Malware Monthly Update February - 2020

Malware Strikes

Strike ID Malware Platform Info MD5 External References
M20-49n01NetWire_59ec0104Windows This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.59ec0104438fe9ea7948322302eed578https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 74a0bc89f2667f79264105d44c751d625fbc53ce5a12771134b9c32ca9e916c9
SHA1: 8262b9af57576b77c68f333b12aa663bdf3afefa
MD5: 59ec0104438fe9ea7948322302eed578
M20-i9701Ryuk_0c1ec155Windows This strike sends a malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance.0c1ec155ecb678e9e8aa7793264758e1https://blog.malwarebytes.com/threat-spotlight/2019/12/threat-spotlight-the-curious-case-of-ryuk-ransomware/
SHA256: f85d2de7e9af6d739fada0a7891df20f019f9a971e1b07024a62331173600f94
SHA1: 63c80570e0c30473627532e93f67434daa7f1977
MD5: 0c1ec155ecb678e9e8aa7793264758e1
M20-np601Ryuk_b2de3cccWindows This strike sends a malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance.b2de3ccca6104c4377c3bcf41c9cdfd5https://blog.malwarebytes.com/threat-spotlight/2019/12/threat-spotlight-the-curious-case-of-ryuk-ransomware/
SHA256: f40680deec287d14eba951ea7f381738f6b0150fe31190f477ec2179d5c9d8b0
SHA1: 81fa192b4439956f0d1aa65d66ff2d377a7d87f7
MD5: b2de3ccca6104c4377c3bcf41c9cdfd5
M20-gxv01Nymaim_7c279cfbWindows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads.7c279cfbba90eaec7853de220b6ecfc4https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 5b186038f17adbde16e02e1e29513354112ecdc9b3a8be5fe2978696ce9541ec
SHA1: 4e988bcdf069f2a59077377bce26f3c493180f9a
MD5: 7c279cfbba90eaec7853de220b6ecfc4
M20-ru801NetWire_6b6da828Windows This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.6b6da8285bb3c746f23f34d088665e39https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 7caee05382db7f0819893217db61a70cb249d1de1530fedf80e56a9fabc445d6
SHA1: 919a27b4d5e5f0c0b2d5f8e73ab9fc13be9b15c2
MD5: 6b6da8285bb3c746f23f34d088665e39
M20-zcw01NetWire_32600853Windows This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.326008535342598caae56193ca201717https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 4b8c0fcde33aedb55f6e087fd9526699f188f3e3030e33bd04cd8785b748ebe1
SHA1: 517ccee7bce9fc67817b2b524517851f14c72c58
MD5: 326008535342598caae56193ca201717
M20-o8u01njRAT_69a1fd31Windows This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.69a1fd31d0c00146afa4c3fd984dd1eehttps://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
SHA256: 80aab48e04978ab54b4a50bba68286d1f03af19b27e78e8263b360d10c7f5904
SHA1: 5c14a59c05eee522eb61031074fccaeb8b2c991e
MD5: 69a1fd31d0c00146afa4c3fd984dd1ee
M20-c5j01NetWire_626c8705Windows This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.626c8705a341d9996bc156ef99d63f30https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 3efa7242e48e0be611c350de170776f8537fec4e7c0105ec86e44a18e95db367
SHA1: 8d0bdf31dfe81bc9fd2f6a1859f78fee8006be21
MD5: 626c8705a341d9996bc156ef99d63f30
M20-zll01njRAT_e6159221Windows This strike sends a polymorphic malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. This polymorphic sample utilizes an update_timestamp technique in which the timestamp field is updated in the PE file header.e615922113b73e8af2ce854dd619260ehttps://attack.mitre.org/techniques/T1099/
SHA256: ef90ae153402ccf59c596cec97ecca3f5c153f0b1dfc9bbff010350593aa9076
SHA1: bcfc0cdc8db1d22b663c7a5d8027170694a227e1
MD5: e615922113b73e8af2ce854dd619260e
PARENTID: M20-z2b01
SSDEEP: 6144:o2DTwhsO9U/Aggsyak5zgW6fxJUjYGcSRZduOvMpmJ:NTdOZggsKV0xnOvc
M20-c7j01Nymaim_e0c0dd53Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads.e0c0dd53a9fb2e4d3131bf1bb5af74eehttps://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 056dc90528fe0b52da0e2810dfecc00a33ecb3fb055d4b1887b06ab042dbae1e
SHA1: 05f0045cbb12bc3731fd62efd135a30179ed8675
MD5: e0c0dd53a9fb2e4d3131bf1bb5af74ee
M20-x7t01NetWire_8fe154d3Windows This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.8fe154d365fa0c00fa21ee5a8b4cc11dhttps://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 27fb4531c6056a49b297b20a24eafaceabb954aeb24dc00813e85884e2d0a5ce
SHA1: 5881d237fb8687a29c8a98d506f9fe1967876dab
MD5: 8fe154d365fa0c00fa21ee5a8b4cc11d
M20-6sx01Gandcrab_d34c3183Windows This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.d34c3183f6287d52e98962f80572fd6ahttps://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 1e4294a2b465e27903582116b12d5db2a6999116e27c698b5b98ae52035649b7
SHA1: 62fa36259d19e1a281b01f3ac4bbcc463af18c38
MD5: d34c3183f6287d52e98962f80572fd6a
M20-pb501Nymaim_1424375eWindows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads.1424375e0f77f055430eeaba45372c6chttps://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 39c08d0ebe20734e86539503b615716ef692aa37ba6a490e0265d1560dbae71c
SHA1: 9f8403088f4d997eb5a917eb7a14c25b201d9001
MD5: 1424375e0f77f055430eeaba45372c6c
M20-egt01NetWire_1a2f21b2Windows This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.1a2f21b2265c9baa9f2dd641d448adf3https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 8851b44b9e92689115050278bef0261926ecda761a19a566a73fa29de08bad69
SHA1: 113608bd73f56a4cd80bb542fd3a00e9013dfe63
MD5: 1a2f21b2265c9baa9f2dd641d448adf3
M20-vg801NetWire_9d8ed390Windows This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.9d8ed3906d5a20af5758e76ab1bf6892https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 5f446e1da31fd31ec83cb6fa2b26da3ae2821ca60273152079736006f498841e
SHA1: a03fa3f7e732ade274752b2b5e58b2443c1a3369
MD5: 9d8ed3906d5a20af5758e76ab1bf6892
M20-i8t01Nymaim_e0758834Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads.e07588347e960af2c9ffe7b9d745d68ehttps://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 20b70cb79a5bef35145254e2c456da2d2d90f7e2de2f72d413ce0fbf844af66f
SHA1: b558d73ddfb067e5a882729513fe35806552f1be
MD5: e07588347e960af2c9ffe7b9d745d68e
M20-jyz01NetWire_0869ef85Windows This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.0869ef85f0c17f676c0a4ecd87da4a8ahttps://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 3c1c1ccf871e10907e69945363ada929b5841d4d192a8422745c47731d33bcfd
SHA1: cfceb26da3b6ed7d7285c0e109175e8c404fa312
MD5: 0869ef85f0c17f676c0a4ecd87da4a8a
M20-zll10Gandcrab_776f771fWindows This strike sends a polymorphic malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. The binary has the checksum removed in the PE file format.776f771f797f0c9a89476ed8562c3a13https://arxiv.org/abs/1801.08917
SHA256: 5115056abfa113d83b1fec46c619b6cb33792bcb310ba1cfe4ddb0ad28dbf4e5
SHA1: 14564d70c305e780ce535c019e61a203ce39e50e
MD5: 776f771f797f0c9a89476ed8562c3a13
PARENTID: M20-qhc01
SSDEEP: 6144:J4HuKlHprRS8EJ2f5lMZFff8ULOYLriusCOT7w:JOuKHrRS8EJm5luaY/XOvw
M20-yy201njRAT_b479cbe0Windows This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.b479cbe0c7068d4037029270df088810https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 285cb077ca516c336a1636182069e7cf9a8a057a267efa376ebede4c0a2cd0bf
SHA1: 19ed640282be50554ed44cca0a4a62a7acbfac3a
MD5: b479cbe0c7068d4037029270df088810
M20-wuv01njRAT_89b63204Windows This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.89b63204ec744a1a81eb4d5327d3b5e4https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 29dba26459bba5b186f1bf1c0a0fffc0e393a6d4cc427c842a4aee0353518a2c
SHA1: 662209effda9799cb1dcb3725ae70fe8285451a7
MD5: 89b63204ec744a1a81eb4d5327d3b5e4
M20-u1401Gandcrab_a2d5b8f3Windows This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.a2d5b8f33919b1ed2044ce877f6fc5efhttps://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 2cecccc835e1485e21cc45c86571f82f06223e422f59410228c140e77862ef3a
SHA1: 74d09d810c0786976ced4a3ff72ef42a8000d056
MD5: a2d5b8f33919b1ed2044ce877f6fc5ef
M20-39w01NetWire_ed47d83fWindows This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.ed47d83fd13d8e751e784cf75d7faedahttps://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 05848831206819b63dabd2116e673d28de675e62cf7d858fa4764bfc7a1e9b40
SHA1: 2e97a5fef6c6b7815e036ab4ec0320fd6f90fb07
MD5: ed47d83fd13d8e751e784cf75d7faeda
M20-60o01Nymaim_234ca501Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads.234ca50167692f352018c82d1d9e4a19https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 201591910712d7b75f17831436b9c2c7a5bc95e6009d7a744de0fd2fe34a1dc6
SHA1: ade3c42508b08270b157d068a1fb87cce537e3e7
MD5: 234ca50167692f352018c82d1d9e4a19
M20-xqi01njRAT_c10d6dc2Windows This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.c10d6dc2d3522323dc079af5ea5b0448https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 388bfe746f61ade70292f8740d1c92c6eceaa21baa5e04de0ebc012dbed312e7
SHA1: c4f7f8a8b0dc4616b75eb601c8b25b903986bd7a
MD5: c10d6dc2d3522323dc079af5ea5b0448
M20-jpq01NetWire_4dedb4daWindows This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.4dedb4daa4cff72e4de502e8dce53c05https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 6253c1a4ebbfba5de561219996ddc45af59f4ca3b35a3f95354f5ae91c78bbe0
SHA1: 6c8462dba2f3d42601721f2c881f27dd69c40add
MD5: 4dedb4daa4cff72e4de502e8dce53c05
M20-9qg01Gandcrab_e3b31fa3Windows This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.e3b31fa33e1a22a85637cd9403e83375https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 2651e9bbd4004b56eefa43f4f7ffd982d16d07df2980423cb54b1ee585172ae5
SHA1: f258ecb0a51a57ba0082a57111a8cfeba7f9f2dd
MD5: e3b31fa33e1a22a85637cd9403e83375
M20-5jt01Ryuk_09689a0fWindows This strike sends a malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance.09689a0fa6c7adbee9dc77881cdbf205https://blog.malwarebytes.com/threat-spotlight/2019/12/threat-spotlight-the-curious-case-of-ryuk-ransomware/
SHA256: dbadeff4af3fa7785d54d177db9608f24d405971cf642ca0759a203d9e895930
SHA1: 7b9f5faa34f5b5dc83cacb2cbd82cdb8a9aa251b
MD5: 09689a0fa6c7adbee9dc77881cdbf205
M20-z2b01njRAT_5afc7c66Windows This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.5afc7c661212ecb1590ffd494245c883https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
SHA256: 8ac101bcbb0a30f23ff1f7fb341a3daaa7ff13f045c0e812ac9f6c5079ef82af
SHA1: 888fd15c8600c70078bef249b2b7dcde15f2670e
MD5: 5afc7c661212ecb1590ffd494245c883
M20-zc301Gandcrab_d4431ecfWindows This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.d4431ecfe9e353e1c3cd9f2bc4e0afbbhttps://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 1d2d031f33ce5adea4a45c700e29e99903d55850481fb17deb479fe47d367a18
SHA1: d6f90a086297a10ad8aa1547403d8c75340e521d
MD5: d4431ecfe9e353e1c3cd9f2bc4e0afbb
M20-ljr01NetWire_8c89a788Windows This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.8c89a788e0155e2a6930db1f6c5d5228https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 2ace0152ad8eb298bcae92ebcf3c27c09ed25620c59642be684886bffee56ccb
SHA1: 95c79a90ee07a6334cf7d90cbbaa92b076b21baa
MD5: 8c89a788e0155e2a6930db1f6c5d5228
M20-lf801Gandcrab_fe5101f5Windows This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.fe5101f5d50651e44e54849e94737858https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 099c47434a97a9bcd0c6bb5f0291bb69d70dd05ab002fa83487d63b997b90f96
SHA1: ad1c30706168680240033e113cd2ff73c8c5dd62
MD5: fe5101f5d50651e44e54849e94737858
M20-39301njRAT_20385341Windows This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.20385341a0a4a4298658e456fea53e27https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: d7ec97fb65437711f6dd0ce71e8cab70946d2c8f51566446a8fe8e8b64cbda62
SHA1: 1ba9b611981325436bb4543c38357a5fa20ef9fb
MD5: 20385341a0a4a4298658e456fea53e27
M20-6qg01Gandcrab_0b5f5c35Windows This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.0b5f5c352ec55612b4177bafbe514642https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 0d293a8759d4bae6aa5d8587108a508f6d40efb449dbc239800efebb7a2bf2d7
SHA1: ffb82271c3c927881ac7d4fdd271f4a148f5bd16
MD5: 0b5f5c352ec55612b4177bafbe514642
M20-zll09Gandcrab_d859825dWindows This strike sends a polymorphic malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. The binary has the debug flag removed in the PE file format.d859825d61b34e1506c8c8918fd053b1https://arxiv.org/abs/1801.08917
SHA256: dfc9cce0d2783404e084c7c239a387c9ff26882a1df7d0681ccd3c12360c9c3f
SHA1: 8627d6a7fa006ecec19a6ce619b3b5667e9fa3c7
MD5: d859825d61b34e1506c8c8918fd053b1
PARENTID: M20-tlk01
SSDEEP: 6144:b4HuKlHprRS8EJ2f5lMZFff8ULOYLriusCOT7w:bOuKHrRS8EJm5luaY/XOvw
M20-5oy01NetWire_88b87492Windows This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.88b874920e9288e0eec1b67acba27ae8https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 17e436f6312f5cb021419beabb8985272593995ccc09110f27abfee1d1eed74e
SHA1: dc7d4b9fefa849a9ad5ab582bcbb1ab40f1d5e65
MD5: 88b874920e9288e0eec1b67acba27ae8
M20-wuw01NetWire_5573b35cWindows This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.5573b35c1ffc84cd76a782ebc6334163https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 8a9130af590f32b807270517b61af5dbff8f3bc1e2114648f764d8180c22d5c2
SHA1: 5033f57dba9e3ffdc546262735bd2c639ac77070
MD5: 5573b35c1ffc84cd76a782ebc6334163
M20-wh901Gandcrab_a610257aWindows This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.a610257a7c613478f30312ac7db5d212https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 25a297586142486627a765200bfc30658cdb4500949c581a83d1be262c60c4c6
SHA1: 8eba22d4d9ffd6e934d307e239bce6821b0ea3aa
MD5: a610257a7c613478f30312ac7db5d212
M20-7g001NetWire_f240d668Windows This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.f240d668fde9436f9d9c9b6929cb1a50https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 5609f2f063ee870c77bfb1e2912d7d5080f85755e069a67c94a6258bebe5f367
SHA1: 56e70cd45fda3f8ffc5d9ccb3de171a72491470b
MD5: f240d668fde9436f9d9c9b6929cb1a50
M20-zll03MegaCortex_ea06611cWindows This strike sends a polymorphic malware sample known as MegaCortex. MegaCortex is a ransomware that uses a common red-team attack tool script to invoke a meterpreter reverse shell in the victim's environment. Next, the it uses PowerShell scripts, batch files from remote servers, and commands that only trigger the malware to drop encrypted secondary executable payloads on specified machines. This polymorphic sample has been packed with a upx packer, with the default options.ea06611c5162bfcf18326e960fa2e78dhttps://attack.mitre.org/techniques/T1045/
SHA256: 3bf7542591e749ba96ef2c3df7e8446b7b5d2849ba862a58db98999cccbe718c
SHA1: fc5f131fc46d6fb2f7c7d579bf8e969b0d3865fc
MD5: ea06611c5162bfcf18326e960fa2e78d
PARENTID: M20-69c01
SSDEEP: 24576:3FcDRtUxaMathkW3/VJA2V+q2IY1mxhFRSlBUKJPNV1q5IaA:3yMaLkW9a2V+q2I0mxhFRSlBbJPNV1qw
M20-ef801njRAT_46a2221cWindows This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.46a2221c86fc2e1b4d4a3a84e0403530https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
SHA256: 6e178460a0f54a86e71df31ac2e90ffbaaf00a41ce9722257613f33ed9acc892
SHA1: ae0b0dd04e0e09ac033770863e813ee0f355063c
MD5: 46a2221c86fc2e1b4d4a3a84e0403530
M20-1ko01njRAT_0439bd7aWindows This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.0439bd7a9f0c7c935eb6d9c05df83bf9https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: aee215905b39a4a4cc85be54bda2ae9ded42e06fe0b3813a1794052a12e09757
SHA1: 098ce0ecf7fed069772b9ab67e30b1006188b036
MD5: 0439bd7a9f0c7c935eb6d9c05df83bf9
M20-gbw01NetWire_e9690a13Windows This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.e9690a13abc222a03a544eb45b414345https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 68a0b82d1b3a21dcbd78de0bdb31f69e4afdb4c20750929d9959af168aa4457d
SHA1: 26f7df2157c647314c5353aac6f533e136c39ead
MD5: e9690a13abc222a03a544eb45b414345
M20-vcw01Ryuk_7ff9b1c1Windows This strike sends a malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance.7ff9b1c1bf15c691ca23018a00416844https://blog.malwarebytes.com/threat-spotlight/2019/12/threat-spotlight-the-curious-case-of-ryuk-ransomware/
SHA256: ef17d0301df8b153cbfecfa6433c628494477ecadab62a3bfb6ec465a04bb95c
SHA1: 5b5148978ad08e1aa34413f9bb29ce38dd930b7d
MD5: 7ff9b1c1bf15c691ca23018a00416844
M20-c1j01Nymaim_4280a073Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads.4280a073afed31defbeba4749895d969https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 589b303963958d48a6d5aa9a506955ed04242994f1f7e36b8819463200970b21
SHA1: 6d79c69df02e45585b1830306580fa63de3df64e
MD5: 4280a073afed31defbeba4749895d969
M20-zll08njRAT_a807cd6fWindows This strike sends a polymorphic malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. The Parent binary was packed using upx, hence this binary is the unpacked version generated using upx -d.a807cd6f4a3118401120cb1e8de3c47bhttps://attack.mitre.org/techniques/T1045/
SHA256: efdf9fa5cb090384ea9bde433d065842d876bbefc6a3166108152488dc53428f
SHA1: 4bfc4febf133946839181523e7a0c73f7e791328
MD5: a807cd6f4a3118401120cb1e8de3c47b
PARENTID: M20-c1i01
SSDEEP: 6144:wsLH2r3lu+yW+9aYQKO7O3SAplGoLxuAjNtrCaIzcrr8JRnoEGn/bs:wsLH2y9avKCO3SApwouoNtCaIDJw/b
M20-exr01Nymaim_8b1251d0Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads.8b1251d03211fab0fb75fb471b7bbdcbhttps://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 287f5e0b40f6341f7f9b09a97d2efbb00b9c389053b76976ccade63027f02425
SHA1: 5fb3684d7afaa4393390520b7dcf8f0841147288
MD5: 8b1251d03211fab0fb75fb471b7bbdcb
M20-hzp01Nymaim_ba714c19Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads.ba714c19eb224c17b0d1dd1ae5f80113https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 43983a108eee5452032f21f6895cb9d930af372f4fbbf51e217a58f68412c9c4
SHA1: b3293603a44eff062cef13449d72d9e303908783
MD5: ba714c19eb224c17b0d1dd1ae5f80113
M20-f1301NetWire_2b41ce34Windows This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.2b41ce34f00096970bf7c42ed4462890https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 610007b784ce5e7ffa2a2e646e60c72277a0222b2f18fb74eed55d25f1af37dc
SHA1: f5fef90c7d1512530da182606f0125ccbe6e248d
MD5: 2b41ce34f00096970bf7c42ed4462890
M20-yc201Nymaim_c07de007Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads.c07de00710b1531925b3f72cff76e1c7https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 3cfc8edcb512891aeb4241df6a800981d83c329883eaeeb265f5b555be7c85a4
SHA1: 7fb18e4792229b3d483730dc513a6b5bd0cae80b
MD5: c07de00710b1531925b3f72cff76e1c7
M20-8li01Gandcrab_e14bc544Windows This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.e14bc5447473d2b281b2654a1262075chttps://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 1a2e00ce828da6130592178bd3b0bf47f2b3edefafffe7e6371622aae1ceb9af
SHA1: e96e489966dc0fb418d749ce0b958f0da6f15187
MD5: e14bc5447473d2b281b2654a1262075c
M20-3l801Nymaim_8a1a4bf8Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads.8a1a4bf869e0d40a823b66707e5005f4https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 473e6d64b9b5d33250f89781d2d7d0b7a763563e6703907953ae226e078b2a49
SHA1: 091b19fab7f87eec998511200b1de933d7bd46f2
MD5: 8a1a4bf869e0d40a823b66707e5005f4
M20-s2c01NetWire_028a5fcdWindows This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.028a5fcdf1e4ee6794aaa11a52b69ff7https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 27540988f360e65aa1ca42007c551fb73ab1b36ed5408ff098389b6ce3ac0f94
SHA1: 7152b09cc3b47c5fd97ab1a31f38d9718fcff715
MD5: 028a5fcdf1e4ee6794aaa11a52b69ff7
M20-khy01Nymaim_a79cb872Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads.a79cb872d5e698f55370a4263ba11c9ehttps://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 44033bd26650bac58f19414b2f937a3d0aebd819a145738d4d9e77a087d1b2e2
SHA1: b7cdc952b07ee8b0fe772e72ceb400e176abe034
MD5: a79cb872d5e698f55370a4263ba11c9e
M20-zll11Gandcrab_f684fef2Windows This strike sends a polymorphic malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. The binary has random contents appended in one of the existing sections in the PE file.f684fef22cf1ee7ea736386033664364https://arxiv.org/abs/1801.08917
SHA256: 3a8bcf4c3ca679e9dbf6217e65caf1bdc476a11473597de7d14e58f49da94ad8
SHA1: ffffc6227c5930e297e5df39f98e0769ccd5cb39
MD5: f684fef22cf1ee7ea736386033664364
PARENTID: M20-qhc01
SSDEEP: 6144:N4HuKlHprRS8EJ2f5lMZFff8ULOYLriusCOTjw:NOuKHrRS8EJm5luaY/XOvw
M20-suh01Nymaim_f894f383Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads.f894f3835aa7fe0b89e7222ded46685ahttps://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 0cbed52d77571cb00e68ca65ed017272b69c2b90b548f5a3354dec2fd4da677c
SHA1: abfc62862d60b118b5e2741bda7b31dd67fb8bb9
MD5: f894f3835aa7fe0b89e7222ded46685a
M20-vhv01Gandcrab_ebee15bfWindows This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.ebee15bff8242f85144b428f7880a240https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 2a7ad044e7f131e71e794cc8dd31ce746f455d9c53e45b88c3696891f4f11b35
SHA1: 2c55058fbbae26b03d191568eda166262b118943
MD5: ebee15bff8242f85144b428f7880a240
M20-qkr01Nymaim_20a92abfWindows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads.20a92abfe04249d4fd1aec92f01f64e7https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 2b0b69fcba2279c7c731adc17ce5e395739a4d957afe75b4dffe79a911d06834
SHA1: 384d5027c7e6907ec04339c0106b702bb345cb78
MD5: 20a92abfe04249d4fd1aec92f01f64e7
M20-13p01njRAT_8afcc8d1Windows This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.8afcc8d135428a914da18d9cee93e2d9https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
SHA256: 84bddfdc96745d0be34f31be3b7e4160db6e04fa7d7648ebf03b81807841bffb
SHA1: 77268bde928b55b204037f67eeb004ab96400aa1
MD5: 8afcc8d135428a914da18d9cee93e2d9
M20-2gp01njRAT_33381eecWindows This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.33381eecdaf0d903b0f8507ce61e151chttps://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 2de7a2aa518ea9e0fbc421761c85be589c27c88c3038fa4fa93bef51bacd67bd
SHA1: bd8ec6bf4f4e3f67946d43c73f4779c3c0470549
MD5: 33381eecdaf0d903b0f8507ce61e151c
M20-cw401njRAT_c6a80b1dWindows This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.c6a80b1dde72119c57efce0e9f0aa6d6https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 344204f0902906b808c5f81ae62b455a3d0ded3034fca548230cd51c59f02ec4
SHA1: f89f22c041eb2eb4ff9990eaf61774436b199da0
MD5: c6a80b1dde72119c57efce0e9f0aa6d6
M20-c4g01Nymaim_cef2ffc3Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads.cef2ffc3e1f98f56c3311776594ad00dhttps://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 3343d61a8a5e8f19686995852ac47dec453da1a61f0544a2b6cc75b404ac40c1
SHA1: 3c61e64c5ebadf04dfd26676d900590e11818674
MD5: cef2ffc3e1f98f56c3311776594ad00d
M20-4o501Nymaim_160f29feWindows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads.160f29feaa6cd76d9439a6cf464bf123https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 1725392d15f6eeee49ba8222c595faeb59a5434b9136b137dc03a9b61e084087
SHA1: 8b649b583fe5925de142a18a54fb01c057e16a8e
MD5: 160f29feaa6cd76d9439a6cf464bf123
M20-7nq01NetWire_ac28ae0cWindows This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.ac28ae0c4c79d6b1dc4f3ef984f397behttps://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 1a996582f6a9e60acc72d4266067c9e5ff48ac32bdb45fc8787cc366ff4bd790
SHA1: a3b66277a07e8271bd3516cf85013d0f535e4978
MD5: ac28ae0c4c79d6b1dc4f3ef984f397be
M20-42r01Gandcrab_d48b216bWindows This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.d48b216bfdb82b07300440a8c2433d6ehttps://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 274d2074201aabff30008390fbc34087fc9aead9ec924d18708a0d6670bb6995
SHA1: 833e3b97bb8813b9afd98e24e4e091907808e6f5
MD5: d48b216bfdb82b07300440a8c2433d6e
M20-wnz01Nymaim_9d4ae464Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads.9d4ae4643a89f6b2de75ca56fe728f3bhttps://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 6123859235132aed86f0520e20d623e8d5d0438e082db32caf310d1b77aa9ec3
SHA1: 79db6d361007654fe3211381b1c25a2700590b4c
MD5: 9d4ae4643a89f6b2de75ca56fe728f3b
M20-xbg01njRAT_70c26f58Windows This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.70c26f584d9a1122fee3a8c352234342https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
SHA256: 79d129fd698fbf62084545a105e6bd3cc027435a42ae3eb48c3e62c6e2ec461e
SHA1: 1ec05c4663f9ccf5e5dd977aabb013ad865129c9
MD5: 70c26f584d9a1122fee3a8c352234342
M20-x2t01Gandcrab_9681cea9Windows This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.9681cea9effc5eb29af0d0b7be9a504fhttps://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 22d18aa907e4750c7fce359140c44db444c644e8576c8609ca54c2e85afa0ac7
SHA1: 2bb30ff3c0563dde1717b93f235aeabaa7cbc296
MD5: 9681cea9effc5eb29af0d0b7be9a504f
M20-ebe01njRAT_0155b1efWindows This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.0155b1ef445a439851d207065ea3b2ebhttps://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: ae078923fc539c22a7eff4491301ae2c8f438e79a02226e6604b7035aff34ec5
SHA1: 65048b127c49761fae3683e1ac13b30e4fe39d01
MD5: 0155b1ef445a439851d207065ea3b2eb
M20-le701Nymaim_1361f95bWindows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads.1361f95b1b42bd1a506eabd40c843341https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 446952c8181f0736647c99e3d4160fafcf272c885a62b19e4028a41183227292
SHA1: d7d15662258f0f2dc2e8d2f484e4ce0a0f66c33e
MD5: 1361f95b1b42bd1a506eabd40c843341
M20-i7n01Gandcrab_bde3f14dWindows This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.bde3f14dcc9b46e0f5a646fe88f7c3fbhttps://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 18213dfc3c25be525312f6ff70e4ea8861233bc562d1442a501a0ae7c7bd93f4
SHA1: 3787098639404f164fa024788f6a468b27b83be7
MD5: bde3f14dcc9b46e0f5a646fe88f7c3fb
M20-04501Nymaim_73bb8188Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads.73bb818829bdc7e11278d11a5a2684dbhttps://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 37c3c75c995da210c09a6b6e258af839386c4a8661d16395ef179065326ebbd7
SHA1: bf9836accd190d1ad1ae459dec8d11e9aa2742a6
MD5: 73bb818829bdc7e11278d11a5a2684db
M20-z6d01Gandcrab_0d905e9eWindows This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.0d905e9ec3725d4863e9536f2fc0ab8fhttps://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 1a99329960098a5414c2fac1bad96ef143878fb5435bcdc6cef9d288081e8b4b
SHA1: 89aba8ba0bfcdc00eb152e01fbf29bd852d04783
MD5: 0d905e9ec3725d4863e9536f2fc0ab8f
M20-ai501Gandcrab_b96c6d8dWindows This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.b96c6d8dbaf4d845dde5a6066d4660d2https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 09eeafacfe79c4fc87c45dab72ce88aa1e234e668e2535e209beaa4a8181610f
SHA1: c519c6a84e150ec4a2a472e68f1c49e998a63bfb
MD5: b96c6d8dbaf4d845dde5a6066d4660d2
M20-69c01MegaCortex_5e973e60Windows This strike sends a malware sample known as MegaCortex. This strike sends a malware sample known as MegaCortex. MegaCortex is a ransomware that uses a common red-team attack tool script to invoke a meterpreter reverse shell in the victim’s environment. Next, the it uses PowerShell scripts, batch files from remote servers, and commands that only trigger the malware to drop encrypted secondary executable payloads on specified machines.5e973e6096174590ed667c4f5e4dc3e4https://news.sophos.com/en-us/2019/05/03/megacortex-ransomware-wants-to-be-the-one/
SHA256: f5d39e20d406c846041343fe8fbd30069fd50886d7d3d0cce07c44008925d434
SHA1: 478dc5a5f934c62a9246f7d1fc275868f568bc07
MD5: 5e973e6096174590ed667c4f5e4dc3e4
M20-b7i01njRAT_fc91be78Windows This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.fc91be78d82e3f64a28dd444510eb7b5https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 8e7ea6439f856525f2affc885f93a23e2f7ade71aecc69c8cd78e5460d4aa58b
SHA1: 334ace199bcd29939d96f6e72bb5dee68af28ae8
MD5: fc91be78d82e3f64a28dd444510eb7b5
M20-ppx01njRAT_8cb25eb8Windows This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.8cb25eb826f2912a3fa4e07eab773300https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 7d2e2395490ac37029cd98039afa8991f718c5121b1e6e326713e99c26aacb28
SHA1: ea013ff575fb781f355559a6cfa95d8128f28f79
MD5: 8cb25eb826f2912a3fa4e07eab773300
M20-ws601NetWire_843e386cWindows This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.843e386ccdace07a03b4a00477278ae0https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 74b44c73bf6f45344bb4aef9f469b3ca92b76b6c0e479e126cab0e35f679c9ca
SHA1: 179e0ebb02001748e518e5f6d4f8f645c59cc81e
MD5: 843e386ccdace07a03b4a00477278ae0
M20-zll05Ryuk_ca4a1e59Windows This strike sends a polymorphic malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance. The binary has a new section added in the PE file format with random contents.ca4a1e5912eb043bb47bd32dffbb940ehttps://arxiv.org/abs/1801.08917
https://blog.malwarebytes.com/threat-spotlight/2019/12/threat-spotlight-the-curious-case-of-ryuk-ransomware/
SHA256: 8e724486c6a66878abc97b47274c0cf491af7af1af3378b754aa5c7bffa4321e
SHA1: 6d950a411c7417e6c3523a0747cc50df6351a556
MD5: ca4a1e5912eb043bb47bd32dffbb940e
PARENTID: M20-5jt01
SSDEEP: 3072:yYm0i/Z/t3E9gyN9HLSvdN4vKijSVuwbXiz:yF/9E9Vf+VS9jELiz
M20-9b901Gandcrab_03147404Windows This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.0314740413e9c74bd2ac4fbf60d9818ehttps://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 25ae0f8e3b3938131d098ff7832167a5b6629e6cb8972827b7f1175b69e063c9
SHA1: 420474a5f3c8317fc7d1e530203aa853a7b80f9f
MD5: 0314740413e9c74bd2ac4fbf60d9818e
M20-iuv01njRAT_0accb589Windows This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.0accb589fc9e44604b746b71f9468cc7https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
SHA256: 86da48f0943d29d940c8ea86a26695026e0a3b5ff74c08cd1189d84e05a57d97
SHA1: f634b7158e0caab3fba26eeeba821561bf369261
MD5: 0accb589fc9e44604b746b71f9468cc7
M20-og501njRAT_de652e66Windows This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.de652e66952d11b68cb39d686207880fhttps://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 245938f3b18f371c90e5403b454cadfa791d97767d9aa05439d6b852fbffd714
SHA1: c6b06881b30b50f5bad617e42e251c097b3a8083
MD5: de652e66952d11b68cb39d686207880f
M20-wmw01Gandcrab_b6717a53Windows This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.b6717a536850b59c7047d86fe8afd913https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 2164d2a4c1a861298c8003118855be9ae68614c5e557638830038658b2e6e47c
SHA1: 358554816c00137b85c543f91e1b214e412b66a0
MD5: b6717a536850b59c7047d86fe8afd913
M20-1us01Ryuk_c8325c66Windows This strike sends a malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance.c8325c660ea72a8eb5281898f7a87f34https://blog.malwarebytes.com/threat-spotlight/2019/12/threat-spotlight-the-curious-case-of-ryuk-ransomware/
SHA256: 18faf22d7b96bfdb5fd806d4fe6fd9124b665b571d89cb53975bc3e23dd75ff1
SHA1: dd318ffdd4b1081733dccf95cddb4e000814e005
MD5: c8325c660ea72a8eb5281898f7a87f34
M20-zll07Ryuk_bd72f57bWindows This strike sends a polymorphic malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance. The binary has random strings (lorem ipsum) appended at the end of the file.bd72f57b108beeac8d09d15ee3df1104https://attack.mitre.org/techniques/T1009/
https://blog.malwarebytes.com/threat-spotlight/2019/12/threat-spotlight-the-curious-case-of-ryuk-ransomware/
SHA256: aa01cf225f2a007f7c67e7fbaec83ebb59f9dd84d7d07f6dac13a268ef98a8c9
SHA1: b0765b8d6e62854278e7f0ca4252c85687cbf5cb
MD5: bd72f57b108beeac8d09d15ee3df1104
PARENTID: M20-np601
SSDEEP: 3072:iE9vDzV0/NKFKEt1dtnO40Go5KijSVoFEVwgwbHYV:iC6cFKEt1/OZRDjhlz7YV
M20-smm01Ryuk_70aa666cWindows This strike sends a malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance.70aa666ca17c9cd1345422568b0e79fchttps://blog.malwarebytes.com/threat-spotlight/2019/12/threat-spotlight-the-curious-case-of-ryuk-ransomware/
SHA256: 85bd8cb0d05147a473de3a7ded718a0a2bbe0fac282b927f34ee3b607d887870
SHA1: 6da5486c852630291168b539513d15bafb5b93a8
MD5: 70aa666ca17c9cd1345422568b0e79fc
M20-b3n01Ryuk_fac4f4c6Windows This strike sends a malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance.fac4f4c67b4106aa30d03dc4a34d93cahttps://blog.malwarebytes.com/threat-spotlight/2019/12/threat-spotlight-the-curious-case-of-ryuk-ransomware/
SHA256: fca0325ce51a7c278ffa1a016c1bd2032edb74c6c48b27be4c0cd5c359a82b10
SHA1: aa7bd8dfe1dd3cd48f3ba754c29253653da37498
MD5: fac4f4c67b4106aa30d03dc4a34d93ca
M20-jdi01Ryuk_9a5f01e0Windows This strike sends a malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance.9a5f01e0592305fc8b235cd407c61ff5https://blog.malwarebytes.com/threat-spotlight/2019/12/threat-spotlight-the-curious-case-of-ryuk-ransomware/
SHA256: f894ffdc00c7b9278ce1773fb7f0c7c42048361ff0ae65df4341fbe6ecc63d9a
SHA1: 133825d8bee06f0398e984faaf5af5bf4157f371
MD5: 9a5f01e0592305fc8b235cd407c61ff5
M20-s0q01Nymaim_69722300Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads.6972230008bf9fa17ad6df4df2471502https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 0454d49281ad2a9f99228f543428338353da11fbf78e36b7f5b31479c121bf6b
SHA1: 1c58c219a667d846550c287aed59d55538e75a9b
MD5: 6972230008bf9fa17ad6df4df2471502
M20-2j801Gandcrab_d736fc6dWindows This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.d736fc6d3cf0fff39bf45f27ceee7664https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 234bcafc5700b9f59d30bbcd0b7ba4694e49ffe6621ed63a5a6f0464a6aba447
SHA1: 8999b9daba4698df609a1322d30c3d0e7aa53072
MD5: d736fc6d3cf0fff39bf45f27ceee7664
M20-civ01Gandcrab_01ce042bWindows This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.01ce042b6e92e35d6c7cf02204252271https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 2d239ffa8b5e13e8c19de06e5d5825e24df4c52f31741ab7373b2b74b612ab2f
SHA1: 43c2984c6c2f0ee445459b9389154c7e6a72d680
MD5: 01ce042b6e92e35d6c7cf02204252271
M20-zll02njRAT_69ef29bdWindows This strike sends a polymorphic malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. This polymorphic sample utilizes a section_rename technique in which the binary has a random section name renamed according to the PE format specification.69ef29bdbabce19eed8c8b2dcaf9d44chttps://arxiv.org/abs/1801.08917
SHA256: 7bc3a9e08e4e7ea1d9f412ee5c6a8d52b46c8bb9268e9c2fd8f4a56550b27894
SHA1: 339e0b6947c0db36789f5235219611c7c446354b
MD5: 69ef29bdbabce19eed8c8b2dcaf9d44c
PARENTID: M20-z2b01
SSDEEP: 6144:S2DTwhsO9U/Aggsyak5zgW6fxJUjYGcSRZduOvMpmJ:nTdOZggsKV0xnOvc
M20-i0201Nymaim_afc17007Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads.afc17007a8dd277db8408651984759f6https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 0218e9c2cf3ca8f6201331e44bfa7d8a5448b1b5b08d8b14d85aebb65671e1a2
SHA1: 0d2e8e6aa45f86a5dd094653c8826b19433172c7
MD5: afc17007a8dd277db8408651984759f6
M20-k4e01NetWire_aa2a0e55Windows This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.aa2a0e557d0aa04101e24cf4b86b8d5ehttps://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 89c33a22731e48e90417e2877e318c86a7ac57b5d9ba4c9a39bc65bf27191935
SHA1: dc9d36e8594a539c8a0a2ab4d0c795a36f394192
MD5: aa2a0e557d0aa04101e24cf4b86b8d5e
M20-4ug01Ryuk_c6700007Windows This strike sends a malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance.c6700007c22a5357d3dd48d05dac4e19https://blog.malwarebytes.com/threat-spotlight/2019/12/threat-spotlight-the-curious-case-of-ryuk-ransomware/
SHA256: dd4b13c694ca9d78d2a804149ac1919ee954564871e08c7f89c855d82c6c909a
SHA1: 1a49dfc4b5d04feea8ff437950649d3467956e29
MD5: c6700007c22a5357d3dd48d05dac4e19
M20-16z01njRAT_c9c01699Windows This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.c9c01699f6982537ba77184ea6a3b1b6https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 66d6a4049df4e8bc2fd9c615af0bc3d0ae715ea5b17c5222980f67bd6d57d75e
SHA1: 7fa76b3aa4d3137daebdb076aec9a8cc4dbbde3b
MD5: c9c01699f6982537ba77184ea6a3b1b6
M20-vf101Nymaim_3cf1debeWindows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads.3cf1debeb2186629ac53117ec3647767https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 17f077b3721d13d89bfe4d84b297620ff8590b9949e0b3a90e754cd147808695
SHA1: 0238bdbd93e8b2288d262eb1ce2b3bb16dd97077
MD5: 3cf1debeb2186629ac53117ec3647767
M20-zq401Gandcrab_eb068aecWindows This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.eb068aec9c7997cd6854f33867bfec93https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 1ee6e03bfe259cf4a95c093e85056ae9807fa53f83f465b8878d74a114f148fd
SHA1: 7dee4ad24cb6a7fef7f2358d0026c20b57414f75
MD5: eb068aec9c7997cd6854f33867bfec93
M20-qhc01Gandcrab_bf25dbe5Windows This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.bf25dbe58a56d70b23956b0e72cdaa3ehttps://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 276f56271a9b3e3fcce07ccd2e4dab2a4316b90e8e715e2657b572da0109c801
SHA1: 02a90aec0fce42a77672ad47d777f469cb04bc0d
MD5: bf25dbe58a56d70b23956b0e72cdaa3e
M20-rql01NetWire_eb8a8f92Windows This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.eb8a8f92f21c1124434086a434d6250ehttps://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 46988782ad1012c66e2de02140c2f5d4f210916b0ace64d5c29018336ba76668
SHA1: fbac438ba38f0a0b4dd3b7224b920be05a12daa9
MD5: eb8a8f92f21c1124434086a434d6250e
M20-9kp01Nymaim_80006475Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads.8000647518b3f124f602d97641001ce1https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 5d95754de0c3bda4841e7122b0b24bd5d949adc647735582d4e6af72274950d7
SHA1: 1f2489df4b43fbe69cbc746c2cca0197c3e9799b
MD5: 8000647518b3f124f602d97641001ce1
M20-9s701Nymaim_1199419cWindows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads.1199419c89204da5917e132289aa4429https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 2696cc5afb7daf7e9acfa6b48e9c925961c8b3675d4dba20fcd840879695f8dd
SHA1: e68100b8b757826df420625091e7689ebc798ed1
MD5: 1199419c89204da5917e132289aa4429
M20-zll04Ryuk_a68f4a82Windows This strike sends a polymorphic malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance. The binary file has one more imports added in the import table.a68f4a822f233ab9fd6be318483bf3c2https://arxiv.org/abs/1702.05983
SHA256: 27e68a54806a908c232deaf25e2f7a4ca57aa4e1ceeb44d2efe24bfde5d5de83
SHA1: 023cd4141ba6839215b5245c26b436e4428cd8d8
MD5: a68f4a822f233ab9fd6be318483bf3c2
PARENTID: M20-4ug01
SSDEEP: 3072:Qzipd+VbNTEN1+5ejSDtNIFKijSV3Tbn6F3a8:uiK9EN1ie+5C3jyb43a
M20-ojg01NetWire_e4b49055Windows This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.e4b49055a2423e077228682bb71ebee4https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 7e00eca478b68881e4722e2aba2094e468b4b457515d4b8e247b624189ecfc65
SHA1: bccafc4500a4dc2ec74f3ec048bf791a2ebae4ba
MD5: e4b49055a2423e077228682bb71ebee4
M20-u5w01njRAT_472729fdWindows This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.472729fd1890df254caffee8b5039012https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: c7a9a427985e84f296370c466eb675ff01b06992416ac9250c385cfaa5a9678d
SHA1: 529d5fdef45895e2be9e08eb740cc37d98b8c610
MD5: 472729fd1890df254caffee8b5039012
M20-yjj01NetWire_38721601Windows This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.38721601a4b103fa536a8fe149ed424fhttps://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 4e9562ec338b3e4dbaca5f30289881689f5e4ca5ef7fffb4afe73abe040213b2
SHA1: 94635ad40aa40d1f139d118afa129c1a3c90e042
MD5: 38721601a4b103fa536a8fe149ed424f
M20-f6a01Gandcrab_df25a737Windows This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.df25a737875b2faf1be70cfd028dfd50https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 10ae8e44b98f0255ba8e6d819d804e8379336500f3e27a14bb5b8ea72a07eb80
SHA1: 6697c6d60948eacdd20ebd98d376427826451053
MD5: df25a737875b2faf1be70cfd028dfd50
M20-9fs01Nymaim_b9928477Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads.b9928477daa60f9cc617cb7003da6092https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 0a58ad96a90964d56735bf61afa86fa7c6a2a3e15092b66154c6418465bb3a00
SHA1: 216ae8dd65cd2061858c6a04da42ed299d306066
MD5: b9928477daa60f9cc617cb7003da6092
M20-bqz01NetWire_ce2548feWindows This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.ce2548fe041a3def237aaff8bfe6573ehttps://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 1504dfb0c30dd51fed5c8940d5103479ae565fba3d839f7d973925fa868a6097
SHA1: 63bc25f9b15df3d94e3ff976e6a12d2cfba7b4c7
MD5: ce2548fe041a3def237aaff8bfe6573e
M20-txj01Gandcrab_012fb47aWindows This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.012fb47a33fda605862ae7504f01b093https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 187591cccfe3eb0c7bea183e03a735be581f704866b2bf2f82c2f57c759f5fde
SHA1: 07f4280c77d4471a260d243fb1db3f0031d14ce6
MD5: 012fb47a33fda605862ae7504f01b093
M20-f7d01njRAT_64240ed6Windows This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.64240ed64024a1ce13b7159a499bdf33https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: d75a26758530f775943a9d16680ee4c37e913ab20d6953e965ae41f3e5fd3a88
SHA1: 2fd5dc6aaa57cbd8f72b89e2b7f5be0396d2d9b7
MD5: 64240ed64024a1ce13b7159a499bdf33
M20-24w01NetWire_6105cb2cWindows This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.6105cb2c3c3592f758a503a5afffe6f4https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 18bb29e7f9fcc8410d0e613a4989d47b5f1b38023c26bb95a4fe5ae53c2f52ff
SHA1: e8e10ced5f19ac2a5839186196b386ca7294a281
MD5: 6105cb2c3c3592f758a503a5afffe6f4
M20-po701Gandcrab_0cc1e72fWindows This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.0cc1e72f331c7a43908e1646c9f95aeahttps://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 145bcff3aca6ba04f241e0d5ced04e2781c8a0f225ebf51dcddfb238fdbc63ea
SHA1: d3cfdff4b158f21dd28141ddc3bcb91d178ad193
MD5: 0cc1e72f331c7a43908e1646c9f95aea
M20-tlk01Gandcrab_e9994b71Windows This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.e9994b71cdaae917b6916bc52be1228fhttps://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 2bb8a6eae8695c55070f5f78371609052f73826a2df29a9e2ab82c7c89603369
SHA1: 6716e2ea6bfc0d0283e7c3c1a35a90528a87f50c
MD5: e9994b71cdaae917b6916bc52be1228f
M20-4cd01Nymaim_9344e283Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads.9344e28308e4ac7f7c3205d1956d5a7ehttps://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 09136689c46634da3d89dc3609bc2db9582cf70992b9ef92ef6c7dfb3416bee2
SHA1: 14eef17d3869f03b6fcf85dd684c0e9f79865f43
MD5: 9344e28308e4ac7f7c3205d1956d5a7e
M20-1pa01njRAT_7f184f10Windows This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.7f184f10deb0333cc25a430f4e68982bhttps://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
SHA256: 8789bba00344fcb155e891679121b770a4daabe0171a78fccbef5b92322f4105
SHA1: 86efdb2c2df41f5df2e686a58d7cb7add1f3e1fe
MD5: 7f184f10deb0333cc25a430f4e68982b
M20-egs01njRAT_1ad8d065Windows This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.1ad8d065331ab3d464c3835d0d38fc29https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: d2af08616f7d2dc0f68d75376d3164867732871348c8101aa0319c90062f999b
SHA1: 5d51460875f404c002d2252921f9c79049aaca97
MD5: 1ad8d065331ab3d464c3835d0d38fc29
M20-zll06Ryuk_7fb23325Windows This strike sends a polymorphic malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance. The binary has random bytes appended at the end of the file.7fb233251bb6d0ca676a98b436c5c891https://attack.mitre.org/techniques/T1009/
SHA256: 43371d651034afe2b3a30e26d67b53e7fe626d380cf15d0006def710dc1a61d6
SHA1: 9009ed166fe41b4e85984ece2096099dcd0a078d
MD5: 7fb233251bb6d0ca676a98b436c5c891
PARENTID: M20-np601
SSDEEP: 3072:iE9vDzV0/NKFKEt1dtnO40Go5KijSVoFEVwgwbHY/:iC6cFKEt1/OZRDjhlz7Y/
M20-8y901Gandcrab_b4824a1bWindows This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.b4824a1bc131c31308dd41e974936318https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
SHA256: 134e8947ef2f684d816c6c1da588fba3f9f0c08c24533adc02cbcb93d9e1494a
SHA1: bb796b37741ee874e82cdbd9181931cc6f2564ef
MD5: b4824a1bc131c31308dd41e974936318
M20-c1i01njRAT_e9434f69Windows This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.e9434f696ce9fe390fa7c4340141c11ahttps://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: fd05573a8360e8054c0ebc38c5cdd107e68b9694525829e832a3085c7d9a556b
SHA1: d65783bc0aa9a372e834a9d71bfd2dda5713f63f
MD5: e9434f696ce9fe390fa7c4340141c11a
M20-s6801njRAT_0278c68fWindows This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.0278c68fc2e3d692762680d831183e3dhttps://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html
SHA256: 00cf99575699bc66ebbb6420a94c31ed8acad4107031546e04f9576546c276e5
SHA1: dde032f4caac4d6654bf3966ebf8c238b0044b4c
MD5: 0278c68fc2e3d692762680d831183e3d