One Article Review
| Source |  Cyble |
|---|---|
| Identifiant | 8657753 |
| Date de publication | 2025-03-24 11:09:37 (vue: 2025-03-24 12:08:06) |
| Titre | Fizzbuzz à Fogdoor: la campagne ciblée des logiciels malveillants exploite les développeurs de recherche d'emploi FizzBuzz to FogDoor: Targeted Malware Campaign Exploits Job-Seeking Developers |
| Texte | Les logiciels malveillants extraient les cookies du navigateur, les informations d'identification enregistrées, les applications installées et les détails du fichier pour l'exfiltration. Le logiciel malveillant atteint la persistance par le biais de tâches planifiées et supprime les traces après l'exfiltration des données pour éviter la détection. La campagne évolue, utilisant maintenant des leurres sur le thème des factures aux côtés d'escroqueries de recrutement pour élargir sa portée cible. Présentation L'acteur de menace (TA) déploie un Social Engineering Campagne contre les développeurs de dissociation en déguisé malin github . À l'aide d'un faux test de recrutement nommé " FizzBuzz ", le TA tourne les victimes de télécharger un fichier ISO contenant un apparemment inoffensif javascript Exercice et un LNK malivet shortcut |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | $foldername $name $zippath –headless the 001 002 005 1024x512 2025 20Rekrutacyjne 256 256: 2b4bc80af0afaC04da73e7da2779d3ab3ed8c460d2fb22d4034e1b2469f87 300x150 33BC5FA9798219BA6D4e3f91EC23982596C49E0FD73E2C0C70538b7EC8 33bc5fa9798219ba6d4e31f91ec23982596c409e0fd73e2c0c33c70538b7ec83 4490 4984 4f1d 586507 749611053a91 82b649ae0a4cfe37c2a32ec2010bf7ef0e3236b540f85c8fbf15657d48d30d84 8e565bA45C7624e8bc5DD92c1d3710f6A2b21d6c94742BB51Fec07b4843EBD DEWAY Download Exe Gitub Itw PS1 Readme Skywatchweather URL Zadanie aae774c89bc2” abb7 about access accessed acct=pawsitivevibes” achieves actions active activities actor acts ada2 adaptability additionally adds advanced after against all allowing along alongside also although always analysis analytics analyze another any api appdata appear application applications archive are area argument assessment assessments at:”hkey att&ck® attachment attack attacker attackers attacks attempts authentic authentication avoid avoiding backdoor background bark based before behavior believing below beyond bin binary broaden browser browsers bug buggy business but c&c campaign can caption= carry catbox cc92 chain challenge challenges challenging check checks chrome cmd code coding collect collected collection collects com/coder9440/ com/coder9440/drop2/refs/refs/refs/refs/main/faktura com/coder9540/weather com/rekrutacja com/wp command command: commands command” commonly communicates communication communications compares compressed compresses compromise compromised conclusion connection connections contain containing contains content/uploads/2025/03/fizzbuzz contents control controlled cookie cookies copied copies corresponding could counter country created creates creating creation credential credentials cril cross cryptography” custom cyber cybersecurity cyble data data: data” date ddr dead debugging deceive decoy defenses deleted deletes deleting deliver delivering delivers demonstrates demonstrating demonstration deploy deploying description designed desktop details detect detected detection determine developer developers diaspora difficult dir= direct directly directories directory discovered discovery discreetly disguised disguising displayed: distributes distribution diversify document documents does domain domains downloaded downloaded from downloading downloads downloads” driven drop dumping dynamic each edr educate effectively efforts elements embedded embedding emphasizing employees employs enabled enabling endpoint engineering enhance ensures ensuring especially establish established establishing every evolution evolving exact exe exec executable execute executes executing execution execution: mshta exercise exe” exfiltrated exfiltrates exfiltration exists exits expanding expansion expected explicitly exploitation exploits extract extracting extraction extracts eye factor fake faktura field figure file file= filebin filenames files finally firefox first fix fixed fizzbuzz flawed focus focused fogdoor fogdoor: fogdoor:targeted folder folders following force forcibly formatted forums found free from function functions further genuine geofencing geographic getallcookies github githubasuerContent githubusercontent google guid guise hardcoded harmless harvested have hawk help hiring hosted hosting hosts however https://cyble hxxps://filebin hxxps://files hxxps://github hxxps://liter hxxps://raw hxxps://webhookbin identified identifies identify illusion image images impact implement includes indefinitely indicate indicates indicating indicator indicators infection information infrastructure initial initially innovative inside insights install installed installs instead instructions intelligence intentionally interacting interface interpreter: powershell interviews investigate investigation invoice in” iocs isO iso issues item its javascript job js/fizbuzz json keep key key4 key=clear known labs language languages large last launches launching layer lead legitimate level leverage leveraging lgbt lgbt/api/v1/accounts/lookup lgbt/api” like |
| Tags | Malware Tool Vulnerability Threat Technical |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.