FAUX#ELEVATE: Fake Resume Campaign Weaponizes Legitimate Ser

Type	Value	Enrichment	Context	Conf.
⌘DOMAIN	`mail.ru (SMTP endpoints)`	VT US	Abused for credential exfiltration via SMTP; outbound connections from non-mail-server endpoints should be alerted or blocked	MEDIUM
⌘DOMAIN	`dropbox.com (staging paths, unspecified)`	VT US	Abused for payload staging; specific URLs not publicly disclosed in available sources — flag anomalous Dropbox download activity from script execution context	MEDIUM
#HASH	`WinRing0x64.sys (specific hash not disclosed in available sources)`	VT MB	Vulnerable kernel driver used for privilege escalation; Microsoft Defender signature: VulnerableDriver:WinNT/Winring0 — use Defender detection as the practical indicator	HIGH
⌘DOMAIN	`Compromised WordPress sites (specific domains not publicly disclosed)`	VT US	Used for C2 communications; hunt for DNS/HTTP connections to low-reputation WordPress-hosted domains from endpoint processes, particularly post-script execution	LOW

Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

engitech@oceanthemes.net

+1 -800-456-478-23

An active phishing campaign tracked as FAUX#ELEVATE is targeting French-speaking corporate environments by distributing malware disguised as resume documents. Within approximately 25 seconds of opening the file, the malware steals browser-stored credentials and exfiltrates them before silently installing a cryptocurrency miner, all while evading detection through Dropbox staging and compromised WordPress infrastructure. Organizations with French-speaking employees, domain-joined Windows environments, or Chromium-based browser deployments face direct exposure to credential compromise and unauthorized resource consumption.

Author

FAUX#ELEVATE: Fake Resume Campaign Weaponizes Legitimate Services to Steal Credentials and Mine Monero in 25 Seconds

Executive Summary

Impact Assessment

Exposure Analysis

Are You Exposed?

Business Context

Business Impact

Technical Analysis

Action Checklist IR ENRICHED

Recovery Guidance

Key Forensic Artifacts

Detection Guidance

Indicators of Compromise (4)

Platform Playbooks

IOC Detection Queries (1)

MITRE ATT&CK Hunting Queries (8)

Falcon API IOC Import Payload (3 indicators)

Compliance Framework Mappings

MITRE ATT&CK Mapping

Sources (5)

Gallery

Contacts

Tech Jacks Solutions

Services

Learn

Company

Executive Summary

Impact Assessment

Exposure Analysis

Are You Exposed?

Business Context

Business Impact

Technical Analysis

Action Checklist IR ENRICHED

Recovery Guidance

Key Forensic Artifacts

Detection Guidance

Indicators of Compromise (4)

Platform Playbooks

IOC Detection Queries (1)

MITRE ATT&CK Hunting Queries (8)

Falcon API IOC Import Payload (3 indicators)

Compliance Framework Mappings

MITRE ATT&CK Mapping

Sources (5)

Related Threats

Gallery

Contacts

Tech Jacks Solutions

Services

Learn

Company