Pulse Detail — Threat Intelligence

PULSE NAME

BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising

WHITE tr2222200 2023-07-04 Modified: 2023-08-02

IOCs

LOW VOLUME

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

MALWARE FAMILIES

DLL RCDATA Cobalt Strike

Indicators of Compromise (7)

All URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	https://events.drdivyaclinic.com	—	2023-07-04
URL	https://167.88.164.40/python/pp2	—	2023-07-04
URL	https://172.86.123.127:8443/work2z	—	2023-07-04
URL	https://172.86.123.226:8443/work3z	—	2023-07-04
URL	https://193.42.32.58:8443/work2z	—	2023-07-04
domain	winsccp.com	—	2023-07-04
hostname	events.drdivyaclinic.com	—	2023-07-04

References (2)