{
  "name": "Supply Chain Compromise Leads to Trojanized Installers",
  "slug": "supply-chain-compromise-leads-to-trojanized-installers",
  "description": "Rapid7 discovered that installers for Notezilla, RecentX, and Copywhiz hosted on conceptworld[.]com were trojanized to execute information-stealing malware. The malware can steal browser credentials, crypto wallet info, clipboard data, and keystrokes, as well as download additional payloads. Rapid7 disclosed the issue to Conceptworld, who promptly removed the malicious installers.",
  "published": "2024-07-01T09:05:47+00:00",
  "created_at": "2024-07-01T09:05:47+00:00",
  "modified_at": "2024-07-01T09:18:20+00:00",
  "created_at_opencti": "2024-07-01T09:05:47+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-07-01",
    "copywhiz",
    "notezilla",
    "recentx",
    "supply-chain"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "50.2.108.102"
      },
      {
        "id": "",
        "name": "5.180.185.42"
      },
      {
        "id": "",
        "name": "212.70.149.210"
      },
      {
        "id": "",
        "name": "185.137.137.74"
      },
      {
        "id": "",
        "name": "170.130.34.114"
      },
      {
        "id": "",
        "name": "104.206.95.146"
      },
      {
        "id": "",
        "name": "104.140.17.242"
      },
      {
        "id": "",
        "name": "104.206.2.18"
      },
      {
        "id": "",
        "name": "104.206.220.113"
      },
      {
        "id": "",
        "name": "104.206.57.117"
      },
      {
        "id": "",
        "name": "50.2.191.154"
      },
      {
        "id": "",
        "name": "fdc84cb0845f87a39b29027d6433f4a1bbd8c5b808280235cf867a6b0b7a91eb"
      },
      {
        "id": "",
        "name": "ebf2b84ed64629242f8d0abfca73344736205249539474e8f57d1d3dbe8ccc41"
      },
      {
        "id": "",
        "name": "de4e03288071cdebe5c26913888b135fb2424132856cc892baea9792d6c66249"
      },
      {
        "id": "",
        "name": "cdc1f2430681e9278b3f738ed74954c4366b8eff52c937f185d760c1bbba2f1d"
      },
      {
        "id": "",
        "name": "ca6ff18ee006e7ab3cb42fc541b08ce4231dadfab0cce57b1c126db3df9f1297"
      },
      {
        "id": "",
        "name": "bfa99c41aecc814de5b9eb8397a27e516c8b0a4e31edd9ed1304da6c996b4aaa"
      },
      {
        "id": "",
        "name": "a89953915eabe5c4897e414e73f28c300472298a6a8c055fcc956c61c875fd96"
      },
      {
        "id": "",
        "name": "70bce9c228aacbdadaaf18596c0eb308c102382d04632b01b826e9db96210093"
      },
      {
        "id": "",
        "name": "6f49756749d175058f15d5f3c80c8a7d46e80ec3e5eb9fb31f4346abdb72a0e7"
      },
      {
        "id": "",
        "name": "6487a0dc9dfbbaa6557af096178a1361e49762a41500aa03f17df5d3b159bf4e"
      },
      {
        "id": "",
        "name": "33e4d5eed3527c269467eec2ac57ae94ae34fd1d0a145505a29c51cf8e83f1b9"
      },
      {
        "id": "",
        "name": "4df9b7da9590990230ed2ab9b4c3d399cf770ed7f6c36a8a10285375fd5a292f"
      },
      {
        "id": "",
        "name": "2eae4f06f2c376c6206c632ac93f4e8c4b3e0e63eca3118e883f8ac479b2f852"
      },
      {
        "id": "",
        "name": "1fa84b696b055f614ccd4640b724d90ccad4afc035358822224a02a9e2c12846"
      },
      {
        "id": "",
        "name": "048cae10558cddfb2cf0ade25f1101909bba58d0a448e0d78590cc5e64e95127"
      },
      {
        "id": "",
        "name": "03761d9fd24a2530b386c07bf886350ae497e693440a9319903072b93a30c82d"
      }
    ],
    "attack_patterns": [
      {
        "id": "1d0d9e67-eb8a-439c-a2c7-cab311bb25c4",
        "name": "T1195.002"
      },
      {
        "id": "7671fe3e-6a85-463e-928d-16117d2f4f9b",
        "name": "T1059.006"
      },
      {
        "id": "0ca071fb-4f52-4672-b64a-75deff57d874",
        "name": "T1048"
      },
      {
        "id": "40f0d8e3-bcd7-4b97-a958-f55815698fc5",
        "name": "T1053.005"
      },
      {
        "id": "1584b551-72fb-4f60-ba7a-bdac106e6f9b",
        "name": "T1560.001"
      },
      {
        "id": "b7ba0db0-7d4f-436f-8d5f-c431d690b048",
        "name": "T1555.003"
      },
      {
        "id": "6b2e0999-c7e8-4662-94ac-19aa8520ee46",
        "name": "T1059.003"
      },
      {
        "id": "f4a450ef-8297-42e5-9e47-01162138baa2",
        "name": "T1115"
      },
      {
        "id": "16e26db7-7376-40c1-b8a9-23d56c44f7ee",
        "name": "T1571"
      },
      {
        "id": "667462db-9031-48eb-893a-05d35f9330a7",
        "name": "T1056.001"
      },
      {
        "id": "196f2a64-c55b-47a6-8e38-beb76ba700b6",
        "name": "T1204.002"
      },
      {
        "id": "97d377d8-89c7-48f8-a79f-0f48bd60df74",
        "name": "T1005"
      }
    ]
  },
  "external_refs": [
    "https://www.rapid7.com/blog/post/2024/06/27/supply-chain-compromise-leads-to-trojanized-installers-for-notezilla-recentx-copywhiz/",
    "https://otx.alienvault.com/pulse/66828d8b9afa9c9eaaef11d0"
  ]
}