Warning Against Phishing Emails Prompting Execution of Commands via Paste
June 6, 2024, 8:05 a.m.
Description
This report details a phishing campaign distributing malicious HTML files through emails. The files prompt users to paste and run malicious PowerShell commands that initiate a multi-stage infection process. The campaign ultimately delivers the DarkGate malware, highlighting the importance of exercising caution with files from unknown sources.
Date
| Published | Created | Modified |
|---|---|---|
| June 6, 2024, 7:18 a.m. | June 6, 2024, 7:18 a.m. | June 6, 2024, 8:05 a.m. |
Indicators
www.rockcreekdds.com
https://linktoxic34.com/wp-content/themes/twentytwentytwo/dark.hta
https://www.rockcreekdds.com/wp-content/1.hta
https://jenniferwelsh.com/header.png
http://mylittlecabbage.net/xcdttafq
http://mylittlecabbage.net/qhsddxna
http://flexiblemaria.com/umkglnks
http://flexiblemaria.com/iinkqrwu
http://dogmupdate.com/yoomzhda
http://dogmupdate.com/rdyjyany
Attack Patterns
DarkGate
T1136.002
T1053.005
T1574.002
T1059.005
T1059.001
T1547.001
T1027.005
T1204.002
T1105
T1219
T1140
T1027
T1078