← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Warning Against Phishing Emails Prompting Execution of Commands via Paste
WHITE AlienVault 2024-06-06 Modified: 2024-06-06
27
IOCs
MEDIUM VOLUME
This report details a phishing campaign distributing malicious HTML files through emails. The files prompt users to paste and run malicious PowerShell commands that initiate a multi-stage infection process. The campaign ultimately delivers the DarkGate malware, highlighting the importance of exercising caution with files from unknown sources.
phishingemailsmaliciousdarkgatecommandspowershell
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
DarkGate
Indicators of Compromise (27)
All FileHash-MD5 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 0b77babfa83bdb4443bb3c5f918545ae 2024-06-06
FileHash-MD5 30e2442555a4224bf15bbffae5e184ee 2024-06-06
FileHash-MD5 318f00b609039588ce5ace3bf1f8d05f 2024-06-06
FileHash-MD5 404bd47f17d482e139e64d0106b8888d 2024-06-06
FileHash-MD5 4b653886093a209c3d86cb43d507a53f 2024-06-06
FileHash-MD5 4d52ea9aa7cd3a0e820a9421d936073f 2024-06-06
FileHash-MD5 7484931957633b796f165061b0c59794 2024-06-06
FileHash-MD5 8b788345fe1a3e9070e2d2982c1f1eb2 2024-06-06
FileHash-MD5 a66cc0139c199b37a32731592fb3ac0b 2024-06-06
FileHash-MD5 a77becccca5571c00ebc9e516fd96ce8 2024-06-06
FileHash-MD5 e0173741b91cabfecd703c20241c1108 2024-06-06
FileHash-MD5 f2e4351aa516a1f2e59ade5d9e7aa1d6 2024-06-06
URL http://dogmupdate.com/rdyjyany 2024-06-06
URL http://dogmupdate.com/yoomzhda 2024-06-06
URL http://flexiblemaria.com/iinkqrwu 2024-06-06
URL http://flexiblemaria.com/umkglnks 2024-06-06
URL http://mylittlecabbage.net/qhsddxna 2024-06-06
URL http://mylittlecabbage.net/xcdttafq 2024-06-06
URL https://jenniferwelsh.com/header.png 2024-06-06
URL https://linktoxic34.com/wp-content/themes/twentytwentytwo/dark.hta 2024-06-06
URL https://www.rockcreekdds.com/wp-content/1.hta 2024-06-06
domain dogmupdate.com 2024-06-06
domain flexiblemaria.com 2024-06-06
domain jenniferwelsh.com 2024-06-06
domain linktoxic34.com 2024-06-06
domain mylittlecabbage.net 2024-06-06
hostname www.rockcreekdds.com 2024-06-06
References (1)
↗ https://asec.ahnlab.com/en/66300/