← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
FIN7 Uses Trusted Brands and Sponsored Google Ads to Distribute MSIX Payloads
WHITE AustinBH 2024-05-13 Modified: 2024-06-12
61
IOCs
HIGH VOLUME
In April 2024, eSentire’s Threat Response Unit (TRU) observed multiple incidents involving FIN7, a financially motivated threat group based in Russia that has been active since 2013. The threat actors used malicious websites to impersonate well-known brands, including AnyDesk, WinSCP, BlackRock, Asana, Concur, The Wall Street Journal, Workable, and Google Meet.
fin7 c2sdiceloader c2diceloader
Indicators of Compromise (5 / 61 total)
All domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 0740803404a58d9c1c1f4bd9edaf4186 2024-05-13
FileHash-MD5 782621d1062a8fc7d626ceb68af314e5 2024-05-13
FileHash-MD5 b6f12d39edbfe3b33952be4329064b35 2024-05-13
FileHash-MD5 bb0a503a83b1f9833c3d3d08784b78a8 2024-05-13
FileHash-MD5 e7b1fb0ef5dd20f4522945b902803f10 2024-05-13
References (2)
↗ https://raw.githubusercontent.com/esThreatIntelligence/iocs/main/FIN7/FIN7_IOCs_5-3-2024.txt ↗ https://www.esentire.com/blog/fin7-uses-trusted-brands-and-sponsored-google-ads-to-distribute-msix-payloads