Tag: more_eggs

5 Attack Reports | 0 Vulnerabilities

Attack reports

Eggs in a Cloudy Basket: Skeleton Spider's Trusted Cloud Malware Delivery

Skeleton Spider, also known as FIN6, is a financially motivated cybercrime group that has evolved from POS breaches to broader enterprise threats. They employ social engineering tactics, posing as job seekers on platforms like LinkedIn to deliver phishing messages. Their preferred payload is more_e…
backdoor
phishing
social engineering
aws
evasion techniques
more_eggs
2025-06-11
cloud infrastructure
resume lures
skeleton spider
Published: June 11, 2025
Downloadable IOCs: 24

Venom Spider Uses Server-Side Polymorphism to Weave a Web Around Victims

Arctic Wolf Labs discovered a new campaign by Venom Spider targeting corporate HR departments with fake resumes containing the More_eggs backdoor. The financially motivated threat group uses spear-phishing emails and abuses legitimate job platforms to apply for real jobs. The backdoor can steal cre…
backdoor
evasion
javascript
spear-phishing
more_eggs
lnk files
2025-05-03
polymorphism
Published: May 3, 2025
Downloadable IOCs: 3

Tracking Pyramid C2: Identifying Post-Exploitation Servers in Hunt

Pyramid, an open-source post-exploitation framework in Python, is being used by threat actors for malicious purposes. The tool features a lightweight HTTP/S server for encrypted payload delivery, blending with legitimate Python activity. This analysis examines Pyramid's server, outlines network sig…
python
c2
ransomhub
open-source
more_eggs
post-exploitation
2025-02-13
http server
network signatures
detection
pyramid
Published: February 13, 2025
Downloadable IOCs: 0

The Curious Case of an Excellent Resume

This report details a malicious campaign where the threat actor gained initial access through a resume lure as part of a TA4557/FIN6 operation. The actor employed techniques like abusing legitimate binaries, establishing Cobalt Strike and Pyramid C2, exploiting CVE-2023-27532 for lateral movement, …
apt
privilege-escalation
cobalt strike
persistence
credentials
CVE-2023-27532
lateral-movement
skid
more_eggs
spicyomelette
terra loader
2024-12-04
cloudflared
c2 pyramid
Published: December 4, 2024
Linked vulnerabilities : CVE-2023-27532
Downloadable IOCs: 20

MDR in Action: Preventing The More_eggs Backdoor From Hatching

A sophisticated spear-phishing attack led to a more_eggs backdoor infection at a company. The attack began with an email to a senior executive, followed by a recruitment officer downloading a fake resume. The malicious file, disguised as a resume, contained obfuscated commands that executed when op…
backdoor
malware-as-a-service
2024-10-01
spear-phishing
skid
more_eggs
vision one
spicyomelette
terra loader
recruitment
golden chickens
mdr
Published: October 1, 2024
Downloadable IOCs: 10
Click here to see more Attack Reports