General

  • Target

    https://s3.us-east-2.amazonaws.com/disciplinaryfdvs/ykeu125ogb/Entrenched-Hack_727048.html?utm_source=partner_consent

  • Sample

    240808-yj82zasdlh

Malware Config

Targets

    • Target

      https://s3.us-east-2.amazonaws.com/disciplinaryfdvs/ykeu125ogb/Entrenched-Hack_727048.html?utm_source=partner_consent

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks