← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Attackers leverage PyPI to sideload malicious DLLs
WHITE Enterprise Strategy CyberHunter_NL 2024-02-21 Modified: 2024-02-21
24
IOCs
MEDIUM VOLUME
Open-source platforms and code are increasingly being used to deliver malware to software supply chains, according to researchers from ReversingLabs, who discovered two suspicious packages on the Python package manager.
pypisoftware supplyreversinglabschain securitystrongnp6helperhttperdll sideloadingiocsstatesupply chaincobalt strikefebruarydownloadmalwaremaliciousclosepythonjuneenterprise strategy
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Cobalt Strike
Indicators of Compromise (3 / 24 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 8c7423e2c833effc1193c6511c88a14ba48e5e3af9fd5c05f80f44c8d8ef71a4 SHA256 of 2dc80f45540d0a3ea33830848fcf529f98ea2f5e 2024-02-21
FileHash-SHA256 eee6b8f69bd3e65fa29142e7965b7a0d8bdec03d36e7c67266746ae54ebb493a SHA256 of 84c75536b279a85a5320f058514b884a016bc8c8 2024-02-21
FileHash-SHA256 f81e8b6ca1e0c4ee7ca8668df4b3792ccb1608eed8bbf94a2247d869264540f2 SHA256 of 1f9fcf86a56394a7267d85ba76c1256d12e3e76b 2024-02-21
References (1)
↗ https://www.reversinglabs.com/blog/attackers-leverage-pypi-to-sideload-malicious-dlls