The Curious Case of an Excellent Resume

SUMMARY :

This report details a malicious campaign where the threat actor gained initial access through a resume lure as part of a TA4557/FIN6 operation. The actor employed techniques like abusing legitimate binaries, establishing Cobalt Strike and Pyramid C2, exploiting CVE-2023-27532 for lateral movement, and using Cloudflared for tunneling traffic.

OPENCTI LABELS :

apt,cobalt strike,credentials,privilege-escalation,persistence,cve-2023-27532,skid,lateral-movement,more_eggs,spicyomelette,terra loader,cloudflared,c2 pyramid


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


The Curious Case of an Excellent Resume