← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
One year later, Rhadamanthys is still dropped via malvertising
WHITE AlienVault 2024-02-29 Modified: 2024-03-30
12
IOCs
MEDIUM VOLUME
A recent malvertising campaign is distributing the Rhadamanthys infostealer by impersonating popular software brands in search ads. Clicking the fake ads leads to decoy sites where users are tricked into downloading malware droppers, which retrieve the final payload from a pastebin site.
pastebininfostealerrhadamanthysmalvertisingdroppers
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Rhadamanthys
Indicators of Compromise (12)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain email hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 f2590ece758eb32302c504ac3ff413f4 2024-02-29
FileHash-SHA1 ffaa1f429e72ea875541a06294445d58d989c4cc 2024-02-29
FileHash-SHA256 679fad2fd86d2fd9e1ec38fa15280c1186f35343583c7e83ab382b8c255f9e18 2024-02-29
FileHash-SHA256 6f4a0cc0fa22b66f75f5798d3b259d470beb776d79de2264c2affc0b5fa924a2 2024-02-29
FileHash-SHA256 e179a9e5d75d56140d11cbd29d92d8137b0a73f964dd3cfd46564ada572a3109 2024-02-29
domain alternativebehavioralconcepts.org 2024-02-29
domain birdarid.org 2024-02-29
domain cerisico.net 2024-02-29
domain yogapets.xyz 2024-02-29
email birdarid.org/@abcnp.exe 2024-02-29
email yogapets.xyz/@abcmse1.exe 2024-02-29
hostname notione.my-apk.com 2024-02-29
References (1)
↗ https://www.malwarebytes.com/blog/threat-intelligence/2024/02/one-year-later-rhadamanthys-is-still-dropped-via-malvertising