← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
From South America to Southeast Asia: The Fragile Web of REF7707
WHITE AlienVault 2025-02-12 Modified: 2025-03-14
46
IOCs
MEDIUM VOLUME
While the REF7707 campaign is characterized by a well-engineered, highly capable, novel intrusion set, the campaign owners exhibited poor campaign management and inconsistent evasion practices.
finaldraftref7707guidloaderpathloadersoutheast asiawindowspowershellsiestagraphpersistencelinuxtypo squattingcertutillolbaslolbinscheduled taskremote admin
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
PATHLOADER FINALDRAFT GUILOADER
Indicators of Compromise (5 / 46 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 3eba3860c1983d183a1c984957dc4b6a MD5 of f29779049f1fc2d45e43d866a845c45dc9aed6c2d9bbf99a8b1bdacfac2d52f2 2025-02-12
FileHash-MD5 3fd5aae11b1b05480a5d76119dc6ab2b MD5 of cffca467b6ff4dee8391c68650a53f4f3828a0b5a31a9aa501d2272b683205f9 2025-02-12
FileHash-MD5 764a838236f5dceb3d199059ad36311e MD5 of 83406905710e52f6af35b4b3c27549a12c28a628c492429d3a411fdb2d28cc8c 2025-02-12
FileHash-MD5 77cb2b8cd04aa216fd973f303d7a8529 MD5 of f90420847e1f2378ac8c52463038724533a9183f02ce9ad025a6a10fd4327f12 2025-02-12
FileHash-MD5 a9d0f588f1b0f88c5a5036bc5bf2e09e MD5 of f45661ea4959a944ca2917454d1314546cc0c88537479e00550eef05bed5b1b9 2025-02-12
References (1)
↗ https://www.elastic.co/security-labs/fragile-web-ref7707