Just Another Blue Teamer · @LeeArchinal
134 followers · 201 posts · Server ioc.exchange

Good day all! The Computer Emergency Response Team of Ukraine, CERT-UA reports on a targeted attack attributed to they observed on critical energy infrastructure facility in Ukraine. It started with a email that contained a link to an archive that led to a downloaded zip file that contained three decoy JPGs and a bat file that would run on the victims computer. The BAT file would, again, open some decoy web pages, but more importantly would create a .bat and .vbs file. There was some discovery commands issued, TOR program downloaded and hidden on the victim's computer as a hidden service, and abused common ports (445,389,3389,443). Last but not least, a PowerShell script was used to collect the password hash of the account. Enjoy and Happy Hunting!

cert.gov.ua/article/5702579

#apt28 #phishing #cybersecurity #itsecurity #infosec #blueteam #threatintel #threathunting #ThreatDetection #happyhunting #readoftheday #certua

Last updated 1 year ago