Venom Spider Uses Server-Side Polymorphism to Weave a Web Around Victims
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Arctic Wolf Labs discovered a new campaign by Venom Spider targeting corporate HR departments with fake resumes containing the More_eggs backdoor. The financially motivated threat group uses spear-phishing emails and abuses legitimate job platforms to apply for real jobs. The backdoor can steal credentials, customer data, and intellectual property. Several upgrades were found, including server-side polymorphism and evasion techniques. The attack chain involves obfuscated JavaScript, LNK files, and a dropper that generates polymorphic code. Organizations are advised to train employees on phishing awareness, especially those in HR who regularly open attachments from unknown senders.
OPENCTI LABELS :
backdoor,spear-phishing,evasion,javascript,lnk files,more_eggs,polymorphism
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Venom Spider Uses Server-Side Polymorphism to Weave a Web Around Victims