← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT.
WHITE PetrP.73 2025-06-15 Modified: 2025-07-15
381
IOCs
HIGH VOLUME
Insikt Group has uncovered new infrastructure and malware associated with GrayAlpha, a cyber threat actor with ties to the financially motivated group FIN7. Specifically, three primary infection vectors have been identified: fake browser updates, malicious 7-Zip download pages, and a traffic distribution system (TDS) known as TAG-124, which had not been linked to GrayAlpha previously. The threat actor employs a new PowerShell loader called PowerNet and an obfuscated variant of FakeBat dubbed MaskBat, both of which facilitate the delivery of the NetSupport Remote Access Trojan (RAT)..
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (33 / 381 total)
All CIDR FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain email hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 038dc2008fbafba4e086260fffc1372d3ad8b1e2 SHA1 of 65b601f8154bddd42cb31ce166697335e79f2e713655865bee66654c51e7c1dc 2025-06-15
FileHash-SHA1 03b19fd1a41d0d1b55ad653341a05071b48a49ea 2025-06-15
FileHash-SHA1 15940747af57b5a6c2d722c37dc885f45ed665dc SHA1 of 1d17937f2141570de62b437ff6bf09b1b58cfdb13ff02ed6592e077e2d368252 2025-06-15
FileHash-SHA1 1c55e479cd0e64bbeda79758dc2b88679382cc56 SHA1 of 50b102938d29cc7f61c67da6981545c69f70c7178d009ec1999ee0ddfe81ebba 2025-06-15
FileHash-SHA1 216ad95bec4b03957c4d451ea774ba46b18ec4f4 SHA1 of 8719ccdb87c8b2c4e312208bd17a8df42a1683c10bb32699bb415a66f0dbdda0 2025-06-15
FileHash-SHA1 21ce24bd123c9e123dffed7aae334dfb3d40c026 SHA1 of d0add7a41b8c78ab0134752665278b9544d417b244a788c620c5da5215b515c0 2025-06-15
FileHash-SHA1 243ed6b028aeb2c94eeafbffcad193f43b808444 SHA1 of 184a400fe334027ff287ad0cf83c165fdf4605507c83ec054fb2b544f877163c 2025-06-15
FileHash-SHA1 34babd4b6e3f196cb9c1064bceaf350c81a11dca SHA1 of 6b999462e434b258980b1532f5d0c3661646f7bb9567aecdd748f6be10dcb740 2025-06-15
FileHash-SHA1 381b421b49f88e035b274711d315050f83c43e22 SHA1 of 2bd6b5cbeddab8b01e14ed4c073afdbd4316340aada77e3e55ba5e1af21652f7 2025-06-15
FileHash-SHA1 3b46515807a491f366d6e695288398ddab93e53f SHA1 of abd4263c97ab33b22f67e581ebb09ec7b98e4084dd32a7eca6502d3737715769 2025-06-15
FileHash-SHA1 515d9e04e0699dec2aa101691d166aef4d231dde 2025-06-15
FileHash-SHA1 597275867676bb49aac9b8381db0addc4718bc12 SHA1 of e580dd04cbe2407ac7ab06d148297231cffbb8f8f986ce1e152383970927bb71 2025-06-15
FileHash-SHA1 5cc8837f0f87f71c5551c009a69fa12daf3254d4 SHA1 of 11464f7ac40e3e5f771dfe19aee3b3d21cf526a11429038ba9de4c9d7e4bb42a 2025-06-15
FileHash-SHA1 68c20ea201ebf82aa721f75c8884bfde6c7083d7 SHA1 of 1e54b2e6558e2c92df73da65cd90b462dcafa1e6dcc311336b1543c68d3e82bc 2025-06-15
FileHash-SHA1 6d878962e770856cac885deeff5fd75b00a02605 SHA1 of c6e672b832dcf78490ea8d128f5f8a647274b9b98d851bc36ff07b2d3a0d7ba3 2025-06-15
FileHash-SHA1 71babd331be91acc43df85ed35f3a4e9746b59be SHA1 of d73af3bd70f0f68846920d61fab8836cf8906a2876489801f6e130f4d92aa50d 2025-06-15
FileHash-SHA1 8287f3a900438185a6faa2c106cf05d4a20df1b9 SHA1 of 3869340562136d1d8f11c304f207120f9b497e0a430ca1a04c0964eb5b70f277 2025-06-15
FileHash-SHA1 8448f344c3e05d70506899859cf61ba47bb906f2 SHA1 of 902c9aba42378c40c6c9623bab2326cb8b98fa06cfc0ee0379349055137c9500 2025-06-15
FileHash-SHA1 94f1cb1ca20f30f4ccbf7164d4de2a2c2effa298 SHA1 of acbed908bc3e804ad183f3598dfb379a366f6209462f5fffc77fc9231ae1b048 2025-06-15
FileHash-SHA1 99cfbecaebc79e723603997fb2102363319103eb SHA1 of f4052e52fed661fd05ea39a5187781ec6c234c5d7ea4ab91cd77f2e1d2c709b5 2025-06-15
FileHash-SHA1 9d55e811553bd8a7dba352a30e5aee0a90f9a118 SHA1 of da43703c733a1b0af183fdb61877b5c15651c21ffcc3a49c6addc83d76c10329 2025-06-15
FileHash-SHA1 9efd1954430f98554f60a58eaf76dcabfddb7fbd SHA1 of c8d9270a38a2e6e0659b6b9aab7543add0d1bc521afb51f7dcf68c7426a8d57e 2025-06-15
FileHash-SHA1 af34b30695539f108741648a1fce012bdf81cc75 SHA1 of 1f38a9e17e5096bca84b6ec87eb5470b2ce4450a6a03b3e41b38dbd91ab281da 2025-06-15
FileHash-SHA1 b5fcf5d6bf770cca52d7cb1e9423fa89c50a0d27 SHA1 of 1f52416232bf57e6cbd8a72335a5f321cf8a571e53b043ee69dc3647d4978844 2025-06-15
FileHash-SHA1 b6c6a400435f6121ce94694702dfec51f16c6085 SHA1 of b3a95ec7b1e7e73ba59d3e7005950784d2651fcd2b0e8f24fa665f89a7404a56 2025-06-15
FileHash-SHA1 c641aa50bc40c3fd1e74ed8dc85e6b7019560389 SHA1 of 81e6adebca376dfbda0484ab4475d0ac76a1e86afe0930e45ab7137cfd378d38 2025-06-15
FileHash-SHA1 cdd606e1955704796dec7e581b9ce30c5fdf1757 SHA1 of c3ecbc6023bfa170c31eaf7033b68495798e305111ca9f2f203f58b9ec942384 2025-06-15
FileHash-SHA1 d002071bd7dbe9ef91a843b87a56c156837015f1 SHA1 of 4c2f8feced7768f756ac7d4fa633b08fd61f0ba198c860fa4f1093dedbf060d2 2025-06-15
FileHash-SHA1 d044e629b6c0bafa9b312ab6c7f00cbcaa37b8a0 SHA1 of 547ef48f46ecfe31ee7edc7bbff0c2406f43d11915bcef84372172873012eacd 2025-06-15
FileHash-SHA1 d21b17f6ec5196c4ce3cad44ca24856b99874793 SHA1 of 41c671332b58f92187e32771ed1ba86c1ed256e36f036f74c91cf1aa7db07bc2 2025-06-15
FileHash-SHA1 d42cad9e12c144c243614210b12f5042aa39c35e SHA1 of 9953bbe13394bc6cd88fd0d13ceff771553e3a63ff84dc20960b67b4b9c9e48e 2025-06-15
FileHash-SHA1 e2c98ad43b3b0325bb019e4abae20aa877824dd6 SHA1 of 0ddce15bea228c65d3b456759de0abc87aa6e805fd6c466347e9b76913a538ce 2025-06-15
FileHash-SHA1 f844e720dd766f9acf89fb92434ec6e75adce09b SHA1 of e145db8668b15278cc55b723df9f296103ef2ea3511d90e2bbb2ffa5291d4ae4 2025-06-15
References (1)
↗ https://go.recordedfuture.com/hubfs/reports/cta-2025-0613.pdf