One year later, Rhadamanthys is still dropped via malvertising [Thursday, February 29, 2024]

A recent malvertising campaign is distributing the Rhadamanthys infostealer by impersonating popular software brands in search ads. Clicking the fa...
One year later, Rhadamanthys is still dropped via malvertising [Thursday, February 29, 2024]
One year later, Rhadamanthys is still dropped via malvertising

One year later, Rhadamanthys is still dropped via malvertising

Description :
A recent malvertising campaign is distributing the Rhadamanthys infostealer by impersonating popular software brands in search ads. Clicking the fake ads leads to decoy sites where users are tricked into downloading malware droppers, which retrieve the final payload from a pastebin site.

Published Created Modified
2024-02-29 18:30:12 2024-02-29 18:30:12 2024-02-29 18:58:39

Tags

Indicators

IPv4s : Domains : Malwares :
  • Rhadamanthys
Hashes :
  • birdarid.org/@abcnp.exe
  • e179a9e5d75d56140d11cbd29d92d8137b0a73f964dd3cfd46564ada572a3109
  • yogapets.xyz/@abcmse1.exe
  • 6f4a0cc0fa22b66f75f5798d3b259d470beb776d79de2264c2affc0b5fa924a2
  • 679fad2fd86d2fd9e1ec38fa15280c1186f35343583c7e83ab382b8c255f9e18
MITRE ATT&CK Techniques :

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.