Tag: msi package

1 Attack Reports | 0 Vulnerabilities

Attack reports

Ongoing Malvertising Campaign leads to Ransomware

Rapid7 detected an ongoing malware distribution campaign involving trojanized installers of WinSCP and PuTTY, delivered via malicious search engine ads. The infection chain employs DLL side-loading, credential access, and deploys Sliver beacons followed by Cobalt Strike. In one case, the threat act…
malware
ransomware
python
cobalt strike
2024-05-15
2024-05-10
msi package
winscp
sliver
putty
service
execution
localappdata
dropped
c2 address
sliver beacon
dnstwist
Published: May 15, 2024
Downloadable IOCs: 78
Click here to see more Attack Reports