A malware campaign has been detected that seems to be associated with the threat actor tracked as “EmpireMonkey”.
This group uses PowerShell Empire Framework as the initial tool to gain foothold in the targeted entities. Additionally, in multiple earlier malware samples attributed to this actor, they distinctly used variants of the word “monkey” in the Macro functions embedded within their documents.
|IP(s) / Hostname(s)||www[.]finanstilsynet-dk[.]org|
|Malware Hash (MD5/SHA1/SH256)|| e5483b77fbcf61bf29e73521464c520f |
Block the threat indicators at their respective controls.
Do not download email attachments coming from unknonw or untrusted sources.
Always scan downloaded files before execution.