← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
FIN7 Uses Trusted Brands and Sponsored Google Ads to Distribute MSIX Payloads
WHITE AustinBH 2024-05-13 Modified: 2024-06-12
61
IOCs
HIGH VOLUME
In April 2024, eSentire’s Threat Response Unit (TRU) observed multiple incidents involving FIN7, a financially motivated threat group based in Russia that has been active since 2013. The threat actors used malicious websites to impersonate well-known brands, including AnyDesk, WinSCP, BlackRock, Asana, Concur, The Wall Street Journal, Workable, and Google Meet.
fin7 c2sdiceloader c2diceloader
Indicators of Compromise (2 / 61 total)
All domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 2e810b7759dd5e2de257f0fbaaecb8d6715a4d87 SHA1 of 0740803404a58d9c1c1f4bd9edaf4186 2024-05-13
FileHash-SHA1 5e1eac3596e5a1902d799b687d6009c1f3da0466 SHA1 of b6f12d39edbfe3b33952be4329064b35 2024-05-13
References (2)
↗ https://raw.githubusercontent.com/esThreatIntelligence/iocs/main/FIN7/FIN7_IOCs_5-3-2024.txt ↗ https://www.esentire.com/blog/fin7-uses-trusted-brands-and-sponsored-google-ads-to-distribute-msix-payloads