← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Attackers leverage PyPI to sideload malicious DLLs
WHITE AlienVault 2024-02-20 Modified: 2024-02-20
15
IOCs
MEDIUM VOLUME
ReversingLabs researchers discovered two malicious Python packages on PyPI that employed DLL sideloading to execute malicious payloads. Further investigation revealed connections to a larger campaign abusing open-source infrastructure.
cobalt strikesoftware supply chaindll sideloadingpypi
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Cobalt Strike - S0154
Indicators of Compromise (15)
All FileHash-MD5 FileHash-SHA1 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 e3214c81339540a3804fca656f5aea7d 2024-02-20
FileHash-SHA1 1f9fcf86a56394a7267d85ba76c1256d12e3e76b 2024-02-20
FileHash-SHA1 1fc236e94b54d3ddc4b2afb8d44a19abd7cf0dd4 2024-02-20
FileHash-SHA1 2dc80f45540d0a3ea33830848fcf529f98ea2f5e 2024-02-20
FileHash-SHA1 575bcc28998ad388c2ad2c2ebc74ba583f5c0065 2024-02-20
FileHash-SHA1 73ece3d738777e791035e9c0c94bf4931baf3e3a 2024-02-20
FileHash-SHA1 84c75536b279a85a5320f058514b884a016bc8c8 2024-02-20
FileHash-SHA1 a1bb4531ce800515afa1357b633c73c27fa305cf 2024-02-20
FileHash-SHA1 a65bce340366f724d444978dcdcd877fa2cacb1c 2024-02-20
FileHash-SHA1 dfc8afe5cb7377380908064551c9555719fd28e3 2024-02-20
FileHash-SHA1 e3a7098e3352fdbb5ff5991e9e10dcf3b43b1b86 2024-02-20
URL https://fus.rngupdatem.buzz 2024-02-20
URL https://us.archive-ubuntu.top/components/an.gif?type=lastest 2024-02-20
hostname fus.rngupdatem.buzz 2024-02-20
hostname us.archive-ubuntu.top 2024-02-20
References (1)
↗ https://www.reversinglabs.com/blog/attackers-leverage-pypi-to-sideload-malicious-dlls