← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Malvertising Campaign Leads to Execution of Oyster Backdoor | Rapid7 Blog
WHITE Armature_TIP 2025-02-22 Modified: 2025-03-24
30
IOCs
MEDIUM VOLUME
Find out more about Rapid7 Labs, the company behind the Take Command Summit, and its partnership with the Boston Bruins, which will be held in the US on 9 May 2017, at the same time.
managed detection and response (mdr)detection and responseemergent threat responseincident responsemicrosoft teamsrapid7python scriptlnk filedomaintemp directoryjsonhttp postfiledisplaynamevirustotalbroomstickfebruarytwittermalwarecodemaliciouspersistenceschtaskspowershellexecutionoyster maintestfull postdetectionresponseattackmetasploitcookie
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Oyster Main
Indicators of Compromise (30)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 CVE URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 3783c137efc90636f367351069121f41 MD5 of 574c70e84ecdad901385a1ebf38f2ee74c446034e97c33949b52f3a2fddcd822 2025-02-22
FileHash-MD5 7121d0e9fdd9fa23acfea6b4939c2a65 MD5 of 82b246d8e6ffba1abaffbd386470c45cef8383ad19394c7c0622c9e62128cb94 2025-02-22
FileHash-MD5 b48ab98dd6a5145a64a8eb318a04aa85 MD5 of cfc2fe7236da1609b0db1b2981ca318bfd5fbbb65c945b5f26df26d9f948cbb4 2025-02-22
FileHash-MD5 e0efcd15daaa87d864f56c803156ae43 MD5 of 9601f3921c2cd270b6da0ba265c06bae94fd7d4dc512e8cb82718eaa24accc43 2025-02-22
FileHash-SHA1 2ba711b82a855c4e717fe9d629485340d2f3b0fd SHA1 of cfc2fe7236da1609b0db1b2981ca318bfd5fbbb65c945b5f26df26d9f948cbb4 2025-02-22
FileHash-SHA1 5327dd70591fd8687b5514c44c3604d1728f909e SHA1 of 9601f3921c2cd270b6da0ba265c06bae94fd7d4dc512e8cb82718eaa24accc43 2025-02-22
FileHash-SHA1 c31f6d3532af5b11b45878bb394ab323842da231 SHA1 of 574c70e84ecdad901385a1ebf38f2ee74c446034e97c33949b52f3a2fddcd822 2025-02-22
FileHash-SHA1 de691aa96f28c9da2179d8d683cb5f6c50528900 SHA1 of 82b246d8e6ffba1abaffbd386470c45cef8383ad19394c7c0622c9e62128cb94 2025-02-22
FileHash-SHA256 574c70e84ecdad901385a1ebf38f2ee74c446034e97c33949b52f3a2fddcd822 2025-02-22
FileHash-SHA256 82b246d8e6ffba1abaffbd386470c45cef8383ad19394c7c0622c9e62128cb94 2025-02-22
FileHash-SHA256 9601f3921c2cd270b6da0ba265c06bae94fd7d4dc512e8cb82718eaa24accc43 2025-02-22
FileHash-SHA256 cfc2fe7236da1609b0db1b2981ca318bfd5fbbb65c945b5f26df26d9f948cbb4 2025-02-22
CVE CVE-2025-0282 2025-02-22
FileHash-MD5 08822f57c12416bc3e74997c473d1889 2025-02-22
FileHash-MD5 445c442696fa267686b6b6f6c6443444 2025-02-22
FileHash-MD5 445c442696fa76f696cecea6ce443444 2025-02-22
FileHash-SHA1 50b0b6f6c674a646a6b6f6164ea66ea64ea616ee 2025-02-22
URL http://impresoralaser.pro/ 2025-02-22
URL http://micrsoft-teams-download.com/ 2025-02-22
URL http://prodfindfeatures.com/ 2025-02-22
URL http://retdirectyourman.eu/ 2025-02-22
URL http://supfoundrysettlers.us/ 2025-02-22
URL http://whereverhomebe.com/ 2025-02-22
URL https://micrsoft-teams-download.com/ 2025-02-22
domain impresoralaser.pro 2025-02-22
domain micrsoft-teams-download.com 2025-02-22
domain prodfindfeatures.com 2025-02-22
domain retdirectyourman.eu 2025-02-22
domain supfoundrysettlers.us 2025-02-22
domain whereverhomebe.com 2025-02-22
References (1)
↗ https://www.rapid7.com/blog/post/2024/06/17/malvertising-campaign-leads-to-execution-of-oyster-backdoor/