Description
The report describes a malicious campaign where threat actors utilize cloud services like Google Drive, OneDrive, and Dropbox to distribute malware and collect user information. The attack process starts with a malicious shortcut file (LNK) that executes PowerShell scripts to download decoy documents and additional malware from the attacker's cloud storage. The scripts collect system information, which is uploaded to the cloud, and then download and execute the XenoRAT remote access trojan. The malware allows the threat actor to perform various malicious activities on the compromised system.
Date
| Published | Created | Modified |
|---|---|---|
| June 11, 2024, 10:09 a.m. | June 11, 2024, 10:09 a.m. | June 11, 2024, 10:31 a.m. |
Attack Patterns
XenoRAT
T1107
T1064
T1497
T1057
T1105
T1083
T1071
T1055
T1036
T1053
T1059