- Jan 6, 2022
- 443
We found this out in the wild. One of our analysts noted that the file is listed as trusted but further down the execution chain... a malicious DLL is loaded. TA505 is the threat actor behind this threat. This goes to show that not even automatic analyses are perfect. Human + AI is the way.
File Listed As Trusted By Intezer and VT![Check mark button :white_check_mark: ✅](https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/2705.png)
![Goblin :japanese_goblin: 👺](https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f47a.png)
DLL loaded from Encoded PS Script spawned from the MSI suspect file![Biohazard :biohazard: ☣️](https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/2623.png)
![Man scientist :man_scientist: 👨🔬](https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f468-1f52c.png)
File Listed As Trusted By Intezer and VT
![Check mark button :white_check_mark: ✅](https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/2705.png)
![Goblin :japanese_goblin: 👺](https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f47a.png)
DLL loaded from Encoded PS Script spawned from the MSI suspect file
![Biohazard :biohazard: ☣️](https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/2623.png)
![Man scientist :man_scientist: 👨🔬](https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f468-1f52c.png)