Rectifyq📃Title: Targeted attacks leverage accounts on popular online platforms as C2 servers
📅Date: 2025-07-30
🔗References:
Description
A sophisticated cyberattack campaign targeted the Russian IT industry and other entities globally in late 2024. The attackers used social media profiles and popular websites to deliver payload information, bypassing detection methods. They employed spear phishing emails with malicious RAR archives, exploiting DLL hijacking techniques to deploy Cobalt Strike Beacon. The campaign used profiles on GitHub, Microsoft Learn Challenge, Quora, and Russian social networks to conceal activities. The attacks primarily focused on Russian companies but also affected organizations in China, Japan, Malaysia, and Peru. The complexity of the methods used highlights the evolving tactics of threat actors in concealing well-known tools and emphasizes the need for robust cybersecurity measures.
🔖Rectifyq Taxonomies:
- relevancy: 🔴 Highly Relevant
- category: ⚔Threat
- sub-category: campaign-analysis
- target: broad-based
- MY-relevancy: relevant
🔖MISP Galaxies:
- producer Kaspersky
- target-information=“Russia”
- target-information=“China”
- target-information=“Japan”
- target-information=“Malaysia”
- target-information=“Peru”
- online-service=“3b16bb5a-eb4f-4603-a909-bebc5df4a46d”
- mitre-attack-pattern=[‘T1574.001’, ‘T1585.001’]
MISP event uuid: d7a12e7c-a9b2-4d1b-98d0-f1ceb6479de8
Indicator of Compromise (IoCs)
type,value,comment
md5, 02876af791d3593f2729b1fe4f058200, 'No sample in VT\r\nLast check:05/08/2025'
md5, 08fb7bd0bb1785b67166590ad7f99fd2, 'No sample in VT\r\nLast check:05/08/2025'
md5, 15e590e8e6e9e92a18462ef5dfb94298, 'No sample in VT\r\nLast check:05/08/2025'
md5, 2662d1ae8cf86b0d64e73280df8c19b3, 'No sample in VT\r\nLast check:05/08/2025'
md5, 2ff63cacf26adc536cd177017ea7a369, 'No sample in VT\r\nLast check:05/08/2025'
md5, 30d11958bfd72fb63751e8f8113a9b04, 'LNK No sample in VT\r\nLast check:05/08/2025'
md5, 66b6e4d3b6d1c30741f2167f908ab60d, 'No sample in VT\r\nLast check:05/08/2025'
md5, 793453624aba82c8e980ca168c60837d, 'No sample in VT\r\nLast check:05/08/2025'
md5, 92481228c18c336233d242da5f73e2d5, 'LNK No sample in VT\r\nLast check:05/08/2025'
md5, a02c80ad2bf4bffbed9a77e9b02410ff, 'No sample in VT\r\nLast check:05/08/2025'
md5, add6b9a83453db9e8d4e82f5ee46d16c, 'No sample in VT\r\nLast check:05/08/2025'
md5, b2e24e061d0b5be96ba76233938322e7, 'No sample in VT\r\nLast check:05/08/2025'
md5, f9e20eb3113901d780d2a973ff539ace, 'No sample in VT\r\nLast check:05/08/2025'
url, http://moeodincovo.com/divide/mail/SUVVJRQO8QRC, ''
url, https://moeodincovo.com/divide/mail/SUVVJRQO8QRC, ''
url, https://techcommunity.microsoft.com/users/kyongread/2573674, ''
url, https://techcommunity.microsoft.com/users/mariefast14/2631452, ''
url, https://raw.githubusercontent.com/fox7711/repos/main/1202.dat, ''
url, https://my.mail.ru/mail/nadezhd_1/photo/123, ''
url, https://learn.microsoft.com/en-us/collections/ypkmtp5wxwojz2, ''
url, http://10.2.115.160/aa/shellcode_url.html, ''
url, https://techcommunity.microsoft.com/t5/user/viewprofilepage/user-id/2548260, ''
url, https://techcommunity.microsoft.com/t5/user/viewprofilepage/user-id/2631452, ''
url, https://github.com/Mashcheeva, ''
url, https://my.mail.ru/mail/veselina9/photo/mARRy, ''
url, https://github.com/Kimoeli, ''
url, https://www.quora.com/profile/Marieformach, ''
Full IOCs available in Rectifyq's MISP```