top of page
Search
Writer's pictureStormsec

New Golang Attack Campaign Leverages Office Macros and James Webb Images to Infect Systems

The Securonix Threat research team has recently identified a unique sample of a persistent Golang-based attack campaign tracked by Securonix as GO#WEBBFUSCATOR. The new campaign incorporates an equally interesting strategy by leveraging the infamous deep field image taken from the James Webb telescope and obfuscated Golang programming language payloads to infect the target system with the malware.




ATT&CK IDS: T1027 - Obfuscated Files or Information, T1102 - Web Service, T1036 - Masquerading, T1530 - Data from Cloud Storage Object, T1001 - Data Obfuscation, T1016 - System Network Configuration Discovery, T1033 - System Owner/User Discovery, T1041 - Exfiltration Over C2 Channel, T1059 - Command and Scripting Interpreter, T1071 - Application Layer Protocol, T1105 - Ingress Tool Transfer, T1132 - Data Encoding, T1140 - Deobfuscate/Decode Files or Information, T1420 - File and Directory Discovery, T1426 - System Information Discovery, T1547 - Boot or Logon Autostart Execution, T1566 - Phishing, T1137.001 - Office Template Macros


Read More:


2 views

Comments


Commenting has been turned off.
bottom of page