General

  • Target

    http://mirror.ctan.org/systems/texlive/tlnet/install-tl.zip

  • Sample

    250127-zbnxhavjfy

Malware Config

Targets

    • Target

      http://mirror.ctan.org/systems/texlive/tlnet/install-tl.zip

    • Renames multiple (183) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Modifies file permissions

MITRE ATT&CK Enterprise v15

Tasks