← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Fake pirated software sites serve up malware droppers as a service
WHITE AlienVault 2021-09-07 Modified: 2021-09-07
578
IOCs
HIGH VOLUME
The Raccoon Stealer malware campaign has been linked to a network of websites acting as an underground marketplace for paid download services, according to research by security firm Sophos and its partner, the Secure Networks.
RaccoonContiStealerCryptbotCryptojackersDropper-As-A-ServiceRansomwareStealerCryptBotGlupteba
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Raccoon Conti CryptBot Glupteba
Indicators of Compromise (3 / 578 total)
All FileHash-MD5 hostname FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
hostname landing2.installusd.com 2021-09-07
hostname ns1.installusd.online 2021-09-07
hostname ns2.installusd.online 2021-09-07
References (2)
↗ https://news.sophos.com/en-us/2021/09/01/fake-pirated-software-sites-serve-up-malware-droppers-as-a-service/ ↗ https://github.com/sophoslabs/IoCs/blob/master/Troj-DropperAsAService.csv