Invisible Obfuscation Technique Used in PAC Attack

    Wednesday, February 19, 2025 In: Threat Research Print

    Date: 02/19/2025

    Severity: Medium

    Summary

    The "Invisible Obfuscation Technique Used in PAC Attack" involves encoding binary data using Hangul half-width and full-width Unicode characters, representing 0 and 1, to hide a payload in a JavaScript script. This technique, first demonstrated in October 2024, was incorporated into a phishing attack targeting affiliates of a major American political action committee (PAC) in January 2025. The payload is executed through a Proxy get() trap when accessed.

    Indicators of Compromise (IOC) List

    URL/Domain

    veracidep.ru

    mentespic.ru

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1

    userdomainname like "veracidep.ru" or url like "veracidep.ru" or userdomainname like "mentespic.ru" or url like "mentespic.ru"

    Reference:

    https://blogs.juniper.net/en-us/threat-research/invisible-obfuscation-technique-used-in-pac-attack


    Tags

    PhishingMalwareAmericaGovernment Services and Facilities

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.