Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

APT Attacks Using Cloud Storage

June 11, 2024, 10:31 a.m.

Description

The report describes a malicious campaign where threat actors utilize cloud services like Google Drive, OneDrive, and Dropbox to distribute malware and collect user information. The attack process starts with a malicious shortcut file (LNK) that executes PowerShell scripts to download decoy documents and additional malware from the attacker's cloud storage. The scripts collect system information, which is uploaded to the cloud, and then download and execute the XenoRAT remote access trojan. The malware allows the threat actor to perform various malicious activities on the compromised system.

Date

Published: June 11, 2024, 10:09 a.m.

Created: June 11, 2024, 10:09 a.m.

Modified: June 11, 2024, 10:31 a.m.

Indicators

159.100.29.122

Attack Patterns

XenoRAT

T1107

T1064

T1497

T1057

T1105

T1083

T1071

T1055

T1036

T1053

T1059