{"id":21,"date":"2021-09-05T22:42:44","date_gmt":"2021-09-06T02:42:44","guid":{"rendered":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/?p=21"},"modified":"2021-09-05T22:42:44","modified_gmt":"2021-09-06T02:42:44","slug":"fin7-hackers-using-windows-11-themed-documents-to-drop-javascript-backdoor","status":"publish","type":"post","link":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/2021\/09\/05\/fin7-hackers-using-windows-11-themed-documents-to-drop-javascript-backdoor\/","title":{"rendered":"FIN7 Hackers Using Windows 11 Themed Documents to Drop Javascript Backdoor"},"content":{"rendered":"<p><span style=\"font-weight: 400\">This is a good example of knowing your intended target and providing the right context to increase perceived legitimacy, e.g. capitalizing on Microsoft\u2019s recent announcement of Windows 11.\u00a0 Specifically, I thought the following items were interesting and relevant to our upcoming discussion on reconnaissance.<\/span><\/p>\n<p><span style=\"font-weight: 400\">The FIN7 script checked for, and terminated itself, if the following were found on the victim&#8217;s machine:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Eastern European languages in use<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Running within a virtual environment such as VMware or Virtual Box<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400\">The items above would be atypical for their ideal victim.\u00a0 Stopping the script when the above criteria is met helps avoid detection by security researchers and extends the lifespan of the attack.<\/span><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2021\/09\/fin7-hackers-using-windows-11-themed.html\"><span style=\"font-weight: 400\">https:\/\/thehackernews.com\/2021\/09\/fin7-hackers-using-windows-11-themed.html<\/span><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This is a good example of knowing your intended target and providing the right context to increase perceived legitimacy, e.g. capitalizing on Microsoft\u2019s recent announcement of Windows 11.\u00a0 Specifically, I thought the following items were interesting and relevant to our upcoming discussion on reconnaissance. The FIN7 script checked for, and terminated itself, if the following [&hellip;]<\/p>\n","protected":false},"author":26653,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[77],"tags":[77],"class_list":{"0":"post-21","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-week-2","7":"tag-week-2","8":"entry"},"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/wp-json\/wp\/v2\/posts\/21","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/wp-json\/wp\/v2\/users\/26653"}],"replies":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/wp-json\/wp\/v2\/comments?post=21"}],"version-history":[{"count":1,"href":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/wp-json\/wp\/v2\/posts\/21\/revisions"}],"predecessor-version":[{"id":22,"href":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/wp-json\/wp\/v2\/posts\/21\/revisions\/22"}],"wp:attachment":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/wp-json\/wp\/v2\/media?parent=21"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/wp-json\/wp\/v2\/categories?post=21"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/wp-json\/wp\/v2\/tags?post=21"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}