RDPSoft

Remote Desktop and Terminal Server Software

We Monitor, Manage & Fix RDS, AVD, Citrix and Parallels RAS

powershell.exe or cmd.exe launching immediately after opening the archive.

If you are an IT admin, block the SHA-256 hash of the file across your organization's firewall.

The attack sequence involving this specific file generally follows these steps: 1. Delivery & Lure

Modifies system registries to ensure the malware runs every time the computer starts. ⚠️ Indicators of Compromise (IoCs)

Connects to a remote Command and Control (C2) server to download further instructions or additional malware.

From the RDPSoft Blog

We Do “Single Pane of Glass” Monitoring and Management for RDS

Top Level Deployment Dashboard

Battle.team.rar -

powershell.exe or cmd.exe launching immediately after opening the archive.

If you are an IT admin, block the SHA-256 hash of the file across your organization's firewall. Battle.Team.rar

The attack sequence involving this specific file generally follows these steps: 1. Delivery & Lure powershell

Modifies system registries to ensure the malware runs every time the computer starts. ⚠️ Indicators of Compromise (IoCs) Battle.Team.rar

Connects to a remote Command and Control (C2) server to download further instructions or additional malware.

Reach Out

For fastest response, reach out via our sales and support contact forms.

Sales
US: 1-855-738-8457 x1
Outside the US: 1-702-749-4325 x1

Support
for Evaluators and Priority Support Customers
US: 1-855-738-8457 x2
Outside the US: 1-702-749-4325 x2