indicatorfilename
C:\ProgramData\Photoes\Pics\
- First seen
- 2026-05-13
- Last seen
- 2026-05-14
- Sightings
- 1
Posts referencing this indicator
- Elastic Security Labs uncovers BRUSHWORM and BRUSHLOGGER
Main installation folder for the BRUSHWORM backdoor binary (note the misspelling of 'Photos').