Intel Name: Mdr in action: preventing the more_eggs backdoor from hatching
Date of Scan: October 1, 2024
Impact: Medium
Summary: A customer’s talent search resulted in their recruitment officer downloading a fraudulent resume and unintentionally running a malicious .LNK file, leading to a More_eggs infection. More_eggs is a JScript backdoor associated with the Golden Chickens malware-as-a-service (MaaS) toolkit. It is commonly exploited by financially motivated threat actors, including FIN6 and the Cobalt Group, to target financial and retail institutions. The backdoor connects to a fixed command-and-control (C&C) server to download and execute additional payloads, such as infostealers and ransomware.