Jérôme SeguraMalicious WinSCP installer distributed via Google ad (#malvertising).
Cloaking ad domain: putmastering[.]com
Fake WinSCP site:
winscpn[.]com
C2 callbacks:
104.234.10[.]207:7931/itrdd/kcrs/file1.txt
104.234.10[.]207:7931/itrdd/kcrs/file2.txt
Malicious WinSCP installer distributed via Google ad (#malvertising).
Cloaking ad domain: putmastering[.]com
Fake WinSCP site:
winscpn[.]com
C2 callbacks:
104.234.10[.]207:7931/itrdd/kcrs/file1.txt
104.234.10[.]207:7931/itrdd/kcrs/file2.txt