Cymulate named a Customers' Choice in 2025 Gartner® Peer Insights™
Learn More
New Case Study: Credit Union Boosts Threat Prevention & Detection with Cymulate
Learn More
New Research: Cymulate Research Labs Discovers Token Validation Flaw
Learn More
An Inside Look at the Technology Behind Cymulate
Learn More
Book a Demo
Book a Demo

Follina suspected state aligned phishing campaign

June 13, 2022

This campaign masqueraded as a salary increase and utilized an RTF with the exploit payload downloaded from 45.76.53[.]253. The downloaded Powershell script was base64 encoded and used Invoke-Expression to download an additional PS script from seller-notification[.]live. This script checks for virtualization, steals information from local browsers, mail clients and file services, conducts machine recon and then zips it for exfil to 45.77.156[.]179.

Featured Resources

View More Resources
Exposure Validation Demo
Demo

Exposure Validation Demo

Demo of automated offensive simulations validating detection, prevention, and IOC coverage

Learn More
Validate What Matters: Simulate Real-World Identity and Privilege Attacks in AD and Entra ID 
blog

Validate What Matters: Simulate Real-World Identity and Privilege Attacks in AD and Entra ID 

Identity is the new perimeter. The move to the cloud and remote work creates new security boundaries based on users and services operating across cloud and hybrid environments, making

Read More
New Cymulate WAF Rules: Turn Validation Gaps Into Actionable Defense 
blog

New Cymulate WAF Rules: Turn Validation Gaps Into Actionable Defense 

Yahav Levin, Research Team LeadIdan Sherman, Infosec Researcher Modern web applications are constantly exposed to threats such as SQL injection,

Read More