Source: Recorded Future
They leveraged the samples to gain one-time access to a command-and-control (C2) server and interface used by FIN7 for GRIFFON-based attacks. The threat actors obfuscated the script using a custom string-encoding algorithm.
GRIFFON malware is a JScript-based JSloader backdoor that connects with a C2 server to receive and execute additional modules. The malware uses Windows Management Instrumentation (WMI) functions to collect system and network configuration data from its victims.
Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer. This is how it works: An email arrives, apparently from a trustworthy source, but instead it leads the unknowing recipient to a bogus website full of malware. These emails often use clever tactics to get victims' attention. For example, the FBI has warned of spear phishing scams where the emails appeared to be from the National Center for Missing and Exploited Children.
Read the full Report
If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland