indicatorfilename
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\msbuild.exe
- First seen
- 2026-05-13
- Last seen
- 2026-05-13
- Sightings
- 2
Posts referencing this indicator
- TeamPCP Compromises Telnyx Python SDK to Deliver Credential-Stealing Malware
Windows persistence binary dropped by the malware, masquerading as Microsoft Build Engine.
- TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM
Malicious PE executable dropped for boot persistence on Windows, masquerading as a legitimate Microsoft tool.