- Jan 6, 2022
- 519
We found this out in the wild. One of our analysts noted that the file is listed as trusted but further down the execution chain... a malicious DLL is loaded. TA505 is the threat actor behind this threat. This goes to show that not even automatic analyses are perfect. Human + AI is the way.
File Listed As Trusted By Intezer and VT
DLL loaded from Encoded PS Script spawned from the MSI suspect file
File Listed As Trusted By Intezer and VT
DLL loaded from Encoded PS Script spawned from the MSI suspect file