This article discusses a sophisticated phishing campaign targeting job applicants through a seemingly legitimate PDF file posing as a Samsung job application document. The malicious software exploits PowerShell to execute remote code, masquerading as a harmless file. The operation highlights the importance of cybersecurity awareness concerning phishing tactics. Affected: Samsung, job applicants, cybersecurity.
Keypoints :
- Large multinational corporation, Samsung, was targeted in a phishing scheme.
- The malicious code was disguised within a PDF file labeled “Samsung Job Application Document.pdf.lnk.”
- The malware utilizes PowerShell to execute commands secretly.
- Attackers used deceptive techniques to spread phishing via social media and websites.
- The malicious file was discovered to have executable payloads that evade detection.
MITRE Techniques :
- T1059.001 – Command and Scripting Interpreter: PowerShell – The malware uses PowerShell commands to execute scripts that download and run malicious content.
- T1071.001 – Application Layer Protocol: Web Protocols – The phishing campaign employs HTTP(S) to disguise malicious downloads as benign files.
- T1203 – Exploitation for Client Execution – The attack leverages the PDF file to trick victims into executing the malicious .lnk file.
Indicator of Compromise :
- [File] Samsung_Job_Application_Document.pdf.lnk
- [MD5] c2dbb808a94f755506367a63757d3007
- [SHA-1] 9dc8794486160c1b282f50b1e2aa234c77c17c84
- [SHA-256] b55282e00322a4e28d888c1c252218251366f45639ba5212829e4b3d25dbc50e
- [Email] [email protected]
Full Story: http://wezard4u.tistory.com/429418