← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla
This report describes an ongoing malicious campaign targeting system administrators through fraudulent online advertisements for popular utilities like PuTTY and FileZilla. Threat actors are using these ads to trick victims into downloading and running the Nitrogen malware, which is employed to gain initial access to private networks, leading to data theft and deployment of ransomware such as BlackCat/ALPHV. The tactics, techniques, and procedures (TTPs) used in this campaign, as well as indicators of compromise (IOCs), are provided to assist defenders in taking appropriate action.
MITRE ATT&CK & Malware Families
Indicators of Compromise (14)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-SHA256 | 033a286218baca97da19810446f9ebbaf33be6549a5c260889d359e2062778cf | — | 2024-04-10 | |
| FileHash-SHA256 | 2037ec95c91731f387d3c0c908db95184c93c3b8412b6b3ca3219f9f8ff60945 | — | 2024-04-10 | |
| FileHash-SHA256 | ecde4ca1588223d08b4fc314d6cf4bce82989f6f6a079e3eefe8533222da6281 | — | 2024-04-10 | |
| URL | http://amplex-amplification.com/wp-includes/FileZilla_3.66.1_win64.zip | — | 2024-04-10 | |
| URL | http://mkt.geostrategy-ec.com/installer.zip | — | 2024-04-10 | |
| URL | http://newarticles23.com/wp-includes/putty-64bit-0.80-installer.zip | — | 2024-04-10 | |
| URL | http://support.hosting-hero.com/wp-includes/putty-64bit-0.80-installer.zip | — | 2024-04-10 | |
| domain | file-zilla-projectt.org | — | 2024-04-10 | |
| domain | inzerille.com | — | 2024-04-10 | |
| domain | kunalicon.com | — | 2024-04-10 | |
| domain | pputy.com | — | 2024-04-10 | |
| domain | puttyy.ca | — | 2024-04-10 | |
| domain | puuty.org | — | 2024-04-10 | |
| domain | recovernj.com | — | 2024-04-10 |