← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Fsysna - Privileged Agent Rufus
WHITE msudosos 2026-05-07 Modified: 2026-05-08
431
IOCs
HIGH VOLUME
The adversary exploits the legitimate operational footprint of Rufus to mask Master Boot Record (MBR) manipulation and bypass heuristic defenses. This indicates a well-versed actor utilizing high-integrity tool-masking to maintain stealth.Technical AnalysisSubversion of Security Policies: The artifact targets HKLM\…\SAFER\CODEIDENTIFIERS to enumerate and likely neutralize Software Restriction Policies (SRP).Direct Disk Manipulation: Exploits the utility’s disk-write primitive to establish persistence at the boot layer, bypassing standard OS-level detection.Privileged Discovery: Forces UAC elevation to conduct exhaustive hardware reconnaissance and volume profiling, facilitating environmental awareness.Heuristic Evasion: masquerades as a trusted unsigned binary to exploit the "administrative whitelist" blind spot in signature-based engines.
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (84 / 431 total)
All FileHash-SHA256 domain FileHash-MD5 FileHash-SHA1 IPv4 hostname URL email
TYPEINDICATORDESCRIPTIONCREATED
URL https://help.jetpack.net/ 2026-05-07
URL https://www.jetpack.net/ 2026-05-07
URL https://www.jetpack.net/privacy- 2026-05-07
URL https://www.jetpack.net/privacyIncompatible 2026-05-07
URL https://www.jetpack.net/privacyLegitimate 2026-05-07
URL https://www.jetpack.net/privacyProgress1Controller 2026-05-07
URL https://www.jetpack.net/privacyinstaller-consentw 2026-05-07
URL https://www.jetpack.net/privacyx 2026-05-07
URL http://wiki.gnumed.de 2026-05-07
URL http://fsf.org/ 2026-05-07
URL http://nsis.sf.net/NSIS_Error 2026-05-07
URL http://nsis.sf.net/NSIS_ErrorError 2026-05-07
URL http://www.gnu.org/licenses/ 2026-05-07
URL http://www.gnu.org/licenses/. 2026-05-07
URL http://www.gnu.org/licenses/gpl.html. 2026-05-07
URL http://www.gnu.org/philosophy/why-not-lgpl.html. 2026-05-07
URL http://6.0.0.0 2026-05-07
URL http://halamix2.pl 2026-05-07
URL http://kolibrios.org 2026-05-07
URL http://pcunleashed.com 2026-05-07
URL http://www.syslinux.org 2026-05-07
URL https://axialis.com 2026-05-07
URL http://disallowedcertstl.cab?417366e0bf971c8b 2026-05-07
URL http://disallowedcertstl.cab?ea60bac92e1a97ef 2026-05-07
URL http://7-zip.org 2026-05-07
URL http://code.google.com/p/tortoisegit/\line 2026-05-07
URL http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q 2026-05-07
URL http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t 2026-05-07
URL http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$ 2026-05-07
URL http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$ 2026-05-07
URL http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?417366e0bf971c8b 2026-05-07
URL http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?ea60bac92e1a97ef 2026-05-07
URL http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?262df0c42d992cee 2026-05-07
URL http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?a80950eb4d4d85ad 2026-05-07
URL http://doc.sch130.nsc.ru/www.sysinternals.com/ntw2k/source/fmifs.shtml\line 2026-05-07
URL http://e2fsprogs.sourceforge.net 2026-05-07
URL http://freedos.sourceforge.net/freecom 2026-05-07
URL http://ms-sys.sourceforge.net 2026-05-07
URL http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA177el9ggmWelJjG4vdGL0%3D 2026-05-07
URL http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D 2026-05-07
URL http://processhacker.sourceforge.net/\line 2026-05-07
URL http://s.symcb.com/universal-root.crl0 2026-05-07
URL http://schemas.microsoft.com/SMI/2005/WindowsSettings 2026-05-07
URL http://schemas.microsoft.com/WMIConfig/2002/State 2026-05-07
URL http://svn.reactos.org/svn/reactos/trunk/reactos/include/reactos/libs/fmifs\line 2026-05-07
URL http://svn.reactos.org/svn/reactos/trunk/reactos\line 2026-05-07
URL http://tortoisesvn.net/ 2026-05-07
URL http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0 2026-05-07
URL http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0 2026-05-07
URL http://winscp.net 2026-05-07
URL http://www.busybox.net/\line 2026-05-07
URL http://www.codeguru.com/forum/showthread.php?p=1951973\line 2026-05-07
URL http://www.freedos.org 2026-05-07
URL http://www.gnu.org/software/fdisk\line 2026-05-07
URL http://www.gnu.org/software/grub\line 2026-05-07
URL http://www.gnu.org/software/libcdio\line 2026-05-07
URL http://www.msftconnecttest.com/connecttest.txt 2026-05-07
URL http://www.reactos.org 2026-05-07
URL http://www.ridgecrop.demon.co.uk/index.htm?fat32format.htm\line 2026-05-07
URL http://www.w3.org/2001/XMLSchema-instance 2026-05-07
URL http://x1.c.lencr.org/ 2026-05-07
URL https://akeo.ie 2026-05-07
URL https://d.symcb.com/cps0% 2026-05-07
URL https://d.symcb.com/rpa0. 2026-05-07
URL https://d.symcb.com/rpa0@ 2026-05-07
URL https://github.com/Chocobo1 2026-05-07
URL https://github.com/chenall/grub4dos\line 2026-05-07
URL https://github.com/pbatard/bled\line 2026-05-07
URL https://github.com/pbatard/rufus/blob/master/res/loc/ChangeLog.txt 2026-05-07
URL https://github.com/pbatard/rufus/issues\line 2026-05-07
URL https://github.com/pbatard/uefi-ntfs. 2026-05-07
URL https://github.com/weidai11/cryptopp/\line 2026-05-07
URL https://rufus.akeo.ie/compatibility. 2026-05-07
URL https://rufus.ie 2026-05-07
URL https://rufus.ie/ 2026-05-07
URL https://rufus.ie/files 2026-05-07
URL https://secure.comodo.net/CPS0C 2026-05-07
URL https://sourceforge.net/projects/smartmontools\line 2026-05-07
URL https://www.7-zip.org 2026-05-07
URL https://www.gnu.org/copyleft/gpl.html 2026-05-07
URL https://www.gnupg.org 2026-05-07
URL http://pinrulesstl.cab?262df0c42d992cee 2026-05-07
URL http://pinrulesstl.cab?a80950eb4d4d85ad 2026-05-07
URL http://d301sr5gafysq2.cloudfront.net/d7df821ef1a1/dist/webpack/locales/en.js 2026-05-08