Tag: more_eggs

3 Attack Reports | 0 Vulnerabilities

Attack reports

Tracking Pyramid C2: Identifying Post-Exploitation Servers in Hunt

Pyramid, an open-source post-exploitation framework in Python, is being used by threat actors for malicious purposes. The tool features a lightweight HTTP/S server for encrypted payload delivery, blending with legitimate Python activity. This analysis examines Pyramid's server, outlines network sig…
python
c2
ransomhub
open-source
more_eggs
post-exploitation
2025-02-13
http server
network signatures
detection
pyramid
Published: February 13, 2025
Downloadable IOCs: 0

The Curious Case of an Excellent Resume

This report details a malicious campaign where the threat actor gained initial access through a resume lure as part of a TA4557/FIN6 operation. The actor employed techniques like abusing legitimate binaries, establishing Cobalt Strike and Pyramid C2, exploiting CVE-2023-27532 for lateral movement, …
apt
privilege-escalation
cobalt strike
persistence
credentials
CVE-2023-27532
lateral-movement
skid
more_eggs
spicyomelette
terra loader
2024-12-04
cloudflared
c2 pyramid
Published: December 4, 2024
Downloadable IOCs: 20

MDR in Action: Preventing The More_eggs Backdoor From Hatching

A sophisticated spear-phishing attack led to a more_eggs backdoor infection at a company. The attack began with an email to a senior executive, followed by a recruitment officer downloading a fake resume. The malicious file, disguised as a resume, contained obfuscated commands that executed when op…
backdoor
malware-as-a-service
2024-10-01
spear-phishing
skid
more_eggs
vision one
spicyomelette
terra loader
recruitment
golden chickens
mdr
Published: October 1, 2024
Downloadable IOCs: 10
Click here to see more Attack Reports