The Evil MSI Background is Back!, (Fri, Jun 5th)
ID: e41ff530-61f0-515e-9e44-73f679ab1d32
STIX ID: report--e41ff530-61f0-515e-9e44-73f679ab1d32
Feed Name: SANS ISC Diary
Threat Score
The report describes an active phishing/malware campaign where an obfuscated JavaScript delivered via a WeTransfer link sets an environment variable with ROT13-encoded PowerShell that fetches a JPEG containing a modified .NET DLL loader; the author provides file hashes and URLs and discusses WMI-based execution and potential steganographic payloads.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.