Date: 08/21/2024
Severity: Medium
Summary
"Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset" describes a cyber espionage incident involving the threat actor group TA453. In this case, TA453, also known as Charming Kitten or APT35, used a sophisticated phishing tactic to target a religious figure. They sent a deceptive email posing as an invitation to participate in a podcast. The email, however, contained a malicious payload that delivered the BlackSmith malware toolset. This new toolset is designed to facilitate espionage by enabling unauthorized access and control over the victim's systems, allowing the attackers to gather sensitive information and conduct further malicious activities.
Indicators of Compromise (IOC) List
URL/Domain | deepspaceocean.info understandingthewar.org theworkpc.com dropzilla.theworkpc.com d75.site |
Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection
URL/Domain | userdomainname like "deepspaceocean.info" or url like "deepspaceocean.info" or userdomainname like "understandingthewar.org" or url like "understandingthewar.org" or userdomainname like "theworkpc.com" or url like "theworkpc.com" or userdomainname like "dropzilla.theworkpc.com" or url like "dropzilla.theworkpc.com" or userdomainname like "d75.site" or url like "d75.site" |
Reference:
https://www.proofpoint.com/us/blog/threat-insight/best-laid-plans-ta453-targets-religious-figure-fake-podcast-invite-delivering