← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
FIN7 Uses Trusted Brands and Sponsored Google Ads to Distribute MSIX Payloads
WHITE AustinBH 2024-05-13 Modified: 2024-06-12
61
IOCs
HIGH VOLUME
In April 2024, eSentire’s Threat Response Unit (TRU) observed multiple incidents involving FIN7, a financially motivated threat group based in Russia that has been active since 2013. The threat actors used malicious websites to impersonate well-known brands, including AnyDesk, WinSCP, BlackRock, Asana, Concur, The Wall Street Journal, Workable, and Google Meet.
fin7 c2sdiceloader c2diceloader
Indicators of Compromise (2 / 61 total)
All domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 164a74c996769c9cfc99715e881dca9ca042a05f1d655afebe7ff74dbedf415d SHA256 of b6f12d39edbfe3b33952be4329064b35 2024-05-13
FileHash-SHA256 c25ac229d67cc99f5d166287984d80f488cf23c801fbda0bd437d75c36108329 SHA256 of 0740803404a58d9c1c1f4bd9edaf4186 2024-05-13
References (2)
↗ https://raw.githubusercontent.com/esThreatIntelligence/iocs/main/FIN7/FIN7_IOCs_5-3-2024.txt ↗ https://www.esentire.com/blog/fin7-uses-trusted-brands-and-sponsored-google-ads-to-distribute-msix-payloads