← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Malvertising Campaign Leads to Execution of Oyster Backdoor
WHITE AlienVault 2024-06-24 Modified: 2024-07-24
14
IOCs
MEDIUM VOLUME
Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and Microsoft Teams.
microsoft teamspython scriptlnk filetemp directoryjsonhttp postmalwaremaliciouspersistenceschtaskspowershellexecutionoyster main
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Oyster Main
Indicators of Compromise (14)
All domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
domain retdirectyourman.eu 2024-06-24
FileHash-MD5 08822f57c12416bc3e74997c473d1889 2024-06-24
FileHash-MD5 445c442696fa267686b6b6f6c6443444 2024-06-24
FileHash-MD5 445c442696fa76f696cecea6ce443444 2024-06-24
FileHash-SHA1 50b0b6f6c674a646a6b6f6164ea66ea64ea616ee 2024-06-24
FileHash-SHA256 574c70e84ecdad901385a1ebf38f2ee74c446034e97c33949b52f3a2fddcd822 2024-06-24
FileHash-SHA256 82b246d8e6ffba1abaffbd386470c45cef8383ad19394c7c0622c9e62128cb94 2024-06-24
FileHash-SHA256 9601f3921c2cd270b6da0ba265c06bae94fd7d4dc512e8cb82718eaa24accc43 2024-06-24
FileHash-SHA256 cfc2fe7236da1609b0db1b2981ca318bfd5fbbb65c945b5f26df26d9f948cbb4 2024-06-24
domain impresoralaser.pro 2024-06-24
domain micrsoft-teams-download.com 2024-06-24
domain prodfindfeatures.com 2024-06-24
domain supfoundrysettlers.us 2024-06-24
domain whereverhomebe.com 2024-06-24
References (1)
↗ https://www.rapid7.com/blog/post/2024/06/17/malvertising-campaign-leads-to-execution-of-oyster-backdoor/