Phishing Campaign Installs Backdoor-Loaded VM to Evade Antivirus and Harvest Credentials
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Credentials - T1589.001 Cron - T1053.003 Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Trap - T1546.005 Tool - T1588.002 Powershell - T1086 Trap - T1154
Show in Graph
Common Information
Type Value
UUID 620a4f56-af01-4982-9e9e-40c5ea3d2ab3
Fingerprint 9d0e3951c3158be2
Analysis status DONE
Considered CTI value 0
Text language
Published Nov. 5, 2024, 5:17 p.m.
Added to db Nov. 6, 2024, 1:23 p.m.
Last updated Nov. 12, 2024, 4:57 a.m.
Headline Phishing Campaign Installs Backdoor-Loaded VM to Evade Antivirus and Harvest Credentials
Title Phishing Campaign Installs Backdoor-Loaded VM to Evade Antivirus and Harvest Credentials
Detected Hints/Tags/Attributes 44/2/5
Source URLs
Redirection Url
Details Source https://securityboulevard.com/2024/11/phishing-campaign-installs-backdoor-loaded-vm-to-evade-antivirus-and-harvest-credentials/
URL Provider
Details Provider Source level domain
Details securityboulevard.com securityboulevard.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 226 Security Boulevard https://securityboulevard.com/feed 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 9 
survey.zip
Details File 6 
fontdiag.exe
Details File 32 
start.bat
Details File 9 
survey.zip
Details Url 1 
https://www.assurainc.com/blog/phishing-campaign-installs-backdoor-loaded-vm-to-evade-antivirus-and-harvest-credentials