← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Attackers leverage PyPI to sideload malicious DLLs
WHITE Enterprise Strategy CyberHunter_NL 2024-02-21 Modified: 2024-02-21
24
IOCs
MEDIUM VOLUME
Open-source platforms and code are increasingly being used to deliver malware to software supply chains, according to researchers from ReversingLabs, who discovered two suspicious packages on the Python package manager.
pypisoftware supplyreversinglabschain securitystrongnp6helperhttperdll sideloadingiocsstatesupply chaincobalt strikefebruarydownloadmalwaremaliciousclosepythonjuneenterprise strategy
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Cobalt Strike
Indicators of Compromise (4 / 24 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 5fca3bf478369aad61d40dd096a9e291 MD5 of 84c75536b279a85a5320f058514b884a016bc8c8 2024-02-21
FileHash-MD5 8d0778fb445094eace16d18bf078023f MD5 of 1f9fcf86a56394a7267d85ba76c1256d12e3e76b 2024-02-21
FileHash-MD5 a1be3261c569f85d2239d83e18042a39 MD5 of 2dc80f45540d0a3ea33830848fcf529f98ea2f5e 2024-02-21
FileHash-MD5 e3214c81339540a3804fca656f5aea7d 2024-02-21
References (1)
↗ https://www.reversinglabs.com/blog/attackers-leverage-pypi-to-sideload-malicious-dlls