216.73.217.176

The Curious Case of an Excellent Resume

· Published 04/12/2024 20:55 · Modified 04/12/2024 21:38

Export JSON

Essential information

Published
04/12/2024 20:55
Modified
04/12/2024 21:38
Tags
2024-12-04 CVE-2023-27532 apt c2 pyramid cloudflared cobalt strike credentials lateral movement more_eggs persistence privilege-escalation skid spicyomelette terra loader
Related entities
1 vulnerabilities (cve), 20 observables, 1 intrusion sets (apt), 26 techniques (mitre), 4 malware

Description

This report details a malicious campaign where the threat actor gained initial access through a resume lure as part of a TA4557/FIN6 operation. The actor employed techniques like abusing legitimate binaries, establishing and Pyramid C2, exploiting for , and using for tunneling traffic.

External references