← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Attackers leverage PyPI to sideload malicious DLLs
WHITE Enterprise Strategy CyberHunter_NL 2024-02-21 Modified: 2024-02-21
24
IOCs
MEDIUM VOLUME
Open-source platforms and code are increasingly being used to deliver malware to software supply chains, according to researchers from ReversingLabs, who discovered two suspicious packages on the Python package manager.
pypisoftware supplyreversinglabschain securitystrongnp6helperhttperdll sideloadingiocsstatesupply chaincobalt strikefebruarydownloadmalwaremaliciousclosepythonjuneenterprise strategy
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Cobalt Strike
Indicators of Compromise (10 / 24 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 1f9fcf86a56394a7267d85ba76c1256d12e3e76b 2024-02-21
FileHash-SHA1 1fc236e94b54d3ddc4b2afb8d44a19abd7cf0dd4 2024-02-21
FileHash-SHA1 2dc80f45540d0a3ea33830848fcf529f98ea2f5e 2024-02-21
FileHash-SHA1 575bcc28998ad388c2ad2c2ebc74ba583f5c0065 2024-02-21
FileHash-SHA1 73ece3d738777e791035e9c0c94bf4931baf3e3a 2024-02-21
FileHash-SHA1 84c75536b279a85a5320f058514b884a016bc8c8 2024-02-21
FileHash-SHA1 a1bb4531ce800515afa1357b633c73c27fa305cf 2024-02-21
FileHash-SHA1 a65bce340366f724d444978dcdcd877fa2cacb1c 2024-02-21
FileHash-SHA1 dfc8afe5cb7377380908064551c9555719fd28e3 2024-02-21
FileHash-SHA1 e3a7098e3352fdbb5ff5991e9e10dcf3b43b1b86 2024-02-21
References (1)
↗ https://www.reversinglabs.com/blog/attackers-leverage-pypi-to-sideload-malicious-dlls