[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f007zpUGS4g8t2iGre5rWuuVwwxYNGGQD4KukOempz8k":3},{"lesson":4},{"id":5,"slug":6,"article_id":7,"title":8,"body":9,"prevention":10,"framework_refs":11,"status":17,"created_at":18,"published_at":19,"article":20,"tags":23},"090630d8-7d0d-4443-8fea-18147b7851ed","malware-disguised-as-legitimate-docusign-installer","762364d2-41e7-4c98-8e97-8c3cc9a5f8af","Malware Disguised as Legitimate DocuSign Installer","Cybercriminals are distributing malware disguised as \"DocusignSetup.exe,\" exploiting users' trust in the legitimate DocuSign brand. This social engineering tactic relies on users downloading and executing what appears to be official software from a trusted business application provider. Such attacks succeed because users often don't verify the authenticity of software downloads, especially when they mimic well-known brands. Organizations must educate employees about verifying software sources and implementing controls to prevent unauthorized software installation.","**Immediate actions:**\n- Block execution of the identified malicious hash across all endpoints\n- Conduct emergency security awareness communication about this specific threat\n- Verify all recent DocuSign-related software installations in the environment\n\n**Long-term improvements:**\n- Implement application whitelisting to prevent unauthorized software execution\n- Establish mandatory software download procedures requiring IT approval\n- Deploy endpoint detection and response tools to identify suspicious executables\n\n**Training measures:**\n- Conduct regular phishing simulations using software impersonation scenarios\n- Train users to verify software authenticity through official vendor channels\n- Establish clear reporting procedures for suspicious software installation requests",[12,13,14,15,16],"CIS Control 2","CIS Control 14","NIST SC-18","NIST AT-2","NIST SI-3","published","2026-06-12T11:20:23.10056+00:00","2026-06-12T11:20:22.939+00:00",{"id":7,"url":21,"title":22},"https:\u002F\u002Fx.com\u002Fmalwrhunterteam\u002Fstatus\u002F2065377570804179120","And @smica83 uploaded that \"DocusignSetup.exe\" sample to Bazaar: https:\u002F\u002Ft.co\u002FTbCKFuHU0F",[24,30],{"id":25,"name":26,"slug":27,"description":28,"color":29},"7261eb8f-acd4-4d93-a489-7fdd652ec0ea","Security Awareness","security-awareness","Phishing, social engineering, human error","#22c55e",{"id":31,"name":32,"slug":33,"description":34,"color":35},"f0c2a0af-58aa-4128-87c9-6acd30f2dc48","Supply Chain","supply-chain","Third-party risk, compromised dependencies","#8b5cf6"]