Arctic Wolf Labs discovered a new campaign by Venom Spider targeting corporate HR departments with fake resumes containing the More_eggs backdoor. The financially motivated threat group uses spear-phishing emails and abuses legitimate job platforms to apply for real jobs. The backdoor can steal credentials, customer data, and intellectual property. Several upgrades were found, including server-side polymorphism and evasion techniques. The attack chain involves obfuscated JavaScript, LNK files, and a dropper that generates polymorphic code. Organizations are advised to train employees on phishing awareness, especially those in HR who regularly open attachments from unknown senders. Author: AlienVault
Related Tags:
More_eggs – S0284
Pharmacy
Entertainment
T1497.003
T1059.007
T1566.002
T1573.001
LNK files
evasion
Associated Indicators:
F7A405795F11421F0996BE0D0A12DA743CC5AAF65F79E0B063BE6965C8FB8016
BD49B2DB669F920D96008047A81E847BA5C2FD12F55CFCC0BB2B11F475CDF76F
2FEF6C59FBF16504DB9790FCC6759938E2886148FC8ACAB84DBD4F1292875C6C
F873352564A6BD6BD162F07EB9F7A137671054F7EF6E71D89A1398FB237C7A7B
CCB05CA9250093479A6A23C0C4D2C587C843974F229929CD3A8ACD109424700D
184788267738DFA09C82462821B1363DBEC1191D843DA5B7392EE3ADD19B06FB
D68D0668EE588E9229E7C1EB20DA20B7B04E15C3
376C809AFD6AAD06121E199E70477AD9EBAF0795
46F142198EEEADC30C0B4DDFBF0B3FFD