Threat Actor Uses Fake Recovery Manual to Deliver Unidentified Stealer

216.73.216.6

Threat Actor Uses Fake Recovery Manual to Deliver Unidentified Stealer

· Published 24/07/2024 08:06 · Modified 24/07/2024 08:16

Essential information

Published: 24/07/2024 08:06
Modified: 24/07/2024 08:16
Tags: 2024-07-24 credential daolpu exfiltration impersonation malicious document stealer
Related entities: 6 observables, 4 techniques (mitre), 1 malware

Description

An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web browsers, saving them to a temporary file before exfiltrating the data to a command-and-control server. The report provides technical analysis, recommendations, indicators of compromise, and MITRE ATT&CK mappings related to this malicious operation.

External references

https://www.crowdstrike.com/blog/fake-recovery-manual-used-to-deliver-unidentified-stealer
https://otx.alienvault.com/pulse/66a0b60af3901e31f756f29d