Mirrors/cert-orangecyberdefense-cti
1
0
Fork 0
mirror of https://github.com/cert-orangecyberdefense/cti synced 2026-06-08 14:45:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create readme

Browse Source
This commit is contained in:
Mar-Pic
2025-11-19 09:37:01 +01:00
committed by GitHub
parent e4db73a38d
commit f546b09ada
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
dreamjob/readme
+11
View File
@@ -0,0 +1,11 @@
A Pain in the Mist - Navigating Operation DreamJobs arsenal
• In August 2025, Orange Cyberdefenses CyberSOC and CSIRT investigated an intrusion targeting an Asian subsidiary of a large European manufacturing organization.
• The infection chain was initiated by social engineering and a targeted WhatsApp message containing a job-related lure sent to a project engineer.
• The intrusion leveraged variants of the BURNBOOK loader and the MISTPEN backdoor as well as compromised SharePoint and WordPress resources for C2 infrastructure.
• We assess that this attack coincides with the longstanding Operation DreamJob. We also attribute the attacks artifacts with medium confidence to UNC2970.
The full PDF report aims to describe the infection chain we observed, and to provide a comparative analysis of the BURNBOOK and MISTPEN variants encountered. Recommendations and hunting guidance are also provided in the concluding section.
Note: The analysis cut-off date for this report was November 17, 2025.
Link to the full report: