Pulse Detail — Threat Intelligence

PULSE NAME

One year later, Rhadamanthys is still dropped via malvertising

WHITE AlienVault 2024-02-29 Modified: 2024-03-30

IOCs

MEDIUM VOLUME

A recent malvertising campaign is distributing the Rhadamanthys infostealer by impersonating popular software brands in search ads. Clicking the fake ads leads to decoy sites where users are tricked into downloading malware droppers, which retrieve the final payload from a pastebin site.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1003 T1547 T1071 T1140 T1036 T1566 T1027 T1573 T1056 T1189

MALWARE FAMILIES

Rhadamanthys

Indicators of Compromise (1 / 12 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain email hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	f2590ece758eb32302c504ac3ff413f4	—	2024-02-29

References (1)

↗ https://www.malwarebytes.com/blog/threat-intelligence/2024/02/one-year-later-rhadamanthys-is-still-dropped-via-malvertising