Today > | 7 High | 13 Medium | 5 Low vulnerabilities   -   You can now download lists of IOCs here!

MDR in Action: Preventing The More_eggs Backdoor From Hatching

Oct. 1, 2024, 10:22 a.m.

Description

A sophisticated spear-phishing attack led to a more_eggs backdoor infection at a company. The attack began with an email to a senior executive, followed by a recruitment officer downloading a fake resume. The malicious file, disguised as a resume, contained obfuscated commands that executed when opened. This resulted in the download and execution of the more_eggs backdoor. The malware performed system checks and communicated with a command-and-control server. Trend Micro's MDR team quickly identified and contained the threat using Vision One platform, isolating the infected host and blocking indicators. The incident is part of a broader campaign using the Golden Chickens malware toolkit, with two variations observed targeting various industries, particularly those with financial resources.

Date

Published: Oct. 1, 2024, 10:12 a.m.

Created: Oct. 1, 2024, 10:12 a.m.

Modified: Oct. 1, 2024, 10:22 a.m.

Indicators

f2196309bc97e22447f6e168a9afbbb4291edd1cca51bf3789939c3618a63ec0

ccf8276b55398030b6b7269136c5ee26a5c422d68793dc9ec5adee79a057c7f4

3beda3377b060a89b41553485e06e42b69d10610f21a4a443f75b39605397271

https://webmail.raysilkman.com

https://1212055764.johncboins.com/some/036e91fc8cc899cc20f7e011fa6a0861/sbosf

http://36hbhv.johncboins.com/fjkabrhhg.

http://36hbhv.johncboins.com/fjkabrhhg

webmail.raysilkman.com

36hbhv.johncboins.com

1212055764.johncboins.com

Attack Patterns

SpicyOmelette

Terra Loader

SKID

More_eggs - S0284

FIN6

T1124

T1059.003

T1547.001

T1012

T1059.007

T1071.001

T1082

T1057

T1105

T1204

T1033

T1027

T1566

Additional Informations

Engineering

Hospitality

Finance

Russian Federation