Malware Monthly Update May - 2020 Release Notes

Malware Monthly Update May - 2020

Malware Strikes

Strike ID	Malware	Platform	Info	MD5	External References
M20-ybm01	Cerber_58fcc751	Windows	This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.	58fcc751acce8ded997a7d2348e8a29b	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 0de40a567ebe34116450658eef3d6a81bf8fa350aa3b6a808f236a603202aa13 SHA1: 0dc33a22227214fb816d0c6fb4d5b1c8efdaf0f7 MD5: 58fcc751acce8ded997a7d2348e8a29b
M20-wea01	Chthonic_f2e342f0	Windows	This strike sends a malware sample known as Chthonic. Chthonic is a banking trojan that is normally delivered by the attacker via phishing emails. Its purpose is to exfiltrate sensitive credentials from the victim machine, and has also been seen delivering other malware like AZORult to perform additional functionality.	f2e342f039eca55972cfa02b3564091f	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 7c9f6e39190124804994315278d5451dc80f0c59994778d7c1ee22d2f6903021 SHA1: 8f89731df7d712435765e3cb4a44b93eba0d93d5 MD5: f2e342f039eca55972cfa02b3564091f
M20-mrh01	Cerber_bcf1716e	Windows	This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.	bcf1716e2a2e75529bbf4de69b1159c2	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 15c5d4adfd697ea53278ad1cdc1128cbc96b808071fe06b8f5fdcbe847cd5fe5 SHA1: e506a27a5af061b47918810cd1e081cbe31a7187 MD5: bcf1716e2a2e75529bbf4de69b1159c2
M20-mge01	GenericKidz_433e70f1	Windows	This strike sends a malware sample known as GenericKidz. GenericKidz is a Delphi application that installs the Hawkeye spyware. It utilizes the Windows Autostart registry key to achieve persistence upon a system reboot.	433e70f1e417b54f3991c5480ba49629	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 0c9ca5ead3a092e8c36983821e2059b6107906467e3d74095780da026e53e1d5 SHA1: c873cf6a7b717166cb2b8ea17b909ccdb783d00b MD5: 433e70f1e417b54f3991c5480ba49629
M20-7z801	Ragnar	Windows	This strike sends a polymorphic malware sample known as Ragnar Locker. Ragnar Locker is a ransomware that encrypts infected systems and demands a bitcoin ransom in order to decrypt the data. It infects these systems through unsecured RDP connections, and then uses MSP tools to push Powershell scripts to all available endpoints. Next these scripts will download a payload from Pastebin, that executes the ransomware.The binary has random bytes appended at the end of the file.	1e9104a4d587cd8483cda90b234a3780	https://attack.mitre.org/techniques/T1009/ SHA256: 5245f57c0cb21998d52b980fb326fd3ce73699772d85f7da0492d61fe7daced5 SHA1: 5528f8b16ae06f546e28a5f99d0a796481fd6f55 PARENTID: M20-kcc01 SSDEEP: 768:BpBsvKMNyoq65co7Bjd/3oqab0k3R2pXlj+BnkP7Z:BpPM4o4qFoqaXC+6N MD5: 1e9104a4d587cd8483cda90b234a3780
M20-oud01	Cerber_a6775e17	Windows	This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.	a6775e1725ee8b2ef02576bff56f2098	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 07265644f5a634d235c9c33eef1deaca73689d5d8123bfb22b31a662cc9e2643 SHA1: 2aa77bc40bbafb4c0815d7e98b4aaf8e2c259f9c MD5: a6775e1725ee8b2ef02576bff56f2098
M20-76o01	Chthonic_4491185a	Windows	This strike sends a malware sample known as Chthonic. Chthonic is a banking trojan that is normally delivered by the attacker via phishing emails. Its purpose is to exfiltrate sensitive credentials from the victim machine, and has also been seen delivering other malware like AZORult to perform additional functionality.	4491185a608e1b581122f1f2ff31f80b	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 3c86595e1e7c456c182e0093475c5fce6656b44899ef23dff1badfa87a161468 SHA1: 4ca6b3c39c097b89e4e95dff5f21e0e039eea13d MD5: 4491185a608e1b581122f1f2ff31f80b
M20-gd301	Ragnar	Windows	This strike sends a malware sample known as Ragnar Locker. This malware is known as Ragnar Locker. Ragnar Locker is a ransomware that encrypts infected systems and demands a bitcoin ransom in order to decrypt the data. It infects these systems through unsecured RDP connections, and then uses MSP tools to push Powershell scripts to all available endpoints. Next these scripts will download a payload from Pastebin, that executes the ransomware.	f7c48ee1f3ee1b18d255ad98703a5896	https://www.deepinstinct.com/2020/04/27/ragnar-locker-ransomware-unlocked-by-deep-instinct/ SHA256: c2bd70495630ed8279de0713a010e5e55f3da29323b59ef71401b12942ba52f6 SHA1: 7c3a082237504d3bf36e47b986e02e014a2b8abc MD5: f7c48ee1f3ee1b18d255ad98703a5896
M20-6kb01	Maze_064058cf	Windows	This strike sends a malware sample known as Maze. Maze malware also known as ChaCha ransomware is known for not only encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult.	064058cf092063a5b69ed8fd2a1a04fe	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/ SHA256: 24da3ccf131b8236d3c4a8cc29482709531232ef9c9cba38266b908439dea063 SHA1: 92b44e52f13bcb097f412a6a61bdc46ac19584c6 MD5: 064058cf092063a5b69ed8fd2a1a04fe
M20-q5e01	GenericKidz_47d43093	Windows	This strike sends a malware sample known as GenericKidz. GenericKidz is a Delphi application that installs the Hawkeye spyware. It utilizes the Windows Autostart registry key to achieve persistence upon a system reboot.	47d430933b20724e741367fbc471ef4c	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 23af63321f9d1c310c14cc894f301d4c7dcb33fd06d4de84f2b3c8422fb83c06 SHA1: 41537f088cdbd42e0b3d5e8c6613f1ca60c66336 MD5: 47d430933b20724e741367fbc471ef4c
M20-4m201	Chthonic_f8b7320b	Windows	This strike sends a polymorphic malware sample known as Chthonic. Chthonic is a banking trojan that is normally delivered by the attacker via phishing emails. Its purpose is to exfiltrate sensitive credentials from the victim machine, and has also been seen delivering other malware like AZORult to perform additional functionality.The binary has been packed using upx packer, with the default options.	f8b7320bd389415d399e4ea8a30af167	https://attack.mitre.org/techniques/T1045/ SHA256: 5cb82d40e5b47c2396319700877f43a9f2fee3b6e68330cf4e12a786d96e526a SHA1: 73875a6320d05d26b1dd4caf7c16b932821c898a PARENTID: M20-wea01 SSDEEP: 3072:rhRPp1xigEkAJiUM9x5SAlYSzYrJTbCbK2jO8POnAWENw:rhJxisATM9x09iYrJTbCm2qE/WENw MD5: f8b7320bd389415d399e4ea8a30af167
M20-4jj01	GenericKidz_4cc4db0e	Windows	This strike sends a malware sample known as GenericKidz. GenericKidz is a Delphi application that installs the Hawkeye spyware. It utilizes the Windows Autostart registry key to achieve persistence upon a system reboot.	4cc4db0ea7cbf30b9401edbda75fcd55	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 1e0654a998adda2207a909a02f5f89e039ebbf107b16d77a6148f3caf23f07cd SHA1: 33c1d65f89dab800c20deb41cdb931daa6b1f7e3 MD5: 4cc4db0ea7cbf30b9401edbda75fcd55
M20-f3k01	Chthonic_aab84bb8	Windows	This strike sends a malware sample known as Chthonic. Chthonic is a banking trojan that is normally delivered by the attacker via phishing emails. Its purpose is to exfiltrate sensitive credentials from the victim machine, and has also been seen delivering other malware like AZORult to perform additional functionality.	aab84bb852fafd609314abe64403d04c	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 73dbdd15d5aeba77d61b723e1f8eafc2b161679c61ca1aeb3de9e397faafcb6d SHA1: 2b28cd85d19b7b7cc63bfa999a14b3001434d64f MD5: aab84bb852fafd609314abe64403d04c
M20-rr801	Maze_80043a5b	Mixed	This strike sends a malware sample known as Maze. Maze malware also known as ChaCha ransomware is known for not only encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult.	80043a5b285da88fb63d469243655751	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/ SHA256: 44991186a56b0d86581f2b9cc915e3af426a322d5c4f43a984e6ea38b81b7bed SHA1: 434e02e197cf7352ef01a8e44f1a64e0a49cd66e MD5: 80043a5b285da88fb63d469243655751
M20-yhz01	Maze_f04d404d	Windows	This strike sends a malware sample known as Maze. Maze malware also known as ChaCha ransomware is known for not only encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult.	f04d404d84be66e64a584d425844b926	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/ SHA256: 5603a16cbf81d183d3ff4ffea5477af1a4be01321865f0978c0e128051ec0a82 SHA1: 34584e01a7208b6aa150cccd5d855ec37fd129ea MD5: f04d404d84be66e64a584d425844b926
M20-yry01	Maze_ad30987a	Mixed	This strike sends a malware sample known as Maze. Maze malware also known as ChaCha ransomware is known for not only encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult.	ad30987a53b1b0264d806805ce1a2561	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/ SHA256: 9f2139cc7c3fad7f133c26015ed3310981de26d7f1481355806f430f9c97e639 SHA1: e7da9cac8fc6a30c2879ddb1ab97422e59979591 MD5: ad30987a53b1b0264d806805ce1a2561
M20-1uc01	Maze_d2dda72f	Windows	This strike sends a malware sample known as Maze. Maze malware also known as ChaCha ransomware is known for not only encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult.	d2dda72ff2fbbb89bd871c5fc21ee96a	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/ SHA256: ecd04ebbb3df053ce4efa2b73912fd4d086d1720f9b410235ee9c1e529ea52a2 SHA1: 7c928fdd5954ba9da5788453ce43a0ff440bf281 MD5: d2dda72ff2fbbb89bd871c5fc21ee96a
M20-4qg01	GenericKidz_4110f169	Windows	This strike sends a malware sample known as GenericKidz. GenericKidz is a Delphi application that installs the Hawkeye spyware. It utilizes the Windows Autostart registry key to achieve persistence upon a system reboot.	4110f169b8e3525a0dec5faa7086d171	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: c07aa81c90d9e55f10cbc16f268b12cd1f2c2e4e65942221169398238b70ccb7 SHA1: ad287121e708355b1e37b0b3f5fa6b81fc31a1a3 MD5: 4110f169b8e3525a0dec5faa7086d171
M20-fds01	Maze_ef95c48e	Windows	This strike sends a malware sample known as Maze. Maze malware also known as ChaCha ransomware is known for not only encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult.	ef95c48e750c1a3b1af8f5446fa04f54	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/ SHA256: 22ccc6a9a8834e08f190486524fb86b177f332b5835f4bd75f31b4b667271bb0 SHA1: 8ea5950ffefa2b7193a40682513e80a28d743175 MD5: ef95c48e750c1a3b1af8f5446fa04f54
M20-25501	Chthonic_8a4e14ed	Windows	This strike sends a malware sample known as Chthonic. Chthonic is a banking trojan that is normally delivered by the attacker via phishing emails. Its purpose is to exfiltrate sensitive credentials from the victim machine, and has also been seen delivering other malware like AZORult to perform additional functionality.	8a4e14ed621b815a3233071ed247918a	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 58962d2b0dbb2d469a15ce8fb8695014c733c750d0a61ada0595189d64c769c0 SHA1: 89ca538592113e753b6108cd791dc31a7efa7df7 MD5: 8a4e14ed621b815a3233071ed247918a
M20-hfw01	Ragnar	Windows	This strike sends a malware sample known as Ragnar Locker. This malware is known as Ragnar Locker. Ragnar Locker is a ransomware that encrypts infected systems and demands a bitcoin ransom in order to decrypt the data. It infects these systems through unsecured RDP connections, and then uses MSP tools to push Powershell scripts to all available endpoints. Next these scripts will download a payload from Pastebin, that executes the ransomware.	77e84f1baf2b6d0dba6ad7169dab07ad	https://www.deepinstinct.com/2020/04/27/ragnar-locker-ransomware-unlocked-by-deep-instinct/ SHA256: 1472f5f559f90988f886d515f6d6c52e5d30283141ee2f13f92f7e1f7e6b8e9e SHA1: 5938b9900e0c1978802319dc1cbababd70abf597 MD5: 77e84f1baf2b6d0dba6ad7169dab07ad
M20-nbe01	Chthonic_01c6db88	Windows	This strike sends a malware sample known as Chthonic. Chthonic is a banking trojan that is normally delivered by the attacker via phishing emails. Its purpose is to exfiltrate sensitive credentials from the victim machine, and has also been seen delivering other malware like AZORult to perform additional functionality.	01c6db88b0aa86533073836d1bd8cf04	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 4d2c216c4ba2cec5e28324fbffc77479db4321862ef98fc2f6edbfa11c91b4be SHA1: 6be70b68b7af98d0d955e629d0bff83b153b0505 MD5: 01c6db88b0aa86533073836d1bd8cf04
M20-o5001	Cerber_9379c0cd	Windows	This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.	9379c0cd8e0b04c9326e9276be77e280	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 1abc5f123d1e92a151c9ffecd863cfaeaec589a4cb21c28b7667f9e6e62e2b21 SHA1: a068cfb5165e5a8b81e7a674a82ed6226c9adc8e MD5: 9379c0cd8e0b04c9326e9276be77e280
M20-17d01	Chthonic_1d4738a3	Windows	This strike sends a malware sample known as Chthonic. Chthonic is a banking trojan that is normally delivered by the attacker via phishing emails. Its purpose is to exfiltrate sensitive credentials from the victim machine, and has also been seen delivering other malware like AZORult to perform additional functionality.	1d4738a31855c758963b3e4d8e192c2d	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 3780f9d56d95218a3a1e526c05aaf127d22d14093ee06bcf7fc9e3b78f87253e SHA1: f4006455e06ab52e3b5dd328726c9a6d3cef0d86 MD5: 1d4738a31855c758963b3e4d8e192c2d
M20-wvh01	GenericKidz_962468eb	Windows	This strike sends a malware sample known as GenericKidz. GenericKidz is a Delphi application that installs the Hawkeye spyware. It utilizes the Windows Autostart registry key to achieve persistence upon a system reboot.	962468eb7478581b08ac99444ab951ea	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 4044a3631fdbc686898028995532444f662d0a78be5a530d226239782445b4d8 SHA1: b4370cef329747da2d266002c84491abf8364d1f MD5: 962468eb7478581b08ac99444ab951ea
M20-jj001	Maze_02c0ba2a	Windows	This strike sends a malware sample known as Maze. Maze malware also known as ChaCha ransomware is known for not only encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult.	02c0ba2a97617497e7089bb900ffdc0c	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/ SHA256: 04d006f5c8498cc5a987a5c9379a0a117342d654d639fbf19fb8e050e85abb7d SHA1: bb684e83eb3740cde6afa61cb926ce2bf4d0be7a MD5: 02c0ba2a97617497e7089bb900ffdc0c
M20-umd01	Maze_53d5bdc6	Mixed	This strike sends a malware sample known as Maze. Maze malware also known as ChaCha ransomware is known for not only encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult.	53d5bdc6bd7904b44078cf80e239d42b	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/ SHA256: cfd8e3a47036c4eeeb318117c0c23e126aea95d1774dae37d5b6c3de02bdfc2a SHA1: 761910e01ca991434775bcbe40b56c2aa1fff029 MD5: 53d5bdc6bd7904b44078cf80e239d42b
M20-rug01	Chthonic_fb6acc3d	Windows	This strike sends a malware sample known as Chthonic. Chthonic is a banking trojan that is normally delivered by the attacker via phishing emails. Its purpose is to exfiltrate sensitive credentials from the victim machine, and has also been seen delivering other malware like AZORult to perform additional functionality.	fb6acc3da250c5db470492f2790dc221	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 311ce91b0bacedf64d500efe57c919eef18865107d73420bc59967d121077cc8 SHA1: d514cfd7b0ff5221d12091a0810e78e4be245ba4 MD5: fb6acc3da250c5db470492f2790dc221
M20-1os01	Cerber_1295a615	Windows	This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.	1295a61551be8bb3fabd9403889eaac9	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 064579ef28c82acb6935b75fe3a2408b354a0d4d9004d3beb444045fb8ba1b9d SHA1: efd2175c782b5de133be6f7cb7245c60acd76016 MD5: 1295a61551be8bb3fabd9403889eaac9
M20-3re01	GenericKidz_988cd895	Windows	This strike sends a malware sample known as GenericKidz. GenericKidz is a Delphi application that installs the Hawkeye spyware. It utilizes the Windows Autostart registry key to achieve persistence upon a system reboot.	988cd895960f21183c83c298c4bb007c	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 47bf9eeb164237e0fc322125052d65783fa809bd804c8a9dbd6b4db210b24f92 SHA1: 4d468ea149bbe886b2602f2234e091cd2813665e MD5: 988cd895960f21183c83c298c4bb007c
M20-vc901	Maze_ee26e337	Mixed	This strike sends a malware sample known as Maze. Maze malware also known as ChaCha ransomware is known for not only encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult.	ee26e33725b14850b1776a67bd8f2d0a	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/ SHA256: d617fd4b2d0824e1a7eb9693c6ec6e71447d501d24653a8e99face12136491a8 SHA1: 7e4b1fd3a82448e9dd3422487aa8d2488f95bf26 MD5: ee26e33725b14850b1776a67bd8f2d0a
M20-m4t01	Cerber_177b8bca	Windows	This strike sends a polymorphic malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber".The binary file has one more imports added in the import table.	177b8bcaa38f1fc024b2b02203ce3278	https://arxiv.org/abs/1702.05983 SHA256: 9b8c28c7bd3d3c643a9f56d7f9e8cd6b277cb42f75471ebabd12136a92d70be2 SHA1: e9a21d3a8a0e65c380f2d9540f31af00e5139339 PARENTID: M20-qcm01 SSDEEP: 6144:aPvsAaRn+h+/qM5gEZGmJ4swsCTUrHvHP/jvHbfbUsRtwI5Mg8QC1N1e:uGRn+4d57ZGy4D32wcMgile MD5: 177b8bcaa38f1fc024b2b02203ce3278
M20-yqt01	Cerber_af672b3d	Windows	This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.	af672b3d1f4c6f019e0e17d227087607	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 11018a64eeae53e33d66193676705e49ab658d04f5e2f8471ab896fbda96b1d5 SHA1: d0052224dd0a116507a60887ace1a55ae708df84 MD5: af672b3d1f4c6f019e0e17d227087607
M20-0vw01	Maze_d6e2396d	Windows	This strike sends a polymorphic malware sample known as Maze. Maze malware also known as ChaCha ransomware is known for not only encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult.The binary has a random section name renamed according to the PE format specification.	d6e2396df72ada10e2bbf0f48cb70462	https://arxiv.org/abs/1801.08917 SHA256: 18f03c65bf58549e8e230b8ef8595287fe51db0e5e411adfeaf261f87574543e SHA1: 27b1fa00a1a1edce9d2aa976aff216466042c930 PARENTID: M20-igj01 SSDEEP: 6144:kx0s5c9jrLrLrLZMEQ9V6wZqEZw0eNsd198V50DErNNg/ydlb4fQ6wFMvMK:EMAwmlDYNg6dNoQl+vD MD5: d6e2396df72ada10e2bbf0f48cb70462
M20-h0j01	Chthonic_35bc4e7e	Windows	This strike sends a malware sample known as Chthonic. Chthonic is a banking trojan that is normally delivered by the attacker via phishing emails. Its purpose is to exfiltrate sensitive credentials from the victim machine, and has also been seen delivering other malware like AZORult to perform additional functionality.	35bc4e7e59b96ba08e6fde8a805868a0	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 356e8479fb35f301fe0f578726fe072ecec12d2d1074d20bafd9b107a0f2fa62 SHA1: 1444678488bd4463b196ada2e729a89986302120 MD5: 35bc4e7e59b96ba08e6fde8a805868a0
M20-vf301	GenericKidz_f27a8207	Windows	This strike sends a malware sample known as GenericKidz. GenericKidz is a Delphi application that installs the Hawkeye spyware. It utilizes the Windows Autostart registry key to achieve persistence upon a system reboot.	f27a8207eab1b5be953da9cde9e504ee	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 68fb0d69411cceecd15f52ab04953034ef20310d46df3fcb3afa01ef9815dfda SHA1: b687bef3d7452273ad42918629b24da1ffc89ad9 MD5: f27a8207eab1b5be953da9cde9e504ee
M20-acp01	Cerber_1c0de3d5	Windows	This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.	1c0de3d521d3fd02949cdb53d3b5334a	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 0e446d8cb2f076a30441b95278c77badff0a2814ed16ca59e5767795aff0729e SHA1: 0f0d261d3c3470bbb2eca065a9685a9b62ef7110 MD5: 1c0de3d521d3fd02949cdb53d3b5334a
M20-t7b01	Maze_1ffecd46	Mixed	This strike sends a malware sample known as Maze. Maze malware also known as ChaCha ransomware is known for not only encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult.	1ffecd461b3d4b65e44faff8537f68d6	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/ SHA256: 5f1e512d9ab9b915b1fc925f546ed559cbfa49df53229e2f954a1416cf6f5ee4 SHA1: 8e6df1166afaae4aa5335aaee6a63f98a4613024 MD5: 1ffecd461b3d4b65e44faff8537f68d6
M20-tqc01	Ragnar	Windows	This strike sends a polymorphic malware sample known as Ragnar Locker. Ragnar Locker is a ransomware that encrypts infected systems and demands a bitcoin ransom in order to decrypt the data. It infects these systems through unsecured RDP connections, and then uses MSP tools to push Powershell scripts to all available endpoints. Next these scripts will download a payload from Pastebin, that executes the ransomware.The binary has the debug flag removed in the PE file format.	453b78931f1856b9295117ef3b9db30e	https://arxiv.org/abs/1801.08917 SHA256: dc1c31a0e2ff3b048a875e2c1373e9836baa96250db547c7270a4bf4f599a5d6 SHA1: 85278411ede936ce43602f8a36abb10d97aea6f9 PARENTID: M20-kcc01 SSDEEP: 768:KpBsvKMNyoq65co7Bjd/3oqab0k3R2pXlj+Bnk:KpPM4o4qFoqaXC+6 MD5: 453b78931f1856b9295117ef3b9db30e
M20-sb501	Chthonic_06683c12	Windows	This strike sends a malware sample known as Chthonic. Chthonic is a banking trojan that is normally delivered by the attacker via phishing emails. Its purpose is to exfiltrate sensitive credentials from the victim machine, and has also been seen delivering other malware like AZORult to perform additional functionality.	06683c12ede3b376d05d461be84a48ad	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 49f30782a139a159f630022bffa0cd2aef80149efa80436791807270954dda51 SHA1: 4bd1845860073e6aeb791e1d617b68690c140d04 MD5: 06683c12ede3b376d05d461be84a48ad
M20-8r101	GenericKidz_f12dd048	Windows	This strike sends a malware sample known as GenericKidz. GenericKidz is a Delphi application that installs the Hawkeye spyware. It utilizes the Windows Autostart registry key to achieve persistence upon a system reboot.	f12dd048ef5d97a4fdc97c983a8d1478	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 4004df1bf42ff674d7cb4a526e3af694302d6d8bdaceeee88dc8b4135fc7594c SHA1: 6deb902ed6d6da53f983d71bcb32c4e670ab45b7 MD5: f12dd048ef5d97a4fdc97c983a8d1478
M20-b4z01	GenericKidz_bd742339	Windows	This strike sends a malware sample known as GenericKidz. GenericKidz is a Delphi application that installs the Hawkeye spyware. It utilizes the Windows Autostart registry key to achieve persistence upon a system reboot.	bd742339bb527c17f0a07c19ec36cea3	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 78ab5f5da002769f5104e87bf633930d4218f9c764699427a01384d15e7ed43f SHA1: ebc728c74a1f63ebd370a8693d069afdc3c234e7 MD5: bd742339bb527c17f0a07c19ec36cea3
M20-9az01	Chthonic_c7844c3f	Windows	This strike sends a polymorphic malware sample known as Chthonic. Chthonic is a banking trojan that is normally delivered by the attacker via phishing emails. Its purpose is to exfiltrate sensitive credentials from the victim machine, and has also been seen delivering other malware like AZORult to perform additional functionality.The binary has a random section name renamed according to the PE format specification.	c7844c3f89c00041a31a6704ef8a4ef5	https://arxiv.org/abs/1801.08917 SHA256: 1a178c2abeb207f1c9b4ae5bb52e3a4d2b8d5c3953622c7721c6d7a7e7c8d30d SHA1: aaf1bd5308ba0592e2c7bb2aef4fd8987749935c PARENTID: M20-9l601 SSDEEP: 3072:DAUvnyA6tx3W7c4iFyLN1oGpVOfZaIHmmC8J26HuJzCc0:Nvn0xz4bB1trYmmCI2U2mj MD5: c7844c3f89c00041a31a6704ef8a4ef5
M20-4ik01	Chthonic_2306b513	Windows	This strike sends a malware sample known as Chthonic. Chthonic is a banking trojan that is normally delivered by the attacker via phishing emails. Its purpose is to exfiltrate sensitive credentials from the victim machine, and has also been seen delivering other malware like AZORult to perform additional functionality.	2306b513b6283cf5c017dbf7240a7c19	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 3fa1d611262596bc923fc1e6ac7f44b5ad1c3d574270e588041f379c1b38b679 SHA1: bfd9403ec23512e453bad0ed0ceac99fcc1b75d9 MD5: 2306b513b6283cf5c017dbf7240a7c19
M20-o8301	Maze_be537a66	Windows	This strike sends a malware sample known as Maze. Maze malware also known as ChaCha ransomware is known for not only encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult.	be537a66d01c67076c8491b05866c894	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/ SHA256: 877c439da147bab8e2c32f03814e3973c22cbcd112d35bc2735b803ac9113da1 SHA1: 8614c5aa7abe3b91ffbc5637dd53bdff886aa1c1 MD5: be537a66d01c67076c8491b05866c894
M20-yle01	Cerber_3feda6e4	Windows	This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.	3feda6e4ba4db978fe9b8533df206722	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 1177ecb326246585b0b1a3f3664969325eb3017d6ae93e8340fd04497391f41d SHA1: c5c7ed08900d9973f258097b0594c2da8f45d707 MD5: 3feda6e4ba4db978fe9b8533df206722
M20-af201	Cerber_b6ddcba9	Windows	This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.	b6ddcba95312ff109ba53049dd3df5af	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 15bcfa2a7f4a8446b9044b31ac577e75ceca42d8d47b7441f86e97610df7fb30 SHA1: c177741641cf582b05b9470d62830af1f2943e01 MD5: b6ddcba95312ff109ba53049dd3df5af
M20-7vn01	Chthonic_c663f470	Windows	This strike sends a polymorphic malware sample known as Chthonic. Chthonic is a banking trojan that is normally delivered by the attacker via phishing emails. Its purpose is to exfiltrate sensitive credentials from the victim machine, and has also been seen delivering other malware like AZORult to perform additional functionality.The binary has random bytes appended at the end of the file.	c663f470475adcec85d53ae121a28bef	https://attack.mitre.org/techniques/T1009/ SHA256: c26f64f5b77ff1aebb388055e18376e36b5795444dd3efc524b95d96a0d11b2e SHA1: 4f4e40f9283332d7c497c449157c86f5bf09d494 PARENTID: M20-9l601 SSDEEP: 3072:5AUvnyA6tx3W7c4iFyLN1oGpVOfZaIHmmC8J26HuJzCc9F:rvn0xz4bB1trYmmCI2U2mEF MD5: c663f470475adcec85d53ae121a28bef
M20-g3c01	Ragnar	Windows	This strike sends a malware sample known as Ragnar Locker. This malware is known as Ragnar Locker. Ragnar Locker is a ransomware that encrypts infected systems and demands a bitcoin ransom in order to decrypt the data. It infects these systems through unsecured RDP connections, and then uses MSP tools to push Powershell scripts to all available endpoints. Next these scripts will download a payload from Pastebin, that executes the ransomware.	9b2a874de86f10ff992a30febdb6f9e8	https://www.deepinstinct.com/2020/04/27/ragnar-locker-ransomware-unlocked-by-deep-instinct/ SHA256: a8ee0fafbd7b84417c0fb31709b2d9c25b2b8a16381b36756ca94609e2a6fcf6 SHA1: 01fff32c5e016bfd3692072ef0ef5b943f2da110 MD5: 9b2a874de86f10ff992a30febdb6f9e8
M20-rh201	Chthonic_ed8b7d43	Windows	This strike sends a malware sample known as Chthonic. Chthonic is a banking trojan that is normally delivered by the attacker via phishing emails. Its purpose is to exfiltrate sensitive credentials from the victim machine, and has also been seen delivering other malware like AZORult to perform additional functionality.	ed8b7d43f752748610116d9c2ec2ad17	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 706c37e3dbf83e01206b37a4c3fc1f39611cd05b7f8df8ebe2456efd8a6970ac SHA1: 872b6e77f28602bd4af0b22f9ebe2d02b3429480 MD5: ed8b7d43f752748610116d9c2ec2ad17
M20-igj01	Maze_57e3d794	Windows	This strike sends a malware sample known as Maze. Maze malware also known as ChaCha ransomware is known for not only encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult.	57e3d794b333f6ba4d2a968a54c7f7d8	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/ SHA256: 78fb8d34cf3e034fbbaefd8f7587bd364a000a1e12c4a6fa45e192d56b93a25a SHA1: e850e2963deaea7e6d43c1390f4d69b20ed62a67 MD5: 57e3d794b333f6ba4d2a968a54c7f7d8
M20-kcc01	Ragnar	Windows	This strike sends a malware sample known as Ragnar Locker. This malware is known as Ragnar Locker. Ragnar Locker is a ransomware that encrypts infected systems and demands a bitcoin ransom in order to decrypt the data. It infects these systems through unsecured RDP connections, and then uses MSP tools to push Powershell scripts to all available endpoints. Next these scripts will download a payload from Pastebin, that executes the ransomware.	3ca359f5085bb96a7950d4735b089ffe	https://www.deepinstinct.com/2020/04/27/ragnar-locker-ransomware-unlocked-by-deep-instinct/ SHA256: 7af61ce420051640c50b0e73e718dd8c55dddfcb58917a3bead9d3ece2f3e929 SHA1: 60747604d54a18c4e4dc1a2c209e77a793e64dde MD5: 3ca359f5085bb96a7950d4735b089ffe
M20-g7601	Cerber_d9456755	Windows	This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.	d9456755be7622b653eeb66cbe992c30	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 1263a68800e384bee88a29156b3240a4f5bd7c207d7bb3994ee42d9f8e3104b0 SHA1: 4ed16dcd3ff7d91cf073fcb091137a9ba3d26dec MD5: d9456755be7622b653eeb66cbe992c30
M20-r4901	Chthonic_5dc71fc5	Windows	This strike sends a malware sample known as Chthonic. Chthonic is a banking trojan that is normally delivered by the attacker via phishing emails. Its purpose is to exfiltrate sensitive credentials from the victim machine, and has also been seen delivering other malware like AZORult to perform additional functionality.	5dc71fc5408d7749d25459cacc54c4d6	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 6e6d5dbe3d497750383b5b50ceb17a8cdb67eeb2c923af97219ef25f0d3f8274 SHA1: 04ce1a31b804ca5e100f2ddc6340c706a55df726 MD5: 5dc71fc5408d7749d25459cacc54c4d6
M20-f5p01	Maze_1d746808	Windows	This strike sends a polymorphic malware sample known as Maze. Maze malware also known as ChaCha ransomware is known for not only encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult.The binary has random strings (lorem ipsum) appended at the end of the file.	1d74680891b4955ff98287f689d23016	https://attack.mitre.org/techniques/T1009/ SHA256: fda037a68cb707b4609ae9d9f609ac73a3a2a53f279840983d1131eb04b5da9f SHA1: 7a297b8a73f34d9600e0942b9e79ea03825d43bc PARENTID: M20-igj01 SSDEEP: 6144:Sx0s5c9jrLrLrLZMEQ9V6wZqEZw0eNsd198V50DErNNg/ydlb4fQ6wFMvMD:mMAwmlDYNg6dNoQl+vC MD5: 1d74680891b4955ff98287f689d23016
M20-zlj01	Cerber_97c2f3bb	Windows	This strike sends a polymorphic malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber".The binary has been packed using upx packer, with the default options.	97c2f3bb7328316b257cc6f319b32bd9	https://attack.mitre.org/techniques/T1045/ SHA256: 89c08b1ee24e19d5697f09bd3c1f6b8d146ab2b43b6d1949f367fb2a91f60b24 SHA1: 637c8a7737c59f7e2cfb3dc2ea48f4cfb7a3961e PARENTID: M20-qcm01 SSDEEP: 6144:QtHxDeGTNkEm3tLP09Kt1Y1yBnFi1Jg7q5EPQf2ZZBZvHZuV:QtR1R0tLF7B8g7q549ZZHvHZuV MD5: 97c2f3bb7328316b257cc6f319b32bd9
M20-7a801	Cerber_3507a8e8	Windows	This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.	3507a8e8633d46b72971e691189a62d1	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 03f07c9b09741428f840403a193a1dd7f0216371e3f8d159ccabdf7a4629bb9e SHA1: a987fab8c3dea79c4e37c24658a5a84297803ba9 MD5: 3507a8e8633d46b72971e691189a62d1
M20-z7h01	Chthonic_029263b3	Windows	This strike sends a malware sample known as Chthonic. Chthonic is a banking trojan that is normally delivered by the attacker via phishing emails. Its purpose is to exfiltrate sensitive credentials from the victim machine, and has also been seen delivering other malware like AZORult to perform additional functionality.	029263b342d655892fee9634dc699c50	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 4bd6b56bad8e51cf3187d822dfdd6919382d338999df524dbb99c32495c20d7b SHA1: 3d48854abd5494e72fb77eac64b63d4a31b9ab0d MD5: 029263b342d655892fee9634dc699c50
M20-bg501	Maze_35a4ba50	Windows	This strike sends a polymorphic malware sample known as Maze. Maze malware also known as ChaCha ransomware is known for not only encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult.The binary has random bytes appended at the end of the file.	35a4ba50a7d6aac61fc36980a6153df2	https://attack.mitre.org/techniques/T1009/ SHA256: 33d489bbcc6f10df8c67eae9712d07c45ae7ca3d6405aa5814fa6edd7ae58181 SHA1: e51368fbd2c00cb84b84ef65aad179848d9bd564 PARENTID: M20-igj01 SSDEEP: 6144:Sx0s5c9jrLrLrLZMEQ9V6wZqEZw0eNsd198V50DErNNg/ydlb4fQ6wFMvMO:mMAwmlDYNg6dNoQl+vP MD5: 35a4ba50a7d6aac61fc36980a6153df2
M20-m1n01	Maze_4cdd275b	Windows	This strike sends a malware sample known as Maze. Maze malware also known as ChaCha ransomware is known for not only encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult.	4cdd275bc7d6bf28c5691c1ee1b37eac	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/ SHA256: 0b9c99276ed36110afc58b3fb59ada135146180189c25d99618ca5897537ee21 SHA1: b908dfc77cd01a03f1be1270e7ae570bef6b89f3 MD5: 4cdd275bc7d6bf28c5691c1ee1b37eac
M20-zb301	Chthonic_66f43845	Windows	This strike sends a malware sample known as Chthonic. Chthonic is a banking trojan that is normally delivered by the attacker via phishing emails. Its purpose is to exfiltrate sensitive credentials from the victim machine, and has also been seen delivering other malware like AZORult to perform additional functionality.	66f43845fdd3fa7414b5d772806e7e26	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 2e434122795ce60847385431e28d8e96e0a63ced780a48d9acdbad149c262074 SHA1: 1d88592c20f7b850e61461ac9c64a728e41c14d5 MD5: 66f43845fdd3fa7414b5d772806e7e26
M20-6xe01	Maze_b9078b6d	Windows	This strike sends a polymorphic malware sample known as Maze. Maze malware also known as ChaCha ransomware is known for not only encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult.The binary has random contents appended in one of the existing sections in the PE file format.	b9078b6db33deb83201c8d2cbb3ced4e	https://arxiv.org/abs/1801.08917 SHA256: 8e2e8b266bf451bce36445ef9fe0284f2d171518b61ed4dc2e025799c7949e6e SHA1: f4767c509c5c6b5b0ba97931f810bbf8a4d3e02b PARENTID: M20-igj01 SSDEEP: 6144:Sx0s5c9jrLrLrLZMEQ9V6wZqEZw0eNsd198V50DErjNg/ydlb4fQ6wFMvMK:mMAwmlD2Ng6dNoQl+vD MD5: b9078b6db33deb83201c8d2cbb3ced4e
M20-3o801	Chthonic_d39d63cd	Windows	This strike sends a malware sample known as Chthonic. Chthonic is a banking trojan that is normally delivered by the attacker via phishing emails. Its purpose is to exfiltrate sensitive credentials from the victim machine, and has also been seen delivering other malware like AZORult to perform additional functionality.	d39d63cdd5965a342f6465585fcf3bd4	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 4b255914b1ee12886e4dee4745799d21fcefcf2c95466d2ee5c4af056a280809 SHA1: 8782804d58d23f1c1c15783f29b1f6bb94ba78c8 MD5: d39d63cdd5965a342f6465585fcf3bd4
M20-7xg01	Chthonic_79a423d4	Windows	This strike sends a malware sample known as Chthonic. Chthonic is a banking trojan that is normally delivered by the attacker via phishing emails. Its purpose is to exfiltrate sensitive credentials from the victim machine, and has also been seen delivering other malware like AZORult to perform additional functionality.	79a423d4b36a9f38cafd7402d3bf6708	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 6f22d50967bd631b8cf5fa77b96267817ae25c4f1de75998ce5a6046c74aee01 SHA1: 9effc7a23f15569d250d3ce3f21f556bb3204eaf MD5: 79a423d4b36a9f38cafd7402d3bf6708
M20-zwj01	Cerber_7a9698cc	Windows	This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.	7a9698cc75dc079ec4186faae460d4ca	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 17d48b5318fc9d45eb21d19793e3a699c5c95bd67bb8ca8cc240db9d69f6c770 SHA1: 3b82fd1201a89500c86b457e416a21446df90032 MD5: 7a9698cc75dc079ec4186faae460d4ca
M20-4th01	Chthonic_b678aff5	Windows	This strike sends a malware sample known as Chthonic. Chthonic is a banking trojan that is normally delivered by the attacker via phishing emails. Its purpose is to exfiltrate sensitive credentials from the victim machine, and has also been seen delivering other malware like AZORult to perform additional functionality.	b678aff5be1fff867d80ca4a0c8309f7	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 031a584697feeecc9014a8d021576b1964545a96bf652a4102179b405aa4cf5c SHA1: ef8965cfb68984a1c3544ac758af8ee357be3d3b MD5: b678aff5be1fff867d80ca4a0c8309f7
M20-nuu01	Maze_5a568b2a	Windows	This strike sends a malware sample known as Maze. Maze malware also known as ChaCha ransomware is known for not only encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult.	5a568b2a5e62e7889f1a8dfaf64d3a7c	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/ SHA256: 0d8b74e1e9eb07e3e0c1c480153cc138ffb13fb0e2bb417b20f7ba9b5186e571 SHA1: 31fd982ba7e08d81e9c59b91afb7c023958dbdec MD5: 5a568b2a5e62e7889f1a8dfaf64d3a7c
M20-qqx01	GenericKidz_1faca9c8	Windows	This strike sends a malware sample known as GenericKidz. GenericKidz is a Delphi application that installs the Hawkeye spyware. It utilizes the Windows Autostart registry key to achieve persistence upon a system reboot.	1faca9c8ed5d600cc1972c17943507b7	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-057 SHA256: 2ce6928f41662856507bed0a7073b80e8504b7760f3c8b787543d25db7d5c1ed SHA1: 6bd30b6d6dc44d2881f87f200776e09a260dfdb0 MD5: 1faca9c8ed5d600cc1972c17943507b7
M20-b0501	Cerber_3441dcf7	Windows	This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.	3441dcf7cae2b362ed94147259d95977	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 09029946caf0de395b14a26364354dd32679aee7c7eb22c5e8c04775c0d3d538 SHA1: 31ab7d939d7eac34b658146e9a02c002dd6fe3f3 MD5: 3441dcf7cae2b362ed94147259d95977
M20-2iv01	Cerber_14dea99a	Windows	This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.	14dea99adcd67477f247c9dd1a8189c3	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 1b10ca8a96db74c1748019566edeca9b8967665c12264f5969ee30bd11ef1504 SHA1: 6fc55c7d36c0b714f00d946d5b8f050671addbf5 MD5: 14dea99adcd67477f247c9dd1a8189c3
M20-gxx01	Chthonic_c1d322b8	Windows	This strike sends a malware sample known as Chthonic. Chthonic is a banking trojan that is normally delivered by the attacker via phishing emails. Its purpose is to exfiltrate sensitive credentials from the victim machine, and has also been seen delivering other malware like AZORult to perform additional functionality.	c1d322b838b40a2f040e3f22e1fb4f41	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 1fbb6393e4cf576e0f11b615e0990a8b2134b0ea0e9ec58374f7e7f49125d6f4 SHA1: b1245503bd123de66e2a1183b6c08010f2a03194 MD5: c1d322b838b40a2f040e3f22e1fb4f41
M20-5sp01	Cerber_a968db00	Windows	This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.	a968db00332971d364e7a17386ce7ad8	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 10ab9740564dc471636c8006f6bd36c3f6762e87859f912e337709b26dab6c15 SHA1: 09ca57c61961025212d4219986b4e3639410f517 MD5: a968db00332971d364e7a17386ce7ad8
M20-shy01	Ragnar	Windows	This strike sends a malware sample known as Ragnar Locker. This malware is known as Ragnar Locker. Ragnar Locker is a ransomware that encrypts infected systems and demands a bitcoin ransom in order to decrypt the data. It infects these systems through unsecured RDP connections, and then uses MSP tools to push Powershell scripts to all available endpoints. Next these scripts will download a payload from Pastebin, that executes the ransomware.	1ee5456c1226affd7b72bcdf3db443b7	https://www.deepinstinct.com/2020/04/27/ragnar-locker-ransomware-unlocked-by-deep-instinct/ SHA256: dd5d4cf9422b6e4514d49a3ec542cffb682be8a24079010cda689afbb44ac0f4 SHA1: e22344a92c91b567a6cba7eb66686c438d479462 MD5: 1ee5456c1226affd7b72bcdf3db443b7
M20-hxt01	Ragnar	Windows	This strike sends a malware sample known as Ragnar Locker. This malware is known as Ragnar Locker. Ragnar Locker is a ransomware that encrypts infected systems and demands a bitcoin ransom in order to decrypt the data. It infects these systems through unsecured RDP connections, and then uses MSP tools to push Powershell scripts to all available endpoints. Next these scripts will download a payload from Pastebin, that executes the ransomware.	6d122b4bfab5e75f3ae903805cbbc641	https://www.deepinstinct.com/2020/04/27/ragnar-locker-ransomware-unlocked-by-deep-instinct/ SHA256: 68eb2d2d7866775d6bf106a914281491d23769a9eda88fc078328150b8432bb3 SHA1: 5197d1b54494f8cb043759b35e097c660a9e09ac MD5: 6d122b4bfab5e75f3ae903805cbbc641
M20-zsv01	Ragnar	Windows	This strike sends a malware sample known as Ragnar Locker. This malware is known as Ragnar Locker. Ragnar Locker is a ransomware that encrypts infected systems and demands a bitcoin ransom in order to decrypt the data. It infects these systems through unsecured RDP connections, and then uses MSP tools to push Powershell scripts to all available endpoints. Next these scripts will download a payload from Pastebin, that executes the ransomware.	00fb3f27bccef7c5658ff9f5ce487cec	https://www.deepinstinct.com/2020/04/27/ragnar-locker-ransomware-unlocked-by-deep-instinct/ SHA256: b670441066ff868d06c682e5167b9dbc85b5323f3acfbbc044cabc0e5a594186 SHA1: c24fedb9b8a592722d5a9adb34d276fc3b329d6f MD5: 00fb3f27bccef7c5658ff9f5ce487cec
M20-c3c01	Maze_8bb9bf4b	Windows	This strike sends a malware sample known as Maze. Maze malware also known as ChaCha ransomware is known for not only encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult.	8bb9bf4b8be1141c4cdc4d435bfe7d0e	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/ SHA256: 0fb01d846e2682ed2507367d2d4537c45800304410b270a13e94f1ca778d161e SHA1: dfc77a86fb58c2aa04b6b0399eea6dd0d642baa0 MD5: 8bb9bf4b8be1141c4cdc4d435bfe7d0e
M20-lx201	Maze_8540030a	Windows	This strike sends a malware sample known as Maze. Maze malware also known as ChaCha ransomware is known for not only encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult.	8540030a0ea3e18e84af7ce026ab9cad	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/ SHA256: a6ac82fc87e552476a77c8d22e2d1d64fa17cc3dea9f428a53776354c97825b2 SHA1: 4ccfe4cf5839024e768520c63e3a1982eee092f0 MD5: 8540030a0ea3e18e84af7ce026ab9cad
M20-nwz01	Maze_2fbd1097	Mixed	This strike sends a malware sample known as Maze. Maze malware also known as ChaCha ransomware is known for not only encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult.	2fbd10975ee65845a18af6b7488a5236	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/ SHA256: 7e3ab96d2628e0a9970802b47d0356dc9b99994d7f98492d4e70a5384891695a SHA1: 9806dfc1cf337f4f27c3469ba40f6c189b6d20c8 MD5: 2fbd10975ee65845a18af6b7488a5236
M20-69e01	GenericKidz_c2896bc7	Windows	This strike sends a malware sample known as GenericKidz. GenericKidz is a Delphi application that installs the Hawkeye spyware. It utilizes the Windows Autostart registry key to achieve persistence upon a system reboot.	c2896bc7bc97a3d4b93539403649fa9d	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: ce44dd760f7ac7402279368416c194c993f454ddb2e88a72bb73354f454c4d40 SHA1: 5b3c86aa0cc8431f583885933db61c13c4e35b69 MD5: c2896bc7bc97a3d4b93539403649fa9d
M20-2bn01	Cerber_690b5684	Windows	This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.	690b5684c5a82b42b22d54e3691903d4	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 15c3a3254008702641bdf20c7e32bd5afd317bde685c21a38a6e00eabd9d91a7 SHA1: 717bd79ba156d417694c95a8570174a615a601d2 MD5: 690b5684c5a82b42b22d54e3691903d4
M20-5uy01	Cerber_694d096a	Windows	This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.	694d096af90e04bf409c0633179789f7	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 072a4c4b5d8d97d3d9c678aacf7d9a73609e346ae563b330098ac20c4dd3945d SHA1: 4c4c0bd798b9556ebb18e2248f37284dc71438a2 MD5: 694d096af90e04bf409c0633179789f7
M20-dys01	Cerber_f3b921b7	Windows	This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.	f3b921b7d63f3f99bef732169ed4dfde	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 0b4eaa008cf3fa9b5b9e2413d520fc8e20c9f826976a1c48040644148a9d176a SHA1: c1b39c48d31fa2cc8401a9bf8aa79890217bc6b9 MD5: f3b921b7d63f3f99bef732169ed4dfde
M20-u2w01	Cerber_fffc65ba	Windows	This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.	fffc65baf12eaa1897d15d4cb99dd885	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 081992320357213e05b0c14f914f85dc108ccd96c442ed01c2e0a929c28081ba SHA1: 4ff489628198bb7380b3dfd365a4e9672c0b58b8 MD5: fffc65baf12eaa1897d15d4cb99dd885
M20-dkg01	Maze_c09af442	Mixed	This strike sends a malware sample known as Maze. Maze malware also known as ChaCha ransomware is known for not only encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult.	c09af442e8c808c953f4fa461956a30f	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/ SHA256: 97043f23defd510607ff43201bb03b9916a23bd71b5bdf97db357e5026732506 SHA1: 7b0b06069aca88f8d13176be5b285194f546904a MD5: c09af442e8c808c953f4fa461956a30f
M20-uv601	Maze_e5f4b224	Windows	This strike sends a malware sample known as Maze. Maze malware also known as ChaCha ransomware is known for not only encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult.	e5f4b2242a57b3f00c2c4feee2df9671	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/ SHA256: 042273f30363405ee416ca4dae6f0279668dfc5ea742c0e265b9553798a90ae5 SHA1: a62d4bf7b4d0e04b681f18ffaa2b904caf47920d MD5: e5f4b2242a57b3f00c2c4feee2df9671
M20-0qk01	Cerber_57a5aaec	Windows	This strike sends a polymorphic malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber".The binary has random contents appended in one of the existing sections in the PE file format.	57a5aaecd4fd8261c9d527599d42a9b0	https://arxiv.org/abs/1801.08917 SHA256: 710a4e7339bbe22a8cf32d5eb626846893f6900ff508e2c883cde8ab6a92edcf SHA1: a0e198df945392f5ec4d38436fa422322bb61eca PARENTID: M20-qcm01 SSDEEP: 6144:qPvsAaRn+h+/qM5gEZGmJ4swsCTUrHvHP/jvHbfbU4RtwI5Mg8QC1N1u:eGRn+4d57ZGy4D3KwcMgilu MD5: 57a5aaecd4fd8261c9d527599d42a9b0
M20-a6d01	Cerber_2fc84f19	Windows	This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.	2fc84f19ff76dbd2eb9ea2a66167ed29	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 18f9701f2516d860384b0796815c163f2c7b2dd5cde6d8d1b479a3d68d65a194 SHA1: 1e202a09cc2f384e14bae9ca44b739ed273d5e00 MD5: 2fc84f19ff76dbd2eb9ea2a66167ed29
M20-ey101	Maze_b02be7a3	Windows	This strike sends a malware sample known as Maze. Maze malware also known as ChaCha ransomware is known for not only encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult.	b02be7a336dcc6635172e0d6ec24c554	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/ SHA256: 0f1cbf09b19fc9963742e3f60def1434fa86ac760790fb974a6b5fcd81b4881f SHA1: a58b45f6ac4c4fbcf938de01ee1e585fe3715fd6 MD5: b02be7a336dcc6635172e0d6ec24c554
M20-9l601	Chthonic_431bae5b	Windows	This strike sends a malware sample known as Chthonic. Chthonic is a banking trojan that is normally delivered by the attacker via phishing emails. Its purpose is to exfiltrate sensitive credentials from the victim machine, and has also been seen delivering other malware like AZORult to perform additional functionality.	431bae5bc5941c98f202be23a406a073	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 781a3db07da4ed20bbcfa7c481c525cf6282b0f9eb3fbdfff0baa2356294bb34 SHA1: 2c68a36590f77ef2c3a8f46e95faff59f58225ea MD5: 431bae5bc5941c98f202be23a406a073
M20-rgm01	Ragnar	Windows	This strike sends a malware sample known as Ragnar Locker. This malware is known as Ragnar Locker. Ragnar Locker is a ransomware that encrypts infected systems and demands a bitcoin ransom in order to decrypt the data. It infects these systems through unsecured RDP connections, and then uses MSP tools to push Powershell scripts to all available endpoints. Next these scripts will download a payload from Pastebin, that executes the ransomware.	6171000983cf3896d167e0d8aa9b94ba	https://www.deepinstinct.com/2020/04/27/ragnar-locker-ransomware-unlocked-by-deep-instinct/ SHA256: 9bdd7f965d1c67396afb0a84c78b4d12118ff377db7efdca4a1340933120f376 SHA1: b155264bbfbad7226b5eb3be2ab38c3ecd9f3e18 MD5: 6171000983cf3896d167e0d8aa9b94ba
M20-wlr01	GenericKidz_3c885353	Windows	This strike sends a malware sample known as GenericKidz. GenericKidz is a Delphi application that installs the Hawkeye spyware. It utilizes the Windows Autostart registry key to achieve persistence upon a system reboot.	3c885353717f05e99153623439feda5e	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 47083ad7c0c9741e69eb4575f4b89b999519e80e044839edf3cc3fb228b9733b SHA1: a1dba065907f493429ee9e62f85eaed8ba57a654 MD5: 3c885353717f05e99153623439feda5e
M20-8lt01	GenericKidz_7bb5c3fe	Windows	This strike sends a malware sample known as GenericKidz. GenericKidz is a Delphi application that installs the Hawkeye spyware. It utilizes the Windows Autostart registry key to achieve persistence upon a system reboot.	7bb5c3fed88c6e84f6d6f731d4de6210	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 7902a68c192bef55edd8429d07c6bbcbe30c601a3fc41d35186eb4cb0592f1f1 SHA1: a4897fa9bd44e46e1415c77a0e0fa54ebb93455e MD5: 7bb5c3fed88c6e84f6d6f731d4de6210
M20-hji01	SNAKE_3d1cc4ef	Windows	This strike sends a malware sample known as SNAKE. SNAKE, also known as EKANS, is a ransomware that encrypts all processes related to SCADA Systems, Virtual Machines, Industrial Control Systems, Remote Management Tools, and other various Network Software on a system. The purpose of this ransomware is to go after all devices that are connected to the target and not one speciifc machine. The malware is written in GOLANG and contains a higher level of obfuscation than typically seen in ransomware.	3d1cc4ef33bad0e39c757fce317ef82a	https://www.tripwire.com/state-of-security/security-data-protection/massive-spike-in-snake-ransomware-activity-attributed-to-new-campaign/ https://twitter.com/VK_Intel/status/1214333066245812224 SHA256: e5262db186c97bbe533f0a674b08ecdafa3798ea7bc17c705df526419c168b60 SHA1: f34e4b7080aa2ee5cfee2dac38ec0c306203b4ac MD5: 3d1cc4ef33bad0e39c757fce317ef82a
M20-uy601	Maze_b6786f14	Windows	This strike sends a malware sample known as Maze. Maze malware also known as ChaCha ransomware is known for not only encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult.	b6786f141148925010122819047d1882	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/ SHA256: c84b2c7ec20dd835ece13d5ae42b30e02a9e67cc13c831ae81d85b49518387b9 SHA1: 9e6e19c145cbf359c0a151b38d17e30ccbad6f4b MD5: b6786f141148925010122819047d1882
M20-p4x01	Ragnar	Windows	This strike sends a polymorphic malware sample known as Ragnar Locker. Ragnar Locker is a ransomware that encrypts infected systems and demands a bitcoin ransom in order to decrypt the data. It infects these systems through unsecured RDP connections, and then uses MSP tools to push Powershell scripts to all available endpoints. Next these scripts will download a payload from Pastebin, that executes the ransomware.The binary has random contents appended in one of the existing sections in the PE file format.	f64a645f4d106e30cfbf076d43b40528	https://arxiv.org/abs/1801.08917 SHA256: f462c3d2797b8d9b580a5749cae74c92f5841e6bf80100fdaaad976cf60c2aad SHA1: c584c9a6ade80fd1f890b70fd288c9365487f0bd PARENTID: M20-kcc01 SSDEEP: 768:BpBsvKMNyoq65co7Bjd/3oqab0k3R2pXlj+Cnk:BpPM4o4qFoqaXC+L MD5: f64a645f4d106e30cfbf076d43b40528
M20-her01	Cerber_f53c055c	Windows	This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.	f53c055c2838d768ef530df3825188e2	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 078398933742904fe3bf5aeb856505bac9a255a1c1eeddf9705c29d411a7bee8 SHA1: 3303ae2218362ad4012d24369eda1e35e066f604 MD5: f53c055c2838d768ef530df3825188e2
M20-0i501	Maze_c9ea6430	Windows	This strike sends a malware sample known as Maze. Maze malware also known as ChaCha ransomware is known for not only encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult.	c9ea6430da4e72b672ce29e56ecad603	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/ SHA256: dee863ffa251717b8e56a96e2f9f0b41b09897d3c7cb2e8159fcb0ac0783611b SHA1: 31c3f7b523e1e406d330958e28882227765c3c5e MD5: c9ea6430da4e72b672ce29e56ecad603
M20-bnh01	GenericKidz_f70fe9f1	Windows	This strike sends a malware sample known as GenericKidz. GenericKidz is a Delphi application that installs the Hawkeye spyware. It utilizes the Windows Autostart registry key to achieve persistence upon a system reboot.	f70fe9f15d99e75b4151878b2a529d7c	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 1844b3b59e94ea263279fe882a6652fe936a0b0b13bbd21f1d3cd609aacf9b07 SHA1: b82f782be065a159f6fe77b374071635a9ddfe0c MD5: f70fe9f15d99e75b4151878b2a529d7c
M20-onw01	Ragnar	Windows	This strike sends a malware sample known as Ragnar Locker. This malware is known as Ragnar Locker. Ragnar Locker is a ransomware that encrypts infected systems and demands a bitcoin ransom in order to decrypt the data. It infects these systems through unsecured RDP connections, and then uses MSP tools to push Powershell scripts to all available endpoints. Next these scripts will download a payload from Pastebin, that executes the ransomware.	0fbbc59d4fe280a55c1fb6f5502c1e73	https://www.deepinstinct.com/2020/04/27/ragnar-locker-ransomware-unlocked-by-deep-instinct/ SHA256: 63096f288f49b25d50f4aea52dc1fc00871b3927fa2a81fa0b0d752b261a3059 SHA1: af53890ed1d4753e7493d48862bdd7d18a2b11f6 MD5: 0fbbc59d4fe280a55c1fb6f5502c1e73
M20-qsb01	Ragnar	Windows	This strike sends a malware sample known as Ragnar Locker. This malware is known as Ragnar Locker. Ragnar Locker is a ransomware that encrypts infected systems and demands a bitcoin ransom in order to decrypt the data. It infects these systems through unsecured RDP connections, and then uses MSP tools to push Powershell scripts to all available endpoints. Next these scripts will download a payload from Pastebin, that executes the ransomware.	7529e3c83618f5e3a4cc6dbf3a8534a6	https://www.deepinstinct.com/2020/04/27/ragnar-locker-ransomware-unlocked-by-deep-instinct/ SHA256: ec35c76ad2c8192f09c02eca1f263b406163470ca8438d054db7adcf5bfc0597 SHA1: 0f944504eebfca5466b6113853b0d83e38cf885a MD5: 7529e3c83618f5e3a4cc6dbf3a8534a6
M20-bc001	Cerber_608b841c	Windows	This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.	608b841c52758d52facc067c443706fc	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 0a280fb6afce1778478df3f8b1f962ea46aa865b27c88d7ca75368029580773e SHA1: 767621b4d4c9d31074a670ed747becfce0cfc386 MD5: 608b841c52758d52facc067c443706fc
M20-a3d01	GenericKidz_5a99a2dd	Windows	This strike sends a malware sample known as GenericKidz. GenericKidz is a Delphi application that installs the Hawkeye spyware. It utilizes the Windows Autostart registry key to achieve persistence upon a system reboot.	5a99a2dd0525714396061c7504ea20fe	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: ab5d820fc7e40a39109653d0601d337487ed8b329a9a98fef128d29dd86d0a02 SHA1: 272d1ba756bff3795113d6d8c09fabb184b34667 MD5: 5a99a2dd0525714396061c7504ea20fe
M20-u9801	Chthonic_c8bba81e	Windows	This strike sends a malware sample known as Chthonic. Chthonic is a banking trojan that is normally delivered by the attacker via phishing emails. Its purpose is to exfiltrate sensitive credentials from the victim machine, and has also been seen delivering other malware like AZORult to perform additional functionality.	c8bba81ea0611dbc891c3758147b6fae	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 5dd350e1e1f1ed234d2c90e8b5f67e5e101362e03ae00f10b824c7f00f8660cd SHA1: c741bd252b54ea2f4cf485777c19acfc74e8792a MD5: c8bba81ea0611dbc891c3758147b6fae
M20-gie01	Chthonic_502b1b65	Windows	This strike sends a malware sample known as Chthonic. Chthonic is a banking trojan that is normally delivered by the attacker via phishing emails. Its purpose is to exfiltrate sensitive credentials from the victim machine, and has also been seen delivering other malware like AZORult to perform additional functionality.	502b1b65f1c1a4fd2361d099e974a898	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 7e5bc9f6c66a319309e81857b8232fc05acc203522d9114b9e3cc5f54c1b9986 SHA1: c31e6f03bfe79598958b22c773d621104a89bd64 MD5: 502b1b65f1c1a4fd2361d099e974a898
M20-tw901	Chthonic_370baeff	Windows	This strike sends a malware sample known as Chthonic. Chthonic is a banking trojan that is normally delivered by the attacker via phishing emails. Its purpose is to exfiltrate sensitive credentials from the victim machine, and has also been seen delivering other malware like AZORult to perform additional functionality.	370baeff15dcd74c3ed1b9fd1128a962	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 63394c768a993b74c0e06aabda3fee9a9a67571764ffe60353347b0315e6c87c SHA1: e1f7316b11a02b3bea58d02fe05a53bc8a903e36 MD5: 370baeff15dcd74c3ed1b9fd1128a962
M20-dw101	GenericKidz_e3c0bf52	Windows	This strike sends a malware sample known as GenericKidz. GenericKidz is a Delphi application that installs the Hawkeye spyware. It utilizes the Windows Autostart registry key to achieve persistence upon a system reboot.	e3c0bf52abab62e7f6427d7984a30509	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 454100af51eec868d71d2994dc370aad164375d4b640bfddce831ee3fa940b8f SHA1: 40c5576699e1c003a3a9c12da8a173729d31af07 MD5: e3c0bf52abab62e7f6427d7984a30509
M20-daf01	Cerber_af3cc204	Windows	This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.	af3cc2049b1c06a001a456e2bb2caf66	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 0230d78c972d399f627b228776f2d8e96b717da068a128ace4b69067419708d6 SHA1: b1f164a36fab8cde80f2dc3fa04554558e27519d MD5: af3cc2049b1c06a001a456e2bb2caf66
M20-m2h01	Chthonic_bb5fbb93	Windows	This strike sends a malware sample known as Chthonic. Chthonic is a banking trojan that is normally delivered by the attacker via phishing emails. Its purpose is to exfiltrate sensitive credentials from the victim machine, and has also been seen delivering other malware like AZORult to perform additional functionality.	bb5fbb9372ad0247b0bbdff420a0a477	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 2ff4747e01031d470d5feae7e5073aa34aff489f29cbed18502960baf7dcfebe SHA1: bdf60ae370120d75a827ea8e85833cab106b9d34 MD5: bb5fbb9372ad0247b0bbdff420a0a477
M20-qcm01	Cerber_a209900f	Windows	This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.	a209900fe0ec106ab8c651a7cbc99aa5	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 1ba1f09c7e2fd18f2577a62a3103461c1f09610304571e1eb055687a65b03fae SHA1: 11a4e53f43e2f5a3fc3596862822b9e527f99990 MD5: a209900fe0ec106ab8c651a7cbc99aa5
M20-dk201	Cerber_3af67275	Windows	This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.	3af672751c54a91f1175397ee62e536d	https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html SHA256: 11bc5389a0c2d2f5a5fd68630cd8e46f3fdcb3ba434492e7ee71544a70986930 SHA1: ea6cc3dfb1248ba82d270a5024f416fb322cb95a MD5: 3af672751c54a91f1175397ee62e536d
M20-ogi01	Ragnar	Windows	This strike sends a malware sample known as Ragnar Locker. This malware is known as Ragnar Locker. Ragnar Locker is a ransomware that encrypts infected systems and demands a bitcoin ransom in order to decrypt the data. It infects these systems through unsecured RDP connections, and then uses MSP tools to push Powershell scripts to all available endpoints. Next these scripts will download a payload from Pastebin, that executes the ransomware.	5b06303cdf191dae161e849841f8aff4	https://www.deepinstinct.com/2020/04/27/ragnar-locker-ransomware-unlocked-by-deep-instinct/ SHA256: 5fc6f4cfb0d11e99c439a13b6c247ec3202a9a343df63576ce9f31cffcdbaf76 SHA1: 64b99b55f0a1ec4f8f30897a460c574300a8acbd MD5: 5b06303cdf191dae161e849841f8aff4