MDR in Action: Preventing The More_eggs Backdoor From Hatching
Essential information
- Published
- 01/10/2024 10:12
- Modified
- 01/10/2024 10:22
- Tags
- 2024-10-01 backdoor golden chickens malware-as-a-service mdr more_eggs recruitment skid spear-phishing spicyomelette terra loader vision one
- Related entities
- 10 observables, 1 intrusion sets (apt), 13 techniques (mitre), 4 malware, 4 others
Description
A sophisticated spear-phishing attack led to a more_eggs backdoor infection at a company. The attack began with an email to a senior executive, followed by a recruitment officer downloading a fake resume. The malicious file, disguised as a resume, contained obfuscated commands that executed when opened. This resulted in the download and execution of the more_eggs backdoor. The malware performed system checks and communicated with a command-and-control server. Trend Micro's MDR team quickly identified and contained the threat using Vision One platform, isolating the infected host and blocking indicators. The incident is part of a broader campaign using the Golden Chickens malware toolkit, with two variations observed targeting various industries, particularly those with financial resources.