← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
From South America to Southeast Asia: The Fragile Web of REF7707
WHITE AlienVault 2025-02-12 Modified: 2025-03-14
46
IOCs
MEDIUM VOLUME
While the REF7707 campaign is characterized by a well-engineered, highly capable, novel intrusion set, the campaign owners exhibited poor campaign management and inconsistent evasion practices.
finaldraftref7707guidloaderpathloadersoutheast asiawindowspowershellsiestagraphpersistencelinuxtypo squattingcertutillolbaslolbinscheduled taskremote admin
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
PATHLOADER FINALDRAFT GUILOADER
Indicators of Compromise (5 / 46 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 2fdea656bf50277c8d728e1a005bf1e5157c68d0 SHA1 of 83406905710e52f6af35b4b3c27549a12c28a628c492429d3a411fdb2d28cc8c 2025-02-12
FileHash-SHA1 465f35c8a865b5904474bef9be163e680549f360 SHA1 of cffca467b6ff4dee8391c68650a53f4f3828a0b5a31a9aa501d2272b683205f9 2025-02-12
FileHash-SHA1 549c567cd32a562eaba15fe17ba71ce68cf0228c SHA1 of f29779049f1fc2d45e43d866a845c45dc9aed6c2d9bbf99a8b1bdacfac2d52f2 2025-02-12
FileHash-SHA1 57868094d1ff07648505e212112444677e4ee9dd SHA1 of f90420847e1f2378ac8c52463038724533a9183f02ce9ad025a6a10fd4327f12 2025-02-12
FileHash-SHA1 a1376a0760c0c327c2ff370cecdf755dfa53eca5 SHA1 of f45661ea4959a944ca2917454d1314546cc0c88537479e00550eef05bed5b1b9 2025-02-12
References (1)
↗ https://www.elastic.co/security-labs/fragile-web-ref7707