Description
In mid-April 2024, Trellix Advanced Research Center team members observed multiple fake AV sites hosting highly sophisticated malicious files such as APK, EXE and Inno setup installer that includes Spy and Stealer capabilities.
Date
Published | Created | Modified |
---|---|---|
May 24, 2024, 6:32 p.m. | May 24, 2024, 6:32 p.m. | May 24, 2024, 6:56 p.m. |
Indicators
http://tirechinecarpett.pw/api
http://tolerateilusidjukl.shop/api
http://shortsvelventysjo.shop/api
http://productivelookewr.shop/api
http://shatterbreathepsw.shop/api
http://occupytapsessijk.pw/api
http://musclefarelongea.pw/api
http://ownerbuffersuperw.pw/api
http://liabilitynighstjsko.shop/api
http://freckletropsao.pw/api
http://incredibleextedwj.shop/api
http://fanlumpactiras.pw/api
http://alcojoldwograpciw.shop/api
http://demonstationfukewko.shop/api
Attack Patterns
Spynot
Lumma
StealC
T1608
T1572
T1189
T1071
T1102
T1219
T1190