.. /.Uue

Exploit
Phishing
Native
Double Click
File Archiver

Author:

Joseliyo Sanchez Martinez - @Joseliyo_Jstnk

Description:

UUE file extension converts binary files to text format for easy transfer while still allowing for the files to be easily opened using Winzip or similar un-archiving applications. Normally is distributed via email with .zip or similar files inside. APT-C-36 has used this technique.

OS:

Windows

Recommendation:

Show extensions and open with compression software. Monitor UUE files that are delivered as email attachments

Resources:

https://cofense.com/nanocore-variant-delivered-uue-files/

File Samples:

https://www.virustotal.com/gui/file/0fabd3ac7b664d5354c67578609eef24e157eadb64eee56866883ed92fc5153a/detection
https://www.virustotal.com/gui/file/cd3569e737597342cfd6a33a597f23767dcd07208661826811ad433e0736960b/detection
https://www.virustotal.com/gui/file/dfefcec1eb7e60582c9993879a6ac275d8bc0905e19fbf60f0ca5da7222c6a62/detection

Contributions: