← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Attackers leverage PyPI to sideload malicious DLLs
WHITE Enterprise Strategy CyberHunter_NL 2024-02-21 Modified: 2024-02-21
24
IOCs
MEDIUM VOLUME
Open-source platforms and code are increasingly being used to deliver malware to software supply chains, according to researchers from ReversingLabs, who discovered two suspicious packages on the Python package manager.
pypisoftware supplyreversinglabschain securitystrongnp6helperhttperdll sideloadingiocsstatesupply chaincobalt strikefebruarydownloadmalwaremaliciousclosepythonjuneenterprise strategy
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Cobalt Strike
Indicators of Compromise (5 / 24 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
URL https://cdn.0c.sk/1101012.zip dc2f75883ff1f7578734585820314e35c6bc04b66c2cda1f14272a2c552f60a9 2024-02-21
URL https://cdn.0c.sk/1101012.zip. 2024-02-21
URL https://fus.rngupdatem.buzz 2024-02-21
URL https://us.archive-ubuntu.top/components/an.gif?type=lastest 2024-02-21
URL https://www.facebook.com/tr?id=1076912843267184&ev=PageView&noscript=1 2024-02-21
References (1)
↗ https://www.reversinglabs.com/blog/attackers-leverage-pypi-to-sideload-malicious-dlls