“noticed something odd : the genuine installer was only 13mb, while the one we found was a massive 178mb. something was wrong, especially since both suspicious installations connected to the same ssh server using the same username. huntress soc analysts dug deeper and discovered t…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.002Compromise Software Supply Chain
83%
“page, we were able to determine that mlcrodlcom [. ] info was the site responsible for serving our malicious installer. the malicious mlcrodlcom [. ] info website is a direct clone of the original software manufacturer ' s website, with a subtle modification — the download page i…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.002Compromise Software Supply Chain
61%
“when trust becomes a trap : foiling a medical software hack | huntress imagine you ' re trying to install a trusted program, like a medical image viewer, and everything seems fine. but there ' s a twist : hackers have tricked you into downloading a malicious version instead. that…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
51%
“trivial idea of " running it in a safe space, " huntress soc analysts were able to execute both the official microdicom application and the malicious version of the same application and compare the difference in execution between both. on local systems, the malicious version of t…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.002Compromise Software Supply Chain
46%
“interactions with patient healthcare information. the software supply chain is wide in scope, and often - benign applications can be found implementing creative solutions that draw the attention of security analysts. in fact, this application was installed to respond to a common …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1572Protocol Tunneling
32%
“found in the malicious dicom installer, the application forks into the execution of a dropped temporary file, which is responsible for installing openssh as well as the installation and registration of the updatersvc. exe binary. this service represents the primary adversarial fo…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Hackers cloned a legitimate medical image viewer site to distribute malware, but thanks to Huntress, the threat was detected in time. Dive into the incident and see how we uncovered the deception and averted disaster.