Uncovering Suspicious Download Pages Linked to App Installer Abuse
Several financially motivated threat actors were seen abusing Microsoft’s App Installer, likely in an effort to distribute ransomware.
Building on the list of domains and subdomains tagged as IoCs,1 WhoisXML API researchers found more than 1,100 potential artifacts comprising: