Malvertising Campaign Leads to Execution of Oyster Backdoor

June 24, 2024, 6:53 p.m.

Description

Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and Microsoft Teams.

External References

https://www.rapid7.com/blog/post/2024/06/17/malvertising-campaign-leads-to-execution-of-oyster-backdoor/

https://otx.alienvault.com/pulse/6679bf7ef90d73c4ccc58180

Tags

malware

powershell

persistence

execution

malicious

python script

2024-06-24

lnk file

schtasks

json

microsoft teams

temp directory

http post

oyster main

Date

Created: June 24, 2024, 6:48 p.m.
Published: June 24, 2024, 6:48 p.m.
Modified: June 24, 2024, 6:53 p.m.

Indicators

cfc2fe7236da1609b0db1b2981ca318bfd5fbbb65c945b5f26df26d9f948cbb4
9601f3921c2cd270b6da0ba265c06bae94fd7d4dc512e8cb82718eaa24accc43
82b246d8e6ffba1abaffbd386470c45cef8383ad19394c7c0622c9e62128cb94
574c70e84ecdad901385a1ebf38f2ee74c446034e97c33949b52f3a2fddcd822

206.166.251.114
149.248.79.62
64.95.10.243

whereverhomebe.com
prodfindfeatures.com
micrsoft-teams-download.com
impresoralaser.pro
supfoundrysettlers.us
retdirectyourman.eu

Download all indicators here!

Attack Patterns

Oyster Main