← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Opening a Can of Whoop Ads: Detecting and Disrupting a Malvertising Campaign Distributing Backdoors
WHITE UNC2975 AlienVault 2023-12-15 Modified: 2024-01-14
33
IOCs
MEDIUM VOLUME
Mandiant disclosed a new investigation on a recently discovered infrastructure operated by the distribution threat cluster UNC2975. that leveraged malicious advertisements to trick users into visiting fake “unclaimed funds'' themed websites. In this UNC2975 campaign, the malicious websites delivered PAPERDROP and PAPERTEAR downloader malware that eventually led to DANABOT and DARKGATE backdoor malware.
unc2975danabotpaperteardarkgatepaperdropmalvertising
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
paperdrop DanaBot papertear DarkGate
Indicators of Compromise (6 / 33 total)
All domain hostname FileHash-MD5 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 650b0b12b21e9664d5c771d78738cf9f 2023-12-15
FileHash-MD5 862a42a91b5734062d47c37fdd80c633 2023-12-15
FileHash-MD5 9120c82b0920b9db39894107b5494ccd 2023-12-15
FileHash-MD5 7544f5bb88ad481f720a9d9f94d95b30 2023-12-15
FileHash-MD5 2c16eafd0023ea5cb8e9537da442047e 2023-12-15
FileHash-MD5 9f9c5a1269667171e1ac328f7f7f6cb3 2023-12-15
References (1)
↗ https://www.mandiant.com/resources/blog/detecting-disrupting-malvertising-backdoors