| M20-v8y01 | Formbook_18ec3b4d | Windows |
This strike sends a malware sample known as Formbook. This malicious sample is known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target. | 18ec3b4da78d2fed6b98db0a6ae813a6 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
2e98ffc7f5bab8e3f2085beba2ecc912f038c9a66a5f6b9ec7d8e0f2eca2fcbc
0c98a8191c1ae3e9ee746adf835ffcb628451e3f
18ec3b4da78d2fed6b98db0a6ae813a6 |
| M20-cdm01 | Barys_f23fb0e7 | Windows |
This strike sends a malware sample known as Barys. Barys is a trojan and downloader that will upload malicious files to the victim machine. | f23fb0e72a5ca3213b3aa2ae87c2e4cf | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
0780a44389bf1a4cde74cc26d87cf3ee10ab0f19ba75dc941abacb0939f6c0fd
daaf4bd92f9d84ff5777b0939f72b80d73fdff4d
f23fb0e72a5ca3213b3aa2ae87c2e4cf |
| M20-xsf01 | Upatre_8afdffe2 | Windows |
This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware. | 8afdffe2fe9b8afb36a33596744dbb96 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
062720c82d1bef7558b0a4675b9539a23afddf252ede24b5d54edfba2a758ca5
39d987162051347f2844293bac51d4908971f9ce
8afdffe2fe9b8afb36a33596744dbb96 |
| M20-snk01 | ZeroAccess_82478302 | Windows |
This strike sends a malware sample known as ZeroAccess. This sample is known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 82478302003ed046a22eb157f8e219a0 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
24ec81e3c8a7247c0fa2292906afccc1d47b81412cfaf021dc22be067530e944
86367c293efa5803a55e998700ba49ad84adc19e
82478302003ed046a22eb157f8e219a0 |
| M20-in501 | JhoneRATAutoIT_1807e27f | Windows |
This strike sends a malware sample known as JhoneRATAutoIT. This sample is an AutoIT script that will retrieve the Python RAT from the cloud provider as the third stage of JhoneRAT. | 1807e27f6badbb199e95e6d3abdae1dc | https://blog.talosintelligence.com/2020/01/jhonerat.html
b4a43b108989d1dde87e58f1fd6f81252ef6ae19d2a5e8cd76440135e0fd6366
579c10219b962b96a5f84010f29eba2c387ef4c5
1807e27f6badbb199e95e6d3abdae1dc |
| M20-9d401 | ZeroAccess_d396a27d | Windows |
This strike sends a malware sample known as ZeroAccess. This sample is known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | d396a27d4a14012788b50722167eba35 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
05597af5ff2dd97b20b7c57e4c3cd48cae1a4d2c7cd1c4ac920a6f1185a65900
3fe1c0f3df13e1e5b8820864deb0270d6b81abdf
d396a27d4a14012788b50722167eba35 |
| M20-ehv01 | ZeroAccess_e1545fb1 | Windows |
This strike sends a malware sample known as ZeroAccess. This sample is known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | e1545fb11d032ad4b027034ebeed2399 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
1c9dc1eb7cb0191101faa393854592a440d6df736f07a767138df22c1f809c8d
ab24e79d858cc4d55393f3d0cafdf8ef0d0f623a
e1545fb11d032ad4b027034ebeed2399 |
| M20-mzk01 | Razy_2aa87ee2 | Windows |
This strike sends a malware sample known as Razy. This malicious sample is known as Razy. Razy is often used as a generic detection name for a Windows trojan. | 2aa87ee2b7baa7d413cc747537a867a2 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
cdaef1b003e82f8994dd616103781125fca98ec097ee79830c2262f41158237a
ee004c039ed066dd237c465c33e23e7abb8fb34f
2aa87ee2b7baa7d413cc747537a867a2 |
| M20-p3401 | Formbook_22f52791 | Windows |
This strike sends a malware sample known as Formbook. This malicious sample is known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target. | 22f527912f273610f0f29c239c8b21eb | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
356aa1a0e39cd24ed61ca8c1d6658a91c9dd8dbd2663ce90b5db2b793fe12e01
94d44e5ed007a5273d70d257ee0d0545d281fe67
22f527912f273610f0f29c239c8b21eb |
| M20-jyl01 | njRAT_16c2f9b6 | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 16c2f9b6c3b80cfeb40c8a5ec9c0f17f | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
53b7c2eadbb2686d6bcfed439d656df597b396f0004b086a9aad6806e7810256
1428b8adb2f515bfb9ee222833a9c49ef19c4d47
16c2f9b6c3b80cfeb40c8a5ec9c0f17f |
| M20-jv101 | Razy_0748af39 | Windows |
This strike sends a malware sample known as Razy. This malicious sample is known as Razy. Razy is often used as a generic detection name for a Windows trojan. | 0748af3992de6e3aa7b386b7f6c08ef2 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
3031363a67eca33c68892ed7529803bbaa926a6f371204eeaa8ca205501d8cac
4f07ba441cd12dc12c8525536409cf5fffe1460b
0748af3992de6e3aa7b386b7f6c08ef2 |
| M20-4xb01 | Formbook_657a107f | Windows |
This strike sends a malware sample known as Formbook. This malicious sample is known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target. | 657a107f2875178c5bc79d39602986cb | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
2a13033c3b6b7299bd795ce5c34bbba17a8de80d4d957e4d547ef1ae2ba728b4
3614dee3fb859c76a66cde46f111e8db142eeb58
657a107f2875178c5bc79d39602986cb |
| M20-0y101 | Razy_4bd65e3e | Windows |
This strike sends a malware sample known as Razy. This malicious sample is known as Razy. Razy is often used as a generic detection name for a Windows trojan. | 4bd65e3efec3e9dc779bff402eb168b5 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
79acdd5ea559b2e7e29fa6b47ca1053e11dbaadf540fc2b140aca89d1539d17e
bf2d681c69bcd80cb127e053098a346cd2946b15
4bd65e3efec3e9dc779bff402eb168b5 |
| M20-cvf01 | Razy_eb9064af | Windows |
This strike sends a malware sample known as Razy. This malicious sample is known as Razy. Razy is often used as a generic detection name for a Windows trojan. | eb9064af85850cf7b3485b2a911798d7 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
731aa2659852eb9b98d573b3f59436b49c15492d8df94e18da5a8f4c41f48fbe
ae6d9af60afb81ad1078c78189572f50dabe3b75
eb9064af85850cf7b3485b2a911798d7 |
| M20-20f01 | Barys_4283b4aa | Windows |
This strike sends a malware sample known as Barys. Barys is a trojan and downloader that will upload malicious files to the victim machine. | 4283b4aa2e7b1cba360bc9265494c0b9 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
006261e3d8b0d00ae9f6596dd914440a19b1b0ab333533c03fd75c3e63f07f0d
56828ad5dada707158a6f1b23227b03456373a14
4283b4aa2e7b1cba360bc9265494c0b9 |
| M20-mf101 | Barys_fa225720 | Windows |
This strike sends a malware sample known as Barys. Barys is a trojan and downloader that will upload malicious files to the victim machine. | fa225720e442680e287e27be96b4513f | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
18f55fa2f805d9a0aa51b6c6e934b9ea14d4c63fb578811dad1d7816e5758b71
82f2eb8e876bcae15fb8865335da7405724632f1
fa225720e442680e287e27be96b4513f |
| M20-3kw01 | Dridex_33122331 | Windows |
This strike sends a malware sample known as Dridex. Dridex is an online banking malware that steals personal information through HTML injections. It was first spotted at the end of 2014 and its inventors keep improving it periodically since then. The latest improvement is the addition of AtomBombing technique (does not exploit any vulnerabilities but uses a design falw in Windows related to system-level Atom Tables) which makes Dridex harder to detect by antiviruses. | 331223318ff468a3ae5b490dd28eaa34 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
940eaff21163abfe8be6301e561e30a27f23800cb8bfe4a5df9a5ff7dbfb1d4f
d1bca6c86a81e586e3bfb0610593bd80b696c76d
331223318ff468a3ae5b490dd28eaa34 |
| M20-ft001 | ZeroAccess_a58d371b | Windows |
This strike sends a malware sample known as ZeroAccess. This sample is known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | a58d371b07a51f78167a1ed2cedc1149 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
0b675bae551f40fe43934915324927652e35fa3089dcc911345478fc96338a3c
5b16da423736f57ca1bf8ac655f77043988b2716
a58d371b07a51f78167a1ed2cedc1149 |
| M20-xvu01 | Razy_1c3dda80 | Windows |
This strike sends a malware sample known as Razy. This malicious sample is known as Razy. Razy is often used as a generic detection name for a Windows trojan. | 1c3dda8020173a5b45a7c80cfc8b0298 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
34b978969d994134de71dd45996dc5d10516e534e23a2abb8537a1c548ac1c93
b813b491477a42596a90b7c5b29dc4a013f7b3a9
1c3dda8020173a5b45a7c80cfc8b0298 |
| M20-xan01 | Formbook_6c94358a | Windows |
This strike sends a malware sample known as Formbook. This malicious sample is known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target. | 6c94358a5054c3b0cd48bead515c29e1 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
2655a1ee89ed4101f552ce1b75b9d711ee5c6217e63cf6ce8e23086844c839e9
b1977aa9377bc7668bebdbe1a42b1cdde607f923
6c94358a5054c3b0cd48bead515c29e1 |
| M20-32801 | Formbook_0df65c4c | Windows |
This strike sends a malware sample known as Formbook. This malicious sample is known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target. | 0df65c4c62808537fbb360bd7f001c63 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
36fd577a0a6354cae84ff7a6bc3b21159f24cd0b8eff3482ba7c8278b4a89b27
7ce30a84ff446f849ab5aa77c46752ab271273b5
0df65c4c62808537fbb360bd7f001c63 |
| M20-x6i01 | Upatre_61f7ce62 | Windows |
This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware. | 61f7ce62172d549ed46481e97b939831 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
16b232d226ca18447e1f1671538607fe5be412e935b930bcde73ff46e0b2890f
fd50f790dd99d0c9b4f412a7bfeae8aa8fea3e74
61f7ce62172d549ed46481e97b939831 |
| M20-tzz01 | TeslaCrypt_72939fdc | Windows |
This strike sends a malware sample known as TeslaCrypt. This sample is known as TeslaCrypt. | 72939fdcaabdb51a87d5cef1faaa8710 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
6352e2794884e3c090f6ec14ec8c870fdc6d4cde61f518c44ed5bae2916e67c8
f85fcd8f46d964019af369c4773646ab3e1c05de
72939fdcaabdb51a87d5cef1faaa8710 |
| M20-4ih01 | njRAT_c82ed5e2 | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | c82ed5e27702f79bd99befba36f86e54 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
162616259b6591503807bda2b9228c88409f4a71c085bc4b39d5eef2b64213c9
83df2b31b5334085f3819dd47c26ed05183c00bb
c82ed5e27702f79bd99befba36f86e54 |
| M20-dvb01 | Upatre_e14cea82 | Windows |
This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware. | e14cea82a38aab83b9ea969e5a4d7107 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
09f38837949bbee74dd5da5fce7a92d7f21168f7e43345bbd19f5cbfde8f6f69
6253af6c56a3fdd109500b39121a75a0c646869d
e14cea82a38aab83b9ea969e5a4d7107 |
| M20-6l601 | ZeroAccess_5ea7af4a | Windows |
This strike sends a malware sample known as ZeroAccess. This sample is known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 5ea7af4a0e5ffd931a3c781669c6f2ea | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
330719fd8491c5abc9fd90c7e27310cb72d331222c5caaf4671525d48e4b1026
ebc8f725b8f39cc56b2da3d696712a1ab6568bf0
5ea7af4a0e5ffd931a3c781669c6f2ea |
| M20-7mf01 | njRAT_3e3232c4 | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 3e3232c43766e13efe5bcac004bc24a2 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
461ec9be4e72154e7faebde91b452dbf0c22281405f0966eeddf69330f91ad2d
a4aa4af1bdf31422b0e97655b244a512bda035c5
3e3232c43766e13efe5bcac004bc24a2 |
| M20-z8x01 | njRAT_629bdc55 | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 629bdc5564b12b83e373a0e084275fb2 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
3022c3729827f0f7ea739b18b073e6c488ce6481eedaae147cc33738401d131e
a0e7363bcb6669fa1464fb11b233b5ca03f2eb08
629bdc5564b12b83e373a0e084275fb2 |
| M20-y1v01 | njRAT_321fa623 | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 321fa623f85babd76ef432d901600265 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
0462bc4b60370728471971b9326c2e1540370809292ffd6cb5791a61df705bf9
c245997df9eb33f7446bfb84431e603a9b2ea74f
321fa623f85babd76ef432d901600265 |
| M20-kog01 | TeslaCrypt_27098f55 | Windows |
This strike sends a malware sample known as TeslaCrypt. This sample is known as TeslaCrypt. | 27098f554fd06cb593553403a5336fa5 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
00de6704e49ec7e8b570b95410704c0d3d81c727c688d06afe68e4f8f4e4b8e6
9dd57b44fc12f00d3a82217323f9586a4678d775
27098f554fd06cb593553403a5336fa5 |
| M20-z6o01 | ZeroAccess_7f628b08 | Windows |
This strike sends a malware sample known as ZeroAccess. This sample is known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 7f628b08d4074bdb0a79190a58dc9b80 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
2460096ab6403840c5de8a19dc1706cf2dc416cc9e3ab701275853d66eb7e142
435e02e40026af77e7ccc0348d0a9fdeaa50dc9a
7f628b08d4074bdb0a79190a58dc9b80 |
| M20-j8a01 | Upatre_132965eb | Windows |
This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware. | 132965eb90b824043b7d785baaf5a164 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
1d2374db5ee92385e49fbaef9ef694361877cdffa4b51d8fd8d37e6272dfad57
b08e753b34cf1901c0ea0a1fde047dba188aa18f
132965eb90b824043b7d785baaf5a164 |
| M20-jvk01 | ZeroAccess_252b9f1b | Windows |
This strike sends a malware sample known as ZeroAccess. This sample is known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 252b9f1b0757af8c0d8e8c37ff270f1b | https://blog.talosintelligence.com/2020/01/threat-roundup-0110a94e7.html
3e6c74185843c930a9b5ea041a5a3eef7d9ae80a31e3a67e0c235b5090e64afb
b205003afa6664e64f347994a94ec009673f3e48
252b9f1b0757af8c0d8e8c37ff270f1b |
| M20-jmn01 | njRAT_1e598ed5 | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 1e598ed5607c7b856a81b02e1aade5bc | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
63779c53cc4ab5d02daadffdd2f7b93b3bfc1a137eb1e5a895d7e2b8393f42a5
e3fde24ebeeed22aba47561f5d167d5348f2f74c
1e598ed5607c7b856a81b02e1aade5bc |
| M20-eft01 | Upatre_d32f8ea0 | Windows |
This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware. | d32f8ea0d2d4e4fba1db97bebb9ab0aa | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
186a59f2954d3d213a26308386be80f2b503e08882324ab559490330700fc24a
6573d19570a2b8e315a2f2c3054a16a7822c9a3c
d32f8ea0d2d4e4fba1db97bebb9ab0aa |
| M20-08b01 | Dridex_b1794476 | Windows |
This strike sends a malware sample known as Dridex. Dridex is an online banking malware that steals personal information through HTML injections. It was first spotted at the end of 2014 and its inventors keep improving it periodically since then. The latest improvement is the addition of AtomBombing technique (does not exploit any vulnerabilities but uses a design falw in Windows related to system-level Atom Tables) which makes Dridex harder to detect by antiviruses. | b1794476fba028a5429431aa4b5c7399 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
0a3079b8c4963b26e74760337da6cb0b1a6c532cc524f4d0aae6dab1d52f7d75
10a0141e106be3a8f4244a12fe29a24b58539afd
b1794476fba028a5429431aa4b5c7399 |
| M20-gjf01 | ZeroAccess_4bcde02b | Windows |
This strike sends a malware sample known as ZeroAccess. This sample is known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 4bcde02b890119bf6f7f632d1d101e3f | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
2b275de3b1d0f2786c58f17a0d2607a47dade5151046f255eea2f9da20a03c9c
fca0661cbb5bed98a6a3bd0cf537cd2735e69308
4bcde02b890119bf6f7f632d1d101e3f |
| M20-ql901 | njRAT_c5a19faa | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | c5a19faa5b8b5d6790497e5bb45194cf | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
1846cfe96f4733d9cc7620cff603abdf1c44fe2f84d34daa79c14b04a726357d
1bff9247e7f71c437651f788e34f9aaeb29b1fe0
c5a19faa5b8b5d6790497e5bb45194cf |
| M20-60i01 | ZeroAccess_72e3c8bd | Windows |
This strike sends a malware sample known as ZeroAccess. This sample is known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 72e3c8bdadd54101d1775118339c8e00 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
1ac467786827d37bc69e30617fa2b14fa8903f68f73022e727caa634379490b2
ef2c280f4b2664c0c67158eddd9d67320d5cb5f0
72e3c8bdadd54101d1775118339c8e00 |
| M20-hb301 | JhoneRATPython_7ef4accc | Windows |
This strike sends a malware sample known as JhoneRATPython. This sample is the Python Remote Access Trojan. It targets Middle Eastern countries by detecting the target's keyboard layout and uses several cloud services to perform its command and control functions. | 7ef4accc31ccbce777cbde68ffa1caec | https://blog.talosintelligence.com/2020/01/jhonerat.html
4228a5719a75be2d6658758fc063bd07c1774b44c10b00b958434421616f1548
a00cbf454c6b8db90fe5e8480e7f03b73f4e6873
7ef4accc31ccbce777cbde68ffa1caec |
| M20-uhz01 | Formbook_3d026e99 | Windows |
This strike sends a malware sample known as Formbook. This malicious sample is known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target. | 3d026e99a1a14cfd5aa3045613454b8e | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
07c11047e72c8f52c1f5c422fc5b7ed49225259012c813c2bc5a8827bcf5f752
71bc8ff80b7d67cff2f22470af79093a4063c908
3d026e99a1a14cfd5aa3045613454b8e |
| M20-klc01 | Formbook_5d7a7338 | Windows |
This strike sends a malware sample known as Formbook. This malicious sample is known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target. | 5d7a7338d170ba1a3ab7d8949721f032 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
058392f97319e50bbd2172ab46255c892e12ee0b7948e6ce0420012eb85e7e35
786124c5d5bae5a981ad9df4bb5e97f09cf72f9c
5d7a7338d170ba1a3ab7d8949721f032 |
| M20-ys701 | ZeroAccess_cd21e511 | Windows |
This strike sends a malware sample known as ZeroAccess. This sample is known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | cd21e511250ab50f4ed232f497770f4c | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
02a6714aebbfef68f0528f10414a2fd8a8338243e05992d0c28d68383e1dc1a1
050dc56d03e923feec723fdac4db0bc823c490b2
cd21e511250ab50f4ed232f497770f4c |
| M20-j8v01 | Formbook_af67ca8a | Windows |
This strike sends a malware sample known as Formbook. This malicious sample is known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target. | af67ca8a7f1533f6b4019deb0ca3c7cf | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
3aa7710feab8dd35997e03ad650a5bae2f19de1d82e2a7fef032815d946e21ee
c9c14cc557b07f5882e606379d9e4aad1fc46429
af67ca8a7f1533f6b4019deb0ca3c7cf |
| M20-8in01 | JhoneRATTemplate_f2e74125 | Mixed |
This strike sends a malware sample known as JhoneRATTemplate. This malicious sample is known as JhoneRAT. JhoneRAT is Remote Access Trojan developed in Python that is delivered by means of an office document, and then delivers payloads via multiple layers hosted by Cloud based providers in order to avoid blacklisting. This sample Is the template downloaded from the initial office documents. The document executes a macro that retrieves an image from a new Google drive location. | f2e741253b8085bc9e738cc5ae50e735 | https://blog.talosintelligence.com/2020/01/jhonerat.html
6cc0c11c754e1e82bca8572785c27a364a18b0822c07ad9aa2dc26b3817b8aa4
0ce95e5bdd8ff77f0d3e208f168a1aa943c4a920
f2e741253b8085bc9e738cc5ae50e735 |
| M20-y7b01 | ZeroAccess_bffea878 | Windows |
This strike sends a malware sample known as ZeroAccess. This sample is known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | bffea87815b6a3ea663b441b71687d0c | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
37240db16c496c45552715904b84ce5cc2c1e01ebbcf519a7e0bee4cc73f08bd
5063014da599f020d5af8ed7b7e35f048920510a
bffea87815b6a3ea663b441b71687d0c |
| M20-vn001 | Formbook_bb0f5ecf | Windows |
This strike sends a malware sample known as Formbook. This malicious sample is known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target. | bb0f5ecf92265237f5809095f039a7e2 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
3d2f8ca93b256a27067969eda8d4fca7559e38b8af59a79c40c40c55f06b53d2
1d14c2dc02103b27a1bc3c796310c70c1d25e896
bb0f5ecf92265237f5809095f039a7e2 |
| M20-toq01 | ZeroAccess_5b90bf12 | Windows |
This strike sends a malware sample known as ZeroAccess. This sample is known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 5b90bf12ad5d15055eb9331553869dee | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
15d09a26dec6c151966a24bfebd38fb67c8397a06c3bf1702eb4702a871a9e2c
9bc8b0006575ce6d33f1997884e834b1ce675908
5b90bf12ad5d15055eb9331553869dee |
| M20-x8l01 | Razy_802784b0 | Windows |
This strike sends a malware sample known as Razy. This malicious sample is known as Razy. Razy is often used as a generic detection name for a Windows trojan. | 802784b01a585213ca78723ef65b2ea1 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
5be87b343f2d3af80883ed4deb795c0ae8f7e0ae4ba08a6bbac5b3e4659d0341
4ec42e7959e36cd12d61576c9112111b2612769f
802784b01a585213ca78723ef65b2ea1 |
| M20-blc01 | Upatre_19af7b08 | Windows |
This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware. | 19af7b084018f59d865c3479bc26dc7b | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
2119922518bc437c7d5fd7d7205929089a9ed9333cdff97bb214808f37e86dd7
4f42a21024f159682bfa58dd0d20dbf5c9c8da3d
19af7b084018f59d865c3479bc26dc7b |
| M20-vrq01 | Formbook_20c79d8c | Windows |
This strike sends a malware sample known as Formbook. This malicious sample is known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target. | 20c79d8c4962e12ed1321e53832f0795 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
0146d4a89836ecc12759c33a85d60c3867a35b7ee468041fb26b0610ef76e54f
315864ef68049185ebd3b367a16d5da7bb76d5f8
20c79d8c4962e12ed1321e53832f0795 |
| M20-wb101 | TeslaCrypt_1b1a45be | Windows |
This strike sends a malware sample known as TeslaCrypt. This sample is known as TeslaCrypt. | 1b1a45be73fae7e2ad034a431a18ee1c | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
7f1a0f921a5132b1329dbdbfadc83eec6568ad151d1c33da89a4aaf0a5e5c0c2
2547409f019df3125ad7cd1693639de831742bb4
1b1a45be73fae7e2ad034a431a18ee1c |
| M20-zc201 | Upatre_f8da0bfb | Windows |
This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware. | f8da0bfb896b790ad4059bc52a812303 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
1fcbef293371203729eca2c9491641a03b2330c9be11b438f84db0e996e5b78c
343323df26cd18bb8bf331ba6326cf0f133fa75b
f8da0bfb896b790ad4059bc52a812303 |
| M20-rnq01 | Upatre_5c7c0cc6 | Windows |
This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware. | 5c7c0cc65ffba02eec0bc7aeedb5f12b | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
06f92e4b684161224f68388d8d4ca35d113682fadeb2e100072dfa8d43413101
e02314b12f7586375d936a4e44eb8f9db4e81ac0
5c7c0cc65ffba02eec0bc7aeedb5f12b |
| M20-ow801 | Upatre_97a2aa2c | Windows |
This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware. | 97a2aa2c76eb158174c325e2c3db903d | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
01152de6c7c348fa9716c3d760744689eb85386303593e6100f6532bd3fc2cb3
91faeda480ccdb3dce3a093e95a07aa63a3f4655
97a2aa2c76eb158174c325e2c3db903d |
| M20-blp01 | Upatre_a20d906f | Windows |
This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware. | a20d906f2bbba431b1e29f5749e8584d | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
0d90667089d17e2924b00e5207a357156e9076dfa3dab3f2e7dc5737135053a9
63e02f7037dcc4e86377850a19eaa712a7aa8265
a20d906f2bbba431b1e29f5749e8584d |
| M20-lht01 | Formbook_3c7ff0f5 | Windows |
This strike sends a malware sample known as Formbook. This malicious sample is known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target. | 3c7ff0f53a2d0f6b22f0ffcd78830843 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
2fb1d73ee16fea837612ff0d9c89a934e5520310f9a06397f7e2c1a0c1604694
797e050be980c69bdcada1cc03a5097ec999f127
3c7ff0f53a2d0f6b22f0ffcd78830843 |
| M20-be601 | Dridex_11bcb183 | Windows |
This strike sends a malware sample known as Dridex. Dridex is an online banking malware that steals personal information through HTML injections. It was first spotted at the end of 2014 and its inventors keep improving it periodically since then. The latest improvement is the addition of AtomBombing technique (does not exploit any vulnerabilities but uses a design falw in Windows related to system-level Atom Tables) which makes Dridex harder to detect by antiviruses. | 11bcb183bd8f3bc81753aae006085e2e | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
0f4f25d12a2729552a348fb33cd7374fbd5ce3bc53c8da873f3aa5026a7290ca
0a9a2472a8212bf275a85a9ec31531db22b70980
11bcb183bd8f3bc81753aae006085e2e |
| M20-8gt01 | njRAT_adb35aa7 | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | adb35aa75fd7cc4d886ea6113b5ce6b1 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
2c55658cf368c0f4f16b9f142e6ee6adb91362c79eb5ecab77d93852b35b7599
350bfad683da2bf47188813a29f87015de9eed44
adb35aa75fd7cc4d886ea6113b5ce6b1 |
| M20-aoy01 | Barys_84abfbc2 | Windows |
This strike sends a malware sample known as Barys. Barys is a trojan and downloader that will upload malicious files to the victim machine. | 84abfbc25b7ea8af4d7216ac8a325ad4 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
004e01f888cb6241fc7da95d1798830ed0c52ea179b1ed0b2f71598e7d83fdc4
f20a1b405547143b3ba8e404294f4b73a086cb88
84abfbc25b7ea8af4d7216ac8a325ad4 |
| M20-a0n01 | Upatre_724c32c2 | Windows |
This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware. | 724c32c2a1c081f2b5f4a1e4bcd764a6 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
13f7895a32eb09a5016a408819dce9c95a4149888ad708c0232e0659e2ca06e3
e4be87e3a135e35eaa2086e5d6d34e723f3e7cb9
724c32c2a1c081f2b5f4a1e4bcd764a6 |
| M20-n4o01 | Barys_bd0b4ba3 | Windows |
This strike sends a malware sample known as Barys. Barys is a trojan and downloader that will upload malicious files to the victim machine. | bd0b4ba35f630a93ea4c96418bc4667c | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
085a78af5d0146251a13bc743866fe4292d84a6c0753c6e6fcbb91d2c7826dfe
68c90ee857979104a58ada8458c3f298a7e58d8f
bd0b4ba35f630a93ea4c96418bc4667c |
| M20-lko01 | Dridex_af0ef8ec | Windows |
This strike sends a malware sample known as Dridex. Dridex is an online banking malware that steals personal information through HTML injections. It was first spotted at the end of 2014 and its inventors keep improving it periodically since then. The latest improvement is the addition of AtomBombing technique (does not exploit any vulnerabilities but uses a design falw in Windows related to system-level Atom Tables) which makes Dridex harder to detect by antiviruses. | af0ef8ec129220425dd74d57b417a336 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
05afedd0b76f574373f858b854958c473482fcc6fa9736f0d447094605ad2102
9f685a85e927b77771bded0e20c0298f1460fea2
af0ef8ec129220425dd74d57b417a336 |
| M20-xuu01 | Barys_77030cd6 | Windows |
This strike sends a malware sample known as Barys. Barys is a trojan and downloader that will upload malicious files to the victim machine. | 77030cd6ea7fcf42b0fb11d56291dce6 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
1962b11c5701a4b591c219a30164708e42bad73e72a58b5896cfa48c0ad20ed5
387ecc6a5455ae70e70f1277b31a1a2fb611195b
77030cd6ea7fcf42b0fb11d56291dce6 |
| M20-f4601 | TeslaCrypt_0e4da722 | Windows |
This strike sends a malware sample known as TeslaCrypt. This sample is known as TeslaCrypt. | 0e4da7223137b4b79a7723534d5a8ea6 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
4b7a8b7ffac89faa52034d12821a9e20bfd987adcdcbdba29d6daaca44ef9325
8e334590bbff6e984ddcbde1a8867ea35519d9cb
0e4da7223137b4b79a7723534d5a8ea6 |
| M20-uai01 | ZeroAccess_1975e954 | Windows |
This strike sends a malware sample known as ZeroAccess. This sps:/e is known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 1975e9548e58255369add957a57872a5 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
024be6e3a83461f6084ade9ef26da705de0e7eeceebbd55ca5289a7396dcf280
767b915b00cfee96a3952aba5908234014d00b83
1975e9548e58255369add957a57872a5 |
| M20-h0501 | ZeroAccess_d57b4083 | Windows |
This strike sends a malware sample known as ZeroAccess. This sample is known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | d57b40830d38d1e81519dbde3b07eae6 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
0808ec44505b3130a5dde6e81c75f473f44a288d1134fff680394534283fce87
252d1993b8c38a8ba0ecf7f6ab5d355f6eb4462c
d57b40830d38d1e81519dbde3b07eae6 |
| M20-3px01 | ZeroAccess_034d9170 | Windows |
This strike sends a malware sample known as ZeroAccess. This sample is known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 034d91706a1408eb72fada20f193d854 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
311c8b6b2d2150fff040363e23fdca221be64cae3ad34d9b3dfacd396ed48fc6
7fef9f3226964a453ac7ce7b945e4b1bc2b86d83
034d91706a1408eb72fada20f193d854 |
| M20-gmq01 | Formbook_6a5779bd | Windows |
This strike sends a malware sample known as Formbook. This malicious sample is known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target. | 6a5779bd1c27ab3864ccf488a9e4ee6f | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
046bebb1052d11ee3db2b5c8cbf3e2f1dd509a2aa73e53f4ffb18d39985165cf
907c4c695a093ecba41b0ecda7c06156481e0fc8
6a5779bd1c27ab3864ccf488a9e4ee6f |
| M20-5f801 | Formbook_c73e9143 | Windows |
This strike sends a malware sample known as Formbook. This malicious sample is known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target. | c73e91434d9bf737e989d4c0078f56cd | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
1c64787e6ef766f7d9b8cc99deb128d45b89d02accacb3dac1e2ad076f5139eb
babd162573f2847cc453d11cabace152dc91005b
c73e91434d9bf737e989d4c0078f56cd |
| M20-86q01 | Barys_b4d08748 | Windows |
This strike sends a malware sample known as Barys. Barys is a trojan and downloader that will upload malicious files to the victim machine. | b4d08748b2499e2f26773a61515e98db | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
12bd605a3b68b17d0279e5fd34cb2c9dee540f4eb1b248447d101c9199ebfaf5
269f90a1f75d4d61a1ef15f8777343b603e7003d
b4d08748b2499e2f26773a61515e98db |
| M20-0un01 | Formbook_7df0af4e | Windows |
This strike sends a malware sample known as Formbook. This malicious sample is known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target. | 7df0af4e01c350c308ccecc59ece50a8 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
352c218b502f9db9eb8a56d8d6515c3fbe51298e29fe3878731a037885dc7f7b
6c28e1c3885c44583bcb29da073e739077a9707d
7df0af4e01c350c308ccecc59ece50a8 |
| M20-wxf01 | Formbook_4bd1bf3b | Windows |
This strike sends a malware sample known as Formbook. This malicious sample is known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target. | 4bd1bf3b4c9ea31d051cb1ab57131587 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
049fa135806899faa44ce50ba918331d0ea0aeb8aa6db5012117bfc794f57759
73c6ac0f65cb60aca17e6da4dce951ecf7039061
4bd1bf3b4c9ea31d051cb1ab57131587 |
| M20-in101 | Barys_dbfaf1b2 | Windows |
This strike sends a malware sample known as Barys. Barys is a trojan and downloader that will upload malicious files to the victim machine. | dbfaf1b2bdf3967c62888c754c9a0c32 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
0d638e32faab7502716a78610e97a4c55974ff1c648784aa66294f1e594cbe1f
361e66413c4f8ae00d68d0231fbd62fdb4a965c4
dbfaf1b2bdf3967c62888c754c9a0c32 |
| M20-ujw01 | ZeroAccess_b43395cc | Windows |
This strike sends a malware sample known as ZeroAccess. This sample is known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | b43395ccc16f04da25f66cc6b107d2f3 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
3fcf02116eab251a35b6a9dba981edb13ba59701f0b52ca1521fd2dbff350477
488017443a7d2fdfa58e68e5467cccc1bd2eb856
b43395ccc16f04da25f66cc6b107d2f3 |
| M20-se801 | Formbook_93dbf029 | Windows |
This strike sends a malware sample known as Formbook. This malicious sample is known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target. | 93dbf02991625c3ffc206d9e6c8f6958 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
0d49120f2ce8cc77ea769c79a1ab5c7669cb58c07de1a95f08549d2665529df1
b588912660cb9f4f050f33fe0780af6339bd69dd
93dbf02991625c3ffc206d9e6c8f6958 |
| M20-nrs01 | Formbook_72d0f14b | Windows |
This strike sends a malware sample known as Formbook. This malicious sample is known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target. | 72d0f14bee34bab60382fac69faf7aa3 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
07387a7c05fcaf63b03673bd92d634fcd13e1784fb6adcc6c2b8cf7154c07e55
aec004f7915872eeabe9c492c75851f8cdd902dd
72d0f14bee34bab60382fac69faf7aa3 |
| M20-dln01 | Barys_9ee7fa54 | Windows |
This strike sends a malware sample known as Barys. Barys is a trojan and downloader that will upload malicious files to the victim machine. | 9ee7fa54aff7dbc2dc00f28b5b8ef0a2 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
1a91bfeb723c4ad729eea5e22da6f8afeecbdb990a18c3272e1fc92d7c94bdae
6fa5d56434b90926f76b47ca27142d124b12fb7e
9ee7fa54aff7dbc2dc00f28b5b8ef0a2 |
| M20-2g801 | Upatre_47c8e49d | Windows |
This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware. | 47c8e49dab4ff8d4ea29c04786caec98 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
1356d0345699b8766d5c8de5d61cb47fd63dc3f42fe2280a2c413a8d7f97c1c8
c14bc3ca54650bb9180fd416234d88d859ca4585
47c8e49dab4ff8d4ea29c04786caec98 |
| M20-mdb01 | Formbook_b0dc5376 | Windows |
This strike sends a malware sample known as Formbook. This malicious sample is known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target. | b0dc537653aeb5deb5edd6229daa50b5 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
3064e41052d6dfa7c354a6e8c405ae2c1d09e48fa9e82dc4e8faee1f4bebdd4d
ff32083997bd79481a59a3b34231d1f82aeb061b
b0dc537653aeb5deb5edd6229daa50b5 |
| M20-yuu01 | njRAT_e441a1b0 | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | e441a1b043498a00695befb3a50b543c | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
6b1bbec6381d6c95ef40d1ddb1ffbc015777d30686d9ba4353857f35b5947e15
4618fd7d731d43e51686229d67bfc129b52f5a75
e441a1b043498a00695befb3a50b543c |
| M20-bd501 | Upatre_612a51a9 | Windows |
This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware. | 612a51a9f1910295d8c552fa7f5707df | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
0d774c5ac17521abec32a11e81317fed5f7c163d82ec7f9e1065c86834458cfe
917cab5814aaf8905879deb1c998f09a6ae605be
612a51a9f1910295d8c552fa7f5707df |
| M20-sj901 | Upatre_379231a9 | Windows |
This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware. | 379231a949d4248fad481eb26c87caad | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
09589d82d2f9460fe3d33b726794d41a93b672dbaed8e5f397350b7714649cd7
7fc15988bfb9e1722208a032d7475a9522c7a7d9
379231a949d4248fad481eb26c87caad |
| M20-q9t01 | Dridex_3dda795c | Windows |
This strike sends a malware sample known as Dridex. Dridex is an online banking malware that steals personal information through HTML injections. It was first spotted at the end of 2014 and its inventors keep improving it periodically since then. The latest improvement is the addition of AtomBombing technique (does not exploit any vulnerabilities but uses a design falw in Windows related to system-level Atom Tables) which makes Dridex harder to detect by antiviruses. | 3dda795cc6b1974356d20e3c8b488793 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
a31fdd57bc317cd8f6c4df0c6f75bcd25999d36f7cc665da9018672dfe55061c
31295d1f2545a6ebc0af06bb7717d21504965221
3dda795cc6b1974356d20e3c8b488793 |
| M20-0zd01 | Barys_d8433aea | Windows |
This strike sends a malware sample known as Barys. Barys is a trojan and downloader that will upload malicious files to the victim machine. | d8433aeab87778b6217373b077189ff7 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
0b0c9946d82dba06fceda4ce8a8f2a8ad828adba44e630f4652a5784d4305e5c
d57aa6e8451c1426e66c7944452496c7a0f27fcc
d8433aeab87778b6217373b077189ff7 |
| M20-sv401 | njRAT_a55f7ada | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | a55f7adafd595f9934791d2a144e4e04 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
437d2adb9946aeb1e630619e4aa571149d2adedeea8f6d0c39c1bed21c4063cb
1e44dda9c80ff0adaf802968d38f9c71bf30af74
a55f7adafd595f9934791d2a144e4e04 |
| M20-g8d01 | TeslaCrypt_b2fe6935 | Windows |
This strike sends a malware sample known as TeslaCrypt. This sample is known as TeslaCrypt. | b2fe693567a6069695968fcf3f18e864 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
c7a8125f64e0c8d4133263f901855d1ef0ecea2e083c10782e4cfbbe8b334e79
f90b2a659adec366ed9a83148e8c7ca8197740da
b2fe693567a6069695968fcf3f18e864 |
| M20-dx201 | Upatre_2138435e | Windows |
This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware. | 2138435e428ae7e5b4bd8e44a98d886e | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
02f4933753d850d1774b56cbd35c994b6b7dd9b971fd45c34f5677f90b281b6a
d6c3cd9256a40044a54442fb1ef79118c2266962
2138435e428ae7e5b4bd8e44a98d886e |
| M20-7jw01 | Razy_3d501f55 | Windows |
This strike sends a malware sample known as Razy. This malicious sample is known as Razy. Razy is often used as a generic detection name for a Windows trojan. | 3d501f55839f87805e733dc99cf8a090 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
51e97032af43de44947d564ee43a9b43278312873caaa4bbd7d3e4f7ec00eb89
6baa3a7541cf4f46d8fa12e8dfd5a893ea319dc2
3d501f55839f87805e733dc99cf8a090 |
| M20-i4x01 | Razy_6035e0f5 | Windows |
This strike sends a malware sample known as Razy. This malicious sample is known as Razy. Razy is often used as a generic detection name for a Windows trojan. | 6035e0f59a5169e7c59129a3cdbd076e | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
58962a9133651591f2d4df22589d1cdd4f7cee175f70c7d47c5a854a5264ec98
68cd40536b4de6ed8c8d15e11dd396082d04f665
6035e0f59a5169e7c59129a3cdbd076e |
| M20-2lk01 | Barys_49292baa | Windows |
This strike sends a malware sample known as Barys. Barys is a trojan and downloader that will upload malicious files to the victim machine. | 49292baa0ec39575ab4cf2b4b63a0232 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
033645d3516e2f25ddb3566c1eed8a6be6d3c023f7f0e98c868efa12483dfac3
a8c74f592b693276ed2abc2d700207bfcc55f92a
49292baa0ec39575ab4cf2b4b63a0232 |
| M20-8zk01 | Razy_182b3bc2 | Windows |
This strike sends a malware sample known as Razy. This malicious sample is known as Razy. Razy is often used as a generic detection name for a Windows trojan. | 182b3bc278d1fe14d3ccbcd3e6dedc71 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
6dfdb201ddd46c8f2ded273f3c8ed6c5beca63196b5428fe388f59faaac79597
91b87f45ead7dfaf252cb39e56605004b9458a34
182b3bc278d1fe14d3ccbcd3e6dedc71 |
| M20-a6m01 | njRAT_d4c0d088 | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | d4c0d088185543391cc814683626a095 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
3d8b6537791fe4f05043a40cc0cff83fb5ae54396c40fded6daae018a7a03c0e
592ea13a1b8ba20e71564cef1597e92b8700f4c4
d4c0d088185543391cc814683626a095 |
| M20-xm001 | Dridex_ed369da6 | Windows |
This strike sends a malware sample known as Dridex. Dridex is an online banking malware that steals personal information through HTML injections. It was first spotted at the end of 2014 and its inventors keep improving it periodically since then. The latest improvement is the addition of AtomBombing technique (does not exploit any vulnerabilities but uses a design falw in Windows related to system-level Atom Tables) which makes Dridex harder to detect by antiviruses. | ed369da6bfa27c6bc72fc7a22b98ea01 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
0a4e162d4a11aa91ead63995af22c410b422b8b5af2038d4ef95d454c1d380e1
059853b89af8c5fb9b497406ba6d502d06301726
ed369da6bfa27c6bc72fc7a22b98ea01 |
| M20-d8n01 | Upatre_fad90a0f | Windows |
This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware. | fad90a0fe7f3b2c11722157e7c11f710 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
14e727de9a56e79b9dcaf48cc9751d4cb447f16d839d705c628640857d0e6e13
9129c8e5107c7e2d1a2e4d30eeb1ac7d8e80d881
fad90a0fe7f3b2c11722157e7c11f710 |
| M20-82301 | Barys_ee52d2da | Windows |
This strike sends a malware sample known as Barys. Barys is a trojan and downloader that will upload malicious files to the victim machine. | ee52d2dabb2dc5bf716cdc6a2a93b936 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
18a5f4a28bd04a9e6b7283aa80bfe4649e48cac3592f72fed511e10935c80678
d49579191645d1c7cb32c95bd5ac0bf5e9264856
ee52d2dabb2dc5bf716cdc6a2a93b936 |
| M20-fw601 | njRAT_f5390f1d | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | f5390f1d1907361d014ff3dbe5fce897 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
51e865bd11fd5daff52c74c0072c6e713535d4a90d5b1398b78c806be1a59dc9
e63e45adaf4cadc7c49e71eb67090bae3ba3a56e
f5390f1d1907361d014ff3dbe5fce897 |
| M20-ynl01 | ZeroAccess_b3d5d41b | Windows |
This strike sends a malware sample known as ZeroAccess. This sample is known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | b3d5d41bf2becdec3db1d0c8d33547eb | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
243ccb0ec0007367fc4e21dea982be68d6f32e6cdcafbd11e10768cb912a914b
282c2a9a8fdfe50ff5906889cf16cf169b5260b1
b3d5d41bf2becdec3db1d0c8d33547eb |
| M20-2lp01 | Upatre_3cfd2d2f | Windows |
This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware. | 3cfd2d2fdb4472a0a224c287e4f1f4ff | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
0e36b813e84b27ff1c1b770fffbf4175c7c39bbe499804c9c27565ed4a9518fa
3c10c776b79c7129126b2099c375fdb072d13b79
3cfd2d2fdb4472a0a224c287e4f1f4ff |
| M20-bpk01 | Formbook_35c3de31 | Windows |
This strike sends a malware sample known as Formbook. This malicious sample is known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target. | 35c3de3155ced457f3fc826d7fb0d28c | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
0d8e415c487a6ced2680bcb31834fe282b914f09ac167dfb4f1685af0b529c35
bd1a26bb487c32fce32fefe2642edd4f6566a670
35c3de3155ced457f3fc826d7fb0d28c |
| M20-id001 | ZeroAccess_83ec7544 | Windows |
This strike sends a malware sample known as ZeroAccess. This sample is known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 83ec7544adff994dc675c8f704e56d28 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
3b3d6c01a983c835152e169e092be6193bce78c22b41cda5e573e5330235aac6
be3fc65d7c78cb5c933fafcf2c87e95ad7b2e5c2
83ec7544adff994dc675c8f704e56d28 |
| M20-6q201 | Barys_48b3a295 | Windows |
This strike sends a malware sample known as Barys. Barys is a trojan and downloader that will upload malicious files to the victim machine. | 48b3a295e97ee603019679babf450344 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
1493472fd451f1109f5c245245469e6882f92d34610a6c468e3af5dd9acdac89
874de7fe244a11482bc6ea595daae763ed0a8603
48b3a295e97ee603019679babf450344 |
| M20-afb01 | Upatre_2eed3e2b | Windows |
This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware. | 2eed3e2bd00ceee1a3b84ce8f0f5ed74 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
0c45c58eab16df4d5bff14dad957f91d5785a09836560bc3bd681c27e012b1b8
3a2ffab8d97d4c153a30ef99b623c7a66e102fd5
2eed3e2bd00ceee1a3b84ce8f0f5ed74 |
| M20-6le01 | ZeroAccess_f95def2a | Windows |
This strike sends a malware sample known as ZeroAccess. This sample is known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | f95def2a7f3a66f02da3551ff3338c8b | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
39bf409ea1d861dfed811fa6c0aee2767aff44d96fffb4f3e552db1add1ed7fc
7f58ba975d2c21fb702c38f305c23a018776ec6f
f95def2a7f3a66f02da3551ff3338c8b |
| M20-xtg01 | ZeroAccess_cd160a9b | Windows |
This strike sends a malware sample known as ZeroAccess. This sample is known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | cd160a9bd9c1ea683ccdb0b66f7e6807 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
35ba7b85dd5146c275b74b7b09ef62985ba9db0d1e1f2771b6990d53ed965d52
e6614efbb503dc59b96276419c0d4e713a1cf123
cd160a9bd9c1ea683ccdb0b66f7e6807 |
| M20-ful01 | Upatre_aca201b7 | Windows |
This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware. | aca201b7fc48f2a76469aa0a43931fc6 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
0fa25c7c007f337ab5ba699a2611c47ff41a8ba74cb83fa1ffde097e7408f8ed
8dd4a19be454a6a149fad6c0115e0f7a14d21742
aca201b7fc48f2a76469aa0a43931fc6 |
| M20-hl301 | Formbook_68bd4545 | Windows |
This strike sends a malware sample known as Formbook. This malicious sample is known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target. | 68bd45451832c99eea39db4d2556336d | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
208a5ebc7af4b8d15e157e9115f4617a2b3e021a868367b3e7bb0bde69170911
a3b5b33cf3b4ca16321a2073594167a878331747
68bd45451832c99eea39db4d2556336d |
| M20-gjz01 | JhoneRATImage_bdd38fdc | Mixed |
This strike sends a malware sample known as JhoneRATImage. This malicious sample is known as JhoneRAT. JhoneRAT is Remote Access Trojan developed in Python that is delivered by means of an office document, and then delivers payloads via multiple layers hosted by Cloud based providers in order to avoid blacklisting. This sample is the image delivered by the JhoneRAT template. At the end of the image is base64 text that when decoded points to an AutoIT binary for download. | bdd38fdc1c057ccfa416abafa46f0e84 | https://blog.talosintelligence.com/2020/01/jhonerat.html
7e1121fca3ac7c2a447b61cda997f3a8202a36bf9bb08cca3402df95debafa69
6ac3fd0b6984cd05ca2a0062a7be2f4e49d5c19d
bdd38fdc1c057ccfa416abafa46f0e84 |
| M20-x6o01 | Razy_b4f3aea9 | Windows |
This strike sends a malware sample known as Razy. This malicious sample is known as Razy. Razy is often used as a generic detection name for a Windows trojan. | b4f3aea9f95879abbe9b311b5ab9fc30 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
6bd1baae5ba600ff4ece4523e53bf9818bcc381a56664e3104c1c317d6f5a3bc
aaa5da052dac9e82ac4ff5c9510fb26945768a8e
b4f3aea9f95879abbe9b311b5ab9fc30 |
| M20-ymm01 | JhoneRATDownloader_7c487d84 | Mixed |
This strike sends a malware sample known as JhoneRATDownloader. This malicious sample is known as JhoneRAT. JhoneRAT is Remote Access Trojan developed in Python that is delivered by means of an office document, and then delivers payloads via multiple layers hosted by Cloud based providers in order to avoid blacklisting. This sample of JhoneRAT act as the initial downloaders and download an additional malicious document with a macro. | 7c487d8462567a826da95c799591f5fb | https://blog.talosintelligence.com/2020/01/jhonerat.html
29886dbbe81ead9e9999281e62ecf95d07acb24b9b0906b28beb65a84e894091
7551f49c26c17ad60e97112cbad4a97ab130545f
7c487d8462567a826da95c799591f5fb |
| M20-hyp01 | Upatre_26f9554e | Windows |
This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware. | 26f9554e80245118220e906ebcfda002 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
14178c54d283e6579242e90df7c4dae8af71ff4594c834e3cc7a275588f561b7
f38d64ca6ceda338a5abc80d69b2c041557c1907
26f9554e80245118220e906ebcfda002 |
| M20-sy701 | Upatre_8685ad47 | Windows |
This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware. | 8685ad471cfa9b9964511205549f2336 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
1e1bdd6ddb3c256c79024eccdb2de6b0861a2a86e13f3f03cf1f378e2cdc9d36
a08574764d8dc7ee101a8fa0915e21ce647b5449
8685ad471cfa9b9964511205549f2336 |
| M20-7uh01 | Upatre_75be6caf | Windows |
This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware. | 75be6caf089b40f3b9e9b82204ba384c | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
1535d470effa0af601719b9ef64e615f321e4db52ee4b7bb05def6d501884fbc
345e693aeaa6061fdd19f8119ab74055d22a7719
75be6caf089b40f3b9e9b82204ba384c |
| M20-40601 | ZeroAccess_1a7b93df | Windows |
This strike sends a malware sample known as ZeroAccess. This sample is known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 1a7b93dfa5542aeb2e7259781f610b45 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
0712314c985a7cc479d0cbcdcf06c886ba2d7fc79d89cf4efc56a137235eb379
f8dbe847bbc099c769288c59e25c162c1e01a3e8
1a7b93dfa5542aeb2e7259781f610b45 |
| M20-vil01 | njRAT_51dd20b6 | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 51dd20b62e78c6abd74701879ea7a73e | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
2b140d53ec1d99cc07662d85f14bae2a4e6cfea3b7d66da0b31be4ecd641bae1
1675a38b7c3a17b0c9393a05292a21255972fa3f
51dd20b62e78c6abd74701879ea7a73e |
| M20-fde01 | njRAT_587a1b19 | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 587a1b19bce19d4c8744e1b445da8356 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
459304f70aa2e992bdaed0915ec96cda9c99c6edde30698197319f8fa40a4024
79e23bd6e4ef957b5a99faf76bd4ffe7654eb330
587a1b19bce19d4c8744e1b445da8356 |
| M20-evh01 | Barys_d0b0316b | Windows |
This strike sends a malware sample known as Barys. Barys is a trojan and downloader that will upload malicious files to the victim machine. | d0b0316b2347cdef7acc20e50f85c069 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
0de13ccba02abce52ee48511d094b474fbf8807aa54ea316f86a83befe85a1b6
608b4758b3b041d679cc11e5dee990d003bcdf2a
d0b0316b2347cdef7acc20e50f85c069 |
| M20-4hp01 | Barys_489b345e | Windows |
This strike sends a malware sample known as Barys. Barys is a trojan and downloader that will upload malicious files to the victim machine. | 489b345e33ee86edf742c17ae72c6f5a | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
04ce16123c1db27009dfd8a2546810c881a22b6eeed4697d64cb44af2e69e75d
b9810168e40d6c8469469a1dfcefd0af38db168b
489b345e33ee86edf742c17ae72c6f5a |
| M20-njs01 | Barys_5b7ccd86 | Windows |
This strike sends a malware sample known as Barys. Barys is a trojan and downloader that will upload malicious files to the victim machine. | 5b7ccd8600e61e379f9c6b84ab180d4c | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
0c85f4b989930dd44f791828bad61061e8ff325142e1dd275fa30295a343c051
fa8672fc75d9869afddb8319a6ffa7761cd80d3e
5b7ccd8600e61e379f9c6b84ab180d4c |
| M20-ue901 | Dridex_d8426813 | Windows |
This strike sends a malware sample known as Dridex. Dridex is an online banking malware that steals personal information through HTML injections. It was first spotted at the end of 2014 and its inventors keep improving it periodically since then. The latest improvement is the addition of AtomBombing technique (does not exploit any vulnerabilities but uses a design falw in Windows related to system-level Atom Tables) which makes Dridex harder to detect by antiviruses. | d84268130427e184fe56de6fa9a3a437 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
b5d15bb5d2a6bde41040d4b9d63e8cc1cfddf8669f5c1389c2aba584328dc27b
646650e1f1e2c44983ccef74909ebc65fea1f6a9
d84268130427e184fe56de6fa9a3a437 |
| M20-96701 | Formbook_27a68126 | Windows |
This strike sends a malware sample known as Formbook. This malicious sample is known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target. | 27a6812638d9959aacf671def4dfb6ad | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
0de2930e0fd1d971aa98b219ce6dc3f36b07d8441b7abd0d663a63dd77cfbf37
234a66514aa6c756a60b9fb28767513452915dc4
27a6812638d9959aacf671def4dfb6ad |
| M20-syb01 | Upatre_cbddbbd1 | Windows |
This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware. | cbddbbd143ed17e672979558bb38fdab | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
10c863059e4910501e1deea44279a5402e93796098230511c65be09f8f47eb82
6e641fc5e5c39bc334539b0e46ba32bc9bb3e4d5
cbddbbd143ed17e672979558bb38fdab |
| M20-xl501 | JhoneRATDownloader_089531d7 | Mixed |
This strike sends a malware sample known as JhoneRATDownloader. This malicious sample is known as JhoneRAT. JhoneRAT is Remote Access Trojan developed in Python that is delivered by means of an office document, and then delivers payloads via multiple layers hosted by Cloud based providers in order to avoid blacklisting. This sample of JhoneRAT act as the initial downloaders and download an additional malicious document with a macro. | 089531d78aad6a897c041e7270feea2b | https://blog.talosintelligence.com/2020/01/jhonerat.html
d5f10a0b5c103100a3e74aa9014032c47aa8973b564b3ab03ae817744e74d079
c33930f7f38f7ece2cad3a4cb11308c07e47eeb1
089531d78aad6a897c041e7270feea2b |
| M20-3vb01 | Barys_58f6454d | Windows |
This strike sends a malware sample known as Barys. Barys is a trojan and downloader that will upload malicious files to the victim machine. | 58f6454d44f726d96b691c1e6bbc0f67 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
1888096d2e773f3e1377ee329bf649d0032e384badd451731cc1f6cf7eb924ce
69384008c9418c5a71539208844545b4dde7718f
58f6454d44f726d96b691c1e6bbc0f67 |
| M20-nnu01 | Barys_7bc6ed6d | Windows |
This strike sends a malware sample known as Barys. Barys is a trojan and downloader that will upload malicious files to the victim machine. | 7bc6ed6d3a9eb473dfe362beb419cfc9 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
08d8cf4bd5635a6930758f7736259f230ff559ede4880d044aa4eaed47f37115
7f91ad49bd25c7ffa9612d8c2eb2cdbe68ed92d9
7bc6ed6d3a9eb473dfe362beb419cfc9 |
| M20-90l01 | ZeroAccess_a062216a | Windows |
This strike sends a malware sample known as ZeroAccess. This sample is known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | a062216acf6bbcc7dbc83adeb6752c33 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
1744dd32bcf9cd45cfec1f4334de1df340129a555e12f73c740e02f7fe7b469c
6b20df3b6b2aad932ba2525cd47b47aa2c0878f6
a062216acf6bbcc7dbc83adeb6752c33 |
| M20-byg01 | TeslaCrypt_f65aeb05 | Windows |
This strike sends a malware sample known as TeslaCrypt. This sample is known as TeslaCrypt. | f65aeb05e5ca5ebe1ae05cbe72aa71e0 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
b8dd6020265dc28fa74d1708e2238cc227791dace690699db22cbb3ba6c1d64c
e27c6667e01e243534ec922242864642ace1cfa6
f65aeb05e5ca5ebe1ae05cbe72aa71e0 |
| M20-oel01 | Razy_0786b90d | Windows |
This strike sends a malware sample known as Razy. This malicious sample is known as Razy. Razy is often used as a generic detection name for a Windows trojan. | 0786b90da12b29b5cc97621dcc78fa3e | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
8fa302841d886e0198c96d76d93399f5905844f424b255e6707a74ea610c55ce
d3292e136139b0215f5a2e03af2518365344c668
0786b90da12b29b5cc97621dcc78fa3e |
| M20-4fj01 | ZeroAccess_30def6e2 | Windows |
This strike sends a malware sample known as ZeroAccess. This sample is known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 30def6e242a9d2fc2ffbf811814b99b6 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
0d6aea5357e88970db6f5c226a2a888e1c7f1c5f20146087952612c06d064b4e
bcf7d7538e94cf9940c19af648a1cb48ef80e604
30def6e242a9d2fc2ffbf811814b99b6 |
| M20-5mk01 | Formbook_1e9eef27 | Windows |
This strike sends a malware sample known as Formbook. This malicious sample is known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target. | 1e9eef2736663a184d8630a0cab97050 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
30545b09c38a284d95310d71822427e0bc0b69dcaeb3d316f2fe39decfb8c006
459cb8b32a43b34ac530d6a599517d05dd4ac76a
1e9eef2736663a184d8630a0cab97050 |
| M20-bty01 | Barys_63887daa | Windows |
This strike sends a malware sample known as Barys. Barys is a trojan and downloader that will upload malicious files to the victim machine. | 63887daa5ffeff3045af57a201125b10 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
13c397c69dd1c2357af059f5760a551567834c836b6d124e4e1ffee085feda80
4e30686b39e234778c360bd349a323e5ad86b9c8
63887daa5ffeff3045af57a201125b10 |
| M20-t5401 | Barys_5eee0ae3 | Windows |
This strike sends a malware sample known as Barys. Barys is a trojan and downloader that will upload malicious files to the victim machine. | 5eee0ae3dc30f2fd1f10c18a2855ca9e | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
12f1c270b4df8c8baa2eb194f85267da965450cf35696644d71d3835a3905e1b
e918fa91c2b6d56c68b171c73bed3f82e9bb7f44
5eee0ae3dc30f2fd1f10c18a2855ca9e |
| M20-jje01 | njRAT_a2e18416 | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | a2e18416057d40ed303fe2d41db5d4ac | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
275e4d554f63db96a64bbca5f0b30ab96199c8595ea0c3c2d46a413f30387a2f
548d19e13d072edcaa1b8b7431a0f62095dbfb3a
a2e18416057d40ed303fe2d41db5d4ac |
| M20-t8m01 | Upatre_88e655fe | Windows |
This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware. | 88e655fe971f7b011ab295366572358c | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
211bdc6613fc3e691ac70d215a8a9edd5f0ebb85bb4f24d6e293fb21894a0b1b
fc49a8d3b9e4451792ab3aa0b130680c7d233728
88e655fe971f7b011ab295366572358c |
| M20-qyy01 | ZeroAccess_6041bac8 | Windows |
This strike sends a malware sample known as ZeroAccess. This sample is known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 6041bac827beff917de67c052fa449dc | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
1d34f5231571a20d3229e850bb786f6148dab477ca4a0169a0af3acf2d2ce71d
e024e214591687e01dea389369fa96c0d4a69312
6041bac827beff917de67c052fa449dc |
| M20-xdy01 | ZeroAccess_786f0783 | Windows |
This strike sends a malware sample known as ZeroAccess. This sample is known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. | 786f07836de13e3ea12e1e2b9a80dbe2 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
08b18f2eb8b1fb422adfb52d482f9d9bb3f4a24d18f89a186ed2865181f6b551
e2689f92665a7b5956d7559917375698e65fea1c
786f07836de13e3ea12e1e2b9a80dbe2 |
| M20-6lz01 | Upatre_a070d768 | Windows |
This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware. | a070d768f5037eef476e143a5c93802e | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
01cb3cbad05c3b0b186b604f32cb00a3ceced74ead26affe5b4fb1867d48be01
c960db6d3b95417d1a685a5364da5101cd246865
a070d768f5037eef476e143a5c93802e |
| M20-9wb01 | Formbook_c69adbf3 | Windows |
This strike sends a malware sample known as Formbook. This malicious sample is known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target. | c69adbf32676d5c28de54dd7abaef90a | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
0da9443c8aacb9e4757b81deeaeedc7b96766020522ed9992d7b9ce3e0eb5130
ea55d5f751c9459abfdf76752078d66c9c4a32a6
c69adbf32676d5c28de54dd7abaef90a |
| M20-g0k01 | Barys_5b6ed716 | Windows |
This strike sends a malware sample known as Barys. Barys is a trojan and downloader that will upload malicious files to the victim machine. | 5b6ed716f254c816bb563ac063142757 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
17b64ea8a52fce27bcd439a2762f6a8dff4235c10ca99a60722e481509e42b0b
110e2ed3c11b0517a11afe195f07b14454c5cdaf
5b6ed716f254c816bb563ac063142757 |
| M20-9ox01 | Formbook_b731e1f6 | Windows |
This strike sends a malware sample known as Formbook. This malicious sample is known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target. | b731e1f60594b3fe672cd7304d21ff1e | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
3a14a285394c39842beaf312d02de42ab02c679e47cb6a40c3b900f196ba4e2d
9a1d0d20bad7cb8e1d516f389dc4421ba07cc4c5
b731e1f60594b3fe672cd7304d21ff1e |
| M20-yb401 | njRAT_962cee7b | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 962cee7b4a16f6b1d337183503ffeef5 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
0b331c29e38da9fe5fe00f40e2af43a4ac960ce48539b34e6d506c3b54a49920
fd85e8e00cc4651a84392d8768d0ef1bcab92ac1
962cee7b4a16f6b1d337183503ffeef5 |
| M20-vvu01 | Barys_b35b224f | Windows |
This strike sends a malware sample known as Barys. Barys is a trojan and downloader that will upload malicious files to the victim machine. | b35b224fcb096f258f93d2481e67d30e | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
022d2461933a4aafe67d8ddb3c5fd7f14eea9035dec79bea200ff1d57776762d
7042ab77f4f378be5e7473ff2954851554f48f90
b35b224fcb096f258f93d2481e67d30e |
| M20-omy01 | njRAT_73069b4d | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | 73069b4d1754bb2f506bb764811ac24e | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
339e7b601f00ee4b80af2645e1e39a8b71901d328d1c56e4f42e7ba74f16b618
87a23817db61f44c74ddf05ca62602e06f19993e
73069b4d1754bb2f506bb764811ac24e |
| M20-wx301 | Formbook_1ed222f7 | Windows |
This strike sends a malware sample known as Formbook. This malicious sample is known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target. | 1ed222f75857455ac9e9da200d11bf2f | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
163d07cf0a756800c6ce5be998331fdffa75081f5f669bbb6149eb0e89744043
839777c2097a8a8b11bd2454b530d222b140c282
1ed222f75857455ac9e9da200d11bf2f |
| M20-oyz01 | JhoneRATDownloader_4ae4e0f8 | Mixed |
This strike sends a malware sample known as JhoneRATDownloader. This malicious sample is known as JhoneRAT. JhoneRAT is Remote Access Trojan developed in Python that is delivered by means of an office document, and then delivers payloads via multiple layers hosted by Cloud based providers in order to avoid blacklisting. This sample of JhoneRAT act as the initial downloaders and download an additional malicious document with a macro. | 4ae4e0f8747a27f41e444fbc047f0191 | https://blog.talosintelligence.com/2020/01/jhonerat.html
273aa20c4857d98cfa51ae52a1c21bf871c0f9cd0bf55d5e58caba5d1829846f
a1b70f143cb91d8ad16ab2ebb109517632e36ce6
4ae4e0f8747a27f41e444fbc047f0191 |
| M20-wn001 | Barys_32b7468d | Windows |
This strike sends a malware sample known as Barys. Barys is a trojan and downloader that will upload malicious files to the victim machine. | 32b7468d1c997710e2d2fd817e0ad000 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
1081f90d1fa09214611b5e0255d714db254f502e945069e93973eb0f63d00208
84717419b0caceeddeb7cadca657460b7670c829
32b7468d1c997710e2d2fd817e0ad000 |
| M20-k9p01 | TeslaCrypt_9f890565 | Windows |
This strike sends a malware sample known as TeslaCrypt. This sample is known as TeslaCrypt. | 9f89056503e143e4a86f35acdafb1260 | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
bd9a8d8d2c8e1d426959e7022ecd26b7001998aba2617e13deac573d16208916
fb8cb99ebb2aea4102618e834af95491f83e6152
9f89056503e143e4a86f35acdafb1260 |
| M20-9pp01 | njRAT_fb2ba426 | Windows |
This strike sends a malware sample known as njRAT. This malicious sample known as njRAT is also known as Bladabindi. It is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014. | fb2ba426a42ad18bd8b37ea7dd80c745 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
21f09de33d10673fb5f8c2f1cf5924f5b81019e037a44b7f151da61b84c85b0d
d0fffa6d64c1d60a4c2370c2a82b4b814dd60a8c
fb2ba426a42ad18bd8b37ea7dd80c745 |
| M20-gph01 | Barys_79924900 | Windows |
This strike sends a malware sample known as Barys. Barys is a trojan and downloader that will upload malicious files to the victim machine. | 799249006df902fdc067bd8370bcf629 | https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
02de146284642091fd6104b2a09a0a5ffc92d51c28e8c492acecbd39fb0c30e0
f5e62bca41224df96f43468b3e4fcc02497aa540
799249006df902fdc067bd8370bcf629 |
| M20-xjt01 | TeslaCrypt_25a649d5 | Windows |
This strike sends a malware sample known as TeslaCrypt. This sample is known as TeslaCrypt. | 25a649d54fe2a989f776bbc3c55ffd1d | https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
69a0539a87e7a9fe382cf4c504c3d02bf6ee4cd6a5e20098ed619da8975480ee
9c10553acb2ffd43bdda94b9efc4ee8631a8eea4
25a649d54fe2a989f776bbc3c55ffd1d |