Tag: more_eggs

4 Attack Reports | 0 Vulnerabilities

Attack reports

Venom Spider Uses Server-Side Polymorphism to Weave a Web Around Victims

Arctic Wolf Labs discovered a new campaign by Venom Spider targeting corporate HR departments with fake resumes containing the More_eggs backdoor. The financially motivated threat group uses spear-phishing emails and abuses legitimate job platforms to apply for real jobs. The backdoor can steal cre…

Published: May 3, 2025

Downloadable IOCs: 3

Tracking Pyramid C2: Identifying Post-Exploitation Servers in Hunt

Pyramid, an open-source post-exploitation framework in Python, is being used by threat actors for malicious purposes. The tool features a lightweight HTTP/S server for encrypted payload delivery, blending with legitimate Python activity. This analysis examines Pyramid's server, outlines network sig…

post-exploitation

network signatures

Published: February 13, 2025

Downloadable IOCs: 0

The Curious Case of an Excellent Resume

This report details a malicious campaign where the threat actor gained initial access through a resume lure as part of a TA4557/FIN6 operation. The actor employed techniques like abusing legitimate binaries, establishing Cobalt Strike and Pyramid C2, exploiting CVE-2023-27532 for lateral movement, …

privilege-escalation

lateral-movement

Published: December 4, 2024

Linked vulnerabilities : CVE-2023-27532

Downloadable IOCs: 20

MDR in Action: Preventing The More_eggs Backdoor From Hatching

A sophisticated spear-phishing attack led to a more_eggs backdoor infection at a company. The attack began with an email to a senior executive, followed by a recruitment officer downloading a fake resume. The malicious file, disguised as a resume, contained obfuscated commands that executed when op…

malware-as-a-service

golden chickens

Published: October 1, 2024

Downloadable IOCs: 10

Click here to see more Attack Reports