384. Adversaries Abuse Spotify and Chess.com

Hello everyone!

Another day, another Dead Drop Resolver (T1102.001). And this time, the exploited web services are even more interesting than usual.

According to Solar’s research on MaskGram Stealer, in addition to the already popular platforms among attackers - Steam and Telegram - threat actors also used Spotify and Chess.com.

As before, it’s important to pay attention to communications with legitimate web services that attackers leverage as part of this technique, and to identify unusual processes:

event_type: "dnsreqwin"

AND

dns_rname: ("spotify.com" OR "chess.com")

AND NOT

proc_file_path: ("your_exclusion_list")

See you soon!

Comments

Popular posts from this blog

391. Hunting for TeamPCP's Stealer

343. Ransomware Gangs Abuse SystemSettingsAdminFlows to Evade Defenses

082. Huniting for Malicious Browser Extensions