The Duck is Hiring in Italy: DUCKTAIL Spread via Compromised LinkedIn Profiles
Tags
cmtmf-attack-pattern: Application Layer Protocol Masquerading Obfuscated Files Or Information
country: Italy
maec-delivery-vectors: Watering Hole
attack-pattern: Data Software Discovery - T1418 Application Layer Protocol - T1437 Archive Collected Data - T1560 Archive Collected Data - T1532 Credentials - T1589.001 Email Addresses - T1589.002 Exfiltration Over Web Service - T1567 Forge Web Credentials - T1606 Hide Artifacts - T1628 Hide Artifacts - T1564 Malicious File - T1204.002 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Obfuscated Files Or Information - T1406 System Information Discovery - T1426 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Software - T1592.002 Software Discovery - T1518 Software Packing - T1027.002 Software Packing - T1406.002 Spearphishing Attachment - T1566.001 Spearphishing Attachment - T1598.002 Spearphishing Link - T1566.002 Spearphishing Link - T1598.003 Steal Web Session Cookie - T1539 Web Protocols - T1071.001 Web Protocols - T1437.001 Web Cookies - T1606.001 Standard Application Layer Protocol - T1071 Browser Bookmark Discovery - T1217 Man In The Browser - T1185 Deobfuscate/Decode Files Or Information - T1140 Masquerading - T1036 Obfuscated Files Or Information - T1027 Software Packing - T1045 Spearphishing Attachment - T1193 Spearphishing Link - T1192 System Information Discovery - T1082 User Execution - T1204 Masquerading Spearphishing Attachment User Execution
Show in Graph
Common Information
Type Value
UUID 6992129d-113f-49b1-a6b4-e2defce975e1
Fingerprint 84940a43edb793c1
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 25, 2023, 9:26 a.m.
Added to db Nov. 18, 2023, 11:26 p.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline The Duck is Hiring in Italy: DUCKTAIL Spread via Compromised LinkedIn Profiles
Title The Duck is Hiring in Italy: DUCKTAIL Spread via Compromised LinkedIn Profiles
Detected Hints/Tags/Attributes 93/4/27
Source URLs
Redirection Url
Details Source https://blog.cluster25.duskrise.com/2023/10/25/the-duck-is-hiring
Details Source https://blog.cluster25.duskrise.com/2023/10/25/the-duck-is-hiring?&web_view=true
URL Provider
Details Provider Source level domain
Details duskrise.com blog.cluster25.duskrise.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 28 https://blog.cluster25.duskrise.com/rss.xml 2024-08-30 22:08
Details 163 https://media.cert.europa.eu/rss?type=category&id=Malware&language=en&duplicates=false 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 1 
ea.gr8people.com
Details Domain 31 
onedrive.live.com
Details Domain 145 
api.telegram.org
Details File 1 
senior_manager_ea_sport.zip
Details File 1 
job_description_of_senior_manager.pdf
Details sha256 1 
054822987c6597d7a916f6ea29333f20767c1f65e6b5f8edab1f328f3c749dc5
Details sha256 1 
3097d80d4aa3abf2599058bf58d85aa8cec6ca6894c13c6d360dce162a5dd626
Details sha256 1 
91e53c5fbbb483784749644dc5b1a6e8b9d8efb6c15402ad65587d5684efada5
Details MITRE ATT&CK Techniques 310 
T1566.001
Details MITRE ATT&CK Techniques 183 
T1566.002
Details MITRE ATT&CK Techniques 365 
T1204.002
Details MITRE ATT&CK Techniques 504 
T1140
Details MITRE ATT&CK Techniques 348 
T1036
Details MITRE ATT&CK Techniques 160 
T1027.002
Details MITRE ATT&CK Techniques 107 
T1564
Details MITRE ATT&CK Techniques 14 
T1606.001
Details MITRE ATT&CK Techniques 99 
T1539
Details MITRE ATT&CK Techniques 1006 
T1082
Details MITRE ATT&CK Techniques 29 
T1217
Details MITRE ATT&CK Techniques 185 
T1518
Details MITRE ATT&CK Techniques 157 
T1560
Details MITRE ATT&CK Techniques 27 
T1185
Details MITRE ATT&CK Techniques 442 
T1071.001
Details MITRE ATT&CK Techniques 126 
T1567
Details Url 1 
https://onedrive.live.com/download?resid=7531e499827b967f
Details Url 1 
https://api.telegram.org/bot6263348871
Details Windows Registry Key 3 
HKLM\SOFTWARE\WOW6432Node\Clients\StartMenuInternet