Intel Name: Nitrogen campaign drops sliver and ends with blackcat ransomware
Date of Scan: October 1, 2024
Impact: High
Summary: The incident started when a user inadvertently downloaded a malicious version of Advanced IP Scanner from a counterfeit website designed to resemble the legitimate one, using Google ads to achieve a higher search ranking. Analysis of the attack pattern and loader signature indicates that this was part of a Nitrogen campaign, aligning with earlier public reports. The compromised installer was delivered as a ZIP file, which the victim extracted and subsequently ran the embedded executable, leading to the infection.