SolarMarker Impersonates Job Employment Website

June 18, 2024, 10:09 p.m.

Description

On April 2024, Cyber Analysts responded to a SolarMarker infection event. The infection occurred through a drive-by download when a user, while searching for workplace team-building ideas on Bing, was directed to a malicious site impersonating the global employment website, Indeed.

External References

https://www.esentire.com/blog/solarmarker-impersonates-job-employment-website-indeed-with-a-team-building-themed-lure
https://otx.alienvault.com/pulse/66720016effeee5a8a1140e9
Tags
backdoor
phishing
solarmarker
solarphantom
2024-06-18
stellarinjector
drive-by-download

Date

  • Created: June 18, 2024, 9:45 p.m.
  • Published: June 18, 2024, 9:45 p.m.
  • Modified: June 18, 2024, 10:09 p.m.

Indicators

  • 139.60.161.78
  • 2.58.15.118
  • 146.70.80.83
  • https://finestyle.com/
  • https://stopvulcancomalcounty.info
  • https://jacob-jonesinvestigation.com
Download all indicators here!

Attack Patterns

  • StellarInjector
  • SolarPhantom

Additional Informations

  • Food
  • Construction
  • Retail
  • Healthcare
  • Legal
  • Education
  • Finance
  • Government
  • Manufacturing