Description
In July 2024, eSentire's Threat Response Unit observed a phishing attack leading to a 0bj3ctivity Stealer malware infection. The attack involved a malicious JavaScript file that retrieved and executed Ande Loader and the 0bj3ctivity Stealer. Ande Loader created persistence, downloaded additional payloads, and performed process injection. The 0bj3ctivity Stealer exfiltrated data from various browsers and messengers to Telegram, servers, or SMTP, including credentials, credit card information, and system details. The attack utilized obfuscation, anti-analysis techniques, and a multi-stage delivery mechanism to evade detection.
Date
| Published | Created | Modified |
|---|---|---|
| Aug. 12, 2024, 11:26 a.m. | Aug. 12, 2024, 11:26 a.m. | Aug. 12, 2024, 11:42 a.m. |
Indicators
https://whatismyipaddressnow.co/API/FETCH/filter.php?countryid=14&token=FEzEd9JbsoLF
https://whatismyipaddressnow.co/API/FETCH/getcountry.php
Attack Patterns
0bj3ctivity Stealer
Ande Loader
T1597
T1600
T1567.002
T1086
T1589
T1055.012
T1185
T1564.003
T1018
T1497.001
T1547.001
T1213
T1056.001
T1071.001
T1518.001
T1598
T1105
T1083
T1592
T1027