| Malware December |
| Malware November |
| Malware October |
| Malware September |
| Malware August |
| Malware July |
| Malware June |
| Malware May |
| Malware April |
| Malware March |
| Malware February |
| Malware January |
| Strike ID | Malware | Platform | Info | MD5 | External References |
|---|---|---|---|---|---|
| M19-lmb02 | Zbot_7244acd1 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | 7244acd1054894f2a9b8c191d65572d2 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 522ce96681db4ef5d4731a8cf2007e7a46e650fc2f547f88d492700970b6af61 87cf2ca1c3211dec63bc96d4c54f252876cddd37 7244acd1054894f2a9b8c191d65572d2 |
| M19-x7801 | LokiBot_5662c896 | Windows | This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 5662c896fd126f65a2f8c1712ffab6d2 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 4b4ba6c0f8cbadc871bcc6b3e175a569fe292973499bbf239aaaff7e75495888 2a2e52f4b677f2f596d218204e87ebd5989c0182 5662c896fd126f65a2f8c1712ffab6d2 |
| M19-j0g01 | Cerber_a88abeb7 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | a88abeb7892ccbbc01acf10522d6ee58 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html bbd6aadc606953b27f5592a2da7909949616b81b4f767ded89119644a71d2dd7 d51ea82d102c564f1f6736e90c33072a1d6fc48e a88abeb7892ccbbc01acf10522d6ee58 |
| M19-ly901 | Gh0stRAT_ba0e8096 | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | ba0e80964a1ad3eeab4797ac584660b6 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 019f88e9cc8c503c1ac8c6054beb978b445922cf5857f347bc8b2193a0592e82 f16a91767c04d1801ab6144650bda5374b133be6 ba0e80964a1ad3eeab4797ac584660b6 |
| M19-4mf01 | Zbot_65a948ef | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | 65a948efcabc918042742355db7dc7c6 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 5409660ef23234d04ad204cb3791a96b3895286e258be036bfb43410e1dca08f a6f037e468b1f1fe43dacea411bf93834ac3659b 65a948efcabc918042742355db7dc7c6 |
| M19-ugj01 | Zbot_dc747dd1 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | dc747dd13de392a93caa66b9d45e0861 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 2ccfd0f36677f438ff1120f21d6e5929d91531fd965dda6232ddd6de7a0c52d9 a00141eb0334ddc2d05b0d0c7ee4f48112d0ce6d dc747dd13de392a93caa66b9d45e0861 |
| M19-gkd01 | LokiBot_a63db4ee | Windows | This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | a63db4ee8940ebef98b9f32990324e44 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 32f8e0daef5bb91fb0908277ad5f5d2c97398a64a8c9ff60611a103ba0d5004f 81a3ab91b1b78a25b32114d4a07b39686535fb05 a63db4ee8940ebef98b9f32990324e44 |
| M19-8rg01 | Cerber_be75eb2e | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | be75eb2ef919c60c4b07f9b6a105ac34 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html efda569c35853456630d1e2fa27973aeb6386338f163ca0f60e3fbb4643a5b87 d1b7745dfa2916cbaf627d9eec59f30d57b99ee7 be75eb2ef919c60c4b07f9b6a105ac34 |
| M19-b2r01 | LokiBot_8bdea89b | Windows | This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 8bdea89b97d19ae66c0eea7cfe2a7b86 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html bb71b57a4cbf596fb6978df0e6fbdfbbbdebec8d182a62c6ecfbaa5261117aba 5a9c73bf8d2b21ac21a1767788ab3d0b1fb7eaef 8bdea89b97d19ae66c0eea7cfe2a7b86 |
| M19-hh601 | Netwire_300719cc | Windows | This strike sends a malware sample known as Netwire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | 300719ccf950bb81bae2c6595ba9198b | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html ea34a08deaac08c7f79e6cd2e94a74ad5b0c95dec43f81e0a218d957088b8f10 1570046ac7707279d30c06a65b041afbce073c37 300719ccf950bb81bae2c6595ba9198b |
| M19-8hb01 | Netwire_54d0b496 | Windows | This strike sends a malware sample known as Netwire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | 54d0b496a37d2670295d7e4965bee28f | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 79aa89119d9e26dc366a7af72d47c323168d2ad881bca31e9075a41f5ce081f2 cbb3de5fb8bb63a915dd52cd01a90607c65d897a 54d0b496a37d2670295d7e4965bee28f |
| M19-q5001 | Zbot_0134ac69 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | 0134ac69f5736122b46a5b53a08ef5d9 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html b22e02f4a2e6a2deabbc8ed5c7ff7d30c07c43d80e8d9d50ca1c85724a008619 888d1bf89202db482affd9aed1e945aade6ae6ca 0134ac69f5736122b46a5b53a08ef5d9 |
| M19-c0n01 | LokiBot_b0277e5e | Windows | This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | b0277e5e3890a477ba333adba35348a5 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html cbb00a83c374bcca6a2bf0cbfabaf1f5c655d9cb046437225bbbd04988f22811 c2342294a99bf20054f3d8c3d61b24718c1b16a1 b0277e5e3890a477ba333adba35348a5 |
| M19-hdh01 | Zbot_340cc3d9 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | 340cc3d974503bd7cab46d45487c62b5 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 072bcc63bca4fa1946c71a3f9562a6d76af8fd1a5034132e2befbbde9aba9c98 fa039becfbc28c67321fd045d498ee56f4c709e1 340cc3d974503bd7cab46d45487c62b5 |
| M19-j2j01 | LokiBot_5bd5e2f4 | Windows | This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 5bd5e2f4a4901bb3cec38ca3c8f5cd47 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 46646d0f2e8e990abe331586d98fe95a61dc40d7cb2c05144a09fd8b956f7526 a24ce20ae29ca92de9187de86219522fe7235a90 5bd5e2f4a4901bb3cec38ca3c8f5cd47 |
| M19-hqw01 | Tofsee_ea690dc3 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | ea690dc3b862976ef7042e37dd7823d9 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 74ac087c43dc71971fddc1d65b4586b57d4b6ec6182914d0d176722a3a70b4bc aa9eccd13714bded2116c787c59a894d29d927b0 ea690dc3b862976ef7042e37dd7823d9 |
| M19-ug802 | Cerber_d5f9142e | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | d5f9142eb6cf9ac3fe15ca8cab636f9b | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html ce2b0b2037810060edbf86fc7ac78c5e0d4771b79181e39718498b02195e3642 cdfb35d9283c5990a91cd041862c4f18a5752a5c d5f9142eb6cf9ac3fe15ca8cab636f9b |
| M19-qeg01 | LokiBot_dea7bb26 | Windows | This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | dea7bb26593416dcb5d3d0b87ac25df9 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 2a3ad80cfac1cd63eeba8f7d8019df51df16e22ef34d2826d0aba9a56cff5c60 270053d62e8b91f1a9c6e20541caa12c5869c952 dea7bb26593416dcb5d3d0b87ac25df9 |
| M19-iu801 | Zbot_76402b51 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | 76402b51d119b20b12c3662da133c6da | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 59b94ae4bdf3a3f4291e67e73316632b73a369391fbed4d8f3259d0ff0dc5468 7fea26a86492dec96bf0696dccbeee86993a5cd3 76402b51d119b20b12c3662da133c6da |
| M19-atl01 | Emotet_1c1dd6b2 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 1c1dd6b299ed49d392450272e23fab5b | 81fc2cb7ae6b7006b185b89427136ab8a520cbd687d0bbb5f1fc31b1a1c0f4ba 600f8e1908fd27dff29a080c42a5cb7b1671f39e 1c1dd6b299ed49d392450272e23fab5b |
| M19-of401 | Netwire_aa380355 | Windows | This strike sends a malware sample known as Netwire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | aa38035579a2c71fa1c98ec615695350 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html b18a45a4345f442efcc02d6efb9110b9e35bb98fac4613c83a39fecbee78aaa4 0a62fa2e006cab0069be815961f13987c399163f aa38035579a2c71fa1c98ec615695350 |
| M19-f7t01 | Gh0stRAT_3ee263db | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | 3ee263db3034bc07a6544830d4a77114 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 14b65331773ad534dada9c7b055e34a1e6ab2a54f3d8eec4d1da6298f0477c71 575c1ee3986c5e21cd33e4df0012cd505b82c1f2 3ee263db3034bc07a6544830d4a77114 |
| M19-wqv01 | Tofsee_a9c05e58 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | a9c05e58b652f0f13a38c21d9ab74eda | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 30cadaa9bbf5f83ebad9e4738db169bacca7f78b4ae4256cc326533099dd64c2 37aa5bb26af5803d1b7c285923b79e33c9f86408 a9c05e58b652f0f13a38c21d9ab74eda |
| M19-6sw01 | Zbot_7dc622da | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | 7dc622da0f45e3bd386aa0d01053dd5f | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html a807970fdd58b833a23e0c8b611a17ea5448399336f3ec0a3ecd5036486c0b08 c3403820f519bbdc8c4760c0db61c83241263439 7dc622da0f45e3bd386aa0d01053dd5f |
| M19-4vw01 | LokiBot_921a4d77 | Windows | This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 921a4d771ff80ff010cc85630bb68864 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 2eee4a29498a0d25c8d53e306c3b2414b839363992364cabbbe3fe2fd46caa9c ecf4388471dd3a63aeebed63d4363b0adac76cca 921a4d771ff80ff010cc85630bb68864 |
| M19-3k101 | ZeroCleare_33f98b61 | Windows | This strike sends a malware sample known as ZeroCleare. This strike sends a sample known as ZeroCleare. ZeroCleare is a destructive malware believed to be created by Iranian nation state hackers to target energy companies in the Middle East. The malware is considered a wiper that was created to delete data from the victim in an attempt to keep it from carrying out normal functions. | 33f98b613b331b49e272512274669844 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 2fc39463b6db44873c9c07724ac28b63cdd72f5863a4a7064883e3afdd141f8d cc99395963de6da81dac96929a8e234c8415714a 33f98b613b331b49e272512274669844 |
| M19-hdx01 | Zbot_4e196c2e | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | 4e196c2ec18394a367384fa171d56c28 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 37403ce75f4908eb2e823a4e8c56c410e57441dde38c022819521a7fc3358701 0ad3a46653fca021420c7646c55c41fac8c1454b 4e196c2ec18394a367384fa171d56c28 |
| M19-lz601 | Emotet_b4e505a3 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | b4e505a3113e0d9ee9219bb0d670ba1a | 83fe7400534e8efcc5cec209b9b2835d61be0d88914bbfd6495fb675378aa2dd a88cb39cb5d30d8d4b1c5c6141f891c1ff83453a b4e505a3113e0d9ee9219bb0d670ba1a |
| M19-5vv01 | Netwire_43952d0b | Windows | This strike sends a malware sample known as Netwire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | 43952d0bd21d808144d0044273d52af5 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 3cf7e6a7776e15f8c01bde5788e5e7dbbe25beb37e977abe38b3b4cb256c3ec3 b9daed8349b43ca7631e1884814874c3752b0831 43952d0bd21d808144d0044273d52af5 |
| M19-j2n02 | Tofsee_982d5ac3 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 982d5ac378540ac0351b8adf9325e9e4 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html eaf18fa3b771523ea252436b6dd15d1c2e0d6f93a17f5a861251dbc38f0cf951 cfa4f8075e6cad8bc6f462317cc840c258932620 982d5ac378540ac0351b8adf9325e9e4 |
| M19-k9b01 | Zbot_9e6f1b27 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | 9e6f1b27f18ed480ea50bfd1f21d9194 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html f50b78d0ffed37ecbab524a44b4606ab7246711b3487af0a17343fb5fc93ffba 7883a6199b514d724183aecfde87ca24e3a9abb4 9e6f1b27f18ed480ea50bfd1f21d9194 |
| M19-au601 | Gh0stRAT_65bea256 | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | 65bea256272d171f9f3bc720fa0ef8e8 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 1035eeb50c81c381f7b2909d062fb6d51d9e6ddc8c68478a3ef67d7b4a67b0f6 5ca188b0ea8f02734ffaf26cf78917610e490415 65bea256272d171f9f3bc720fa0ef8e8 |
| M19-ex701 | Gh0stRAT_df966b26 | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | df966b268cbc8b0304ec99a9f5f25bac | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 00275609032024a2a413b2697b6763c964a5eeb54709ae803b68d5a77d1b46a4 ab7b08760289ca9d193d76e52a13528038ad55ba df966b268cbc8b0304ec99a9f5f25bac |
| M19-vwp01 | LokiBot_e2c85fb0 | Windows | This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | e2c85fb028d6d07b0d74f4e3ee8ce4f6 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html ebe841b611a116cee961119df457aaa5f8b5ada4dc6e93381d59d2bb12bdf522 f85fb6955f4473c7540c940f9aa9982026b07aeb e2c85fb028d6d07b0d74f4e3ee8ce4f6 |
| M19-zul01 | Netwire_a7fd6f08 | Windows | This strike sends a malware sample known as Netwire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | a7fd6f083a56c84da2fe5c2da265805b | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 6485a616654adee2d573a983c687a8d8ea3d126dfbf86df3a065c5e7846bd57b 32e4969e0c28df0cf986a3ff9eb1d5424f538073 a7fd6f083a56c84da2fe5c2da265805b |
| M19-fl501 | LokiBot_ed190ded | Windows | This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | ed190ded03785d32be51edc23f48ac5c | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html df289130d1adda822989a8255dcd2a417ad0a8f19d753dd9ebdaf78a13e3bf7e fec0bf0b8d3c1e5f9af0591337928c7b4c16affa ed190ded03785d32be51edc23f48ac5c |
| M19-r0h01 | Netwire_fb99276d | Windows | This strike sends a malware sample known as Netwire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | fb99276db0a1804ba0faabcbd33e212b | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html de8be762d85eb4014992a174acd115de70b89884d21933d7e972e6d4972904fe 3113684a585703d05e046c0f4da2ac026045c1a9 fb99276db0a1804ba0faabcbd33e212b |
| M19-kdy01 | Gh0stRAT_aac94f0e | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | aac94f0ec954cf2e46ffc485bb83b432 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 04d5f107aa253ca81d99fce0201dcb6da6b21497fce62e2d37a90661951c63d8 c817037a6f8d80031171d3e6cd224c912fce33fb aac94f0ec954cf2e46ffc485bb83b432 |
| M19-0c701 | Zbot_cb486179 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | cb486179ad532f17b76cd2b664bcbc46 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 15c235fefdfd798bff9bf039155762f0c0674cbf239c10df6aca52a7e2139488 b43c1c3b047d29bd62526cc30c0ab81d1d9c05d1 cb486179ad532f17b76cd2b664bcbc46 |
| M19-dfo01 | Emotet_41988007 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 419880072c659ba9d06522c4d9881ea0 | 456f0957a36e00bf03b0e37d18e119d74b3bb08054f6248a2e7e87ddb93d7782 0dcee66f75d7624505945d9682e5c3bfa65ddc6a 419880072c659ba9d06522c4d9881ea0 |
| M19-7gm01 | Emotet_9e763f24 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 9e763f24205308742e49f7e84b39845c | 1ff11781388f142f3dd92900380de4501f12f652d20911b502dbea6d4e7c2533 fd557c799eaa4d9c7b1435cebe7483e7b02b9d70 9e763f24205308742e49f7e84b39845c |
| M19-nwr01 | Tofsee_9e79110b | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 9e79110bfb49aef98f59197bf32f40d4 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 973e8cb33dae5fab6505ffb140ad80587081f131bb6bb5305582e874ec8d10b0 3bd88b9181a33629faffc4b587953efef21724cd 9e79110bfb49aef98f59197bf32f40d4 |
| M19-ply01 | Emotet_8e442d04 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 8e442d040975723902cd6af3c3581071 | 9f48da5cd641b0bb9dffd3dec5d2442da67ed23367331eb8c181fc61ee54c41e 74b14f64d6d1b46b88c5895090764eda4f967c9f 8e442d040975723902cd6af3c3581071 |
| M19-0y301 | Cerber_b2978f5b | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | b2978f5becda7b94eb0c83bd058ed9be | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 4a60b63273210c8ebc4e6d07fba9b331011f852f4f5c1b5b1ae7ab5aa7df0f03 6cd8b244d0f1619b4a12d05057d2a3888f4c0294 b2978f5becda7b94eb0c83bd058ed9be |
| M19-of901 | Tofsee_afd74c51 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | afd74c51760ac4e4765f42d7e10ad95b | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 284d642a2ae70ba3890f39595cf215c06037f514580bcc8766b3c136cb1c4df9 bbf0fa50cc0113e4d013df0293a0454ff712a150 afd74c51760ac4e4765f42d7e10ad95b |
| M19-hnr01 | Tofsee_3ca41842 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 3ca418425bfd739a3d3da6b45c9cef6a | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html f551911671d006e8164ba14c2024bbe55646f5e1ec6c4fb16b7f199c51be6864 6c57b9596cffc6bb5289609edb10a7379f13efb0 3ca418425bfd739a3d3da6b45c9cef6a |
| M19-s9101 | Zbot_81b4148f | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | 81b4148fa1c26ee4ac4db67cccdb1ac1 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html fa58139b16a96c81b415d2cfe950fff73ca98ba9f0e09c753cb16cbb4b18b820 2c5bf9bff9d6a9f634f2b13aab9205fbb8506782 81b4148fa1c26ee4ac4db67cccdb1ac1 |
| M19-vay01 | Tofsee_e6541e67 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | e6541e6788b9c719c070486f25314d04 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 2c84c7ac4fdbcaba7ac72b01a03d5ee7d62db4e4986670d17d420a45872f3158 8ce7e58ed9a8389b8a399b500d9500afd6b18c6c e6541e6788b9c719c070486f25314d04 |
| M19-ao001 | Emotet_947f8e19 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 947f8e193903b2c4761657e79ab17eee | ce11fa55f6717dadca7bdd3759b3d46217d085e78ea8bb94bb8145754741b5c5 3800ab371f40b97356352349ac34d99a56130a32 947f8e193903b2c4761657e79ab17eee |
| M19-lcv01 | Tofsee_9c35463a | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 9c35463a674ca5f3d5b2d5c7ad332889 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 2835bade0deb4c1f1af1beff0102a7122990fd5b868f82b5f23b5ddea782d862 5b6067d3c941efd75c3926431d0dab6659dd3d9a 9c35463a674ca5f3d5b2d5c7ad332889 |
| M19-hiu01 | LokiBot_31a2e6a2 | Windows | This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 31a2e6a291af3effc17f63506182c167 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 7936c85dd96e641541e6e39e7a7388b8b6b16ef97569a81efceaed4abdc62ad6 ac0a9a2bc77286313ca3065f463488a4d0ffcd89 31a2e6a291af3effc17f63506182c167 |
| M19-fmi01 | Tofsee_d4d520c8 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | d4d520c87102038899648f955947efbf | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html d0ec6c954e91bde1e104cec6f316aa1d2f94389883d602790aec0128f492547c 99cd805cacde56f0d7ed66d06e93fc31916f7f0a d4d520c87102038899648f955947efbf |
| M19-e9o01 | Tofsee_64e9d0f6 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 64e9d0f684341b4195d0856a518847b1 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 7c6e8e91b032ae87eb17d1ff4edfdbf9f3d2b7e6cc1849cadffd40650f073538 ed995ceb0e66a63b613ab61047e4ff27ef11d9a8 64e9d0f684341b4195d0856a518847b1 |
| M19-cg501 | Tofsee_cf331003 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | cf33100360ba3fa25f25e84c17b27d51 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 84c98359fa8967beb941ffa16550358d39e1fd005dccbc697267b6f170c08aeb 03ba333a73ceaf12dcc33a9d8507224a55a93880 cf33100360ba3fa25f25e84c17b27d51 |
| M19-eja02 | Gh0stRAT_dd3d83ef | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | dd3d83ef6c15eb030e6b6156dca9c2ae | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 0dd6bc63d982e053c01753cb5819362827bde9338b3d28a0b17669c0523489e0 c292dcf8fca1c9de9cf47ccb520fa2f3cc450ba8 dd3d83ef6c15eb030e6b6156dca9c2ae |
| M19-aaj01 | Gh0stRAT_18ba621c | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | 18ba621c304a771563fb2160fd332a7e | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 094797bbc7234e18f2a7a30fc182a690f2f7f7b080b889ab5e6c87bb730bc911 34531e7b28c53faa7c45d4ed47a7017baa6530c3 18ba621c304a771563fb2160fd332a7e |
| M19-7hv01 | LokiBot_1bef928e | Windows | This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 1bef928e7e047849fb845e3b15f275be | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 938456e91538b5f4267bedb11d8cca26229f3dbdb3c24ff3a1132f3970c0d24a 35d1292355203adb2eea946490e34533f0401973 1bef928e7e047849fb845e3b15f275be |
| M19-5ux01 | Zbot_138bbbbf | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | 138bbbbf63d3bbb2e87ee701f460ab0f | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html bf315e9e1ac06c214296722191b08a2925e5ed49dfcbba616606b8422047cb63 ea0b4f063b9b4929a866cfb189d0d0d7adde1881 138bbbbf63d3bbb2e87ee701f460ab0f |
| M19-i3q01 | Netwire_92c1dd32 | Windows | This strike sends a malware sample known as Netwire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | 92c1dd3298e5a1e692f67919e115f838 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html d26438798f502364eea85bbf2804165d0709b90833ddf4512f95ac77f881edaf 70278ea556ee0ad4b4d862bb6dab25e63df1d7ae 92c1dd3298e5a1e692f67919e115f838 |
| M19-glz01 | Cerber_a2e887c2 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | a2e887c2f6ad663c5e17d3d2bad87609 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html b8058ef9c3394ce2ea9318b06d6cf01080a0ad4ce87ee1cff78e57373192603e 9040e2b57cc6e69f78d2441b9f737a266d103971 a2e887c2f6ad663c5e17d3d2bad87609 |
| M19-n9801 | Zbot_b795389c | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | b795389c40ba199454f39b133c9e9e28 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html b5f339fcebb67c4826f94c31eab0a3e8e8137a65204b03c8ee6a72a1a313a48e 46a5f6ac466c8c7cf953252bfc93409104064eff b795389c40ba199454f39b133c9e9e28 |
| M19-64q01 | Netwire_3d6ea23c | Windows | This strike sends a malware sample known as Netwire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | 3d6ea23cb771671a297ae1a79e2ceb7a | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 91856d29ac1f9720917a40e5533c7dacf528b25acfb5a82a00f6882b053c9b5a 86299e0e4b443f05172866c7a2bf8af69ed1f823 3d6ea23cb771671a297ae1a79e2ceb7a |
| M19-cm801 | Netwire_eab9f189 | Windows | This strike sends a malware sample known as Netwire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | eab9f18981c5241239ce2ea866c6c1b3 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 905b2347215e7ce0f02f8e7274941982c56c1b817fbfd4b9eaf97d2a65f6146d bfa72eef161aaa65e4576f8a8f439bccf54180c2 eab9f18981c5241239ce2ea866c6c1b3 |
| M19-9z301 | Cerber_b8ad540a | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | b8ad540ae69ec6f3699327b9ed3240a5 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 8aeadd92f66576dfd9b60ba352a7a61f43da7112eb127c28c5ceb54fb5e7b4c5 bc0ba69bca41cf663bdc80f16c78a610306ddae2 b8ad540ae69ec6f3699327b9ed3240a5 |
| M19-ghi01 | Emotet_d3afe72f | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | d3afe72f8d96e06afd2d8902b62e6065 | 1220dd6c5523dc0b6b6409e5b739216bc979826bcb8e43428f0889ff120fd63d c1c16ca7200364bb4c71ca205229a2a8f001fabe d3afe72f8d96e06afd2d8902b62e6065 |
| M19-tfn02 | Netwire_cf8b4d46 | Windows | This strike sends a malware sample known as Netwire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | cf8b4d467d27a6e39a1a5a9143b9a43c | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 527ff73f2e6d99bbcc7fa02804ab7380e2fe12689b70bb1b0840ac1b02331a93 75eb710606cdae8184d26ea181f0b92c6d4bb1aa cf8b4d467d27a6e39a1a5a9143b9a43c |
| M19-88w01 | Tofsee_6b3c0357 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 6b3c0357e0c3af7d8d1315d6368397cf | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html eab97c31815fc018ec26360c575b02ec3cf7595c1c4c6bcd121ee2123335515f 26e0972993d28f24c4280297a8208eef3b8adf01 6b3c0357e0c3af7d8d1315d6368397cf |
| M19-ydz01 | LokiBot_348da37a | Windows | This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 348da37ab7c13cbc4f5bca37225d06d7 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html c5f72bae432197bdbef019507fe69905549bbb7dcf9c455bd24e6eef008e96ea ce6bba5215f4e1402f73d54a345d61215d2ee4d2 348da37ab7c13cbc4f5bca37225d06d7 |
| M19-weq02 | Emotet_44fa194a | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 44fa194a31da1ae93a009f247dcc87b3 | 0a574aa7865ad973827f08457d92a690b80c51594c0cc95345062f4838d38aab ade09fd8b016d66a25c0ac65d05d49e6da40d3fd 44fa194a31da1ae93a009f247dcc87b3 |
| M19-61i01 | Gh0stRAT_3014b27a | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | 3014b27ad64141ef247b2ee145834afc | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 15c6ec4928627e4f9c56c567811e5b0b0b6c20b32374ac931257145d42365b61 8a80ac88bc6a345cedf02c3e27735ca6f279166b 3014b27ad64141ef247b2ee145834afc |
| M19-03v01 | Emotet_7f16c9d3 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 7f16c9d322ac40ba46ffb138d3733949 | e74421edc6c5a113acbd4f754d64ac9502f59cbdae14ffa129357bc5251e9afc d1a2e6d1de316b24a5896d0410e92daa8ca14f49 7f16c9d322ac40ba46ffb138d3733949 |
| M19-qs801 | Zbot_a5c17b50 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | a5c17b50888dfd526519c1c6bcfddb1e | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html b2787b4197407051f4a5fe4ddc6b483d3245222d0b6301ba67e7feae14b87342 c02d1a638024e4d318297e8748ba5d8370873c8b a5c17b50888dfd526519c1c6bcfddb1e |
| M19-9ky01 | Zbot_b64ec499 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | b64ec49901f7116ee5ae19d602fce87d | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html e3ced6661c4f5fd339cba232c6693c79d30dd5bc8db5882e7a86e959537af18d f5244724431ead0829acc6f68e704a259ccb3736 b64ec49901f7116ee5ae19d602fce87d |
| M19-35n01 | Cerber_aa5332e4 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | aa5332e4e550b3e859e954e9f9296646 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 8a6c828f54dc34e260698e0347cce9e62d8fbc773e265c39c63e812201533724 e24222fff32c2718bb413c94dd86985fcbe2e749 aa5332e4e550b3e859e954e9f9296646 |
| M19-w2h01 | Emotet_574e273b | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 574e273b12242b0c6cd1c74e97a1f4f0 | 2c9b1c7443421bc46987ae098dd00fa013b9722dfe6b6b518c3ab474d888d984 b2693b5e478e5e30644795dc472421f7b4792308 574e273b12242b0c6cd1c74e97a1f4f0 |
| M19-7lb01 | Zbot_66a0ab6b | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | 66a0ab6b2b41e805b9949255e22aadea | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html e014acc73e32e1d1cb74ab4049b46abb2bd5c06ee9d4c82aeca7f4440cbb011d a65bf159f2580e9fcd458425901c29746f4764b7 66a0ab6b2b41e805b9949255e22aadea |
| M19-a7f01 | Netwire_96efc22a | Windows | This strike sends a malware sample known as Netwire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | 96efc22a0fd01a77b9e6560b96df8899 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html def9d601134017c678cbd058f41b4ad7d3dd8d2c8ef1eef01a9a17ebf38ea6fa bfff1bd755d425980a33445151b44217021d0738 96efc22a0fd01a77b9e6560b96df8899 |
| M19-3c101 | Tofsee_0776e529 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 0776e5299cb9cea58d92399ec99db076 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 64a3e41af01cf5443314c0d49d7a83f081c99dbadda2dfe2af5d93ff49464f4b 26a9783445cc62cf99fbdb77abdbd8697aded94d 0776e5299cb9cea58d92399ec99db076 |
| M19-zug01 | Tofsee_7ab7ed51 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 7ab7ed5123144b6374f755380274aaad | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html e46c3033d16ed60026ee74546aaaf17fe0e0dccfe9c40bd0b434758c01fc8a17 57f40d867264a79a2f44760e7b2aaeae13f3b88b 7ab7ed5123144b6374f755380274aaad |
| M19-h1602 | Tofsee_b77e55af | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | b77e55af8ca122398a95101b88c0fc6a | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 91637560be3528716ac0c5586b39c763c54798a0b03a55db086a3128fa665fee 22f45ce59e52851dcc60bf96afd55912020a36c7 b77e55af8ca122398a95101b88c0fc6a |
| M19-08w01 | Gh0stRAT_a670d03e | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | a670d03ec86e2accf78e37317879d383 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 0f75c94f848e561c2fe1bd90a5260e47267c334444579530ddfe2ad90f0e6806 5b321c217563fa66fd56697155b127ca93e43dbc a670d03ec86e2accf78e37317879d383 |
| M19-ptv01 | Gh0stRAT_a85e42ae | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | a85e42aeb51ca8181dc24c48b54fbf11 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 0af079ed6e9914b102d9c3007e7c96318a1fdb659212c35f22e2e5293d8cbeb9 351c1cbf81547e76d1919d05291f8b1b56005df1 a85e42aeb51ca8181dc24c48b54fbf11 |
| M19-wbx01 | Gh0stRAT_08c2642a | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | 08c2642a75839a3ed8dfc696871541f1 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 0a44d155b4568d97d161d18e90e4c9e719e4c37769c2a32ca5a41d56cc101172 76c1c6c3ef9268a66502edc7bb8003fb67247014 08c2642a75839a3ed8dfc696871541f1 |
| M19-xx101 | Tofsee_aec08c2f | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | aec08c2f0e5303e7d1a50e3a8a9ccb57 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 109ca5f094a4e98b6dac4191043bcbc4a9e849a456ca581226f42fdd7812966a 25f76b31892e2ce6e412a2cc3a3ed52a8d6d5099 aec08c2f0e5303e7d1a50e3a8a9ccb57 |
| M19-jxe01 | Cerber_c39e7990 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | c39e7990a73918227978e2eb66bc34f2 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 34a0f0bc799b5fd0cf9a89bce7d2ca2da158cf22940212b5c09fb1ec64bc9b65 93a46064ceb44a27e025aa1f06af534b49fc4eeb c39e7990a73918227978e2eb66bc34f2 |
| M19-8r101 | Zbot_0c0681a1 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | 0c0681a1d736657547d15a1f2dcbaf84 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 40ecf36a4c2474cfff01980d68602d7bbaacfca2bdfda5ac58390b57c73b424a 38d3ea73cabe97619b7350a471e5813b3951d6d8 0c0681a1d736657547d15a1f2dcbaf84 |
| M19-usy01 | Emotet_857f8026 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 857f8026ac9c8de1c1d8886e0ee32a75 | e0ab84847c95820096ec02c1c23c15589320ddc180e6d9f0d61315409b755dc8 e33ed8265a7cf04d184562a46bf1d2fa9dcba716 857f8026ac9c8de1c1d8886e0ee32a75 |
| M19-0eb01 | Cerber_ba55c151 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | ba55c1515932c3e08ca3cf5be23cf94c | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html b590d46794fad9c62040ce7941cf775282d1939c45267ec955e9be6ee8dd092a 08cf87c57a7d613fb9c568acbc5d72736d737d9d ba55c1515932c3e08ca3cf5be23cf94c |
| M19-rxe01 | Zbot_ad90639f | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | ad90639f42181db6523e292b35c6f913 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 8ea4ffdbfb16cd39bdf20a5a51ffbd6a523b78ad9a2c78bfffb46fcf0653f550 d3d198d731cf3be656005784d49f61362fd6fdab ad90639f42181db6523e292b35c6f913 |
| M19-mir01 | Gh0stRAT_b3257690 | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | b32576909fa8d968d66ac6beee978609 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 06ee23a5be29f166749cd47784c9dafe66c0ca4ec7b70e6e837e59ccd5a02c63 4f608c89514d543b1e97c06d1c500be4d8be097a b32576909fa8d968d66ac6beee978609 |
| M19-rrb01 | Gh0stRAT_181ae729 | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | 181ae72927cdd32eb43aa8221fed4e54 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 0a03aba2e42912a9c43e5cd9c724c4991007ecd6950bda27e82446070a08bb02 a872d3edc6f552ca629d00b468b3f9d4a831e05c 181ae72927cdd32eb43aa8221fed4e54 |
| M19-xtb01 | Cerber_af3cbb72 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | af3cbb72a35eb8314f40f9b01cf5568f | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 1d07399e5b31727fc4dadba07d062f7eff6864e33f17fb1a65f71b9b41b61282 634a5afa7c7c701f52da613cff875f5242c68cb4 af3cbb72a35eb8314f40f9b01cf5568f |
| M19-hmg01 | LokiBot_82cbd08e | Windows | This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 82cbd08e1548fb0c1305cc6b1f111cb2 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 548bacb5d7484fd4d4328579d18b3e62fdbf6bb7acdf6ade4ddcf6a0db61847b 65784404e1d1f46baa376a2fead150b5f417baaa 82cbd08e1548fb0c1305cc6b1f111cb2 |
| M19-2z601 | Zbot_cc94200a | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | cc94200adcdab693e903201710216c07 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 8914444fb30823c586d7df581c201dad5f1428284b7880395f2bc49ece5a1611 097c740ea46d055048364387efe8cdc21167d686 cc94200adcdab693e903201710216c07 |
| M19-46001 | Netwire_4d3a3307 | Windows | This strike sends a malware sample known as Netwire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | 4d3a33077e9903f30ff191b36c310d4b | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 182dadc51371a709b901f1de489a52ff7295749427a8cf9d112358a605e2ed6d 8b7ac57877a8224a07a9e0d30762fc881312715f 4d3a33077e9903f30ff191b36c310d4b |
| M19-x8n01 | Emotet_3b0e1ee8 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 3b0e1ee8e05371a6ab150074d7887fae | c8078630214d7c029d23de03dedb7fab8a2f7f8df12ba99245682e3ca235179b f2f5cd624471bf1bf631a160e7d65dab19b63d2d 3b0e1ee8e05371a6ab150074d7887fae |
| M19-igj01 | LokiBot_729deefd | Windows | This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 729deefd22eb97fc550bacee2a5f5a5e | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html c5bb3fd84e761402d2da77b8c0462e9f670f56d65f3ccd602cfb4326c98c4c9a 0b88a31b72072d83df2205447741f120dabf8fa6 729deefd22eb97fc550bacee2a5f5a5e |
| M19-ojd01 | Cerber_ae691d8f | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | ae691d8fce2e05d71ce45f32dca449b8 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html c8af6329fcfdfd4f9df33f2f4f59fb958e2416eebe8d78ab1444e763cf04d08c 2cd4de0e6b25922f270dd2c7fb21baa68a1e8e4a ae691d8fce2e05d71ce45f32dca449b8 |
| M19-ysa01 | Zbot_e44e07d8 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | e44e07d8e053920f714c3e574d7749d4 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 66c6cb07d601f35490752227fe1d4687fbbc47af0f219eb178f89c670adccb0a 858daf900b1f768e160fa1961def8d76339838ef e44e07d8e053920f714c3e574d7749d4 |
| M19-fcr01 | Gh0stRAT_b5ad2aad | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | b5ad2aade4b600d66cd49cdd81ab0b38 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 1439afcf233b1c829cbac8747623b3b05332ecd057660bc3639980ada64d1149 de70c4899392034ca09ae7e348bd0f0eb978b3a7 b5ad2aade4b600d66cd49cdd81ab0b38 |
| M19-q1401 | Gh0stRAT_a153ff54 | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | a153ff54b38b4154553f68ee7d8f6180 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 08e84db9a91341f82d0dc50775e75879fc2ac20ede3abffe53cf35dc9a656019 d47ceb91b04e9126e42ce80938d25f183f1e9b2e a153ff54b38b4154553f68ee7d8f6180 |
| M19-hkh01 | Zbot_ec77d620 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | ec77d620ad9496201d3a922107fe495f | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 924f2ea483135213b988584241da5e5b8b152ab427fa933089e493d2dcd92c34 96bff44bf03f1ade7f97d2896d2be95a0e191be9 ec77d620ad9496201d3a922107fe495f |
| M19-9hx01 | Gh0stRAT_e1ebbb86 | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | e1ebbb86725d3482e2b94d3d07892779 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 0dc8ab2ec624c65ff0c071b80b349c8e6de4fc4491e9751e099b63ce98c8c52e f1d5adfc23fcca92237f9d179cb121b63cc618de e1ebbb86725d3482e2b94d3d07892779 |
| M19-nbs01 | LokiBot_7fa2d908 | Windows | This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 7fa2d908e8e82f7df0216b48037f1f39 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 02b5ef62978197b43a62d05de25c67a67cb1b4a0f09111e79cc83688e7881674 e143de0e5483d006414b4409797b0eeb587e15e1 7fa2d908e8e82f7df0216b48037f1f39 |
| M19-oft02 | Gh0stRAT_beb517ca | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | beb517ca2b1e8e5f6e76dcefc1293047 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 037e1df212fbfc6c77ea55754f52b11366da8e0fd5437834762339a30e705614 5c67907e1ab01a98ce2eddf8e11f38d20518ee48 beb517ca2b1e8e5f6e76dcefc1293047 |
| M19-rca01 | LokiBot_34c724ec | Windows | This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 34c724ecad5b59b551814bbac6e48110 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 2374d2482bfecb87307d036b7e9750a0c28738c8a0afd4abf60a9b9ea3b81e83 373ae473287449d5722fa931ca68beb2e8ce821a 34c724ecad5b59b551814bbac6e48110 |
| M19-fk101 | LokiBot_ccc5683e | Windows | This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | ccc5683ea50d75db96cf8c98b382b1f0 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html e329ca0b2964c410ba3c5d228a13b27d733d7f9999dee5a6511f91ea891473a9 bdfda694f2a39e8d5636c3444b58399ddbebcf42 ccc5683ea50d75db96cf8c98b382b1f0 |
| M19-3og01 | Emotet_7e921d01 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 7e921d013602fd36ff95ff9d08a52116 | f3de992434fc44f62318ddbe2c209a11af19205bb347dac52d7534e7f3c5579a e3a5df085d6bdda60009142662b71e14a8b584a7 7e921d013602fd36ff95ff9d08a52116 |
| M19-3vc01 | Netwire_56af5aa9 | Windows | This strike sends a malware sample known as Netwire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | 56af5aa9cf0e1545dba399a2ba3b4dfe | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 5aa45dcf729d53a3fc6e5d02980835fe78f3f7b7ae262b8aebf2edb6abb59bc4 c7a4911d59557ea663376b07f3a4599d87f73166 56af5aa9cf0e1545dba399a2ba3b4dfe |
| M19-2vt01 | Zbot_7bec980a | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | 7bec980af00c7c9ae322ef0c465d263a | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 8daf28936db0201df94f89bd80acaae000fa018f93d6d1a1dc131b91be665382 4274dca8b46c10bc78c1e2365899f3de6feca85c 7bec980af00c7c9ae322ef0c465d263a |
| M19-2p301 | Emotet_519a1c43 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 519a1c4359612bf67b596a0b5cc5bacb | 8c483708b5b4230562f3d0d4dce10c6168b94ccb6e85ff5052c42513feda741e 7ba859028a8320fa3eef000d657b285939594e3c 519a1c4359612bf67b596a0b5cc5bacb |
| M19-kv101 | Gh0stRAT_8f5ec135 | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | 8f5ec135c3143484ae1beb709e28f7c3 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 1564fc8499c21f5426c4f15aaab34acc8936b43df39464f88003209c0ae3ea17 9623eae02659d87c8e735b8bfdb10a2aad4faa11 8f5ec135c3143484ae1beb709e28f7c3 |
| M19-yzo01 | Cerber_b8efcd78 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | b8efcd7883d58650b7a2d13e5e43390f | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 0e1509af88618c8cb273196c4213e26c2219c3a1fba9ed8c51a22d871e316ccc 15ebd16ebf49fc507f6689684d6fecd09ff12a86 b8efcd7883d58650b7a2d13e5e43390f |
| M19-urz01 | Gh0stRAT_e50cab6f | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | e50cab6f7d84555e294f1d0e8c691064 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 072e4fa823cf7e9646dd7e1aaa3a308d9e789700dccffacfb646bf7c7fad9ad3 3edd1a5e33406831a2797e9d341decc166ede290 e50cab6f7d84555e294f1d0e8c691064 |
| M19-6ic01 | Netwire_cc666d41 | Windows | This strike sends a malware sample known as Netwire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | cc666d41d5ac0e8ce428362cb66e7041 | https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html e0acbefe824d29143e303ba8596d1436150bf1ad7ec533b56e4ae2b1bafcf07f 2b5125bbac488594e8605a7b5ee642a5e91fc51d cc666d41d5ac0e8ce428362cb66e7041 |
| Strike ID | Malware | Platform | Info | MD5 | External References |
|---|---|---|---|---|---|
| M19-gus01 | DarkComet_1fa0421f | Windows | This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system. | 1fa0421fc4a708c047ef588873face99 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 6283cb17aa670de5710f160fe411ba49cd8d6f12ec96141c787311f03d3dbfa0 b3decfb6b5849129e56a58f9f14fc0da5bf4277d 1fa0421fc4a708c047ef588873face99 |
| M19-gpx01 | Remcos_ace36d4d | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | ace36d4d07949c1d96178b5990176e90 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 7df44706454b41154f074f55a4bb5c42942a7e4a2dd244dd3d979dd28f81c602 a30ead2ed9240fc2cb19098ceff9036ee7766fcd ace36d4d07949c1d96178b5990176e90 |
| M19-10r01 | Trickbot_81502942 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 81502942eab49154ab3bbdefdaaa72bb | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 84b2e1dadf6434fbd682ad5443c07fd584e9ba90ca78cff4e34453da08f9b1a0 183f70605704cc8ca523b416f5f70e3d82fd3f26 81502942eab49154ab3bbdefdaaa72bb |
| M19-qvp01 | Zbot_c85cfb2b | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | c85cfb2b35a83d76562ff7f7190bf2fd | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 23a1c96747d375ef9098389078a48ffe53305fce872ae8d056697aa1f4aee4bf 5f3ff557e3cdb3396bccef3b98228562d9b055b5 c85cfb2b35a83d76562ff7f7190bf2fd |
| M19-vqs01 | Trickbot_41ff5c4a | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 41ff5c4af41e5a1095c121e9c0bae244 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html aa2709ee07f4479a85e0d64e8f4f08c87ff747fe658f8e93e30713ab6d46724c 1cb1ac4ea6b197bbd4b1737b73e84c55c47e1f16 41ff5c4af41e5a1095c121e9c0bae244 |
| M19-k1t01 | Zbot_17023300 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | 170233003e9260c66644d4b676be0146 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 0008d767954ff4cd48317862040f44a8550279d2f80730db9d8c9a6c3e6f69f7 2ecd59f7ce89957e46216e6924495d15343f6c2e 170233003e9260c66644d4b676be0146 |
| M19-onh02 | Zbot_a13ca371 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | a13ca3713479a4219d3fa14610ccc124 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 249534c79cd24e2d4f756ee051f5fa3da34a85ac4d60b24afc19d0d01b03f446 61f817186eb4889d4a679a060a5b1803408ab3be a13ca3713479a4219d3fa14610ccc124 |
| M19-eev01 | DarkComet_3022bccb | Windows | This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system. | 3022bccbf3617e109bba665eb4c5cf0a | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html d4c3d0934d55956d694a8097bcd0b69c4743e681ab1985e689d71827514fdd63 153439ed6eca57364757cc2877ec5d2db4df2c3f 3022bccbf3617e109bba665eb4c5cf0a |
| M19-j2401 | ZeroAccess_1e809110 | Windows | This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 1e80911037d3cf2aaa21f61861fe61a6 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html e8a06267aade079e638ab09d0ca9b2697079be1292c237846f93bf802d9c8746 8a3127f86aa5994800f58aed86ecc03acd0e7091 1e80911037d3cf2aaa21f61861fe61a6 |
| M19-gl801 | Trickbot_83d0cd5a | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 83d0cd5ae210332bbed3ac6b0d8cd573 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html a169e851112a15be3a17a6059e50cfedccd2928a7a2afde40aa21a13bbb31dd5 5468aca78ac607b07ea4fd50e8ddeae65ce003f2 83d0cd5ae210332bbed3ac6b0d8cd573 |
| M19-vis01 | Zbot_c433168b | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | c433168b02db7431950fe58a6922fd60 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 01b1b04fd8af635ddc5953b9c3bd87d510c38476477f201fa59b6ac1ebc89265 32edeb978d35eabe55403e59520df9c203dfb626 c433168b02db7431950fe58a6922fd60 |
| M19-mf201 | Remcos_749d98c1 | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | 749d98c138964f41d417bd3cbd0e5149 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 99f7c0b78dac66e3fb5c571c466004e97ef6a75662ed2b1a7e49d17f85fa66f0 0a6bffe6c89e2e1b937387a602bdb2241576f600 749d98c138964f41d417bd3cbd0e5149 |
| M19-ie401 | Zbot_0c620808 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | 0c620808ad53d50093fa94837705b49e | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 0878a61c44c6f24ea9b7455e663c9ae1f059f5581067957564af8cc90d7bead1 26d6621c1023212c97f104481a3db8d8594f9fef 0c620808ad53d50093fa94837705b49e |
| M19-1rt01 | Phorpiex_94a0f5a2 | Windows | This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners. | 94a0f5a2de8f5146566e17ef4bf3fc1e | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html af69f159ac7741ff8c72ea41fe76436512c84f7de6870caa6268ca28ac87aabd f46e9d32630612faa69aa1b315ed21c18a74dc0e 94a0f5a2de8f5146566e17ef4bf3fc1e |
| M19-igw01 | Remcos_6e89391e | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | 6e89391e5b9f4d18bb82d1a8749543e5 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 1c74e101e6c49184a2766afafc33ab421900927ca39bfb8afc6e0c29c1d4bc4a a22aa193b0dcd79d9bd6d2a671186abfaf319373 6e89391e5b9f4d18bb82d1a8749543e5 |
| M19-i8601 | Trickbot_97a4da2d | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 97a4da2db4c7fb864c1e851a910a227f | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 918b82b76908de34fc26f1addda953604c608071d2e960aa7ac024dac36b445a a65a9a889aad702702f25bcad799087f26c771d8 97a4da2db4c7fb864c1e851a910a227f |
| M19-4c801 | Phorpiex_5b7026da | Windows | This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners. | 5b7026da2a73f9079b79e2083cd89dc9 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html d70bed520eccb3afa3ebaac4a1644e1b603e407c386a5a3dfeee864acc8be52d c9e1386b7a32d5092479bfebbccdf080c9d912c1 5b7026da2a73f9079b79e2083cd89dc9 |
| M19-vdg01 | Phorpiex_55c7f0b2 | Windows | This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners. | 55c7f0b2984542d2f77d86656c4b6acd | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html e96f931910f1f64cadda65519f52c5ccd2311cd9d4aa705815b28a21559a4f18 69ee06b7acdbad334cd8f607eff6ba488f3ddc8a 55c7f0b2984542d2f77d86656c4b6acd |
| M19-vao01 | Trickbot_ef098d4f | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | ef098d4f7ed780fe9b48212143ca7942 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 8a8e4c0576135b4d7e53e8d371cbaa3044d04aa7487b5165d3a25c7ceb98ef40 bf3c71d05684b941dcb8d5542244fd82e77b24f6 ef098d4f7ed780fe9b48212143ca7942 |
| M19-ctr01 | Remcos_5f8e9032 | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | 5f8e9032a3cfbe516116cd54d2d50947 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 5752b25814c46d5084fa204ab381a18ebfb75fd0229ddac048fc673607ae52c1 740860ce185dade221d3e49d3facd85d1af97d9c 5f8e9032a3cfbe516116cd54d2d50947 |
| M19-b7a01 | Remcos_605f8350 | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | 605f8350f2fb5f8a4d80094e1fa1beda | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 622bb6dc7e751fc9352e7a23c9bc3ccd2e1855f6d5c37656516a54fe63ae6230 dbfdd20391772a75aaa33b1ef444715377f6a07c 605f8350f2fb5f8a4d80094e1fa1beda |
| M19-vh501 | Phorpiex_e5faf9ac | Windows | This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners. | e5faf9ac1eec39f587f2e5f7d90cc067 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 94179eab10b3a394790f3bfd5cf10c5bcabb16cd534997f6361064ac5e686342 46eb345e49b358077070855d8ebe5010f9b05e94 e5faf9ac1eec39f587f2e5f7d90cc067 |
| M19-5qn01 | Zbot_ce704ce0 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | ce704ce085ae85d89fad16dbe1dfad4a | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 24cfdb52074fedadb316ec85968e36576f44660b618edc8582c4a9d1134a4344 82e226da1cf97f0b34c78d4d91eb1db52fe4b272 ce704ce085ae85d89fad16dbe1dfad4a |
| M19-qno01 | Remcos_dda19f33 | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | dda19f3387325b1c91056470f086e47f | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 46eb980bd84f49f16aab9a9af815caedfffe92ddf0db272b330f6a9b625716cf 8f3f33ae032f51312405356a100310bc6cfeb357 dda19f3387325b1c91056470f086e47f |
| M19-vge01 | Phorpiex_36ccfbe5 | Windows | This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners. | 36ccfbe5c7cfd8e0e03e342eda3a10a7 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html e1ef644770cf7cb312df7b2112a140386e246e6bb8c5fb607707e08bc1ad31ad bf733a77bc760fa4118b218e921a7c03e3a79a1f 36ccfbe5c7cfd8e0e03e342eda3a10a7 |
| M19-36h01 | ZeroAccess_50bf6b6c | Windows | This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 50bf6b6ce6a7f1b0f71042a9fa35a85a | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 559ecb68cce08a6d1d5b27d96295fc81ddc3df2edf1dbf3d765a9831262402c5 7a2c8d1de7cd337731b20338372816cca4dc2aee 50bf6b6ce6a7f1b0f71042a9fa35a85a |
| M19-y2a01 | ZeroAccess_a525893e | Windows | This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | a525893e0772eb8000ec51ef38eb7db8 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 1d2d42263d68f09b1946be33971dcc04706ccc597993007b59806c3a23f1ffac 269f05dc9cc55212a472a484272a974044d018c9 a525893e0772eb8000ec51ef38eb7db8 |
| M19-5i301 | Zbot_0c909111 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | 0c909111ff7d0c1983ca313ae8463535 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 296d4d39691aa73e5392b57a1dff3cf34f7f1e3548ab38d22e7c1bcceb30fc11 0b6f60857ac2db88991284b76eba584729226e8d 0c909111ff7d0c1983ca313ae8463535 |
| M19-d4l01 | DarkComet_ecf0d4c0 | Windows | This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system. | ecf0d4c09c2e778adeaf072ae0c81dd1 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html b7cfcc21847f1be733342c7c635d30152e3cbc7ac456d44faeb3d0d61933f02d 35d536f641491770e3926e7b0dc15ab17b741345 ecf0d4c09c2e778adeaf072ae0c81dd1 |
| M19-ddq01 | Zbot_e64184fc | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | e64184fc2439a77023931d4fa290bd06 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 0be41d1d76850b8b1bd55121ecb12c43b20493e7ef00a83d366092998b126a66 408258fbc0644daac993ac7c3a28c0a84d16c02e e64184fc2439a77023931d4fa290bd06 |
| M19-a2b02 | Trickbot_ace78c34 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | ace78c34cc8f220b21645b7a3618465a | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 90343d4a110021355c361ba1187512cd992644f1f563451014c330b6100c31bb 7e9b85803f26de44251c36e5bf736c2de8ebd14e ace78c34cc8f220b21645b7a3618465a |
| M19-12a01 | Emotet_eebf6a4e | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | eebf6a4e9cdcf557bcac80a7233e73c2 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 02fc8369a88b82e3f3071515dacd5d66dac4a7bbc30c0273ce94f1d1c17016c2 6cd34102ed02a66565fce08e3bcf2681b2ccdc56 eebf6a4e9cdcf557bcac80a7233e73c2 |
| M19-1f501 | Zbot_f73d48a7 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | f73d48a7e35421c3829260172676c9e8 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 29286b6965a37a18bb510f2ceff996456133395c0af62e2d87e58c86877b7a5b 567e0dd3ad17fe189acbbd9308c3d0142a64f0e1 f73d48a7e35421c3829260172676c9e8 |
| M19-6xu01 | Emotet_c6c7a0d8 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | c6c7a0d8d0c92d6962ebd522204ae484 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 0358ed9153522829b222680b6308ca2bfbb9af02f7577527d290bd6b5a45741a e531c79f18c72dc41cc259b4579e6bff2002f6ff c6c7a0d8d0c92d6962ebd522204ae484 |
| M19-qk401 | Remcos_def4642e | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | def4642ed5253721fa1ad334343a38de | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 44a4d693d208abf527c5d286fdb45791d6bc97fbda6857f2d952a659a39f02fd cb9498c85bbe63fba7ee8479d274138aee092515 def4642ed5253721fa1ad334343a38de |
| M19-blm01 | DarkComet_f71f7d40 | Windows | This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system. | f71f7d409428e7f2aa4f90f2f50476b3 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 54f3ab508247399214721d27e61b5f9be1797cf54e1f80590a6075f1086df697 895234b427c9b02833c39886f4958819ca63c2f1 f71f7d409428e7f2aa4f90f2f50476b3 |
| M19-bim01 | Trickbot_30ae7f57 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 30ae7f57f89c8309d0b73651503147e0 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html a94fb77c70d6d08e50aa251e619f7f6a2bd0983322677a5f0b38ba3cd2c46abb d9a8e88b6cf7ea229f91309755d67cf9b8f3179c 30ae7f57f89c8309d0b73651503147e0 |
| M19-fpt01 | Trickbot_50e1701a | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 50e1701a6bfd55c4ee39ecdb0ec4b051 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 99aad62bb62905258fd7b9ee63811f16c0cb686dc86b49e5f33e0d465d2ecc0b c0f9c424b8d3ce1e1f74c82c6ac05ad043936ec4 50e1701a6bfd55c4ee39ecdb0ec4b051 |
| M19-iq801 | Remcos_c64ccf8d | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | c64ccf8d1b465a4b135383643dc916e7 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html b1b18b3fb4c4da002c4f8449042569a53be13971036b2b15bccb8a31392e8ce8 ecc41cb12865441427c2629b96075179c57b178e c64ccf8d1b465a4b135383643dc916e7 |
| M19-6gs01 | Emotet_dd617d37 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | dd617d3790334de1f26a546c61adde10 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 08a60b24edee93c10a2f7f88f771cada9d5fdb220e236ac7685bc5467187cc7d cb7985e5953650f57918342d753072c020d784f7 dd617d3790334de1f26a546c61adde10 |
| M19-jh801 | Emotet_46575cac | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 46575cac33062c3750e572a066980432 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 23f18138a5aa4ff7284e25faa8490b14706170a7980b73a2cb69527fa19a9655 c51a829cf2f9a90130657b6b72e579d2966c93c3 46575cac33062c3750e572a066980432 |
| M19-n8r01 | Zbot_a6b6712f | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | a6b6712f486b581fc137fc7bfbc55a38 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 20a5e8c87d9d5f9c4f212c8324e1c51941c2c92e4193bb460454451c43763c65 25d3b730ecb1a161c5d03941ec6bbb83fe166008 a6b6712f486b581fc137fc7bfbc55a38 |
| M19-u3u01 | ZeroAccess_3a5d44f6 | Windows | This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 3a5d44f63bf420d12caf06cdc4859baa | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html a026a103b42e4fd2a1b1b21931983d477e53b94210900f2a464cf71dd4868f27 e55c6fdd2cccc73ce2a0aa34f550f9d57125e20e 3a5d44f63bf420d12caf06cdc4859baa |
| M19-ox101 | Emotet_ae03a6f8 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | ae03a6f8fb74d401b403647d28e21574 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 1ad1ff05930f27ef4b349c7a612235d1632ef7ceaa1a17adf7c7b3a97b40ca4d 6ee320cedc77499f5df9ae9c93ef42c0d91f3ce8 ae03a6f8fb74d401b403647d28e21574 |
| M19-ajp01 | Zbot_5e30e5ef | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | 5e30e5ef75f2237ad99dd7b3c41dac06 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 2bf03d005dc768b24c4a27218e41c5781902edd872f934d24c02958fd172fbc0 08539c81c6e93e4f2523fc53b6d057db6a3e620f 5e30e5ef75f2237ad99dd7b3c41dac06 |
| M19-iqc01 | ZeroAccess_48b01d1e | Windows | This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 48b01d1e3c24c7be49760f773cbea031 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 9117e953fe785d1b5c2f350921bd8ec6e14f1e34c0a26059c66c4abfb98e7a55 5c8c5eed11eed355f85b0aca019ac49ee95370d1 48b01d1e3c24c7be49760f773cbea031 |
| M19-3xk01 | Phorpiex_9707f717 | Windows | This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners. | 9707f71722590082d86a1d596ae7c253 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 01800a0b77486384e49b910debe10f7cee0b315bcf58fde71697f0dd4ec3540e dbbaf69d3029fe2cc8b5941e754200e822b98597 9707f71722590082d86a1d596ae7c253 |
| M19-4ef01 | Trickbot_49c19c0a | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 49c19c0aaeb04d00ce5d9d637e0f25b4 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 977cc7fd45f54546066ab08ae04f31876d2347948b2631a011756f2a45f8588e 3e7daacc43c343a0e676430d663e3ab1a4647c39 49c19c0aaeb04d00ce5d9d637e0f25b4 |
| M19-q1y01 | Emotet_27ae4d0b | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 27ae4d0b6cad6ab284b1851df1923d47 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 2a80f80c219f9554c9779e86c47a51a27858a767bb7b1c45b1d52055f6b9a30a 06a40e791c9fa900b5e4e632f2907abc87c6892a 27ae4d0b6cad6ab284b1851df1923d47 |
| M19-zmd01 | Emotet_8ba55889 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 8ba558894ac03bc2c8e95b165673beed | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 0cc6fb091ca3119744ef99cc1a75bf093351962ede75fe01d9689ad6e611eed7 0baa64bb5aa6b0369e5e40942a1682871d9f7f1a 8ba558894ac03bc2c8e95b165673beed |
| M19-7g101 | Emotet_a75f1238 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | a75f12389fa58ccb23fb519df6df9e4e | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 179dcfe6679c7d9e7527dbc7280807c7abe2ab8b6cd74671ca3a240bdb9f9b13 2c77d7b8d6dce69ab21194792e4164d18d5cb42d a75f12389fa58ccb23fb519df6df9e4e |
| M19-yv401 | Remcos_1a3c5d01 | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | 1a3c5d012a6c911e7da061884bda3653 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 2993970ed0df750fb8ead03397e7d209d50c790ccea889f8cd3a57a3257d229a 40d6d28e8392c3da1d79c50ef20551cf44fadab7 1a3c5d012a6c911e7da061884bda3653 |
| M19-7ad01 | Phorpiex_557c6d63 | Windows | This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners. | 557c6d63173e0932c10723edfeabc0c4 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 5cf483ced208bc37ee1e71346a22615c88ee294a8b3b411b5d11e77571e2e4fd 0e18418257d43d417898fb6372d12286218692ea 557c6d63173e0932c10723edfeabc0c4 |
| M19-10901 | Trickbot_6d1887e8 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 6d1887e860ce594f58e49ddcaa911182 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 63fc0be214ba24b78e8af0c3fcc739bc65f2c93f47f2c0fd5fc36fab7c3b1ee9 0cdd5f392da1d516e309af43469fb92783782222 6d1887e860ce594f58e49ddcaa911182 |
| M19-c4h01 | Trickbot_ac990e4f | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | ac990e4f02d712c43118366ca0025819 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 8b3ce83864c0fe181a9dc5fc05db1ed0f5b8fa8afb21bf47e13cb42012f99d37 b3c3ddbc02db2ebaeff2d0ae6a22a2e235d6d337 ac990e4f02d712c43118366ca0025819 |
| M19-jft01 | DarkComet_b98d5243 | Windows | This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system. | b98d52433adddf98fe759cfcf91cd192 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html fbaf7fd94f82e6f9dc6de640564350f00b0901763249e14ad29748a79bc41a43 17b2f078e3c09849d27d1cd543a3c5f2eafe7c94 b98d52433adddf98fe759cfcf91cd192 |
| M19-rob01 | DarkComet_262898d5 | Windows | This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system. | 262898d5151272199ef45df4afc84cab | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html a7b843e8ece17f12410ed58e1de94c03126d74192d3732dae6071aefb6b190f2 b31d62d2e9d0f21b37151bb0aaf6a8d96c647e61 262898d5151272199ef45df4afc84cab |
| M19-as701 | Zbot_8d2d1cf7 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | 8d2d1cf77f9a3a885ee6265d8377c696 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 285c4a1f783602c538395337b0724f384806f308be12fef1654f77f667762412 f1f634cd47998e4c1d325800984fb21d72dfc02e 8d2d1cf77f9a3a885ee6265d8377c696 |
| M19-3ra01 | Zbot_f715b6d8 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | f715b6d88c401e1676f267916fa8af21 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 08c3aed6e3b36b219a22d80947cb02a1da27cdd955dcab8938f366c938641d99 42d2407153dba744e1efa2d220027f112febd867 f715b6d88c401e1676f267916fa8af21 |
| M19-3fa01 | Trickbot_55f3c900 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 55f3c90084c265be03b6d4a96f8e6f6b | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 533fbff0ab14351994eda4fdbfd54521f69b26aea55f1f4cbdc0a766ea665475 b06d1ce9881a3d92b7096a4a6e80488ea6ce7d04 55f3c90084c265be03b6d4a96f8e6f6b |
| M19-7qj01 | DarkComet_5c6e1f90 | Windows | This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system. | 5c6e1f90d79e621348d0460c01ee5f9f | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 3201cfb883cd1c3b8f13b639a40cd08b3a701df41d6488228b586d7909a6f9c3 c06b0094c99b5868422d4976630ae64d13a4d2bd 5c6e1f90d79e621348d0460c01ee5f9f |
| M19-urf01 | Phorpiex_4b4bb13b | Windows | This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners. | 4b4bb13b3fe355e85630394bcf2630e2 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html f22b9841d6cfca96f89543e43f6dce478dbed764c3083b7a2dce8ba42e8a2b34 0969cb588f9797335a44595ffc881adc16177cb1 4b4bb13b3fe355e85630394bcf2630e2 |
| M19-6qj01 | DarkComet_d9e0d95c | Windows | This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system. | d9e0d95cc46ad7c31c4e3962e724f156 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 384fb4c37f5649edff99a8ce89b65b66a74fffe0e27dc8ad0abc6b949391e7e6 61f28daaaa608b05c8bddb7a1a0372896b6c1072 d9e0d95cc46ad7c31c4e3962e724f156 |
| M19-3ph01 | Trickbot_518157bf | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 518157bf4252bf852f739d90fbd1f5c8 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 3614608cb133bd6ee5c664d32a70a4f6daabd51c5aa3e8305481a2c8e8e5e050 2437e7d33ca27ee1e2882276b6150e3a7cae066e 518157bf4252bf852f739d90fbd1f5c8 |
| M19-r6l01 | Zbot_cb14b3ce | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | cb14b3ce72ad7355d4399841b2f7a46d | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 02e089e46e5d3a515394aec09a6f8a37cb8be989730bc9a7c29660bfe8f2e1aa 43d0697062da989375bfe2603573173f9f64814a cb14b3ce72ad7355d4399841b2f7a46d |
| M19-03k01 | Emotet_522535ee | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 522535eeb50ed0dda2a876fc67afe47b | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 2275693f9a5b245d54030abaaa757f799c369df22b26cce4a8df84d1497b682b b3da8bcc175cd2acaf7a5f7a97ba7194fdaeef1c 522535eeb50ed0dda2a876fc67afe47b |
| M19-qgb01 | Trickbot_d0d3882c | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | d0d3882cadb3da6593d6ada34698bbbe | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html a77f072f98bba728809627c5cce0408dffd1e6277a5febf654f11c8e5a63f6c7 c652cfb0179fb8d61693643a6001908cfb097afb d0d3882cadb3da6593d6ada34698bbbe |
| M19-s8901 | Emotet_c890c0f8 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | c890c0f87c24af4ac172967b82f9ed43 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 05cb5ec98746d64d138330942f339979762f3d9e2103176927e5298aab38b44d 4bf8d84d996ba88d6685a1f2029b6b65a82d1dfd c890c0f87c24af4ac172967b82f9ed43 |
| M19-u5001 | Trickbot_05ebc848 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 05ebc848f26ae1aa433a02f419198fa9 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 33174b58598cbfad8263865a35541f8cb45fb8c6bfef793fe8cf959386a01f5d 4aa2681a1c02e1ddc0e3f926abc2737a2f1f07d8 05ebc848f26ae1aa433a02f419198fa9 |
| M19-h1601 | Phorpiex_dec0416d | Windows | This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners. | dec0416df4f22eb3f65c2c919a8f30fe | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html c6365099edb25124ad0ac0ffbe5a246d3d27a15c42e5bebb3a6a5994797611ef 88ccb465aea9b84e778c84a285e2dd58c379b784 dec0416df4f22eb3f65c2c919a8f30fe |
| M19-gtr02 | DarkComet_7165067d | Windows | This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system. | 7165067d21c676db6e7548717e5ba705 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 3ca6b7c42876362f7c1b27c86e45f5d95443a385ffa01226ab25cea998176219 d7e4cf337148e5cd4e65608bc409ef0f80cff0c6 7165067d21c676db6e7548717e5ba705 |
| M19-bxc02 | Trickbot_f85025d9 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | f85025d961b957b22ea38b11ba185bd0 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 0997acfd174ab60400f87700683b13a8e30003187a1ac95f8e03e7ef42722ed0 c6de20e1f20e2d8e3980c3e202afbcc6a519bd65 f85025d961b957b22ea38b11ba185bd0 |
| M19-gjw01 | Emotet_61c741e6 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 61c741e6f835aa90c291c21dd2e4bf7b | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 1360747298f09ad4a3231036c557fddae2e65e0544fa2bcd42847fd13793eeeb e0758adf028a63dc79871d0ab86f67a30493cf05 61c741e6f835aa90c291c21dd2e4bf7b |
| M19-48z01 | Emotet_1ac1c7a7 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 1ac1c7a701f60f669da981feda1e6bee | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 07ee440c02863990aa804fe41894616f5a660a07cea93bf9f4e21b379637cd04 e2c15725b5604100cd37f6ec40eaaab86d7286b6 1ac1c7a701f60f669da981feda1e6bee |
| M19-8x801 | Phorpiex_0492b5fb | Windows | This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners. | 0492b5fb4e91f6fe686c4d26e0e84f2e | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 43503180b734d83a724db448cd4d94b1b4a3096dabec6b9411af061337af8c35 c5218deb28965017aa02c09d954d92f00c8c275a 0492b5fb4e91f6fe686c4d26e0e84f2e |
| M19-gvu01 | Emotet_886b150c | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 886b150ca810a5aecc753c1fc7b5dc29 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 2089c98c6d15a5c669795eea5a310ec83cbf7614be2aae5bc1ed1721e406360d 6be9983f1bf170d78c5bcb5b99b0604eb3fdde17 886b150ca810a5aecc753c1fc7b5dc29 |
| M19-pqs01 | Trickbot_08eac24b | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 08eac24b6c0724438db7cc837f0feb5c | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 6f9d90e562dbc99bf48c6da0f62acca06483e4cc237f823fd420972e4cab8acb 8faac3acd92e6ffd23b1bae45fd443613706d4f8 08eac24b6c0724438db7cc837f0feb5c |
| M19-l1a01 | DarkComet_9b67368e | Windows | This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system. | 9b67368e130d19e987ebe0508830cfe6 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 198fd0be4b6734556acf2ac56b3caff28d402ef10c0875180ab02a62d320b9c1 c5634d7aca1b276413118d971f5e38f804c00370 9b67368e130d19e987ebe0508830cfe6 |
| M19-h9t01 | Emotet_e0070475 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | e00704755af09aaf23f2b531cb05a2af | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 2175ae9fcf2321d5855a81146a650a9fe69d622a3d0303076fbfe32ddc645bd1 b88fc470be9374d8b4005d8b7f9d9cb040494692 e00704755af09aaf23f2b531cb05a2af |
| M19-gco01 | Emotet_33a11bed | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 33a11bedd56b4a3d4ff68e1903e34822 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 10f54c55d5df2aba0a5f86addb10e2b6022040f9e30541e865e823456526d181 4e297190479b6bdc59431b58a4f2e841b7cec043 33a11bedd56b4a3d4ff68e1903e34822 |
| M19-1cn01 | Phorpiex_1b3d27ac | Windows | This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners. | 1b3d27ac65b78dbecc430a48eae3abf5 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html cea3556aa39780fa88283ac4b89f75bb9e0070fc870f8c2f2940d74c124999ca 0b3ccdc7c09d38f29e58834c08a0f3fc86df37b3 1b3d27ac65b78dbecc430a48eae3abf5 |
| M19-gzc02 | Phorpiex_893ee291 | Windows | This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners. | 893ee2912607aed807d4d8fdefa42ada | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 8e56d2ba3bf9e86c66e0eeafe453a8c36f692b4f22edb9e96fecaaef8e894d51 33c2f974836da66ec0c9d0879cc46ae2da12529e 893ee2912607aed807d4d8fdefa42ada |
| M19-d1401 | Phorpiex_e989822d | Windows | This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners. | e989822d6e80e6bde7ee3ea5bef2178c | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html f00fe52b605c93783f69f8ff95605484c73600a0c4ef33336b565e3adfd7bf8b f6e22a0cc395a5cf6838969963dcfd19b1483d91 e989822d6e80e6bde7ee3ea5bef2178c |
| M19-qze01 | Trickbot_42a8f6b9 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 42a8f6b92747152a5985b2cda4811d93 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 93c68821eea7086225918c163c8480f2f49f3a6b155a221af7211c795ce6b32e 9a0d040549283a873b954619ab4d5378367c411b 42a8f6b92747152a5985b2cda4811d93 |
| M19-mfk01 | Emotet_66eb7ead | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 66eb7ead010825ff0016a375c2d5cfc2 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 1d92855b93ac6e841ca7afe057ceef7c6a52eb1aa511c47c523d25c7f542785b 4155041776cb25b517b4384324bb81b9c498155a 66eb7ead010825ff0016a375c2d5cfc2 |
| M19-cab01 | Emotet_42e9442c | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 42e9442c745081fa02d553f9294f5332 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 06bee1b52d91c40d92e37313f5a41dd75ccfe06f4081c8d82cc150de85afa8fc 49b70e677b60f3d1e5d973cbb77232754b5de095 42e9442c745081fa02d553f9294f5332 |
| M19-li201 | DarkComet_50b2e01a | Windows | This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system. | 50b2e01a27f34d8a010db12165705dd1 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 7175a539ad4450790dcb7fc70b3a83c8fb85001b2fca89e5bdef6b106175c586 c790aacc16a8a91061f297ec6ba1ef06ff3b6220 50b2e01a27f34d8a010db12165705dd1 |
| M19-zq301 | Emotet_855b2368 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 855b2368ea7760f011604f7cd0132088 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 26213f98dda98e08963a7a2934a6eadb665121a23aa14493cc45f5c6b23e7099 01d6eece505290cee666c7757e8ba6b95016792d 855b2368ea7760f011604f7cd0132088 |
| M19-xa001 | Trickbot_09f87895 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 09f878953684a88db93c74a3a88fc110 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 1b4e99fdce2dd1e3fec9d2544d998991b7db608fc546f3fcd095116c74abf5a6 a28b439409e5d7b2c62a97bea0ef05f1eac0edbf 09f878953684a88db93c74a3a88fc110 |
| M19-po201 | Zbot_66b160c3 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | 66b160c309e53cafbc453b24899d7a1e | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 11f76ef08d086a6e3f87466f8a77c7bc63dd754dbd5aaf27deaf4e78abe46c4e 6b6988c11dc2011b94bf322ff1c9e5a3874e5a16 66b160c309e53cafbc453b24899d7a1e |
| M19-q2x02 | ZeroAccess_c66f34fd | Windows | This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | c66f34fd3c7ee0c616be0e683995d50d | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 907c8629bcd73adf85f6163bacf17831830f0410f7e9840a146b364fb0bb2945 a0963ff2f89b29b1319f578ed6d7b2a85ba3a8ff c66f34fd3c7ee0c616be0e683995d50d |
| M19-fil01 | Emotet_122bd634 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 122bd6348e0affd7a87984288e06bc05 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 15683fc25f400427b06f471235d0080d9b340760e1cf0e53b402cc3f92724904 697c0e238d5cd60e6d960a53e744dda72375474d 122bd6348e0affd7a87984288e06bc05 |
| M19-hrd01 | DarkComet_91c5206a | Windows | This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system. | 91c5206aa27921d6b50f3dd962518706 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html b18d500a121437df8d1170fdf315b8dbe53d0f69214963a665c484bc47a1d3cd ccddc92f58a60edb9f0c2f2b81ac144396695cec 91c5206aa27921d6b50f3dd962518706 |
| M19-99o01 | Phorpiex_6c7bea45 | Windows | This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners. | 6c7bea450225c2ee40a01b9b936d7157 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 2032430a872c8bf354dcd1d6ae0f7aca4d02f5b4f0dcfa43ce3d1f795c8c9c72 eebb2820cf04858991b3dfb4b08a04456b11d4fe 6c7bea450225c2ee40a01b9b936d7157 |
| M19-7ly01 | Remcos_cf8d2a5d | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | cf8d2a5d97ac31fa92d97f463258b56d | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 3a725a79cc91e882a52237eda542e29d44734c64fce0edd924e1fee62e69bead 62d4bf34fad6ec72c9425834835e827b5f146645 cf8d2a5d97ac31fa92d97f463258b56d |
| M19-xxh01 | Emotet_66d9ec4b | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 66d9ec4b741b685e6f552076e125efc2 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 197b6142da885afd536a49e192dd6259abdb324bd3a278850c74b54d3ad819a4 2b3223bb2c0dcedd3c5ca34e4cb47f681e74f514 66d9ec4b741b685e6f552076e125efc2 |
| M19-iin01 | ZeroAccess_015bbaa2 | Windows | This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 015bbaa2abde0dd847778cf1125589a6 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html b05d35fe02909b09b6a2c347f619430495530617f209ddba7b357db26cd154d1 fdb693a53a95540a3812898e36cb4ee7047ae149 015bbaa2abde0dd847778cf1125589a6 |
| M19-i8b01 | Emotet_f4bceb90 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | f4bceb90e7389254202b22cfd1d05aae | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 0aef359713281304cb60b92f7f9a4f046e7ae0902809830a306e683830c0621e 602acda07ac06afbbbc38f56b60465b2b9de8ef5 f4bceb90e7389254202b22cfd1d05aae |
| M19-ra501 | ZeroAccess_7e33cd06 | Windows | This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 7e33cd066481d929a3117813f51a8275 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html d038daa7418565e12cd449a5c13d9f36eef7c3cf76c7739db4f41df68649837f 9a90228c6596baca07581f389bc3a37c83a81cd7 7e33cd066481d929a3117813f51a8275 |
| M19-07o01 | Trickbot_0a5bcc69 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 0a5bcc690244bc23e2429d70a5b28d50 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 16a4034a84ee8568cb2f8eb5dadabc4602c0a8e8868f73672d50dfbf1a7f4d58 8ccba863529fb9298cbe07e9db40c591e69b8041 0a5bcc690244bc23e2429d70a5b28d50 |
| M19-chr01 | Remcos_8ef4cae9 | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | 8ef4cae96c9e53d1897b95446998efab | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html d78ec2e34df6a80321bac318055f095f49f244117f0307e3c59aa7326f834ca7 46962f3031094196f1ddc92d77b6816e6ed57c3d 8ef4cae96c9e53d1897b95446998efab |
| M19-zbb01 | DarkComet_09f30e92 | Windows | This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system. | 09f30e92fceabb75e24bc968b90ed9e6 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101be338.html 386a72805830c4e97a5970ab2c50e973394d2f0c2d89f1be33219a79ae988ab5 0204bbd81de7cfb875cee853a5e3221ebeeea231 09f30e92fceabb75e24bc968b90ed9e6 |
| M19-3u101 | Zbot_a5667e9c | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | a5667e9c1d8e440036e99e25371d5a01 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 0a586547643e008b351990181c6434a4ad1b1d91e2d8cfd2dcc654459e415652 97a8eee96f60511116a475db06df5835080bdafc a5667e9c1d8e440036e99e25371d5a01 |
| M19-2l301 | Zbot_6be0093c | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | 6be0093c0a77b928aea6f6dc41cfe7b5 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 1142bde6260aacc7770f40931f1b10a3d72e479e482536590df5c8af3fe7cdb2 7d5520ca82e035ab7738dfa133438d329487327e 6be0093c0a77b928aea6f6dc41cfe7b5 |
| M19-ih201 | Trickbot_47f73227 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 47f73227ff677ec0788803fc9b5f28e0 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 690160e08d961b5eb173e8d83489182ff1bc593fbacc1ccef29d34b2c123f852 de04aea0d89de5e559d0a6304cb772969da1fae3 47f73227ff677ec0788803fc9b5f28e0 |
| M19-y8n02 | Remcos_68b713ee | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | 68b713eeff5f58707db4a57deb4106b1 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 2a0933719e5f6762061641d337324fe2b9778e13ac4785dfce00b10e3134a7de c0d8bd679b1aac7146bee3659ff234539b78f065 68b713eeff5f58707db4a57deb4106b1 |
| M19-r4501 | Phorpiex_3aff2563 | Windows | This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners. | 3aff25631bf938d94b3e66d74b3a364c | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 7aa31bf90f13024bbcb547c126115b112b17a130fc8169712351c418f93516ca c3f54c37cc4928c4fb13b1368a836a177dcd995c 3aff25631bf938d94b3e66d74b3a364c |
| M19-jjf01 | Phorpiex_cb4e05a5 | Windows | This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners. | cb4e05a527649a89ee2f4516fc23b818 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html ca4a36212c31444ed2f0c173c0fb9a2ca43a8cfdf2ba7663b3eea52e150a02f3 a9e288307aad26e10c4bd7d77acf89e58e80bdf1 cb4e05a527649a89ee2f4516fc23b818 |
| M19-vhf01 | Remcos_4fdb3ee9 | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | 4fdb3ee91b1a85e56a2d27972fbef885 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 01f18d1d2a28f1fa3df286d745ebe04521031af989db17818db42f6118417f60 ebf9dc56e8c6582ff4808659af95f303d2142469 4fdb3ee91b1a85e56a2d27972fbef885 |
| M19-uz201 | Trickbot_d31fa425 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | d31fa4259092c12c59329c0db9696aec | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 1d004310b4da6128d37fbbc500fd2edaaac340ad0c02a6d955bb865b6bbf5a36 c910e19200ef7d4e1505373b1b5bcad2ad8bc0f3 d31fa4259092c12c59329c0db9696aec |
| M19-45w01 | Zbot_c124b5d8 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | c124b5d875ae07b11072edd6e039cf67 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 171fdd6c8d3e43050ab23eb0327fd74094ec7d813c5fb4f2f5668a6650e5088a 926bec213c12fee2638984b0fa1dfe3dfe1ec01d c124b5d875ae07b11072edd6e039cf67 |
| M19-5yj01 | DarkComet_53ebc34e | Windows | This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system. | 53ebc34e9f1af928e338ea3ad108c132 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 42b444b7738492be745183895147d005f825dfa44c4b2cb1e256f6a146e3fa63 5399134fde2666916eb29dc97820e7cd818be762 53ebc34e9f1af928e338ea3ad108c132 |
| M19-nn401 | Trickbot_ee7a37c7 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | ee7a37c7032fb73a66bf1796fa86c448 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 3be01a7decf86e147148172f9fd49a1dddb0fc61fa19f1f513200bef005d5621 6b9e6ac6e50484cbb80c35679473509673ab712e ee7a37c7032fb73a66bf1796fa86c448 |
| M19-z4e01 | Emotet_b163c1f1 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | b163c1f1601b930de46ca66dc966891a | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 25da27f6d266e9986c93a48d93be82632fdfc607416d42e183c27b404591a808 1e8d40c10ebe7620682de9255485044ec11cc710 b163c1f1601b930de46ca66dc966891a |
| M19-0cb01 | Emotet_2d5e8adb | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 2d5e8adb0784b0b80c905ba26dde57f4 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 068c95ddf6682151bfac5a348f3cdc83dd28dbb3636945893c40919e5c2529f6 45ea401f1a0db7374fd5cc300379765bf8bc251d 2d5e8adb0784b0b80c905ba26dde57f4 |
| M19-q3c01 | Phorpiex_8ed3d42d | Windows | This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners. | 8ed3d42d6cdcaaeead757faebb93f28e | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 86d2c77b7dc01092d3591f95f99a7ba79c06e06e83759b7965d18032102a823a 7d7df5a736272bedb2b877f8bd0eb5d491a589fd 8ed3d42d6cdcaaeead757faebb93f28e |
| M19-ra701 | DarkComet_a7dd1c3b | Windows | This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system. | a7dd1c3b146925c44c3ce39b86c77f31 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html dcfc58bbe29cd4d7634c21ac390cca9c3f12becaf8584ac3d3a90da2cd329585 0e7bf955f706586b416c5f39f7a51bdd7dd3b063 a7dd1c3b146925c44c3ce39b86c77f31 |
| M19-13e01 | DarkComet_cb4c892b | Windows | This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system. | cb4c892b9d1d4bb7f7539773bd3aca55 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 7d82900300161ba47eb3ec68e9ebea0f55986a33affff5bbe43e0dd5fee2d907 95ea152ba6b714d9cd738e9373be091d7ef6c082 cb4c892b9d1d4bb7f7539773bd3aca55 |
| M19-cas01 | Zbot_5601577e | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | 5601577e5e1c6f29ff989d1ea180d74c | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 143471cc5a4f7299a4009841fb1b92ec52bec2f78b426281d0bacc02946855b7 6319d1ef812730d188b5f20e898ce14c5d6dee62 5601577e5e1c6f29ff989d1ea180d74c |
| M19-dh301 | ZeroAccess_4fe47838 | Windows | This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 4fe478387b1964651ef6680fab04e58a | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html ec683faba46071aa2c11667714ee9d1abbbc1b4a6d6d024b77fc97e497eb5673 ed1d1d1231298ecf2267857b69c9d8e5b9cb8e64 4fe478387b1964651ef6680fab04e58a |
| M19-mji01 | Trickbot_5ba42e0f | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 5ba42e0f72a667083ba4291a4bd94332 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 22a575f49efea2455bba405158a36e037ffb74a54d19a3594b9b91496235b94a 3477bf45618b99bd5156d158138d745b00bf9e91 5ba42e0f72a667083ba4291a4bd94332 |
| M19-7lo01 | ZeroAccess_1dd3fd4e | Windows | This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 1dd3fd4e257b88f379348ce2521f68b7 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 4f59080cc3450aab4dbfae69f1223e79069e3c315bac2df45ea845a68439bcde cc8ef15e9e5aaeace8069999e71f8bbb48823c78 1dd3fd4e257b88f379348ce2521f68b7 |
| M19-fh401 | Emotet_e3cc0ef5 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | e3cc0ef51820bee8392d84bc608ceeab | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 05813a34ed66ce894edfe1283dcbb4aac108a27a9d100cd1beda364c3a9a14d8 9ee50c2e179005607e605729c0c955d0c8978137 e3cc0ef51820bee8392d84bc608ceeab |
| M19-94401 | Emotet_85c071f6 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 85c071f64570c451763277e1a6340210 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 09b5cd03af0aeff661f64799a67a1e4b68fe95ed8c19f33b9f79c6ba891e1961 fb4cb6af74b05631c8bd13fbecb922222127174f 85c071f64570c451763277e1a6340210 |
| M19-h9b01 | Zbot_d51d83e9 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing. | d51d83e99a5d0cbee6c4f2a627544430 | https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 1ed93147bbaf222006509898c620b1cb65866d1f57d12c7f69a0db49cb459730 0e5899984c3dfac38936425532859516ab5188b7 d51d83e99a5d0cbee6c4f2a627544430 |
| Strike ID | Malware | Platform | Info | MD5 | External References |
|---|---|---|---|---|---|
| M19-9s401 | Lokibot_90246fc8 | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 90246fc89badc99554dd344ed4a06acb | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 11ce93263d26a1d77158f01d3964e36753a90e26487560b52e26658dd935d2f8 7fc9e218c21194e74baf037c2960619f96b4006a 90246fc89badc99554dd344ed4a06acb |
| M19-edq01 | Remcos_17a0b55a | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | 17a0b55af09a4691123f967542ff7a87 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 81685e6e788710a878b16cb2febbc7cff3f8bf5905811fc392e840da73f79b50 c2595f24fe411afc47679f0fe05df3a5649a5dbe 17a0b55af09a4691123f967542ff7a87 |
| M19-1oc01 | Lokibot_e64e79df | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | e64e79dffd8d5cda597f95d83fd2c6a3 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 842f8e3e24829467b0c4becd601cf310569cfc40320fef7242dd05d292c02bea 0871aac099fd7478ff8db00017ccbf6c8f57aeed e64e79dffd8d5cda597f95d83fd2c6a3 |
| M19-o7x01 | Gozi_6b54f7ac | Windows | This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites. | 6b54f7ace819cbcd19517ae69ea31b99 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 3509cf8e68799db2677703e49caea882b6d2c5971379ac0e8619aeb30876a2a8 016a2a939172cda8cd6f17f91a9d440aab4a893a 6b54f7ace819cbcd19517ae69ea31b99 |
| M19-zsi01 | Gozi_d68674f1 | Windows | This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites. | d68674f1133db719103fb8e2e69683fd | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 49cf6e4d3589018819869dc3cd1733a1b3c42326b52cc0e48edafe113593019c 7d1d706da7b8688c1ce08c580362581f0ab16fd3 d68674f1133db719103fb8e2e69683fd |
| M19-jcw01 | Esfury_7fd9b6ba | Windows | This strike sends a malware sample known as Esfury. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files. | 7fd9b6bab65b18e93f21fae39348ffe0 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 17ce758c92d7c785b153845c53809f7b04a77d6f0352dff7944057cb6ace4c8f 1919f4460af9512a5516b61dd5fd282fd02ae08f 7fd9b6bab65b18e93f21fae39348ffe0 |
| M19-8ai01 | Lokibot_5df92635 | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 5df9263526c68726684bf176f6a29c8e | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 6c5b6bd100bdbb0680c9bcefc4fddeec307400fcbef04bc8adaf466b99a3bd69 aa41187515b85c036d5444e3d8158cd72b49721f 5df9263526c68726684bf176f6a29c8e |
| M19-gao01 | Zusy_562adfe0 | Windows | This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information. | 562adfe09dadb4470baef2eb66f1c8d4 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 0f91c67b52b53430a9bd2e1a9df5b151056cfee5f026c1da0b5e2342cf9c936e 2cbcba6c0c6e3d4a1131f8148405964a2464d71b 562adfe09dadb4470baef2eb66f1c8d4 |
| M19-qrj01 | Gozi_83a02216 | Windows | This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites. | 83a022160f5495b3e11f2a0d7de3f1f0 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 3bf729f719580998bd65e13d02129e96efdd74448f84c504829f418ed87607e3 8a56e4884588d8112bb2c30ef7f2b8f2253c8224 83a022160f5495b3e11f2a0d7de3f1f0 |
| M19-use01 | Remcos_7169edf0 | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | 7169edf0863f94b372bd27504b2c012b | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 8e4638e4d6cc97ebc401533a5bd4cd22ccaca17a584f24610040aff5e8ffa64e 85cf426ae458dfc87ee88fb5abcb3520de9d96f6 7169edf0863f94b372bd27504b2c012b |
| M19-ino01 | Emotet_ae237800 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | ae237800c7da2b9afafb91666baa8293 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 289c04314df3679f04bf1817fbf1589fb19dbd481f8c20daac8861068a7c5a32 f356dfad72540336a54bbc81350107f0eb583a7e ae237800c7da2b9afafb91666baa8293 |
| M19-nuw01 | Gootkit_47919d2a | Windows | This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts. | 47919d2a8632c13c9231f7f440cdf7fd | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 7eb13e84eac78a616ef498adb7fad002e912fbdd699891a8b0da63f224a7c277 1967ed8ae099aded1f6b65d1bc3c7cfaf549051c 47919d2a8632c13c9231f7f440cdf7fd |
| M19-xad01 | Gozi_9d77a58c | Windows | This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites. | 9d77a58cb6aab4af5fd2ac3870ef850a | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 2be8b60b9bf8fc8f81e8c1ec54af862351e6428922f285d4c816d64aab86189a 0b7738a262ecf19d6a3c883abf77e59d3ce5ece6 9d77a58cb6aab4af5fd2ac3870ef850a |
| M19-os001 | Gootkit_ed79ef40 | Windows | This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts. | ed79ef4011b6caef234a2843c74509f4 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 0e6f4226f190a84de26df937557d624fb130e4a0b0e692a494a937d144506433 ed3ac226e8d6d2419f30083ce5a119e9050d17f4 ed79ef4011b6caef234a2843c74509f4 |
| M19-utp01 | Gootkit_cc0af32f | Windows | This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts. | cc0af32f0b4e27e11846f616f894fba3 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 3e8167eb0553a7be23864cd48db852623c95b884682df95c13c196bec9122bc7 bfaa35b21035d3cd94d68552b64293765b053650 cc0af32f0b4e27e11846f616f894fba3 |
| M19-p4f01 | Remcos_e42aa04a | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | e42aa04a17cfbf6cbddff1dc283fc064 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html c5ff8271d4820962d7ad72526ae7aca7b7df84e2cab249dcff099f4bfa740bc1 5c5bdc418331f6059138707ff32cd8dbc8678b6f e42aa04a17cfbf6cbddff1dc283fc064 |
| M19-f6502 | Emotet_f71c7393 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | f71c73934912ee3a6bb5dd5baa76e070 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html d8614f65c65df8ca408d493fa9ef65894a84d9a49ddcb08be7b0798b670d367d 6a76380d4b3b2d7937cafbce002e149984dae724 f71c73934912ee3a6bb5dd5baa76e070 |
| M19-2a601 | Zusy_4650e86f | Windows | This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information. | 4650e86fcb19f28162bcd7b489ca454c | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 2a94932f389d8c44cea94a8ac8099869312cd3337d81a423e58bcf041819f803 9a608c49300dcd3f041079c8f36b028752c574f8 4650e86fcb19f28162bcd7b489ca454c |
| M19-63401 | Gozi_960a696d | Windows | This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites. | 960a696d0303987103184c57124e8940 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 3e41a7ae208fa0e8cf28a8610533dd2ef965062f38577af2c35dd8f8950669bf c235519ab7d3c6a328c91c0efdb17a42540c6ecf 960a696d0303987103184c57124e8940 |
| M19-ufe01 | Remcos_b4f7ef50 | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | b4f7ef50fed5ea32179a4c658ddbae5e | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 47a9af0fcc8f26b71865398d4cf372b2d8005f5b93cf75233f44439da9378beb 5122b876f59b08346c79e91d7a6259caf324c339 b4f7ef50fed5ea32179a4c658ddbae5e |
| M19-3dy02 | Esfury_f7d3d6da | Windows | This strike sends a malware sample known as Esfury. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files. | f7d3d6da202522e195a574273d576831 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html b7e13fae589f5403964e0169c1269c91ddd6a7e06f06404207ca4f61922fa30b 2b7d164550b81ffa5605090beae4923c6f881ae3 f7d3d6da202522e195a574273d576831 |
| M19-c2i01 | Emotet_bada3bf0 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | bada3bf01142a56b6d2c33764c2405d1 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html e6630adfc5882be333236fd4da6b8fb8c86866b4768b7914fa9102a3de3bc3b0 e8a2d57eb827e4e9a22946cbe35cbfeb15ae191f bada3bf01142a56b6d2c33764c2405d1 |
| M19-2cj01 | Remcos_e998de7e | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | e998de7ee7147dc50b3bd36106be6620 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 4cf3770d9c9b2ea152ccf677f4f03e46fd6ee497362fa1a9fbd4d6994ec48244 844e106d2a044b8dc1c6d87d6d65affcc7e083d8 e998de7ee7147dc50b3bd36106be6620 |
| M19-tgq01 | Gootkit_c8adf4dd | Windows | This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts. | c8adf4dd124818e93145335a6c6b1fe9 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 02b5fd5e99d5df445989bdf6fc390c6a91868627931a215ffe4b7c0c6575d3d2 312f173eae96a4e3d7b5ae782437106c5fc7be95 c8adf4dd124818e93145335a6c6b1fe9 |
| M19-6az01 | Esfury_7fde9c7e | Windows | This strike sends a malware sample known as Esfury. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files. | 7fde9c7ea62c9ede950deafe1bffb3cf | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html d70d846815613e61511492bafcc00470c9af8579b1491fa9996a1f5267e47ce2 1ff071696ee03982af462ad66b95168dc7bfacc0 7fde9c7ea62c9ede950deafe1bffb3cf |
| M19-bp701 | Remcos_be87c925 | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | be87c9259c24c36493754525ac3c1004 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html b6c098d02c8eceaf072fdf7b91c832a0c86e529a7c276fbc28ed2c242053a35a 734f6a4e4b12745d01230dd12985cf28ef722f8f be87c9259c24c36493754525ac3c1004 |
| M19-hy701 | Neshta_745966eb | Windows | This strike sends a malware sample known as Neshta. Neshta is file-infecting malware that also collects sensitive information from an infected machine and sends it to a C2 server. | 745966eb2f638737cc6957e208a84155 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 2df99a6334f489425dbe0e0cb2b84e2fc708ead88e4bfcf8773bd614f16ab97b a9bf8205345a651e6e3ce5b10928a42550675b0e 745966eb2f638737cc6957e208a84155 |
| M19-uun01 | Zusy_b2a89082 | Windows | This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information. | b2a890827cd4bb75ab9f310971c7e8ba | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 1746421b4db63c1a41a395541947fb44e9f889fd0ea62b9de6759b42c3f5e096 0888bc0d6ff8813fc0f304680b5455c47f73e9f3 b2a890827cd4bb75ab9f310971c7e8ba |
| M19-phg01 | Neshta_c2dbb6f3 | Windows | This strike sends a malware sample known as Neshta. Neshta is file-infecting malware that also collects sensitive information from an infected machine and sends it to a C2 server. | c2dbb6f3e53e1375ddfe368246bb6b84 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 010a8e1d056b6a79142ec8abc46ae9bcd54c914f62d453370e4b74e75076b1e0 77a9be0d5992679b3ff5818b33962d6e872c62a1 c2dbb6f3e53e1375ddfe368246bb6b84 |
| M19-fu801 | Gootkit_badc4c52 | Windows | This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts. | badc4c52beefd2ffbea65a0296d57074 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 9da94873a87609b0c6471981b57fc4e6a8abe1b649e571a0eaffbaa80f4b4961 1a26a1cf07e02a2072bb69c570a00eba9ca8e471 badc4c52beefd2ffbea65a0296d57074 |
| M19-8ys01 | Gozi_9d0b35ba | Windows | This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites. | 9d0b35ba01c4a7949732967ee62a1b8c | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 1fbeca47536689cd3ab5b692171a6bd8c93cd21a2d327d107631ce98e85429bd de557521aaabd602448682970b66c5f5ed64bfc5 9d0b35ba01c4a7949732967ee62a1b8c |
| M19-f8901 | Neshta_11f78264 | Windows | This strike sends a malware sample known as Neshta. Neshta is file-infecting malware that also collects sensitive information from an infected machine and sends it to a C2 server. | 11f78264e19995b54d2dbb226193d335 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 376fa4f35782601e163d4d8f8aca8589ab4b44d44b89bf13c50c639809976b87 8150a1c276af08c473238b45646df639c2d500df 11f78264e19995b54d2dbb226193d335 |
| M19-hai02 | Neshta_581c17ba | Windows | This strike sends a malware sample known as Neshta. Neshta is file-infecting malware that also collects sensitive information from an infected machine and sends it to a C2 server. | 581c17bacbde7dfe2d0de8d04b2e4ad0 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 496fb4b66415e7269cc6f20be797434401d94876757f6a5e0e1e0732fb27dc41 703c85501b91c6a624f2ec3354ea7407f7e85a52 581c17bacbde7dfe2d0de8d04b2e4ad0 |
| M19-m6p01 | Gozi_4583a176 | Windows | This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites. | 4583a176d26561508f39bd2addf88042 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 064409558cbc89bbff58cbd3baaad0227a15109d4771635deb4b4f5a7f226ff3 88764fe7f6bb5c2b41c6fcc64c71a90dac551e34 4583a176d26561508f39bd2addf88042 |
| M19-sl401 | Zusy_eddfb766 | Windows | This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information. | eddfb766c8752d5b7b447e70c0267794 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 225ebaaeafb848823607654663516210377b0901e5e354c8603b9c8c2d85a650 f9c53d5a56720f204e8df5b2b9ab6170764d7ccc eddfb766c8752d5b7b447e70c0267794 |
| M19-dcq01 | Emotet_1e31dd95 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 1e31dd955b2e7b5943d4b090d250ebcc | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 0fe2c7cfab6e55d92fcfe60d66e236bef5d44450c6ae7b759bf694f6097d935d 877eea5b1e3314c05877ce054e39ac6c6a8fc0bf 1e31dd955b2e7b5943d4b090d250ebcc |
| M19-zsk01 | Zusy_dcf95eb7 | Windows | This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information. | dcf95eb79a291aa0e8a9b5e0f4f90637 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 0f00ea06e5b2bc5801a0d4370facc65c0a51e00d810d9f6b16723629a1b7536b 76f584ef2c6028bada52981c8b4e4f1c91a19659 dcf95eb79a291aa0e8a9b5e0f4f90637 |
| M19-mkx01 | Gootkit_d6d5e9b5 | Windows | This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts. | d6d5e9b51b845b1d92fbc04c9da27102 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 26f188069d3f42e5a0e5f217e807703347d46c84953ccd4d39e897dd0d4ac45e db3fd1d40616be9fec2b2db89d24267d71e93640 d6d5e9b51b845b1d92fbc04c9da27102 |
| M19-8sz01 | Gozi_1c8ae136 | Windows | This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites. | 1c8ae1367e04b7dfa4804128a2bf952f | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 0c527506d50c4f105f4e85180c3f2e2db58d969303883e7fdda26673d7a9e460 b2c616fe299b8663520c0e48d07d4e9b1d0f4f09 1c8ae1367e04b7dfa4804128a2bf952f |
| M19-w3x01 | Esfury_bfed8239 | Windows | This strike sends a malware sample known as Esfury. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files. | bfed82391552b1b003ec4ba6c0651950 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html b4c81dcc370ebb3bb2361000a64e87d15939c1dc10beb740b577de29cd8dde93 5e9a2a0177abd13e996cddb815d932cae3eca6a0 bfed82391552b1b003ec4ba6c0651950 |
| M19-3z601 | Zusy_161a3d06 | Windows | This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information. | 161a3d067bb764a20cb69eedeebbb7cf | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 0a8cc8f4dc0dc5c04431546304d67187403caa684d60ff0787084fdde5d40abe e462bdf4144e8ebb0bec5259b5be3737b73ce63e 161a3d067bb764a20cb69eedeebbb7cf |
| M19-o4101 | Lokibot_7f6a2bc0 | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 7f6a2bc03b05fdb114f74d028d639d1a | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html f93b944b29282aa07065b9f34298db2b351cdbbe60c340984d6bb4bb822d9763 8313eb06583a2e6a3becb80130939f14f3e0ed9b 7f6a2bc03b05fdb114f74d028d639d1a |
| M19-rrm01 | Zusy_625e50bb | Windows | This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information. | 625e50bb55976b12d877044eec4b26fc | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 107dff905969dbbe792ab5d170f2d47538afe49fa6c07f20b26f4de1edd88688 ae6ae1ca9f4915bb2a043bd5cc713dc0cf465357 625e50bb55976b12d877044eec4b26fc |
| M19-8n301 | Zusy_94255406 | Windows | This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information. | 942554068ddd566ba18cff4cd2dc7dc7 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 217b3f26c0b5033615a26161c5f34b42ac6dc3c12385b9efcc5a6baab1ca0369 8cdf5dc9ba4dc8b48560e430e056cbe3cf1b0e3c 942554068ddd566ba18cff4cd2dc7dc7 |
| M19-2la01 | Remcos_cad837cf | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | cad837cf29b9fd872e5e1df17070b685 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 65573233fca2347e6aa28de9caec5f49d3ff0f5b844aa1d672d822970228d8f0 9f0c53943c91d3f5ceaa63663b4510d1661f0de5 cad837cf29b9fd872e5e1df17070b685 |
| M19-pa501 | Lokibot_afbfd515 | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | afbfd51545b437dd610f364941ae8ff2 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 9986a87b66047bca053c918b33d18c4779c25afa0badfdec5e15742c98cb214e bc37525b475b3b367c4482f74aa11189393eb6da afbfd51545b437dd610f364941ae8ff2 |
| M19-xee01 | Zusy_f4487f20 | Windows | This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information. | f4487f20b79308be96a604d52ccfffda | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 2b8c4770f8239882117c9e990e9a96aeb134d23be3f3cd147800594d4aad9992 4e17b44e3f2e5d308dab9499f423e460493a1aaf f4487f20b79308be96a604d52ccfffda |
| M19-nj801 | Esfury_29dff987 | Windows | This strike sends a malware sample known as Esfury. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files. | 29dff987814881d6c8c257c6e4163c11 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html d3867c8d29d5f430de171e9269a1766ed9b0a565dd38bb01438f50fd7902c6ea 6814b305c8a0bcf60b3ba973fcded7ed46d20460 29dff987814881d6c8c257c6e4163c11 |
| M19-ylf01 | Neshta_d760af75 | Windows | This strike sends a malware sample known as Neshta. Neshta is file-infecting malware that also collects sensitive information from an infected machine and sends it to a C2 server. | d760af75c8132545cb70f0f6121a9c16 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 34d03297d8dfaaad8b61b26b2b45287da4a3b252a47bc9fd64bcd4cb1478f2c7 567eca09e2f6465deff932819790c0f9d56dc859 d760af75c8132545cb70f0f6121a9c16 |
| M19-4fu01 | Emotet_58ccf3ad | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 58ccf3ad599b328c7dd0eaa2da596fcf | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html cdbe742cd698ed504e7636811a13b8328c0a9905f4158fb25cde01dca66230fc 0a41a232f2787b6799e5bd59b7669a1a81ac62da 58ccf3ad599b328c7dd0eaa2da596fcf |
| M19-8zc01 | Lokibot_03e49ef3 | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 03e49ef3b672a484759a853dbe36179d | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 7a8ace6f25d06c3b91e5aeb33304576fda2ec9664caee9f1489bfd39392d927b db050f4f5cb30e046c99d3fba616aba87fb1cf74 03e49ef3b672a484759a853dbe36179d |
| M19-br001 | Gootkit_3672c250 | Windows | This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts. | 3672c25099dcdd8df6496e2256b4b22e | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html c96b2b221a2071b92cc21f75edfb0fea967271b8d15bedfece0ab686ad6431a7 fdf7b733126890a31f21d9f4cec9b6e34c9d45ed 3672c25099dcdd8df6496e2256b4b22e |
| M19-e8901 | Emotet_c2bbf0b2 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | c2bbf0b2726dd5f0100d991dbf017e3c | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html ee35b43c9bf1a9c24ab983a470e1cf5eb9508c741df45f5829c8d918a771b584 b79eeab681eb8dfc0effe4e1fd2d9b265127a3a6 c2bbf0b2726dd5f0100d991dbf017e3c |
| M19-hcs01 | Zusy_37708726 | Windows | This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information. | 37708726e979a63395420b2f084d132a | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 43039465047c23211ef9831701d46fcb73effcf40ca7485c95a6d9c786ca6c5f cead867cc8e71977e0d01bf9576c756bdf540afb 37708726e979a63395420b2f084d132a |
| M19-tc101 | Gozi_cb973903 | Windows | This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites. | cb9739035fe19272b6165534115618ff | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 33a74f4ec4ae12674a0079c6af7c22c059ca950690a82e1fd11e4bb1f3f21305 f6736bfbc2d1787789a44bdc0d74b38b3eb35c46 cb9739035fe19272b6165534115618ff |
| M19-qiz01 | Remcos_a776161e | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | a776161e844f74903bfb06e2ffe9091d | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html b29bd09e5a11bb8b46ca1363f3455d66057c8bd24f3ea6a643851d288ee0239c 8c5aa08d1584f2a4b32933623f48f981bc140518 a776161e844f74903bfb06e2ffe9091d |
| M19-6pm01 | Lokibot_d54271f2 | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | d54271f2d1ef8ed6f3e43a95ecfe1849 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html f3c3be739e71786ca3a56d7570a109593ebedeec931be2eaca8b241a6d008dae fa4e4ec8b9a7fd83d1b347f25a57970f3a40dd3d d54271f2d1ef8ed6f3e43a95ecfe1849 |
| M19-6u901 | Zusy_1148beae | Windows | This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information. | 1148beaee73771729a4b67173e4c7dd1 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 066b0fc2b1d64ddd9ff30b8046686a6cc8f43656e54f8301ddd7d3a1baf9170c 7e712f08aded04c6230351067365eae786c64ba4 1148beaee73771729a4b67173e4c7dd1 |
| M19-srb01 | Remcos_1a10537d | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | 1a10537da84801b53ecb33aae713e330 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 0164052cd74b2d406c5503faf58f1794d6ba14092b7a9fa9509bc8a85eae01cd d710c0cd253cb76a2d30dc95ff227a447608f0eb 1a10537da84801b53ecb33aae713e330 |
| M19-6dn01 | Emotet_68fd865b | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 68fd865b3569e41999da09b1965c737e | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 68cb95f7e0d2a77e5a4832fb75243520a5ccc109849bbc933062379df4e7d164 c8a72c177bb6ebbc60eaf54ef266313aece016ef 68fd865b3569e41999da09b1965c737e |
| M19-f8s01 | Emotet_537b7401 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 537b74013a37bb5746f8f0cd9d54e7a0 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 066d31cc0e6f45e89297334aad69cca12d60e9b4fe6aad341d08bcf6bce37c45 dd9b2d199ae252bbd7bfbad64877caad1b76049b 537b74013a37bb5746f8f0cd9d54e7a0 |
| M19-nso01 | Remcos_64a43a53 | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | 64a43a53fc9244899541e8972651a3bd | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 9f01d27ac72c5194859d657ee8b024786469661cc65b29cf795b66d10fb35770 a4016da21299ea55810ffb1ad41eeaa1fb7d29df 64a43a53fc9244899541e8972651a3bd |
| M19-wao01 | Gootkit_6d249fb9 | Windows | This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts. | 6d249fb933f093398da159ca07711f20 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 877b0ef2e019d8f102373c6a09975c84053eb5705b8e8d4508e0b4b9418b458f adf0969d11ec62238c86c4a7de93c7cf992be7f1 6d249fb933f093398da159ca07711f20 |
| M19-nv201 | Zusy_45f5782b | Windows | This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information. | 45f5782b53eec3af9b32108900b11a3f | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 035bcabbe75aa88cbb8dc016119ad2c1901ea759fb90b69eee45b3809e98f381 ce58ef0775bb87cea1c3da842acaba43a6e5b404 45f5782b53eec3af9b32108900b11a3f |
| M19-qxn01 | Remcos_e85d3fc4 | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | e85d3fc48c1dabfe33eade86b5867585 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 5a5b57e664e35d5528b3c9c32b7123861125e5b6789a7699e076821e0eaece10 6a7e1422726321f4b025ba4cc451ceae454d8e5e e85d3fc48c1dabfe33eade86b5867585 |
| M19-v2c01 | Gozi_9c447d99 | Windows | This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites. | 9c447d998a9ea74d6ccde88f741d5d15 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 42ce932aae9b15b7deaf92694fb5a4db12f0bf9936da2f1d06c7a20714af3ca0 f7cf0ec8c343669ceef07d060e3b51393f521780 9c447d998a9ea74d6ccde88f741d5d15 |
| M19-wl201 | Zusy_a34125c0 | Windows | This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information. | a34125c0dc12f09c093aebf654a47bcb | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 125e0437a1098570183dca847d7533461318214e4a5a746c5ed7933a1cc8d17d 5b285decaa611386ca67b76e692f7c64ec0cfd9f a34125c0dc12f09c093aebf654a47bcb |
| M19-mpp01 | Emotet_59998a2a | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 59998a2a1c236bbb5bdffe04393b53f8 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 63cb6cd04a691f5af02e6a045cdf357e93ee8be5002100b90088b5dd65b24b70 13e549989289b68a5bcd8fad6ab31dafe1836f7a 59998a2a1c236bbb5bdffe04393b53f8 |
| M19-38401 | Neshta_23de99e7 | Windows | This strike sends a malware sample known as Neshta. Neshta is file-infecting malware that also collects sensitive information from an infected machine and sends it to a C2 server. | 23de99e7ae884341285ea519371aaaef | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 411d9aad484f849527e3c0ea7c3f08cf5ceae2d62766c5de08fdd16e33154516 2c9aacf2a73a583e903caa26e7510576a82ca211 23de99e7ae884341285ea519371aaaef |
| M19-puc01 | Zusy_e6132ed6 | Windows | This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information. | e6132ed62a67882ad33fa56d3347abd5 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 2143c563658e9288b205d78775d73ab849ef5de550a398d6976e44c93988da98 8931f6dfd369adaf4239809e1b8fd72cb7ebf572 e6132ed62a67882ad33fa56d3347abd5 |
| M19-h0b01 | Emotet_54b03bd7 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 54b03bd71a79b2969801abc7ffc77bb8 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 5e121e16757f3a3bafbc9b3e696de9473b4f1af5a314194cdfca68ab40332e9c 8bbeb4d98972554c0ad12eab9782cf7ee9b2bf94 54b03bd71a79b2969801abc7ffc77bb8 |
| M19-zu801 | Zusy_d5745436 | Windows | This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information. | d5745436b3326c46e71650f0c2a9884f | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 4eb88671b506f84d1f3bd63c7e857e1082820f2d90aba7091a93bf70d9f6d290 ff2199ae9b9a178c01d7811711a08b24babcf484 d5745436b3326c46e71650f0c2a9884f |
| M19-dip01 | Emotet_daf5bee9 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | daf5bee9b2aa05bdeaacdf2217d92057 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html b77f540a0cf278192870bab7fa677c0e858269ce1321814573934a6d095d89e4 1157eeba8a116349f3dfa05d63b059223db26bcc daf5bee9b2aa05bdeaacdf2217d92057 |
| M19-nvx01 | Esfury_42ee5d16 | Windows | This strike sends a malware sample known as Esfury. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files. | 42ee5d16a43191d97eec9d0f0930a030 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 0f32b4ed36c393942ae9177eb4b2acd977bb2283de1b3278256a24049c2e7b8f 7ccff07790486ca28c7f1be0b87304715443f068 42ee5d16a43191d97eec9d0f0930a030 |
| M19-6bi01 | Lokibot_a1dec5b7 | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | a1dec5b74f5547843eb25339045c83c2 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html a84d17a5eb16dfc8202648bb9580a3381d71b567069efb68339607c2c3594e23 760535015eb5f19d77ede90b1fba82dcaace4d77 a1dec5b74f5547843eb25339045c83c2 |
| M19-q9i01 | Esfury_af5e6b09 | Windows | This strike sends a malware sample known as Esfury. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files. | af5e6b098bb8d7e0875a66b87b80e9a5 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html ba4accd438dedd49930217bcd04cda2230e3a9d32d1f457ab98c50dec9dffa9e 660bec633ae37b37e81bb5aaababbed6c5857ccf af5e6b098bb8d7e0875a66b87b80e9a5 |
| M19-fyl01 | Emotet_6bfd134e | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 6bfd134ef15bb058183737ba521b1c4a | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 640086c532c00aade40f11146f735fd3e969fe1565e5890800fe4b7551100523 3d81e043fd4527741a709b2c49cc7908df30663b 6bfd134ef15bb058183737ba521b1c4a |
| M19-pf001 | Remcos_a057944b | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | a057944ba8294e434387334ece16a0a3 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 24175b88c78d6089ee1dac7875b71c6194c5292d826911050bde8ebc55b4491f 656a062be5fe6b545085e10649f90245e53a4a9f a057944ba8294e434387334ece16a0a3 |
| M19-b2901 | Neshta_a4da9ec6 | Windows | This strike sends a malware sample known as Neshta. Neshta is file-infecting malware that also collects sensitive information from an infected machine and sends it to a C2 server. | a4da9ec668e9e91163c9b6295e3354c5 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 1077dd3eae47e67505ddbfca24db29cc86a8272f4cd292dc134f8b3abfac2350 4f417ef2f7762aec91b22709b8bf953de5d2be99 a4da9ec668e9e91163c9b6295e3354c5 |
| M19-0j001 | Emotet_42b188b8 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 42b188b8832ec9e0192a533252d73b4b | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 3251a00155619dd1ba363b7fe477dab326fe791d2135129d3133c0cb716dd58b 2d98c87552925017c7ad1bda77ab265835a807d4 42b188b8832ec9e0192a533252d73b4b |
| M19-fr601 | Gozi_f3346d18 | Windows | This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites. | f3346d18e031eb7d527b92b3ba46a855 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 384373f044464197697af0c96e2028a6d76875524d6bf6650ff68a5e5e92eabf 52ddb5aabe3628ae837eeaae26fa2b7374ea05e5 f3346d18e031eb7d527b92b3ba46a855 |
| M19-yio01 | Gootkit_a5b498b5 | Windows | This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts. | a5b498b5ec3a12f3354146bc91894cc2 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 0ed33f996aa50dc73876f30aec07446dcaa0384c2c8268478a7857724c118759 168de95d6d2da4a3ee82e47b856ee490a4793eac a5b498b5ec3a12f3354146bc91894cc2 |
| M19-k9w01 | Gozi_5d98320b | Windows | This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites. | 5d98320b70f7eab7a8f15eb33e565a3c | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 135653620d85d3016638d83a2f863eb480bc5e5f113f45e357037aedc7dd045a e6087236528220d73d2c76f4615c9fccc081595d 5d98320b70f7eab7a8f15eb33e565a3c |
| M19-l0101 | Gozi_b891403c | Windows | This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites. | b891403cef1e0e2f5e00bc244b8f151f | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 1bd260a766aef952a2bb52dc926af5042f7d0361a5d869a167465400ab4af823 17f87512d927f7d0df1dce6735faeae7c5a25f30 b891403cef1e0e2f5e00bc244b8f151f |
| M19-uhk01 | Remcos_adf07725 | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | adf077258c5af6c83027615f3089c370 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 7e559c9077c5b416db0fcd99cfee7e9fa80212ed53b0bef7c37c00373c7e2cc2 d6cbe2d001c8cb566ea5df388ecc2fd4d6c03130 adf077258c5af6c83027615f3089c370 |
| M19-18m01 | Remcos_038dfb5a | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | 038dfb5a9f56802c36c725665c6337b8 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 6eebb872f1c301f54c77849a128e5500a7e3cfaafee2513004fabaf880bb75f9 6e48e89cf78aa822aeb84ad250d7d630f179b7ac 038dfb5a9f56802c36c725665c6337b8 |
| M19-4ex01 | Remcos_82fd835e | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | 82fd835e870ffbcb965dc00b6e344601 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html c9e5d6fbd34df45539a162af73ce141406c182cb072e92a7a815762ff90dcd4f 55ff45ffc37e1c69ad231cd4e8357aed6784b71d 82fd835e870ffbcb965dc00b6e344601 |
| M19-8z001 | Emotet_b779bd66 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | b779bd669d3082bf59143e3be55130af | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 2bc8c8cf127365a2a94bf47dc26ae14d11e62c38fd0df564bfc7867e025d94c1 8de6214bb433cc4325397a006d3cd74fdee134d0 b779bd669d3082bf59143e3be55130af |
| M19-6pv01 | Emotet_30db3103 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 30db31030c798490e1bd8e000b730a48 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 1e4cdfb7252c74369fc5007e70c6746994f9e7a2e9f2f11b3012718b415d77a1 32a427a062da90dc5260580f8fbc57e7e8221b61 30db31030c798490e1bd8e000b730a48 |
| M19-5vp01 | Gozi_2d867163 | Windows | This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites. | 2d8671638e7480ea636cfe681187f7b6 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 3ce58e9e556c87216307495378b2b1d0eb61517771b9bb10426a2ab7d14aeefe 990b5e79c1ff91e2f06c50d6a9b02774663b56ff 2d8671638e7480ea636cfe681187f7b6 |
| M19-ztd01 | Esfury_0b7cf2a6 | Windows | This strike sends a malware sample known as Esfury. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files. | 0b7cf2a60de25818fa432124041a6763 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 47f286283bb6d0451650d993e656cfe32c33fc547838b8fe7cfbf1f648694d1a 4bc38f7aebd3e4b6466a915c5bc36335ef7d4f7a 0b7cf2a60de25818fa432124041a6763 |
| M19-pes02 | Gozi_d9b5953e | Windows | This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites. | d9b5953ee496f629a010341930f71162 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 10b22994ffe103af6f1d690ba1abf3e13cec9712a913ff024d9d1c656b92dbc0 4140eaf042b8724570d447ee2b119a8076124475 d9b5953ee496f629a010341930f71162 |
| M19-p2901 | Remcos_0cba585e | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | 0cba585e8bf8721709ab9592e54e9535 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html b03eece2320b96ba1c1057f3adead7c347626f6f45e867af798f03a78d030fe9 f2d4ddf3c23ed176144e57aab7bde86dd5fe57ed 0cba585e8bf8721709ab9592e54e9535 |
| M19-8mz01 | Zusy_02de3e1c | Windows | This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information. | 02de3e1c3288d1a0d2f1efc7de2a3d0d | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 130c0eeebc22bcc4fd4edf40239b66fc5d12d497c7a39851a580e82aa4433e9a 18b77530a8c42ed9b50cea0f375a8cb914648659 02de3e1c3288d1a0d2f1efc7de2a3d0d |
| M19-1gz01 | Remcos_f286e667 | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | f286e667faf2dc05d8ea237a4e774203 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 7d2b477f6a2ae69257c9626cd87ca89b741b0397e2b4743194b1e95d802637d4 453d363015e52fe83eb14b0bde458772463a3f70 f286e667faf2dc05d8ea237a4e774203 |
| M19-afv01 | Esfury_f98f4089 | Windows | This strike sends a malware sample known as Esfury. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files. | f98f40896bbd8281fa55285549302bc3 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 094d75233bfdfc837e0b461eb47ef442277b022f102b8f6adc80e20ec0909e2b 0b7f61a950bff3279b5bae458c690c2523594296 f98f40896bbd8281fa55285549302bc3 |
| M19-84801 | Emotet_4cbb5e33 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 4cbb5e337b80cf08c4e3e107981cea90 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html b6c5d6655ef066545f8b9b8094c7347bf283e771b8f9b46b8e8f6e08144dcf13 7c7e4fdfba82e7d5c35b1e8a79072dcdf7fbaccd 4cbb5e337b80cf08c4e3e107981cea90 |
| M19-eg601 | Remcos_66609c5c | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | 66609c5c00fa27a5d8062b649ae62cef | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 24d2b912a0ffbde3afbef7e4460693ae84976b689ae7a150b914fb09a7551b13 59c7fdb09421c7c76031f0c281f9c824883f7299 66609c5c00fa27a5d8062b649ae62cef |
| M19-v5i01 | Emotet_2bb192b9 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 2bb192b9c179958e6943a2a265b92bd6 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html b5617d46830e9a3a362c97b9c6140c15c04b1dd64136ac1abf1dea3e65d83ccf 21f7b1b840c1e88626e9b4d850e22c289e9e5561 2bb192b9c179958e6943a2a265b92bd6 |
| M19-xr501 | Zusy_0126dd7d | Windows | This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information. | 0126dd7d84f2da59a2fec1313239f008 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 181be8f9157f806aea3f70181b143e12a8c95e85842f10dc31120db4dfb0e1a5 4b8ff098e6e39634e2b80672feacb5b8df27d496 0126dd7d84f2da59a2fec1313239f008 |
| M19-tyk01 | Neshta_e30947da | Windows | This strike sends a malware sample known as Neshta. Neshta is file-infecting malware that also collects sensitive information from an infected machine and sends it to a C2 server. | e30947da243deafe6cf313ca746951ea | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 1d62a3dc5a827604e330ff1ee26dd32786b2b371adec06bc136c4d02dc31d3a1 63a135b9bbf270f6a58e2679e422b822c95fc137 e30947da243deafe6cf313ca746951ea |
| M19-qhy01 | Gozi_ecf32687 | Windows | This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites. | ecf326877b3970ce41f76544f7050b19 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 12e98f72b4b5e225a1d465a7b121f56360bc9fd6ad538d56ee774874e4159e97 88257293f9ce9dc40fb24688eb190ad48ff5826a ecf326877b3970ce41f76544f7050b19 |
| M19-lqq01 | Emotet_ae99af47 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | ae99af47e843ea18d19b386b03293fa6 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 9af3c4f8514d9c318ac90df6fc0e3a0278b41247ecd568b30a8266d0370f3eb0 6c74276a5f8d3571cd4d5782ff5c5e847b23cb70 ae99af47e843ea18d19b386b03293fa6 |
| M19-6zd01 | Emotet_25789424 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 25789424f2c378c5ce44d8ae5876894b | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 14bc54ea2759508a18c4e79734d328510897db0a2c71bd4ac2dffb34f99df2b2 8a3ae411c9ce33a76ce465707bb0bf57cee685b5 25789424f2c378c5ce44d8ae5876894b |
| M19-4e701 | Zusy_60a6d5f4 | Windows | This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information. | 60a6d5f48c9fea7ada7b583c38a6439d | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 203bfb6936585624eaeefadb5ef6f0679663b09df0b46d9a9945936a787ab20b a22fa5fc1c2792f00034f0db551a5e5484fe500a 60a6d5f48c9fea7ada7b583c38a6439d |
| M19-zrx01 | Emotet_476b8110 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 476b81105a59df1f9913256059d20f6d | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 52dae4128bb378dc4a877aab9287fc1ceb7576e1cc8506351a5679c6e9dd2e95 005fa77f4b5a586f42df97e556deba61b9951916 476b81105a59df1f9913256059d20f6d |
| M19-boa01 | Neshta_e1f15e26 | Windows | This strike sends a malware sample known as Neshta. Neshta is file-infecting malware that also collects sensitive information from an infected machine and sends it to a C2 server. | e1f15e269d32b978826f48e0570100b9 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 24cd7a38f026dd924b59253c62616dec2bc20498ee7226be8a00bcfa1631e164 88956ea15d34a71b0336afc51fbc958743703f8a e1f15e269d32b978826f48e0570100b9 |
| M19-fr101 | Gozi_73bbc10c | Windows | This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites. | 73bbc10c87479e9e3d633887497e1291 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 3214ab12ebd572aff4147227140915d21f0c5ca0f3efb949cf6796356f6d4d11 39127aa5b06049107be621035e42fade13c6f34a 73bbc10c87479e9e3d633887497e1291 |
| M19-yev01 | Gozi_c0559924 | Windows | This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites. | c05599243fada209c118a631a590a9ce | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 48f89fac46dcc1f813d87d4cbedbae83d90f660558718e52bdcad554d71ecd35 ab9d68e6de6c9eda64d158da9bc9496b8b001f6d c05599243fada209c118a631a590a9ce |
| M19-3e501 | Emotet_5f4d705a | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 5f4d705a18bc034a7fd401d6331e5a4a | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html db9ab62920e6a46ca2ed59de12132eb16c5c6205f3328a4d5a26cb52ae298ebb 8aa12e19f436a59e68b1eeab8ef9293a4c93969f 5f4d705a18bc034a7fd401d6331e5a4a |
| M19-f5p01 | Esfury_153743cf | Windows | This strike sends a malware sample known as Esfury. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files. | 153743cf937f2fad72315ec63376c353 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 920e28b817c5d1376715b7654ee6c5476b6b80adff54bafe2f7c5f1d952f1bc9 62e6aa067475ea3d3980a6c5ff2993686d7c65bd 153743cf937f2fad72315ec63376c353 |
| M19-qfe01 | Zusy_ff2237fd | Windows | This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information. | ff2237fd782d334d1fec60d3d2c969d6 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 4b105589e8a96f695998816c224f250bcc02973f92bcbace3205487c75a4877f 7c32f071707a8bf837a37162627cfd46e7837e14 ff2237fd782d334d1fec60d3d2c969d6 |
| M19-0gx01 | Lokibot_b64ea428 | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | b64ea428d0c9e367cd4f2cc796ad06ec | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 930dea8f876d9f5f8f0d49886477b7d22fb72a73c5d22f01f0f0fb8fe674b076 101ba26d7136dfca633d17db573e7f68b85ae41d b64ea428d0c9e367cd4f2cc796ad06ec |
| M19-8oo01 | Gozi_2a6412ff | Windows | This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites. | 2a6412ff884a66ac747dc930932221c4 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 0551e4b2c94f0796f7bd0108a1415ddbbb1126b9ff489fc5467e7dc3ab602f9b 237760cb65db7cf7ee2c07cef11f7647dd99a2ef 2a6412ff884a66ac747dc930932221c4 |
| M19-3n201 | Lokibot_8d28b94b | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 8d28b94b09638c466968950cd2118b3e | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 9e4101e8a41db4810e032fcf0c13eb3dc1213b0d864ab4a0b76183ee17ec6fa9 abc43738849a021cb5e0d0ffc238cb3563296041 8d28b94b09638c466968950cd2118b3e |
| M19-ip501 | Esfury_3528ac7f | Windows | This strike sends a malware sample known as Esfury. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files. | 3528ac7f84148f157e23ed001e70ad1a | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html f4bbf7ec8be46bc611663482937506b1288b5f2d0b479df2d4aa24a5207435ba 4b1d7ff2cad2b250892e4e02e4ec804ea1f31492 3528ac7f84148f157e23ed001e70ad1a |
| M19-xd001 | Gozi_d0ff5def | Windows | This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites. | d0ff5def176bba054ad3d01de2875153 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 47109959af2b7fee21af66b6eeaf948ad4bb28c7428f59c9bb90ac7ea3753f24 d8e00f48f488311fb339088a2489f7dddad4bc6b d0ff5def176bba054ad3d01de2875153 |
| M19-xj801 | Gootkit_6dfb0dca | Windows | This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts. | 6dfb0dca3f54292c0c13b01a0ac48963 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 5c077e0950fdd99df11e389d2b830f241b35efdfb9dc6522b457c66fd64b79a0 3be3f645ff98a339978e09f212c13ac6319599e0 6dfb0dca3f54292c0c13b01a0ac48963 |
| M19-58x01 | Zusy_8ebf472c | Windows | This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information. | 8ebf472c3d09d69bcb9ee21f98549569 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 29ab42409df20428f7e03bce732c534698c260338e410985d112ce4410738579 6d3ee5010999b1f67a679b788f2830b22a345254 8ebf472c3d09d69bcb9ee21f98549569 |
| M19-m4i01 | Esfury_ea9289ff | Windows | This strike sends a malware sample known as Esfury. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files. | ea9289ffff919665acb85a8f1b005aa3 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 14e3b621de29654add1fe1fe1a1770279330dfb1920cdd0bc92cdd0f8ca489f6 37acf67dafcf2ce16b9e6790852e56de6abeebc0 ea9289ffff919665acb85a8f1b005aa3 |
| M19-ofn01 | Remcos_04243844 | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | 0424384415f8b521f8c8ffa631fa9b30 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 2f260e1c62dd6ce1d6c042bd488881d4b562ee1990d20cc383866fd6f805abdc 222d4c4e6348f14962ac14f24acd7cdf897da308 0424384415f8b521f8c8ffa631fa9b30 |
| M19-zzi01 | Esfury_69cb42c0 | Windows | This strike sends a malware sample known as Esfury. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files. | 69cb42c0bbbd820644a2c181a31b6664 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 5a5c0a62f7d53b6b1ee826a5baf8ff0c39d35ce6817fbee78a6398355747042f 40ec6c166db1f429a351a7cbe7949054f6948350 69cb42c0bbbd820644a2c181a31b6664 |
| M19-81x01 | Gootkit_30d2617b | Windows | This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts. | 30d2617bf442fe494f28889c851d2ac0 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html d3c1a8df4b8112ebf3c3edc53ebe8adb3680accebc243040b3d438a4e5489f2a bdd3fb4a7bb8f8c4ac077da5d2da638aff818869 30d2617bf442fe494f28889c851d2ac0 |
| M19-18501 | Gozi_107583c1 | Windows | This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites. | 107583c1a21a6dd95af3aa75181f6493 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 0ef66832ac9e94ce9f81840d4a40fa5e65bab3d930ad93503fbd77de4b74559a 24fa70465b53410ac5ca957b7892ac958be39c91 107583c1a21a6dd95af3aa75181f6493 |
| M19-fia01 | Lokibot_c8e402ae | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | c8e402aed51b2f8c778a2c6e851b3dab | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html c3e63e52d9810263c08ae33457a8995f822d6159b61904e77c1d338fa4dd0513 3dc9acf216e13991a12a97031937e2b112aada7d c8e402aed51b2f8c778a2c6e851b3dab |
| M19-zhv01 | Gootkit_c11c002e | Windows | This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts. | c11c002ed4b63296d3ca735e89d487b2 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 20d12b744bd651c35171626f1ce6d85bd9a3362acfee4f91934da6f7d4414cce 138c59978597bcebdd55515a64e117fd0e759b6c c11c002ed4b63296d3ca735e89d487b2 |
| M19-qrd01 | Lokibot_bb1d7a6e | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | bb1d7a6e1622bc21af1f65b7f03c3e88 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 906215654e5e6e6cee920b8d245c0eb7dedcc35e923e0e50f1cb8091339ef420 d7d84cf21544dae525ee9546dee7a065836c28f6 bb1d7a6e1622bc21af1f65b7f03c3e88 |
| M19-e3h01 | Zusy_8f306766 | Windows | This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information. | 8f306766a2604882fca9a6c7c11eee5f | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 2e668b329248a40c1f1dd54864023731d6862dce26efe70690d7e6ad9f2082f5 6c678a7461960107f5252e723ce2452f1907e8fb 8f306766a2604882fca9a6c7c11eee5f |
| M19-tgu01 | Remcos_e52ced0d | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | e52ced0d00cb4bc663ef1ffdec0e44b4 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html b0894a209477e906130c6a493a8d34cde4ae16442753c2513053f4e33a39ca80 7315f78968b4cc5c02cd4045171f5bba945b8eae e52ced0d00cb4bc663ef1ffdec0e44b4 |
| M19-eek01 | Esfury_1bf75b24 | Windows | This strike sends a malware sample known as Esfury. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files. | 1bf75b24902721bbab2d02ba2b55c79a | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 1a6aab3064593291c0696c1efd2ac2dcd5df96bf923ae7670562cfeac3ee5478 4fe60cbe0095c5b0ea50c4965d587ddbcb24c174 1bf75b24902721bbab2d02ba2b55c79a |
| M19-mah01 | Lokibot_52900986 | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 529009864fafd93226171e8fafaee8d9 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 4e0b291e2ce71731179d297d11186265907fe73ae9feb6734d9520784dd643ab 599edf951ffc71b6e2ae86c6ac8f0a52f908e0c0 529009864fafd93226171e8fafaee8d9 |
| M19-1o901 | Gozi_14e0f4ce | Windows | This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites. | 14e0f4ce0f39f976a2a8cbe6b0682e4f | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 0003b0a5bfd7488160015e4e0e81e2d2a61ea5f5db53cabd9b4a404be8412250 c59cdc285549eef0389c7e66bb69a14364fd5dc7 14e0f4ce0f39f976a2a8cbe6b0682e4f |
| M19-18001 | Gozi_6e817bb5 | Windows | This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites. | 6e817bb5f571681d67ef3c5d1b236fdb | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 2de56515f487b70c3ad879e784838da3efb0d3f44539c1eddd9ea218398a3335 c5095a15c6059e3bec8232ecb41d2fb184fed984 6e817bb5f571681d67ef3c5d1b236fdb |
| M19-9sk01 | Lokibot_22ac8d41 | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 22ac8d4140d4afc8c66c3c5eafcf39f5 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 6333008e4ed2f8af449faa9c222bf412733928a4dd0fb8011ef50d07f23bb926 5686fad5e359684508d7609dda604cebad6d10cd 22ac8d4140d4afc8c66c3c5eafcf39f5 |
| M19-eyw01 | Emotet_d67c711b | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | d67c711b9422767cebbd27a4eb4db4f5 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 4a98c1b48e25ed7a590d7fc89d65e07e40896e90c7977658c3bfcd8da7392181 1a804b4a5845c249fe9d5e4a0693189417e68887 d67c711b9422767cebbd27a4eb4db4f5 |
| M19-fxt01 | Esfury_37988e0c | Windows | This strike sends a malware sample known as Esfury. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files. | 37988e0c50a72cf81ff81458efe5face | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html b75e84103d3e74ab2ab1b3a0bab01e0272fd361ec808942a598a0165e169edb0 20abbb33e6fe596abac0dc8e8f9cfcd7de84c4ce 37988e0c50a72cf81ff81458efe5face |
| M19-6k401 | Remcos_655a04d5 | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | 655a04d512021089ffe3745d4cd2ddfe | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 556c8f046af879ab852ab13e2cde6ebf653fa436840bde821c4b7b26cc626f73 2ec3814bdf9ced363c9f52da3cf144bc54174095 655a04d512021089ffe3745d4cd2ddfe |
| M19-ovv01 | Remcos_c6a6a27d | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | c6a6a27d79e34adcfe0663999eabc2d5 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html caffbaf16f0fa50066efc7435b21330c05b2b3ca602253558e4bf30cb0ddad67 7396f2f13e1409c962b90a1eb1ac3d6ae0803509 c6a6a27d79e34adcfe0663999eabc2d5 |
| M19-sm901 | Zusy_813645bc | Windows | This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information. | 813645bc5a8f821b349862298b0969cd | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 19af7d81cf89adf71bb0af50d6bfe4171b7454daaece6e2883aa08fa06629274 36cf17fdeaef1b082212f665dc6608caed951a89 813645bc5a8f821b349862298b0969cd |
| M19-9qu01 | Gootkit_4c52b5ba | Windows | This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts. | 4c52b5baa3bcdbf55276228300e3643b | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 195932578c922415b99e2e292acbaf32133de4727384f5860c9c5d59436ce671 a4a147bf63e3df7e73705d739ccf4ff977f799b9 4c52b5baa3bcdbf55276228300e3643b |
| M19-od101 | Gootkit_f64011d9 | Windows | This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts. | f64011d96de4b6a8ce7fef576f13a409 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 0a98f18e5602852de2a00e1d4e4b87a9aa73bada595e14b7d05844aa85a0cb3a d1f11c11ff31b39203ade2042b1d9612482be19e f64011d96de4b6a8ce7fef576f13a409 |
| M19-hlx01 | Lokibot_9c9de90e | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 9c9de90e98d18e6034aa02bdd1a05927 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 9627bcfd08a534505001cb8e2e3166cba4e60dc20af10dfa50a00c24425447b3 9cfc767715275f7d3c0755aaa51411653f6ff72c 9c9de90e98d18e6034aa02bdd1a05927 |
| M19-1z501 | Zusy_4da01018 | Windows | This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information. | 4da0101856b1a8847bd16d2fa37fbeee | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 0c04864961c1edea6dd4231766af85f4031d3eae0756eec731bba81a98b46505 6b518481cb9643dd7349d271aa44131ce77e974e 4da0101856b1a8847bd16d2fa37fbeee |
| M19-pns01 | Remcos_a1f2e184 | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | a1f2e1848c6bda4cece32c181b5a8438 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 47232b513efbd2c6fcd3dd1778aa00ca018710c8afd597d238ab1c94433747c4 70eff3eb0fef6239ae0d1041a98d93bdeba26980 a1f2e1848c6bda4cece32c181b5a8438 |
| M19-j0y01 | Gozi_2e91dbde | Windows | This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites. | 2e91dbdedb9c8d1710bfc5ea71601347 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 23e78be8e4244831011a7bd02e497d15cf8ab29b8fd647881418e664ff0ab4be 0212069cb9fdfcb6da018b05951b545612f2f69e 2e91dbdedb9c8d1710bfc5ea71601347 |
| M19-9j301 | Neshta_e0ed67d7 | Windows | This strike sends a malware sample known as Neshta. Neshta is file-infecting malware that also collects sensitive information from an infected machine and sends it to a C2 server. | e0ed67d7270d0d60bba2640453c39000 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 1e5802bd82d8f5944e573720a81ba56de336600e576c8b6b095d1130b61c5e16 27943fdc1bb5536853925eefbb50c798c73d0e6c e0ed67d7270d0d60bba2640453c39000 |
| M19-53v01 | Lokibot_63b0ec8c | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 63b0ec8cfb3af0eb24f0b7c5cddd4065 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 7ad49cca3a6db9a75954dc7d137ed702cf3b5102588e22234a53861d47df1371 66c10098271063876c6724c639b96993b71da550 63b0ec8cfb3af0eb24f0b7c5cddd4065 |
| M19-p9501 | Gootkit_269bbd07 | Windows | This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts. | 269bbd07facaeb04ee9584d12e7fab2c | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 7a2ae75210913c882e0f6d848bfc06d729b7d0c6faf1c42ea9dec67da18c41e4 05a88e76b870abc1935b494eee7905030efbe827 269bbd07facaeb04ee9584d12e7fab2c |
| M19-i3g01 | Gootkit_7de520fc | Windows | This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts. | 7de520fc1de0472e9068db034e238ad0 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 417d2f400fb2c53c28407632edf46189f4cb4482cf5b323b55b3d75312c954dd a88fded7a0b1bebb538b0ed8aee08802002e499d 7de520fc1de0472e9068db034e238ad0 |
| M19-4tk01 | Gootkit_79ee8e01 | Windows | This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts. | 79ee8e013fafb247e7ea50b3fced5830 | https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 0a75195584a2ff98ff416153d7ae3c5f470201bacae816a9040e1545ad1ed71c cd01e3c666e6a7fa1ab75f123a9b69668440bab7 79ee8e013fafb247e7ea50b3fced5830 |
| Strike ID | Malware | Platform | Info | MD5 | External References |
|---|---|---|---|---|---|
| M19-x9101 | Tofsee_1bf77cc7 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 1bf77cc7694b3cac6f7c92d8b6aed73e | 91f017059803913ff88476e34c162924f117f419 1bf77cc7694b3cac6f7c92d8b6aed73e b2ba1ec34c107072d07a962d8ce3fbaefe195969c03be6a3d0dda19aef4665a2 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-f7y01 | GandCrab_c73bccc4 | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | c73bccc4be436e66fd5fc2943c0875b1 | 64df676e5cc13a9c7a788efc11f5f53c6b95731c c73bccc4be436e66fd5fc2943c0875b1 f8d8c881aa3b875216dff9aad38648fe95ad99ee53b3b6652d3172187eded48f https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-l1001 | GandCrab_d033a170 | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | d033a170477e3a49fb24b13e366efa6c | c445c058388f2e645ac3cf4029cfb21ee0f15881 d033a170477e3a49fb24b13e366efa6c 4135c6461d7866f9b1841bc7ecbc3e4ff58681e2b80f79e9a7daade0ca014678 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-nzi01 | Phorpiex_8c05a41b | Windows | This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners. | 8c05a41b756921f14ea62021e63de059 | 168578d8ea580a7ef52bf0cd69a4b5200c6bb824 8c05a41b756921f14ea62021e63de059 de730a7cf6d436b4e93c0a857cd72074bb2bc1dfd5fda10e25125773711526a9 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-c9c01 | Sage_8248387f | Windows | This strike sends a malware sample known as Sage. Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | 8248387f0fc537577c4b5b6eac21d3b2 | 06fdaebfc833f8efd6ec4114267888a4f685ea63 8248387f0fc537577c4b5b6eac21d3b2 d59ec8d355d30d035faf50a342e1f1b67b44764db114a373c503098847718db3 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-p2301 | Nymaim_c0aae382 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | c0aae38244814cac80da04828fd02083 | b8989769cae58df5eb16c8bad546460661592702 c0aae38244814cac80da04828fd02083 fcccfc04baab2622fbc4cf0ee2f47bd9eeb53e98a57a9754286805c0580ff79f https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-3zr01 | Nymaim_6bafdf7f | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | 6bafdf7febf2dc4d511bb2c51fab8f41 | c1c58d2226a8e5cdd8debbac81814a38609bc24e 6bafdf7febf2dc4d511bb2c51fab8f41 ca3a1e4d93207501cd2911bf88a92431ec5ef877b7b1a7200072c976339a07ae https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-d0601 | Kuluoz_b6a98091 | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | b6a980917843477ba9463671f9c9cf37 | 3d81f67a14c70a51ca3aaf812faab309096ee990 b6a980917843477ba9463671f9c9cf37 078e7fba23d21250e959935ba3ab9559dddad02240443543616eab37547ddd86 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-q5e01 | Kuluoz_f69ebd50 | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | f69ebd501cae2a6579a03d9a7a36cf7c | cc66d73a39061e24e0a27fadfdff6a6f98adee20 f69ebd501cae2a6579a03d9a7a36cf7c 05fa1a824e573e2db9dfbf4e3358a5f2c88956ae6a669f6336c42812a67a524f https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-98001 | Dorkbot_261fa96e | Windows | This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely. | 261fa96e95f2683cd56ea32d901ec835 | 5a76cabcc07dfde6a32b7da30f4e68f921bfccc3 261fa96e95f2683cd56ea32d901ec835 e5cbafb8ceee5d6573f199acdff34ab85d2dcd0d0d8e4eb34bd1afed33fe405a https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-pjy01 | Nymaim_9dd69dba | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | 9dd69dbacb86195ad458c891c4a815ad | 77c6b8e425236949fb4f4ea92c7484b35ac8f0e4 9dd69dbacb86195ad458c891c4a815ad 78838c78442dd1afb4d1806e0eb81ddb4931a1f51dd021a24109a461105232c0 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-ruc01 | Kuluoz_6b0d1fcd | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 6b0d1fcdef1ca1a01b4b180597bca45a | a4cbfe948d2ca63744bbdbf15f8a8ab666a8889d 6b0d1fcdef1ca1a01b4b180597bca45a 15381012927b9852633c0943aab2d0522dbf3d3d0a326e4b0e18e21ba29f6065 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-isi01 | Dorkbot_0d2f2139 | Windows | This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely. | 0d2f2139e312b2151bfa18d260cd93d4 | e2b832fbc633734c0035258d6129a9ee4f3d92a3 0d2f2139e312b2151bfa18d260cd93d4 39a3a1ccf3c4f36cc72bd45985058d31b02ee345fc844be3b94da5a4c5a03bb6 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-t4g01 | Kuluoz_9c6b420f | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 9c6b420fa8a54ea9e84f0ea5e3240001 | 61883e6ef0bade09c7bcaf91129178125d4a1cc9 9c6b420fa8a54ea9e84f0ea5e3240001 109a6498f4d7b51f0ede104d4bd8f78782913d641147930e07c6dc236dc04a94 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-erh01 | Kuluoz_564c6d2d | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 564c6d2df4874638084d3f0dff08add7 | 29fc7a81b7436547866f5dfce9d989bf13339dfb 564c6d2df4874638084d3f0dff08add7 07b13ab67c36b30dc081deebdd0bc5a9319a3ddf05e17a5d4552c16ded433d4e https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-zzk01 | Ursnif_42992f72 | Windows | This strike sends a malware sample known as Ursnif. Ursnif is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits. | 42992f722c198a1ad1b5b89757529df6 | 84b3045b73c98e75394b113a2d334f1a3e65251d 42992f722c198a1ad1b5b89757529df6 2a88b621e291815db268dd8a9e95f2fbff5b2216358ed24eab198917fe65742b https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-b3u01 | Dorkbot_66bd1507 | Windows | This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely. | 66bd150770847ab5bf57e869c1cced85 | 0430f076c42fc15b3e798a2ef3a2cbfa7e07c02d 66bd150770847ab5bf57e869c1cced85 4388646391e39334c69e5ff223f0a17d8f3dd11e34921344a30f78772550ca03 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-edh01 | Sage_5d1f3d6b | Windows | This strike sends a malware sample known as Sage. Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | 5d1f3d6beedc739709462c3a482c2ac8 | 6790560792c17ab7f39de732fee52eef6576dfd0 5d1f3d6beedc739709462c3a482c2ac8 f44c64cc3c06ebb0c2e3333227e82568a14e7cc4400679cd85228f8882f0a416 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-4yd01 | Nymaim_e6f36f06 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | e6f36f06a490c9f36051d04180e2070a | f17e42c62028014cc0e1c5a998ecf8edfd722034 e6f36f06a490c9f36051d04180e2070a 123573d7840dccbc368911be620c2c839fcb81642abeaed5a67316c003bb67a4 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-7su01 | Tofsee_b0f00fdd | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | b0f00fdd525f81ce7811da5ccc696b9b | addbcdcea50c69a16a048f519fe887e1b5774b91 b0f00fdd525f81ce7811da5ccc696b9b 69a09f081ee022239d1b11214da3f6cfc4c256c91c61f806faa71d1997ca31d9 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-rmy01 | Sage_43a0eb71 | Windows | This strike sends a malware sample known as Sage. Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | 43a0eb71b8ffe4d656c70f9c87a2d988 | 1e09936b99c6416f9331e2fd33af89f9db90bd36 43a0eb71b8ffe4d656c70f9c87a2d988 b61628da0124170e6bfeb5f282da74d06c5a6cffcd05681ce8cd069ec7831404 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-ut101 | Nymaim_7ab60aad | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | 7ab60aade246ec95637d1bccd244b10a | b5e424150c89deacffcca90828caa47f46433ec3 7ab60aade246ec95637d1bccd244b10a fc5b7ae3747c98d4658a0599130d5374c71bf2aa88483fab28d2e643e6283164 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-h1001 | Nymaim_69ed54dd | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | 69ed54dd23a0147d4209e81d6132ba6b | ee6a85ad6e183dc54d6cd67464e3283949205a5f 69ed54dd23a0147d4209e81d6132ba6b ac1887855401066432456e2890c97b7b303e08b7b65e20a8fd004052175a5b18 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-ay501 | Kuluoz_89e9dfae | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 89e9dfae23adff17d9c0dd999d892ca9 | b61647a66a680aaf6d90f902a14f00b04e07e3a6 89e9dfae23adff17d9c0dd999d892ca9 0d3ce20b680e2dbf203a10e9c8ed97c4f7006be9b3a6fddbeb443937480d98b5 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-pz201 | Kuluoz_8577046d | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 8577046da42fe9f14c91164cfaef5b65 | 87b75dd4ed9eb2b20bae474d7b13950d2388ad96 8577046da42fe9f14c91164cfaef5b65 06de3f442bfeee18831cebef86194b8166a188af312b739fb628c203e4d5f2ea https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-kgs01 | Kuluoz_b483417e | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | b483417ecaa903a6f9cf3571be781fd0 | 9c59e233ddc3fc9739fa45fa206ea6471ad174a4 b483417ecaa903a6f9cf3571be781fd0 0383d381bf8f010ebfe0215528a7289429052487a2fe90ce35eae0f7f11e1fea https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-ndo01 | GandCrab_848450dd | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | 848450dddf0bfb4b8ffaa42d194cbc37 | 791d24c521bfcbb016ff9eb4a0cbf89916de940f 848450dddf0bfb4b8ffaa42d194cbc37 a10f24291658cec5c7674d2a0a28ce019a69db9af92f3ce8b5b5a8c01c166e5f https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-a5001 | Sage_098488f7 | Windows | This strike sends a malware sample known as Sage. Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | 098488f7930862d7a40d76529ef5e4a4 | 46d296956b40a300b64588f7ef1b9d547eb35bb8 098488f7930862d7a40d76529ef5e4a4 25fd8664218cae1ca68b42245729c6cd00bbf3033704adf66c3ed56604d7e49c https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-vcx01 | Phorpiex_be2cf6a6 | Windows | This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners. | be2cf6a6685aeb47aeba6f74a429fb75 | aee4304318d90e6dc57d7d3b18377e55253fb647 be2cf6a6685aeb47aeba6f74a429fb75 6d65ccab03a62d84f12ac21fd02f44805c34696951e3dfb79ca042d8b832cd89 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-q6x01 | Dorkbot_ad0fad47 | Windows | This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely. | ad0fad470f824f1c1a004a59837b8ef1 | 992d765d200b91179027548a5b13bb2d0fa4ce33 ad0fad470f824f1c1a004a59837b8ef1 cb95aedf7037adb0c4d756ca1ddb3038341ca20cb276156b782726eff3dfca99 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-m8d01 | Nymaim_37956ab8 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | 37956ab83e5f31f6401cc461141611f3 | b435ed6686a6844741996bf6736a4a542bb7f28e 37956ab83e5f31f6401cc461141611f3 7a06a8e0fc5ee2416369f3638bb42a7b4994fd2e74b89b6a533636de6f8a4a86 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-lmf01 | Kuluoz_d954b98b | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | d954b98b931fa6875733c85535c63631 | 3c779a6d0600248494fc0690ab778e0c05f58bb9 d954b98b931fa6875733c85535c63631 0de776cb80503f7daa3effefbb2739f9c927f028df4445fa051cb33377de359f https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-3z001 | Ursnif_0d7c70fd | Windows | This strike sends a malware sample known as Ursnif. Ursnif is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits. | 0d7c70fd14fac69f118251a2a65faa99 | 7d0f3c331d996e0d507dffbab894a581a6fb5443 0d7c70fd14fac69f118251a2a65faa99 cd83db4c5a03f1fae1fa4183e70ea6a6acfc0657e45fbecabc48adfb281f39fe https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-jkz01 | Nymaim_c93218f9 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | c93218f9d93841e0bd17a9e7712688d2 | 9881f76800188186900e5685fc066543cb7865ae c93218f9d93841e0bd17a9e7712688d2 c1d686b25508f66fd32aaaeb1caccf0fd233f5303418a3658088205f543182a3 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-h3501 | Tofsee_08a4a489 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 08a4a48955608d743f8c9c28d3dcb2f3 | 14594ed7facbfd317664df5bbce866801159f79c 08a4a48955608d743f8c9c28d3dcb2f3 461f7cb0c6be901935666279cc26d155df22ddffbd4d65372b6ffe9aa3f4ff31 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-vpj01 | Kuluoz_e438c93d | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | e438c93d57104f6f7be0d30685622196 | 95aa871efe471e6be5c34149458e120942900d40 e438c93d57104f6f7be0d30685622196 087d4788799c0e935673ef2572bebf8f86ca61e8966b2404e20432a417e73894 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-0w901 | Kuluoz_02e96bae | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 02e96bae5b3bc1c2a2ee4801c2f719d5 | 0893fd0f00b7c9c46d40135a58aead92c4a810aa 02e96bae5b3bc1c2a2ee4801c2f719d5 14e13631f15fc311ef20c9e87ef28675dc14cd83ed871f44266811e103b45284 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-5fz01 | Nymaim_0543b723 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | 0543b72344a54966080f090e04d93b31 | 5e12d98cd55816e2ef283b1160406d6cebf45ddd 0543b72344a54966080f090e04d93b31 79158026c4d06723c530813c1e2a90024e88dddac9aa84cf0314f004eb49062c https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-dz801 | GandCrab_b7a7428e | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | b7a7428eb80f1c3406c3ac1794a39924 | dfba29cda22f4b9caf178a730baaa383fe5e5f0a b7a7428eb80f1c3406c3ac1794a39924 b2526566d9c11b59d36b80c035653ec56a23c5aac8c49c6d7ce3657441e357b2 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-vpg01 | Tofsee_8166c18a | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and aro seed to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 8166c18ad1ab3790843c3c18bcf36245 | 048688345ae17b5e381946a1fc66109da38e8f02 8166c18ad1ab3790843c3c18bcf36245 4b57c99f86103e7b26c7bee052f5c5c92c6ac82c34f21ac1b8aa333887a51068 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-hki01 | Dorkbot_e4ef7f75 | Windows | This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely. | e4ef7f75e984d4aebb7852f99315fb7c | 2bb2d700b9f97a59a8ed12f4af1afbfd2de2e1ef e4ef7f75e984d4aebb7852f99315fb7c 4fcf9f3dcd2df360e1069126acd734ded1b43ea7a7dbb5912db0d23eea505bc9 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-oo401 | GandCrab_184c376a | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | 184c376a68da4f2775fe34b45c3ed8c8 | c8ffb7c8fbb110501ecb8e26aeadb8ddef1640d4 184c376a68da4f2775fe34b45c3ed8c8 a2f4c15b34be976d49f35e8363e220f88d59e17ab056b9049d872c6eec04f27f https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-pf801 | Nymaim_54706861 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | 54706861aca0ddbf152a9477cfa1b763 | 05d468b2fc269fe4abf1601141c690dd63f13b6e 54706861aca0ddbf152a9477cfa1b763 792daabd16b1ceb49a85bccc8cdd8fcf8c21a9a0df3eb909e06df9cd81f786c7 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-5zs01 | Sage_a5a53cd7 | Windows | This strike sends a malware sample known as Sage. Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | a5a53cd7d5df58df95db5305f465832f | 3dd5735fad3eaa25002916b1254b69abd6753f41 a5a53cd7d5df58df95db5305f465832f adf288cbaea7fadb2b2f152ebccab141a94cccce33d343fd9c5d42bfe65e57eb https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-9cg01 | Dorkbot_ef6fedcb | Windows | This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely. | ef6fedcb9bb6a19d8656a06180cca807 | 6f2739c93d0efd53e0606bbffb8903729076dced ef6fedcb9bb6a19d8656a06180cca807 20f7f4a0bd9e9e531df4c14276eb290f5cb7efc37156ec9ba46fa2a7891206f1 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-30o01 | GandCrab_41353e8c | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | 41353e8c6ff1e68cd5733ac5f2db45d4 | f13d63da1886d816f89245b6f277b1bff2293948 41353e8c6ff1e68cd5733ac5f2db45d4 32c22604944c7f284fdd4495613bb7d0f7cf274677df9f2d4fb2c38369dba438 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-1om01 | Dorkbot_39ecc94c | Windows | This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely. | 39ecc94cd3b08c4dd2e6dd6726e1db32 | f3bdb73dcf9e86fba85c49004b78168f1b663e2f 39ecc94cd3b08c4dd2e6dd6726e1db32 ee10cd27e27378d4ad3f6122168c3e60270031b337e90683481c061d192401f7 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-ash01 | Phorpiex_e0bdd40b | Windows | This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners. | e0bdd40b131befd6db1879185ad19c4b | 0af71b72a2549b25ffd6bc0cbf0038872ec1a058 e0bdd40b131befd6db1879185ad19c4b c9d8bbeecb57aa0e4f59bad6e574470fe3ff8cc1685f38b16b6fa5435791231f https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-dns01 | Kuluoz_00cb18a2 | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 00cb18a23ed80e16d9c5f6a53f517447 | 9797a64e62974b42fb72f6fe2c363ecfe664dd5a 00cb18a23ed80e16d9c5f6a53f517447 0c86168150197d12329c57ad9c8d616a15f285483ba3cec4a9bb4ede46e4d234 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-ki001 | Dorkbot_5693597c | Windows | This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely. | 5693597cffc6520ff8020d830272abbd | ce2a224c6539d10bf9f830d205361125c1056bde 5693597cffc6520ff8020d830272abbd 1f2f1041c73af88cc46eb86719cf66e3b51da1c4d7ac70a80cc5b6e7ee4ad73a https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-ujn01 | Dorkbot_24c40a64 | Windows | This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely. | 24c40a641b426dc7882df9d310599a58 | 7571bddae582a8c633eedb97c62951ba40b2a62a 24c40a641b426dc7882df9d310599a58 738a68fc7864cd87bfaa8336f87b8cdc888fe9fb918de29114b419e2944d29dc https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-o9s01 | Kuluoz_67c9ff84 | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 67c9ff84ab76ae833fac3508ffa957b8 | e5debedb0aefdebe43c64bac47713d0f7020534f 67c9ff84ab76ae833fac3508ffa957b8 0364c9b75b03b9ed56059c9bea7f8a8f81f13d2cfc061c0b6e13525dcc3bd7dd https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-y8p01 | Dorkbot_dcef9821 | Windows | This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely. | dcef98218206053d4a8656cefee7f209 | b42662c89377025d072bf1510c9bc8f195bd9010 dcef98218206053d4a8656cefee7f209 def2ba6dc7842c6b35f09283b68aaa9558e7339ba4b4aa53da83bfed57188ecd https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-g6n01 | Nymaim_23a5cb3f | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | 23a5cb3f982fa59a1850541e13c7314a | 41ef00f7f3352e1143a59a4aae9f4e7badddaaaf 23a5cb3f982fa59a1850541e13c7314a 2f485d4cf77a8079c75d584aed08d769b864ba76373250e583b7268a444fc2b4 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-cnx01 | Dorkbot_83deb4fc | Windows | This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely. | 83deb4fc6ae1ad657f4a95f77b34c802 | 8fb4eebc88096e362b7a622cedcb212e07b00332 83deb4fc6ae1ad657f4a95f77b34c802 a2c072ec77e1736120ff202bfd7f23495921f04375e09fcedc43be1e61ce4a18 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-zf401 | Phorpiex_94bbe47f | Windows | This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners. | 94bbe47fdf9d03a1064f241bbc8b64cb | b839d85d8a57fb7e7739f74a516fc246440896ac 94bbe47fdf9d03a1064f241bbc8b64cb 8a60f95d39f7255e1fd83aac66e0d922ca0a235069d7fca74a4ca07aa5ff5f96 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-lhj01 | Nymaim_a886f711 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | a886f711b1b81a2245d0668510df223a | ecde4f3e4720f142387705969d7184640d2795ba a886f711b1b81a2245d0668510df223a 7c8ff85a4e95716c990a60b5f5a5992c0fe530e7a366f80bafbc6621ffff0fbb https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-s0v01 | Kuluoz_933bfdb0 | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 933bfdb0178f68a70f5bb085edeb463f | db111d25eab2216803c049859f8a3f97e493b4ad 933bfdb0178f68a70f5bb085edeb463f 0ce022144a2b3d712579d8a63c9c73109ac74eff4ad68f1b6fbd8f593c706aa6 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-b3401 | Ursnif_da094160 | Windows | This strike sends a malware sample known as Ursnif. Ursnif is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits. | da094160989c3513c04ec79362632ab2 | 422e9b03a11b6c1b4c8d0efceaae179191f4ee27 da094160989c3513c04ec79362632ab2 3b306bbe5aaabdd008259ac755b50ac5c53144bd2f79b90d1f29c3c576172661 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-jqs01 | Sage_c4fba7fa | Windows | This strike sends a malware sample known as Sage. Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | c4fba7fa2659adf9493d8ebdfb0cf0d1 | 6dca2ed8fa772f1d055d9e929169b6aeb4099fac c4fba7fa2659adf9493d8ebdfb0cf0d1 b238d1eb5e3ef4e3f5c93ead5032ad0bd67716ff555cf1a3649397ad2e3dcaef https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-p4i01 | Dorkbot_94fea149 | Windows | This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely. | 94fea1499406de22ac4509359700e7dd | 28fb74043f6f57f45ee2afca015ab0987a71c4d1 94fea1499406de22ac4509359700e7dd 642106449fb781a3f5de12b52b54c97961e61f76160ef8c169bd2b0615e98a2c https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-nbv01 | Dorkbot_5f6ef3ab | Windows | This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely. | 5f6ef3ab4723b33c2c92340b3b87e740 | 86f46b63115573471481238ee76de6e90dd8769b 5f6ef3ab4723b33c2c92340b3b87e740 f31763a353bf7a525e14f500f70c1924948db63d0bde94567dd908917f69133f https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-8v701 | Dorkbot_b07db28a | Windows | This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely. | b07db28a5a3c844e43dd4a8feaa3721a | 288535fbb72481b1991bdd3983b8916ce4229a5f b07db28a5a3c844e43dd4a8feaa3721a bf1102d0fb6cff725e38c7a6f6ca0e538aebcc546b711f9a2d5fac84fdb981f4 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-ag701 | Dorkbot_2dde9c95 | Windows | This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely. | 2dde9c9590c3f51db7e99a28474d2a19 | f8bbbd7a93cf9d8a00670d75f2a60e60c57c15ba 2dde9c9590c3f51db7e99a28474d2a19 3d8aa371276f3f11f2640c559dc5edbc792f8126604cb0e8d0ac3c7e521d4f24 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-9hr01 | Dorkbot_3375ba2b | Windows | This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely. | 3375ba2bc3a70dd78cee45a0bc172c2d | fc43a98cf3951d7705f68aba6fd602bba2d24226 3375ba2bc3a70dd78cee45a0bc172c2d 53d77cbc31d6ada99bd858417c8a8ec67907a82e6bc20e8641a3f71cbcfbe4f3 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-mxm01 | Kuluoz_7baa3655 | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 7baa36551ccf2fcbc2ba9306e1d170ba | 1c901619e2a03dc3e390bdcf11f805cc54b6f0d4 7baa36551ccf2fcbc2ba9306e1d170ba 168c0dd6882307664579943b5786594e94435ccab43618aee5b04d6f974bda2c https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-y2201 | GandCrab_d290970e | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | d290970e6fa8e3a0da1fa20600e43a46 | 1d5d8849d82035232cced9490c3a77586bd47c04 d290970e6fa8e3a0da1fa20600e43a46 7deada88e32db501dfcfb1aa0b9328c94b8a92561477d01e6b1a3b74e092e56f https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-k6z01 | Phorpiex_5e91ef7d | Windows | This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners. | 5e91ef7d792742f1460490354b8044c5 | 408b1c580fbaf8b430bd0bf5a67440baca27e38a 5e91ef7d792742f1460490354b8044c5 e0af9dcc27483bcdad52558aa19224a0338343e0456ad1e663e0b42fdd53520f https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-ddb01 | Sage_2e3fa32c | Windows | This strike sends a malware sample known as Sage. Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | 2e3fa32cc28d6a8f557164ae4e64c73f | 82777637a79df16a8d36254dae17d619007fcb6b 2e3fa32cc28d6a8f557164ae4e64c73f 42266cea4387c3bfa085ead6686fb91936a65bf8110c328b4e898771240e7b00 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-ezq01 | Ursnif_635f67fe | Windows | This strike sends a malware sample known as Ursnif. Ursnif is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits. | 635f67fe5e83193401a48c7583de9b18 | 2d35e44b452df67fb2789202883a46981c5c9e27 635f67fe5e83193401a48c7583de9b18 7cbc76561f75ead55fd3a776ba7b44d253783da767f4fb20b09616fa1039ac8b https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-mfa01 | Kuluoz_6fa75a54 | Windows | ee4dis strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 6fa75a54e147b5c2bd808cb7ee4dec79 | d186b355f6ee64d6d40073492bb8e10fb7fc25a5 6fa75a54e147b5c2bd808cb7ee4dec79 12e80c62f20986a8abe96df7be0c1b91d5fd32bef9781bf669d7a5d538af778c https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-3l901 | Dorkbot_1ce04525 | Windows | This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely. | 1ce045250e1f64931d334e12aa1de3ef | a4dbc06ab2923928aa5578f1eb4a321633174086 1ce045250e1f64931d334e12aa1de3ef b5bc85bf00d89cc18ffd0749f4783e5c4dd855fa37ce6c37a97ac6e8aa0a10e7 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-j0601 | Dorkbot_cde28567 | Windows | This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely. | cde2856798e20b47f0438766aa301cd4 | 8e2efb67f4a569bbe9a9e2dfe5865ae95c90fbf2 cde2856798e20b47f0438766aa301cd4 f71e42635ad5e9c0edac076a736ee15dd705ee119e2d485cb27db7c203bd0e0b https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-6el01 | Sage_312b832e | Windows | This strike sends a malware sample known as Sage. Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | 312b832e198816369d74871420959b58 | 84b69267796e45bd2cfa5808b03c67efd7bf09a7 312b832e198816369d74871420959b58 91a103e0a3a93dc681e7de5af18850933d2435a1d6cef35f85e7855f14c3ec02 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-a1p01 | Dorkbot_f01e74eb | Windows | This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely. | f01e74eb05e282951c15c144e25e498b | 46ddda0126f0886653ae540ecf2852a25a8a2de3 f01e74eb05e282951c15c144e25e498b 1b7787bd1726468e25ab200665e57b1b470b7ba531d60cee8642646443725cf8 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-9qp01 | Kuluoz_c312024d | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | c312024d2b6717aeb13dbc8c3b51c759 | f3740349b8064afcf5956df39c2e46c4d8bae4b6 c312024d2b6717aeb13dbc8c3b51c759 0c04b5f60896203a5d39a707080f344d27aa39048f171e9284d6d8b665e226e5 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-jmt01 | GandCrab_1d2846a2 | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | 1d2846a2f1a42670ccd10b60cdad793b | 0ed6ab2c4210ea04cd141c1dbc0e6e481ae67c60 1d2846a2f1a42670ccd10b60cdad793b 72ca8e7098802482b51ba77305cb22d52180444ff2925ed20d8eb1ca0dac5c56 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-04601 | Tofsee_fb7f1e80 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | fb7f1e80f04608081a274ae345a76b97 | 65d06871e44cea78fb1fda78d8bc10d8e4f217ae fb7f1e80f04608081a274ae345a76b97 4f734c7197b0c73e62e042cdef1cb4dfb056bc5e144a44ec00f8239796b203a9 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-66x01 | Sage_3cd2a162 | Windows | This strike sends a malware sample known as Sage. Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | 3cd2a16208bd80b1d4ff7b4909fd58c9 | ddf884617901687b2a084f89344e043c00d65396 3cd2a16208bd80b1d4ff7b4909fd58c9 a462ea6b325c5b91513498401fe7213cee84b61f04278616c51cae7238e57225 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-ssa01 | Kuluoz_7ac68272 | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 7ac68272d5b461e6c6404e70fa1231e5 | 1e30d1d2a794668dcad706006b695b02968c047b 7ac68272d5b461e6c6404e70fa1231e5 0a482d15c908dd7b8936e0900fcabef622708b79cd2020c730376aec9c7ca388 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-ivx01 | Dorkbot_23340e78 | Windows | This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely. | 23340e784ed12095c78850dac26812d2 | 97abeb5d201b469a0a04e51dc9d6bb0d4e8f042d 23340e784ed12095c78850dac26812d2 ef4abe8f4692c99b8d9bdc30b458d830905e6149ae1ae50bf7eb494f0c8bd229 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-hjz01 | Tofsee_6c30cf40 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 6c30cf40b1688b70e9e98c1339a8d881 | 849c36ecb0ef1482a22512a0af25d6d482aadee8 6c30cf40b1688b70e9e98c1339a8d881 a0738035727d477bae527df884eb986a9c8e6aea75a354782038e3840b6fa3af https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-8hp01 | Tofsee_6fbbd08a | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 6fbbd08ae2a227a1f8db1025d553d4eb | 64021da4f803b3a503ad733406ec321e28326aa6 6fbbd08ae2a227a1f8db1025d553d4eb ad601c1a9bc018b918cbc9eb6c4ccd625f9096c01115a2eb4a7c1387f2bf1d10 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-lu702 | Phorpiex_130ef945 | Windows | This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners. | 130ef945ab2247c2b91655179c141b51 | d1b1d65b3b2ce98a763e55919384946a8b64f19c 130ef945ab2247c2b91655179c141b51 65ebf8cd6280fc0c6d3261ecb07e928dec08a6c3a9a814008faeb9053da5485e https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-elb01 | Ursnif_4d35772b | Windows | This strike sends a malware sample known as Ursnif. Ursnif is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits. | 4d35772b47ae7101fc352bb9329cd16b | 27bc81fa6c6d97adabd657f67a41c504e6bf76c3 4d35772b47ae7101fc352bb9329cd16b d257e0242bc63f343d6712fe05e5b8c9d9be84645e5a2063a1d12820aae450fa https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-7qr01 | Tofsee_0b48bf76 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 0b48bf765f6273d9c6ce56457f0ce128 | b8a39483e39e19fad4685d174d1bd2658d415099 0b48bf765f6273d9c6ce56457f0ce128 07cbb12e22655ae68bae25e8aedee6bea64d0d430d77afb86227758740b1dfcd https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-qof01 | Nymaim_25fb372d | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | 25fb372d699969fd70f1663ca5b12427 | 9d27b4d7b65138d37bad0a12ed6370d7a9163329 25fb372d699969fd70f1663ca5b12427 c19036fc9959e2003d48bb68b2cd6c95a6423b6fa7a434c7ce96d77d69c6e532 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-jd701 | GandCrab_8de8bcdb | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | 8de8bcdb9055e97e7912f82f9998973b | 48d12fa7c004f35e5f9119d420073bb465cb14c3 8de8bcdb9055e97e7912f82f9998973b f8a6408e3a5a75772246c8dba4a39311ef82a5c5e5445fd817375610606bac66 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-ses01 | Tofsee_b39828ff | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | b39828ff2e9557e571f8d3b819de011f | 53c7a2a4752667cba8c876e6a20c2273bf0ffc42 b39828ff2e9557e571f8d3b819de011f afc2ab3eb8b9a23623603c03e7b7d1f0fca18b7b64f33976dd102681eb2a217a https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-sr301 | Dorkbot_ec75a4d1 | Windows | This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely. | ec75a4d14b66f8a93d1f46902cfe14f7 | 25c58b64c368e2634f2fc7971ca9b45d3f33f87a ec75a4d14b66f8a93d1f46902cfe14f7 33f4666ed81d7e61ccdae3a895aa21d670b714727ae68639aeb064f58e387744 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-v8501 | Sage_30274fac | Windows | This strike sends a malware sample known as Sage. Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | 30274fac8096678a175291c1aa4daf8b | ce3df66cd269062d6d9a734d9b7da1a5a37b376e 30274fac8096678a175291c1aa4daf8b b5678f253a2c15a3caa25840b16421b4458928d0ddffaf1fb941a4aff1061f38 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-3ep01 | Dorkbot_6cb7b9c3 | Windows | This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely. | 6cb7b9c369f8a71933a2b4d63df39f5a | 1d66f3269c3edd9f1695b357d630d669b0946384 6cb7b9c369f8a71933a2b4d63df39f5a a4f42f84cb704690aa10a2ebdce33e964b67a57cee554019d33f1a7cd9d3f4f3 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-j5s01 | Sage_d6608da8 | Windows | This strike sends a malware sample known as Sage. Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | d6608da8c025db4397d33e41fe49cfbb | d253e0c16791447d97a70364bd5052b43ac4d621 d6608da8c025db4397d33e41fe49cfbb 0558a89422c627ed31af6d34293b1de99ebd9f8538d8c29bf830b9302dd9aa56 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-rhz01 | Kuluoz_12a92181 | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 12a921814452398d68c2505d6fa69ca8 | 7fa5b28cc9f74ecbfa63f3fd3f8bf6be0b8366d6 12a921814452398d68c2505d6fa69ca8 13705e3f984dc79824e22fa9349c3704dbe5d67a606f59029622887379eeb302 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-9zb01 | Sage_5128613b | Windows | This strike sends a malware sample known as Sage. Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | 5128613bdbd49ab657fa1e45b6e1d280 | eeb374241c5b402f918e37f8b8fe51b218c5fb36 5128613bdbd49ab657fa1e45b6e1d280 d7e794446a774f9f3cacdbd58345a1a52f988eaff24c122800a9aa9b0e094e08 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-p4k01 | Kuluoz_4fe6186f | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 4fe6186f2f142cde6596e336e68d1a97 | 3a5e6f1e431dbc765223b6cd76a387b1f8433119 4fe6186f2f142cde6596e336e68d1a97 0ce6ae758bdc6f4c44b249f4ecf327f5a00a238ebed3bbe8b06f317b91335f1c https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-j9u01 | Kuluoz_15a2db50 | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 15a2db503f657f02b379a3f4ae5567f5 | 4378b7b75c6d85d6284ba6b2fa4ed7c2663d89ff 15a2db503f657f02b379a3f4ae5567f5 01412a2d6877375f88d6b502600e45a26197396a1f0b019d8d10437729f52257 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-y8n01 | Phorpiex_c6424aef | Windows | This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners. | c6424aef94c0dfa968a4322855a1fd3a | f2a27af3576d885ad60b37ee905771144eb6d3d6 c6424aef94c0dfa968a4322855a1fd3a 48eac3b34c05886e1338554f54ca7022fa15215dd22d4a6bf62d6c531ba1a3f7 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-pzn02 | Tofsee_86ca6f16 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 86ca6f162225a778615348830f04b09a | 1af715b26604f7fabf7b0b62969b8888c376a6ed 86ca6f162225a778615348830f04b09a a2a94ca3039111688fe1304a3fd4ad245b79d0b6d2ce58bcecdcfdb1b34c0208 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-6t601 | Ursnif_e324a9c8 | Windows | This strike sends a malware sample known as Ursnif. Ursnif is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits. | e324a9c857784d678950574d1c87dc9f | 9b5a4928e4c77e21a22ee4cd21eeed23d132f7fb e324a9c857784d678950574d1c87dc9f fb1eac4151a47e030a0d372c40fc3c70cd4ba76bc40571fa69d60f398196726a https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-bq501 | Tofsee_1163010f | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 1163010f1a517c12bb0979e7dd343b33 | e3a3c1e0af9fd7f0696399fdc87a24d6a69dc0e5 1163010f1a517c12bb0979e7dd343b33 564e5e2f864ce52b923daf130c30efd97ba3eab872e04cc8849ed6133ed7abe8 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-9zs02 | Tofsee_a116a435 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | a116a435b8f21df3fc8b31842d7ce861 | 0d4ad83025f572978efe58ea3a0dd7d17de87d25 a116a435b8f21df3fc8b31842d7ce861 b1f1d675c5d97b3ecf4085f1326bf67e5b1ee0b30ed1499df1552283d5fde731 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-fg601 | Nymaim_c2a73802 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | c2a738022d7fc40d7d1f6644bdcef194 | f8fe8b6139b63a32bbbd4f5d38a4cf80d5ab327a c2a738022d7fc40d7d1f6644bdcef194 04f91d0532ceec2b0455ab9745dff5b423f34e8f32cee261db68ad28db024a08 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-2ws01 | Kuluoz_c5ce01c1 | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | c5ce01c15c640ee7f1f19852ec391590 | 58862494709d82809f12098f776ccbe5e4f7c676 c5ce01c15c640ee7f1f19852ec391590 0909060506cdf2d77307b2ae36380fc7f85de0a9c1c103ca629d3089ba507df3 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-h8d01 | Sage_cb8375fd | Windows | This strike sends a malware sample known as Sage. Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | cb8375fd6fa86b6a54f47ac9578921e3 | 8c5002405eb68905d651d7deb15f0f49b385d246 cb8375fd6fa86b6a54f47ac9578921e3 9dd1839b1090c0467211f689214df91e5eb8e73830f2a2ea9e3408e527fe4096 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-ko602 | Kuluoz_2ad1254c | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 2ad1254c2640c8ec91687c90175f0804 | f94e643365ba1301a015e36a7502c5954cf7f08b 2ad1254c2640c8ec91687c90175f0804 126266edb2a41407ba26f72e127430dd5932b07ab2e312dfd09285bc9f5db40b https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-x6b01 | Dorkbot_67a5c71e | Windows | This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely. | 67a5c71e23be4e0b8cee069fefa18f81 | 19a3752937f0c2fad7dd0075ab91807c31e58e3e 67a5c71e23be4e0b8cee069fefa18f81 ea0479b081905b195d7dc9f37f81cd07945691ab84b395013e2653594e40522e https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-qai01 | Dorkbot_93b72917 | Windows | This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely. | 93b72917c3e01ede55ae6d3204a9f397 | 6530fdb5591577855b6dfa5bfc2240cc0d407450 93b72917c3e01ede55ae6d3204a9f397 791b43d7009c8bceb849274e51607d89283bddfa94d215ede8cc3bc76953f7a7 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-3s101 | Kuluoz_89670c3d | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 89670c3df7702c13e18f983442f08193 | 48b806c9b4ff322ccd5e3dd65c92de737a83cb4a 89670c3df7702c13e18f983442f08193 091b1cb41a31ffd75781295ec748bb6b82bc6624dd7853405304a08a322c51ec https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-21r01 | Dorkbot_3680727c | Windows | This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely. | 3680727c50bba736fcb53f8d6ad5954a | 40eee7a2876f211b9675f65f7530657d5a0cb63c 3680727c50bba736fcb53f8d6ad5954a 31012f9ba68cf7e8ac73561fee2c8b2e2a538196d264f3d4c3d89341e77e2495 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-3yb01 | Sage_99dd9ab5 | Windows | This strike sends a malware sample known as Sage. Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | 99dd9ab5e730e1b7b211b256e6ee745b | 8a8843884c93f141933742f37e9b72c992e6c96a 99dd9ab5e730e1b7b211b256e6ee745b 785c3dde4d85cd5ff2e1a826801c3813c2dd08fd547628aaf83bd9baeaf1f9c9 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-an401 | GandCrab_0bb83e40 | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | 0bb83e40d8aad33f4e3ed4bac27e87d7 | 5122322cb9816b8ffde2cef3ffeaf8bda2a7be50 0bb83e40d8aad33f4e3ed4bac27e87d7 d2ec413f2c120332e05f71f899094794a9c0092b220ef86633d499bcdcf997ee https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-hpk01 | Nymaim_a3b20533 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | a3b205339fa9fccd2c75b25d33544ccd | b03bc5bc930477736418ef0c144e56e8cfeb7f97 a3b205339fa9fccd2c75b25d33544ccd 037d05e6a51414ff22c6f27f5758bab12a237fae5a8da61b3d9579e77cf68cc9 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-3do01 | Tofsee_edcfee25 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | edcfee25afde67a147ff11d14aafb164 | 0cd012d85261ef987ba9b1dc5eca506df96047bd edcfee25afde67a147ff11d14aafb164 1ef2f6a958ffc7e4c2733100f10b53baec777d197d345012d464c2e9987cdd43 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-1bb01 | Kuluoz_e2ec4718 | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | e2ec4718d67aa1c54584e7ef5d0c4aba | 83941220823a6a70fc2ada450ca95b59dcbf27e1 e2ec4718d67aa1c54584e7ef5d0c4aba 02205537e0ac5c8b8b66f53e8d2993b706a8f7fa5757346a7312db646a471143 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| M19-zns01 | GandCrab_149be314 | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | 149be31476fdd3ca6ba4420e5cb4d13c | fdb8229068cca38c36b39ec36ffef3234c1c6c0a 149be31476fdd3ca6ba4420e5cb4d13c 067cdd8df478938f229dcedc5f65fd4cf92c66d3c516ba60ae4355d5cfd06a4b https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html |
| Strike ID | Malware | Platform | Info | MD5 | External References |
|---|---|---|---|---|---|
| M19-xx201 | Shiz_1ab70f41 | Windows | This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site. | 1ab70f413a9ad4fb83445cb9d691ec1c | c38bf63b1b5481006d0226a7dfe1ddf72215ec26 1ab70f413a9ad4fb83445cb9d691ec1c e4c8b631c928eec873f54c2811315e48962a8f5e067e3f820e22fbfbb04755eb https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-1co01 | Nymaim_cda11198 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | cda11198947a061962a94f9a014a1a67 | 339940dcb46616dc8f67bfb6793bb9449b71aff1 cda11198947a061962a94f9a014a1a67 485e521ef0299ede43da514cdf8992bddc95529209889e562d0cab884bf71cdd https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-y8g01 | ZeroAccess_3e78d270 | Windows | This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | 3e78d270be37a4b082ba5942d1a007e0 | b4c4b0ad6d018e91c1c4b3a2956765e04a6b3335 3e78d270be37a4b082ba5942d1a007e0 91fff0045ed0ac9433217ee7dd1f5ede0554588995892e026044d8d9f9371e1a https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-1bw01 | Trickbot_bf12a005 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts. | bf12a0050dd763ba244c0825fcc8b972 | f1bdd325cf2316426548e0e656e94ff94c30413d bf12a0050dd763ba244c0825fcc8b972 639adafd87d067c1cc5c5d1be870f3800e719637dab20e435f379fc86b268d15 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-us501 | Trickbot_644334bd | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts. | 644334bdfcad2c402d980f9fdb406c44 | 5d807cb896f43d7451686057c4b4a5e8557073be 644334bdfcad2c402d980f9fdb406c44 30f321827bea98609847dc047de756f7b86074bb3f5c6e4c7875f25db5dcd627 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-cod01 | Cybergate_6272a3a7 | Windows | This strike sends a malware sample known as Cybergate. Cybergate, also known as Rebhip, is a Remote Access Trojan that allows attackers to fully control the target system. Functionality includes command shell interaction, screenshot capturing, audio/video capturing, keylogging, as well as uploading/downloading files from the target system. | 6272a3a7a872fec00997c41e1db820b2 | 5e6bc3f4419bfbc1c0ee0c2c2eceab6fc5f4aca9 6272a3a7a872fec00997c41e1db820b2 19f9ab1a6f01c5bb060fd865f165d48789f6b6c561960071823b6fcfbddc733b https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-p1s01 | Nymaim_d3a408d6 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | d3a408d6ae7f683c1ac41e95ef09b39f | 4655ea2fd30c1eb2099b8c90dda186de93da183a d3a408d6ae7f683c1ac41e95ef09b39f 01fbd952fe57f673aea818e12a0aa675c9e29e1ba0f85d28645a926f3df4f7f4 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-bvx01 | Shiz_47a02af1 | Windows | This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site. | 47a02af1e32ffa586e37af235735ef42 | 1e9e337977dba8b65e21c6e5435a368f4462d7ab 47a02af1e32ffa586e37af235735ef42 bf6c06b4720c871f38fe90fc4c2dd2a17fd3879b37668facd78f433309123094 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-onx01 | Cybergate_ab7cb2ce | Windows | This strike sends a malware sample known as Cybergate. Cybergate, also known as Rebhip, is a Remote Access Trojan that allows attackers to fully control the target system. Functionality includes command shell interaction, screenshot capturing, audio/video capturing, keylogging, as well as uploading/downloading files from the target system. | ab7cb2cebff981e4618404d0131e5476 | 6edff0719e5d5f395c9a7aa9bbe27bc18189656d ab7cb2cebff981e4618404d0131e5476 40fc7ace7357cb61cb7ad47e655d7d33c0952cbea1fae151f969eca85deea68d https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-wn601 | ZeroAccess_38d87798 | Windows | This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | 38d877981d7895a094d64c917ee6a2db | d576697601fed8daf7c6db626ff737a94c220430 38d877981d7895a094d64c917ee6a2db dcfd777c230140e79392ba5adf4f6aa9ae249d68eb18cf2ba3b74eca47a2b3c2 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-1xx01 | Trickbot_094fbe60 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts. | 094fbe606cb497823dc381689bad3e09 | 3c8a8d96631f50fdf8904cd5e97bc0c96b4704a9 094fbe606cb497823dc381689bad3e09 653fc5565b1e8746ddaa507722815fc225ce5c327fa69dbbdaf8924880197035 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-xmg01 | Nymaim_0896907e | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | 0896907e2c1b48b2c6ef1a1eeadcc579 | 93a8ed12c50dea43ff6ce7ee41bb495c4454fcad 0896907e2c1b48b2c6ef1a1eeadcc579 028423fc9b5fb8f3fc0f985e43b703ce05e69a3828f7152dda5d6e6bc3175da7 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-6im01 | Shiz_84d445f4 | Windows | This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site. | 84d445f440d02b40eb355731306699f8 | c3991e23c163b8710f47fbd26ae9b431503a9b50 84d445f440d02b40eb355731306699f8 d736eb2fa68eb8da82c3823e90bee6fb374f00d59b5ce26df9a8f8f6e807bf39 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-fca01 | Trickbot_5933d1da | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts. | 5933d1da80f39a264e33161e9dcab4b3 | 3eea0363a8477e7ac75809ee3be597179c45de97 5933d1da80f39a264e33161e9dcab4b3 051eeb1a5f4ef84caff3c5a7abcebb1839569516480df43c929aba282eb8ecb2 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-g2v01 | Tofsee_9396ffcc | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 9396ffcc501642e85538b7ddcf3db072 | 5eac51d49468a57234c08ab59eb27f0e5fa0353c 9396ffcc501642e85538b7ddcf3db072 9bf983cc999b2a3bd029e21e445bca85853b58d66247c7221157fab41fbd19d8 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-7b301 | Shiz_4dc0e9c3 | Windows | This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site. | 4dc0e9c37518c7c9a60977403484c83d | 95d323d81d751839f3f5cdb63762b56b4b9a22ce 4dc0e9c37518c7c9a60977403484c83d eeb8342fd7c3ee5b7bb9b714899dc0b2b97597562022015b9d1d2464e7cd55d3 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-o4a01 | ZeroAccess_07d4dbe3 | Windows | This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | 07d4dbe37041634baa6564f686472bdd | 48cb42e93f1dec05fe5c2787e9d526cf867194cc 07d4dbe37041634baa6564f686472bdd efbf80ac6287c82b3231e87957271cadf5c5130eeea7b2e456ffa8b002cbde62 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-o3101 | Gh0stRAT_897b3fac | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | 897b3fac62dd77759344a54cf2cd3462 | 3c2d4dc965b2622ebe4bf4001245b55b9339729a 897b3fac62dd77759344a54cf2cd3462 2dae697a1aa350218fb9c4c6ed9d28caa9eff1ad7bfbd0feb32dc523e5c7baf9 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-3a001 | Trickbot_b2888a54 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts. | b2888a5432c8c65cc0c7cad4de2d9940 | 0ae0c8e78e925f9ae2b20595ceb2ba63b72839ac b2888a5432c8c65cc0c7cad4de2d9940 112a18bcbc8424b2bdb7ea574f5696288d28a28dda3f0aaa9894a84285c932aa https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-7l701 | Shiz_27d6b22b | Windows | This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site. | 27d6b22baad9755cceac2086f06f6333 | 3f45e8830c4302e5c55a0274c55a74d2f92e5d1b 27d6b22baad9755cceac2086f06f6333 9ca9c80c7aef1de747e8fb0fbe2fdabe0242862341eac562799b96f94830bd7a https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-i8101 | Gh0stRAT_3a7b7432 | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | 3a7b743255b7a9aa3f07d2f51612e462 | 5bae57163767f1c853a688c151888b63b60f2550 3a7b743255b7a9aa3f07d2f51612e462 2512e7506467e005bda030357121e832ff0dddc6a670ae4c732bac8345a0e2cf https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-zun01 | Shiz_d6914a36 | Windows | This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site. | d6914a3674d74f7f7feb9505c1423e42 | 9c3dec68c4506e223098167d1f82ed886125e52c d6914a3674d74f7f7feb9505c1423e42 cefb5097f6431abfd8ecaa842f8fd18e7c37b585c90ed7dab5cc58c985f327ce https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-yul01 | Shiz_33a27aae | Windows | This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site. | 33a27aae2d274e9be4161612b7b3165c | 4a6ef3f0ed4eefaee74dbed51f5717e976aff5c7 33a27aae2d274e9be4161612b7b3165c 15e38b549194635dbbce0ddc2fa97744992498292843924d0ef12fb1804a285c https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-26j01 | HawkEye_01114d71 | Windows | This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media. | 01114d7100d23b26e2b3a1aef43244c1 | 3378cf1b8527eead50346f6c6fa476d5dba80031 01114d7100d23b26e2b3a1aef43244c1 1c38e7e3f9a7277e60399523a664c73ad1e950de5ab59981f6ce77c908403448 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-ty501 | ZeroAccess_e8f0168f | Windows | This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | e8f0168f83dee93e76ca78cb22de73cf | fcb977a76aecf9e5e2bab66750fa3af8df1cc50f e8f0168f83dee93e76ca78cb22de73cf df6e0399978745daad9974c24eecc3859740bc2e2ece4a7ec970cefcdd5a5bbe https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-7bf01 | Cybergate_0f1ec177 | Windows | This strike sends a malware sample known as Cybergate. Cybergate, also known as Rebhip, is a Remote Access Trojan that allows attackers to fully control the target system. Functionality includes command shell interaction, screenshot capturing, audio/video capturing, keylogging, as well as uploading/downloading files from the target system. | 0f1ec17725ef52046f35e1dea3f123d4 | b6cb8d34a123ae7f1e8edf79c72d071d7bf05546 0f1ec17725ef52046f35e1dea3f123d4 dc416c86df2bad0adde036bda83db1fbcac13036a2ea7f73453597e7a3d5788c https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-ed201 | Nymaim_0aa69713 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | 0aa69713006a195dd71163ba798d2587 | c651006920ff7dd3ba9fcd3f04801be63f0f942d 0aa69713006a195dd71163ba798d2587 143c9de178660a194d5e22ba45bd7d1d56d3f286eb16ff9a1206cbbecaf811a1 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-hk601 | HawkEye_4abfa5d7 | Windows | This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media. | 4abfa5d704ffe75ecede2d2f7f78cd0f | b1ab7400eeb8c63e809c7d9d8d3898949d697da0 4abfa5d704ffe75ecede2d2f7f78cd0f 939b12fcce7c902fff5730a6cde141311baf0a322e9334cf1dd13230c68e7794 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-chu01 | Gh0stRAT_ee5a17b1 | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | ee5a17b1b84a2be9d1fe606787afffdd | 5c7c1785df2aac73744f8ab2c8091251ea27be9e ee5a17b1b84a2be9d1fe606787afffdd 249cea1515c2c625b5e117a9495cce088f64dfe39dfab2b9d47d9071e2516900 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-2dh01 | Shiz_02880bf4 | Windows | This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site. | 02880bf45fdcfecbe10915b4d4293e64 | 713f6fb4e72e3c9b44707731366a87dc7eff7328 02880bf45fdcfecbe10915b4d4293e64 fce2a9dee62b71966aca7874ff8f37066a0323c73e5e524162b36b114a92894f https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-ak201 | Nymaim_737802e4 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | 737802e46bfc6275946e930867e04f41 | 8aeeadad39664b141ac22120a8a345a939411d70 737802e46bfc6275946e930867e04f41 c3120a24f20ecedf04b17c71bc7f1588d1daa776ea66b1b85f713ffe7136c944 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-tpu01 | Cybergate_cd1af03f | Windows | This strike sends a malware sample known as Cybergate. Cybergate, also known as Rebhip, is a Remote Access Trojan that allows attackers to fully control the target system. Functionality includes command shell interaction, screenshot capturing, audio/video capturing, keylogging, as well as uploading/downloading files from the target system. | cd1af03f5b702bf06f42b91cd8c252b2 | dfeec000850eea461184760c0dc8fd24ab22ca3d cd1af03f5b702bf06f42b91cd8c252b2 c5d0479add616c17dfdef957dc106522ff40bebd08ab070b0941474715a29dfb https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-rtk01 | Nymaim_cc1bc741 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | cc1bc74105c8bfea61473f0b4ccff3a9 | 0a0608762c2f29ccf82e015189dbb80fe23171f7 cc1bc74105c8bfea61473f0b4ccff3a9 c9017faf332ab5c93fadda86db30d7e6b6a67afd6aa0cf1334b1744e16497b69 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-weq01 | Gh0stRAT_64014bc5 | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | 64014bc500d568bb0a00c976a53cdff9 | 2ea34a2f47d49b75ca48b9cd10655f400f1ec97a 64014bc500d568bb0a00c976a53cdff9 1156fabd2305bd3ce5b218a59c3f3cfd99671dc8323fda13c156aebf26ee3ed8 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-iyx01 | Trickbot_24365377 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts. | 24365377ecc0363888759a764b10b0ed | 4a701bb1e053f8d572d54443220ea476fd5128b9 24365377ecc0363888759a764b10b0ed 362d936eebd48241b9e3b6ae0f8650365af42aa307320438ae170862750b2a08 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-04n01 | Tofsee_ad6e664a | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | ad6e664a14bb694f66fdbc97913a901b | 924e3d51e5387a1d0cd65df7f80e568f1e8f7eb8 ad6e664a14bb694f66fdbc97913a901b be8a71e6dfa63485be4a848cf6d0bc1da15b20fb9735e0c0ed08e346840096e0 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-wti01 | Shiz_2c91d979 | Windows | This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site. | 2c91d9791faf9c214281deb6c339edce | b6e3cd30d170219612d8cad4a1b6918f7b63941f 2c91d9791faf9c214281deb6c339edce c0b1f1dcd503c8e254cbc80478848db14d2ab731df0a3d3cd185d5df43727d54 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-va401 | Gh0stRAT_5ca19eb6 | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | 5ca19eb6bd546a2302c83da78c6b90c1 | cc88548d1924a3e1a1a70432b319ae262eb85a36 5ca19eb6bd546a2302c83da78c6b90c1 30fe5c510a0dc5ad89fcd66491ff24f605a90a2c4a53c67a9969fe15a4a5d0a7 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-bqx01 | ZeroAccess_5b331b71 | Windows | This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | 5b331b71bc6080f4f9466135db3414fc | 47168b386448ea369586f536d906cabb399ec0ad 5b331b71bc6080f4f9466135db3414fc 67ebc3153ede004c1af8b82ecd6f4713573f4c29b4a84c0500d761f483ad9172 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-ni901 | ZeroAccess_db8335d6 | Windows | This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | db8335d68db2bf86ab85bd10d3ea9cb5 | b7435e2d1cd486d018306fb14a6a0753c34509ce db8335d68db2bf86ab85bd10d3ea9cb5 c11c70ca57c92e7224b2c011bb8559d5214ff644fec730a52e02eee172a8a043 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-nun01 | Gh0stRAT_36d574ea | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | 36d574eaa21344ddc4272f98817ed0fc | 25d281464b40b11f1bf97daeb35ba7a9f2733340 36d574eaa21344ddc4272f98817ed0fc 26f34567a93de01d7e6853e9ae31eb0f1848dee525b0ee605e1c1884accc4982 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-xf301 | Nymaim_aa53b3d0 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | aa53b3d01dfbe0d5c083337b8019efb9 | 251068aba327ccf106d3ea81632d76fa18ade681 aa53b3d01dfbe0d5c083337b8019efb9 54875c46bc6795dd22af5760a5452f3814a5b6827ed996d6a475ec95b9107626 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-30b01 | Tofsee_5bb2f386 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 5bb2f386bacd1c438be6af5c57963ac6 | 627b5ec632d023f834f2fc9486ffa8c9d5fc97f5 5bb2f386bacd1c438be6af5c57963ac6 1c916b795f49331678816ef6cfba0dbdbddd4b92a421e086ab2fe2ea095d10e9 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-rnk01 | Trickbot_ac1f9c63 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts. | ac1f9c6362ad0990378f91888ab08d1b | 3f04671e7dafc8bf4a51ae4c00f0840ddb73b66d ac1f9c6362ad0990378f91888ab08d1b 0143365726dffade4573b49e8c816d414c8ca96567a8163cbb714a4b9c18df2d https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-mjx01 | Shiz_a0ee636b | Windows | This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site. | a0ee636b69789ecbb8423b9079f1f18b | f53d1d8e2d4c23fd614ebe69305167a66df73811 a0ee636b69789ecbb8423b9079f1f18b a798d57162ee4fac07d2e23a16f9d0557d39f6c615a33add2a8f570177ae250e https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-kmy01 | Nymaim_fe2a01de | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | fe2a01deaf0a0865b2bbecb382920dfe | 6b93dc943d1c1dac079e53d8cf86385303d83cc2 fe2a01deaf0a0865b2bbecb382920dfe e1797282c01e2bcf9e03707136cfc60bfdee5818cb1ec59984befd55de4c6719 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-k9d01 | njRAT_1826b00c | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 1826b00cb9e7d3e90e08bc5e2159cd81 | 2aa30f7bdcaf7cd73cbfa88b0b7c953e67d46b94 1826b00cb9e7d3e90e08bc5e2159cd81 9ec10adc83de49e13e491384047b11e40f2b7567991a11ab03a9703899ab55f0 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-ds701 | Nymaim_c2ad76e5 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | c2ad76e5f357c06065fc18efb7910a12 | c5bc2a700420e142c9de3a070c165ec6da9a4b65 c2ad76e5f357c06065fc18efb7910a12 05263f754c5456ad772dd2448b85e9fefd1c4204f12391d8068bcba7cc388c53 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-3ze01 | Cybergate_49a01b81 | Windows | This strike sends a malware sample known as Cybergate. Cybergate, also known as Rebhip, is a Remote Access Trojan that allows attackers to fully control the target system. Functionality includes command shell interaction, screenshot capturing, audio/video capturing, keylogging, as well as uploading/downloading files from the target system. | 49a01b81be95c083274242c45faada64 | 28432d1394f31fef2698db9e0a50bb90ada3a336 49a01b81be95c083274242c45faada64 6b185c176128cf98a5241c3d10d0486cb3b4c3a8877d7831beed7088b688ee93 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-com01 | ZeroAccess_ded2c66d | Windows | This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | ded2c66d135d55d81e9da4dfc37a700e | ee7c91cdeda049eb19aa7380f7c516e40604a7a1 ded2c66d135d55d81e9da4dfc37a700e d17a1fb8e452ae4fce1f2763a32b209b6663c600dcf253fd1e943e481ca90e63 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-iv901 | Cybergate_c3da5814 | Windows | This strike sends a malware sample known as Cybergate. Cybergate, also known as Rebhip, is a Remote Access Trojan that allows attackers to fully control the target system. Functionality includes command shell interaction, screenshot capturing, audio/video capturing, keylogging, as well as uploading/downloading files from the target system. | c3da58149cfde1bb3e67ccc984eebb2b | 71e7a5ffe6ddf8b703a07bf7fded7f7a5c27a054 c3da58149cfde1bb3e67ccc984eebb2b 889728767005bed83d50f8ac92d4f8685be74f71155537c011dbdfb5da861b26 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-51t01 | Trickbot_ebf36c19 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts. | ebf36c1943b5c020195aa446091fba00 | 8cdceff5170f0e1ea2956739876ea9c42139be3a ebf36c1943b5c020195aa446091fba00 8a58ff91b277c4b10565d90fa8e0d847759276fa77983762337dc6bf916aa78e https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-0ev01 | Shiz_9b10f9b4 | Windows | This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site. | 9b10f9b42f0db432b6b31fe93c9434b4 | 8d27cd1214b565b9b0be240c73585a0619ff9805 9b10f9b42f0db432b6b31fe93c9434b4 ba8e2507b98e11681912eb982779c5791bfd084f1683d0ec211f187c04444b4b https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-6zb01 | Cybergate_93cfaeae | Windows | This strike sends a malware sample known as Cybergate. Cybergate, also known as Rebhip, is a Remote Access Trojan that allows attackers to fully control the target system. Functionality includes command shell interaction, screenshot capturing, audio/video capturing, keylogging, as well as uploading/downloading files from the target system. | 93cfaeae2aa5506f9605d14577031830 | 691f1b5311598ab5c7078d6239f8fe2311983274 93cfaeae2aa5506f9605d14577031830 ee13ecb06987aeef5bef6de64e0e5439b44f07f9f0783d8cdb6ace3fa950a6a1 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-ojf01 | Shiz_9a4f5042 | Windows | This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site. | 9a4f504273a4ca10c6cd701950ce21ef | 7a27c132868d87480145c3f120dfc962d5cb9299 9a4f504273a4ca10c6cd701950ce21ef e7df207595977cf6802d5d039c76a91ace32521f290d115c06325bb8a72ce18e https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-mpw01 | HawkEye_e701da26 | Windows | This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media. | e701da26b2782f0fe3cfcaa166963b65 | cdd3241428a092cda28d73db62fd82da1a79ade5 e701da26b2782f0fe3cfcaa166963b65 e584d0e379aa3fcb0c7f9de3106ae4234d88ceca407a9645a4edcf57b9202cce https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-a6101 | HawkEye_b82bdc2a | Windows | This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media. | b82bdc2a43b0974a2243abcbed830c32 | 8312529f045001961e07e8bf3ab829dfe272e89d b82bdc2a43b0974a2243abcbed830c32 d187fe363c737c1c3babe56649a39a1dc1d0da4cc7aef65e4782ba0c801e5079 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-uy901 | Cybergate_1201e001 | Windows | This strike sends a malware sample known as Cybergate. Cybergate, also known as Rebhip, is a Remote Access Trojan that allows attackers to fully control the target system. Functionality includes command shell interaction, screenshot capturing, audio/video capturing, keylogging, as well as uploading/downloading files from the target system. | 1201e0017ec744d837b8ce7588756b86 | 3c54fa18e52bdb0ea8970c6352ef607812430610 1201e0017ec744d837b8ce7588756b86 b3ded4b6a12a5a232816b33546167fa3e90eb78ac2876d1c6b4adaad4b75abc1 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-k9101 | ZeroAccess_ff75ff4c | Windows | This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | ff75ff4cb2fad310dc021e2f2524801f | 171af2938bc2721a165983970d573f2bf2103769 ff75ff4cb2fad310dc021e2f2524801f 64f81a35325dd38c136a632f0e23d167407a0c4963a70761d4ab5707775f0d23 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-i6101 | Trickbot_eaf81074 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts. | eaf810745c1b68d891559ff172a43581 | de74148d2bdc62c325d98f190ca9bb4ba92255cc eaf810745c1b68d891559ff172a43581 11513df12b19240af3485b6b0d0c871c305e2644e6503770baf8fb2949542462 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-uqy01 | HawkEye_b8e17879 | Windows | This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media. | b8e17879bac5b53174a69521c43276da | 9208b2b72d81efcd694a7ea6eb0675632fdff6b9 b8e17879bac5b53174a69521c43276da 0360cd478f78ed02dc9cebf82d31721fbc6915b0201900cd922e59ccc32f6038 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-1pe01 | Tofsee_43c81f49 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 43c81f4959c752e5977f86772574242c | 999e0004e21368b2907293654c3024f6511c0010 43c81f4959c752e5977f86772574242c d62553c4ef53220d32af9e5eb1a0accca3ca6aac7e9f3539119fec0718edd65b https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-xbx01 | Gh0stRAT_449e068a | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | 449e068a1c741603b500f7990e1ab279 | 60b9820b2f455314d78f3747019b7f661a6de2c6 449e068a1c741603b500f7990e1ab279 2c771b1e0003485b554e8014b428c9d53ad93d457c04c96b9e514f0f33e2e6ba https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-7ui01 | Tofsee_0451fcc8 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 0451fcc805e395a13acd53d64d3d76c2 | e156b42dbc801b100c94c6db6f87bb26ca9bce36 0451fcc805e395a13acd53d64d3d76c2 5f4bd5a0728432e4731b9d2606bacb05d7c6f10ad926735f3e4d9dee10791f85 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-rhf01 | njRAT_808b9614 | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 808b961476324019a42a43e0367d836b | b1a61a20e9338c63db17fe3c44e1d16c0725746f 808b961476324019a42a43e0367d836b fe84c213aa4643ba68eeca9e6af567aa809a6c0a3d2b0f9f5fa13aba4033a5de https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-6ma01 | Tofsee_2f59e5d8 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 2f59e5d8cd1900f62e1c2f2c9d27b0f5 | 337ed6d740b4ad0c150a4652c86f107a2edecd1d 2f59e5d8cd1900f62e1c2f2c9d27b0f5 ad34ec4764147faaee82935e142eedfe5569f88ef81195281539075a0f3c91ac https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-ict01 | Shiz_c866d866 | Windows | This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site. | c866d866e57a8385ed9eb283e333857c | 33e4b4f11fb75949a3b6ffd65478fc419db65d78 c866d866e57a8385ed9eb283e333857c b45da6a6c26ccecac46deeceed64bea1dc7753ebbd6fb93ad33048e0f8587f95 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-arw01 | Nymaim_cb4ca71f | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | cb4ca71f21409d275e68f90c39b82d8d | 174b675f069c61eb9540f22f4c43db182f216c2d cb4ca71f21409d275e68f90c39b82d8d 8519328e272602bc7117a7c9da2c00e40e8d45a97528ed3fa7c86f2fdeb9b679 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-fga01 | njRAT_c599d320 | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | c599d320b8611864718be28c7153c5ea | 49ced9f294c2e38e01b0f5c1c79aff9ad5482912 c599d320b8611864718be28c7153c5ea 95ba99bc91142b433da3a42eaaeefb1ce2a7abe93f2d8816b931eaccff600192 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-jeo01 | Trickbot_ce64f853 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts. | ce64f853b906569ad859f17f496e157c | 7bb90f1981fc692ef4f702a53a9fb6e5f8751a50 ce64f853b906569ad859f17f496e157c 6809cf34ac7fa454a8d8c25482c7a9acb44be1222bc89f2d478a953d93f63f3d https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-3jm01 | ZeroAccess_0ec6e981 | Windows | This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | 0ec6e98169f7278347ad3f180aa0d2b2 | d15b53e2299f2123333c3ba318905a73073d251e 0ec6e98169f7278347ad3f180aa0d2b2 688db1253d2dcdaf11bb2e8f03790dea9b10625b14b20531f4ea108801066f62 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-gml01 | Gh0stRAT_dbd08d77 | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | dbd08d77980f1639184eefe604f5b19d | 1f508099d0a81de727a0b549f0e606f1810fef3c dbd08d77980f1639184eefe604f5b19d 11978ef69a330b0d4cc544f48bafbca5125019fe147fcaf2db0bd72fe94c4b4a https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-w8j01 | Tofsee_7c335b53 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 7c335b53b15a40dd7de3efe56f8f687d | b110b895a615112c561cf9a04fc4c3c1b605a112 7c335b53b15a40dd7de3efe56f8f687d b4f6aa14eb833c83413f72a4e901d0e92c7da45828c5438594693f68c2a3ebfe https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-srd01 | HawkEye_1466449d | Windows | This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media. | 1466449d8294ce6090af5bf5eeaf1a36 | 581b27f5f2d96b41b59dafa81a74eb297117f49e 1466449d8294ce6090af5bf5eeaf1a36 d5a45f2dac9346b72a23fe10c07dc4ce234e7e577fd6c2e471464276651df1f9 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-x6d01 | HawkEye_9fe12ca4 | Windows | This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media. | 9fe12ca4929c901a87b89eda6399aeec | 105d16972912370297f1217472242153c3ecd8e1 9fe12ca4929c901a87b89eda6399aeec b23e50aa8217e033f01bfe6c52e651a3d169a202e6949a4d0d7c5a4ad145a857 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-yhm01 | Trickbot_7c06687b | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts. | 7c06687bb0b9414790cd069910aa06a7 | 5ecbd545f07636f8f83ab2fa851ac312727791ba 7c06687bb0b9414790cd069910aa06a7 854124fe1ae699a3dfd99b89a0b44101e74039ea8f06c781254f4aeca07b7013 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-sn501 | Gh0stRAT_cf98aebc | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | cf98aebc8bc3e6910a1a5281cf810bf1 | 708247e56c3f0912e0004b7b150da27f1be5dbf3 cf98aebc8bc3e6910a1a5281cf810bf1 1af0bbdad437c6f711447ccb84444b92df5ba237acc0b33f6eebe0d48fd2f5a2 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-g9v01 | Cybergate_9fee7b00 | Windows | This strike sends a malware sample known as Cybergate. Cybergate, also known as Rebhip, is a Remote Access Trojan that allows attackers to fully control the target system. Functionality includes command shell interaction, screenshot capturing, audio/video capturing, keylogging, as well as uploading/downloading files from the target system. | 9fee7b00bf3375d28e27cc7e86bbd1ee | a0153ce3188e06688f39c38b8107e3d295e3ea3a 9fee7b00bf3375d28e27cc7e86bbd1ee 949809f505011d5b9aacc19fde3bead211004bce92921a460afe8e8f57b92923 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-ee101 | Tofsee_202c4d76 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 202c4d7639540dff53d9840b016ad1b3 | 279f2bbfd1ad1538becb0e34b13e145e65162775 202c4d7639540dff53d9840b016ad1b3 4d660a6519c258074627f7d30a4878e15a4e621bd79f21a34f4550c54ef38c4e https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-j1j01 | njRAT_b1cecc93 | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | b1cecc93cd701d029069c8639576d5df | 28b7b51c033f483a4df2240db9a391eae17e8cf6 b1cecc93cd701d029069c8639576d5df b168b7b5acf2cb602aacb9c737a9a6e252461e7a4f2a4c0c1eab2fdbd36fdd7a https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-nm501 | Trickbot_e566e3d8 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts. | e566e3d84f6df07b1d11e209376568df | 8ab99d48d8d008230176c7adb2ac0d7393096cd3 e566e3d84f6df07b1d11e209376568df 2807fea0af4c94116f0677eb94d798b6f40c3a3cc50ed8d2d2184a061ce30904 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-s7f01 | Nymaim_ffc88f83 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | ffc88f8367fee470b4da89c0cd043c16 | 46919697d90979ec26322f33a69dbad3abf3ea69 ffc88f8367fee470b4da89c0cd043c16 2dbd752e0cb2b3b1d20fa8e714281b8856fc121b4a2670937f7956f90dfe9ecd https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-f1d01 | Gh0stRAT_f8a4e80d | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | f8a4e80d33b1dbab389b7b28ac5f3b50 | 1e6cc615e65aa81f14e8ec6f6faafedc97143bb9 f8a4e80d33b1dbab389b7b28ac5f3b50 24436d1687d5a814d3552f9fe6aed8d3778a66888508d1685d7c8c39d4b3b5a5 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-ger01 | Gh0stRAT_43c532c4 | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | 43c532c424d6066bb6c3e953bc06fffc | ae7b46b389c5e749e006a22d1bb3c9d98d21ae01 43c532c424d6066bb6c3e953bc06fffc 3176a16b8d3fdcd6162a24ea2979f82d8d1ec4bb98e15c299affd56704bf30d6 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-oyw01 | Nymaim_309f6c7d | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | 309f6c7d8dc0dbe2dd73818aa4ae7990 | f737a4071d4436c1b466b1aa1c4e4b42283fd028 309f6c7d8dc0dbe2dd73818aa4ae7990 b0eb5e5599605584271a1513740039d6cfc363d7203e8654d9ece9d7df1b06a2 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-nvl01 | Tofsee_2074f45e | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 2074f45eca511f964e5c38bef8462004 | 1ee57efda609f6daba8265724adb75d5e355ef32 2074f45eca511f964e5c38bef8462004 a8f74812b66b89f9c0450b2f565d3ba2b417e7e10514618c3306de37749af886 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-n2401 | Gh0stRAT_47eec7b2 | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | 47eec7b2046cf954a6f0d34b3a5703bd | 77dcd555a67ddb9f795bb4495636b8e3ea66ec48 47eec7b2046cf954a6f0d34b3a5703bd 313e7c484e87f221fe3e7af0aab2e17eac7c5a1f1a6c6fcf96140f1a24ba95ba https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-l7x01 | ZeroAccess_39ed4a80 | Windows | This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | 39ed4a80d12c733ec8fd9766c062c488 | a6e07c036a1401a1ffeedefa9c46fbafb8de37f9 39ed4a80d12c733ec8fd9766c062c488 c443515f2c11f9cce0be0bd88532bd2b0885d2836bb0b5abb4c2e9198bb2121b https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-sep01 | HawkEye_5413b258 | Windows | This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media. | 5413b258b2df4929d974ea5ffbc650b6 | a2052e95c79ea6f146f27d2c887e89ae52125685 5413b258b2df4929d974ea5ffbc650b6 7da2b98047bf4812b37f670b7a75b1b0ccd414802a3c59e564fe0437d23964da https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-xhx01 | Tofsee_5fa95d05 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 5fa95d05d30be4291b3fd3249abda10d | 2a2e280929a85f85580a3e77724ca9667d7c9df5 5fa95d05d30be4291b3fd3249abda10d 7d96ef5dfba65346fa3ffbcd23016f21e0a523e2215e963f21cc8c939c2e35a0 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-7sb01 | Gh0stRAT_78085b84 | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | 78085b84d0d5536f48dd1cd39cebf0ac | e75ce54cdeddd3ba628093c60a6a32bfcd986770 78085b84d0d5536f48dd1cd39cebf0ac 32824a80e061fa64a2cc928d3fbde4f742dfb22b4bd9daa13c2e5ab80697c836 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-0k601 | HawkEye_43009f0d | Windows | This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media. | 43009f0d160d779c518b9c7bc7417f14 | 4b8d7d43f68c32b1dddca7d2bb417e1b754b2de2 43009f0d160d779c518b9c7bc7417f14 49d6cfdd06d8d9a234f5e59849b47199e52a0355479563c76896edd91ca7c04e https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-1w001 | Trickbot_f08a84d0 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts. | f08a84d0e47f8bc7069afa147b1791ab | baccdbe92184444c98b80e9588589a5e88672276 f08a84d0e47f8bc7069afa147b1791ab 74547a954562f29ea05230900daab9c043e088fd1a38cb2d077ba4624ef51523 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-jnj01 | Cybergate_b788cee4 | Windows | This strike sends a malware sample known as Cybergate. Cybergate, also known as Rebhip, is a Remote Access Trojan that allows attackers to fully control the target system. Functionality includes command shell interaction, screenshot capturing, audio/video capturing, keylogging, as well as uploading/downloading files from the target system. | b788cee4d46f846f726116bed8e05462 | d1e87131b5d575a7e385eb63512b2fe1fcf907cd b788cee4d46f846f726116bed8e05462 b3b914069bb60dab4a0679f912c43f77a3c4bf71804fcbd5085646336dc41908 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-f0901 | ZeroAccess_934936e5 | Windows | This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | 934936e53890796218c227c127c86ef3 | 12afa8106a619328f7cfb2f17460e12899b340a4 934936e53890796218c227c127c86ef3 9db192e4eced11fc3f84d6d8f6302e0230798993bc2b9efca6170428fba13906 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-nmu01 | Gh0stRAT_e2e1a12c | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | e2e1a12c00f1f7da52c947a59ab0fba7 | 062be73c1760145410a6dd3f38c0e472beaeb17d e2e1a12c00f1f7da52c947a59ab0fba7 3073891867551a6f111eb2f8af3e02729bf97627da4d019fc289433de4cfc35b https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-vsy01 | Nymaim_4735c798 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | 4735c798e9b38cc102c3c702fd1a9365 | 00d128f4ecff94cc9cd860403d3d1b526bcc34c8 4735c798e9b38cc102c3c702fd1a9365 862346823cef73fdd9a155b84edb2feb180a61390a3817ef97fa272cb01d7994 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-3c901 | Tofsee_096dd5a2 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 096dd5a2c5c5ca6912650ddfc95ece60 | 3bec8386a5c758b89082a2d0324b82d09e43721a 096dd5a2c5c5ca6912650ddfc95ece60 398c23230679c69942c5d64c7aaf0e9e8ca3434d54559871f3a3a24fbd9ffa3c https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-psb01 | Trickbot_0d2ab3cd | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts. | 0d2ab3cd6624494efdba1bd667b0d00d | 108700804bb8cfaba8591bfd9a216bea466f6597 0d2ab3cd6624494efdba1bd667b0d00d 3ecf64c343752bfbed1a8984cfb207309133df964da0b2e086509e8aed167a66 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-j1b01 | Gh0stRAT_3c3fdc46 | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | 3c3fdc46e3f1d7129740a36253680a83 | 5657a423d3e02d5d0f9a14684eefb457843fae9a 3c3fdc46e3f1d7129740a36253680a83 164c0c94d252f388ab7825a8bd9abf8cacc45cbf34281edb72951982874591ab https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-fhq01 | Nymaim_97b276c9 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | 97b276c94cea71aeeb89d0a288174be2 | 17f25a5b9ae92d1808cb97209f3728929d10d439 97b276c94cea71aeeb89d0a288174be2 3180f041ff1ccd52f829f222e5d124935a11bc3aa9fc908e3ce93f84e1ec49dc https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-hu602 | njRAT_d14e6a58 | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | d14e6a58abb27be931c6c9f170887488 | e2411b67df4b379b08a8ee583273b959fdf1ebd3 d14e6a58abb27be931c6c9f170887488 eac06f1399c63d11fb621d348a2a8fb6256262639d239b142092fde76a684eff https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-9l301 | Gh0stRAT_a53074ec | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | a53074ecc8277d5ff066be44c1ca8c46 | a1bb3e2eaee47ca6825fb624ed49d0538abe052e a53074ecc8277d5ff066be44c1ca8c46 2cdd4e59d78f0a3537c1e1c5a7b9fb4c369a20d79a057568a51a2cbebb2f8241 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-hc601 | HawkEye_b3d1aa85 | Windows | This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media. | b3d1aa851d81aa4dc76596edd35182f1 | d24c4e942d7d6149b87c81084e0b0a25b6b8ea38 b3d1aa851d81aa4dc76596edd35182f1 04e3d5854d00d835e206b0982889a079e3710296d33ed1ebdaf349b4bbcf790a https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-pue01 | ZeroAccess_b958c2ad | Windows | This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | b958c2ad4fcc9c0996b3310b4593af22 | 766370b08e5bbe35cfa9d0685ae5cc2b9e39ac2c b958c2ad4fcc9c0996b3310b4593af22 a1335dcc4001df7691151413c8c1280dcda1a28a5bd21e82673de4d7560116b7 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-tfn01 | Nymaim_51b6cd35 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | 51b6cd35b56a8864a8fedbbe25020c3d | 689a5077d803d21601270760dd38de2fdef921d4 51b6cd35b56a8864a8fedbbe25020c3d 3f88dae29802bbbd85c175ce34b40b4bf34f884768b6669a91981f374bd1cd1f https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-f6501 | Tofsee_dff076ba | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | dff076ba2abe316ae6c6d2308a33ef1c | d6d5116fd778857c08e3155e9a85034ecf5a6dcf dff076ba2abe316ae6c6d2308a33ef1c 9e5897942fac812b74be41b06b5e1cd1ff4e9fd9b71d10aadca3d5f368cda0d1 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-tje01 | Cybergate_9d3fc93c | Windows | This strike sends a malware sample known as Cybergate. Cybergate, also known as Rebhip, is a Remote Access Trojan that allows attackers to fully control the target system. Functionality includes command shell interaction, screenshot capturing, audio/video capturing, keylogging, as well as uploading/downloading files from the target system. | 9d3fc93c9d38fc1f6d67cd068f083e47 | 2ee2e0891e6bd2c71c044a80cc303d0755bc69dc 9d3fc93c9d38fc1f6d67cd068f083e47 ad8f56bddd8a0cae565c243ff0e4422781f78cc3033763d2a9100e32c2ffe98c https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-u1i01 | Cybergate_a5e6f88d | Windows | This strike sends a malware sample known as Cybergate. Cybergate, also known as Rebhip, is a Remote Access Trojan that allows attackers to fully control the target system. Functionality includes command shell interaction, screenshot capturing, audio/video capturing, keylogging, as well as uploading/downloading files from the target system. | a5e6f88dec5c1c8ad4b15145f1610dab | 2924a661a6db6382359032c96caa6440edbdb35c a5e6f88dec5c1c8ad4b15145f1610dab f2a2dc50a052bc4a25cc8fcdd235d89286fec24beede6f6cb78b7641162bec0e https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-i3e01 | njRAT_1634ff1c | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 1634ff1c0c89dc7e144f6f425a4d22b6 | 65c22d6398dd2bbe9ea2a214f7403acffd21ba1f 1634ff1c0c89dc7e144f6f425a4d22b6 f446642655c929d6b069a874364d6da67a6d07f4a2a5f78a77087fb2f1f243aa https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-gfd01 | Trickbot_4659f606 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts. | 4659f606dd426b45b66972f9a74c1fcb | a977d9086af9bcd71267061f84fc96665dd0d625 4659f606dd426b45b66972f9a74c1fcb 00c98d727a85576416dba2a3a68010f986ae276935435e6d9eb02d33fb71b3a3 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-eeq01 | Tofsee_a6589348 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | a6589348aa65e4d4317d05df3af1a0bd | cb6c32f2acb65d9164a7d8cc722decd7c5a74717 a6589348aa65e4d4317d05df3af1a0bd f095b72dc6ba5c3c3f2e410d0f1766a8f6ebbecec1a4914b957f9a7225cc6c00 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-hl601 | Shiz_5d27f1e6 | Windows | This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site. | 5d27f1e6d94b3e8ae38f14238333f76e | da9ebaa7bc2c684ac6dc21057b808f760214b949 5d27f1e6d94b3e8ae38f14238333f76e ea0ea261f2a0211dc179b23bf18609749df13f024db3384cf1f7f54d09a3e21d https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-cgm01 | ZeroAccess_e158678b | Windows | This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | e158678bcadc45a72a7f656c3be8a1e7 | 1ed6b140d1b45fadc1634dc5435b2653d5bbe433 e158678bcadc45a72a7f656c3be8a1e7 f12f6a6b3358a8dee157fa6bc7170d94cbf2e6f890c86791af20c1a841c01c17 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-rnd01 | Shiz_af00e6ea | Windows | This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site. | af00e6ea4f32d6a1c41e692ab969984d | 1430d66bdd69a6465008d9030769a5ff578d77a6 af00e6ea4f32d6a1c41e692ab969984d cab99b6945c6ee017c2297f13f5962ff2be066c3c9f4b812f1183334ab133de0 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-ri401 | Cybergate_86eebfaa | Windows | This strike sends a malware sample known as Cybergate. Cybergate, also known as Rebhip, is a Remote Access Trojan that allows attackers to fully control the target system. Functionality includes command shell interaction, screenshot capturing, audio/video capturing, keylogging, as well as uploading/downloading files from the target system. | 86eebfaa5987bfaeaa8ff1cf51e77841 | 308c45c783337896dd9480b746b758287169f4a2 86eebfaa5987bfaeaa8ff1cf51e77841 c7f2645df614351360457a892f9849df80155330e10449d4448d357c3d717ceb https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-p5p01 | njRAT_044b3e11 | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 044b3e11e36480a70f9b74ce6103646e | 1710f1cda4bcd376b5fd49b7c01a7ba3eb43f36c 044b3e11e36480a70f9b74ce6103646e e81f03b9fcfb674248f670d60be4918781bc0c6d6b343f890c2c2fcab15d7ea0 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-q3901 | Trickbot_735676b9 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts. | 735676b9cf6e17e0bdb615ccf7abbb71 | ac5f57f6a926f6cb3aebedc6d7c8b3a1dd85a5f1 735676b9cf6e17e0bdb615ccf7abbb71 3e98c771dd86669152fb58cfc0ecd7d264426ebe125ee4d96893efad5af5d236 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-j9801 | Nymaim_72562e84 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | 72562e8492ba9a906f9a851bd90302e1 | 3c2fd6662833e1d470ac4b9cf9dbdce9a8ea3355 72562e8492ba9a906f9a851bd90302e1 441649516eb75a61f2ca4d0570dd2e201c6528b452ce7bc04c5120a5b36ee090 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-weg01 | Tofsee_2b6fb71b | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 2b6fb71b774a08bad927f01a18696156 | 90c75106b3584f6b7baaf4c21fb175e21ca1cc22 2b6fb71b774a08bad927f01a18696156 a8adbab4a72506f7343b7ff78a028fd26ec944a1d4de846ee0bf9651196d7724 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-8z801 | Nymaim_58790744 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | 5879074407606c542a04dc45d402a613 | 451464e9aca3269244c5d41329a01affc42d557d 5879074407606c542a04dc45d402a613 6802f2b005b9e02f395117ce2f753d98d239d9271825871105cca11f86764ada https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-wjl01 | Nymaim_74eed5f7 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | 74eed5f710d7ad5294365eac4fb49e37 | b90495178fb6b2bdca337daefdf2d47771592bb6 74eed5f710d7ad5294365eac4fb49e37 bc11794224c3dba73fefc8be9bea7ddc8782db3e3173467a1726e02588e56019 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-gzc01 | ZeroAccess_096937bc | Windows | This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | 096937bce310d223ae9dc664dbee49ec | bf9add6458bf5e70d4d32ca8a536ba963287adb0 096937bce310d223ae9dc664dbee49ec 9a254fc4e4ca669bab5ad0a830ab43a9ebee6b835fdf794f76a8575d2ca8d548 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-pvi01 | Trickbot_8b071679 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts. | 8b0716799ec6a41fd505c67a97c5a3ae | c54b8323575a3c1c2b72b0c737ebe0d6b7eee64f 8b0716799ec6a41fd505c67a97c5a3ae 3dd50fe971d7256311dab97ac7afeb0a6ec91de2feccb125eb09ac8a22947005 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-5d601 | ZeroAccess_928c2266 | Windows | This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | 928c2266e373f9c189074cbe6e450072 | 2e97e3537abf861cf6bff78d3f348cd2e37f5ad4 928c2266e373f9c189074cbe6e450072 7d8a67472d130e64d41205a7c1e5263b4fe6a4c6dc2b413618fd9e38ce47f536 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-55j02 | ZeroAccess_0761e548 | Windows | This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | 0761e548a747367ab5742ef6ffec1967 | 51983287057d713650365aca93f24c4e71d68e90 0761e548a747367ab5742ef6ffec1967 a2f377e3ff205bc71b5c2a88957578d2a6fb9d390d7ba19fa5117fb0f17736b3 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-mvh01 | ZeroAccess_31f9d5d5 | Windows | This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | 31f9d5d539b35d62be9ab2f93778402c | 093bcd6ac22798da3c7543d6906023a2f865d5ac 31f9d5d539b35d62be9ab2f93778402c eb5d5d7b8119f0819a9f00bd20e3c200e9e938a7705bcad0afc86f254d62a78c https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-wu801 | njRAT_13c42385 | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 13c423852fe40c200d6889f879a91c17 | 4466797fa496b23d5d63676568e1a00a3b9ca608 13c423852fe40c200d6889f879a91c17 c2d48bfb920ccc59958d456262b6313d6c1246790e1ad0270ea775665e411dac https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-xiu01 | Trickbot_7d8ba73b | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts. | 7d8ba73b92dd18f207dc593736eb841f | a8464bbd57e0de7478582f4d1f1853d5bacef519 7d8ba73b92dd18f207dc593736eb841f 7bf167e2fd1ad3b45e42fcfce427c702cdb4df6e96602a183fee57d777140a18 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-dsr01 | Nymaim_72c9183f | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | 72c9183f52521697ee521e97bd9e9110 | 6c029b7a24a710e96aa5c4dc4db89408bc29ecc7 72c9183f52521697ee521e97bd9e9110 95556cf5e5a160d2940014413d4948bc4877a127ce142bf27a7295ca212e48ae https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-6wd01 | Shiz_ca15f439 | Windows | This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site. | ca15f43938b55c23d88b842c120160ff | 492a9829e9c2c962b8f5c4e717ccebd458d7d02a ca15f43938b55c23d88b842c120160ff ea9b003f2dd1f2293add17f6607370a130d3efff27d55c5068c7ac8abcbfb76b https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-rj101 | Nymaim_d6cfc97b | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | d6cfc97b4783a0a9f0e38e87b788099e | ecd62b76a345c6b68a8dee136b1d620dfadede2d d6cfc97b4783a0a9f0e38e87b788099e 0b51bc5550062212ed1ac0a7099235e2fd0296b93446106b0220fab519fd634e https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-ccu02 | Trickbot_cd93c001 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts. | cd93c0018ac58da8820c5ceedbd53534 | db4937fdf035e1223ded691792eeb4244abbbc0f cd93c0018ac58da8820c5ceedbd53534 292920637d78485e4053b4a056d569f2e17cb8ab531f3372d18402c35fd735bf https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-re501 | Gh0stRAT_07789a44 | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | 07789a44e08e0c7e22bcb9a743370226 | bc28ffa1278e42fdbad03b97f34654ecf2df8d28 07789a44e08e0c7e22bcb9a743370226 274d09e6e43dc96ba17a782a30afd525c972f3ad50e73655d8cbfe94ea97b481 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-nxr01 | Nymaim_e871fd80 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | e871fd8071af9b511d498b564df744bb | 7f1ef6e0e9617424ef68e9614c92db6ed4ca11ba e871fd8071af9b511d498b564df744bb 991bd9883c36b2fdf326418d6ec660c6a5d57e88f2355a49a5c69b2490c848b3 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-nuk01 | ZeroAccess_383f2468 | Windows | This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | 383f2468706d7c893970a23f4611fdef | e4692dd8dc2647e98d16aa465a5e8195f920cdbf 383f2468706d7c893970a23f4611fdef 8eea2b29e69058398957d5972b62b47947d090c2610bcd45ee593fa92bf25004 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-nkl01 | Gh0stRAT_fc59e9fe | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | fc59e9fe8368bccdf96b23c369ea7648 | c95235b4fe227b282f4434aeb046109189276f9e fc59e9fe8368bccdf96b23c369ea7648 333afdc84193d7b7b0d4d1c1e94fcd38426660db5f0fe8fb6dff57d0436a72eb https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-5ac01 | Trickbot_9edefa7e | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts. | 9edefa7e118b937aff078ef650e434b8 | f039a453f4ab0df62e9707947f14dbb666b84fdf 9edefa7e118b937aff078ef650e434b8 30938782dd1ae8ff1a35c17821860745f613a5267e18171e7336d1c6d5f5b6b1 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-s5701 | Gh0stRAT_6c253be8 | Windows | This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks. | 6c253be82df55aebec7e51352904d880 | c298751c3e417dac40a1712865d7a699eb3e8382 6c253be82df55aebec7e51352904d880 1ef070ae000ecca44fd13b1c3b642a7a5ef8894becc9a228f2aba33c04f267d5 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-kf001 | Tofsee_b32c7838 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | b32c78389d90b51425e6e51504b2d3e4 | 48e25f969ca737bd4ceef67eaf267e1ea470e050 b32c78389d90b51425e6e51504b2d3e4 b75a2838b93b6ec47b27bd5c9798386775e9a3dfcac5c3562a7ff139eaa14ce3 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-fub01 | Trickbot_5345d177 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts. | 5345d177eb79da82fa23a2a050e70ad4 | 2c221993e78451fa3ba834d4517097c54650b560 5345d177eb79da82fa23a2a050e70ad4 19910cf1b0fb40f8143c459e93a6110393b502de81646ed7685c7a0766e4823d https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-xn501 | Nymaim_c256f569 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | c256f56905cf6ee105156cf9a2c33067 | 93cb35f4290a76f1504d152b107d2c4cb9ba8def c256f56905cf6ee105156cf9a2c33067 645c58460c7d1b0ef4769d505492eb5a9bba5efadf9f6a456313df72bf706eda https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-gej01 | Nymaim_ab7ae350 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | ab7ae350012b34d6bfc09c19b9900b7f | e78d285a84ac0f2fad522f053b3af07fe3843f4a ab7ae350012b34d6bfc09c19b9900b7f 9d30abaa088f71f0914d083a8c6232e37e1fb13bdb495c6d3b1485b50f764e42 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-5kk01 | Trickbot_35163fce | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts. | 35163fcec32b9b32c097b830b28dc3c0 | 6153092a302044f339e7440d3858de19b95c9eec 35163fcec32b9b32c097b830b28dc3c0 0fff84cfd0c674f7d55a39cb6be3bb7fccb3549dbfd9bc8f8b4c8c6307cc5102 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-ywe01 | Shiz_2fb42ac2 | Windows | This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site. | 2fb42ac2640b8a323ba50fe4b875586d | 8189927143ea80d63778393989ca86faa3b86143 2fb42ac2640b8a323ba50fe4b875586d 90fb3fc2fa229953c808954a8eec46b36f1edc0f41ab088c82ea755ffa3c43c2 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-fvk01 | njRAT_a24608d9 | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | a24608d919130fb3704e2c02954069e9 | 94a4067592441c5e3111eb3696b4ce8bcbfb17b0 a24608d919130fb3704e2c02954069e9 9b7a41fc9ccb0392a9d609fcb583e3b966ed713732342822898ac6d560d569b1 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-g3q01 | HawkEye_f97a48ee | Windows | This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media. | f97a48eedc8ad59c683e7f9de9d90d8a | 0e3aa7530d21c08437e2df1471698317c0356bdb f97a48eedc8ad59c683e7f9de9d90d8a 621448e4a383b6bcba18f2b522331c6f79764db97a73d596d92308f36a2b5add https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-2mq01 | Nymaim_62e047b1 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | 62e047b17485cf9b1d07d53df402ad2d | ddc033188604c592e368e908bfa4a4c19c4f9ecd 62e047b17485cf9b1d07d53df402ad2d d0f6e3867416053747e82117e4cf5b5dd1a0f573316ddf6d1716465726bbb215 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-ng601 | ZeroAccess_ab9185ef | Windows | This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | ab9185ef70e3ebc3517ef67d0ced8308 | 08534fb42efa6a28387cbae3dac2ac1a42cd1d5b ab9185ef70e3ebc3517ef67d0ced8308 78951871e9a63fa3907da13165bab1119addd1ce8a3b376afae47b532e5d3653 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| M19-dmf01 | Trickbot_2fcf7000 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts. | 2fcf70007723a73a2d6e68e902035f8b | f1716455faba8b464a3d0b4eabb625c34b3da51e 2fcf70007723a73a2d6e68e902035f8b 541729295b97eaa2ec3a566c2095b5e4c03239d9b1235d4a2b6331f3dd986f75 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html |
| Strike ID | Malware | Platform | Info | MD5 | External References |
|---|---|---|---|---|---|
| M19-zfz01 | njRAT_7477b2a9 | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 7477b2a99b3e1eb4329e229008f9b788 | e2e08292cef2454f28ecbfda037c6a4dc86ff18a 7477b2a99b3e1eb4329e229008f9b788 37cf34ef1a59fa7f2a821d2aea146aa341d56ad8cbe8b60c028218919d9fb65c https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-and01 | njRAT_8361f4d2 | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 8361f4d28e1604a6ff4f82aeb5fd3624 | 66ac52cde6ad89cbe705d244f7703d903ca8670c 8361f4d28e1604a6ff4f82aeb5fd3624 b1a0998fd2465208767650c597906941f2c95d9acaa69254238f1923ab6290fb https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-c4001 | Cerber_b53cc66b | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | b53cc66bc377bfd0ec04e57abd44f336 | aea3297ab930742e122e417351ac33cc7340a9a3 b53cc66bc377bfd0ec04e57abd44f336 d41538fe9d4c4edb975df9af8850749b9db89cd470139b0a58ff8d68e5b6240f https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-enj02 | Trickbot_cafa77fa | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | cafa77fa825cf89cd7be636b7a5886ce | 677654bf31aef0f03f951129cd96bb4db192adab cafa77fa825cf89cd7be636b7a5886ce f01e645d797000911da3221face197fd3a6eeb12d2e6acc99b984236530d117b https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-43101 | GandCrab_501d2975 | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | 501d29751f237e66f59d99d26f6ca37e | a168c5b1457c69042cef2e19410d8ad6b1972729 501d29751f237e66f59d99d26f6ca37e c992d5faf5fc1cbafaf5e40e3fcfc0daad218bda2768b3640a97ed5185f91627 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-ur501 | Trickbot_68ae2687 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 68ae26871a4173d33515bc02bda4198f | 01e1140ceda519aa0581ab7d090ce5397de2b426 68ae26871a4173d33515bc02bda4198f 7ee35d3aca75c64bff75826baa082a1d65e5d0a0c4bc5a258d37d22facbaf159 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-kk101 | Cerber_6a4cb196 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 6a4cb19678e6979fdc2074b3dd5fc777 | da1d9e05265306bdf766efa06e1420a4abf16191 6a4cb19678e6979fdc2074b3dd5fc777 84237ea2516de3f238fbcc495a5c50b3c2ef72001b0afc14d0939a984d1dbf22 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-rbm01 | Trickbot_7022ab0c | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 7022ab0c2794e6d9fbd0e5eac3ed563c | 5ff36133aca0c0cfaa01ec3a07c8c61755b01f65 7022ab0c2794e6d9fbd0e5eac3ed563c 71d157b247885a9fac9d5a2de95d62675a2887bd539face9f6d97a749bf368a9 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-8vp01 | GandCrab_cef6a5a1 | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | cef6a5a18b13bd309859d1b346e2084c | de28da67a0aabe79920521d17d2a7306c79efdc6 cef6a5a18b13bd309859d1b346e2084c 4229d9cbca43732abbe849cf9b41cb92e62702a9716a36040a51ae4ae53b4035 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-orw01 | Cerber_96c25ec7 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 96c25ec7e03368c932ff57fb5cb223c8 | 6b8b814071b2a0809a0ac7cef9f671bcc299541f 96c25ec7e03368c932ff57fb5cb223c8 7fe89fee44b718691ba4af29f533b375ad78bdee6660a89071f80f8b12c58295 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-mjb01 | GandCrab_b0072037 | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | b00720376307d3f579376578940754f2 | 5765b623bab59381c47e8a7fa54ac9a4bcad4de7 b00720376307d3f579376578940754f2 9c0e9a4eadea6cab1ec7faf191e77e77b91e709d8222b5c2a1d30059d026f266 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-97001 | Kuluoz_be0e47be | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | be0e47befb6977317988f5086158caed | ef2fba55512dc7a3ef1418d370070eb720efb58a be0e47befb6977317988f5086158caed 0a579fd78803ea10efd73e5e1a36986f5a4f1caba4fecb0774d918ba578818de https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-51901 | Trickbot_1810112a | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 1810112afcfe9dc6ac1bff3022e4e9a1 | 170748396d1b7587ae8adcc20e00891048ba79ee 1810112afcfe9dc6ac1bff3022e4e9a1 98a9522efeef7720f8ba8aad303259eb1e52b35d9b38cc5a44715439d4729b0e https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-gj901 | GandCrab_a08399ab | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | a08399ab9b949d6b99f4bea87872a11b | bd4082c479d5a3c493b8cbed223578652d187878 a08399ab9b949d6b99f4bea87872a11b 4eb064297e7f7c2353d9a6838527168e38765163f252277049fa55eab0adc8d7 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-w7a01 | njRAT_4b1aaba2 | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 4b1aaba26b7b93d55ae4ae6d64f22f12 | 6afef9795bb6d9f60ded672e6625a6d01639edc3 4b1aaba26b7b93d55ae4ae6d64f22f12 438a539d7fc684ff23c37d28f6968e16a26361baa95611374e844b527d8348f2 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-0c501 | Expiro_deeed92d | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | deeed92dd77489ca379a6e7797e5e84e | ce77990311e570f0824fcc1734ae7665e784c935 deeed92dd77489ca379a6e7797e5e84e 1a4c6b55be877c65e946d24812000fb8dfccbdfe19be1b8acc67bce8b4893743 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-goa01 | Expiro_ad19814f | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | ad19814fa75831ed8da504cb7925a82f | 62a5fdc8bd25a46dd24b9e6046f4d4e925a3c74d ad19814fa75831ed8da504cb7925a82f 6cf2f544a52878b86e09d4a6938949fffb1b65c2afae49241c99913e3046baa3 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-r1801 | Kuluoz_f170bd6e | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | f170bd6eb865b4b062a39b1bfee8fc2a | 34eedfd2b1a339b41efce089435764901d2344a8 f170bd6eb865b4b062a39b1bfee8fc2a 0ae4096d1264141e9714700691f6fcad18b1ccac36f73d9e580a652b6b9e2743 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-1sd01 | GandCrab_5a754487 | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | 5a7544871eca9a2d8bdf7ae7f0b0694d | 740cfb0108d20c4eb311d21948079a6e49f916a8 5a7544871eca9a2d8bdf7ae7f0b0694d bb187240ab8850d6b731921ab5d3ae0caeb5015ac5986af51af789ea75a3ef71 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-qgm01 | Kuluoz_83fd753b | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 83fd753b85ac21fbc3d35368f7e1ebeb | f62ccb02a2e8ba4c00e9d59118ef59ef22d2448a 83fd753b85ac21fbc3d35368f7e1ebeb 06370b03ef47ca5e5547d750f49034fbeb3782c201e36921c2577f074123ccb8 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-5l201 | Cerber_931cfffe | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 931cfffeae140f25a215faf2f8531ed2 | 5366790e3eb835ee1b114679f70ee958f3b852db 931cfffeae140f25a215faf2f8531ed2 ad93c9f4410bb99238320518457308695053b36d9034ba6a3720a9294b6b4c4f https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-9fk01 | Expiro_9b355ec6 | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | 9b355ec6665ba6d6a0ac55a5f23f3cca | a61bfdc6c7a171489e975e295dc35f037e72ddbd 9b355ec6665ba6d6a0ac55a5f23f3cca 288fb9363990e5cbbad51e4e0436b4ea69a1cf148dbabae124ffd00151b7bc33 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-nwk01 | GandCrab_a213b0f3 | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | a213b0f32134e9d775badb0880c39c62 | dc64f7f13220a8c7b6a2e411e1b48a4fa21f170c a213b0f32134e9d775badb0880c39c62 b423e1d48c0278c2844858deff96748e9d28e8fb076990a57de6b85d8beacb03 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-5bc01 | Kuluoz_fb36352e | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | fb36352e290f700be09818a2b5d30609 | 7fdb6bfdd9085fa7ab24c5d0fa10abc2bd9b7fe8 fb36352e290f700be09818a2b5d30609 0c042729532173d9c64ab369c0710861299ed553b201c218a1453c52d967032c https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-g1302 | Tofsee_1339888b | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 1339888b1c34782a60c1909cd13f3d80 | 86a6a2e00239990160987fe3ec9f1b3973fa7d93 1339888b1c34782a60c1909cd13f3d80 b1a7847311263f61d845e04d26d4bdb477ebc511e53438ab11408b69f079140c https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-rzr01 | Expiro_ad2c9816 | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | ad2c9816fdd73e58ccaa53fd5735579f | 9460da8a3441c57faf45ef9cd243881cb40ce8f2 ad2c9816fdd73e58ccaa53fd5735579f 2458be6e8b13f29643ab1bbb040b78d1a94e55e50146eade0a705740eebf054a https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-nx001 | Tofsee_1b5b7994 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 1b5b799488518e52fba5fea518671c60 | 0192b71883fb7a5f9a5349dd831e485ab62d73e8 1b5b799488518e52fba5fea518671c60 130c448935b7cda787b3b2c25759959feb78b4da0578993910dea9810ac5d65b https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-gfi01 | Trickbot_ea38a830 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | ea38a8306c5eba3d0034573da9fdd86c | a8eedaf978883247e46db6f18f029fee14d752b4 ea38a8306c5eba3d0034573da9fdd86c 82b686b66ad703470800edb64763f2b64e1cffaa6830accbe7ff8178e6b48724 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-yyf01 | Tofsee_86f31c24 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 86f31c24a19654952c5ee7c9025cd3b3 | 2fa02beeb22ec38a8579330a18849799a91b1c54 86f31c24a19654952c5ee7c9025cd3b3 8b5bcebde67ea9f0f71b9dbceff20f719334b364efe2555c0a7faa53c2cccab9 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-g8z01 | Kuluoz_d3722747 | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | d3722747bbb52b01745d83578d25b912 | 19f403061f1dae30ffbfc157a9f26022d34477a7 d3722747bbb52b01745d83578d25b912 00722db9477ac36de1c2862fc9f35cafc7a01347110d29102dce98cdf72155bc https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-xf801 | njRAT_4adc5dc9 | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 4adc5dc90ca104b72058468d816f2960 | 3b2ee47250572e309a708edc48d536490ded7f85 4adc5dc90ca104b72058468d816f2960 8b9d87a3c7b4a03bf14459e9efdb89b4a73c3ffb006396638163ccd0ac73a72f https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-p4q01 | Expiro_cda4b7e3 | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | cda4b7e3b9751fe6bc3986130603c3ee | c3b68882153128d556a3943888069f067a3236a6 cda4b7e3b9751fe6bc3986130603c3ee 4624f0bdb4bb2092cfc73dbd30f7ab61403a0d1c60bef5290c6ed9fe60bff849 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-50r01 | Kuluoz_05a567d9 | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 05a567d927b8a3229b7c5d04ad37779b | f2a5e638e70673a7a41745d82a5b9ca7107b1250 05a567d927b8a3229b7c5d04ad37779b 012c77f8b7c99a1d27823d452e130abc5cac6f000adf05d56c7f2ae47a9d72bf https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-51x01 | Trickbot_d2fc080a | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | d2fc080ac4be912a2c57c9e3519aa2c8 | aad9a0fab860702fef16655d4a298ab57e0b0586 d2fc080ac4be912a2c57c9e3519aa2c8 928e054bade6765803e23936c60ede96cb02603eeecbd98abbef98f88d431c06 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-cu001 | Tofsee_30625655 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 3062565595b6b05035fb055fe13c7e5e | 8face1d64ec60c71bf2a2fed7d2286c9e6a414d9 3062565595b6b05035fb055fe13c7e5e 1849aaffd6046b733d684532e2c96e9022df4a024f5d906f112d1dbe3a8cfe3b https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-c2x01 | Expiro_c8a11d71 | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | c8a11d71462a8a32c262fdad9d54153b | 20292c69d1920b28991a0484c21eee7984eadee5 c8a11d71462a8a32c262fdad9d54153b 79732b1aeb27cb1ead7ab37e4681c96d5f97d9e72c6a934b779f05fd82c51473 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-db801 | Tofsee_69413c5c | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 69413c5caae207e5376a4a330c49f700 | 8ecfc76864e87565278a196e797873b9415443a8 69413c5caae207e5376a4a330c49f700 3857377eca60c925c02e5225156497b7e048239b492c2bba6e183ffa11a1fca2 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-a3s01 | Trickbot_37fd6ce9 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 37fd6ce97c38368b6faeee494032f8c2 | 318eb2ba79f2954c9cdbc5776e2826d7e119d03f 37fd6ce97c38368b6faeee494032f8c2 36c46dd363ce161955f1fe561791fe7a6f923e8c185b8dd0408211d8001f3515 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-few01 | Kuluoz_19112d61 | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 19112d61965d34ca2d6ac0b7ca56c17b | 4d9e1a7d2b761735d6670a36713119f78090cd43 19112d61965d34ca2d6ac0b7ca56c17b 02494b4c16f22b6d4f92ce1eef08a661cea52f673c7eb0289579290d46717898 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-ife01 | Kuluoz_843edb69 | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 843edb69e38368cfb0b3b37ba20a05de | 68d4ef85117660467b77e44a2c382fc052105755 843edb69e38368cfb0b3b37ba20a05de 0eacc634900f97e7c7b7e421db1f38c40e869dc86e79c0f490b71572510e6085 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-kvy01 | njRAT_3cb0c170 | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 3cb0c1708d425d1bcbf3761bdb5ecf1f | 52ffc748aa198f9c6bf4100cdd792396f26e838c 3cb0c1708d425d1bcbf3761bdb5ecf1f 09332d76d630cf20549d849b207a78ac2608d719c7bdfedcf3904d9b07587210 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-4i701 | njRAT_5032cb3c | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 5032cb3ce7a1d587c74f63155ba81d51 | 5661ff88c9ae40e3715e1e5636f618e7837d1762 5032cb3ce7a1d587c74f63155ba81d51 59c9a7f0f2c8c0abdbe9790fe6d1f4b08dadb7764500fee60fd9782c076cdf40 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-m4q01 | Nymaim_029e0298 | Windows | This strike sends a malware sample known as Nymaim. | 029e029816cacf9b1bf7fb6f507f3b0b | ee2f334145c4516204772dc52db09dbef6fca394 029e029816cacf9b1bf7fb6f507f3b0b 4e242fcebfb964c32ae3d53ac0bb5d85ff940cd58e26733bb677c4fafbd1c7c7 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-zh001 | Kuluoz_2b0d6dc0 | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 2b0d6dc00cef0aa2962d0b32a174f028 | 9f8581d6ee3ce189b40b122cb05ebce5379e2445 2b0d6dc00cef0aa2962d0b32a174f028 06bc29e3a3c0cdc268fca231cb64458228d9d11b5f72cb6416321c986832aaf8 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-94z01 | Kuluoz_a14fd1a9 | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | a14fd1a9ee7df83efb4ee49d1545d709 | 511d5a104eee806f6c6db6643d237b34ba019f96 a14fd1a9ee7df83efb4ee49d1545d709 012ab737e3a2128c76e48db7bef2768bdd57778e4af397ec133c6079c42411c5 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-azs01 | GandCrab_a08f5af2 | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | a08f5af2c6e92cf431d6c150536fd6d7 | de42e4b815cf9d344b2beb09a55d59ba89725374 a08f5af2c6e92cf431d6c150536fd6d7 3cb3e5d46cfbd6e6f7e1cb2398df4ff36d615657e9156bd5381564e283ce58a8 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-1mb01 | GandCrab_f0ae8f46 | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | f0ae8f46ac1c37dd2886fc0c6b2c6e63 | f5fd6eb78b031e27bb597e348419472c464f2db0 f0ae8f46ac1c37dd2886fc0c6b2c6e63 b00ff6be8bc64d83f2d33042b9bc17110e03acc140dc3a26aa777767f210bd1e https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-w8h01 | Cerber_a62352e0 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | a62352e0ba2e4fb11bbbe78d3a4d0cc9 | 4a783e18cc682aac0bb579c8a6d118e480d16ab4 a62352e0ba2e4fb11bbbe78d3a4d0cc9 f8c55ef8913ff76ec97e8d226fdbe88c82a2ccaab4662fd6859585f3db946d6d https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-qw301 | Trickbot_97f0acc6 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 97f0acc6bb039161842ef01dac5a42fa | 6ee20cf8ff9367f03ff48eba08cf25525d1c420c 97f0acc6bb039161842ef01dac5a42fa 008d13100397cf0ce26850e3bcbb5a8c2fc01502d9a2b452439c101aea7d0824 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-zg201 | Cerber_93a8b7ee | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 93a8b7eedc7baceb16098f2e8ca111bd | 297bce7707b6a6bb49018d26dd357885cb19416d 93a8b7eedc7baceb16098f2e8ca111bd 5a7a2465a741812bb9f5f6d203600e190db972f3e04dba331af035ccb27c61fb https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-lem01 | Nymaim_4ccf0efa | Windows | This strike sends a malware sample known as Nymaim. | 4ccf0efa8dfb3f85c7eee64adcb3788c | eef55fea68f16c0c3d9a26f0df579665c17ec23b 4ccf0efa8dfb3f85c7eee64adcb3788c 59a7dd286660811bb00e121c3e46c7e591f28e73fffa1d0b2b90eedb8a7824b1 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-ulx01 | Expiro_c0ed6658 | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | c0ed6658f2e049f480bba8407ed89dcd | 46f4a3a9117fcc9eb2b1653a92f698ea436f3fa3 c0ed6658f2e049f480bba8407ed89dcd 73aa657a49c7c13b1c0727c05ef7d51fe9fd138862c15fdcc0fd64cdb06ece8d https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-hvt01 | Expiro_a6237ce8 | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | a6237ce874b07ae6e874883957d224f0 | 6b7c85fecfa22b4e5519b32ab93bbbac03fcd6ee a6237ce874b07ae6e874883957d224f0 32beb33b4e36b69c79c50928e05d24a8f175d25701bb507e1ad03cdf70b63f3f https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-esd01 | njRAT_45ce85d1 | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 45ce85d12fe2696801892f362e3f9a2f | 46dcf1981fae45093db13d515aacb64565a12c34 45ce85d12fe2696801892f362e3f9a2f 30ba3ca3f8bfe1be88a41da21b74b442f89ac3b9bc991f1429620cfe43a3d957 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-8fz01 | Cerber_b017b472 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | b017b472ec32123969fd95fc5fe8a321 | f41542b4033b3bb4b74df45bf767bf3a8bfb8575 b017b472ec32123969fd95fc5fe8a321 934861f1991b586ea681132cf93cc5a3d0892158ffa310ac55691c996e6bec19 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-7k501 | njRAT_71734584 | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 71734584226809067684ff8d7ef6c93f | 9aeb1ddb9e75e056bb8d0fb0eb0383874b103f3f 71734584226809067684ff8d7ef6c93f 9d46831f0a0d012493bde6165661a9af05199aa7451ca4bd89c840546d2c9d0e https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-z1c01 | Tofsee_c24484b8 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | c24484b8e00f11678a441cd3db7acbd0 | d955d931bec7700ce40f1b339d8ed029b8f0d475 c24484b8e00f11678a441cd3db7acbd0 e0def1110bf0854a33f83b38925aee003e3264a35c41df58f39cc6cface46412 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-oje01 | njRAT_2b484fa1 | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 2b484fa144b47592a2b521bc273fbbd4 | 1d25dcb9c7afdc349ef5f7808a436cfdb0ce46cd 2b484fa144b47592a2b521bc273fbbd4 3afaa0d40d4d857113aa2211bb268bb71a9f172a66581172c891171f3ec595d1 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-dz301 | Kuluoz_f7aa9c97 | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | f7aa9c97eb6e97f50eed76388cc01f81 | f71348c9ee8fe966dde4d88f5f71292bf2a9105d f7aa9c97eb6e97f50eed76388cc01f81 04b02fc83ba2785e3216acccb81490bb1db3807bc2a2a255a193313ed90717fd https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-lkt01 | Trickbot_84ce3ba8 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 84ce3ba8fcf9ba00e4253231232de12a | cea315b602cd5e183fd1c1ddbae6367720a8705e 84ce3ba8fcf9ba00e4253231232de12a 0214625318a30153d364581fb580334f05be63bd5a355cbf86f12be66461716d https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-m9801 | Kuluoz_73ba359f | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 73ba359fab867366a868df5a443bf11f | c63c91689f170bd666412720871807af39e15ce5 73ba359fab867366a868df5a443bf11f 03c783b4a26b0d890a71bdf0a643bdb96de4818898177a4716333b435ca1cd28 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-8rc01 | Tofsee_03af00cb | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 03af00cb76e06a18f1e16ef9482879eb | d70fc5fe9507d4b6b8737274aa1dd7724bfbcd98 03af00cb76e06a18f1e16ef9482879eb 144f230d8ff21cebd98c9baceb3f6bf183cddf3faf499ef998265ce229c6c96f https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-xud01 | GandCrab_62832be2 | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | 62832be2e9a1e3f1c35018f0a0a709aa | 5037e1a8eb227b1634d84beb4ba87873a461ab74 62832be2e9a1e3f1c35018f0a0a709aa d88411b37cb58467d6f6050675757d8ec5cb7dfa1bbb9804f898010d4611eac6 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-5go01 | GandCrab_38114f7d | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | 38114f7d252ed3a27eefd91652cb8f1e | 1f39810b9d9a06128223004500f3fcdf402318bd 38114f7d252ed3a27eefd91652cb8f1e 11f5d5328ee2f9cef980dcfbb30621c0310eda7a6d7827c5781b32dd0d15ec22 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-z9g01 | Trickbot_9b605b1f | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 9b605b1fe712f9a690bc129a592fef48 | 111570b2979c9b3679bfd8951a836f20b96c72e1 9b605b1fe712f9a690bc129a592fef48 ebe4c5cdda2437d323417c8d4e43a4fb973665c89a6a7dcf28c2ad0803612f5d https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-pao01 | Cerber_933752df | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 933752df8c493b55993520453a25893b | b75e00e0caf01886e212ff9e5bd2e3d55f514746 933752df8c493b55993520453a25893b ec3b5abf71ccbe9986bf6033ab48cb2f616519825047dbdf7668f7fea8bcebeb https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-qwm01 | Expiro_a10ee99d | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | a10ee99d80eca1fc91e6dcc46ef7bfac | dbb330d94f49aee9c1da7c51f32f60cc7d9137a4 a10ee99d80eca1fc91e6dcc46ef7bfac 8ef41dc44a6c264c6c475b4d24ad44649a15f4bbbb4e237580621865361b995b https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-jch01 | Expiro_eb69b8b1 | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | eb69b8b1efd813da82d0b887f15e687b | 0df79730092f03886e767fccb55ffa4ad66ec908 eb69b8b1efd813da82d0b887f15e687b 7057f866649141c5f09b96dbece2db447ac2ef1a25ea992d16cc1f44afe9622e https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-7et01 | Trickbot_8941f3fd | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 8941f3fde20cee6f1c9df73165aa6bea | 429d8e9c6aa8a31bce5d9b66fe80d91ab7e8f8af 8941f3fde20cee6f1c9df73165aa6bea 6c0f7bb7d6d7782d9fbf4b5c9659a8e3502e7ad6ccdb9527311cbd554b716459 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-g8i01 | njRAT_76cde427 | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 76cde427cbc898d63a86110b63d9653c | fe57592fb89a06b630b3a32eaffde851763d8e50 76cde427cbc898d63a86110b63d9653c 9cfe4f5840153f5bd81ac360c812854063952cb01fc5f3848fe9d460d84b17d7 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-dkl01 | njRAT_80fe74f5 | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 80fe74f527100800ef05f2238d39ad26 | 4ee0914a151647b98e7871c2daabf64aa1f29671 80fe74f527100800ef05f2238d39ad26 4492ee2ea728db7e9ef4a385f08890082d7754aad197aec3d3ad8a1f1b2e0554 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-wm001 | GandCrab_9ecf3124 | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | 9ecf3124dbb7b5ba6d6dd395dc9c0ccf | 43fdd79314538f39fce4a7c8b6d7533de4d5702a 9ecf3124dbb7b5ba6d6dd395dc9c0ccf 720b56fd906ba499f031c7747f630fec03bec5c0bcd4a48751783550fb089df5 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-bey01 | njRAT_ca5ab44d | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | ca5ab44d3e2588d798a4de7963b240a3 | d64f2612ada26b39c3f71f4a95b17eba03222b76 ca5ab44d3e2588d798a4de7963b240a3 a0d93958f9ccada56204fafd970d87ff67d40f78014c65cc3ce063979578aaf7 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-khz01 | njRAT_3764214c | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 3764214cc0b929438d23e4335a0d01fa | d0b2c5fdccd55710cf177c8c95190e917085262c 3764214cc0b929438d23e4335a0d01fa 3709900a8d262b587769688b9ad51196212647f0c461cfa7c6aa02aad03f4c8e https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-cmy01 | GandCrab_646536d3 | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | 646536d383cf028e335a6c56ee51f7cb | 75b04088da3a360d49e5ac299bc9bf541dabe92a 646536d383cf028e335a6c56ee51f7cb 87b9a389d2797a074483d4147805e82f225702363afe8d1f95416cdc6dc77678 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-75601 | Cerber_6251e873 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 6251e873f82ced71d6f6c4c1fb2e4e35 | ab2c52f53ed181b615099f4a4e5b8a771f08ebbf 6251e873f82ced71d6f6c4c1fb2e4e35 eefe9124619775ab69b2cd620988245f928a8bb9c988298b9340f82cdf0187a7 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-1yj01 | Trickbot_cb9d09b1 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | cb9d09b168487cabc4a4fa0a7df744d3 | 4444a913eb79d0d714e5e8bce4ff2fce8e84f587 cb9d09b168487cabc4a4fa0a7df744d3 646d1f9f85c1d2db58748961f9c08147f011434cd79be11cafff4db43a10218a https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-zaz01 | Kuluoz_8406348b | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 8406348b64c376c6d3648e2df2294ffb | 6dd5bdf5fe803c1c517fe0ba45c43aa010584283 8406348b64c376c6d3648e2df2294ffb 069df491cffe2a3fe59b8e85dce0e6520b61c2a8d9fd164277ee0f9a254354d0 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-d4002 | GandCrab_9b510c7b | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | 9b510c7bac2f1e10067c8724fdd764dc | 1f985de1ad51e7b3ab4907d772f205d74bd5608a 9b510c7bac2f1e10067c8724fdd764dc 5c9db3e49d5f7633752a11bf74e9d11140ddfab0957bbdabd6c55eadaa9b87f9 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-3cw01 | Expiro_a078beb7 | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | a078beb7ca50ace0de38a9c28bd580ec | 10c9d7c967a57acf06213ff7190c2f18f9af6cc1 a078beb7ca50ace0de38a9c28bd580ec 47b7d95889199a717407c7a6e8278f5ab9a32c499aabe9930da52f9051304ff2 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-bi501 | njRAT_cd073df3 | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | cd073df3fcdbd453dcc358f463edb8ab | 76eab4b968eb6140f095c9c129c80f4d4888d736 cd073df3fcdbd453dcc358f463edb8ab 29a28ff8074cacda1ee387ea13ea3264fc0819a32ba207002014b69a01e7d20a https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-ac601 | Cerber_d774cce4 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | d774cce4aa7bd231eaa306139181d204 | 8e95a04b17b1ff74f3c9786115c2c9560ba020f5 d774cce4aa7bd231eaa306139181d204 209658cf26f8038c101648b334666a1cbd99ba42a080a43876e8029213fd405b https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-eqw01 | GandCrab_015d5353 | Windows | This strike sends a malware sample known as GandCrab. GandCrab is a ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | 015d53535659eb3aa8a83814bfc54d7f | d7701c0fd6c36eab14ed7e414ba15a93a8a58ad3 015d53535659eb3aa8a83814bfc54d7f 567c39590d4590c201b42384e0188ce2e621613444da676c5a4a5010fd27e4a8 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-c5501 | njRAT_330dc0df | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 330dc0df2a34787255e3ecd68c1aabef | 009e1e5053109583a7fd8f66699e1abaa7c8863e 330dc0df2a34787255e3ecd68c1aabef 07ae3ba8b6bb636c3cbc305d25f60d1b8544cbd3932ec60a41979aca444a0c8a https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-od301 | Tofsee_0ced670e | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 0ced670e6dd6e3dfda6509e653f9ea7b | 140245761edc212fac64f23396fd8209244ea986 0ced670e6dd6e3dfda6509e653f9ea7b ae2cc0636044f30a1c0c662699b23bb371584fe4a53cad4ed63f91c25afa5dbb https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-o0q01 | Kuluoz_7b5ede1b | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 7b5ede1b958d75de158505120ce16b9b | dbb3cb967f5626f00d9573515160ab02bbf8efad 7b5ede1b958d75de158505120ce16b9b 0522ba3cf1a33345ee6bffade7ff3f73d8d3d018994f08e1a9d36df93efa9299 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-v0q01 | Expiro_b6dbd0a0 | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | b6dbd0a0d404f9636dff90e2f4a80b57 | 84e6577ee9a00c5aa60cfda28afaa7b346a5457d b6dbd0a0d404f9636dff90e2f4a80b57 535bb9df4d41d57fc44572ebc1a535ac726546a41a8b2fcf3b904ed037a96db6 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-xf001 | Kuluoz_7483b2a9 | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 7483b2a97e38d8019b015b19a4215626 | dae8bec8af506110e307e2711c84c41b3300bf32 7483b2a97e38d8019b015b19a4215626 091fabce8131379f261ab41ade48b8b5ffb939f66e0219cc5083c85346d99661 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-gla01 | Kuluoz_c59412e5 | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | c59412e55120458ab3345dfb3952a184 | 9de3e8ec9ebf403e358f54365ec6c77686d91ee5 c59412e55120458ab3345dfb3952a184 07067626f964e49a6efde18624deed513c1a53f5ac096e2bc422fdf23d70dedf https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-czz01 | Kuluoz_a4c449b3 | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | a4c449b3161c79cd324d1a5cc01d7976 | d3a55239055ce45db703abf66163e1f34ce67486 a4c449b3161c79cd324d1a5cc01d7976 01afc54230a064be47e8948f41b699a33ed1fef92eada1fbab8cde2ab0655d03 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-ctu01 | Cerber_e12e50fc | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | e12e50fcab0e5c9c97757e76027dba8f | e745d4d2329673409cbdda36abd83b15c9891321 e12e50fcab0e5c9c97757e76027dba8f f65d7ea6666e7aa4d3bac195a0493c4b736c995d36118915a1d10567a2b31b3f https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-u3d01 | Kuluoz_dacee86c | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | dacee86c28e619b8f10caa3b38c7e946 | dff2a5efc946812506ecfcc33823e2cd2b9c4504 dacee86c28e619b8f10caa3b38c7e946 0763b04d0acac49c55a7fec6f47169e7567ccd9c0ed9264ddadd848bb08b7b65 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-o0901 | GandCrab_02ba76bd | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | 02ba76bda750cd825b0e7993c253881b | c7807679ee755e52ee1fe05ea5d6edb233348c1a 02ba76bda750cd825b0e7993c253881b ddee26d282c0eac34452e28c3295638fc9c887ee8f5750913f7de255b929b493 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-goh01 | Tofsee_26346356 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 2634635612af204aae5f40b3a15ac3e4 | 35fcbd12df8ec248f8aeb14bb00b3ecdaeca64e3 2634635612af204aae5f40b3a15ac3e4 b2b29afc2cf0d1f3d4d0e29cf102c168d09405d7f1aa98426f1b2f6ae79ca1eb https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-osp01 | GandCrab_ee66e4f6 | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | ee66e4f62694b1e176fd534c30b9977c | 328f361cdde20711f217849859fa0e815b53e191 ee66e4f62694b1e176fd534c30b9977c 7662ed6be2dda454c3660d65db1a0c4d67af16a563a0c128bcf6d8a498526c7a https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-j7d01 | njRAT_9018ed16 | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 9018ed166087099ad28922df8631d342 | e646193de8855999896800c662aa5f954508aa96 9018ed166087099ad28922df8631d342 83e0d7c8af1ab2095ebfd11d195f5b2f1f999d741c0487c97c4f814050d0bb6f https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-iy601 | Kuluoz_7ffcc90b | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 7ffcc90b0dee8bd58ba6c290fc46be4c | f80b32491881133e00e12ae30ff50799ebb58d32 7ffcc90b0dee8bd58ba6c290fc46be4c 0ef4c5d715006cba42eb775a72e285c59c7ccf64082dcc85e3ed2843b1fc1be7 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-8kd01 | Kuluoz_c93e1608 | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | c93e160817b21a1dccf83f71fe168532 | 6fe086d1f2ed7f49ee24fbbcec5574b544417113 c93e160817b21a1dccf83f71fe168532 08f908d9480fc99e75ba466f9fa113495db64e6decf5d26ced63a24a9c240caa https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-h3n01 | GandCrab_ce20d8a3 | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | ce20d8a32f300b9197e49cde0abd9c74 | 0e666d4e3f8bf5141af16bb46d44dc6769acd300 ce20d8a32f300b9197e49cde0abd9c74 0341bda36f866ba3f1577ff22863cc98f3db2eb576f9ddba0efd72226362fc43 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-tly01 | Nymaim_429289bd | Windows | This strike sends a malware sample known as Nymaim. | 429289bd564b05f37c9714afba74b349 | da6a4fe1beac7b49678c46b4a2b52fb8dd483375 429289bd564b05f37c9714afba74b349 21ca501957eb98d23abf16f253027ccf878f8045408dfefe9428df4357d8e4ac https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-k4b01 | Expiro_d87c73ad | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | d87c73ad426813f4ee733ff1008b7776 | 4a38e6380ac87d9e8e8b928b47eb9aa15797410c d87c73ad426813f4ee733ff1008b7776 6669a807690556293a60830285c9c2c9ad52842a1c7646e99852724b1b049ab0 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-m1t01 | Expiro_a0c7cbba | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | a0c7cbba1a6efd07571b68ff29d81c3d | 0cc43ff506d1b07fad98b1ab0c4e6aea3f428484 a0c7cbba1a6efd07571b68ff29d81c3d 552a987dd3722960cba7fd8c4fc1cd36cc5bf2668c9f0ffe5b452eecdc1824e9 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-peq01 | Cerber_926de47c | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 926de47c91b988132f6917c0da99bc24 | d12a75214f787bfd53cfeef5794f4e013cc13e92 926de47c91b988132f6917c0da99bc24 9bf0aa931cd9e7faf11a6b17ead1493b98dae3155d948eb648d2b797e301a2cc https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-cs901 | Expiro_b60751e5 | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | b60751e57b4356ab0618c44898690e27 | 72fb82bea7cd8ffd03b6ec0a479dd2fc4d2d16c9 b60751e57b4356ab0618c44898690e27 26dcb212b2eace9a14bc33b421505143fa0a247df2418b575046df6ef80ee6a9 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-5tp01 | Kuluoz_2f919a1d | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 2f919a1de7b45c64117b868d1ddfc5d4 | 268dcd6a980caf1e1a4b35f44472156b1e0689c2 2f919a1de7b45c64117b868d1ddfc5d4 04a85f4471adefcba2b10c0e32a2fe12ff81b804205730f3cc21f3db4bc49b7c https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-z3o01 | Tofsee_c22ccd29 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | c22ccd29e9942fa8e81bfcfad4fda3a9 | 2d3b11588036bfd0ae3799a6ddf0396a4a334ba6 c22ccd29e9942fa8e81bfcfad4fda3a9 993beed87fcc986b4dacb829f412f3cd0d8d3bd055abf62ad4b2808e308d2a90 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-iqk01 | njRAT_5f49a244 | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 5f49a24478698e5cc059ff0d4e2807ef | 4cb231cbc82ac3743e74cedb4b9ef40d8a5712ff 5f49a24478698e5cc059ff0d4e2807ef a1739268211e4f63d1f8d89a897272a945f709e9350a4a8a8f788995b5086c54 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-gxf01 | njRAT_a0b2f8c8 | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | a0b2f8c8fba15b2d26fd27fa4c8ec5aa | 3ddc93a339d2b385366feccc78c27d503a7eed7c a0b2f8c8fba15b2d26fd27fa4c8ec5aa 14f0bf6f2bb1706c7c64c42a6dec0d18743ce84455cfa5507671628f09e0056b https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-jan01 | njRAT_a705ca9e | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | a705ca9ebe47897ad23fbd7f7cc291b3 | 77c52cbfa3d54a574d0ebcfb923cf9b78578fa25 a705ca9ebe47897ad23fbd7f7cc291b3 4ff6b9d3c069558001457fef65c1623d05ef503580db96a5b444ccc8dfb58fe8 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-bhm01 | Cerber_eb6aee10 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | eb6aee1001ca1bff6aba6ebcbcd96c8b | f887bbd528ed23455025bf2ae58abc35570cf9e1 eb6aee1001ca1bff6aba6ebcbcd96c8b eaf534a49e96dcbd62b64e4ca52c2aa087f554eec76d40760393841f4440f451 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-mvk01 | njRAT_ae3f2f3d | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | ae3f2f3db2d27989ae23105c0d8cd10f | d1194a59ac1eed3af89fb7fbd2b1c5ed7795d584 ae3f2f3db2d27989ae23105c0d8cd10f bc63a9907ef52f5c765a390b140e94b253b97f83aa3959f45c2ee0dcb823e0bb https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-8kk01 | Nymaim_f4b957f0 | Windows | This strike sends a malware sample known as Nymaim. | f4b957f0723ff44f91b4ef136cdd5e1f | 3574fa3e2484889a4a5fbee453bbc6c34f84b558 f4b957f0723ff44f91b4ef136cdd5e1f 2f281ae6cd2f21d87ddd323ea4f1fe37949fd97e9d8fd69019c88754537dbd69 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-npf01 | njRAT_fb31c718 | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | fb31c718b3388c6d6b88517b014f0473 | d91edc44077e598b86be1c105ba6213175294d76 fb31c718b3388c6d6b88517b014f0473 8e225d1629cb1c372d096f3d32bb621fadeba5b1c4489b08069ff977130d7bdd https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-4y301 | Cerber_42b74292 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 42b74292d97e288bf84f3ca29103de0f | e4c53c6424debcae4245af8d47a464954f8aa11f 42b74292d97e288bf84f3ca29103de0f b8148a65912385e4ce63f6ea7bb78b30479dddbc84d2bd6cbe9fa1a3425c27a3 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-k4m01 | GandCrab_8a3eb75b | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | 8a3eb75bd58027312eef768fbc4765b1 | a68372a6420de187ebcc9d066f58619dcb19dd68 8a3eb75bd58027312eef768fbc4765b1 a0c0eab3ce2d8be0e79d2f45b106095912f28f3f55e179cb376d7c71323146f6 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-a5k01 | Expiro_e890c86d | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | e890c86df2082f498f054ca9d3428132 | 930635a3f818868f18d2f0560841c8e58919b2c4 e890c86df2082f498f054ca9d3428132 8de151ef4f21b6e74cc96403debbdd50ecb97299cac0fa7dc988dba68e30c44b https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-ci401 | GandCrab_a2b2ee91 | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | a2b2ee91b149b8d1e7de1751f15b2232 | d7dd8718857eaba1bec7c0ca65d5159be464afdd a2b2ee91b149b8d1e7de1751f15b2232 68ae6904af508a6fdd6cb66f8db5ddb8fc1d3da7c97241ffe31a818fa0e8ed72 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-yqx01 | njRAT_170e3677 | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 170e3677da936945441ef6da484bf92a | 8dba12fccec26e2b959c70bf0b980100a1ac6856 170e3677da936945441ef6da484bf92a 59e1820154d4a5e6bc42158847a3f82cb25f4e7ac6a89fec036357a5e9ce6342 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-75x01 | Expiro_ab23b9e9 | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | ab23b9e9ebabb5289c3121e91bc60669 | 3705cc279be9c09d5e2696e3598e8f73860d2b57 ab23b9e9ebabb5289c3121e91bc60669 3550e5495f8922d17929b8a9bac9c23135d1418356b82576c7dd0a4f15aa95f6 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-gj201 | Kuluoz_20db9e30 | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 20db9e30c7589d500615d47502c9b2b1 | 306976b8423bbd9a23bc68af5865da44db4e4788 20db9e30c7589d500615d47502c9b2b1 0e0e274ce9e54e585f9ac7d096f3092f152f090fb5f5273d6086270f2b8da40d https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-ora01 | Expiro_e7b0d9c6 | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | e7b0d9c67db28d0c8b21dca9c2c013be | 540174675bc2f0850f7454bdbcaf244ab7821fa7 e7b0d9c67db28d0c8b21dca9c2c013be 710a3ca2a0030b4b064dc29da045ab7ff61a5f1a5cf11b100ab89a9b1d9ffc83 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-94001 | GandCrab_d3623065 | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | d3623065bb73d3d15149d3a46cf789a4 | 92d9d1c5042195bf4ce8ebe946e2e28b1a724586 d3623065bb73d3d15149d3a46cf789a4 0420cacdcaf5e4dea7eacab7a960a18bc6037a88b87c1965636e70a1c3227721 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-56501 | Trickbot_8435861b | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 8435861b340aa9c77a6663be9382e863 | 5255d86ada0ce34ba357c9443c74af5670decc32 8435861b340aa9c77a6663be9382e863 11f8a050648d0b8c70d19a99c48aeb9ba0d893d348ee503b96313b4499d96c63 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-rd901 | Trickbot_f9f69af0 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | f9f69af083d1b0bf4d54cbba7ef6cc60 | d5d1b7b4efe8490d14108a93a839fb352d929180 f9f69af083d1b0bf4d54cbba7ef6cc60 198311c124d55765d5488c44a27d94087c67599f88e7b7afdcce4a1bc936c0c3 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-6bo01 | GandCrab_80bedba4 | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | 80bedba4ab7b07972a5d65ab54511100 | a7bbd4419f56cf76a018cb23a1d2e45b79510cd4 80bedba4ab7b07972a5d65ab54511100 8c099167fbe1897dc8390979486353371194c2cfcb8095b6542f13670c75cab4 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-81b01 | Kuluoz_42e30bf6 | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 42e30bf6fb848fc5ed3e479d85186fa8 | f1d32171c88fe997a2455465e29b73abf00a7c92 42e30bf6fb848fc5ed3e479d85186fa8 0146c339fb7ec7f1284c123da8e8a4d4faf8c52301949b1da482696a054c87d1 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-xft01 | njRAT_cdd5764f | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | cdd5764f7940b540404e1e7185d95527 | 08ada638bcc77f7a8ecc9e5a260e884e1aacbcb7 cdd5764f7940b540404e1e7185d95527 2ce9507eca7390d1447568f575a31b3cccc185239956c34df11b8a97d5a41d6f https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-0dp01 | GandCrab_ac5b537b | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | ac5b537b8850d6297fb7d6cff598ae9f | 7e9a3fa1488e21a90ed01ad5570e188ae46a7e89 ac5b537b8850d6297fb7d6cff598ae9f c6b096d8100033e510406c7d3f5ae5e16c8d3fb976509dacbc435c0bd0e3a118 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-9rn01 | Tofsee_8f0ea42e | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 8f0ea42ec1285d562fccce2087844b45 | 32335486bb445cb8690dbf42bdd45770bbca415b 8f0ea42ec1285d562fccce2087844b45 d63483697d4daef64ece202d8d000b45c5db118d55865b2c981b49dbc2ec80ea https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-63001 | GandCrab_69c15e3a | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | 69c15e3aba9af00e6fb5f6d64bd1b2a4 | b097ad1d09e292ca0636c1b50596f703e83334dd 69c15e3aba9af00e6fb5f6d64bd1b2a4 4ce34bd577092109a075a1889b0a7de35348d6e1c5055e8fed4c78f1deed3ffe https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-bko01 | Tofsee_54ca939f | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 54ca939fbab74487ade3caa0a953bb48 | d56b574d99260decdc2e291bea4bc1c72f6fc4ab 54ca939fbab74487ade3caa0a953bb48 ade3682626c6aa2269e28672fe60ebbeafc42a60f5e02922d2506d6bbe8f353c https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-nlu01 | njRAT_1e7a814f | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 1e7a814fcd5c21ba8ae749560d95357e | 57b779b6b90ffc8ba602e1ba22ece6263b3ecb75 1e7a814fcd5c21ba8ae749560d95357e 9c36c86b6d998c5c3bded236f5fe94ac15239d8d283afe73acffb35bf45fea39 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-uvd01 | Expiro_b1d429a3 | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | b1d429a32e864a24cc582795804318a8 | 4d56b7a4f1428140498003ccddffec2e45be14a7 b1d429a32e864a24cc582795804318a8 5f998984132fabb1879ddca658baa12d891afbbfd0738d2a2063a491be833a0a https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-8ca01 | Expiro_ab9125bd | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | ab9125bdd2bd7b9dfe32ff1d1d1c370b | b24aae2d3a191ac113cb56160afca716c9f261e6 ab9125bdd2bd7b9dfe32ff1d1d1c370b 7327a9114c1facf322d5c31744aa1199a15ba9f57825650b3a548495630c1d63 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-23m01 | njRAT_844d0cc7 | Windows | This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 844d0cc7d6585f73a37878a46762582b | 2b949461146fa1d075a03a1e7cb6eea3520f0a7f 844d0cc7d6585f73a37878a46762582b 49b6302a30504389f9f9fc0efb48da95aa52053e9c1a1ebcb309dcc0c60c071e https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-jzg01 | Expiro_e243ae03 | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | e243ae03b67f4b4206e46f0662fcdd1b | b7c5523e000430f1be123db84a28097d9c0aa196 e243ae03b67f4b4206e46f0662fcdd1b 67dc0704b4393c6dc523756d107279340eaba04a62d49048588ecd4be5a88aac https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-dcs01 | Nymaim_d1cc7f14 | Windows | This strike sends a malware sample known as Nymaim. | d1cc7f14eac0ad963cdfaa028a9183a2 | 4cf40dac60e6ee728f0f634475b5e46a168e6ec8 d1cc7f14eac0ad963cdfaa028a9183a2 2c7e7c4b50c4eccd7d68eb6aeea2a234a8b6f16cbc82740f85cf950755195aed https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-f7901 | Expiro_bb6e492d | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | bb6e492d79c8e40c49cdbb0d6130b8d0 | 10398ce4f1edb2eb39da125e98d3bca5c3ec3db4 bb6e492d79c8e40c49cdbb0d6130b8d0 6c0f5ca1ab0562b3c285c5556f1a68fbe8a2a5fcec892bbd8333c8a6414c46d8 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-ywx02 | Kuluoz_01df875c | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 01df875c6ee111a7b1e5d3cb1fe3eb29 | 986507483bf1d2130449e7566230535a36cc45d3 01df875c6ee111a7b1e5d3cb1fe3eb29 04f45879c4e79a6bea82e39aea468d8e1f8e55f13c8dbde1e4855141b19b26e6 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-0vx01 | Expiro_a97ddc48 | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | a97ddc48c8587fe311242f7d98744210 | 414a0b32713ebadea92243d84e7f46c39bfb3d47 a97ddc48c8587fe311242f7d98744210 3b2f5faad148f5ed6a824553dded90c2de38978845deb2fbdf99816cabfb8854 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-fe201 | Trickbot_1c749b20 | Windows | This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 1c749b20e51cda4635b1282c65ddc091 | 5616a0eec416823b56f249eac613438b516b2444 1c749b20e51cda4635b1282c65ddc091 48994b0e9f9a32783b49759a81e09e818a0faad7b854f349819a0cca9e04ebbb https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-j0301 | Cerber_3f366268 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 3f366268737c62e49f874bc25ed1f321 | f8d6098166382acbbaa1e718f5e5c6a6f57389a3 3f366268737c62e49f874bc25ed1f321 39c03cb39ccac093652c84050ce94ee6369a61bc8a1ca6a29da77e29085b2911 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-y6h01 | Kuluoz_0f488956 | Windows | This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations. | 0f488956bc3aceb6990e0046f9552aec | 077a34db19a000b115a85bbdda6bd19ed08ee041 0f488956bc3aceb6990e0046f9552aec 0b7adc1b0cfd8e7b0b24f98a7ff788ef6ce9f361f09b286bee4d99ec5bd2c0ac https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-zjc01 | Cerber_c77f3226 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | c77f32265c3fbf23a02d2c1cccf4fb08 | 173791ad932c9a948bd4fdc638c82aa98287aa13 c77f32265c3fbf23a02d2c1cccf4fb08 274afa596526d108c10f535087a70a4fa67b6f1fd104d21e3c8674af03f7adfe https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-qxl01 | Cerber_e54ac1a5 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | e54ac1a5cfde09308f4a36cb538fe902 | 34bc88200a8672d4b885d66d4b5991e049868e98 e54ac1a5cfde09308f4a36cb538fe902 70ee34b58fdfb524314767a6054328bd22fe04b57d6ac91e4509ec4ca11255ea https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-iyc01 | Cerber_bebeab98 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | bebeab9889d5320c502776405cd3ed28 | 34c381403236ec49044d14382f61a4b94e112432 bebeab9889d5320c502776405cd3ed28 b52f586b1d185c332aa2c8ec7e196747b817344e508896bb24996c607cbd4581 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| M19-0ne01 | GandCrab_6b3eae8b | Windows | This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | 6b3eae8b346e179388a5a009301984c8 | 9a4780a84e387aa673575a45f139a420536f41bd 6b3eae8b346e179388a5a009301984c8 4844c20d9a7b7f968d0dc2a2155abb371b53098f17c14d02eca4c3e318532d59 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html |
| Strike ID | Malware | Platform | Info | MD5 | External References |
|---|---|---|---|---|---|
| M19-nfz01 | Remcos_f0bd833b | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | f0bd833bfec2f69938648e5a7d21b286 | 409f288d7b098710073657c5142680ffa567a5a7 f0bd833bfec2f69938648e5a7d21b286 b67255713feb497e145187f505da1cb42becbc0684f2b23efb1bbeff2f2f7431 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-b2501 | Kovter_5ff37e80 | Windows | This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware. | 5ff37e801900f7df699ed30f3e8546b6 | 679fe6aa17a5d9aee862f3c3b03a9117d166b981 5ff37e801900f7df699ed30f3e8546b6 065d2473aa32a471228eba99fd58773ee61a634e4f2466b69f6f9c2c94ae56d3 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-5xk01 | Ircbot_2cee0ee6 | Windows | This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. | 2cee0ee6ea7da45933323599c0ed556c | aefcb458e5bf9d7ab351c45b6ca774ba6e683a15 2cee0ee6ea7da45933323599c0ed556c 2d32b4679e6550adb81a453813e8a820f9d61133d946a32035a4ec3ab566e421 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-7a801 | Ircbot_9efd35e2 | Windows | This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. | 9efd35e2f42d8acb9278955f17d120d8 | 5690dc983628971a94d6c539d989bbcc450ccce8 9efd35e2f42d8acb9278955f17d120d8 2a9836c84b839afa60b4fec08b0285404b065a596458237bdbadd9937b637ae2 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-ab901 | Ircbot_e7b7e461 | Windows | This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. | e7b7e46141f83f5b47f8d7ef328b74dc | af97c2eccbbb5adcd6ef3c3b9403e938477ad46d e7b7e46141f83f5b47f8d7ef328b74dc 3451ccb4bdf160e6150d3f1f4ed55dc943544780edcef3098283e41502c8b4ab https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-my401 | Cerber_67a1eb8e | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 67a1eb8e4c829499d2be85ae4650b121 | 785d08d8b65700d479f96c88c24cff8df18a5afe 67a1eb8e4c829499d2be85ae4650b121 24e2f47a00dba0b61b7ef2994f56318cc775c6fab40ad232598cebf0410b3da8 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-0dv01 | Ircbot_664032bf | Windows | This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. | 664032bf9071d5306bb9f9ed71ecedea | ff3e1f75dbcbfbb7e7cabc0c61e785075148e7db 664032bf9071d5306bb9f9ed71ecedea 36dc719c3e47172a121189c734406055df92e986d1e202769a2432191f028bf1 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-3n101 | Kovter_b3813659 | Windows | This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware. | b3813659276ff4ebbf920ab5e1b4d215 | 2051ac5cb4bb24e0a86f65beb9c0dc70d11940db b3813659276ff4ebbf920ab5e1b4d215 18b1f735465a3b6fba65570dbe125f10b8489587410a872973216ec853cb125b https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-18w01 | Kovter_bcbd3f6d | Windows | This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware. | bcbd3f6dae5f3f0f973b7b9c20b22efe | 07da869ebc014e3de57404849f5c5d1c72d24c2c bcbd3f6dae5f3f0f973b7b9c20b22efe 1e663349f267cef450ab939b3904bdd33e0809f9080235241929e09fb7b770ae https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-tvx01 | Kovter_4aae1e6b | Windows | This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware. | 4aae1e6bc2d2f30639144334ef04d6ff | b5271fc4f726e0475c3c7e16d3105c6b92d4f66f 4aae1e6bc2d2f30639144334ef04d6ff 449d58bad679912feee287ed8e17ce6221bc61432707e9f189490119bcb9a76d https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-h1y01 | Lokibot_ccf925f6 | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | ccf925f642ac71cdf6d21381af107a49 | 62528945854f390d4cb32bdae8fd545e5f668427 ccf925f642ac71cdf6d21381af107a49 4e59cb8c79d9dd7964e5319be30a91b8dee1744054e6e7c470717dab91c95905 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-7cj01 | Cerber_4a9300c1 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 4a9300c1c93a1edeb61af7b3000920c0 | 29a2a11b96d82bcb68d474c2cc8ebe0fcaaae584 4a9300c1c93a1edeb61af7b3000920c0 33b70cc445e8fa02e56ea688be53f7c2993826388539adf7bf48fef3c45995a7 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-jw801 | Ircbot_40e11fe9 | Windows | This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. | 40e11fe921bef33f213f8f3071b8a818 | 98987071061fade12502dbe99d7a863ca5425e2f 40e11fe921bef33f213f8f3071b8a818 1db1f2b0cf7c31206624f21c76587f97e41797d4b034e60577167c751a41c9d7 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-yzw01 | Sage_3554b675 | Windows | This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | 3554b6750e70b7cb4b156564289e15b7 | 6f164485a4b49467677b7eb1b7310373f67d2702 3554b6750e70b7cb4b156564289e15b7 80e3c7ad157c9b87a49817973591df737a0d1399bdc9c0a0093acecb7d50d21a https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-ege01 | Lokibot_29e5cd8b | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 29e5cd8bb837ba04c43350e9b0458bf9 | 86b9dde62d96111e6429a4cc0b4d3a29ebec41d0 29e5cd8bb837ba04c43350e9b0458bf9 30120ab8f904030dcd4748b4b5edc38f9437ee18d582ffd86c63882ef0afc1e5 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-ztk01 | Ircbot_92fd7f9c | Windows | This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. | 92fd7f9ca9255141b41313fc74b77e0b | 4be55e6b4646ed5534823638cc7db8bef1cb923b 92fd7f9ca9255141b41313fc74b77e0b 16eae34bfa90161d7948d421636687c4b2e7cd4bf66d33dc27da05370f1f1cdd https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-gh101 | Sage_d17d3d66 | Windows | This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | d17d3d666027ac6dff9071700d673833 | 8839dcc3b26433b29e6d6baa8ef58bca5d1a39f6 d17d3d666027ac6dff9071700d673833 1160b42660eafdbaa7e8eb963f3bb9ae17058c06248965265df0fe8b3d39fda0 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-mtm01 | Zbot_10bf70ff | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods such as key-logging and form grabbing. | 10bf70ffb17350a5a8360907042ae744 | 09510a58b11af60d0b92100a0b62d80b340464cc 10bf70ffb17350a5a8360907042ae744 9f47c7fb5108b7802a9721115563d8485389e29d08082e747e5317e4b85a93b9 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-6fd01 | Sage_7a579d6a | Windows | This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | 7a579d6a936f0ef1d7b7a0a6d5da2663 | 6af64d44ad857c098b17f1018d4acd870c36bd58 7a579d6a936f0ef1d7b7a0a6d5da2663 bc584c0d484c2f772bfdfe5afce3860f8de64fc3f7a147aa731c48e62b8f895f https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-zx201 | Zbot_1a353741 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods such as key-logging and form grabbing. | 1a353741aeb91b3d6262cbfe371743fa | 35d8559ec64f337e15040e94316bd6e6d5d0a0f3 1a353741aeb91b3d6262cbfe371743fa edd63bc56a1a477e20d52a7931177a65e4ab7f78f4f807a8eed1f3785a7fe704 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-m2y01 | Lokibot_94551b87 | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 94551b8703f171481e9935fa45a7a5ce | 896d43944da3afd1ea08fce038e0dc58ccc31b09 94551b8703f171481e9935fa45a7a5ce 46773272beedf1cbcd61b41e399df8c437d8c915e3f942115eaa48c5a44af025 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-jwj01 | Yobrowser_cf3f4836 | Windows | This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software. | cf3f4836b1e77c893a814b7972a61946 | abc1c576ce6ecc9b528eab2446b89c8aba50f7a8 cf3f4836b1e77c893a814b7972a61946 224b4f9f98e7d9887ebcae15c02d8973264f31d12ff87a30d696139a316e2cf9 https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html |
| M19-2g801 | Sage_3e51a317 | Windows | This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | 3e51a31754e6449ec99b202ab01fecf8 | 0a339ed7e7e571a80dd624b58c2f65e6e2502470 3e51a31754e6449ec99b202ab01fecf8 6c4aa0ea8d6828c79bfc6e973ed1b03f88cf311dd7cd5b0ca2982221a29317d5 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-j0p01 | Ircbot_a98bf9e4 | Windows | This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. | a98bf9e49d3cd5100041ecff7aa711ae | 18af4e99657c0cd2393e93d6a19cce2c41326a55 a98bf9e49d3cd5100041ecff7aa711ae 15647f00761bb8ff63128c4af1e1277e69b4f51c627779259833c6e2d474aea0 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-1s201 | Kovter_f754c1c2 | Windows | This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware. | f754c1c29b6d4f3b6f77e773d47aefcd | ce64cc25a33f46db1110909eea43cd6b52c0ae2b f754c1c29b6d4f3b6f77e773d47aefcd 3ed50e60a4117ffb607a4843f95df60f6cacbc29498f05371073ae06a562dfc3 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-of001 | Lokibot_84d42335 | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 84d423358360b753576bb87dc557ab8c | fa85cac0aff7d147c410747281472d118b851614 84d423358360b753576bb87dc557ab8c 527eee4d3d2df6305545a95c33e17524a22464ba921f5091489bc776287e9082 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-mtq02 | Kovter_e15814e6 | Windows | This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware. | e15814e6776a8c4a4df41b691518b771 | 191e786631e289ff8d4ff4615b5a5fc7c4ab4f9d e15814e6776a8c4a4df41b691518b771 039c52e2bd728ba1ac902a0f4af7363d28aced0ba6f5622fbd0e118d959f59b2 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-rpk01 | Yobrowser_5706e1cc | Windows | This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software. | 5706e1ccd180e0099bd06d459f651288 | d9da228285fde5dcfcdc114d35b13c53f6b47bf6 5706e1ccd180e0099bd06d459f651288 36c8f82ff5ebd1647044f14b83dbfb93e1ad5e8e80d95cb2f6e3f463cf4ac94e https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html |
| M19-n9p01 | Cerber_bd69353a | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | bd69353a375bea9f7b68eaa2e5f3f955 | 63a5a0cb62c0db55d2405c4b647d97c5cdb6028c bd69353a375bea9f7b68eaa2e5f3f955 30731c843ed73bf36620d943ddce0a0237d8694b7afb212541e2e91416096b2b https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-gsj01 | Yobrowser_b1a6bea1 | Windows | This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software. | b1a6bea14f1cf87c1484e3947a6fb81a | 265707bd31798df6fa68c5fbf6d0389b119867ca b1a6bea14f1cf87c1484e3947a6fb81a 5677386b0050cff2f5a2c12430999d569dc744944f2f2d9c29f3bab6d5d43edf https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html |
| M19-7ro01 | Ircbot_88c797a7 | Windows | This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. | 88c797a77f075dd8610e0fe730bedb6a | 7d03b62a7ef2a73addf1f5e345e3f4927ffcc567 88c797a77f075dd8610e0fe730bedb6a 0851ddc919f0ea470c3c23e296b6a76b378678364d63a119f6ebab2779e75c00 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-ccu01 | Sage_2428b5ad | Windows | This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | 2428b5ad8c49270b7326befaa09ed5db | 97ed9190fb441c17c2a97773146dfc124e902216 2428b5ad8c49270b7326befaa09ed5db 98cc91e7d693e7b41f471f256ecf7f780847d37576696c94f005203a614be616 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-y7u01 | Sage_cf3fe414 | Windows | This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | cf3fe41400d2d5c261082f7eabcbf33b | 75aa3240636c25aff27129a07cf054643887edb1 cf3fe41400d2d5c261082f7eabcbf33b a5d950f3e43db37527ed31959ffeecb5fb8e7b96d5caae1356577b16dccf183b https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-kb901 | Lokibot_4750f73a | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 4750f73a87c978124540bc1b0ad27afa | 629fd2e0c03dfc747f2b7b9ccc9af7cd3e115854 4750f73a87c978124540bc1b0ad27afa 21ea64cf87a724414eaaa6cc7a69a38cebef6b5507084f036b486adb3f805417 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-9b701 | Lokibot_21ece5bc | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 21ece5bc5ebae2ce3d6ff6c8e707c4b6 | 8c991383a7d261f57fe4406bce1a7e30d9af6988 21ece5bc5ebae2ce3d6ff6c8e707c4b6 72394394c1b0b5d02fe6e362fd07940a6d69551fa7fcacef03c0d82f41fc8fbc https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-0i001 | Sage_93b66980 | Windows | This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | 93b6698034eba5329862fab3bf296862 | e49f713fff29e776134df6d0f5974b673fd5b7ed 93b6698034eba5329862fab3bf296862 7aec11754a7a9c23b313376a188c4231e1d6f1e5110b689de56236d891f956d5 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-xav01 | Sage_3ecd7f12 | Windows | This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | 3ecd7f12367d097f09b4b524e7a4029e | 3a35a7290cb74cd9dd03b6b6379d644bf7245f05 3ecd7f12367d097f09b4b524e7a4029e 7f89228c94c44ab61cc5ba06ce6dad7524343a0c50dc394a39b0066a8378a349 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-k6401 | Cerber_3ef295ab | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 3ef295ab9ec95b93e74252a81eb62cbd | b7282f57d2c9108ea32690648605162aa572404f 3ef295ab9ec95b93e74252a81eb62cbd 341e0f811782bc5c95e195f6f4d88de2aece469919de8c2c7b61794f99f40d82 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-4u701 | Kovter_f9b241e4 | Windows | This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware. | f9b241e4521e0f15a02788d38314edb5 | f88d1106444a1e81c2d2686c92157bcb4f0b21ae f9b241e4521e0f15a02788d38314edb5 270d791b5a9c8f7723563afffcb54932ee840920c7b68bed13d8c7aa689190ff https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-u6p01 | Lokibot_9945c195 | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 9945c19557f5e1ac1e5dd0d359afa387 | d868eebbe3967aa7c7418bcf364609717871e34b 9945c19557f5e1ac1e5dd0d359afa387 39bd8e2feb6ff6b4b8d25f5e8f9e2e413d7df9241c9effde6cf5c074b0360964 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-wce01 | Ircbot_865b253c | Windows | This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. | 865b253c4a92289127df850d549c4eea | b54d1811315d4f6199e6ca9df36cc19ce39fd596 865b253c4a92289127df850d549c4eea 368ff13ab0807019f61b3ab0ee083c2ab701151582fd59e3b055be3f4e2c63ed https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-nme01 | Yobrowser_ce00bf70 | Windows | This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software. | ce00bf703197119b1d85e6229b664ba1 | eafd9385fce2131457542c4fc60544ec9be85c66 ce00bf703197119b1d85e6229b664ba1 2fc0b64cf4ab9d6a6a3b607b999b1e47551bfb62acf143bd08faebf0485157d7 https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html |
| M19-hu601 | Yobrowser_46d479fe | Windows | This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software. | 46d479fe49f73dea4c6a8c312a62375b | 2a1452049baab58ed469768cb65a2b86556ab224 46d479fe49f73dea4c6a8c312a62375b 26b5593a4e7c8b5accf97029cf6c646c7769cecd36d105153f228f03a20f24be https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html |
| M19-0gs01 | Yobrowser_e4789285 | Windows | This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software. | e4789285c8ad4b131f6b2cf2edbda9c3 | 389db7f5253cbea4f81b59005f875f26e1f20f89 e4789285c8ad4b131f6b2cf2edbda9c3 32dfee8be7cca7d0ed5b84fe8deff6d7177042a802586d16c26176ec58952309 https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html |
| M19-ik401 | Sage_794392e7 | Windows | This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | 794392e7b6e01e0a1aaf185b6cf8885d | d9ef723003eebcac0a4be4eccaf67e1462d3ae07 794392e7b6e01e0a1aaf185b6cf8885d a24fef8d4b55e29dec0b57011e4aa605a39b0ce3d6f207d94ca6e83cd11edaa6 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-6kx01 | Kovter_07e34623 | Windows | This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware. | 07e34623e14d5380949b1d97c63fc53e | 5902929f72baf7f31c31d34c9b123f5ba7feb876 07e34623e14d5380949b1d97c63fc53e 08e337c9f049aa7529aa727fcb8898d1eb2bf14d4b656af95d740e07d7ef9b67 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-xcy01 | Ircbot_1d638023 | Windows | This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. | 1d638023b682c2e308749ed06a46ac50 | 73763ce65f186edda86880e317d4ba3b56c1407e 1d638023b682c2e308749ed06a46ac50 2da6a2799761b83b1206e7dab4d590dfb689af837cf3ac66fa3e58bb8484ee21 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-nck01 | Cerber_a720f4c5 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | a720f4c56fb4483912eeba6326f44215 | 55ea832872e3db6ea9193fb1f5ecbaadbefa85bf a720f4c56fb4483912eeba6326f44215 5b54c5a4b56149231c5b2c0b9f0f40e226a4a198c9081068d245320f502fb439 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-dii01 | Cerber_32488901 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 324889012844812ca8144bc7304ac1b6 | 0ee56879cfd6bed3d015b4f5496eace25436c9ea 324889012844812ca8144bc7304ac1b6 12c882e47ae5e2ef9e3621b1d8a719458041ce6f1ed38b370c45c821a5e8c59b https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-5m101 | Cerber_ad62494d | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | ad62494d684d7b30a440fc2b66e9013b | 8d147ddb5945994b68384634e245192776064c71 ad62494d684d7b30a440fc2b66e9013b ff4ab281a403144dcd8fcf788e5421e739276389fcfe5cf31c708257d0474799 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-ipe01 | Ircbot_48af7806 | Windows | This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. | 48af7806457a51b6729af66efe4ce57d | 6a739351c8562b3d143440c64302f42ec2ea6cf3 48af7806457a51b6729af66efe4ce57d 1ffc4c395bbb6a3a25b17845a5bf7d897e7c9455c29a7d930607dddb1539f72e https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-bzs01 | Lokibot_17efe18d | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 17efe18d151342873460c27b04afc04e | cef4b5fc5cee3234e801e29a26bf7ca7149a43bf 17efe18d151342873460c27b04afc04e cce98d91043e66d5b85e536b8864e604d2b26566a8d875dda21e93f51efc6f71 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-c7r01 | Lokibot_403f4bf7 | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 403f4bf77f633d855293634fde91faed | 13becf404e2a6d0f8ba45058fe306cfafb34e35a 403f4bf77f633d855293634fde91faed 6f86b9a80e340cae7b6ce7c70b06f7237c54019c37faa9dd888b57fe15568d6c https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-vjb01 | Ircbot_c7314ffc | Windows | This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. | c7314ffcf97d67498941b2b7f65deb41 | c871da475b43f3ce26dfb8290bbea21867d38af9 c7314ffcf97d67498941b2b7f65deb41 386fdf3836ad5b3bf1588e6b40700abdc69eb793cfe7c6f36895da751944d2bb https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-i0z01 | Cerber_5f140daf | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 5f140dafdea9c587d604e9250da0dbf9 | cc0b2c11314c662701f096dad6cb6330ca1f2d73 5f140dafdea9c587d604e9250da0dbf9 18ca84623943190fa4ac1f756742b2ae30666d74acc7deee679b3a91bbd75e6f https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-1ya01 | Remcos_013b5699 | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | 013b5699c6eaa0bcd5a77ee05fa47bbf | 951d561a3a9493a2ba58cb4fe64327234dd65c00 013b5699c6eaa0bcd5a77ee05fa47bbf a280c5a73c7388441c7b06d600fd0237cce304d02b93a80a88dff73e1e1fbcc8 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-rj801 | Yobrowser_b96ebd1e | Windows | This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software. | b96ebd1e7387d7317d443c57926131c1 | c60161a8eb66d3bcb58f0c48bbd37fb8863b47c8 b96ebd1e7387d7317d443c57926131c1 0912999b354d903202f981d327670d3dd5a6f37f3c3374cfbf29b9d5dce86e5a https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html |
| M19-omd01 | Yobrowser_171cbd6a | Windows | This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software. | 171cbd6ab232425f721dd90e93ca8126 | 399b199bc6383efa029142dee418c12a466ea849 171cbd6ab232425f721dd90e93ca8126 1150e22d4d164cd9a07ee28a6c6d33e657e10e1af6f06a3423c56a5f0449b02c https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html |
| M19-lhv01 | Zbot_3f129862 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods such as key-logging and form grabbing. | 3f129862e14f2b578ff433b9570d7a6a | 03be6332cc5f381048b064554bbdce9c85ee600c 3f129862e14f2b578ff433b9570d7a6a 87aef6c3658a5e31c59df0dbd604d1309cff42b84cbe2761634e8e5f8add3cba https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-7ak01 | Zbot_25566363 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods such as key-logging and form grabbing. | 255663635b26f94e34e33c1862458ead | 04b7eb26d30fd96e4593c5db9ea8e01b28a47aa6 255663635b26f94e34e33c1862458ead a8ccd6f1a376356ec6a54a0f233d495183d52bfbe0da041403c32717d5321853 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-e6n01 | Remcos_0d5a2032 | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | 0d5a2032b8d57480744e43f135e0bfe5 | ad0f8076ea27ef1e6d1118ba7ef312f0e652538e 0d5a2032b8d57480744e43f135e0bfe5 abd1175388917b260096ca11cc3a8c3e56425abd0dc04650f528ad1669214923 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-y6w01 | Sage_1899dab9 | Windows | This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | 1899dab9d4b234ad4aa6325d66f28a05 | 1a7479f90f8b7b3f84e776b8913bb6840d4f8b82 1899dab9d4b234ad4aa6325d66f28a05 3599109b2d20e97baaec09e11e917058dc902158a377015c425a7371ff584054 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-ych01 | Ircbot_a16831e3 | Windows | This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. | a16831e39036aeea2c125016f7a0dc02 | 2c673faaf625b8310f6867111e28ffec15dc4c7e a16831e39036aeea2c125016f7a0dc02 168070acbb2cb5200981e8d0dbed8255bb389feef078162f1ba140dc3ea33553 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-0tu01 | Ircbot_d82a7ec5 | Windows | This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. | d82a7ec59ab7aadf1d8f4c407a3d2a9d | 13b2aa4bab7d286964a27efa6c400dd88a22db3d d82a7ec59ab7aadf1d8f4c407a3d2a9d 02fb71eb8559f95fd9d1bc2a31b119306c15a0921ab79101bc35e5ee1729e873 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-2eg01 | Kovter_3caf1de8 | Windows | This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware. | 3caf1de8fe743ab6307dd0d0df9cc31a | 43f447e538d45f781aa83140501240707ddce036 3caf1de8fe743ab6307dd0d0df9cc31a 10f8c098454c63c90a986d037d571d055f5174a00e1f380931157a84ecdc2c01 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-oc801 | Sage_cf5ff562 | Windows | This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | cf5ff562b0feecd5b40d389de13af80c | 80bef063e84862dd5e8c8a87db31449c992a4906 cf5ff562b0feecd5b40d389de13af80c 901ff9ae67350d0d294b9b666a7b1fc5612df5fa7e15acf78561716f5a6567f7 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-drw01 | Yobrowser_b33e2b5c | Windows | This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software. | b33e2b5cb98ab7638db85054f70bd7e7 | 3e0976ab8d8aa51d2463ac7a52b5f1af509571b9 b33e2b5cb98ab7638db85054f70bd7e7 36ca931623f279c6683ace47e425666510034f5e18441f90e895a3fc6cd2bbdb https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html |
| M19-sgy01 | Remcos_ded0e6b3 | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | ded0e6b301e1e21a75b5a6142124e8b5 | 5c4220f81089f7c1b4a470327bdee0f4e7810f35 ded0e6b301e1e21a75b5a6142124e8b5 b95ea3839a21dfeac94eb4f21efd35d2f1652a7e4c7f65b08bdc846685a7de44 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-mca01 | Lokibot_b439f139 | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | b439f139528066555e953c94553d292d | 97c7d13bc6ed7b189c2ae9a59e8cf0c8a4c3f6b8 b439f139528066555e953c94553d292d 9ad80c24445040b882abd94406f5bd389ab83b400ac4177687e653277788d7f3 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-tw301 | Yobrowser_8066be8f | Windows | This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software. | 8066be8fdda63e708d67e9b87a20f22e | 64c904730f9fda75f485d3f192437ee64aa64d4c 8066be8fdda63e708d67e9b87a20f22e 42827e85051a54995e67aeb54b9418968224f6c299887e4afca574e08b2b76c1 https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html |
| M19-7je01 | Remcos_76af44f4 | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | 76af44f4f24edd1245d0c9f1ea28329d | 31448fa15fb427235ab414f7aae428007f40d73b 76af44f4f24edd1245d0c9f1ea28329d 7f3e2f8ba14f4f08655e53d1e4daf2fd581e58a444c8c66c57292e28fdde1afc https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-f9d01 | Ircbot_dea22492 | Windows | This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. | dea22492ce9b1c0207067f19604a2c28 | 00e16f8f8ebeca0c3406463159d51b94c2e1db9f dea22492ce9b1c0207067f19604a2c28 343054da58235802ed6126128c9b5d1017e32f0831ed5bc09748c0c3707d5433 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-8b801 | Lokibot_4700527b | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 4700527b90dfb9a27750fd59a81bfe67 | ee879d8a6995368e89113b9d1d3f5488636c1df2 4700527b90dfb9a27750fd59a81bfe67 25fa58e7d7821ca2c5cdb947422289eae7d3909efc9455a7a5ef4e476947f4ce https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-dw501 | Sage_6006bb76 | Windows | This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | 6006bb763a8ad197858ff6be46a8a30f | a0dfa464bc4a081025221d4a1968440453457a2f 6006bb763a8ad197858ff6be46a8a30f 239d51f57e2cb6b6dd712deeef8d87a4a1f78b10269424edf028f79eccf70bec https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-yns01 | Yobrowser_ebad5af4 | Windows | This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software. | ebad5af413ab26c70f017688d6f0d94a | 8233ca8945a1bab2e988feaf69e9cc9af055dcc8 ebad5af413ab26c70f017688d6f0d94a 482675e5774d1714ae17b5daefd13697fe3a921feb20fc4360065c2135b9c7b0 https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html |
| M19-6l901 | Lokibot_e0d3f98c | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | e0d3f98c6f7d8db55a804e295c276136 | c8ed0bf981ac84f291e2f1371d3ba7cbc86a1684 e0d3f98c6f7d8db55a804e295c276136 a493e9a4662dabc9083cde701821e1df98e499dd9404f49dbedbe3f55fedd764 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-1jz01 | Zbot_ddf16a0b | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods such as key-logging and form grabbing. | ddf16a0b3a810bac98062b4d356b513a | 056673a8ae6b9490f6844e7a4a075006314f7172 ddf16a0b3a810bac98062b4d356b513a b16564e7e63b6761a2a307d0f03b5eb8725b7f688693df8d4cea881f09b2d959 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-qt101 | Cerber_acd1e3c0 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | acd1e3c0f70d521bb0bdd00777dc3a0d | 157f5ac1744edbe06beef507ceef248cffe9b208 acd1e3c0f70d521bb0bdd00777dc3a0d 734e3caad97e6edc7e62687d5a8a4628348ee24726938204779f3f5eb7a0f400 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-bcj01 | Remcos_d19c9600 | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | d19c96003b2febcb82983e99eab01ec4 | ba8696d200af8980c71eb326ae291eb8976edf42 d19c96003b2febcb82983e99eab01ec4 516aee696300bb4b56085134b659caa5800a89badc46fc6611864ff5e79ca872 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-v8w01 | Ircbot_e5cca6ab | Windows | This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. | e5cca6ab7d9252e2bf4640293b83ebfd | abf71c9b639c803f182b4c05d83fe026b25e0a5c e5cca6ab7d9252e2bf4640293b83ebfd 1538cc3c6f059ee7b734150f5e8eab97739c226119edd8b07c543ac77fc68ca5 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-jyh01 | Cerber_9d0b1882 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 9d0b1882259c04447a9086bb566f1fd2 | 7b41f93bf05320cffce59c5b921ce654a0edce6b 9d0b1882259c04447a9086bb566f1fd2 4c3c95c99f5d583e2bbf8fb237e55aee3595dcdf24096dc0336190a067487e15 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-3jn01 | Remcos_e4188a48 | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | e4188a4875bd58740d22042871b3c034 | 578209bd082836e247e90db10f664b32fc82d9d2 e4188a4875bd58740d22042871b3c034 430d466c1c81f8b680b5e8d57eb696a1c09efc0727009ee3412698bdbd77cede https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-ter01 | Yobrowser_8a9a13b8 | Windows | This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software. | 8a9a13b865a80733906c7b7a7c17a981 | 3891be7000b9ea0e9a044c49ecf635b29826a072 8a9a13b865a80733906c7b7a7c17a981 259546449e9e630fbe3bdcfbda7c51de9c1e7bb93022bda08d89bea95ad23a24 https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html |
| M19-gz901 | Tofsee_b436bf78 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | b436bf78e9cd10362efed6ec0a687a7d | b8587e77f07630c00f84af401f6d46446fa736b5 b436bf78e9cd10362efed6ec0a687a7d f1e790bcc0711047ab255646e07ef7d2fb644c45b24a4bc67250e2c8ee9318a1 https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html |
| M19-a2b01 | Lokibot_618c3a07 | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 618c3a07f02b60888dd14c14f3d4dc4a | fc5fee1352d47e44876a8476c5c22ab6dd16a31c 618c3a07f02b60888dd14c14f3d4dc4a e25beccc8caa3518794a0ba5edbdc99916a66cee94fd55e25d9d34a23420bbe0 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-itd01 | Zbot_20dd6abd | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods such as key-logging and form grabbing. | 20dd6abd7c62ed311362b2c30db0b7be | 0667d3a2935490c576d31ce64f3df5c108b59f6f 20dd6abd7c62ed311362b2c30db0b7be 75a96e041086cc1af7696888b0519dcfdba518234345f55746ef5a3c5b7db554 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-mjd01 | Cerber_62c89150 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 62c89150526aa2f90c565365cc3484d2 | 5dd6b14278ec5ef94b9168625239e5846d25f22d 62c89150526aa2f90c565365cc3484d2 4f5e962ece139e2478863ad05e2d92ed0f8d37c98616faa2338adb84efe99744 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-kyk01 | Lokibot_fc79e212 | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | fc79e21239ba9ea978ca4ce8a7539edd | 0b7381679b656ae6e7a52f88b01feac97bdc234c fc79e21239ba9ea978ca4ce8a7539edd 90836122fddbc258f491d097e53e155258999cee41fe1550c78354aa3c8f2e04 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-ngi01 | Ircbot_ffeb2315 | Windows | This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. | ffeb2315d56610199a6a57dccd7400bc | ec663713f89791ee3adf065e959452cd82f7f454 ffeb2315d56610199a6a57dccd7400bc 1b0cff388754655704d76af041b56978edd261dd7c2bb8a64a7a79a808312e00 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-dxo01 | Tofsee_4ad06142 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | 4ad06142531f44652583a40b2054ebd1 | ebd8f4750e55cc6780777531d586bc23952cc833 4ad06142531f44652583a40b2054ebd1 e1cfadc86259f90b2f1fb5cd23bd267a94ed8c8a2d72035b6e335fd5e68d5866 https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html |
| M19-lbg01 | Cerber_0c04b480 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 0c04b480d79746d697d164b2503f5628 | 9ab6c26f05c27ca735c6a9ad9c6530f33c5b4890 0c04b480d79746d697d164b2503f5628 692772293eb858cc1aa0bc9844448d3330a057992453e6a75e0a20e528ee4c6b https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-qu601 | Kovter_54144778 | Windows | This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware. | 541447789dbe90613fc9113d6c2ed0c5 | acc6fba13e98e405e8ffcfe62605fb13201a2cae 541447789dbe90613fc9113d6c2ed0c5 00bd28d59cb4b7018516410c9664eec2eefe7adba447a37edb587d4829eb760d https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-od901 | Sage_dfbe7383 | Windows | This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | dfbe73830b8b1927e73474933b28c082 | 64c6cfd74c49eff5f50f5d9c5c2c00dc26f9482b dfbe73830b8b1927e73474933b28c082 97c9f82d70fb957f74e31413b9ac00e56bdab268727f11189c781e7ac93b5479 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-yqm01 | Zbot_a32f89a2 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods such as key-logging and form grabbing. | a32f89a20dcbb31b36e30950803feb30 | 061ca6ee3e76041c6df1f3a1db81497f1e1c503f a32f89a20dcbb31b36e30950803feb30 efd021314885ae49896a01c9244a4ca301cfe74e72a3ad6ca35afc8dcbbc01f0 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-9lv01 | Cerber_86606705 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 8660670565231f52918f61e930d12821 | c47be8dab247d4c292027bbfc9608c7720a24511 8660670565231f52918f61e930d12821 6179ede1ad0a80f932189cf1035fe8fe2329b4bde4ccdfcc1d3cbec15179d2b7 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-phm01 | Tofsee_ade06892 | Windows | This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control. | ade06892269543056df2c938e4f9a850 | e4d6d0f3700828f94c1e18de08ef9214f3e5db84 ade06892269543056df2c938e4f9a850 de76a7d7af2c38342333014608b75117a2d1868d9020f62fdd117cdfb5ed30fa https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html |
| M19-m6s01 | Lokibot_bde9ff6c | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | bde9ff6c0e644e6f8f88b34f133b4654 | e134584d2c8b6cd646f31aa0369dc7f4a7cbfe37 bde9ff6c0e644e6f8f88b34f133b4654 45332fc059e1f72e4c9c27bd61e33b9af765299f3685bc1e33e31dae5206311b https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-yjy01 | Remcos_5efb746c | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | 5efb746c5e9ed4a134e5e4f854c5bf8d | d773308abedbe6b7f0289433dc21853ee4da5f55 5efb746c5e9ed4a134e5e4f854c5bf8d 30f9c76cd44a579c337269351ab40daf575e5996769cf23ab9a0047663593809 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-6za01 | Sage_d289ed5f | Windows | This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | d289ed5f16c91139588ceeba0790492c | 413288238860ed62655d93c3a81ecaed5163ba57 d289ed5f16c91139588ceeba0790492c 5e9e35441ce1473fedd37ca2356cb4932d47f62a9125903383706dba1c356896 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-ye301 | Cerber_d926c76b | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | d926c76b79f77635df2c59e6ec8865cb | d12bcc239ff219961f1c734bcb0570c6d8675501 d926c76b79f77635df2c59e6ec8865cb f378761bf7237c3355845ae18cc335b384e4ea7ba5f8ec1deea3fc59e3880050 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-73p01 | Kovter_3bd6d23e | Windows | This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware. | 3bd6d23ef83d111aba238fcd8a733527 | 888589720334df271bc818e6db8a1f11f1471c4a 3bd6d23ef83d111aba238fcd8a733527 0adc56352600d4dd0a413986ffa45cbeaf04b973abdbd86c9b0c87a53440e294 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-txr01 | Sage_7303471f | Windows | This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | 7303471f8b6f2ddf6ebe0a2c1eb9acbf | 4bcc4e1a07cff1748942c2662d76f8b1ee4d75ac 7303471f8b6f2ddf6ebe0a2c1eb9acbf 9c7b75a7daae70019419abd51ce4c2bea8e383bd7e618b45d640b08a5f07b99c https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-onh01 | Cerber_3e4c2df0 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 3e4c2df0ff6c1ab4d6fff18f48f89641 | 4a641440ce71c5668c96c9f5e38647db9e57c2cd 3e4c2df0ff6c1ab4d6fff18f48f89641 80616c2ddd1a8c4e8be8c6053a905c9687e1f83336cc5661dca04c5ffb056afe https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-q4f01 | Yobrowser_a54ac404 | Windows | This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software. | a54ac404317c099aa1d6f7ae3be685c8 | 970ab1f07cc123adc078032ba9b302598664f9a0 a54ac404317c099aa1d6f7ae3be685c8 4f349d22bc1cb7e4defbd97debebe906a5408351e7069cf5cc2333338d5be8ed https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html |
| M19-hz501 | Remcos_45f914a0 | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | 45f914a0e68ab66379277202806b6198 | 625f8fea0c0c463b9d8f2526daa20fc0c3e0ca92 45f914a0e68ab66379277202806b6198 4ee4c01b513f59cef746c45b14b8211597937dfba27fb58b5e003fe97b7c87ce https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-53m01 | Lokibot_43a1036c | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 43a1036c24cd8fe552570cbb8afb27ac | c4018be704aa1e968753132fd14577e8935920b0 43a1036c24cd8fe552570cbb8afb27ac dd33d5c467751e8f531bd557cc74f91619d43e3c8ebd1a516c339f33d3be9ac3 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-1vy01 | Lokibot_ac0756ef | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | ac0756ef758bc0072f7be7a54d09d102 | 95b52f7bfac19f4ede21db1eca13cfa20fb2ac23 ac0756ef758bc0072f7be7a54d09d102 33527e13eaf4f1ad749a5d00e5f2f8c06e55503a492cdd3a2a01bebc79360aa3 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-t3k01 | Kovter_06f0f2a8 | Windows | This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware. | 06f0f2a8e20f8b08a92542ad282fc22d | 526bdbf0729c24bda5c6012b884c053f569afa17 06f0f2a8e20f8b08a92542ad282fc22d 56b0d6771543530d8a49ff3e8581f0a81330500ca9e6794a15f6876a394285f7 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-dot01 | Ircbot_7aa9c156 | Windows | This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. | 7aa9c156e34e877c1231368079429c69 | b2038e6ca0b7a5b9e7f2776e24bf371a8b2042bd 7aa9c156e34e877c1231368079429c69 22e62621d215f605a6ad76325c08c8ade8a78a55411fad1e4081e0406069404d https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-smd01 | Lokibot_95a2928e | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 95a2928e049ecdc9db9eb8c8a53eb66a | 0a1efda0d8755255aaad9c100e9a0274cffa1f3f 95a2928e049ecdc9db9eb8c8a53eb66a c6605ed53413e717e788b8f551455a1f9e94a313ebd00613fac0c63f7bfb920f https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-io701 | Cerber_70aa9502 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 70aa95022d5e359322411a91bffd0bf5 | 1fe9891dfb2d311e46f71542765b6c1f9253cd0c 70aa95022d5e359322411a91bffd0bf5 20b9ff24148baa96dbe1a0a7a48bbbeada81598988ee10605ebb21b139359e09 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-yr901 | Cerber_8b1f0773 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 8b1f077382505e657b7597f29911861b | c2680941e063ace0c28ad75a4f0013edb7eb9e3b 8b1f077382505e657b7597f29911861b fa754655007b7b726ede666f2838940ea89d3349dd9c1278a8c998e2eecda3e3 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-0nz01 | Sage_a0b2ec93 | Windows | This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | a0b2ec9372ba0900a3d1c81b6562d0c6 | c49d1036172b3f4c386d6696230c37115a3f069e a0b2ec9372ba0900a3d1c81b6562d0c6 a9ed29372780e5c7c43144308475457df9bc9767c5bdcc294a41eb4fb18a5ac1 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-cns01 | Kovter_0c026925 | Windows | This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware. | 0c0269258864c6f0eab8c656b57b7ad1 | 2900cc0eeb8839e0539762840c716c8892779e43 0c0269258864c6f0eab8c656b57b7ad1 037385b8865ee894bf36cdce3b370265b7da03447b3b4e18dd72d114330e9942 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-5l501 | Lokibot_b6303517 | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | b6303517fe0bf05681aad8adc9d90429 | e89c454531445c97c7a0e3a35a338f72664acbae b6303517fe0bf05681aad8adc9d90429 98a3e55133d7a23d343f2d690650e5579e485500447f0fff3e0e23f29c9fa86f https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-nb501 | Sage_7705105e | Windows | This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | 7705105e138e43c7655a5ce5078c7af2 | df81e27a2b9435912ef43d5c12ca72408e6cc86e 7705105e138e43c7655a5ce5078c7af2 5d62a735a26a9c4494ad3abefd99287889264451798948b8e3dd2a83370312c3 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-3dy01 | Cerber_b709ea10 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | b709ea10291c200ea548f851e925a146 | 668097ef2957441c64ff812cbb967bbc7655c733 b709ea10291c200ea548f851e925a146 825848fa43ac2ea280104225d930c7c85f33700c51528113295e75c8dc160aec https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-o5w01 | Ircbot_e9d41925 | Windows | This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. | e9d419251de054f96f9abf1d63701a0c | cf0814a5e6183000c2dcb465731e1b2af4e604c3 e9d419251de054f96f9abf1d63701a0c 1f9c1401a3d5279386e59811bd6a916fd555d0ce2701f955110cf548219f64f8 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-mpq01 | Sage_4e6e7336 | Windows | This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | 4e6e73362e09d82992d646850a782f8f | f6e34e41bd8624dd6d9d551f257a1f2a2da11207 4e6e73362e09d82992d646850a782f8f c039c4ba185062fd62b7033dbf3b323f15ee8ec385029c7e91560dab1e1b6a4b https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-17l01 | Cerber_14d9b70d | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 14d9b70d8ad76170bbf6dcc720a99564 | a7f37c16511f7bd64fa33f67ad0ce6006f8e33b0 14d9b70d8ad76170bbf6dcc720a99564 9721c8e97b3ba15a00de9ab4dbcc0d3236253b5bb73f2b3e9d4f57c7ed3dd922 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-3oa01 | Yobrowser_479b5370 | Windows | This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software. | 479b5370033003ded350c0e119a42ac1 | 6a31252dae91aaf7722f175cf33cfeadecc1b98a 479b5370033003ded350c0e119a42ac1 3f2c22316bc2184f740f39499e41002c6d525a2c4c18dd0b9170c90410a5e4d1 https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html |
| M19-1zo01 | Ircbot_6a229e4f | Windows | This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. | 6a229e4f888ba226c0276ff723c5af37 | e21299639bb8d36c60f3943e13aa65afd78df762 6a229e4f888ba226c0276ff723c5af37 2d2d8936c9f938e60799545e538bc2397f1c2db0d5bf6a8e8afbb7cd561a81f5 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-bm901 | Yobrowser_099150c4 | Windows | This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software. | 099150c46581af8adfc766b3d9aeb564 | 47c4948dac66ce00819dacadf24639d0f8c21fc4 099150c46581af8adfc766b3d9aeb564 02be7ea7484ce02344237e4aab046aaa3af0f67f5b5bc7530b7757c182008374 https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html |
| M19-zk101 | Lokibot_b3916926 | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | b391692651c947850ee6dc9107d376b2 | a5b920726543d0deef76c95b61da9506b02aed86 b391692651c947850ee6dc9107d376b2 425b00366b5e0bbcbecaa17a6f3767ce182d10cb54d14b8146d60795e0a91b4a https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-dfj01 | Cerber_861543dc | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 861543dcf6c1d0bb272eb425394c7738 | 0588967eff54b5d06a2b2230ed2c7c2dbdc9ddf2 861543dcf6c1d0bb272eb425394c7738 d9cf96f1f2dd702e618982028129009100e88e30c325775f98e77df4bf907af1 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-loq01 | Ircbot_5a4de868 | Windows | This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. | 5a4de8686cb6cb7e2a145293eaf15e20 | 1394002b5790765f8ccf1b7231d87230a1683fdc 5a4de8686cb6cb7e2a145293eaf15e20 0e455cc4d487203ed86f96707ddcf09546c523b14238b003959d29db80db022a https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-rkc01 | Lokibot_a0a85726 | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | a0a85726658454e4b4ebd2aa891772db | 149a67d091665a5385694378ec142be217db4eed a0a85726658454e4b4ebd2aa891772db 83ad9a9b79964ccec70ccf12c7e01c0ea6ea0dcf391dd2ac014d2381e1ba42f1 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-a3701 | Ircbot_c716bada | Windows | This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. | c716badac432fec69833ade4e7756850 | a91dc5cfbe579e0008e2e30bb670070d653bfd52 c716badac432fec69833ade4e7756850 0b30c46cb7774dfa26d40809d4a665ba733364f3e9768314f5ac258c1ca2b213 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-2lk01 | Kovter_cf26b312 | Windows | This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware. | cf26b3124afe895fbc859b5638e4d41d | e45afd2052aa80d4b5ba407c2f10a5d087317f58 cf26b3124afe895fbc859b5638e4d41d 5263e898133a652e1e0ff1c94919d31c4c3da2bb1bf2fdbf876ba1dd18a01502 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-d6r01 | Ircbot_e85740e6 | Windows | This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. | e85740e6d161cf564c2f120a1cc6c12c | f9d4ebc5323d71f1ffda9ee17ae796c98d22f291 e85740e6d161cf564c2f120a1cc6c12c 3a6e2efe8331037681da5ee01f8deb8aa7cd9960b21f5975aef7d876f7e82b86 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-j9701 | Yobrowser_3ffba7e5 | Windows | This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software. | 3ffba7e5d3216bcf3dab157c753dadb4 | 82ef608a6126287bbeb106f54a31df416b58febf 3ffba7e5d3216bcf3dab157c753dadb4 1609b08dc860872a1a37967ec01e9c8d90813e42f4c32a4a5c7651b226bf1c7f https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html |
| M19-iv501 | Cerber_ba7be368 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | ba7be3688e0393961f26fecf36e44a3c | 607a307bb962cffd05a973f7c1cf30694ea3b48c ba7be3688e0393961f26fecf36e44a3c 12ec0e3ccef67f877fefce823785ac7d7dbb0f85f8ad001bdf7fc6bfe46e3981 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-1j601 | Cerber_0ab20a4a | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 0ab20a4ab237947931361403291a97cb | 91d4317df382db98989df4360fa2c95474eb6543 0ab20a4ab237947931361403291a97cb dc7f0f8206c6b155e04cca65f269b7f2a2238297e9782c4605ecd5cf5eb5d8a7 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-53s01 | Sage_64f33ba1 | Windows | This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary. | 64f33ba18f9e15479db2396b4e0619a5 | 1bde3ca8aa609f0f66d93e2318bcf0ccc23806ea 64f33ba18f9e15479db2396b4e0619a5 c771267b2194218e3e8c81795f9e13382415cefea5809260acc7f2a2a0ff8838 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-kpl01 | Kovter_23145db2 | Windows | This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware. | 23145db2c3a0c7c1c57b51405c10b496 | 068bc76aef7d4399c059b69bbe55a69c2eca4746 23145db2c3a0c7c1c57b51405c10b496 3fea545cce296bbbeb27176f2ce630493d3b680f789effa6d9dc26478d5f00cb https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-fvo01 | Yobrowser_e47ff0b9 | Windows | This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software. | e47ff0b90281125c219a70f269f5f1aa | 31faad739f1600a5d92590b13a5ecda61456771b e47ff0b90281125c219a70f269f5f1aa 2e39806e189e988a6bb094359db5aab14638a1737fded6ab00095425672aa13d https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html |
| M19-xae01 | Lokibot_b34f704b | Windows | This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | b34f704b0a2a783d2c065c0d6aea75a2 | a194ff215fbfdd471583a7c137b0e384dd20a25d b34f704b0a2a783d2c065c0d6aea75a2 dc9c4bb8db7e3b0d26dab3572df9ab97cd0218c14a17621104c2a6c095a61f40 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-uyd01 | Remcos_2791e161 | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | 2791e1618f2495d9fcccfd5973abc243 | 5d2774bd86ab43df3ce92853744f199dbcdf1587 2791e1618f2495d9fcccfd5973abc243 876ba61de5a3feb2e34181bc9a6e1197e70215b51cc169126c2d0bf0bb7588d4 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-diy01 | Cerber_9d1205c4 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 9d1205c424f143ef50b04b6ad2b56bc0 | 502be5093402912d930cd1865f0b16984cc83bdd 9d1205c424f143ef50b04b6ad2b56bc0 c381125d95a755659683f75fbf32b57546d7ef099e266ca1c00a305a1938736f https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| M19-ur101 | Remcos_df315b64 | Windows | This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails. | df315b646641a9b46b930f55f081596f | e389634e523e2b54a84d446767e5dc8c3149d720 df315b646641a9b46b930f55f081596f f601204c1446b69b8a5606eb6bfe4e8bded5287513a1beab99160d0495e79f4f https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html |
| Strike ID | Malware | Platform | Info | MD5 | External References |
|---|---|---|---|---|---|
| M19-byd01 | Emotet_96f06429 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. | 96f06429ca22db74d0bda87a2ac4efbf | 95207a5ce166bc6482b8918ad45b748d0d9bc3e4 96f06429ca22db74d0bda87a2ac4efbf 7dbcdbf63ed234c18481358441ee78e0c156f3da60bee606c6c52eafa25fe499 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-kxu01 | Kryptik_f3216528 | Windows | This strike sends a malware sample known as Kryptik. Kryptik is oftentimes a generic detection name for a Windows trojan. Some of the malicious activities that could be performed by these samples, without the user's knowledge, include collecting system information, downloading/uploading files and dropping additional samples. | f321652814b4f73ee6e1a4192476ffc0 | 8285c6ce70c13677a97f9a6e646509b03a0b5f37 f321652814b4f73ee6e1a4192476ffc0 0a8dbca58db6fd04e3b0fcb3ba3a08843676eb43362794b13d2b294b1428a8e5 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-jtb01 | Python_ecd4b808 | Windows | This strike sends a malware sample known as Python. Win.Malware.Python is a generic name given to malware written in Python and, typically, compiled into a Windows executable using tools like PyInstaller. There are a vast array of supporting libraries, proof-of-concept exploit tools, and example code that makes developing malware in Python easier than with lower-level languages. Examples of functionality commonly seen in this type of malware include the ability to spread laterally by exploiting EternalBlue PoC scripts and file encryption performed by ransomware. | ecd4b8082fd119a89eacc86be82fdc46 | 13607aa4280fafe7e08eb22b22b5bb204a4ae8f0 ecd4b8082fd119a89eacc86be82fdc46 2d5c9619b85111c8af13ad75bc334b26713839eed3ac96e9b22447039296aa0e https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-vle01 | Powload_b01c06ed | Mixed | This strike sends a malware sample known as Powload. Powload is a malicious document that uses PowerShell to download malware. This campaign is currently distributing Emotet malware. | b01c06ed89d2362b9f5ced838de5cc83 | 19fc4d3ecd6ae75869828f32097cc20e66d58a7f b01c06ed89d2362b9f5ced838de5cc83 1e0b73c5ec4b9516709c10ec708fc295df021451f958a89144d79d99604b3664 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-aqn01 | Uiwix_762ed51d | Windows | This strike sends a malware sample known as Uiwix. Uiwix uses ETERNALBLUE and DOUBLEPULSAR to install ransomware on the infected system. Encrypted file names include "UIWIX" as part of the file extension. Unlike the well-known WannaCry ransomware, Uiwix doesn't "worm itself." It only installs itself on the system. | 762ed51daa67d2a6a4ea641ec5a5b6f3 | 9d6f2b7db9b2ee86206fc209824bd4fc23f594cd 762ed51daa67d2a6a4ea641ec5a5b6f3 181ce9db0dea2a3a2e08860620c3015e61995a93729cb07e0b157d0e75c73343 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-cjd01 | Cerber_d62798b0 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | d62798b0d0ad13f88b296e19ed69c9b2 | 9a44ba6220cc1c4f99ffefea143d9597dac45dad d62798b0d0ad13f88b296e19ed69c9b2 212ef6edb374b8aab38ad19fa15e2e2f4674b7d2cbb024f36b9477fc71c71769 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-az801 | Zeroaccess_24f80c93 | Windows | This strike sends a malware sample known as Zeroaccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | 24f80c93b79467d414f7ba1309a573f9 | d14c16697e9e61905bb4481dc97429b2bf6e66a5 24f80c93b79467d414f7ba1309a573f9 456d4a6d6fbdc25b6c9cafde2af81b6023293e564ddd6473e42f8e420f1fcdd5 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-98201 | Fareit_4f047604 | Windows | This strike sends a malware sample known as Fareit. The Fareit trojan is primarily an information stealer that downloads and installs other malware. | 4f047604fd21285542b46c11849029e7 | 5dd1959064b82d4450472fab8b9b31fd9308c5a8 4f047604fd21285542b46c11849029e7 446166d1a9e7e1b7e12547510f7de7bc4c281681cce1f9f8576fce9de7b1dc05 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-72701 | Python_febbce8a | Windows | This strike sends a malware sample known as Python. Win.Malware.Python is a generic name given to malware written in Python and, typically, compiled into a Windows executable using tools like PyInstaller. There are a vast array of supporting libraries, proof-of-concept exploit tools, and example code that makes developing malware in Python easier than with lower-level languages. Examples of functionality commonly seen in this type of malware include the ability to spread laterally by exploiting EternalBlue PoC scripts and file encryption performed by ransomware. | febbce8a98358aba249a283847f31653 | 12c5cd41e3d9038f8b8c401ac74c72291b854645 febbce8a98358aba249a283847f31653 605cbd5701cbbc4a36935599525e6d0d5c1a043c9252aa081cb9c2f3724fc8ba https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-w6j01 | Tovkater_85987857 | Windows | This strike sends a malware sample known as Tovkater. This malware is able to download and upload files, inject malicious code and install additional malware. | 8598785738be465fef9e90ff59f45fab | 000d9ed680a0d60b806fcb02c58301f1f210b1c0 8598785738be465fef9e90ff59f45fab 21a9fb85cec099bdc2bf419b9bc07dbe6f9b1dc40b8e2853c119093706d1a3a8 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-aaf02 | Fareit_91ae66dd | Windows | This strike sends a malware sample known as Fareit. The Fareit trojan is primarily an information stealer that downloads and installs other malware. | 91ae66dd51f1ab4ec562a5256266e756 | 238dbd7b0cdf049678366d57f7217446fdd6fc6f 91ae66dd51f1ab4ec562a5256266e756 5c0016d2122382734395929696e2d737162f797bb4e21ab1cb9af7c9429823bf https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-3bs01 | Zeroaccess_ec19367d | Windows | This strike sends a malware sample known as Zeroaccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | ec19367d1a6dbbb79c8e38242ee74022 | 3b2d183bcfb85fadae991aac7e20b70746b75b61 ec19367d1a6dbbb79c8e38242ee74022 658a040596a2b67e36bd8af81037fefd039eae1bcf63b99928f3b5125e414019 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-niy01 | Fareit_56238237 | Windows | This strike sends a malware sample known as Fareit. The Fareit trojan is primarily an information stealer that downloads and installs other malware. | 562382378ca63f0bf1ee7d3d4c3d8cf2 | 04a83aac9dd1906189ba17e30a81ea097ce8c5ef 562382378ca63f0bf1ee7d3d4c3d8cf2 3409a0970239cd2fc61b66db3c6e7c49921b2c828b59530e37dc34504ee46081 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-id901 | Kryptik_c8eabee0 | Windows | This strike sends a malware sample known as Kryptik. Kryptik is oftentimes a generic detection name for a Windows trojan. Some of the malicious activities that could be performed by these samples, without the user's knowledge, include collecting system information, downloading/uploading files and dropping additional samples. | c8eabee0a135cfa0e74d26b5664a6b6e | 616aaea86a9bd5a15d34f287b9a6b324e3845cf5 c8eabee0a135cfa0e74d26b5664a6b6e 516873875312e95e415216eecdbb0fe3799559cd774d68dd10f67b2e413cb646 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-03z01 | Razy_73f42eba | Windows | This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan. | 73f42eba27780506aadb448098905c5b | ecb934fc91d4c2741ee467dfdd07266b4053ce0d 73f42eba27780506aadb448098905c5b 14a95d66f90495fcc278258097ed704aca265dd6bbb966903abe00dd7225cd11 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-ld801 | Python_b34e9260 | Windows | This strike sends a malware sample known as Python. Win.Malware.Python is a generic name given to malware written in Python and, typically, compiled into a Windows executable using tools like PyInstaller. There are a vast array of supporting libraries, proof-of-concept exploit tools, and example code that makes developing malware in Python easier than with lower-level languages. Examples of functionality commonly seen in this type of malware include the ability to spread laterally by exploiting EternalBlue PoC scripts and file encryption performed by ransomware. | b34e9260bef9c4b49ca7451095cb5e87 | 01364de560d285d4270e217d2ddbbef8c154dfca b34e9260bef9c4b49ca7451095cb5e87 70c258ff7c21f6319d1434480d5ae6f2e111feb864a5e33b81b01f8364247d11 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-hqn01 | Emotet_0a295f2d | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. | 0a295f2d33bf58f843405bd5dec13b96 | 00a56517ba358e22a7fdd66c2c1cabef7a20de82 0a295f2d33bf58f843405bd5dec13b96 e6c00d963b75e7e5e3f037d54dd3d7099f92dfae0cda82fb5d483e6e8ce8b33b https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-qxr01 | Darkkomet_c4066298 | Windows | This strike sends a malware sample known as Darkkomet. DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc. | c4066298c44a7c3128c76e3c0e588469 | d1fe938d5d05a7fd03766eda31f05d1c5e9e80b2 c4066298c44a7c3128c76e3c0e588469 548d4d3ee7271c7b57f7b99c0b1348da5d1c94e7acfe1adc47f296a562af47d0 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-m2j01 | Emotet_fbf55dad | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. | fbf55dad5de292c9b41ea5c215d2d055 | 77f46d6286fd77a4dac02134f7742b5a89ec2eb7 fbf55dad5de292c9b41ea5c215d2d055 42697c161579c4e96b49f91935b12b3ec042ce5bfc5a583e8b44b416eb5fcf8f https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-l7r01 | Fareit_134d0a6d | Windows | This strike sends a malware sample known as Fareit. The Fareit trojan is primarily an information stealer that downloads and installs other malware. | 134d0a6d6f32d87291860510e08ff9bd | d64ecd587b4344225ee58c97089aa4a8d792c7d3 134d0a6d6f32d87291860510e08ff9bd 0758f55d7c977e33b0c64c6bdf273d1fc639440505d3f015c5d519dc6200017f https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-xs401 | Razy_2496fc6b | Windows | This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan. | 2496fc6b368867b87a675fd477392ffe | 1b0d86e46efe7c4a4a8dec503b9ac2129314cf77 2496fc6b368867b87a675fd477392ffe 003c194a95c7849375590c48f1c5bc5fa23099976e09c997f29b22b367c1d3d2 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-w3101 | Emotet_463dd67a | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. | 463dd67a128356a408cc0a584ad2a73b | 8653a8cb93ced9bdab697b91e2b8eb8fc085bd2c 463dd67a128356a408cc0a584ad2a73b 2d7102eb62f9f8c523b7500c5b47eb4cadeff07b2980552e5f8f59aede506eb1 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-7vt01 | Tovkater_f6080842 | Windows | This strike sends a malware sample known as Tovkater. This malware is able to download and upload files, inject malicious code and install additional malware. | f608084220669e65d38a496240326af4 | 0004841578ffa0d3daf048a682c80034b829aa3d f608084220669e65d38a496240326af4 2e23eb71950087f2212e0e591fa462b1706571fe55c87454de7003de4a982d95 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-n8a01 | Ursnif_9e435e34 | Windows | This strike sends a malware sample known as Ursnif. Ursnif is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits. | 9e435e345f96544d8df42877df00d4e7 | 73f1e5fe9ea9e61dee93cb786a77d13cc4c0f3a5 9e435e345f96544d8df42877df00d4e7 e450ad1c3dad95a579f43bf2deb9b58acc8c661e0090a162da75dd66ef608e8b https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-qm701 | Cerber_a26d16f9 | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | a26d16f9cb06754d9705c804d1e73fd9 | 8c6f776e7b50b8e562733cbd2a609ee326c23160 a26d16f9cb06754d9705c804d1e73fd9 0536d5867571e0ed9998dfe458e7cf42334a9abc67e1cbd9ea3004507f899e3c https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-95p01 | Emotet_365a2203 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. | 365a22038cd02413d7d3ee14b936961c | 2deedfc38356cb873cfc2ce9a7b0b9b95577567c 365a22038cd02413d7d3ee14b936961c d9d2d222e053edc845ce56cdc0ff3516f8e962ee226434772609ee8ce6edfc91 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-2zl01 | Zeroaccess_236639f5 | Windows | This strike sends a malware sample known as Zeroaccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | 236639f5664b215fb1225525e555ebe4 | 6066d3bbe74a08a701abfa66596538f9315d213c 236639f5664b215fb1225525e555ebe4 2db74b28c8d6fb6cd5dc708a4f63b5f0552edfdef708c2f86ea3a40361e963fd https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-kxr01 | Kryptik_cf1315be | Windows | This strike sends a malware sample known as Kryptik. Kryptik is oftentimes a generic detection name for a Windows trojan. Some of the malicious activities that could be performed by these samples, without the user's knowledge, include collecting system information, downloading/uploading files and dropping additional samples. | cf1315be229b53d9237f5a7f55c1b394 | fbf201ee0bc59515850d873ea96e363134395ec1 cf1315be229b53d9237f5a7f55c1b394 70b6964498ad91dc5cf69bca30abec8c65f549e6f11ce47b62cc999bfe167374 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-ae201 | Qakbot_8de03ff1 | Windows | This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 8de03ff177e5f2f7c52a75351b7758dd | fe7995c236b5df20b3723fd23392ac116d304c11 8de03ff177e5f2f7c52a75351b7758dd 117466b3e9dabd69d510d9e034eec875d9ca2ad9dbb8c5d123b388ac2a65ebbf https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-sff01 | Nymaim_32039ef4 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | 32039ef4571578729105854fdc9dc400 | 0a88e04a6b276782db3db0029d9f73357fa67e21 32039ef4571578729105854fdc9dc400 4268fb8266c18ba7392e2ac655dad69b952bcfce10a71b34a821f0ea32a02954 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-wof01 | Razy_715b4dff | Windows | This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan. | 715b4dff5be71bbba5ce04f9a0378763 | 1ffa935813afc8c9ec13aa4ab21194e2e28f8d14 715b4dff5be71bbba5ce04f9a0378763 76097734f64ce5ae9b008273431fa4c81e32b05a9b8586c39b80e68ee70d0a8a https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-a2s01 | Ursnif_4724303f | Windows | This strike sends a malware sample known as Ursnif. Ursnif is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits. | 4724303f3a4d6cdf3da88f17ee8efe5e | 2826bdb9f3a26f41168a15e2e9b2af21757a5642 4724303f3a4d6cdf3da88f17ee8efe5e 395a5bb5a15f3d0c277835b62372c985cf718cdd2b1a5a504b5e9433c5dab8a5 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-4by01 | Qakbot_8dac95d3 | Windows | This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 8dac95d33cbd0ee9b11bc82d26a8aec9 | f5ff220ef3311216b4d15922b90cd39dcda4e166 8dac95d33cbd0ee9b11bc82d26a8aec9 1c0c7d00ccfb9f12299fd7df7ec2ad497cb6c8fa60b903694f2d2bf54af7c30c https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-qjn01 | Qakbot_48334a7e | Windows | This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 48334a7edeabd113b2c571d652548e88 | f9e4934d26d44125b854765cf65257eeef0461e5 48334a7edeabd113b2c571d652548e88 17d23f910311aeb341ee348586bb212d1cddb70152bc4d1bc31ac579693d7741 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-kti01 | Emotet_68244389 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. | 6824438966eec56c062e02707e9ebdb7 | ff47ebf64a88356e29b354193bd4d85a2401e8dd 6824438966eec56c062e02707e9ebdb7 1e04bcdb51abfed7d2093115cbcaec092b5e8840556f172f368c0a62057c7a37 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-tg101 | Cerber_ddb4bd2d | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | ddb4bd2d62d064cad58400ed96ceeacb | 45bdcfec6a31ef76df98cd587b41bb954f4a3e45 ddb4bd2d62d064cad58400ed96ceeacb 2b7669616638e5976b1c65b492d9e775ab668648d0b2ca5df81bcbe26b7e1123 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-mmh01 | Zeroaccess_720fbf92 | Windows | This strike sends a malware sample known as Zeroaccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | 720fbf92a42b6ba85b8ebb5c36030081 | 3e8ba35b2b6ea5d0566725c814a8e2d6fa48ef49 720fbf92a42b6ba85b8ebb5c36030081 5a0f61ab9e096aa16c514f37f60853a708b3eed62dfe8c14643dcc2652141d96 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-8cp01 | Kryptik_1ebce373 | Windows | This strike sends a malware sample known as Kryptik. Kryptik is oftentimes a generic detection name for a Windows trojan. Some of the malicious activities that could be performed by these samples, without the user's knowledge, include collecting system information, downloading/uploading files and dropping additional samples. | 1ebce373ec8b68159d59828948822ac7 | 747f9d5c6e17e431bbe4d9f3c3d450205d17aeeb 1ebce373ec8b68159d59828948822ac7 6155690a39ca14c04877424c2292c638910cce74e766d55036e6c3f8133f0c8c https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-jts01 | Darkkomet_c3e96c1e | Windows | This strike sends a malware sample known as Darkkomet. DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc. | c3e96c1ee7813a2979285c389c269722 | bb18b7e2d8202a90bd14526bc5f504789f093700 c3e96c1ee7813a2979285c389c269722 725fc28899391ced1970b4caffa22f4b92a636a4a5596c587855f4040f93e557 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-nyj01 | Emotet_2d1f7f0c | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. | 2d1f7f0c5884e31b953353c29e0edc54 | 1f712b5b5291ebcf58dc3192ad24b259e06fba37 2d1f7f0c5884e31b953353c29e0edc54 d77d9f14025de5483c623673b3f5c4bbe8cdd01c55658c25b62970bf1be6a736 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-m8801 | Cerber_6d46312b | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 6d46312b28144112af7239a98b13cdd0 | 98e6d5221cbc33ad2b50d35c723dcb53c1c28332 6d46312b28144112af7239a98b13cdd0 33dcb7c8ce845f1840cb6508a67595d415227babe474eae0f3a06383eab16e63 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-s9501 | Razy_42cd924f | Windows | This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan. | 42cd924fdc6168ac07e6674f8240f81b | c22e53132a4a0b6c496881f9284c3a72e60bfe61 42cd924fdc6168ac07e6674f8240f81b 649e6217744762016fadb2f7f36a654c607ad160d136714946aa6e0478dc7a87 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-vip01 | Razy_4fbd1c06 | Windows | This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan. | 4fbd1c0640b2a4cbee070635a7921f7f | ea0d7c08bb3bee5b971cc8fd194412ec20f39c26 4fbd1c0640b2a4cbee070635a7921f7f 6e01014528a359c81851b2197a4656e13d87b15424dc961cc6d770e4d4c747ee https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-0le01 | Emotet_bf0b98df | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. | bf0b98dfe641080ce0a47e79236fd99e | 82cb3a47fcb87541e11d08507f0bbc09785858d2 bf0b98dfe641080ce0a47e79236fd99e 8b2699e4d5ac77bdd3674321b114c05e674f30979b0f032c53a4fcf5a3b11aa5 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-0xf01 | Ursnif_acf898c7 | Windows | This strike sends a malware sample known as Ursnif. Ursnif is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits. | acf898c7c0d7bfc2aebaaa38148d19e6 | 554d6a490b42316349d6484a0074a512afb9a8d4 acf898c7c0d7bfc2aebaaa38148d19e6 f58c95835e8a08cbef55c00ae86d03399302cdf7d500ab499f312156f275f2f9 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-fq301 | Tovkater_4608e086 | Windows | This strike sends a malware sample known as Tovkater. This malware is able to download and upload files, inject malicious code and install additional malware. | 4608e086942d3d24f262dd614f2b556b | 007717801bcfbf5f2e8eb5f98f2464d19baf0f50 4608e086942d3d24f262dd614f2b556b 1187cf65c782ea451e0a46f8e5ea18f8133cc209d58db1c08793bb086b96df4f https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-bp601 | Uiwix_90abd435 | Windows | This strike sends a malware sample known as Uiwix. Uiwix uses ETERNALBLUE and DOUBLEPULSAR to install ransomware on the infected system. Encrypted file names include "UIWIX" as part of the file extension. Unlike the well-known WannaCry ransomware, Uiwix doesn't "worm itself." It only installs itself on the system. | 90abd43565adc2fb59c0d00d19cb7cf9 | 4a7933491bc6d4368a82c81cb033b088b1f97dee 90abd43565adc2fb59c0d00d19cb7cf9 23e3a6d9ce11a9ceef4f1a0731368a85587d612063d67fb518156fa88e20a277 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-hr001 | Razy_5836031d | Windows | This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan. | 5836031df97646d19d8a012d5bf3a3f3 | b44e4d50b4e4c23ae46ddaf97415f0513faffe1c 5836031df97646d19d8a012d5bf3a3f3 0e390dd0547334471c08c3b8b4e7ec3ad1d8fe4facabdb5df674af76c8e149d0 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-moj01 | Zeroaccess_374e9a68 | Windows | This strike sends a malware sample known as Zeroaccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | 374e9a68a54dd2087c2379793a56bb6a | 9e8fa99c53d8035c14006ba938a76edc3d5f3e2f 374e9a68a54dd2087c2379793a56bb6a 3f057b371908761ce99846fe561f0c86376ee18ad0124fd8e848d7f2862e8c05 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-72l01 | Kovter_06dd79ab | Windows | This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware. | 06dd79ab9763363b287f27e7d99f6cfa | d2ed7f5e4c13339ae58eaadb093ce09f471a65c6 06dd79ab9763363b287f27e7d99f6cfa 0826313d6cdb1c85d39edf77f5faeaff0241f09a8bc6ad8ea4453cab46628dd6 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-0fh01 | Ursnif_6459092d | Windows | This strike sends a malware sample known as Ursnif. Ursnif is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits. | 6459092dbf9b7d3e1110b03fe8a58f2f | e291df0ec9729ee7e46038a03006112efd2aef7a 6459092dbf9b7d3e1110b03fe8a58f2f fb7592a3c2994ba426046328c87f08574c7d367b0c75e206ddfd32cc5d7bfcd0 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-daz01 | Python_79dbb706 | Windows | This strike sends a malware sample known as Python. Win.Malware.Python is a generic name given to malware written in Python and, typically, compiled into a Windows executable using tools like PyInstaller. There are a vast array of supporting libraries, proof-of-concept exploit tools, and example code that makes developing malware in Python easier than with lower-level languages. Examples of functionality commonly seen in this type of malware include the ability to spread laterally by exploiting EternalBlue PoC scripts and file encryption performed by ransomware. | 79dbb706168f4ad089c1b5fc063eb975 | 08b3d52c5545d5f676db99cef9d0d52df257e065 79dbb706168f4ad089c1b5fc063eb975 6859d6615d5de8f981ee996de57b6f2c838420c2b21cf328b8a258a500e2ebc5 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-ofi02 | Razy_dd3ada93 | Windows | This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan. | dd3ada93f5356e7d05d3dc5339423df1 | 7d8f0bd148df73e013a6f8cdea78f65952f3a8d9 dd3ada93f5356e7d05d3dc5339423df1 673e3e8e62b09e39c161091ee70f046c038ba6f24f2a1da135af23bcc1701c20 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-op001 | Razy_cd55bf17 | Windows | This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan. | cd55bf174195ae8d24f1736b6c396120 | c7a0e8d2a361719a84ca1a41ef9a0f749a97629b cd55bf174195ae8d24f1736b6c396120 385f6390936d000f4d9db3e30b117ac382f70f4b7d1f3f4af06808e26683bf3d https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-6r701 | Razy_ed326fca | Windows | This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan. | ed326fca670999b552fd990622877db5 | b81ce8299c2543be68344338a2a890131bd53b31 ed326fca670999b552fd990622877db5 88cb1af973183aa93bf10d74440333b622206be6d0bd77322c6f8689f2cf24ec https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-kx601 | Darkkomet_222a6f3b | Windows | This strike sends a malware sample known as Darkkomet. DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc. | 222a6f3b5eccc960d5d2f260814241fa | a9c93894ee9840772130597ccd3de8ce9b705184 222a6f3b5eccc960d5d2f260814241fa 32f509646e99c7aea9d15d180ec891328fcba9dd156750d370f481dc586d674c https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-jp501 | Razy_3a973b7f | Windows | This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan. | 3a973b7fa61706d49cde23b3b65edeef | 9f36aade45fc0d49f44cb6fc50414f56b856257f 3a973b7fa61706d49cde23b3b65edeef 005055ca28d6866f033aff3753a1ef7c4064b5e094eaa663953407a9b19c6a71 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-0o301 | Kovter_9208e78a | Windows | This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware. | 9208e78a9cea40874cfe0d720ea87ec7 | c964e87b1d776efa9619e172b9a2663ab9ed7158 9208e78a9cea40874cfe0d720ea87ec7 0699fc68be026ed52555783f4ca395dcd68dd93898e9ee1756e0ffe9493c300a https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-yqj01 | Razy_3d206d7b | Windows | This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan. | 3d206d7b1c751cff9201346662195051 | dba22b5a99a93a5d9cd184b95f2cbc976af81da5 3d206d7b1c751cff9201346662195051 087ddce345ea3ed2fed8d02dd466026c0fc0fa5aa7749b392683311fd97a80e2 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-wog01 | Python_f3258165 | Windows | This strike sends a malware sample known as Python. Win.Malware.Python is a generic name given to malware written in Python and, typically, compiled into a Windows executable using tools like PyInstaller. There are a vast array of supporting libraries, proof-of-concept exploit tools, and example code that makes developing malware in Python easier than with lower-level languages. Examples of functionality commonly seen in this type of malware include the ability to spread laterally by exploiting EternalBlue PoC scripts and file encryption performed by ransomware. | f32581650eaf620bffa409baaaa4beb1 | 130912a7b193926a10726d9b9999487aecbfb0f4 f32581650eaf620bffa409baaaa4beb1 619b34db1e2b672ab7709c581a43ecc902b4f36fc817c007cd557b75d7dc67bf https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-r1a01 | Zeroaccess_a7ad872a | Windows | This strike sends a malware sample known as Zeroaccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | a7ad872a8a4d6b926eea2d132527ebbb | 38a262c700554815de813b20a8ae624199d87b09 a7ad872a8a4d6b926eea2d132527ebbb 8ad48911e8594b3530022ae45fbe12e40438c71cca38d2a7e85a8d3efd220180 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-8l001 | Razy_73f07d94 | Windows | This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan. | 73f07d94b2deae4a0a3f3d99feafcf08 | 514912d5bd7d19160a31f79cf459465431915aeb 73f07d94b2deae4a0a3f3d99feafcf08 401b399a3aa67d42306ce7291299b7f25a24345a980a7bd719c96a6834b9bf48 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-5mu01 | Uiwix_9bd0475f | Windows | This strike sends a malware sample known as Uiwix. Uiwix uses ETERNALBLUE and DOUBLEPULSAR to install ransomware on the infected system. Encrypted file names include "UIWIX" as part of the file extension. Unlike the well-known WannaCry ransomware, Uiwix doesn't "worm itself." It only installs itself on the system. | 9bd0475f6934e6d002235fa38c0da8b0 | be1646905e773b853d9e18526f155649a34b405c 9bd0475f6934e6d002235fa38c0da8b0 5a831048eaeed5fa07ae830ebe1ac176cdffd0764a978c89228f45125a8c07c3 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-gs501 | Nymaim_13350a4e | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | 13350a4e74d46cad39bcec520bcc5336 | b4f2f6c817874e94ce51090ff5049b26f33f4d03 13350a4e74d46cad39bcec520bcc5336 0a79d985e81449aeabc401545955323e3d9fa0951a6fabe8727370679cee362c https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-ffr01 | Zeroaccess_f72f7148 | Windows | This strike sends a malware sample known as Zeroaccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | f72f71486b4e6d8245275601514b8b5b | 8cf25c9327c3ec7d5077b6e0e4e909b8e2cbb393 f72f71486b4e6d8245275601514b8b5b 7f5b069015e694544a2a693ddc7815c82c9ac6ec0d523ae9ed06d77b78965be4 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-nfa01 | Emotet_df525e7c | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. | df525e7c8f158f42f767f95282d6125e | 5e1d781338282e5f844f262cbeefe262cfe18a09 df525e7c8f158f42f767f95282d6125e e63d957b42d76bc73d03a937d1e2267e4f92c0d9ac0b678124785ea14ce9b991 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-yzx01 | Fareit_4736072e | Windows | This strike sends a malware sample known as Fareit. The Fareit trojan is primarily an information stealer that downloads and installs other malware. | 4736072ee57c1ec2178b932126c756c7 | 00f18515c0e2fdcd05b9fdf89c4a90dae548a300 4736072ee57c1ec2178b932126c756c7 71795cda989e98003d22a59a88951ce0c2b1dd472b5c1bea4f79f03e0f22747c https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-8jn01 | Razy_8eedfeed | Windows | This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan. | 8eedfeedacf985bd269e353fe962ea17 | 059e3b7dd98f5c411cc407d2973d5c9c32aafb7f 8eedfeedacf985bd269e353fe962ea17 6aad36b27c188e73090f3b79352750489a1dce20f5396e63b2af3e998eba0f0a https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-bxx01 | Uiwix_c589cd59 | Windows | This strike sends a malware sample known as Uiwix. Uiwix uses ETERNALBLUE and DOUBLEPULSAR to install ransomware on the infected system. Encrypted file names include "UIWIX" as part of the file extension. Unlike the well-known WannaCry ransomware, Uiwix doesn't "worm itself." It only installs itself on the system. | c589cd59723e4c9d95b990107c81eab3 | 1d0da93fe7191ac158e4485e757bd31bdc3be7fa c589cd59723e4c9d95b990107c81eab3 0fa0b6d80e850f42f7d17681b2ff2147694053aa4680ddfcf632ee89d183a6fc https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-5f801 | Razy_a439c3a2 | Windows | This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan. | a439c3a267d7598a4f4dc0e9445c6052 | fb8b1e612dfa47c27d5440cd5ca07df9549b66b6 a439c3a267d7598a4f4dc0e9445c6052 10435b4efc8049d260d4b36673f7d656b9fa7163d00840acd0860175e2a79f47 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-k8701 | Razy_087fb507 | Windows | This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan. | 087fb5074b6787a9578c174ba74d8423 | d4b5db6e9f4b7918a31a31e4dd735c3c44ac1bb7 087fb5074b6787a9578c174ba74d8423 3afec20c013fca0abef646a7a6f0f5cdd3826541587cfd93c25033a35e588cb2 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-7f101 | Python_3e002182 | Windows | This strike sends a malware sample known as Python. Win.Malware.Python is a generic name given to malware written in Python and, typically, compiled into a Windows executable using tools like PyInstaller. There are a vast array of supporting libraries, proof-of-concept exploit tools, and example code that makes developing malware in Python easier than with lower-level languages. Examples of functionality commonly seen in this type of malware include the ability to spread laterally by exploiting EternalBlue PoC scripts and file encryption performed by ransomware. | 3e0021822c051f7be68e19d85516ee1b | 037b5ba9313755ffe0e7a8c54ea03e81179512d9 3e0021822c051f7be68e19d85516ee1b 30117d30a63aaf64648199e3874762f0a31d1c45f35ff73820d3bb65827dbc89 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-fhi01 | Kryptik_7724d46a | Windows | This strike sends a malware sample known as Kryptik. Kryptik is oftentimes a generic detection name for a Windows trojan. Some of the malicious activities that could be performed by these samples, without the user's knowledge, include collecting system information, downloading/uploading files and dropping additional samples. | 7724d46a63995d14379bc5cd41b6658d | 0950575ff0be19f075347ab02db4b5f903083555 7724d46a63995d14379bc5cd41b6658d 06aa0afbdfa537fa2a213bc400553e62935911ff40b2e899c839109b3aa76343 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-8m501 | Nymaim_5bd09f09 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | 5bd09f09ef6761791f0ba529d38fb229 | b99a74418e2311539bfc708daa7798e5161d1da3 5bd09f09ef6761791f0ba529d38fb229 2f017b1f3b3d430266be3da2be7b050dad8d2bbdfe457d6d053f2ca312c90691 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-5c601 | Razy_edad5154 | Windows | This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan. | edad51546537178d4ff6e9aeecf11cb0 | 3d5a76b4ee63ab110b4b5fc3182a9e8f4d516458 edad51546537178d4ff6e9aeecf11cb0 3dede5abeacdabc758f70beef2984ac184bbec3112be97e891bb64abb2981373 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-n6p01 | Razy_a61f35c1 | Windows | This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan. | a61f35c1a1224b4e25aa7c1dc891d671 | 169b03465f05f7943b2cdcf86e313964abce68c4 a61f35c1a1224b4e25aa7c1dc891d671 02b5f67a3eba31421dc595a7efed8e04834e9f0121c8bcd0186e99dba9781171 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-zv901 | Razy_d59584ae | Windows | This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan. | d59584ae7ea10b679362f0684ad63f55 | 9a9c98d9a831578ce7a4a58117731ca4f80d4976 d59584ae7ea10b679362f0684ad63f55 8ae8d944960e54c7a833875f71bdae6243e7fa380ae3fd8176b07cb7d7819508 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-wyo01 | Ursnif_7b9dfeb0 | Windows | This strike sends a malware sample known as Ursnif. Ursnif is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits. | 7b9dfeb0fe71080a1ea890acced3f13f | 7f3d54d131f2aa15b50d128f29376e4124d5c4f9 7b9dfeb0fe71080a1ea890acced3f13f 6c29026c61c2bcf1502ffa77b56d2b41504598e6b660cb4f4aadeef547248861 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-t5t01 | Razy_9548aebc | Windows | This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan. | 9548aebc729deb85c9308460790948d6 | fb3768cdbc25f7c067c3cfc46b10e1e3a20ab24e 9548aebc729deb85c9308460790948d6 52c90c5917cb1c6955f68c5b03e448b976ec3f1c258eb6039c5da399b2fd41db https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-ijk01 | Emotet_97f27561 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. | 97f27561bb754a980092ee052da3802d | 88ba517e5685d1f5b0ece89226e391dfceb6cfe7 97f27561bb754a980092ee052da3802d 8196fe92cc4b2a674b7014b4505ba3339e8ad36a004d03d77b125e1f9aec76ad https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-7cr01 | Razy_ff3a2345 | Windows | This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan. | ff3a2345f0dd194189b7d81a117e0a41 | 2cf31f7a5fa1010f0e53677463a93775620c868e ff3a2345f0dd194189b7d81a117e0a41 69d9d27ab1c802cd322c1b7795bda4de65cc7447982076f1e2d6873a8423d57f https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-tvn01 | Python_950096ab | Windows | This strike sends a malware sample known as Python. Win.Malware.Python is a generic name given to malware written in Python and, typically, compiled into a Windows executable using tools like PyInstaller. There are a vast array of supporting libraries, proof-of-concept exploit tools, and example code that makes developing malware in Python easier than with lower-level languages. Examples of functionality commonly seen in this type of malware include the ability to spread laterally by exploiting EternalBlue PoC scripts and file encryption performed by ransomware. | 950096ab4b10fb8277e5f5a3c4e32c1e | 066cee03e4903c91c2beac8b694fe27444bab0d5 950096ab4b10fb8277e5f5a3c4e32c1e 693df72f101e68cb4a19a921c89301779552e4215830498bc8b5c7843e35e5e2 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-ups01 | Fareit_03319c7a | Windows | This strike sends a malware sample known as Fareit. The Fareit trojan is primarily an information stealer that downloads and installs other malware. | 03319c7afa8133c73c3396b096fa3004 | 2e6fbf10a2ffb74a246ca90ce2c1da2105917dc9 03319c7afa8133c73c3396b096fa3004 17537f41d384c9a3fe385e6ec51feacf23dcab755b26e274bddcb25ad51f3b20 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-ezu01 | Zeroaccess_515b2970 | Windows | This strike sends a malware sample known as Zeroaccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | 515b2970a00eafcbe00313ff63e7b9ca | ad9fdf5a4bd6be92e078910723526abcdfcc12f0 515b2970a00eafcbe00313ff63e7b9ca 539975f3e33f6b41f3038ed1101633ce5635004bce96ca7764c19a79fb4f83ca https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-u2h01 | Kovter_c2fea59d | Windows | This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware. | c2fea59d79ebc65e8790c1f4fd275d5c | 185ae066287d618cc97121d8b7b1c0e7f8a3e652 c2fea59d79ebc65e8790c1f4fd275d5c 2e7aa46acaacad3f7e1675d3090ae7669efcffb91beb976cdf93d69782fe5453 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-29701 | Zeroaccess_1619309f | Windows | This strike sends a malware sample known as Zeroaccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | 1619309ffa4fa0ae38abdbf1eb19183d | 1d8349df6e47582427b342764e24e7d9e3196508 1619309ffa4fa0ae38abdbf1eb19183d 751ac2eb414eba0c3f93245c865f2162e328c461c5c844271ffb299df5d1e4df https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-req01 | Kovter_7d708fd7 | Windows | This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware. | 7d708fd7e7b37d2d3c1a5508864d4236 | 24a01f11b28700e3eb6ee509e20cf7df3e741419 7d708fd7e7b37d2d3c1a5508864d4236 06a3a8ebf6965042378a003857434f775a014293830a3d02d468b02b02f13329 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-4qo01 | Emotet_0db30c2f | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. | 0db30c2ff992d455e3fc0d0242160930 | 977a6e2d925c7de37a3060478bc856428e72e327 0db30c2ff992d455e3fc0d0242160930 5550f5e1a7f27b537a1de8c945877755f8a89c28376c12ed2a635a6cc6f375b3 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-3xd01 | Tovkater_31c56c8f | Windows | This strike sends a malware sample known as Tovkater. This malware is able to download and upload files, inject malicious code and install additional malware. | 31c56c8f0f742cba48f81f4c0c41b325 | 00a90ebbc4a5a5053de536d1248cc024f3476bae 31c56c8f0f742cba48f81f4c0c41b325 0d806734aacf391b1c304155e8f186d7c354c46d08b5f2cb70c2a6029dba2e0e https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-cbi01 | Tovkater_a331fe87 | Windows | This strike sends a malware sample known as Tovkater. This malware is able to download and upload files, inject malicious code and install additional malware. | a331fe876336149a6dbdf7b2d7d64aee | 009d269ff4f867d265ed8ec3ebc23647fc15090c a331fe876336149a6dbdf7b2d7d64aee 0b1c46b5535b4fc30fd8d813255220d3715d0bd7623e094e684af13a1c12f579 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-q3001 | Python_3ff2ebc8 | Windows | This strike sends a malware sample known as Python. Win.Malware.Python is a generic name given to malware written in Python and, typically, compiled into a Windows executable using tools like PyInstaller. There are a vast array of supporting libraries, proof-of-concept exploit tools, and example code that makes developing malware in Python easier than with lower-level languages. Examples of functionality commonly seen in this type of malware include the ability to spread laterally by exploiting EternalBlue PoC scripts and file encryption performed by ransomware. | 3ff2ebc8d321119d2592749e01e1359d | 0cec43f3e855be9de6098c8dc330d702bef47ad8 3ff2ebc8d321119d2592749e01e1359d 7149016c8e6cdeb9494dea17b743b298d12adbc35c77dcf7bc0a1e12f8ddea2d https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-y7601 | Kovter_9396fb2b | Windows | This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware. | 9396fb2be9f28d651bde75a983ebe78e | 1b4c8cb31769e3747176286ed62cb860ac4a4b08 9396fb2be9f28d651bde75a983ebe78e 2adfbe4ebd34d062e774d20d300e80ec31cdf4d59b018be2a45e644341c55f97 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-6xl01 | Ursnif_4a6c1946 | Windows | This strike sends a malware sample known as Ursnif. Ursnif is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits. | 4a6c19464f5da069f9678edb8046e447 | d0c08ae6dac3b2a6776800bbedc795f1f4094c13 4a6c19464f5da069f9678edb8046e447 f5e3128f71497dd5ee29c05296c3815466fd2eacc714ce914771d0ede672639c https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-zda01 | Zeroaccess_34786dd5 | Windows | This strike sends a malware sample known as Zeroaccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | 34786dd58996456582e6570367917ba9 | d28a8c34a623ff42b523e17c24df9ac8b379aa2e 34786dd58996456582e6570367917ba9 43726985501f447b624194119724d9bf9673a6ec4a9b4d4367d8157569f5dc7f https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-jvb01 | Zeroaccess_c784c58e | Windows | This strike sends a malware sample known as Zeroaccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | c784c58e7581f070528ad551451435d7 | 89d5ea84034ccd09016d09810a5d9ece59ee31c5 c784c58e7581f070528ad551451435d7 243c7f05dc3569c907f03ed8a84d215ff9aa72c83cf3a2204d60e82c66d9aaff https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-hoc01 | Powload_7a45179f | Mixed | This strike sends a malware sample known as Powload. Powload is a malicious document that uses PowerShell to download malware. This campaign is currently distributing Emotet malware. | 7a45179fe770cfbf71c58aae6ceb4870 | 7219a4898fda869b3ccfc8bd3cc3ea9ec62a4b53 7a45179fe770cfbf71c58aae6ceb4870 35965e3b9cff6a78e1331ed07f5e327a91301b5b023b20fb0c107bc3574b3a08 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-gdp01 | Python_d2a4ebb1 | Windows | This strike sends a malware sample known as Python. Win.Malware.Python is a generic name given to malware written in Python and, typically, compiled into a Windows executable using tools like PyInstaller. There are a vast array of supporting libraries, proof-of-concept exploit tools, and example code that makes developing malware in Python easier than with lower-level languages. Examples of functionality commonly seen in this type of malware include the ability to spread laterally by exploiting EternalBlue PoC scripts and file encryption performed by ransomware. | d2a4ebb161bc445bc544a255467af1be | 0dfc3b38e95d51785eb3092cd846b5a38e44c299 d2a4ebb161bc445bc544a255467af1be 763571d4fc7e3d4738941599d41a665bcb859c0180de80ac99765edbe47f93a9 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-uh701 | Emotet_1128a63a | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. | 1128a63a656f869493d7a6235b0c1be6 | 23514898fb7bdbf15e54358ecc7c1a1596e06082 1128a63a656f869493d7a6235b0c1be6 f00a7ca48e367919a09a255d040f3321e3a189ecf7533b0233b3299c9f61f207 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-3ys01 | Emotet_a18d26f9 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. | a18d26f9a51d68ecbd4c0a6fc7392c14 | 381645e594573a6895c0cf0afc534753b5ae3428 a18d26f9a51d68ecbd4c0a6fc7392c14 f88c591028ab0a8084ae15fdeee2afcc87be6980198d9c0ff863e9ac4c5a807f https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-9jz01 | Uiwix_83a32a36 | Windows | This strike sends a malware sample known as Uiwix. Uiwix uses ETERNALBLUE and DOUBLEPULSAR to install ransomware on the infected system. Encrypted file names include "UIWIX" as part of the file extension. Unlike the well-known WannaCry ransomware, Uiwix doesn't "worm itself." It only installs itself on the system. | 83a32a368b9629c82d9a2475a27369b1 | f3a7cad08df0218779a60a01c10a81d23b1968c9 83a32a368b9629c82d9a2475a27369b1 229ab5a9502a4f9efaf6b1ae193d49cd529479e4adf0475caa80f0086dd20c31 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-q9j01 | Uiwix_4f35b587 | Windows | This strike sends a malware sample known as Uiwix. Uiwix uses ETERNALBLUE and DOUBLEPULSAR to install ransomware on the infected system. Encrypted file names include "UIWIX" as part of the file extension. Unlike the well-known WannaCry ransomware, Uiwix doesn't "worm itself." It only installs itself on the system. | 4f35b58787bb77ddc6787ae3b4a94fe3 | a93015292197a0258850697b588edcf06a8cf1c3 4f35b58787bb77ddc6787ae3b4a94fe3 00e8030802e8f6b32c9e9b5167ba6854797af91947d605889b5dba3b2a29b74e https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-j1201 | Darkkomet_03d65a76 | Windows | This strike sends a malware sample known as Darkkomet. DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc. | 03d65a76477efd5b4409ccc0cfb4b02f | 8f8c9b6f25075dbae1edfebbcaffa2fa0cf38759 03d65a76477efd5b4409ccc0cfb4b02f 28b4c182eede85890244ea0678da95e9744cdf175dd8748e257064e6e867824d https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-mgp01 | Powload_6d0a7ffa | Mixed | This strike sends a malware sample known as Powload. Powload is a malicious document that uses PowerShell to download malware. This campaign is currently distributing Emotet malware. | 6d0a7ffa6dcc188af8065cfe0ab85d1f | 249b4b38b95296690a6c529bd212ca9900348691 6d0a7ffa6dcc188af8065cfe0ab85d1f 3537f5cfc0ad20b8061b67f82dc43a7ac1856391bece8158023fcc3d6699f75a https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-qzd01 | Razy_60921321 | Windows | This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan. | 6092132145e35e86b0cf4aef3ef4b516 | 294f735e724803b2fe0c847d071669ed626f37a0 6092132145e35e86b0cf4aef3ef4b516 1dd13f0648a70754c883c6262c3633c19aeffa4e3558f0f16da78fc796a76cf1 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-w3s01 | Ursnif_1b923bf3 | Windows | This strike sends a malware sample known as Ursnif. Ursnif is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits. | 1b923bf3883d5aa440a66cdda91c5ae3 | ad20fedea39fd20795ce472b45a846f39c6c6739 1b923bf3883d5aa440a66cdda91c5ae3 fb76a896e5ead6658b589c20e715fe18ffec03b9f57f895e14a0d43574de71e3 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-3pd01 | Razy_a3592df5 | Windows | This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan. | a3592df551d9794d5eea39132a6630d5 | 70460d4c3151a9c7689be4baba50d6eefbbc887b a3592df551d9794d5eea39132a6630d5 581d9e271871b1948191755bc99e2e9ec5346408f39613aec5c3b1e52d0449bd https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-z8p01 | Kryptik_152687b1 | Windows | This strike sends a malware sample known as Kryptik. Kryptik is oftentimes a generic detection name for a Windows trojan. Some of the malicious activities that could be performed by these samples, without the user's knowledge, include collecting system information, downloading/uploading files and dropping additional samples. | 152687b1300dc1903fa7d1230accc9bd | 75deeb620221ef799016d6325f7eebadc4719555 152687b1300dc1903fa7d1230accc9bd 310433c733a765de4ebad4517cc227c0aa326bd496e9a0971a2c5fb2cc080e05 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-m4301 | Powload_e6db9432 | Mixed | This strike sends a malware sample known as Powload. Powload is a malicious document that uses PowerShell to download malware. This campaign is currently distributing Emotet malware. | e6db9432cf68c8540c972ace1758a661 | c6f014d5f3b69a053591573a93c9ad92b903b7bb e6db9432cf68c8540c972ace1758a661 325701284bf17203d71a9c5b4d46e4f7b651164ab92c643fe64a3e3bc2844dad https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-qg501 | Qakbot_1dee8cfd | Windows | This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 1dee8cfd1446499bf96f5a0c7e3fcdbc | d3af6ae34a751155e293a4662d9ca7a7464816a2 1dee8cfd1446499bf96f5a0c7e3fcdbc 04a19e4e2d700292ba4ce5659e97413112bd079dacdbaf8a2387e6f6559dcba3 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-pes01 | Zeroaccess_c41d4a7c | Windows | This strike sends a malware sample known as Zeroaccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | c41d4a7c223c4803be49a48eda8a429a | e47813821443bbe2c39dd579b874351d53b621a4 c41d4a7c223c4803be49a48eda8a429a 3a9fc763818d743f0b87fffc92d2fd29f6e76f182142a43a6b65c9d12dd3efd4 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-ix701 | Emotet_a9e0792b | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. | a9e0792b62aedc3bf07e2ffc5af01823 | 3b9666d69647553297e37f2914536925d9107166 a9e0792b62aedc3bf07e2ffc5af01823 f1e2beb854ed706d5837ebb789373b83ff0a658f717173227f02bcb4e40ad1b8 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-1m501 | Razy_6a6be97c | Windows | This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan. | 6a6be97c749b93ded61b5f93ff3ea7a0 | 21fc2c400acad56a720f7fd8ff3ec099b5f535b1 6a6be97c749b93ded61b5f93ff3ea7a0 69c3c4ee664fc814ef070ae902ebaa305eda6ffd23a10e5b97afe49c1300ebff https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-inu01 | Uiwix_a9ff2658 | Windows | This strike sends a malware sample known as Uiwix. Uiwix uses ETERNALBLUE and DOUBLEPULSAR to install ransomware on the infected system. Encrypted file names include "UIWIX" as part of the file extension. Unlike the well-known WannaCry ransomware, Uiwix doesn't "worm itself." It only installs itself on the system. | a9ff2658eeab4abdded9be16d597a9a3 | d797f447104810d4fd21289a3aa9e46b29d38416 a9ff2658eeab4abdded9be16d597a9a3 16488c72a0c92c8a72dc78ee9d52cfc4ebf8a6392d9f91f2c966fc99abe05a03 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-yny01 | Ursnif_b7c11343 | Windows | This strike sends a malware sample known as Ursnif. Ursnif is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits. | b7c11343d822cd61de8e7a4ce4e05c3a | af18e05dcf1436b5bbf2a5237fa4ca4fdd7f6a2f b7c11343d822cd61de8e7a4ce4e05c3a 8df6c10dd50118b2fc7bd380d0423ad0d7a36630f2f6be81fe508eb0b7d409cb https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-03s01 | Zeroaccess_190ae55d | Windows | This strike sends a malware sample known as Zeroaccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | 190ae55de09b24c97c55def9ae4d1122 | f66c17bc3bed94dd163114c84d855e11a8b97a6a 190ae55de09b24c97c55def9ae4d1122 4623e1ce31a8671e59640e83fc545a5f19e167c31cfc6e8d097864c7a4c27859 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-33v01 | Ursnif_df2a96d9 | Windows | This strike sends a malware sample known as Ursnif. Ursnif is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits. | df2a96d944e8d0ffc0fa0fbe7536e62d | 81ac4f14451435fa10bb647cb0624a302c6e18d4 df2a96d944e8d0ffc0fa0fbe7536e62d 8cc7ec0c3662c3e68a0063f9aa37943eb83ac6cd472a76f9f047e0fad21f9875 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-5vy01 | Cerber_81e2231b | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 81e2231bc1d3b2bd9ba1495a48274ebb | 9d71759f415074dbe60159ee16cfa8d94a896da9 81e2231bc1d3b2bd9ba1495a48274ebb 276438f97b45ccd5ff93586ae0adfa3c4e4ba92f1adc87fca607eb6d6bd17919 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-ofi01 | Cerber_8ff693ee | Windows | This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 8ff693ee3b651c7b133ca95d4f3ef3e7 | 511d7862380f0bfb480901f8980af9df0a0eb9a8 8ff693ee3b651c7b133ca95d4f3ef3e7 17f6fab817ae1a1ac4478c121c3dcfed044924ba4beac8cae734cd14d453596b https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-3fv01 | Darkkomet_3099504a | Windows | This strike sends a malware sample known as Darkkomet. DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc. | 3099504a22ef9393a05652a15e2f10be | d5cd4f46ac03ae26ed4a6b9caf1fc184061e11f9 3099504a22ef9393a05652a15e2f10be a3117c0c2a3d2bbe0bb4bdf2ee37d3bd461c3116ff018277c70aad51498552d5 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-5nf01 | Nymaim_25a26d95 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | 25a26d952c0676ce9c32640003135d78 | a247f679cba8b3973ff312366365cdaf6108cd77 25a26d952c0676ce9c32640003135d78 2d7e1dee56892ffe3fa7b85e33ef512e8017ce690a1118ad743736ba03c70c29 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-cmd01 | Python_229b3e3a | Windows | This strike sends a malware sample known as Python. Win.Malware.Python is a generic name given to malware written in Python and, typically, compiled into a Windows executable using tools like PyInstaller. There are a vast array of supporting libraries, proof-of-concept exploit tools, and example code that makes developing malware in Python easier than with lower-level languages. Examples of functionality commonly seen in this type of malware include the ability to spread laterally by exploiting EternalBlue PoC scripts and file encryption performed by ransomware. | 229b3e3a5d40fd860b784bb3447e1aad | 13293611dd4d8f92dcd7c3181002a688bff5bcfd 229b3e3a5d40fd860b784bb3447e1aad 6059747fb8a2c5429313d835f610d9c4a6965c5f63719c694ba20533450da3f7 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-1pp01 | Python_ce0403f6 | Windows | This strike sends a malware sample known as Python. Win.Malware.Python is a generic name given to malware written in Python and, typically, compiled into a Windows executable using tools like PyInstaller. There are a vast array of supporting libraries, proof-of-concept exploit tools, and example code that makes developing malware in Python easier than with lower-level languages. Examples of functionality commonly seen in this type of malware include the ability to spread laterally by exploiting EternalBlue PoC scripts and file encryption performed by ransomware. | ce0403f64ec4c4a88b5434b41c83c1ff | 06bfba925ec303824cc669f5c0ba34d8e7454f70 ce0403f64ec4c4a88b5434b41c83c1ff 79582a03488d2c8a1a14ce512034f65727e4a921f7420e18078d92bf1dd085ac https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-u2y01 | Zeroaccess_8c29d173 | Windows | This strike sends a malware sample known as Zeroaccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns. | 8c29d17395b6ae359a9fc9d685d24b63 | 8efb85847d689c6b8f03e63709e6dd7c9e9a56ea 8c29d17395b6ae359a9fc9d685d24b63 61baf3c68654787eab765e7361c07270cac1b7041a07062dff7485aa860fc4b5 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-ght01 | Razy_04336b4b | Windows | This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan. | 04336b4b39ade88f01074432c7f2f69b | 8e5dc40c979348f5e82a75d1669d7d45d8418bd3 04336b4b39ade88f01074432c7f2f69b 3f61be1a4bcb773c48a6dc7ed489838796a6b512bc14a517a667fb28a2a8e3ee https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-6ff01 | Powload_e90a1f67 | Mixed | This strike sends a malware sample known as Powload. Powload is a malicious document that uses PowerShell to download malware. This campaign is currently distributing Emotet malware. | e90a1f67c7d63d686f560ab1c7abb8f7 | 09594c1004fc235a2cf2820563bce31fe0ddf824 e90a1f67c7d63d686f560ab1c7abb8f7 3889458cad2eccfcd7f8ec5c842dd30edec24f36a37abde0e9359dd7117524e7 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-x5b01 | Nymaim_8e9310d4 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | 8e9310d4d746714dbe8771f197e6fa06 | 2b75a0a537b3750580be5011717559e108226851 8e9310d4d746714dbe8771f197e6fa06 33c2883874a24e9abbd993f5d06b8596483d33a388b4832f7e8ed3585dab0f80 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-evo01 | Python_39b5a134 | Windows | This strike sends a malware sample known as Python. Win.Malware.Python is a generic name given to malware written in Python and, typically, compiled into a Windows executable using tools like PyInstaller. There are a vast array of supporting libraries, proof-of-concept exploit tools, and example code that makes developing malware in Python easier than with lower-level languages. Examples of functionality commonly seen in this type of malware include the ability to spread laterally by exploiting EternalBlue PoC scripts and file encryption performed by ransomware. | 39b5a134215bed5e24d88c1826afcb2c | 0c662d24e1bba1a7d4a800ea81a361281f2ee14b 39b5a134215bed5e24d88c1826afcb2c 6a2a3089e6adf58b64a3800b94bc53d0e2b6b05a21aa6127ce57620268b49f08 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-lrj01 | Python_a48bb00f | Windows | This strike sends a malware sample known as Python. Win.Malware.Python is a generic name given to malware written in Python and, typically, compiled into a Windows executable using tools like PyInstaller. There are a vast array of supporting libraries, proof-of-concept exploit tools, and example code that makes developing malware in Python easier than with lower-level languages. Examples of functionality commonly seen in this type of malware include the ability to spread laterally by exploiting EternalBlue PoC scripts and file encryption performed by ransomware. | a48bb00ff973fbacaee02fe17c922bc6 | 055d3edbd5518c0ad613801a811b8f17460c93ab a48bb00ff973fbacaee02fe17c922bc6 4af89e0f76d112342c2ac7e5cd3696974027a5c771fb4655faa78fefae4774e8 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-rf801 | Python_27a0dfa4 | Windows | This strike sends a malware sample known as Python. Win.Malware.Python is a generic name given to malware written in Python and, typically, compiled into a Windows executable using tools like PyInstaller. There are a vast array of supporting libraries, proof-of-concept exploit tools, and example code that makes developing malware in Python easier than with lower-level languages. Examples of functionality commonly seen in this type of malware include the ability to spread laterally by exploiting EternalBlue PoC scripts and file encryption performed by ransomware. | 27a0dfa4c4481c8052b6addde6ed8210 | 03b351e16ec2fae9e1a2643fa975389ebb170aff 27a0dfa4c4481c8052b6addde6ed8210 7246bf9b6fdb3b49ce33ff7b0a3f2bae33eb1e0301db635ccb74608313c719e1 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-egv01 | ELECTRICFISH_8d9123cd | Windows | This strike sends a malware sample known as ELECTRICFISH. Once a connection is established between a source IP address and a destination IP address, the ELECTRICFISH malware can funnel Internet traffic between the two machines allowing the malicious actors to funnel the information collected from compromised computers to servers that they control. | 8d9123cd2648020292b5c35edc9ae22e | 0939363ff55d914e92635e5f693099fb28047602 8d9123cd2648020292b5c35edc9ae22e a1260fd3e9221d1bc5b9ece6e7a5a98669c79e124453f2ac58625085759ed3bb https://www.us-cert.gov/ncas/analysis-reports/AR19-129A |
| M19-w7d01 | Razy_a0a47c93 | Windows | This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan. | a0a47c93202b05407474ac4b3a4bb528 | 3bb418f36fb062372e0940f357a514539c0eb5a1 a0a47c93202b05407474ac4b3a4bb528 897b0a510174cbc4757982703e42a0c14c4bdba0e6bf77db5a6f94a3c2651f3a https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| M19-0hk01 | Python_182ec0a9 | Windows | This strike sends a malware sample known as Python. Win.Malware.Python is a generic name given to malware written in Python and, typically, compiled into a Windows executable using tools like PyInstaller. There are a vast array of supporting libraries, proof-of-concept exploit tools, and example code that makes developing malware in Python easier than with lower-level languages. Examples of functionality commonly seen in this type of malware include the ability to spread laterally by exploiting EternalBlue PoC scripts and file encryption performed by ransomware. | 182ec0a9f7a9dcfc12be894cadd7c87a | 034c32597b7705371c2a706d5b0e438a05ecbacd 182ec0a9f7a9dcfc12be894cadd7c87a 5304995ff9b9ca3d6f597fc2eb1e456125eb5c42dc42df234173e47184df71f2 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-mhx01 | Emotet_4838bb73 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. | 4838bb7328c600e3026ef40c30af19a2 | 9dcfd56020848e75d2ea0ef5daffa76516f4b242 4838bb7328c600e3026ef40c30af19a2 20c8e37dd60b38bbc9af1f55478e1d7618131bcc5bf383378a2bf00c6ffc1a08 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-xu301 | Python_d4a5e075 | Windows | This strike sends a malware sample known as Python. Win.Malware.Python is a generic name given to malware written in Python and, typically, compiled into a Windows executable using tools like PyInstaller. There are a vast array of supporting libraries, proof-of-concept exploit tools, and example code that makes developing malware in Python easier than with lower-level languages. Examples of functionality commonly seen in this type of malware include the ability to spread laterally by exploiting EternalBlue PoC scripts and file encryption performed by ransomware. | d4a5e07558db8d8eb6f5d0714bd80b73 | 04e33a409223b3971faf8578f1c4abfeed657329 d4a5e07558db8d8eb6f5d0714bd80b73 7895313b35d27c7d5bc0fca556736f63e800e99feb6dcde910c76c743d4634ac https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html |
| M19-puu01 | Qakbot_d0ca6ca4 | Windows | This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | d0ca6ca4dc68d3443d759909ae4d1e50 | f7c56452dce88077a2411cb5b33519465430fd6a d0ca6ca4dc68d3443d759909ae4d1e50 1b0573fb381b291b12cf7db4bfb6deb78e688c9c3076908e8581199169b8514a https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html |
| Strike ID | Malware | Platform | Info | MD5 | External References |
|---|---|---|---|---|---|
| M19-o0c01 | Zbot_c36c5d76 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is a trojan that steals information such as banking credentials using a variety of methods, including key-logging and form-grabbing. | c36c5d767ef3777100dafc75b85b18af | 000e0a94533d2a368d5a979b13a54a118a5d878a c36c5d767ef3777100dafc75b85b18af 4e90c6ace53e3278aec3df081252e46b6d6f32e3786c862895fc724595bdfd09 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-xe301 | Vobfus_27ef7e4e | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | 27ef7e4e2244c122f6572dd45a1e4ba1 | 56843e4ef6ddb1ea71dc2c0bf44004b957220de9 27ef7e4e2244c122f6572dd45a1e4ba1 689860f079fe900589e3c70af6932587b44135439b48cde5462537008a9537f4 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-dam01 | Autoit_18ed2229 | Windows | This strike sends a malware sample known as Autoit. Autoit is a malware family leveraging the well-known AutoIT automation tool, widely used by system administrators. AutoIT exposes a rich scripting language that allows to write fully functional malicious software. This family will install itself on the system and contact a C2 server to receive additional instructions. | 18ed22298db0ea25502314c28d4edf47 | 93d0b91e1b602f8272584473287c460a535ce57b 18ed22298db0ea25502314c28d4edf47 31cdf98e7e648986edabcbf58a70030ff882d2ec08106440b2b97b7d17d890f5 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-ch501 | Autoit_a63ffd44 | Windows | This strike sends a malware sample known as Autoit. Autoit is a malware family leveraging the well-known AutoIT automation tool, widely used by system administrators. AutoIT exposes a rich scripting language that allows to write fully functional malicious software. This family will install itself on the system and contact a C2 server to receive additional instructions. | a63ffd44a8ddfd6421df74763e7decc7 | 408860425689bf75fcf1f022818ad7f90ae1f270 a63ffd44a8ddfd6421df74763e7decc7 1f450f566e7896c60524017d006bb01902e854371313abb8d8f62038de2ecc7b https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-xfl01 | Autoit_76637527 | Windows | This strike sends a malware sample known as Autoit. Autoit is a malware family leveraging the well-known AutoIT automation tool, widely used by system administrators. AutoIT exposes a rich scripting language that allows to write fully functional malicious software. This family will install itself on the system and contact a C2 server to receive additional instructions. | 76637527982cce2fb26f5840d39b1451 | ae3712c42aa569851d8675e501cc4832308b0c66 76637527982cce2fb26f5840d39b1451 8616e952c063ad624242745f595803a39931e134bd319b57cc36251e73aad3cb https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-0p101 | Barys_17079429 | Windows | This strike sends a malware sample known as Barys. This is a trojan and downloader that allows malicious actors to upload files to a victim's computer. | 1707942933406f3f64f6b3baf81e439b | db8589160d982f6e8537a8d586e3496478500d2b 1707942933406f3f64f6b3baf81e439b 0869ac4f786a1f544abdab137e4470e008b50ae49e740f4137d2457805e4ded4 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-e2301 | Zbot_339c1efe | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is a trojan that steals information such as banking credentials using a variety of methods, including key-logging and form-grabbing. | 339c1efebbffa41627261ae0aaa6a41b | 096f4aa3aead24de93a10e02e0b9ba7719b3ca80 339c1efebbffa41627261ae0aaa6a41b 701fd08f2dcd10f75e462feaeedbc04c5d640d57e7203bfecf490c79b8da50ab https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-07901 | Emotet_e015606f | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | e015606f3ec85f9f563cead0546bd5aa | 7d480edf8e5b560c7b84c0068ecfef4e3ce16b41 e015606f3ec85f9f563cead0546bd5aa 43e226bd92a81a17a2f73a0e9f2f0ea7dee5c7756a4a6d476483cdf456024fdf https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-zl701 | Emotet_0d22c5b0 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 0d22c5b090722f7ef710d62522200ce6 | cd530d09d4511a53d20035a63504e035f196f5c3 0d22c5b090722f7ef710d62522200ce6 53d075b5be564101c888a82187527845404a2df42e7ae774937f9630da98fc3a https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-y1k01 | Emotet_5468354f | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 5468354faa07ad0ef178b70c7410397f | 96c263ac6590ce5ef477773b9fedb452ca77d763 5468354faa07ad0ef178b70c7410397f 49116b29290b3878908d64fc78d1fc92c21f9add774c8a3b2e55e8763f8a8267 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-fvz01 | Emotet_518cdc39 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 518cdc39d568c3bfbc1159956c4415f4 | 37e6b7aca686764cc7cb38406744ef19df01593a 518cdc39d568c3bfbc1159956c4415f4 337af19fb5a1403b332b77a5c6958387ba9150d225d32c6474d5807fb5e9c21c https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-fk901 | Expiro_d8384c0c | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information stealer that hinders analysis with anti-debugging and anti-analysis tricks. | d8384c0c786f00f2bd3b60535c5f74c7 | 6e6bccad34a4311fb890479fb3fa400dedb24b7b d8384c0c786f00f2bd3b60535c5f74c7 c7f0f4fde7c85f456e95bfdbe2a5ab25f07a8e749c11e62b8be2e56587d9ebaf https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-61401 | Autoit_0cc8d6a0 | Windows | This strike sends a malware sample known as Autoit. Autoit is a malware family leveraging the well-known AutoIT automation tool, widely used by system administrators. AutoIT exposes a rich scripting language that allows to write fully functional malicious software. This family will install itself on the system and contact a C2 server to receive additional instructions. | 0cc8d6a01caefb786d0d107a05a25a2f | 595a9c51a709a07b63f03c34f8c32d60d6769a08 0cc8d6a01caefb786d0d107a05a25a2f 556b0f36507a9da9bc8236d6328ac25b7d42e7d62d859ccb6163d117d9d39ccc https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-8ng01 | Expiro_afbf2586 | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information stealer that hinders analysis with anti-debugging and anti-analysis tricks. | afbf2586bd1c2e555e2d6c772eec4235 | 2fb369e5ba28d3a9e5234265d1c82587fd770757 afbf2586bd1c2e555e2d6c772eec4235 fac8e1f9ef6b06eff6e7ec4a5c088644f21f82882daf674e27e699fa9563357b https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-vfe01 | Emotet_b649ddcc | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | b649ddcc18dfa3aadb93f7b4826b18b4 | 8ecc50d37b21a1d927309b2383eec0dfadc47a6b b649ddcc18dfa3aadb93f7b4826b18b4 559028389697aa6b223920c69441d68dddf5c1d46d7be8b3fb0d23af183d477c https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-dwv01 | Expiro_afe1da26 | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information stealer that hinders analysis with anti-debugging and anti-analysis tricks. | afe1da26fb5283c0b28aeb597bae728c | 5e90b78647da264eb1a85d1bb2dc8d2c8a3e70f4 afe1da26fb5283c0b28aeb597bae728c ad73a287c879b1ac9605f5889064373e95f3db526e98c3349a48d63c549c23c2 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-y0201 | Vobfus_1c082cd9 | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | 1c082cd9f55276b3ce49c5144e0e3345 | e59dca6ddc700b06ca611e9622d2bd0ae490260b 1c082cd9f55276b3ce49c5144e0e3345 4ce11c03c2fd40bd58f7044d9bf17fce4118e31cc058113a8cb6d68b0fe2cbc7 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-ggt01 | Vobfus_d81c4803 | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | d81c48038a546589e9a9625d8e5fb0d5 | 322f4881e3cd379a0ed26961f096d05753096693 d81c48038a546589e9a9625d8e5fb0d5 61707b56cec807908e713dd8acbcc2ee8b7359c9c3e8eb826e53fca3fa0de866 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-nsz01 | Barys_5b8193a4 | Windows | This strike sends a malware sample known as Barys. This is a trojan and downloader that allows malicious actors to upload files to a victim's computer. | 5b8193a4b08e25dab4d3a86b32418825 | e84cf601b8485e977125560dd9bd6dcb22f58f8b 5b8193a4b08e25dab4d3a86b32418825 bb04cca5245d8ddda41a24339ab63e8519bffd83a2bbcf80e74c2945bd1420c5 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-45501 | Barys_0b0e120b | Windows | This strike sends a malware sample known as Barys. This is a trojan and downloader that allows malicious actors to upload files to a victim's computer. | 0b0e120bdba026e9eec960de2909fcbd | 0e652095d03ff742c4b1c5e1c8e67e9554dd0050 0b0e120bdba026e9eec960de2909fcbd 6b4864ef87cbc0b4884075a60f5bfbdb39e84405fd6f7f01b019c81013ef9b68 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-38201 | Vobfus_c901151a | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | c901151a4a0b54ea49b468ef93ee683a | 99208c7971a7dbed33cacc6b9cd6ffdc6c510b89 c901151a4a0b54ea49b468ef93ee683a 5ebbf7f1ffdb7f5a5483ad26971c20bf7ffdea7fd1566260d6e4875ff9a477c1 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-c2g01 | Vobfus_23a46743 | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | 23a46743081748d6dbe11468a842f884 | 5fa02db355930093f4a9d145390434a3b382197e 23a46743081748d6dbe11468a842f884 119bb2c3b038c70448cbb9a4a8f8eeed1071d2174f5d1907a01d348f1740927e https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-tph01 | Expiro_a3fec9a5 | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information stealer that hinders analysis with anti-debugging and anti-analysis tricks. | a3fec9a53b74c0c258b9dccfcf7d87a6 | 851da32f1d86e7409600c5177b4cadc8fb0b496a a3fec9a53b74c0c258b9dccfcf7d87a6 dc78031890299fa4a8ee415a90ed95a79dc060a2a55342d7d60da8c468bf5288 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-x6a01 | Autoit_21e5c3e6 | Windows | This strike sends a malware sample known as Autoit. Autoit is a malware family leveraging the well-known AutoIT automation tool, widely used by system administrators. AutoIT exposes a rich scripting language that allows to write fully functional malicious software. This family will install itself on the system and contact a C2 server to receive additional instructions. | 21e5c3e66c3c3f9d1866951532be2973 | 29134bf6340b598e142dca9fdaffd76b9352b66d 21e5c3e66c3c3f9d1866951532be2973 00e6268b7676fe162515c9b4191ae17186d708961a5545cf2b0e76e0d702a035 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-z9n01 | Barys_597d3ac8 | Windows | This strike sends a malware sample known as Barys. This is a trojan and downloader that allows malicious actors to upload files to a victim's computer. | 597d3ac887ae2142ac0788074c9a4c77 | 3f2f567ddabc0d2c590af86427b70040549b5307 597d3ac887ae2142ac0788074c9a4c77 5e0b77a4db61b89aa98faa07433c12366cef0b747b677005df139c18a48e8643 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-zja01 | Winwebsec_b212cab3 | Windows | This strike sends a malware sample known as Winwebsec. Trojan that masquerades as legitimate antivirus software, alerting users to nonexistent threats. It disables Windows Defender and Windows System Restore. It also may block users from accessing websites or programs until they buy the "antivirus" software. | b212cab37cc85b21f7561c917912b2fa | b0abfe7cfc0ad4473ee29ac9add1a03c1cd49060 b212cab37cc85b21f7561c917912b2fa 7340137319da76ae915a176658a9f577847aac97908d2ab1edaa289c092f8954 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-0aj01 | Barys_f9c92ae8 | Windows | This strike sends a malware sample known as Barys. This is a trojan and downloader that allows malicious actors to upload files to a victim's computer. | f9c92ae878d665fa8dbe8e2ae1059289 | 948e45eec4aee195af0c34c23d85865382cb5f4f f9c92ae878d665fa8dbe8e2ae1059289 84d35bea78f59fcb33cc45d7ea6eca8d9cb1b9b1a1a5c493e88e020386c1eb43 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-9y901 | Vobfus_09eb2304 | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | 09eb2304e4bd29c752c17353caeb2fd0 | 91aa32563581375c49acfb3fa5b4d4ded32895fc 09eb2304e4bd29c752c17353caeb2fd0 05f0f24b4fc446cf95fe3be015fe0f61908d1b5cbb1706a14c2e393886454f38 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-cfg01 | Nazi.mips_61f96953 | Linux | This strike sends a malware sample known as Nazi.mips. This malware sample is known as Nazi.mips. It has been seen in the wild as part of the Mirai botnet campaign. The MD5 hash of this Nazi. | 61f9695324b02c3167b1a5c17144f252 | db9a1ebc2173afd5bee590f69fb110771b62676d 61f9695324b02c3167b1a5c17144f252 590341960c4e76a8b73d98f70d3773e12650e4cfae6414234d5c688fc1c7da9d https://urlhaus.abuse.ch/url/164531/ |
| M19-srl01 | Zbot_7ec83ef2 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is a trojan that steals information such as banking credentials using a variety of methods, including key-logging and form-grabbing. | 7ec83ef2107809ac3269c18993f71606 | 00d0ae3ea46b2ca7d9410106976772ea22a6aae0 7ec83ef2107809ac3269c18993f71606 276dab07147db188ff45e12e53ec462af42e1973a4687a2b2e3e9301c15db929 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-rk001 | Expiro_b002c452 | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information stealer that hinders analysis with anti-debugging and anti-analysis tricks. | b002c4527c64bd7f73b8a697a471bc29 | 77b98d27dcc83faa989d0ce1976c97df717c2d43 b002c4527c64bd7f73b8a697a471bc29 ee3c63c6c9d0c5887b22a820d1b97b44ec97ee212f819d9ad478a6846e6a5f87 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-np001 | Barys_94ba4042 | Windows | This strike sends a malware sample known as Barys. This is a trojan and downloader that allows malicious actors to upload files to a victim's computer. | 94ba404247d1234e8c9dd7b9b6c5be6e | 3823d391e2f3abac23f68ebde805a79ab1532eac 94ba404247d1234e8c9dd7b9b6c5be6e 7e777487165f72a5d42608e2bc4c3fb8ccf0c2aa0c059c53f4c05d6318803be6 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-x9501 | Emotet_13465490 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 134654901a93656a5d4d840060bc5059 | a11ed9b14bb67b5077ac0ea26be0bc948e54d15d 134654901a93656a5d4d840060bc5059 521c964fe97018ae915a3762dbf31a2397f7c283a494f19671354d5a179dcf3a https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-t4101 | Vobfus_fefa402e | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | fefa402e287d3db6a3a49f1e7fc2e370 | b6e4cccb48faeb27b02471c0e748dad61dce1072 fefa402e287d3db6a3a49f1e7fc2e370 6c863b2f65224fbc6d85702cf9cf48b120a851ec4c2f7e76b21c9c56b5427d82 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-gv301 | Zbot_cee80fbd | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is a trojan that steals information such as banking credentials using a variety of methods, including key-logging and form-grabbing. | cee80fbdc25de37fd4ac00a69ff26b01 | 080595628bf22b5f53d9d9c2fa54e690d40ae14b cee80fbdc25de37fd4ac00a69ff26b01 2a0588520f7752424195cc36e6843d09ec850b6c7a41e966af58f3ebee8353c0 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-mb701 | Vobfus_9e8e24ed | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | 9e8e24edab3d2d6d8e4fe75b184b3c15 | b0ccbdfdbced3813d96007ea409115075bedff4a 9e8e24edab3d2d6d8e4fe75b184b3c15 1506a6d7439fab0a6b3c775fdde0627bacafa4760900c0f111edce4d55a03a50 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-b5b01 | Emotet_8c45fbd2 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 8c45fbd2634f23d3cf6c4a92b007fec5 | b44d4add9f1790c52ccce889adaf7b003be92faf 8c45fbd2634f23d3cf6c4a92b007fec5 16969a648499623f5b6d61785673c445035bcfa90d4303b88b922d76e6d95728 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-cgb01 | Emotet_3f2504f9 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 3f2504f977f67763f20173050d20fd48 | 1408c02650c3dc652cd11def6dfe6cb7fae73f8a 3f2504f977f67763f20173050d20fd48 689685a2edd6b0cabc8ca0fcbcf39e53e4da57d65dfe0e2658964dfb8cca39dd https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-7gx01 | Emotet_6cb6e853 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 6cb6e8539075c57cd4f13ff18dd30db1 | b6e321ccc4fd018795c8089ab70da32685fe68ea 6cb6e8539075c57cd4f13ff18dd30db1 53523d8333a3e913bb53523269c22af0e38d26bae9f637f2617acef7dabab06e https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-65c01 | Autoit_55ffea00 | Windows | This strike sends a malware sample known as Autoit. Autoit is a malware family leveraging the well-known AutoIT automation tool, widely used by system administrators. AutoIT exposes a rich scripting language that allows to write fully functional malicious software. This family will install itself on the system and contact a C2 server to receive additional instructions. | 55ffea008a68108e1cdaf161cb496be8 | 10d8a40fd308c83a4e6896b9e804cb6be8c64981 55ffea008a68108e1cdaf161cb496be8 468bd5cd0779eec9d11b325e5dd7aa7721e7189a04b7d92a236279d1cbab4439 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-bk501 | Autoit_ceb5fd34 | Windows | This strike sends a malware sample known as Autoit. Autoit is a malware family leveraging the well-known AutoIT automation tool, widely used by system administrators. AutoIT exposes a rich scripting language that allows to write fully functional malicious software. This family will install itself on the system and contact a C2 server to receive additional instructions. | ceb5fd346e93bbd5ecd25a41d50ace98 | 03f7c0c7ff72ab5ec12cb3fbf9cd2678ff8c923b ceb5fd346e93bbd5ecd25a41d50ace98 21705746b4eb464753d99cc7999db91a55ca4a8a08ab53b8031c969adc47d899 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-jm301 | Winwebsec_696a20b9 | Windows | This strike sends a malware sample known as Winwebsec. Trojan that masquerades as legitimate antivirus software, alerting users to nonexistent threats. It disables Windows Defender and Windows System Restore. It also may block users from accessing websites or programs until they buy the "antivirus" software. | 696a20b92eef9900f32c997f499d24cb | cf800961891a18abaebf3cab4e992e2d75385ad3 696a20b92eef9900f32c997f499d24cb 0ee9b85dd0d097210d138ac73b5687d8de17e4880131360a258295b0ece85006 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-1d401 | Zbot_b5554e0d | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is a trojan that steals information such as banking credentials using a variety of methods, including key-logging and form-grabbing. | b5554e0df996ff728a3dbe5a56b49b2c | 0214626e34cba19d2d170d3570f136306d9eb1c8 b5554e0df996ff728a3dbe5a56b49b2c 84ab81138637667e9a304c70f6332d6e07a7fe01cada75b87501e1119654fe62 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-una01 | Vobfus_0ef831c9 | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | 0ef831c9a616bf9ba687640fe1faa6af | a443b9284ed3c9121c97f2b9e89e95ccc9355da0 0ef831c9a616bf9ba687640fe1faa6af 1bd8db7ee7413001573a689ae4ebcb29da7652717f35ecbd735a87f3d621586b https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-6r301 | Emotet_c5f83831 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | c5f838312d930c0d9c2e90a868dab366 | 15901a5c3cd524d2bec3192782ed0df326af9bf5 c5f838312d930c0d9c2e90a868dab366 6cfc0383c421992c8d4e0f8a9a13e705e67b1735ad71520eacc1351c9e8cdc14 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-1a501 | Vobfus_9d6352a8 | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | 9d6352a804ef6adfbd180d144e3e56f1 | 5976d7e2500986ebdb391ef5f0ae04a2738163ba 9d6352a804ef6adfbd180d144e3e56f1 66c85f135b970fd774f2582202458bd083ecf71bc1f80cd195706d7b354bb601 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-zm201 | Expiro_b22315b1 | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information stealer that hinders analysis with anti-debugging and anti-analysis tricks. | b22315b1f41ea36e263082751ff23d2d | 85e52127e1298df7f06d679af297aac404509454 b22315b1f41ea36e263082751ff23d2d cc7f00cab330786e2de92e1fb3b36baed5868da2f66744d9d058072e9b5587b9 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-su501 | Barys_e4d1f164 | Windows | This strike sends a malware sample known as Barys. This is a trojan and downloader that allows malicious actors to upload files to a victim's computer. | e4d1f164267fed0c845ec0f7abdba864 | eaa01f360658e05746bf6334a2b63788c32e8af8 e4d1f164267fed0c845ec0f7abdba864 58007a4c73c96932b44d67ec7c6db050ed18577f2cc5eec427be6a2b6a962dd6 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-8ob01 | Expiro_b712e0b0 | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information stealer that hinders analysis with anti-debugging and anti-analysis tricks. | b712e0b0866beb47560d16a1ec62ba4b | fb533cff5e5cfb33ad1ec61dfb91d6b08f6d82fc b712e0b0866beb47560d16a1ec62ba4b d7d5248e70e3ebfd772783ef78f22d7843596fda42231659373827504ce9ca2b https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-dvs01 | Winwebsec_6a2679e1 | Windows | This strike sends a malware sample known as Winwebsec. Trojan that masquerades as legitimate antivirus software, alerting users to nonexistent threats. It disables Windows Defender and Windows System Restore. It also may block users from accessing websites or programs until they buy the "antivirus" software. | 6a2679e102dac78a2b48e8f9b5320256 | 9280aab4a638e57588d7af7573ba10ae35ae1850 6a2679e102dac78a2b48e8f9b5320256 35512788e3ec6bf939840d6ac94191b7976b4309bb26bf91eb00b461beb29ad3 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-rke01 | Emotet_a2dda36c | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | a2dda36ce4b08896f8703413f73a5029 | f92fb5ad97c05220b83910d478f493af492440ff a2dda36ce4b08896f8703413f73a5029 503c9111d0fc0efb4a3290c977dd8f0f6cf4925de69bf644fbbdf03857ca1776 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-j2101 | Vobfus_f624a5c1 | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | f624a5c1eb03ef853cc17548b8490b60 | 56a12f580c73b0b5cc3405abc7a856f2f143243d f624a5c1eb03ef853cc17548b8490b60 046c299741954c07ca5feab9039d7a7208c9e5dad3fca354041acdecab550cf9 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-e0s01 | Zbot_ccb247b6 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is a trojan that steals information such as banking credentials using a variety of methods, including key-logging and form-grabbing. | ccb247b63b5bcead971f2b2822297c01 | 09519bca7c6ed43dea174c0924a2c40bd69655a8 ccb247b63b5bcead971f2b2822297c01 58b1da3642367b1f8f80a018befaaeaa91ddbc0187d56f52c62eebeb06ac4291 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-7ue01 | Emotet_89e425f8 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 89e425f8e39c5cfbd2d75c0707c8b04c | 0d02612eeb86204c6ee416e1b92eee56df2f6e78 89e425f8e39c5cfbd2d75c0707c8b04c 524622e92156fb4e155e18f820b2897f60b49b2e0533ed449ab99642b16ef887 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-d5i01 | Emotet_111a785e | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 111a785e5498545100da4dceae318a8a | cec930c9ebf537f24a1d77f17d64a33a48f9fcbc 111a785e5498545100da4dceae318a8a 67f41f532423939b59a2f0b890028ec7b9de5ec71b7e8bd0a8aee7906101174b https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-wai01 | Emotet_2a6c0685 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 2a6c0685589670377f3af7e55f24bdcf | 118a51057926502f5feba90574b7bea45ddf846d 2a6c0685589670377f3af7e55f24bdcf 5353758894e7cfaee0376ac38e76a1c366b1d0ea19911affdd23f2cbdc12d020 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-0jk01 | Autoit_1426a5b7 | Windows | This strike sends a malware sample known as Autoit. Autoit is a malware family leveraging the well-known AutoIT automation tool, widely used by system administrators. AutoIT exposes a rich scripting language that allows to write fully functional malicious software. This family will install itself on the system and contact a C2 server to receive additional instructions. | 1426a5b717a16c66e95057b252f4324f | 31e8298389dd2731463073bd6e484ab96e2be9c5 1426a5b717a16c66e95057b252f4324f 7254eb9ebb64ad0916d7678e8d01fca31a18d73f970a64394f9fc88069590929 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-lk701 | Emotet_9f356741 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 9f3567417d10e5375220eb7c9aa2302c | 2752ce6a776592f55ea9e844ac4c3ecc18ad4845 9f3567417d10e5375220eb7c9aa2302c 64cffcac96694cf3ffce2b7ff2962176f0fea267093ea4970d2aac3d53038fea https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-vfi01 | Expiro_ce7b3f6f | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information stealer that hinders analysis with anti-debugging and anti-analysis tricks. | ce7b3f6f4c99e406a7c7fe8fa3c866d7 | 4c0c246e65f0247d6bc4455548fc7500eefdb87d ce7b3f6f4c99e406a7c7fe8fa3c866d7 ba649d6fbcade5b73b2a761f4d40702c2a21195fed22285213959abebd818833 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-wdk01 | Expiro_d2012f5a | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information stealer that hinders analysis with anti-debugging and anti-analysis tricks. | d2012f5a201a78cc0d3976bc513fe501 | 634b81195bae841e2dbe4b441621fc086e0195a7 d2012f5a201a78cc0d3976bc513fe501 dd198d756ce002a3eab75e4faedb6e48cfd27032ad4e9f4643f454b613b616dc https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-pt101 | Winwebsec_b559a052 | Windows | This strike sends a malware sample known as Winwebsec. Trojan that masquerades as legitimate antivirus software, alerting users to nonexistent threats. It disables Windows Defender and Windows System Restore. It also may block users from accessing websites or programs until they buy the "antivirus" software. | b559a052dae83f325f797f8659ea2bdc | f606d82467f7fbced17ddd7200b7e8eec9aa8d32 b559a052dae83f325f797f8659ea2bdc 4ce41686ffaea1f9c80d2bbe00bbbe0a1da864a038a0a48066f209bbc98cb969 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-vwm01 | Expiro_e9027feb | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information stealer that hinders analysis with anti-debugging and anti-analysis tricks. | e9027feb81bec4b12d87902540d33594 | a7c4d2564e6a7e88bc6ec1894809e6c3b8e468cf e9027feb81bec4b12d87902540d33594 c56268667843181e7aad8cb849496a530be0a7916cfda65e34942bb8e0b909bd https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-0v601 | Expiro_87ddb043 | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information stealer that hinders analysis with anti-debugging and anti-analysis tricks. | 87ddb043145a059061b59c399a9a5e18 | 666f01f65251c20a49ae8cd99376cbda76a844b4 87ddb043145a059061b59c399a9a5e18 57d65c0c068da7ec72e8c9ba0c6f9a354917bae5127f55de1635a6d5d471d60b https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-hlz01 | Autoit_89077c6b | Windows | This strike sends a malware sample known as Autoit. Autoit is a malware family leveraging the well-known AutoIT automation tool, widely used by system administrators. AutoIT exposes a rich scripting language that allows to write fully functional malicious software. This family will install itself on the system and contact a C2 server to receive additional instructions. | 89077c6b8737c086ee80df66cbc709e3 | 18f958279dbd8c2965baab16fcde22e15433fb98 89077c6b8737c086ee80df66cbc709e3 b1aa39eef0e0f815f9c91993cc24e786cf050f17e818f103416e7dd95727b911 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-3f401 | Emotet_b2c99c31 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | b2c99c313499c77e8272651c38c55496 | d834bb09c2830c26f0244b3d173858618c4ce798 b2c99c313499c77e8272651c38c55496 78a0a5844a1ca119d94bcaea5ac5b8e256f2711b76eaccdffd0089c18f079e2d https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-8xf01 | Expiro_b21d07e9 | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information stealer that hinders analysis with anti-debugging and anti-analysis tricks. | b21d07e9392bd4403fd66d552872eeca | 0ded324f09c395bb6e78f44bd8ae54be4becbd15 b21d07e9392bd4403fd66d552872eeca faab282b345611411cbe53e35c94f2c56c9314bb4211a20ebfb6b17d85366cf4 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-jmn01 | Barys_f2905c2e | Windows | This strike sends a malware sample known as Barys. This is a trojan and downloader that allows malicious actors to upload files to a victim's computer. | f2905c2ecbdcf084c35ce84556641a69 | 45a45e45e10866a6b34c64e4c3caaed4ed3fa01c f2905c2ecbdcf084c35ce84556641a69 868b8e6f1301f54178839130eaefc5bbf2e6aa1c78e6054389a1f2d0b02a1bcd https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-x4j01 | Autoit_c55af88e | Windows | This strike sends a malware sample known as Autoit. Autoit is a malware family leveraging the well-known AutoIT automation tool, widely used by system administrators. AutoIT exposes a rich scripting language that allows to write fully functional malicious software. This family will install itself on the system and contact a C2 server to receive additional instructions. | c55af88e6835ab39616e97238d9ef8b8 | 3d87fe90d612fd66a7fd51ec1861c017b181f1b3 c55af88e6835ab39616e97238d9ef8b8 4e46d7ddef280bb91c73f15975b610d3bc4be014d29f05dade4860932cd63913 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-ci301 | Emotet_4f8eba6c | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 4f8eba6cf1d4e29600b6690b63fb4bd9 | 7e75666f39f570a9aae20d506feb0751c77d31a1 4f8eba6cf1d4e29600b6690b63fb4bd9 02a0a4800d92ba59432af6e47480ede2769bd53d7af7840ce9a8ee7097ae0003 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-hw701 | Vobfus_3f80c7b7 | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | 3f80c7b73ef5dd9e5b15031f1deb0105 | 099cfd0410a826c4d3febea7d16b4cb5f831aea2 3f80c7b73ef5dd9e5b15031f1deb0105 4b77f7be93f7a27a30a87f5d3fd611d54ead6b62a18a12dcfca3bd65f3081e86 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-3fj01 | Autoit_5997c03a | Windows | This strike sends a malware sample known as Autoit. Autoit is a malware family leveraging the well-known AutoIT automation tool, widely used by system administrators. AutoIT exposes a rich scripting language that allows to write fully functional malicious software. This family will install itself on the system and contact a C2 server to receive additional instructions. | 5997c03a3c290bcec5f816e9765ae4c5 | 2a974ee7f2de805d0dee153562fb7572552dbf7d 5997c03a3c290bcec5f816e9765ae4c5 9104f6034c2e99c2fd8d3158be68b20a93ba51f0d25b6e4908094f75cc3234ad https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-sk801 | Vobfus_8edae85f | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | 8edae85f33105d065d2e8be82b4c00af | f9c46079bc9e34b4b12d2d4cae6c8621f4a37a31 8edae85f33105d065d2e8be82b4c00af 4cbbeba77a0e8af025aeb17352a36b6c75687a00827ecac1f9dfac206603ab52 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-dyx01 | Expiro_e575aa5b | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information stealer that hinders analysis with anti-debugging and anti-analysis tricks. | e575aa5b788c85870b4c890c7cf43173 | ddb8ee78fc6e0cec94f1cecddf99a3709658825f e575aa5b788c85870b4c890c7cf43173 a9a42f7c8d67d59137bcdb813ff2c92277fcf778599e349062be332960b91c62 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-afe01 | Zbot_cf171509 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is a trojan that steals information such as banking credentials using a variety of methods, including key-logging and form-grabbing. | cf1715096f868a9779fd797271250e13 | 094c40007052b8c9602f90f430e3a8d1aa0b28a5 cf1715096f868a9779fd797271250e13 79af5e9ff5b60e9ac555bf82c43d01b20d7a2d4faa85fff2651883cff52be4e8 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-xn301 | Barys_f3ce8e7d | Windows | This strike sends a malware sample known as Barys. This is a trojan and downloader that allows malicious actors to upload files to a victim's computer. | f3ce8e7d46143144abf80fa53307278d | 6342956aca02049f0d0a6a362a984845a37f8d33 f3ce8e7d46143144abf80fa53307278d 809c104c5546b025e8680f612573ed4e1123a19cab555deb9984407d69c18abd https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-feq01 | Vobfus_622f7a95 | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | 622f7a95bd0cfaff9d6423e77f7e6430 | 81785c34c9b9661141531dc772147f9d87edcf43 622f7a95bd0cfaff9d6423e77f7e6430 2bd2f27610560eea9d652b3b8c44225a4b66ef349350e53fff8b42406f74ad3d https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-z7l01 | Zbot_f55dbdfa | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is a trojan that steals information such as banking credentials using a variety of methods, including key-logging and form-grabbing. | f55dbdfa9c43b46adf2a62441742774a | 0ce51ccdbc280811fb85278bf6e48e7bed793e9e f55dbdfa9c43b46adf2a62441742774a 424171b94775b10d108095adb1a29f3ee6b8918e2bc3e6b96d62ea8a9c2ff01a https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-mtq01 | Winwebsec_0bc37a49 | Windows | This strike sends a malware sample known as Winwebsec. Trojan that masquerades as legitimate antivirus software, alerting users to nonexistent threats. It disables Windows Defender and Windows System Restore. It also may block users from accessing websites or programs until they buy the "antivirus" software. | 0bc37a491c169e1520de74f3f62d7f82 | a540906960b83eb752b59c9cccd19e48d2140507 0bc37a491c169e1520de74f3f62d7f82 b34930cdd050eb0968301ec594091dd714f516547bc41f37390031655f282577 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-rpl01 | Zbot_c03f8220 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is a trojan that steals information such as banking credentials using a variety of methods, including key-logging and form-grabbing. | c03f82200547248bc61d40896b86aa95 | 091685365b6cef4e204a1106c8de2530fc3be6bd c03f82200547248bc61d40896b86aa95 5c41aca107b6f288e5436c5722150e62845d594a89dd31de98865f87a1618880 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-ntd01 | Emotet_354d6e38 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 354d6e3899b20057fcc38320d7cd668d | a50ffad5cc4e3006840174a2e5111f678d15ee92 354d6e3899b20057fcc38320d7cd668d 5971aaaa42335a059f017e6586776f5b5de40590b4e68dfca8124811e372300e https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-sq201 | Barys_be8db4f7 | Windows | This strike sends a malware sample known as Barys. This is a trojan and downloader that allows malicious actors to upload files to a victim's computer. | be8db4f7aab448c10c45af2940081e3d | 720dd9193ea7e76093305cebf97e604418e987b4 be8db4f7aab448c10c45af2940081e3d afecfc0b7e4c6218fcfb546ce088cbd6b5087358a5e44bab9595df720e1a7490 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-ksd01 | Autoit_fef8d296 | Windows | This strike sends a malware sample known as Autoit. Autoit is a malware family leveraging the well-known AutoIT automation tool, widely used by system administrators. AutoIT exposes a rich scripting language that allows to write fully functional malicious software. This family will install itself on the system and contact a C2 server to receive additional instructions. | fef8d296f41567064422a253f40fe9fc | 270fa5e1ed7052bf20c5fcd49d307653876aae42 fef8d296f41567064422a253f40fe9fc 8acab560aa72f1d6a39b1bcdc48334e51cb9654fb21185da22413434bb01d22c https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-41801 | Vobfus_687f1dae | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | 687f1dae6b1eb731033f9b929e489fbd | c1accf4f4412b7bdc1732afcbb280da42dd013c6 687f1dae6b1eb731033f9b929e489fbd 40466788e57d5200867dcfd7a3f2c18004b8317c19a0528af585c537edfc1201 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-s6301 | Emotet_0e250ad7 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 0e250ad77113faaf17df95bdff12d473 | 861504e79dabd6a14513e0ef743caff800fc4d54 0e250ad77113faaf17df95bdff12d473 53c708d13bb6526de05446fdef04d9d9f183f825596c89cc92d8e7aced3acbd0 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-ibp01 | Expiro_ba96e276 | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information stealer that hinders analysis with anti-debugging and anti-analysis tricks. | ba96e27639cb497a4958748cbf52a5d8 | 73dbbf112027faed421dcf2fc6f5b05f6c5d8f63 ba96e27639cb497a4958748cbf52a5d8 ad6d8581a541cc8622b132e171627324d8e02c4ba2a3804e0f6763d336207a01 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-3rz01 | Vobfus_92445dc9 | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | 92445dc9ed3b5b26687da127113e6420 | 891131563ace52523703c58bcf8ce0f0585e9c31 92445dc9ed3b5b26687da127113e6420 5312c2573551bf4ea733031528f4e79b8b1c675c2a05e4059c06cf9c2706b9e1 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-ecj02 | Autoit_755e2316 | Windows | This strike sends a malware sample known as Autoit. Autoit is a malware family leveraging the well-known AutoIT automation tool, widely used by system administrators. AutoIT exposes a rich scripting language that allows to write fully functional malicious software. This family will install itself on the system and contact a C2 server to receive additional instructions. | 755e23168f741e96ea202cfe6bcabfbf | 83ae1b48f0cf1c42c190ec53bd680c412063b6cf 755e23168f741e96ea202cfe6bcabfbf 06e27b85a1994a896d81cf423bbf9bbff1bbc5d89d26d4aa8b0fbbfa6b824d13 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-z1o01 | Vobfus_273e6b95 | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | 273e6b95c0ca6243a1ebff8895aeaf11 | cc5a7059299cc59300e0d0e10f2597ee30dbaf60 273e6b95c0ca6243a1ebff8895aeaf11 3b6a66df8369ac8bf26e8402989d29534b7d7e1c7e460d970f50416e2afe5ffe https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-l2c01 | Winwebsec_1c518954 | Windows | This strike sends a malware sample known as Winwebsec. Trojan that masquerades as legitimate antivirus software, alerting users to nonexistent threats. It disables Windows Defender and Windows System Restore. It also may block users from accessing websites or programs until they buy the "antivirus" software. | 1c51895455a4c24f3e82e576992cb55e | 5a0568800fe76e2a32140a7a42d8cc5a52cc5910 1c51895455a4c24f3e82e576992cb55e 73208a63a25abaec555e1621f991b167ccd40eac8b06d330fd2642d157d028d1 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-po001 | Autoit_bb366d27 | Windows | This strike sends a malware sample known as Autoit. Autoit is a malware family leveraging the well-known AutoIT automation tool, widely used by system administrators. AutoIT exposes a rich scripting language that allows to write fully functional malicious software. This family will install itself on the system and contact a C2 server to receive additional instructions. | bb366d27a0e98f8c3ac21296a058cfcb | 4e9eaf1c59401f6907523fa44f52a3abd3953905 bb366d27a0e98f8c3ac21296a058cfcb c0406b0fedfb94e25ddd6b04947830c82460f5080999ad08fd5abc23fcf004dd https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-8kx01 | Vobfus_34fb99d2 | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | 34fb99d2530115000b12cedc4843e439 | 5d5fcd8452d99d5b1aa7f62949c8dd341a7b2e11 34fb99d2530115000b12cedc4843e439 4a67a46ce70cd36aab995cd0a04621a4050cac0488bab6c433efb1324c6b4513 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-lz801 | Expiro_db4190a8 | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information stealer that hinders analysis with anti-debugging and anti-analysis tricks. | db4190a8de8db094889aeb52b789bd03 | 960a4ff68e364c3735e8cc76a4b6c772850c5cd6 db4190a8de8db094889aeb52b789bd03 b9e9f61ba07393c6da51ea20c3764b0088f0fc9cfc6be99d355fe1f5aec82f8f https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-gd401 | Vobfus_99e23369 | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | 99e233693b30bee8bd1b7dcbd475d8b2 | e2f2a5ce4845515cfcfebdfccb643504a25e5da0 99e233693b30bee8bd1b7dcbd475d8b2 272c48ac067319a1c8d51717c5f34b34ac4db4f970f9fccc5915d7bf77123ecb https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-b5101 | Expiro_a71d21c9 | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information stealer that hinders analysis with anti-debugging and anti-analysis tricks. | a71d21c90aa961cb9d999b866c36fda8 | ae6ec6e7f1c2f6c04e417466db39f481e5f54e9d a71d21c90aa961cb9d999b866c36fda8 b21649f76ec9cce8d3937f512c8d9a841979d1b90cb3f24ca2eb1a0d97c615f0 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-ggy01 | Winwebsec_af21d246 | Windows | This strike sends a malware sample known as Winwebsec. Trojan that masquerades as legitimate antivirus software, alerting users to nonexistent threats. It disables Windows Defender and Windows System Restore. It also may block users from accessing websites or programs until they buy the "antivirus" software. | af21d246992ff349a2ec0f97f2921c51 | 9d00bd1d7fe809efa340e75f3866217934d9ff2d af21d246992ff349a2ec0f97f2921c51 e639df0b0afa8a5fafd40064339d75b7098de98068ed9b9d1e20da9e3649d25e https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-d3j01 | Expiro_ca5165e0 | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information stealer that hinders analysis with anti-debugging and anti-analysis tricks. | ca5165e0a4efff54872eb5db94f40741 | 01b8507797d86ba5a3a4ef26efbf039e21fb7223 ca5165e0a4efff54872eb5db94f40741 c9785ee70ca68ac41cb78fd83e37fc33837c10d3d82ad2188b2554ef14c2a345 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-k2901 | Barys_25761e0d | Windows | This strike sends a malware sample known as Barys. This is a trojan and downloader that allows malicious actors to upload files to a victim's computer. | 25761e0db4b836f014dc11ee05552b21 | 280d8062d753dbc3bd7f47cf8e2296274e89cd24 25761e0db4b836f014dc11ee05552b21 a6e84c3b4c46fbb17f9ae770c2244579ab3e7b82621290d977ff93b539b9bf37 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-z5a01 | Autoit_0e4d153f | Windows | This strike sends a malware sample known as Autoit. Autoit is a malware family leveraging the well-known AutoIT automation tool, widely used by system administrators. AutoIT exposes a rich scripting language that allows to write fully functional malicious software. This family will install itself on the system and contact a C2 server to receive additional instructions. | 0e4d153f5475162d16a2fd008af5e226 | bde58eac1ccd3af28db3476382751b2af145e0c5 0e4d153f5475162d16a2fd008af5e226 a428bb2458b74579874a41d9ebb463835dc938777b7a21f52454af4e52856603 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-v1r01 | Emotet_7436fbf2 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 7436fbf211c05fced06e8e5c5ec8a0c2 | a07847d977ea5490adce6afa83fe5debdb484988 7436fbf211c05fced06e8e5c5ec8a0c2 5844365b389ab2865c1c032561da07954e1b8312a61fe612672d7c11aca908c9 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-yzc01 | Vobfus_21ed547a | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | 21ed547ad4c0882e97000a50921a859d | 3a7798ab19149a8c67c39de32ebbae5dbe1c09a6 21ed547ad4c0882e97000a50921a859d 0b5716a756064ebe398f0e164f8d7e0dd747ca50795e3624b5574fd78e92059d https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-eaa01 | Winwebsec_b69dff21 | Windows | This strike sends a malware sample known as Winwebsec. Trojan that masquerades as legitimate antivirus software, alerting users to nonexistent threats. It disables Windows Defender and Windows System Restore. It also may block users from accessing websites or programs until they buy the "antivirus" software. | b69dff214349c4d1275dfe6cebece3ef | 8d4f5aa3add580500eb1e20d5835cdb7782f1cb4 b69dff214349c4d1275dfe6cebece3ef b7192f768a639280169016309758dd5e4d5be76a96850b7eab52c25198ecdafa https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-ar001 | Zbot_78c815d7 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is a trojan that steals information such as banking credentials using a variety of methods, including key-logging and form-grabbing. | 78c815d7a54e180a74b5f8b8c4f5e583 | 08841004da7c6007d1412d5d4da6b0e3e49bc76b 78c815d7a54e180a74b5f8b8c4f5e583 42c89f9e463771c6de93ecbd94210a7242234ca512ba2d68e4133e7835ce9f46 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-mad01 | Autoit_17fe4838 | Windows | This strike sends a malware sample known as Autoit. Autoit is a malware family leveraging the well-known AutoIT automation tool, widely used by system administrators. AutoIT exposes a rich scripting language that allows to write fully functional malicious software. This family will install itself on the system and contact a C2 server to receive additional instructions. | 17fe48381c3191151339e4dcdd3460c4 | fe198ed5d872e465f44666a079e2326c091c2b68 17fe48381c3191151339e4dcdd3460c4 0837fda8e72d32584a4c53dcc8f7ca75f38eae979d178f6db434e9521fbe82e8 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-gzv01 | Autoit_2158a9ad | Windows | This strike sends a malware sample known as Autoit. Autoit is a malware family leveraging the well-known AutoIT automation tool, widely used by system administrators. AutoIT exposes a rich scripting language that allows to write fully functional malicious software. This family will install itself on the system and contact a C2 server to receive additional instructions. | 2158a9adcf678a9c6b9c322c050eee7a | 06f3a6d33730ef9d42113a89a083b0c3250c3423 2158a9adcf678a9c6b9c322c050eee7a dad963b9062233185343b7564500514c8e51ed1056f717615e7885524a5ba8a6 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-tiq01 | Vobfus_0e383986 | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | 0e3839861e257337a40f41c2c51d4ff2 | ca8ed258271760249752619c778afe27e3a4a231 0e3839861e257337a40f41c2c51d4ff2 057d66787c6ee44bd9d8015f563c3b6e2eab4a83bfe2eee53e1b7d0006e0df84 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-k5a01 | Zbot_aa344762 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is a trojan that steals information such as banking credentials using a variety of methods, including key-logging and form-grabbing. | aa344762be2f6da45b48016f9ad6fcb4 | 01382150f715895656be6d02de636888f5a27099 aa344762be2f6da45b48016f9ad6fcb4 8fe26438c3bd8257c7c09e13bcb06f049a65cdeef64fdf6260048b97c839c72c https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-tuy01 | Emotet_8a5b857d | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 8a5b857d72ece487ab4892215e0ed33d | e0c2800d3b3ed8e1dbc2e49c2d2f8494306e1173 8a5b857d72ece487ab4892215e0ed33d 1ab5e8be2711179c75581141bdaacf4b1fbc1806806d73e53b94e2286e150569 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-i4m01 | Emotet_baa34a6f | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | baa34a6ff63c376704a0c5de20204c19 | 8add3e44532bf60017ecf00685949bafbb4d5f4e baa34a6ff63c376704a0c5de20204c19 09ad52e3866b1cd1629f5206c38d968ed82977026dfa79f3f9313625fce9298c https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-vsh01 | Expiro_d574673d | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information stealer that hinders analysis with anti-debugging and anti-analysis tricks. | d574673ddb4d624ad6d3b2a60b297a97 | f75aa2bac0cb7822ab829e8d1c0b4368b94dfe3f d574673ddb4d624ad6d3b2a60b297a97 6e16f59631c0382f8902123e8f021656235724d3b76ec33913dcd813f567df4e https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-up501 | frosty.mips_882bfeb5 | Linux | This strike sends a malware sample known as frosty.mips. This malware sample is known as frosty.mips. It has been seen in the wild as part of the Mirai botnet campaign. The MD5 hash of this frosty. | 882bfeb5bc97a44df59df37c4bc79f89 | a14bc6ca0aea5055af330fc79e422b3bd9a99304 882bfeb5bc97a44df59df37c4bc79f89 08d19a7a76ba658026dc596e5e1698029bec70131547adb4080a8c219b9d2073 https://urlhaus.abuse.ch/url/172580/ |
| M19-zq001 | Autoit_131c5613 | Windows | This strike sends a malware sample known as Autoit. Autoit is a malware family leveraging the well-known AutoIT automation tool, widely used by system administrators. AutoIT exposes a rich scripting language that allows to write fully functional malicious software. This family will install itself on the system and contact a C2 server to receive additional instructions. | 131c561310278affff9b3ef76971c81d | 4dac4c05ffe2d864d5ce034ba528f0def5eb6308 131c561310278affff9b3ef76971c81d 02f9a5389aea7c071f277a51bbd449d845b7e5acb5a94c5e795bd283415569be https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-vbf01 | Autoit_73e4fe2b | Windows | This strike sends a malware sample known as Autoit. Autoit is a malware family leveraging the well-known AutoIT automation tool, widely used by system administrators. AutoIT exposes a rich scripting language that allows to write fully functional malicious software. This family will install itself on the system and contact a C2 server to receive additional instructions. | 73e4fe2b9bcd139bfa4ef15ae5646399 | 30cb60668c631082950558ebcafdf4b7a0ebbd22 73e4fe2b9bcd139bfa4ef15ae5646399 055f89ea1016a672124bf38461d7a04632c9caf270714a783b34fa014e038c57 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-2ge01 | Vobfus_fba4bfaf | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | fba4bfaf7e13891a75224568ba238612 | 8ed200a0db4b12d5f3200f353765dcd6db7cc49c fba4bfaf7e13891a75224568ba238612 6fc3ab28e7177cf2ca67f6d3a945979b6bdce37eea446d21cef54181a673a35c https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-42d01 | Winwebsec_621c8a59 | Windows | This strike sends a malware sample known as Winwebsec. Trojan that masquerades as legitimate antivirus software, alerting users to nonexistent threats. It disables Windows Defender and Windows System Restore. It also may block users from accessing websites or programs until they buy the "antivirus" software. | 621c8a59b8a107a6c7cef18478cf178b | 692b25d9d51df0b718b6a52de048ddf7d3265481 621c8a59b8a107a6c7cef18478cf178b 520eefe6fde2fe435b885080259ae7357c291de05c7d3df8ae69095e48a1ca1d https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-xjs01 | Emotet_b34078eb | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | b34078eb3967ca408e1864d784362951 | 549ccf60ae891d600bc7f196b4af80167f507986 b34078eb3967ca408e1864d784362951 079dd41f7437110d28bbd3c0f6bacb2f0cd1b23cb899772e8c380124be044fac https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-6nt01 | Winwebsec_683c2a6f | Windows | This strike sends a malware sample known as Winwebsec. Trojan that masquerades as legitimate antivirus software, alerting users to nonexistent threats. It disables Windows Defender and Windows System Restore. It also may block users from accessing websites or programs until they buy the "antivirus" software. | 683c2a6fa60d7c80243d2b45d0c862d3 | c3e5b09b7dded1fd798400ab47a073aa6c229192 683c2a6fa60d7c80243d2b45d0c862d3 04311b0a06d95014390434149f1dae9f1c8e399e678fe80903d515501b4ac04a https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-qse01 | Zbot_c635bc66 | Windows | This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is a trojan that steals information such as banking credentials using a variety of methods, including key-logging and form-grabbing. | c635bc66587458716a80e36b77c673a6 | 083e9842ad603aa7fb8b53eb536a8c90c90ebbf5 c635bc66587458716a80e36b77c673a6 8d6f9213c8611b2d23dbe7ad43749c20332f35926c72eb71d4b8bc125b80730f https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-j2n01 | Emotet_a0a6f712 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | a0a6f712552126a3e2f60ac7e0ea5b33 | c7fe868b1dc0f1a9a9655572d965891668f08869 a0a6f712552126a3e2f60ac7e0ea5b33 2ca9efb4e856be7af3bbaa2c22108ab30a0aa30203b5accdd2787f4d4bda0315 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-46o01 | Expiro_d78c2cb5 | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information stealer that hinders analysis with anti-debugging and anti-analysis tricks. | d78c2cb5ccfbb140d9b15f38b4b9cbdf | 156b09b6db50856d148bfaa083cd955ce7534498 d78c2cb5ccfbb140d9b15f38b4b9cbdf b0aa80111d23dd578815c935aa529f30a5f10b38e6ef799a402f7819bb077d89 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-b8c01 | Emotet_e10bf724 | Windows | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | e10bf724a7aedeb59414e2439b3cdd6f | d22e6f19ed82808841d4889c72dce85366e60c2c e10bf724a7aedeb59414e2439b3cdd6f 52f83952d33df5dea2440d6a0211c004a41b6543f64edc6b9428c2b55897d45b https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-11e01 | Vobfus_80f86ec1 | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | 80f86ec10a3e69e7474bd8d1cc1eb23e | b150d4efb6752d1bac6417c17ca6198f23fe59ac 80f86ec10a3e69e7474bd8d1cc1eb23e 2dd8cc3597a6e411b7f258c2ecb78aacd54d9cadb3807997b2b00c1a4e07e178 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-vfn01 | Autoit_84660f55 | Windows | This strike sends a malware sample known as Autoit. Autoit is a malware family leveraging the well-known AutoIT automation tool, widely used by system administrators. AutoIT exposes a rich scripting language that allows to write fully functional malicious software. This family will install itself on the system and contact a C2 server to receive additional instructions. | 84660f55bea4ba5dbc77362878148950 | 86cad449b28767287885eaae533e5a037405fb02 84660f55bea4ba5dbc77362878148950 11a4e3e12cec6041bdf9508c56a7d75a00992f59c929172eabd8725a89904970 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-bjo01 | Autoit_eed95f73 | Windows | This strike sends a malware sample known as Autoit. Autoit is a malware family leveraging the well-known AutoIT automation tool, widely used by system administrators. AutoIT exposes a rich scripting language that allows to write fully functional malicious software. This family will install itself on the system and contact a C2 server to receive additional instructions. | eed95f73e16a45a2275122a609ffe7cf | a77c5aa3fefb8018e90958a747c302d89ea48853 eed95f73e16a45a2275122a609ffe7cf 8594f3e2f19d3512830312737a9706fb8a3a92ab8d4afad9f2005c8d6c644db7 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-v6f01 | Autoit_832d6706 | Windows | This strike sends a malware sample known as Autoit. Autoit is a malware family leveraging the well-known AutoIT automation tool, widely used by system administrators. AutoIT exposes a rich scripting language that allows to write fully functional malicious software. This family will install itself on the system and contact a C2 server to receive additional instructions. | 832d67066d145b3bb9dad2628e06198e | 4818c2a4b4b19e6f762c59368352483c0bfe41c2 832d67066d145b3bb9dad2628e06198e 64c2d4517abd6081f6401ee4237132f087177b8891d9840ae9e69fdd128dc9b0 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-rad01 | Expiro_bbe929f7 | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information stealer that hinders analysis with anti-debugging and anti-analysis tricks. | bbe929f7d2dd8ab4df6176496f92686a | f54bbe755c21e6ce2d563e298694bb844d620a9a bbe929f7d2dd8ab4df6176496f92686a ffb30a4ba399b607cb0b72fc67353a75609c28f66c73d41cc5f13fecc8f400c1 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-1ws01 | shiina.mips_db63fda3 | Linux | This strike sends a malware sample known as shiina.mips. This malware sample is known as shiina.mips. It has been seen in the wild as part of the Mirai botnet campaign. The MD5 hash of this shiina. | db63fda37604893022c1f2d2c3b05d66 | 019229f77554c5c2de3718de0bc0245af31e1548 db63fda37604893022c1f2d2c3b05d66 cae93d17e29686cfef1f873ce77881a8c6546236633e4e4b505df67d550226cf https://urlhaus.abuse.ch/url/162206/ |
| M19-1vb01 | Vobfus_c5b8c9d3 | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | c5b8c9d33ddc7d79ca9757c3db64ea9f | 2c5b0a7cc1471b4a097ad067428ecf99835d2313 c5b8c9d33ddc7d79ca9757c3db64ea9f 368d741aef2ab6e41a4696f5d28dee169580dfff4cc69a5946faaec3d14925bb https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-lu101 | Autoit_058969ee | Windows | This strike sends a malware sample known as Autoit. Autoit is a malware family leveraging the well-known AutoIT automation tool, widely used by system administrators. AutoIT exposes a rich scripting language that allows to write fully functional malicious software. This family will install itself on the system and contact a C2 server to receive additional instructions. | 058969ee70cbd146c0c0b38436de9d4f | fc89e8c037c4e1e9e46fe1b1fd2322b6f93bad4e 058969ee70cbd146c0c0b38436de9d4f 977eb4729a3f3f20fdda9cc7cb4ba5e5e6066f3e9f0d05874b9978bcd6471532 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-ld101 | Autoit_cdd505ba | Windows | This strike sends a malware sample known as Autoit. Autoit is a malware family leveraging the well-known AutoIT automation tool, widely used by system administrators. AutoIT exposes a rich scripting language that allows to write fully functional malicious software. This family will install itself on the system and contact a C2 server to receive additional instructions. | cdd505bac7f98a0c239ed8c3cdcf0be4 | ab97f0ccbc7b35003fe639ce29f688334e58f146 cdd505bac7f98a0c239ed8c3cdcf0be4 15159b94f3fbf990f53b9df0a5f08b66fb1548e84d48c99a7537be84bece2062 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-4fw01 | shiina.mips_90a93007 | Linux | This strike sends a malware sample known as shiina.mips. This malware sample is known as shiina.mips. It has been seen in the wild as part of the Mirai botnet campaign. The MD5 hash of this shiina. | 90a930077d76e3df4850ff0df99a1c21 | 45e865cc54c86fc64e12270b15a4a0e7fde9f8bd 90a930077d76e3df4850ff0df99a1c21 972a78642fd6b0f104d9c13cbece515a3c6ad16eef728427b250418ca0471bdd https://urlhaus.abuse.ch/url/162206/ |
| M19-yh601 | Autoit_2f8141da | Windows | This strike sends a malware sample known as Autoit. Autoit is a malware family leveraging the well-known AutoIT automation tool, widely used by system administrators. AutoIT exposes a rich scripting language that allows to write fully functional malicious software. This family will install itself on the system and contact a C2 server to receive additional instructions. | 2f8141da68d0e1785e04a98d1a276fbf | c7c5f4dd0365d80afabb564a6d6657e3a9c5487c 2f8141da68d0e1785e04a98d1a276fbf d9e637657dacc3e665fa5abbaa30443f474a299c0fa61b801409233a62e8440d https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| M19-rgd02 | Expiro_a5f21bf2 | Windows | This strike sends a malware sample known as Expiro. Expiro is a known file infector and information stealer that hinders analysis with anti-debugging and anti-analysis tricks. | a5f21bf25bfbe5d9d39d1b1ee55f401e | 83d645f96ba05c186d9080f7f0dd0af15c625bfe a5f21bf25bfbe5d9d39d1b1ee55f401e c11d1f5a9c5056c439ddfef99150dd0a817c728c73dbcee9d80956389164b9d0 https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html |
| Strike ID | Malware | Platform | Info | MD5 | External References |
|---|---|---|---|---|---|
| M19-tm301 | Ekstak_fb91b35e | Windows | This strike sends a malware sample known as Ekstak. This malware persists with SYSTEM privileges by installing itself as a new service called "localNETService. | fb91b35ee053c210ca0c0ba5f8617bec | 21e5be61b8fc6aeca3a0a33007548343f00f8405 fb91b35ee053c210ca0c0ba5f8617bec 825b8e7b877bacf8d24afe1e1082eff72e43633b3a411104d624d0b66e3f8dce https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-te801 | Ekstak_f8056645 | Windows | This strike sends a malware sample known as Ekstak. This malware persists with SYSTEM privileges by installing itself as a new service called "localNETService. | f8056645564137fffea38db8e3fea90f | eb93b924d9cf0daf5df53eceae7ee7b56e103722 f8056645564137fffea38db8e3fea90f cc4bd522847f7673dcfdc37b7e330b470eacf5e9a47bd0f6d466267f5b152e3e https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-38c01 | Ekstak_aa713118 | Windows | This strike sends a malware sample known as Ekstak. This malware persists with SYSTEM privileges by installing itself as a new service called "localNETService. | aa713118a954b429dc5dd733c1e3872d | bbb6e0141df211583ffcde64c9704dc7dbde6bb5 aa713118a954b429dc5dd733c1e3872d 81cc82b599e1cc44fd7dde9366315886f5a1c40e7cae7f4edbbcb2dd104a69e9 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-p6d01 | Bypassuac_e9fe164a | Windows | This strike sends a malware sample known as Bypassuac. Driverpack leverages 7zip to install malware on the system in the form of an HTA file (HTML), which leverages javascript to perform malicious actions on the system. | e9fe164a1371f96ff5e198e4926738b3 | c6023099fa6c1ba400867fcd44932e77820c8fde e9fe164a1371f96ff5e198e4926738b3 791a4d46420633e62ad01fae3afe3078ec94c6714a242cee9fd6da688ff54b3d https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-ft801 | Swisyn_6ab42e75 | Windows | This strike sends a malware sample known as Swisyn. Swisyn is a loader that installs malicious software on the system, including remote access tool functionality, allowing the controller to perform any malicious action. | 6ab42e756868bd8d3431ef30b60201fd | 68239d5233873cd5feb368326c56fec3043f4a9f 6ab42e756868bd8d3431ef30b60201fd 304a99a82faf7adf1db513b596a620ccfe1efbd91179571a1d48932c64b731dd https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-dfr01 | Vbtrojan_77521ada | Windows | This strike sends a malware sample known as Vbtrojan. This is a malicious tool used to exploit Visual Basic 5. | 77521ada92cbce829ce6b1c598d103d1 | eb0123cc1a32106d19db68853869e482a83a664c 77521ada92cbce829ce6b1c598d103d1 f0c556af8fab1d03cdd7592d0dfd999233555a0e7622b54c5f2cab6fae2d95da https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-3k801 | Swisyn_cd04d668 | Windows | This strike sends a malware sample known as Swisyn. Swisyn is a loader that installs malicious software on the system, including remote access tool functionality, allowing the controller to perform any malicious action. | cd04d66857bc36fcbb237d440195c0ff | 1ed9b7ba1540e59c4e2e84fa01a170ef4cb3150f cd04d66857bc36fcbb237d440195c0ff 0de78cdba09c4eaa305b45c34d80bcec684a364ba84b0089d797186748a62c79 https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-4qg01 | Zbot_c99ac10c | Windows | This strike sends a malware sample known as Zbot. | c99ac10c39d651d3ca563bb547a57e57 | 185af0377ff71fe80b53878276a068b6354012c9 c99ac10c39d651d3ca563bb547a57e57 3f32cdf15d079fe250d8b42a5abd58d1ff3012599f8478b074dd096bb25b537f https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-9p901 | Bladabindi_7e94dafb | Windows | This strike sends a malware sample known as Bladabindi. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 7e94dafb22c81f5ddd927e197c5d8844 | ccf93f11a7314e0cd05b5ffb8c1568b4690372e4 7e94dafb22c81f5ddd927e197c5d8844 2ee7564a6f0efbeb49e5e18a9bc922c9dee4b6a9825b442eab6c24b1e5c178d8 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-ec401 | Bifrost_1562021b | Windows | This strike sends a malware sample known as Bifrost. Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. In order to mark its presence in the system, Bifrost uses a mutex that may be named "Bif1234," or "Tr0gBot. | 1562021b80eb7bb681258378bec5461b | 925a47410aa6c56acca6d39d2882d007f27a1031 1562021b80eb7bb681258378bec5461b 0040b9166f09670f4c3b16d247f4fbfae7aa5e989407dcf5237f05594c4c150e https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-nar01 | Ekstak_6da04360 | Windows | This strike sends a malware sample known as Ekstak. This malware persists with SYSTEM privileges by installing itself as a new service called "localNETService. | 6da04360b26982749d2cead78ddbdabd | 63d836ee74acf40926e43ed4ca57ee07e00b1af2 6da04360b26982749d2cead78ddbdabd c7974f414e32a93836f9e3a710251a23c4163a89cb2967bc99010c080034d9e3 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-s3a01 | Bladabindi_a6217098 | Windows | This strike sends a malware sample known as Bladabindi. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | a62170987e158be14c71796ef354ff2b | 330659ed6d63a2124419b6ff5b2cc33fd9e246ba a62170987e158be14c71796ef354ff2b 5ef1459ea87c9092b343f92cae360bdde926b0d160e46fa0202bb2575d4bb16b https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-ni201 | Ekstak_9b80901f | Windows | This strike sends a malware sample known as Ekstak. This malware persists with SYSTEM privileges by installing itself as a new service called "localNETService. | 9b80901feec6ec670e8c52abdba007f3 | 4a10e46fd42393673d3ceb8cd654cac9a6bda0ff 9b80901feec6ec670e8c52abdba007f3 a24a1a691d04ff091d2b99970d40108726c188224dc4503b1e3a7f9a22df4ebb https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-gss01 | Vbtrojan_0436e0d8 | Windows | This strike sends a malware sample known as Vbtrojan. This is a malicious tool used to exploit Visual Basic 5. | 0436e0d823a8676221ddae20723514bf | a324185c2e91105e331baf366d3c35870bc08966 0436e0d823a8676221ddae20723514bf 9ea4fceafec0c30c58c33314c97a17084681cfc0caeeec45eead64d3a94f2ba7 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-r3901 | Ekstak_3f54bd96 | Windows | This strike sends a malware sample known as Ekstak. This malware persists with SYSTEM privileges by installing itself as a new service called "localNETService. | 3f54bd968eef7952cb7d754fea24fc91 | b51f55d194c5fa4adb8d7319c2f2b6a3d52b7e13 3f54bd968eef7952cb7d754fea24fc91 5d6ce39c286eca1777a5e5bd93bd52e76ce042d0249db6ca32648611d30a5b2d https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-7yn01 | Bypassuac_ed4fe86b | Windows | This strike sends a malware sample known as Bypassuac. Driverpack leverages 7zip to install malware on the system in the form of an HTA file (HTML), which leverages javascript to perform malicious actions on the system. | ed4fe86b21a3b62aeef3305ce5bb7817 | fd08991901d296ea930bfc64ba36e879cb6dfc55 ed4fe86b21a3b62aeef3305ce5bb7817 15c72f8cc77837cccede6e5f239bad225cd4abc65630470f779e8141d5e36987 https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-lhk01 | Swisyn_4ae01a99 | Windows | This strike sends a malware sample known as Swisyn. Swisyn is a loader that installs malicious software on the system, including remote access tool functionality, allowing the controller to perform any malicious action. | 4ae01a99e5d366a9d78e9ebc8ed6be6c | 97931a8e06a1fb632d62aa3bc2828bbbf63e2018 4ae01a99e5d366a9d78e9ebc8ed6be6c 2932125cacb1c6c780b920d0fd77e70c6d15d712d752f0db8d66e78c849e0a59 https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-m0t01 | Ekstak_fa70798f | Windows | This strike sends a malware sample known as Ekstak. This malware persists with SYSTEM privileges by installing itself as a new service called "localNETService. | fa70798f1a20abb9af68f127cc8185a9 | eda47e54af03ad077a5e7d6a20d0a5aa4911a583 fa70798f1a20abb9af68f127cc8185a9 81376a8e386940982bd552e0be5fd0cbfffb9ae39bbb97280e7f6096fc4a7af1 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-uiw01 | Ekstak_4b592f59 | Windows | This strike sends a malware sample known as Ekstak. This malware persists with SYSTEM privileges by installing itself as a new service called "localNETService. | 4b592f5972456b60416d5c43660eee21 | a69365671eca1edb8c1ca29bbdb8e7ba87271ae1 4b592f5972456b60416d5c43660eee21 055f622eae00bf5cbe062b706bbf55ff4b4d9ac0ae4ac91b0552d2b32f4ccb05 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-8ah01 | Bypassuac_c8dac83e | Windows | This strike sends a malware sample known as Bypassuac. Driverpack leverages 7zip to install malware on the system in the form of an HTA file (HTML), which leverages javascript to perform malicious actions on the system. | c8dac83ef31e2e95c9d8160fdd0af7ff | 368057fda06b950597eaf0f4e5ae7adbd7672282 c8dac83ef31e2e95c9d8160fdd0af7ff 876ce89d537c1ef53ea7c8664208b93951e5a4069b09ce0a438955d70619bdc5 https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-fgs01 | Ekstak_b7f895b9 | Windows | This strike sends a malware sample known as Ekstak. This malware persists with SYSTEM privileges by installing itself as a new service called "localNETService. | b7f895b942b1599bf96696ec398ab13b | 446f3e4638d4fb441a359153f1a83b2c79fa2c3a b7f895b942b1599bf96696ec398ab13b 63806671769e485496408fd6c1c4e845ef35087c74b02fb104dc06a52b90d636 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-mz701 | Swisyn_14339470 | Windows | This strike sends a malware sample known as Swisyn. Swisyn is a loader that installs malicious software on the system, including remote access tool functionality, allowing the controller to perform any malicious action. | 143394701f3914e5083091204f81d26f | 1f61c54502d4fc5a3fad9ba2e62a075d189de137 143394701f3914e5083091204f81d26f 31aed7d12c98ef33c1a6dccbc290cf55b0fe3f17c4bd48e88c314a3a65d40dda https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-rvj01 | Swisyn_0af3e297 | Windows | This strike sends a malware sample known as Swisyn. Swisyn is a loader that installs malicious software on the system, including remote access tool functionality, allowing the controller to perform any malicious action. | 0af3e2972f51c21be1ace7d00aa7acfb | 22a847c7f8183b357be091f0cbdd11a491ac1b01 0af3e2972f51c21be1ace7d00aa7acfb 2349dcb9470d7021bc0516adf76029755958a1abb1f08ddda221585e84ac3016 https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-jfx01 | Bifrost_b2f86010 | Windows | This strike sends a malware sample known as Bifrost. Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. In order to mark its presence in the system, Bifrost uses a mutex that may be named "Bif1234," or "Tr0gBot. | b2f86010798c9239674d9236a28e8345 | 67ca47d7589aff88a0c00fdcf615248ee644f821 b2f86010798c9239674d9236a28e8345 778d3552da4d5b5d5586962b6f0d092c2f0b5c029ed514c13ad4f39847f771cb https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-qmk01 | Bypassuac_844b498c | Windows | This strike sends a malware sample known as Bypassuac. Driverpack leverages 7zip to install malware on the system in the form of an HTA file (HTML), which leverages javascript to perform malicious actions on the system. | 844b498c772910bada7de24b10ac7254 | 82cdb05b826788e7f46b2ddd9b04dc7291d8ec9f 844b498c772910bada7de24b10ac7254 ba9fee32734436ab17269197b2ec2a48ca31f7bedbade06d6e79bd450e30fc81 https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-na401 | Vbtrojan_88d57dc3 | Windows | This strike sends a malware sample known as Vbtrojan. This is a malicious tool used to exploit Visual Basic 5. | 88d57dc3304c2a8f968d7ba53d218e26 | 5c6d79f460a070b48cf2a83509c1371b2a32cb0a 88d57dc3304c2a8f968d7ba53d218e26 2d2358fa90431448800c75dce6080b7c6132fcb574a3a0ef7eff8d6d90808ec7 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-5pj01 | Swisyn_0ded6449 | Windows | This strike sends a malware sample known as Swisyn. Swisyn is a loader that installs malicious software on the system, including remote access tool functionality, allowing the controller to perform any malicious action. | 0ded6449297bbe41892c1f9268aa5f90 | 1263bf51b5282109ec0662797e3528f795e2ea99 0ded6449297bbe41892c1f9268aa5f90 18d86d6520c9a934f50f87c8236621d177f1b2b553147f981cbb04eb49d0632d https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-x9n01 | Ekstak_c64a97ad | Windows | This strike sends a malware sample known as Ekstak. This malware persists with SYSTEM privileges by installing itself as a new service called "localNETService. | c64a97ad4fde72681ece5721dc053740 | 7d0275fbb306ba59832d795fb8311ac20a270684 c64a97ad4fde72681ece5721dc053740 02aebb6edf1d2ae7df3d9adca31b397c9032b6e0844a2796e0028b17c19cf345 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-8ol01 | Swisyn_c267d517 | Windows | This strike sends a malware sample known as Swisyn. Swisyn is a loader that installs malicious software on the system, including remote access tool functionality, allowing the controller to perform any malicious action. | c267d51703865df26b393159be6b859d | 28ea4bf5801dd19f787e893335bb5dad1d21f636 c267d51703865df26b393159be6b859d 377281d2dc1d2ac4fa6d625c2548b5d99f2836d587c3da0810a6d7a6a3f91f10 https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-lmb01 | Bypassuac_505f5354 | Windows | This strike sends a malware sample known as Bypassuac. Driverpack leverages 7zip to install malware on the system in the form of an HTA file (HTML), which leverages javascript to perform malicious actions on the system. | 505f5354c2cd38ac83727101939110d7 | 09ff0d7308459b023209bf50b45080e9c9cc3d66 505f5354c2cd38ac83727101939110d7 5a3224c6a47f10ed893e44a22e52cf41713fd284966675d59d8ca38f926313d1 https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-nhy01 | Emotet_98259ace | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 98259ace6041367e381f80595ee889bf | fbf1b9d67debaa2cf74c068fca040128ce65f46b 98259ace6041367e381f80595ee889bf 3a162a09d1f8a4ee0248d72a60ff0ddbc2cef8084c3d2aed1cfb73192f628d42 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-cez01 | Emotet_21c4dbec | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 21c4dbec7be9bd2048c732c3698cb1dc | 6e50f5f7258e2433caca2a5c7c685a321ecdd426 21c4dbec7be9bd2048c732c3698cb1dc 949bd24349829221977de531f8a1dc80d401bf5e0a8fc69a1b386261b474ee43 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-hvw01 | Swisyn_62186458 | Windows | This strike sends a malware sample known as Swisyn. Swisyn is a loader that installs malicious software on the system, including remote access tool functionality, allowing the controller to perform any malicious action. | 621864587f173f7b793619858aa01792 | 171d1d0a0677292f2d02158176529c332d805cd1 621864587f173f7b793619858aa01792 00c57f8196927287304a24ed0fa46bb3a0d4baacf3d038c8624f694f4a5ecd7b https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-3xz01 | Swisyn_26814b85 | Windows | This strike sends a malware sample known as Swisyn. Swisyn is a loader that installs malicious software on the system, including remote access tool functionality, allowing the controller to perform any malicious action. | 26814b8584f3ad5b8f95db0ac3b5c02c | 626393ab48cf76b786670da4962221e4a4c50d69 26814b8584f3ad5b8f95db0ac3b5c02c 38d7368e001a9e7f5fb08b02bf014577ce4705b0b3498ad564192c05dcbf9684 https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-xtt01 | Swisyn_ef9bc842 | Windows | This strike sends a malware sample known as Swisyn. Swisyn is a loader that installs malicious software on the system, including remote access tool functionality, allowing the controller to perform any malicious action. | ef9bc842cd03472b873b6671041dc710 | cf470015b5a29d7289c8e5f350d32c04813d308e ef9bc842cd03472b873b6671041dc710 1edc0bd44c9532ab3a94f7e61803f84108afbf85bf71d6a7885aee11ec128105 https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-iw801 | Emotet_b4fbc189 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | b4fbc18993838aa76943f99f7cf1c3f4 | dceb9fb43605d0687a6b11f220cc7057621d8d15 b4fbc18993838aa76943f99f7cf1c3f4 6055cf5b67690819f88a3a96685386afd8819377dd31454fab559809fc9ef6eb https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-0pa01 | Emotet_07c8ef98 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 07c8ef981ce95eea3c17df1e6c28c16c | f53f33da0bbe0e89e8aacae1ca736f2ba33b82ce 07c8ef981ce95eea3c17df1e6c28c16c db0478556a516ed5d8508f165251efd10fd3e68c84fda7d720730f6409af61b8 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-b1t01 | Ekstak_5c5ff111 | Windows | This strike sends a malware sample known as Ekstak. This malware persists with SYSTEM privileges by installing itself as a new service called "localNETService. | 5c5ff111ea4e9a3c6d478ba6abbb6c7c | b08f8abe780abaac5862f3f75dd320140db96819 5c5ff111ea4e9a3c6d478ba6abbb6c7c b5cb0d3df17907248b6d84a57279b26fa39c123c4a240b1507ae7b8233f2ec0d https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-mcc01 | Bypassuac_94f2cd75 | Windows | This strike sends a malware sample known as Bypassuac. Driverpack leverages 7zip to install malware on the system in the form of an HTA file (HTML), which leverages javascript to perform malicious actions on the system. | 94f2cd75d63c4579cfce8fa1b4918a05 | 38783407772c58d434c640516ba40f84fce1f5fa 94f2cd75d63c4579cfce8fa1b4918a05 3c389aec59d31f2801ac82ee5eb1c31f1ece8abbfad2e3010e5cbbbb9d51109c https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-t9501 | Swisyn_7649de1a | Windows | This strike sends a malware sample known as Swisyn. Swisyn is a loader that installs malicious software on the system, including remote access tool functionality, allowing the controller to perform any malicious action. | 7649de1a68e665faaf82b19139cb53ee | d39ef5e6ad86fac2dac5517a04aa098c01e66575 7649de1a68e665faaf82b19139cb53ee 06bcf9f07be68b12278e4bf3310fe363bf2fef278cdda49241639ededbc6db8d https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-knf01 | Bladabindi_b85f94d7 | Windows | This strike sends a malware sample known as Bladabindi. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | b85f94d7cc8aad6c10201683b978a63b | e6133d6673825712c0a8690037f27aa6d78494f2 b85f94d7cc8aad6c10201683b978a63b 23be58294c82887a32eddf964f9aa636092ab0199bbeebbc01027dac24ac741d https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-kjh01 | Zbot_23d5eaa5 | Windows | This strike sends a malware sample known as Zbot. | 23d5eaa53756452143640e5ac1834f7c | a55cf3a7e9c0569d5310db6d4a50d02380bf797d 23d5eaa53756452143640e5ac1834f7c 5827e6c1a8a5ca100482c127b7c0402788ca4d870057eed2af089bc9d858bfb2 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-wo701 | Ekstak_be26ae4f | Windows | This strike sends a malware sample known as Ekstak. This malware persists with SYSTEM privileges by installing itself as a new service called "localNETService. | be26ae4f1a89935d7d99a0b34e8415d4 | 477bee3c1d8ccd5693c4d6941f37b9c5b20ef885 be26ae4f1a89935d7d99a0b34e8415d4 d98eb303771aed9508601074db1e05dedeb028d1c09aa7313b0b15eff40f7eb7 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-jgg01 | Bifrost_467566d2 | Windows | This strike sends a malware sample known as Bifrost. Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. In order to mark its presence in the system, Bifrost uses a mutex that may be named "Bif1234," or "Tr0gBot. | 467566d2acf1d87ce7dbe6171da16e1f | 33c464f99f771844becb9b007885ea84bc65cded 467566d2acf1d87ce7dbe6171da16e1f 914a3fb08cce05e93bfd8b2e41a8202341d8b7857f73b692190477a2bd0a1797 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-gai01 | Bifrost_934781f3 | Windows | This strike sends a malware sample known as Bifrost. Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. In order to mark its presence in the system, Bifrost uses a mutex that may be named "Bif1234," or "Tr0gBot. | 934781f35c2f438a16900784ec1d6510 | d0c644771a367314ab36c15b536b361273bc5b21 934781f35c2f438a16900784ec1d6510 5e62499136f6391316d72edb7924744f2bc289776308c89a4b3a1a0d3ae081c1 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-u1j01 | Bifrost_01a65918 | Windows | This strike sends a malware sample known as Bifrost. Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. In order to mark its presence in the system, Bifrost uses a mutex that may be named "Bif1234," or "Tr0gBot. | 01a659186dddd01417af48e77255b4ee | b471bdb92d93907be49e9ca8259d294fb9b369f3 01a659186dddd01417af48e77255b4ee 0082f04583eabadaa51f3f4a91c82d363eef5f553973765aacc58462c9b83525 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-qdh01 | Swisyn_5904ad35 | Windows | This strike sends a malware sample known as Swisyn. Swisyn is a loader that installs malicious software on the system, including remote access tool functionality, allowing the controller to perform any malicious action. | 5904ad35cec7c936daffd03b2dbbdea4 | e9f174b43b16d233bd51e8a50db740e023794bdf 5904ad35cec7c936daffd03b2dbbdea4 0c768e1a537daacfa5bb48d96266e0f915c5890a41bf22bef1953e786cc3288e https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-s1201 | Bypassuac_bdeca02d | Windows | This strike sends a malware sample known as Bypassuac. Driverpack leverages 7zip to install malware on the system in the form of an HTA file (HTML), which leverages javascript to perform malicious actions on the system. | bdeca02da68913838bb0b12c2459a323 | 9905ecfa2195ffc4d9e8b02311d992ca948741b0 bdeca02da68913838bb0b12c2459a323 7ab57ad3e74391934dcc5b47e2953a2061722c86bba878534a43fdc59dc84b3d https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-jbe01 | Swisyn_ea76bb19 | Windows | This strike sends a malware sample known as Swisyn. Swisyn is a loader that installs malicious software on the system, including remote access tool functionality, allowing the controller to perform any malicious action. | ea76bb199e9d151afebe563c52f6112e | 96998f2bda4ef642cec275dfd3ade7ad05bd5298 ea76bb199e9d151afebe563c52f6112e 26dd985057a470b7b2f90e3c9172df1b951f9e799ace94612a98103dcab3c5fe https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-7h001 | Vbtrojan_d1cede5d | Windows | This strike sends a malware sample known as Vbtrojan. This is a malicious tool used to exploit Visual Basic 5. | d1cede5dd03be291c34c0f56c07a4f41 | 727a8e8680d2e56cefa804c720156a58213933ec d1cede5dd03be291c34c0f56c07a4f41 7da38b9e6dbe8e58d688fe1488505275d54749bf063cf35cba4b151f0bfab0c7 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-hni01 | Bifrost_1d4383ce | Windows | This strike sends a malware sample known as Bifrost. Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. In order to mark its presence in the system, Bifrost uses a mutex that may be named "Bif1234," or "Tr0gBot. | 1d4383ce5b8b3e5ef41008dc1828e6af | 5eba0c2cc588efd7384327e05dfe994c9128392e 1d4383ce5b8b3e5ef41008dc1828e6af 77b9574204c60ee0eb588ae3afbdf14912634fce0aefca81ffd0822c48f3468d https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-dmg01 | Vbtrojan_44de1243 | Windows | This strike sends a malware sample known as Vbtrojan. This is a malicious tool used to exploit Visual Basic 5. | 44de124322b1584c616e11c38e27ea86 | 82de35916d36541df655a122d917b525360290d7 44de124322b1584c616e11c38e27ea86 4113c20eefdb7e002a631e2216e26b80c654f3e77f80908049176ccc7c105db3 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-s0p01 | Bladabindi_cdeb528a | Windows | This strike sends a malware sample known as Bladabindi. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | cdeb528a9a165dbc3c7b9fba70d9447d | 2cfe4d593eeb9cfade91da18ee1470b09d1ac4df cdeb528a9a165dbc3c7b9fba70d9447d 3e6dc73e416087dff822e7b1155dacd150f8f55e522a0ea2c669ffb070b7349b https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-ttu01 | Bypassuac_bca0962b | Windows | This strike sends a malware sample known as Bypassuac. Driverpack leverages 7zip to install malware on the system in the form of an HTA file (HTML), which leverages javascript to perform malicious actions on the system. | bca0962b38a589a0f7f3665e98041207 | 546eb6283cb664d04ac403c96fdbfae24d0729fe bca0962b38a589a0f7f3665e98041207 a93958ecd999fb16047e16c18412efa04cbf4bb2bd4fed0cda18dee4e244b8b3 https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-08n01 | Bypassuac_dcf2b179 | Windows | This strike sends a malware sample known as Bypassuac. Driverpack leverages 7zip to install malware on the system in the form of an HTA file (HTML), which leverages javascript to perform malicious actions on the system. | dcf2b179813b156c9ed70b6cc7c1a183 | 200253906581a466330ca9a843845c814c18e5a8 dcf2b179813b156c9ed70b6cc7c1a183 91b0f5e2ba392fae46a6ee0b19d7f54ae507619e698cab005ae69168af8b1015 https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-17701 | Zbot_4041ef67 | Windows | This strike sends a malware sample known as Zbot. | 4041ef677e0818d454fad5b3537b0918 | f3300f500877a10cc9a315bda65c3fcdfc39c503 4041ef677e0818d454fad5b3537b0918 21a58e23e14143301c847d9f6151d024a8f38db8922e2797b2548a9b1e6b9b47 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-uxx01 | Ekstak_6a86f5a5 | Windows | This strike sends a malware sample known as Ekstak. This malware persists with SYSTEM privileges by installing itself as a new service called "localNETService. | 6a86f5a59e28133daeb5f7e368bd2a12 | 764eedb3cb798c697a21f257bd0faeceb0edb390 6a86f5a59e28133daeb5f7e368bd2a12 a295919ff4794ccccaf3750a5540476e6868766512d13db1a859bb64b4af59db https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-ft101 | Ekstak_af40d8b1 | Windows | This strike sends a malware sample known as Ekstak. This malware persists with SYSTEM privileges by installing itself as a new service called "localNETService. | af40d8b1769381b2961537a5e255db2c | e718f1a89b89d42b6c09a2e18e80d2ddaca4d7da af40d8b1769381b2961537a5e255db2c c48fbacb48492d59dac5fd7d2e9d8474e7282ca84d2605b23794e49f15229693 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-rnl01 | Bypassuac_a872bb03 | Windows | This strike sends a malware sample known as Bypassuac. Driverpack leverages 7zip to install malware on the system in the form of an HTA file (HTML), which leverages javascript to perform malicious actions on the system. | a872bb03cd8bd89a5c6b22da1e685d7f | 66f3efb391360f18f5fa67a18f3656a3abb1a7e8 a872bb03cd8bd89a5c6b22da1e685d7f 019df18c50002faa5704c94a01896f745677cdc643adc48ae9257031c539f7a6 https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-aj701 | Bifrost_af779d90 | Windows | This strike sends a malware sample known as Bifrost. Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. In order to mark its presence in the system, Bifrost uses a mutex that may be named "Bif1234," or "Tr0gBot. | af779d90a1a6f3c50297de1f23f61049 | 32bbeb80927b1e5bab2254490a9eeb2064026922 af779d90a1a6f3c50297de1f23f61049 2bbd0c136832d5e091ecae568a017e04ab6f3757e5e1a376c4700a4117e1b94e https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-npv01 | Emotet_8027e4e6 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 8027e4e6c39418bb13fb25139fc8ee8b | 8562400dd94854740c5df669c2b441eec4ce5397 8027e4e6c39418bb13fb25139fc8ee8b bd1f913c5ceaf2042070666fba37fa0a8108f1e82ac19e516a7f74e9d5da5ea8 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-2ey01 | Emotet_009a7592 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 009a75923996ba6e344f5fdad49860eb | 88928407c2bbb58fa5178588e652d745af5ad68a 009a75923996ba6e344f5fdad49860eb e881930c362396744a2338740d28ac26377cf19c33b460cdac987fcb1255f804 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-kar01 | Vbtrojan_025e595b | Windows | This strike sends a malware sample known as Vbtrojan. This is a malicious tool used to exploit Visual Basic 5. | 025e595be7d9b473231e12eaecd9d684 | 595f6fb08b8b2b0ef82b2fe5c7ee34288a5bb740 025e595be7d9b473231e12eaecd9d684 a82ae00d8c84291c08a8edf86a8ca60bdca351ad94dd06135414636312b64809 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-rrx01 | Bypassuac_2c1b3db4 | Windows | This strike sends a malware sample known as Bypassuac. Driverpack leverages 7zip to install malware on the system in the form of an HTA file (HTML), which leverages javascript to perform malicious actions on the system. | 2c1b3db4d3a5de704580a23967af9e82 | ad7e635d5d710f501c1a65ff5e33e9d013bbb6b4 2c1b3db4d3a5de704580a23967af9e82 1e8caa9a82f5170227c8ddfbb8c8dda8a89e1d0ca4a8ce517b7214a30ceb5b75 https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-sh901 | Zbot_1e370a8f | Windows | This strike sends a malware sample known as Zbot. | 1e370a8f5e27db22c7bf8b3344b1f5a2 | 951658f04a80f6b4f0b4fdcb10b12538f9aad3c1 1e370a8f5e27db22c7bf8b3344b1f5a2 abc68f3b8db8e6a50c56605c2f7fb153717a7c7f96a905b527059182fbdb8688 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-uw301 | Zbot_347ac8c8 | Windows | This strike sends a malware sample known as Zbot. | 347ac8c8a4bc99807aec1d8a4c7fcfb3 | 4e20e2e07dbbeb529643a9ed6474ee2481e1931d 347ac8c8a4bc99807aec1d8a4c7fcfb3 5c46b61ca41c03433e5ab3f156116e312cda1b50079189af82f1df8721e3a73b https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-e3g01 | Bifrost_47fedae4 | Windows | This strike sends a malware sample known as Bifrost. Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. In order to mark its presence in the system, Bifrost uses a mutex that may be named "Bif1234," or "Tr0gBot. | 47fedae4e974759dfe26f1f32eaa62c4 | 5be679e8b15ca779ca42856a12ada321b8c3305f 47fedae4e974759dfe26f1f32eaa62c4 6e5a78dc6bc5435005e4b5134d41d2469d76101e561e84dc23ce8bbf80e937d5 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-ptn01 | Bifrost_2c2f5b72 | Windows | This strike sends a malware sample known as Bifrost. Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. In order to mark its presence in the system, Bifrost uses a mutex that may be named "Bif1234," or "Tr0gBot. | 2c2f5b7252b16494958aa18e045c002d | b64df6da10832dd72bcff06d7778bf36a259808b 2c2f5b7252b16494958aa18e045c002d 875b76f081746c6299421dad1963ff5f212b43b0bb6217fe6681465e06a5d2b8 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-kuz01 | Vbtrojan_2ea38745 | Windows | This strike sends a malware sample known as Vbtrojan. This is a malicious tool used to exploit Visual Basic 5. | 2ea38745acf623c73ab12a8efb7c3619 | 13e1ec11ae161ea301a3f4b5d0f360f828cccd28 2ea38745acf623c73ab12a8efb7c3619 dae4d4b71a86a15defa8f63fe3ef28e11436069d6869092b3b23fd0f95f465dd https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-p0501 | Bypassuac_485fbd27 | Windows | This strike sends a malware sample known as Bypassuac. Driverpack leverages 7zip to install malware on the system in the form of an HTA file (HTML), which leverages javascript to perform malicious actions on the system. | 485fbd27e8b5cd510f419a1a3fb29887 | b32f901ca7460a54308141dc913c374d99d99e59 485fbd27e8b5cd510f419a1a3fb29887 79e11a42cbabf436cab208e2bcf8026f8cd3a8cf6a37179b18248db3de5ee5ec https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-za301 | Swisyn_db6d9440 | Windows | This strike sends a malware sample known as Swisyn. Swisyn is a loader that installs malicious software on the system, including remote access tool functionality, allowing the controller to perform any malicious action. | db6d9440eb105a6451db96919f3db7bb | 1c84a8e045915e0be78a423486ef075a0f3a9a87 db6d9440eb105a6451db96919f3db7bb 3066c0a0cf18ffab76c9cf568201859dea7338e92eed466841f78325bfe13904 https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-lam01 | Ekstak_59d8e4d1 | Windows | This strike sends a malware sample known as Ekstak. This malware persists with SYSTEM privileges by installing itself as a new service called "localNETService. | 59d8e4d155b337a81d8a28a9a9ca23a2 | d33ef994e290a696fc0c372a5d95286d3adec90e 59d8e4d155b337a81d8a28a9a9ca23a2 6073475e3a8bd7eba6a13f771a51245c929e49e40afe97c0eccf3887df18826d https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-8mh01 | Bifrost_c3b22f7b | Windows | This strike sends a malware sample known as Bifrost. Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. In order to mark its presence in the system, Bifrost uses a mutex that may be named "Bif1234," or "Tr0gBot. | c3b22f7b340b0e796caf62e7301f7556 | 9a783905cd9c2b9fa51268eed7dee66b198159d5 c3b22f7b340b0e796caf62e7301f7556 82858882f23741cd930cff314994761b135b06d8d04cc8be09fa54567dcb94f8 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-1iw01 | Bifrost_e322d287 | Windows | This strike sends a malware sample known as Bifrost. Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. In order to mark its presence in the system, Bifrost uses a mutex that may be named "Bif1234," or "Tr0gBot. | e322d28776d8405c9a30231d2eadfd57 | 80612fac60318be6ef1662c7f10e611775df4022 e322d28776d8405c9a30231d2eadfd57 0ea44f69cdee613bd907dc2e4c97fc942d2f4807f28f69914514d1737709f223 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-88h01 | Swisyn_6f5af29b | Windows | This strike sends a malware sample known as Swisyn. Swisyn is a loader that installs malicious software on the system, including remote access tool functionality, allowing the controller to perform any malicious action. | 6f5af29b179b06201ae832c9bfbad67b | 8d76c6ab35bd9dbd01f5cd4a1b125b1d23695844 6f5af29b179b06201ae832c9bfbad67b 3692dc820821cb35f58a3d52b7365710a03eec44cd97e27e15a8f61847d55683 https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-aoq01 | Zbot_720c68eb | Windows | This strike sends a malware sample known as Zbot. | 720c68eb06ee1c9b5388f39ec5c846e5 | 903a5d52b4e16773183f74397fc71ee6aa9831f7 720c68eb06ee1c9b5388f39ec5c846e5 2531e7bbc454b8b643c5f21fbd7ed88c71aed73dc3a4fcf20815092eefeefbe7 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-tc601 | Bladabindi_bb323e04 | Windows | This strike sends a malware sample known as Bladabindi. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | bb323e04e089c4acefdd5ced7376d791 | 21e076ee906746c6c8f84b8972c89524e64c4c34 bb323e04e089c4acefdd5ced7376d791 673f48756e3692c5bb50c1e4b73973eace36e1b4e1f23925864d570508efd1ab https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-gn601 | Zbot_c3deb089 | Windows | This strike sends a malware sample known as Zbot. | c3deb089bd55824bd5157ce5f8296643 | ed11024dc9382b6b7d93e4a5f059ca5c35257a14 c3deb089bd55824bd5157ce5f8296643 2c8c8e0b5b378425b6a5d2ccff3e2274230734ffe419970a49c87c26d8d41047 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-c7901 | Bypassuac_c4129314 | Windows | This strike sends a malware sample known as Bypassuac. Driverpack leverages 7zip to install malware on the system in the form of an HTA file (HTML), which leverages javascript to perform malicious actions on the system. | c41293149cfa59e03addd956e2b21702 | 1e69243d0baf5d20621bd1dcca892eb85851d6f3 c41293149cfa59e03addd956e2b21702 7fc66452efaccea5892fb62ab8c98c543d6ee2bd4b8f3d90a315cb569b3fa176 https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-xyj01 | Bypassuac_d0ad1089 | Windows | This strike sends a malware sample known as Bypassuac. Driverpack leverages 7zip to install malware on the system in the form of an HTA file (HTML), which leverages javascript to perform malicious actions on the system. | d0ad10898bc75fcdcbefe95e2f7d9515 | 1de48262bb02acbabfe9ea4f937660c8de9b5988 d0ad10898bc75fcdcbefe95e2f7d9515 ab06d9f7f47870915f54101acbce0eb3d75995775c661a4d4547deb87d0d2661 https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-p8r01 | Emotet_26de84ff | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 26de84ff1e9c543aad66fda35796b914 | 59ea147c3c9b3c3386697543e1b3cbe0540eb349 26de84ff1e9c543aad66fda35796b914 9fa9d852c7f7a94a022347e7bf2325d41032163fb7ec61d362bfeb94a0ed9ee8 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-yl001 | Bypassuac_271af458 | Windows | This strike sends a malware sample known as Bypassuac. Driverpack leverages 7zip to install malware on the system in the form of an HTA file (HTML), which leverages javascript to perform malicious actions on the system. | 271af4589d175f1725724d948a63e840 | 13e3b7c21749170150eb91b7cb170f410a6bc393 271af4589d175f1725724d948a63e840 0eff6bd81b1bdc44924a5e662c3902c66b97a2542016574ace670edb135f7bc5 https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-knm01 | Emotet_eb7f23cd | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | eb7f23cdd817fb3d9b11c95916ceec6d | 4b222fa65ff166040bcc031a0bb0577d6b926e6f eb7f23cdd817fb3d9b11c95916ceec6d 26bda8a7e04a3b4ba47ff57f776cb65b0ed11870bc5fa65b33353c53ab718566 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-xau01 | Zbot_fe6fdf26 | Windows | This strike sends a malware sample known as Zbot. | fe6fdf26ab73107b954e675d362371b5 | c6e7bd1110e8e97e77ab460e7c8ec27a722aa3b9 fe6fdf26ab73107b954e675d362371b5 9f3129449f2ece4a84ddef0b071d9721945db8fa93bb06ac6bdb3b7f0388c35c https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-dol01 | Bypassuac_4c1e6327 | Windows | This strike sends a malware sample known as Bypassuac. Driverpack leverages 7zip to install malware on the system in the form of an HTA file (HTML), which leverages javascript to perform malicious actions on the system. | 4c1e6327844fab654f0427e23fe8985c | dc19248becdafad99d0771cc2f09e2cb2a37a3b2 4c1e6327844fab654f0427e23fe8985c 7bf1388b2c1d681687c57b55e60bfe32dae62f2c2f97a90e4c9c7385742f2a70 https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-u2a01 | Bifrost_99576454 | Windows | This strike sends a malware sample known as Bifrost. Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. In order to mark its presence in the system, Bifrost uses a mutex that may be named "Bif1234," or "Tr0gBot. | 99576454cd59af4933c4f47e5ca8b596 | 4575f29f67c7e77c76bb4a2ba10d633bbc3c38dc 99576454cd59af4933c4f47e5ca8b596 50eba44b2ee65fc0c95539b3197a10ccafca91df34717b0f48f60553f6d694ee https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-3ed01 | Vbtrojan_55622497 | Windows | This strike sends a malware sample known as Vbtrojan. This is a malicious tool used to exploit Visual Basic 5. | 5562249793f95cf0a82f18af955f664e | 0da8b9f8e433147a7b67b523072f404b82832481 5562249793f95cf0a82f18af955f664e 707c28b3f66d708609d8f31b506dade16aad80b157582abbcb90aa1352513160 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-y8001 | Bypassuac_ccf77a46 | Windows | This strike sends a malware sample known as Bypassuac. Driverpack leverages 7zip to install malware on the system in the form of an HTA file (HTML), which leverages javascript to perform malicious actions on the system. | ccf77a464e1a8a36f4614e95dc6b91ef | 69dbba6c81d00121343d6c94e2f5920ede7a1c03 ccf77a464e1a8a36f4614e95dc6b91ef 6b42155af6114d7098e4078fcf3e39543c9c9f1fd19d8151812bfb3da9a9fb16 https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-f3p01 | Ekstak_4524ed6e | Windows | This strike sends a malware sample known as Ekstak. This malware persists with SYSTEM privileges by installing itself as a new service called "localNETService. | 4524ed6e1f70b2196771e37038c79e47 | 202702ddea11a63944441f19a81b6819861fee58 4524ed6e1f70b2196771e37038c79e47 6f0702d5a7a8a07c0f27da9850c0953634577bbfef272016d26795c40b1e95c7 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-27e01 | Ekstak_2733fd6f | Windows | This strike sends a malware sample known as Ekstak. This malware persists with SYSTEM privileges by installing itself as a new service called "localNETService. | 2733fd6f527472e92acc336a4ab4a676 | 0d0e661a1602f559a65d6d67ee45757dded11f74 2733fd6f527472e92acc336a4ab4a676 3bd06213aae4214b81d1dd83d8d456a593122584708b86980e02f3f2e0472710 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-7ho01 | Emotet_c767f274 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | c767f274120c090afe5f1d3946f4073c | e8d15be3b5a90d3d7ee1c1eeba60d1854bff2fa0 c767f274120c090afe5f1d3946f4073c ba0b908255f68bff48e58cc7d2ac0caa55e369b7a282fce5b9d58ae1df34b681 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-vbk01 | Vbtrojan_1f024361 | Windows | This strike sends a malware sample known as Vbtrojan. This is a malicious tool used to exploit Visual Basic 5. | 1f0243611576a56826a99d27ccb46f5d | 410150db844d972ac1748814cb78a0df7287b6be 1f0243611576a56826a99d27ccb46f5d 7b670e0cfa7367552b892ff42a79c2a79f80d91511f6a34f01dc1250ffe2a538 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-cic01 | Emotet_6e885f26 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 6e885f26afce20687b1bb8e268728796 | 7e5d320dfe8becfae63b8132f0802808ffd63605 6e885f26afce20687b1bb8e268728796 415eda47173d571207d420861a66ea7419cea30d59a901f716354c8167c8373b https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-xsd01 | Vbtrojan_eaa460cf | Windows | This strike sends a malware sample known as Vbtrojan. This is a malicious tool used to exploit Visual Basic 5. | eaa460cfdf9bfe9376e3b100ecd1c756 | f8d5e16b6ab3d08c51919b4741bc4134d9be0a84 eaa460cfdf9bfe9376e3b100ecd1c756 e698f2b3d4b2d0b9544592ae05270bedfdedbdd01d356cb6bab740791f5b0263 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-y4d01 | Emotet_c708f4f7 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | c708f4f76d868253a45739b529804be2 | 1930e953a4133ec288efcce0a15ab8768f344a3b c708f4f76d868253a45739b529804be2 d523914940ef79338eeba96e8befae59574d1552f13ddff5c41500bf43d9192d https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-rm701 | Bladabindi_604abf23 | Windows | This strike sends a malware sample known as Bladabindi. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 604abf23f915ec76d83c75c47db78a16 | 3beca97399cc0705ec2bea46005f61e1d3b1682d 604abf23f915ec76d83c75c47db78a16 17dc39add1ec5e7823521ef2b19f5a38525a20fd8af022f3f984b9b2c52fabcd https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-dzj01 | Ekstak_d231cf05 | Windows | This strike sends a malware sample known as Ekstak. This malware persists with SYSTEM privileges by installing itself as a new service called "localNETService. | d231cf0578fb3027e0aee31b0385e6a5 | b535c8f17dff45144d5761c1aeb7874d48f8ee91 d231cf0578fb3027e0aee31b0385e6a5 9fbe12ce5275b09a48bd1efdd6208b7ffae37878febf82fd1805db49212578e1 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-uzf01 | Bifrost_2fadab53 | Windows | This strike sends a malware sample known as Bifrost. Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. In order to mark its presence in the system, Bifrost uses a mutex that may be named "Bif1234," or "Tr0gBot. | 2fadab538a9808bed42d515aec64947f | d27a2646eb1403d0f6ca0c84e1449dc1d003c7d5 2fadab538a9808bed42d515aec64947f 1eb3fb26576b32630aaf3f1ae2b81140e083639608a5ff4b695ee7805a70a87a https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-5sz01 | Vbtrojan_2722835b | Windows | This strike sends a malware sample known as Vbtrojan. This is a malicious tool used to exploit Visual Basic 5. | 2722835b85a908d658d210a5ed9c350d | 7681f4345b18ee80a0275ceb174702f2f3d82857 2722835b85a908d658d210a5ed9c350d 38eb2684819f7ae15b5b66bfabf0a123ff7af22dca1f014d52e8de8f88011cc6 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-7dt01 | Bifrost_dfbb3980 | Windows | This strike sends a malware sample known as Bifrost. Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. In order to mark its presence in the system, Bifrost uses a mutex that may be named "Bif1234," or "Tr0gBot. | dfbb39800389da6ac5cc67f865ba9fd0 | 5ca5f1f2c604296c2b1780e5c4e9aab0983dc627 dfbb39800389da6ac5cc67f865ba9fd0 837301f97cdc69d729ab753bf6f284a988c0ff6793fe89924e3f360f467d0fba https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-kva01 | Ekstak_1fd047f9 | Windows | This strike sends a malware sample known as Ekstak. This malware persists with SYSTEM privileges by installing itself as a new service called "localNETService. | 1fd047f975ccb264d1fe0af0fb3c0019 | 154e731322abe55694f8e63ed24887a218e27cbc 1fd047f975ccb264d1fe0af0fb3c0019 b52449f5249e1937b6130149f59e6771605a0e64635d151ce8e2f5819c99d93c https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-c7d01 | Bypassuac_744ba369 | Windows | This strike sends a malware sample known as Bypassuac. Driverpack leverages 7zip to install malware on the system in the form of an HTA file (HTML), which leverages javascript to perform malicious actions on the system. | 744ba3698a7ade4b5c93a3f6454d60e4 | bb8b403f78b51077ee38a25a4a4719f23fe8c081 744ba3698a7ade4b5c93a3f6454d60e4 be96c668c75e1f119ef9ec9e7ead125f92171186f4d7dab78b96cf68afdea206 https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-azd01 | Zbot_e225fc5c | Windows | This strike sends a malware sample known as Zbot. | e225fc5cfc33a01b1b9e57b37c5a6727 | 34efcf22d4e5fd04bc0db2c1bfe470c51944fa47 e225fc5cfc33a01b1b9e57b37c5a6727 739b9fec48a683f39fd924a24eaa0dcde0207cac1bcad4463223ff731f007ad3 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-8r201 | Zbot_f3ee8b73 | Windows | This strike sends a malware sample known as Zbot. | f3ee8b7360f2133fd336dc6f24aa2d99 | 6e3b213317f301e7324caea51f9a1b12297c51ab f3ee8b7360f2133fd336dc6f24aa2d99 bde83f62cdf8f9565146e44b2796c35368f81b9a38fed73670879cff44bc2956 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-y2y01 | Ekstak_c0938a3a | Windows | This strike sends a malware sample known as Ekstak. This malware persists with SYSTEM privileges by installing itself as a new service called "localNETService. | c0938a3a8621bd0731a64525f9fdd6a6 | a6ad6a456abb0701b6e9b48105b8ca5d24efa36c c0938a3a8621bd0731a64525f9fdd6a6 7372e040d1d26c864f261ac7df8c7a509594c3efce26e03c3e14389e55c526bf https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-sif01 | Bladabindi_3a0d821b | Windows | This strike sends a malware sample known as Bladabindi. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 3a0d821bea67a031d2ee2075d57246bb | 053a9f778da676bc06cf3f2e4e5e149c1b48302d 3a0d821bea67a031d2ee2075d57246bb fbe3e1d761cc96909caa72abc3443dd15236adb17091abdac00fde2044554496 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-wi001 | Swisyn_8d6959be | Windows | This strike sends a malware sample known as Swisyn. Swisyn is a loader that installs malicious software on the system, including remote access tool functionality, allowing the controller to perform any malicious action. | 8d6959be641be93bf3e55bb4c63903cd | 8fa112dc0e0681cc25c728b9a4c691f778346a02 8d6959be641be93bf3e55bb4c63903cd 0dc13444c42147f30aa664d5a2abe3cc06ea059f61e82ba96a5a68e2fa9bd7fa https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-uhi01 | Bifrost_80ba7b08 | Windows | This strike sends a malware sample known as Bifrost. Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. In order to mark its presence in the system, Bifrost uses a mutex that may be named "Bif1234," or "Tr0gBot. | 80ba7b08152173539d9e11305aefabf9 | d59c2e9fa1d629b9099b350ea988820b2c01429f 80ba7b08152173539d9e11305aefabf9 4cfa43c370fc0a19826f19f48f60a3abba75ee4811c6df4d0313d0f0c3274f58 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-2dk01 | Ekstak_d764cbcf | Windows | This strike sends a malware sample known as Ekstak. This malware persists with SYSTEM privileges by installing itself as a new service called "localNETService. | d764cbcf013036430bfcfa000db3df70 | 4c328af2841618891584b037a9d0335d1a64ddc2 d764cbcf013036430bfcfa000db3df70 b4ac2fb4da484e90e08e20db2270de2f15d6684e614d239abe2586896076a7f1 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-5wj01 | Bifrost_270c8630 | Windows | This strike sends a malware sample known as Bifrost. Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. In order to mark its presence in the system, Bifrost uses a mutex that may be named "Bif1234," or "Tr0gBot. | 270c8630a8c48dd18c6fa1a545aad5e0 | 0dede4b1259a2eb74c394ec2ea07f16be02b6417 270c8630a8c48dd18c6fa1a545aad5e0 4cf558585a8bef563e37238f9459092c627538e2fadb99ac1dbe9f22b63eb346 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-l8k01 | Ekstak_62351af1 | Windows | This strike sends a malware sample known as Ekstak. This malware persists with SYSTEM privileges by installing itself as a new service called "localNETService. | 62351af1689c8962df7127fda0abcd12 | 1d940ba4fe30f828bccb04edba77b46bfaf379d7 62351af1689c8962df7127fda0abcd12 b9b0fea1d1dbc027dd27c1b4d07d5411a35cc60d43ed137d00a958a34292f4bb https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-gna01 | Bypassuac_dd690b9e | Windows | This strike sends a malware sample known as Bypassuac. Driverpack leverages 7zip to install malware on the system in the form of an HTA file (HTML), which leverages javascript to perform malicious actions on the system. | dd690b9ef116253caaafeb9f0562e22d | 41aa3ece0f312bea1c49d26616d03bf6e875c996 dd690b9ef116253caaafeb9f0562e22d 30f5055191f1b545cb56fb066b256238eea105343ca08a946e7e0b5644e5eb57 https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-rm101 | Bypassuac_0f83bd9c | Windows | This strike sends a malware sample known as Bypassuac. Driverpack leverages 7zip to install malware on the system in the form of an HTA file (HTML), which leverages javascript to perform malicious actions on the system. | 0f83bd9c98aaacec57e6612678c80f33 | 04286c11b16fb3c1474f1b7ef9f3f4b1efbcdd87 0f83bd9c98aaacec57e6612678c80f33 916bacb16aebc630b7dada021467e71c4368ad72174e332d4ae00afebdcf66eb https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-pqj01 | Zbot_61bc75fc | Windows | This strike sends a malware sample known as Zbot. | 61bc75fcaaf6b0dafe0dec10e7405801 | 54e0acaacf9b26060dc8a53863b7517d4acb5156 61bc75fcaaf6b0dafe0dec10e7405801 399dad77516c27f0b2f5a36605a5fa25aff0e6a0ec66feae6854838336ee8b0d https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-hob01 | Vbtrojan_ab9a2b61 | Windows | This strike sends a malware sample known as Vbtrojan. This is a malicious tool used to exploit Visual Basic 5. | ab9a2b6156af7529f5bf648ad4c3d7a6 | 801fb1df0c98f0825a91760a9dfb692af257f00d ab9a2b6156af7529f5bf648ad4c3d7a6 cfdea8ab0d2f4b82bf9d103b053b8a10eb456bd7e7896f29bed3d1f3649d2001 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-j5o01 | Emotet_fec15f7b | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | fec15f7b24f82912be2b990d1cf45eb4 | da4564eb8809f6886b77eb9f32f48dfb6c4a4652 fec15f7b24f82912be2b990d1cf45eb4 3d48920206c69924bd3c388e2d7a48845e48ba6a525f06ae466db235deaa6832 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-cwa01 | Bifrost_039c528e | Windows | This strike sends a malware sample known as Bifrost. Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. In order to mark its presence in the system, Bifrost uses a mutex that may be named "Bif1234," or "Tr0gBot. | 039c528e8a362ac8a59f06afb9684c50 | f35772cadabc324efaf932869e0f479ff438fc15 039c528e8a362ac8a59f06afb9684c50 230afd73943ecb538ed51a50fda07b4ba0e37ee805dab7e263e2623a2dbb4dd9 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-fz101 | Emotet_a750da2f | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | a750da2fdf39e2679d4eb75246f97147 | 50efc62c9898810f07e900c3a1a6e43ddad6f22e a750da2fdf39e2679d4eb75246f97147 363371e71bfd3a0f6e8e0ffe1017918d65d5afe7ce1c6d7ea26f5604b26144ce https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-aa001 | Bifrost_7f0646d3 | Windows | This strike sends a malware sample known as Bifrost. Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. In order to mark its presence in the system, Bifrost uses a mutex that may be named "Bif1234," or "Tr0gBot. | 7f0646d3abf7df2d52c5f347c65ac98d | 1d4f051f512782f1b66c250d4e9ec68a8b8087c3 7f0646d3abf7df2d52c5f347c65ac98d 8d72e7115a4564541d30649d2f3203306cccab27c543d58ba6267b4752c4528f https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-3qf01 | Bladabindi_13115a7e | Windows | This strike sends a malware sample known as Bladabindi. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 13115a7e2359b14a2a17843bd1a6ff8a | 8289bf7ce68f5664b78dca729bc69fde13548acb 13115a7e2359b14a2a17843bd1a6ff8a 6440a66af66551ca6997993e14acca0c00cf7d608b189e62ce9621cf66db371f https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-9es01 | Bifrost_3c6152f1 | Windows | This strike sends a malware sample known as Bifrost. Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. In order to mark its presence in the system, Bifrost uses a mutex that may be named "Bif1234," or "Tr0gBot. | 3c6152f18327f56e04d290e6c9ffd469 | 2f1f8e94d2617474aa9e053ab51b2f9f724a9adc 3c6152f18327f56e04d290e6c9ffd469 872f04d1d11643a224e8535e71139b3074aa4f98c157ade42da7c74dda4208f2 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-yjb01 | Emotet_d156b9a8 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | d156b9a83371aa5919c3465102f06ab6 | a36ce23579c1a79a2a6748a0c129873c76166ad7 d156b9a83371aa5919c3465102f06ab6 cb83759cf47a4b6e44e5afcf6f85f64b475a6f4bbcd0bff82b31b45f048a64c9 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-3eg01 | Swisyn_91f61bbc | Windows | This strike sends a malware sample known as Swisyn. Swisyn is a loader that installs malicious software on the system, including remote access tool functionality, allowing the controller to perform any malicious action. | 91f61bbc6a1e36b78d12ae0a76c8cadc | 62928ccfc0c5701d0881c87d551a28014eeceb7e 91f61bbc6a1e36b78d12ae0a76c8cadc 00f0b9de74ca71e3d907d210f60546daf2da9d244c4646c4f1786e21296e9018 https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-3dp01 | Vbtrojan_d3a661de | Windows | This strike sends a malware sample known as Vbtrojan. This is a malicious tool used to exploit Visual Basic 5. | d3a661de4bb898f0c154a8afd17bbf02 | e238dffeafefe27c51ea74e317b3c44b5f035e23 d3a661de4bb898f0c154a8afd17bbf02 050f57560e1691e7b09ccd86e92ec1c2c4ac361ba09862697ad908d6dfa93090 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-cjf01 | Zbot_7bce0a17 | Windows | This strike sends a malware sample known as Zbot. | 7bce0a1763f357a76aeaeefa270e0ee2 | 52151086930d8833d97b01acf39e6585cbf99bf2 7bce0a1763f357a76aeaeefa270e0ee2 48d0fd82b8625c9c789284fc23cd0ee9cb9bb3ef96728c61de4a25ce7d6fc21c https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-6ui01 | Ekstak_2b3b1203 | Windows | This strike sends a malware sample known as Ekstak. This malware persists with SYSTEM privileges by installing itself as a new service called "localNETService. | 2b3b12034f05a3b20d10a1528600f724 | f5bb176243754674df1639b3f6aca88343fd83e1 2b3b12034f05a3b20d10a1528600f724 220a6e183611bd6730eeb2cfdd4536eca6829283566e2c0d5c410adc6552a058 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-ijt01 | Swisyn_bca25a76 | Windows | This strike sends a malware sample known as Swisyn. Swisyn is a loader that installs malicious software on the system, including remote access tool functionality, allowing the controller to perform any malicious action. | bca25a764f607076aba7644266e8d186 | e4df628d264cf1e9f9626bdfa85ed2eef0c67014 bca25a764f607076aba7644266e8d186 1cdb7a0378f4e5a0765ae7691caacc2a37bd623e16ae07e3b6400829925e21a0 https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-tg001 | Vbtrojan_e727e4d6 | Windows | This strike sends a malware sample known as Vbtrojan. This is a malicious tool used to exploit Visual Basic 5. | e727e4d6b98616105eba9b59c92e99f6 | 756436b13fedf5946ec5350a4e054cf2c3b8d4b6 e727e4d6b98616105eba9b59c92e99f6 39ef144fefb739ea1ff1582e9c3da0f42566855c6769f9ed4c2d7f9427edf717 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-5ha01 | Bifrost_d967c77e | Windows | This strike sends a malware sample known as Bifrost. Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. In order to mark its presence in the system, Bifrost uses a mutex that may be named "Bif1234," or "Tr0gBot. | d967c77e334d97775a6f14d8a687492d | 9676f571c53b543bff2a32aae59cf6646a0bd34f d967c77e334d97775a6f14d8a687492d 27d6fd04978ac887712c25756e03b14152bcc3a0649307c4d0e6fe491b68a41e https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-qrr01 | Bypassuac_131c673d | Windows | This strike sends a malware sample known as Bypassuac. Driverpack leverages 7zip to install malware on the system in the form of an HTA file (HTML), which leverages javascript to perform malicious actions on the system. | 131c673d697b010b08fb62834a6946d3 | e42210797f3c73194ed9cee4f82cce0b047cb20b 131c673d697b010b08fb62834a6946d3 7badc0500d9eed34ed2b1ed51fa5312aed4d64d145f7f019c8fc00f2674163df https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-k9v02 | Vbtrojan_91578352 | Windows | This strike sends a malware sample known as Vbtrojan. This is a malicious tool used to exploit Visual Basic 5. | 91578352526a48347982a00076557734 | b27ce146b356e1ef02a6f81d306e0143fc8da64a 91578352526a48347982a00076557734 e3bd392d634b990676115698db9344201480c0cf6fd27bfaa6247f0728d41625 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-u7h01 | Bypassuac_aa6d018d | Windows | This strike sends a malware sample known as Bypassuac. Driverpack leverages 7zip to install malware on the system in the form of an HTA file (HTML), which leverages javascript to perform malicious actions on the system. | aa6d018d7c7feb5fdcb3820d8968b3a5 | cc5d3fc002d9bca7178ae398cc51e5a8a4d587d2 aa6d018d7c7feb5fdcb3820d8968b3a5 aa1c060f33a382cb9cbd6a6bec709242255f0923b3b0e644bd2762ed06625f74 https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-gab01 | Swisyn_2d15d23e | Windows | This strike sends a malware sample known as Swisyn. Swisyn is a loader that installs malicious software on the system, including remote access tool functionality, allowing the controller to perform any malicious action. | 2d15d23edaa650a18a353d4974eabf02 | ac51200e10551bae2dad06f3399644fcd7c7aa1c 2d15d23edaa650a18a353d4974eabf02 10ece857bff115588a8dd3525fafe6f7e76760007cf5cab15c49cc256ed44cdd https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-98t01 | Bifrost_550f33c6 | Windows | This strike sends a malware sample known as Bifrost. Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. In order to mark its presence in the system, Bifrost uses a mutex that may be named "Bif1234," or "Tr0gBot. | 550f33c66dede1021b4d4c6795007846 | 005523d786a674fb3e7fcdb629ba757ca125cdf2 550f33c66dede1021b4d4c6795007846 9917d5deaa1b02d329454f1e08e548f750d3f0b09a0f38d55e6c94f84243ab4d https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-9we01 | Bifrost_46ac01eb | Windows | This strike sends a malware sample known as Bifrost. Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. In order to mark its presence in the system, Bifrost uses a mutex that may be named "Bif1234," or "Tr0gBot. | 46ac01ebf8c54fe16c01a0e455548a5c | 56d9002329ce59b1fe4aafe726a6dbf8f7bb3d34 46ac01ebf8c54fe16c01a0e455548a5c 2225b77359e3ad87306d38a22713167c33846488d0b091fe1a6890b3b6560979 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-ecj01 | Vbtrojan_583d8094 | Windows | This strike sends a malware sample known as Vbtrojan. This is a malicious tool used to exploit Visual Basic 5. | 583d8094555550940160e50fe5ce6a67 | 3b7c8e789c2f01a2cbb90db6eef307f396499431 583d8094555550940160e50fe5ce6a67 78bb2e2c086a0252e83307667178ed3e5d64a73dfcef3b82b05f4c64e4496009 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-w2b01 | Triton_8b675db4 | Mixed | This strike sends a malware sample known as Triton. This malware is an attack framework built to interact with Triconex Safety Instrumented System (SIS) controllers. TRITON is one of a limited number of publicly identified malicious software families targeted at industrial control systems (ICS). | 8b675db417cc8b23f4c43f3de5c83438 | 25dd6785b941ffe6085dd5b4dbded37e1077e222 8b675db417cc8b23f4c43f3de5c83438 c96ed56bf7ee85a4398cc43a98b4db86d3da311c619f17c8540ae424ca6546e1 https://www.technologyreview.com/s/613054/cybersecurity-critical-infrastructure-triton-malware/ |
| M19-fcp01 | Swisyn_be201c67 | Windows | This strike sends a malware sample known as Swisyn. Swisyn is a loader that installs malicious software on the system, including remote access tool functionality, allowing the controller to perform any malicious action. | be201c67e083e941d933df1dacf180f5 | 110d0443f2419d42fd2dd0b377ff3132d15b5469 be201c67e083e941d933df1dacf180f5 13b5799113f9c99a83cd22043bbb4c6dc4a853236ce1f7c5ffaace667f6afc88 https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-hqy01 | Swisyn_481618bd | Windows | This strike sends a malware sample known as Swisyn. Swisyn is a loader that installs malicious software on the system, including remote access tool functionality, allowing the controller to perform any malicious action. | 481618bdff18532f6bb669dfb18de6a3 | 4aece86d5be7fa9ca3dbee8be8a71b559d8ffb4d 481618bdff18532f6bb669dfb18de6a3 282e36c2dd1acf6c898e050e899bc7dbb0c339b16b7725f6ceae2787b43fb4df https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-leh01 | Bypassuac_6bd74c09 | Windows | This strike sends a malware sample known as Bypassuac. Driverpack leverages 7zip to install malware on the system in the form of an HTA file (HTML), which leverages javascript to perform malicious actions on the system. | 6bd74c09f8a434f0744f1e79fd53a6ad | 810ee9070d2c96e44ed85965312554e6a60400b6 6bd74c09f8a434f0744f1e79fd53a6ad 3faafbde8739f8900fdf4fec2a3be5d8c802ded73cea96e8e5d502a265ce9ed7 https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-ium01 | Bypassuac_e3630bc9 | Windows | This strike sends a malware sample known as Bypassuac. Driverpack leverages 7zip to install malware on the system in the form of an HTA file (HTML), which leverages javascript to perform malicious actions on the system. | e3630bc979da6c5fb1f50c6a7204b8e7 | be790eea8fea5676466d055e88f0e9085c8431b6 e3630bc979da6c5fb1f50c6a7204b8e7 108cedab59d537fca166fec822b22039a19dcdc700e17d9ef39949ca1d3063e6 https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-uhj01 | Ekstak_a41f43fc | Windows | This strike sends a malware sample known as Ekstak. This malware persists with SYSTEM privileges by installing itself as a new service called "localNETService. | a41f43fcfc60040ccbe9414e81a1b18a | 356271f87a9575de25d1c350c68320d39bb05216 a41f43fcfc60040ccbe9414e81a1b18a 387a3f8e33297a952ab2b93dd4f6c0a97fe797e18ead0c9cf050f0918758d1dc https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-h9k01 | Ekstak_d63f5be5 | Windows | This strike sends a malware sample known as Ekstak. This malware persists with SYSTEM privileges by installing itself as a new service called "localNETService. | d63f5be5446596b05f97c0fb0a0af03e | d5143db1481c0c6c83a530d06fdbc3dd4404a747 d63f5be5446596b05f97c0fb0a0af03e 3bd551b75a97dda9d0aa66d9ae24fbee3e0d4dcae0b4a4aa98be994a4ec59d9f https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-2so01 | Emotet_934265a3 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 934265a3edfc05a9c97418b0d799e583 | 5097c7872b3d91edd5da14c05d90ca0f8c588191 934265a3edfc05a9c97418b0d799e583 4c70e7e49082dc78f27ac863bfaf671ce823ed43575d608e309cb6e839f093ce https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-l4201 | Bifrost_6e81645c | Windows | This strike sends a malware sample known as Bifrost. Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. In order to mark its presence in the system, Bifrost uses a mutex that may be named "Bif1234," or "Tr0gBot. | 6e81645c04373104e7d1d0047496d178 | c84a5aa58949c7aef1d35dd53154377adb79df33 6e81645c04373104e7d1d0047496d178 59c8baa550d491782d9b3899c2252fc8d71971b2c399a807f81b1917a4e31c65 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-jqd01 | Bifrost_18c48518 | Windows | This strike sends a malware sample known as Bifrost. Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. In order to mark its presence in the system, Bifrost uses a mutex that may be named "Bif1234," or "Tr0gBot. | 18c48518bfe233ea167beb7eb58a1ca7 | 17f519dac98998abdf375e1bedc73bc4ba94d67d 18c48518bfe233ea167beb7eb58a1ca7 64ddbc85e24f4acf10ca1945110b16e2b7f0d53f68be8ca711b025ae4561dade https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-cl801 | Bladabindi_ebc6ecfe | Windows | This strike sends a malware sample known as Bladabindi. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | ebc6ecfebfab6f1a4e7e71b2054e5df8 | bcc13ca9719de00e7352da06959dd2a906c47537 ebc6ecfebfab6f1a4e7e71b2054e5df8 64dba074080613d0d1950f4edda64830a5aa5c94dc4170de00b90470b925fcdc https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-yht01 | Bladabindi_5d7c926e | Windows | This strike sends a malware sample known as Bladabindi. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 5d7c926e4675ccc1f390609e8877022f | d777d33170de824641818e9ed2f57f2f6a609ea3 5d7c926e4675ccc1f390609e8877022f 4011bacd5f28a2ea3d6f5cb8aa6f903a11d724de952efb43fec2c4dc6290b1c0 https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| M19-ko601 | Bypassuac_97eaa5d7 | Windows | This strike sends a malware sample known as Bypassuac. Driverpack leverages 7zip to install malware on the system in the form of an HTA file (HTML), which leverages javascript to perform malicious actions on the system. | 97eaa5d7d06a56cdd81752b69a07decd | bd662185310c2b660ad4dc0346472506c8c7d219 97eaa5d7d06a56cdd81752b69a07decd 5c382af6790fd2da04306edd283bce8cf84a7177417a33085e531043d9e381be https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html |
| M19-4zl01 | Bifrost_ae9055ed | Windows | This strike sends a malware sample known as Bifrost. Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. In order to mark its presence in the system, Bifrost uses a mutex that may be named "Bif1234," or "Tr0gBot. | ae9055ed032694484af3eccc2bceb0aa | f1da16884ef3877aed8e8274ef67987f3f8a5dcc ae9055ed032694484af3eccc2bceb0aa 31ff3f68aa25f1200040f390297a044ab8d313ff9b1f377e23d016267d092fca https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html |
| Strike ID | Malware | Platform | Info | MD5 | External References |
|---|---|---|---|---|---|
| M19-tmo01 | Emotet_0be4214f | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 0be4214fa3f7e0c56f70ce8f9bf93fd5 | 38a9a7014b3dfd83637c5880a69f859f7d74f0c8 0be4214fa3f7e0c56f70ce8f9bf93fd5 d7ac81621c25d53c0aa5b7da729cf66ac40829a911300492de014d769c5ec9a3 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-q4b01 | Bublik_40491dbf | Windows | This strike sends a malware sample known as Bublik. Bublik is a downloader that targets Windows hosts. Although it's primarily used as malware to distribute various banking trojans, it's also capable of extracting and exfiltrating sensitive information from the host. | 40491dbf3591447eae70248a8fd852de | c0f26748698b7ad3854a9edf8c7c84348e1ebd3d 40491dbf3591447eae70248a8fd852de 7081050e0504735e2f48c098f5758a5a01c8972011478b6c5b2fcc5e33ea4932 https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-tzi01 | Emotet_e1f9cbb0 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | e1f9cbb0abca0e0bf55b41af99c64538 | 91be44700c330cd053d8d00060d0a9883fcb10f9 e1f9cbb0abca0e0bf55b41af99c64538 d42a8f19235f0281bed1e194034c7e08fb60e0b497c222f9fb3272a790b4a28b https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-vsv01 | Razy_6d38263d | Windows | This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan. They collect sensitive information from the infected host, format and encrypt the data, and send it to a C2 server. In this case, some of the samples in certain identified clusters can be attributed as Cerber samples, although the detection remains the same. | 6d38263d27e2b81a11e3cf11333b8b11 | ad1c56d5142de10a356ee20cbec8937e364b3c7e 6d38263d27e2b81a11e3cf11333b8b11 17304b3bfb5ab40bc65b53ec39294bdbaa8e032dff44f2032a0b5a7c0b96879f https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-4qa01 | Emotet_d5262281 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | d5262281688a9c9c96d12f66406d07b9 | 4bd3ac00ef74bf6a788b2e6d22c68470ba6a7513 d5262281688a9c9c96d12f66406d07b9 d3267b47eb5ff200781cb100c9e7a02206b9965c08a18d601afc9aaf8f09b10b https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-myy01 | Nymaim_d073625a | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | d073625a0bf9c6b7a46b74fc9c543714 | 14fdc02720a46ca18d9ae446feec50d8897e9cab d073625a0bf9c6b7a46b74fc9c543714 179c96674980e6ed485fe00d82141c3729274b5d6e13129801d445c981264e23 https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-lcs01 | Emotet_59810eb9 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 59810eb9678a6945a262cbfcf645d455 | edb4c793c1e3a97beebfcfb21ca980634d9e4377 59810eb9678a6945a262cbfcf645d455 d6fa1ba1e8a3c4eba8cbdcc7d070e2596cce442bd8f3737d5c4a65f5219c09a1 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-q2x01 | Emotet_022557a3 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 022557a395535f5a0d3208b950b3d305 | 788054f97c9f1133a027fbd4069d77ceef6b7557 022557a395535f5a0d3208b950b3d305 f9a8083adfeb638d5508b41cbc32b4e4836c8ea64b66f9677cb3441db1280db3 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-qc601 | Bublik_864a18c2 | Windows | This strike sends a malware sample known as Bublik. Bublik is a downloader that targets Windows hosts. Although it's primarily used as malware to distribute various banking trojans, it's also capable of extracting and exfiltrating sensitive information from the host. | 864a18c2ad45d0f031e1ea0e4c14f5d2 | cb911fc62d143a14bbbaa83c56f6d9e45ef5d9e4 864a18c2ad45d0f031e1ea0e4c14f5d2 444dd5b17528c2dbd05d8afb1bf633b4cde0855deb0338a52a17df67e7efcf06 https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-06p01 | Nymaim_ebd94056 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | ebd940565cafd4e93dfe281e01e77130 | 15e7532d14b75c0656ec264cbb5ae86be16e38d9 ebd940565cafd4e93dfe281e01e77130 1e5d95ea42bfc038d4513fa688336cd73622ed707ed188d66aed4cf6ac1086a1 https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-qhc01 | Bublik_60824642 | Windows | This strike sends a malware sample known as Bublik. Bublik is a downloader that targets Windows hosts. Although it's primarily used as malware to distribute various banking trojans, it's also capable of extracting and exfiltrating sensitive information from the host. | 60824642c3826fecf6ef97a6824b80af | 6e8697fe33a180c49574a9e9ac888c9fc4faf6da 60824642c3826fecf6ef97a6824b80af 895e9a298dce50a19cd158de7f8a504d07948713a042e356d4207d6650815fd0 https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-3bm01 | Emotet_80995139 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 8099513997029dd428fbdb3a60ab76a0 | 6f54779917a5364ccbeba0a0c7f1f94877489072 8099513997029dd428fbdb3a60ab76a0 fff842211c499574cef09bf176ecc2af07fbb18f4075ec84f82d39256bb9f54e https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-k7l01 | Vobfus_f4b31343 | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | f4b31343375083828d703453580ec183 | 0fffed0567ae6503714508c288b978f1e387687a f4b31343375083828d703453580ec183 27d60e838ac4e142d5799628e95138a959bdc9358af047937f1d42f45ab093ca https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-aqx01 | Cgok_203164f4 | Windows | This strike sends a malware sample known as Cgok. These binaries are able to detect virtual machines and instrumented environments. They can also complicate the analysis with anti-disassembly and anti-debugging techniques. This family can install additional software and upload information to a remote server. | 203164f43230fc6042ff5639bcbd643b | 132be99068ac061646ee029e58419865a7b3b7f2 203164f43230fc6042ff5639bcbd643b 0c72e02a1a7ad5f3140c57b9e6f3650afe09692d452fff294a4658a4e33573b0 https://blog.talosintelligence.com/2019/02/threat-roundup-0208-0215.html |
| M19-tm901 | Icloader_91e218d8 | Windows | This strike sends a malware sample known as Icloader. Icloader is a generic malware that largely behaves like adware. The samples are packed and have evasive checks to hinder the analysis and conceal the real activities. This family can inject code in the address space of other processes and upload files to a remote server. | 91e218d8bf9c616c00dd73ece9d0ca5b | 12d375f86c6ee69b73f9a4402751ed2e2117cbdd 91e218d8bf9c616c00dd73ece9d0ca5b 4c4807efed90553e868ef794b9d7218ab7a635c1d95f6e56c45b8c0e6ecb1bee https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-t1w01 | Emotet_10f0a5a4 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 10f0a5a4b312fbe4a675ec857208a8c3 | 8c682340de500bd245a4f5c18b1959a0b0f5f69e 10f0a5a4b312fbe4a675ec857208a8c3 fa818a69846c5757f84b46bdcec6f31b690178acb062215e4fed2f4689f2e745 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-69o01 | Emotet_40ddf388 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 40ddf38807a7289bd17c507d413c816f | 14558a9b7c06126d478bec1521b5fff914fd770d 40ddf38807a7289bd17c507d413c816f f15d939bdc728c34efd666bba3834c39702dd7acc56f93f102f435a1eff962c0 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-ro001 | Razy_d41f0938 | Windows | This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan. They collect sensitive information from the infected host, format and encrypt the data, and send it to a C2 server. In this case, some of the samples in certain identified clusters can be attributed as Cerber samples, although the detection remains the same. | d41f093843ff9f08de9ed7446278f459 | affeac3b75355ae984ccfc272d24e84fa4701168 d41f093843ff9f08de9ed7446278f459 02b7190116a9bb98467f28d92495c1bee74c60af05fb58fff8199909260bacd9 https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-wi801 | Icloader_5556f078 | Windows | This strike sends a malware sample known as Icloader. Icloader is a generic malware that largely behaves like adware. The samples are packed and have evasive checks to hinder the analysis and conceal the real activities. This family can inject code in the address space of other processes and upload files to a remote server. | 5556f07872ff690d1aa886ffdb0eab89 | f0c0b53db74ce50b8fbccff1413c961bd7dcef6c 5556f07872ff690d1aa886ffdb0eab89 4eb6179bff74cbc8625448c010aeabadf5bb7ee1fe1329e80f54f062f67af426 https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-tem01 | Icloader_c94e1a62 | Windows | This strike sends a malware sample known as Icloader. Icloader is a generic malware that largely behaves like adware. The samples are packed and have evasive checks to hinder the analysis and conceal the real activities. This family can inject code in the address space of other processes and upload files to a remote server. | c94e1a62258444a46120cc86a54568bf | 2542bc4b15016601735d4f905a90c5f6e81a09c8 c94e1a62258444a46120cc86a54568bf 34099d3b62bb8baefde01a72f6921063d81dcd33c2512df3755aedd5524f19cf https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-c5l01 | Emotet_f29eeddd | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | f29eedddad5c3e30cb01a937cbb167e7 | 28eb1dfe9927da3ba6142d0a68f35e9250be96e1 f29eedddad5c3e30cb01a937cbb167e7 f188a901e912f54fc0b4b67696dd24bb8febf561d40d487649ea7dd448e35437 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-mfc01 | Emotet_9b6a7cae | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 9b6a7cae87bbff2d0ac01622238263d5 | 9d104e5db056b2efd61b318716419a1c56f74e85 9b6a7cae87bbff2d0ac01622238263d5 d8847a2628f5b234b31b22b382b3fa49789ce24fd41ecfaaac0272abfe5a4bb4 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-f2x01 | Vobfus_5f17b72c | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | 5f17b72c9d2435b06d4fc22a5aec2f9e | 24415a7c0b9bfbfe9258ca648a467049f6e9e7b8 5f17b72c9d2435b06d4fc22a5aec2f9e 25fd3bf11d2ab30e74ccb67cc0ba7563ccbd0a1502b077da80d13239c9ea3b02 https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-hzz01 | Emotet_3c125571 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 3c12557121381399a6f243060add437a | fbf583247c369952852bf30e48ed6ca5d6b77d8b 3c12557121381399a6f243060add437a ee531fb6a8832500a34a080427f863d5a7d6f89bc4137c6c73a90b0a9703cf05 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-ah101 | Emotet_5122dbb4 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 5122dbb44d6df6d23dba5443d34a34db | dfd1585de29a1ec627b000da37fa43a6844930ca 5122dbb44d6df6d23dba5443d34a34db defa8a815eb0ba91054b406c59f187cd803af84faf8aeb429fe07681ceb08e45 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-edu01 | Emotet_0daf6a80 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 0daf6a800255098c5f974a23450eaf4e | 8a85e393195db81f6c1d90acc76821698111eaee 0daf6a800255098c5f974a23450eaf4e e5d829b9ad2ee3d40653e4d404df3d1934cdf85e46f7230524eaedccdd380f94 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-r2m01 | Razy_76270254 | Windows | This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan. They collect sensitive information from the infected host, format and encrypt the data, and send it to a C2 server. In this case, some of the samples in certain identified clusters can be attributed as Cerber samples, although the detection remains the same. | 76270254ca099ed18eaedd1cc3100636 | 382ac83d005b9440f05e79500ada7e9b99c0f69f 76270254ca099ed18eaedd1cc3100636 144506736eac91ec05d88315c8b74f2582a5238e48b41a716d55190b5942befc https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-h0l01 | Emotet_b1b29493 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | b1b29493fb511f3b8f7e7e82ef57940f | 42e0737afa64d409a93267c459b51a621c129936 b1b29493fb511f3b8f7e7e82ef57940f f690afa433e018998c74ee60db3928785cc829f0179506bc0eb60bc3f816c01e https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-hps01 | Emotet_a978a9c6 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | a978a9c614013bb2a7973dfe1706accb | 373d05b7875c3ecb93ccce12b95b08344fce4d3e a978a9c614013bb2a7973dfe1706accb d0281998eb189132d62dcc9483ffd154dd5dc692f87de1f1579054f7409a8f8e https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-vgf01 | Nymaim_ec140dbc | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | ec140dbcf7fd4e6536ee4ca62b58711e | 9e2491fb2ff4482afc722e106ef5dc36c4db0a73 ec140dbcf7fd4e6536ee4ca62b58711e 1cb1a09aec8926e8df8dd7edb1ccc63ea7192330ee36704ae3b2b706a6630cb8 https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-d0101 | Cgok_fdbe49a8 | Windows | This strike sends a malware sample known as Cgok. These binaries are able to detect virtual machines and instrumented environments. They can also complicate the analysis with anti-disassembly and anti-debugging techniques. This family can install additional software and upload information to a remote server. | fdbe49a842c8b85ba53c3d106b2fe512 | 18ed15ae60f4ffc68f8d4fbefa0f6c93b0e3f86a fdbe49a842c8b85ba53c3d106b2fe512 0b38bc30f470e19ff3e973f5d8b0ca196e58c7cdb49ee1ccc1769ad8422cd356 https://blog.talosintelligence.com/2019/02/threat-roundup-0208-0215.html |
| M19-hbl01 | Emotet_f09fd45a | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | f09fd45ae1408e49b4bf0abadbc8d414 | 06fdc1019a4c0375ebb3796ace016f61a2db148e f09fd45ae1408e49b4bf0abadbc8d414 e9f666daca277cc03af005435f0c08c99a914c2ae9f21002f051ce67c9762451 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-0bo01 | Emotet_07adda3e | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 07adda3e98f6135c7e471c8dda112e2c | 03a904be30489fe178c6a8c6eab06b38c05e673f 07adda3e98f6135c7e471c8dda112e2c dba531792d94dff27f95023a924018e6aa2bc13a34a9397039d552b02075bbb8 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-vot01 | Nymaim_1a5bdbfc | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | 1a5bdbfc19f89c7a02604101022610d8 | d68220b0e58aae34cf630aa0824e5618bc477a44 1a5bdbfc19f89c7a02604101022610d8 1eec7c86d30be19611b16bd5e17fd747da9df96fa2907ca23acf1801b6c383c9 https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-h0x01 | Vobfus_9d3aa01f | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | 9d3aa01ff96b9006f0b8c475359adff6 | 2bdbda56bee5a4edca9869b4258b66910ff5f787 9d3aa01ff96b9006f0b8c475359adff6 2d2fab79f6d87e2994a60e3a982804fb8d05aa75dc13e9b4bdc9705a9db6247a https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-5be01 | Emotet_0ef0076f | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 0ef0076f69d57c5200855d707a82d22c | 3fb588e7ff9fa40351d6edfa6e63472e863b3913 0ef0076f69d57c5200855d707a82d22c ea8c96191c0c6e9b151dd48107e22dec3fcdcd7275d72d6804bf2761212acbc0 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-aqy01 | Emotet_81193938 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 81193938e54b68d4be93121d83c6522d | 21bb815bae08563fea37098c43d96ac12dc9772c 81193938e54b68d4be93121d83c6522d e13163926bc6d676133dd2ee992d3965872feaf0ae54a89cfa2ca9a378acbbe3 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-mu901 | Vobfus_bfe7d9ee | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | bfe7d9eef59ab9bbb35cef511ddab471 | 03ba277e6b79e899535c8e32cd1361bd29ce538e bfe7d9eef59ab9bbb35cef511ddab471 283293ffdb4838e037561e8ac0df74cdd9181ef046ffb3e5ae0ae2d3614f4b27 https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-0gv01 | Emotet_e3ea9d73 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | e3ea9d73ddc36507da7a240a7b4941d8 | 18b255039435bdf32b9d57b3920075c6ef54efb6 e3ea9d73ddc36507da7a240a7b4941d8 e1c429421aea4b2dad0ac6a8784a280e197bc06b18108a33716cb6d55496ed3e https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-ioa01 | Emotet_766b55cb | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 766b55cb20e75a81cdf4d1ee8730d33a | f61d98062073bcb2bebc965b9bd3a31c3a1d2745 766b55cb20e75a81cdf4d1ee8730d33a df4792e7180d4d395de99a95628f1da57e3ae96552628b86e61bdf27b57667a7 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-jh701 | Icloader_3fb98738 | Windows | This strike sends a malware sample known as Icloader. Icloader is a generic malware that largely behaves like adware. The samples are packed and have evasive checks to hinder the analysis and conceal the real activities. This family can inject code in the address space of other processes and upload files to a remote server. | 3fb987385687acd789b3a104523f864f | 287e0d0c87048402ef941caf7067f0c0331f8892 3fb987385687acd789b3a104523f864f 338d97248b5ff7489157822d0b0c413d550a46ce6da712e2fb838290bf7697a5 https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-8xd01 | Emotet_872c3b7c | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 872c3b7ced70abdd393cd110fe411b1c | 6274405d7ecf24e095354bf87acb77ff0a4d3af7 872c3b7ced70abdd393cd110fe411b1c e2cedce0e69c319c63c13ae84709e108ca9fb696d47e3ce71c85f4e04dcedca9 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-vmt01 | Vobfus_abff6b2e | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | abff6b2e3fab8e21a155210cddd27145 | 04563e6b4a9ede435d99ccfed669ab74bf7fc4cc abff6b2e3fab8e21a155210cddd27145 21cc803b77f7413c781bcc21a7681470ad926289c28f6d126efb899aac482988 https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-ofj01 | Vobfus_285d4ab6 | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | 285d4ab654f5a92a73f1114a65ffdf33 | 2de9dfe685bb9349163cff3d80e532cbc369f6c8 285d4ab654f5a92a73f1114a65ffdf33 1b456b78b84fcc6137bc85f0203e29e558c3888c74d610a0ecce19c9008197d4 https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-lew01 | Vobfus_116fd5dc | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | 116fd5dc97cc1c681bd97c174fe32f9d | 2be473fd93828959212806ebb3b8e4ef5d9ad799 116fd5dc97cc1c681bd97c174fe32f9d 30755cf5b6934d725fd87dc667fe82b3fd4964d6c55cfdcb327a29e95dd3435d https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-cix01 | Emotet_999ce0e0 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 999ce0e042a672f21773460217547231 | 8261597e1d19640143503f0796bcce6cd0223ee8 999ce0e042a672f21773460217547231 f5bc449acf377984b29db0cd5f55e807a30f61bee5b21cae44823def082c1617 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-xc401 | Cgok_54adb493 | Windows | This strike sends a malware sample known as Cgok. These binaries are able to detect virtual machines and instrumented environments. They can also complicate the analysis with anti-disassembly and anti-debugging techniques. This family can install additional software and upload information to a remote server. | 54adb4931a729b36d2dab26aa3c236c2 | 46a0f30d5211943271b9cc277e3a3104592a9d55 54adb4931a729b36d2dab26aa3c236c2 0c45267be8dd1bee444bedce0f29f9c6f6537f9cc14f14eb3d189c6ab7df053a https://blog.talosintelligence.com/2019/02/threat-roundup-0208-0215.html |
| M19-amv01 | Emotet_1b587cde | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 1b587cde3d8601fdc13fe36b4f24b2b8 | 8fa3aa0fbc1ba3bcc9547a00eb887cd7c322ace0 1b587cde3d8601fdc13fe36b4f24b2b8 ea2ac4377bbe793e460a808aab0506f820b0fa61b3d6f9e3a760eef658ce927a https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-wbe01 | Icloader_505aeef7 | Windows | This strike sends a malware sample known as Icloader. Icloader is a generic malware that largely behaves like adware. The samples are packed and have evasive checks to hinder the analysis and conceal the real activities. This family can inject code in the address space of other processes and upload files to a remote server. | 505aeef7d1ea8353e222ec5429073a9d | 07eadf002d999464068f5739545c08b63cd326fc 505aeef7d1ea8353e222ec5429073a9d 349c06fedb963107c3dc825075c9517eb05df25091bcbb9d6407843b745409da https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-lpt01 | Emotet_ba007852 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | ba007852c144452004aa2bf7933a2552 | 87282822464f19fabb041442c08050bccfe52a8d ba007852c144452004aa2bf7933a2552 ea8f1a29b56d5bed5e8744d6cbba787cbf4ab6d8ae7112455ac0a2bb38e83a3c https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-sjf01 | Emotet_c3d40d87 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | c3d40d8709a0791eddab435ed872948c | 4127a9e89a98cb3562ed53500f2a48f4d3811bd0 c3d40d8709a0791eddab435ed872948c e268e0210d3820e74af0aae0ed7aafeb555b3fdc82f4565461e53272f8908f94 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-s3x01 | Vobfus_0d5ec553 | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | 0d5ec553559b431b3c8dc4cbe3217a9f | 297157091a7a8e49a0523762fea4b22ddedf0447 0d5ec553559b431b3c8dc4cbe3217a9f 1da4ccd179876bcc378ebc4b1f3597e393e3b976cd0f0a7c24c51b9855d3fa91 https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-y1f01 | Nymaim_7830cf7e | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | 7830cf7ec59c465ebd76434863af32a3 | 4078c7c96fc9f05b4a1a0391a9d60554180d3e01 7830cf7ec59c465ebd76434863af32a3 23e28028a5392440dc99a040a0043cb3de50bdd678ed26777b72437819657d14 https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-lcg01 | Emotet_d277db8a | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | d277db8a2ffc26f7cc083144e535f3c3 | d3d5236bce7ba63fbbfcabb3082f0f8716cea560 d277db8a2ffc26f7cc083144e535f3c3 dab4fe27522df3fd3f936f69a8a8d994c962e7a4abe73e7b86502d0ceeb749bf https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-ocp01 | Cgok_40c001a7 | Windows | This strike sends a malware sample known as Cgok. These binaries are able to detect virtual machines and instrumented environments. They can also complicate the analysis with anti-disassembly and anti-debugging techniques. This family can install additional software and upload information to a remote server. | 40c001a7be0fc4f6d470831d5ce4d639 | 0c01d59f4dbd8d925ed190c8085e2fca169e7821 40c001a7be0fc4f6d470831d5ce4d639 07dfb8670514998cda1a27e5076d9b80febc39c201d9a85652e96ca39572b8c7 https://blog.talosintelligence.com/2019/02/threat-roundup-0208-0215.html |
| M19-jqa01 | Emotet_3d526b67 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 3d526b67254c12c47be87ae39fe62fe6 | 51de213e57bd9d3131896d66f705bfcce7238da0 3d526b67254c12c47be87ae39fe62fe6 e2b8f071b5b6f2a13d779df9407e46382040f4a1f675124790c8193dd70c0ff4 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-blr01 | Emotet_8e339897 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 8e339897fbd70c642eebdde6617955be | 7e1d1cc3ed5f0b84af383d10ea1c5c461b91ca11 8e339897fbd70c642eebdde6617955be ff93015d79559f7f54f8874500355f986f73fb3650f01bac6dbec586812ee0a4 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-pmk01 | Emotet_1fe2a20e | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 1fe2a20ede372890085859ada532a070 | 9459ecf7e4b585913359f097009e2489366b9706 1fe2a20ede372890085859ada532a070 dface7d0da396ae61f43f13fbb7d570608e61436aee2380344474a812a96df2a https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-1hm01 | Emotet_3e0f6760 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 3e0f676064233400940cc3a05a94a135 | 8a0dba38440a8cf4b23a7e40c4b1b775374b6551 3e0f676064233400940cc3a05a94a135 f1a8e2a69f4930fdd7d2226e0548333a254e599eb44f0ca37cf18caf80e631e3 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-h3c01 | Icloader_eaee958a | Windows | This strike sends a malware sample known as Icloader. Icloader is a generic malware that largely behaves like adware. The samples are packed and have evasive checks to hinder the analysis and conceal the real activities. This family can inject code in the address space of other processes and upload files to a remote server. | eaee958a83f4f7080c6fa95b432c36af | 299b239fc7728a98f95178266ca294a8172f6806 eaee958a83f4f7080c6fa95b432c36af 465fa07297f1aefff4acdc99cdc1e17583f57d29a0437f21e94c967ee2b6e838 https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-uqr01 | Cgok_7dc018d6 | Windows | This strike sends a malware sample known as Cgok. These binaries are able to detect virtual machines and instrumented environments. They can also complicate the analysis with anti-disassembly and anti-debugging techniques. This family can install additional software and upload information to a remote server. | 7dc018d6372cbed600949c51975b8296 | 419d9a3c779191e464c7178e40c1a13facfdeefb 7dc018d6372cbed600949c51975b8296 0aeb055d03bbc6f637944e8a82de7a36e959e3ae1ef3c9b04217ea91a9966fd7 https://blog.talosintelligence.com/2019/02/threat-roundup-0208-0215.html |
| M19-1p601 | Bublik_a756ea37 | Windows | This strike sends a malware sample known as Bublik. Bublik is a downloader that targets Windows hosts. Although it's primarily used as malware to distribute various banking trojans, it's also capable of extracting and exfiltrating sensitive information from the host. | a756ea375eb0e89041418b949c7a54e0 | 1e32f4e7f2f842429cabb331306b519524e4697f a756ea375eb0e89041418b949c7a54e0 4c56d62c2af1fda0af9be1f377ad7d737e7db306e7dc684df5a7c0163f10ebf2 https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-75j01 | Bublik_6535d5bf | Windows | This strike sends a malware sample known as Bublik. Bublik is a downloader that targets Windows hosts. Although it's primarily used as malware to distribute various banking trojans, it's also capable of extracting and exfiltrating sensitive information from the host. | 6535d5bf2a0cce8a549f825127bb8dc8 | 8649788b99b0969ecbb642a320d7feb1ad9e13bc 6535d5bf2a0cce8a549f825127bb8dc8 852d1d4ee1c4a04fc7ea5b849d6c663725fa89ae6358e251325c636e81a47a5b https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-wnz01 | Emotet_d2dd276a | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | d2dd276ae6a78b43ccef8fdd2e2042cc | e4499dc57f4592debdfb3e6547fd5a898ea6814a d2dd276ae6a78b43ccef8fdd2e2042cc eaba0452504b33481edefe4f6a904c90a163c7600bb0fee607c2af296b0ffa1b https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-ipn01 | Emotet_a83237e7 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | a83237e7e7776fdb7e5f757a961a18f9 | c2f6cbe4854d7ac01a35ce921b76cd7f671fc3a7 a83237e7e7776fdb7e5f757a961a18f9 ec88cb285ad443ff51b00326d2e672c867a465e41cece79a48ad0c9829323999 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-jjs01 | Vobfus_588a9b40 | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | 588a9b409a08e125a8eb60a8c4125d14 | 08413fa58d47d04f0995099fa655eb9c0fd09210 588a9b409a08e125a8eb60a8c4125d14 313fbcc0ce24e2c0d2c5c6870842feac4f1f2722101037f0c421ac0a9185ea16 https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-l4101 | Emotet_43f15725 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 43f15725d45427db109506a24a288591 | d66da7f61d27ed5646cdf83d84cbb56ee09da683 43f15725d45427db109506a24a288591 cebc291b9cd5d4a6c061d5afca7f5ed8f31ad927d7688ad7d630d1e9d165e982 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-w1p01 | Razy_e8bf0766 | Windows | This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan. They collect sensitive information from the infected host, format and encrypt the data, and send it to a C2 server. In this case, some of the samples in certain identified clusters can be attributed as Cerber samples, although the detection remains the same. | e8bf07664df0eabd897c86eea5712064 | 51c0e66ce40527f43a5723e765666737cea1c287 e8bf07664df0eabd897c86eea5712064 0bd766bfedd04e188ee3885d523f6cd170d0c36bc159bb82d3772b51d8a36022 https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-e2z01 | Vobfus_323238ff | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | 323238ff73f9fa165863324d1bd056a6 | 1edadc843cd07efe8c858248495fed941102c2bf 323238ff73f9fa165863324d1bd056a6 2f3f0fabb06ce1a8d3c5bc6c120473a2f597f4050fd4b92747c766ac3af07881 https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-e1b01 | Emotet_5c0d72c1 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 5c0d72c1922a3406980ed09d1f63fde9 | a5739a4767c6e649d107200dc281137c584a56a0 5c0d72c1922a3406980ed09d1f63fde9 dd6769c2c63989b71cfa0e099b5ccfdccbab37d84531a8902bd7b08dd738732a https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-89n01 | Cgok_eafd5df4 | Windows | This strike sends a malware sample known as Cgok. These binaries are able to detect virtual machines and instrumented environments. They can also complicate the analysis with anti-disassembly and anti-debugging techniques. This family can install additional software and upload information to a remote server. | eafd5df41c96b4b8d7bbec962bf530aa | 1a40e24cf366df30287e439bec5ff6eb7fdbaa65 eafd5df41c96b4b8d7bbec962bf530aa 09be7b1275949afd71f1c26965bd079a61c7cefba97086fe3d423c7c669ca1df https://blog.talosintelligence.com/2019/02/threat-roundup-0208-0215.html |
| M19-kw301 | Icloader_b4d576db | Windows | This strike sends a malware sample known as Icloader. Icloader is a generic malware that largely behaves like adware. The samples are packed and have evasive checks to hinder the analysis and conceal the real activities. This family can inject code in the address space of other processes and upload files to a remote server. | b4d576dbdabbecdeb3bcf04106bfda79 | 68936ad9c910f2d2aea4ec0b42250a51b464a3f8 b4d576dbdabbecdeb3bcf04106bfda79 36064556c3b25426b42b43e8ebdd7b9ca3b6d02a54f0eb20ccbce62e4818a6da https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-vyk01 | Vobfus_03604d7a | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | 03604d7a3d3ae4027b3abddc01208f2c | 13a0734cb280c8ea031ae9dbf28feddab26b1122 03604d7a3d3ae4027b3abddc01208f2c 2d60ca16f74ffe613981c2c27d40992f3d309cbe7b4a693f1fb632590f06e278 https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-55201 | Emotet_bbea3664 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | bbea3664247dc47498020cee00b01de4 | f83a0b666a9af2c8d63d6cebb110233cc8295f52 bbea3664247dc47498020cee00b01de4 df3eb43974aa2266b462be0ad3a5b4ec11baee4399d6785bc130533bdc6c6c7f https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-46j01 | Icloader_e833fdcd | Windows | This strike sends a malware sample known as Icloader. Icloader is a generic malware that largely behaves like adware. The samples are packed and have evasive checks to hinder the analysis and conceal the real activities. This family can inject code in the address space of other processes and upload files to a remote server. | e833fdcd89cea1d67d53d3bced94f238 | 9ad63fcbd199b28f91533cb8117633e6bd9c4b5b e833fdcd89cea1d67d53d3bced94f238 39afaf2f57b8a1c6ed2ebe4072d0e81832d94d31e1c1f3a016cd65b500e14d62 https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-svb01 | Emotet_51f1a06a | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 51f1a06a8e0835df25a4e6c27d19e766 | a4c0f593c4e3e99b46d13a1ad0f236574d89521c 51f1a06a8e0835df25a4e6c27d19e766 e8dd3b0062ccd4c2a04a057f840a7e5cbee7cb5d8fa4b1f71e029065d15e0161 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-tfw01 | Vobfus_1c3b278c | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | 1c3b278c13dbcb6544418f7b748ece83 | 12b2c24097cdfcd81a54c5a6f80cb8b1a84f0c61 1c3b278c13dbcb6544418f7b748ece83 139c385377c85ac709c77857adfbed6ac46e0e5f57e4b947d730ab871cea6154 https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-0iw01 | Emotet_7e4a40e2 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 7e4a40e25b0f131f9dfca464142eef10 | 39831233d29d2c43e157f34f8e76587b0fa49976 7e4a40e25b0f131f9dfca464142eef10 d3bd94aa34b925c6414d5b11e6f4a3ad9b652d31468eaa7c492ca0fdb82f2140 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-e2c01 | Cgok_ad89b80e | Windows | This strike sends a malware sample known as Cgok. These binaries are able to detect virtual machines and instrumented environments. They can also complicate the analysis with anti-disassembly and anti-debugging techniques. This family can install additional software and upload information to a remote server. | ad89b80e2135e1391306997a9617e252 | 194e754e79dde68cc735385cc4ba8e1bb883b194 ad89b80e2135e1391306997a9617e252 0cd3b49efa9072f463402e1d5d887cf38a5d6ac1a26dacb508739c3b2e15c4d2 https://blog.talosintelligence.com/2019/02/threat-roundup-0208-0215.html |
| M19-ebj01 | Nymaim_1101a4c5 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | 1101a4c5c953d71c5136b429fc28f64e | 1b993e3ebde99b233eb820fc2b9fafed2794d947 1101a4c5c953d71c5136b429fc28f64e 2361248d5291c923b8763530dd5c551accda742d6e7d15660534ab56aff11ffe https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-c5001 | Bublik_09a9a48b | Windows | This strike sends a malware sample known as Bublik. Bublik is a downloader that targets Windows hosts. Although it's primarily used as malware to distribute various banking trojans, it's also capable of extracting and exfiltrating sensitive information from the host. | 09a9a48b644cdb4ab0c64cd49350a79a | 71c9b2eaaa487241a21489d9d63cdc9d64a9a8b0 09a9a48b644cdb4ab0c64cd49350a79a 6fd9000a376b03dac177252a2e2879aa70c3f3365fff351d637f7b36aa2df385 https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-sta01 | Emotet_8f98a1bb | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 8f98a1bb2d7dc617170ff27d179122e6 | 4ecd617fb3f97a8a1051b8f216b9a3387f5146a3 8f98a1bb2d7dc617170ff27d179122e6 e6591f8c66504d8761de0cd48fc8259284c6902775962314502979670b84ba76 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-ln401 | Cgok_b61f45c1 | Windows | This strike sends a malware sample known as Cgok. These binaries are able to detect virtual machines and instrumented environments. They can also complicate the analysis with anti-disassembly and anti-debugging techniques. This family can install additional software and upload information to a remote server. | b61f45c15698ca9895286bfae5ba3032 | 433f7860081e3fca440b918042973c2e3cb01e98 b61f45c15698ca9895286bfae5ba3032 0d73b17699c07d1b2f04c8b3ec883138e1133ff9ff2f0b13dddfe04ae6e52e0b https://blog.talosintelligence.com/2019/02/threat-roundup-0208-0215.html |
| M19-72c01 | Vobfus_596e7db6 | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | 596e7db6addce85dce27869a412ead08 | 099c310555fe4d6561a65e53afc1f7590ab9401e 596e7db6addce85dce27869a412ead08 269f9b6e264729a3ff2c71abcb320e07d4ff4e76acf6be1b294c6a4b687beebd https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-7x601 | Emotet_39ef5c8f | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 39ef5c8feabd6e17a2728e3f66f5128c | 07a7101f5511f72088a3d42c36f0c6b501fbbf9f 39ef5c8feabd6e17a2728e3f66f5128c f7c8ae035d14e36f7c49239de8c8413a6946f8470dcdee34ff630f8bbfdb8209 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-mxw01 | Icloader_c03ea364 | Windows | This strike sends a malware sample known as Icloader. Icloader is a generic malware that largely behaves like adware. The samples are packed and have evasive checks to hinder the analysis and conceal the real activities. This family can inject code in the address space of other processes and upload files to a remote server. | c03ea36411f8c9374cf03177fe27efff | 2206202162dbe7688d6ae2fda3ff207006de7d75 c03ea36411f8c9374cf03177fe27efff 4ca27d52b58f33e8a99d68509cb9487417844ea5501056177ebac910eb329c1f https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-ox301 | Emotet_4d969ee0 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 4d969ee0f28a4b03c1c6a4e352eca925 | 1b5370d42e6e1f6be2fc44a1b51a74587074e64e 4d969ee0f28a4b03c1c6a4e352eca925 fbda68df0012faf7a0c85dccea37eb742057e362364dd2b8bcb711837bcfca7b https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-79m01 | Bublik_8338d0f3 | Windows | This strike sends a malware sample known as Bublik. Bublik is a downloader that targets Windows hosts. Although it's primarily used as malware to distribute various banking trojans, it's also capable of extracting and exfiltrating sensitive information from the host. | 8338d0f3e3eff6587d8e770385da8949 | f789f9750cc36585d69fa7c8a34eebb1df4f3108 8338d0f3e3eff6587d8e770385da8949 4de35a78adab9e0f79a88a1452916719f42641155de80f6c90e5a152561cdaa3 https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-t1301 | Bublik_c7ed2aaa | Windows | This strike sends a malware sample known as Bublik. Bublik is a downloader that targets Windows hosts. Although it's primarily used as malware to distribute various banking trojans, it's also capable of extracting and exfiltrating sensitive information from the host. | c7ed2aaa9e6775826b32d440d5d04b5d | 96a1ee6f8981b38009202b2eef18a28d394164ae c7ed2aaa9e6775826b32d440d5d04b5d 4f011f91715575b91312eb8a29509d9c2aa4950127efc98e88d44d08ce143efc https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-wd101 | Emotet_c170ac68 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | c170ac68af566dcb0da80ed36eb2678b | e2ed784e3eac4cc9b744f56cb04ddf6cc2d48ce8 c170ac68af566dcb0da80ed36eb2678b debd920aff7ef038dae9a3028b9ef80d0f0d1f79ef996d5eb59576878dcc0966 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-ph401 | Emotet_46152203 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 46152203681bbe86521e1daf299f6f81 | 5cc426e5317fadb25e061cbf75675b24c75d442d 46152203681bbe86521e1daf299f6f81 d8fc1b6c29b3bb2f85d0b7ee920fbfdd9252418255bed0a12e788181d2d4d06d https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-dvu01 | Emotet_7f9e6baf | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 7f9e6bafccba26fe0ae91abba45163ac | f78a986218c04a91078e937a09e2e41df25938fa 7f9e6bafccba26fe0ae91abba45163ac f4dbc0bf3fd53e0fc755ea28837266092ddbc02d8f9f5c3daa08b4dd31928817 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-z4501 | Emotet_79206791 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 7920679156c3b93f44cce622ecb593d6 | 585c174365a47452457cd883f58314f8f3172e2d 7920679156c3b93f44cce622ecb593d6 fc3a2f002b589a77e2a9e9e0ca71a6fa9145cca3ffbce1b74fc9a0d9aeaa8cdf https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-8rn01 | Emotet_4c07df86 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 4c07df8680802c9b0516fd13f001266d | 90bead715a7246e06791e0cfdd7f3a4d82b2f5ef 4c07df8680802c9b0516fd13f001266d e5f5c8a76de14d99db419de92b5bc74e3a65d9c2b22f7e5b5bd7568c67adcc60 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-kpv01 | Cgok_9b561c49 | Windows | This strike sends a malware sample known as Cgok. These binaries are able to detect virtual machines and instrumented environments. They can also complicate the analysis with anti-disassembly and anti-debugging techniques. This family can install additional software and upload information to a remote server. | 9b561c49bb144f21505d1c93425dee33 | 03ed803016940908a7f6310cafcedb325edd674e 9b561c49bb144f21505d1c93425dee33 0b2eb1d35ee7076f18cfab589df2432afb4ad1af19590b15b09eb18e8e68abf2 https://blog.talosintelligence.com/2019/02/threat-roundup-0208-0215.html |
| M19-xwd01 | Emotet_77af2c56 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 77af2c5689a57df929d618f7b68c7697 | 02143d05462e833a5dfe729d37034c569bc06e75 77af2c5689a57df929d618f7b68c7697 f3797eb00d2c4be090a1b86495edb2e9ad60e7c5125cd8c68571d366eaab4e36 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-wla01 | Nymaim_fa1e8c98 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | fa1e8c98ae8aea5b208bd9fba1ca0a89 | c769fe43b91abca34470ced518fb4449ec973c07 fa1e8c98ae8aea5b208bd9fba1ca0a89 21c85e5768071487832d29e9661f68033e9f7baa30597535ded88439cb67796b https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-dpd01 | Emotet_56e7f883 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 56e7f883ca25f92f58038a467032db3e | 0c4a733192a2c1c73da6f9f5e76b08fa995f9755 56e7f883ca25f92f58038a467032db3e d40f14264ff1609ac1943630f012910f7187fff9904332bb8ef79d5b1f9927e0 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-ong01 | Cgok_c7f1dc7d | Windows | This strike sends a malware sample known as Cgok. These binaries are able to detect virtual machines and instrumented environments. They can also complicate the analysis with anti-disassembly and anti-debugging techniques. This family can install additional software and upload information to a remote server. | c7f1dc7db57cf7084a0727248ebe5853 | 026871fe970acb07975104c0582c217305444c0d c7f1dc7db57cf7084a0727248ebe5853 0ce65debee6f89d18a75d99d5ee271d8cf1fe948833c657d6dc64c85666aae0f https://blog.talosintelligence.com/2019/02/threat-roundup-0208-0215.html |
| M19-rpg01 | Emotet_1c648615 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 1c648615ced0d4e077b43207dce81363 | 8632560d5b0624ee37986902ff3bf79662dd82f9 1c648615ced0d4e077b43207dce81363 eab3d356138e63f17ff4adc530878f96e694ff173e7535f7ebb8c70e15ded4d0 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-g9i01 | Nymaim_ca018010 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | ca018010ae9616bfde8ca40bf0800caf | 9c0e327bb966fbbea9ad8fc7a1b3cdaf054a5193 ca018010ae9616bfde8ca40bf0800caf 1e07e0277acf86c37ef6753ba1a2532e933044c7656ecc063c236c585b83c26f https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-esf01 | Emotet_7a92493f | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 7a92493f207788116fd3169ade68777d | 59f463404d516c06019ac3c108c10975d36641cf 7a92493f207788116fd3169ade68777d d12df0f950192e29664454bd50614f7cb2647235746b45ec640ff20dae53f870 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-ihi01 | Emotet_1d5fe93d | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 1d5fe93d4b95ff2103f9a79521b66193 | 39733768879717652a07ee96b44b7ea6db80359e 1d5fe93d4b95ff2103f9a79521b66193 d09380eeabd4bc93ba1a3fcd2efc707d5f55c2c1f00557dbea41ad691a2cf8da https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-0vo01 | Emotet_b82d2479 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | b82d247998b2df3676ce504d34a5dda1 | 79cb2f29d4caabbfe2c5ccc8b1781b14a6af8ad7 b82d247998b2df3676ce504d34a5dda1 ea4e6d4454319c522042c0f29719f5588dd0160a03cb08b7eafa3b346c1a87d2 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-yrk01 | Emotet_1179813c | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 1179813c3a79dc454b8fd5e675cd9c8d | 1f2522607648ec1fe145ebd7892c50e2dc03c2a9 1179813c3a79dc454b8fd5e675cd9c8d d4bb8e69e4f73413b6bb625dcab53ecf1f3b443ce2b00b9fa07a77ea62de98cd https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-xrn01 | Emotet_24ac9dad | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 24ac9dadd40db6a10ea9174a24ea100a | 0ed72bcf7b9fab14df88c93b951f122e46c73c47 24ac9dadd40db6a10ea9174a24ea100a ee758b05596d19f3f93b1c358f970a601dd10df9fe65f9a6e2322a248540dc12 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-11r01 | Emotet_69296a36 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 69296a363fb6e618c13ea9308f6f7c6d | 7e5af4ffa497cac8fe0e861582dbe3c58e0e25dc 69296a363fb6e618c13ea9308f6f7c6d e663871e8bdf96958321a2ae07b67efe02f4edc566bd63e0006842f41b2a3427 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-n3t01 | Emotet_d4928a8c | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | d4928a8cf9e33570eb9edaa0870cbec6 | 0adcb607375bed2fe36ceee7375a776081bd44cf d4928a8cf9e33570eb9edaa0870cbec6 f9237855954452b91d11915a8aeb17b0b967035c65461dd40645f0b9b973141c https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-yxy01 | Emotet_6483e2c4 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | 6483e2c4a9acdab1733f4a0b9fe8c0d1 | e2545f1642c1786e3c61655e50f8285ac71a8cb0 6483e2c4a9acdab1733f4a0b9fe8c0d1 f11aafd00f8e79125089aabc85c9b449e482ddc66e93502257a19d0da885f430 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-mtv01 | Bublik_883259f9 | Windows | This strike sends a malware sample known as Bublik. Bublik is a downloader that targets Windows hosts. Although it's primarily used as malware to distribute various banking trojans, it's also capable of extracting and exfiltrating sensitive information from the host. | 883259f99c940900e23058ec8e7d2e6e | 282b6725bd0d1a18ad34357cc28f224d186dabe3 883259f99c940900e23058ec8e7d2e6e 52a6cbca15c3805effa45b474a732f9b74d38d35a78e3763380735cc6a685f63 https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-4ou01 | Emotet_a171c33f | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | a171c33ffe252489b849bfbcf1cfaffc | 1e2b6ffce78178948141b1208304d76f6506ce0d a171c33ffe252489b849bfbcf1cfaffc f90679f1741c87aa58dab4f87b56ac489b0e423de29b7f9097ee008bb2de64eb https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-mby01 | Nymaim_982b7dd2 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | 982b7dd249af495fab47d96baeb16efb | caa6d0a8a854ae234e9ef79ae3bf1210f9181bc3 982b7dd249af495fab47d96baeb16efb 20d599362a7f80b9964569df6e07d2f18e434be47fc01dafa7e7d73831677a42 https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-m0b01 | Emotet_db3f851c | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | db3f851c1f226f0d3365960fcd47c884 | 93d2b82646382d26e5409c0e4e3cd61ae8d72768 db3f851c1f226f0d3365960fcd47c884 e83315328f2c3ed4ca575ff64ccf4dc45e916e7df60daf3b78d6e0736433bae4 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-iar01 | Emotet_cb2d2d68 | Mixed | This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and actively developed malware families on the crimeware landscape today. It is a highly modular threat with a variety of payloads being delivered. Emotet began purely as a banking trojan, but over the years, has continued to evolve and more recently, has been associated with some larger-scale targeted Ryuk ransomware infections. The primary infection vector remains malicious emails sent as part of widespread spam campaigns. Emotet is commonly delivered via both macro-laden office documents, as well as URL-based spam messages that lead to an eventual infection. These campaigns change and evolve daily, and the supporting infrastructure also changes on a near constant basis. It's not uncommon to see Emotet reuse of some of the command and control (C2) servers over more extended periods. | cb2d2d68d15dadcaedfbb4f23a3b7e20 | a147c22133c753a93dd4475deefb7556611c384d cb2d2d68d15dadcaedfbb4f23a3b7e20 dc8fd580540d103873f23fb8962bfa9f795712fa4703425f46eccc24b1efe765 https://blog.talosintelligence.com/2019/01/return-of-emotet.html |
| M19-k5801 | Vobfus_069ecd8c | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | 069ecd8cef8c5320ad78bb8b90dc0abf | 1c0b4475aab5923044a89dc4f2d5c85a32ead73e 069ecd8cef8c5320ad78bb8b90dc0abf 21ecefddb6898cc39ae277c119f47a84869afa5a798e70dcb58059dcb75c87bb https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-txg01 | Nymaim_14673013 | Windows | This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads. | 14673013def4b7a0b99fe1a48e6be343 | a88541d9517aed407a19df4499e9228f217a6451 14673013def4b7a0b99fe1a48e6be343 1d99c9bfce431b2422370607430efd5b155b76ad58dc615d79076b8e0f2a7e6a https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-k0a01 | Razy_26526076 | Windows | This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan. They collect sensitive information from the infected host, format and encrypt the data, and send it to a C2 server. In this case, some of the samples in certain identified clusters can be attributed as Cerber samples, although the detection remains the same. | 26526076406b6c3d1ffa9c42c8dd566c | 3525304895ed58123639a7dc56a8037649f41006 26526076406b6c3d1ffa9c42c8dd566c 00d74b27e8660696a3e9f23585fd484e01c96c6ce6fed3a06082adffea90423c https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-4jz01 | Vobfus_22ef13b8 | Windows | This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers. | 22ef13b8d0004db6a73d8644adbffd77 | 1b40cd61e8548867a2a837876e56ea7cf05e16cd 22ef13b8d0004db6a73d8644adbffd77 27e3fb1689f0fb0ab76d217909cd52a78dd290ce12a13ffe234542c675769eeb https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-san01 | Bublik_571f2688 | Windows | This strike sends a malware sample known as Bublik. Bublik is a downloader that targets Windows hosts. Although it's primarily used as malware to distribute various banking trojans, it's also capable of extracting and exfiltrating sensitive information from the host. | 571f26886eac0f81b2feefdfcb679d3e | 82bbe04c6b50e778a4dd75151a79db029761908f 571f26886eac0f81b2feefdfcb679d3e 8265acaed3a210ec5999474da742f447a23b407d5a0bc9ce1c42a48f609e6b61 https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| M19-37o01 | Icloader_f50abbc9 | Windows | This strike sends a malware sample known as Icloader. Icloader is a generic malware that largely behaves like adware. The samples are packed and have evasive checks to hinder the analysis and conceal the real activities. This family can inject code in the address space of other processes and upload files to a remote server. | f50abbc9f783c5c4c79cfec44e54f4df | f72695a12a2f07c415e9e7b32c8d052cba194b29 f50abbc9f783c5c4c79cfec44e54f4df 3c603d3673c795fc13f7440c38908ea9cc4283a3d79e9f03bf2bb775162e0a8d https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html |
| Strike ID | Malware | Platform | Info | MD5 | External References |
|---|---|---|---|---|---|
| M19-x8c01 | Win.Trojan.Zegost_ba899b37 | Windows | This strike sends a malware sample known as Win.Trojan.Zegost. Zegost, also known as Zusy, uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe". When the user accesses a banking website, it displays a form to trick the user into submitting personal information. The MD5 hash of this Win.Trojan. | ba899b3713d77dae82af5ecafc902a96 | 00c64213c395b445854561402b479cc168075a6e ba899b3713d77dae82af5ecafc902a96 4bbd00499960ed33e2d9757cb8bb2ee90e8ca51048230c3ece52551af7bc6d58 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-4lu01 | Doc.Malware.Sagent_765a443c | Mixed | This strike sends a malware sample known as Doc.Malware.Sagent. Sagent launches PowerShell through macros in Microsoft Office documents. The PowerShell then downloads unwanted software from remote websites. The MD5 hash of this Doc.Malware. | 765a443cd6926f7ca2bd416c8d036496 | 91d8c4690dc759ebaee0e42650ee44b00d492dad 765a443cd6926f7ca2bd416c8d036496 807a8434cc34fb0b2875b8a8edbad637e29225288e8400c58317d6e50a93a2c7 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-nvc01 | Doc.Malware.Sagent_d0138c06 | Mixed | This strike sends a malware sample known as Doc.Malware.Sagent. Sagent launches PowerShell through macros in Microsoft Office documents. The PowerShell then downloads unwanted software from remote websites. The MD5 hash of this Doc.Malware. | d0138c06ee425ca3dbf3f30f3d51b318 | 302bc2459915e06e4ab2f630863f4f4af628b823 d0138c06ee425ca3dbf3f30f3d51b318 95329196e424d530c8d1871241a630b2bebaf7d7c2ceeda21e1d5634f6fdd721 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-9nt01 | Doc.Malware.Sagent_e88d6161 | Mixed | This strike sends a malware sample known as Doc.Malware.Sagent. Sagent launches PowerShell through macros in Microsoft Office documents. The PowerShell then downloads unwanted software from remote websites. The MD5 hash of this Doc.Malware. | e88d616189ca302f7d2a8b76ecf01f5c | d6ed84cfc60ff530046b2251a6e4970dd8ed8837 e88d616189ca302f7d2a8b76ecf01f5c 4acbd8ebac5a1cfcb72aad7e5f1ff3b21d2541a931964a07de2a50bcb9325121 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-ztf01 | Win.Downloader.Upatre_bfe258a7 | Windows | This strike sends a malware sample known as Win.Downloader.Upatre. Upatre is a trojan that is often delivered through spam emails with malicious attachments or links. It is known to be a downloader and installer for other malware. The MD5 hash of this Win.Downloader. | bfe258a7215e2f3d0a3ab3c98f510ce1 | d5e6205fb580319c504f0ef2479b8075ad9bb13e bfe258a7215e2f3d0a3ab3c98f510ce1 60d0b3f876b5e3e71a670dcfe60e42fef400122b74c63918fc77a35b31acdf93 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-j0x01 | Win.Downloader.Upatre_a3bc7782 | Windows | This strike sends a malware sample known as Win.Downloader.Upatre. Upatre is a trojan that is often delivered through spam emails with malicious attachments or links. It is known to be a downloader and installer for other malware. The MD5 hash of this Win.Downloader. | a3bc7782ae3fca177dc424f90a25afa4 | f43361892954ad872057fb882e5b4c0983623db6 a3bc7782ae3fca177dc424f90a25afa4 429612f20949951f879009fd9843668237baf3aaebd55c645f30e4f08d12e203 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-rrp01 | Doc.Malware.Sagent_857d0373 | Mixed | This strike sends a malware sample known as Doc.Malware.Sagent. Sagent launches PowerShell through macros in Microsoft Office documents. The PowerShell then downloads unwanted software from remote websites. The MD5 hash of this Doc.Malware. | 857d037372a32386212cd35a3072e90c | 1544213f12ee343926cf7debd4d4b131ce7e4ed0 857d037372a32386212cd35a3072e90c 9aaeb10b1fa88e535d1c4d1b4313c0423173489c9e6b90f1922cd86df0c2c316 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-tyw01 | Win.Malware.Emotet_26536222 | Windows | This strike sends a malware sample known as Win.Malware.Emotet. Emotet is a banking trojan that remains relevant due to its ability to evolve and bypass antivirus products. It is commonly spread via malicious email attachments and links. The MD5 hash of this Win.Malware. | 2653622242078de7e4a9d55e66cbcdc6 | 7513efc0bbafb9cc0a7a0d93fdb82190616a97b1 2653622242078de7e4a9d55e66cbcdc6 04353446c29fd35b28ee9b67f8bd44979478501cca7c954753a79c52b68d9037 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-te901 | Win.Virus.Sality_0cba4c7f | Windows | This strike sends a malware sample known as Win.Virus.Sality. Sality is a file infector that establishes a peer-to-peer botnet. Although it's been prevalent for more than a decade, we continue to see new samples that require marginal attention in order to remain consistent with detection. Once a Sality client bypasses perimeter security, its goal is to execute a downloader component capable of executing additional malware. The MD5 hash of this Win.Virus. | 0cba4c7f49a0450529a0642653e919f8 | 792443df0e3720f88445195684ea43fd563ba856 0cba4c7f49a0450529a0642653e919f8 1f747322ea42c2d20d19d3f0b9b2afe1f143910006163a6f08d27b97b2927ff7 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-f1z01 | Win.Virus.Sality_fd922a43 | Windows | This strike sends a malware sample known as Win.Virus.Sality. Sality is a file infector that establishes a peer-to-peer botnet. Although it's been prevalent for more than a decade, we continue to see new samples that require marginal attention in order to remain consistent with detection. Once a Sality client bypasses perimeter security, its goal is to execute a downloader component capable of executing additional malware. The MD5 hash of this Win.Virus. | fd922a43dbc44badfaf21002f33b075b | 62ddccde88b21f2467dcab9aba2d62c074c17156 fd922a43dbc44badfaf21002f33b075b 2012be50bc465db1fee01bcd1183590e9d22a1fb3105efa1005f9da81adc7a5c https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-anp01 | Win.Worm.Lolbot_6504e260 | Windows | This strike sends a malware sample known as Win.Worm.Lolbot. Lolbot, also known as Ganelp, is a family of worms that spread through removable drives. It can download or upload other files onto the targeted system. The MD5 hash of this Win.Worm. | 6504e26013e2f9c42c40d68c2beb3a4b | 001804a2e5eed986ae5defd3d515603d61358926 6504e26013e2f9c42c40d68c2beb3a4b 267b9e6666e9b09cde6d796b51d79ffaf0f99a3093022abaaa6911f7771a0bcf https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-oxr01 | Win.Virus.Sality_d9684f5b | Windows | This strike sends a malware sample known as Win.Virus.Sality. Sality is a file infector that establishes a peer-to-peer botnet. Although it's been prevalent for more than a decade, we continue to see new samples that require marginal attention in order to remain consistent with detection. Once a Sality client bypasses perimeter security, its goal is to execute a downloader component capable of executing additional malware. The MD5 hash of this Win.Virus. | d9684f5be4f0ab8f3028fe85e1e61aa5 | 8b6c94949b389c93c8e8238c4fdb465818f67a65 d9684f5be4f0ab8f3028fe85e1e61aa5 238f6f0376a19f92bfb2e616bac4da36f5eb922e2e93bba8bb61d0a0dfa18f18 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-h3001 | Doc.Malware.Powload_784be399 | Mixed | This strike sends a malware sample known as Doc.Malware.Powload. Powload is a malicious document that uses PowerShell to download malware. This campaign is currently distributing the Emotet malware. The MD5 hash of this Doc.Malware. | 784be3990cdf1c51cf25a7cf9dd53037 | bcf3485392a8f902a2e8084da0d0a7ef850f4dfb 784be3990cdf1c51cf25a7cf9dd53037 581e775919ebf602a88369287a40c6b746ebf0a6e4f631c627091527690ab6c3 https://www.symantec.com/security-center/writeup/2018-030515-3742-99 |
| M19-0p201 | Win.Spyware.Ursnif_98bcb452 | Windows | This strike sends a malware sample known as Win.Spyware.Ursnif. Ursnif is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits. The MD5 hash of this Win.Spyware. | 98bcb452b48ddae2c0298fb7127103de | d6abaa8beb6153ffa3872c720a917fc8a0abf329 98bcb452b48ddae2c0298fb7127103de 96b71c77d4b8470ba1f28abc7f2920afb8ad2887591cf1a487f942a80d5aa053 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-f3n01 | Win.Downloader.Upatre_c14bc6c9 | Windows | This strike sends a malware sample known as Win.Downloader.Upatre. Upatre is a trojan that is often delivered through spam emails with malicious attachments or links. It is known to be a downloader and installer for other malware. The MD5 hash of this Win.Downloader. | c14bc6c9e59c57a676bfb1902cf41d32 | aaee6965a0fc8675b1b773d46d20dc0c109455f7 c14bc6c9e59c57a676bfb1902cf41d32 5914cd64a76b00d7959492292242ddbf42db9664a12f28aa42ee55c9d1a331c5 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-vjq01 | Doc.Malware.Powload_a12595fc | Mixed | This strike sends a malware sample known as Doc.Malware.Powload. Powload is a malicious document that uses PowerShell to download malware. This campaign is currently distributing the Emotet malware. The MD5 hash of this Doc.Malware. | a12595fc7841cacaa41d901d81223cef | a657e1731438a1b3e1b8838f417b7fd685ed24c4 a12595fc7841cacaa41d901d81223cef aa800f12bc65cd7580d5f75a3b19de5333ccba6b81a4d7df58556c7878a4d82a https://www.symantec.com/security-center/writeup/2018-030515-3742-99 |
| M19-mdo02 | Win.Virus.Sality_738719cd | Windows | This strike sends a malware sample known as Win.Virus.Sality. Sality is a file infector that establishes a peer-to-peer botnet. Although it's been prevalent for more than a decade, we continue to see new samples that require marginal attention in order to remain consistent with detection. Once a Sality client bypasses perimeter security, its goal is to execute a downloader component capable of executing additional malware. The MD5 hash of this Win.Virus. | 738719cd23e83321ed899b4e4953e29e | a8ec739208809a3c1f38f0cc3878ab207e75500d 738719cd23e83321ed899b4e4953e29e 03bc456b9c91607a9ace1f4d8121d28f51ea3177bc2198fc3a1d76aab20b3620 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-6s101 | Win.Malware.Emotet_deec9682 | Windows | This strike sends a malware sample known as Win.Malware.Emotet. Emotet is a banking trojan that remains relevant due to its ability to evolve and bypass antivirus products. It is commonly spread via malicious email attachments and links. The MD5 hash of this Win.Malware. | deec96820115769b2cea7c13ee348583 | 5f37263d76ccd25daa11d4a08b26d35446f28559 deec96820115769b2cea7c13ee348583 09dfb7b98eb9d84194c786107af24f345ba98abce2264eb350aaa49ec5f0b2a3 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-e4r01 | Win.Downloader.Upatre_d59d1f6e | Windows | This strike sends a malware sample known as Win.Downloader.Upatre. Upatre is a trojan that is often delivered through spam emails with malicious attachments or links. It is known to be a downloader and installer for other malware. The MD5 hash of this Win.Downloader. | d59d1f6e05e733758075f7b5b410aece | e175f670a1aec6e91930413341c29f42bc397643 d59d1f6e05e733758075f7b5b410aece 4e57fa6fb7d6ba5604b731123416a1c0f57802c4f2f4b639e1cef7734b14156c https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-kz701 | Doc.Malware.Sagent_42fecb8e | Mixed | This strike sends a malware sample known as Doc.Malware.Sagent. Sagent launches PowerShell through macros in Microsoft Office documents. The PowerShell then downloads unwanted software from remote websites. The MD5 hash of this Doc.Malware. | 42fecb8ec565a9e9788310569931373a | cde49d9bed3e3e3e5d9804faa23dd30840fb69ce 42fecb8ec565a9e9788310569931373a 9dae1c9ef8a1bad9c6d708cef1e3f156eb634f406af397c55fca0fd3763311c2 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-5iq01 | Win.Packed.Johnnie_a313c8e2 | Windows | This strike sends a malware sample known as Win.Packed.Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture - Packed. The MD5 hash of this Win.Packed. | a313c8e2094afb7100b2fecccc84e1e5 | 05510b719bdd4d1ee663d90364702a68657a6db4 a313c8e2094afb7100b2fecccc84e1e5 a94bc5d6fa3117328c19a9da7325a788ffc89ad481e63e761e875f10ee1910bc https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-mdo01 | Doc.Malware.Sagent_24060873 | Mixed | This strike sends a malware sample known as Doc.Malware.Sagent. Sagent launches PowerShell through macros in Microsoft Office documents. The PowerShell then downloads unwanted software from remote websites. The MD5 hash of this Doc.Malware. | 240608736420f2946b257df232598bfa | ea43688fa4c1ec5ad05aeb71d40633c578d8f450 240608736420f2946b257df232598bfa 3382c6cad4e8edd4f9423bfb6a7c0b2404386274280b9dbc09da6b40c3a976c0 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-hwh01 | Win.Malware.Emotet_41b4ce5f | Windows | This strike sends a malware sample known as Win.Malware.Emotet. Emotet is a banking trojan that remains relevant due to its ability to evolve and bypass antivirus products. It is commonly spread via malicious email attachments and links. The MD5 hash of this Win.Malware. | 41b4ce5f412b0ae3ce3293e4897e8950 | 31b6d08f9cf48f2553988c689c09aad2ebfd8e52 41b4ce5f412b0ae3ce3293e4897e8950 0e0838d60693a9fe803d104f97b1513781460a3e0eeedc0add12d9cab9d57b89 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-42p01 | Win.Virus.Sality_7df1eb75 | Windows | This strike sends a malware sample known as Win.Virus.Sality. Sality is a file infector that establishes a peer-to-peer botnet. Although it's been prevalent for more than a decade, we continue to see new samples that require marginal attention in order to remain consistent with detection. Once a Sality client bypasses perimeter security, its goal is to execute a downloader component capable of executing additional malware. The MD5 hash of this Win.Virus. | 7df1eb752779d0f01771ce1f46cf3052 | 475588823138edd96235dbe945a593c3d4f952b5 7df1eb752779d0f01771ce1f46cf3052 0a8bd011f75fc337eba89d7aa95f293999ca5aa086357abe96555266d952b883 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-sli01 | Doc.Malware.Sagent_a90ba04f | Mixed | This strike sends a malware sample known as Doc.Malware.Sagent. Sagent launches PowerShell through macros in Microsoft Office documents. The PowerShell then downloads unwanted software from remote websites. The MD5 hash of this Doc.Malware. | a90ba04f3ebc6c1d4de052d6bb74a5d3 | 4d329782d3b947cec07f0cee1f026a400d7ccb75 a90ba04f3ebc6c1d4de052d6bb74a5d3 934acd0d0bb2e9dd8c533594fc5b883a5542a7cbfc967a64243810124ae1193d https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-wxj01 | Win.Trojan.Zegost_0549226d | Windows | This strike sends a malware sample known as Win.Trojan.Zegost. Zegost, also known as Zusy, uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe". When the user accesses a banking website, it displays a form to trick the user into submitting personal information. The MD5 hash of this Win.Trojan. | 0549226d65ea6fe26f100b5c16bd10b6 | 00d36e52f930dd267433fa4b03ce6d77e9a02b87 0549226d65ea6fe26f100b5c16bd10b6 50e3c05c87924d9d27772292c30e4c354a5efa1fdc84fad626418d6cca306de8 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-e3z01 | Win.Downloader.Upatre_6b43d474 | Windows | This strike sends a malware sample known as Win.Downloader.Upatre. Upatre is a trojan that is often delivered through spam emails with malicious attachments or links. It is known to be a downloader and installer for other malware. The MD5 hash of this Win.Downloader. | 6b43d4741c94fdc06b47077ee4bf71d6 | a1391c7e11206db35668c56bee940e75ec61336c 6b43d4741c94fdc06b47077ee4bf71d6 78d18fd4a7d66bd3c6c7b7a6b962f115a1059d7587e933b295621ee4b46813ef https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-r5g01 | Win.Downloader.Upatre_c84484b3 | Windows | This strike sends a malware sample known as Win.Downloader.Upatre. Upatre is a trojan that is often delivered through spam emails with malicious attachments or links. It is known to be a downloader and installer for other malware. The MD5 hash of this Win.Downloader. | c84484b3e8fb25ea2a151320473b3efd | c4a143816eb30be13354407a433e555207556aad c84484b3e8fb25ea2a151320473b3efd 7266abbcf661e5648958d321114eadd09b05fa00cf7ba67610fbcc97cf5d8094 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-3wk01 | Win.Malware.Emotet_dc6697d9 | Windows | This strike sends a malware sample known as Win.Malware.Emotet. Emotet is a banking trojan that remains relevant due to its ability to evolve and bypass antivirus products. It is commonly spread via malicious email attachments and links. The MD5 hash of this Win.Malware. | dc6697d94912ca70de32d8bd7717bd50 | 1f8c869748933bc8c9a69cb25c3f0ea3f8071075 dc6697d94912ca70de32d8bd7717bd50 0a05e728e40d80db4159ced8760ade6cc66cd1d1c3187bc389801f975ea356a5 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-8o701 | Win.Downloader.Upatre_cc062e22 | Windows | This strike sends a malware sample known as Win.Downloader.Upatre. Upatre is a trojan that is often delivered through spam emails with malicious attachments or links. It is known to be a downloader and installer for other malware. The MD5 hash of this Win.Downloader. | cc062e225920984ee70c8ccd233e08d9 | 00c0d58f2b7985ba9ef8b8aec5ad204ca1fd9cc8 cc062e225920984ee70c8ccd233e08d9 68f21b90a6486f1288e88f5e00fe69bb35dba3fadba68212c226d4661d6cd6e2 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-f2s01 | Win.Worm.Lolbot_bcc840ee | Windows | This strike sends a malware sample known as Win.Worm.Lolbot. Lolbot, also known as Ganelp, is a family of worms that spread through removable drives. It can download or upload other files onto the targeted system. The MD5 hash of this Win.Worm. | bcc840eea406de8f50c1d4e4204fdbbe | 0040bd3d1458363ec8032c0f15ec6df99f8a0d8b bcc840eea406de8f50c1d4e4204fdbbe 2e17c234a7bf0d01b1617e2fb93599a9079b2738b44f10f99f6fdc9e9866cf16 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-o7201 | Win.Spyware.Ursnif_4e765cdc | Windows | This strike sends a malware sample known as Win.Spyware.Ursnif. Ursnif is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits. The MD5 hash of this Win.Spyware. | 4e765cdcdbe016058360b677d41de680 | f6789a1501563440880cbbe1b8eac1313c339c74 4e765cdcdbe016058360b677d41de680 7e579e63a579a730d05b2bae1f1fbea0532f8ea9f916f76f59bd1c2475a6f59e https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-bh201 | Win.Downloader.Upatre_ad20b3d5 | Windows | This strike sends a malware sample known as Win.Downloader.Upatre. Upatre is a trojan that is often delivered through spam emails with malicious attachments or links. It is known to be a downloader and installer for other malware. The MD5 hash of this Win.Downloader. | ad20b3d5c056981c2d98db0a1f490f1b | b690ac520add1cbb2a56db8516d367cf95fd0a96 ad20b3d5c056981c2d98db0a1f490f1b 3ef053f471053ead09f9b6dd0e54d13d64c83b5cb8141a8bece7acc66b61cca7 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-6cr01 | Win.Trojan.Zegost_0e57b311 | Windows | This strike sends a malware sample known as Win.Trojan.Zegost. Zegost, also known as Zusy, uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe". When the user accesses a banking website, it displays a form to trick the user into submitting personal information. The MD5 hash of this Win.Trojan. | 0e57b3118e8d35a483e60a5df8d79c83 | 00d9a36a8de4399c2e647826fb6729b5525c9956 0e57b3118e8d35a483e60a5df8d79c83 0e3285bd2185663e1edbe7f203f325254d0f759c1a413fa363aa53500d097804 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-bs901 | Win.Trojan.Ircbot_5150cb73 | Windows | This strike sends a malware sample known as Win.Trojan.Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. The MD5 hash of this Win.Trojan. | 5150cb73a7fcbe222d0e296ffeb0651b | 05bc7c4319401a8da687e313f07cd1f687d40259 5150cb73a7fcbe222d0e296ffeb0651b 74c26ab8808722b5e7ca5c5039b6d0dc46e45d3f12652e280257796a8dc55a13 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-90k01 | Win.Malware.Emotet_2d97dd67 | Windows | This strike sends a malware sample known as Win.Malware.Emotet. Emotet is a banking trojan that remains relevant due to its ability to evolve and bypass antivirus products. It is commonly spread via malicious email attachments and links. The MD5 hash of this Win.Malware. | 2d97dd67ac577fd16c3270b515535b07 | dad8e231ce4efb1706f1caa65ff393da725abc68 2d97dd67ac577fd16c3270b515535b07 04c3f1590c9e9389582e21d7711379cab42d460433a2918bb888ce941bcfeedd https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-a8m01 | Win.Downloader.Upatre_a374f77b | Windows | This strike sends a malware sample known as Win.Downloader.Upatre. Upatre is a trojan that is often delivered through spam emails with malicious attachments or links. It is known to be a downloader and installer for other malware. The MD5 hash of this Win.Downloader. | a374f77b87ac8efc710602af8a8b3da4 | 09d801fee5af8fd9cc01563153485d477dc3563b a374f77b87ac8efc710602af8a8b3da4 0b9fbbdcc9efc61347e0f0c483098d42ec98a6111a8009e5e5ff1447a82e1687 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-e8g01 | Doc.Malware.Sagent_dc91b8a0 | Mixed | This strike sends a malware sample known as Doc.Malware.Sagent. Sagent launches PowerShell through macros in Microsoft Office documents. The PowerShell then downloads unwanted software from remote websites. The MD5 hash of this Doc.Malware. | dc91b8a04b50aa911653077c43bb21c4 | 9a4abdd3718bab67193f98ff4aabf1e21254172f dc91b8a04b50aa911653077c43bb21c4 2ad4db5a367762fcde6ddaffc4159f16f82c15d0af81b17d445327acfdc896ed https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-14r01 | Win.Malware.Emotet_dd7e4f22 | Windows | This strike sends a malware sample known as Win.Malware.Emotet. Emotet is a banking trojan that remains relevant due to its ability to evolve and bypass antivirus products. It is commonly spread via malicious email attachments and links. The MD5 hash of this Win.Malware. | dd7e4f225c207dbdc9c39878aa2e3b79 | 5e5e09c80e9400cba106a8cb85911de43ef7b59c dd7e4f225c207dbdc9c39878aa2e3b79 16d620b02bdf396a3992dc4b2ef8d2508924303e4c013e1fbb49921470008516 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-1u901 | Win.Downloader.Upatre_dfd8d07c | Windows | This strike sends a malware sample known as Win.Downloader.Upatre. Upatre is a trojan that is often delivered through spam emails with malicious attachments or links. It is known to be a downloader and installer for other malware. The MD5 hash of this Win.Downloader. | dfd8d07ccec3e4fdd5b01902b943a35a | 3c1456949f5ed83a90f56f9ba8fda3387d0648eb dfd8d07ccec3e4fdd5b01902b943a35a 285311d3a4d8608b94d4b3cccf3b9af094b5cdb51f7f92820b3b5bda8252137d https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-b3d01 | Doc.Malware.Powload_0bf7188e | Mixed | This strike sends a malware sample known as Doc.Malware.Powload. Powload is a malicious document that uses PowerShell to download malware. This campaign is currently distributing the Emotet malware. The MD5 hash of this Doc.Malware. | 0bf7188e29fb45c6d5f260bf7b854dc4 | 21fed4b0baa3aa665576eee7b3b4d34fcaff1d7c 0bf7188e29fb45c6d5f260bf7b854dc4 016449ce658b591c81a660cdf3aa38bfff92a5f107ba172c31e127954b36e344 https://www.symantec.com/security-center/writeup/2018-030515-3742-99 |
| M19-jkr01 | Win.Malware.Emotet_f4e6adc8 | Windows | This strike sends a malware sample known as Win.Malware.Emotet. Emotet is a banking trojan that remains relevant due to its ability to evolve and bypass antivirus products. It is commonly spread via malicious email attachments and links. The MD5 hash of this Win.Malware. | f4e6adc88ece59d0c06f499c1a693068 | 42e814d79f84401b32a5de7317a521ed3f9123f0 f4e6adc88ece59d0c06f499c1a693068 07a40319b4eab80ad4bc5ddd1d326b380fbd84cb5695436ad973026f10b2ffcf https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-mnt01 | Doc.Malware.Sagent_6561ffaf | Mixed | This strike sends a malware sample known as Doc.Malware.Sagent. Sagent launches PowerShell through macros in Microsoft Office documents. The PowerShell then downloads unwanted software from remote websites. The MD5 hash of this Doc.Malware. | 6561ffaf67820573d6f2cef5cb4bbd31 | 134f0eea609dd3d509628d762e8b172f9350bac2 6561ffaf67820573d6f2cef5cb4bbd31 3ca90d5bcf6aa92241dbfd3974542febbf325d25458643f2705fa71233445213 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-85w01 | Win.Worm.Lolbot_6e94f6d5 | Windows | This strike sends a malware sample known as Win.Worm.Lolbot. Lolbot, also known as Ganelp, is a family of worms that spread through removable drives. It can download or upload other files onto the targeted system. The MD5 hash of this Win.Worm. | 6e94f6d55f25b1a38a8b120ccd1120be | 00309381dcb77d3deacfdec719473b90466a8cf0 6e94f6d55f25b1a38a8b120ccd1120be 0e0a1358dd6c7c66d29afbd16571e2357b4b8b85bf38871220b0a5e35dd0722f https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-gn401 | Win.Downloader.Upatre_cc3df88f | Windows | This strike sends a malware sample known as Win.Downloader.Upatre. Upatre is a trojan that is often delivered through spam emails with malicious attachments or links. It is known to be a downloader and installer for other malware. The MD5 hash of this Win.Downloader. | cc3df88fae04dfef24285a9d0458d662 | adeca36149b91da51f125a7227635a84fc2dc357 cc3df88fae04dfef24285a9d0458d662 0008e3366cdb87658cde4f85f0e5741be774af2694012c5f8502c1d51759dee2 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-lu701 | Doc.Malware.Powload_a29f5ae3 | Mixed | This strike sends a malware sample known as Doc.Malware.Powload. Powload is a malicious document that uses PowerShell to download malware. This campaign is currently distributing the Emotet malware. The MD5 hash of this Doc.Malware. | a29f5ae3bdf57756544a8d376821de3a | 87d39d0c0a56ff4cca521e202b23f2778dad8df0 a29f5ae3bdf57756544a8d376821de3a 38e53d78bb20c1475bb99e81348df948a7a2a7c54e553f7a07297e53de59ea15 https://www.symantec.com/security-center/writeup/2018-030515-3742-99 |
| M19-1oz01 | Win.Malware.Emotet_78cd1fea | Windows | This strike sends a malware sample known as Win.Malware.Emotet. Emotet is a banking trojan that remains relevant due to its ability to evolve and bypass antivirus products. It is commonly spread via malicious email attachments and links. The MD5 hash of this Win.Malware. | 78cd1fea1e228624fbe9e5a8bfd22803 | 1098e786ecd9c38807ca0260254c29d2b9ac4fd2 78cd1fea1e228624fbe9e5a8bfd22803 0e5731849a5274705251a772b9cfc527d4646e5af1d0d8a9c0dc536d3a60ef73 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-xil01 | Win.Malware.Emotet_452ebe0c | Windows | This strike sends a malware sample known as Win.Malware.Emotet. Emotet is a banking trojan that remains relevant due to its ability to evolve and bypass antivirus products. It is commonly spread via malicious email attachments and links. The MD5 hash of this Win.Malware. | 452ebe0c7cf92472c289347b902df6da | f025fe3cde6a970c5e41ad803fe82effe4f4e238 452ebe0c7cf92472c289347b902df6da 11c6c26f9d485fa833fc457cc51a99e9b772c36816fc6c3bd55d3cd10b3722be https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-dsg01 | Win.Virus.Sality_bb3d92be | Windows | This strike sends a malware sample known as Win.Virus.Sality. Sality is a file infector that establishes a peer-to-peer botnet. Although it's been prevalent for more than a decade, we continue to see new samples that require marginal attention in order to remain consistent with detection. Once a Sality client bypasses perimeter security, its goal is to execute a downloader component capable of executing additional malware. The MD5 hash of this Win.Virus. | bb3d92be19dd7106a1fbd8fdde8db2ea | f76ded55ba6f89d5021a44fab7a7923d592ff3ae bb3d92be19dd7106a1fbd8fdde8db2ea 06e4245cf5a76061587820f25a5d019663b63cca431e9bb43095d6c09b25a3ea https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-9zs01 | Win.Malware.Emotet_e73d3446 | Windows | This strike sends a malware sample known as Win.Malware.Emotet. Emotet is a banking trojan that remains relevant due to its ability to evolve and bypass antivirus products. It is commonly spread via malicious email attachments and links. The MD5 hash of this Win.Malware. | e73d3446c078f7b64109149043a26cb4 | 3a5a240bd2264666199ab954308def0ad120c9bc e73d3446c078f7b64109149043a26cb4 0b664accc6898a9c073ca27deb58abaa597477d88c54559439f9a92a45f8d055 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-srn01 | Win.Trojan.Ircbot_34cbb119 | Windows | This strike sends a malware sample known as Win.Trojan.Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. The MD5 hash of this Win.Trojan. | 34cbb11970cd5bac1cf4548b9367af64 | a3bff37bf19a9e4d240fb8b929dc6625a8c4ef6d 34cbb11970cd5bac1cf4548b9367af64 6dee684652d14ded24772bc07f146dbd7eee3784dc190cb374b9e78ebbf8a47a https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-54q01 | Doc.Malware.Powload_92d21ee9 | Mixed | This strike sends a malware sample known as Doc.Malware.Powload. Powload is a malicious document that uses PowerShell to download malware. This campaign is currently distributing the Emotet malware. The MD5 hash of this Doc.Malware. | 92d21ee9a0a266c347d7a2d9ccc7d7d7 | 0474bede5cffd1a54d408957f4f674cd8c4b8ab6 92d21ee9a0a266c347d7a2d9ccc7d7d7 c7cb43c0854e5691b41f80496be003f9c1741e2921e5ee039645e220190162a2 https://www.symantec.com/security-center/writeup/2018-030515-3742-99 |
| M19-rk601 | Doc.Malware.Sagent_97558420 | Mixed | This strike sends a malware sample known as Doc.Malware.Sagent. Sagent launches PowerShell through macros in Microsoft Office documents. The PowerShell then downloads unwanted software from remote websites. The MD5 hash of this Doc.Malware. | 97558420bce7f69458681b6545b663a6 | 2e2342d4c26fccce9e2ecb3fed39bc97142f8033 97558420bce7f69458681b6545b663a6 219520e560a9eb432aba9d319c3c959ff9fe3f4a3ed9eb7f34ff13d1f8fdeaa1 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-nud01 | Doc.Malware.Sagent_04b32128 | Mixed | This strike sends a malware sample known as Doc.Malware.Sagent. Sagent launches PowerShell through macros in Microsoft Office documents. The PowerShell then downloads unwanted software from remote websites. The MD5 hash of this Doc.Malware. | 04b321281ca5bcef2cc3e6959006a534 | b384524fb3cf25588f9547108ab2ddd336a6ee27 04b321281ca5bcef2cc3e6959006a534 210999842efd1221eb1973f2f18bdc8e8764ee19bba2680ac931edb357c72c29 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-ne701 | Doc.Malware.Sagent_36805fe8 | Mixed | This strike sends a malware sample known as Doc.Malware.Sagent. Sagent launches PowerShell through macros in Microsoft Office documents. The PowerShell then downloads unwanted software from remote websites. The MD5 hash of this Doc.Malware. | 36805fe80b2d32095a6e499621c643cf | 137886514ada7537a6a158f2065a2c5a8fba245a 36805fe80b2d32095a6e499621c643cf 20d9a0f8fe27a43d9d99fd593c8d8af9b9799172c5b7179aa5a8cd2219de3b28 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-aio01 | Win.Trojan.Ircbot_454e1558 | Windows | This strike sends a malware sample known as Win.Trojan.Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. The MD5 hash of this Win.Trojan. | 454e15581b81c3f52394ed772eaf48a3 | 255a5dfb89a67df0c64a4ecd1f6a09233b86f30c 454e15581b81c3f52394ed772eaf48a3 a7b0b3b373bd6adce3210d3c3118ec0c0049cd6902289f649e7157469fe05352 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-65b01 | Win.Worm.Lolbot_edfdecc9 | Windows | This strike sends a malware sample known as Win.Worm.Lolbot. Lolbot, also known as Ganelp, is a family of worms that spread through removable drives. It can download or upload other files onto the targeted system. The MD5 hash of this Win.Worm. | edfdecc972ee23f6bd331c1b098082ac | 0068b75a20a764a3f7efb3f1a4f7d0e74333850b edfdecc972ee23f6bd331c1b098082ac 0a3420da8bad37f8a52b24ec71c75d28df84ffb22c95e39ddf2aeb2d7a8a4ec0 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-3jk01 | Win.Trojan.Ircbot_ef6c125b | Windows | This strike sends a malware sample known as Win.Trojan.Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. The MD5 hash of this Win.Trojan. | ef6c125b1c89ade0e5e35c889666eba5 | 9b0f6f01f4b84ee6fc80a3dc5c1ef9355084084a ef6c125b1c89ade0e5e35c889666eba5 098b522b3df96f6b103801ff0f146c197b9bc16fb4a82c2e35077f0ee9d60f40 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-rjv01 | Win.Trojan.Zegost_b8d82968 | Windows | This strike sends a malware sample known as Win.Trojan.Zegost. Zegost, also known as Zusy, uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe". When the user accesses a banking website, it displays a form to trick the user into submitting personal information. The MD5 hash of this Win.Trojan. | b8d82968643089fe07e3d9c7e7c598bc | 00658c866c26694cda002ea2c222a0a5c1bbcf24 b8d82968643089fe07e3d9c7e7c598bc 576b404322cb8b14cc0947e2448e17c484270e980fa10a2d04a268acdf009cd8 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-kpn01 | Doc.Malware.Sagent_d0f28d95 | Mixed | This strike sends a malware sample known as Doc.Malware.Sagent. Sagent launches PowerShell through macros in Microsoft Office documents. The PowerShell then downloads unwanted software from remote websites. The MD5 hash of this Doc.Malware. | d0f28d95ccf9bb7298e836628b6cff3a | 213346d810f73c1c066df516357f7e171dac2fe9 d0f28d95ccf9bb7298e836628b6cff3a 4aa3fa1ef3642be02826ef9466eaf90427857dcdaaca6b7086b842527376f6fa https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-8yj01 | Doc.Malware.Sagent_9d134ee5 | Mixed | This strike sends a malware sample known as Doc.Malware.Sagent. Sagent launches PowerShell through macros in Microsoft Office documents. The PowerShell then downloads unwanted software from remote websites. The MD5 hash of this Doc.Malware. | 9d134ee500a614a3b0b604377eee92b7 | 6bc645e2d708eec082f6f602c1ad7d02ce932f9b 9d134ee500a614a3b0b604377eee92b7 57b90075a2a9821278a1ce760e5fd36f35f5ff5e768bef60f04aa4ac3741bc9d https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-55j01 | Win.Virus.Sality_f2047453 | Windows | This strike sends a malware sample known as Win.Virus.Sality. Sality is a file infector that establishes a peer-to-peer botnet. Although it's been prevalent for more than a decade, we continue to see new samples that require marginal attention in order to remain consistent with detection. Once a Sality client bypasses perimeter security, its goal is to execute a downloader component capable of executing additional malware. The MD5 hash of this Win.Virus. | f2047453e06bf1f22cece2237703cf23 | c6733c25519658ad5737e9c5c060505384ac5751 f2047453e06bf1f22cece2237703cf23 1a93a65e01aecd981c300f7877d51c1b4907fccb4acced53c3e70bb7c1884e61 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-nx501 | Doc.Malware.Sagent_bd98f225 | Mixed | This strike sends a malware sample known as Doc.Malware.Sagent. Sagent launches PowerShell through macros in Microsoft Office documents. The PowerShell then downloads unwanted software from remote websites. The MD5 hash of this Doc.Malware. | bd98f2259581cf698a3d85b6097005ce | a9d39148e10c1fdf92735fd2c739f4c7a9825d23 bd98f2259581cf698a3d85b6097005ce 2ce7330a70040737397b483674680e27bcbdc67390dc64df11319539f15d4c79 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-2c501 | Win.Trojan.Zegost_aa8f9a4b | Windows | This strike sends a malware sample known as Win.Trojan.Zegost. Zegost, also known as Zusy, uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe". When the user accesses a banking website, it displays a form to trick the user into submitting personal information. The MD5 hash of this Win.Trojan. | aa8f9a4b6635c9f9584632440ade121d | 000b46546c66c6a6883dd060a5307f36115b6584 aa8f9a4b6635c9f9584632440ade121d 0f9eedb0084fa1734391818b6157e2b75fb58c81d63444e30dc3591930266e7e https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-7e101 | Win.Virus.Sality_411196e5 | Windows | This strike sends a malware sample known as Win.Virus.Sality. Sality is a file infector that establishes a peer-to-peer botnet. Although it's been prevalent for more than a decade, we continue to see new samples that require marginal attention in order to remain consistent with detection. Once a Sality client bypasses perimeter security, its goal is to execute a downloader component capable of executing additional malware. The MD5 hash of this Win.Virus. | 411196e577330d58183f57210d38d61b | c8cb971bb248a33554fb690af25b4afeb98d576c 411196e577330d58183f57210d38d61b 02e195243af5923dae171d824b63a3d25a2538bc596a971273eb30b0a920b9e5 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-u0c01 | Win.Virus.Sality_97cc1c62 | Windows | This strike sends a malware sample known as Win.Virus.Sality. Sality is a file infector that establishes a peer-to-peer botnet. Although it's been prevalent for more than a decade, we continue to see new samples that require marginal attention in order to remain consistent with detection. Once a Sality client bypasses perimeter security, its goal is to execute a downloader component capable of executing additional malware. The MD5 hash of this Win.Virus. | 97cc1c62251c7926dff97f7409e651a2 | c0d58f00b9259229de8beb63590d2210c34b77f3 97cc1c62251c7926dff97f7409e651a2 0c0999de8b07c0e231326c88f991d068f6d56d9e85a2c386a09ccf2eb8be9ebf https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-78m01 | Doc.Malware.Powload_d378f22b | Mixed | This strike sends a malware sample known as Doc.Malware.Powload. Powload is a malicious document that uses PowerShell to download malware. This campaign is currently distributing the Emotet malware. The MD5 hash of this Doc.Malware. | d378f22bc40b76989128d7169f61c0c6 | 609ce57d790b8c7f66daaf09fce4061e29d6adae d378f22bc40b76989128d7169f61c0c6 33bc3b2d5e4464eb9a12fcbdd7a4dc0a6e7c02f3e2149325f473e1d59c019022 https://www.symantec.com/security-center/writeup/2018-030515-3742-99 |
| M19-0v201 | Win.Downloader.Upatre_131728e6 | Windows | This strike sends a malware sample known as Win.Downloader.Upatre. Upatre is a trojan that is often delivered through spam emails with malicious attachments or links. It is known to be a downloader and installer for other malware. The MD5 hash of this Win.Downloader. | 131728e6f25293c1cb9712bee74fcd4f | d826189c7ce6e54a22f7edd494128928ffff38c5 131728e6f25293c1cb9712bee74fcd4f 26b32472bb1a256a74573ec41e62fd871bb4ea756e4e8d57a941a032f6f405cd https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-8jp01 | Win.Trojan.Zegost_c60dd861 | Windows | This strike sends a malware sample known as Win.Trojan.Zegost. Zegost, also known as Zusy, uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe". When the user accesses a banking website, it displays a form to trick the user into submitting personal information. The MD5 hash of this Win.Trojan. | c60dd86193326947dd5eef9cc08b7045 | 003a942899af6f2e047d84b06cd0e1244325cf1a c60dd86193326947dd5eef9cc08b7045 59825f1890c3055bfcc4a989da45f172fd7ef283afcb84ef8f0d521bb2973c68 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-p0d01 | Win.Virus.Sality_07c62f34 | Windows | This strike sends a malware sample known as Win.Virus.Sality. Sality is a file infector that establishes a peer-to-peer botnet. Although it's been prevalent for more than a decade, we continue to see new samples that require marginal attention in order to remain consistent with detection. Once a Sality client bypasses perimeter security, its goal is to execute a downloader component capable of executing additional malware. The MD5 hash of this Win.Virus. | 07c62f3429ec80f40704793f2e0a460c | 8f36d52826d3606adf9c9c4d8f8ddd97e4036f62 07c62f3429ec80f40704793f2e0a460c 16e8fc998564cd4272795782a371fad13fca160f9427f85e0a8591d56c9a5248 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-5ec01 | Win.Virus.Sality_db5394a7 | Windows | This strike sends a malware sample known as Win.Virus.Sality. Sality is a file infector that establishes a peer-to-peer botnet. Although it's been prevalent for more than a decade, we continue to see new samples that require marginal attention in order to remain consistent with detection. Once a Sality client bypasses perimeter security, its goal is to execute a downloader component capable of executing additional malware. The MD5 hash of this Win.Virus. | db5394a7456c7e3c5e3e7e1d19f11947 | 151574ed9cbf86a510b999fff311b276ef5dfc64 db5394a7456c7e3c5e3e7e1d19f11947 13971272ef6b82c6b5ef9de3eb33f2dc439048c4eacd388faf2de37d89d25bb1 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-ej701 | Doc.Malware.Powload_4169c853 | Mixed | This strike sends a malware sample known as Doc.Malware.Powload. Powload is a malicious document that uses PowerShell to download malware. This campaign is currently distributing the Emotet malware. The MD5 hash of this Doc.Malware. | 4169c853215f129fbf7c5015f972a831 | 16739417d0a0e251e87a875da661331aeebfca74 4169c853215f129fbf7c5015f972a831 28cf4ee192bfbf24ef0bc9a8eff889501ddaf08031c4c369035ddeec949e2879 https://www.symantec.com/security-center/writeup/2018-030515-3742-99 |
| M19-g4601 | Doc.Malware.Sagent_ecd78e75 | Mixed | This strike sends a malware sample known as Doc.Malware.Sagent. Sagent launches PowerShell through macros in Microsoft Office documents. The PowerShell then downloads unwanted software from remote websites. The MD5 hash of this Doc.Malware. | ecd78e7520917bc2eb45412667b1275e | a0b15d9163eda8ac0cb12b388c80ec26b2b6d08f ecd78e7520917bc2eb45412667b1275e 37e0df1c725974d8842dbfd1c97c2808174bb13507008056d71acf5dcb16be86 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-pig01 | Win.Trojan.Ircbot_c18b48b9 | Windows | This strike sends a malware sample known as Win.Trojan.Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. The MD5 hash of this Win.Trojan. | c18b48b9903903f7e18d96fb8b4809b2 | 55a7f6ec12b1e315e41f1bb173c97cd50516f7f0 c18b48b9903903f7e18d96fb8b4809b2 6fc943a77694773debde1e6ae93ec51692568fff0adc7a2d00b424021b97f405 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-mp201 | Win.Trojan.Ircbot_d22408e7 | Windows | This strike sends a malware sample known as Win.Trojan.Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. The MD5 hash of this Win.Trojan. | d22408e751e2d8ea131aebf0486e0fdf | 4b3b240763ccfe196a0260640fb618843dd825ec d22408e751e2d8ea131aebf0486e0fdf 774507352a7a4e7cf2ecb254e3b4a3e0b91fa9535d7aa823257a24e16a852bc4 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-wh401 | Win.Downloader.Upatre_c82fbffd | Windows | This strike sends a malware sample known as Win.Downloader.Upatre. Upatre is a trojan that is often delivered through spam emails with malicious attachments or links. It is known to be a downloader and installer for other malware. The MD5 hash of this Win.Downloader. | c82fbffdf08424ae6d126ee9dd8e3499 | 65eaeaa80077676594db73501caa92baebed6157 c82fbffdf08424ae6d126ee9dd8e3499 1af0f85fde6d7365d4a97557f244cd95138a9803c2761d224fccc0eb0b4ad98e https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-4a601 | Win.Downloader.Upatre_da578680 | Windows | This strike sends a malware sample known as Win.Downloader.Upatre. Upatre is a trojan that is often delivered through spam emails with malicious attachments or links. It is known to be a downloader and installer for other malware. The MD5 hash of this Win.Downloader. | da5786807d829e8e1b59f8404e838e01 | 7a80fc95125652859b3e914a5dc5d532dbe30492 da5786807d829e8e1b59f8404e838e01 4e7249b5bab1568c6f288313c0fae32350aaa909cae234618a5cf2d63a55b9b0 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-0c601 | Win.Trojan.Zegost_25ba04fd | Windows | This strike sends a malware sample known as Win.Trojan.Zegost. Zegost, also known as Zusy, uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe". When the user accesses a banking website, it displays a form to trick the user into submitting personal information. The MD5 hash of this Win.Trojan. | 25ba04fdd5ea4208cccd01e0cd3e15bf | 006f386c0892d9c86ed20012bdf70efe70f4acf1 25ba04fdd5ea4208cccd01e0cd3e15bf 1a0dfd0200c9abb101547047c1a3d2384748a7bce2cdd296068b093aa383ff66 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-fw001 | Win.Trojan.Ircbot_c6aa057e | Windows | This strike sends a malware sample known as Win.Trojan.Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. The MD5 hash of this Win.Trojan. | c6aa057ec48eb19f4f26f5f676a4ae63 | cb240d7f1dfad28c2a7a549aea5ef02a863638f0 c6aa057ec48eb19f4f26f5f676a4ae63 b64ce6c5e89b60d7869621e53f9af3081d32b36ae60f38e7e9ea0db0507875b7 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-fov01 | Win.Downloader.Upatre_ae0bfa91 | Windows | This strike sends a malware sample known as Win.Downloader.Upatre. Upatre is a trojan that is often delivered through spam emails with malicious attachments or links. It is known to be a downloader and installer for other malware. The MD5 hash of this Win.Downloader. | ae0bfa91ef99718e907f7168781021a3 | 6844a232b3a8263a6dc672b0a43a0edee7faec53 ae0bfa91ef99718e907f7168781021a3 83fb58f507b34a716b4e2a7b7edfcd184d64ec7577e2fe2c4cf26aaf2ab2ec46 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-j9z01 | Win.Virus.Sality_2ffc4ce1 | Windows | This strike sends a malware sample known as Win.Virus.Sality. Sality is a file infector that establishes a peer-to-peer botnet. Although it's been prevalent for more than a decade, we continue to see new samples that require marginal attention in order to remain consistent with detection. Once a Sality client bypasses perimeter security, its goal is to execute a downloader component capable of executing additional malware. The MD5 hash of this Win.Virus. | 2ffc4ce1350df17135cd4b09288308d4 | 09337c7b0b7dfe22e7fad1435a106a9ce4069345 2ffc4ce1350df17135cd4b09288308d4 11b75d4bb7cdc3938d884da59da1885e70b8bc995bbf528ffd1c02d5876214f8 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-ort01 | Doc.Malware.Sagent_3dd637b2 | Mixed | This strike sends a malware sample known as Doc.Malware.Sagent. Sagent launches PowerShell through macros in Microsoft Office documents. The PowerShell then downloads unwanted software from remote websites. The MD5 hash of this Doc.Malware. | 3dd637b2cef1891b4f1c889d8c1dde0e | dd1e464a08c46a63221477b02cb7c882948e13ba 3dd637b2cef1891b4f1c889d8c1dde0e 58972ab31449176f9d62c6b35bcd63843cbeeb099b374e56b2c1cda373fb880b https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-ndw01 | Win.Worm.Lolbot_52909b2a | Windows | This strike sends a malware sample known as Win.Worm.Lolbot. Lolbot, also known as Ganelp, is a family of worms that spread through removable drives. It can download or upload other files onto the targeted system. The MD5 hash of this Win.Worm. | 52909b2a7a17f266f69fb37b4276e7ee | 00008da9afcd1486fe7a67f289248e11bfc4441c 52909b2a7a17f266f69fb37b4276e7ee 2423ed1c57586490516169d783bb380c7a2031d5339aba4bf297d6330dd2a811 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-yz901 | Win.Trojan.Ircbot_a04103c8 | Windows | This strike sends a malware sample known as Win.Trojan.Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. The MD5 hash of this Win.Trojan. | a04103c8ed50581062db90440ffe2f5c | 0ecb889302b48949d8298d167c20859aacf621c3 a04103c8ed50581062db90440ffe2f5c e7445bcc33ad77757817184493e1c72b0a1433f399aad4cb359fb9f944e6dd6a https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-s8f01 | Win.Virus.Sality_8065bf18 | Windows | This strike sends a malware sample known as Win.Virus.Sality. Sality is a file infector that establishes a peer-to-peer botnet. Although it's been prevalent for more than a decade, we continue to see new samples that require marginal attention in order to remain consistent with detection. Once a Sality client bypasses perimeter security, its goal is to execute a downloader component capable of executing additional malware. The MD5 hash of this Win.Virus. | 8065bf18d8b6b5cd70561fea390e9669 | 15c285d3d755726af3165dd338ed723705e8586a 8065bf18d8b6b5cd70561fea390e9669 03232668bd0c47073066f155ac5577b0240fcff40eafac864adef86694006e43 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-6n401 | Win.Downloader.Upatre_b7b16540 | Windows | This strike sends a malware sample known as Win.Downloader.Upatre. Upatre is a trojan that is often delivered through spam emails with malicious attachments or links. It is known to be a downloader and installer for other malware. The MD5 hash of this Win.Downloader. | b7b1654099adebb715d7a92bf987e5b5 | 0b87adf0eea77356a7017aeb3ba26938e7f6964d b7b1654099adebb715d7a92bf987e5b5 653d6a96f4df49dc81a7cf2093cc622ebbeedd1a5e7298f61cc7227e8757aa50 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-j0i01 | Doc.Malware.Powload_a8a33244 | Mixed | This strike sends a malware sample known as Doc.Malware.Powload. Powload is a malicious document that uses PowerShell to download malware. This campaign is currently distributing the Emotet malware. The MD5 hash of this Doc.Malware. | a8a3324499dc82dd2986ba80e11d3884 | aff52bf72d5c3b20fdb864efc6362ee75492a685 a8a3324499dc82dd2986ba80e11d3884 5a2e46067d3710ece2abdb092e7a3e49075ca19d0849e6499fb7953c28a9ec8e https://www.symantec.com/security-center/writeup/2018-030515-3742-99 |
| M19-nwh01 | Win.Downloader.Upatre_ba22488e | Windows | This strike sends a malware sample known as Win.Downloader.Upatre. Upatre is a trojan that is often delivered through spam emails with malicious attachments or links. It is known to be a downloader and installer for other malware. The MD5 hash of this Win.Downloader. | ba22488e51044a35cc1847da61ca3745 | 25caa96468f3ca367ff95470437720690470e246 ba22488e51044a35cc1847da61ca3745 8d59f4516f1d894e8b52ec3f4ed5d5ee0e0bbacfc3e51078a9209641e5c0bc02 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-yy901 | Win.Downloader.Upatre_b54904a2 | Windows | This strike sends a malware sample known as Win.Downloader.Upatre. Upatre is a trojan that is often delivered through spam emails with malicious attachments or links. It is known to be a downloader and installer for other malware. The MD5 hash of this Win.Downloader. | b54904a289a3e349886d36902483aa9b | 93e7a155a2481e7d24a0f6f13ee05239e5b187ce b54904a289a3e349886d36902483aa9b 43c983dc9afe5727c47415c4a49ae29ea9ecc0ee902dc1918a9b5b9717f29e54 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-eyb01 | Win.Trojan.Ircbot_addd7801 | Windows | This strike sends a malware sample known as Win.Trojan.Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. The MD5 hash of this Win.Trojan. | addd7801306519cd76d67917b8204338 | 8d607ca848220f2e64e43f96a2c3245e0894dae9 addd7801306519cd76d67917b8204338 74c2bc41e4dcc3da2a92754e21367f27cdab96377ece81acdd4e93a9c7d1cde1 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-05301 | Win.Worm.Lolbot_a8dfdce4 | Windows | This strike sends a malware sample known as Win.Worm.Lolbot. Lolbot, also known as Ganelp, is a family of worms that spread through removable drives. It can download or upload other files onto the targeted system. The MD5 hash of this Win.Worm. | a8dfdce4b14e0b02eec75a71f930d1a7 | 00111db9fafe8baeebaefb1474c2d77dec22059c a8dfdce4b14e0b02eec75a71f930d1a7 06528a8e957eeb930eb2a87d901af51b64a71769c72715c8950e02d8aa1c5460 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-otb01 | Win.Trojan.Ircbot_a60017eb | Windows | This strike sends a malware sample known as Win.Trojan.Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. The MD5 hash of this Win.Trojan. | a60017ebea09d7f9781ca2f2a1d96637 | d22b294a9bc8e5c4cf190b1eb9122ede3cfcc083 a60017ebea09d7f9781ca2f2a1d96637 280388ae896f081759a34e72a23be71d561fff411791447a5d1ca3955f512cc8 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-mq301 | Win.Trojan.Ircbot_760230c7 | Windows | This strike sends a malware sample known as Win.Trojan.Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. The MD5 hash of this Win.Trojan. | 760230c768df6c9a4f746d2231531b40 | 4fd1a854c6e33d424749decf3f1e5c35c81efe4a 760230c768df6c9a4f746d2231531b40 ec3f2dfdeb90feea711119880e9e044ad841ec159f7e0dfbc00c166b284a0f7b https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-hb201 | Win.Malware.Emotet_4111f643 | Windows | This strike sends a malware sample known as Win.Malware.Emotet. Emotet is a banking trojan that remains relevant due to its ability to evolve and bypass antivirus products. It is commonly spread via malicious email attachments and links. The MD5 hash of this Win.Malware. | 4111f6436c2e3a04aedfa66f99615902 | 5cbf645722352a2b281c72bd9a24ebefa006346e 4111f6436c2e3a04aedfa66f99615902 0753b4ea09e7c562abacd4d3fbb6ceb8065075fa7e9ac3d53a7d7b9464111d97 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-91c01 | Win.Virus.Sality_d7f9775b | Windows | This strike sends a malware sample known as Win.Virus.Sality. Sality is a file infector that establishes a peer-to-peer botnet. Although it's been prevalent for more than a decade, we continue to see new samples that require marginal attention in order to remain consistent with detection. Once a Sality client bypasses perimeter security, its goal is to execute a downloader component capable of executing additional malware. The MD5 hash of this Win.Virus. | d7f9775b54fff3220bd01cae119ab0b9 | 13b79ad854a84e30e9c5aa85ece19b66898725a2 d7f9775b54fff3220bd01cae119ab0b9 109ec982b35185df989ef3558f704648ff4e4b9c307fba80d238dc546a5ff8d2 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-cxs01 | Win.Trojan.Ircbot_6f36cdca | Windows | This strike sends a malware sample known as Win.Trojan.Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. The MD5 hash of this Win.Trojan. | 6f36cdcaa3126313755ed284384b30ed | 7fc38d920f1c92bfda409442eddb5035e102c5c2 6f36cdcaa3126313755ed284384b30ed 14bb0e23ca5ff85bb8c87eb16ffd8c00c4fca779ff6f3f6425aa48727f81e363 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-ahe01 | Win.Trojan.Zegost_bcc3b987 | Windows | This strike sends a malware sample known as Win.Trojan.Zegost. Zegost, also known as Zusy, uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe". When the user accesses a banking website, it displays a form to trick the user into submitting personal information. The MD5 hash of this Win.Trojan. | bcc3b987d91af8e33ce21fcd28ac5de5 | 000eebbe1d4b9a2381edef5958355bf9d1665362 bcc3b987d91af8e33ce21fcd28ac5de5 306c3da827a85c572ebc5c40ee5541e308c842d993daffa1e762c28fd17c117f https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-lxm01 | Win.Trojan.Zegost_eb155c9b | Windows | This strike sends a malware sample known as Win.Trojan.Zegost. Zegost, also known as Zusy, uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe". When the user accesses a banking website, it displays a form to trick the user into submitting personal information. The MD5 hash of this Win.Trojan. | eb155c9b76e954c0e5affd15812034ca | 001e9fc51559cc6c9b7a1dc94e469990f02a2895 eb155c9b76e954c0e5affd15812034ca 23bb5973dcaa26f1ed4688372b06bacafcedbf4fcc1dc468cbe3f16309c4a030 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-08601 | Win.Trojan.Zegost_c1e9e73b | Windows | This strike sends a malware sample known as Win.Trojan.Zegost. Zegost, also known as Zusy, uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe". When the user accesses a banking website, it displays a form to trick the user into submitting personal information. The MD5 hash of this Win.Trojan. | c1e9e73bdedd19ae4838ed21824c2098 | 0047862bec17179df51acef3160a49f78922222b c1e9e73bdedd19ae4838ed21824c2098 5457112b465507bf1829265904053e482475ecd56ffb9344e045afff4d2c5a5b https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-fzz01 | Win.Worm.Lolbot_b86ffdf5 | Windows | This strike sends a malware sample known as Win.Worm.Lolbot. Lolbot, also known as Ganelp, is a family of worms that spread through removable drives. It can download or upload other files onto the targeted system. The MD5 hash of this Win.Worm. | b86ffdf5164d10db7daef0898b400679 | 0016a67704589951c4fc11fec48a5e5746e14b11 b86ffdf5164d10db7daef0898b400679 0667ccae012ed7d32d43ab24e93d19539a82f69da5a4bfcacd9a279ec9d25350 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-a1y01 | Win.Trojan.Zegost_bc93af37 | Windows | This strike sends a malware sample known as Win.Trojan.Zegost. Zegost, also known as Zusy, uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe". When the user accesses a banking website, it displays a form to trick the user into submitting personal information. The MD5 hash of this Win.Trojan. | bc93af37866e47d41ed1b5e95e7d493f | 00724508ce937f124f20e2006b63102a597a3d40 bc93af37866e47d41ed1b5e95e7d493f 565d3b34a150850ba1cb7bda6c4da8a44367ffaeae60ce593845b0d49f69e6f6 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-ke201 | Win.Worm.Lolbot_000e5523 | Windows | This strike sends a malware sample known as Win.Worm.Lolbot. Lolbot, also known as Ganelp, is a family of worms that spread through removable drives. It can download or upload other files onto the targeted system. The MD5 hash of this Win.Worm. | 000e5523de249639c3e73bbd83202b7b | 0038366534f3b69c27708d84fe3f6a65a02c3790 000e5523de249639c3e73bbd83202b7b 20cab422a853d13c1f507cfdbbc85bd5c6d9c0ba0a0a2de5d89a006fd02a5d92 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-f9601 | Win.Worm.Lolbot_ab93b171 | Windows | This strike sends a malware sample known as Win.Worm.Lolbot. Lolbot, also known as Ganelp, is a family of worms that spread through removable drives. It can download or upload other files onto the targeted system. The MD5 hash of this Win.Worm. | ab93b1712c5f87ee089e282e0989785b | 0005a6688d9dee2c872f558770c8d08b15fc15d9 ab93b1712c5f87ee089e282e0989785b 13afad9652869bf360698da46a44ade7ef9377df2dfeb53083a5cc04d523a9a2 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-j8t01 | Doc.Malware.Powload_807b1ff7 | Mixed | This strike sends a malware sample known as Doc.Malware.Powload. Powload is a malicious document that uses PowerShell to download malware. This campaign is currently distributing the Emotet malware. The MD5 hash of this Doc.Malware. | 807b1ff72cf05beebcb2b4ebeb202385 | 4b8836a8b6a528f9af6160e8ed05c093153263fc 807b1ff72cf05beebcb2b4ebeb202385 b5d324893085f52a6b7d750b41d3039462d0e66e2e07f36d7aa07ab53f694790 https://www.symantec.com/security-center/writeup/2018-030515-3742-99 |
| M19-j0h01 | Win.Trojan.Zegost_ffd41207 | Windows | This strike sends a malware sample known as Win.Trojan.Zegost. Zegost, also known as Zusy, uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe". When the user accesses a banking website, it displays a form to trick the user into submitting personal information. The MD5 hash of this Win.Trojan. | ffd41207be468d145f6673bbcad87a25 | 0095afcfde598822b35ada5304c1c892ce1c3166 ffd41207be468d145f6673bbcad87a25 679f472c1c7cb4714454a7ce98f708e388f38a71498d37d722b41b67641cc0d7 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-woi01 | Win.Trojan.Zegost_89af7951 | Windows | This strike sends a malware sample known as Win.Trojan.Zegost. Zegost, also known as Zusy, uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe". When the user accesses a banking website, it displays a form to trick the user into submitting personal information. The MD5 hash of this Win.Trojan. | 89af7951a6755daedc40654320e85dd8 | 0053805596e70b5343be01c3e591a1f53b5a89ee 89af7951a6755daedc40654320e85dd8 2cdaae20046ff09aee47427055f3ed33aa4e5fec4e1290597a94d291719e0e75 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-mhv01 | Doc.Malware.Sagent_b9c5301b | Mixed | This strike sends a malware sample known as Doc.Malware.Sagent. Sagent launches PowerShell through macros in Microsoft Office documents. The PowerShell then downloads unwanted software from remote websites. The MD5 hash of this Doc.Malware. | b9c5301b8a48966983ea07aff6178940 | 14195ac92b83bd251d86b6836e82156e7c0fd0f1 b9c5301b8a48966983ea07aff6178940 184ccc288232c76b5589ec0c6aeb280c934a5ad35c0c7155146d71030a040b40 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-alz01 | Win.Worm.Lolbot_96689f73 | Windows | This strike sends a malware sample known as Win.Worm.Lolbot. Lolbot, also known as Ganelp, is a family of worms that spread through removable drives. It can download or upload other files onto the targeted system. The MD5 hash of this Win.Worm. | 96689f735cd8bc74f8b304a24eb6ead5 | 002245848dc9f0bce0fdf7a461a388b0298cd65b 96689f735cd8bc74f8b304a24eb6ead5 14fede536b4486221936726a6872a3c31286c4a6bb0400ded57fbd44d07ae226 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-mw901 | Win.Worm.Lolbot_3187ac65 | Windows | This strike sends a malware sample known as Win.Worm.Lolbot. Lolbot, also known as Ganelp, is a family of worms that spread through removable drives. It can download or upload other files onto the targeted system. The MD5 hash of this Win.Worm. | 3187ac65838aafeff6fa689ca8015803 | 004a632e182579e7e1ac53a5e1c0353b54824c4b 3187ac65838aafeff6fa689ca8015803 1b3422534d883844fed3e7a0a80c8dac410755ef6094408293a3c911d557c811 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-aio02 | Doc.Malware.Sagent_958f701a | Mixed | This strike sends a malware sample known as Doc.Malware.Sagent. Sagent launches PowerShell through macros in Microsoft Office documents. The PowerShell then downloads unwanted software from remote websites. The MD5 hash of this Doc.Malware. | 958f701a41edad61a6a2c423385fe9a0 | 7f4c0b1585c6f77f184d2bd3fd5980a12fc702f6 958f701a41edad61a6a2c423385fe9a0 8d10a6a99658759428cc5ab65baf57aee16ab607c23e2fb779e60450883aceb3 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-u7201 | Win.Trojan.Ircbot_5dc85132 | Windows | This strike sends a malware sample known as Win.Trojan.Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. The MD5 hash of this Win.Trojan. | 5dc85132a6090780cf86022f545e958c | 90744eaf036d5baa9d70a954382ee5fc9c4a5417 5dc85132a6090780cf86022f545e958c 02b19a5969e8835fcc7ddfcd3aab054445f617a27bf30092222703a8b4a3f856 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-m7p01 | Win.Downloader.Upatre_bb1311ba | Windows | This strike sends a malware sample known as Win.Downloader.Upatre. Upatre is a trojan that is often delivered through spam emails with malicious attachments or links. It is known to be a downloader and installer for other malware. The MD5 hash of this Win.Downloader. | bb1311ba8ebd9fe40d87e8c483fea871 | a4c8c21ae1c87e3f467f71e73c2c48dbb3f96ea8 bb1311ba8ebd9fe40d87e8c483fea871 3cac1b87633da57b21fc38fc0da4f861e1dce3f8e48a2ced1824466da0b96049 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-f7r01 | Win.Trojan.Zegost_ea3852e2 | Windows | This strike sends a malware sample known as Win.Trojan.Zegost. Zegost, also known as Zusy, uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe". When the user accesses a banking website, it displays a form to trick the user into submitting personal information. The MD5 hash of this Win.Trojan. | ea3852e2ee269201db6a21ffa58a35cf | 0094ad715acf15d0ad213b7dce8c93526251a245 ea3852e2ee269201db6a21ffa58a35cf 53db05f59a5ad099ad96ef935338d545b1354f484abe61bad70222afb854f3ba https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-9rg01 | Win.Downloader.Upatre_a32916de | Windows | This strike sends a malware sample known as Win.Downloader.Upatre. Upatre is a trojan that is often delivered through spam emails with malicious attachments or links. It is known to be a downloader and installer for other malware. The MD5 hash of this Win.Downloader. | a32916de3ab7192a2f8390e0abaf802c | 6f22bf0b6d3cf63ad172357ede66403a133028d3 a32916de3ab7192a2f8390e0abaf802c 31db2340ffd8138aa3edaaa8029a30ea69a7e15ddbc1305f358c1478ff86f520 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-s0301 | Win.Downloader.Upatre_c8a69304 | Windows | This strike sends a malware sample known as Win.Downloader.Upatre. Upatre is a trojan that is often delivered through spam emails with malicious attachments or links. It is known to be a downloader and installer for other malware. The MD5 hash of this Win.Downloader. | c8a693049fe2dc156cee8d70fda56f8b | ea85ad01de8950cd8e92297ec39b68f2e6154edf c8a693049fe2dc156cee8d70fda56f8b 83c355f8cc2eb5f2381bfdbfa92db493891b2d08519d575e6a27e677cc60b1e1 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-k9v01 | Win.Downloader.Upatre_b7bb3fbf | Windows | This strike sends a malware sample known as Win.Downloader.Upatre. Upatre is a trojan that is often delivered through spam emails with malicious attachments or links. It is known to be a downloader and installer for other malware. The MD5 hash of this Win.Downloader. | b7bb3fbf095d237997a8d9e9fd38fa86 | a1e2739774de8057e64da5c14138391109133bcf b7bb3fbf095d237997a8d9e9fd38fa86 a0adfc3962b66d010da50d5fe1821b5a0cdbd85d98b03914655d269eccac44a2 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-e4r02 | Win.Trojan.Zegost_43142f92 | Windows | This strike sends a malware sample known as Win.Trojan.Zegost. Zegost, also known as Zusy, uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe". When the user accesses a banking website, it displays a form to trick the user into submitting personal information. The MD5 hash of this Win.Trojan. | 43142f9208712bd1d4f2a686c839a3a7 | 00858160c2f12c97a45a16118f46282f1934f97a 43142f9208712bd1d4f2a686c839a3a7 2527bcf0338afbd438dfd1e8f077fb0ec36d633e25e5471c7647dcc8ae502f75 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-hy501 | Win.Virus.Sality_59bb1c61 | Windows | This strike sends a malware sample known as Win.Virus.Sality. Sality is a file infector that establishes a peer-to-peer botnet. Although it's been prevalent for more than a decade, we continue to see new samples that require marginal attention in order to remain consistent with detection. Once a Sality client bypasses perimeter security, its goal is to execute a downloader component capable of executing additional malware. The MD5 hash of this Win.Virus. | 59bb1c611d35a2d971783bc8face3f7f | 901d0ad5f9d6195b81caab3000067187e5cf2d16 59bb1c611d35a2d971783bc8face3f7f 1c7a9720df7186f3354799f5f7b17139e20d8c9233ef796c1f8a9a4a61a3eb73 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-0pb01 | Win.Trojan.Zegost_c0e7c5b6 | Windows | This strike sends a malware sample known as Win.Trojan.Zegost. Zegost, also known as Zusy, uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe". When the user accesses a banking website, it displays a form to trick the user into submitting personal information. The MD5 hash of this Win.Trojan. | c0e7c5b6c680368dc853cc50bca3c967 | 0096d16f6968bd69cd3d1ba20cb517a738ebb817 c0e7c5b6c680368dc853cc50bca3c967 43e386150567a3439af0dac195538d52a0c81f5a968801046bf3fb1b641fcfad https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-a4801 | Doc.Malware.Sagent_0d490164 | Mixed | This strike sends a malware sample known as Doc.Malware.Sagent. Sagent launches PowerShell through macros in Microsoft Office documents. The PowerShell then downloads unwanted software from remote websites. The MD5 hash of this Doc.Malware. | 0d490164cec08bb3de358a775ba2e967 | 5612ac4398603601c932780f0167dda36a79fe91 0d490164cec08bb3de358a775ba2e967 4b122ed996a80e03a2056abfc84a875b6c3cf2f02081f8546fe62ba9308a8e58 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-sr501 | Win.Virus.Sality_61c1b17b | Windows | This strike sends a malware sample known as Win.Virus.Sality. Sality is a file infector that establishes a peer-to-peer botnet. Although it's been prevalent for more than a decade, we continue to see new samples that require marginal attention in order to remain consistent with detection. Once a Sality client bypasses perimeter security, its goal is to execute a downloader component capable of executing additional malware. The MD5 hash of this Win.Virus. | 61c1b17bc4f45f5ebb298f6c90eeecf5 | 19c76b07055b5e8644de3c43551e31d514c919d8 61c1b17bc4f45f5ebb298f6c90eeecf5 15b9de1e80e24edb459847e427edbee34734d9950db2c84f30175ba46eb5d208 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-es401 | Win.Worm.Lolbot_e2868643 | Windows | This strike sends a malware sample known as Win.Worm.Lolbot. Lolbot, also known as Ganelp, is a family of worms that spread through removable drives. It can download or upload other files onto the targeted system. The MD5 hash of this Win.Worm. | e2868643f9d01f217fb4dfea4cdbb98f | 0067eafdcaf61513d16169704719991038854b53 e2868643f9d01f217fb4dfea4cdbb98f 01c38084198b17d9505b71e2047df154e3f429820a8ddfb15efd8f54d0eeed51 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-01j01 | Doc.Malware.Powload_b8c6f5df | Mixed | This strike sends a malware sample known as Doc.Malware.Powload. Powload is a malicious document that uses PowerShell to download malware. This campaign is currently distributing the Emotet malware. The MD5 hash of this Doc.Malware. | b8c6f5dfddf9c09ef5d48cc646bfcb55 | 7a0b4ce3e3c2594c3f31a79e73133c39d6f0c913 b8c6f5dfddf9c09ef5d48cc646bfcb55 388fe279f421985cb9e147aaf8231a98c832874952c396a13df08894c3a9714d https://www.symantec.com/security-center/writeup/2018-030515-3742-99 |
| M19-8wy01 | Doc.Malware.Powload_8c835e91 | Mixed | This strike sends a malware sample known as Doc.Malware.Powload. Powload is a malicious document that uses PowerShell to download malware. This campaign is currently distributing the Emotet malware. The MD5 hash of this Doc.Malware. | 8c835e915e376d95c75b6cc3f94e7d80 | 641eb71b80140b7732b958fcb99b5cdd251781f7 8c835e915e376d95c75b6cc3f94e7d80 8c2bd29b1fc6bb1e3187ba8cf8329847e419fe62b6ed3f2e054991dcade63dda https://www.symantec.com/security-center/writeup/2018-030515-3742-99 |
| M19-bxc01 | Doc.Malware.Sagent_7650e2bb | Mixed | This strike sends a malware sample known as Doc.Malware.Sagent. Sagent launches PowerShell through macros in Microsoft Office documents. The PowerShell then downloads unwanted software from remote websites. The MD5 hash of this Doc.Malware. | 7650e2bb10daff3c63f547ef8b201f36 | ac01485a2e08845795034e612cf9811f6252c707 7650e2bb10daff3c63f547ef8b201f36 a50bbe414048cadb53c22770c78fdae9ac730249693ca7d46df239732938b3f1 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-3rc01 | Win.Downloader.Upatre_be0f6b88 | Windows | This strike sends a malware sample known as Win.Downloader.Upatre. Upatre is a trojan that is often delivered through spam emails with malicious attachments or links. It is known to be a downloader and installer for other malware. The MD5 hash of this Win.Downloader. | be0f6b88624bc1bb913e8dd8d6397e57 | 5e24abace5b39cbed0cac8d62fc148061970ac07 be0f6b88624bc1bb913e8dd8d6397e57 1f6e5f75292636c7188d6f9cdcaa7597e0c251a3be8ce984488d68914f7ec9df https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-ov001 | Win.Trojan.Zegost_d0fc79fb | Windows | This strike sends a malware sample known as Win.Trojan.Zegost. Zegost, also known as Zusy, uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe". When the user accesses a banking website, it displays a form to trick the user into submitting personal information. The MD5 hash of this Win.Trojan. | d0fc79fbbcb2db4e495739192b45ba74 | 003c5178d6fd738e178d538c8416e6cb7dfa33ae d0fc79fbbcb2db4e495739192b45ba74 1cd1fcf50709a673f9412c4b3b3285b8fad7425f9bd61f195e774a6b9cd7ca96 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-kda01 | Win.Trojan.Ircbot_79c2e864 | Windows | This strike sends a malware sample known as Win.Trojan.Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. The MD5 hash of this Win.Trojan. | 79c2e864fe526bfbb265bdd8bea96e3a | 8dc5fa8f18e0a3b96f2fcacb2447bf96e6d82bb8 79c2e864fe526bfbb265bdd8bea96e3a d3766174efa61ecf9344b0bfdaaabd9cf3e0ada543310b4ff724b4ecb8b985f2 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-36b01 | Doc.Malware.Powload_f19507ff | Mixed | This strike sends a malware sample known as Doc.Malware.Powload. Powload is a malicious document that uses PowerShell to download malware. This campaign is currently distributing the Emotet malware. The MD5 hash of this Doc.Malware. | f19507ffda89c62b590dd77215237c5b | 95962931ac9cba17c3aa2113b08b2705349681f5 f19507ffda89c62b590dd77215237c5b d7e114011982bf58dbd1752874d27895b1716fc1a0a02f8515a3384c9dde7a97 https://www.symantec.com/security-center/writeup/2018-030515-3742-99 |
| M19-rsp01 | Win.Trojan.Zegost_bc1cd6f2 | Windows | This strike sends a malware sample known as Win.Trojan.Zegost. Zegost, also known as Zusy, uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe". When the user accesses a banking website, it displays a form to trick the user into submitting personal information. The MD5 hash of this Win.Trojan. | bc1cd6f22044460568664bc2c0a1b364 | 009535f1fdc244c6f48f7c9ed2920ddd012cbf3a bc1cd6f22044460568664bc2c0a1b364 64a9c1e8026e23f6a3fe8a3e7bebfe9ad04b5d2e7bca6572f46b5a1a2132586e https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-wyt01 | Win.Trojan.Ircbot_49a5dafd | Windows | This strike sends a malware sample known as Win.Trojan.Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. The MD5 hash of this Win.Trojan. | 49a5dafd80706f2f44f36e06ed2ef24f | 25dd4221bf2fb08a5e0eeaacf44f5a15eab425db 49a5dafd80706f2f44f36e06ed2ef24f 1c43fcd55b4097c060594ef6bd2f3dc9a9ecb695e855c908a293ee0b58c07e9c https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-1xc01 | Doc.Malware.Sagent_7a2fb725 | Mixed | This strike sends a malware sample known as Doc.Malware.Sagent. Sagent launches PowerShell through macros in Microsoft Office documents. The PowerShell then downloads unwanted software from remote websites. The MD5 hash of this Doc.Malware. | 7a2fb7251d8fad523c51cc1081bb2a34 | e0970f1548119683102419188ded48117b13571b 7a2fb7251d8fad523c51cc1081bb2a34 7bb379b42a8c970753eb37ecfd9e33fc758a9e24cd72594e1463b967552884d7 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-x4i01 | Win.Malware.Emotet_7ea33714 | Windows | This strike sends a malware sample known as Win.Malware.Emotet. Emotet is a banking trojan that remains relevant due to its ability to evolve and bypass antivirus products. It is commonly spread via malicious email attachments and links. The MD5 hash of this Win.Malware. | 7ea33714ead4195e8fea3595f0e25022 | 0944350e641be5ab9bd668b7c6cea4f067c82825 7ea33714ead4195e8fea3595f0e25022 0353c9149b5f88a330904bb62b32224f04ba58f03d68dd0792757ad775308b55 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-rqv01 | Win.Trojan.Zegost_d1b95b48 | Windows | This strike sends a malware sample known as Win.Trojan.Zegost. Zegost, also known as Zusy, uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe". When the user accesses a banking website, it displays a form to trick the user into submitting personal information. The MD5 hash of this Win.Trojan. | d1b95b481e9f4c2fb269e6487c5fea9c | 0096ce68606e23a581b9b3603ac051bba5dbe63b d1b95b481e9f4c2fb269e6487c5fea9c 119a103b8fc90e4ecf2ccc9f189709d974e3416045ff99347b39bf462b297c1f https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-ywx01 | Win.Spyware.Ursnif_e110ce77 | Windows | This strike sends a malware sample known as Win.Spyware.Ursnif. Ursnif is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits. The MD5 hash of this Win.Spyware. | e110ce771964b6c6d487c188808f18cf | f50485631b60d93ac8a36f34afae07cb39070a70 e110ce771964b6c6d487c188808f18cf 81fdc042297fadf3a3691e2a1c6218b646887ed5b4962a2e5cf57a2b4c0dc537 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-69y01 | Win.Worm.Lolbot_43c48c86 | Windows | This strike sends a malware sample known as Win.Worm.Lolbot. Lolbot, also known as Ganelp, is a family of worms that spread through removable drives. It can download or upload other files onto the targeted system. The MD5 hash of this Win.Worm. | 43c48c8695a7a3bcf661d7b7edce9d95 | 005d78ee7fd0e80e5278b2beeb037e0fa0db979e 43c48c8695a7a3bcf661d7b7edce9d95 172c7bc9eebc84cd89c818ba5f55c8c38d4441885c52cac5427fa35d7a7be018 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-jm501 | Win.Trojan.Ircbot_27887a5c | Windows | This strike sends a malware sample known as Win.Trojan.Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. The MD5 hash of this Win.Trojan. | 27887a5cb7cd685511d0f950c0bfee0f | 942ef9923a85ce55246958579177e0e0a1dc023c 27887a5cb7cd685511d0f950c0bfee0f 08a94b76a4b98d8d8e9611e22ca9bac26535175abcafc598311cb7ef0f0bab2e https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-oc401 | Win.Trojan.Ircbot_0d87d4fe | Windows | This strike sends a malware sample known as Win.Trojan.Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. The MD5 hash of this Win.Trojan. | 0d87d4fe5fc1b116c436163a59ce502f | 612747b6a68fdf8b6deb5865c177614670c75fa5 0d87d4fe5fc1b116c436163a59ce502f b9120712772e2b97860804115a5dfd4a530d6e75d809afbe453369b9d005f899 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-oy101 | Win.Worm.Lolbot_3dd4fe97 | Windows | This strike sends a malware sample known as Win.Worm.Lolbot. Lolbot, also known as Ganelp, is a family of worms that spread through removable drives. It can download or upload other files onto the targeted system. The MD5 hash of this Win.Worm. | 3dd4fe97ca932c15652707beb1184aea | 0013abf561aa525227bf2bb83a8315953717900f 3dd4fe97ca932c15652707beb1184aea 2578af5d42ec216d598ed0a7cffeffc7d5e70902c8145b2b92649bdbf0c3586e https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-6q501 | Win.Trojan.Zegost_db0811f3 | Windows | This strike sends a malware sample known as Win.Trojan.Zegost. Zegost, also known as Zusy, uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe". When the user accesses a banking website, it displays a form to trick the user into submitting personal information. The MD5 hash of this Win.Trojan. | db0811f33debe7cd7fde7162e4f684ea | 00f4edaa08bff88779d34e230decd062fb317192 db0811f33debe7cd7fde7162e4f684ea 5cfd01cdac224dcb162f3404815d95623bfc0f19b67d0a71e13cdec8f72cc99a https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-pzn01 | Win.Virus.Sality_3499af9e | Windows | This strike sends a malware sample known as Win.Virus.Sality. Sality is a file infector that establishes a peer-to-peer botnet. Although it's been prevalent for more than a decade, we continue to see new samples that require marginal attention in order to remain consistent with detection. Once a Sality client bypasses perimeter security, its goal is to execute a downloader component capable of executing additional malware. The MD5 hash of this Win.Virus. | 3499af9eda6819a6626814db939e4f1e | 51c545ec1afa626069753d3a8ccbfc46c3922142 3499af9eda6819a6626814db939e4f1e 256fd9777738e64c2dc9279a398a24cc2382d95eb94d760d081fee71d8daa32b https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-z4c01 | Win.Trojan.Zegost_a019626f | Windows | This strike sends a malware sample known as Win.Trojan.Zegost. Zegost, also known as Zusy, uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe". When the user accesses a banking website, it displays a form to trick the user into submitting personal information. The MD5 hash of this Win.Trojan. | a019626f6bc4d8542a4d194562a4cda8 | 007d9196e96f8fac382419036a79b94f802444cf a019626f6bc4d8542a4d194562a4cda8 16c9dd76b69c995ffc554cf9bf45102dceef74a544ce1d69f3b24a1ce9f18c1e https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-1al01 | Doc.Malware.Sagent_a6e3efea | Mixed | This strike sends a malware sample known as Doc.Malware.Sagent. Sagent launches PowerShell through macros in Microsoft Office documents. The PowerShell then downloads unwanted software from remote websites. The MD5 hash of this Doc.Malware. | a6e3efeae3d15dd20275a248b7616f52 | b82c90cdfd89513664d3a932ca26573669783cbc a6e3efeae3d15dd20275a248b7616f52 58503078fa335ae31c9c405e1ae21f9784a8b1fa397481289fbd387549d1d857 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-ohh01 | Win.Trojan.Ircbot_0ae6a179 | Windows | This strike sends a malware sample known as Win.Trojan.Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. The MD5 hash of this Win.Trojan. | 0ae6a179435113cb95373dd57c67b975 | ab2e6d4930f14709ec19809483ec9c227c1f99a9 0ae6a179435113cb95373dd57c67b975 83eedc1cd9b85b497b4753c4b0049486cd727559b5c4512569274dd6f74c78c0 https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html |
| M19-6m601 | Doc.Malware.Sagent_eaa1497e | Mixed | This strike sends a malware sample known as Doc.Malware.Sagent. Sagent launches PowerShell through macros in Microsoft Office documents. The PowerShell then downloads unwanted software from remote websites. The MD5 hash of this Doc.Malware. | eaa1497ee90f1b26c877870cd811f4fa | b22ca35f4f15951ea701533ad3088325e58dfde8 eaa1497ee90f1b26c877870cd811f4fa 3fb6a4110c75a5c207da5997ed9b61fa0987d505bcb64aefad0676b1403fcbf6 https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html |
| M19-gul01 | Doc.Malware.Powload_972af251 | Mixed | This strike sends a malware sample known as Doc.Malware.Powload. Powload is a malicious document that uses PowerShell to download malware. This campaign is currently distributing the Emotet malware. The MD5 hash of this Doc.Malware. | 972af251f211eab9a507b417687a7b4f | 7191009ce324f186465737ce6201398bf05a8fe2 972af251f211eab9a507b417687a7b4f 3356b99748cd869b64a8be09de12dc8af1f417acd040e6ca4d80344ad58eb62c https://www.symantec.com/security-center/writeup/2018-030515-3742-99 |