← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT.
Insikt Group has uncovered new infrastructure and malware associated with GrayAlpha, a cyber threat actor with ties to the financially motivated group FIN7. Specifically, three primary infection vectors have been identified: fake browser updates, malicious 7-Zip download pages, and a traffic distribution system (TDS) known as TAG-124, which had not been linked to GrayAlpha previously. The threat actor employs a new PowerShell loader called PowerNet and an obfuscated variant of FakeBat dubbed MaskBat, both of which facilitate the delivery of the NetSupport Remote Access Trojan (RAT)..
MITRE ATT&CK & Malware Families
Indicators of Compromise (33 / 381 total)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 05d400f4734d2d68af6bb916112f5a19 | MD5 of e580dd04cbe2407ac7ab06d148297231cffbb8f8f986ce1e152383970927bb71 | 2025-06-15 | |
| FileHash-MD5 | 0671bd79586ae06680cfee11753f509e | MD5 of 8719ccdb87c8b2c4e312208bd17a8df42a1683c10bb32699bb415a66f0dbdda0 | 2025-06-15 | |
| FileHash-MD5 | 068d55958d46c01408ca354967b482b7 | MD5 of 81e6adebca376dfbda0484ab4475d0ac76a1e86afe0930e45ab7137cfd378d38 | 2025-06-15 | |
| FileHash-MD5 | 06a6bc8bc98213d770acffb7b28b6abb | MD5 of e145db8668b15278cc55b723df9f296103ef2ea3511d90e2bbb2ffa5291d4ae4 | 2025-06-15 | |
| FileHash-MD5 | 09576ba9ff1933617add7f14e944387b | MD5 of 1f52416232bf57e6cbd8a72335a5f321cf8a571e53b043ee69dc3647d4978844 | 2025-06-15 | |
| FileHash-MD5 | 0c91401af0f77c91d7d2c2d858043cc2 | MD5 of 50b102938d29cc7f61c67da6981545c69f70c7178d009ec1999ee0ddfe81ebba | 2025-06-15 | |
| FileHash-MD5 | 0cb3f8d4df1f2139e45b3a276fa48f25 | MD5 of 0ddce15bea228c65d3b456759de0abc87aa6e805fd6c466347e9b76913a538ce | 2025-06-15 | |
| FileHash-MD5 | 0ec6ce8d2213cc9a7b570fc22e5fce1a | MD5 of d73af3bd70f0f68846920d61fab8836cf8906a2876489801f6e130f4d92aa50d | 2025-06-15 | |
| FileHash-MD5 | 14048ed02214ef052169460340e9a420 | MD5 of acbed908bc3e804ad183f3598dfb379a366f6209462f5fffc77fc9231ae1b048 | 2025-06-15 | |
| FileHash-MD5 | 14c2ce8f3c5856c8415368930bb8c1df | — | 2025-06-15 | |
| FileHash-MD5 | 2d39a5f8bece043c706a3ff6c1c59e9a | MD5 of c8d9270a38a2e6e0659b6b9aab7543add0d1bc521afb51f7dcf68c7426a8d57e | 2025-06-15 | |
| FileHash-MD5 | 318bf7ea84487c8a63a3996e24494455 | MD5 of 184a400fe334027ff287ad0cf83c165fdf4605507c83ec054fb2b544f877163c | 2025-06-15 | |
| FileHash-MD5 | 3a0ef7cf40cc50d47cb956fce8baa456 | MD5 of 2bd6b5cbeddab8b01e14ed4c073afdbd4316340aada77e3e55ba5e1af21652f7 | 2025-06-15 | |
| FileHash-MD5 | 3e390f3b3ca7d3716775f832c93fb1b1 | MD5 of 11464f7ac40e3e5f771dfe19aee3b3d21cf526a11429038ba9de4c9d7e4bb42a | 2025-06-15 | |
| FileHash-MD5 | 42cb39b338f2b1bc94f5ae483b048e30 | MD5 of 9953bbe13394bc6cd88fd0d13ceff771553e3a63ff84dc20960b67b4b9c9e48e | 2025-06-15 | |
| FileHash-MD5 | 5085779e68656455315ca6a46157ab88 | MD5 of b3a95ec7b1e7e73ba59d3e7005950784d2651fcd2b0e8f24fa665f89a7404a56 | 2025-06-15 | |
| FileHash-MD5 | 51feca3c49e7b0323133e85716a28a3a | MD5 of 1d17937f2141570de62b437ff6bf09b1b58cfdb13ff02ed6592e077e2d368252 | 2025-06-15 | |
| FileHash-MD5 | 5fcd76bddd9b41bf5c63ec660d82f977 | MD5 of c6e672b832dcf78490ea8d128f5f8a647274b9b98d851bc36ff07b2d3a0d7ba3 | 2025-06-15 | |
| FileHash-MD5 | 610e029cb014dcec9c079ca11020c333 | MD5 of 4c2f8feced7768f756ac7d4fa633b08fd61f0ba198c860fa4f1093dedbf060d2 | 2025-06-15 | |
| FileHash-MD5 | 663492a2fb33c3c4a5813b880d48f7be | MD5 of 65b601f8154bddd42cb31ce166697335e79f2e713655865bee66654c51e7c1dc | 2025-06-15 | |
| FileHash-MD5 | 6eaa4c8938016293d2153ccd78b473fc | MD5 of 547ef48f46ecfe31ee7edc7bbff0c2406f43d11915bcef84372172873012eacd | 2025-06-15 | |
| FileHash-MD5 | 72b343b03e9197f425e6a918a2c20a47 | MD5 of 1e54b2e6558e2c92df73da65cd90b462dcafa1e6dcc311336b1543c68d3e82bc | 2025-06-15 | |
| FileHash-MD5 | 797992ab276d218d7feb2e6e8b2fd678 | MD5 of f4052e52fed661fd05ea39a5187781ec6c234c5d7ea4ab91cd77f2e1d2c709b5 | 2025-06-15 | |
| FileHash-MD5 | 798aed4d37293ea34448cf0496cfeefa | MD5 of 6b999462e434b258980b1532f5d0c3661646f7bb9567aecdd748f6be10dcb740 | 2025-06-15 | |
| FileHash-MD5 | 99b82bdc2f4559929a3a884aebacd11c | MD5 of 1f38a9e17e5096bca84b6ec87eb5470b2ce4450a6a03b3e41b38dbd91ab281da | 2025-06-15 | |
| FileHash-MD5 | a5685feb1b6c54ba5149ed2f7000f491 | — | 2025-06-15 | |
| FileHash-MD5 | b0fd9705e8f83129f97f9111b03642fe | MD5 of abd4263c97ab33b22f67e581ebb09ec7b98e4084dd32a7eca6502d3737715769 | 2025-06-15 | |
| FileHash-MD5 | b57d2544cb7736d533af1aa07040156b | MD5 of 3869340562136d1d8f11c304f207120f9b497e0a430ca1a04c0964eb5b70f277 | 2025-06-15 | |
| FileHash-MD5 | cdb98412665135775e908564c87d5144 | MD5 of 41c671332b58f92187e32771ed1ba86c1ed256e36f036f74c91cf1aa7db07bc2 | 2025-06-15 | |
| FileHash-MD5 | d4fe37649a9778e80ae9a5a8633d2af4 | MD5 of da43703c733a1b0af183fdb61877b5c15651c21ffcc3a49c6addc83d76c10329 | 2025-06-15 | |
| FileHash-MD5 | ef9de8cc533ce1848588679e61e70b15 | MD5 of d0add7a41b8c78ab0134752665278b9544d417b244a788c620c5da5215b515c0 | 2025-06-15 | |
| FileHash-MD5 | f899781c5239e59fd7d11c9211c08d28 | MD5 of c3ecbc6023bfa170c31eaf7033b68495798e305111ca9f2f203f58b9ec942384 | 2025-06-15 | |
| FileHash-MD5 | ff25441b7631d64afefdb818cfcceec7 | MD5 of 902c9aba42378c40c6c9623bab2326cb8b98fa06cfc0ee0379349055137c9500 | 2025-06-15 |