Follina suspected state aligned phishing campaign
This campaign masqueraded as a salary increase and utilized an RTF with the exploit payload downloaded from 45.76.53[.]253.
The downloaded Powershell script was base64 encoded and used Invoke-Expression to download an additional PS script from seller-notification[.]live.
This script checks for virtualization, steals information from local browsers, mail clients and file services, conducts machine recon and then zips it for exfil to 45.77.156[.]179.
Featured Resources
Subscribe to Our Blog
Subscribe now to get the latest insights, expert tips and updates on threat exposure validation.
Subscribe