Detect malicious activity linked to the FIN7-affiliated GrayAlpha group, which employs diverse infection vectors to deploy PowerNet Loader, NetSupport RAT, and MaskBat Loader using a set of Sigma rules in the SOC Prime Platform. socprime.com/blog/detect-gra… #CybersecurityNews

GrayAlpha employs diverse infection vectors using custom loaders PowerNet and MaskBat to deploy NetSupport RAT. Highlights include new infrastructure and the importance of robust detection and employee training. 🚨 #GrayAlpha #FIN7 #US ift.tt/h0saYo7

GrayAlpha deploys PowerNet and MaskBat — custom loaders that deliver NetSupport RAT across a triad of attack vectors: fake browser updates, fake 7-Zip sites, and TAG-124 TDS infrastructure. The operation is layered, adaptive, and resilient.

3/ A second loader, named #MaskBat, was also observed. It shares traits with FakeBat but is notably more obfuscated and contains distinct string artifacts linked to GrayAlpha.

So he will wear a maskbat COP26 but NOT when visiting a Hospital!. #BorisJohnsonOut #ToriesUnfitToGovern

🦄maskBATブローチ…¥1100 🦄onedite pleasureヘアクリップ…¥1300 🦄らむねべあヘアクリップ…¥900 🦄らむねべあリング…¥900 ハロウィン限定作品たちです🖤

一点物が多いですが、こちらは複数出品しています💁🏼‍♀️ 💚こんどろいちんネックレス…2個 🦇maskBATブローチ…3個 🧸らむねべあヘアクリップ …4個 🧸らむねべあリング…2個

まさにゃんはいったいどこへ進化しようとしているのか？数年前はコウモリと融合しMASKbat(マスクバット)へ、そしてまさにゃんはとうとう妖怪になりました！