From Document to Script: Insides of Campaign

Tags

External References

• https://www.forcepoint.com/
• https://otx.alienvault.com/

Description

This report examines a recent malicious campaign initiated via phishing emails, seemingly from 'QuickBooks,' prompting users to install Java. Clicking the embedded link leads to downloading a malicious JAR file. The JAR contains commands to fetch additional payloads, including an obfuscated AutoIt script that establishes connections with remote servers, likely for malicious purposes. The campaign employs sophisticated techniques and historical URL patterns associated with threat actors.

Date