M20-g0r31 | ZeroAccess_8426c0cf | Windows |
This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 8426c0cfafeb261c69b5c08d63724c70 | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 1d5d89235918c062861e244103fa8bc5717edae77286ee15d39c3e83890ff0a0SHA1: 967bd4f8a2a60e43265dbc8132c835eeb58cfe81MD5: 8426c0cfafeb261c69b5c08d63724c70 |
M20-7u8i1 | HawkEye_3eb89430 | Windows |
This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media. | 3eb89430ad1c97dc03a85175299a5a37 | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 9830b084b68d05603ee40063017f69e4044897e2311d9bcaf11e1af6041ad93bSHA1: 09887d2df4e36dba3293946aa728e09c253bfefdMD5: 3eb89430ad1c97dc03a85175299a5a37 |
M20-bcb41 | Cerber_41732f62 | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 41732f6244f7d05554fe973021aefcc7 | https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.htmlSHA256: 1f2161956d8bb447845b0ef70b514edc31f6f01b1007ee6c7a5ebd77e4331439SHA1: 83397fbeacff9cef1d1aacbcf87b0b531375cc00MD5: 41732f6244f7d05554fe973021aefcc7 |
M20-6g8w1 | Cerber_af19eac8 | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | af19eac84be5efd362b46e15930cc538 | https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.htmlSHA256: 27343c1b2124a0767c1513d568c8cc25aec07ccbe9b136ee7005c63be965e354SHA1: f09fa67a7c8c3eb5d58547d40d77e36b535844e2MD5: af19eac84be5efd362b46e15930cc538 |
M20-u3tc1 | HawkEye_9ea93fd1 | Windows |
This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media. | 9ea93fd1175bb07b354c496ee3a04664 | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 3997379d4c182f45f93e3d7172922a95b5d83de0611134f301760bf6be4cb1e0SHA1: ad8d53e647840971fd9523411254d1037572d97cMD5: 9ea93fd1175bb07b354c496ee3a04664 |
M20-t2vk1 | ZeroAccess_95ddece9 | Windows |
This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 95ddece98d72b8ef206cbcdeb9436653 | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 282c84cd4ab3afc6cff3d5f6e980b6b6430b27c3768841aaf086edb69d98249fSHA1: 536063c15bfe781d48efd10cf53d4d3c711b281dMD5: 95ddece98d72b8ef206cbcdeb9436653 |
M20-pu4v1 | ZeroAccess_cba44d1a | Windows |
This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | cba44d1ad8632bbc2beccf7ff27b743e | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 15ec244569c18762a6a8e45c3b3ffed7fd9ec1081d67695a5f96c8a8d9f3f58bSHA1: 04658a802887e1a4a9e21457b450c390f6ed8ec7MD5: cba44d1ad8632bbc2beccf7ff27b743e |
M20-bl5b1 | ZeroAccess_ffd533f2 | Windows |
This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | ffd533f2f95fa70144abf171e18665de | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 32cc788c4b705b9bed78e2b60c1215276b064f1992781c0910e47804a1f75b51SHA1: ace077cfef975464ad6332415690135535490366MD5: ffd533f2f95fa70144abf171e18665de |
M20-7q8k1 | VHD_e29a03db | Windows |
This strike sends a polymorphic malware sample known as VHD.The binary has random contents appended in one of the existing sections in the PE file format. VHD is believed to be a high profile targeted ransomware owned and operated by the Lazarus Group. It encrypts all files on connected devices and deletes folders named "System Volume Information". The program also employs some interesting techniques such as, the ability to stop processes that could be locking important files, a mechanism to resume operations if the encryption process is interrupted, and it's copied and executed through WMI calls. | e29a03dbec644238fa5257311d428694 | https://arxiv.org/abs/1801.08917SHA256: 7b664a13de55f60ed25edd6c1e9a7eadff00d6d15a0a0aceaa9bd9e3bec5ebb4SHA1: f45c9fb784cc92fa2acd16e2389c61f7961c8452PARENTID: M20-rpz71SSDEEP: 1536:CN5P9xb8ZqPbKx3U58YjdZqV355b38poNqa8tCBwFn5B1qMqqU+7upOu4:CN4aEU58oqZ5jT8s+1qMqqD7upOu4MD5: e29a03dbec644238fa5257311d428694 |
M20-wvo01 | Cerber_d1d5145d | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | d1d5145da3dde367f9a84b3f23c0e399 | https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.htmlSHA256: 3de3161efe34122601f3865aff18e56cb873ddcc2adb6b7a8b6c4afaa38ec3e4SHA1: 412a8cc61864eb67645d212f326159de07ef1e10MD5: d1d5145da3dde367f9a84b3f23c0e399 |
M20-y9591 | LATENTBOT_d349806e | Windows |
This strike sends a malware sample known as LATENTBOT. LATENTBOT is a malware which may be used to harvest credentials, encrypt and ransom an infected target, or wipe the infected hard drive. It has been found in the wild since 2013. | d349806ea1f2af0f447b2c9e20cb88f0 | https://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.htmlSHA256: 77a2389bc9ff7425e3e6a93f2102149c8fea6be51d41d8719fe0a73defeb15e7SHA1: 5c13fe64b667062b7c97cc079cf364b0fe636b32MD5: d349806ea1f2af0f447b2c9e20cb88f0 |
M20-346a1 | LATENTBOT_08bb5f82 | Windows |
This strike sends a malware sample known as LATENTBOT. LATENTBOT is a malware which may be used to harvest credentials, encrypt and ransom an infected target, or wipe the infected hard drive. It has been found in the wild since 2013. | 08bb5f82dec4957ad9da12239f606a00 | https://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.htmlSHA256: cd525c392d35a43166b75f1fa578a2d3b6a9a015b6e78da8615756b6afc717eeSHA1: 26296927a32d3de0eb92b1b1d72ce88c2e7c7ba8MD5: 08bb5f82dec4957ad9da12239f606a00 |
M20-e7g21 | LATENTBOT_a11362a8 | Windows |
This strike sends a malware sample known as LATENTBOT. LATENTBOT is a malware which may be used to harvest credentials, encrypt and ransom an infected target, or wipe the infected hard drive. It has been found in the wild since 2013. | a11362a8e32b5641e90920729d61b3d4 | https://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.htmlSHA256: 1d3ff6cf195488bdb76d53b21361cd7f948d86199b00db8f506d415cdff690cfSHA1: 8c1381dc44f1aca6768a11f0b489b2f435b99f03MD5: a11362a8e32b5641e90920729d61b3d4 |
M20-mvh71 | LATENTBOT_56ba76cf | Windows |
This strike sends a malware sample known as LATENTBOT. LATENTBOT is a malware which may be used to harvest credentials, encrypt and ransom an infected target, or wipe the infected hard drive. It has been found in the wild since 2013. | 56ba76cf35a1121bf83920003c2af825 | https://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.htmlSHA256: c218eeff26478878f93e0f92c47e95f30a9a26c75cef0160557e287ebdc2ce2eSHA1: ef600bf662acea7511178e460985a08e89f8858cMD5: 56ba76cf35a1121bf83920003c2af825 |
M20-bu9q1 | LATENTBOT_1dd0854a | Windows |
This strike sends a malware sample known as LATENTBOT. LATENTBOT is a malware which may be used to harvest credentials, encrypt and ransom an infected target, or wipe the infected hard drive. It has been found in the wild since 2013. | 1dd0854a73288e833966fde139ffe385 | https://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.htmlSHA256: 39af310076282129e6a38ec5bf784ff9305b5a1787446f01c06992b359a19c05SHA1: 3abdaa765769195a495f72fd71cd9037e03dd33cMD5: 1dd0854a73288e833966fde139ffe385 |
M20-82aj1 | Cerber_1cb05585 | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 1cb05585c3264a6c3c70d9c56c4792ce | https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.htmlSHA256: 4fb0907454e2b6faa947003184878d70555be3073132e677b4606032907ca91fSHA1: fa54cde378d2f45ce09e3eb72eb13369a6575b4bMD5: 1cb05585c3264a6c3c70d9c56c4792ce |
M20-2yl01 | DOGcall_dc6c2033 | Windows |
This strike sends a polymorphic malware sample known as DOGcall. DOGcall aslo known as ROKRat is a family of malware that was initially seen from attackers originating from North Korea. The malware has a loader that drops the core payload. This sample is the final payload, and it is a Remote Access Trojan that provides the attacker with a number of functions including data exfiltration, credential harvesting, screenshots of the system, and communicating with a remote C2 server for additional received commands.The binary has random contents appended in one of the existing sections in the PE file format. | dc6c20333f94a04c6cdea4fe9211ac09 | https://arxiv.org/abs/1801.08917SHA256: 3c79fbaaa59377075068e6f0d6a8835c558e396bf4c3604ce7a431be67b424ebSHA1: ebc79c9c4b1a59f1f59fe59006446938f0fa04dePARENTID: M20-hccx1SSDEEP: 12288:cbeQm0+6dUlyAcdqfAkMvGpns9gKYLd+NjhzZkZf75:ADuJGv2ns9XRkZfVMD5: dc6c20333f94a04c6cdea4fe9211ac09 |
M20-iyxr1 | ZeroAccess_b5b0b385 | Windows |
This strike sends a polymorphic malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.The binary has random strings (lorem ipsum) appended at the end of the file. | b5b0b385842df2d28e13532b05996e7b | https://attack.mitre.org/techniques/T1009/SHA256: 956d07d44f0da1a9356da1a99a6962fef3ea6b3547a0e5acad43389006109a6fSHA1: 37f13f10c94efc9648155a98b987fd70a7743fbaPARENTID: M20-slow1SSDEEP: 3072:rEUIFarjgd+x6FNCYkvRBjtAWyUOJQydy/x0NZDTwb2Rl:rEU8qjc+8DCYGBjtLqHM0Ndb/MD5: b5b0b385842df2d28e13532b05996e7b |
M20-npww1 | ZeroAccess_98f3a2ab | Windows |
This strike sends a polymorphic malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.The binary has the timestamp field updated in the PE file header. | 98f3a2ab6191279de94de7a956c53dc5 | https://attack.mitre.org/techniques/T1099/SHA256: 7027f4196799de02cc3e5690d984ac9f1b85d30b77497079a3449f936dfb6c42SHA1: da00cf1eb1266c084042c067f21dc02401a3a296PARENTID: M20-vt1r1SSDEEP: 3072:8ENUaxmelEAzhZ8mwoLt/JVUP0ef3obqHHO4Zmw8yP/40tZDTwb2Im:8ENUxovX8mwoLt/LUP0Id4DZ0tdbMD5: 98f3a2ab6191279de94de7a956c53dc5 |
M20-7qok1 | HawkEye_65e73f93 | Windows |
This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media. | 65e73f938774b6dfadea69ac7cb37193 | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: cc967f71c2e3a2c54ce25312ed1087cc34a7e0d42606b4f0d401a7a391f47eccSHA1: e8564295f82b85875cf89c21d78cc33fce81f1b8MD5: 65e73f938774b6dfadea69ac7cb37193 |
M20-ay8h1 | ZeroAccess_569b2af9 | Windows |
This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 569b2af985cb1f4b9b368444889d13c4 | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 13c49095c22376a2ccb73ebc18e57b8ad8d8fd58997007115b70bb116244d763SHA1: 63666fdf40ce1f3f68152295ac31b707dcd6562cMD5: 569b2af985cb1f4b9b368444889d13c4 |
M20-u1nq1 | Exorcist_7e415d5a | Windows |
This strike sends a malware sample known as Exorcist. Exorcist is a new ransomware as a service that is distributed through Pastebin embedded in a Powershell script that loads itself directly in memory. | 7e415d5a1b1235491cb698eb14817d31 | https://twitter.com/VK_Intel/status/1286028389518901248SHA256: a7e27cc38a39ff242da39d05e04b95ea9b656829dfe2e90e8226351da8813d7dSHA1: ca1a94c1be4e51da577e51957428263ca9c0c0abMD5: 7e415d5a1b1235491cb698eb14817d31 |
M20-orul1 | Cerber_8baa9694 | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 8baa96945edfd47b00622762f66af5ff | https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.htmlSHA256: 18c4f60df01b00809a5affabfa5ba04a724e4d4a98ab7e9fb83e9f627aa789e1SHA1: 5e83b0b872cc03d0d0294145eb5b9539b6392fdcMD5: 8baa96945edfd47b00622762f66af5ff |
M20-9mq21 | ZeroAccess_0d6be0ae | Windows |
This strike sends a polymorphic malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.The binary has random bytes appended at the end of the file. | 0d6be0aedd9217ecd67e329f37479768 | https://attack.mitre.org/techniques/T1009/SHA256: 7b38f0975be4bd43c06298c88d31ceee10747423943a9346763dfdaf1887eb9aSHA1: cd3575b62884a79f8c0edce461f1aa435195c62ePARENTID: M20-vt1r1SSDEEP: 3072:5ENUaxmelEAzhZ8mwoLt/JVUP0ef3obqHHO4Zmw8yP/40tZDTwb2ImE:5ENUxovX8mwoLt/LUP0Id4DZ0tdb0MD5: 0d6be0aedd9217ecd67e329f37479768 |
M20-ojwy1 | HawkEye_f0d75fb8 | Windows |
This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media. | f0d75fb839b44dc8d064b7bf8295f94d | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 544f6d58158bbc5e36692c74722101571e167a65fe72c70a9d13522b5e72c18aSHA1: 69a163a71a33da5348b70e1e9c4c52c9d0390f21MD5: f0d75fb839b44dc8d064b7bf8295f94d |
M20-zhk41 | Cerber_e122bb15 | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | e122bb15a9fe5912c2812e5517760477 | https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.htmlSHA256: 5adf50576a375547c4775341535461d49078234283379e17bba88465cd286f7cSHA1: aa9f6a4fcf623b89023da83c23882643cba9b5beMD5: e122bb15a9fe5912c2812e5517760477 |
M20-vrgu1 | ZeroAccess_9be94e1a | Windows |
This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 9be94e1ac5349f1265c0627b48fd0fa6 | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 32444739f82129df10cb9ec20b0efff24fde19415e4829edfad35d0eca9e37bfSHA1: a75278c4f71417018528369df3365954971ca9b4MD5: 9be94e1ac5349f1265c0627b48fd0fa6 |
M20-hrez1 | Cerber_ae6e64f2 | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | ae6e64f2fe99eea396b7167192c091f8 | https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.htmlSHA256: 6959e3521c3ce4a39a250cfb899f52cc74b6bd1a7a1ba4ee03d4766210346fa3SHA1: f9cda58cf62557085ac86bf0ced62570644a0a66MD5: ae6e64f2fe99eea396b7167192c091f8 |
M20-xvpr1 | ZeroAccess_194fc911 | Windows |
This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 194fc911595fb4024d0e008946ec6b18 | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 1cce1a38e7ded5ab7d23928b730f514ac05c6c97107e89e293ac7590cc84b455SHA1: fe986ea201862dff2bef345418835052910a502aMD5: 194fc911595fb4024d0e008946ec6b18 |
M20-0dl21 | LATENTBOT_5446022c | Windows |
This strike sends a malware sample known as LATENTBOT. LATENTBOT is a malware which may be used to harvest credentials, encrypt and ransom an infected target, or wipe the infected hard drive. It has been found in the wild since 2013. | 5446022c6d14a45fd6ef412a2d6601c5 | https://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.htmlSHA256: cb2c0ea31f33540ea223b777888d3580d32ba8ed73519ea6fafcda5238a0772dSHA1: 08fb0245cadb2a0ee74aec2b7099d0377308993cMD5: 5446022c6d14a45fd6ef412a2d6601c5 |
M20-vt1r1 | ZeroAccess_9ea002e2 | Windows |
This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 9ea002e2ac906ab1aeaa2c85486955bd | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 3730b1bedfa415b29e894ec046500518632997a3891757b70bf3d78d2c4bc879SHA1: ed42de3f8149f331326198a0b4d29a3c197cd358MD5: 9ea002e2ac906ab1aeaa2c85486955bd |
M20-e4ls1 | ZeroAccess_2d3ecd00 | Windows |
This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 2d3ecd0011581f113735ffd46ef8fc22 | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 2bf2b2f2b05ce861866ce6037f249676386d188a9167690cccc80ecc2bcc84c6SHA1: 94527d0d3644cf701459bcc337a7208be0af2f8cMD5: 2d3ecd0011581f113735ffd46ef8fc22 |
M20-rrh02 | ZeroAccess_8f15b013 | Windows |
This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 8f15b0136b3fbc214755ac1fa2f3347e | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 30748c87416d2c5f6a711a2f2f84d585062f709225ccf691f86ea498cdeacba3SHA1: 5d9dd74e93e1adfe33683d33e3ae04db099997edMD5: 8f15b0136b3fbc214755ac1fa2f3347e |
M20-qkxm1 | Exorcist_cb3a1463 | Windows |
This strike sends a malware sample known as Exorcist. Exorcist is a new ransomware as a service that is distributed through Pastebin embedded in a Powershell script that loads itself directly in memory. | cb3a1463f4fd3e74b8f1ca5e73b81816 | https://twitter.com/VK_Intel/status/1286028389518901248SHA256: 8da469200a4b3899b23a34232eec537f12c621aa3c8766a9745d8ff721ef5296SHA1: 2007db72d68b6c63e906aa625196a3b4ddd01a51MD5: cb3a1463f4fd3e74b8f1ca5e73b81816 |
M20-i5sh1 | ZeroAccess_49158788 | Windows |
This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 49158788220d59f7692de831f7e64175 | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 13459c39decf77e6570f70a4452ca88b44b890800970bff0ca8b4ccf168db12eSHA1: b9c7532182724ddde73eb8005f1813fb906aecb4MD5: 49158788220d59f7692de831f7e64175 |
M20-tytl1 | Cerber_d08b6626 | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | d08b6626b95874a16a0b4aee087b9536 | https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.htmlSHA256: 29b05e9f79e56a480421ca565d2ae57b6db6e6b54e15d603534686bbde6c5759SHA1: 0fbca35bbdbf0037802c1b1be663f5bf606a69f8MD5: d08b6626b95874a16a0b4aee087b9536 |
M20-j69i1 | Exorcist_8cc13fea | Windows |
This strike sends a malware sample known as Exorcist. Exorcist is a new ransomware as a service that is distributed through Pastebin embedded in a Powershell script that loads itself directly in memory. | 8cc13fea61cc0ba1382a779ee46726f0 | https://twitter.com/VK_Intel/status/1286028389518901248SHA256: eeb8a83d7532797d39d060ffb2a65562e8d803c4dbd8379289f99367cac2f850SHA1: bd8ef46a02085153605a87fcc047f7ef3d0c4131MD5: 8cc13fea61cc0ba1382a779ee46726f0 |
M20-g7mg1 | VHD_2d5da841 | Windows |
This strike sends a polymorphic malware sample known as VHD.The binary has a random section name renamed according to the PE format specification. VHD is believed to be a high profile targeted ransomware owned and operated by the Lazarus Group. It encrypts all files on connected devices and deletes folders named "System Volume Information". The program also employs some interesting techniques such as, the ability to stop processes that could be locking important files, a mechanism to resume operations if the encryption process is interrupted, and it's copied and executed through WMI calls. | 2d5da841280f2544e0516cfb40f2a0a9 | https://arxiv.org/abs/1801.08917SHA256: 484f0943385861d91cc0e8bdc7128dacc1b5e367edea906d8fcd1ddf1a268c3dSHA1: 0d4847681799f5aa38876d033156720c44354bb4PARENTID: M20-rpz71SSDEEP: 1536:YN5P9xb8ZqPbKx3U58YjdZqV355b38poNqa8tCBwFn5BcqMqqU+7upEu4:YN4aEU58oqZ5jT8s+cqMqqD7upEu4MD5: 2d5da841280f2544e0516cfb40f2a0a9 |
M20-ke151 | LATENTBOT_af15076a | Windows |
This strike sends a malware sample known as LATENTBOT. LATENTBOT is a malware which may be used to harvest credentials, encrypt and ransom an infected target, or wipe the infected hard drive. It has been found in the wild since 2013. | af15076a22576f270af0111b93fe6e03 | https://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.htmlSHA256: 46aaea7273e79f046f7f938941a90c09fa3c04af677ef52f9ce7b1b8a3e40938SHA1: 02d17707c6f98d84d8d18bc023a2fc5b7529e33eMD5: af15076a22576f270af0111b93fe6e03 |
M20-wyxj1 | LATENTBOT_6ea9d27d | Windows |
This strike sends a malware sample known as LATENTBOT. LATENTBOT is a malware which may be used to harvest credentials, encrypt and ransom an infected target, or wipe the infected hard drive. It has been found in the wild since 2013. | 6ea9d27d23646fc94e05b8c5e921db99 | https://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.htmlSHA256: 99573b10c10277d3b695f55fa7f0a6dbfd74a5c14393b2fd9edb56a94a6dab2aSHA1: fb7f88abe94b4a0bd31a4bfaffad80db9fca678bMD5: 6ea9d27d23646fc94e05b8c5e921db99 |
M20-aty01 | ZeroAccess_e30a52b5 | Windows |
This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | e30a52b5e3ba0ead21a352895e02f83a | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 06b5a57ea7803b52eb7f6cec3af051dd37127327d060e5247f10f2f31a1a10f2SHA1: 6fb9a827174baa672fe74cfd9d20185d0e3c8eadMD5: e30a52b5e3ba0ead21a352895e02f83a |
M20-vtg21 | ZeroAccess_c4c69c5a | Windows |
This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | c4c69c5acd63a6d9be8c893b56b43434 | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 2f8ca4f09c3ae69627663fdcabaf70eb71d1860a6959e8a76c8c80f58690f727SHA1: c962d49d63a572f20fadc677f305a0371e4fea3cMD5: c4c69c5acd63a6d9be8c893b56b43434 |
M20-szh91 | Cerber_de77b672 | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | de77b6722ec5f99fc2e5d562ebb6e864 | https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.htmlSHA256: 0712fdbf593406d803bfc4638264b7a5d8dc95316d4988079828106e6f6925e3SHA1: 446963841c3cea1c203afe003ee7e6108116d9ccMD5: de77b6722ec5f99fc2e5d562ebb6e864 |
M20-2r9f1 | Cerber_a6fe0fda | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | a6fe0fda24d5a34b151ba42d11d3af2b | https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.htmlSHA256: 34959098859ac166ece6bf7c8edc1f28feefa4cec1f26eeb531466449ee4345dSHA1: 1b74e9cb36473bb8c1b7839c708199ccab5fb4c1MD5: a6fe0fda24d5a34b151ba42d11d3af2b |
M20-2k0f1 | ZeroAccess_9aa64232 | Windows |
This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 9aa64232ca7425b4831bb10687293399 | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 39f354ab2ab87d5232a50faf54945c1d135bacda212cb3e21b8e3707eb5f8372SHA1: 04fd8e73b0b4483c9bd0e9f14be45c8c05017713MD5: 9aa64232ca7425b4831bb10687293399 |
M20-rpz71 | VHD_dd00a861 | Windows |
This strike sends a malware sample known as VHD. VHD is believed to be a high profile targeted ransomware owned and operated by the Lazarus Group. It encrypts all files on connected devices and deletes folders named "System Volume Information". The program also employs some interesting techniques such as, the ability to stop processes that could be locking important files, a mechanism to resume operations if the encryption process is interrupted, and it's copied and executed through WMI calls. | dd00a8610bb84b54e99ae8099db1fc20 | https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/SHA256: 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473SHA1: 3d31b2f6a6c59194cad3347d08197bd79f020274MD5: dd00a8610bb84b54e99ae8099db1fc20 |
M20-ez7x1 | ZeroAccess_ba15b25f | Windows |
This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | ba15b25f7eac496cc69525ac079338ff | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 05b4adf6c681db28bbef8e60349a6763df7be81bcd6e137f90ddbe0856f9cd4dSHA1: 583b68aeca848c03bbd4f8bcafe84876fbb47821MD5: ba15b25f7eac496cc69525ac079338ff |
M20-qtuh1 | Cerber_dbe1d59a | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | dbe1d59af02ee4e9ad739f6261b01648 | https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.htmlSHA256: 350cafe8a66a3bebfc84fe7c9fc5533a976a476354583e840364e8c9d0ee1cb9SHA1: e7ed5e94e94faab732346ae8baa1589cf1092d37MD5: dbe1d59af02ee4e9ad739f6261b01648 |
M20-x4gi1 | HawkEye_a818e1ed | Windows |
This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media. | a818e1ed86f7fa07ac47954694bc91fe | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: aba452ab6580b4ec6182fc8a662c8197496792b5d19af680ccc155d56c36b465SHA1: 770bf25d96a36b04de90cea8b97526660edb0442MD5: a818e1ed86f7fa07ac47954694bc91fe |
M20-63f21 | HawkEye_88b882aa | Windows |
This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media. | 88b882aacd9a1ca0f1f7304c21aaae66 | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 249eb266faaf08964a5da1f666a9f0ba2f2dd645a6fd3787c168d7a6e5d4d7b3SHA1: 0bb017c67f760f747e40be53771201e3141b763dMD5: 88b882aacd9a1ca0f1f7304c21aaae66 |
M20-m6zl1 | LATENTBOT_fa20c7f3 | Windows |
This strike sends a polymorphic malware sample known as LATENTBOT. LATENTBOT is a malware which may be used to harvest credentials, encrypt and ransom an infected target, or wipe the infected hard drive. It has been found in the wild since 2013.The binary has a random section name renamed according to the PE format specification. | fa20c7f3e1091c12dde319acf4b75b9a | https://arxiv.org/abs/1801.08917SHA256: f82f5652d0a825a04313512c84f7f806f15d7c375ec3169e7384ed6ff60af1a5SHA1: 9e0d78cccc353741c0c0a9fa06f3a624bd673eccPARENTID: M20-5u4k1SSDEEP: 49152:prG2NAFop+qvBOedFLib4cz8kneCdpUz+P:pWFodvBOaFLiEfoe9z+PMD5: fa20c7f3e1091c12dde319acf4b75b9a |
M20-b17z1 | ZeroAccess_4c6089f9 | Windows |
This strike sends a polymorphic malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.The binary has random contents appended in one of the existing sections in the PE file format. | 4c6089f91462f9f07d0de266688420e1 | https://arxiv.org/abs/1801.08917SHA256: 1f86e137f43a4c4cd2bd5e647adc1ddd6afea0bea5e1940d9049507d73d63c00SHA1: f79e25add7b9aded6e062346eefcc26150837999PARENTID: M20-vt1r1SSDEEP: 3072:vENUaxmelEAzhZ8mwoLt/JVUP0ef3obqHHO4Zmw8yP/40tZDTwb2Iw:vENUxovX8mwoLt/LUP0Id4DZ0tdbMD5: 4c6089f91462f9f07d0de266688420e1 |
M20-zdt31 | Exorcist_f4009abe | Windows |
This strike sends a malware sample known as Exorcist. Exorcist is a new ransomware as a service that is distributed through Pastebin embedded in a Powershell script that loads itself directly in memory. | f4009abe9f41da41e48340c96e29d62c | https://twitter.com/VK_Intel/status/1286028389518901248SHA256: 6db3aae21a6d80857c85f58c4c8b2cf9c6b7f8b8a9ab1d5496d18eaf9bd0bd01SHA1: 01636cd2ab7eada533ded51728acd8cd99020c57MD5: f4009abe9f41da41e48340c96e29d62c |
M20-4nn91 | ZeroAccess_079c063f | Windows |
This strike sends a polymorphic malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.The binary has random bytes appended at the end of the file. | 079c063f97182ef3c31dfa5707c9909f | https://attack.mitre.org/techniques/T1009/SHA256: db38744989f553084e95a5ab04f2a98d1b9f2919d374e8d9a4e2654e0872a875SHA1: f6310a9a0b2aec8671958c3e2eb8c1c37148b6e9PARENTID: M20-slow1SSDEEP: 3072:rEUIFarjgd+x6FNCYkvRBjtAWyUOJQydy/x0NZDTwb2Rj:rEU8qjc+8DCYGBjtLqHM0NdbFMD5: 079c063f97182ef3c31dfa5707c9909f |
M20-kykt1 | Cerber_4d71d738 | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 4d71d738887d2bc046f732bf1f13391c | https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.htmlSHA256: 6edbea75b6b0904f0cbebda821805eeb3af462cde35d9af3d3ecdb6e8145e860SHA1: 988f8c67b7a4a92dfdfd5c5a045e9441aa11122aMD5: 4d71d738887d2bc046f732bf1f13391c |
M20-9x9l1 | Exorcist_5a63e7d3 | Windows |
This strike sends a malware sample known as Exorcist. Exorcist is a new ransomware as a service that is distributed through Pastebin embedded in a Powershell script that loads itself directly in memory. | 5a63e7d371dd69c5625f5b48da426c14 | https://twitter.com/VK_Intel/status/1286028389518901248SHA256: b1bcc54ef15f91d9291357eca02862174bd6158e95813eff1ab0c16ba48ff10eSHA1: 63a5bd8b7ed922ad5fe498d2a15a57d1d552055aMD5: 5a63e7d371dd69c5625f5b48da426c14 |
M20-c42m1 | Cerber_b7549aee | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | b7549aee594d32bcc4a8389b77ae412b | https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.htmlSHA256: 413eeaef11563646ef90407e4fdd8e0078f95dfd309fb2ada8728e45befbb313SHA1: 287f714064835f8b47f20b185194010f4cb27810MD5: b7549aee594d32bcc4a8389b77ae412b |
M20-wnru1 | ZeroAccess_539f9f37 | Windows |
This strike sends a polymorphic malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.The binary has random strings (lorem ipsum) appended at the end of the file. | 539f9f377347a58ffde24c5bf659697b | https://attack.mitre.org/techniques/T1009/SHA256: c2c964b5dd8fe884122198891327bd5e76c5ef32e3e465ae80032f6272fb5995SHA1: 669642065b1c423d4639d5343d6f57a5c7fd53d0PARENTID: M20-vt1r1SSDEEP: 3072:5ENUaxmelEAzhZ8mwoLt/JVUP0ef3obqHHO4Zmw8yP/40tZDTwb2Im8:5ENUxovX8mwoLt/LUP0Id4DZ0tdbsMD5: 539f9f377347a58ffde24c5bf659697b |
M20-71wv1 | Exorcist_79385ed9 | Windows |
This strike sends a malware sample known as Exorcist. Exorcist is a new ransomware as a service that is distributed through Pastebin embedded in a Powershell script that loads itself directly in memory. | 79385ed97732aee0036e67824de18e28 | https://twitter.com/VK_Intel/status/1286028389518901248SHA256: 8d684a790a5683b8decde9fb5a819c4a164d3032723a151a30ff26d3c2b1aabfSHA1: 2f65a2b8ac21b3505855f7b89551cc1f31bf636eMD5: 79385ed97732aee0036e67824de18e28 |
M20-98en1 | ZeroAccess_218c68ce | Windows |
This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 218c68ce147d4b49365e643806d0b1cb | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 37762286cb02f4c93d6735764fc0c9c727f8886129a0b017f727c339b08cb39aSHA1: 48a4804b435dd0bd3befe2bfadb7d2587a35b3ecMD5: 218c68ce147d4b49365e643806d0b1cb |
M20-rx3d1 | Cerber_9f2a535d | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 9f2a535d3d35f990f291c3bbb0c0fc8a | https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.htmlSHA256: 2778aa52eaf8d8fa2950cd2ef50faae6f49c9d7e0c55d813a36613fe63a3be73SHA1: 12346271cbfebcf4da42e4cbce118eff9455fe61MD5: 9f2a535d3d35f990f291c3bbb0c0fc8a |
M20-k95s1 | Cerber_8e3ff00e | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 8e3ff00e2f4ffb177b991b68f8975001 | https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.htmlSHA256: 24f656fed8bb0ea0e5cca4422dd61a3b7a2eeeccff942403429f722cfcdef5a3SHA1: 85cf77cc1d7dd3d3e133f764ae025e8f0fc03e83MD5: 8e3ff00e2f4ffb177b991b68f8975001 |
M20-wde81 | HawkEye_bc66e2a1 | Windows |
This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media. | bc66e2a191d06f12b1a035975660052b | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 4a3197916ff9e336d191baf4e284407d6774119b733bc194ddc89e649ec1db33SHA1: d99332f2f99d2ef34cf3b47e2749e63c80237ad7MD5: bc66e2a191d06f12b1a035975660052b |
M20-ebbi1 | HawkEye_f4274360 | Windows |
This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media. | f4274360fefd50fb219f0ec648bf015e | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 6f0f235b4b8977922739508a3cda37cb80662f5e3114e9aeb85ff61b60164a3dSHA1: 3faadaf938bd586fe9756a8d123569da5f29e64eMD5: f4274360fefd50fb219f0ec648bf015e |
M20-hccx1 | DOGcall_394e52e2 | Windows |
This strike sends a malware sample known as DOGcall. DOGcall aslo known as ROKRat is a family of malware that was initially seen from attackers originating from North Korea. The malware has a loader that drops the core payload. This sample is the final payload, and it is a Remote Access Trojan that provides the attacker with a number of functions including data exfiltration, credential harvesting, screenshots of the system, and communicating with a remote C2 server for additional received commands. | 394e52e219feb1a5c403714154048728 | https://www.carbonblack.com/blog/threat-analysis-rokrat-malware/SHA256: 2ca7c2048f247b871e455a9ac8bcb97927dd284477e7c2c4d2454509f97413b5SHA1: 16468fbc241be27b32ececa645898915e2e4ec94MD5: 394e52e219feb1a5c403714154048728 |
M20-n1e61 | ZeroAccess_c4e7f9c9 | Windows |
This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | c4e7f9c9224801d1811880efb64d1398 | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 0613e2173bfb29e045412fa140712fcefd84c630544d3c56ecab662bc5fcd983SHA1: f41b58d9e41327b756aa5cf14ed9c56df8248442MD5: c4e7f9c9224801d1811880efb64d1398 |
M20-y9411 | VHD_fa1f20d9 | Windows |
This strike sends a polymorphic malware sample known as VHD.The binary has random bytes appended at the end of the file. VHD is believed to be a high profile targeted ransomware owned and operated by the Lazarus Group. It encrypts all files on connected devices and deletes folders named "System Volume Information". The program also employs some interesting techniques such as, the ability to stop processes that could be locking important files, a mechanism to resume operations if the encryption process is interrupted, and it's copied and executed through WMI calls. | fa1f20d928ae60a5dedcd3522dde2252 | https://attack.mitre.org/techniques/T1009/SHA256: 824936d626c2bbfc30da6a6767411ee84a1df8c98b6ac4ea24d5a59ec799a637SHA1: fac5ca38e4b0152ea6de2cfa4f3c4a47881889baPARENTID: M20-rpz71SSDEEP: 1536:CN5P9xb8ZqPbKx3U58YjdZqV355b38poNqa8tCBwFn5BcqMqqU+7upEu46B1:CN4aEU58oqZ5jT8s+cqMqqD7upEu46XMD5: fa1f20d928ae60a5dedcd3522dde2252 |
M20-sagy1 | Cerber_f6486529 | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | f6486529e6ae82d03dca5889ff20e8d7 | https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.htmlSHA256: 6a49ffcb3ddb3a8912c3f75ae35b846913b6d3cc6303c395f251b3e66ee1621cSHA1: 7327dbc4d9b2315e382fd2b7bbf7614ddf048245MD5: f6486529e6ae82d03dca5889ff20e8d7 |
M20-xjvr1 | LATENTBOT_4135552b | Windows |
This strike sends a malware sample known as LATENTBOT. LATENTBOT is a malware which may be used to harvest credentials, encrypt and ransom an infected target, or wipe the infected hard drive. It has been found in the wild since 2013. | 4135552b0045e7d67b26167f43b88a30 | https://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.htmlSHA256: 370ea3f098df7064faf4ee7456588d023b35c497a362add49853e90090f8b6dfSHA1: 8f571ebb8b8ca739dade2d0cad262d18db506df7MD5: 4135552b0045e7d67b26167f43b88a30 |
M20-opj91 | VHD_ccc6026a | Windows |
This strike sends a malware sample known as VHD. VHD is believed to be a high profile targeted ransomware owned and operated by the Lazarus Group. It encrypts all files on connected devices and deletes folders named "System Volume Information". The program also employs some interesting techniques such as, the ability to stop processes that could be locking important files, a mechanism to resume operations if the encryption process is interrupted, and it's copied and executed through WMI calls. | ccc6026acf7eadada9adaccab70ca4d6 | https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/SHA256: 73a10be31832c9f1cbbd798590411009da0881592a90feb472e80025dfb0ea79SHA1: 800c8a12ac05459197256940e32234b9bc2db08bMD5: ccc6026acf7eadada9adaccab70ca4d6 |
M20-5u4k1 | LATENTBOT_47f220f6 | Windows |
This strike sends a malware sample known as LATENTBOT. LATENTBOT is a malware which may be used to harvest credentials, encrypt and ransom an infected target, or wipe the infected hard drive. It has been found in the wild since 2013. | 47f220f6110ecba74a69928c20ce9d3e | https://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.htmlSHA256: 45aefcd50e62d9d5a9535d9d99f78a5c6725fd7ffcd378ef181d3dbbf2a115a5SHA1: e88679c01bba1a880e54ce699e1555285ada3619MD5: 47f220f6110ecba74a69928c20ce9d3e |
M20-07gu1 | ZeroAccess_49570ea4 | Windows |
This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 49570ea4a111bb82d2ae773164f58c04 | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 31cecd5a427756b23d5fc757b7307df03157b53947dd737d345b8e7864ee44caSHA1: 321c875113e77896a7f415abb4860e2a40742f4fMD5: 49570ea4a111bb82d2ae773164f58c04 |
M20-ikwy1 | ZeroAccess_b2401b9b | Windows |
This strike sends a polymorphic malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.The binary has the checksum removed in the PE file format. | b2401b9b875c7259ca8ed1b833c63dea | https://arxiv.org/abs/1801.08917SHA256: 7ea363fc7e7ff355d212a74b8ff48609b64a0365320fa48ae4df854aca117375SHA1: 3cc75e0f862c425cd5632daa02869a31e82fb306PARENTID: M20-vt1r1SSDEEP: 3072:PENUaxmelEAzhZ8mwoLt/JVUP0ef3obqHHO4Zmw8yP/40tZDTwb2Im:PENUxovX8mwoLt/LUP0Id4DZ0tdbMD5: b2401b9b875c7259ca8ed1b833c63dea |
M20-cafi1 | HawkEye_3ba7171c | Windows |
This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media. | 3ba7171c8836de935a74799291ebca46 | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 15b0c6331f2eff371e176e24c3fe3f30c40c56e56f19412e89718f5f6ad91edaSHA1: 535d5c232fba95d042b3986f82af578edc1b45fbMD5: 3ba7171c8836de935a74799291ebca46 |
M20-dlsc1 | Cerber_aae16290 | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | aae16290207f1251b6b9510a50760323 | https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.htmlSHA256: 3f92bd7f208dafca5d89a7ba1145836f264336baab457f62269129028eb53ecdSHA1: 76c3fdcc8feb1846b61d2520ccaefbdcea691d10MD5: aae16290207f1251b6b9510a50760323 |
M20-2uua1 | ZeroAccess_353353e7 | Windows |
This strike sends a polymorphic malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.The binary has random contents appended in one of the existing sections in the PE file format. | 353353e771ca42fea2cb01005485fd8f | https://arxiv.org/abs/1801.08917SHA256: 3f94f98176abf4ba7545ef1afeed5ba3964dc09fdf31e8c2a5c5d15aff21790eSHA1: e8a636393698a263fcdb92b3171dc34e50cf146bPARENTID: M20-slow1SSDEEP: 3072:tEUIFarjgd+x6FNCYkvRBjtAWyUOJQydy/x0uZDTwb2R:tEU8qjc+8DCYGBjtLqHM0udbMD5: 353353e771ca42fea2cb01005485fd8f |
M20-j5ka1 | LATENTBOT_4d0b1402 | Windows |
This strike sends a malware sample known as LATENTBOT. LATENTBOT is a malware which may be used to harvest credentials, encrypt and ransom an infected target, or wipe the infected hard drive. It has been found in the wild since 2013. | 4d0b14024d4a7ffcff25f2a3ce337af8 | https://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.htmlSHA256: b43b45748709d4c332f0487c10cb4e97dfcad63db4d74acce6d85fe90787dcc3SHA1: 8dc665e939c9f5e301a54ed542b5f01280b266fdMD5: 4d0b14024d4a7ffcff25f2a3ce337af8 |
M20-8au81 | Exorcist_55e43a8a | Windows |
This strike sends a polymorphic malware sample known as Exorcist. Exorcist is a new ransomware as a service that is distributed through Pastebin embedded in a Powershell script that loads itself directly in memory.The binary has a random section name renamed according to the PE format specification. | 55e43a8a489e4c9756a6375a15b2f102 | https://arxiv.org/abs/1801.08917SHA256: 9d53b77ca6527237bfa47486e9805b2171144fc41ecf38b11db9d9bb538bcf58SHA1: 44921473ec4473a3e59ce32a45a166a38bf43da2PARENTID: M20-vxhj1SSDEEP: 768:Y/w63PwCrEBP+2XES4nrr+nsUeO3za+7dqqtDbruFBT8QFJFmxCTXY+PNqHliQyW:KWQRnrUZJrCgahY+PY1/zMD5: 55e43a8a489e4c9756a6375a15b2f102 |
M20-than1 | ZeroAccess_3a328207 | Windows |
This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 3a3282073f5d36d0e2edd18fa20bcb5d | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 264b224641e979ede2e2c2fdf41a29db5419184e1c589864193fbb373c1bb72bSHA1: fc25611cb856308715e4751d33e6e55e199f9287MD5: 3a3282073f5d36d0e2edd18fa20bcb5d |
M20-u46p1 | Exorcist_0d256ab0 | Windows |
This strike sends a malware sample known as Exorcist. Exorcist is a new ransomware as a service that is distributed through Pastebin embedded in a Powershell script that loads itself directly in memory. | 0d256ab0a8b8b7a3b3d4aaf566189ca6 | https://twitter.com/VK_Intel/status/1286028389518901248SHA256: f86e27e58356c554269b93713ea53b797d92359f0abb25bf70fe2de278278f7fSHA1: 2f0142e0f5a21822fd9e391246b6cc470f4089a1MD5: 0d256ab0a8b8b7a3b3d4aaf566189ca6 |
M20-9jhi1 | Cerber_047b31ba | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 047b31ba3dfe6a21c2249f646b178cc7 | https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.htmlSHA256: 03c87da71be399ace0ed9a4ebf95e2b95d32060f273fd8ea8001e25d08cd54ddSHA1: 6266e9c5396a5e8c15b08950ecc46d29eb95c67bMD5: 047b31ba3dfe6a21c2249f646b178cc7 |
M20-pkgi1 | ZeroAccess_c352fae2 | Windows |
This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | c352fae2894124a4c4e7e9c5ff99f8e5 | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 3000d4944b8ddc0a992c63129028c40ea1639faf48abc2054e5ca11304fbf7b6SHA1: 021339ec1dc3850503bbda1c181816d98711ca98MD5: c352fae2894124a4c4e7e9c5ff99f8e5 |
M20-d0js1 | Exorcist_e763b9a8 | Windows |
This strike sends a polymorphic malware sample known as Exorcist. Exorcist is a new ransomware as a service that is distributed through Pastebin embedded in a Powershell script that loads itself directly in memory.The binary has been packed using upx packer, with the default options. | e763b9a8460c2dc9a1229d0c8bf71ab4 | https://attack.mitre.org/techniques/T1045/SHA256: a48fec2cd9b43646537f03028cf69c809d6914cc63a36535bd80adae5bb936aaSHA1: 7772956346d9cfbb099f07f82ac12a92cc49d36fPARENTID: M20-vxhj1SSDEEP: 384:SfGS/SzuVgu+vufbo8YUSCw1et0HXSZFbSSfkZw51VBahZ26UcoUzOpq6:St/3+vuDzzSCw1HXkFiQVB6oUqppMD5: e763b9a8460c2dc9a1229d0c8bf71ab4 |
M20-ppaq1 | Cerber_53d0d6a8 | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 53d0d6a85e1c7722ab507955473438dd | https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.htmlSHA256: 2b2acc6a166aa30ff190af2b95ccbe0b31596f5ddf24661a062630a2eaafe516SHA1: 2c86944641394951b8ef45046268874ba107c917MD5: 53d0d6a85e1c7722ab507955473438dd |
M20-mkl51 | Exorcist_fa4c4ac8 | Windows |
This strike sends a malware sample known as Exorcist. Exorcist is a new ransomware as a service that is distributed through Pastebin embedded in a Powershell script that loads itself directly in memory. | fa4c4ac8b9c1b14951ae8add855f34e8 | https://twitter.com/VK_Intel/status/1286028389518901248SHA256: bf6e5f9d060ebc5bb70144ca6e795bfc249c6590ab9f45e258ec9b5f3d49eeb6SHA1: c5049dbdee3aaaf3a794edda02554789a25389bfMD5: fa4c4ac8b9c1b14951ae8add855f34e8 |
M20-q6ds1 | ZeroAccess_7dbfa1f4 | Windows |
This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 7dbfa1f42d8fb465ebdf98f564196984 | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 1f261e7108e46792076ed1231596ad584c25f8bd72e000cda3359562f24cbcb6SHA1: 9ade43d292ccfeea258b7caa954f511cb50177efMD5: 7dbfa1f42d8fb465ebdf98f564196984 |
M20-e87q1 | ZeroAccess_55d36baa | Windows |
This strike sends a polymorphic malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.The binary has the checksum removed in the PE file format. | 55d36baac8bea015ef59279f331b6c88 | https://arxiv.org/abs/1801.08917SHA256: 5c7e88ff6a86bb1cf5066b24a48618e09b769c580a0d73a5fcf2388e6a6ce9a4SHA1: 2cf7aa9f9f6c55b863f839a79306f4c65a282b2dPARENTID: M20-slow1SSDEEP: 3072:rEUIFarjgd+x6FNCYkvRBjtAWyUOJQydy/x0NZDTwb2R:rEU8qjc+8DCYGBjtLqHM0NdbMD5: 55d36baac8bea015ef59279f331b6c88 |
M20-d8pc1 | LATENTBOT_5eaf2d54 | Windows |
This strike sends a polymorphic malware sample known as LATENTBOT. LATENTBOT is a malware which may be used to harvest credentials, encrypt and ransom an infected target, or wipe the infected hard drive. It has been found in the wild since 2013.The binary has the timestamp field updated in the PE file header. | 5eaf2d547323c5bbb89290ae1cbf9ab5 | https://attack.mitre.org/techniques/T1099/SHA256: 6fab9d6547e7947cc42bc5e3bae8a8330c1d6d2531d64dc92decd78d52a8e6c6SHA1: 67fa5dbd25279219127a0a75e10af9152b5200acPARENTID: M20-bu9q1SSDEEP: 6144:C6oO0wbHincoS1kM5sLrJwIZHjX9FbjoyS:C6oO0eHacwMSLm0z9lVSMD5: 5eaf2d547323c5bbb89290ae1cbf9ab5 |
M20-71zh1 | ZeroAccess_51d0091f | Windows |
This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 51d0091fd150543df73799749056996f | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 039f37371da4173924ee5fdaa33dd7429cd56bdc35045c42167f7eed9efb2005SHA1: 927cb43156cdeafa36c91a14fa41da02e1432da8MD5: 51d0091fd150543df73799749056996f |
M20-lcy71 | ZeroAccess_11451aa1 | Windows |
This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 11451aa12c105af614f8271381983400 | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 1d9ce6eedd04b81f61b96f3537214e290efef23a3aa2f31a55744a3feaadf4e1SHA1: e392aff11c833b98bb69022618999c1f49fb19a6MD5: 11451aa12c105af614f8271381983400 |
M20-vxhj1 | Exorcist_d4d32e75 | Windows |
This strike sends a malware sample known as Exorcist. Exorcist is a new ransomware as a service that is distributed through Pastebin embedded in a Powershell script that loads itself directly in memory. | d4d32e7583b3fd8363ded73c91ed3d08 | https://twitter.com/VK_Intel/status/1286028389518901248SHA256: 2b37a372626063afce9e08199342a41bbe4183b0d5ba7864ff61eb6e6f7c4fdfSHA1: 4079602dce0fb495ed0ec97c5aea5988127fb50cMD5: d4d32e7583b3fd8363ded73c91ed3d08 |
M20-kztm1 | ZeroAccess_e8a0eeaf | Windows |
This strike sends a polymorphic malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.The binary has the timestamp field updated in the PE file header. | e8a0eeaf2c2ef871660694530020cec6 | https://attack.mitre.org/techniques/T1099/SHA256: 7fdf01aa47db1607ba8768155ad497ba5b395cb7692e573cabdaff57775d3e4cSHA1: da0f71420d45f7b8cfcc518d0a5155b70dd0b10aPARENTID: M20-slow1SSDEEP: 3072:dEUIFarjgd+x6FNCYkvRBjtAWyUOJQydy/x0NZDTwb2R:dEU8qjc+8DCYGBjtLqHM0NdbMD5: e8a0eeaf2c2ef871660694530020cec6 |
M20-snny1 | ZeroAccess_5752712f | Windows |
This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 5752712ff20c633b34db7207cee893d2 | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 1cbc12777b9265341a1bcb4a4897d875577a7c3dccefda23c0b7c30d78dda71aSHA1: ffe140cbc76c17c2276a9ecd9b15d3aed4d3f938MD5: 5752712ff20c633b34db7207cee893d2 |
M20-7dxa1 | Cerber_5a381543 | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 5a3815434730fab61a38265930c678f9 | https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.htmlSHA256: 5ab3a63e8d334368280d566f526718a2a10c95073059a53a9707af0bb74eeb9bSHA1: 6c3e803fa996f51358fbe21cb52e901b76981bf8MD5: 5a3815434730fab61a38265930c678f9 |
M20-kl1w1 | HawkEye_bd568bca | Windows |
This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media. | bd568bcacc3b34646de7676d03ff741e | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 705b0cc2a09c0e5c34ad6eb5940263bf281285cdd99078e8766690de3aa28f54SHA1: 9aa3b889459f717f2cb6e81ef7151867b59630e6MD5: bd568bcacc3b34646de7676d03ff741e |
M20-wqis1 | Cerber_c48a35cf | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | c48a35cf1626e9cd2f2a4e5b2493790e | https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.htmlSHA256: 2eeab773c4cc1760a51cf0e0dee6e0fdb0b1e2c5ee81e14a297e379bf4f75fd4SHA1: 6778da03fbd9e08efce7148e05e9355fd19cf992MD5: c48a35cf1626e9cd2f2a4e5b2493790e |
M20-5s9t1 | VHD_efd4a87e | Windows |
This strike sends a malware sample known as VHD. VHD is believed to be a high profile targeted ransomware owned and operated by the Lazarus Group. It encrypts all files on connected devices and deletes folders named "System Volume Information". The program also employs some interesting techniques such as, the ability to stop processes that could be locking important files, a mechanism to resume operations if the encryption process is interrupted, and it's copied and executed through WMI calls. | efd4a87e7c5dcbb64b7313a13b4b1012 | https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/SHA256: 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306SHA1: 6a7296f56410d3ee007587020ad6864d5781b4bcMD5: efd4a87e7c5dcbb64b7313a13b4b1012 |
M20-j4kf1 | LATENTBOT_2d2484d5 | Windows |
This strike sends a malware sample known as LATENTBOT. LATENTBOT is a malware which may be used to harvest credentials, encrypt and ransom an infected target, or wipe the infected hard drive. It has been found in the wild since 2013. | 2d2484d578bfcd983acb151c89e5a120 | https://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.htmlSHA256: 295bc1a9feb90d0e882f6293832c37754b66a1263257ba1266a3bfc0b4bb7eeeSHA1: 4973ea0ed99aa37278a563b5be0c381601d34182MD5: 2d2484d578bfcd983acb151c89e5a120 |
M20-5vbk1 | HawkEye_f5968828 | Windows |
This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media. | f59688280c0e7c9122ba24ae6c1274b9 | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 71986aa0789a34b51fc2c4c4170bcb93b0237820434f2b15a69ddbae17aeaa77SHA1: 71d47298f1a8c055dd34d8c23dc7b802bf6f64b0MD5: f59688280c0e7c9122ba24ae6c1274b9 |
M20-zr9u1 | HawkEye_ed31cc34 | Windows |
This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media. | ed31cc349fffdc64e35ad4b149c06d55 | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: be9dfabe29a6c6b8cbbfbac2d813eb30ced6d53e88d861eae595dd9d5bad03a6SHA1: 4725a37fdae0fbc499f3f0a06b283cf59607533dMD5: ed31cc349fffdc64e35ad4b149c06d55 |
M20-2fvi1 | Exorcist_f188cf26 | Windows |
This strike sends a malware sample known as Exorcist. Exorcist is a new ransomware as a service that is distributed through Pastebin embedded in a Powershell script that loads itself directly in memory. | f188cf267d209a0209a25bda4bb75b86 | https://twitter.com/VK_Intel/status/1286028389518901248SHA256: 027d99aaaa6803a07d07ce0ba1fa66964388129d3b26dcf8621a3310692b0a61SHA1: 3ef4c199d1b5187784f4d709ab8e1cc6901716e8MD5: f188cf267d209a0209a25bda4bb75b86 |
M20-wl8v1 | LATENTBOT_2aaa53ce | Windows |
This strike sends a polymorphic malware sample known as LATENTBOT. LATENTBOT is a malware which may be used to harvest credentials, encrypt and ransom an infected target, or wipe the infected hard drive. It has been found in the wild since 2013.The binary has random strings (lorem ipsum) appended at the end of the file. | 2aaa53ce895c64e5c1e168f0b2d7ce2f | https://attack.mitre.org/techniques/T1009/SHA256: d8fe14a2801a429b90cb9027bd8437e5802d4db8d560957aa277d1ee02608685SHA1: 7faa14bdacf629c5959f2b1e9548150d59879d9cPARENTID: M20-5u4k1SSDEEP: 49152:prG2NAFop+qvBOedFLib4cz8kneCdpUz+PR:pWFodvBOaFLiEfoe9z+PRMD5: 2aaa53ce895c64e5c1e168f0b2d7ce2f |
M20-h9b31 | HawkEye_2a759d9c | Windows |
This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media. | 2a759d9cc498a190f3f8c71f57e65644 | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 136da8040b3d50523033e3054cb4e7aa63a3055e0d8b03d40d7fe376dfb9d7f2SHA1: 9b43a30662df0c827334b949caea8c69a4990319MD5: 2a759d9cc498a190f3f8c71f57e65644 |
M20-grmc1 | HawkEye_600fb168 | Windows |
This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media. | 600fb1681d639f913b70884da6996d5a | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: e12d967791f4c0b92202edcb1ff79ded976b543e22df3f5dbeb8d552533474bbSHA1: ecce15dc7ae33a40a5a2b63d93d93d3ae60266b6MD5: 600fb1681d639f913b70884da6996d5a |
M20-ek801 | ZeroAccess_1b80880f | Windows |
This strike sends a polymorphic malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.The binary has a random section name renamed according to the PE format specification. | 1b80880fd0c401f7a25e47e56105cf7b | https://arxiv.org/abs/1801.08917SHA256: 1130073e510f520a6a94abcc967049277dfa460cddd98416cb094f98398e6d34SHA1: e448a3ba5a277a7f4f21c3182889e1ae86028512PARENTID: M20-vt1r1SSDEEP: 3072:oENUaxmelEAzhZ8mwoLt/JVUP0ef3obqHHO4Zmw8yP/40tZDTwb2Im:oENUxovX8mwoLt/LUP0Id4DZ0tdbMD5: 1b80880fd0c401f7a25e47e56105cf7b |
M20-1qn21 | Cerber_d8aaf63d | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | d8aaf63dd0d7e7a646e8edc7fcc09f87 | https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.htmlSHA256: 40bc0cd77874e7fff3d9c3fccf64ce3676d870af88ea27caafb4b650aabe7593SHA1: 336472b3866a582098f266bd200f43727941b899MD5: d8aaf63dd0d7e7a646e8edc7fcc09f87 |
M20-slow1 | ZeroAccess_ff795bd8 | Windows |
This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | ff795bd814b0102b9d01ebd74b1f2b9b | https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.htmlSHA256: 38346650fafdeb425ad7fd1bcffe6d2ecc88d55fccb8924b1d2133be11a05eabSHA1: b160b18ef3de43fdb9ae808ada41f4a1f57becf7MD5: ff795bd814b0102b9d01ebd74b1f2b9b |
M20-aooa1 | Cerber_ebf48e14 | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | ebf48e14acaa333bc1049b9fd09838f0 | https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.htmlSHA256: 01a392328bde81495f6682e728034b82556d4019bcceb8e9fd7337525370ca82SHA1: e0e1a1ecd728d74e592bead0d7a7e71161aaa15aMD5: ebf48e14acaa333bc1049b9fd09838f0 |
M20-adfg1 | Exorcist_4908a364 | Windows |
This strike sends a polymorphic malware sample known as Exorcist. Exorcist is a new ransomware as a service that is distributed through Pastebin embedded in a Powershell script that loads itself directly in memory.The binary has the debug flag removed in the PE file format. | 4908a364b1d9467f2c9c3fcecccba202 | https://arxiv.org/abs/1801.08917SHA256: f1cff1473246a59b1eb1250c8028567bf298e32f776ba4f06fa5d1c5941f15faSHA1: d8c24281221f1003502f37f7da45e8924c530be8PARENTID: M20-vxhj1SSDEEP: 768:D/w63PwCrEBP+2XES4nrr+nsUeO3za+7dqqtDbruFBT8QFJFmxCTXY+PNqHliQyW:/WQRnrUZJrCgahY+PY1/zMD5: 4908a364b1d9467f2c9c3fcecccba202 |
M20-sjx01 | Cerber_7c4d7506 | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 7c4d7506133b8cd8d584c703ff5364d2 | https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.htmlSHA256: 68e5aaea215f94b30d9bfafc8f62cda3460e7f230edffc66d8902cbbb513b53cSHA1: 208cad38cb7888a1cc84d3c259c426af3ea50da7MD5: 7c4d7506133b8cd8d584c703ff5364d2 |