← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
From South America to Southeast Asia: The Fragile Web of REF7707 — Elastic Security Labs
WHITE CyberHunter_NL 2025-02-14 Modified: 2025-03-16
72
IOCs
HIGH VOLUME
A detailed analysis of the malware used to infiltrate a foreign ministry in South America, as part of a multi-million dollar cyber-attack, reveals details about the operation, the tactics and infrastructure used by the attackers.
finaldraftref7707virustotalguidloadermicrosoftlabspathloadersoutheast asiawindowssecurity labsaugustpowershellsiestagraphmalwareagentpersistencehongfebruaryc:\\windows\\system32\\net1
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
C:\\Windows\\system32\\net1 PATHLOADER FINALDRAFT
Indicators of Compromise (2 / 72 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL https://mrd0x.com/the-power-of-cdb-debugging-tool/ 2025-02-14
URL https://support.vmphere.com 2025-02-14
References (1)
↗ https://www.elastic.co/security-labs/fragile-web-ref7707?utm_source=organic-social&utm_medium=twitter&utm_campaign=esl:_threat_research_esl_blog_post&utm_content=16121679496&linkId=746103721