Multiple Malware Dropped Through MSI Package, (Wed, Aug 14th)
SANS Internet Storm Center, InfoCON: green 2024-08-14
Summary:
One of my hunting rules hit on potentially malicious PowerShell code. The file was an MSI package (not an MSIX, these are well-known to execute malicious scripts[1]). This file was a good old OLE package: