Kaseya has came up with the latest warning of malspam campaign targeting Kaseya customers by posing as a legitimate VSA Security updates. Also, advised the customers not to click on any unknown emails which may contain malicious links / attachments or any phone calls claiming to be Kaseya partners.
As per the recent Tweet by Malware threat intelligence team, they had observed the malspam campaign with the malicious attachment named “SecurityUpdates.exe” which pretends to be a security update for Kaseya Vulnerability released by Microsoft but on disguise it was a cobalt strike payload.
Malware bytes team has also released the IOC’s on this Cobalt Strike payload:
Cobalt Strike Payload: 5de6ec9265f79a31a9845c8a504d28f0
Download URL: http://188.8.131.52/download/pload.exe
Cobalt Strike C2: 31.42.177[.]52
–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1