GLESEC’s
SKYWATCHSM ALERTS
Downloading and opening the malicious ZIP archive launched a series of scripts resulting in the system infected with malicious software including a Cobalt Strike beacon.
Read More...Opening the attachment resulted in VBScript code creating a scheduled task for persistence and a PowerShell script downloading the DolphinCape information stealer.
Read More...Multiple legitimate Microsoft Windows utilities were used to carry out the operation including cmd, BITSAdmin, PowerShell, wscript, and curl.
Read More...Organizations affected included governments, media outlets, military, suppliers, telecommunication companies, transportation authorities, financial institutions, and many others.
Read More...The initial file analyzed arrived as a Mach-o executable that performed discovery routines and writes malicious code to files with a doc extension. The malware continues the malicious activity by enabling macros and retrieving additional payloads from decrypted URLS.
Read More...