Last week we had seen how one of the well-known MSP faced the Cyber attack and the frequent updates on their incident investigation(link, link).

Kaseya has came up with the latest warning of malspam campaign targeting Kaseya customers by posing as a legitimate VSA Security updates. Also, advised the customers not to click on any unknown emails which may contain malicious links / attachments or any phone calls claiming to be Kaseya partners.

As per the recent Tweet by Malware threat intelligence team, they had observed the malspam campaign with the malicious attachment named “SecurityUpdates.exe” which pretends to be a security update for Kaseya Vulnerability released by Microsoft but on disguise it was a cobalt strike payload.

Malware bytes team has also released the IOC’s on this Cobalt Strike payload:

Cobalt Strike Payload: 5de6ec9265f79a31a9845c8a504d28f0

Download URL: http://45.153.241.113/download/pload.exe

Cobalt Strike C2: 31.42.177[.]52

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1

Published by oxytivetech

Leave a Reply

Please log in using one of these methods to post your comment:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s