Skip to content
.ca
Home
Posts
Engagements
Recaps
IOCs
Detections
About
Search posts and IOCs
sign in
Loading…
indicator
filename
C:\ProgramData\Photoes\Pics\
copy defanged
copy refanged (live)
First seen
2026-05-13
Last seen
2026-05-14
Sightings
1
Posts referencing this indicator
Elastic Security Labs uncovers BRUSHWORM and BRUSHLOGGER
Elastic Security Labs
Main installation folder for the BRUSHWORM backdoor binary (note the misspelling of 'Photos').
2026-05-13
C:\ProgramData\Photoes\Pics\ · filename · cyfar.ca