← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
FINALDRAFT Malware Abuses Outlook for C2 Communications
WHITE Superpro 2025-02-17 Modified: 2025-03-19
72
IOCs
HIGH VOLUME
A newly discovered cyber espionage campaign has been linked to a threat group known as REF7707, which has been targeting government and academic institutions since November 2024. Researchers said the attackers infiltrated a foreign ministry in South America, along with a university and a telecom company in Southeast Asia, using advanced malware with remote access capabilities.
finaldraftref7707virustotalguidloadermicrosoftlabspathloadersoutheast asiawindowssecurity labsaugustpowershellsiestagraphmalwareagentpersistencehongfebruaryc:\\windows\\system32\\net1
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
C:\\Windows\\system32\\net1 PATHLOADER FINALDRAFT
Indicators of Compromise (9 / 72 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
hostname cloud.autodiscovar.com 2025-02-17
hostname digert.ictnsc.com 2025-02-17
hostname ict.ictnsc.com 2025-02-17
hostname pol.vm-clouds.net 2025-02-17
hostname poster.checkponit.com 2025-02-17
hostname support.fortineat.com 2025-02-17
hostname support.vmphere.com 2025-02-17
hostname update.hobiter.com 2025-02-17
hostname www.exploit-monday.com 2025-02-17
References (1)
↗ https://www.elastic.co/security-labs/fragile-web-ref7707