IOC Radar
TLP:WHITE1 IOC

Malicious PowerShell Script Execution

AP
APOPHIS
Published October 14, 2024Original Report

Threat Actors

Malware Families

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYHiveSandwormINFRASTRUCTUREunknownCAPABILITYHiveVICTIMunknown
Adversary(2)
Infrastructure
Capability(1)
Victim

Attack Flow8 steps · MITRE ATT&CK mapped

Initial AccessTA0001·T1566
1/8
Phishing
ActionUser clicks malicious link
User clicks a malicious link disguised as a system fix, leading to a prompt to run a script.

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise1

TypeIndicatorConfidenceScoreFirst Seen
SHA2566cf1b3a5f0f886f05f1a87c53b83c9e385f7370c7fa058931c9ff8d2a48516c2
file-hashintel-blogmalware
Medium
53
Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph1 total IOCs
SHA256
SHA2561Actors2Malware1REPORTMalicious PowerShell ScripHiveSandwormHive
scroll to zoom · drag to pan · click IOC to open