplace
December 4, 2019
For several years, Proofpoint researchers have been tracking the use of first-stage downloaders, which are used by threat actors to install other forms of malware during and after their malicious email campaigns. In particular, over the last two years, these downloaders have become increasingly robust, providing advanced profiling and targeting capabilities. More importantly, downloaders and other ...
- FBI warns about snoopy smart TVs spying on you
December 3, 2019
She laughed. I laughed. The TV laughed. I shot the TV. “Blasted Decepticons!” That’s how a popular meme went after the Transformer movies hit it big. Today, it’s not so funny. A recent FBI report warned smart TV users that hackers can also take control of your unsecured TV. “At the low end of the risk spectrum, they can ...