Contact

Analyzing FLUX#CONSOLE: Using Tax-Themed Lures, Threat Actors Exploit Windows Management Console to Deliver Backdoor Payloads

NetmanageIT OpenCTI - opencti.netmanageit.com

Analyzing FLUX#CONSOLE: Using Tax-Themed Lures, Threat Actors Exploit Windows Management Console to Deliver Backdoor Payloads



SUMMARY :

The FLUX#CONSOLE campaign involves a sophisticated tax-themed phishing attack that exploits Microsoft Management Console (MSC) files to deliver a stealthy backdoor payload. Threat actors use tax-related lures to trick users into executing malicious code. The attack leverages MSC files, which are normally used for administrative tasks, to execute obfuscated JavaScript. This leads to the deployment of a malicious DLL file (DismCore.dll) through DLL sideloading. The campaign employs advanced obfuscation techniques, including multiple layers of encoding and encryption, to evade detection. Persistence is established using scheduled tasks. The malware communicates with a command and control server, potentially exfiltrating data from infected systems.

OPENCTI LABELS :

javascript,lnk files,dll sideloading,dismcore.dll,xmlhttp


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Analyzing FLUX#CONSOLE: Using Tax-Themed Lures, Threat Actors Exploit Windows Management Console to Deliver Backdoor Payloads