M20-49n01 | NetWire_59ec0104 | Windows |
This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | 59ec0104438fe9ea7948322302eed578 | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 74a0bc89f2667f79264105d44c751d625fbc53ce5a12771134b9c32ca9e916c9SHA1: 8262b9af57576b77c68f333b12aa663bdf3afefaMD5: 59ec0104438fe9ea7948322302eed578 |
M20-i9701 | Ryuk_0c1ec155 | Windows |
This strike sends a malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance. | 0c1ec155ecb678e9e8aa7793264758e1 | https://blog.malwarebytes.com/threat-spotlight/2019/12/threat-spotlight-the-curious-case-of-ryuk-ransomware/SHA256: f85d2de7e9af6d739fada0a7891df20f019f9a971e1b07024a62331173600f94SHA1: 63c80570e0c30473627532e93f67434daa7f1977MD5: 0c1ec155ecb678e9e8aa7793264758e1 |
M20-np601 | Ryuk_b2de3ccc | Windows |
This strike sends a malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance. | b2de3ccca6104c4377c3bcf41c9cdfd5 | https://blog.malwarebytes.com/threat-spotlight/2019/12/threat-spotlight-the-curious-case-of-ryuk-ransomware/SHA256: f40680deec287d14eba951ea7f381738f6b0150fe31190f477ec2179d5c9d8b0SHA1: 81fa192b4439956f0d1aa65d66ff2d377a7d87f7MD5: b2de3ccca6104c4377c3bcf41c9cdfd5 |
M20-gxv01 | Nymaim_7c279cfb | Windows |
This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads. | 7c279cfbba90eaec7853de220b6ecfc4 | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 5b186038f17adbde16e02e1e29513354112ecdc9b3a8be5fe2978696ce9541ecSHA1: 4e988bcdf069f2a59077377bce26f3c493180f9aMD5: 7c279cfbba90eaec7853de220b6ecfc4 |
M20-ru801 | NetWire_6b6da828 | Windows |
This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | 6b6da8285bb3c746f23f34d088665e39 | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 7caee05382db7f0819893217db61a70cb249d1de1530fedf80e56a9fabc445d6SHA1: 919a27b4d5e5f0c0b2d5f8e73ab9fc13be9b15c2MD5: 6b6da8285bb3c746f23f34d088665e39 |
M20-zcw01 | NetWire_32600853 | Windows |
This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | 326008535342598caae56193ca201717 | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 4b8c0fcde33aedb55f6e087fd9526699f188f3e3030e33bd04cd8785b748ebe1SHA1: 517ccee7bce9fc67817b2b524517851f14c72c58MD5: 326008535342598caae56193ca201717 |
M20-o8u01 | njRAT_69a1fd31 | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 69a1fd31d0c00146afa4c3fd984dd1ee | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.htmlSHA256: 80aab48e04978ab54b4a50bba68286d1f03af19b27e78e8263b360d10c7f5904SHA1: 5c14a59c05eee522eb61031074fccaeb8b2c991eMD5: 69a1fd31d0c00146afa4c3fd984dd1ee |
M20-c5j01 | NetWire_626c8705 | Windows |
This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | 626c8705a341d9996bc156ef99d63f30 | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 3efa7242e48e0be611c350de170776f8537fec4e7c0105ec86e44a18e95db367SHA1: 8d0bdf31dfe81bc9fd2f6a1859f78fee8006be21MD5: 626c8705a341d9996bc156ef99d63f30 |
M20-zll01 | njRAT_e6159221 | Windows |
This strike sends a polymorphic malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. This polymorphic sample utilizes an update_timestamp technique in which the timestamp field is updated in the PE file header. | e615922113b73e8af2ce854dd619260e | https://attack.mitre.org/techniques/T1099/SHA256: ef90ae153402ccf59c596cec97ecca3f5c153f0b1dfc9bbff010350593aa9076SHA1: bcfc0cdc8db1d22b663c7a5d8027170694a227e1MD5: e615922113b73e8af2ce854dd619260ePARENTID: M20-z2b01SSDEEP: 6144:o2DTwhsO9U/Aggsyak5zgW6fxJUjYGcSRZduOvMpmJ:NTdOZggsKV0xnOvc |
M20-c7j01 | Nymaim_e0c0dd53 | Windows |
This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads. | e0c0dd53a9fb2e4d3131bf1bb5af74ee | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 056dc90528fe0b52da0e2810dfecc00a33ecb3fb055d4b1887b06ab042dbae1eSHA1: 05f0045cbb12bc3731fd62efd135a30179ed8675MD5: e0c0dd53a9fb2e4d3131bf1bb5af74ee |
M20-x7t01 | NetWire_8fe154d3 | Windows |
This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | 8fe154d365fa0c00fa21ee5a8b4cc11d | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 27fb4531c6056a49b297b20a24eafaceabb954aeb24dc00813e85884e2d0a5ceSHA1: 5881d237fb8687a29c8a98d506f9fe1967876dabMD5: 8fe154d365fa0c00fa21ee5a8b4cc11d |
M20-6sx01 | Gandcrab_d34c3183 | Windows |
This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | d34c3183f6287d52e98962f80572fd6a | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 1e4294a2b465e27903582116b12d5db2a6999116e27c698b5b98ae52035649b7SHA1: 62fa36259d19e1a281b01f3ac4bbcc463af18c38MD5: d34c3183f6287d52e98962f80572fd6a |
M20-pb501 | Nymaim_1424375e | Windows |
This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads. | 1424375e0f77f055430eeaba45372c6c | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 39c08d0ebe20734e86539503b615716ef692aa37ba6a490e0265d1560dbae71cSHA1: 9f8403088f4d997eb5a917eb7a14c25b201d9001MD5: 1424375e0f77f055430eeaba45372c6c |
M20-egt01 | NetWire_1a2f21b2 | Windows |
This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | 1a2f21b2265c9baa9f2dd641d448adf3 | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 8851b44b9e92689115050278bef0261926ecda761a19a566a73fa29de08bad69SHA1: 113608bd73f56a4cd80bb542fd3a00e9013dfe63MD5: 1a2f21b2265c9baa9f2dd641d448adf3 |
M20-vg801 | NetWire_9d8ed390 | Windows |
This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | 9d8ed3906d5a20af5758e76ab1bf6892 | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 5f446e1da31fd31ec83cb6fa2b26da3ae2821ca60273152079736006f498841eSHA1: a03fa3f7e732ade274752b2b5e58b2443c1a3369MD5: 9d8ed3906d5a20af5758e76ab1bf6892 |
M20-i8t01 | Nymaim_e0758834 | Windows |
This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads. | e07588347e960af2c9ffe7b9d745d68e | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 20b70cb79a5bef35145254e2c456da2d2d90f7e2de2f72d413ce0fbf844af66fSHA1: b558d73ddfb067e5a882729513fe35806552f1beMD5: e07588347e960af2c9ffe7b9d745d68e |
M20-jyz01 | NetWire_0869ef85 | Windows |
This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | 0869ef85f0c17f676c0a4ecd87da4a8a | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 3c1c1ccf871e10907e69945363ada929b5841d4d192a8422745c47731d33bcfdSHA1: cfceb26da3b6ed7d7285c0e109175e8c404fa312MD5: 0869ef85f0c17f676c0a4ecd87da4a8a |
M20-zll10 | Gandcrab_776f771f | Windows |
This strike sends a polymorphic malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. The binary has the checksum removed in the PE file format. | 776f771f797f0c9a89476ed8562c3a13 | https://arxiv.org/abs/1801.08917SHA256: 5115056abfa113d83b1fec46c619b6cb33792bcb310ba1cfe4ddb0ad28dbf4e5SHA1: 14564d70c305e780ce535c019e61a203ce39e50eMD5: 776f771f797f0c9a89476ed8562c3a13PARENTID: M20-qhc01SSDEEP: 6144:J4HuKlHprRS8EJ2f5lMZFff8ULOYLriusCOT7w:JOuKHrRS8EJm5luaY/XOvw |
M20-yy201 | njRAT_b479cbe0 | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | b479cbe0c7068d4037029270df088810 | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 285cb077ca516c336a1636182069e7cf9a8a057a267efa376ebede4c0a2cd0bfSHA1: 19ed640282be50554ed44cca0a4a62a7acbfac3aMD5: b479cbe0c7068d4037029270df088810 |
M20-wuv01 | njRAT_89b63204 | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 89b63204ec744a1a81eb4d5327d3b5e4 | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 29dba26459bba5b186f1bf1c0a0fffc0e393a6d4cc427c842a4aee0353518a2cSHA1: 662209effda9799cb1dcb3725ae70fe8285451a7MD5: 89b63204ec744a1a81eb4d5327d3b5e4 |
M20-u1401 | Gandcrab_a2d5b8f3 | Windows |
This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | a2d5b8f33919b1ed2044ce877f6fc5ef | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 2cecccc835e1485e21cc45c86571f82f06223e422f59410228c140e77862ef3aSHA1: 74d09d810c0786976ced4a3ff72ef42a8000d056MD5: a2d5b8f33919b1ed2044ce877f6fc5ef |
M20-39w01 | NetWire_ed47d83f | Windows |
This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | ed47d83fd13d8e751e784cf75d7faeda | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 05848831206819b63dabd2116e673d28de675e62cf7d858fa4764bfc7a1e9b40SHA1: 2e97a5fef6c6b7815e036ab4ec0320fd6f90fb07MD5: ed47d83fd13d8e751e784cf75d7faeda |
M20-60o01 | Nymaim_234ca501 | Windows |
This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads. | 234ca50167692f352018c82d1d9e4a19 | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 201591910712d7b75f17831436b9c2c7a5bc95e6009d7a744de0fd2fe34a1dc6SHA1: ade3c42508b08270b157d068a1fb87cce537e3e7MD5: 234ca50167692f352018c82d1d9e4a19 |
M20-xqi01 | njRAT_c10d6dc2 | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | c10d6dc2d3522323dc079af5ea5b0448 | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 388bfe746f61ade70292f8740d1c92c6eceaa21baa5e04de0ebc012dbed312e7SHA1: c4f7f8a8b0dc4616b75eb601c8b25b903986bd7aMD5: c10d6dc2d3522323dc079af5ea5b0448 |
M20-jpq01 | NetWire_4dedb4da | Windows |
This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | 4dedb4daa4cff72e4de502e8dce53c05 | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 6253c1a4ebbfba5de561219996ddc45af59f4ca3b35a3f95354f5ae91c78bbe0SHA1: 6c8462dba2f3d42601721f2c881f27dd69c40addMD5: 4dedb4daa4cff72e4de502e8dce53c05 |
M20-9qg01 | Gandcrab_e3b31fa3 | Windows |
This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | e3b31fa33e1a22a85637cd9403e83375 | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 2651e9bbd4004b56eefa43f4f7ffd982d16d07df2980423cb54b1ee585172ae5SHA1: f258ecb0a51a57ba0082a57111a8cfeba7f9f2ddMD5: e3b31fa33e1a22a85637cd9403e83375 |
M20-5jt01 | Ryuk_09689a0f | Windows |
This strike sends a malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance. | 09689a0fa6c7adbee9dc77881cdbf205 | https://blog.malwarebytes.com/threat-spotlight/2019/12/threat-spotlight-the-curious-case-of-ryuk-ransomware/SHA256: dbadeff4af3fa7785d54d177db9608f24d405971cf642ca0759a203d9e895930SHA1: 7b9f5faa34f5b5dc83cacb2cbd82cdb8a9aa251bMD5: 09689a0fa6c7adbee9dc77881cdbf205 |
M20-z2b01 | njRAT_5afc7c66 | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 5afc7c661212ecb1590ffd494245c883 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.htmlSHA256: 8ac101bcbb0a30f23ff1f7fb341a3daaa7ff13f045c0e812ac9f6c5079ef82afSHA1: 888fd15c8600c70078bef249b2b7dcde15f2670eMD5: 5afc7c661212ecb1590ffd494245c883 |
M20-zc301 | Gandcrab_d4431ecf | Windows |
This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | d4431ecfe9e353e1c3cd9f2bc4e0afbb | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 1d2d031f33ce5adea4a45c700e29e99903d55850481fb17deb479fe47d367a18SHA1: d6f90a086297a10ad8aa1547403d8c75340e521dMD5: d4431ecfe9e353e1c3cd9f2bc4e0afbb |
M20-ljr01 | NetWire_8c89a788 | Windows |
This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | 8c89a788e0155e2a6930db1f6c5d5228 | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 2ace0152ad8eb298bcae92ebcf3c27c09ed25620c59642be684886bffee56ccbSHA1: 95c79a90ee07a6334cf7d90cbbaa92b076b21baaMD5: 8c89a788e0155e2a6930db1f6c5d5228 |
M20-lf801 | Gandcrab_fe5101f5 | Windows |
This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | fe5101f5d50651e44e54849e94737858 | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 099c47434a97a9bcd0c6bb5f0291bb69d70dd05ab002fa83487d63b997b90f96SHA1: ad1c30706168680240033e113cd2ff73c8c5dd62MD5: fe5101f5d50651e44e54849e94737858 |
M20-39301 | njRAT_20385341 | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 20385341a0a4a4298658e456fea53e27 | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: d7ec97fb65437711f6dd0ce71e8cab70946d2c8f51566446a8fe8e8b64cbda62SHA1: 1ba9b611981325436bb4543c38357a5fa20ef9fbMD5: 20385341a0a4a4298658e456fea53e27 |
M20-6qg01 | Gandcrab_0b5f5c35 | Windows |
This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | 0b5f5c352ec55612b4177bafbe514642 | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 0d293a8759d4bae6aa5d8587108a508f6d40efb449dbc239800efebb7a2bf2d7SHA1: ffb82271c3c927881ac7d4fdd271f4a148f5bd16MD5: 0b5f5c352ec55612b4177bafbe514642 |
M20-zll09 | Gandcrab_d859825d | Windows |
This strike sends a polymorphic malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. The binary has the debug flag removed in the PE file format. | d859825d61b34e1506c8c8918fd053b1 | https://arxiv.org/abs/1801.08917SHA256: dfc9cce0d2783404e084c7c239a387c9ff26882a1df7d0681ccd3c12360c9c3fSHA1: 8627d6a7fa006ecec19a6ce619b3b5667e9fa3c7MD5: d859825d61b34e1506c8c8918fd053b1PARENTID: M20-tlk01SSDEEP: 6144:b4HuKlHprRS8EJ2f5lMZFff8ULOYLriusCOT7w:bOuKHrRS8EJm5luaY/XOvw |
M20-5oy01 | NetWire_88b87492 | Windows |
This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | 88b874920e9288e0eec1b67acba27ae8 | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 17e436f6312f5cb021419beabb8985272593995ccc09110f27abfee1d1eed74eSHA1: dc7d4b9fefa849a9ad5ab582bcbb1ab40f1d5e65MD5: 88b874920e9288e0eec1b67acba27ae8 |
M20-wuw01 | NetWire_5573b35c | Windows |
This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | 5573b35c1ffc84cd76a782ebc6334163 | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 8a9130af590f32b807270517b61af5dbff8f3bc1e2114648f764d8180c22d5c2SHA1: 5033f57dba9e3ffdc546262735bd2c639ac77070MD5: 5573b35c1ffc84cd76a782ebc6334163 |
M20-wh901 | Gandcrab_a610257a | Windows |
This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | a610257a7c613478f30312ac7db5d212 | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 25a297586142486627a765200bfc30658cdb4500949c581a83d1be262c60c4c6SHA1: 8eba22d4d9ffd6e934d307e239bce6821b0ea3aaMD5: a610257a7c613478f30312ac7db5d212 |
M20-7g001 | NetWire_f240d668 | Windows |
This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | f240d668fde9436f9d9c9b6929cb1a50 | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 5609f2f063ee870c77bfb1e2912d7d5080f85755e069a67c94a6258bebe5f367SHA1: 56e70cd45fda3f8ffc5d9ccb3de171a72491470bMD5: f240d668fde9436f9d9c9b6929cb1a50 |
M20-zll03 | MegaCortex_ea06611c | Windows |
This strike sends a polymorphic malware sample known as MegaCortex. MegaCortex is a ransomware that uses a common red-team attack tool script to invoke a meterpreter reverse shell in the victim's environment. Next, the it uses PowerShell scripts, batch files from remote servers, and commands that only trigger the malware to drop encrypted secondary executable payloads on specified machines. This polymorphic sample has been packed with a upx packer, with the default options. | ea06611c5162bfcf18326e960fa2e78d | https://attack.mitre.org/techniques/T1045/SHA256: 3bf7542591e749ba96ef2c3df7e8446b7b5d2849ba862a58db98999cccbe718cSHA1: fc5f131fc46d6fb2f7c7d579bf8e969b0d3865fcMD5: ea06611c5162bfcf18326e960fa2e78dPARENTID: M20-69c01SSDEEP: 24576:3FcDRtUxaMathkW3/VJA2V+q2IY1mxhFRSlBUKJPNV1q5IaA:3yMaLkW9a2V+q2I0mxhFRSlBbJPNV1qw |
M20-ef801 | njRAT_46a2221c | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 46a2221c86fc2e1b4d4a3a84e0403530 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.htmlSHA256: 6e178460a0f54a86e71df31ac2e90ffbaaf00a41ce9722257613f33ed9acc892SHA1: ae0b0dd04e0e09ac033770863e813ee0f355063cMD5: 46a2221c86fc2e1b4d4a3a84e0403530 |
M20-1ko01 | njRAT_0439bd7a | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 0439bd7a9f0c7c935eb6d9c05df83bf9 | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: aee215905b39a4a4cc85be54bda2ae9ded42e06fe0b3813a1794052a12e09757SHA1: 098ce0ecf7fed069772b9ab67e30b1006188b036MD5: 0439bd7a9f0c7c935eb6d9c05df83bf9 |
M20-gbw01 | NetWire_e9690a13 | Windows |
This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | e9690a13abc222a03a544eb45b414345 | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 68a0b82d1b3a21dcbd78de0bdb31f69e4afdb4c20750929d9959af168aa4457dSHA1: 26f7df2157c647314c5353aac6f533e136c39eadMD5: e9690a13abc222a03a544eb45b414345 |
M20-vcw01 | Ryuk_7ff9b1c1 | Windows |
This strike sends a malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance. | 7ff9b1c1bf15c691ca23018a00416844 | https://blog.malwarebytes.com/threat-spotlight/2019/12/threat-spotlight-the-curious-case-of-ryuk-ransomware/SHA256: ef17d0301df8b153cbfecfa6433c628494477ecadab62a3bfb6ec465a04bb95cSHA1: 5b5148978ad08e1aa34413f9bb29ce38dd930b7dMD5: 7ff9b1c1bf15c691ca23018a00416844 |
M20-c1j01 | Nymaim_4280a073 | Windows |
This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads. | 4280a073afed31defbeba4749895d969 | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 589b303963958d48a6d5aa9a506955ed04242994f1f7e36b8819463200970b21SHA1: 6d79c69df02e45585b1830306580fa63de3df64eMD5: 4280a073afed31defbeba4749895d969 |
M20-zll08 | njRAT_a807cd6f | Windows |
This strike sends a polymorphic malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. The Parent binary was packed using upx, hence this binary is the unpacked version generated using upx -d. | a807cd6f4a3118401120cb1e8de3c47b | https://attack.mitre.org/techniques/T1045/SHA256: efdf9fa5cb090384ea9bde433d065842d876bbefc6a3166108152488dc53428fSHA1: 4bfc4febf133946839181523e7a0c73f7e791328MD5: a807cd6f4a3118401120cb1e8de3c47bPARENTID: M20-c1i01SSDEEP: 6144:wsLH2r3lu+yW+9aYQKO7O3SAplGoLxuAjNtrCaIzcrr8JRnoEGn/bs:wsLH2y9avKCO3SApwouoNtCaIDJw/b |
M20-exr01 | Nymaim_8b1251d0 | Windows |
This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads. | 8b1251d03211fab0fb75fb471b7bbdcb | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 287f5e0b40f6341f7f9b09a97d2efbb00b9c389053b76976ccade63027f02425SHA1: 5fb3684d7afaa4393390520b7dcf8f0841147288MD5: 8b1251d03211fab0fb75fb471b7bbdcb |
M20-hzp01 | Nymaim_ba714c19 | Windows |
This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads. | ba714c19eb224c17b0d1dd1ae5f80113 | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 43983a108eee5452032f21f6895cb9d930af372f4fbbf51e217a58f68412c9c4SHA1: b3293603a44eff062cef13449d72d9e303908783MD5: ba714c19eb224c17b0d1dd1ae5f80113 |
M20-f1301 | NetWire_2b41ce34 | Windows |
This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | 2b41ce34f00096970bf7c42ed4462890 | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 610007b784ce5e7ffa2a2e646e60c72277a0222b2f18fb74eed55d25f1af37dcSHA1: f5fef90c7d1512530da182606f0125ccbe6e248dMD5: 2b41ce34f00096970bf7c42ed4462890 |
M20-yc201 | Nymaim_c07de007 | Windows |
This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads. | c07de00710b1531925b3f72cff76e1c7 | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 3cfc8edcb512891aeb4241df6a800981d83c329883eaeeb265f5b555be7c85a4SHA1: 7fb18e4792229b3d483730dc513a6b5bd0cae80bMD5: c07de00710b1531925b3f72cff76e1c7 |
M20-8li01 | Gandcrab_e14bc544 | Windows |
This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | e14bc5447473d2b281b2654a1262075c | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 1a2e00ce828da6130592178bd3b0bf47f2b3edefafffe7e6371622aae1ceb9afSHA1: e96e489966dc0fb418d749ce0b958f0da6f15187MD5: e14bc5447473d2b281b2654a1262075c |
M20-3l801 | Nymaim_8a1a4bf8 | Windows |
This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads. | 8a1a4bf869e0d40a823b66707e5005f4 | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 473e6d64b9b5d33250f89781d2d7d0b7a763563e6703907953ae226e078b2a49SHA1: 091b19fab7f87eec998511200b1de933d7bd46f2MD5: 8a1a4bf869e0d40a823b66707e5005f4 |
M20-s2c01 | NetWire_028a5fcd | Windows |
This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | 028a5fcdf1e4ee6794aaa11a52b69ff7 | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 27540988f360e65aa1ca42007c551fb73ab1b36ed5408ff098389b6ce3ac0f94SHA1: 7152b09cc3b47c5fd97ab1a31f38d9718fcff715MD5: 028a5fcdf1e4ee6794aaa11a52b69ff7 |
M20-khy01 | Nymaim_a79cb872 | Windows |
This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads. | a79cb872d5e698f55370a4263ba11c9e | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 44033bd26650bac58f19414b2f937a3d0aebd819a145738d4d9e77a087d1b2e2SHA1: b7cdc952b07ee8b0fe772e72ceb400e176abe034MD5: a79cb872d5e698f55370a4263ba11c9e |
M20-zll11 | Gandcrab_f684fef2 | Windows |
This strike sends a polymorphic malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. The binary has random contents appended in one of the existing sections in the PE file. | f684fef22cf1ee7ea736386033664364 | https://arxiv.org/abs/1801.08917 SHA256: 3a8bcf4c3ca679e9dbf6217e65caf1bdc476a11473597de7d14e58f49da94ad8SHA1: ffffc6227c5930e297e5df39f98e0769ccd5cb39MD5: f684fef22cf1ee7ea736386033664364PARENTID: M20-qhc01SSDEEP: 6144:N4HuKlHprRS8EJ2f5lMZFff8ULOYLriusCOTjw:NOuKHrRS8EJm5luaY/XOvw |
M20-suh01 | Nymaim_f894f383 | Windows |
This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads. | f894f3835aa7fe0b89e7222ded46685a | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 0cbed52d77571cb00e68ca65ed017272b69c2b90b548f5a3354dec2fd4da677cSHA1: abfc62862d60b118b5e2741bda7b31dd67fb8bb9MD5: f894f3835aa7fe0b89e7222ded46685a |
M20-vhv01 | Gandcrab_ebee15bf | Windows |
This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | ebee15bff8242f85144b428f7880a240 | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 2a7ad044e7f131e71e794cc8dd31ce746f455d9c53e45b88c3696891f4f11b35SHA1: 2c55058fbbae26b03d191568eda166262b118943MD5: ebee15bff8242f85144b428f7880a240 |
M20-qkr01 | Nymaim_20a92abf | Windows |
This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads. | 20a92abfe04249d4fd1aec92f01f64e7 | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 2b0b69fcba2279c7c731adc17ce5e395739a4d957afe75b4dffe79a911d06834SHA1: 384d5027c7e6907ec04339c0106b702bb345cb78MD5: 20a92abfe04249d4fd1aec92f01f64e7 |
M20-13p01 | njRAT_8afcc8d1 | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 8afcc8d135428a914da18d9cee93e2d9 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.htmlSHA256: 84bddfdc96745d0be34f31be3b7e4160db6e04fa7d7648ebf03b81807841bffbSHA1: 77268bde928b55b204037f67eeb004ab96400aa1MD5: 8afcc8d135428a914da18d9cee93e2d9 |
M20-2gp01 | njRAT_33381eec | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 33381eecdaf0d903b0f8507ce61e151c | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 2de7a2aa518ea9e0fbc421761c85be589c27c88c3038fa4fa93bef51bacd67bdSHA1: bd8ec6bf4f4e3f67946d43c73f4779c3c0470549MD5: 33381eecdaf0d903b0f8507ce61e151c |
M20-cw401 | njRAT_c6a80b1d | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | c6a80b1dde72119c57efce0e9f0aa6d6 | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 344204f0902906b808c5f81ae62b455a3d0ded3034fca548230cd51c59f02ec4SHA1: f89f22c041eb2eb4ff9990eaf61774436b199da0MD5: c6a80b1dde72119c57efce0e9f0aa6d6 |
M20-c4g01 | Nymaim_cef2ffc3 | Windows |
This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads. | cef2ffc3e1f98f56c3311776594ad00d | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 3343d61a8a5e8f19686995852ac47dec453da1a61f0544a2b6cc75b404ac40c1SHA1: 3c61e64c5ebadf04dfd26676d900590e11818674MD5: cef2ffc3e1f98f56c3311776594ad00d |
M20-4o501 | Nymaim_160f29fe | Windows |
This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads. | 160f29feaa6cd76d9439a6cf464bf123 | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 1725392d15f6eeee49ba8222c595faeb59a5434b9136b137dc03a9b61e084087SHA1: 8b649b583fe5925de142a18a54fb01c057e16a8eMD5: 160f29feaa6cd76d9439a6cf464bf123 |
M20-7nq01 | NetWire_ac28ae0c | Windows |
This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | ac28ae0c4c79d6b1dc4f3ef984f397be | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 1a996582f6a9e60acc72d4266067c9e5ff48ac32bdb45fc8787cc366ff4bd790SHA1: a3b66277a07e8271bd3516cf85013d0f535e4978MD5: ac28ae0c4c79d6b1dc4f3ef984f397be |
M20-42r01 | Gandcrab_d48b216b | Windows |
This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | d48b216bfdb82b07300440a8c2433d6e | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 274d2074201aabff30008390fbc34087fc9aead9ec924d18708a0d6670bb6995SHA1: 833e3b97bb8813b9afd98e24e4e091907808e6f5MD5: d48b216bfdb82b07300440a8c2433d6e |
M20-wnz01 | Nymaim_9d4ae464 | Windows |
This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads. | 9d4ae4643a89f6b2de75ca56fe728f3b | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 6123859235132aed86f0520e20d623e8d5d0438e082db32caf310d1b77aa9ec3SHA1: 79db6d361007654fe3211381b1c25a2700590b4cMD5: 9d4ae4643a89f6b2de75ca56fe728f3b |
M20-xbg01 | njRAT_70c26f58 | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 70c26f584d9a1122fee3a8c352234342 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.htmlSHA256: 79d129fd698fbf62084545a105e6bd3cc027435a42ae3eb48c3e62c6e2ec461eSHA1: 1ec05c4663f9ccf5e5dd977aabb013ad865129c9MD5: 70c26f584d9a1122fee3a8c352234342 |
M20-x2t01 | Gandcrab_9681cea9 | Windows |
This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | 9681cea9effc5eb29af0d0b7be9a504f | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 22d18aa907e4750c7fce359140c44db444c644e8576c8609ca54c2e85afa0ac7SHA1: 2bb30ff3c0563dde1717b93f235aeabaa7cbc296MD5: 9681cea9effc5eb29af0d0b7be9a504f |
M20-ebe01 | njRAT_0155b1ef | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 0155b1ef445a439851d207065ea3b2eb | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: ae078923fc539c22a7eff4491301ae2c8f438e79a02226e6604b7035aff34ec5SHA1: 65048b127c49761fae3683e1ac13b30e4fe39d01MD5: 0155b1ef445a439851d207065ea3b2eb |
M20-le701 | Nymaim_1361f95b | Windows |
This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads. | 1361f95b1b42bd1a506eabd40c843341 | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 446952c8181f0736647c99e3d4160fafcf272c885a62b19e4028a41183227292SHA1: d7d15662258f0f2dc2e8d2f484e4ce0a0f66c33eMD5: 1361f95b1b42bd1a506eabd40c843341 |
M20-i7n01 | Gandcrab_bde3f14d | Windows |
This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | bde3f14dcc9b46e0f5a646fe88f7c3fb | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 18213dfc3c25be525312f6ff70e4ea8861233bc562d1442a501a0ae7c7bd93f4SHA1: 3787098639404f164fa024788f6a468b27b83be7MD5: bde3f14dcc9b46e0f5a646fe88f7c3fb |
M20-04501 | Nymaim_73bb8188 | Windows |
This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads. | 73bb818829bdc7e11278d11a5a2684db | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 37c3c75c995da210c09a6b6e258af839386c4a8661d16395ef179065326ebbd7SHA1: bf9836accd190d1ad1ae459dec8d11e9aa2742a6MD5: 73bb818829bdc7e11278d11a5a2684db |
M20-z6d01 | Gandcrab_0d905e9e | Windows |
This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | 0d905e9ec3725d4863e9536f2fc0ab8f | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 1a99329960098a5414c2fac1bad96ef143878fb5435bcdc6cef9d288081e8b4bSHA1: 89aba8ba0bfcdc00eb152e01fbf29bd852d04783MD5: 0d905e9ec3725d4863e9536f2fc0ab8f |
M20-ai501 | Gandcrab_b96c6d8d | Windows |
This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | b96c6d8dbaf4d845dde5a6066d4660d2 | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 09eeafacfe79c4fc87c45dab72ce88aa1e234e668e2535e209beaa4a8181610fSHA1: c519c6a84e150ec4a2a472e68f1c49e998a63bfbMD5: b96c6d8dbaf4d845dde5a6066d4660d2 |
M20-69c01 | MegaCortex_5e973e60 | Windows |
This strike sends a malware sample known as MegaCortex. This strike sends a malware sample known as MegaCortex. MegaCortex is a ransomware that uses a common red-team attack tool script to invoke a meterpreter reverse shell in the victim’s environment. Next, the it uses PowerShell scripts, batch files from remote servers, and commands that only trigger the malware to drop encrypted secondary executable payloads on specified machines. | 5e973e6096174590ed667c4f5e4dc3e4 | https://news.sophos.com/en-us/2019/05/03/megacortex-ransomware-wants-to-be-the-one/SHA256: f5d39e20d406c846041343fe8fbd30069fd50886d7d3d0cce07c44008925d434SHA1: 478dc5a5f934c62a9246f7d1fc275868f568bc07MD5: 5e973e6096174590ed667c4f5e4dc3e4 |
M20-b7i01 | njRAT_fc91be78 | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | fc91be78d82e3f64a28dd444510eb7b5 | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 8e7ea6439f856525f2affc885f93a23e2f7ade71aecc69c8cd78e5460d4aa58bSHA1: 334ace199bcd29939d96f6e72bb5dee68af28ae8MD5: fc91be78d82e3f64a28dd444510eb7b5 |
M20-ppx01 | njRAT_8cb25eb8 | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 8cb25eb826f2912a3fa4e07eab773300 | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 7d2e2395490ac37029cd98039afa8991f718c5121b1e6e326713e99c26aacb28SHA1: ea013ff575fb781f355559a6cfa95d8128f28f79MD5: 8cb25eb826f2912a3fa4e07eab773300 |
M20-ws601 | NetWire_843e386c | Windows |
This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | 843e386ccdace07a03b4a00477278ae0 | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 74b44c73bf6f45344bb4aef9f469b3ca92b76b6c0e479e126cab0e35f679c9caSHA1: 179e0ebb02001748e518e5f6d4f8f645c59cc81eMD5: 843e386ccdace07a03b4a00477278ae0 |
M20-zll05 | Ryuk_ca4a1e59 | Windows |
This strike sends a polymorphic malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance. The binary has a new section added in the PE file format with random contents. | ca4a1e5912eb043bb47bd32dffbb940e | https://arxiv.org/abs/1801.08917https://blog.malwarebytes.com/threat-spotlight/2019/12/threat-spotlight-the-curious-case-of-ryuk-ransomware/SHA256: 8e724486c6a66878abc97b47274c0cf491af7af1af3378b754aa5c7bffa4321eSHA1: 6d950a411c7417e6c3523a0747cc50df6351a556MD5: ca4a1e5912eb043bb47bd32dffbb940ePARENTID: M20-5jt01SSDEEP: 3072:yYm0i/Z/t3E9gyN9HLSvdN4vKijSVuwbXiz:yF/9E9Vf+VS9jELiz |
M20-9b901 | Gandcrab_03147404 | Windows |
This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | 0314740413e9c74bd2ac4fbf60d9818e | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 25ae0f8e3b3938131d098ff7832167a5b6629e6cb8972827b7f1175b69e063c9SHA1: 420474a5f3c8317fc7d1e530203aa853a7b80f9fMD5: 0314740413e9c74bd2ac4fbf60d9818e |
M20-iuv01 | njRAT_0accb589 | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 0accb589fc9e44604b746b71f9468cc7 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.htmlSHA256: 86da48f0943d29d940c8ea86a26695026e0a3b5ff74c08cd1189d84e05a57d97SHA1: f634b7158e0caab3fba26eeeba821561bf369261MD5: 0accb589fc9e44604b746b71f9468cc7 |
M20-og501 | njRAT_de652e66 | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | de652e66952d11b68cb39d686207880f | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 245938f3b18f371c90e5403b454cadfa791d97767d9aa05439d6b852fbffd714SHA1: c6b06881b30b50f5bad617e42e251c097b3a8083MD5: de652e66952d11b68cb39d686207880f |
M20-wmw01 | Gandcrab_b6717a53 | Windows |
This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | b6717a536850b59c7047d86fe8afd913 | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 2164d2a4c1a861298c8003118855be9ae68614c5e557638830038658b2e6e47cSHA1: 358554816c00137b85c543f91e1b214e412b66a0MD5: b6717a536850b59c7047d86fe8afd913 |
M20-1us01 | Ryuk_c8325c66 | Windows |
This strike sends a malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance. | c8325c660ea72a8eb5281898f7a87f34 | https://blog.malwarebytes.com/threat-spotlight/2019/12/threat-spotlight-the-curious-case-of-ryuk-ransomware/SHA256: 18faf22d7b96bfdb5fd806d4fe6fd9124b665b571d89cb53975bc3e23dd75ff1SHA1: dd318ffdd4b1081733dccf95cddb4e000814e005MD5: c8325c660ea72a8eb5281898f7a87f34 |
M20-zll07 | Ryuk_bd72f57b | Windows |
This strike sends a polymorphic malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance. The binary has random strings (lorem ipsum) appended at the end of the file. | bd72f57b108beeac8d09d15ee3df1104 | https://attack.mitre.org/techniques/T1009/https://blog.malwarebytes.com/threat-spotlight/2019/12/threat-spotlight-the-curious-case-of-ryuk-ransomware/SHA256: aa01cf225f2a007f7c67e7fbaec83ebb59f9dd84d7d07f6dac13a268ef98a8c9SHA1: b0765b8d6e62854278e7f0ca4252c85687cbf5cbMD5: bd72f57b108beeac8d09d15ee3df1104PARENTID: M20-np601SSDEEP: 3072:iE9vDzV0/NKFKEt1dtnO40Go5KijSVoFEVwgwbHYV:iC6cFKEt1/OZRDjhlz7YV |
M20-smm01 | Ryuk_70aa666c | Windows |
This strike sends a malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance. | 70aa666ca17c9cd1345422568b0e79fc | https://blog.malwarebytes.com/threat-spotlight/2019/12/threat-spotlight-the-curious-case-of-ryuk-ransomware/SHA256: 85bd8cb0d05147a473de3a7ded718a0a2bbe0fac282b927f34ee3b607d887870SHA1: 6da5486c852630291168b539513d15bafb5b93a8MD5: 70aa666ca17c9cd1345422568b0e79fc |
M20-b3n01 | Ryuk_fac4f4c6 | Windows |
This strike sends a malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance. | fac4f4c67b4106aa30d03dc4a34d93ca | https://blog.malwarebytes.com/threat-spotlight/2019/12/threat-spotlight-the-curious-case-of-ryuk-ransomware/SHA256: fca0325ce51a7c278ffa1a016c1bd2032edb74c6c48b27be4c0cd5c359a82b10SHA1: aa7bd8dfe1dd3cd48f3ba754c29253653da37498MD5: fac4f4c67b4106aa30d03dc4a34d93ca |
M20-jdi01 | Ryuk_9a5f01e0 | Windows |
This strike sends a malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance. | 9a5f01e0592305fc8b235cd407c61ff5 | https://blog.malwarebytes.com/threat-spotlight/2019/12/threat-spotlight-the-curious-case-of-ryuk-ransomware/SHA256: f894ffdc00c7b9278ce1773fb7f0c7c42048361ff0ae65df4341fbe6ecc63d9aSHA1: 133825d8bee06f0398e984faaf5af5bf4157f371MD5: 9a5f01e0592305fc8b235cd407c61ff5 |
M20-s0q01 | Nymaim_69722300 | Windows |
This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads. | 6972230008bf9fa17ad6df4df2471502 | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 0454d49281ad2a9f99228f543428338353da11fbf78e36b7f5b31479c121bf6bSHA1: 1c58c219a667d846550c287aed59d55538e75a9bMD5: 6972230008bf9fa17ad6df4df2471502 |
M20-2j801 | Gandcrab_d736fc6d | Windows |
This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | d736fc6d3cf0fff39bf45f27ceee7664 | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 234bcafc5700b9f59d30bbcd0b7ba4694e49ffe6621ed63a5a6f0464a6aba447SHA1: 8999b9daba4698df609a1322d30c3d0e7aa53072MD5: d736fc6d3cf0fff39bf45f27ceee7664 |
M20-civ01 | Gandcrab_01ce042b | Windows |
This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | 01ce042b6e92e35d6c7cf02204252271 | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 2d239ffa8b5e13e8c19de06e5d5825e24df4c52f31741ab7373b2b74b612ab2fSHA1: 43c2984c6c2f0ee445459b9389154c7e6a72d680MD5: 01ce042b6e92e35d6c7cf02204252271 |
M20-zll02 | njRAT_69ef29bd | Windows |
This strike sends a polymorphic malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. This polymorphic sample utilizes a section_rename technique in which the binary has a random section name renamed according to the PE format specification. | 69ef29bdbabce19eed8c8b2dcaf9d44c | https://arxiv.org/abs/1801.08917SHA256: 7bc3a9e08e4e7ea1d9f412ee5c6a8d52b46c8bb9268e9c2fd8f4a56550b27894SHA1: 339e0b6947c0db36789f5235219611c7c446354bMD5: 69ef29bdbabce19eed8c8b2dcaf9d44cPARENTID: M20-z2b01SSDEEP: 6144:S2DTwhsO9U/Aggsyak5zgW6fxJUjYGcSRZduOvMpmJ:nTdOZggsKV0xnOvc |
M20-i0201 | Nymaim_afc17007 | Windows |
This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads. | afc17007a8dd277db8408651984759f6 | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 0218e9c2cf3ca8f6201331e44bfa7d8a5448b1b5b08d8b14d85aebb65671e1a2SHA1: 0d2e8e6aa45f86a5dd094653c8826b19433172c7MD5: afc17007a8dd277db8408651984759f6 |
M20-k4e01 | NetWire_aa2a0e55 | Windows |
This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | aa2a0e557d0aa04101e24cf4b86b8d5e | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 89c33a22731e48e90417e2877e318c86a7ac57b5d9ba4c9a39bc65bf27191935SHA1: dc9d36e8594a539c8a0a2ab4d0c795a36f394192MD5: aa2a0e557d0aa04101e24cf4b86b8d5e |
M20-4ug01 | Ryuk_c6700007 | Windows |
This strike sends a malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance. | c6700007c22a5357d3dd48d05dac4e19 | https://blog.malwarebytes.com/threat-spotlight/2019/12/threat-spotlight-the-curious-case-of-ryuk-ransomware/SHA256: dd4b13c694ca9d78d2a804149ac1919ee954564871e08c7f89c855d82c6c909aSHA1: 1a49dfc4b5d04feea8ff437950649d3467956e29MD5: c6700007c22a5357d3dd48d05dac4e19 |
M20-16z01 | njRAT_c9c01699 | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | c9c01699f6982537ba77184ea6a3b1b6 | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 66d6a4049df4e8bc2fd9c615af0bc3d0ae715ea5b17c5222980f67bd6d57d75eSHA1: 7fa76b3aa4d3137daebdb076aec9a8cc4dbbde3bMD5: c9c01699f6982537ba77184ea6a3b1b6 |
M20-vf101 | Nymaim_3cf1debe | Windows |
This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads. | 3cf1debeb2186629ac53117ec3647767 | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 17f077b3721d13d89bfe4d84b297620ff8590b9949e0b3a90e754cd147808695SHA1: 0238bdbd93e8b2288d262eb1ce2b3bb16dd97077MD5: 3cf1debeb2186629ac53117ec3647767 |
M20-zq401 | Gandcrab_eb068aec | Windows |
This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | eb068aec9c7997cd6854f33867bfec93 | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 1ee6e03bfe259cf4a95c093e85056ae9807fa53f83f465b8878d74a114f148fdSHA1: 7dee4ad24cb6a7fef7f2358d0026c20b57414f75MD5: eb068aec9c7997cd6854f33867bfec93 |
M20-qhc01 | Gandcrab_bf25dbe5 | Windows |
This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | bf25dbe58a56d70b23956b0e72cdaa3e | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 276f56271a9b3e3fcce07ccd2e4dab2a4316b90e8e715e2657b572da0109c801SHA1: 02a90aec0fce42a77672ad47d777f469cb04bc0dMD5: bf25dbe58a56d70b23956b0e72cdaa3e |
M20-rql01 | NetWire_eb8a8f92 | Windows |
This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | eb8a8f92f21c1124434086a434d6250e | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 46988782ad1012c66e2de02140c2f5d4f210916b0ace64d5c29018336ba76668SHA1: fbac438ba38f0a0b4dd3b7224b920be05a12daa9MD5: eb8a8f92f21c1124434086a434d6250e |
M20-9kp01 | Nymaim_80006475 | Windows |
This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads. | 8000647518b3f124f602d97641001ce1 | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 5d95754de0c3bda4841e7122b0b24bd5d949adc647735582d4e6af72274950d7SHA1: 1f2489df4b43fbe69cbc746c2cca0197c3e9799bMD5: 8000647518b3f124f602d97641001ce1 |
M20-9s701 | Nymaim_1199419c | Windows |
This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads. | 1199419c89204da5917e132289aa4429 | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 2696cc5afb7daf7e9acfa6b48e9c925961c8b3675d4dba20fcd840879695f8ddSHA1: e68100b8b757826df420625091e7689ebc798ed1MD5: 1199419c89204da5917e132289aa4429 |
M20-zll04 | Ryuk_a68f4a82 | Windows |
This strike sends a polymorphic malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance. The binary file has one more imports added in the import table. | a68f4a822f233ab9fd6be318483bf3c2 | https://arxiv.org/abs/1702.05983SHA256: 27e68a54806a908c232deaf25e2f7a4ca57aa4e1ceeb44d2efe24bfde5d5de83SHA1: 023cd4141ba6839215b5245c26b436e4428cd8d8MD5: a68f4a822f233ab9fd6be318483bf3c2PARENTID: M20-4ug01SSDEEP: 3072:Qzipd+VbNTEN1+5ejSDtNIFKijSV3Tbn6F3a8:uiK9EN1ie+5C3jyb43a |
M20-ojg01 | NetWire_e4b49055 | Windows |
This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | e4b49055a2423e077228682bb71ebee4 | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 7e00eca478b68881e4722e2aba2094e468b4b457515d4b8e247b624189ecfc65SHA1: bccafc4500a4dc2ec74f3ec048bf791a2ebae4baMD5: e4b49055a2423e077228682bb71ebee4 |
M20-u5w01 | njRAT_472729fd | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 472729fd1890df254caffee8b5039012 | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: c7a9a427985e84f296370c466eb675ff01b06992416ac9250c385cfaa5a9678dSHA1: 529d5fdef45895e2be9e08eb740cc37d98b8c610MD5: 472729fd1890df254caffee8b5039012 |
M20-yjj01 | NetWire_38721601 | Windows |
This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | 38721601a4b103fa536a8fe149ed424f | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 4e9562ec338b3e4dbaca5f30289881689f5e4ca5ef7fffb4afe73abe040213b2SHA1: 94635ad40aa40d1f139d118afa129c1a3c90e042MD5: 38721601a4b103fa536a8fe149ed424f |
M20-f6a01 | Gandcrab_df25a737 | Windows |
This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | df25a737875b2faf1be70cfd028dfd50 | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 10ae8e44b98f0255ba8e6d819d804e8379336500f3e27a14bb5b8ea72a07eb80SHA1: 6697c6d60948eacdd20ebd98d376427826451053MD5: df25a737875b2faf1be70cfd028dfd50 |
M20-9fs01 | Nymaim_b9928477 | Windows |
This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads. | b9928477daa60f9cc617cb7003da6092 | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 0a58ad96a90964d56735bf61afa86fa7c6a2a3e15092b66154c6418465bb3a00SHA1: 216ae8dd65cd2061858c6a04da42ed299d306066MD5: b9928477daa60f9cc617cb7003da6092 |
M20-bqz01 | NetWire_ce2548fe | Windows |
This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | ce2548fe041a3def237aaff8bfe6573e | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 1504dfb0c30dd51fed5c8940d5103479ae565fba3d839f7d973925fa868a6097SHA1: 63bc25f9b15df3d94e3ff976e6a12d2cfba7b4c7MD5: ce2548fe041a3def237aaff8bfe6573e |
M20-txj01 | Gandcrab_012fb47a | Windows |
This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | 012fb47a33fda605862ae7504f01b093 | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 187591cccfe3eb0c7bea183e03a735be581f704866b2bf2f82c2f57c759f5fdeSHA1: 07f4280c77d4471a260d243fb1db3f0031d14ce6MD5: 012fb47a33fda605862ae7504f01b093 |
M20-f7d01 | njRAT_64240ed6 | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 64240ed64024a1ce13b7159a499bdf33 | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: d75a26758530f775943a9d16680ee4c37e913ab20d6953e965ae41f3e5fd3a88SHA1: 2fd5dc6aaa57cbd8f72b89e2b7f5be0396d2d9b7MD5: 64240ed64024a1ce13b7159a499bdf33 |
M20-24w01 | NetWire_6105cb2c | Windows |
This strike sends a malware sample known as NetWire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | 6105cb2c3c3592f758a503a5afffe6f4 | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 18bb29e7f9fcc8410d0e613a4989d47b5f1b38023c26bb95a4fe5ae53c2f52ffSHA1: e8e10ced5f19ac2a5839186196b386ca7294a281MD5: 6105cb2c3c3592f758a503a5afffe6f4 |
M20-po701 | Gandcrab_0cc1e72f | Windows |
This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | 0cc1e72f331c7a43908e1646c9f95aea | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 145bcff3aca6ba04f241e0d5ced04e2781c8a0f225ebf51dcddfb238fdbc63eaSHA1: d3cfdff4b158f21dd28141ddc3bcb91d178ad193MD5: 0cc1e72f331c7a43908e1646c9f95aea |
M20-tlk01 | Gandcrab_e9994b71 | Windows |
This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | e9994b71cdaae917b6916bc52be1228f | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 2bb8a6eae8695c55070f5f78371609052f73826a2df29a9e2ab82c7c89603369SHA1: 6716e2ea6bfc0d0283e7c3c1a35a90528a87f50cMD5: e9994b71cdaae917b6916bc52be1228f |
M20-4cd01 | Nymaim_9344e283 | Windows |
This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control domains to connect to additional payloads. | 9344e28308e4ac7f7c3205d1956d5a7e | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 09136689c46634da3d89dc3609bc2db9582cf70992b9ef92ef6c7dfb3416bee2SHA1: 14eef17d3869f03b6fcf85dd684c0e9f79865f43MD5: 9344e28308e4ac7f7c3205d1956d5a7e |
M20-1pa01 | njRAT_7f184f10 | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 7f184f10deb0333cc25a430f4e68982b | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.htmlSHA256: 8789bba00344fcb155e891679121b770a4daabe0171a78fccbef5b92322f4105SHA1: 86efdb2c2df41f5df2e686a58d7cb7add1f3e1feMD5: 7f184f10deb0333cc25a430f4e68982b |
M20-egs01 | njRAT_1ad8d065 | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 1ad8d065331ab3d464c3835d0d38fc29 | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: d2af08616f7d2dc0f68d75376d3164867732871348c8101aa0319c90062f999bSHA1: 5d51460875f404c002d2252921f9c79049aaca97MD5: 1ad8d065331ab3d464c3835d0d38fc29 |
M20-zll06 | Ryuk_7fb23325 | Windows |
This strike sends a polymorphic malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance. The binary has random bytes appended at the end of the file. | 7fb233251bb6d0ca676a98b436c5c891 | https://attack.mitre.org/techniques/T1009/SHA256: 43371d651034afe2b3a30e26d67b53e7fe626d380cf15d0006def710dc1a61d6SHA1: 9009ed166fe41b4e85984ece2096099dcd0a078dMD5: 7fb233251bb6d0ca676a98b436c5c891PARENTID: M20-np601SSDEEP: 3072:iE9vDzV0/NKFKEt1dtnO40Go5KijSVoFEVwgwbHY/:iC6cFKEt1/OZRDjhlz7Y/ |
M20-8y901 | Gandcrab_b4824a1b | Windows |
This strike sends a malware sample known as Gandcrab. This strike sends a malware sample known as Gandcrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft. | b4824a1bc131c31308dd41e974936318 | https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.htmlSHA256: 134e8947ef2f684d816c6c1da588fba3f9f0c08c24533adc02cbcb93d9e1494aSHA1: bb796b37741ee874e82cdbd9181931cc6f2564efMD5: b4824a1bc131c31308dd41e974936318 |
M20-c1i01 | njRAT_e9434f69 | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | e9434f696ce9fe390fa7c4340141c11a | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: fd05573a8360e8054c0ebc38c5cdd107e68b9694525829e832a3085c7d9a556bSHA1: d65783bc0aa9a372e834a9d71bfd2dda5713f63fMD5: e9434f696ce9fe390fa7c4340141c11a |
M20-s6801 | njRAT_0278c68f | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 0278c68fc2e3d692762680d831183e3d | https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.htmlSHA256: 00cf99575699bc66ebbb6420a94c31ed8acad4107031546e04f9576546c276e5SHA1: dde032f4caac4d6654bf3966ebf8c238b0044b4cMD5: 0278c68fc2e3d692762680d831183e3d |