Malvertising Campaign Leads to Execution of Oyster Backdoor

June 24, 2024, 6:53 p.m.

Tags
malware
powershell
persistence
execution
malicious
python script
2024-06-24
lnk file
schtasks
json
microsoft teams
temp directory
http post
oyster main
External References
Description

Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and Microsoft Teams.

Date

Published: June 24, 2024, 6:48 p.m.

Created: June 24, 2024, 6:48 p.m.

Modified: June 24, 2024, 6:53 p.m.

Indicators

cfc2fe7236da1609b0db1b2981ca318bfd5fbbb65c945b5f26df26d9f948cbb4

9601f3921c2cd270b6da0ba265c06bae94fd7d4dc512e8cb82718eaa24accc43

82b246d8e6ffba1abaffbd386470c45cef8383ad19394c7c0622c9e62128cb94

574c70e84ecdad901385a1ebf38f2ee74c446034e97c33949b52f3a2fddcd822

206.166.251.114

149.248.79.62

64.95.10.243

Download all indicators here!

Attack Patterns

Oyster Main

T1583

T1497

T1005

T1547

T1106

T1071

T1036

T1204

T1140

T1132

T1553

T1053

T1059