Threat Actor Uses Fake Recovery Manual to Deliver Unidentified Stealer
released on 2024-07-24 @ 08:06:34 AM
An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web browsers, saving them to a temporary file before exfiltrating the data to a command-and-control server. The report provides technical analysis, recommendations, indicators of compromise, and MITRE ATT&CK mappings related to this malicious operation.