← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Kingslayer - a software supply chain attack
WHITE AlienVault 2017-02-13 Modified: 2017-02-13
8
IOCs
LOW VOLUME
RSA Research investigated the source of suspicious, observed beaconing thought to be associated with targeted malware. In the course of this tactical hunt for unidentified code, RSA discovered a sophisticated attack on a software supply-chain involving a Trojan inserted in otherwise legitimate software; software that is typically used by enterprise system administrators.
Kingslayersupply chainmalwarersa
Indicators of Compromise (8)
All hostname FileHash-MD5
TYPEINDICATORDESCRIPTIONCREATED
hostname images.timekard.com 2017-02-13
hostname www.oraclesoft.net 2017-02-13
FileHash-MD5 fbb7de06dcb6118e060dd55720b51528 2017-02-13
FileHash-MD5 1b57396c834d2eb364d28eb0eb28d8e4 2017-02-13
FileHash-MD5 3974a53de0601828e272136fb1ec5106 2017-02-13
FileHash-MD5 a25abc5e031c7c5f2b50a53d45ffc87a 2017-02-13
FileHash-MD5 f97a2744a4964044c60ac241f92e05d7 2017-02-13
FileHash-MD5 76ab4a360b59fe99be1ba7b9488b5188 2017-02-13
References (1)
↗ https://www.rsa.com/content/dam/pdfs/2-2017/kingslayer-a-supply-chain-attack.pdf