Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Warning Against Phishing Emails Prompting Execution of Commands via Paste

June 6, 2024, 8:05 a.m.

Description

This report details a phishing campaign distributing malicious HTML files through emails. The files prompt users to paste and run malicious PowerShell commands that initiate a multi-stage infection process. The campaign ultimately delivers the DarkGate malware, highlighting the importance of exercising caution with files from unknown sources.

Date

Published: June 6, 2024, 7:18 a.m.

Created: June 6, 2024, 7:18 a.m.

Modified: June 6, 2024, 8:05 a.m.

Indicators

www.rockcreekdds.com

https://linktoxic34.com/wp-content/themes/twentytwentytwo/dark.hta

https://www.rockcreekdds.com/wp-content/1.hta

https://jenniferwelsh.com/header.png

http://mylittlecabbage.net/xcdttafq

http://mylittlecabbage.net/qhsddxna

http://flexiblemaria.com/umkglnks

http://flexiblemaria.com/iinkqrwu

http://dogmupdate.com/yoomzhda

http://dogmupdate.com/rdyjyany

mylittlecabbage.net

linktoxic34.com

jenniferwelsh.com

flexiblemaria.com

dogmupdate.com

Attack Patterns

DarkGate

T1136.002

T1053.005

T1574.002

T1059.005

T1059.001

T1547.001

T1027.005

T1204.002

T1105

T1219

T1140

T1027

T1078