Mirrors/cert-orangecyberdefense-cti
1
0
Fork 0
mirror of https://github.com/cert-orangecyberdefense/cti synced 2026-06-08 14:45:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f9664cc2c5b1fd4f69e2fd4bb96622b6d421f7ee
cert-orangecyberdefense-cti/dreamjob
T
History
Mar-Pic 0591d8f2ff Update readme
2025-11-19 17:11:38 +01:00
..
iocs
readme
Update readme
2025-11-19 17:11:38 +01:00

readme

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
A Pain in the Mist - Navigating Operation DreamJobs arsenal

•	In August 2025, Orange Cyberdefenses CyberSOC and CSIRT investigated an intrusion targeting an Asian subsidiary of a large European manufacturing organization.
•	The infection chain was initiated by social engineering and a targeted WhatsApp message containing a job-related lure sent to a project engineer.
•	The intrusion leveraged variants of the BURNBOOK loader and the MISTPEN backdoor as well as compromised SharePoint and WordPress resources for C2 infrastructure.
•	We assess that this attack coincides with the longstanding Operation DreamJob. We also attribute the attacks artifacts with medium confidence to UNC2970.

The full PDF report aims to describe the infection chain we observed, and to provide a comparative analysis of the BURNBOOK and MISTPEN variants encountered. Recommendations and hunting guidance are also provided in the concluding section.
Note: The analysis cut-off date for this report was November 17, 2025.

Link to the full report: https://www.orangecyberdefense.com/global/blog/cert-news/a-pain-in-the-mist-navigating-operation-dreamjobs-arsenal
Reference in New Issue View Git Blame Copy Permalink