Malware Update 2018

Malware Monthly Strikes

Malware December
Malware November
Malware October
Malware September
Malware August
Malware July
Malware June
Malware May
Malware April
Malware March
Malware February
Malware January

Note: New metadata fields were added to all previous malware builds: fileExtension, fileSize, <reference... type="sha1">, <reference... type="md5">, <reference... type="sha256">.


Malware Strikes December - 2018

Back to top Windows
Strike ID Malware Platform Info MD5 External References
M18-6zq01Triusor_86ccc97bWindows This strike sends a malware sample known as Triusor. Triusor is a highly polymorphic malware family. All the binaries are packed and obfuscated to hinder the static analysis. The malware contains code that complicates the dynamic analysis. Once it is executed, the samples perform code injection.86ccc97b747d7cbc76bae4bf1bdf651281bea2a893e787dafc1f4b03201a155d6c44209d 86ccc97b747d7cbc76bae4bf1bdf6512 0bc3007209f850ac764646065dcc8fdd85c46425dc98d72631e51045ba36069c https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-39001Triusor_0607065eWindows This strike sends a malware sample known as Triusor. Triusor is a highly polymorphic malware family. All the binaries are packed and obfuscated to hinder the static analysis. The malware contains code that complicates the dynamic analysis. Once it is executed, the samples perform code injection.0607065e4cc014b3b7476c988f6a0b4051a24aa6903a1dc3411537e3c7e909ae7ec09e5b 0607065e4cc014b3b7476c988f6a0b40 9e76c9877cb6820ff88937ee158cd59cbe16b9eb26526f0f1ec39d09601dca05 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-gd001Donoff_3cca9fc6Mixed This strike sends a malware sample known as Donoff. Donoff is a malicious Microsoft Office document that leverages the Windows Command shell to launch PowerShell and download and execute an executable.3cca9fc676659a1fae4c6a8fff9e0e207751ff9750955bc8e5576e12bd06008f00f1f9f2 3cca9fc676659a1fae4c6a8fff9e0e20 19badf1bbaa2ba68db14bf76e88b11a29492fb8d0cf180b83736a55d23a402be https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-62c01Xls.Dropper.Donoff_bd57ed1eMixed This strike sends a malware sample known as Xls.Dropper.Donoff. Donoff is a payload delivery Office document that leverages the Windows Command shell to launch PowerShell to download and execute an executable. The MD5 hash of this Xls.Dropper.bd57ed1e6203e3f3fa62ed4c4d9b9b9c52bf032f08f8d5806a777cbd00a8e22705d17c6f bd57ed1e6203e3f3fa62ed4c4d9b9b9c 0587d2fd8a94400a1a8f87a59111b4ec53c69ab7e4a50e6a4c7dd6eb7590e0b3 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-lvm01Win.Trojan.Emotet_ca21b7d8Windows This strike sends a malware sample known as Win.Trojan.Emotet. Emotet is a banking trojan that has remained relevant due to its continual evolution to better avoid detection. It is commonly spread via malicious emails, and saw a resurgence recently during Black Friday. The MD5 hash of this Win.Trojan.ca21b7d81598c7cbbe5e4962765a376f8cee4684677a59e6c8060d34590ee0310759fd66 ca21b7d81598c7cbbe5e4962765a376f 3567201c7de66370aa8eb0bd6242b0ce6edf3d4326c2255828470407a2a124b3 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-zpw01Triusor_d0b71e03Windows This strike sends a malware sample known as Triusor. Triusor is a highly polymorphic malware family. All the binaries are packed and obfuscated to hinder the static analysis. The malware contains code that complicates the dynamic analysis. Once it is executed, the samples perform code injection.d0b71e03bb71785f5cce3bb7a5c4ef42d78e553578d5aef541b20e619d0ac0b0742c9e19 d0b71e03bb71785f5cce3bb7a5c4ef42 3822de7241c17afa298071ab05ea0552456c7b9e78f2655b3471554f972520cf https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-g7z01Xls.Dropper.Donoff_c65fb06aMixed This strike sends a malware sample known as Xls.Dropper.Donoff. Donoff is a payload delivery Office document that leverages the Windows Command shell to launch PowerShell to download and execute an executable. The MD5 hash of this Xls.Dropper.c65fb06a84caab2a3c91119f4184ec3e3cd02d1e37cde6598e2b36904349c645a719de0d c65fb06a84caab2a3c91119f4184ec3e 99b43c4080202b48a2a729ed28dac8e3b98cd837494b2e419d71e7693b0652b8 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-y1001Donoff_e6b68bc8Mixed This strike sends a malware sample known as Donoff. Donoff is a malicious Microsoft Office document that leverages the Windows Command shell to launch PowerShell and download and execute an executable.e6b68bc88fb560f12a377b95ab3c13af02ebd10101e0540014df56d5aeb2bb0aba7ac042 e6b68bc88fb560f12a377b95ab3c13af 0b2a44c3b90bfc7c26605321c75fdc9703d67f71849cf106ef1e9fbd3160c533 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-hxi01Esfury_0f1d1f4cWindows This strike sends a malware sample known as Esfury. Autorunner is in the Esfury family. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.0f1d1f4cd097684180f8133e4d0642d95d7e436434c47a4e1dbf5ac3ad75590ccd681416 0f1d1f4cd097684180f8133e4d0642d9 09a8a4d6b7e8d68dcbf7279923f5d8322e4d46dea86ca1da0f553bdb1f5fc222 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html
M18-nn901Triusor_db9f71f9Windows This strike sends a malware sample known as Triusor. Triusor is a highly polymorphic malware family. All the binaries are packed and obfuscated to hinder the static analysis. The malware contains code that complicates the dynamic analysis. Once it is executed, the samples perform code injection.db9f71f9a64a5aef6ace9ed30addbe0f0d98c5ae08adc0c4fa496a6cc81e1a9ee85e9e70 db9f71f9a64a5aef6ace9ed30addbe0f db6317729cabcb31a4be51a3cc281bffc5dd38a8164861c4d7fe7a0be386f892 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-98301Valyria_42893e13Mixed This strike sends a malware sample known as Valyria. Valyria is a malicious Microsoft Word document family that is used to distribute other malware. This campaign is currently spreading Emotet.42893e139246458afa15464117cfecde999593d85a85f61666566d40ff6e8613dd723f3b 42893e139246458afa15464117cfecde 500fe0e5847b6677fa8b91073d3c0fca1d80fef35cafd57b95634abab8973d42 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-2p301Doc.Malware.00536d_bf64ed9eMixed This strike sends a malware sample known as Doc.Malware.00536d. Doc.Malware.00536d is the denomination of a set of malicious documents that leverage VBA and PowerShell to install malware on the system. These documents usually convince the user to enable macros that, if executed, will download and install additional malware on the system. The MD5 hash of this Doc.Malware.bf64ed9eb96d8584979c021b046582bcaf25b8ca38e2b9ab56fd0238bc1642b8802f3d91 bf64ed9eb96d8584979c021b046582bc ecbb1cacd8390963a669b92cdd6a78f3e3dfffa93e794dde7426d4ef2780fab4 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-2wg01Donoff_1a0820ddMixed This strike sends a malware sample known as Donoff. Donoff is a malicious Microsoft Office document that leverages the Windows Command shell to launch PowerShell and download and execute an executable.1a0820dd4f6910e2e2684650f8d7f65ac508cbe8e34a13d45baedc1a4bb283d6041e684f 1a0820dd4f6910e2e2684650f8d7f65a 2af5928b3dfeaeff2556b7fbf27ef564c0a67457ef2ec6ac41dcfdb214b84856 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-pem01Donoff_f760b521Mixed This strike sends a malware sample known as Donoff. Donoff is a malicious Microsoft Office document that leverages the Windows Command shell to launch PowerShell and download and execute an executable.f760b52142693a7babf374dce0ec6ec439139c54462bf9253e5da83c695170fb4f0f205a f760b52142693a7babf374dce0ec6ec4 1792e52f31de940e6d233967b62bd6712deae048fc110ba38cea000314781c16 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-4os01Donoff_81f63312Mixed This strike sends a malware sample known as Donoff. Donoff is a malicious Microsoft Office document that leverages the Windows Command shell to launch PowerShell and download and execute an executable.81f63312e5bf0ca60984249974cbb8d1e0bf9ab67d5ef5f0db89d5f7ad5f0121f0861b7b 81f63312e5bf0ca60984249974cbb8d1 06aa7214d492067f4f6a8aa0a910b5b32aee7734e0525a471bb2ca111ee6f3d0 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-zsk01Esfury_2a8187aaWindows This strike sends a malware sample known as Esfury. Autorunner is in the Esfury family. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.2a8187aa944732f506fb38d000c9464ba48fe658c2c65bd67d9a8db9508cd80c4a8d0d7d 2a8187aa944732f506fb38d000c9464b 05d0ef6586355e9255a5723ae5909602de6def71e64f3e1838211bb0d3c9de81 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html
M18-tc401Valyria_e080607bMixed This strike sends a malware sample known as Valyria. Valyria is a malicious Microsoft Word document family that is used to distribute other malware. This campaign is currently spreading Emotet.e080607b757f20d93263cb9e2741e1dd2cd00e526452b6cf3615b0bd7a2e3918ff38014c e080607b757f20d93263cb9e2741e1dd 61da1d5f5a0e508f1b79fee2a8ed00b37970f5c967cdfbf4a7933163752d777a https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-0eo01Donoff_80d4b98eMixed This strike sends a malware sample known as Donoff. Donoff is a malicious Microsoft Office document that leverages the Windows Command shell to launch PowerShell and download and execute an executable.80d4b98ed3542939f6de5591b98050db7c4f3359fb23aa3d9f36202b939e14fd9f738fe6 80d4b98ed3542939f6de5591b98050db 0a12a0000a78dfa623f71b0274df5b54f14dea7ddfe0799ad09cd76db2340441 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-9mo01Triusor_8f62d9d2Windows This strike sends a malware sample known as Triusor. Triusor is a highly polymorphic malware family. All the binaries are packed and obfuscated to hinder the static analysis. The malware contains code that complicates the dynamic analysis. Once it is executed, the samples perform code injection.8f62d9d276c84b8e36a16aac91d4d33d7e2a07490b52a873f4c38a6f2c52dbcd209c94f5 8f62d9d276c84b8e36a16aac91d4d33d 9df2784ba1fd594ab90357d799b26e0fa3abca65a5744ce3d62993d74b0f7e0f https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-1yr01Donoff_c1ced218Mixed This strike sends a malware sample known as Donoff. Donoff is a malicious Microsoft Office document that leverages the Windows Command shell to launch PowerShell and download and execute an executable.c1ced218ba05ead3906d899b096f9bf292f35bd2199d16c93461d76b0ebe05d7e3bed110 c1ced218ba05ead3906d899b096f9bf2 0fe0f094572df903940dd8394c4c5c307705bb4146c794e77793f74a1e873327 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-70o01Donoff_0c15821aMixed This strike sends a malware sample known as Donoff. Donoff is a malicious Microsoft Office document that leverages the Windows Command shell to launch PowerShell and download and execute an executable.0c15821af957c5b9e3be928a7b3d1a0952d7f3960f27f4a2e49ad288fcf17b82b9b38f25 0c15821af957c5b9e3be928a7b3d1a09 2caaf8bad60e3e663993727b5ff26d685fb511892f90939d04e5f92765154687 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-29o01Triusor_2eaf5b9bWindows This strike sends a malware sample known as Triusor. Triusor is a highly polymorphic malware family. All the binaries are packed and obfuscated to hinder the static analysis. The malware contains code that complicates the dynamic analysis. Once it is executed, the samples perform code injection.2eaf5b9b0d6fb8cbc179125dcd50cb25fa80b66470872d3dc29ff8db07ea64118083865f 2eaf5b9b0d6fb8cbc179125dcd50cb25 68d400f36ef0ac8869499a0185fc52a7d22add5a137fcdd9d73b7e47d8514049 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-pgu01Donoff_da60d8f2Mixed This strike sends a malware sample known as Donoff. Donoff is a malicious Microsoft Office document that leverages the Windows Command shell to launch PowerShell and download and execute an executable.da60d8f26c1991efd1153a0f5e70b57ce8b0d7d1bb9445be206ed77a4c8cc9a944206981 da60d8f26c1991efd1153a0f5e70b57c 043a80eab9723a815096c7338c14105011f90c8fe1fe86a02c7c763726cfaa2a https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-jz401Donoff_6df1613fMixed This strike sends a malware sample known as Donoff. Donoff is a malicious Microsoft Office document that leverages the Windows Command shell to launch PowerShell and download and execute an executable.6df1613f5b8788f662c500f948d66ed99a42bf0aac09a65d89cc419dba1e1a21f4bf2f73 6df1613f5b8788f662c500f948d66ed9 16fa280526ab5a33bf77f4f86ffcf2a0b54c0733e26a2e070e724981927d1ad8 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-doe03Esfury_dcb71480Windows This strike sends a malware sample known as Esfury. Autorunner is in the Esfury family. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.dcb714802afee98cea089c4550948ae307d9942d0c4d33cc911d3cb2c8e66ea992b113d5 dcb714802afee98cea089c4550948ae3 027b08647ec8a4976897114dcac6810acb215dc13805edd0986d4bce04528f59 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html
M18-v3501Win.Trojan.Emotet_10f92b8aWindows This strike sends a malware sample known as Win.Trojan.Emotet. Emotet is a banking trojan that has remained relevant due to its continual evolution to better avoid detection. It is commonly spread via malicious emails, and saw a resurgence recently during Black Friday. The MD5 hash of this Win.Trojan.10f92b8a6eaed33bd0f339e47953ad3b2ba0c793b428293a27e9e1e913df2e436469fa2a 10f92b8a6eaed33bd0f339e47953ad3b 7d42a037f8c824724e3525e40f09ae6b3f0eaca4278e4f0b95bb5ca50f008f7b https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-8f801Win.Trojan.Emotet_7494919aWindows This strike sends a malware sample known as Win.Trojan.Emotet. Emotet is a banking trojan that has remained relevant due to its continual evolution to better avoid detection. It is commonly spread via malicious emails, and saw a resurgence recently during Black Friday. The MD5 hash of this Win.Trojan.7494919a5ee6e60bc56d24c9745ace75693ff315cd0061112e91ca3d9d13bf7b42f6e33a 7494919a5ee6e60bc56d24c9745ace75 3f2fa56542583680c7feeda31a5e16b85f11d74b710e6cb699ffcf15b6ca753a https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-avz01Win.Trojan.Emotet_92a40dcdWindows This strike sends a malware sample known as Win.Trojan.Emotet. Emotet is a banking trojan that has remained relevant due to its continual evolution to better avoid detection. It is commonly spread via malicious emails, and saw a resurgence recently during Black Friday. The MD5 hash of this Win.Trojan.92a40dcdc1d6706d95a6fd98114152cdeddcf0de04bf37127f63b72edf4bcfad7c733ec8 92a40dcdc1d6706d95a6fd98114152cd e06807d11e7fba844ffe986638234633bfb93ccea283187b9019e0268b7876f4 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-4cw01Esfury_e11731ecWindows This strike sends a malware sample known as Esfury. Autorunner is in the Esfury family. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.e11731ecede1d7b45daa78a4bab227c0397967942585468786e09887387427869eb59dbe e11731ecede1d7b45daa78a4bab227c0 183b07b0a5e93388d391deeac811b405d0cf46c66f3817efe535780a6d06c10a https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html
M18-mg902Xls.Dropper.Donoff_dfb87cecMixed This strike sends a malware sample known as Xls.Dropper.Donoff. Donoff is a payload delivery Office document that leverages the Windows Command shell to launch PowerShell to download and execute an executable. The MD5 hash of this Xls.Dropper.dfb87cecb4e1c33ea93efc64372d186b1ae598b16a47d3514f4768db1c6facc6d663f2cb dfb87cecb4e1c33ea93efc64372d186b 21df4279e0c9f6df6fb9ac8462e89ec9d2c777a3309dc9b8cf891a5232178800 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-uf701Triusor_620326ddWindows This strike sends a malware sample known as Triusor. Triusor is a highly polymorphic malware family. All the binaries are packed and obfuscated to hinder the static analysis. The malware contains code that complicates the dynamic analysis. Once it is executed, the samples perform code injection.620326dd50dab27c91e39eb21a030c47c05ea959be8ad9bf1618a618179e95a6bcdbe8b5 620326dd50dab27c91e39eb21a030c47 8f4bd4d1d9d337cfd8ffd0afe80213ae90063d274aad64b04aa8558b837218e6 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-k0301Win.Trojan.Emotet_912807d7Windows This strike sends a malware sample known as Win.Trojan.Emotet. Emotet is a banking trojan that has remained relevant due to its continual evolution to better avoid detection. It is commonly spread via malicious emails, and saw a resurgence recently during Black Friday. The MD5 hash of this Win.Trojan.912807d798d35323a534fdb59399a9b02060d9f147311fdeec4de5f5d940b7a6f849846d 912807d798d35323a534fdb59399a9b0 78ccba1d9e5d32658ce4cd4b2f8a8be65c6aa6a4f4eec2016777afb3a50ac843 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-4b001Donoff_a0a56a80Mixed This strike sends a malware sample known as Donoff. Donoff is a malicious Microsoft Office document that leverages the Windows Command shell to launch PowerShell and download and execute an executable.a0a56a80b5400ac336a123433ae9dce77cdaa16ee951e323cf85c0395ac0963dc0a38c20 a0a56a80b5400ac336a123433ae9dce7 2696e57e2daac38a37ca382f979f1e4c61b20f516dd18ba33290fd00ef3eec7e https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-w8p01Triusor_2edee29dWindows This strike sends a malware sample known as Triusor. Triusor is a highly polymorphic malware family. All the binaries are packed and obfuscated to hinder the static analysis. The malware contains code that complicates the dynamic analysis. Once it is executed, the samples perform code injection.2edee29d4ff7868aa74992ccf285726b54ab7ad550e697925e23ae69e60a300a29c339cd 2edee29d4ff7868aa74992ccf285726b 14bc92fb1cb50fc6ffd2f34b701e57603fb99b96130c7e5b77187c2c3684a4db https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-pjd01Xls.Dropper.Donoff_f898647bMixed This strike sends a malware sample known as Xls.Dropper.Donoff. Donoff is a payload delivery Office document that leverages the Windows Command shell to launch PowerShell to download and execute an executable. The MD5 hash of this Xls.Dropper.f898647b281b95a5fa2fd1a57ce6845b1ee365096195a8febc5821477c09ec72bbb32976 f898647b281b95a5fa2fd1a57ce6845b bffbd9caa578af5caa98fcb20e0e5e4f55154e9e2ca256364c1f70538c04c5b9 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-sqz01Xls.Dropper.Donoff_bbfd6b30Mixed This strike sends a malware sample known as Xls.Dropper.Donoff. Donoff is a payload delivery Office document that leverages the Windows Command shell to launch PowerShell to download and execute an executable. The MD5 hash of this Xls.Dropper.bbfd6b30072f3fd8150f77b6fbe33d23814795830b2157853a62316e3a6d31aae48d0277 bbfd6b30072f3fd8150f77b6fbe33d23 dcbdf1859c62728c680ed7267f65b3a425aaed5c79b0f7404ef2e6541150d573 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-2ew01Esfury_6f616a79Windows This strike sends a malware sample known as Esfury. Autorunner is in the Esfury family. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.6f616a79b48160fc7ec6a3fe56972968adb6672bfe91c0d0b74b5ee4165a4aa3907ea586 6f616a79b48160fc7ec6a3fe56972968 033c6325a22ddee4d621558106fd297407f31e0713c7c2314024e8cbcdc0a5b3 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html
M18-sei01Valyria_9497ebccMixed This strike sends a malware sample known as Valyria. Valyria is a malicious Microsoft Word document family that is used to distribute other malware. This campaign is currently spreading Emotet.9497ebcc7f404288e16eb8cab121a549ad7658e4ec425e429bbd75813b8e1a79d82735b9 9497ebcc7f404288e16eb8cab121a549 608c215893b99203b2d355253d42b14fe0bae98b22a891cfa2950c79d8b4dfe1 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-80r01Triusor_7a794efcWindows This strike sends a malware sample known as Triusor. Triusor is a highly polymorphic malware family. All the binaries are packed and obfuscated to hinder the static analysis. The malware contains code that complicates the dynamic analysis. Once it is executed, the samples perform code injection.7a794efcc2c8b9a8f34d558ab578f66a247cb9286bd10667b8ae03ea8f9cd1e79631770c 7a794efcc2c8b9a8f34d558ab578f66a a3168cb7b3fd30eed135ba086e9e96984f56fd52317d185f3e988176440a5a25 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-byc01Esfury_a8320da9Windows This strike sends a malware sample known as Esfury. Autorunner is in the Esfury family. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.a8320da93664895b7a1eb4a3442ea7f527d8765188f705636f7a5b693ae20936e6739e9e a8320da93664895b7a1eb4a3442ea7f5 02e94f61d5c4da2b4a3b8991278a77e937da0de55b2f5373f804344cae73dad8 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html
M18-68t01Esfury_4d999549Windows This strike sends a malware sample known as Esfury. Autorunner is in the Esfury family. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.4d999549a38e2fb1138272d47a2279b50f2ff2f789e6b3b114ad12e55fdf9e5c9c251681 4d999549a38e2fb1138272d47a2279b5 082831142fe7826130b5d5ac7673d9ae8f7f56e126348283e77fc3c88f4d5b0b https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html
M18-9gv01Donoff_50a1ff58Mixed This strike sends a malware sample known as Donoff. Donoff is a malicious Microsoft Office document that leverages the Windows Command shell to launch PowerShell and download and execute an executable.50a1ff580accedca1b49c89dc63f4c1f4374583937ba8404f97bb867e64e675826ad8fc9 50a1ff580accedca1b49c89dc63f4c1f 09d47ec5acae65e60e8316435d57e75b8a0153458f4471c8ff3510ee2a809558 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-vb001Xls.Dropper.Donoff_3f217606Mixed This strike sends a malware sample known as Xls.Dropper.Donoff. Donoff is a payload delivery Office document that leverages the Windows Command shell to launch PowerShell to download and execute an executable. The MD5 hash of this Xls.Dropper.3f2176060522c71c880cd34765a740e457a27af1e52bcf8ea99c78d36dd39fd8a9321c8a 3f2176060522c71c880cd34765a740e4 0033f2a32856a043d34d491b0b79a3b1d25fbc084447ae801b94a6f4c8c67eec https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-5iq01Xls.Dropper.Donoff_05f00632Mixed This strike sends a malware sample known as Xls.Dropper.Donoff. Donoff is a payload delivery Office document that leverages the Windows Command shell to launch PowerShell to download and execute an executable. The MD5 hash of this Xls.Dropper.05f0063292089fc36b9033c5d1de7e28a8d7bf361b900a4a2b422221af2608ba7ac4f3d1 05f0063292089fc36b9033c5d1de7e28 e723f535550c7c4398bbb29f16e76e7a59b8e314b0d0d602c96cda07da56cc17 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-10u01Triusor_e182bfd8Windows This strike sends a malware sample known as Triusor. Triusor is a highly polymorphic malware family. All the binaries are packed and obfuscated to hinder the static analysis. The malware contains code that complicates the dynamic analysis. Once it is executed, the samples perform code injection.e182bfd844b3cee5586bfa067ee80d31a0724f543f1c5f3fba92ff00a6b947a81004bfc4 e182bfd844b3cee5586bfa067ee80d31 6b34a29fcdf2ad7a74859ba38c3a622971c1bbdb6a1268d5c766fac441b9970d https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-idb01Win.Trojan.Emotet_dcebd14eWindows This strike sends a malware sample known as Win.Trojan.Emotet. Emotet is a banking trojan that has remained relevant due to its continual evolution to better avoid detection. It is commonly spread via malicious emails, and saw a resurgence recently during Black Friday. The MD5 hash of this Win.Trojan.dcebd14e618ae42078dc8c24b5f791db5c8d2b526d89c6a5f66792a875cd663c751d0d0f dcebd14e618ae42078dc8c24b5f791db d60149eb78e3df622e24afec34b06c7c4c1d26a401ec326ea5eaaa74df873e3b https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-zwu01Valyria_212be643Mixed This strike sends a malware sample known as Valyria. Valyria is a malicious Microsoft Word document family that is used to distribute other malware. This campaign is currently spreading Emotet.212be643884ad7cc867b357fdcaa729354a65038d090631cc9cd55af0c18761c4c58bcd7 212be643884ad7cc867b357fdcaa7293 0734985f67598ec0a0caf9ca31edd54bc93c5072ab0facc09f3d5164c8930afe https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-x0f01Esfury_10b398b5Windows This strike sends a malware sample known as Esfury. Autorunner is in the Esfury family. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.10b398b567350889d290b1217847535342db4c34327c1a51cd77034920f7d5ae425063cc 10b398b567350889d290b12178475353 12e12efef70cc7824ea45771c844393d1e1b878a86def41acc01093249bc7e19 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html
M18-gag01Valyria_c0e5d7d0Mixed This strike sends a malware sample known as Valyria. Valyria is a malicious Microsoft Word document family that is used to distribute other malware. This campaign is currently spreading Emotet.c0e5d7d0c0ac523f42f919928112933ea7c113939d210809cf3264ea64a1c2b62003bbd7 c0e5d7d0c0ac523f42f919928112933e 15edcb2fc3b4d2fc1700f8e6837cd5c4759fb3791787c9cd9d0e16f129e0b234 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-fu901Esfury_012e3e16Windows This strike sends a malware sample known as Esfury. Autorunner is in the Esfury family. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.012e3e162797d17ad0d92a9563eb1be9c789c03737335ad48f6bd3eda622f612eaac552e 012e3e162797d17ad0d92a9563eb1be9 0b979d82d329160c7f95cb8abc9ccc8e0ebb4f981ee321342e84a29ff33687f9 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html
M18-msj01Donoff_f0772e4dMixed This strike sends a malware sample known as Donoff. Donoff is a malicious Microsoft Office document that leverages the Windows Command shell to launch PowerShell and download and execute an executable.f0772e4d8f1aa1caeb572fbca4d9edf85e2b77f6ec0d85c8df7fd03f44ebaf69248a8e96 f0772e4d8f1aa1caeb572fbca4d9edf8 1f312a61244c970d254c24055b714138835b839f1da36b9ee1cfc1acf636fbf1 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-99o01Xls.Dropper.Donoff_98c9fefdMixed This strike sends a malware sample known as Xls.Dropper.Donoff. Donoff is a payload delivery Office document that leverages the Windows Command shell to launch PowerShell to download and execute an executable. The MD5 hash of this Xls.Dropper.98c9fefdc2be08d63dc0d2299297374650a9f94dd30d9c58af3b12cfea247ed1119ea98b 98c9fefdc2be08d63dc0d22992973746 9a9d1c1b43c93982eaf304c3c7ecb361bede0ea811c23cddb8b13a39328f0c3c https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-azc01Esfury_5947665eWindows This strike sends a malware sample known as Esfury. Autorunner is in the Esfury family. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.5947665e3d1116667394c44357a12e32449f867b9f9430bc69647ed64ccf6ed9d3b0a855 5947665e3d1116667394c44357a12e32 0e47b656aa6dfdc797ff650a7d1800639f7347d2af4fd0ae6520e02ff0cec9a0 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html
M18-pee01Donoff_b61e8461Mixed This strike sends a malware sample known as Donoff. Donoff is a malicious Microsoft Office document that leverages the Windows Command shell to launch PowerShell and download and execute an executable.b61e8461f8e39734cbac689b72b6bf17670f3092acef6807be0ee51cf6eece8bac09d441 b61e8461f8e39734cbac689b72b6bf17 29de1616d80266c566605928b266a43dc9e1cb7c1a1ed9c95e32d54efd4f6696 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-3bb01Esfury_7188ac47Windows This strike sends a malware sample known as Esfury. Autorunner is in the Esfury family. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.7188ac47ce4aca7e5f22c7dacb42f3ba11db5e1ca1416cc91621c0c7558c8dfa6e4d6d87 7188ac47ce4aca7e5f22c7dacb42f3ba 0eeb8d4cb796e8460ea5c283deed8788356822e6a7916c9cec496dc7cf4f3ab2 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html
M18-bk401Xls.Dropper.Donoff_88631173Mixed This strike sends a malware sample known as Xls.Dropper.Donoff. Donoff is a payload delivery Office document that leverages the Windows Command shell to launch PowerShell to download and execute an executable. The MD5 hash of this Xls.Dropper.886311732b0f98fc6b93ba2dde16e54478e40bd174c1d4285147a8c20f2c806fdaa04292 886311732b0f98fc6b93ba2dde16e544 88ceeeed4a5d23e5c26c74300d2f1cc89376c09057ac848032b45e2777d15b3d https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-c6i01Donoff_28892696Mixed This strike sends a malware sample known as Donoff. Donoff is a malicious Microsoft Office document that leverages the Windows Command shell to launch PowerShell and download and execute an executable.2889269690aa7d9484b36068be4b18d62e9379a89679c11ae9cd1a15445f47adb732651c 2889269690aa7d9484b36068be4b18d6 25fbacf14f3ea9918aa054f040c6cc73edb9450a34e2fe739b131d9c155e3e3d https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-heb01Win.Trojan.Emotet_bb90b643Windows This strike sends a malware sample known as Win.Trojan.Emotet. Emotet is a banking trojan that has remained relevant due to its continual evolution to better avoid detection. It is commonly spread via malicious emails, and saw a resurgence recently during Black Friday. The MD5 hash of this Win.Trojan.bb90b6432285aae0d7ebba6379f517f5c40a79fb597465cd1b9fcecf5bf53bd66efa1e23 bb90b6432285aae0d7ebba6379f517f5 c2ffeb181bc57e65011cb68ed33de62ef2ae79b12f320fa8362b096fe9f26430 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-xgp01Xls.Dropper.Donoff_4a555c84Mixed This strike sends a malware sample known as Xls.Dropper.Donoff. Donoff is a payload delivery Office document that leverages the Windows Command shell to launch PowerShell to download and execute an executable. The MD5 hash of this Xls.Dropper.4a555c84155d36dc018c278eaf6be6f54d22d9e21d2694451ebc234034b957ba05e75a35 4a555c84155d36dc018c278eaf6be6f5 6816c39d57cf2008ddd7ff252d97b9eb372c9c70ae9ac1834aee5beb0c24208c https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-ti601Xls.Dropper.Donoff_3f20efebMixed This strike sends a malware sample known as Xls.Dropper.Donoff. Donoff is a payload delivery Office document that leverages the Windows Command shell to launch PowerShell to download and execute an executable. The MD5 hash of this Xls.Dropper.3f20efebe0e78d0a4197d4021198cddbf2541dbfffa3eb5b9f88e70ffd8456068214a0de 3f20efebe0e78d0a4197d4021198cddb ee5fb50a88b4b4a97bf82258cefc53e5de1bd416ddbdbee363dd9dc269ad867d https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-elm01Triusor_f3110334Windows This strike sends a malware sample known as Triusor. Triusor is a highly polymorphic malware family. All the binaries are packed and obfuscated to hinder the static analysis. The malware contains code that complicates the dynamic analysis. Once it is executed, the samples perform code injection.f3110334e8dc6c6e910a8b8d9e44f5290ab77e27d07704aa930c4cebb06e875469c9ad1d f3110334e8dc6c6e910a8b8d9e44f529 8cee25864d734f6624754ba68d47d0d6573ce6d4ca55c2cf3025a1435bf84685 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-2p402Esfury_0fc4b7e6 This strike sends a malware sample known as Esfury. Autorunner is in the Esfury family. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.0fc4b7e6335489cb38b074efcde87909d037ac836a5484f7fa979a8bfe7058cbc23ac0d0 0fc4b7e6335489cb38b074efcde87909 0206ba28fd335c6470736f976885f5916375e114ce442208f30aaca55525d41c https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html
M18-qo301Triusor_f816d643Windows This strike sends a malware sample known as Triusor. Triusor is a highly polymorphic malware family. All the binaries are packed and obfuscated to hinder the static analysis. The malware contains code that complicates the dynamic analysis. Once it is executed, the samples perform code injection.f816d6436964e13714ac0f71cd0abdbbe92ab65f1e3334b0f3f7513ef73993ef8320b034 f816d6436964e13714ac0f71cd0abdbb 3adbbb8794d8244bbc905ad9b7d54046e494374f1856447fd174869911f8ebd2 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-wd501Win.Trojan.Emotet_2b6afa67Windows This strike sends a malware sample known as Win.Trojan.Emotet. Emotet is a banking trojan that has remained relevant due to its continual evolution to better avoid detection. It is commonly spread via malicious emails, and saw a resurgence recently during Black Friday. The MD5 hash of this Win.Trojan.2b6afa67bd42bf9a90ebc3b728b4ea411846c2fe64583db394eca035af3d440da6fdf0ff 2b6afa67bd42bf9a90ebc3b728b4ea41 864b1ce8feeed53db144afae131da20601bdf2951e198827177d40a233c490bd https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-zdn01Donoff_f33c38f4Mixed This strike sends a malware sample known as Donoff. Donoff is a malicious Microsoft Office document that leverages the Windows Command shell to launch PowerShell and download and execute an executable.f33c38f4a5f61dc51187e4ab5bf13084353640a0f8240ae197938547a28db6419e0e67c5 f33c38f4a5f61dc51187e4ab5bf13084 1b409f2f2146c2318580c73d5eaeafbdd79e39d4d4f3e5862323b3b6f4a6c916 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-hr601Esfury_61de1883Windows This strike sends a malware sample known as Esfury. Autorunner is in the Esfury family. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.61de1883210e8632b578f9aaea9651f3244cbc51921bd5f2651a012b89119a06729848b8 61de1883210e8632b578f9aaea9651f3 0be8709e38625829811638c2460a8eaa993569df882f4a7263747f91bd08970a https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html
M18-xzk02Triusor_4eb4993dWindows This strike sends a malware sample known as Triusor. Triusor is a highly polymorphic malware family. All the binaries are packed and obfuscated to hinder the static analysis. The malware contains code that complicates the dynamic analysis. Once it is executed, the samples perform code injection.4eb4993d2b3099dcf4048fd0785c2dac7839c10ecc19cc94da1bd53c112434695169d52f 4eb4993d2b3099dcf4048fd0785c2dac 6a897eacea0f1a6773d19c6b1dbd101db860e3f8df547d97392c98a6aef0cce5 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-cdg01Esfury_ee787e23Windows This strike sends a malware sample known as Esfury. Autorunner is in the Esfury family. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.ee787e23a0c603319c423279cb12f226a1932e3bea31306990333eb29a16ab0407f89b5c ee787e23a0c603319c423279cb12f226 1374cf423bc66983991c7fd3e3767aedf67094cf5a3eff6eb695112b51dc5e6a https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html
M18-40l01Xls.Dropper.Donoff_e40e5618Mixed This strike sends a malware sample known as Xls.Dropper.Donoff. Donoff is a payload delivery Office document that leverages the Windows Command shell to launch PowerShell to download and execute an executable. The MD5 hash of this Xls.Dropper.e40e561837573ccf7c4a95e910640c4591cd88e392638a490fc2da730a0872e142c4b5b6 e40e561837573ccf7c4a95e910640c45 792436cb281c6704ea7f53f7532e7abdfa1370ecf071cb07fdf690f8f6469013 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-st602Donoff_85b276b9Mixed This strike sends a malware sample known as Donoff. Donoff is a malicious Microsoft Office document that leverages the Windows Command shell to launch PowerShell and download and execute an executable.85b276b9c189beff14dcdaea65da86e3325b0173fdd2f3fc4c305eb783bdf3e80d686372 85b276b9c189beff14dcdaea65da86e3 33d98771535a91ad332f2e59969b9f51a2bf811dbe886208e139e456cd124631 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-7fz01Donoff_7896f09cMixed This strike sends a malware sample known as Donoff. Donoff is a malicious Microsoft Office document that leverages the Windows Command shell to launch PowerShell and download and execute an executable.7896f09c253c9cb647a281e26e1cafc91c9a6bed41d0b37452d9d5b86abcd58a1df8e92a 7896f09c253c9cb647a281e26e1cafc9 2eab620737103e94f0dcd33163071e8c0bd1cdaaf42c1d2e254d3e5e71851b24 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-vzs01Xls.Dropper.Donoff_6ffe8170Mixed This strike sends a malware sample known as Xls.Dropper.Donoff. Donoff is a payload delivery Office document that leverages the Windows Command shell to launch PowerShell to download and execute an executable. The MD5 hash of this Xls.Dropper.6ffe817013abab377ef6ed3f91aceaa910a7c72bb995d4c9e7acc9757162952c80ed9aa2 6ffe817013abab377ef6ed3f91aceaa9 d59e75ccdee3f0419fd247372697275fa45f391af8319a4cf1f56df411885805 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-cvn01Valyria_bba70058Mixed This strike sends a malware sample known as Valyria. Valyria is a malicious Microsoft Word document family that is used to distribute other malware. This campaign is currently spreading Emotet.bba700580c8fbd38f736809ad7ad732cf7c6b8eb6cd671d8daa1d0e5375a3452b55956c1 bba700580c8fbd38f736809ad7ad732c 52fb2178d177421a16086155829b67154ddfc589ddc71a99b14f922741586479 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-rm401Donoff_9f11d9bbMixed This strike sends a malware sample known as Donoff. Donoff is a malicious Microsoft Office document that leverages the Windows Command shell to launch PowerShell and download and execute an executable.9f11d9bb69d946db53bd0eeb94e247553dc6c5b75287028a30ea7d7a6f02715c1fbc863e 9f11d9bb69d946db53bd0eeb94e24755 24d62b3de48bf8b55b79fafcd17bf4a2cb8489a86358b26aa361193ad355dee4 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-aq101Esfury_3501dc98Windows This strike sends a malware sample known as Esfury. Autorunner is in the Esfury family. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.3501dc98d077e58a95cab4bf60ad81e15d6e4a2f0f9f91f56006eb4a4c30d6412548f0ba 3501dc98d077e58a95cab4bf60ad81e1 17ea3123406cb0ef21c174f4f27a89d4cbd5b61ff1359ec9b8c756b311ee0f4d https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html
M18-o0g01Xls.Dropper.Donoff_3a359e11Mixed This strike sends a malware sample known as Xls.Dropper.Donoff. Donoff is a payload delivery Office document that leverages the Windows Command shell to launch PowerShell to download and execute an executable. The MD5 hash of this Xls.Dropper.3a359e117d73c86eb37625eba9747e6e9ecfd8d8575fca34890a29fa94f4a08cb37e242f 3a359e117d73c86eb37625eba9747e6e 9e8fb999bba4c93ae100c02ede01475ddbc2b7db624930574ed76ec5813dd451 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-3lz01Xls.Dropper.Donoff_f7ee8c4bMixed This strike sends a malware sample known as Xls.Dropper.Donoff. Donoff is a payload delivery Office document that leverages the Windows Command shell to launch PowerShell to download and execute an executable. The MD5 hash of this Xls.Dropper.f7ee8c4b62741fea6e0e7de7619d6b47e167c361f626de9eb2e3fa848519b0412f4ce541 f7ee8c4b62741fea6e0e7de7619d6b47 67e1cadae72e11ddb22ce0fe36e319fde32e417acaf9fcbe9ea1b0bd1852fded https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-d9x02Esfury_5ef94c6cWindows This strike sends a malware sample known as Esfury. Autorunner is in the Esfury family. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.5ef94c6cebcf7e8c4c0c5ee1d2fa41f0531d93725d99eeaa9009a0b357abd086f164586b 5ef94c6cebcf7e8c4c0c5ee1d2fa41f0 06e53af6c4bde93f7a9da0b90408e59b701d1ced02c5fb14fba45c7272452367 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html
M18-mp201Win.Trojan.Emotet_e5b098fbWindows This strike sends a malware sample known as Win.Trojan.Emotet. Emotet is a banking trojan that has remained relevant due to its continual evolution to better avoid detection. It is commonly spread via malicious emails, and saw a resurgence recently during Black Friday. The MD5 hash of this Win.Trojan.e5b098fb8954a7913969f8b51ccc20b5df9d7a784a3ecc04d987141b421384fe97c4f339 e5b098fb8954a7913969f8b51ccc20b5 fe7d3a850371b6effe47525e39efbf705c4136e78b35f78228b1f986d30ceced https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-b3e01Valyria_c2051f72Mixed This strike sends a malware sample known as Valyria. Valyria is a malicious Microsoft Word document family that is used to distribute other malware. This campaign is currently spreading Emotet.c2051f72e532fe9da8f1a845d20180b2a571c36730b117ade8f315cee1060d06eb3b257c c2051f72e532fe9da8f1a845d20180b2 5ac2183dc29d6cea617b06c5787019409662898e259f6b1c0c7465c69054bb26 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-79302Triusor_7c21c148Windows This strike sends a malware sample known as Triusor. Triusor is a highly polymorphic malware family. All the binaries are packed and obfuscated to hinder the static analysis. The malware contains code that complicates the dynamic analysis. Once it is executed, the samples perform code injection.7c21c148f3bbb12887ce933f1fff2b15856fef8fcd5b87caacde42f96383562c5d33c60c 7c21c148f3bbb12887ce933f1fff2b15 ec0b82ac2d4ca03a4c20ebeaa2fe5a0fc33f4e2270f8bf08063400c06a005f59 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-vj502Win.Trojan.Emotet_d88c80f1Windows This strike sends a malware sample known as Win.Trojan.Emotet. Emotet is a banking trojan that has remained relevant due to its continual evolution to better avoid detection. It is commonly spread via malicious emails, and saw a resurgence recently during Black Friday. The MD5 hash of this Win.Trojan.d88c80f1db8016a4d95a29ce764d43be70ec7bc25e81073476c343c008172d78f6c414b9 d88c80f1db8016a4d95a29ce764d43be 5f30eab9dbf08a80292bc5184b6ff8e0ef075806b3d1eb8f5b5c525ec3efc4e9 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-esu01Donoff_fe2fc9bbMixed This strike sends a malware sample known as Donoff. Donoff is a malicious Microsoft Office document that leverages the Windows Command shell to launch PowerShell and download and execute an executable.fe2fc9bb543aa92ae8e2d74c373968fbc43488fbf8dfb9c98466b50f9acc14b8afec93de fe2fc9bb543aa92ae8e2d74c373968fb 0e12bab4d0a4c65141c6d16cc8401efda84373a667dfdca21f56b61466ef9e7d https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-v7n01Esfury_85541b13Windows This strike sends a malware sample known as Esfury. Autorunner is in the Esfury family. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.85541b131d7caf6d80fb9a5269975d30a56beb152d1ce873addc9bef8be3e86f4ce33e2e 85541b131d7caf6d80fb9a5269975d30 13910ca1a7fbadf757c082dde5d1724b6b46d36b9eae47d1bd968c66a67be3ba https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html
M18-qum01Esfury_e4b3aa74Windows This strike sends a malware sample known as Esfury. Autorunner is in the Esfury family. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.e4b3aa747aa0d5a137396f0ba38de860e0bbed6544cb9b1d1eb45bb1baf24db8edebd49e e4b3aa747aa0d5a137396f0ba38de860 09c40f54a73303ddf1d6170f3cd06778583260e82b7dfe155a2f804346aadfc9 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html
M18-onl01Esfury_ec541d19Windows This strike sends a malware sample known as Esfury. Autorunner is in the Esfury family. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.ec541d190c4159ac6cfb8737a95dc63328e611526de7091999a6344b41d86cec8f55102d ec541d190c4159ac6cfb8737a95dc633 01474c0dacb671b37172b985d8e96bb688f2e4f6f8975a6bdab76c3ebb6ca29a https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html
M18-n7l01Esfury_baf23c38Windows This strike sends a malware sample known as Esfury. Autorunner is in the Esfury family. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.baf23c38114e85d9a9dd4e1618340fbd376ed0ed3fa2fb792c4693e8f3764a2baa4fcaf0 baf23c38114e85d9a9dd4e1618340fbd 0b032c40e0877bd1c4aeca8bf56b87d0daacc781ad2cb025cdc7c3944074e816 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html
M18-6pf01Win.Trojan.Emotet_e390ca8dWindows This strike sends a malware sample known as Win.Trojan.Emotet. Emotet is a banking trojan that has remained relevant due to its continual evolution to better avoid detection. It is commonly spread via malicious emails, and saw a resurgence recently during Black Friday. The MD5 hash of this Win.Trojan.e390ca8d55f33ac89d090dafb85ea2435fd93f27794514888d0282768535370b752c801c e390ca8d55f33ac89d090dafb85ea243 40ef85a4108702a3af09f9047b66585ffa2c73458cf9177a6ca67b4d8f388050 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-nip02Esfury_8726d5fbWindows This strike sends a malware sample known as Esfury. Autorunner is in the Esfury family. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.8726d5fb85e27d692eb679383821663d7c9f7844ac8b802831b1c83323214b95a55d3fcd 8726d5fb85e27d692eb679383821663d 11e0b16cfcd0e45c21a1fbe9b7b14bf019f3e2ceb7894eee8e458eb6a7571c34 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html
M18-4q902Esfury_3dde5d0cWindows This strike sends a malware sample known as Esfury. Autorunner is in the Esfury family. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.3dde5d0c3185b189a22543fedc8336eda297f59be0f621d75b0862a09ab873f1ba2439d2 3dde5d0c3185b189a22543fedc8336ed 101217714340fcd5d1194ac746d2b4c9d42f739f12b983ce33801d2baebb71ab https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html
M18-gs201Doc.Malware.00536d_cd5941b5Mixed This strike sends a malware sample known as Doc.Malware.00536d. Doc.Malware.00536d is the denomination of a set of malicious documents that leverage VBA and PowerShell to install malware on the system. These documents usually convince the user to enable macros that, if executed, will download and install additional malware on the system. The MD5 hash of this Doc.Malware.cd5941b58668f5313408ce28b500f4bff989047b059c3ab52f78feca639430f6748c9633 cd5941b58668f5313408ce28b500f4bf e796ca332e26230a092f392d509829b63808965679e245d5914a3a9fbaeeb04f https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-cte01Win.Trojan.Emotet_ca09f71fWindows This strike sends a malware sample known as Win.Trojan.Emotet. Emotet is a banking trojan that has remained relevant due to its continual evolution to better avoid detection. It is commonly spread via malicious emails, and saw a resurgence recently during Black Friday. The MD5 hash of this Win.Trojan.ca09f71f50784652354806186a6c3a38e2cb27f4790aba6e8b5a8c0906805527b174595f ca09f71f50784652354806186a6c3a38 529a8f391dd994779340aa59118b703256321bb421db138ee0b7db4265599b12 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-nv801Win.Trojan.Emotet_e02b09f1Windows This strike sends a malware sample known as Win.Trojan.Emotet. Emotet is a banking trojan that has remained relevant due to its continual evolution to better avoid detection. It is commonly spread via malicious emails, and saw a resurgence recently during Black Friday. The MD5 hash of this Win.Trojan.e02b09f1f638cde48435b4993c027c94c6d4f189353305237b55cec121976ac4c1054d61 e02b09f1f638cde48435b4993c027c94 c1b6f751fda9de784eea8764525eda4ea0644492c1dd8f1da9fc34e5b26b95b6 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-pjk01Donoff_b1f82127Mixed This strike sends a malware sample known as Donoff. Donoff is a malicious Microsoft Office document that leverages the Windows Command shell to launch PowerShell and download and execute an executable.b1f821272196571d9fef48f99e37961da503bee06173330abd6f2354d726bb103ab90e30 b1f821272196571d9fef48f99e37961d 121c49ab3eccc4472a13766f874b489b025ef1d5d9e1f8243085cb07290177c6 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-8cg01Valyria_3d2080c2Mixed This strike sends a malware sample known as Valyria. Valyria is a malicious Microsoft Word document family that is used to distribute other malware. This campaign is currently spreading Emotet.3d2080c234c910bc2434cc9d57d7f172049cb728843c56cf93d16d5a71dab9e3875bd8d8 3d2080c234c910bc2434cc9d57d7f172 52577b1c77ef1a8e21c3681d4610bf47fec5fbae0f751f3396dc349d23186de8 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-ovh01Triusor_41e1694cWindows This strike sends a malware sample known as Triusor. Triusor is a highly polymorphic malware family. All the binaries are packed and obfuscated to hinder the static analysis. The malware contains code that complicates the dynamic analysis. Once it is executed, the samples perform code injection.41e1694ce3ddb74f6298d5532808cc9cc43dadcc8ada8549f1f40f773eda5586aaef1d58 41e1694ce3ddb74f6298d5532808cc9c dc8c46a57c38955f4b6356d29662beeb0f88eeca50a94191df8892efab3bfc2e https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-rm701Win.Trojan.Emotet_cbb12b1aWindows This strike sends a malware sample known as Win.Trojan.Emotet. Emotet is a banking trojan that has remained relevant due to its continual evolution to better avoid detection. It is commonly spread via malicious emails, and saw a resurgence recently during Black Friday. The MD5 hash of this Win.Trojan.cbb12b1abd614fd51ba65b366f222a123a21532ae26c9c1b618934c39c20621fcef61488 cbb12b1abd614fd51ba65b366f222a12 f5e1c6d6d9bd26a6d0ae3b8657030dd40138e0371b824013821f48302e3f67f3 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-iu401Triusor_10b77c0eWindows This strike sends a malware sample known as Triusor. Triusor is a highly polymorphic malware family. All the binaries are packed and obfuscated to hinder the static analysis. The malware contains code that complicates the dynamic analysis. Once it is executed, the samples perform code injection.10b77c0ebe212ccd6ed234741d16c41dedae115a4b959685239ffc0c212689bcaf20cdc8 10b77c0ebe212ccd6ed234741d16c41d 249ac287cada8bab59c445a286a8edb645f58035681c788687979c17d7eb766f https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-uq301Esfury_d65a4fcbWindows This strike sends a malware sample known as Esfury. Autorunner is in the Esfury family. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.d65a4fcbfa3ee5c14a6781e9e76eb89194dd80248211a9c056fa327c9ab2f54d4c82c550 d65a4fcbfa3ee5c14a6781e9e76eb891 08617dcb9523e28efed1e47917b6f9dc6dfb534c6d0d7df0888e977099f4db71 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html
M18-gfr01Esfury_75583f80Windows This strike sends a malware sample known as Esfury. Autorunner is in the Esfury family. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.75583f80e814b350a2e096c26534bc3aaa3422d6d7f89d9348bba174590f362f1f8bc783 75583f80e814b350a2e096c26534bc3a 00de9aefee7e84028781e5d88e23c7ac53d8a10aa97116411d43b6532112fa16 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html
M18-d0o01Valyria_4e29a162Mixed This strike sends a malware sample known as Valyria. Valyria is a malicious Microsoft Word document family that is used to distribute other malware. This campaign is currently spreading Emotet.4e29a162f87bf97276c6523c9262d0cd58fb95f9bbb1ace97908fa3118f90a9513c11232 4e29a162f87bf97276c6523c9262d0cd 0ed8f1b95565876de24b49ab281f37d05d68130edc574ddd66300c5d5c9ad468 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-kg201Valyria_63ad7c25Mixed This strike sends a malware sample known as Valyria. Valyria is a malicious Microsoft Word document family that is used to distribute other malware. This campaign is currently spreading Emotet.63ad7c25273eb13fdf9d3495e3433ee15162e1020bf1ee01ac3c32c6ee1fd2852918800c 63ad7c25273eb13fdf9d3495e3433ee1 13707ac10ce41e2ec1547148c17a6186ff06009cd79789e01b879e96a5765f8a https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-mqo01Xls.Dropper.Donoff_ee90c808Mixed This strike sends a malware sample known as Xls.Dropper.Donoff. Donoff is a payload delivery Office document that leverages the Windows Command shell to launch PowerShell to download and execute an executable. The MD5 hash of this Xls.Dropper.ee90c8089a170884b803dd089b9f9584073f42b487fb05a8bf026ebade169a6fa8115cbc ee90c8089a170884b803dd089b9f9584 f60827889d806f6864b2af5e5c08c467c1f41b176ae47b51bb3918f5cafa68a9 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-ol701Xls.Dropper.Donoff_7ce9aa21Mixed This strike sends a malware sample known as Xls.Dropper.Donoff. Donoff is a payload delivery Office document that leverages the Windows Command shell to launch PowerShell to download and execute an executable. The MD5 hash of this Xls.Dropper.7ce9aa21925e22e6d70ff649dbfa57de3928809fef29ce4242e5a1907ab73e3dec7b8a09 7ce9aa21925e22e6d70ff649dbfa57de 405e08a4ab0c60f3ddc24dc4f4998bb654fbfae556163c9b70a2545cb79c4414 https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
M18-kg901Esfury_47c9078fWindows This strike sends a malware sample known as Esfury. Autorunner is in the Esfury family. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.47c9078f89000d08f23a6c8067645e84d315c306fc5c8f038be335d27fb43042a44c0b72 47c9078f89000d08f23a6c8067645e84 06bdc32de83eec39c9153b7944b8abc0137e3b69c80ac02e74d6903c656915e7 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html

Malware Strikes November - 2018

Back to top
Strike ID Malware Platform Info MD5 External References
M18-7sy01Gandcrab_b91a77fbWindows This strike sends a malware sample known as Gandcrab. Gandcrab is ransomware that encrypts documents, photos, databases and other important files using the file extension ".GDCB", ".CRAB" or ".KRAB." It's spread through traditional spam campaigns, as well as multiple exploit kits, including Rig and Grandsoft.b91a77fb35ef6c01ce3d85849efaa024cfdf1f35749c32adafbac6d9741730c73790b763 b91a77fb35ef6c01ce3d85849efaa024 0a48f61677791bca8d2553662ec6bce8acfdb3249cfcabac2802ba216ac54262 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-3v801Vobfus_cf17419dWindows This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will run when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers.cf17419d230a34033845258ed68923e42676bc9ae0b1ef83eb198747d2f59139f956a970 cf17419d230a34033845258ed68923e4 133fea888e19e34c7703b38194ec08360ce8d697d7aec79da979a35072adce02 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-9ld01Upatre_b2f4668bWindows This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.b2f4668bd5e1185afa6bcaa27053553673bb866c6128f254d2229a5af603ac00985fdc42 b2f4668bd5e1185afa6bcaa270535536 bcdfdc97d2a6f3769902d3bf55b180b4dd9efc74af345cf23a795dbdc9456b51 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-qx602Dijo_a30502eaWindows This strike sends a malware sample known as Dijo. Win.Malware.DIJO, also known as Ursnif, is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits.a30502eaea733c662a1f0e150531b9bb7fe35f8d2ed5f35ce6758a8eea33bdb2737bb4e5 a30502eaea733c662a1f0e150531b9bb 01aa3a5ab9590ff079a13d66f67d40b441ab171d2a6ead0df5453b2d3b55888d https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-rgc01Gandcrab_0c13b508Windows This strike sends a malware sample known as Gandcrab. Gandcrab is ransomware that encrypts documents, photos, databases and other important files using the file extension ".GDCB", ".CRAB" or ".KRAB." It's spread through traditional spam campaigns, as well as multiple exploit kits, including Rig and Grandsoft.0c13b5084c0de79bd17846db859772d0e888556b0395ac80caa79ef6974391d11c3e4a26 0c13b5084c0de79bd17846db859772d0 0acc350e791e4201a7dd17e389ba8e03264343020432389d3e1b9d08874005af https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-am401Gamarue_ef78d661Windows This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.ef78d6619c72c3dca9e371402ed4c5ba0f7ac8d96d7f94bfdf2e55d10d9ff6d31d4c9925 ef78d6619c72c3dca9e371402ed4c5ba 4d60b0ae61b9ef56997be59f7c896f2a60e81e28d267cbcec52a75140e05aa16 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-k6p01Gamarue_d0573162Windows This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.d0573162e5f9420070f99e6c9d06d8ec2febcf10810c9fa1ef465476ddf1930b84ff7e60 d0573162e5f9420070f99e6c9d06d8ec 44e49ebd375b57146ad486e37db18e7809d01d51c0ed55e8d8afe9c43d3a5485 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-hsu01Emotet_5dd3fd84Windows This strike sends a malware sample known as Emotet. Emotet is a banking trojan that has remained relevant due to its continual evolution to bypass antivirus products. It is commonly spread via malicious emails.5dd3fd8405b3af2532b30ccd42dc01a2e9a13af010b9e9fa1cb202d8a027078db1b65c94 5dd3fd8405b3af2532b30ccd42dc01a2 b53fb3cf4ed1d4e62dd0cc9d8e1d482dc1a55dedc3804a097f1b213080bb64c5 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-awg01Dijo_89573ceeWindows This strike sends a malware sample known as Dijo. Win.Malware.DIJO, also known as Ursnif, is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits.89573cee1420d858dbf5ad2eef44e9ad07c768f52f6867467d5ca7b8ba89dabed652eea1 89573cee1420d858dbf5ad2eef44e9ad 0b438e78bb3fe8bffc8f5f1453f318efe177c97d9e4f0ba7e26969a60671a67e https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-vis01Emotet_b51a68ccWindows This strike sends a malware sample known as Emotet. Emotet is a banking trojan that has remained relevant due to its continual evolution to bypass antivirus products. It is commonly spread via malicious emails.b51a68cc20ef5bd16a55e132ca62e15f219817a065763243fe2c841b4dfced24eb8021c6 b51a68cc20ef5bd16a55e132ca62e15f 11fb93e3b137ff6978fd79fdd634f44f257ee28f9bc5c2965108cb5c49a0d949 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-rdi01Upatre_0c66098dWindows This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.0c66098d9390fc284f5616e0bdb3200f0663b5e46378fb0a683e4309f7d30a49b1c478f1 0c66098d9390fc284f5616e0bdb3200f af44d4fff8ce394f9ecb9b3f9d95b8fb440a7b8f1892574f41355072ec2f0999 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-olm01Mikey_177a6adcWindows This strike sends a malware sample known as Mikey. Win.Malware.Mikey is a trojan that installs itself on the system, collects information and communicates with a C2 server, potentially exfiltrating sensitive information. These types of threats can also receive additional commands and perform other malicious actions on the system such as installing additional malware upon request.177a6adc86da9097f74a4bc3e64b9028c46fc9859cd86c6af815b719d3b4f1e65b881504 177a6adc86da9097f74a4bc3e64b9028 201872934f7f6674af89597d1a819f79cf843578aa9928191561ebdb637a53cd https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-wh801Gandcrab_a38ca4bfWindows This strike sends a malware sample known as Gandcrab. Gandcrab is ransomware that encrypts documents, photos, databases and other important files using the file extension ".GDCB", ".CRAB" or ".KRAB." It's spread through traditional spam campaigns, as well as multiple exploit kits, including Rig and Grandsoft.a38ca4bfbafe6794c3c3599169fc584e10674c336d22324ae41e8f9dd6a0ab0f9679fea1 a38ca4bfbafe6794c3c3599169fc584e 13ab0a6dcd3cfd5136b54d11739169917df37a5681189baf92c4c6b0a2df0bc9 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-pm101Dijo_1ede6fadWindows This strike sends a malware sample known as Dijo. Win.Malware.DIJO, also known as Ursnif, is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits.1ede6fade6fa59f6ebbe07bfb00ecadd361ba38715d8d9583856d95f8cd56fc5194ee798 1ede6fade6fa59f6ebbe07bfb00ecadd 0326d68f08fc899cd8bb7f1a9c1d7df50bc5b979e0f7d2532904a419ab1b7160 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-5wt01Emotet_44d33f5eWindows This strike sends a malware sample known as Emotet. Emotet is a banking trojan that has remained relevant due to its continual evolution to bypass antivirus products. It is commonly spread via malicious emails.44d33f5e0db7e8dc2f3a62d3a41b1e09dd068887950d4fafd9078f4beb9b14c542a22c3e 44d33f5e0db7e8dc2f3a62d3a41b1e09 ea8479d471d38105312f8264f2d93c7dd317d1bfda94f345f74313efffe8fb54 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-vhm01Gandcrab_72e2b716Windows This strike sends a malware sample known as Gandcrab. Gandcrab is ransomware that encrypts documents, photos, databases and other important files using the file extension ".GDCB", ".CRAB" or ".KRAB." It's spread through traditional spam campaigns, as well as multiple exploit kits, including Rig and Grandsoft.72e2b7166b4c79e4f8b58635f86f9718ba5a361b98dda44308a42336b6b112ceef952c2f 72e2b7166b4c79e4f8b58635f86f9718 09abf839c42200b000d3065d2cda41d858be415a521a5cb2b77b6e62503ae460 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-06x01Upatre_c3ed95d8Windows This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.c3ed95d8ece4d48060bf324b2de77507b8423998f4df971a0cca2c52694b8505ae95a9e4 c3ed95d8ece4d48060bf324b2de77507 c224d27d7adf2fece2e9round2f62e244e8e5bcaa98c89ade06d40b0112e6bd1 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-dzd01Dijo_6fa50420Windows This strike sends a malware sample known as Dijo. Win.Malware.DIJO, also known as Ursnif, is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits.6fa5042099c0263594c92894663675f82aaaff2a9f6ffd0ea58c799ba7d9fc1d2be7c8c1 6fa5042099c0263594c92894663675f8 01e4c31f4836784dc4d297c4ba6e8f680216693735339022e11669960b929dcc https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-ray01Dijo_6da5c152Windows This strike sends a malware sample known as Dijo. Win.Malware.DIJO, also known as Ursnif, is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits.6da5c152acd675f3d40ba161ab650361854519fbba5e3f73cd961c5ede8fb4b2d247bdd9 6da5c152acd675f3d40ba161ab650361 0b4d5c0751ead190373484f7b4d8f0d7e5de5ade613b888712b92947fc173a6a https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-5oy01Dijo_943a92b7Windows This strike sends a malware sample known as Dijo. Win.Malware.DIJO, also known as Ursnif, is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits.943a92b7b787ea05bb8e6f51404d81412e570e6ba9ade4556bb4b5e76ffb8e5712cb76d1 943a92b7b787ea05bb8e6f51404d8141 03df086184a6b1b146858ea3cef951dc9c3bf6148a26740a74e2384f5cc4a256 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-jl501Gamarue_a2334783Windows This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.a233478346fb01b7191b51d0cd8a0cf23cd50292cce2857fb991e30687d6fe11d3e6e9a8 a233478346fb01b7191b51d0cd8a0cf2 59751557033163959f841a10157e94f1c9fa8e5366a910644f1966a125ad9b35 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-x5401Nymaim_0d3e630bWindows This strike sends a malware sample known as Nymaim. Win.Malware.Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.0d3e630b954b9d181833158eb1955c8b716593553edfaa80b873cd148f5899d6c12d1080 0d3e630b954b9d181833158eb1955c8b 079c12699c6dbd13e486a4c7db333ec114420da38acde8afe4d62219c62afd82 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-1pc01Dijo_9f96c2a7Windows This strike sends a malware sample known as Dijo. Win.Malware.DIJO, also known as Ursnif, is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits.9f96c2a7e210439b1b3b6f77d01bde5675213195187697a185894944964346301eafb2f6 9f96c2a7e210439b1b3b6f77d01bde56 004a4d3772f1253ed309ce48cdefb8358c7500b91b7fc1a548dd32af03f8178d https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-ch001Vobfus_b2393681Windows This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will run when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers.b2393681aef1a9712b42511368a143eaace283dd391a9003cc2185511e89d4f5fd9885fc b2393681aef1a9712b42511368a143ea 0feb943bda713bb872c82a94bceb10acd11a1ec0cd2997236dc17da24b646288 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-ngc01Upatre_de5099b3Windows This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.de5099b3f458a6f567545e99c4f417989e3066958d034f88c290561ac76f57f1822b6bae de5099b3f458a6f567545e99c4f41798 d7afe736ed75987b854236b451a4cb6f0642b4e9cc92f3a9a96e2b8535070d05 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-nih01Mikey_12236d1fWindows This strike sends a malware sample known as Mikey. Win.Malware.Mikey is a trojan that installs itself on the system, collects information and communicates with a C2 server, potentially exfiltrating sensitive information. These types of threats can also receive additional commands and perform other malicious actions on the system such as installing additional malware upon request.12236d1f87bd057b46c81d3b056400190f30fdb27377c614b7835a3b710a7d6133510541 12236d1f87bd057b46c81d3b05640019 48437e0f2c8bc5f0d3f46fec63ce26b3b66dc65610e3c97b4fa8a1b643c8e2f1 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-hyp01Mikey_9b9905b2Windows This strike sends a malware sample known as Mikey. Win.Malware.Mikey is a trojan that installs itself on the system, collects information and communicates with a C2 server, potentially exfiltrating sensitive information. These types of threats can also receive additional commands and perform other malicious actions on the system such as installing additional malware upon request.9b9905b290a1fa192b032e97150136addd086a87350d39b1559d21cbab6d89939ec7f432 9b9905b290a1fa192b032e97150136ad f99b50470431b2f91b80f3acccbf179441aa24bc702d3f2ba08f4f9f2357d6c8 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-vv401Vobfus_be76a71fWindows This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will run when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers.be76a71fbd7ab349e9c13aea9dc96f686724be40d4072f5024421675806297b9a368be18 be76a71fbd7ab349e9c13aea9dc96f68 0db0feea81c1b211fbae852151734fca8fb423102cb953dafb3c188f40491482 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-aab01Nymaim_6bb72d2eWindows This strike sends a malware sample known as Nymaim. Win.Malware.Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.6bb72d2ee5c0e66a27291b448ae26115d177d2bd9c546ee6768cef406aba717d15081ccc 6bb72d2ee5c0e66a27291b448ae26115 91e2920a163dec32f3edd8ff50a8b545fb192ad3d75c2ee96db6ac9b01f373dd https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-rck01Mikey_ab923633Windows This strike sends a malware sample known as Mikey. Win.Malware.Mikey is a trojan that installs itself on the system, collects information and communicates with a C2 server, potentially exfiltrating sensitive information. These types of threats can also receive additional commands and perform other malicious actions on the system such as installing additional malware upon request.ab923633032c47ff6d9c40ed36a40b2bb7c4fbc1b9bc8715582fb9624672c3aa6b86ddce ab923633032c47ff6d9c40ed36a40b2b 3c66d120d27778c2a1110170ad85eed2313fcc5cf55345cdbdc283ada76a86c1 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-glp01Mikey_dfc48442Windows This strike sends a malware sample known as Mikey. Win.Malware.Mikey is a trojan that installs itself on the system, collects information and communicates with a C2 server, potentially exfiltrating sensitive information. These types of threats can also receive additional commands and perform other malicious actions on the system such as installing additional malware upon request.dfc4844209da59d73ffe55e86a32ed1969c6a72a68bc8603c65a1021659bda5be6348e57 dfc4844209da59d73ffe55e86a32ed19 8f815fbcf18c1bc554756233e3fa7d326645a30809042b068ac03daef649c307 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-6fa01Parite_09557ccaWindows This strike sends a malware sample known as Parite. Parite is a polymorphic file infector. It infects executable files on the local machine and on network drives.09557cca23be7357bddeb0b0d52700c863dfa90220db37bb90eb7c8462deaf1a8909fbf0 09557cca23be7357bddeb0b0d52700c8 51bbe9d3ae4bd23f31fd90ddf0d8af295ca98773653a16c2bb5a950670352888 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-g5p01Nymaim_824c18c9Windows This strike sends a malware sample known as Nymaim. Win.Malware.Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.824c18c98e40097027c7ffdbc10714d81b25c0df2b6b22ba1ce02b613606f43b1ea17903 824c18c98e40097027c7ffdbc10714d8 303f8d6644e52783c8d4ebdef5d4e720803e828529eef24607806cb6041d1adc https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-hq101Upatre_bc25ca4dWindows This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.bc25ca4d4d2bc446ad42ae03bbbdf58491776cb8cfcdb218271352c7f19f3da812828ef4 bc25ca4d4d2bc446ad42ae03bbbdf584 7da8dd2d31ad4ed61c87b5f44e1d70bcb938d9c5ff9abbc94c8e76cf0b10f379 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-14901Dijo_d090014cWindows This strike sends a malware sample known as Dijo. Win.Malware.DIJO, also known as Ursnif, is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits.d090014c5368ff2b933884ed7848b42f5f51503d8ff904810b256e41cbcb20f76baeaea8 d090014c5368ff2b933884ed7848b42f 03e17ccdc6dfa104759f6d08c38a1ee96fd9cb161600fb5446b61132e4d9bd3d https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-dy601Parite_0d2b7458Windows This strike sends a malware sample known as Parite. Parite is a polymorphic file infector. It infects executable files on the local machine and on network drives.0d2b74583db3119d38bf181cb87c01e665f150a8555a06593e12d01081aad03fe01f1afa 0d2b74583db3119d38bf181cb87c01e6 15c7b9a2c4688af296b57ac418f01347c8fbbd74ac5fbcae17c90f9bcdfb8e26 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-66k01Vobfus_d3955505Windows This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will run when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers.d39555056c2196f079c2a0b9bd177b5375bd33da1025388a376f7281fa1b50d183d43833 d39555056c2196f079c2a0b9bd177b53 0ceecae1d802f19881b04e6f97af98b5039f2b8ccd538c293d66de93d8d77964 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-cs301Upatre_a8de1a4fWindows This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.a8de1a4fd81ba43522595ce44abc145dfbe187704eca5c92e814c3b5034117fce65d524a a8de1a4fd81ba43522595ce44abc145d 61e96310f388db546db48b6b8d81958264647add9f7cc880067cd6f875b5b4f9 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-7ks01Mikey_37c49226Windows This strike sends a malware sample known as Mikey. Win.Malware.Mikey is a trojan that installs itself on the system, collects information and communicates with a C2 server, potentially exfiltrating sensitive information. These types of threats can also receive additional commands and perform other malicious actions on the system such as installing additional malware upon request.37c492268b68f7a00419c59c177b5859730010dc3690beb8abfb5815f89cad37e603a6d7 37c492268b68f7a00419c59c177b5859 d3edf8ca17f1b41fa96ea9b4377d5778a7965345230425730940444469ce57fb https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-j9d01Upatre_e844abdaWindows This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.e844abda1418fb88ced2052cc9bab9e96e0fd6bdc67e0e9e59a4667d3ec098040cf37256 e844abda1418fb88ced2052cc9bab9e9 87071c84cff348e086cb28fcfeec54daf58d728c5fb3aaa26ff4aca42fab4b4f https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-vn801Gandcrab_47a8d848Windows This strike sends a malware sample known as Gandcrab. Gandcrab is ransomware that encrypts documents, photos, databases and other important files using the file extension ".GDCB", ".CRAB" or ".KRAB." It's spread through traditional spam campaigns, as well as multiple exploit kits, including Rig and Grandsoft.47a8d848c48dd4733c3c339182307a33280eb52a118a54d35e15fe915a54ecf6bfc9aecc 47a8d848c48dd4733c3c339182307a33 10b5897f820d7ae3fe0194b8969c42c5c5de6cc658baf95699f8a781e18237ff https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-dtg01Mikey_f86f73bbWindows This strike sends a malware sample known as Mikey. Win.Malware.Mikey is a trojan that installs itself on the system, collects information and communicates with a C2 server, potentially exfiltrating sensitive information. These types of threats can also receive additional commands and perform other malicious actions on the system such as installing additional malware upon request.f86f73bbd0ff1862d39e09d041f5b0dbb4858a448637f4d3640b3e82b3495d34298bf27c f86f73bbd0ff1862d39e09d041f5b0db 633bcbf980d9299324b3b0baefe80954f06e41a6f71267bfc83c8950a8932696 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-6w001Upatre_5bec3f93Windows This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.5bec3f937091694bf4b5ce26e9e76e1e22ac7ddf2c6aad3a63d36e5866ffd923f825a970 5bec3f937091694bf4b5ce26e9e76e1e e6c03bfb271c97063320d079b7ed156b8eae18c75ccf5c25d5ae5cc01df62139 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-qc801Upatre_b9427bb7Windows This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.b9427bb78c372b02410ed1a519c1bc1c75ddaa6387e8e86664c865d54f4cab83751d0434 b9427bb78c372b02410ed1a519c1bc1c 1df5a1477102ad9d32a976eea0af04b7c63a660fefc39a8c2c524e8cfa9634e3 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-8bv01Mikey_be6b70ceWindows This strike sends a malware sample known as Mikey. Win.Malware.Mikey is a trojan that installs itself on the system, collects information and communicates with a C2 server, potentially exfiltrating sensitive information. These types of threats can also receive additional commands and perform other malicious actions on the system such as installing additional malware upon request.be6b70ceb3de89f9b4d5f2b2faba676d6a9dcc55f5610727b55cc05f3e8bc0342591d4c4 be6b70ceb3de89f9b4d5f2b2faba676d da37e831e94b3f7226688cf7f201ef4c032d393ee25bd2437d826a21e08c03b4 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-irm01Mikey_4b628393Windows This strike sends a malware sample known as Mikey. Win.Malware.Mikey is a trojan that installs itself on the system, collects information and communicates with a C2 server, potentially exfiltrating sensitive information. These types of threats can also receive additional commands and perform other malicious actions on the system such as installing additional malware upon request.4b628393f5e7827b345d6d98ad055ef8daf14f1e4876ea7688857a5227c5fdf3c81dd42c 4b628393f5e7827b345d6d98ad055ef8 19e073fb9fb7811440e873ae60578b28c06b0aec9e21d730f8205c81b7ababf5 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-h5r01Mikey_6e4f04e9Windows This strike sends a malware sample known as Mikey. Win.Malware.Mikey is a trojan that installs itself on the system, collects information and communicates with a C2 server, potentially exfiltrating sensitive information. These types of threats can also receive additional commands and perform other malicious actions on the system such as installing additional malware upon request.6e4f04e94f22b1a967407ce84e20d1ea4c2431c4dcfa569814368de6888f4cf0b934875a 6e4f04e94f22b1a967407ce84e20d1ea 243e098e78e1ff111354e231fac6b01e69f473cb10c27f2485a568316c0395df https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-wqy01Gandcrab_0e69d065Windows This strike sends a malware sample known as Gandcrab. Gandcrab is ransomware that encrypts documents, photos, databases and other important files using the file extension ".GDCB", ".CRAB" or ".KRAB." It's spread through traditional spam campaigns, as well as multiple exploit kits, including Rig and Grandsoft.0e69d06516255a02aec969f5174462e0f8803ee66b34ea9c59de33950b34e22deca654fe 0e69d06516255a02aec969f5174462e0 051f4d57fc51e1491eb9121cb6ecdd036e140103f1afbc73fe9cef9a4fd67a84 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-czd01Gamarue_b6617548Windows This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.b66175488bdbba0c2837e074f154e10c9c87dc70cd25c10e2f19950087480f098d4e4c58 b66175488bdbba0c2837e074f154e10c 06c823cc443447348137467a2951dd2d34b4ffdcde178e6d1700394ef5e2793f https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-shl01Parite_7ecf46e1Windows This strike sends a malware sample known as Parite. Parite is a polymorphic file infector. It infects executable files on the local machine and on network drives.7ecf46e19900a69db8e0c68bcdf261f525c67c970701117f7b65533c667367120e5f755f 7ecf46e19900a69db8e0c68bcdf261f5 29f37223352f9584de101958ce00b41c3c66d9cfb15cc27d22a67df2c9dcd53e https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-igs01Gamarue_ea4c2e0dWindows This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.ea4c2e0d5fbed4ef514eb71ebc6a2eb46eef6032a734b2cba64871293618445dd8010b22 ea4c2e0d5fbed4ef514eb71ebc6a2eb4 5ff49224ceb338b6b35b7303c68ff3df9f87099ffcec50970627a06e938f510a https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-sj801Dijo_03b7c60bWindows This strike sends a malware sample known as Dijo. Win.Malware.DIJO, also known as Ursnif, is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits.03b7c60b63c2ac06ab926971540e09231481f07ebb2bfc3558a8059764cf64b1b6c1f2a8 03b7c60b63c2ac06ab926971540e0923 016ef438660d7acbe94a229f0680b154bb963bc9dbc56eed7450dab36d486c01 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-xev01Dijo_95d64b60Windows This strike sends a malware sample known as Dijo. Win.Malware.DIJO, also known as Ursnif, is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits.95d64b60a5d8ce76418042b042a452897c873dbf0c143126e4251938c5545e5a43c2bddb 95d64b60a5d8ce76418042b042a45289 0d1b953aa006b38c0140f3a2bacda47a28262d54d5676aeeaf432235e356a5bd https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-b4q01Gamarue_f0f136ddWindows This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.f0f136dd4cbadf24865d7784cb1a09482ead3c5e2b855a3126e04cac3e0bef44c734f9b7 f0f136dd4cbadf24865d7784cb1a0948 84b9a43ff01d4b6be671749b56dcf724c0c4553153dfa336730f36b42fac6969 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-3se01Emotet_aede0078Windows This strike sends a malware sample known as Emotet. Emotet is a banking trojan that has remained relevant due to its continual evolution to bypass antivirus products. It is commonly spread via malicious emails.aede0078e3504fccad3199ad3d1471590329933659b404db026712b9975c22349a698481 aede0078e3504fccad3199ad3d147159 fc5935b12a8d07abcafc613a04d3c6773e088f31b88f78acc7f8ee2d2fc2d529 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-c7n01Vobfus_77fa9a2eWindows This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will run when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers.77fa9a2ec302b7ffa338531616c5ea89c217b25d6a6dcb866f1883919feda0dcaea35545 77fa9a2ec302b7ffa338531616c5ea89 145fe07226fb8eb92f609f16f7044ae5a529433730d285ca7c33b9cff6b86b71 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-upq01Gandcrab_e4af76e2Windows This strike sends a malware sample known as Gandcrab. Gandcrab is ransomware that encrypts documents, photos, databases and other important files using the file extension ".GDCB", ".CRAB" or ".KRAB." It's spread through traditional spam campaigns, as well as multiple exploit kits, including Rig and Grandsoft.e4af76e25598f76071227ffd0ef7438b024e2068f07983150cb49aaa2313addab45eef63 e4af76e25598f76071227ffd0ef7438b 00f07cc799aabac7449a324ff47161a6a34ad02ba4b2074ddb382152d383ed14 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-esq01Gamarue_f79369b8Windows This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.f79369b86340f236e94bcd8bc08bce2f6f6d543d57209f8a9ce1c481ce9304478a86f6ee f79369b86340f236e94bcd8bc08bce2f 478ea2c130bd95ecf1763952f2f644a8b175184284f9713cc35abe0c6f6f848e https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-g7u01Upatre_aa9e88c3Windows This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.aa9e88c343d4348a7c4d74de25c62eaa63bf95dfd89f23ae45183fb70dd2586893300dbf aa9e88c343d4348a7c4d74de25c62eaa 1b806d44ead6688b22e623a1d50ad910af73b6ebe274901cccff8aabd526e3dd https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-fo001Dijo_674c6e32Windows This strike sends a malware sample known as Dijo. Win.Malware.DIJO, also known as Ursnif, is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits.674c6e3271cae13aeebe979e5ae31d0055a80851731f890c19144585a1fd275bf805aa77 674c6e3271cae13aeebe979e5ae31d00 0024d14e96fc79b1f7fd052945424e685843a48b1124f2b19b3a0b00570fb716 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-eh301Gamarue_5aea77caWindows This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.5aea77ca4f1fd3de53278433f25825b6f706ab756892e3d88a0bb97750006a1c1586eaef 5aea77ca4f1fd3de53278433f25825b6 6b82c968572a2ab008cb8bca2816d3f7cca491c059aee6b1e7a693b10580e073 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-fyw01Gandcrab_b48cda00Windows This strike sends a malware sample known as Gandcrab. Gandcrab is ransomware that encrypts documents, photos, databases and other important files using the file extension ".GDCB", ".CRAB" or ".KRAB." It's spread through traditional spam campaigns, as well as multiple exploit kits, including Rig and Grandsoft.b48cda006af1eea9b0339814ed76d9db351a3035433721b1222d3517e17156ce143e046e b48cda006af1eea9b0339814ed76d9db 0b3e086550e4baaa05c69777d484b9b20773b01d5c6da124197eff423b798b04 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-uqv01Gandcrab_0b77afd9Windows This strike sends a malware sample known as Gandcrab. Gandcrab is ransomware that encrypts documents, photos, databases and other important files using the file extension ".GDCB", ".CRAB" or ".KRAB." It's spread through traditional spam campaigns, as well as multiple exploit kits, including Rig and Grandsoft.0b77afd997f9a9520116ca9720151fd169dbf7e275d9630bb06ae0009b3723a79deccc6b 0b77afd997f9a9520116ca9720151fd1 0f50d6433d2a79f30c2417fc434098d029eceedf3acd405901d3951208be2ae7 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-ezl01Upatre_ee8db9a8Windows This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.ee8db9a869f31c626b6223293d3dfdbc8d6d436242cadd332dac85861374b9636eb122e9 ee8db9a869f31c626b6223293d3dfdbc f41388706c803a31645f416804995ad881d8ee0e0de0f0c355fb87fc415de211 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-0r001Parite_2233191fWindows This strike sends a malware sample known as Parite. Parite is a polymorphic file infector. It infects executable files on the local machine and on network drives.2233191fb297b8a867d677c88be02407f6883cfb5989855d06acedaefd1f5c08f89aa7eb 2233191fb297b8a867d677c88be02407 3b6a4dbf9a923ac935f6f671b38de0ed83da428b74dea48efa180365a507e13f https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-p4i01Upatre_aa0320c4Windows This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.aa0320c4011b351308264f16999f3ee45e416338276a67e991acd5d4447cf8787d22f372 aa0320c4011b351308264f16999f3ee4 99230cc2ba171d71a9c5bade432d53bbf1ea78be629f62b90bb73fd71a26e8a4 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-elo01Emotet_efc70b33Windows This strike sends a malware sample known as Emotet. Emotet is a banking trojan that has remained relevant due to its continual evolution to bypass antivirus products. It is commonly spread via malicious emails.efc70b3370c9267ae5fb4596ae1224f6d35a4bc2508cd3cba3167bad7cd324baf4b3345d efc70b3370c9267ae5fb4596ae1224f6 dab7877de92a3793873fec30c4b2e4a758bd5c3c6a67c8da20bfce7c255031be https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-1at01Mikey_aa40501aWindows This strike sends a malware sample known as Mikey. Win.Malware.Mikey is a trojan that installs itself on the system, collects information and communicates with a C2 server, potentially exfiltrating sensitive information. These types of threats can also receive additional commands and perform other malicious actions on the system such as installing additional malware upon request.aa40501a99badad5c42bef705176f39eddafc99b3750c02f7300f0bfccc5c4b9df8268c4 aa40501a99badad5c42bef705176f39e f980768d4d68e75b6d83cff0c80ec153a80bf700f7df3bd53fe9f06bdafda01b https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-k3w01Vobfus_ede865deWindows This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will run when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers.ede865de6fca1bd7255da5af4704677b8198f6d72d7382fb6eb38dd4a5a5dd15ac8b5ea2 ede865de6fca1bd7255da5af4704677b 0572a5a7f2888736e647fccbd2d4ed051bb038b82d3d53fb899dcde836922fc2 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-xd701Dijo_315a4174Windows This strike sends a malware sample known as Dijo. Win.Malware.DIJO, also known as Ursnif, is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits.315a4174f3302c518a4f47bc064f9a755e97bdb40de5cccfa6562864129da999ef7b8b1b 315a4174f3302c518a4f47bc064f9a75 095114cf4e2a81c44821a1ad9d4ea632e8cf17cf35a5cabc65813a29bcc41157 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-6hm01Gamarue_4afc6f9aWindows This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.4afc6f9af11563748df65b94297f1fdb2577d37bd3970addb1890e582c2ab589725b6208 4afc6f9af11563748df65b94297f1fdb 9b082ca14ca1f7f7244f1a6b93062c01a8c336bf3ef6cab707a2aada4214178b https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-egz01Vobfus_3309c008Windows This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will run when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers.3309c0086ad3985ae8a249dbfe3e16d0db3eb8a67881d58408d2aed3bbd1340b96edd202 3309c0086ad3985ae8a249dbfe3e16d0 1551de875bb37b13c332d5b67ed64026c477f21bbcc6ad3d50ba8b3b8702ee5f https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-rbi01Emotet_f5e2f375Windows This strike sends a malware sample known as Emotet. Emotet is a banking trojan that has remained relevant due to its continual evolution to bypass antivirus products. It is commonly spread via malicious emails.f5e2f3757a46c9aea1b49317f6f162af05b6cc1ef2a0aeba9e807c6090703abad7850778 f5e2f3757a46c9aea1b49317f6f162af f2a2d0eda6e21c4273d07aafe190918d96c21db335de4c4872e1eca136920c6b https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-05701Mikey_70e0402fWindows This strike sends a malware sample known as Mikey. Win.Malware.Mikey is a trojan that installs itself on the system, collects information and communicates with a C2 server, potentially exfiltrating sensitive information. These types of threats can also receive additional commands and perform other malicious actions on the system such as installing additional malware upon request.70e0402fbdf691bfe937911bbf2590180b0b88774b2170b41f308a7ff05543a417f62657 70e0402fbdf691bfe937911bbf259018 6705cf85955113629d95a7206deb524f82ed5a3fe04666d98423b944c3ce2156 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-y0a01Gamarue_eb0b7118Windows This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.eb0b711845dd08e91bdd44d7497d0d178beb7f516c13c91d541a3173f5c5d75f79b9fea8 eb0b711845dd08e91bdd44d7497d0d17 884ae2b467d21f8dbf65bce26b08a6659d75004b22f1af5d7ed8e4198c2688ae https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-cuy01Dijo_0ddd0f79Windows This strike sends a malware sample known as Dijo. Win.Malware.DIJO, also known as Ursnif, is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits.0ddd0f792d796a17dda2eb8c86eabe0f0b2608a951ef2c0060833807d5bd086590d60d75 0ddd0f792d796a17dda2eb8c86eabe0f 00f9d43bdeb5c30acc9e5594c0ff1bd29b52efdcaa63bb8eba745342c165f856 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-myk01Nymaim_d564c47fWindows This strike sends a malware sample known as Nymaim. Win.Malware.Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.d564c47fd6868621489bc5ae4c0511103fa400f3c3c3a8eba5be0fbaafebc6d3dc0dcbb0 d564c47fd6868621489bc5ae4c051110 899752fd8fbe560e658be72bf03a3a774b6dcb9d2d14e25da862d7edce5d9fbf https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-jry01Upatre_a59835caWindows This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.a59835cadb669dab9b77121900e429085154869f01394674a42ff187bdceec7ab8d872bb a59835cadb669dab9b77121900e42908 7a305e442718a07f2ddcc7ae9a8983c49be3247c123b06dabcf7d48d3a4bdcde https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-10p01Vobfus_e32adc17Windows This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will run when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers.e32adc17d458423676ab0db622780ecc1476f6947d9c46e1d17648368381b57a011058df e32adc17d458423676ab0db622780ecc 02f72dfcc27501cd1a44b3a0eed9e41831f745fc26d6b7d1526c151c94d58333 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-moj01Upatre_621d6842Windows This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.621d6842b256316318e7f239f99262071425d836d59d3ffe35d35b4045c312c5eb2b7b73 621d6842b256316318e7f239f9926207 fb75875cdf989e58a80330aa43543b9ab3765fde077174729e2011555cd295d9 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-cyj01Upatre_d14d90edWindows This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.d14d90ed71124890c53ba0bf441375cc24ed80ef1e5186f1020d16681eea07fc4c15197c d14d90ed71124890c53ba0bf441375cc e4eddc3910aca83db9bef4bc4f11006c0ae09a1552a6266adac79dc922ffe90a https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-kq001Upatre_bcf9779bWindows This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.bcf9779b0c493a280446c948e8a4026a429039b3a9df26f8be9941501625df40bcfd8162 bcf9779b0c493a280446c948e8a4026a 71dfc74d26d696f74b65c03c93a9118b9c62e5adfb6c93a5e15d00dcb50d585f https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-cqe01Emotet_e29f583bWindows This strike sends a malware sample known as Emotet. Emotet is a banking trojan that has remained relevant due to its continual evolution to bypass antivirus products. It is commonly spread via malicious emails.e29f583b36c9863d507e078ed6b04bb6b645cd8dbeeb5164616d603745c96838743065f5 e29f583b36c9863d507e078ed6b04bb6 fba4b9baf4b72790f1ff9ad58160efd7bd4a1927191668da75468255083e48b9 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-ucp01Nymaim_4ee79820Windows This strike sends a malware sample known as Nymaim. Win.Malware.Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.4ee79820c39adbdfff55a342fb57b967848324da5758d6e1f9a05f0a6704f2343003453f 4ee79820c39adbdfff55a342fb57b967 86bd123441e1b1ed3f37938b58dbc572b844e7ba8e59506ccd41fd0d9d950628 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-0in01Upatre_7803f307Windows This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.7803f30705d8da528407496ab4cba9ce96ee53b7f6566661228f36cb5b56a1fd2ca64ff4 7803f30705d8da528407496ab4cba9ce 64c1bb68e91d30812c0ea2690a4bb15d2788b43ec6c54aa9672de758ee7e5042 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-rc401Mikey_c243f8bbWindows This strike sends a malware sample known as Mikey. Win.Malware.Mikey is a trojan that installs itself on the system, collects information and communicates with a C2 server, potentially exfiltrating sensitive information. These types of threats can also receive additional commands and perform other malicious actions on the system such as installing additional malware upon request.c243f8bb39dc7367db3aa9c6d7b88e9eea7f28b856cc2729246be97537a8d986836e94e9 c243f8bb39dc7367db3aa9c6d7b88e9e 4f80b59c35090b1dbdf94f73770c222352555e7112bec28efb189e3b340b4c2c https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-thv01Mikey_1fb9d5b3Windows This strike sends a malware sample known as Mikey. Win.Malware.Mikey is a trojan that installs itself on the system, collects information and communicates with a C2 server, potentially exfiltrating sensitive information. These types of threats can also receive additional commands and perform other malicious actions on the system such as installing additional malware upon request.1fb9d5b305c3bcd4f1fc29aa9b089c45b6dc734da746c310299b3f580cfa2c43ab915e3e 1fb9d5b305c3bcd4f1fc29aa9b089c45 4a2364a4b3e8ad43b505a616486ef537159c8b8df9fe140977c9ab6aa1bad658 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-frl01Gandcrab_c7666c17Windows This strike sends a malware sample known as Gandcrab. Gandcrab is ransomware that encrypts documents, photos, databases and other important files using the file extension ".GDCB", ".CRAB" or ".KRAB." It's spread through traditional spam campaigns, as well as multiple exploit kits, including Rig and Grandsoft.c7666c175b72291ff6649ebd523040f6ffa2d7846b828244dd4ef034916cd57b708e8cb6 c7666c175b72291ff6649ebd523040f6 043f30bd958e54d6947631c10d70ddec772ababd8a3852ceb0e646e87d670a92 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-48m01Emotet_294a2053Windows This strike sends a malware sample known as Emotet. Emotet is a banking trojan that has remained relevant due to its continual evolution to bypass antivirus products. It is commonly spread via malicious emails.294a2053699d333b5928cac2ac984a662c207f29530d8d5d92546a39cb20b6a18c0f0a53 294a2053699d333b5928cac2ac984a66 83b316b9a9f76efcab1e741c8eeb7a0c7a50072c3fde5acd49cb0d28afbe7a23 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-vfs01Vobfus_7b961908Windows This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will run when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers.7b961908fcb6ff2461fee3382d36eb9525e964ef7096bfc6e49fd694be4da2b59f2a446d 7b961908fcb6ff2461fee3382d36eb95 121a6b3a8000948f073e3660ecafb19bf5d204a9d468112575afd15c39222eb1 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-ssp01Dijo_1f694996Windows This strike sends a malware sample known as Dijo. Win.Malware.DIJO, also known as Ursnif, is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits.1f694996fef7ea9bba3bb8869783fc8a6829432a671118873994a302a909254fdb5f601c 1f694996fef7ea9bba3bb8869783fc8a 0a088fe8df26a9a2cd4330224134e1ea0d249300cbce0eaf11fc6f70b75f21f1 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-a4901Mikey_60ad68e8Windows This strike sends a malware sample known as Mikey. Win.Malware.Mikey is a trojan that installs itself on the system, collects information and communicates with a C2 server, potentially exfiltrating sensitive information. These types of threats can also receive additional commands and perform other malicious actions on the system such as installing additional malware upon request.60ad68e8bc5d9b1c96446ecde4f32bead6a43de37a1e7d13860c552783693466c299a855 60ad68e8bc5d9b1c96446ecde4f32bea 711c1db67575b1a795a4aeb439ada79ab8a7cc98f2c68cb0e2beacafa5d044de https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-szh01Emotet_b4cb5f6aWindows This strike sends a malware sample known as Emotet. Emotet is a banking trojan that has remained relevant due to its continual evolution to bypass antivirus products. It is commonly spread via malicious emails.b4cb5f6a77a41852eb0478fa09300a9dbe00bd2a0dd1fdda16c06e9b082ff22787cd5c60 b4cb5f6a77a41852eb0478fa09300a9d 313f19bdb8c46b96ac18bca55f53f5c0eb03d2fcececaab47b9339d8f014f7c7 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-3g001Mikey_094cc5abWindows This strike sends a malware sample known as Mikey. Win.Malware.Mikey is a trojan that installs itself on the system, collects information and communicates with a C2 server, potentially exfiltrating sensitive information. These types of threats can also receive additional commands and perform other malicious actions on the system such as installing additional malware upon request.094cc5abe363b54f30925cc227b76c5001178f67e7cef8ac1ffea324b3322e2c4611d4ae 094cc5abe363b54f30925cc227b76c50 70a7d3ac821670090237f52308fb6b1ca47e032d3de9267584f59abe247e536a https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-etb01Emotet_1f99daa9Windows This strike sends a malware sample known as Emotet. Emotet is a banking trojan that has remained relevant due to its continual evolution to bypass antivirus products. It is commonly spread via malicious emails.1f99daa94d90515dec89b753db9225ccdc60f9629f5dcff60dc3b00791fc67ef036bbc74 1f99daa94d90515dec89b753db9225cc 5df55f78a21cd8457c9432afc8da45c182fad6107e3b6e4f5cf86272b68012b1 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-te001Gandcrab_69507fa7Windows This strike sends a malware sample known as Gandcrab. Gandcrab is ransomware that encrypts documents, photos, databases and other important files using the file extension ".GDCB", ".CRAB" or ".KRAB." It's spread through traditional spam campaigns, as well as multiple exploit kits, including Rig and Grandsoft.69507fa72856abe90439fe5a6696061765f40191f39f75b4219d61803347f4d764f1308f 69507fa72856abe90439fe5a66960617 166627c9ad4fb0acb0bec8e09e1d4ceedc3110e7cdbaa709322d0dbe41a2f70f https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-t4c01Parite_ba12d382Windows This strike sends a malware sample known as Parite. Parite is a polymorphic file infector. It infects executable files on the local machine and on network drives.ba12d382901e8e3441e61483b0e9f04347242cd528fea1d863e89a877e1239a3335e2070 ba12d382901e8e3441e61483b0e9f043 0e70c57c577078b1c9cab7d6bd1215372330548ae0c20ff2b80f0cb86cde2074 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-dih01Mikey_8c78fe46Windows This strike sends a malware sample known as Mikey. Win.Malware.Mikey is a trojan that installs itself on the system, collects information and communicates with a C2 server, potentially exfiltrating sensitive information. These types of threats can also receive additional commands and perform other malicious actions on the system such as installing additional malware upon request.8c78fe4624fa41924bd85711477e7d08e2b0a3f11474f12c795dddc843e5e482f50be117 8c78fe4624fa41924bd85711477e7d08 6f74c88c2c04eb117c26d5283d83ac4735928bb50f76b2104be36f8101466aa3 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-y1v01Gandcrab_9ed39ba1Windows This strike sends a malware sample known as Gandcrab. Gandcrab is ransomware that encrypts documents, photos, databases and other important files using the file extension ".GDCB", ".CRAB" or ".KRAB." It's spread through traditional spam campaigns, as well as multiple exploit kits, including Rig and Grandsoft.9ed39ba18273fa59f2e60ea41a3e3b4515e7df77aa783bba7b65fa01ddcc570e87b638bc 9ed39ba18273fa59f2e60ea41a3e3b45 06cafb061ce341647e48d4113eb71bed76290d30d54ce6d98169fcfe8bbe83c5 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-3fc01Gandcrab_144b6c81Windows This strike sends a malware sample known as Gandcrab. Gandcrab is ransomware that encrypts documents, photos, databases and other important files using the file extension ".GDCB", ".CRAB" or ".KRAB." It's spread through traditional spam campaigns, as well as multiple exploit kits, including Rig and Grandsoft.144b6c81aea844c0d54a7375fe782d9276cb2a7778d654b4b42766ccc1663c4888f88df2 144b6c81aea844c0d54a7375fe782d92 13ccda5af78a1dea028d076418db880ab3734c745f068d2c4df5de4d4968b478 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-ywy01Mikey_32ac0af9Windows This strike sends a malware sample known as Mikey. Win.Malware.Mikey is a trojan that installs itself on the system, collects information and communicates with a C2 server, potentially exfiltrating sensitive information. These types of threats can also receive additional commands and perform other malicious actions on the system such as installing additional malware upon request.32ac0af91ffaab48f32591e00fb4413c21690639af1520bc8faadf85235e9a94eb556112 32ac0af91ffaab48f32591e00fb4413c dedb1d0c69521f7c47abc2e6fa925642269fd40a00ea21270b7b950cb101f7be https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-3q601Dijo_a77f4728Windows This strike sends a malware sample known as Dijo. Win.Malware.DIJO, also known as Ursnif, is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits.a77f47289052c3bb6b7439349ac0d4d276f00dd1377887065c509ba8328fa05e96b423a6 a77f47289052c3bb6b7439349ac0d4d2 05a5bbabbab5444214ce70c1190f41ccef8ef3dee786d1821d26a396d8a49eb5 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-5fa01Gandcrab_1a8847a7Windows This strike sends a malware sample known as Gandcrab. Gandcrab is ransomware that encrypts documents, photos, databases and other important files using the file extension ".GDCB", ".CRAB" or ".KRAB." It's spread through traditional spam campaigns, as well as multiple exploit kits, including Rig and Grandsoft.1a8847a71de661411d0b9418eeaaada0944d7871e0d1aea01863834eef9199891e5f4b57 1a8847a71de661411d0b9418eeaaada0 0dd771fecae00517f9297e21a42956d2ee113f6f0bc4d3ee277f887721efc19a https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-rj201Upatre_e026a1d1Windows This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.e026a1d1bc15063357cfb0fa9ba37b96eababfbec7293fa23fa232d9ea9ec7974bbf856b e026a1d1bc15063357cfb0fa9ba37b96 56db7b1dd0bcbeca631eee556146fb599fc363466f51ec01eae28ecd4289e838 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-mfh01Nymaim_2e0a1fc4Windows This strike sends a malware sample known as Nymaim. Win.Malware.Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.2e0a1fc473c0a91fc958ea9b6f77cb4794dab538f1f7c8d64470b6799b1dfc30b56b727c 2e0a1fc473c0a91fc958ea9b6f77cb47 1e12e3edeb209993fd7d5623fb10f342dca54e101ea8593348d8cc9e72e91384 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-qi301Parite_0f1f2362Windows This strike sends a malware sample known as Parite. Parite is a polymorphic file infector. It infects executable files on the local machine and on network drives.0f1f236295242cf3cff1c2ba480f28998366d06a7eef5f023578e4cca2abba0c4329c8be 0f1f236295242cf3cff1c2ba480f2899 35270fa68190eba46f59bba10c8dce3a03e55d8af7e8a33f9a330e077f63aeff https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-fbc01Dijo_adbfe348Windows This strike sends a malware sample known as Dijo. Win.Malware.DIJO, also known as Ursnif, is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits.adbfe348bd245cd6e1d941b3b9639441177b14ccad550ffb110cf1fc01e81935a9693d90 adbfe348bd245cd6e1d941b3b9639441 04ef397e7e52f4c71553f5eb2d4bc1971d2eda8a54eafa5a23aae4700264688d https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-yn001Gandcrab_f1b70fb3Windows This strike sends a malware sample known as Gandcrab. Gandcrab is ransomware that encrypts documents, photos, databases and other important files using the file extension ".GDCB", ".CRAB" or ".KRAB." It's spread through traditional spam campaigns, as well as multiple exploit kits, including Rig and Grandsoft.f1b70fb3a82a98bb4b083a7ed6e18cb2f81996c304d582b202b485f88db673f3b47bf969 f1b70fb3a82a98bb4b083a7ed6e18cb2 0799d33c49bceeeeb9c92077d448d5823ab8e71a04b71c6b8afa7f386fb5aa92 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-mlz01Gandcrab_9f9ec21bWindows This strike sends a malware sample known as Gandcrab. Gandcrab is ransomware that encrypts documents, photos, databases and other important files using the file extension ".GDCB", ".CRAB" or ".KRAB." It's spread through traditional spam campaigns, as well as multiple exploit kits, including Rig and Grandsoft.9f9ec21bc23a3161edd8fcefa69d69bfd45c0d508b8157a6db04f30efbc2d0c9959476b2 9f9ec21bc23a3161edd8fcefa69d69bf 130f32c65f3f2e67bdc228f125bc07c049f40fae04114b0de920e9fd0b00bccf https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-40601Nymaim_ad8a90c4Windows This strike sends a malware sample known as Nymaim. Win.Malware.Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.ad8a90c40e28ae32413caef915437888b3e00337277044b67d571ce3979dca5f4e1a2ee1 ad8a90c40e28ae32413caef915437888 a98b56d5bd9e67da1d1052cc044af7f45cc0a6472093799466d48e6f841016db https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-ff101Nymaim_41e20428Windows This strike sends a malware sample known as Nymaim. Win.Malware.Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.41e204282ea905371512d35206d37a2eeae3728e40e63f2fa7be26ebfbe4a15361a8e90d 41e204282ea905371512d35206d37a2e 87c04d2500b70ebf0865d5ac5889f13bdc86d0a137dd1a20094a3308b52ac191 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-3rw01Vobfus_c3a68d0eWindows This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will run when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers.c3a68d0ec1fed0bbb56ff380001a2073a49d398c1a8e3d7b7ae68234f0a2ca98248012fd c3a68d0ec1fed0bbb56ff380001a2073 080d08b5202a6da7052a3256c1863db41121881d75188ad96b9af9ab5932a97e https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-m4001Gamarue_b4ad9dc6Windows This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.b4ad9dc6d4c2787e5716310b2c6e84bd15a4c1cd078f33c3c4576c666ca59ee6af824f71 b4ad9dc6d4c2787e5716310b2c6e84bd 3e3decd6f11025d59dbb0c0457b9e5e0353a063d53d5725a3a94836819613a1c https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-xdi01Mikey_2087a325Windows This strike sends a malware sample known as Mikey. Win.Malware.Mikey is a trojan that installs itself on the system, collects information and communicates with a C2 server, potentially exfiltrating sensitive information. These types of threats can also receive additional commands and perform other malicious actions on the system such as installing additional malware upon request.2087a3256c8035aa72379c872001557991d827064e488a769aff6d07a4cfe5a46ac0cb63 2087a3256c8035aa72379c8720015579 bb99c43836000b751e3fa1deda851b646f02be036ad9d86a09adb7963bec7b69 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-mow01Upatre_cff046a9Windows This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.cff046a913975f5734f6d476ded97f1f1dd5e06c3cac49203718c828fa19523384bb808f cff046a913975f5734f6d476ded97f1f 2e09c458bc34495f4390b2783d17369a2f809860eb95b95ff914c6610fd42ab0 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-9i101Vobfus_faa1d8aeWindows This strike sends a malware sample known as Vobfus. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will run when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers.faa1d8ae1741841cc4b958d71043d62181b2447c97b8b2ffaf9872825cea96a31fa2137a faa1d8ae1741841cc4b958d71043d621 18ee7ed2c61ee532f9a42d02c3c53b017496071608324361117514bdd3fdcade https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-cze01Emotet_f8b0934bWindows This strike sends a malware sample known as Emotet. Emotet is a banking trojan that has remained relevant due to its continual evolution to bypass antivirus products. It is commonly spread via malicious emails.f8b0934b106e04ad16f3c5c1587cc56250b7130386ff9dec22c943930207223bbc8b20c8 f8b0934b106e04ad16f3c5c1587cc562 40651a1759d2ae614541d3f6e8bb6298ab72a242673c44e541dc28e30ca8929f https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-fzo01Gamarue_cfd38073Windows This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.cfd38073c0542bbe4e3a3d5b5bde5713afea0cb5182f279cea464bf7c206cae331a93667 cfd38073c0542bbe4e3a3d5b5bde5713 cd80fcca97cb88cb92da3d5fb396b24e102001d3efc06082e6e3dfded9f8ee0a https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-blh01Nymaim_e3b91ef1Windows This strike sends a malware sample known as Nymaim. Win.Malware.Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.e3b91ef1583194d01055d46635e92d83c5a4e6a7ea5e634fa3279a68e5f9a9141acaa977 e3b91ef1583194d01055d46635e92d83 5056a547e092c82e74a2da61a5a90eb2a7e7e551e39a3387753917bedf8c3130 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-mby01Gandcrab_f4ef0e90Windows This strike sends a malware sample known as Gandcrab. Gandcrab is ransomware that encrypts documents, photos, databases and other important files using the file extension ".GDCB", ".CRAB" or ".KRAB." It's spread through traditional spam campaigns, as well as multiple exploit kits, including Rig and Grandsoft.f4ef0e905cbba60c9bd6a91fab534b383a6c6fb82f666f6ef90b6fc07894e2b0820bdc12 f4ef0e905cbba60c9bd6a91fab534b38 02edf037074ebd2445625737108f7337715a6af17ec161429fa0392894e479bd https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-xoo01Gandcrab_6eac5ed1Windows This strike sends a malware sample known as Gandcrab. Gandcrab is ransomware that encrypts documents, photos, databases and other important files using the file extension ".GDCB", ".CRAB" or ".KRAB." It's spread through traditional spam campaigns, as well as multiple exploit kits, including Rig and Grandsoft.6eac5ed1e9961191c5942c87f54e726cef39c9730831fae694b8ff244ed568a9589f5440 6eac5ed1e9961191c5942c87f54e726c 04196939eee8a21a4480a5e5bcf34f70b20f1dad9c3038bc632a415130ac47e8 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-8mu01Mikey_e97e1d93Windows This strike sends a malware sample known as Mikey. Win.Malware.Mikey is a trojan that installs itself on the system, collects information and communicates with a C2 server, potentially exfiltrating sensitive information. These types of threats can also receive additional commands and perform other malicious actions on the system such as installing additional malware upon request.e97e1d93996abcc91a7d870c91a8e482e6310161edb7093829edd829edab65b7cc18c953 e97e1d93996abcc91a7d870c91a8e482 42228a6bafdf985fc02536b17990299589d967ad44d22dbefdb2dbc44681741b https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-s9101Upatre_bae1315aWindows This strike sends a malware sample known as Upatre. Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.bae1315a80c5c19ef9edbcc1dfe9b0d40f685019dc2ccf8c4d9c61ddd049596a75468b7b bae1315a80c5c19ef9edbcc1dfe9b0d4 d9d107fed85d142d6a5cb4d40a48b3ddf5c61f97bc502a297f816ac902fa13a6 https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-hvg01Nymaim_1d14820dWindows This strike sends a malware sample known as Nymaim. Win.Malware.Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.1d14820d7ddf2970b1020396b6684d71fabbd4473dbfa68dc84711252a42a6136eb867f0 1d14820d7ddf2970b1020396b6684d71 a20d48b79e72d3fc229929af39560ac26504fd31d20a7b29b81a4624eda6a0b9 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-soa01Mikey_6c9afb18Windows This strike sends a malware sample known as Mikey. Win.Malware.Mikey is a trojan that installs itself on the system, collects information and communicates with a C2 server, potentially exfiltrating sensitive information. These types of threats can also receive additional commands and perform other malicious actions on the system such as installing additional malware upon request.6c9afb18178718b71ced2ae97394a60e4d5a6373ae8a3e5958cea0275a22cfa972461e49 6c9afb18178718b71ced2ae97394a60e 95aa51bc0016bf055d53f1d663b560c97d15d19956787aecf8af7933e6765e5b https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-ly001Mikey_670f08d3Windows This strike sends a malware sample known as Mikey. Win.Malware.Mikey is a trojan that installs itself on the system, collects information and communicates with a C2 server, potentially exfiltrating sensitive information. These types of threats can also receive additional commands and perform other malicious actions on the system such as installing additional malware upon request.670f08d3fffe3998bf97154bfa68540a3bb792281bfdf0d72b1cae541e5bbdeec3f19abe 670f08d3fffe3998bf97154bfa68540a 2b52ef895983a4778aaa66dd90cc8bb296ca3b96b891c087c4fcf483d5bf48c6 https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-do301Gandcrab_81d7e038Windows This strike sends a malware sample known as Gandcrab. Gandcrab is ransomware that encrypts documents, photos, databases and other important files using the file extension ".GDCB", ".CRAB" or ".KRAB." It's spread through traditional spam campaigns, as well as multiple exploit kits, including Rig and Grandsoft.81d7e0384ef386da5dfeba80311cf5d06a99e4901f3016afbd78adf51d41b8d102e8ae49 81d7e0384ef386da5dfeba80311cf5d0 1ac89466a2668afd8d06d0f9345d48151dc2978b81985070bb23e30a767bd71c https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html#more
M18-i3201Mikey_e8e1a47cWindows This strike sends a malware sample known as Mikey. Win.Malware.Mikey is a trojan that installs itself on the system, collects information and communicates with a C2 server, potentially exfiltrating sensitive information. These types of threats can also receive additional commands and perform other malicious actions on the system such as installing additional malware upon request.e8e1a47cf4cf45eac05fe17665d3b223d1561956b02573f51fd555d20157a4e1a4ea06e0 e8e1a47cf4cf45eac05fe17665d3b223 911ce750a17ac1e43d53087630b1e3af416619aff2d086b89b6def0d0bfa927d https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more
M18-f4o01Mikey_fe91a7bcWindows This strike sends a malware sample known as Mikey. Win.Malware.Mikey is a trojan that installs itself on the system, collects information and communicates with a C2 server, potentially exfiltrating sensitive information. These types of threats can also receive additional commands and perform other malicious actions on the system such as installing additional malware upon request.fe91a7bc87b62b1f115a4c993a368243ca117bab2cb20a35e085392230c2d474c5b01a2a fe91a7bc87b62b1f115a4c993a368243 f3dd18c0de2af39bfd1dc3498de48e31668f6fdeb89065dcc9e7a81ae6c5046e https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html#more

Malware Strikes October - 2018

Back to top
Strike ID Malware Platform Info MD5 External References
M18-xnq01T9000_b9c584c7Windows This strike sends a malware sample known as T9000. This sample has been associated with the malware backdoor T9000. T9000 is a modular malware that was initially dropped via an RTF document that contained either CVE-2012-1856 or CVE-2015-1641 exploits. It includes capabilities like capturing encrypted data, taking screenshots, and evade security products. The purpose of this malware is to steal information from the targeted machine and send relevant critical files to the attacker.b9c584c7c34d14599de8cd3b72f2074b73160d3a59db4a5858cd51ef7428a444caaf7cc4 b9c584c7c34d14599de8cd3b72f2074b bf1b00b7430899d33795ef3405142e880ef8dcbda8aab0b19d80875a14ed852f https://researchcenter.paloaltonetworks.com/2016/02/t9000-advanced-modular-backdoor-uses-complex-anti-analysis-techniques/
M18-4k701RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.28ef823d10a3b78f8840310484e3cc699cc55e437efbacf2ddf0558c74c8b77bad889dcc 28ef823d10a3b78f8840310484e3cc69 b097a3fa288331b8ec2dd2e1332154268935afffbbb35ca0b302ee17ec9e89fb https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-r3401RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.19e3daf40460aea22962d98de4bc32d29d8f83e322741f98d145b073516738e9a2f9680f 19e3daf40460aea22962d98de4bc32d2 d44321ee252a6dd3a20315487bb249867a7d5d0089237d4d5622f006c863ce89 https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-z3a01Ryuk_1354ac0dWindows This strike sends a malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance.1354ac0d5be0c8d03f4e3aba78d2223ea44a8c8c8f167d455db41316f3616ef5703bffff 1354ac0d5be0c8d03f4e3aba78d2223e c51024bb119211c335f95e731cfa9a744fcdb645a57d35fb379d01b7dbdd098e https://research.checkpoint.com/ryuk-ransomware-targeted-campaign-break/
M18-y4g02Marap_e96b1418Mixed This strike sends a malware sample known as Marap. Marap is a modular downloader malware with a focus on downloading other modules and payloads. It has the ability to add functionality to itself over time due to its modular nature. For example it downloads a system fingerprinting module to allow the attacker to perform reconnaissance on the targeted machine.e96b1418314fe28dd5423144f756b7a3a69899bc097b0a69af732010b79ba9744799d0ea e96b1418314fe28dd5423144f756b7a3 1c6661cc19d071df75ef94c58829f223b8634c00a03d1dadcde222c25475fa05 https://www.proofpoint.com/us/threat-insight/post/new-modular-downloaders-fingerprint-systems-prepare-more-part-1-marap
M18-v8401GreyEnergy_275f821bWindows This strike sends a malware sample known as GreyEnergy. This sample is part of the GreyEnergy malware family that drops a lightweight first-stage backdoor to compromise the victim. Attackers then map the network and collect passwords to elevate their privileges. This malware also tries to employ stealthy C2 communication by getting the internal servers to proxy C2 requests from nodes inside the network to an external C2 server.275f821b328c06a2ef7b5ebb22af9cb6748fe84497423ed209357e923be28083d42d69de 275f821b328c06a2ef7b5ebb22af9cb6 7ceab4ac6b3376bb6b6e11e8b6b2a3c2398e0c1f1faef138bf60aa1765bfd25a https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/ https://www.welivesecurity.com/wp-content/uploads/2018/10/ESET_GreyEnergy.pdf
M18-abw01NOKKI_48f031f8Windows This strike sends a malware sample known as NOKKI. This malware establishes persistence on the victim machine. It then establishes a connection to a C2 server. It will collect information from the target machine, and can drop and execute various payloads as well.48f031f8120554a5f47259666fd0ee0202ee6302436250e1cee1e75cf452a127b397be8d 48f031f8120554a5f47259666fd0ee02 b8120d5c9c2c889b37aa9e37514a3b4964c6e41296be216b327cdccd2e908311
M18-51m01NOKKI_42fbea77Windows This strike sends a malware sample known as NOKKI. This malware establishes persistence on the victim machine. It then establishes a connection to a C2 server. It will collect information from the target machine, and can drop and execute various payloads as well.42fbea771f3e0ff04ac0a1d09db2a45e2b6b6f24f58072a02f03fa04deaccce04b6bb43b 42fbea771f3e0ff04ac0a1d09db2a45e 9bf634ff0bc7c69ffceb75f9773c198944d907ba822c02c44c83e997b88eeabd
M18-e0r01RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.b964645e76689d7e0d09234fb7854ede5c38844d5618f51ce356d95c5811760305eaadd4 b964645e76689d7e0d09234fb7854ede 1588e671c3c29ecbced61b01f08622562614cb9b19411cce3e259deafda6f2b7 https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-80p01GreyEnergy_92f63b12Windows This strike sends a malware sample known as GreyEnergy. This sample is part of the GreyEnergy malware family that drops a lightweight first-stage backdoor to compromise the victim. Attackers then map the network and collect passwords to elevate their privileges. This malware also tries to employ stealthy C2 communication by getting the internal servers to proxy C2 requests from nodes inside the network to an external C2 server.92f63b1227a6b37335495f9bcb939ea230af51f1f7cb9a9a46df3abffb6ae3e39935d82c 92f63b1227a6b37335495f9bcb939ea2 c2d06ad0211c24f36978fe34d25b0018ffc0f22b0c74fd1f915c608bf2cfad15 https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/ https://www.welivesecurity.com/wp-content/uploads/2018/10/ESET_GreyEnergy.pdf
M18-ixw01KONNI_38ead1e8Windows This strike sends a malware sample known as KONNI. This sample is a Remote Access Trojan that has many capabilities like taking screen shots, finding and executing files, and uploading files to a C2 server.38ead1e8ffd5b357e879d7cb8f467508d6b306a283ebba49c77f888c6e3e7c6034acd5eb 38ead1e8ffd5b357e879d7cb8f467508 44d0a1eaca283426c02a506f8dd2499ee006b96af26746bc751bc0353978922e https://www.fortinet.com/blog/threat-research/a-quick-look-at-a-new-konni-rat-variant.html
M18-1ob01GreyEnergy_2bff6b87Windows This strike sends a malware sample known as GreyEnergy. This sample is part of the GreyEnergy malware family that drops a lightweight first-stage backdoor to compromise the victim. Attackers then map the network and collect passwords to elevate their privileges. This malware also tries to employ stealthy C2 communication by getting the internal servers to proxy C2 requests from nodes inside the network to an external C2 server.2bff6b87ee4b4d1d4f9468939797e8a9bfc164e5a28a3d56b8493b1fc1ca4a12fa1ac6ac 2bff6b87ee4b4d1d4f9468939797e8a9 037723bdb9100d19bf15c5c21b649db5f3f61e421e76abe9db86105f1e75847b https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/ https://www.welivesecurity.com/wp-content/uploads/2018/10/ESET_GreyEnergy.pdf
M18-rec01RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.ee0718c18b2e9f941b5d0327a27fbda10e05cd3914443dd45000ed5f80c727bc846b59a1 ee0718c18b2e9f941b5d0327a27fbda1 d0ecc4b289a6bae15b8d05a3ce396ae17ff80bc74ba71999b6baeea59d114ee9 https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-btp01RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.a5d2403b98cddcd80b79a4658df4d1478f7ff105469267cffb46d79937023e017dd71185 a5d2403b98cddcd80b79a4658df4d147 14ef13a6d07575a06d788f305175fb3095640ba5c42d2558cc8b0dd552f8e5a6 https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-uux01NOKKI_ae27e617Windows This strike sends a malware sample known as NOKKI. This malware establishes persistence on the victim machine. It then establishes a connection to a C2 server. It will collect information from the target machine, and can drop and execute various payloads as well.ae27e617f4197cd30cc09fe784453cd4dc739ca07585eab7394843bc4dba2faca8e5bfe0 ae27e617f4197cd30cc09fe784453cd4 9b1a21d352ededd057ee3a965907126dd11d13474028a429d91e2349b1f00e10
M18-fgi01RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.8a4ed9c4a66d7ccb3d155f85383ea3b3923f95c17b37fd8a8b9394095b1047fd44d2138e 8a4ed9c4a66d7ccb3d155f85383ea3b3 1a4cac4a70cb95fae23bb917a549756ed33910b8b9be31c3b4d3c701879ec8fd https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-nb401ChachaDDos_36d3cf44Linux This strike sends a malware sample known as ChachaDDos. This malware establishes persistence during the first stage by adding itself to dhcprenew. Once this service is enabled it downloads and decrypts the second stage binary. Finally the malware performs the DDoS functionality through a TCP SYN attack.36d3cf441cf46c4be9763c30b2b953050ab55b573703e20ac99492e5954c1db91b83aa55 36d3cf441cf46c4be9763c30b2b95305 0006a8dfc7bb8d07c233b66fd54aff8b2f9c10cd2ef518e2541f7b81ae5650bb https://www.welivesecurity.com/2018/10/18/new-linux-chachaddos-malware-distributed-servers-vestacp-installed/
M18-zwr01RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.fe0198f4b3d9dc501c2b7db2750a228ba4d682cd2b3f2c475d06939004152f624a6ea6ba fe0198f4b3d9dc501c2b7db2750a228b 067d9a08ea3cc9c37dc03dc2d88d364bb17d4b07a2bd4060b2dde6f96b3dce88 https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-khh01RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.3e4bff0e8ed962f3c420692a35d2e503a7ea3faf634a752db70ce01d1d8c1f43fd4f4884 3e4bff0e8ed962f3c420692a35d2e503 8bbce6b2772a4d4e014634bcda448ad015743fd95ac801c713cc390704829c1d https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-3nx01RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.5145c98d809bc014c3af39415be8c9ac8b320db4452788315c34bce7f7af81f84ad7adc1 5145c98d809bc014c3af39415be8c9ac 7c8eb86d2181a69691dd32d1ec4b8bf3171a9f8eecd324799fadc4915caffc56 https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-vkr01Marap_13cc8c74Mixed This strike sends a malware sample known as Marap. Marap is a modular downloader malware with a focus on downloading other modules and payloads. It has the ability to add functionality to itself over time due to its modular nature. For example it downloads a system fingerprinting module to allow the attacker to perform reconnaissance on the targeted machine.13cc8c748ab6beab2b942a9d046795117bc60af7993f8bf3d595e98e87f8dd99d8e7182e 13cc8c748ab6beab2b942a9d04679511 2c5729e17b64cd4e905ccfeabbc913ed945e17625c35ec1d6932194aae83d7c6 https://www.proofpoint.com/us/threat-insight/post/new-modular-downloaders-fingerprint-systems-prepare-more-part-1-marap
M18-r9801RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.31e61e52d38f19cf3958df2239fba1a7a9ee622c0dc661a10dc3f96f3696b0ef8dbe7953 31e61e52d38f19cf3958df2239fba1a7 cc2617d7d904986b83baf7843db6969151363000678e8da599edbf6cf23cb827 https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-nn102NOKKI_cf62c2f6Windows This strike sends a malware sample known as NOKKI. This malware establishes persistence on the victim machine. It then establishes a connection to a C2 server. It will collect information from the target machine, and can drop and execute various payloads as well.cf62c2f67cd933ca176f84a26d4cdca265195ce6b3437acee417f405153f1c210cc86f6c cf62c2f67cd933ca176f84a26d4cdca2 d5fc0ef2d1ed037b5b6389882f9bb4ea15a6b41f21cdc0f5e90752f4e687445c
M18-61102Ryuk_5ac0f050Windows This strike sends a malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance.5ac0f050f93f86e69026faea1fbb44509709774fde9ec740ad6fed8ed79903296ca9d571 5ac0f050f93f86e69026faea1fbb4450 23f8aa94ffb3c08a62735fe7fee5799880a8f322ce1d55ec49a13a3f85312db2 https://research.checkpoint.com/ryuk-ransomware-targeted-campaign-break/
M18-gf401RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.a21322b2416fce17a1877542d16929d5faae3d8930839a2283423212f9a38ac2bf59b405 a21322b2416fce17a1877542d16929d5 7e49b7c6ed359b4e910e8d4d2c9436d99cddeb7f9af2e2f1082d0ca45d469566 https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-q9p01CobInt_2f98a491Mixed This strike sends a malware sample known as CobInt. This sample has been associated with the CobInt downloader malware. The malware is modular and contains three stages the initial downloader, the main component itself, and various additional modules that are often associated with modular malware functionality.2f98a491258b6606b7d9ad2a662a55130add1984917ac56eb2824ca20f71e730a814fdb5 2f98a491258b6606b7d9ad2a662a5513 5d29b89e9ee14261c1b556bbc66650488b590f311173aef641e178ba735e6e0d https://www.proofpoint.com/us/threat-insight/post/new-modular-downloaders-fingerprint-systems-part-3-cobint
M18-zq601CobInt_f3bb3e2cWindows This strike sends a malware sample known as CobInt. This sample has been associated with the CobInt downloader malware. The malware is modular and contains three stages the initial downloader, the main component itself, and various additional modules that are often associated with modular malware functionality.f3bb3e2c03f3976c107de88b43a22655a9fa69915e8c6e8b96c6cd68b94f7220021053cb f3bb3e2c03f3976c107de88b43a22655 5859a21be4ca9243f6adf70779e6986f518c3748d26c427a385efcd3529d8792 https://www.proofpoint.com/us/threat-insight/post/new-modular-downloaders-fingerprint-systems-part-3-cobint
M18-us901RoamingMixed This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.6cac4c9eda750a69e435c801a7ca7b8dd53e174b0df2083643bf567cdf0e8886c3e34772 6cac4c9eda750a69e435c801a7ca7b8d 7c6d4d34a237087546d625960973fb2ad17fd8c81bd63cce710aa10e115ad40a https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-08m01GreyEnergy_1cb35f43Windows This strike sends a malware sample known as GreyEnergy. This sample is part of the GreyEnergy malware family that drops a lightweight first-stage backdoor to compromise the victim. Attackers then map the network and collect passwords to elevate their privileges. This malware also tries to employ stealthy C2 communication by getting the internal servers to proxy C2 requests from nodes inside the network to an external C2 server.1cb35f4340a37e75aff1f901629b59f3cc1ce3073937552459fb8ed0adb5d56fa00bcd43 1cb35f4340a37e75aff1f901629b59f3 b60c0c04badc8c5defab653c581d57505b3455817b57ee70af74311fa0b65e22 https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/ https://www.welivesecurity.com/wp-content/uploads/2018/10/ESET_GreyEnergy.pdf
M18-5yr01AdvisorsBot_6c8e800fWindows This strike sends a malware sample known as AdvisorsBot. AdvisorsBot is a modular downloader malware that was seen in the wild originally targeting hotels restaurants and telecommunications. The malware employs many anti-analysis features to slow the investigation process. Like most modular malware it can install modules that perform functionality like running system commands, take screenshots, and system fingerprinting. It then sends this information back to the attacker controlled C2 server.6c8e800f14f927de051a3788083635e51d8e2f4218acfb6f05932f6b57a814135e1a068c 6c8e800f14f927de051a3788083635e5 ee32c4e0a4b345029d8b0f5c6534fa9fc41e795cc937d3f3fd743dcb0a1cea35 https://www.proofpoint.com/us/threat-insight/post/new-modular-downloaders-fingerprint-systems-part-2-advisorsbot
M18-ric01RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.808b186ddfa5e62ee882d5bdb94cc6e2983e80acbe61c5e4097217c6d33447811a6cf086 808b186ddfa5e62ee882d5bdb94cc6e2 29e309dbb4873fe43e279010932735baff53b32da95263079e06080a29a875b4 https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-xhe01RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.b4152bee9eca9eb247353e0ecab37aa57771826c19890d967efd3f5e5e233ce411f31b5f b4152bee9eca9eb247353e0ecab37aa5 e629f80c9e393cf0ff02b7097a12f098b94dd879f18283caa70c426087c39a4a https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-s7801RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.f89214bfa4b4ac9000087e4253e7f75404599b2367a3aa9937b5820c8563b10f48578e05 f89214bfa4b4ac9000087e4253e7f754 e3228f9fc6a6bc71e5281010fdc78dcc453401074c95e51791fd9a4ee2affcf3 https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-kxp01Ryuk_d348f536Windows This strike sends a malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance.d348f536e214a47655af387408b4fca513f11e273f9a4a56557f03821c3bfd591cca6ebc d348f536e214a47655af387408b4fca5 3012f472969327d5f8c9dac63b8ea9c5cb0de002d16c120a6bba4685120f58b4 https://research.checkpoint.com/ryuk-ransomware-targeted-campaign-break/
M18-rdf01NOKKI_88587c43Windows This strike sends a malware sample known as NOKKI. This malware establishes persistence on the victim machine. It then establishes a connection to a C2 server. It will collect information from the target machine, and can drop and execute various payloads as well.88587c43daff30cd3cc0c913a390e9df1cc8ceeef9a2ea4260fae03368a9d07d56e8331b 88587c43daff30cd3cc0c913a390e9df 07b90088ec02ef6757f6590a62e2a038ce769914139aff1a26b50399a31dcde9
M18-49001RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.46c34be9b3ff01e73153937ef35b076662cc7b2ec891637029f4e108155d2837816f21dd 46c34be9b3ff01e73153937ef35b0766 53296107feaca4bdd0cb320502cbc905f3dff9841a004a2576f7190dbe21e328 https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-drx01CobInt_0e01a700Windows This strike sends a malware sample known as CobInt. This sample has been associated with the CobInt downloader malware. The malware is modular and contains three stages the initial downloader, the main component itself, and various additional modules that are often associated with modular malware functionality.0e01a700ab4255045e3d29c1fd9776007c3a69cd06707540a7115d4c32a1d26f5fe80424 0e01a700ab4255045e3d29c1fd977600 ab73ad1ef898e25052c500244a754aa9964dff7fd173b903d1230a9e8d91596f https://www.proofpoint.com/us/threat-insight/post/new-modular-downloaders-fingerprint-systems-part-3-cobint
M18-4o301T9000_2299fb82Windows This strike sends a malware sample known as T9000. This sample has been associated with the malware backdoor T9000. T9000 is a modular malware that was initially dropped via an RTF document that contained either CVE-2012-1856 or CVE-2015-1641 exploits. It includes capabilities like capturing encrypted data, taking screenshots, and evade security products. The purpose of this malware is to steal information from the targeted machine and send relevant critical files to the attacker.2299fb8268f47294eb2b18282540a955cb57196bde3f520e87c948b4676bf487c0fd513e 2299fb8268f47294eb2b18282540a955 3dfc94605daf51ebd7bbccbb3a9049999f8d555db0999a6a7e6265a7e458cab9 https://researchcenter.paloaltonetworks.com/2016/02/t9000-advanced-modular-backdoor-uses-complex-anti-analysis-techniques/
M18-bik01GreyEnergy_549ace27Windows This strike sends a malware sample known as GreyEnergy. This sample is part of the GreyEnergy malware family that drops a lightweight first-stage backdoor to compromise the victim. Attackers then map the network and collect passwords to elevate their privileges. This malware also tries to employ stealthy C2 communication by getting the internal servers to proxy C2 requests from nodes inside the network to an external C2 server.549ace2711a324a977be83887f10ed9c10d7687c44beca4151bb07f78c6e605e8a552889 549ace2711a324a977be83887f10ed9c 6974b8acf6a8f7684673b01753c3a8248a1c491900cccf771db744ca0442f96a https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/ https://www.welivesecurity.com/wp-content/uploads/2018/10/ESET_GreyEnergy.pdf
M18-6q301RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.1cc88a79424091121a83d58b6886ea7a9f7ad6e64c1063b52fe11439fd55f902211b72e3 1cc88a79424091121a83d58b6886ea7a 4e32493e6c87b0e2ef3e6ae32f5c32d75ae36c92524a185eabc88fea3c7938c8 https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-mqr01CobInt_9e60c89cMixed This strike sends a malware sample known as CobInt. This sample has been associated with the CobInt downloader malware. The malware is modular and contains three stages the initial downloader, the main component itself, and various additional modules that are often associated with modular malware functionality.9e60c89cc58b3e47d93864433622ae32e99a477d8942b7727cbb8be468039f7bfb34dfb3 9e60c89cc58b3e47d93864433622ae32 eb9d34aba286471a147488ea82eec9902034f9f1cf75c4fa1c7dd40815a493d8 https://www.proofpoint.com/us/threat-insight/post/new-modular-downloaders-fingerprint-systems-part-3-cobint
M18-71201Ryuk_29340643Windows This strike sends a malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance.29340643ca2e6677c19e1d3bf351d6541581fe76e3c96dc33182daafd09c8cf5c17004e0 29340643ca2e6677c19e1d3bf351d654 113af75f13547be184822f1268f984b79f35965a1b1f963d23b50a09741b0aec https://research.checkpoint.com/ryuk-ransomware-targeted-campaign-break/
M18-w4y01RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.4d9a7e425f8c8b02d598ef0a0a776a586326ee3221532268e5d26164376408b28292ff85 4d9a7e425f8c8b02d598ef0a0a776a58 c65318aa58c9091b938948b62c4b5d6e47237697d8d2f96863f99ef177b6818d https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-yq901AdvisorsBot_54abb22bMixed This strike sends a malware sample known as AdvisorsBot. AdvisorsBot is a modular downloader malware that was seen in the wild originally targeting hotels restaurants and telecommunications. The malware employs many anti-analysis features to slow the investigation process. Like most modular malware it can install modules that perform functionality like running system commands, take screenshots, and system fingerprinting. It then sends this information back to the attacker controlled C2 server.54abb22b0b5656540eec35fc5591a324f96760cf48d7af79e7cf78fc90082900059522ea 54abb22b0b5656540eec35fc5591a324 6d73bea291bf6114af8333031187ac05fdfc8afe05025b272f510a6977b2153e https://www.proofpoint.com/us/threat-insight/post/new-modular-downloaders-fingerprint-systems-part-2-advisorsbot
M18-yl201GreyEnergy_224c2d88Windows This strike sends a malware sample known as GreyEnergy. This sample is part of the GreyEnergy malware family that drops a lightweight first-stage backdoor to compromise the victim. Attackers then map the network and collect passwords to elevate their privileges. This malware also tries to employ stealthy C2 communication by getting the internal servers to proxy C2 requests from nodes inside the network to an external C2 server.224c2d888bce0c3d19fbef41cb20b45ae3e61df9e0dd92c98223c750e13001cbb73a1e31 224c2d888bce0c3d19fbef41cb20b45a 165a7853ef51e96ce3f88bb33f928925b24ca5336e49845fc5fc556812092740 https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/ https://www.welivesecurity.com/wp-content/uploads/2018/10/ESET_GreyEnergy.pdf
M18-46l01NOKKI_82625a7fWindows This strike sends a malware sample known as NOKKI. This malware establishes persistence on the victim machine. It then establishes a connection to a C2 server. It will collect information from the target machine, and can drop and execute various payloads as well.82625a7fd34aa47602f82d7b1f454ea46ae0969e068e937fc7a3825307d9e66814ab56da 82625a7fd34aa47602f82d7b1f454ea4 4e84f97bb61c2d373a574676fa374131460839ecc7b53064f558ce7ce55528ad
M18-4ml01GreyEnergy_c9d46876Windows This strike sends a malware sample known as GreyEnergy. This sample is part of the GreyEnergy malware family that drops a lightweight first-stage backdoor to compromise the victim. Attackers then map the network and collect passwords to elevate their privileges. This malware also tries to employ stealthy C2 communication by getting the internal servers to proxy C2 requests from nodes inside the network to an external C2 server.c9d46876d5ab346e8921973b719aff58f36ecac8696aa0862ad3779ca464b2cd399d8099 c9d46876d5ab346e8921973b719aff58 c21cf6018c2ee0a90b9d2c401aae8071c90b5a4bc9848a94d678d77209464f79 https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/ https://www.welivesecurity.com/wp-content/uploads/2018/10/ESET_GreyEnergy.pdf
M18-hae01RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.07eab01094567c6d62a73f7098634eb89b960d4d85026a52271a31f07e2f1609ab58a947 07eab01094567c6d62a73f7098634eb8 4e26d9e0ab05647c36392c3122e6b5615c96d069d4c708ad8bc02786b98cf1ea https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-wix01Ryuk_c0202cf6Windows This strike sends a malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance.c0202cf6aeab8437c638533d14563d355767653494d05b3f3f38f1662a63335d09ae6489 c0202cf6aeab8437c638533d14563d35 8d3f68b16f0710f858d8c1d2c699260e6f43161a5510abb0e7ba567bd72c965b https://research.checkpoint.com/ryuk-ransomware-targeted-campaign-break/
M18-cs901GreyEnergy_e420d6e2Windows This strike sends a malware sample known as GreyEnergy. This sample is part of the GreyEnergy malware family that drops a lightweight first-stage backdoor to compromise the victim. Attackers then map the network and collect passwords to elevate their privileges. This malware also tries to employ stealthy C2 communication by getting the internal servers to proxy C2 requests from nodes inside the network to an external C2 server.e420d6e25bc6a01216de80237460f565dfd8665d91c508faf66e2bc2789b504670762ea2 e420d6e25bc6a01216de80237460f565 c6a54912f77a39c8f909a66a940350dcd8474c7a1d0e215a878349f1b038c58a https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/ https://www.welivesecurity.com/wp-content/uploads/2018/10/ESET_GreyEnergy.pdf
M18-89i02T9000_a45e5c32Windows This strike sends a malware sample known as T9000. This sample has been associated with the malware backdoor T9000. T9000 is a modular malware that was initially dropped via an RTF document that contained either CVE-2012-1856 or CVE-2015-1641 exploits. It includes capabilities like capturing encrypted data, taking screenshots, and evade security products. The purpose of this malware is to steal information from the targeted machine and send relevant critical files to the attacker.a45e5c32fc2bc7be9d6e4bba8b2807bffb7eba5de0304aa81711e645d6f3f203a1092613 a45e5c32fc2bc7be9d6e4bba8b2807bf 1cea4e49bd785378d8beb863bb8eb662042dffd18c85b8c14c74a0367071d9a7 https://researchcenter.paloaltonetworks.com/2016/02/t9000-advanced-modular-backdoor-uses-complex-anti-analysis-techniques/
M18-ml601RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.7aa46b4d67c3ab07caa53e8d8df3005c7e92fefd5e4991aad951e9b9ec16be5c0d6633dd 7aa46b4d67c3ab07caa53e8d8df3005c a2fafbb7cb9fab38aa31f1e14a6302ac528bb891b6063c6db12737a53d29cde7 https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-5wg01RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.b84b0d5f128a8e0621733a6f3b412e191f4b437f985e2c56f06bfe7f538be32330770a57 b84b0d5f128a8e0621733a6f3b412e19 1849e8dfd9d1c03dbe6c1464f9b05492012a6c14a0a5b63feb938f1c8b70309b https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-pw601RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.904b4d615c05952bcf58f35acadee5c104924ecb63f0d30c16fa25d625d6e350fc0b28f2 904b4d615c05952bcf58f35acadee5c1 7595c97eb7f2ff4da237746cdac7992df6a4963dcf2f96c9ae19f7a2dc8c88f7 https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-6dy01RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.531714703557a58584a102ecc34162ff9030d2bf4fc529aa914b171edbd32970ddd2eeb3 531714703557a58584a102ecc34162ff e58196f94f3b76e6c3d90c4ade26403ac655327385f7b875c29d3abf6ee715da https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-ojw01NOKKI_f9e42414Windows This strike sends a malware sample known as NOKKI. This malware establishes persistence on the victim machine. It then establishes a connection to a C2 server. It will collect information from the target machine, and can drop and execute various payloads as well.f9e42414fb19fd863fdf7066e01661f30885341bd5a6fbcad2f010b2e839f7e8b47e6b37 f9e42414fb19fd863fdf7066e01661f3 c3172b403068aabc711b7cbe4d923ae1fa705ce11c4cc71271fde83ce751c21c
M18-6hz01RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.3ed3b8ecce178c2e977a269524f43576dbd1a0dffdea64a10e95fddaa40541ae5f7867f8 3ed3b8ecce178c2e977a269524f43576 c888118cea08d596daf41ebd518098e2b43c226898a5dd1cdd3760a7ab2723a2 https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-g4z01AdvisorsBot_a487b5f2Mixed This strike sends a malware sample known as AdvisorsBot. AdvisorsBot is a modular downloader malware that was seen in the wild originally targeting hotels restaurants and telecommunications. The malware employs many anti-analysis features to slow the investigation process. Like most modular malware it can install modules that perform functionality like running system commands, take screenshots, and system fingerprinting. It then sends this information back to the attacker controlled C2 server.a487b5f266a5abdca7ebd94c878605cafe7b30e03eb8594a719c667fff0da120c7f2b1de a487b5f266a5abdca7ebd94c878605ca 956eae6395ed5e1b2d49ffa08ff85b42d1fc210531ab9c48c2d76e6ee38c9781 https://www.proofpoint.com/us/threat-insight/post/new-modular-downloaders-fingerprint-systems-part-2-advisorsbot
M18-jce01RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.36b2609a98aa39c730c2f5b49097d0ad4fa838a4c72042f752e40c7ca7dace252abb67b4 36b2609a98aa39c730c2f5b49097d0ad cb93528b0f5465d9402ab0530f4e325693f5c189794d2b5466f85d3703f7e861 https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-yei02NOKKI_73be3dd1Windows This strike sends a malware sample known as NOKKI. This malware establishes persistence on the victim machine. It then establishes a connection to a C2 server. It will collect information from the target machine, and can drop and execute various payloads as well.73be3dd11a9cb73483d22cf3cb5022e17a7840893327535a3b54461051d40e0c7a595a58 73be3dd11a9cb73483d22cf3cb5022e1 fd673703c502be907919a4ff2922b7b969d96d206abc572a5cb83e69ab32ca18
M18-zwb01RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.03108e7f426416b0eaca9132f082d568e2af0ce5ed66cd81a403f6d0a8db1ac3f418f6e8 03108e7f426416b0eaca9132f082d568 6f20f227f79debfdae32233b59f4dc15c7faf05036b21e8cd46b24ebc52f0bf8 https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-niw01RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.307d2780185ba2b8c5ad4c9256407504abd6c061f19b457517301238c3207fdcbb11e1af 307d2780185ba2b8c5ad4c9256407504 e86995febce96d9db7d4963ad4ca4b974ba614e25213850757323d0e4abbb803 https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-v3m01RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.3e01b64fb9fe9605fee7c07e42907a3b36ea37c47fa27c1a7419fb4367cdf2b071182d25 3e01b64fb9fe9605fee7c07e42907a3b 034fab67fb4d351b524975c75794c8406f1f35d17ca969513d03d9748402d7ab https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-t8501RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.cc1e4d3af5698feb36878df0233ab14a8da871d717417704aadc4cfe32e2503cb526503b cc1e4d3af5698feb36878df0233ab14a 537843714adaa141c2a084041a7f373ecab20d75f63dc7dc522bb59b98c1f630 https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-qpo01AdvisorsBot_148166c4Mixed This strike sends a malware sample known as AdvisorsBot. AdvisorsBot is a modular downloader malware that was seen in the wild originally targeting hotels restaurants and telecommunications. The malware employs many anti-analysis features to slow the investigation process. Like most modular malware it can install modules that perform functionality like running system commands, take screenshots, and system fingerprinting. It then sends this information back to the attacker controlled C2 server.148166c4423934a72db2eb5d88c99483cd7a9e52e101b8a304a5eb767a18022f81c1c691 148166c4423934a72db2eb5d88c99483 1eb1ef64a9b41267e362597e071e181acb86b50e708ede4a9448689da7fb2425 https://www.proofpoint.com/us/threat-insight/post/new-modular-downloaders-fingerprint-systems-part-2-advisorsbot
M18-c8101NOKKI_27a7d46bWindows This strike sends a malware sample known as NOKKI. This malware establishes persistence on the victim machine. It then establishes a connection to a C2 server. It will collect information from the target machine, and can drop and execute various payloads as well.27a7d46b76379ab025b5166905379e4f87d0dc7d69e79855c7f65164b7bac49c62b09f89 27a7d46b76379ab025b5166905379e4f d211815177ce4b9fd2d3c258d2fc6282c23b8458d71f8f6f0df06a9dda89c12f
M18-3rj01GreyEnergy_16bb9defWindows This strike sends a malware sample known as GreyEnergy. This sample is part of the GreyEnergy malware family that drops a lightweight first-stage backdoor to compromise the victim. Attackers then map the network and collect passwords to elevate their privileges. This malware also tries to employ stealthy C2 communication by getting the internal servers to proxy C2 requests from nodes inside the network to an external C2 server.16bb9def4fabfa2ccb3efc1ca5bfc2fa0b5d24e6520b8d6547526fcbfc5768ec5ad19314 16bb9def4fabfa2ccb3efc1ca5bfc2fa 0db5e5b68dc4b8089197de9c1e345056f45c006b7b487f7d8d57b49ae385bad0 https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/ https://www.welivesecurity.com/wp-content/uploads/2018/10/ESET_GreyEnergy.pdf
M18-3sk01RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.1b984d8cb76297efa911a3c49805432e9b571558d73df65cc73a169e6be641fad0c456a0 1b984d8cb76297efa911a3c49805432e 9deb2e7f95d73656bd25fe769179e36939f8c18439c8713da27f2e0b356d50cc https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-ybs01AdvisorsBot_4d747171Windows This strike sends a malware sample known as AdvisorsBot. AdvisorsBot is a modular downloader malware that was seen in the wild originally targeting hotels restaurants and telecommunications. The malware employs many anti-analysis features to slow the investigation process. Like most modular malware it can install modules that perform functionality like running system commands, take screenshots, and system fingerprinting. It then sends this information back to the attacker controlled C2 server.4d7471711185364b8d9c8a19bc6ff3d8ea29bb4405bbba69cdd46c2302fcf7f21dbb9288 4d7471711185364b8d9c8a19bc6ff3d8 9dd12d3a32d2ba133bac8747f872f649b389a9cf3f4baaa9fad69a43d2e4f982 https://www.proofpoint.com/us/threat-insight/post/new-modular-downloaders-fingerprint-systems-part-2-advisorsbot
M18-9jg01RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.3ba4882dbf2dd6bd4fc0f54ec1373f4c2f404a2fc02a05430120f1a24032290820bf9f32 3ba4882dbf2dd6bd4fc0f54ec1373f4c f51084698b9c8f847ae21d443dc709e5edd2033e7b1065ab5d72a0487cd9df67 https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-cvs01RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.57abbe642b85fa00b1f76f62acad4d3bbe87ba65ae0c699735a821d45533d1827da2f94d 57abbe642b85fa00b1f76f62acad4d3b 00678c811a7b53c8b69cfffe9997a30d831bce50f69ae1dbdcfc635ef176bc89 https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-ye601RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.bd90279ad5c5a813bc34c06093665e55884ee61b14a6b81abb99d26965731009cd2fd8da bd90279ad5c5a813bc34c06093665e55 b125ea78fb390950893d146a51f513440314be7648207b59e5d0a1752740f273 https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-tbb01NOKKI_04d3b08dWindows This strike sends a malware sample known as NOKKI. This malware establishes persistence on the victim machine. It then establishes a connection to a C2 server. It will collect information from the target machine, and can drop and execute various payloads as well.04d3b08d48bcd7a46e32a70b457c419c3e0cc823edd8302bddb1ccdd4bf75dfab53763e8 04d3b08d48bcd7a46e32a70b457c419c dce53e59b0c48e269dadc766a78667a14f11b72c49f57d95abde62c84ac8d7ae
M18-qdq01AdvisorsBot_a4f80119Mixed This strike sends a malware sample known as AdvisorsBot. AdvisorsBot is a modular downloader malware that was seen in the wild originally targeting hotels restaurants and telecommunications. The malware employs many anti-analysis features to slow the investigation process. Like most modular malware it can install modules that perform functionality like running system commands, take screenshots, and system fingerprinting. It then sends this information back to the attacker controlled C2 server.a4f80119e61fa5fd0332079466dfb8a8895a0dfcc96ff5d513f07da43a0f5e721499d8ff a4f80119e61fa5fd0332079466dfb8a8 fdf5072b904ba9148d8b98e4ba01987e644449e2b10f033ca4d2f967dc502a58 https://www.proofpoint.com/us/threat-insight/post/new-modular-downloaders-fingerprint-systems-part-2-advisorsbot
M18-cqa02RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.7714321baf6a54b09baa6a777b9742ef9215e8ac473dbd61b1e1c684d377a031f19b1fa8 7714321baf6a54b09baa6a777b9742ef 08327910f05f30e68f20c2a701a2f36459f31a919effdaf907747fb1237bf437 https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-f6e01ChachaDDos_c3b5f4a7Linux This strike sends a malware sample known as ChachaDDos. This malware establishes persistence during the first stage by adding itself to dhcprenew. Once this service is enabled it downloads and decrypts the second stage binary. Finally the malware performs the DDoS functionality through a TCP SYN attack.c3b5f4a742557772fad593412352b014334ad99a11a0c9dd29171a81821be7e3f3848305 c3b5f4a742557772fad593412352b014 8317367e18ffb58dda665c5ff31bcdb679f4c2968b0acd094bb2bf4441e5e2e5 https://www.welivesecurity.com/2018/10/18/new-linux-chachaddos-malware-distributed-servers-vestacp-installed/
M18-rid01CobInt_61619907Windows This strike sends a malware sample known as CobInt. This sample has been associated with the CobInt downloader malware. The malware is modular and contains three stages the initial downloader, the main component itself, and various additional modules that are often associated with modular malware functionality.616199072a11d95373b3c38626ad4c9357201d6d3a8b1585f5855e7d3927542c281b1494 616199072a11d95373b3c38626ad4c93 2f7b5219193541ae993f5cf87a1f6c07705aaa907354a6292bc5c8d8585e8bd1 https://www.proofpoint.com/us/threat-insight/post/new-modular-downloaders-fingerprint-systems-part-3-cobint
M18-7qj01Marap_744e0a9cMixed This strike sends a malware sample known as Marap. Marap is a modular downloader malware with a focus on downloading other modules and payloads. It has the ability to add functionality to itself over time due to its modular nature. For example it downloads a system fingerprinting module to allow the attacker to perform reconnaissance on the targeted machine.744e0a9c568456cfaed7aa72b6b4ca6ba534b7a3cd26ffa9df62cdbbb9f4edc230f44765 744e0a9c568456cfaed7aa72b6b4ca6b a6a31f6b6ac73131a792daa255df88d71ba8c467abfa2a5580221a694c96c2cc https://www.proofpoint.com/us/threat-insight/post/new-modular-downloaders-fingerprint-systems-prepare-more-part-1-marap
M18-bgu01GreyEnergy_7552b4c6Windows This strike sends a malware sample known as GreyEnergy. This sample is part of the GreyEnergy malware family that drops a lightweight first-stage backdoor to compromise the victim. Attackers then map the network and collect passwords to elevate their privileges. This malware also tries to employ stealthy C2 communication by getting the internal servers to proxy C2 requests from nodes inside the network to an external C2 server.7552b4c677048caeb0112d9b8225459b3cbdc146441e4858a1de47df0b4b795c4b0c2862 7552b4c677048caeb0112d9b8225459b 4470e40f63443aa27187a36bbb0c2f4def42b589b61433630df842b6e365ae3d https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/ https://www.welivesecurity.com/wp-content/uploads/2018/10/ESET_GreyEnergy.pdf
M18-utd01Ryuk_cb0c1248Windows This strike sends a malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance.cb0c1248d3899358a375888bb4e8f3feb72e75e9e901a44b655a5cf89cf0eadcaff46037 cb0c1248d3899358a375888bb4e8f3fe 1455091954ecf9ccd6fe60cb8e982d9cfb4b3dc8414443ccfdfc444079829d56 https://research.checkpoint.com/ryuk-ransomware-targeted-campaign-break/
M18-a8g01NOKKI_62a20f39Windows This strike sends a malware sample known as NOKKI. This malware establishes persistence on the victim machine. It then establishes a connection to a C2 server. It will collect information from the target machine, and can drop and execute various payloads as well.62a20f3938af51bab9d64ad49f8864fa24f5ad95ad8e26d6b643333083646b25820541ee 62a20f3938af51bab9d64ad49f8864fa 0657f788e89a437a1e6fe2630c19436736aa55dcf255540698864a7576192611
M18-wnv01CobInt_ec9d45b6Windows This strike sends a malware sample known as CobInt. This sample has been associated with the CobInt downloader malware. The malware is modular and contains three stages the initial downloader, the main component itself, and various additional modules that are often associated with modular malware functionality.ec9d45b695f98bfbf3b7cdc1dc02f83d068c562c764685ee3df900c39efc07e901dc89fc ec9d45b695f98bfbf3b7cdc1dc02f83d 1fc24f89f1d27addd422c99a163cedc97497b76b5240da3b5f58096025bbe383 https://www.proofpoint.com/us/threat-insight/post/new-modular-downloaders-fingerprint-systems-part-3-cobint
M18-cqj01CobInt_a3b705ceMixed This strike sends a malware sample known as CobInt. This sample has been associated with the CobInt downloader malware. The malware is modular and contains three stages the initial downloader, the main component itself, and various additional modules that are often associated with modular malware functionality.a3b705ce3d677361a7a9b2b0bdf04a04f3eb833f53dac1cc98b3b411c6d9fd66603cec02 a3b705ce3d677361a7a9b2b0bdf04a04 0367554ce285a3622eb5ca1991cfcb98b620d0609c07cf681d9546e2bf1761c4 https://www.proofpoint.com/us/threat-insight/post/new-modular-downloaders-fingerprint-systems-part-3-cobint
M18-vig01RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.34efc3ebf51a6511c0d12cce7592db735f657a60d5ad9bbf01acc49f2242ec7348065f21 34efc3ebf51a6511c0d12cce7592db73 b623da28673a1934bd61dea94a88c37e5fbe9999ed3d6ba311176d65f64c4a4d https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-fa201RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.ff163a92f2622f2b8330a5730d3d636c85e968fdf17fa9850879114090121e9d9a676934 ff163a92f2622f2b8330a5730d3d636c aa183fda57fde0137ab931f3729215956e6f9ee158d90ed82151948f70db841b https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-bs901ChachaDDos_b81ee6faLinux This strike sends a malware sample known as ChachaDDos. This malware establishes persistence during the first stage by adding itself to dhcprenew. Once this service is enabled it downloads and decrypts the second stage binary. Finally the malware performs the DDoS functionality through a TCP SYN attack.b81ee6fa0d906f44c5567a25e126d26fbd5d0093bba318a77fd4e24b34ced85348e43960 b81ee6fa0d906f44c5567a25e126d26f b2a2a3a9c99f45096ee4b08be3f8f0a17cfed33e8384052bb332ee4941fab9a5 https://www.welivesecurity.com/2018/10/18/new-linux-chachaddos-malware-distributed-servers-vestacp-installed/
M18-opq01GreyEnergy_e3a2c3a0Mixed This strike sends a malware sample known as GreyEnergy. This sample is part of the GreyEnergy malware family that drops a lightweight first-stage backdoor to compromise the victim. Attackers then map the network and collect passwords to elevate their privileges. This malware also tries to employ stealthy C2 communication by getting the internal servers to proxy C2 requests from nodes inside the network to an external C2 server.e3a2c3a025d1aee589026d09e2a0ca50177af8f6e8d6f4952d13f88cdf1887cb7220a645 e3a2c3a025d1aee589026d09e2a0ca50 f50ee030224bf617ba71d88422c25d7e489571bc1aba9e65dc122a45122c9321 https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/ https://www.welivesecurity.com/wp-content/uploads/2018/10/ESET_GreyEnergy.pdf
M18-r9y01RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.13c8dda30b866e84163f82b95008790a114b60e1b0ebd0960ce8a9a35e9bff02dd876754 13c8dda30b866e84163f82b95008790a 6973dbf328a589ac4ceac259231430c3dc66259d22bdfdc02d1b369dcf703aac https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-3li01ChachaDDos_198b7540Linux This strike sends a malware sample known as ChachaDDos. This malware establishes persistence during the first stage by adding itself to dhcprenew. Once this service is enabled it downloads and decrypts the second stage binary. Finally the malware performs the DDoS functionality through a TCP SYN attack.198b75402448a731f11d076a44cf45ec0413f832d8161187172aef7a769586515f969479 198b75402448a731f11d076a44cf45ec b2c5518000921f3f6bd6b800b89ceb51d37359f83dbff2ca120e0cc9bfe52b9e https://www.welivesecurity.com/2018/10/18/new-linux-chachaddos-malware-distributed-servers-vestacp-installed/
M18-h8201AdvisorsBot_733d9102Windows This strike sends a malware sample known as AdvisorsBot. AdvisorsBot is a modular downloader malware that was seen in the wild originally targeting hotels restaurants and telecommunications. The malware employs many anti-analysis features to slow the investigation process. Like most modular malware it can install modules that perform functionality like running system commands, take screenshots, and system fingerprinting. It then sends this information back to the attacker controlled C2 server.733d9102c99787ecef25db845df14d215624ade8e168052fe90f9856c7306c1a9dc52b9e 733d9102c99787ecef25db845df14d21 c659b00a65a574a08fff64662581a8ecae7eafa38850a6c7c19b88c2085a1c03 https://www.proofpoint.com/us/threat-insight/post/new-modular-downloaders-fingerprint-systems-part-2-advisorsbot
M18-qys01RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.b43335b043212355619fd827b01be9a04081d97e42386d8a9d28c073ad7ed9337e783543 b43335b043212355619fd827b01be9a0 bcb34ee2d1e1083bfbb5062fc8f10de6eece0904c853821f0e8d39086bc31503 https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-9rs01T9000_fb1e8c42Mixed This strike sends a malware sample known as T9000. This sample has been associated with the malware backdoor T9000. T9000 is a modular malware that was initially dropped via an RTF document that contained either CVE-2012-1856 or CVE-2015-1641 exploits. It includes capabilities like capturing encrypted data, taking screenshots, and evade security products. The purpose of this malware is to steal information from the targeted machine and send relevant critical files to the attacker.fb1e8c42d11e3a2de97814e451ee33752552c92922e2391246e761dcfc1e4b930fc4ae2f fb1e8c42d11e3a2de97814e451ee3375 d5fa43be20aa94baf1737289c5034e2235f1393890fb6f4e8d4104565be52d8c https://researchcenter.paloaltonetworks.com/2016/02/t9000-advanced-modular-backdoor-uses-complex-anti-analysis-techniques/
M18-2d301KONNI_834d3b0cMixed This strike sends a malware sample known as KONNI. This sample is a Remote Access Trojan that has many capabilities like taking screen shots, finding and executing files, and uploading files to a C2 server.834d3b0ce76b3f62ff87b7d6f2f9cc9b7a4c3bdcc2b7da50994b4c8ed1dc33512344868f 834d3b0ce76b3f62ff87b7d6f2f9cc9b df2ea575168063c53454b5f07f2741d728276309049a5b8906948cbc653fea71 https://www.fortinet.com/blog/threat-research/a-quick-look-at-a-new-konni-rat-variant.html
M18-o9v01CobInt_bf97e090Windows This strike sends a malware sample known as CobInt. This sample has been associated with the CobInt downloader malware. The malware is modular and contains three stages the initial downloader, the main component itself, and various additional modules that are often associated with modular malware functionality.bf97e09016e5e6a65968933f94d10a1de0bf3066f06fef0cc7aff20b6dc3655a40354e64 bf97e09016e5e6a65968933f94d10a1d 8263e0db727be2660f66e2e692b671996c334400d83e94fc0355ec0949dce05c https://www.proofpoint.com/us/threat-insight/post/new-modular-downloaders-fingerprint-systems-part-3-cobint
M18-t1m01GreyEnergy_7a7103a5Windows This strike sends a malware sample known as GreyEnergy. This sample is part of the GreyEnergy malware family that drops a lightweight first-stage backdoor to compromise the victim. Attackers then map the network and collect passwords to elevate their privileges. This malware also tries to employ stealthy C2 communication by getting the internal servers to proxy C2 requests from nodes inside the network to an external C2 server.7a7103a5fc1cf7c4b6eef1a6935554b794f445b65bf9a0ab134fad2aaad70779eafd9288 7a7103a5fc1cf7c4b6eef1a6935554b7 6c52a5850a57bea43a0a52ff0e2d2179653b97ae5406e884aee63e1cf340f58b https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/ https://www.welivesecurity.com/wp-content/uploads/2018/10/ESET_GreyEnergy.pdf
M18-33s01GreyEnergy_73676711Windows This strike sends a malware sample known as GreyEnergy. This sample is part of the GreyEnergy malware family that drops a lightweight first-stage backdoor to compromise the victim. Attackers then map the network and collect passwords to elevate their privileges. This malware also tries to employ stealthy C2 communication by getting the internal servers to proxy C2 requests from nodes inside the network to an external C2 server.73676711f838906a9a64e6528e0481f651309371673acd310f327a10476f707eb914e255 73676711f838906a9a64e6528e0481f6 d4e97a18be820a1a3af639c9bca21c5f85a3f49a37275b37fd012faeffcb7c4a https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/ https://www.welivesecurity.com/wp-content/uploads/2018/10/ESET_GreyEnergy.pdf
M18-op701RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.2a1da7e17edaefc0468dbf25a0f60390b942e3e6fe7634e3fdbbef1399e493338c6ef8dd 2a1da7e17edaefc0468dbf25a0f60390 4cfeb0169a27990ef25ea453ec31268f7885e025783898e97543cb98e2e26121 https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-bjq01GreyEnergy_6ede63d6Windows This strike sends a malware sample known as GreyEnergy. This sample is part of the GreyEnergy malware family that drops a lightweight first-stage backdoor to compromise the victim. Attackers then map the network and collect passwords to elevate their privileges. This malware also tries to employ stealthy C2 communication by getting the internal servers to proxy C2 requests from nodes inside the network to an external C2 server.6ede63d6f216affbb57a26200fd3160862e00701f62971311ef8e57f33f6a3ba8ed28bf7 6ede63d6f216affbb57a26200fd31608 b602ce32b7647705d68aedbaaf4485f1a68253f8f8132bd5d5f77284a6c2d8bb https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/ https://www.welivesecurity.com/wp-content/uploads/2018/10/ESET_GreyEnergy.pdf
M18-p3o01RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.6116dc0a59e4859a32caddaefda4dbf4ec972c1c92ed0afd11baf11eadca75767c4d2c26 6116dc0a59e4859a32caddaefda4dbf4 5b8b8336b2261371553c7f9e5fe7ebf49ca0d60a1962eb65b61ae02670e9e1da https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-02w02Ryuk_958c5949Windows This strike sends a malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance.958c594909933d4c82e93c22850194aad7c5fa9df1c79a7d0c178d0b7a2fe6d104d35278 958c594909933d4c82e93c22850194aa b8e463789a076b16a90d1aae73cea9d3880ac0ead1fd16587b8cd79e37a1a3d8 https://research.checkpoint.com/ryuk-ransomware-targeted-campaign-break/
M18-1d801NOKKI_a64a023fWindows This strike sends a malware sample known as NOKKI. This malware establishes persistence on the victim machine. It then establishes a connection to a C2 server. It will collect information from the target machine, and can drop and execute various payloads as well.a64a023f3fc62193699081b63753ff4fc87c0222550a4694f0c3836c53a3ecbee680f05a a64a023f3fc62193699081b63753ff4f c07bea0928a35b9292eebab32563378d01d95434d098e5c7c076e94866a14212
M18-2w501RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.bf5538df0688961ef6fccb5854883a2060221ed2f3fb7cb25b73f2412d5452e551b6d0d7 bf5538df0688961ef6fccb5854883a20 5cdda0a2f871f3d17c875fe8311829db913eece93082b1d5858d5442007fc636 https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-iu701ChachaDDos_10bd68a7Linux This strike sends a malware sample known as ChachaDDos. This malware establishes persistence during the first stage by adding itself to dhcprenew. Once this service is enabled it downloads and decrypts the second stage binary. Finally the malware performs the DDoS functionality through a TCP SYN attack.10bd68a7310b48a1129ee9e13918879656ac7c2c89350924e55ea89a1d9119a42902596e 10bd68a7310b48a1129ee9e139188796 4d23b0365cc2c63e82c4990e31abe5e91462a2f241722773f2be5e5cc0ec1e52 https://www.welivesecurity.com/2018/10/18/new-linux-chachaddos-malware-distributed-servers-vestacp-installed/
M18-trg01NOKKI_69ff4cbdMixed This strike sends a malware sample known as NOKKI. This malware establishes persistence on the victim machine. It then establishes a connection to a C2 server. It will collect information from the target machine, and can drop and execute various payloads as well.69ff4cbde674cb3d5d1ba16cf1be8dab03335660592b20b494956692cd4ca50d904e61f9 69ff4cbde674cb3d5d1ba16cf1be8dab d92c94423ec3d01ad584a74a38a2e817449648a4da3f12d345c611edc5c4cdbd
M18-qlk01RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.6d5f6065ec4112f1581732206539e72e584f4edac4d171cea9be54e59244a219fb10aeb0 6d5f6065ec4112f1581732206539e72e b8686ab7946a626ed31e2fdbb631ec6dd8d3b8f6c2c8eae40e938e6788563f88 https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-txe01CobInt_9270ac1eWindows This strike sends a malware sample known as CobInt. This sample has been associated with the CobInt downloader malware. The malware is modular and contains three stages the initial downloader, the main component itself, and various additional modules that are often associated with modular malware functionality.9270ac1e013a3b33c44666a66795d0c03c80c44d95cca6e94975e1c7b33281b2cdd3b9e5 9270ac1e013a3b33c44666a66795d0c0 dad7b4bfe0a1adc5ca04cd572f4e6979e64201d51d26472539c0241a76a50f28 https://www.proofpoint.com/us/threat-insight/post/new-modular-downloaders-fingerprint-systems-part-3-cobint
M18-vnd02Ryuk_86c314bcWindows This strike sends a malware sample known as Ryuk. This sample is a highly targeted ransomware attack that has infected numerous organizations world wide. The malware performs extensive network mapping, and hacking. Because it is targeted credential collection is required and takes place in advance.86c314bc2dc37ba84f7364acd5108c2bad20c6fac565f901c82a21b70f9739037eb54818 86c314bc2dc37ba84f7364acd5108c2b 9b86a50b36aea5cc4cb60573a3660cf799a9ec1f69a3d4572d3dc277361a0ad2 https://research.checkpoint.com/ryuk-ransomware-targeted-campaign-break/
M18-j1f01RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.6e1926d548ffac0f6cedfb4a4f49196efd1d8b3cfd7002986e26aa47a7fb7b1b69c438cb 6e1926d548ffac0f6cedfb4a4f49196e 9ef653326e0c5f7bbe84bf1d870d5c0ac7e6cc3ec857c5a76a3658c5599960cc https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-qsh01Marap_47205fbbMixed This strike sends a malware sample known as Marap. Marap is a modular downloader malware with a focus on downloading other modules and payloads. It has the ability to add functionality to itself over time due to its modular nature. For example it downloads a system fingerprinting module to allow the attacker to perform reconnaissance on the targeted machine.47205fbbb191dbcab606007fd7612ba7b5806f9c13a41ff3991789a0320519156875efe2 47205fbbb191dbcab606007fd7612ba7 bea0276c51bd6dbccb64110a8655fd623cbb9ebf6e0105c57f62e53e209361b6 https://www.proofpoint.com/us/threat-insight/post/new-modular-downloaders-fingerprint-systems-prepare-more-part-1-marap
M18-6ig01GreyEnergy_5f58059dWindows This strike sends a malware sample known as GreyEnergy. This sample is part of the GreyEnergy malware family that drops a lightweight first-stage backdoor to compromise the victim. Attackers then map the network and collect passwords to elevate their privileges. This malware also tries to employ stealthy C2 communication by getting the internal servers to proxy C2 requests from nodes inside the network to an external C2 server.5f58059d894e8aaf58b2da6be6f97aa8455d9eb9e11aa9af9717e0260a70611ff84ef900 5f58059d894e8aaf58b2da6be6f97aa8 dcade5e14c26c19e935b13d5170d74f99e75d3e4dba443db1dab8bea78745584 https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/ https://www.welivesecurity.com/wp-content/uploads/2018/10/ESET_GreyEnergy.pdf
M18-kmg01CobInt_61e3207aMixed This strike sends a malware sample known as CobInt. This sample has been associated with the CobInt downloader malware. The malware is modular and contains three stages the initial downloader, the main component itself, and various additional modules that are often associated with modular malware functionality.61e3207a3ea674c2ae012f44f2f5618bc565c95765c0493c2918ac0eff80f0a50284ac7b 61e3207a3ea674c2ae012f44f2f5618b 6ca3fc2924214dbf14ba63dde2edb1e5045a405c3370a624c1bb785f1dc0e8ff https://www.proofpoint.com/us/threat-insight/post/new-modular-downloaders-fingerprint-systems-part-3-cobint
M18-4fb01RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.9f94c34aae5c7d50bc0997d043df032b4f26a05a51260e6299b29f99de70be152a5db592 9f94c34aae5c7d50bc0997d043df032b cf623ae9585d3faff1b800274066165c3d03971a727316f4ccd22018bed37e48 https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-p4v01CobInt_a983d2aeMixed This strike sends a malware sample known as CobInt. This sample has been associated with the CobInt downloader malware. The malware is modular and contains three stages the initial downloader, the main component itself, and various additional modules that are often associated with modular malware functionality.a983d2ae308fc03f4548f4cab7d608b15827d71019f0570a432a2eec994a825e044f6e1d a983d2ae308fc03f4548f4cab7d608b1 9c0ddfcfb8d1e64332fa7420f690e65a6c4ecbeef6395f4c7645da51098962cc https://www.proofpoint.com/us/threat-insight/post/new-modular-downloaders-fingerprint-systems-part-3-cobint
M18-4eg01NOKKI_dee3f76eWindows This strike sends a malware sample known as NOKKI. This malware establishes persistence on the victim machine. It then establishes a connection to a C2 server. It will collect information from the target machine, and can drop and execute various payloads as well.dee3f76e4469f6ff00d1898db9abcbf3e0e5e375bc830aa19919b4f4f66c69726dde1c6e dee3f76e4469f6ff00d1898db9abcbf3 0d98ca35b29d2a9f7ca6908747c457ebdba999f0e83e182f770848e2335ade5b
M18-j7701ChachaDDos_798bd416Linux This strike sends a malware sample known as ChachaDDos. This malware establishes persistence during the first stage by adding itself to dhcprenew. Once this service is enabled it downloads and decrypts the second stage binary. Finally the malware performs the DDoS functionality through a TCP SYN attack.798bd416bf6bdd51842a340d749cd4870328fa49058e7c5a63b836026925385aac76b221 798bd416bf6bdd51842a340d749cd487 57078d489642e8b6e434a7b74a4393ef1178e5e2e17606807a759e8a42db6115 https://www.welivesecurity.com/2018/10/18/new-linux-chachaddos-malware-distributed-servers-vestacp-installed/
M18-zzd01RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.b7afa4b2dafb57886fc47a13558241998f18958778f9fce9910732c34c599f2bae750695 b7afa4b2dafb57886fc47a1355824199 f57abe6a7d78d2fcac660d2ddaa5ac98dae214ff9b071dde3221b443c723341a https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/
M18-vu701RoamingAndroid This strike sends a malware sample known as Roaming Mantis. This sample uses DNS hijacking to infect Android mobile devices. Originally the malware was located in Asia, but has since spread geographically with landing pages and APK files support 27 various languages throughout Europe and the Middle Eastern countries.e56cccd689a9e354cb539bb069733a43b3f652b1f6cdc46275215e380ea7e41e165a98a6 e56cccd689a9e354cb539bb069733a43 e3be552101422f3a7ea6ae664c1ac3e5e8d58c186499ca277eb6748da6b6cece https://securelist.com/roaming-mantis-dabbles-in-mining-and-phishing-multilingually/85607/

Malware Strikes September - 2018

Back to top
Strike ID Malware Platform Info MD5 External References
M18-y9k01Bredolab_d6f6a54aWindows This strike sends a malware sample known as Bredolab. This sample is a Remote Access Trojan that downloads and distributes other malware.d6f6a54a86f42ebf754cf64ff768a217b297be66731faf4df5c57b61ffdd881a72595067 d6f6a54a86f42ebf754cf64ff768a217 f80624e00b65c0560fd5da5834e4539740d7ac19872c10389dfbee7b1d46cefa https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-e3b01Generickdz_25bb374aWindows This strike sends a malware sample known as Generickdz. This sample is a Delphi application that wraps malware. It evades detection by using process hollowing and employs persistence through an autostart Windows registry key.25bb374a31b2125341cdc8429c3145669297c277bab8bf3b4ed333ae39021457d63a457a 25bb374a31b2125341cdc8429c314566 2b56221522af3985b09d9ddce4c064a6b157c82698795645a6f5113a177558ff https://blog.talosintelligence.com/2018/09/threat-roundup-0831-0907.html
M18-sck01Bredolab_ab2a49baWindows This strike sends a malware sample known as Bredolab. This sample is a Remote Access Trojan that downloads and distributes other malware.ab2a49ba7717a418750864e888e7e856f033b3f83ad704a702b465a2ba6939cd88a47f09 ab2a49ba7717a418750864e888e7e856 e5fce427ec167c53e5b34873596a72ce348a02d578d0951fa22d59b590dd0ebb https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-d1q01DarkKomet_86657108Windows This strike sends a malware sample known as DarkKomet. This sample is a Remote Access Tool that contains many malicious features found in malware trojans like keylogging, webcam access, microphone access, and remote desktop.866571086c6ec22e618ebf24ce092e061689484ec1d70ea41008afe0c7e0131dd98fedbf 866571086c6ec22e618ebf24ce092e06 169fe2cad2ab1c592d1e573f4d8d108d1cb842219a1078cfd0bb82cb4419f66d https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-6tg01Weecnaw_e1f5ef9eWindows This strike sends a malware sample known as Weecnaw. This malicious sample also goes by the name Razy. The trojan steals information from the host machine, formats and encrypts the data, and then exfiltrates it to a C2 server.e1f5ef9ed615faf9edba119eb9593ea528e6d7e3f275930c73fb458c7107e5bf09b8fc5d e1f5ef9ed615faf9edba119eb9593ea5 00e3f5ffeb38495cefce0f1c9522743764adf1ee6ce51b91c9c4726726562a12 https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html
M18-y9601Generickdz_0674b8afWindows This strike sends a malware sample known as Generickdz. This sample is a Delphi application that wraps malware. It evades detection by using process hollowing and employs persistence through an autostart Windows registry key.0674b8af14a86ba12ec7f98fabf3a4f889b08a5afcab84b7c0bfa8ae377307c7dd4892c1 0674b8af14a86ba12ec7f98fabf3a4f8 2a45c9616dd0518b91c14c6ace489938010886acc7a9dd9a0c3280717fc8d76b https://blog.talosintelligence.com/2018/09/threat-roundup-0831-0907.html
M18-jsh01DarkKomet_4a7dfe36Windows This strike sends a malware sample known as DarkKomet. This sample is a Remote Access Tool that contains many malicious features found in malware trojans like keylogging, webcam access, microphone access, and remote desktop.4a7dfe36d914551d5e1cc5c56db5152c79d4b2bd221d3a3a5585a8198a8d65c7a51e915b 4a7dfe36d914551d5e1cc5c56db5152c 1992cad7397af3479dfd7945ff7d12c0abcee4311f043b026eb41172898b1a7d https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-zti01Weecnaw_cc15b8bfWindows This strike sends a malware sample known as Weecnaw. This malicious sample also goes by the name Razy. The trojan steals information from the host machine, formats and encrypts the data, and then exfiltrates it to a C2 server.cc15b8bfd7256fa46465387efd53ab516093cbc9cab0ec44e0023d7dbad43db540c10988 cc15b8bfd7256fa46465387efd53ab51 035f91568ca2bad43ce3fde98a2ae0418821e5f558c62b919c786c3b07bc0fe2 https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html
M18-l4c01Generickdz_3d89c956Windows This strike sends a malware sample known as Generickdz. This sample is a Delphi application that wraps malware. It evades detection by using process hollowing and employs persistence through an autostart Windows registry key.3d89c956db8b10c914c4fd9ebbbf63d995184e995e93b8f4e08d807022285f2cab514728 3d89c956db8b10c914c4fd9ebbbf63d9 2b4b76c60b34230544419025df8bde3521435d2224e6b0953f5c9417068f6902 https://blog.talosintelligence.com/2018/09/threat-roundup-0831-0907.html
M18-2so01Gamarue_44c8514cWindows This strike sends a malware sample known as Gamarue. This sample is a botnet that is used to spread other malware, and siphon sensitive information from the target machine.44c8514cfdab775cddcefac5a67d874ccb5090f4ee7b647341fde5af4253963566c96b6e 44c8514cfdab775cddcefac5a67d874c 2528df691ef2db7f155edf988ad14cf4a60bdd78725ef482731f798ee9bbf22b https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-cmy01Weecnaw_d36e4005Windows This strike sends a malware sample known as Weecnaw. This malicious sample also goes by the name Razy. The trojan steals information from the host machine, formats and encrypts the data, and then exfiltrates it to a C2 server.d36e40057084b2fffc155f2eb5a7f8881910c8601ea5e0966909a87e8fd03f0e9bcd4fd9 d36e40057084b2fffc155f2eb5a7f888 0f4fc18209bbb1d979cb504b807142e1a24aa8ee831e33ce8825a5bd350096fa https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html
M18-i1001DarkKomet_f4f328feWindows This strike sends a malware sample known as DarkKomet. This sample is a Remote Access Tool that contains many malicious features found in malware trojans like keylogging, webcam access, microphone access, and remote desktop.f4f328fe42784de7f4482100b8da1064fbb874edd1c5ffcdb4100ba87162d8a7aa049c8a f4f328fe42784de7f4482100b8da1064 276e71bebd8336e347e3ed2cbe2787a1de99cefa706af48feeccf3395e3219a3 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-nh401Powload_922b3bb1Mixed This strike sends a malware sample known as Powload. This sample is a malicious document that uses PowerShell to download malware. It has recently been associated with distributing the Emotet malware.922b3bb1161ce11b756c7147b20609292ed13e749fa35727b66ef7d12266b0c6bc974836 922b3bb1161ce11b756c7147b2060929 bbb2a93d92cdef6cdfb04e8cfb0cb911b07190e3db8aa1a32c93326a8fdb90fc https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-nnp01Gamarue_4d94576cWindows This strike sends a malware sample known as Gamarue. This sample is a botnet that is used to spread other malware, and siphon sensitive information from the target machine.4d94576cdf1c060b6147d88bc438ec64b09269028fa0b095afbedbc87a44768b5a29a6d7 4d94576cdf1c060b6147d88bc438ec64 3a3a6db3d266830cd471cbb84d1707e915bf3ffbe54b84abff5ee703d91e6485 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-2w901DarkKomet_a6b5a807Windows This strike sends a malware sample known as DarkKomet. This sample is a Remote Access Tool that contains many malicious features found in malware trojans like keylogging, webcam access, microphone access, and remote desktop.a6b5a80752b960222f2ff43c9d21bee3579c3f19890937f9beeb562ce0370cfef8b01357 a6b5a80752b960222f2ff43c9d21bee3 1a05832ebb6c608346f01306db48b0afd4e571b06d9a7c5c2845d7aed1f7d207 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-g5h01Weecnaw_bd0443f7Windows This strike sends a malware sample known as Weecnaw. This malicious sample also goes by the name Razy. The trojan steals information from the host machine, formats and encrypts the data, and then exfiltrates it to a C2 server.bd0443f74ebcb90701997839083f8f132fcd80147aba827771e7c2cfd9bf4f236db55e7e bd0443f74ebcb90701997839083f8f13 055865fb005e3969e6d9e7feba2e81a8bedbe3048bf2a9cd3a9fbfe8ea6076e5 https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html
M18-4av01Hploki_2729bedbWindows This strike sends a malware sample known as Hploki. This malicious sample steals credentials from various user applications like Firefox and Outlook.2729bedba0c3a79c57a0ee2acba0cf9b6392bff2cd73d95a769788c1578e21e5913f6cb0 2729bedba0c3a79c57a0ee2acba0cf9b 566404b1f32cdf120c82cff12ade5b6ec91056a5058fe76a91d2967973aeb2fa https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-qs001Generickdz_ceb61868Windows This strike sends a malware sample known as Generickdz. This sample is a Delphi application that wraps malware. It evades detection by using process hollowing and employs persistence through an autostart Windows registry key.ceb61868b3ab82afa07c4be2e9c5739af2d00f36d261a7c1e1d75ff311a6d14d553b3c38 ceb61868b3ab82afa07c4be2e9c5739a 1157af4bb297bce9c745c387cd66ac19ae4d9f7ee4b5e7a63a6af74defdd389d https://blog.talosintelligence.com/2018/09/threat-roundup-0831-0907.html
M18-ocr01Weecnaw_6baca7a5Windows This strike sends a malware sample known as Weecnaw. This malicious sample also goes by the name Razy. The trojan steals information from the host machine, formats and encrypts the data, and then exfiltrates it to a C2 server.6baca7a58f335785eebaeb4116e0d2d19b1049cbf696b430e3f1c0b9c05c1a5b7d54f1db 6baca7a58f335785eebaeb4116e0d2d1 1bb84d812e0863ce21398678bf8facfe6864a33237d67d3416fbcab73226bdbe https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html
M18-edr02Weecnaw_a845adc1Windows This strike sends a malware sample known as Weecnaw. This malicious sample also goes by the name Razy. The trojan steals information from the host machine, formats and encrypts the data, and then exfiltrates it to a C2 server.a845adc19b0d3ae1775e1e128409ce321197aefa918121b924fc4dff2547d6e56d441598 a845adc19b0d3ae1775e1e128409ce32 2e7e5b2ac10a3591ab570028b6a230d51f117e1842b6d11f56499785c6faa1c6 https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html
M18-7py02Weecnaw_7021eb7cWindows This strike sends a malware sample known as Weecnaw. This malicious sample also goes by the name Razy. The trojan steals information from the host machine, formats and encrypts the data, and then exfiltrates it to a C2 server.7021eb7cb4ac305ed4ca78661d0e4fdc356706ecc38b84aadcd5e7096269471e0c6baae9 7021eb7cb4ac305ed4ca78661d0e4fdc 0a032738a8ffc58b6cdce62ef209b247e008f597b6955d87da71e1654da970ef https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html
M18-vqf01Gamarue_ae6c460dWindows This strike sends a malware sample known as Gamarue. This sample is a botnet that is used to spread other malware, and siphon sensitive information from the target machine.ae6c460dfc74d3dc113ceb8d466c53a350e68e7d329900ee82d69cc9da11ae06647ec774 ae6c460dfc74d3dc113ceb8d466c53a3 388a47dd46aa9d35c2875e687594bd053484d6380f8929d175cb6d4b6b293dcf https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-rdo01Powload_fbd6b23bMixed This strike sends a malware sample known as Powload. This sample is a malicious document that uses PowerShell to download malware. It has recently been associated with distributing the Emotet malware.fbd6b23b2a96153f66c12a874bec3dd2e720d64f9445a44e329e88865205e6a11edb825c fbd6b23b2a96153f66c12a874bec3dd2 c5ba355f641c33f9197bc6b2fa35e6354ed55e98f476c1fe6dd7a68a07a79016 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-cre01DarkKomet_9f94b421Windows This strike sends a malware sample known as DarkKomet. This sample is a Remote Access Tool that contains many malicious features found in malware trojans like keylogging, webcam access, microphone access, and remote desktop.9f94b4217a923e81c7c04efad5465c733749a5cfd38503b5206cbd0149f82d919d591ae0 9f94b4217a923e81c7c04efad5465c73 1119d8e1bdd4bdf582a4d8047835bdd5f1fa2bc0f5f39f7e9ddc6421ffd9feb4 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-9gf01Hploki_b42e32eeWindows This strike sends a malware sample known as Hploki. This malicious sample steals credentials from various user applications like Firefox and Outlook.b42e32eed76906dd395bdb97c8f740be1950cb87c4817f6625892dc16f03429661574603 b42e32eed76906dd395bdb97c8f740be 1f1a8c28d686b8cea19181f2a54794a4d208c606f9fd0c2e5b5b29609d9d5948 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-44c01Bredolab_f73c3c3cWindows This strike sends a malware sample known as Bredolab. This sample is a Remote Access Trojan that downloads and distributes other malware.f73c3c3c4bc98eca15a2ed092770069f8e817a04717b79554996ab56084d1a0b3d919446 f73c3c3c4bc98eca15a2ed092770069f cb397ef75dbf1a3cd2269e209dfb70d1a1910ca2a437d010b2c0a11a3a9dd740 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-w7b01Hploki_01427e57Windows This strike sends a malware sample known as Hploki. This malicious sample steals credentials from various user applications like Firefox and Outlook.01427e57318094875d1991a331baaa052e43286950dd0f18ca66a2d125725ad4130215b4 01427e57318094875d1991a331baaa05 394196bc5702741978c1473d0ed835197341a2a30da48130764429fd717f1e74 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-dfm01Weecnaw_464ef346Windows This strike sends a malware sample known as Weecnaw. This malicious sample also goes by the name Razy. The trojan steals information from the host machine, formats and encrypts the data, and then exfiltrates it to a C2 server.464ef3468562629b5830f8d5dbc955e3ba46bc641c9a0324d51675520dc1bf224b3ecc4d 464ef3468562629b5830f8d5dbc955e3 01a7bdfdc6502db6bd237fcbc64596d8f76052e942c2c87e897f1ae786b7cac2 https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html
M18-umo01Powload_ec2f71d8Mixed This strike sends a malware sample known as Powload. This sample is a malicious document that uses PowerShell to download malware. It has recently been associated with distributing the Emotet malware.ec2f71d89bd414d1779891b4e0db3cac5c3b353439488a37a9d74f6257111eae3b3384bf ec2f71d89bd414d1779891b4e0db3cac 81ea956fa6739a15975cd95abdb1a7986a7d664dfaa53cbe271a7b5fd1036edb https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-zki01Gamarue_b6060c04Windows This strike sends a malware sample known as Gamarue. This sample is a botnet that is used to spread other malware, and siphon sensitive information from the target machine.b6060c04745041860e467395a9379f3386f06d1599d408bb6c8df5e21f40f42064662b76 b6060c04745041860e467395a9379f33 4be4c1d3f17092537cbb850c669ec2ef939ca70888b5e8aa334f087833b2e58e https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-tx201Generickdz_a39b1cc8Windows This strike sends a malware sample known as Generickdz. This sample is a Delphi application that wraps malware. It evades detection by using process hollowing and employs persistence through an autostart Windows registry key.a39b1cc8571b264f7b84271ee89b68a4153a8522c5871f21fa7bdff306ceed1337483fad a39b1cc8571b264f7b84271ee89b68a4 36b321fd86f75d186e978708789000e45a2a38e436e862c0814524aff5832a8c https://blog.talosintelligence.com/2018/09/threat-roundup-0831-0907.html
M18-0dp01Gamarue_878a1ed4Windows This strike sends a malware sample known as Gamarue. This sample is a botnet that is used to spread other malware, and siphon sensitive information from the target machine.878a1ed40a1711fa8dd6928f62bdb41f5493d5b8f6555c5be408bfc5572bb4eab6448b3e 878a1ed40a1711fa8dd6928f62bdb41f 62025cd8f7561c4bb148c158b34a7dfa4c167847e6ad1079cd923e9edc759b4a https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-n3f01Hploki_67e7886fWindows This strike sends a malware sample known as Hploki. This malicious sample steals credentials from various user applications like Firefox and Outlook.67e7886fa231dba18158431ca43a39e7194afe51bfe6072a57c7792a48993b7bed04a50c 67e7886fa231dba18158431ca43a39e7 03b77bb507d1625cba273a703d337218eca7acbf7432df38e9318715deb0ae61 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-mn301Weecnaw_237453eaWindows This strike sends a malware sample known as Weecnaw. This malicious sample also goes by the name Razy. The trojan steals information from the host machine, formats and encrypts the data, and then exfiltrates it to a C2 server.237453eaca5905405efe50fc1cf206f30910cccfd536d3361f8e5c4198c64c822d07efcc 237453eaca5905405efe50fc1cf206f3 2f0184defca0e2583f65e1e6d244a9e3cef8e3c83d02282ef797d97ee784869d https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html
M18-wie01DarkKomet_d394abaaWindows This strike sends a malware sample known as DarkKomet. This sample is a Remote Access Tool that contains many malicious features found in malware trojans like keylogging, webcam access, microphone access, and remote desktop.d394abaac1cd38ec26c68e06c2972e86b8bd020161bc56d78db3753035ec6dbe2270af23 d394abaac1cd38ec26c68e06c2972e86 0c03079c94b8d104f8056011b896e388166697bae717de5a4fa31f4638e9381f https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-a9a01Weecnaw_751cd520Windows This strike sends a malware sample known as Weecnaw. This malicious sample also goes by the name Razy. The trojan steals information from the host machine, formats and encrypts the data, and then exfiltrates it to a C2 server.751cd5204353086ef5d8027a8957ec50c265523028495dfa45e5ab2bfeac72b174754cbd 751cd5204353086ef5d8027a8957ec50 1cb1870d583bef0aa1dbb99b30f0819b7490855786a85c5969be925b2719c6be https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html
M18-ysy01Hploki_54e7a2b0Windows This strike sends a malware sample known as Hploki. This malicious sample steals credentials from various user applications like Firefox and Outlook.54e7a2b0ed7bf649780ee680ef04efc96d0fea56e7e62ba7bed322b8209137577536429e 54e7a2b0ed7bf649780ee680ef04efc9 62ffb7c248775b8e6c7f64a093377de2d54c6050063c73486ed3621824068a97 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-nwn02Gamarue_7b5a15b7Windows This strike sends a malware sample known as Gamarue. This sample is a botnet that is used to spread other malware, and siphon sensitive information from the target machine.7b5a15b7d788c68d5f314eda80b12e342b9bc70327670fc41d123d9856a59981a46d9bf8 7b5a15b7d788c68d5f314eda80b12e34 bb54543651b5e69454f4ec905a7edcfb0c16d9ab6a145d8afd100056bfbd84c9 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-u5o01Bredolab_784b2bf8Windows This strike sends a malware sample known as Bredolab. This sample is a Remote Access Trojan that downloads and distributes other malware.784b2bf877386c5e7b52b3e8da2cf44a4ee8f903969e959aa2d9c0908ecf02dc30d205ae 784b2bf877386c5e7b52b3e8da2cf44a 5db46724856b56cd131601c4e5c39e006c47408b9a5be64fd8d7a8126e402607 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-mwl01Weecnaw_aa4844a7Windows This strike sends a malware sample known as Weecnaw. This malicious sample also goes by the name Razy. The trojan steals information from the host machine, formats and encrypts the data, and then exfiltrates it to a C2 server.aa4844a70b9171c1656224a073c5931499e1d1d51d8f6d0bbf1314cc004031d5e5fb813a aa4844a70b9171c1656224a073c59314 0afde5386ca8587bca67577727f02c3e71b883b7b5fc72e25a0d542f6c5819c8 https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html
M18-xe101Bredolab_efdd172cWindows This strike sends a malware sample known as Bredolab. This sample is a Remote Access Trojan that downloads and distributes other malware.efdd172c51f6a6f61aaa45e9729120d93d5ff956ab5359b7e0c5083d42443578fc1d2d7f efdd172c51f6a6f61aaa45e9729120d9 987b509f8ac3f8cf96c5ea2060b1d6026e3ead908168728bd602f00f4a4b73ff https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-ol801Weecnaw_fa16c395Windows This strike sends a malware sample known as Weecnaw. This malicious sample also goes by the name Razy. The trojan steals information from the host machine, formats and encrypts the data, and then exfiltrates it to a C2 server.fa16c395fe3ca06417f14c96eb6a7931280ec0a69ec1748a1f9f81c7f62980892d757fd8 fa16c395fe3ca06417f14c96eb6a7931 081fbe8f1c01676f9765ff7742b5d348433e2fd073136355100fe9f054140e6a https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html
M18-teo01Gamarue_6a0e6070Windows This strike sends a malware sample known as Gamarue. This sample is a botnet that is used to spread other malware, and siphon sensitive information from the target machine.6a0e6070cd56b73a8538a039c08ba774be7ac24be0c12aa6134c0e7efbfbac0951f47ca1 6a0e6070cd56b73a8538a039c08ba774 c9504878e0f9a6730f2f218b92c458d3e982a78883b601dfba704b724d539e73 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-ctw01Generickdz_dcbc5e9dWindows This strike sends a malware sample known as Generickdz. This sample is a Delphi application that wraps malware. It evades detection by using process hollowing and employs persistence through an autostart Windows registry key.dcbc5e9d33719bd437cc649530bfc1ee2b42fc43866603cafdb7db862a822e12dd412d4f dcbc5e9d33719bd437cc649530bfc1ee 02acbf303617a6661d7f4e994e70508bfd22664452bf27a40af78d7d6e811a1c https://blog.talosintelligence.com/2018/09/threat-roundup-0831-0907.html
M18-of301Powload_ef6c0024Mixed This strike sends a malware sample known as Powload. This sample is a malicious document that uses PowerShell to download malware. It has recently been associated with distributing the Emotet malware.ef6c0024789a954b679f7fd9f842dd2a22c7962b7c39b1320e59c0d12a7f7ef487835ba5 ef6c0024789a954b679f7fd9f842dd2a a1b3e7b6b3330198ca2cbc5dd8f9a8fc6f7255680629f27c00f552b3982e8770 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-fnd01Weecnaw_530bb656Windows This strike sends a malware sample known as Weecnaw. This malicious sample also goes by the name Razy. The trojan steals information from the host machine, formats and encrypts the data, and then exfiltrates it to a C2 server.530bb6565f24112710a4a51adb1fa1d7ad9ad907407f95b7c08e578fd3b8b64288caaf8c 530bb6565f24112710a4a51adb1fa1d7 063e213ee0ecae95132a3cea557203b782de3c63b753fbd405ed670e83fbf573 https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html
M18-m7501Weecnaw_d032df1fWindows This strike sends a malware sample known as Weecnaw. This malicious sample also goes by the name Razy. The trojan steals information from the host machine, formats and encrypts the data, and then exfiltrates it to a C2 server.d032df1f786f9a5cf62043e1dab9e456a8aec02993ec5ce306d8ee40f4086ea6b37fdc7c d032df1f786f9a5cf62043e1dab9e456 2af2ef163e2035d3503ac8af23ffe8be8ca286dbf9c96aac6c8cebb61e9551c1 https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html
M18-slo01Hploki_f8134cdcWindows This strike sends a malware sample known as Hploki. This malicious sample steals credentials from various user applications like Firefox and Outlook.f8134cdc1182d145fa1c6690b076392e7e9edfc59db8c78e8595b17c63fcc0dd7d6c3abf f8134cdc1182d145fa1c6690b076392e 029a61486c99ab399ea8d1d44f7fcec56160651af33261d6bc024e4179d328e4 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-ug601Generickdz_b99e79fdWindows This strike sends a malware sample known as Generickdz. This sample is a Delphi application that wraps malware. It evades detection by using process hollowing and employs persistence through an autostart Windows registry key.b99e79fd37b2f2e9d9c9540cbed0d925cfecefd971b607c2745e5779f734586ec0318f94 b99e79fd37b2f2e9d9c9540cbed0d925 2f62e170384a7960dd937d2242734fd3eddef43ebed31d57d51d69d0eb5ea376 https://blog.talosintelligence.com/2018/09/threat-roundup-0831-0907.html
M18-o5001Gamarue_9b997bc5Windows This strike sends a malware sample known as Gamarue. This sample is a botnet that is used to spread other malware, and siphon sensitive information from the target machine.9b997bc561813aa401b5a71ad692e2d68c37f697ef2c1c9fe6e5b569aa3f17982091a6ff 9b997bc561813aa401b5a71ad692e2d6 2e9a6106bf248abadc1d1cca31ea98f49b4b7c790d321ad728c12710ae3dfa16 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-ge601Powload_2dbd5ffcMixed This strike sends a malware sample known as Powload. This sample is a malicious document that uses PowerShell to download malware. It has recently been associated with distributing the Emotet malware.2dbd5ffc3d29f05aedad60f94779666a6afdb2fc888a938ccaff46ab0d1c14cb17b5aacb 2dbd5ffc3d29f05aedad60f94779666a ad5fd15f99eedfc43bf9e402569511388e7308bb548b36f2ff3180678c166991 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-nfv01Weecnaw_39d448aeWindows This strike sends a malware sample known as Weecnaw. This malicious sample also goes by the name Razy. The trojan steals information from the host machine, formats and encrypts the data, and then exfiltrates it to a C2 server.39d448aebf9333cfa5a3f976ddac500d0758996c5708dc0421fe1fdd38bf20262bc7935a 39d448aebf9333cfa5a3f976ddac500d 1343648c8b4748294191cfdca4b4881a57cee96db4051530c514e7c56e1152e3 https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html
M18-uic01DarkKomet_40d7787bWindows This strike sends a malware sample known as DarkKomet. This sample is a Remote Access Tool that contains many malicious features found in malware trojans like keylogging, webcam access, microphone access, and remote desktop.40d7787b43f331d17fd419ea9e46764f726a3934d057740fc41aff47a93485e3bda60c58 40d7787b43f331d17fd419ea9e46764f 0a00f60a8af2d9f32a08376c10f7f624438494aa9213f81f395b3d8f3a1eb65a https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-3st01Bredolab_dfed38d7Windows This strike sends a malware sample known as Bredolab. This sample is a Remote Access Trojan that downloads and distributes other malware.dfed38d73b0fe2488b3624c5714dcb064d8c3b3dc3a916006699e8a571823761ccda6f95 dfed38d73b0fe2488b3624c5714dcb06 48180ade1a05ee5c2110ee4c71754da73383cd4819289c6c091d519855f1627f https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-in901DarkKomet_328fbe5fWindows This strike sends a malware sample known as DarkKomet. This sample is a Remote Access Tool that contains many malicious features found in malware trojans like keylogging, webcam access, microphone access, and remote desktop.328fbe5f06b50ac59db3b441132e30cd668842412b9d5422001139420e7d0e136c2c927c 328fbe5f06b50ac59db3b441132e30cd 1ca18752e5cb2d58ee1de63b9402993558560eff0592930b281a083d1a635f17 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-hoh01Bredolab_216bd325Windows This strike sends a malware sample known as Bredolab. This sample is a Remote Access Trojan that downloads and distributes other malware.216bd325e1b2f7fee671ad7a3dd84d4a402301e7274f2bcd11d56ac326a413fc33dad6db 216bd325e1b2f7fee671ad7a3dd84d4a bcc49772a1699a5f2858f85f098fabc1adcd8ebb8834d806ddb23509c83c5e4a https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-vvt01Hploki_4c44f351Windows This strike sends a malware sample known as Hploki. This malicious sample steals credentials from various user applications like Firefox and Outlook.4c44f35161fa16c4f325842a0ef98fc0b4a2efb13c7b4c610a9154b5cf6bf9ae636883bb 4c44f35161fa16c4f325842a0ef98fc0 3b5fe513e2178928fb5f4c07da4cd6e85572332353119c78f276b1aa02008823 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-onp01Bredolab_6feb6816Windows This strike sends a malware sample known as Bredolab. This sample is a Remote Access Trojan that downloads and distributes other malware.6feb6816a52aba50e7608b4e267eaa41da27e2970dd115e6c016df8d64afd2e12c13738f 6feb6816a52aba50e7608b4e267eaa41 87e20d484f20fe2e21152d74f8a8cbd145c2bfbd501932c23d7be394cf1801e5 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-jiw02Hploki_0ff9db79Windows This strike sends a malware sample known as Hploki. This malicious sample steals credentials from various user applications like Firefox and Outlook.0ff9db794bb8b64380feb013802c55e8cdfd073b9a97a74fa44b18a88d960beba4ecd4bd 0ff9db794bb8b64380feb013802c55e8 277ad7f890bbfae3a0e8f24d8fbac51963f4bb161487c095b3f951dc1e0034af https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-74i01Hploki_531b6fe0Windows This strike sends a malware sample known as Hploki. This malicious sample steals credentials from various user applications like Firefox and Outlook.531b6fe0109cf3e30037e53d32303517db7f2d0bfe994b1207b4bb1e4b15926a91edb74d 531b6fe0109cf3e30037e53d32303517 539e2b5fcac0cb124b8963df5eb05a9f4246963b7d4b5dd7d1beb10785fffa99 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-u7x01Bredolab_db11bdbdWindows This strike sends a malware sample known as Bredolab. This sample is a Remote Access Trojan that downloads and distributes other malware.db11bdbd184a0f233875b76978b6195b11dab80c048d85cb00b6c09c5d87554c9310ee41 db11bdbd184a0f233875b76978b6195b 56cc8bd6718775c3b9de1bf381824d1bdc9a15b6b9c9e056e2ed3d93c6e731ec https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-d2l01Hploki_81d201d4Windows This strike sends a malware sample known as Hploki. This malicious sample steals credentials from various user applications like Firefox and Outlook.81d201d439e0d0b6bd03b16ac45532c70e6ca32052b135408605edb6fdf1ae234cfd49de 81d201d439e0d0b6bd03b16ac45532c7 69b312c7ac1509ee9789fb516d6b1d57d1634e5da9831b31f804a3685bf40ed5 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-fo101Bredolab_7afaed36Windows This strike sends a malware sample known as Bredolab. This sample is a Remote Access Trojan that downloads and distributes other malware.7afaed3638aefaaa10cd4cc6fc57515ad03d07e0a11f35f6ed7e7caaff4652829505c952 7afaed3638aefaaa10cd4cc6fc57515a e1feb2a427d5f5e40e3b9840f4f1795bb775e1bfbcf0f4d4f7df8a09a4ab0cff https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-acq01DarkKomet_5a770d2cWindows This strike sends a malware sample known as DarkKomet. This sample is a Remote Access Tool that contains many malicious features found in malware trojans like keylogging, webcam access, microphone access, and remote desktop.5a770d2c17022ddacc8425da509bff039604d14c778452342b7e6b8b776cce59a8d3ac05 5a770d2c17022ddacc8425da509bff03 03c483310dd297d66e6d5a6638267688b056a5d5b21b667bba8b7a9ab664889c https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-3im01Hploki_75d23888Windows This strike sends a malware sample known as Hploki. This malicious sample steals credentials from various user applications like Firefox and Outlook.75d23888acd8ad3f3fde5c7c54445921d60bfb01264a031616e0a36c806d3ae741d63561 75d23888acd8ad3f3fde5c7c54445921 32ed5c60cffc9e7b5fe7d740232fdacbd31129e5109fc9db7ff84bb4c07d7898 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-55a01DarkKomet_481a08a1Windows This strike sends a malware sample known as DarkKomet. This sample is a Remote Access Tool that contains many malicious features found in malware trojans like keylogging, webcam access, microphone access, and remote desktop.481a08a1c94ead201079ee95aaf01ccb9286f01897de6730242382e5f7c03472b0753790 481a08a1c94ead201079ee95aaf01ccb 28252e1df5f42535c404992c9e65c6c165c938d0c7d9e7062ce06ee4ba42cbb5 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-hlr01DarkKomet_ba204095Windows This strike sends a malware sample known as DarkKomet. This sample is a Remote Access Tool that contains many malicious features found in malware trojans like keylogging, webcam access, microphone access, and remote desktop.ba2040955519eff2180e1da5dfb2b6b87237a42fc5f9ef70544dc50cb92f7a93cc7d2da2 ba2040955519eff2180e1da5dfb2b6b8 0d9d0c68de0c21b6c1a800ec3985a2986d88869eb334ab1c6dc0c5dc40119483 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-7wy02Gamarue_f4b49748Windows This strike sends a malware sample known as Gamarue. This sample is a botnet that is used to spread other malware, and siphon sensitive information from the target machine.f4b4974886e769c89d20198dac3c3575423f179083a9bd45c54176c903bd09f88ca596ee f4b4974886e769c89d20198dac3c3575 667d6a7d6e36821428d87cab4b4b22acf80e69d4393d7353ef200b0aadd40b39 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-hzp01Hploki_e5aec98bWindows This strike sends a malware sample known as Hploki. This malicious sample steals credentials from various user applications like Firefox and Outlook.e5aec98b1b6ae16af7af6c28b4b8b278b5c5fa7a34c8f27f4583110f0b286fe99c053942 e5aec98b1b6ae16af7af6c28b4b8b278 1316a3970c94e825d1d9369a02994c01c1d2f5f28495cb5d8938768c046a2d41 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-h3001Hploki_96343f05Windows This strike sends a malware sample known as Hploki. This malicious sample steals credentials from various user applications like Firefox and Outlook.96343f0513ca02078013087a65b1c5a318180a1ed2e95dedf5a76aea4320077c661d1616 96343f0513ca02078013087a65b1c5a3 69d061bace29d55f83505a2ab54ee4fce9cb5f56b8dd666b9dea53b7477adee5 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-f1k01Hploki_ecb72f33Windows This strike sends a malware sample known as Hploki. This malicious sample steals credentials from various user applications like Firefox and Outlook.ecb72f3386d32d2b680cf1f429861b2cbb97775dc235ce87b94d8cd178fe15a99c3b195f ecb72f3386d32d2b680cf1f429861b2c 52ccf4aea5e219eb6d7779f445ef381447eac605db64dc5ad3b28cb0b21f716e https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-08201DarkKomet_dc883d7bWindows This strike sends a malware sample known as DarkKomet. This sample is a Remote Access Tool that contains many malicious features found in malware trojans like keylogging, webcam access, microphone access, and remote desktop.dc883d7bc1437d6e465bb8579a295a2749dd9837f8d076020a4657ede7620d8cf0cfb297 dc883d7bc1437d6e465bb8579a295a27 1744294b2eea0b04f59090a13d0a03796498bc303cae65b04129652b8a5b8cd6 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-grz01DarkKomet_2ddb834fWindows This strike sends a malware sample known as DarkKomet. This sample is a Remote Access Tool that contains many malicious features found in malware trojans like keylogging, webcam access, microphone access, and remote desktop.2ddb834f91be1986f2ea0719366689995a213e706913516f977fafe5ced26c2cbad3fdec 2ddb834f91be1986f2ea071936668999 179f922f65f7437dc74ab133bd47f4d463cb703cf63dafc59ed4611eef7eb3ac https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-dcx02Generickdz_8b45b588Windows This strike sends a malware sample known as Generickdz. This sample is a Delphi application that wraps malware. It evades detection by using process hollowing and employs persistence through an autostart Windows registry key.8b45b5882e62dd1ea30d2442f919f5909e64a65a089931887af34a78b0e7acd40119e62b 8b45b5882e62dd1ea30d2442f919f590 00394f8ccd70206920aea6b84cbd14fbfbecd31b9bf7542673793a5c5a35707b https://blog.talosintelligence.com/2018/09/threat-roundup-0831-0907.html
M18-y7901Weecnaw_cff77c78Windows This strike sends a malware sample known as Weecnaw. This malicious sample also goes by the name Razy. The trojan steals information from the host machine, formats and encrypts the data, and then exfiltrates it to a C2 server.cff77c78c60d78f09dd2afadc6cc4fe775cdd2b53c020940dee7745f4b5d1038b23dfc05 cff77c78c60d78f09dd2afadc6cc4fe7 3276ac34b3c9f03cb9f1a259ed09043083e3adeaa82a41fc2dccfc51f20570c7 https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html
M18-5rd01Powload_559de518Mixed This strike sends a malware sample known as Powload. This sample is a malicious document that uses PowerShell to download malware. It has recently been associated with distributing the Emotet malware.559de518dac382e3f5c3d77803b104bd59596483ae090380b29e5d212728a5d990c47c39 559de518dac382e3f5c3d77803b104bd c47244459faff7e557ac79b4277b4b8b4bfb550f3d9dbf845af4f352976186c2 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-qvz01Generickdz_1243a82cWindows This strike sends a malware sample known as Generickdz. This sample is a Delphi application that wraps malware. It evades detection by using process hollowing and employs persistence through an autostart Windows registry key.1243a82cb0ace4c1f728113ade932741fe71735c9d41dfcdedc663163f60f84dde8d16f9 1243a82cb0ace4c1f728113ade932741 24a76b75a5d387f434a1f4e0f4cfc2aea7176b293ceb9a9511f0aa0c64191e28 https://blog.talosintelligence.com/2018/09/threat-roundup-0831-0907.html
M18-ryb01Gamarue_9e6f1f47Windows This strike sends a malware sample known as Gamarue. This sample is a botnet that is used to spread other malware, and siphon sensitive information from the target machine.9e6f1f47804a541144639ec6bab082074240f0b076d441b95c7953cbefed1ec684704675 9e6f1f47804a541144639ec6bab08207 2e8cf252b1308b94733b3bde811810bf6d4b6ad801cb25ddbe0864cfd2dec75f https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-mb801DarkKomet_2f3ebd80Windows This strike sends a malware sample known as DarkKomet. This sample is a Remote Access Tool that contains many malicious features found in malware trojans like keylogging, webcam access, microphone access, and remote desktop.2f3ebd8042ab4c85721574a8daa1ab93b759e9226886bc6f9743ae81991468b011d6b88b 2f3ebd8042ab4c85721574a8daa1ab93 1e2bffa2672a47cdbfd0dfd9f4a531ef5e1c654ee3c262fd21b4fb22630c032e https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-96701Generickdz_a04ad6eeWindows This strike sends a malware sample known as Generickdz. This sample is a Delphi application that wraps malware. It evades detection by using process hollowing and employs persistence through an autostart Windows registry key.a04ad6ee68b36da1315e5cccef0a7310ff6cef10b693be04cdd0a8b16569a34fc065cfe0 a04ad6ee68b36da1315e5cccef0a7310 29918b68f79c9fb878be4e91dbb81322684b93f0ae9e5743c94de962c7df21ef https://blog.talosintelligence.com/2018/09/threat-roundup-0831-0907.html
M18-e9601Generickdz_165c9f9aWindows This strike sends a malware sample known as Generickdz. This sample is a Delphi application that wraps malware. It evades detection by using process hollowing and employs persistence through an autostart Windows registry key.165c9f9a115b35cac2a504b589cd3e176e6c53ba6e1ff2977e258eb55884aa4d88740a9b 165c9f9a115b35cac2a504b589cd3e17 2c867c08a31b7dd9e4b5c82f16c13431e8a739b983b1e065d40d2768575e7676 https://blog.talosintelligence.com/2018/09/threat-roundup-0831-0907.html
M18-mqy01Generickdz_3df949eaWindows This strike sends a malware sample known as Generickdz. This sample is a Delphi application that wraps malware. It evades detection by using process hollowing and employs persistence through an autostart Windows registry key.3df949ea3a03d43c6a810e807227842c70981ffdeb50ad6591ee242e0dd1e792039a05b8 3df949ea3a03d43c6a810e807227842c 1d4c1dbf89ce24cc7716c9a71a9f8564b93777d715ef484b25fa81bb368c944f https://blog.talosintelligence.com/2018/09/threat-roundup-0831-0907.html
M18-xh301Hploki_f09c2434Windows This strike sends a malware sample known as Hploki. This malicious sample steals credentials from various user applications like Firefox and Outlook.f09c2434911562a6e2916a22cabffeeaaea678c0db5fafc96468bed18ec0189ff74a905c f09c2434911562a6e2916a22cabffeea 1f95c39e22609e5d6009de3caab9224f71efe03ffbbf8bdd1433c71546cb4ba4 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-oq901DarkKomet_b664ae81Windows This strike sends a malware sample known as DarkKomet. This sample is a Remote Access Tool that contains many malicious features found in malware trojans like keylogging, webcam access, microphone access, and remote desktop.b664ae8179d74d7f4b9c85fe6f5cc6545b9bc658539d5d79c1739f88ed689f235a9527a5 b664ae8179d74d7f4b9c85fe6f5cc654 0e2827de18a187c5ed31e9dcf44ca4f3f407f16a4e6f6a7b01304494514592da https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-gki01DarkKomet_dbef9fc0Windows This strike sends a malware sample known as DarkKomet. This sample is a Remote Access Tool that contains many malicious features found in malware trojans like keylogging, webcam access, microphone access, and remote desktop.dbef9fc001c303aa5d697c97da49277b14f73d678e0f62cc49f6e9b789d096bfb11a4344 dbef9fc001c303aa5d697c97da49277b 0f06f2ab0ce310049915962b7961b58b46bca4beba857633ac95b2a13cfa5d05 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-s2d01Generickdz_9efa1a81Windows This strike sends a malware sample known as Generickdz. This sample is a Delphi application that wraps malware. It evades detection by using process hollowing and employs persistence through an autostart Windows registry key.9efa1a8131fe4b5056cb8d3caed0df6fec6af66c7cdbe3a698c8c441630f3a589c1417f4 9efa1a8131fe4b5056cb8d3caed0df6f 1f4018562d03ff36c05bb9c6691eaee8e4e9ff7965799bd8abc557b86037fe2e https://blog.talosintelligence.com/2018/09/threat-roundup-0831-0907.html
M18-ek301Weecnaw_4003d6deWindows This strike sends a malware sample known as Weecnaw. This malicious sample also goes by the name Razy. The trojan steals information from the host machine, formats and encrypts the data, and then exfiltrates it to a C2 server.4003d6ded596a6b1adf9d11332ec36e5cd7cf144aaa8821e9ba1e9419e8d7397aeab74e7 4003d6ded596a6b1adf9d11332ec36e5 1fbac835a770d9b309ed87d3df0746bd28f1033f366ab35cde9e165f2b069388 https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html
M18-t8s01DarkKomet_dde7f034Windows This strike sends a malware sample known as DarkKomet. This sample is a Remote Access Tool that contains many malicious features found in malware trojans like keylogging, webcam access, microphone access, and remote desktop.dde7f0346cae0f69e909cd0d72d2b7ee7b7735b11fabdff2738b587a349ff91044ef6835 dde7f0346cae0f69e909cd0d72d2b7ee 1e4a660328cf9d5332b4aab97933ed451af7c8925ad8550b7678c9c3c522c71a https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-iyp01Hploki_e839b592Windows This strike sends a malware sample known as Hploki. This malicious sample steals credentials from various user applications like Firefox and Outlook.e839b592995406ce911ac41dbf33ecae4add07a6b25da26465363195de9e7b832e3b3ac8 e839b592995406ce911ac41dbf33ecae 3ef383fac7b7d0a7c41c92c23e56f5301b852c55f797f8642654a489ea891546 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-7vo01Generickdz_8d7a3b1dWindows This strike sends a malware sample known as Generickdz. This sample is a Delphi application that wraps malware. It evades detection by using process hollowing and employs persistence through an autostart Windows registry key.8d7a3b1dbb5c75191bf9496f3e6ba40d1f59062185a244c5bc847236ea06e0e6859c5886 8d7a3b1dbb5c75191bf9496f3e6ba40d 0843abfc1b86ea35e3042507656e81ed7edfff6805702bc418189ac3dd5f6f81 https://blog.talosintelligence.com/2018/09/threat-roundup-0831-0907.html
M18-oas01DarkKomet_c1d70cbaWindows This strike sends a malware sample known as DarkKomet. This sample is a Remote Access Tool that contains many malicious features found in malware trojans like keylogging, webcam access, microphone access, and remote desktop.c1d70cba6ce0468ca694ffee359ffe5e44b06afa7cea96dca11c73324250ce765021d516 c1d70cba6ce0468ca694ffee359ffe5e 0f99f662e7bab77cc78547802cdf85d810ce971682f7b50bdb8c77fcbc85aaaa https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-rxz01Gamarue_6d0e111fWindows This strike sends a malware sample known as Gamarue. This sample is a botnet that is used to spread other malware, and siphon sensitive information from the target machine.6d0e111fff6f1c24cc4be993a354ab395bb32b745d485dd19587d5589c7b59980c15806d 6d0e111fff6f1c24cc4be993a354ab39 4160c38ae1dc75fd8ecadef940a522f123f55d2e7930be952438aa79ec97cfd2 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-ial01Gamarue_566375a9Windows This strike sends a malware sample known as Gamarue. This sample is a botnet that is used to spread other malware, and siphon sensitive information from the target machine.566375a9e8f9d1b7b1bc626085239285b36e775eeec47271e52e6b617716ccd588cfa054 566375a9e8f9d1b7b1bc626085239285 028fd51a51027132ba29e92e35f1a5c90aad573bcb21c22a919401f53c2e1fe4 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-42101Bredolab_10d94884Windows This strike sends a malware sample known as Bredolab. This sample is a Remote Access Trojan that downloads and distributes other malware.10d9488484135205c635011c14eff3092849769b20f8b90c819a216742b37b77da6e7613 10d9488484135205c635011c14eff309 94986d91cb3d0f3de612a63b4d7e9ad005dab44a05e895499a9cd5e8baa544c8 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-kjf01Generickdz_4162542bWindows This strike sends a malware sample known as Generickdz. This sample is a Delphi application that wraps malware. It evades detection by using process hollowing and employs persistence through an autostart Windows registry key.4162542bd9bbec877a462159add884080b737fac1851f952b4853907ca6d463cff869793 4162542bd9bbec877a462159add88408 315680ac90ad07c9d05301fe99f23e864b1c38cd1950caf9e7f3ca9447b16b13 https://blog.talosintelligence.com/2018/09/threat-roundup-0831-0907.html
M18-d5c01Generickdz_bd548406Windows This strike sends a malware sample known as Generickdz. This sample is a Delphi application that wraps malware. It evades detection by using process hollowing and employs persistence through an autostart Windows registry key.bd5484060bf2ff8ac687e6109b521204dc0ff135ec3902e78f7ce1892512ffed589fba43 bd5484060bf2ff8ac687e6109b521204 328ba025dadc6148fb83dc34d03b519642de0122d41baabd046133efcfe69eca https://blog.talosintelligence.com/2018/09/threat-roundup-0831-0907.html
M18-s3a02Weecnaw_f55ed3d6Windows This strike sends a malware sample known as Weecnaw. This malicious sample also goes by the name Razy. The trojan steals information from the host machine, formats and encrypts the data, and then exfiltrates it to a C2 server.f55ed3d6ae021aaddd40b900c8ca743557448d06a885b3a7da42e163fe82e1b8698b5f86 f55ed3d6ae021aaddd40b900c8ca7435 02c5fa1012b9cf0d46801cadcc4fe6814b4f75d50104e948031d00ff3ca7b93c https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html
M18-4uj01Hploki_da60d8f0Windows This strike sends a malware sample known as Hploki. This malicious sample steals credentials from various user applications like Firefox and Outlook.da60d8f06dd08bbe0c50eda00e9ec5b01fcedb6d4f3878938717620d5e1acbd901abbc4f da60d8f06dd08bbe0c50eda00e9ec5b0 39eebb75f80b28445c50aaf25c1c0c757099bca5393fa4f4c7f5fbcf72588075 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-0wv01Gamarue_251367cfWindows This strike sends a malware sample known as Gamarue. This sample is a botnet that is used to spread other malware, and siphon sensitive information from the target machine.251367cf96009110345e129640b04eabe0ee714a5bd67fc6cc68f8419ae336db44fc8a8e 251367cf96009110345e129640b04eab c5c98d6f4a5327dceae54918353096b17205320077347106d3fdcdf8394c4dd8 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-x6401Powload_dcd0f8d8Mixed This strike sends a malware sample known as Powload. This sample is a malicious document that uses PowerShell to download malware. It has recently been associated with distributing the Emotet malware.dcd0f8d87f7da6094b859e217bfb4a32a5c6b2bf00b996355363520cd1ac9385103203d6 dcd0f8d87f7da6094b859e217bfb4a32 e98698880ec4b02325a7b21119783a2841d7c288a2146c73ead369ea749f27bd https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-38t01Bredolab_3d5768b3Windows This strike sends a malware sample known as Bredolab. This sample is a Remote Access Trojan that downloads and distributes other malware.3d5768b3bf2de4b7989d42479903be777b278264e7c26b33aa8e56a3d8dc521f033f7646 3d5768b3bf2de4b7989d42479903be77 f095a1ae871884b632eb885dd80c9c3d27079abae8c8daa8237b48df41708f5d https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-n7y01Hploki_948fbe32Windows This strike sends a malware sample known as Hploki. This malicious sample steals credentials from various user applications like Firefox and Outlook.948fbe321e6a07a46593e8d1481e5aa3ea8d17dd1a7494e50d8fb431c27a74553758a9a7 948fbe321e6a07a46593e8d1481e5aa3 2e70ea6467d4fef3c8ec276724fd95c6dd06e7ca5d8fdf4d79732bbcec904326 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-tzg01Hploki_633d1400Windows This strike sends a malware sample known as Hploki. This malicious sample steals credentials from various user applications like Firefox and Outlook.633d1400435c665b132ccda318c6ebe35bc53e3823b80aedaa2b4d305ae4d3b1628f6f29 633d1400435c665b132ccda318c6ebe3 57cecd6a7451c556cb00ac2dcff02a071f29a83b5ec2ee47ef106ec39b9024aa https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-bxy01Generickdz_4d7c4401Windows This strike sends a malware sample known as Generickdz. This sample is a Delphi application that wraps malware. It evades detection by using process hollowing and employs persistence through an autostart Windows registry key.4d7c44018fc6cb0108c862d2ac752f4c42a002ed9be76b91cb7454f693abaff183d8cc8d 4d7c44018fc6cb0108c862d2ac752f4c 1a4054a1714bb64958e6823aa2418a9317d25b24b20f0666199aceb39b5c1c8f https://blog.talosintelligence.com/2018/09/threat-roundup-0831-0907.html
M18-eol01Gamarue_e8c1666dWindows This strike sends a malware sample known as Gamarue. This sample is a botnet that is used to spread other malware, and siphon sensitive information from the target machine.e8c1666d1123f059ed656bfdb44f8f0c70cb5ecca25f6f8bb59d660c38f0b36da143b3e9 e8c1666d1123f059ed656bfdb44f8f0c 7072e12ef4fedfdc2c015daba59b023b7fe4f9659331939568917178f7354354 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-5t201Weecnaw_51c6ff53Windows This strike sends a malware sample known as Weecnaw. This malicious sample also goes by the name Razy. The trojan steals information from the host machine, formats and encrypts the data, and then exfiltrates it to a C2 server.51c6ff53ab10a410dba53ca87dd1e5601e2216a79fc209a404412b350ef632b0358141d9 51c6ff53ab10a410dba53ca87dd1e560 17983b493cd46b604ef3846516da1cda1628ec855b896be8b54a9558ae83058c https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html
M18-rzx01Generickdz_151f01f2Windows This strike sends a malware sample known as Generickdz. This sample is a Delphi application that wraps malware. It evades detection by using process hollowing and employs persistence through an autostart Windows registry key.151f01f21161e4f927e6d16b674530f31b33d5833efbb1596738a12734611ff23550282e 151f01f21161e4f927e6d16b674530f3 098766c1ee42b13020947978225d9c48e9666c3b326c1f991daf20cde18fb3e0 https://blog.talosintelligence.com/2018/09/threat-roundup-0831-0907.html
M18-ti201DarkKomet_dec7e9faWindows This strike sends a malware sample known as DarkKomet. This sample is a Remote Access Tool that contains many malicious features found in malware trojans like keylogging, webcam access, microphone access, and remote desktop.dec7e9fa61010a6343ba5e8d648613d40dd5ef203f0180fa9ece513766fbd340b9eb2611 dec7e9fa61010a6343ba5e8d648613d4 12883e0f1911daadb66fbbb66b7be9feb6e02a1c3447445ce1947dd6fc600410 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-19901DarkKomet_0d031a62Windows This strike sends a malware sample known as DarkKomet. This sample is a Remote Access Tool that contains many malicious features found in malware trojans like keylogging, webcam access, microphone access, and remote desktop.0d031a62990cf38ec7c075fdd231c8fbff76302787eaf05abf91f928dc6a0fb4eed9d4a9 0d031a62990cf38ec7c075fdd231c8fb 2401a683279fd61dffdb81d4f0a946fc129bc72d5c5e8061303323f74d3e19a5 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-lz501DarkKomet_f522920fWindows This strike sends a malware sample known as DarkKomet. This sample is a Remote Access Tool that contains many malicious features found in malware trojans like keylogging, webcam access, microphone access, and remote desktop.f522920f48f9c62ce524e3afaf5b6e4ab666fca15029b7d76a4ddaeba20f0658a89fd142 f522920f48f9c62ce524e3afaf5b6e4a 07e3f9989a69d60372e72b8f25bb82c3a40eb5b10b7d33d0a296b392ba9c5135 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-zez01Weecnaw_0a6395e3Windows This strike sends a malware sample known as Weecnaw. This malicious sample also goes by the name Razy. The trojan steals information from the host machine, formats and encrypts the data, and then exfiltrates it to a C2 server.0a6395e345fdf92a9b6f91fe775f28ef92ad885f07f27bacca29b76d8ca753cea6ed0112 0a6395e345fdf92a9b6f91fe775f28ef 03970d185025e7e226c704b5bcd13de89730677345d3d57081d07895966567d4 https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html
M18-xj101Generickdz_ca7c57f0Windows This strike sends a malware sample known as Generickdz. This sample is a Delphi application that wraps malware. It evades detection by using process hollowing and employs persistence through an autostart Windows registry key.ca7c57f0a14ba026ce77bbe5f0a3a5f1490e2abb798cca4544cb5ef1b87ef8c3d847b490 ca7c57f0a14ba026ce77bbe5f0a3a5f1 14c8abf43a6cd9337a963f408a8057a880a9c64e383d853829e7f3e4dc354d78 https://blog.talosintelligence.com/2018/09/threat-roundup-0831-0907.html
M18-4kv01Weecnaw_a0b4f44cWindows This strike sends a malware sample known as Weecnaw. This malicious sample also goes by the name Razy. The trojan steals information from the host machine, formats and encrypts the data, and then exfiltrates it to a C2 server.a0b4f44c4225d6af5c713ba46febf591cff206abf0b9afba99dbe1ca9b4879d18c3d01f0 a0b4f44c4225d6af5c713ba46febf591 08c257d2e5938dc6539b463ba0689982b79c112c8ad0aaf1be247726622ea487 https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html
M18-8l701Powload_c487a1bbMixed This strike sends a malware sample known as Powload. This sample is a malicious document that uses PowerShell to download malware. It has recently been associated with distributing the Emotet malware.c487a1bba6ff840b8892bf94319447b0e2b563979e7d7e88340b2f611a82d5eb72e84749 c487a1bba6ff840b8892bf94319447b0 6d19edf4fb1031eb9f355b6a769a0a134f62bac5928f7553da1af0cf22eeac2f https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-u9h01Gamarue_b3ade8faWindows This strike sends a malware sample known as Gamarue. This sample is a botnet that is used to spread other malware, and siphon sensitive information from the target machine.b3ade8fac9a908c60b10f145acf1895d730b825abfc75f4bc948ddafa82976d581c24f54 b3ade8fac9a908c60b10f145acf1895d 34da76e36056a82a77bb5c498fa7444d57ab471205176d1aff438c4c285764ff https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-roh01Hploki_9e4afdd4Windows This strike sends a malware sample known as Hploki. This malicious sample steals credentials from various user applications like Firefox and Outlook.9e4afdd45afc46e5cec5728f73b77bcb0d5a196860ad97b75b5199421d859b08091cd64d 9e4afdd45afc46e5cec5728f73b77bcb 56572619ff42dd8a9d58816134605ebf4d08ab4a90972ee5e33b082c9d05e1c3 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-ky201Hploki_43de2e0fWindows This strike sends a malware sample known as Hploki. This malicious sample steals credentials from various user applications like Firefox and Outlook.43de2e0fc68a5e7c7716018a04d7fadde7596536670a95332eb654f0d72a02029fa80a58 43de2e0fc68a5e7c7716018a04d7fadd 3bb8174f1cfd068311b93910f975f0422c775b39097fae2a4df0e394dbec4e0a https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-vdm01Gamarue_ecf1b7baWindows This strike sends a malware sample known as Gamarue. This sample is a botnet that is used to spread other malware, and siphon sensitive information from the target machine.ecf1b7bae9921e0e7f6a2e4c8e6ce70057dc21aac744e334752cb0697c125673c5933874 ecf1b7bae9921e0e7f6a2e4c8e6ce700 c39f50e06a3d18483179c8cb4388b98ae0ba3b78879731c710cf74ed1e423264 https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
M18-xd101Weecnaw_3baa53d3Windows This strike sends a malware sample known as Weecnaw. This malicious sample also goes by the name Razy. The trojan steals information from the host machine, formats and encrypts the data, and then exfiltrates it to a C2 server.3baa53d31421d02170c3977e15d1372b361fc3afc9064e783de4cb1d610f157b4ad34ad1 3baa53d31421d02170c3977e15d1372b 2b65d21294f9a06d570811d2e7aeec7ab4785e8840d79e8083791cc3684e4a92 https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html
M18-z7901Generickdz_3da233c7Windows This strike sends a malware sample known as Generickdz. This sample is a Delphi application that wraps malware. It evades detection by using process hollowing and employs persistence through an autostart Windows registry key.3da233c7d38398b7ab24751c27673d03fbe07d260c95d4fa0b4563461e6ecbf13ef51ece 3da233c7d38398b7ab24751c27673d03 178d41ab9c193b735b37f10e3ef74df84da6cf21fc1bd6c322116d71f6afceb5 https://blog.talosintelligence.com/2018/09/threat-roundup-0831-0907.html

Malware Strikes August - 2018

Back to top
Strike ID Malware Platform Info MD5 External References
M18-jlq01Bublik_8b8de888Windows This strike sends a malware sample known as Bublik. This sample is a dropper that drops CoinMiner, a cryptojacking virus that uses the target system to mine cryptocurrency.8b8de888f22132100333b40d0991fd468de718a5c1daee44a6320eda1ccfdba4b36b7379 8b8de888f22132100333b40d0991fd46 8a82e6490ddd36681e95e2e1079229fe07831279c3c4ec96cb159fb176f276fe https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-uf801Eorezo_aa36d265Windows This strike sends a malware sample known as Eorezo. This sample downloads and installs software in the background, and allows for advertisements to be displayed in Internet Explorer.aa36d265686eabf1a74ab94670d46aea0ade0d7f6df5afe4dbd146157dec4a67b3fd69fc aa36d265686eabf1a74ab94670d46aea 9583c8f1f3c9982a45ed56fbc30f8be06708cfaa8557aa7f5b6117847018cd4f https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-3r901Dbzx_9cc6e5d2Windows This strike sends a malware sample known as Dbzx. This sample is a variant of the Tspy family. It contacts C2 servers to upload data and receive additional commands, and maintains persistence after reboot.9cc6e5d2ca45a1af03dc8e5b092823b6f4ba88e4f3851bb03373ec7ead06dcd08352cb25 9cc6e5d2ca45a1af03dc8e5b092823b6 fdd4cce37fd524f99e096d0e45f95ac4dac696c8d7e8eb493bb485c63409c7b3 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-gyc01Startsurf_2e329e93Windows This strike sends a malware sample known as Startsurf. This sample is a trojan that gathers personal information to steal from its target.2e329e93339b55511cb42c790d9d0411082b43fe01f3fc6e22f29b201b4d341c0468a57a 2e329e93339b55511cb42c790d9d0411 4348a4b50eba73d6eb5d0d254241d0e44fc63c975b589ac5276d6dc5cf8bab13 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-r2101Tovkater_7b86a95fWindows This strike sends a malware sample known as Tovkater. This sample can download and upload files, inject code as well as install additional malware.7b86a95f3399479b48dc44f746ab9aa800cf3a530bc492e524a6ee9b0180c5ae06cf2aef 7b86a95f3399479b48dc44f746ab9aa8 13de4d085dfb857c5580425dcc787ee73b4dd78d0272e8a72d25915b6dedf9bd https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-r2y01Tovkater_4c70b06eWindows This strike sends a malware sample known as Tovkater. This sample can download and upload files, inject code as well as install additional malware.4c70b06ebb9f1ec344e5c6fe8b9f7c7a008c22aa1d5793a3e5babc790fa9b7dc43dc76af 4c70b06ebb9f1ec344e5c6fe8b9f7c7a da88d9c7c8010ea49472872d29c9c2d542a82a1f41e5726529dbdc34c363b6a3 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-n9o01Startsurf_3fe1379dWindows This strike sends a malware sample known as Startsurf. This sample is a trojan that gathers personal information to steal from its target.3fe1379de211938454e5b42353d7814b326e9154c792f544f6ce62c106c1ffabf4f5e400 3fe1379de211938454e5b42353d7814b fb2aa3891cc9383631ddcca4076ae800d67d701a7ffb83d48240cc1d72372175 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-fqd01Eorezo_bc59adb3Windows This strike sends a malware sample known as Eorezo. This sample downloads and installs software in the background, and allows for advertisements to be displayed in Internet Explorer.bc59adb38a880ba36114228716ef6675f0413e1ff362a9e95f55ec09316b2c0241e1f6b8 bc59adb38a880ba36114228716ef6675 5c3982a206d40ec00b2029d4bdde1bb37192341583e803556872b97a609411ae https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-s7j01Tovkater_4a1359adWindows This strike sends a malware sample known as Tovkater. This sample can download and upload files, inject code as well as install additional malware.4a1359ad7c48ef58de071eedbf2bd9ad020b74ef085d195b09df62852e571365c54036c8 4a1359ad7c48ef58de071eedbf2bd9ad eedfbfa60755288a140b84ee00957c0032baba0bf299cea18d5fcca85e7d41f5 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-6pp01Eorezo_b5c47d02Windows This strike sends a malware sample known as Eorezo. This sample downloads and installs software in the background, and allows for advertisements to be displayed in Internet Explorer.b5c47d0227472f4fbef98e07d90bc01628b68baba696afd9f16ae3a1291137fe8e82b9af b5c47d0227472f4fbef98e07d90bc016 85b36ab50aeb452822886815076c7c90c30273854496dde7fd3473e62119f672 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-cfo01Bublik_b574a817Windows This strike sends a malware sample known as Bublik. This sample is a dropper that drops CoinMiner, a cryptojacking virus that uses the target system to mine cryptocurrency.b574a817dd68c69c54fc9e2eb47669f6e41f9694d51eefe3a00558263a6350e52c88cd43 b574a817dd68c69c54fc9e2eb47669f6 804e649a4ec4c60b27ccf828188322b42552e416e84f810177f856c514ca6d60 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-oad01Bublik_c1ed1aafWindows This strike sends a malware sample known as Bublik. This sample is a dropper that drops CoinMiner, a cryptojacking virus that uses the target system to mine cryptocurrency.c1ed1aaf1cba516c49eaed7557b9ca0bc7e2e1ed445338d5d6ef9f4892e292026098003c c1ed1aaf1cba516c49eaed7557b9ca0b 79653c2fffae7dac30fb798f011c7b96c348a9b1aad37f2a3ef54d29e03e33d0 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-k8e01Ainslot_f4c8ca63Windows This strike sends a malware sample known as Ainslot. This sample is a dropper for PonyStealer, a bot that attempts to steal passwords from web browsers, email clients, instant messaging applications, and many other applications.f4c8ca63771d22733533b0c4cb6270564e25c4dbc46a735398952567fd7830aa0f02c27e f4c8ca63771d22733533b0c4cb627056 b411c969228d3324eae00e9468a05bf37ecef76fb81e41620dfc9d19bd067f47 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-u2501Startsurf_1e93bf82Windows This strike sends a malware sample known as Startsurf. This sample is a trojan that gathers personal information to steal from its target.1e93bf82020093737f05a407d2cd18bce67fe4af6deaa9932ce6230b9f30da68b9df44c9 1e93bf82020093737f05a407d2cd18bc eac8c3c76e954d8e2be7a5d1570643b4ce6a856e8143faf6263ad50cf53aceb2 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-xum01Startsurf_9eb3e36aWindows This strike sends a malware sample known as Startsurf. This sample is a trojan that gathers personal information to steal from its target.9eb3e36ac4eab6602e8d17a0e871bacdc6513fb87dbb6fa261b784dc12ebfc4ce7c73f2a 9eb3e36ac4eab6602e8d17a0e871bacd 3e49b3e58eec40b735124509bafcf434904f5945c9d65a5a860b0950850a979d https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-aex01Ainslot_21666a6dWindows This strike sends a malware sample known as Ainslot. This sample is a dropper for PonyStealer, a bot that attempts to steal passwords from web browsers, email clients, instant messaging applications, and many other applications.21666a6d52c65c877cebdec585303178766aa90f43241c614914da62a5a627b4c592ea53 21666a6d52c65c877cebdec585303178 fccbb20a19943cac05429361f6ffb51b494e02b86748761e5d26d4bdac3a7ab3 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-qhq01BackSwap_f8ce875dMixed This strike sends a malware sample known as BackSwap. The BackSwap malware is currently being used by criminal organizations to target financial institutions such as banks. The trojan steals banking credentials in an effort to drain bank account funds.f8ce875dd49e7c20ccf1f27dd68f99709bc4c1d5403ddd90712ce87225490a21d1edc516 f8ce875dd49e7c20ccf1f27dd68f9970 5349a0c06823fa285faa31381b5566b2a3d8990f6a5b6775288471caa35f8516 https://www.welivesecurity.com/2018/05/25/backswap-malware-empty-bank-accounts/ https://www.cert.pl/en/news/single/backswap-malware-analysis/ https://www.zdnet.com/article/trojan-malware-campaign-expands-with-attacks-against-new-banks/
M18-ys301Eorezo_c76d5e65Windows This strike sends a malware sample known as Eorezo. This sample downloads and installs software in the background, and allows for advertisements to be displayed in Internet Explorer.c76d5e653841ba71bfbe08ff3aee8ce82da6f6eac93416bee02f1799795fd629b4e15ed4 c76d5e653841ba71bfbe08ff3aee8ce8 5112edf0351d70ad31152f67e8996c9c4ad062f0023cfd43b4baecb8aa7b16b4 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-by801Startsurf_42c3c308Windows This strike sends a malware sample known as Startsurf. This sample is a trojan that gathers personal information to steal from its target.42c3c308bcca7d4f7f1c71a1bc64215f8c46a1f6af918b2df0d6bc6b002c70fb116c1c43 42c3c308bcca7d4f7f1c71a1bc64215f ca544eaedd654782fa6b7a130bdc58869c2124a59754ed1baf9a5c00fafae12a https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-c0z01AppleJeus_bbbcf6daWindows This strike sends a malware sample known as AppleJeus. The AppleJeus malware family has recently been utilized by the Lazarus group in a cryptocurrency trading application. Delivered via email once the trojan trading program is installed, the victim is delivered macOS malware through the trading program's update mechanism.bbbcf6da5a4c352e8846bf91c3358d5c313aca049a83c362066cd130d6263af1bcd43565 bbbcf6da5a4c352e8846bf91c3358d5c e2199fc4e4b31f7e4c61f6d9038577633ed6ad787718ed7c39b36f316f38befd https://securelist.com/operation-applejeus/87553/ https://www.computerweekly.com/news/252447492/North-Koreans-add-Mac-OS-to-cryptocurrency-stealing-malware-attacks
M18-77h01Ainslot_3aa6eacbWindows This strike sends a malware sample known as Ainslot. This sample is a dropper for PonyStealer, a bot that attempts to steal passwords from web browsers, email clients, instant messaging applications, and many other applications.3aa6eacb34c4fe6cf98dfef01b293c75a4ea2df72beca049121df462df8523c99ded38e1 3aa6eacb34c4fe6cf98dfef01b293c75 f92ed6167aa17d2d242d5c0a15b63d5a2b2ab354ac0c9988d34dbe47d5138719 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-iuk01Eorezo_29ef3074Windows This strike sends a malware sample known as Eorezo. This sample downloads and installs software in the background, and allows for advertisements to be displayed in Internet Explorer.29ef307463511426969d476c9f12ce61483abfcecc7b9596b6fac3f356e4c3b442288600 29ef307463511426969d476c9f12ce61 47bcf1f1bca23a36e291a0ac4cb8d1cd59c0c80d6a8e3b2cc3d646284cc531d5 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-i3h01Dbzx_f58036f8Windows This strike sends a malware sample known as Dbzx. This sample is a variant of the Tspy family. It contacts C2 servers to upload data and receive additional commands, and maintains persistence after reboot.f58036f83cc7b30879208b21fd27a08b684911121e342de5fe0e3f2f83b98c5bf8e38d6c f58036f83cc7b30879208b21fd27a08b 9435b87c7c91ac98f9f461aeaa6b1630e2270e2d2ccdf6a05d46fa02de91d1eb https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-w1w01AppleJeus_ffae703aWindows This strike sends a malware sample known as AppleJeus. The AppleJeus malware family has recently been utilized by the Lazarus group in a cryptocurrency trading application. Delivered via email once the trojan trading program is installed, the victim is delivered macOS malware through the trading program's update mechanism.ffae703a1e327380d85880b9037a0aebd48a81613b3c0186d563744e79d28c05df49c480 ffae703a1e327380d85880b9037a0aeb d555dcb6da4a6b87e256ef75c0150780b8a343c4a1e09935b0647f01d974d94d https://securelist.com/operation-applejeus/87553/ https://www.computerweekly.com/news/252447492/North-Koreans-add-Mac-OS-to-cryptocurrency-stealing-malware-attacks
M18-v9r01Dbzx_cdee786bWindows This strike sends a malware sample known as Dbzx. This sample is a variant of the Tspy family. It contacts C2 servers to upload data and receive additional commands, and maintains persistence after reboot.cdee786ba36d2b09ed8f93170a59cde37a799bc190bb5f6e8cb74a1d954c51863801de03 cdee786ba36d2b09ed8f93170a59cde3 a137c89d2c6f0ae74217724e1cb56aea726e285d0e6e98adfda16617ad51d176 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-xzk01Startsurf_44af6a6bWindows This strike sends a malware sample known as Startsurf. This sample is a trojan that gathers personal information to steal from its target.44af6a6be80e18d3db06b50554d35396f129c561b8264f76490486f60f703302306dde96 44af6a6be80e18d3db06b50554d35396 c82eaf2f1f156b95b43b2a984867e486911f6ceb329daea6ac9a6c53fae42685 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-6jk01Ainslot_4cd71308Windows This strike sends a malware sample known as Ainslot. This sample is a dropper for PonyStealer, a bot that attempts to steal passwords from web browsers, email clients, instant messaging applications, and many other applications.4cd7130855ad472a8137885c067997274e9e3b497f6e7685a89b8b32f3e17798fdc013c7 4cd7130855ad472a8137885c06799727 7659c69ab75e087038e59f6e60a2d7927503c390b212787342b4ba53e6f72fe8 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-af501Bublik_2fab8f06Windows This strike sends a malware sample known as Bublik. This sample is a dropper that drops CoinMiner, a cryptojacking virus that uses the target system to mine cryptocurrency.2fab8f06d2059ac8a9f72ca61fafb79bc2426a07c5d4c8d1eebb8e16996c255127d1c58d 2fab8f06d2059ac8a9f72ca61fafb79b 8c6b650941754525d9d0bec9356940af5860fefcc335507a82742e91c1c182db https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-15c01Tovkater_6a11cb02Windows This strike sends a malware sample known as Tovkater. This sample can download and upload files, inject code as well as install additional malware.6a11cb025fdb96ef3ec831da84a24e51009080ed6a488cef50547b09b66586a16fe36adb 6a11cb025fdb96ef3ec831da84a24e51 44822b0f38e0a15c2128bc1c58afeccf45916539bede62501117e8ce106b95ce https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-r3201Dbzx_a64d5044Windows This strike sends a malware sample known as Dbzx. This sample is a variant of the Tspy family. It contacts C2 servers to upload data and receive additional commands, and maintains persistence after reboot.a64d504475bd8d3fbdb2cfdfc50c6f257e3c82fc8557162243e12e2c82a41081f95b2f06 a64d504475bd8d3fbdb2cfdfc50c6f25 b3c6a0883d9ed8bcf1bf162c0ade8b16f2cd4ae890e30ba9e9540f4bdf5f5ba1 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-0t701Ainslot_328fa3ebWindows This strike sends a malware sample known as Ainslot. This sample is a dropper for PonyStealer, a bot that attempts to steal passwords from web browsers, email clients, instant messaging applications, and many other applications.328fa3eb048875bc5a8fa8b9666d70e2712d1f77541ee39f15c92a216ed9f3226672d6e1 328fa3eb048875bc5a8fa8b9666d70e2 7b8fd7667a87cf87691feb2727ed78f832e8b84f4edb123057ac21fc173bdfcf https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-b3s01Bublik_c8df69d6Windows This strike sends a malware sample known as Bublik. This sample is a dropper that drops CoinMiner, a cryptojacking virus that uses the target system to mine cryptocurrency.c8df69d620857efa4cc3b438e9fb59dc18e62dff6ec64eccbbb68feac395ce5cda5dc4d4 c8df69d620857efa4cc3b438e9fb59dc 0672fe319c7296a01b04973c0455c4a07691a16a2c933f15c071bba72b155b0c https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-yi701Dbzx_29cabf67Windows This strike sends a malware sample known as Dbzx. This sample is a variant of the Tspy family. It contacts C2 servers to upload data and receive additional commands, and maintains persistence after reboot.29cabf6745feed6ba9920cf9c1d3bdf132d03260a117b919bd1184bf1956c70d04c1a657 29cabf6745feed6ba9920cf9c1d3bdf1 8f08bcadd3a44055a70dbae3308cf18c8d1824e424100eda03ddc71e9417fb5e https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-2mi01Tovkater_2b6912b2Windows This strike sends a malware sample known as Tovkater. This sample can download and upload files, inject code as well as install additional malware.2b6912b28f3485da71c8b82e4d1fa5fa010200e070f131c403704fe25fbc8c92e7c89714 2b6912b28f3485da71c8b82e4d1fa5fa 9db3546b5f6f8d60b1f635d07a10e8fc11e3b72f66161ee8621d29829fcbffbe https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-oxh01Kronos_17903c3dWindows This strike sends a malware sample known as Kronos. This sample a part of the Kronos trojan attack campaign. In this latest variant, the threat now tries to evade detection by employing .onion C2 URLs and Tor communication.17903c3d83125a5fc3e3f77d8a775bfe91da487143d931e00e935245e698ea2a582871e4 17903c3d83125a5fc3e3f77d8a775bfe 4af17e81e9badf3d03572e808e0a881f6c61969157052903cd68962b9e084177 https://www.proofpoint.com/us/threat-insight/post/kronos-reborn https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/kronos-malware-returns-with-new-attack-campaigns-updates/
M18-s1w01Startsurf_09f61525Windows This strike sends a malware sample known as Startsurf. This sample is a trojan that gathers personal information to steal from its target.09f61525437198d7b763a2445f899fe85db5ab2d53a83ed39c38a2815d3e7137f0dfbf19 09f61525437198d7b763a2445f899fe8 c56e3ca164803c5668cf0b8228c97626c486f5a7063d4b3109840137b67c8f98 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-jeg01Bublik_08135a2fWindows This strike sends a malware sample known as Bublik. This sample is a dropper that drops CoinMiner, a cryptojacking virus that uses the target system to mine cryptocurrency.08135a2f4092837e633818a82daea56753f61c9dd29783248f800231c1adba117c39f980 08135a2f4092837e633818a82daea567 049a1fd2db0b1c3d821df7ac882417c951a8a3be6531a05bc284b2373bcd0566 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-r2d01Startsurf_14ebd9e2Windows This strike sends a malware sample known as Startsurf. This sample is a trojan that gathers personal information to steal from its target.14ebd9e20523563ce69a5863b86fa897e2461b9ae129ed5b61a348ad170d08b7b19dba47 14ebd9e20523563ce69a5863b86fa897 5f98685ee9098a31ced944840670772bb972db31ac5d1690974e59f566d1adae https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-vvf01Tovkater_0a019441Windows This strike sends a malware sample known as Tovkater. This sample can download and upload files, inject code as well as install additional malware.0a01944136b7d7d4676abdc4efc4394600a78ee36b4b738fee584bbdfdca5fd077b041a8 0a01944136b7d7d4676abdc4efc43946 ebb6267a01b66d6741497c9d780da069d6a7d3f17d2bfe287470da5ecee3975d https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-q5a01Dbzx_b399db9dWindows This strike sends a malware sample known as Dbzx. This sample is a variant of the Tspy family. It contacts C2 servers to upload data and receive additional commands, and maintains persistence after reboot.b399db9d94a93aabc25b58108d895c2bb7625243df08d76b585b41c296e0d873f1fd5dc2 b399db9d94a93aabc25b58108d895c2b 9634a2afb40139e39da8c8ef0da8f5104229d7bb4c3b95faee5a4396713f528e https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-viv01Dbzx_d4addc71Windows This strike sends a malware sample known as Dbzx. This sample is a variant of the Tspy family. It contacts C2 servers to upload data and receive additional commands, and maintains persistence after reboot.d4addc71771aab03588807824cfff681f0d601dcd56958bddbdce80fc3231fc0c8f6e8bb d4addc71771aab03588807824cfff681 ba5afe1245d10f72637d34a96bf6e365c2f4326da69dcd440beacf421b634133 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-y2401BackSwap_275ecbfeWindows This strike sends a malware sample known as BackSwap. The BackSwap malware is currently being used by criminal organizations to target financial institutions such as banks. The trojan steals banking credentials in an effort to drain bank account funds.275ecbfe6040038710cb4c6df2c65d1c406f7fb141a793a67e2d430e3db740aabd561b52 275ecbfe6040038710cb4c6df2c65d1c 3f86fe2c77e5f2dabda5f99ef8c41d88a732bfed2ad02933c55c49177b7565f6 https://www.welivesecurity.com/2018/05/25/backswap-malware-empty-bank-accounts/ https://www.cert.pl/en/news/single/backswap-malware-analysis/ https://www.zdnet.com/article/trojan-malware-campaign-expands-with-attacks-against-new-banks/
M18-p9301Bublik_79e36782Windows This strike sends a malware sample known as Bublik. This sample is a dropper that drops CoinMiner, a cryptojacking virus that uses the target system to mine cryptocurrency.79e36782e216063d2debbbe81fff06b1922cd05e48aa43670e509c566b44ae6f294596b5 79e36782e216063d2debbbe81fff06b1 520e488e3f6cbebd0369e024a852cb340920806d40a03e7cc3dfeb7b1502ccce https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-dr201Startsurf_cc3fb807Windows This strike sends a malware sample known as Startsurf. This sample is a trojan that gathers personal information to steal from its target.cc3fb807e30126cda2bfdcd614e6320e1d00ae503a4b64f16062b31a31b8b27ae4700e20 cc3fb807e30126cda2bfdcd614e6320e 53366f90f59348b8de81bdc04652200d2dcf8bad5cfc46a533c3b20cd0e200b2 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-ocg01BackSwap_a48b8550Windows This strike sends a malware sample known as BackSwap. The BackSwap malware is currently being used by criminal organizations to target financial institutions such as banks. The trojan steals banking credentials in an effort to drain bank account funds.a48b8550944bc11f1d2c5f2a59cbc27a109e8ef2efee68673f5271525cb112ad775f2edd a48b8550944bc11f1d2c5f2a59cbc27a d55a6993abe6ef5b3c047ed46036236caab9ad2e60774e72ce498f454c45128f https://www.welivesecurity.com/2018/05/25/backswap-malware-empty-bank-accounts/ https://www.cert.pl/en/news/single/backswap-malware-analysis/ https://www.zdnet.com/article/trojan-malware-campaign-expands-with-attacks-against-new-banks/
M18-p7k01Startsurf_d5c91576Windows This strike sends a malware sample known as Startsurf. This sample is a trojan that gathers personal information to steal from its target.d5c91576037d46f9e5efc7b6d952919de85c6001f9e4a9aebdea257ef78e3fc648d6858c d5c91576037d46f9e5efc7b6d952919d 4ae8cf675d6517b7989391fc653e8ddc96aa81cec4802e7e66de30adf0e96d2e https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-7tj01Startsurf_dbb7c24fWindows This strike sends a malware sample known as Startsurf. This sample is a trojan that gathers personal information to steal from its target.dbb7c24f0b58497bb345ac68968cb4e1afe099aeea929cb797537edeca49460a22e3e2b5 dbb7c24f0b58497bb345ac68968cb4e1 70ebc88b9a71c661b68325dd92d0945ea1927e4d115da217640a4efefcf0c730 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-veu01Bublik_0a0ec7e1Windows This strike sends a malware sample known as Bublik. This sample is a dropper that drops CoinMiner, a cryptojacking virus that uses the target system to mine cryptocurrency.0a0ec7e155f16e64b68b493bf6347dbf2f929c061e234b1d18ccaf62f46925ba112c8c28 0a0ec7e155f16e64b68b493bf6347dbf 73f2be7461e84cc88415bbe44340a09e02d6bd3dbc396c708b5282da3e589064 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-u8n01Startsurf_dede09f9Windows This strike sends a malware sample known as Startsurf. This sample is a trojan that gathers personal information to steal from its target.dede09f9ad4fd64b7531db204831c03e4b2eb3e95a7b3828eecd2fa8ba62c29f1d1178b4 dede09f9ad4fd64b7531db204831c03e 00cc9438408d1b22b0afc57e3b233ff62774cbcb92e58b392403d8c794d988ed https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-lqs01Bublik_f892d82fWindows This strike sends a malware sample known as Bublik. This sample is a dropper that drops CoinMiner, a cryptojacking virus that uses the target system to mine cryptocurrency.f892d82f949137b5aa4c1b838067a5af8161a2776f0f3fc804697eafcd4a2ab9c417614e f892d82f949137b5aa4c1b838067a5af b1dc3244cf44aa70d30fa06f7367c90240638c0f0f98ac419dd603b101c10eac https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-bin01Ainslot_3bc0439cWindows This strike sends a malware sample known as Ainslot. This sample is a dropper for PonyStealer, a bot that attempts to steal passwords from web browsers, email clients, instant messaging applications, and many other applications.3bc0439cc4c399844e51af6b53d740d03b20b24f0f8be2cdce3109f053d56d59f05f5186 3bc0439cc4c399844e51af6b53d740d0 ec72aff9d0f5d5e8735589b554e2659ef8cb1f462057415f8c6219a1ae1b90a9 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-6im01Startsurf_173784ccWindows This strike sends a malware sample known as Startsurf. This sample is a trojan that gathers personal information to steal from its target.173784ccee05a2ce70fb4cf4eab4e42bebe93629b86d9db3b7899786dca2117fadebb3ff 173784ccee05a2ce70fb4cf4eab4e42b 61e7c5b6a7f1608cf0bf728d15f8cdfc0f9f5c7c3748ee28452cfa2a496e54cc https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-1yk01Dbzx_e4e2c5fdWindows This strike sends a malware sample known as Dbzx. This sample is a variant of the Tspy family. It contacts C2 servers to upload data and receive additional commands, and maintains persistence after reboot.e4e2c5fd0d2cbf4a3ef739acdc52d003f6d8d5c0db38ab3f262ccfb89f939064420d0a6c e4e2c5fd0d2cbf4a3ef739acdc52d003 e2846881f6127d99222144e4ece509bd18522fdd7791bf84d7697b37ffa40919 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-tv201Ainslot_531ce813Windows This strike sends a malware sample known as Ainslot. This sample is a dropper for PonyStealer, a bot that attempts to steal passwords from web browsers, email clients, instant messaging applications, and many other applications.531ce813167293de2c8a281d1471bb41b7b5788c09698c8e1651b765f0ec3e2568a98ab5 531ce813167293de2c8a281d1471bb41 db3ff8db6b2387a8b4be629c96f4de36288a8945e6b0910ff9823ecaef92d96d https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-ppj01Bublik_f71abe17Windows This strike sends a malware sample known as Bublik. This sample is a dropper that drops CoinMiner, a cryptojacking virus that uses the target system to mine cryptocurrency.f71abe17820a3e75f399f6c415e11e3cc8a6bcda037311bf1b2b0e3ed032428d5e3961b4 f71abe17820a3e75f399f6c415e11e3c 1e2c6e7c4a4986a3d9b30fb8aecb4cbacacc103251c9ba35e14905231f104dda https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-9un01Bublik_07299a7bWindows This strike sends a malware sample known as Bublik. This sample is a dropper that drops CoinMiner, a cryptojacking virus that uses the target system to mine cryptocurrency.07299a7bef55d6d92c51c8020109935b4c76a80ba549cbc4ccf39e0f9f866115afa38d53 07299a7bef55d6d92c51c8020109935b a42ce1c1929e461d7f695a3790d4021286f03ed8a011013282400c5368ca2965 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-b1d02Eorezo_e29f6ad1Windows This strike sends a malware sample known as Eorezo. This sample downloads and installs software in the background, and allows for advertisements to be displayed in Internet Explorer.e29f6ad1680570565a7655d6ba59e9c4f26ad43fa3d71f355e20608336abb7c073539fde e29f6ad1680570565a7655d6ba59e9c4 2b0c6557b39ad8cca97ea6975aa3f4a8341774461b1bacab05d04ab20a9463eb https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-8l601Bublik_3eb88bb2Windows This strike sends a malware sample known as Bublik. This sample is a dropper that drops CoinMiner, a cryptojacking virus that uses the target system to mine cryptocurrency.3eb88bb22848a0ae4174fdc5b80c6eb6fbad11387b06b1c64e02c51aaa7a15a2c65dd25a 3eb88bb22848a0ae4174fdc5b80c6eb6 6e693ce84c1d99035b703791b5bd8708a4ba6510f334907f82fe3d6e674e052d https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-ca501AppleJeus_b054a738Windows This strike sends a malware sample known as AppleJeus. The AppleJeus malware family has recently been utilized by the Lazarus group in a cryptocurrency trading application. Delivered via email once the trojan trading program is installed, the victim is delivered macOS malware through the trading program's update mechanism.b054a7382adf6b774b15f52d971f3799b4d43cd2d81d17dec523915c0fc61b4b29e62c58 b054a7382adf6b774b15f52d971f3799 bdff852398f174e9eef1db1c2d3fefdda25fe0ea90a40a2e06e51b5c0ebd69eb https://securelist.com/operation-applejeus/87553/ https://www.computerweekly.com/news/252447492/North-Koreans-add-Mac-OS-to-cryptocurrency-stealing-malware-attacks
M18-4ze01Eorezo_d412b5efWindows This strike sends a malware sample known as Eorezo. This sample downloads and installs software in the background, and allows for advertisements to be displayed in Internet Explorer.d412b5ef5315b7278a1c161fc553a9eedc1c42d68cc92a0d982946395a841c13e7d18743 d412b5ef5315b7278a1c161fc553a9ee 52544303a89f2c4e3eedd64c000504a2ef4c920c20361961fc81cae3f520244f https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-4fc01Ainslot_38fd6fe8Windows This strike sends a malware sample known as Ainslot. This sample is a dropper for PonyStealer, a bot that attempts to steal passwords from web browsers, email clients, instant messaging applications, and many other applications.38fd6fe86918cb97516ac7d31389adee2e24e1d774dd2ae60be847bbbd797c7a03d0093c 38fd6fe86918cb97516ac7d31389adee 0cc20f105cf4630239cbb192b5085c5323ccddafe2804420d07bdc84e9f69f74 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-31k01Kronos_820d3fb4Windows This strike sends a malware sample known as Kronos. This sample a part of the Kronos trojan attack campaign. In this latest variant, the threat now tries to evade detection by employing .onion C2 URLs and Tor communication.820d3fb49af10fa714c4bdd5745d865b49b42b7ed9c3db0b1a4d45e37e4a6bc2b8079ff6 820d3fb49af10fa714c4bdd5745d865b 93590cb4e88a5f779c5b062c9ade75f9a5239cd11b3deafb749346620c5e1218 https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/kronos-malware-returns-with-new-attack-campaigns-updates/ https://www.proofpoint.com/us/threat-insight/post/kronos-reborn
M18-ij801Dbzx_bc9ec8b4Windows This strike sends a malware sample known as Dbzx. This sample is a variant of the Tspy family. It contacts C2 servers to upload data and receive additional commands, and maintains persistence after reboot.bc9ec8b4fbf1544a189d98941b5fa8de4234ccf5d7c08ed456dd5056e6dee1736e0ab7ef bc9ec8b4fbf1544a189d98941b5fa8de 810fb35557e051a7be3f03b37247c90796595a2d5afa1b2c3034187de2a3f0bc https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-sc801Dbzx_eb4c34f2Windows This strike sends a malware sample known as Dbzx. This sample is a variant of the Tspy family. It contacts C2 servers to upload data and receive additional commands, and maintains persistence after reboot.eb4c34f2e2681626143675f4c254762ee7bfac0f3593960f3f0d6fdb96e5a04cd52746ad eb4c34f2e2681626143675f4c254762e cd3a4783c2795a16c82518c56f955c9b56f415d59ef5bc77e143f6124123364b https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-cdp01Tovkater_34b1a271Windows This strike sends a malware sample known as Tovkater. This sample can download and upload files, inject code as well as install additional malware.34b1a2715ca0ac1451f2a676726cf5900148dd222d9d6fbdafae4f60a2b22d68dbf6e362 34b1a2715ca0ac1451f2a676726cf590 2a6753ea1a7a2289589550672980137480eadfc3c5d2a4135cbe152a72817b00 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-r3302Tovkater_d0d27826Windows This strike sends a malware sample known as Tovkater. This sample can download and upload files, inject code as well as install additional malware.d0d27826533bdfea14a3818adb040e4701b24545e6e866021ceb910d340d9d987a86a254 d0d27826533bdfea14a3818adb040e47 b760a4cea26c261519ed2a3a0814ae8e56ea10414e10213980e7eb34509fe571 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-9la01BackSwap_b2076cdaWindows This strike sends a malware sample known as BackSwap. The BackSwap malware is currently being used by criminal organizations to target financial institutions such as banks. The trojan steals banking credentials in an effort to drain bank account funds.b2076cda88f44eacc95b21a741b9a7592dc9760a7c6e9d261c73efb7b2604840734bc058 b2076cda88f44eacc95b21a741b9a759 16fe4de2235850a7d947e4517a667a9bfcca3aee17b5022b02c68cc584aa6548 https://www.welivesecurity.com/2018/05/25/backswap-malware-empty-bank-accounts/ https://www.cert.pl/en/news/single/backswap-malware-analysis/ https://www.zdnet.com/article/trojan-malware-campaign-expands-with-attacks-against-new-banks/
M18-pj501Dbzx_e519fd17Windows This strike sends a malware sample known as Dbzx. This sample is a variant of the Tspy family. It contacts C2 servers to upload data and receive additional commands, and maintains persistence after reboot.e519fd1779712947bca9f42a3787a5422b96a2625e7a9582807a8cd48fb2ebd53e84e63f e519fd1779712947bca9f42a3787a542 25430a357d53aec77dd1f119b838ceae79a22bb3a60c7a002cb7328b098546a7 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-77a01Dbzx_f3ef4acaWindows This strike sends a malware sample known as Dbzx. This sample is a variant of the Tspy family. It contacts C2 servers to upload data and receive additional commands, and maintains persistence after reboot.f3ef4aca9d3ee0f3761db50691de42afb55b12096d0c790b93450329df6cef8241ad8535 f3ef4aca9d3ee0f3761db50691de42af 5ce812ebf77f6d63de37a1e3d261b9688d595aaeadaef3388f4214896bb64892 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-2fq01Eorezo_45f66446Windows This strike sends a malware sample known as Eorezo. This sample downloads and installs software in the background, and allows for advertisements to be displayed in Internet Explorer.45f66446465380be05691bd77f04973ea07b25adadac5eff14972ebf4e02578e92039e92 45f66446465380be05691bd77f04973e 0f8d729821902252b7f7a1c0d51004d3770356969e7181548126f13f1e2ebf2a https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-93801Startsurf_4784e04bWindows This strike sends a malware sample known as Startsurf. This sample is a trojan that gathers personal information to steal from its target.4784e04b6c33ae15b3dc31202185388e2b8ceeeab6389de31b1d351de4b0dccb7c09c354 4784e04b6c33ae15b3dc31202185388e 1f270dc860158d63bb400e08f12bce40a9a50494368ea6e44cfd89f7e0dc23f4 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-y9d01Kronos_a301ee7fWindows This strike sends a malware sample known as Kronos. This sample a part of the Kronos trojan attack campaign. In this latest variant, the threat now tries to evade detection by employing .onion C2 URLs and Tor communication.a301ee7f1cdb9b1f71deda6c29bb0a328d6bc587e3abfcfd6b4a771c85a8af90f528d2c7 a301ee7f1cdb9b1f71deda6c29bb0a32 3eb389ea6d4882b0d4a613dba89a04f4c454448ff7a60a282986bdded6750741 https://www.proofpoint.com/us/threat-insight/post/kronos-reborn https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/kronos-malware-returns-with-new-attack-campaigns-updates/
M18-d9l01BackSwap_03694e2fWindows This strike sends a malware sample known as BackSwap. The BackSwap malware is currently being used by criminal organizations to target financial institutions such as banks. The trojan steals banking credentials in an effort to drain bank account funds.03694e2fa1744fb856e652667d4801fbcf5a74c268661501156663f74cd5e20603b0f261 03694e2fa1744fb856e652667d4801fb 2223a93521b261715767f00f0d1ae4e692bd593202be40f3508cb4fd5e21712b https://www.welivesecurity.com/2018/05/25/backswap-malware-empty-bank-accounts/ https://www.cert.pl/en/news/single/backswap-malware-analysis/ https://www.zdnet.com/article/trojan-malware-campaign-expands-with-attacks-against-new-banks/
M18-msd01Bublik_a4f381c2Windows This strike sends a malware sample known as Bublik. This sample is a dropper that drops CoinMiner, a cryptojacking virus that uses the target system to mine cryptocurrency.a4f381c27f1670c6000e59645a37744b4c457a88563afd7142b7fb20af842a4d784123f4 a4f381c27f1670c6000e59645a37744b 65e7cea81c182922f11360de35f4102b81baaff17ab6fa98125e9397fb867817 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-4rz01Bublik_02d4aff8Windows This strike sends a malware sample known as Bublik. This sample is a dropper that drops CoinMiner, a cryptojacking virus that uses the target system to mine cryptocurrency.02d4aff8ec09c0ce8f308c103dbff05be0e376a6679ace69af66fd7a43f4fbd587e40e9d 02d4aff8ec09c0ce8f308c103dbff05b 9f4b64e4d8ac9c139f226c7ee53f86ba7285aeaf83818c0c5408c4814a8daf77 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-c6d01Dbzx_1f280b9bWindows This strike sends a malware sample known as Dbzx. This sample is a variant of the Tspy family. It contacts C2 servers to upload data and receive additional commands, and maintains persistence after reboot.1f280b9b49a3cb7558bb7af57b715cea2883299a6c1d9ec8778a41cbf2f790f88116ed64 1f280b9b49a3cb7558bb7af57b715cea d0dbd75a4d8716ba7ca7d025ee1c772aa4ff554214a993b4b874a0a26dcf5a6c https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-b5y01Ainslot_3983b019Windows This strike sends a malware sample known as Ainslot. This sample is a dropper for PonyStealer, a bot that attempts to steal passwords from web browsers, email clients, instant messaging applications, and many other applications.3983b01905c9fae6eeae233d05491971e3e0928baf0936510a7e4b202e440f601d788f79 3983b01905c9fae6eeae233d05491971 637967a9e3b007d0007035df3344060ac332aed97f5b4a170a1fcfc5e1438672 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-6os01Tovkater_b1452016Windows This strike sends a malware sample known as Tovkater. This sample can download and upload files, inject code as well as install additional malware.b14520160969339d74685234d00ed1bf01f3562fd30a5d558aa3498f65c4002269a35b53 b14520160969339d74685234d00ed1bf 27dd184fb1b5505f6bc76c72395a50070c7b594963ad591b265cec17a3b4a6ca https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-dg201Startsurf_20f4276cWindows This strike sends a malware sample known as Startsurf. This sample is a trojan that gathers personal information to steal from its target.20f4276c9d549ea65913b52ec8227044de1fa4443a1fdd2044a5566dbb0f7183a810765e 20f4276c9d549ea65913b52ec8227044 f0a9c1c2fc19b4abd905e8a2f187f94e74dfe1e7de2d9a5328b13893b301488d https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-2ye01Eorezo_99f28b73Windows This strike sends a malware sample known as Eorezo. This sample downloads and installs software in the background, and allows for advertisements to be displayed in Internet Explorer.99f28b73393096bf7a809bc7282180fea745f65f2a2b19d335cc985e9699d11710a0c73d 99f28b73393096bf7a809bc7282180fe 4ae3efb9a9cca68c098dcdba33d2aef39888cf229cd02be64cbf59a0b68dae30 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-t9z01Bublik_9707fb73Windows This strike sends a malware sample known as Bublik. This sample is a dropper that drops CoinMiner, a cryptojacking virus that uses the target system to mine cryptocurrency.9707fb7372ed28b72125c2aed600e415940b95ada8fe5e0f0c9effc5deb41cfbf3d71493 9707fb7372ed28b72125c2aed600e415 632a3d98fc2b2c1e2b7c733f0e1bc87b9c55b8dce9308f23a459d2d68cb26da2 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-mkr02Tovkater_f753fffbWindows This strike sends a malware sample known as Tovkater. This sample can download and upload files, inject code as well as install additional malware.f753fffbbbb46766afd3a65dc9879f2200550145382a304f07f7604145edc551393de82f f753fffbbbb46766afd3a65dc9879f22 a70f8fd943406144850ce26d3a6103c32200dabd95563a2040d73ecf1b37ef2b https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-gv901Bublik_d1fea9c4Windows This strike sends a malware sample known as Bublik. This sample is a dropper that drops CoinMiner, a cryptojacking virus that uses the target system to mine cryptocurrency.d1fea9c4b039f4a55eda1dfa5db3e4406453a20c08089f16e9ed38fcdde3d88b546072c0 d1fea9c4b039f4a55eda1dfa5db3e440 49ba74297aa04e0a4167e9c93c4c42a2db7b8019d4cc2cef4e7cd1908d133d31 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-bup01Bublik_10892401Windows This strike sends a malware sample known as Bublik. This sample is a dropper that drops CoinMiner, a cryptojacking virus that uses the target system to mine cryptocurrency.10892401fcd440f53247ea6183b2d9c1d4fc3cea96bacff97036986a0594f702b031976e 10892401fcd440f53247ea6183b2d9c1 5a4984a7a98b0fc04b3540d637daa744d0b597174408ce72cb685bf0e2f47710 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-2uu01Tovkater_5a27585aWindows This strike sends a malware sample known as Tovkater. This sample can download and upload files, inject code as well as install additional malware.5a27585a7153f70b82029daf6e31fabf00f13dd0ecf1a1d7a421df0d21d91fba3d56be72 5a27585a7153f70b82029daf6e31fabf 8ba4e8b2677e8bff0e3d527fffa0540b5a7ce4eb8dad4667f9426b9b224fab19 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-rsz01Ainslot_d91043a3Windows This strike sends a malware sample known as Ainslot. This sample is a dropper for PonyStealer, a bot that attempts to steal passwords from web browsers, email clients, instant messaging applications, and many other applications.d91043a3abbdc49fc2d376bb048f7f6ad6ed5915d21234f66cb923a26fe384b553f82f11 d91043a3abbdc49fc2d376bb048f7f6a 05dd67a86f9b9d5afe4c069798350d8114784f25199777bf459fbd244e600200 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-4ff01Ainslot_45fff29eWindows This strike sends a malware sample known as Ainslot. This sample is a dropper for PonyStealer, a bot that attempts to steal passwords from web browsers, email clients, instant messaging applications, and many other applications.45fff29e72a9c0f27ceee7275097166a1df251ad512162a0273895d3457a030f2dc7919e 45fff29e72a9c0f27ceee7275097166a eb53dfbe1dcb04fd2ad9891f9d5ae3df926d7b9ee6865b06e040ca3ed91019e7 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-hgt01Kronos_b2ddd1a2Mixed This strike sends a malware sample known as Kronos. This sample a part of the Kronos trojan attack campaign. In this latest variant, the threat now tries to evade detection by employing .onion C2 URLs and Tor communication.b2ddd1a228db47234dad1fb164573d827fd8631ab719eca44457630014674a95bc431b91 b2ddd1a228db47234dad1fb164573d82 bb308bf53944e0c7c74695095169363d1323fe9ce6c6117feda2ee429ebf530d https://www.proofpoint.com/us/threat-insight/post/kronos-reborn https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/kronos-malware-returns-with-new-attack-campaigns-updates/
M18-cqc01Startsurf_bd244ea1Windows This strike sends a malware sample known as Startsurf. This sample is a trojan that gathers personal information to steal from its target.bd244ea13f9d6e7cf3649d6d2f4fe4530bd8f201a2b2bed8df43f76238f6923cbfe00d6d bd244ea13f9d6e7cf3649d6d2f4fe453 d4ab2cc67c707cab8f7aab0fde94b50670f1b787b049f45564fe5368205ed642 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-4em01Eorezo_5f5436a9Windows This strike sends a malware sample known as Eorezo. This sample downloads and installs software in the background, and allows for advertisements to be displayed in Internet Explorer.5f5436a978d03347c81b99980b0555dea10fbad4f79c2309de9ecd78717300b0120fa1c9 5f5436a978d03347c81b99980b0555de 03c948623cf78efe90258d894ab0e793bca7009bd73d0be0f652575f81bda621 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-h6302Ainslot_544e753cWindows This strike sends a malware sample known as Ainslot. This sample is a dropper for PonyStealer, a bot that attempts to steal passwords from web browsers, email clients, instant messaging applications, and many other applications.544e753c77c61e875185e7bf2a5cda1be053da4c59c633433b8c1a99f5bb130ec425ddcc 544e753c77c61e875185e7bf2a5cda1b f7c8bec61762fa31fb766f50144cfeecabea3aad4d12818b4ee8969777181f87 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-a1l02Eorezo_797397f5Windows This strike sends a malware sample known as Eorezo. This sample downloads and installs software in the background, and allows for advertisements to be displayed in Internet Explorer.797397f5d774ccb3d36ccfd1abd5e2b3f22f8e63db4b3023ba954b4c18c0497e24486497 797397f5d774ccb3d36ccfd1abd5e2b3 3a5ac5c5ee7985367349d84d60be2c5f94f876c56cf73acbae6fc680ebbdb3c6 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-mbr01Eorezo_39211090Windows This strike sends a malware sample known as Eorezo. This sample downloads and installs software in the background, and allows for advertisements to be displayed in Internet Explorer.3921109051bfbd61bc3ce3f3b4dc01a19dc62ac53811521150b29d2db54c0b2654280c18 3921109051bfbd61bc3ce3f3b4dc01a1 61ee5c724a4c9408e9c8120eabac1babea8e91bf5719b02c78ce129f68239ff6 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-ehb01Dbzx_7096c3d4Windows This strike sends a malware sample known as Dbzx. This sample is a variant of the Tspy family. It contacts C2 servers to upload data and receive additional commands, and maintains persistence after reboot.7096c3d4562ddfcb6a61ec9bebfc296f9999094784729283aa74658733d581cab16cada6 7096c3d4562ddfcb6a61ec9bebfc296f e2116a9a176ff765f1c5ec23003266bfe0f1592e46e41236482ad4c3520ea53a https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-mx501Bublik_d93d73b6Windows This strike sends a malware sample known as Bublik. This sample is a dropper that drops CoinMiner, a cryptojacking virus that uses the target system to mine cryptocurrency.d93d73b60293119fa2f6d8021ee8c085b308f4accd084ac588deecf7def7e5449171780d d93d73b60293119fa2f6d8021ee8c085 9b1131872b4d42f9a5540fdcfe06eaa6591ae216eca749f4a98e5fefdc9f5fd4 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-ukd01Eorezo_a3273843Windows This strike sends a malware sample known as Eorezo. This sample downloads and installs software in the background, and allows for advertisements to be displayed in Internet Explorer.a32738430ab3f6f751958f1db5fcbf2db6adaf9963db6bee68eb47b74a245ee274a09c10 a32738430ab3f6f751958f1db5fcbf2d 26f928ef89fde0e3e3fa996073c7c0bba00c2cbfe280de338de15367f4c8f76b https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-1p201Tovkater_843c6502Windows This strike sends a malware sample known as Tovkater. This sample can download and upload files, inject code as well as install additional malware.843c65028ea756a9d65ea1e0d23b7c360020f9bfa7bb6e88221c5acb5cf5d9f09c0ac238 843c65028ea756a9d65ea1e0d23b7c36 74f523c55af0e9555345df23ee8e72ee05c44d37fad68950732c033b27aab0e2 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-8ei01Eorezo_a3ecb215Windows This strike sends a malware sample known as Eorezo. This sample downloads and installs software in the background, and allows for advertisements to be displayed in Internet Explorer.a3ecb215c8ac2ca8877593caa0338f714d05b8a5dd994061715f28fd8ef9df4e0928e7bc a3ecb215c8ac2ca8877593caa0338f71 63cc723ad7e85798e9126f5cc933c48d0e3cdfa7504579ef0b0b3cced9cb19c8 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-pte01Bublik_2b7a1e31Windows This strike sends a malware sample known as Bublik. This sample is a dropper that drops CoinMiner, a cryptojacking virus that uses the target system to mine cryptocurrency.2b7a1e310f6e14eea05589066945952811fd2bf37207e463f196c09e59d211e5887f094a 2b7a1e310f6e14eea055890669459528 01b6b22ab179d3718bb936f9bd71a33ab75ce980fbcb16a7aef10135204ceb1c https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-xrs01Dbzx_8f7d8a26Windows This strike sends a malware sample known as Dbzx. This sample is a variant of the Tspy family. It contacts C2 servers to upload data and receive additional commands, and maintains persistence after reboot.8f7d8a26147cc7d6eabac276a0c79d8d3f5c513e6ed3c2fe04162a334c341d41905097a0 8f7d8a26147cc7d6eabac276a0c79d8d 54279416f864d374f33fe9a2fe2998db3976c4ff43e8b0da006548489a50bbdd https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-9qq01Tovkater_ab12f195Windows This strike sends a malware sample known as Tovkater. This sample can download and upload files, inject code as well as install additional malware.ab12f195d93aac892235f784655db23801eadd1a620a4bcf130265899e91446e4220dd79 ab12f195d93aac892235f784655db238 a7de2542cfb82d489531efc49f65fbc31b1808f2353c7f20b781a66c727a50f6 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-udy01Eorezo_08724d1bWindows This strike sends a malware sample known as Eorezo. This sample downloads and installs software in the background, and allows for advertisements to be displayed in Internet Explorer.08724d1b50cef3cd1f910b90e492244119041e33f173f7ef8e0d58c766a35dfd254ed147 08724d1b50cef3cd1f910b90e4922441 71d6d1ed9a5bd71e8dbd03a91151a2965ac12198fa1825366bf19c4b14106cb7 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-zhm01Kronos_5e676453Windows This strike sends a malware sample known as Kronos. This sample a part of the Kronos trojan attack campaign. In this latest variant, the threat now tries to evade detection by employing .onion C2 URLs and Tor communication.5e6764534b3a1e4d3abacc4810b6985df10ad287f126f577f197070453812a7e88c2cc52 5e6764534b3a1e4d3abacc4810b6985d e7d3181ef643d77bb33fe328d1ea58f512b4f27c8e6ed71935a2e7548f2facc0 https://www.proofpoint.com/us/threat-insight/post/kronos-reborn https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/kronos-malware-returns-with-new-attack-campaigns-updates/
M18-v8o01BackSwap_9199edcfMixed This strike sends a malware sample known as BackSwap. The BackSwap malware is currently being used by criminal organizations to target financial institutions such as banks. The trojan steals banking credentials in an effort to drain bank account funds.9199edcfdc64daa2831b5309d422c095a68901d0d8c1247ff280f9453e3ae45687c57566 9199edcfdc64daa2831b5309d422c095 538fc0332ae0d9721c816cfb2245a6f3f47fe391a4503da3a33839a83ecf1c12 https://www.welivesecurity.com/2018/05/25/backswap-malware-empty-bank-accounts/ https://www.cert.pl/en/news/single/backswap-malware-analysis/ https://www.zdnet.com/article/trojan-malware-campaign-expands-with-attacks-against-new-banks/
M18-8ft01Eorezo_b5855e73Windows This strike sends a malware sample known as Eorezo. This sample downloads and installs software in the background, and allows for advertisements to be displayed in Internet Explorer.b5855e739f70f8835a4c349e39b53caa0e0f998ad0ff10c44703ead062f5589db16d0bc1 b5855e739f70f8835a4c349e39b53caa 71e3009284ae35a3087ef041162a2ada636b388738033ea62faefc2bbfca9dfc https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-nc101Startsurf_3609db51Windows This strike sends a malware sample known as Startsurf. This sample is a trojan that gathers personal information to steal from its target.3609db517768a09b18e4ebd13ff090e24134b9538b4b23f348b18b8f679c078244614ff1 3609db517768a09b18e4ebd13ff090e2 ac86cafcc7062a389e25a4e26dd15df7ce2e64b7a6890bf5712189ab9ec81c8c https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-n6d01Startsurf_984f565dWindows This strike sends a malware sample known as Startsurf. This sample is a trojan that gathers personal information to steal from its target.984f565ddc9316a43bda3c69a4bd2450c3b552630348cf289131c82e4bf88590f98feeb7 984f565ddc9316a43bda3c69a4bd2450 9b36f0e70d5f7b4795b1278e052356484d4f2374f49563195f224ade6ce08c71 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-6n001Ainslot_ff655bdbWindows This strike sends a malware sample known as Ainslot. This sample is a dropper for PonyStealer, a bot that attempts to steal passwords from web browsers, email clients, instant messaging applications, and many other applications.ff655bdb2db9e47eaf4b7df9872ef179f750cb15e97caa9bb028b44ebfef3b96bccb1166 ff655bdb2db9e47eaf4b7df9872ef179 d20f23c05b7781d2e5866336693f81041b8b20ab7135812a495d5f8dfb1e5ac5 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-ii701Tovkater_2a3f0cbfWindows This strike sends a malware sample known as Tovkater. This sample can download and upload files, inject code as well as install additional malware.2a3f0cbfa86fc366da2191a4e6b2ef5601625d547fd7902ba1a8cfedae413d8840722f0f 2a3f0cbfa86fc366da2191a4e6b2ef56 9362f6da347323c27790bf53e2423299962a42ba11baec0a9efca344277ae027 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-f0d01Startsurf_ed99e24cWindows This strike sends a malware sample known as Startsurf. This sample is a trojan that gathers personal information to steal from its target.ed99e24cbd6d7ec9a69fa56eab93f1db0d19484fb3ea3909e277ffb96e2120daa516c5b5 ed99e24cbd6d7ec9a69fa56eab93f1db 722e86b32635a1cace77ceee414761f28e386743fd2c513650e55814179bdac5 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-k0a02Tovkater_ad4f9b0eWindows This strike sends a malware sample known as Tovkater. This sample can download and upload files, inject code as well as install additional malware.ad4f9b0e456b49bc417591551a0e809d014d2196054aad8b9d14812cc264b77a84a9b1ff ad4f9b0e456b49bc417591551a0e809d 122715db6467d64ff21864afc1d5e15f5780ed05dafda8085fad323ca5dd02f2 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-bk101Startsurf_bfc13886Windows This strike sends a malware sample known as Startsurf. This sample is a trojan that gathers personal information to steal from its target.bfc13886cc7bc59c8088f903b112407eb847e0ea0082698a7c22966ea9140fd03c71180a bfc13886cc7bc59c8088f903b112407e 527eac30113eb365330ec5c35591fe9ae69d4e1beca8b0ae24666e97d8773e36 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-iam01Eorezo_579d1303Windows This strike sends a malware sample known as Eorezo. This sample downloads and installs software in the background, and allows for advertisements to be displayed in Internet Explorer.579d13038be7668d98dc1d2dda30f7a752cb5d83fcc3d1eabf9ae3ee475ad8135a876bb7 579d13038be7668d98dc1d2dda30f7a7 56982cc1f4b4e92aea28a30684bdfc752122eb78fc545ccc3f4169a1597233cc https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-y1q01Tovkater_47bb36a0Windows This strike sends a malware sample known as Tovkater. This sample can download and upload files, inject code as well as install additional malware.47bb36a0d95a671b2ca865f41d5305a901ed913b8fe1c00ed955a4fc605b48c0a8dac96f 47bb36a0d95a671b2ca865f41d5305a9 dc265fc791815328bb9df123c19bced472b4d5621f9331ab679b710fb0da608e https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-hdq01Bublik_78a9fcfbWindows This strike sends a malware sample known as Bublik. This sample is a dropper that drops CoinMiner, a cryptojacking virus that uses the target system to mine cryptocurrency.78a9fcfb54d8edbd0e5712bcf0750990095a74a9e8ec1eaa8ef23603b97616d179c685d4 78a9fcfb54d8edbd0e5712bcf0750990 9b5e56c14b1b66d3da0f2535a83b3498c7fb2e41d44b68f3474eaf6921afbbb7 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-izm01Eorezo_d8c43a72Windows This strike sends a malware sample known as Eorezo. This sample downloads and installs software in the background, and allows for advertisements to be displayed in Internet Explorer.d8c43a72490bb8cb6d99b8ee3da27333bc8142f26348d74f9f3cbd456450f33f2935aee6 d8c43a72490bb8cb6d99b8ee3da27333 65a0bb3fd94ec888696598703ed111471bd47962278a5f1006e7e0716bd5b58e https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-2io01Eorezo_a9030acbWindows This strike sends a malware sample known as Eorezo. This sample downloads and installs software in the background, and allows for advertisements to be displayed in Internet Explorer.a9030acbc908232dab1c1c54983df4170e9d6d813de64b52272563674fbf01fcc85fc90f a9030acbc908232dab1c1c54983df417 1e64134ff7358ea6e632fd2377532491235cf089f33095a72552e150088b42f1 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-k0a01Dbzx_d1359899Windows This strike sends a malware sample known as Dbzx. This sample is a variant of the Tspy family. It contacts C2 servers to upload data and receive additional commands, and maintains persistence after reboot.d135989924d39cd75128a0ab504d771e4fca7f77205570594ea147ab838646920fe337b1 d135989924d39cd75128a0ab504d771e efc3e1b1d6c13c3624160edc36f678dd92f172339bfde598ad1a95b02b474981 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-4mw01Bublik_e5ec1de8Windows This strike sends a malware sample known as Bublik. This sample is a dropper that drops CoinMiner, a cryptojacking virus that uses the target system to mine cryptocurrency.e5ec1de88f218eb1002a2be9e006fac24c08d34808962d0ce27ddd001fe583f5db4685d7 e5ec1de88f218eb1002a2be9e006fac2 58f94794c8deb918c75d14db29ec2858e7289a0dde7bc1adc8e2f889d50acddc https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-xwh01Tovkater_d0481071Windows This strike sends a malware sample known as Tovkater. This sample can download and upload files, inject code as well as install additional malware.d048107150d4490b1cefeb0c741f6d0800304f8ac20140cd744cb2dd46729e20dbc6cec1 d048107150d4490b1cefeb0c741f6d08 575fb1eca107f6999105302e60ae24992c335260c8761c9cdf676a3ca56bf389 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-80i01Ainslot_0d3530cfWindows This strike sends a malware sample known as Ainslot. This sample is a dropper for PonyStealer, a bot that attempts to steal passwords from web browsers, email clients, instant messaging applications, and many other applications.0d3530cfb87dfa8f0627a219c70d0d444e3610b8c729f72d047e121592da8f2ccab8f512 0d3530cfb87dfa8f0627a219c70d0d44 5c4cd71d85e9fc4dabd709b64691acec25c9fba77b3ed6bbee63fc454ed77883 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-u5k01Tovkater_435aa9b1Windows This strike sends a malware sample known as Tovkater. This sample can download and upload files, inject code as well as install additional malware.435aa9b15e34ad0b399ab318cdfdb2f9007293cdba57f625f8244ae209261dd96529f364 435aa9b15e34ad0b399ab318cdfdb2f9 5c0a9f3375eff3b50d58092e17c2c9b464cbabbbb531b77069dbdcce59d6e05e https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-i0h01Bublik_84e232eeWindows This strike sends a malware sample known as Bublik. This sample is a dropper that drops CoinMiner, a cryptojacking virus that uses the target system to mine cryptocurrency.84e232ee33510e9fdf68d1c708356b4cc41698f013a2e61268cf0cf3b31d90af956610a6 84e232ee33510e9fdf68d1c708356b4c 71e3922788784923e9648eb00b51700ca16752fa0fb41a0e50e98bafd1611f09 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-vpm01Bublik_fd745d94Windows This strike sends a malware sample known as Bublik. This sample is a dropper that drops CoinMiner, a cryptojacking virus that uses the target system to mine cryptocurrency.fd745d946bba77984c11a6a5cd353d58e209dd4387a207adf47d1656414ae303bf245bef fd745d946bba77984c11a6a5cd353d58 489bede16e3b6142ba3bd19e7a151ff68a19e6fcc7cdaff4013a9f0753e62bbb https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-esr01Eorezo_9cdae8b1Windows This strike sends a malware sample known as Eorezo. This sample downloads and installs software in the background, and allows for advertisements to be displayed in Internet Explorer.9cdae8b118c014f541b6e531439fcfa5394221500f4c139c6c637a7aa0c8db07805d9e3d 9cdae8b118c014f541b6e531439fcfa5 7e17ee126754a9306b4ffcf536f384abe5c718672807de1e27e7c7f3846d9e74 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-gz901Ainslot_bd77bd14Windows This strike sends a malware sample known as Ainslot. This sample is a dropper for PonyStealer, a bot that attempts to steal passwords from web browsers, email clients, instant messaging applications, and many other applications.bd77bd14ae490f8c5d034d45a44e72e4e8a518a24c02ee675b4a452cbd331e61643addba bd77bd14ae490f8c5d034d45a44e72e4 18778b49fc35aec08184cd4426dc698bd7b89a47dce15861bb9fa4384641d6c9 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-nxr01Startsurf_08c19437Windows This strike sends a malware sample known as Startsurf. This sample is a trojan that gathers personal information to steal from its target.08c1943786bb95db6ba1ed2bf34545abd97843293eb98670bfe0ddefb91ce3b0525f8fc2 08c1943786bb95db6ba1ed2bf34545ab c3883ba74230604d38a638a1b8d0673cc3c91e01b482e6b83a6e6bbd4edd3b10 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-lr701Tovkater_d9010dfcWindows This strike sends a malware sample known as Tovkater. This sample can download and upload files, inject code as well as install additional malware.d9010dfc52031afdd5cec6802732df99010ec52f0b60bf55dd231513f5d75b1f9ba1c32f d9010dfc52031afdd5cec6802732df99 2c72964b8a701a9aa90f6cc46adbf5da695f990f707e48fe62b5de48c4ea51ed https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-eyo01Dbzx_f6098f01Windows This strike sends a malware sample known as Dbzx. This sample is a variant of the Tspy family. It contacts C2 servers to upload data and receive additional commands, and maintains persistence after reboot.f6098f01f2220b8963f060f5fc6b2ecb1b6c1ef46547ac22b876e8d6bba727c475611f92 f6098f01f2220b8963f060f5fc6b2ecb a2907c7011b20373fd47e03a0f4679fdd51b982b973bb37d1d45bfa4a618bc5a https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-94801Eorezo_5445012dWindows This strike sends a malware sample known as Eorezo. This sample downloads and installs software in the background, and allows for advertisements to be displayed in Internet Explorer.5445012d87ab14ad2569247c9575303a059be81d95d873cf7c4f35bbf2da9a77ba39c59c 5445012d87ab14ad2569247c9575303a 55e181f0e0e88efccf6534949ad8dd93a179e2b94b71e76a9e7db4d938ea2bd2 https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-8i501Tovkater_43428f96Windows This strike sends a malware sample known as Tovkater. This sample can download and upload files, inject code as well as install additional malware.43428f96f0d41547e9d3a99287ea8e8800b1c8929b37eacf5c645314e2d49613ca3b79b3 43428f96f0d41547e9d3a99287ea8e88 66f336a2616a16d8891503dd145fb12835497a13f19a65946d6aa68242cc23ae https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-99d01BackSwap_92657201Windows This strike sends a malware sample known as BackSwap. The BackSwap malware is currently being used by criminal organizations to target financial institutions such as banks. The trojan steals banking credentials in an effort to drain bank account funds.9265720139aa08e688d438d0d8e48c9e6251f9ad0e5f551ac4a6b918ef366e86c4ccfdc4 9265720139aa08e688d438d0d8e48c9e f51336e862b891f78f2682505c3d38ea7de5b0673d6ef7a3b0907c0996887c22 https://www.welivesecurity.com/2018/05/25/backswap-malware-empty-bank-accounts/ https://www.cert.pl/en/news/single/backswap-malware-analysis/ https://www.zdnet.com/article/trojan-malware-campaign-expands-with-attacks-against-new-banks/
M18-11r01Startsurf_1f4a938aWindows This strike sends a malware sample known as Startsurf. This sample is a trojan that gathers personal information to steal from its target.1f4a938a6cd59da549170097d670d2d1472b1b4f005411fce214b2e2c6478c7fee78ad97 1f4a938a6cd59da549170097d670d2d1 118e08c379b0035cef2a155d59d97c6e8cae94b6f46c5e77f58d84c88c689d2c https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-5we01Dbzx_dae74718Windows This strike sends a malware sample known as Dbzx. This sample is a variant of the Tspy family. It contacts C2 servers to upload data and receive additional commands, and maintains persistence after reboot.dae7471812b15327c05d0b8a073d72d685ff043a1ec6624343fe53b6cd55a62b3c390f30 dae7471812b15327c05d0b8a073d72d6 f7df8c9e36cf3440709111a33721e7ac7268a2a80057df08843ba95a72c222eb https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-4r801Bublik_ff3f9b43Windows This strike sends a malware sample known as Bublik. This sample is a dropper that drops CoinMiner, a cryptojacking virus that uses the target system to mine cryptocurrency.ff3f9b43c13db2c77a963c296b4491b94498ae91f6ce7af0674184ef3b84b40138dc9ba0 ff3f9b43c13db2c77a963c296b4491b9 30cf07a5ec3d0300ba8e7ce94ebdcde0a3c3539aede029cb39a353e7e26fcc7b https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-i7501Startsurf_af5cbe0aWindows This strike sends a malware sample known as Startsurf. This sample is a trojan that gathers personal information to steal from its target.af5cbe0af2de7db07c9cced6476e14c391dd1f12b8763c670a33d68983cd9f2fbb9d5036 af5cbe0af2de7db07c9cced6476e14c3 4a1c1cf9c70b127cc514fa6cdbb0e286ee33bf19f6ff41ca02951c9947dac55e https://blog.talosintelligence.com/2018/08/threat-roundup-0803-0810.html
M18-t3v01Ainslot_3d1c07adWindows This strike sends a malware sample known as Ainslot. This sample is a dropper for PonyStealer, a bot that attempts to steal passwords from web browsers, email clients, instant messaging applications, and many other applications.3d1c07adc45f48d8509eadae5c2fb5e14ea46c768d3c8bf9538fcb518966e2b555738ba9 3d1c07adc45f48d8509eadae5c2fb5e1 72967919bec8028198f4a79997dcd957a6d6c0a9dfb7dbe5b2ca29a00debb41f https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-2eo01Tovkater_8728c568Windows This strike sends a malware sample known as Tovkater. This sample can download and upload files, inject code as well as install additional malware.8728c568d2c38835b31bd9f1b434f02f01d0b01427d4d6c041bc4d4bc034c90487614011 8728c568d2c38835b31bd9f1b434f02f a1e41d046f3a8386c3115edc57a16c4da82d9607b35d7a635b1c14f1d94d2242 https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-p0w01Ainslot_6a4c004dWindows This strike sends a malware sample known as Ainslot. This sample is a dropper for PonyStealer, a bot that attempts to steal passwords from web browsers, email clients, instant messaging applications, and many other applications.6a4c004d35a196e7f7fb8bd2f898fda5abd73f83284ee2bfa0553c932cfb21bfa48f076e 6a4c004d35a196e7f7fb8bd2f898fda5 5908a9ebe9fc15e751f7ef39c2479413a96f6086899927d23ea7faa83b521fca https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-wf501Kronos_d475c84dMixed This strike sends a malware sample known as Kronos. This sample a part of the Kronos trojan attack campaign. In this latest variant, the threat now tries to evade detection by employing .onion C2 URLs and Tor communication.d475c84d99c2bf461c294d75769b7707aecaf84953641d835e7c754f559fc555169d8aec d475c84d99c2bf461c294d75769b7707 045acd6de0321223ff1f1c579c03ea47a6abd32b11d01874d1723b48525c9108 https://www.proofpoint.com/us/threat-insight/post/kronos-reborn https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/kronos-malware-returns-with-new-attack-campaigns-updates/
M18-od901Bublik_c0023ce5Windows This strike sends a malware sample known as Bublik. This sample is a dropper that drops CoinMiner, a cryptojacking virus that uses the target system to mine cryptocurrency.c0023ce5a6abb71d249626abe2efbddb9a0d8439b50294b292ecb09abee4d21b0fad073f c0023ce5a6abb71d249626abe2efbddb 425e43eafe61586cd6a4867031f40c390ed4958ca35c2a8d368fb61f479a596b https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
M18-cis01Ainslot_646a8b1dWindows This strike sends a malware sample known as Ainslot. This sample is a dropper for PonyStealer, a bot that attempts to steal passwords from web browsers, email clients, instant messaging applications, and many other applications.646a8b1d50aeb5e8d4c97d97720bf68a976235b1986eb9e7742f369789d90f6e58f5b596 646a8b1d50aeb5e8d4c97d97720bf68a d333daefccd7d188cffda7c75d589389140f24bfab759368217f2514ded312da https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html

Malware Strikes July - 2018

Back to top
Strike ID Malware Platform Info MD5 External References
M18-h3t01Separ_151d7e59Windows This strike sends a malware sample known as Separ. Separ is malicious spyware that collects confidential information from attempted logins.151d7e59e6d5d1bac25e5ac38af09a8c2c0b3856f24e0fddad62381a33b30dc4eecb28cb 151d7e59e6d5d1bac25e5ac38af09a8c 12e2ba4b4a310edf9cd97405541565e20d9ea6259d86d96a36fc8b676babb228 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-xuq01Tspy_e3125f02Windows This strike sends a malware sample known as Tspy. The Tspy malware family remains persistent by executing upon each restart and boot. It uploads data and receives commands from C2C servers.e3125f0228f852b74558bedf8e280ee13bb556311c76bfc489dc346dfc7067fa1294d2c6 e3125f0228f852b74558bedf8e280ee1 05a6a94d66a8b222553c9210b4e370d02a6fffe8ee49be8142d75dd37c5c7fab https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-fry01Tspy_d9bf7717Windows This strike sends a malware sample known as Tspy. The Tspy malware family remains persistent by executing upon each restart and boot. It uploads data and receives commands from C2C servers.d9bf7717ff14bac9f895dca35acb082c8164d107d32b88c7df6254d4ed69e599a75b9e69 d9bf7717ff14bac9f895dca35acb082c ea09bb3b764c057f45134b132793654e0937701d4cc731298cc7791b1e1b1b88 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-chc01Remcos_168f9117Windows This strike sends a malware sample known as Remcos. Remcos is a Remote Access Trojan that can be configured to have anti-vm checks and hinder the analysis debugging. It can receive commands via C2C communication like recording the microphone, camera, and keystrokes.168f9117259e462ef0e333eca3dff8a6cbe8998ce739c5d48e733b591a095f807dd4c3c8 168f9117259e462ef0e333eca3dff8a6 0e953857e78b91fa30011d345fccf6f86a8697318935b227d69ac4dd4915889b https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-ise01Remcos_2aed469aWindows This strike sends a malware sample known as Remcos. Remcos is a Remote Access Trojan that can be configured to have anti-vm checks and hinder the analysis debugging. It can receive commands via C2C communication like recording the microphone, camera, and keystrokes.2aed469a306e099066066784fb9e8042c44a7b2b51b0a5adaab43057b436ff587a145ba1 2aed469a306e099066066784fb9e8042 2a4a9722a20800038438c88d240083b65c729004d30e0c993f67202541f60811 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-xp101Razy_d1c078b1Windows This strike sends a malware sample known as Razy. This sample of Razy has been identified as a generic Windows trojan that collects information from the host, encrypts it, and then sends it to a C2 server.d1c078b1f317b207403465c981a2f3aacc36946ecdafe1d59ed54919477a3e3090073b0c d1c078b1f317b207403465c981a2f3aa 232b077e1df7e90f39f92200c9424918eff1c34d2adf98befb28a2cc664e133c https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-zcf01Razy_7405e188Windows This strike sends a malware sample known as Razy. This sample of Razy has been identified as a generic Windows trojan that collects information from the host, encrypts it, and then sends it to a C2 server.7405e188be71c7865f19680a58dd84794ae490132825014422979a89b8203fa001944ab9 7405e188be71c7865f19680a58dd8479 0931d88de9c4a7af4484d1a2285f001512c83a721d6e7d9177d6fa3c9c2ff494 https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-r2m01Daqc_369c9648Windows This strike sends a malware sample known as Daqc. This sample of the Daqc trojan slowly exfiltrates sensitive data to a C2 server.369c96482c96d8c2372ab18a4355c6c693b1aba258b73ac2181653250a954bae1ec78b22 369c96482c96d8c2372ab18a4355c6c6 69079ab9bf5475c7f561a849a191228e7583c7000f56623f4c2824399ab5fadf https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-5ag01Remcos_125a7adaWindows This strike sends a malware sample known as Remcos. Remcos is a Remote Access Trojan that can be configured to have anti-vm checks and hinder the analysis debugging. It can receive commands via C2C communication like recording the microphone, camera, and keystrokes.125a7adaec7cc3cc57d6d05edde396cfdd9c299cba35712c0f99dfe19705e55d238c714e 125a7adaec7cc3cc57d6d05edde396cf 192f60438d4707d0edb60c2ab1b69df72943b7812bd77bb393182db0636be982 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-2iu01Razy_b11b5227Windows This strike sends a malware sample known as Razy. This sample of Razy has been identified as a generic Windows trojan that collects information from the host, encrypts it, and then sends it to a C2 server.b11b52274b16f05c49b3b8af567dbd1eee61189f6caf7cd43588e2bec75dec1b7cbce445 b11b52274b16f05c49b3b8af567dbd1e 32d5a8609132a6619c27d5da066d6cd0c01ede44e23ae88b3e1a94c31264a2b0 https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-hns01Razy_64842b50Windows This strike sends a malware sample known as Razy. This sample of Razy has been identified as a generic Windows trojan that collects information from the host, encrypts it, and then sends it to a C2 server.64842b50eade74f59a46d08cf3bb394a2116477051a72756443f56b45fef60ea740dc778 64842b50eade74f59a46d08cf3bb394a 5cd16c9b64a18d8b8852c0e113b3347e630518e2c034ee8ecdf11c048a5e82fd https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-ckq01Separ_e2bb3993Windows This strike sends a malware sample known as Separ. Separ is malicious spyware that collects confidential information from attempted logins.e2bb399358299453b1b10deab830ec50cf9b2e16e36276a9719f698248db586c3506da0f e2bb399358299453b1b10deab830ec50 354cf3031b2679f885969746afef780bb1765b0f32613afb6490d5e60b7fe6bc https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-9as02Jaik_26761f23Windows This strike sends a malware sample known as Jaik. Jaik is a botnet that communicates with external domains as well as injects code into other processes, can perform DDoS attacks, and generic credential harvesting.26761f23cb3e7d749bec91ca939f2304b394874081a59cd9061cc00b7495dab7f8f54a23 26761f23cb3e7d749bec91ca939f2304 5eb6c33a3e6dbf7067de22799ef42d58fc8696f74a29bef655993508e9b9d018 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-bs701Daqc_784bbe81Windows This strike sends a malware sample known as Daqc. This sample of the Daqc trojan slowly exfiltrates sensitive data to a C2 server.784bbe81061fc5fb189ba1fb265ee6ab4eb0bb4e30af9ebec113f035aaa423d998bf19e5 784bbe81061fc5fb189ba1fb265ee6ab 60140f334d05733c9e80ec951bbf57d2355e7421197806f3e5373d87feebaca8 https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-uo901Jaik_285ea820Windows This strike sends a malware sample known as Jaik. Jaik is a botnet that communicates with external domains as well as injects code into other processes, can perform DDoS attacks, and generic credential harvesting.285ea8202d4f321f5fbf3391d44b1cfc1d784830497e834bfdb2bb7cdae01993199fb19e 285ea8202d4f321f5fbf3391d44b1cfc d0a55070ae9fdb2b7ac3b113025200257d4e02c223606038e5f19e963bf2c9e4 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-dwm01Razy_5bbf432aWindows This strike sends a malware sample known as Razy. This sample of Razy has been identified as a generic Windows trojan that collects information from the host, encrypts it, and then sends it to a C2 server.5bbf432a3f2b806bb3ca295e32609f09578cf5f08a4bfce1006c151ce459cffa2f9184c0 5bbf432a3f2b806bb3ca295e32609f09 40b9d27d3e3e78e52c5df9a060126d0111e6337e86e50962cce38c814ce0c365 https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-hsi01Razy_fcf945f2Windows This strike sends a malware sample known as Razy. This sample of Razy has been identified as a generic Windows trojan that collects information from the host, encrypts it, and then sends it to a C2 server.fcf945f227a569cf3822a2c9fda0b064bb96d799c4a38dc239ccbcf980a809e9637f6613 fcf945f227a569cf3822a2c9fda0b064 760a2cb6fae52b26406a38e6a93952d2162c27c6712842c8d125685b2b540264 https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-az301Remcos_142503b2Windows This strike sends a malware sample known as Remcos. Remcos is a Remote Access Trojan that can be configured to have anti-vm checks and hinder the analysis debugging. It can receive commands via C2C communication like recording the microphone, camera, and keystrokes.142503b2bf35501b32f8c8fd8121492682bf48b3623c418b21d8487a6e0e20656d131931 142503b2bf35501b32f8c8fd81214926 094e5d7bce863dcf7652873c15d18dfce918eca631c471bbe59f739fccb770c8 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-2qq01Remcos_0c011706Windows This strike sends a malware sample known as Remcos. Remcos is a Remote Access Trojan that can be configured to have anti-vm checks and hinder the analysis debugging. It can receive commands via C2C communication like recording the microphone, camera, and keystrokes.0c0117061232226b3f5309718c3a7373f1f009307e560ab753f917359778a4ca830939e0 0c0117061232226b3f5309718c3a7373 13aeccc984e1570bf36d8440df9b293277b25f26bb299179d187ac47b3500488 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-2pv01Tspy_b1b6497eWindows This strike sends a malware sample known as Tspy. The Tspy malware family remains persistent by executing upon each restart and boot. It uploads data and receives commands from C2C servers.b1b6497e3e0ed87077fa30b09595d7ac3df6acb80eeb374111cab1686e31da3602c6b43c b1b6497e3e0ed87077fa30b09595d7ac 87f83003dbefa877b6256c34ceddb4447880d4db632656a3718fea5a0428515d https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-a7g01Jaik_b28f7d98Windows This strike sends a malware sample known as Jaik. Jaik is a botnet that communicates with external domains as well as injects code into other processes, can perform DDoS attacks, and generic credential harvesting.b28f7d98c478041e825ab9d44ea3496aa6747e92939059a95c0d98ade4f0aae025064e6e b28f7d98c478041e825ab9d44ea3496a 36ac6881149050ac9aec57972ccc3e8063c51e66529d16b0a2647b9ab8700715 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-6jd01Tspy_7b0d8a68Windows This strike sends a malware sample known as Tspy. The Tspy malware family remains persistent by executing upon each restart and boot. It uploads data and receives commands from C2C servers.7b0d8a689033a3cb20dc1e37e631c0ada928bbcfcd08bc6de8ee78651317ec63e8058204 7b0d8a689033a3cb20dc1e37e631c0ad 7a93669bdf9192314b505e49e3d80e3974683a024f12f92ba0103e8b640a7d2d https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-c2w01Remcos_7d3b592dWindows This strike sends a malware sample known as Remcos. Remcos is a Remote Access Trojan that can be configured to have anti-vm checks and hinder the analysis debugging. It can receive commands via C2C communication like recording the microphone, camera, and keystrokes.7d3b592d92a7027f4bec1389de3abbfb409c23a30280d0e907fdd3410743f02e0ec132e5 7d3b592d92a7027f4bec1389de3abbfb 09a7a2aeb1af80aa666c5920765e4409e367a051c161d948f1a193adbe5040a3 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-tmq01Daqc_029d5d96Windows This strike sends a malware sample known as Daqc. This sample of the Daqc trojan slowly exfiltrates sensitive data to a C2 server.029d5d964709b574f483f117c9421a7da3c165be23f904a3683304ab2c3b6139ee8fea2d 029d5d964709b574f483f117c9421a7d 9cd31bad005306e5586bd20d5c027d15bd2bdc0f904f3f839309a25c30ffe417 https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-tn501Tspy_df85bfe7Windows This strike sends a malware sample known as Tspy. The Tspy malware family remains persistent by executing upon each restart and boot. It uploads data and receives commands from C2C servers.df85bfe768faeacf9d2d7623227b299122ba953957d5e4c58ac326b7d52ac4249717f8c8 df85bfe768faeacf9d2d7623227b2991 86d5dff17cefb0f8c99c92a4e5890086d2674ccfb46ad80bf202df6961ed5d4b https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-9ui01Jaik_ad9bd410Windows This strike sends a malware sample known as Jaik. Jaik is a botnet that communicates with external domains as well as injects code into other processes, can perform DDoS attacks, and generic credential harvesting.ad9bd41038cb6dedbe49587ee9b335999cebea617aae99bff9fa64183743614fb47feaef ad9bd41038cb6dedbe49587ee9b33599 ec67e3754964d9c2ffb67837cf56eacdd51557012e31014fcbf29a01254d6fe5 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-yfj01Razy_bd5c2f4eWindows This strike sends a malware sample known as Razy. This sample of Razy has been identified as a generic Windows trojan that collects information from the host, encrypts it, and then sends it to a C2 server.bd5c2f4e3cc3c7cf59c9bad6ea0d573a637475e806ed393db7d666bdd6dac9494a071793 bd5c2f4e3cc3c7cf59c9bad6ea0d573a 3b65e590fbd2be761a6cbe540c680d63358dddfc838acd3164a1580dfa3782c6 https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-x7301Jaik_04c8a688Windows This strike sends a malware sample known as Jaik. Jaik is a botnet that communicates with external domains as well as injects code into other processes, can perform DDoS attacks, and generic credential harvesting.04c8a6889158c2b70c3bcd4b3940744f764565716e922210fb6fa3b8c9138aaa44df5da2 04c8a6889158c2b70c3bcd4b3940744f ad459b9f19ce38d60470ed2889895d23f618f2be1aae8e49b172e83faa69c2c4 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-4d301Remcos_7ae2cbf3Windows This strike sends a malware sample known as Remcos. Remcos is a Remote Access Trojan that can be configured to have anti-vm checks and hinder the analysis debugging. It can receive commands via C2C communication like recording the microphone, camera, and keystrokes.7ae2cbf31859f66fcd0d2de9304b94a66eb094f91f6599940a0e079f19251b67a6e88148 7ae2cbf31859f66fcd0d2de9304b94a6 00171a400fb86b6f6489875fdf65079b765255e2240c30f174b1f9aff6a17dac https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-nk401Daqc_bfe98b5bWindows This strike sends a malware sample known as Daqc. This sample of the Daqc trojan slowly exfiltrates sensitive data to a C2 server.bfe98b5b43ee7af04f11950610f5abbcd94b924bf448b703b437abcd7fe240fb02fa3118 bfe98b5b43ee7af04f11950610f5abbc 49560519bd1ad245ebcf596fa867db44f5460a4b6e952393c222169fae3458c1 https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-8xf01Separ_7e1f37dbWindows This strike sends a malware sample known as Separ. Separ is malicious spyware that collects confidential information from attempted logins.7e1f37db712a43703f998c79c5b3370deef17e778b1f595eb8627940a3a02fe00c901732 7e1f37db712a43703f998c79c5b3370d 7e4ed04b95f0b07272223308b8e49db2fd64b144db28d5322b51ae879f58f8aa https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-p9k01Remcos_36bd0488Windows This strike sends a malware sample known as Remcos. Remcos is a Remote Access Trojan that can be configured to have anti-vm checks and hinder the analysis debugging. It can receive commands via C2C communication like recording the microphone, camera, and keystrokes.36bd04882e53e711570fb7f207a1fe4a5dd410b4f5884ecd29a60cfa22d661cf123b31fb 36bd04882e53e711570fb7f207a1fe4a 318d9318e4e204f378f8ffeb7d831a6f251d6ca4e827f8e48449be0812e2cb25 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-8vr01Remcos_2dc51f4cWindows This strike sends a malware sample known as Remcos. Remcos is a Remote Access Trojan that can be configured to have anti-vm checks and hinder the analysis debugging. It can receive commands via C2C communication like recording the microphone, camera, and keystrokes.2dc51f4c6a0106fbaac46a9f56775526b3c7db86125866dcb99e934c62f904f868cba894 2dc51f4c6a0106fbaac46a9f56775526 1623edf8271a3a77d74658adcf67d5f99f6102bf178c0665dd68bc932b0c1228 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-vvk01JoanapWindows This strike sends a malware sample known as Joanap Brambul. This malware is associated with the malicious group of cyber activists from North Korea known as HIDDEN COBRA.The SMB worms spread on the local network and over the internet by brute forcing systems using a list of common passwords. The RAT that is included with the worm allows for the capability to exfiltrate data as well as execute other commands.4613f51087f01715bf9132c704aea2c26b1ddf0e63e04146d68cd33b0e18e668b29035c4 4613f51087f01715bf9132c704aea2c2 a1c483b0ee740291b91b11e18dd05f0a460127acfc19d47b446d11cd0e26d717 https://www.us-cert.gov/ncas/analysis-reports/AR18-149A
M18-yvk01Remcos_109eddebWindows This strike sends a malware sample known as Remcos. Remcos is a Remote Access Trojan that can be configured to have anti-vm checks and hinder the analysis debugging. It can receive commands via C2C communication like recording the microphone, camera, and keystrokes.109eddeb3707321d7bbd629f4bf41431a85b1d865df8a479140a493852257d116cee11de 109eddeb3707321d7bbd629f4bf41431 1323533b1caa1537b50c0ddb43b5f692901d2bb3b38f11e0fb380d72149ef53d https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-abm01Jaik_bc86559bWindows This strike sends a malware sample known as Jaik. Jaik is a botnet that communicates with external domains as well as injects code into other processes, can perform DDoS attacks, and generic credential harvesting.bc86559b5c592c358f360f035591cec63d5adee069d8a67d1ab564479c9d31c722738d5a bc86559b5c592c358f360f035591cec6 70e53202023b2615c92a7987590161ab2a18410e827a6535ffc1df83eec6821d https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-b5501Remcos_8a7512a8Windows This strike sends a malware sample known as Remcos. Remcos is a Remote Access Trojan that can be configured to have anti-vm checks and hinder the analysis debugging. It can receive commands via C2C communication like recording the microphone, camera, and keystrokes.8a7512a83bf33c85349c113e436db50610df651d66b4a69ddbdadf2932daba75d05929d9 8a7512a83bf33c85349c113e436db506 2a67165161c7cbeed1fb43aa27b770b627b0eabe7a647387382fa4cff0acbaa3 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-yhz01Separ_314c0eaeWindows This strike sends a malware sample known as Separ. Separ is malicious spyware that collects confidential information from attempted logins.314c0eae505fc391d7a90ccb08a29d12bcbbb9dafee755116b91581a627d1d5e1178cc51 314c0eae505fc391d7a90ccb08a29d12 403d91b31d44acb4a67b5b0dd7679971bedc722244f1b705adfa095632d18cf3 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-8mg01Remcos_30bc8b7dWindows This strike sends a malware sample known as Remcos. Remcos is a Remote Access Trojan that can be configured to have anti-vm checks and hinder the analysis debugging. It can receive commands via C2C communication like recording the microphone, camera, and keystrokes.30bc8b7d11b226d2dd323b7aa0929460c40510252ed9e66d9b2e02b69b9c44660756b3ce 30bc8b7d11b226d2dd323b7aa0929460 04bb108e21aaa1b3832e2ff483237559c02dda2ddfc03e2b56e7bc818614d0e4 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-f5n01Jaik_86aa2987Windows This strike sends a malware sample known as Jaik. Jaik is a botnet that communicates with external domains as well as injects code into other processes, can perform DDoS attacks, and generic credential harvesting.86aa298787da8bcc7b2e729a4e2d44c877f5f5d2830ad109a6186e66f2375974b0aa3b36 86aa298787da8bcc7b2e729a4e2d44c8 709da9c32f18848efbd955bef0d1717a5adf56435a3bf0d1fdac34aeab25b725 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-mgq01Tspy_8c792b50Windows This strike sends a malware sample known as Tspy. The Tspy malware family remains persistent by executing upon each restart and boot. It uploads data and receives commands from C2C servers.8c792b5065c691d1a19ce7eab370608938ac6ca5a3b5d3b40d17b153278185d09d245de3 8c792b5065c691d1a19ce7eab3706089 4ed4a8509a45db8c5ff416c738cb25a877b47bd1066b30b1c611644f92b051d6 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-i4i01Remcos_cac90d1aWindows This strike sends a malware sample known as Remcos. Remcos is a Remote Access Trojan that can be configured to have anti-vm checks and hinder the analysis debugging. It can receive commands via C2C communication like recording the microphone, camera, and keystrokes.cac90d1a6c0364f6f627a854afd91b9bc7f24c43d266da2cde3b607a661a03778f659a29 cac90d1a6c0364f6f627a854afd91b9b 07b31ec3eabb4967f7ed54d437de2d4a3e9271810f4f9c2b238bb6ba7829f180 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-n3i01Separ_265615cdWindows This strike sends a malware sample known as Separ. Separ is malicious spyware that collects confidential information from attempted logins.265615cdd60405bba5e7988d4f1e5de3346892cbc0b89206b7b97e68af4ce226cf5dd825 265615cdd60405bba5e7988d4f1e5de3 3ef31d4a0bccee0994a4ee525b679da1fd2664f3d96d20371297f6f6645a2ced https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-1v101Daqc_c1c74670Windows This strike sends a malware sample known as Daqc. This sample of the Daqc trojan slowly exfiltrates sensitive data to a C2 server.c1c74670b50b93e76f57302032f95a03590aee639deb67a6502c2f4e730c6ec266f7b10d c1c74670b50b93e76f57302032f95a03 2ce787599acee9837624bfa274d04e659ac1fba27a200e451d8369025a3c3b02 https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-gre01Razy_8fc22ae7Windows This strike sends a malware sample known as Razy. This sample of Razy has been identified as a generic Windows trojan that collects information from the host, encrypts it, and then sends it to a C2 server.8fc22ae77ee3d0e766ed9ea5a920bcf2b8963bd112a795b74d2e4f0e64a0bf8a6638e2fe 8fc22ae77ee3d0e766ed9ea5a920bcf2 63d3cf1bbf4e3352033506d7feccd4366361b0ccccf6efc7d1bde38593f396dc https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-5i001Tspy_b4d910abWindows This strike sends a malware sample known as Tspy. The Tspy malware family remains persistent by executing upon each restart and boot. It uploads data and receives commands from C2C servers.b4d910ab9ab3ff1a88dbe0b013751f608c0c60a9a6c75a7ba706a7894b316f6727ef8cf8 b4d910ab9ab3ff1a88dbe0b013751f60 61847bfbc04c932876fa453db940c2ae04c71476f4852f1799fd1de2e8a649af https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-4xw01Razy_1ef4bf8aWindows This strike sends a malware sample known as Razy. This sample of Razy has been identified as a generic Windows trojan that collects information from the host, encrypts it, and then sends it to a C2 server.1ef4bf8a247700a091b55357b8fe68e9b90b98fd81f42a9fd9e43105a7b798e4ad0f9a0d 1ef4bf8a247700a091b55357b8fe68e9 751269d78fdf8e244295d87a76a839b15672f5d0e6e7bc62cdd31f1deb5c0fa5 https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-pnj01Razy_852e1db0Windows This strike sends a malware sample known as Razy. This sample of Razy has been identified as a generic Windows trojan that collects information from the host, encrypts it, and then sends it to a C2 server.852e1db08a57ab9b4e50313e9a462414d4c4a09e2b222ad4dcd74d6745adc2864fc6bb71 852e1db08a57ab9b4e50313e9a462414 2f670ff3dd609f23f4c7213a20e5f87e01d1895c08045b7ff70b746b11d7797e https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-vtk01Daqc_b84e4979Windows This strike sends a malware sample known as Daqc. This sample of the Daqc trojan slowly exfiltrates sensitive data to a C2 server.b84e497993467c812119a4534a999893df14589d6c462ff0aafc4501b020f4a655066a1e b84e497993467c812119a4534a999893 8ded9c78e10011fcc6fd9c7501b54510d64be29ea7a9512018d22a43f9e3b5be https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-c8w01Razy_770ce5ccWindows This strike sends a malware sample known as Razy. This sample of Razy has been identified as a generic Windows trojan that collects information from the host, encrypts it, and then sends it to a C2 server.770ce5ccc6e26f924d16f533fc65c160af80ff604755955344afd52d4226ded09f1d7334 770ce5ccc6e26f924d16f533fc65c160 79cd4f4accadc3edcfa90b11b19e56fa4a6a6a5150c3e2f9a467154523ff1870 https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-sfj01Daqc_5634b45eWindows This strike sends a malware sample known as Daqc. This sample of the Daqc trojan slowly exfiltrates sensitive data to a C2 server.5634b45e1adf58b7cd1f82d75caf93349d251f7a1f50966ae7bd975748c68ec310a37cfb 5634b45e1adf58b7cd1f82d75caf9334 5309ac8962997edc05e88bc99f259d4a0788f08ed0ab92bfeb2075410a0f53ce https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-jo601Remcos_f7acd977Windows This strike sends a malware sample known as Remcos. Remcos is a Remote Access Trojan that can be configured to have anti-vm checks and hinder the analysis debugging. It can receive commands via C2C communication like recording the microphone, camera, and keystrokes.f7acd9770fe84c1a04efbb14aa04f9ca33f4a23b9c1e75e6a542d63cfa5f263acc3297e6 f7acd9770fe84c1a04efbb14aa04f9ca 2bbed3835b0efc4efe05d8fc806ab9fa5313202d566d18060542d23a3cb80fed https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-xxv01Separ_c0d66ee3Windows This strike sends a malware sample known as Separ. Separ is malicious spyware that collects confidential information from attempted logins.c0d66ee3d32f5aa2b0189a38a23f6716fdfbfc7efe5825bfd872cc9a4da07f52dc9329fe c0d66ee3d32f5aa2b0189a38a23f6716 64a76e220bdff00633c5cd8e0282ec61836a60cf6b2f9f1b135ce3a3b040ca52 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-87v01Separ_bc70776aWindows This strike sends a malware sample known as Separ. Separ is malicious spyware that collects confidential information from attempted logins.bc70776a84a8f2868f066f611e7513b10b0571f38ecfa2feec7c22193ba1cbe6c956ec50 bc70776a84a8f2868f066f611e7513b1 7eefcb90a82546e4b71895a11a95a8dc38f49fe4713fa7d7a52ec68f511533cd https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-huf01Razy_1822258eWindows This strike sends a malware sample known as Razy. This sample of Razy has been identified as a generic Windows trojan that collects information from the host, encrypts it, and then sends it to a C2 server.1822258e215748efa59249ccd9b8d7182818666cba0196ab32e8e3ad001183084ff936eb 1822258e215748efa59249ccd9b8d718 3f0ce29604df46a478183cba3fe075ac92fbc70221b7163833c9bab62b216aae https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-lok01Tspy_f35a2fd5Windows This strike sends a malware sample known as Tspy. The Tspy malware family remains persistent by executing upon each restart and boot. It uploads data and receives commands from C2C servers.f35a2fd559a6e5dbbc16470e456ccd42c748ffa5eda58b435aab73616f7cca83539d5c6a f35a2fd559a6e5dbbc16470e456ccd42 6dba2d229e5170601495ae923bff1f46ec581b6d858bc2b19a8db3ed210b8791 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-g2401Separ_aa52e05cWindows This strike sends a malware sample known as Separ. Separ is malicious spyware that collects confidential information from attempted logins.aa52e05c3b7092f703c29a02f6e1a2b1f1bd896e9a720c4fdd86e451ced644d89f5a6b96 aa52e05c3b7092f703c29a02f6e1a2b1 6d7019e4f1e02713046fedb121d15c9a423b8502e792ff42c7896c3b4d9f826d https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-odr01Remcos_ff1b5b41Windows This strike sends a malware sample known as Remcos. Remcos is a Remote Access Trojan that can be configured to have anti-vm checks and hinder the analysis debugging. It can receive commands via C2C communication like recording the microphone, camera, and keystrokes.ff1b5b4172ffd2d88caaf0bede2fd0b53bcecd9e21c2bbfbae644c4449d80569cd6a9f69 ff1b5b4172ffd2d88caaf0bede2fd0b5 0913592e52b43087d0f2a23700e5c625c0cdd4d391354233dc692a5477416ca9 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-5e101Razy_9e532016Windows This strike sends a malware sample known as Razy. This sample of Razy has been identified as a generic Windows trojan that collects information from the host, encrypts it, and then sends it to a C2 server.9e532016943c12ce37d89d686a2f358d0ca02cdc9fc3bdc5e783e3cc9cc72a68217de386 9e532016943c12ce37d89d686a2f358d 385ebc30d9bf602ce39b8b2d7d09787fd859fca5391f7e282f9a57fb1a7792fc https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-nil01Tspy_1027a4eeWindows This strike sends a malware sample known as Tspy. The Tspy malware family remains persistent by executing upon each restart and boot. It uploads data and receives commands from C2C servers.1027a4eedbf352b34a789f7e4b914e42e81774534c4ffc7ef34d146681419da4ffb1e450 1027a4eedbf352b34a789f7e4b914e42 d454f075a83bd4d4541ed25898a4cb8ac5ef903b5b4269790a911450ff0a76ff https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-sg601Remcos_2cc1c37fWindows This strike sends a malware sample known as Remcos. Remcos is a Remote Access Trojan that can be configured to have anti-vm checks and hinder the analysis debugging. It can receive commands via C2C communication like recording the microphone, camera, and keystrokes.2cc1c37f81d03bd4dfb765878bd9176df26f3b3ea3bb26632315019bda69ea5ddaaa7233 2cc1c37f81d03bd4dfb765878bd9176d 074dcfd66274bec7d3ac3e23fd77d21baca17efa497eb94d748e46add97e8c27 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-g2k01Separ_f6e56e09Windows This strike sends a malware sample known as Separ. Separ is malicious spyware that collects confidential information from attempted logins.f6e56e0973621360d441533dd2a31e1094932a5583b61cfd6338e0ba4816bcd894fa39c1 f6e56e0973621360d441533dd2a31e10 5b4afe3563869522e85cfab2ae3d2e57a55f98a9c565c915dac81aaa0282deb4 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-azj01Separ_4cdebda9Windows This strike sends a malware sample known as Separ. Separ is malicious spyware that collects confidential information from attempted logins.4cdebda90fe89c3f23ce1eec5919eb3b1c978d651e981c162fd79c5332452b93551ebefa 4cdebda90fe89c3f23ce1eec5919eb3b 81ca06e244e541b585ff763df011560dc2b58eb7ea434eeef74439ca8bfd01b2 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-vc201Tspy_ef3b8521Windows This strike sends a malware sample known as Tspy. The Tspy malware family remains persistent by executing upon each restart and boot. It uploads data and receives commands from C2C servers.ef3b85216f6751f21c49496e1d4ffbb35e1cc53a3f4265dd399a0125c06d540713d6a330 ef3b85216f6751f21c49496e1d4ffbb3 9617d56a748b5f29e7e97260fb61ee99b9035521ec4e4d134fad9411e74d950b https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-kz101Jaik_ccf99579Windows This strike sends a malware sample known as Jaik. Jaik is a botnet that communicates with external domains as well as injects code into other processes, can perform DDoS attacks, and generic credential harvesting.ccf99579e8d70aee6f16e8b947da4e9175d5a33e2826374b00a58eae833e6e5d7fc0c7d4 ccf99579e8d70aee6f16e8b947da4e91 58a9f5613ece73717b322ab7518d887fdd391011cef6afbcb311eef74b677df9 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-nn101Jaik_da7f8a23Windows This strike sends a malware sample known as Jaik. Jaik is a botnet that communicates with external domains as well as injects code into other processes, can perform DDoS attacks, and generic credential harvesting.da7f8a235f2621c19ce13be10733f8949b3117f596701ea8004a50e689c2e8045e652025 da7f8a235f2621c19ce13be10733f894 49646325555c83e70ced5a1b4b2ef7f128ff912593c95c017703f332c83e0914 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-sau01Daqc_bdbf6867Windows This strike sends a malware sample known as Daqc. This sample of the Daqc trojan slowly exfiltrates sensitive data to a C2 server.bdbf6867142ed7968a4fecd3d086dc3c07711e892ef5f567641b33879a5049680176f278 bdbf6867142ed7968a4fecd3d086dc3c 00c8e16c0153a40945b77692bbc28d765e6fc1a5d7100ff67dc7d4a3cf7c250c https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-yba01Razy_2ca15a19Windows This strike sends a malware sample known as Razy. This sample of Razy has been identified as a generic Windows trojan that collects information from the host, encrypts it, and then sends it to a C2 server.2ca15a19a85b94c2fd06acce0d8ae7b7c4eadd3e9e5c42a74a458e259584ae18a794db94 2ca15a19a85b94c2fd06acce0d8ae7b7 72f3289960744faf657f7f84e98d8f1da3576451aa23f3813e00fcf956920cb1 https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-y0r01Tspy_2b67d553Windows This strike sends a malware sample known as Tspy. The Tspy malware family remains persistent by executing upon each restart and boot. It uploads data and receives commands from C2C servers.2b67d553f679e95a48f903ec411a8ecba912b436a429994f00098c33e048e3abbf10e121 2b67d553f679e95a48f903ec411a8ecb 5b037ffcf5d7627fd5e722fa9b24f9a7108fd65069f47bed25e0c72618450774 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-4qt01Daqc_ce1838d7Windows This strike sends a malware sample known as Daqc. This sample of the Daqc trojan slowly exfiltrates sensitive data to a C2 server.ce1838d7f4c624121531c1a477f5ca9465ac7ee69ca8d1a222e71d6530ef055c0c9cd917 ce1838d7f4c624121531c1a477f5ca94 8f6841a0f19f1626723f297a3ada097342ff10b6f4242e48e3b14c8528381de9 https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-o7n01Tspy_5f5e7b99Windows This strike sends a malware sample known as Tspy. The Tspy malware family remains persistent by executing upon each restart and boot. It uploads data and receives commands from C2C servers.5f5e7b9977ae7f7dad1d4f7a3cf4259e646fd906d3c73ec7a41c2ce49dfdf893efffb8a9 5f5e7b9977ae7f7dad1d4f7a3cf4259e 505086a1799dc039d72a0e691641af6660ed9b2b97e7ff9b1379b59971fc9701 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-ojd01Remcos_d3af8755Windows This strike sends a malware sample known as Remcos. Remcos is a Remote Access Trojan that can be configured to have anti-vm checks and hinder the analysis debugging. It can receive commands via C2C communication like recording the microphone, camera, and keystrokes.d3af8755642361b722f88c4ebaf262a22277295b29923d5d1a1e6fc40cf633bf7775fa94 d3af8755642361b722f88c4ebaf262a2 31aa91dfa01203239b8aa25649c05a084e62de8814e101c24f3fbd5f2d234014 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-fzx01Remcos_af9311eaWindows This strike sends a malware sample known as Remcos. Remcos is a Remote Access Trojan that can be configured to have anti-vm checks and hinder the analysis debugging. It can receive commands via C2C communication like recording the microphone, camera, and keystrokes.af9311ea5f2b62e9a688c948937fc328ab577dd53b2767d8a22cd7e7ed87d9b673b5a8f6 af9311ea5f2b62e9a688c948937fc328 13fbdc096406f0f975d02a160448d98fd9d49d3ce7d338151668001017dbe397 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-lac01Separ_b7823814Windows This strike sends a malware sample known as Separ. Separ is malicious spyware that collects confidential information from attempted logins.b7823814d99ad4e77e123894595172f3c7c4d8deb7bcf29ffa017b08d1f04fc141974dc0 b7823814d99ad4e77e123894595172f3 6df2b4fc352d822b4df9c164e7282fe387adc6ab0b7e036a12f4c3c57641564d https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-g6201Razy_6d423ea8Windows This strike sends a malware sample known as Razy. This sample of Razy has been identified as a generic Windows trojan that collects information from the host, encrypts it, and then sends it to a C2 server.6d423ea83935e6a3b126bfe2e17baeec4f1cf18a416ac31214ef02e5ebd4299fada369e7 6d423ea83935e6a3b126bfe2e17baeec 419c206b2701529e1475fafde37adad222eceef28a5b6b0ba1e34232ec3e95bd https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-nkg01Razy_be69e631Windows This strike sends a malware sample known as Razy. This sample of Razy has been identified as a generic Windows trojan that collects information from the host, encrypts it, and then sends it to a C2 server.be69e63115c667377129c0d74ffaed567b68702e0a93c1f7ed522570ead73e34eac249d9 be69e63115c667377129c0d74ffaed56 058f2a286b9dbce25b14efa7a4321505d443a97c11d773024b2e222c54894dfc https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-fhb01Daqc_e8641a7dWindows This strike sends a malware sample known as Daqc. This sample of the Daqc trojan slowly exfiltrates sensitive data to a C2 server.e8641a7d2481762eaa5bcb1d9915e87e803fd111b00b9ad917910aee269b5e523c84def1 e8641a7d2481762eaa5bcb1d9915e87e 011e0b204c466885b489a18062a763a3eab681d1f6d3ddc7584ad89429935664 https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-n5001Separ_38e3b021Windows This strike sends a malware sample known as Separ. Separ is malicious spyware that collects confidential information from attempted logins.38e3b021f5cac0bc19bcdd76f6228771a6f23a56b70ef3ed327277bfec5eaf37d1505d89 38e3b021f5cac0bc19bcdd76f6228771 61540809d55eaa23ba0ac82ff4b530823c93fbc8e7097ccaeb8329e0eb1e48c1 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-27801Daqc_bbbf640fWindows This strike sends a malware sample known as Daqc. This sample of the Daqc trojan slowly exfiltrates sensitive data to a C2 server.bbbf640f1d981f1b2fdc42628612d8060f860e6692cef9ee44d371463c45ea10b0639a1f bbbf640f1d981f1b2fdc42628612d806 4278d609c70419e054b5d514e847f05d9e854a6f67c8ca4a17ce02f14d18980e https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-2gy01Tspy_47059d31Windows This strike sends a malware sample known as Tspy. The Tspy malware family remains persistent by executing upon each restart and boot. It uploads data and receives commands from C2C servers.47059d314065f5b68bb4c6179394278a2f9675cdda5726941aac100d181b32b20def18eb 47059d314065f5b68bb4c6179394278a c421dd4f20f4b7d99e740352db8e727a0b3c88c34ab2053849f039b508d73f71 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-fal01Separ_f4035d64Windows This strike sends a malware sample known as Separ. Separ is malicious spyware that collects confidential information from attempted logins.f4035d644c785b3aab9684926a17ab88a42cb72f1d10214eb9511e3fc9aab9d80dfc01a1 f4035d644c785b3aab9684926a17ab88 82a5963922e08c70521648fbec9849f621bfd0d25b0d6193b1e9a39ecab05111 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-jkz01Razy_d7944f0aWindows This strike sends a malware sample known as Razy. This sample of Razy has been identified as a generic Windows trojan that collects information from the host, encrypts it, and then sends it to a C2 server.d7944f0a4c0f733c3e45ae91a62470a699f11d422b648f05a94b3947880e1c8ea323f9d5 d7944f0a4c0f733c3e45ae91a62470a6 61ac9dae3f72b71a6128af5207f00d2e48243423596fde881811e5525a53d509 https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-5fi01Separ_d402dbafWindows This strike sends a malware sample known as Separ. Separ is malicious spyware that collects confidential information from attempted logins.d402dbaf1fce836507f18abd908029adc02ae3e2879af3346478fa6c48e21c5dd8dc3222 d402dbaf1fce836507f18abd908029ad 3f735ba16d51af841f5a48c9be5a2cb004df275c71cbbdd3497bfe34460f9c93 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-u2c01Tspy_712add83Windows This strike sends a malware sample known as Tspy. The Tspy malware family remains persistent by executing upon each restart and boot. It uploads data and receives commands from C2C servers.712add83c12600d3f1fb1be0e119fc64b62b314a85157fd75b188cbd5cad1047886bc0b1 712add83c12600d3f1fb1be0e119fc64 0f11515c0a57068b0636a8a4283b8e25bf7c72fe55c486fc108a8cbf02b50c41 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-68i01Razy_fb3acc99Windows This strike sends a malware sample known as Razy. This sample of Razy has been identified as a generic Windows trojan that collects information from the host, encrypts it, and then sends it to a C2 server.fb3acc99e26c99683a8a4562456eec3229077dd1c20ee7fe166698b976ff0894b39ecfc9 fb3acc99e26c99683a8a4562456eec32 608b6dad966c287cdb214acc6883a7bbbb2a0bb12f0dae2a4eaea451186aa899 https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-5cy01Separ_c77d513eWindows This strike sends a malware sample known as Separ. Separ is malicious spyware that collects confidential information from attempted logins.c77d513ef7ecc05945527cb254d9a26fff2dbcae743a500aa097569c12c45048e96db904 c77d513ef7ecc05945527cb254d9a26f 79789706985bcb5afeffed63805994cbe09966da0544e18a0a059a57064d7039 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-ea401Tspy_2878bfacWindows This strike sends a malware sample known as Tspy. The Tspy malware family remains persistent by executing upon each restart and boot. It uploads data and receives commands from C2C servers.2878bfac1ff5c4c8568ceda74fc53b53d70597049a7f64502e9bb2eb76f2f10b8594a626 2878bfac1ff5c4c8568ceda74fc53b53 7e113d90f3f9a6dff9a99479d7377ee1b19fa3534ba3874c98495cc8b5ef3a3e https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-uxh01Remcos_5cb5a216Windows This strike sends a malware sample known as Remcos. Remcos is a Remote Access Trojan that can be configured to have anti-vm checks and hinder the analysis debugging. It can receive commands via C2C communication like recording the microphone, camera, and keystrokes.5cb5a216e2674a9b483481da7283d6ac051aab897792786291922dbf1107d4c305850c74 5cb5a216e2674a9b483481da7283d6ac 2a0d2df8c466bbe5bf538e9745286f124f3ca426d3ece80fbb675863281c46a5 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-zm601Separ_80ca117cWindows This strike sends a malware sample known as Separ. Separ is malicious spyware that collects confidential information from attempted logins.80ca117c026e41e60957db0fa84760acf8d8815cd04f8e991f9adffbc1ad2100e9326d69 80ca117c026e41e60957db0fa84760ac 6f13c5e83ae42cbb755a44c3c45075043983d0eba2846b63442471577bdf6a98 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-6mo01SmokeWindows This strike sends a malware sample known as Smoke Loader Trojan. This sample is the Smoke Loader trojan. It contains and installs plugins that perform various functionality. These plugins, read database files, search directories looking for files to exfiltrate, inject into to steal cookies and credentials, steal credentials for ftp, smtp, pop3, imap, and attempt to steal TeamViewer credentials.2c99759a02ca32d1a7e8afa09130633fddf98971664eb7b554c86b4ab2e2ba7d469f893c 2c99759a02ca32d1a7e8afa09130633f b65806521aa662bff2c655c8a7a3b6c8e598d709e35f3390df880a70c3fded40 https://blog.talosintelligence.com/2018/07/smoking-guns-smoke-loader-learned-new.html
M18-rxi01Daqc_675d43c3Windows This strike sends a malware sample known as Daqc. This sample of the Daqc trojan slowly exfiltrates sensitive data to a C2 server.675d43c300c77e2267e9540b485840fbf0507a3f4c4850fd4e0770f88ae8ff7055160d28 675d43c300c77e2267e9540b485840fb 7f2167ad8d2c8523477e5c89bff7e43c4aaa63bb67738c99f3dcf699f5d23878 https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-8hc01Tspy_e3cca419Windows This strike sends a malware sample known as Tspy. The Tspy malware family remains persistent by executing upon each restart and boot. It uploads data and receives commands from C2C servers.e3cca419668ac9572b1344d4fd2b1e241264285dfdf18ba25e3a194467be29da3ac3281c e3cca419668ac9572b1344d4fd2b1e24 4ec361e23ab8e05a13532c2c669bf8a37adb1e918124b308f83e3ed59a4c2abc https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-xti01Tspy_3b9e6808Windows This strike sends a malware sample known as Tspy. The Tspy malware family remains persistent by executing upon each restart and boot. It uploads data and receives commands from C2C servers.3b9e68088742a591d2db70d1f2fc42a235c9d2e461fecf7fc24c6657568b201ac1af78e9 3b9e68088742a591d2db70d1f2fc42a2 36f23f39d5bf737e10c2a253f046741f530ebabe20216ec535b3aab4bc9efe5c https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-35v01Separ_1efcb8bbWindows This strike sends a malware sample known as Separ. Separ is malicious spyware that collects confidential information from attempted logins.1efcb8bbe9444303d9f0d88fa37e4ad0c95c9923997ef30d6959e16d0fa2bb425b72da1f 1efcb8bbe9444303d9f0d88fa37e4ad0 675402f0a4a31c59011e4356207a3189b171f0dd81b0117adf59e6e120b90295 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-k1c01Tspy_25d0181dWindows This strike sends a malware sample known as Tspy. The Tspy malware family remains persistent by executing upon each restart and boot. It uploads data and receives commands from C2C servers.25d0181dd7f067ea9955f8e997760782a6b78481af9d4c3200006072374500fc907504f6 25d0181dd7f067ea9955f8e997760782 b29235fc7596b5ba81c8edac236b03e8ab86b0457297151b4f410277939f12ee https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-gtj01Tspy_820b7cdaWindows This strike sends a malware sample known as Tspy. The Tspy malware family remains persistent by executing upon each restart and boot. It uploads data and receives commands from C2C servers.820b7cdaeed2efe1041a4fa1876b8e0bd612067caff14be25276bc773ac1c4f3806b2bfe 820b7cdaeed2efe1041a4fa1876b8e0b 16ae2ef60aad481f1a340a9e6e7421258a57e7cbba46d9dca8c1dc063a699ef3 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-6sn01Razy_ba67c755Windows This strike sends a malware sample known as Razy. This sample of Razy has been identified as a generic Windows trojan that collects information from the host, encrypts it, and then sends it to a C2 server.ba67c755457340fafda4fb514221d27edcf16ff716ecac350b3d3ac10cff9ea9b4c2e9ac ba67c755457340fafda4fb514221d27e 447ab1be7b297d6b592cbad8f6c35cb269e25c817d6900726fd131234427b898 https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-zpu01Jaik_b5c2e996Windows This strike sends a malware sample known as Jaik. Jaik is a botnet that communicates with external domains as well as injects code into other processes, can perform DDoS attacks, and generic credential harvesting.b5c2e99683185f6db4548c153ec01160434cf38a3d33750589004c2dabad67b2fb92fb75 b5c2e99683185f6db4548c153ec01160 2ae2fcade0f57faf7fbabbde56e60ad080df9011ed70dee957aa7fe13a961c80 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-lhs01Separ_0b09448fWindows This strike sends a malware sample known as Separ. Separ is malicious spyware that collects confidential information from attempted logins.0b09448f9b70810945c3798447b31c5e68c6a7cddea81b0cdffef6c75f0a0430ee25b259 0b09448f9b70810945c3798447b31c5e 4f7b768262e30ac52c97566a03646de84081ea148c932aedb84ca5bb46a10da0 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-57t01Daqc_7ca36473Windows This strike sends a malware sample known as Daqc. This sample of the Daqc trojan slowly exfiltrates sensitive data to a C2 server.7ca364731260037f8b69a8b7f7a790297fe3bdb9285bde2593be0b94bfca4cb92d689e97 7ca364731260037f8b69a8b7f7a79029 273c7bc44acc510531dafb34a25aa0463ce28c262c360596f2387f0b3067c0fe https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-opc01Separ_fa7a309cWindows This strike sends a malware sample known as Separ. Separ is malicious spyware that collects confidential information from attempted logins.fa7a309ccb4375436323c5ce3219b5104e28ca0b366cea7ba8c47f25252dcd684954a9db fa7a309ccb4375436323c5ce3219b510 21d006b8f12a6b2e3126f3a6cef4f621c314a9dc21be6ffe51950f816f6a88c9 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-zvo01Tspy_bbe41f65Windows This strike sends a malware sample known as Tspy. The Tspy malware family remains persistent by executing upon each restart and boot. It uploads data and receives commands from C2C servers.bbe41f6581678751f083283ab4d161c31ed6859048275770571fcca5f7e124e317346efe bbe41f6581678751f083283ab4d161c3 574e0c9876b887373cb06e5873f99decb58c10e97d87f930b86d4156a4585e97 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-z6h01Daqc_27b8967aWindows This strike sends a malware sample known as Daqc. This sample of the Daqc trojan slowly exfiltrates sensitive data to a C2 server.27b8967a92f94ebc7f1d3051911b23adc3207eab96abe3e1eb4e727a97b5270c24aa2d51 27b8967a92f94ebc7f1d3051911b23ad 331dd1d9b1f53c72bb628913a0d173eb701cdf68de713c1b94bcfef1be8be8f1 https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-lox01Remcos_366eef0bWindows This strike sends a malware sample known as Remcos. Remcos is a Remote Access Trojan that can be configured to have anti-vm checks and hinder the analysis debugging. It can receive commands via C2C communication like recording the microphone, camera, and keystrokes.366eef0b809358cf146845368221b55043f8776fde1bb3aadac90d116cd351ad37dd741b 366eef0b809358cf146845368221b550 1a6c169c82fd99a1b607100c42cae0c39f964ea2dbe6e0216479171d479275df https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-x0y01Separ_58d95ff8Windows This strike sends a malware sample known as Separ. Separ is malicious spyware that collects confidential information from attempted logins.58d95ff843efc2de412591d591356eea9ffb3cd4d7278e38bb9f21fe8dfd980013813486 58d95ff843efc2de412591d591356eea 09ebe700700a0e5e49d994093786f6c1bc9d3c400edc94b31693ef5961250d81 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-d1d01Tspy_b7ceb64dWindows This strike sends a malware sample known as Tspy. The Tspy malware family remains persistent by executing upon each restart and boot. It uploads data and receives commands from C2C servers.b7ceb64d7506c15252e24e0e9827e854576408a180dbb682f08ab47e361d5d205d06b090 b7ceb64d7506c15252e24e0e9827e854 3651567230a6f02d69659133e1e915d87903994f20ac3108310c214d9cab163c https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-l3p01Jaik_f8438bacWindows This strike sends a malware sample known as Jaik. Jaik is a botnet that communicates with external domains as well as injects code into other processes, can perform DDoS attacks, and generic credential harvesting.f8438bac59be6828944d4b226e97780ebf4eb1ccfa22b53898aff5942984d8f44c1aefe5 f8438bac59be6828944d4b226e97780e 5c20c7e6b9aa1dacafff644088c71388374329a9e0a218fdc944fb802fc5928c https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-zhv01JoanapWindows This strike sends a malware sample known as Joanap Brambul. This malware is associated with the malicious group of cyber activists from North Korea known as HIDDEN COBRA.The SMB worms spread on the local network and over the internet by brute forcing systems using a list of common passwords. The RAT that is included with the worm allows for the capability to exfiltrate data as well as execute other commands.4731cbaee7aca37b596e38690160a74980fac6361184a3e24b33f6acb8688a6b7276b0f2 4731cbaee7aca37b596e38690160a749 077d9e0e12357d27f7f0c336239e961a7049971446f7a3f10268d9439ef67885 https://www.us-cert.gov/ncas/analysis-reports/AR18-149A
M18-m8s01Daqc_9e3c6308Windows This strike sends a malware sample known as Daqc. This sample of the Daqc trojan slowly exfiltrates sensitive data to a C2 server.9e3c6308b81f00c5da7ab398bec6a00e5dcc57fa164a77774f7632e0bcb440a1185e47a3 9e3c6308b81f00c5da7ab398bec6a00e 748374631d589f14126473dee5faabbb03de6f436be9ba1f4e9db4a43ad5f335 https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-e6l01Jaik_9f4b91daWindows This strike sends a malware sample known as Jaik. Jaik is a botnet that communicates with external domains as well as injects code into other processes, can perform DDoS attacks, and generic credential harvesting.9f4b91dafe4b05f411ad8a873d6aeca9fc23ec7b4eea52385fc57d31e5bee313c23f4c18 9f4b91dafe4b05f411ad8a873d6aeca9 e35cda507a9d6fc95a409f8e9946bae206a02063d51296017d82382ff28ead88 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-2wp01Jaik_c7529b80Windows This strike sends a malware sample known as Jaik. Jaik is a botnet that communicates with external domains as well as injects code into other processes, can perform DDoS attacks, and generic credential harvesting.c7529b808223a545a874a8962a3c5881fcf13ee1db04260473d886f918bfc6953c3d1e6c c7529b808223a545a874a8962a3c5881 2bab01741cc5796155d61543a7efe5cdfa96bde3507f1d85ea2c96ec0f1f7c0b https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-db501Remcos_5a0f9da3Windows This strike sends a malware sample known as Remcos. Remcos is a Remote Access Trojan that can be configured to have anti-vm checks and hinder the analysis debugging. It can receive commands via C2C communication like recording the microphone, camera, and keystrokes.5a0f9da36edd261a7a1fee7fcf5bc543d1eb1bb967cd95cef2c1ceb4ddfd68a8f7bf3ae4 5a0f9da36edd261a7a1fee7fcf5bc543 0007bb868ae54ff5be81cf04d7ff4c38c1d36ee18fbc3ee166d1f6298b8e4176 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-6w701Daqc_7ec491e3Windows This strike sends a malware sample known as Daqc. This sample of the Daqc trojan slowly exfiltrates sensitive data to a C2 server.7ec491e37e86851c283b115b6d08390fd0e332cec5e0b3938aa9fedaece3f01dc5ec6c9d 7ec491e37e86851c283b115b6d08390f 2a63210f0832f22ff67bc5333c3e2f8e327c6353920d6d687c1dec8558e50a83 https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-5um01Separ_c56ba0ecWindows This strike sends a malware sample known as Separ. Separ is malicious spyware that collects confidential information from attempted logins.c56ba0ec71222ed7354dfaafec5cf7664922a8e60d98cb595d7e854355e9e78bb1894a61 c56ba0ec71222ed7354dfaafec5cf766 7115ea1ab97a7187b2a1bb6936fe3df44bc754ec06f70c9f880d9787e605ea60 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-4t901Trickbot_742a42ccWindows This strike sends a malware sample known as Trickbot. This sample of Trickbot has been identified as being downloaded by the smoke loader malware Microsoft Word email attachment. Once downloaded Trickbot acts as a dropper and proceeds to download the smoke loader trojan.742a42cc9d2daa22f4f9b135ea1ccb92d36600457c22b895cb559788c47eb2f360e40837 742a42cc9d2daa22f4f9b135ea1ccb92 0be63a01e2510d161ba9d11e327a55e82dcb5ea07ca1488096dac3e9d4733d41 https://blog.talosintelligence.com/2018/07/smoking-guns-smoke-loader-learned-new.html
M18-7i001Tspy_be343064Windows This strike sends a malware sample known as Tspy. The Tspy malware family remains persistent by executing upon each restart and boot. It uploads data and receives commands from C2C servers.be343064d87ed490534d474abb44452e98509a6a5f46f36994781ab6a0a9e166d949f383 be343064d87ed490534d474abb44452e 2ec87871a0a83639fc814ab764d69147f2dccc13cdcd6dd6af4a9aaaebdb5283 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-sgs01Separ_814c5cddWindows This strike sends a malware sample known as Separ. Separ is malicious spyware that collects confidential information from attempted logins.814c5cdd8a7a6540fc6ffb4e5aeab89adcbea0d39db4b4d665b27128c25adb247c4efad0 814c5cdd8a7a6540fc6ffb4e5aeab89a 14c4a3fd18cad81c55ff4aa192803b748d8810900602c89c26114eb80c9db988 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-8vy01Jaik_d943da9bWindows This strike sends a malware sample known as Jaik. Jaik is a botnet that communicates with external domains as well as injects code into other processes, can perform DDoS attacks, and generic credential harvesting.d943da9bc7139ce42c8737eff5f226b992790edaca860db6a99d1313800efed1c10f28d1 d943da9bc7139ce42c8737eff5f226b9 af9f5370fa6758440ef40215c4412b1b266c33effc541c97766b7c6f4dd076b8 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-i4i02Tspy_2db07529Windows This strike sends a malware sample known as Tspy. The Tspy malware family remains persistent by executing upon each restart and boot. It uploads data and receives commands from C2C servers.2db07529e7d579ed4b9be48ea488948d3101fab0de7ccd9843f3b27a85f721a7c4b5be93 2db07529e7d579ed4b9be48ea488948d 1d8cda39dcf193f04d41ca364e038ddf7ae51ff5cabc56c687a38c41773b5d95 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-m7j01Daqc_877b2a87Windows This strike sends a malware sample known as Daqc. This sample of the Daqc trojan slowly exfiltrates sensitive data to a C2 server.877b2a87a028f7e6abe456d3b859699ba4ccbc5d778ef3ef1d5bbd6a50d49162e060986a 877b2a87a028f7e6abe456d3b859699b 36dcfa6c8cb09c85d25b9cfc4ff655a6b7d4ad77b4f75107734e956b2c0c4c52 https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-cr601Tspy_99adc1caWindows This strike sends a malware sample known as Tspy. The Tspy malware family remains persistent by executing upon each restart and boot. It uploads data and receives commands from C2C servers.99adc1cab732d831e9e6c4108c481601adac5cabc9a2e4b979770d4335a9c235b4de7dbf 99adc1cab732d831e9e6c4108c481601 19c97ae2501ccebf5e2e4e5f88d3323141aeca73e9016d69eacc11f79fd4e803 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-her01Daqc_77f5fe2bWindows This strike sends a malware sample known as Daqc. This sample of the Daqc trojan slowly exfiltrates sensitive data to a C2 server.77f5fe2b9c93c33551192371f0f59de5d0317c53e8bd51c97fa96e5d438bf3568cad59c9 77f5fe2b9c93c33551192371f0f59de5 1bc4781824a84300edc2f1fa97e42cddce96b273c09fda794f9e30a44ae4c6d5 https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-bt601Daqc_c211137aWindows This strike sends a malware sample known as Daqc. This sample of the Daqc trojan slowly exfiltrates sensitive data to a C2 server.c211137a09d0f7ebdcc63ff77d5621094d38191ceb366062f5d577da76d6692fd216a008 c211137a09d0f7ebdcc63ff77d562109 0681fbcb805b64a7a85ad6883e8c66af4d1cbd0cbc983e8c7c57868885c8eddb https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-ley01Daqc_d91db0a2Windows This strike sends a malware sample known as Daqc. This sample of the Daqc trojan slowly exfiltrates sensitive data to a C2 server.d91db0a2ac1a5855259e172b1e67106c7c035a516fe3c9862b90025388bfebd865e87472 d91db0a2ac1a5855259e172b1e67106c 43957c1ffbb1ae837e2fe6d97603fa0c686f131beebe5c8c17e9c384bd2e5d9d https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-i4p01JoanapWindows This strike sends a malware sample known as Joanap Brambul. This malware is associated with the malicious group of cyber activists from North Korea known as HIDDEN COBRA.The SMB worms spread on the local network and over the internet by brute forcing systems using a list of common passwords. The RAT that is included with the worm allows for the capability to exfiltrate data as well as execute other commands.e86c2f4fc88918246bf697b6a404c3ea9b7609349a4b9128b9db8f11ac1c77728258862c e86c2f4fc88918246bf697b6a404c3ea ea46ed5aed900cd9f01156a1cd446cbb3e10191f9f980e9f710ea1c20440c781 https://www.us-cert.gov/ncas/analysis-reports/AR18-149A
M18-sr201Razy_83ecaa28Windows This strike sends a malware sample known as Razy. This sample of Razy has been identified as a generic Windows trojan that collects information from the host, encrypts it, and then sends it to a C2 server.83ecaa28b664cd9b4a9636b78e34aab4dc209848c330fe83aeb0bff63aaf4d6ea1eba1ff 83ecaa28b664cd9b4a9636b78e34aab4 5d97798b9fbc7692c9dbcfb0643da0de491b36e2e0cf51060254a2dd6238ea62 https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-x9l01Tspy_97fce230Windows This strike sends a malware sample known as Tspy. The Tspy malware family remains persistent by executing upon each restart and boot. It uploads data and receives commands from C2C servers.97fce23091cfb62862ed568a7458f6c7a6e386fdfb3b1031b4fb466d76c7eece6d96759f 97fce23091cfb62862ed568a7458f6c7 4f44cbd14878c3f8d6415c0d7d103224354323d624ef3e0906f3695d3c9c06e9 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-yuo01Jaik_323aa456Windows This strike sends a malware sample known as Jaik. Jaik is a botnet that communicates with external domains as well as injects code into other processes, can perform DDoS attacks, and generic credential harvesting.323aa4566fbd6984317d408c2d54ea18af633cc4777b7b53e707b29a66afb91b48b7e31c 323aa4566fbd6984317d408c2d54ea18 3329a848c569b7048f60a733cdf217d84baa1820fb4c1c423662e799fa1b9331 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-jc001Jaik_54b6c389Windows This strike sends a malware sample known as Jaik. Jaik is a botnet that communicates with external domains as well as injects code into other processes, can perform DDoS attacks, and generic credential harvesting.54b6c389cd0e05a8b50a30d1730e56e727b56c6cccbbab0a9d51cc548c83e6c9dda3a7f9 54b6c389cd0e05a8b50a30d1730e56e7 622fa10ffe94bff99be638991472cbfda178d186d6d95adc2bb87c39d2f9c1fb https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-39101Razy_4c2f3c6bWindows This strike sends a malware sample known as Razy. This sample of Razy has been identified as a generic Windows trojan that collects information from the host, encrypts it, and then sends it to a C2 server.4c2f3c6b5825579d773d9446cbacef1b5d7343993a57da3138ce9dcfeb42ac791c4a14b1 4c2f3c6b5825579d773d9446cbacef1b 75bdd5417105c495fd111bcaafcbed1f37a1e77c64d788f5884df5018c82a4e6 https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-39y01Razy_4cf09dbfWindows This strike sends a malware sample known as Razy. This sample of Razy has been identified as a generic Windows trojan that collects information from the host, encrypts it, and then sends it to a C2 server.4cf09dbf2c5d7de4c294831ddda9d8be2dcaf1de777e1b4c52975d32fff2c182bad1c251 4cf09dbf2c5d7de4c294831ddda9d8be 0c1609585500a71c55999ca82ff617cf209e09ef640d35d8b334bc0949e1f5c1 https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-ve001Daqc_84f08315Windows This strike sends a malware sample known as Daqc. This sample of the Daqc trojan slowly exfiltrates sensitive data to a C2 server.84f083158695f8d627fad1a73a314a82e12e8cdeaf8e3db11659cc9829358a5e26618818 84f083158695f8d627fad1a73a314a82 2a9be0b39fc7f3cd3214ba6854699e6857ba853b175b98d0fe10e151dbce9f4e https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-zwl01Daqc_d6d6da2dWindows This strike sends a malware sample known as Daqc. This sample of the Daqc trojan slowly exfiltrates sensitive data to a C2 server.d6d6da2db3369c4ebf85e06506c8e0ef1ff59010b53316a2283084f6ed66089055865cd2 d6d6da2db3369c4ebf85e06506c8e0ef 87e4364c1075f01bbb5d2e71532eafa03319925cc76a81175f1939e865d73a22 https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-s6101Jaik_812a4d34Windows This strike sends a malware sample known as Jaik. Jaik is a botnet that communicates with external domains as well as injects code into other processes, can perform DDoS attacks, and generic credential harvesting.812a4d34669a533ade69d81db596dcad4cbc5e3e8ed995a8b996cbe7b6296f7c2fc6d0f1 812a4d34669a533ade69d81db596dcad f10fd36eb803b00e3173b20a2c19fc99a82a51fdecb7eb5b41417ca8365a98c4 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-wqa01Jaik_8ecf6d6dWindows This strike sends a malware sample known as Jaik. Jaik is a botnet that communicates with external domains as well as injects code into other processes, can perform DDoS attacks, and generic credential harvesting.8ecf6d6db0da86c8d8c9e5a5de32a2e38105e2a86cb373fd9e924392fdf97ceaab4cb6f4 8ecf6d6db0da86c8d8c9e5a5de32a2e3 db5025e926aefee22c19bea499ed4e79c8d28dac511ac82016823a34ae9f20b3 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-2da01SmokeMixed This strike sends a malware sample known as Smoke Loader Dropper. This sample is the Microsoft Word email attachment that contains an embedded macro. Once executed it initiates the second stage of the attack that downloads Trickbot.50b1f956d89248fbe3e69e37489157fb2acce53e344df33fea8553888695baeeec6ea647 50b1f956d89248fbe3e69e37489157fb b98abdbdb85655c64617bb6515df23062ec184fe88d2d6a898b998276a906ebc https://blog.talosintelligence.com/2018/07/smoking-guns-smoke-loader-learned-new.html
M18-39c01Razy_76cbf2e3Windows This strike sends a malware sample known as Razy. This sample of Razy has been identified as a generic Windows trojan that collects information from the host, encrypts it, and then sends it to a C2 server.76cbf2e32e97a590d1359a100d468bd12bcc40edd54eb422e2c03d3daad3b15ce4448cfb 76cbf2e32e97a590d1359a100d468bd1 73f6dee570c360d0b2c6b4f1669aadbe1fda320838f80c8ffa030ba3b6f61738 https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-5nz01Jaik_92e156cdWindows This strike sends a malware sample known as Jaik. Jaik is a botnet that communicates with external domains as well as injects code into other processes, can perform DDoS attacks, and generic credential harvesting.92e156cded6c1d9d89b12f46de8b316358c9f770c3b87e1dd04daba4df97eddbbeb3b20b 92e156cded6c1d9d89b12f46de8b3163 07bef3ef1d45fe1bbc7c16f7e7ad211e1e81264cf9ef119232d10bfd2245e778 https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-9hi01Remcos_889eb494Windows This strike sends a malware sample known as Remcos. Remcos is a Remote Access Trojan that can be configured to have anti-vm checks and hinder the analysis debugging. It can receive commands via C2C communication like recording the microphone, camera, and keystrokes.889eb494c169114f84ccc2f06aba478c4979d865dfaf30a299e20a79c2477bfc7599f314 889eb494c169114f84ccc2f06aba478c 2d834a721aa72e59378d795f16b179e6cc8fc0040441d72b293f19d863cd22ad https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
M18-0tt01Daqc_fed035abWindows This strike sends a malware sample known as Daqc. This sample of the Daqc trojan slowly exfiltrates sensitive data to a C2 server.fed035ab67a413d0cc77c74644d712ef4d898a1897370572274b51677ffd2d6be41e5658 fed035ab67a413d0cc77c74644d712ef 0a0c092a8a390432b9b31b8d7cc9b4780fad2b8878d0bcfdda09f7f9322b1004 https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
M18-o5v01Remcos_28a86190Windows This strike sends a malware sample known as Remcos. Remcos is a Remote Access Trojan that can be configured to have anti-vm checks and hinder the analysis debugging. It can receive commands via C2C communication like recording the microphone, camera, and keystrokes.28a86190f1c3aeb09ca86ab715d9843d6dc8d8abe780b011a50dfb1f11d9f31a6cd8854e 28a86190f1c3aeb09ca86ab715d9843d 10173267784ffb1934d59ce8bd822f9f9260bbc7420eeafd0c8affa8a62e840b https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html

Malware Strikes June - 2018

Back to top
Strike ID Malware Platform Info MD5 External References
M18-inb01Telegrab_defb8871Windows This strike sends a malware sample known as Telegrab. This malware exfiltrates credentials, cookies, and text files, as well as hijacks the target's session, contact, and chat information from the Telegram instant messaging service.defb8871e9fdcf7ebe93b13b880e4cb5fa18e32e340a356e407b89c936e3e223c5dba3fb defb8871e9fdcf7ebe93b13b880e4cb5 2be87bc7e1cee08a3abc7f8fefcfab697bd28404441f2b8ee8fafba356164902 https://blog.talosintelligence.com/2018/05/telegrab.html
M18-wze01Telegrab_0ef5ed96Windows This strike sends a malware sample known as Telegrab. This malware exfiltrates credentials, cookies, and text files, as well as hijacks the target's session, contact, and chat information from the Telegram instant messaging service.0ef5ed969490bdff3569a83c25e41d518d83dadc890085698ec5d22d2177c8276ccf6245 0ef5ed969490bdff3569a83c25e41d51 6344f5fe0081dcff6345055d2f90e163ec8eb214edfff44fe56fc2d1ed14d322 https://blog.talosintelligence.com/2018/05/telegrab.html
M18-zqh01Fareit_be42c5f9Windows This strike sends a malware sample known as Fareit. Fareit steals and harvests credentials from the targeted system. This information is then exfiltrated to a C2 server.be42c5f90ff696f16004e793428268c9a392c434053d5c3d5422a5bde857f0f4cdc0a507 be42c5f90ff696f16004e793428268c9 77f546ee92e7466eb3950374e5afad7af73daed911af1c17482b6ab0abb44500 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-8tc01Snojan_8fcc71e0Windows This strike sends a malware sample known as Snojan. Snojan is a downloader that downloads additional malware to execute.8fcc71e095d99a648216c94f51253e48d51543902baf615d75a2a60dcdaccd0c4d2fa533 8fcc71e095d99a648216c94f51253e48 e4b12046b82cdf5a6d30f08b11134e3e1caf321fabd2424f2c3873041eb1c1b0 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-hc601Telegrab_ee403d5cWindows This strike sends a malware sample known as Telegrab. This malware exfiltrates credentials, cookies, and text files, as well as hijacks the target's session, contact, and chat information from the Telegram instant messaging service.ee403d5c57cf6b31c7b6762e5e56a6445fe0e73fc4fbf66a2b728c9592ef131b2a330f56 ee403d5c57cf6b31c7b6762e5e56a644 3e5dea4055b80ba3903b5ef0a4ad6130775337d3a068b721671e982ae4effda1 https://blog.talosintelligence.com/2018/05/telegrab.html
M18-vn101Johnnie_4a743032Windows This strike sends a malware sample known as Johnnie. The Johnnie or Mikey malware family is known both for persistence and having a plugin architecture.4a743032a09aed88ed00743bb0229b1c353fecb4fbc16f4bff3073434dbb0ef70a94e4ed 4a743032a09aed88ed00743bb0229b1c 6491f8c7234d1a92befb8eb01c8c7ff981b3a51cd5a4eb187e82911a01ae3327 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-t5u01VPNFilter_17e5e5c2Linux This strike sends a malware sample known as VPNFilter. The VPNFilter malware is a multi-stage, modular platform with versatile capabilities to support both intelligence-collection and destructive cyber attack operations. This is stage 2 of the malware.17e5e5c25eef807a08f02b8e435dda308c29ad07039b6d5b672743efc007fc07f4197b68 17e5e5c25eef807a08f02b8e435dda30 4b03288e9e44d214426a02327223b5e516b1ea29ce72fa25a2fcef9aa65c4b0b https://blog.talosintelligence.com/2018/05/VPNFilter.html
M18-x8401Fareit_621c4defWindows This strike sends a malware sample known as Fareit. Fareit steals and harvests credentials from the targeted system. This information is then exfiltrated to a C2 server.621c4def4ee408d388639ef19c67fe78879f7c99769f1904029fba661e2b9b7eba7622d1 621c4def4ee408d388639ef19c67fe78 aed6353688be80e822dd4d9c214d939632fe0db9930a3149b7bc865c9daa5b01 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-s2401NavRATMixed This strike sends a malware sample known as NavRAT HWP. This malware is a Hangul Word Processor document that has been identified as targeting Korean users. It contains an embedded object that executes shellcode with the purpose of downloading and executing the NavRAT payload.ff9eff561fd793ddb9011cf7006d5f6cbd71832af30d337d9a1dea0eeeba0e07e2535d44 ff9eff561fd793ddb9011cf7006d5f6c e5f191531bc1c674ea74f8885449f4d934d5f1aa7fd3aaa283fe70f9402b9574 https://blog.talosintelligence.com/2018/05/navrat.html
M18-r4g01lcloader_0763cb71Windows This strike sends a malware sample known as lcloader. This malware is a dropper that downloads and installs other malicious applications.0763cb71c9d289a52d6531bb35ab5d37f21526ed688d148731e977ed8c528a05b967662c 0763cb71c9d289a52d6531bb35ab5d37 81102d69100b4ee91bd1247a22ed5959f2da57c2bcc064bdd531264284a8763e https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-c8n01Prepscram_a0bbcf3fWindows This strike sends a malware sample known as Prepscram. This malware is a software bundler that installs other unwanted software applications.a0bbcf3fa5446b937bf89b883188da2cfb5a4c95811bd77cf535d6254ed8f37edfcebaef a0bbcf3fa5446b937bf89b883188da2c bad3de4948f6a8c08555cd0224713fa7dac6c5845548ee4148cc486a6cd49adf https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-klh01Prepscram_be6e8224Windows This strike sends a malware sample known as Prepscram. This malware is a software bundler that installs other unwanted software applications.be6e82248509e76690164d0354c6a8d299f9d442bee774cf4a6a9d78e4ab68a2f4c407fc be6e82248509e76690164d0354c6a8d2 98a1804a57bb382d7b68128f282c8186046e8d7ffa71f7a955cdeb16ad1c8239 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-n1701Telegrab_8bfa0da9Windows This strike sends a malware sample known as Telegrab. This malware exfiltrates credentials, cookies, and text files, as well as hijacks the target's session, contact, and chat information from the Telegram instant messaging service.8bfa0da9838b906ca69119df51b82364487637baa92c4169b9c93f48b1e39e37d04fc6de 8bfa0da9838b906ca69119df51b82364 31dd4401c496ceaa8c5d75bc0e8f7f5a1b648f5e5942e074fbb5c683d9eaf408 https://blog.talosintelligence.com/2018/05/telegrab.html
M18-52f01Prepscram_57cd0d9cWindows This strike sends a malware sample known as Prepscram. This malware is a software bundler that installs other unwanted software applications.57cd0d9c3436c890a09208403ca68a33410bfb90d6a4fb48c41632befca0c084171eb6ca 57cd0d9c3436c890a09208403ca68a33 faefcf1da92c7c554dfef22e4f719f73517ae636af0b47b319635239af6657d4 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-hb201lcloader_01f7013eWindows This strike sends a malware sample known as lcloader. This malware is a dropper that downloads and installs other malicious applications.01f7013e8530b7681fd3abe66effb59055b550ad606b5338123da6b5a2ef6b37b31ea591 01f7013e8530b7681fd3abe66effb590 1e7bfdd44e0e8331ce3f03cb37b6ae8f30667a4ab0fc5fa7b417cc9feeb4a7f8 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-jbh01lcloader_1b24581fWindows This strike sends a malware sample known as lcloader. This malware is a dropper that downloads and installs other malicious applications.1b24581fa9cb47e902022fad78f861b837260c5716e8929977e486f203a7a9bafc7bb74a 1b24581fa9cb47e902022fad78f861b8 572fd355a7ee18c8c3b3f14f4864597038eb76beca81527128e4eeba0d630706 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-el001Fareit_779ecf07Windows This strike sends a malware sample known as Fareit. Fareit steals and harvests credentials from the targeted system. This information is then exfiltrated to a C2 server.779ecf07005a00769759fe5b49b7d1724e8a38e64839ee04d986b7832046ca2007943896 779ecf07005a00769759fe5b49b7d172 1f3f15ea6539c98148ef586de273b29d698986317354f2312e2dba6c4c5c5cbb https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-sj101NavRAT_0664698eWindows This strike sends a malware sample known as NavRAT. This malware is a RAT that downloads, uploads, and execute commands and keylogging on the target system. It uses Naver to communicate with the attackers by sending and retrieving files through email and attachments.0664698e08d34417e13ff94114564a51335eee8851492d8841c9b995702a2fc488b4bfbd 0664698e08d34417e13ff94114564a51 4f06eaed3dd67ce31e7c8258741cf727964bd271c3590ded828ad7ba8d04ee57 https://blog.talosintelligence.com/2018/05/navrat.html
M18-6u001lcloader_04074b2aWindows This strike sends a malware sample known as lcloader. This malware is a dropper that downloads and installs other malicious applications.04074b2ad2282b2634c20b841d9bb159fa837b0e6a2e4dbac998b29487f91a229516ea1a 04074b2ad2282b2634c20b841d9bb159 0a5fe807dec1750e12787b96aa1fb5f8ddfc46f48d36af32049a2f1750ae9bff https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-n7j01Betabot_b5f34d27Mixed This strike sends a malware sample known as Betabot. Initially a banking trojan, this current iteration of Betabot leverages CVE-2017–11882 as the exploit entry point to deliver the next stage payloads. This exploit allows for an attacker to embed an OLE object in an RTF file which then executes commands on the infected system. Once infected it employs anti-debugging, anti-vm, and anti-analysis techniques to ensure it is safe to continue running. It also communicates with C2 servers to relay sensitive information back to the attackers and receive future commands.20fc1511a310ece324e40381e49f49c237a7d6ba1505eaef3ee38dbf69f330d5a0b76ab5 b5f34d2752ec82aca1dd544da7990448 1ddf5e48bee0559b5cb3b30c5bd4106a28078adb594b072c56ce9aebb06ade29 https://www.securityweek.com/multi-layered-infection-attack-installs-betabot-malware https://medium.com/@woj_ciech/betabot-still-alive-with-multi-stage-packing-fbe8ef211d39
M18-i3z01Johnnie_496dc49aWindows This strike sends a malware sample known as Johnnie. The Johnnie or Mikey malware family is known both for persistence and having a plugin architecture.496dc49a4e6e68d48032374404ddd52f80b6228576594e8715cb9b1d17c27c37e43cc8b9 496dc49a4e6e68d48032374404ddd52f 2ecf1771778fce31ff2c6004c3601be6d372189166fec6511a0f393fb684bff0 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-ee601Fareit_715d605aWindows This strike sends a malware sample known as Fareit. Fareit steals and harvests credentials from the targeted system. This information is then exfiltrated to a C2 server.715d605a37cfcfd0dfc9c2619d93aa201fd2debf505c2a39fa11fa57e2ffedaa22624cf3 715d605a37cfcfd0dfc9c2619d93aa20 b666016a21c083b8e528f8175ae2d6417ba2ec3e5dc2a6336e29e52efe960a89 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-wss01Prepscram_045dd621Windows This strike sends a malware sample known as Prepscram. This malware is a software bundler that installs other unwanted software applications.045dd621232c1e80f3542f1894553388a4d1bbd1ab4713d76a78f3639aaac65140c911f5 045dd621232c1e80f3542f1894553388 f7d7d01c4812ba9cf1fa71958dd395b120ae9a420437767b4ff9aec2455d0447 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-q8001Prepscram_befdef70Windows This strike sends a malware sample known as Prepscram. This malware is a software bundler that installs other unwanted software applications.befdef7072cfa7f8dcac80859b02ea413c0e9a9a3c8c1f5679522f3adc00c66f2744fed1 befdef7072cfa7f8dcac80859b02ea41 bc879aed2577aa152064a167e312287d59575d510f7a56eda7aa66e170baae80 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-ght01Prepscram_5115185dWindows This strike sends a malware sample known as Prepscram. This malware is a software bundler that installs other unwanted software applications.5115185da29dd6a581eae9e8d5ac9fdddd0e61327f9109065ed87b79bef4c088d1a34be5 5115185da29dd6a581eae9e8d5ac9fdd eb732a01f5f2a3fda038a10ce62a0f1d3068aaaed4ee2b44f351007f4c063a7d https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-lks01Prepscram_a53b153cWindows This strike sends a malware sample known as Prepscram. This malware is a software bundler that installs other unwanted software applications.a53b153c72acd881755ddef1149e6f7b3fa9340235b2569dcc841069764830ad41d0a9b7 a53b153c72acd881755ddef1149e6f7b 6ff6df3020263a78db2719e427e037264873559522b49506b7532fb72c8ceec1 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-2xl01Johnnie_5cbc9ae4Windows This strike sends a malware sample known as Johnnie. The Johnnie or Mikey malware family is known both for persistence and having a plugin architecture.5cbc9ae468ddfef039fafe51094d6dcc63647a878e926ce0d1f662c2a5dab7e8647df251 5cbc9ae468ddfef039fafe51094d6dcc c10e952f5ad87ee0685409c2f6855009e069b181ad7e155f118f524e09de621a https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-nrt02Prepscram_b27c877eWindows This strike sends a malware sample known as Prepscram. This malware is a software bundler that installs other unwanted software applications.b27c877eea0ff0071e29376255393bc7678bb028889b93b51188b85b38d8ef6432558e13 b27c877eea0ff0071e29376255393bc7 01b2027c7a7e3888eb84a0e7c3bacf95b9b6e8da7a79bc578464ec9627f7a9e0 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-1rs01Johnnie_b0d5fc63Windows This strike sends a malware sample known as Johnnie. The Johnnie or Mikey malware family is known both for persistence and having a plugin architecture.b0d5fc638b3b55edb6f0249ca62cf22de1c1738bf14270615467be07b3712050e7f85d60 b0d5fc638b3b55edb6f0249ca62cf22d 5308ee082f975bd750aefa0c1cad84a517a48a7dcc1e72ad665e2a6ae1a6e73c https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-cl401Prepscram_aca056adWindows This strike sends a malware sample known as Prepscram. This malware is a software bundler that installs other unwanted software applications.aca056ad225265394512b96a022d8d574ac19221f271a38f96e9705195e722639c5aa376 aca056ad225265394512b96a022d8d57 4431eebcb86a10222171eb6b678ae19bd59aef22644a842681469dbd2ab85e4c https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-dq101lcloader_239835ecWindows This strike sends a malware sample known as lcloader. This malware is a dropper that downloads and installs other malicious applications.239835ecb703895326b6807e0df033b538b2c2c7a5f4b11f7996387d1f452d4411c2f4c0 239835ecb703895326b6807e0df033b5 54765436d9bfea2116fbff7a9069e4ca643f55eb5e722237cdd5d3a350e4b0ac https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-pli01lcloader_023a3bceWindows This strike sends a malware sample known as lcloader. This malware is a dropper that downloads and installs other malicious applications.023a3bce70ce42508a8610eb5aba11b87a2fc38bc887e04e669bf800a8effb0a515d3c71 023a3bce70ce42508a8610eb5aba11b8 554098adf01c6e799494a0415fff359bce2cf1543c23d7b46c464c9ec49982d6 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-gz201VPNFilter_87049e22Linux This strike sends a malware sample known as VPNFilter. The VPNFilter malware is a multi-stage, modular platform with versatile capabilities to support both intelligence-collection and destructive cyber attack operations. This is stage 2 of the malware.87049e223dd922dc1d8180c83e2fde778a189f0c6a69efeaed1916860a0ff74e424563f6 87049e223dd922dc1d8180c83e2fde77 d6097e942dd0fdc1fb28ec1814780e6ecc169ec6d24f9954e71954eedbc4c70e https://blog.talosintelligence.com/2018/05/VPNFilter.html
M18-tgi01Johnnie_e933fefcWindows This strike sends a malware sample known as Johnnie. The Johnnie or Mikey malware family is known both for persistence and having a plugin architecture.e933fefc1589347aec7acd307ec03d564b672f3364c8d8c6cd2d127384a507d0e34c71bc e933fefc1589347aec7acd307ec03d56 8de212ff8c8364cfce48bf818b245eaf46db049e2fb4f48b4ef839d6160ed245 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-0qc01Prepscram_592030d1Windows This strike sends a malware sample known as Prepscram. This malware is a software bundler that installs other unwanted software applications.592030d1cb40a9f68f58761053ce1197b7f4344e65158b3a1b516f45cc23701e44bc926a 592030d1cb40a9f68f58761053ce1197 ed114bd563038ca504de06b1a0629c493d886d6419205da69eb9730f82688050 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-t6a01Fareit_8c3bb7aaWindows This strike sends a malware sample known as Fareit. Fareit steals and harvests credentials from the targeted system. This information is then exfiltrated to a C2 server.8c3bb7aa1e0ed6b303664ac460725e556fdd614085f0f52102a8bbbe82964487b3bf149a 8c3bb7aa1e0ed6b303664ac460725e55 38fa0b6386e446ee7e1678f3a883bdc93681d5038da66486cfea4a2d9d9c4fc0 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-4j001Telegrab_1d994c13Windows This strike sends a malware sample known as Telegrab. This malware exfiltrates credentials, cookies, and text files, as well as hijacks the target's session, contact, and chat information from the Telegram instant messaging service.1d994c137c93f6788db5ad9f1b0ba375bd479cd67627a7673adaf7200702e35a77f8f84d 1d994c137c93f6788db5ad9f1b0ba375 c0b505299214d21c5f89aea4d381dbd76ef5ce9a38770b693578d4647e61a471 https://blog.talosintelligence.com/2018/05/telegrab.html
M18-nec01lcloader_5ac84a51Windows This strike sends a malware sample known as lcloader. This malware is a dropper that downloads and installs other malicious applications.5ac84a51bd1133a568593b553c8af69d63ca1886b13513b172bda7a88d58a4d58f3b46d0 5ac84a51bd1133a568593b553c8af69d e35d8a62870f2d1ab0fb56fe6e35fb50f980aa2dc83c01e8509b4fed170ee1b4 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-kpa01Snojan_f0d5e3d4Windows This strike sends a malware sample known as Snojan. Snojan is a downloader that downloads additional malware to execute.f0d5e3d4ede5b46289747a10ef7a8a39752a20f1611e397231acc58a3c02d876cad1a726 f0d5e3d4ede5b46289747a10ef7a8a39 422851acbc75b521896e06a5158e32d94a0a652212843fd87a00d88bc47dc52a https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-nst01Johnnie_49c12a27Windows This strike sends a malware sample known as Johnnie. The Johnnie or Mikey malware family is known both for persistence and having a plugin architecture.49c12a276c849a0c59ec063a061ca85327a40004c44bb7848aff4f0b5aff058fd1a4e110 49c12a276c849a0c59ec063a061ca853 0e73d31d6db3dd82988313fe3f463891b24d0e41286d93a89df6a8a56aeccc8c https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-i7t01Telegrab_30f47375Windows This strike sends a malware sample known as Telegrab. This malware exfiltrates credentials, cookies, and text files, as well as hijacks the target's session, contact, and chat information from the Telegram instant messaging service.30f473755488e9ec7817ca012d0feb85d46122fd49017dbb904401a898da35884d84a16e 30f473755488e9ec7817ca012d0feb85 5bc214d0bf18ded3bd18595e96b609137207aeeb0786778f86191fbdfdbc0522 https://blog.talosintelligence.com/2018/05/telegrab.html
M18-73501Prepscram_42c98821Windows This strike sends a malware sample known as Prepscram. This malware is a software bundler that installs other unwanted software applications.42c9882145ea5f1e603f58ab5b0845baf77b08cad6a58a5a6750ed6896557132caeed5e8 42c9882145ea5f1e603f58ab5b0845ba f91c4b1034ea7a193aef5ce586a1f6ba84e735b55bef91d9f4559816b40c3321 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-t4y01Johnnie_2cc0dbc0Windows This strike sends a malware sample known as Johnnie. The Johnnie or Mikey malware family is known both for persistence and having a plugin architecture.2cc0dbc06b540e88354839ca3a4a47066ba150f401344d76e7d78e6d72ca08338815a43f 2cc0dbc06b540e88354839ca3a4a4706 6964abdc0a2daed0a51ca023392ac96b809584a8f1e9014f159e670e2b4b12af https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-fdr01lcloader_36c3756fWindows This strike sends a malware sample known as lcloader. This malware is a dropper that downloads and installs other malicious applications.36c3756f68f55d13082c4d49f18ec88c56eb44f59488f1d317aa34c1c4ba6ce809402d39 36c3756f68f55d13082c4d49f18ec88c 0698f016609e0c86abe57e6e5ebb547802d3ac77ac63714cfdbe0eb3c8eece03 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-gmb01lcloader_6d5ab7fdWindows This strike sends a malware sample known as lcloader. This malware is a dropper that downloads and installs other malicious applications.6d5ab7fd9c7e0a755f150d71ddf833ce1187afbfa0a16fbe7de0e6214d7439aab1c1575e 6d5ab7fd9c7e0a755f150d71ddf833ce 743375f8d3d42ed1fb2b02193e4366d718edd0b8b6b70ad0c69d937392bb82c9 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-t3j01Telegrab_a5674177Windows This strike sends a malware sample known as Telegrab. This malware exfiltrates credentials, cookies, and text files, as well as hijacks the target's session, contact, and chat information from the Telegram instant messaging service.a567417724ae27331bf7cfca92f45b0eb8702e5dc54fdbe19f33bdd1c69d61ad6335c808 a567417724ae27331bf7cfca92f45b0e b8cd344fd7d8dd400db31f981b8a11b0aabe6b118d9aa498aa269144b441eb96 https://blog.talosintelligence.com/2018/05/telegrab.html
M18-6ca01Prepscram_a4bd12a5Windows This strike sends a malware sample known as Prepscram. This malware is a software bundler that installs other unwanted software applications.a4bd12a5b05889224e74cb7fae357577b2036a272d15037cc9d28704521de1fd2dce9fa3 a4bd12a5b05889224e74cb7fae357577 f4eef29cd1e43843cfc1d0533d2c518dbbb5982093d6d1c6f576e02549e28b60 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-flq02Johnnie_87415e93Windows This strike sends a malware sample known as Johnnie. The Johnnie or Mikey malware family is known both for persistence and having a plugin architecture.87415e93b076103606aa7c1d6b3a25c6bfa94a43a49fd02ea1a43f75350648fb75747410 87415e93b076103606aa7c1d6b3a25c6 9eedaac111db1f28fc90300e2ecf417368595ebca2763a211fe1bb356527f06e https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-8vf02Johnnie_8bbd2da8Windows This strike sends a malware sample known as Johnnie. The Johnnie or Mikey malware family is known both for persistence and having a plugin architecture.8bbd2da831681bc36a787fafc5ebf4a27a16c99e3ed598627cd55d73d65f890e9fba80be 8bbd2da831681bc36a787fafc5ebf4a2 3f78f88330bfd6eaa889ffc2332b91235a4fb8bb364d0b076b6ebfb51f8f02ef https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-ijd01Johnnie_3eea8bceWindows This strike sends a malware sample known as Johnnie. The Johnnie or Mikey malware family is known both for persistence and having a plugin architecture.3eea8bce112ec9e8b1e44e86898209b739c6c68ae839a7b8a81f64812727d101635fae3d 3eea8bce112ec9e8b1e44e86898209b7 d89080318573953ea0e0c2654a14252c70daa368ed3c81f6fd1aaeb2b2bcdeeb https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-nv201Snojan_4f681589Windows This strike sends a malware sample known as Snojan. Snojan is a downloader that downloads additional malware to execute.4f6815892d0438e73f1ba6dd717aa2ae1b5eae44a54491c2199bf88d16486caf3755afe7 4f6815892d0438e73f1ba6dd717aa2ae 8c28892b44b95c2f04ceedb0be68e8fdaa6eb444b2f1fd9f1db5eed9be8a4147 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-17f01Prepscram_103c27faWindows This strike sends a malware sample known as Prepscram. This malware is a software bundler that installs other unwanted software applications.103c27fa758f6f9ad15455ed5f638790221d2c04ba8815a8cb99ada416ce5ce2dab41124 103c27fa758f6f9ad15455ed5f638790 e5946260399e55af6a5e21a696c3790e7aaf6653869b73885ab7b93116dff677 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-bw001Fareit_af3c06f0Windows This strike sends a malware sample known as Fareit. Fareit steals and harvests credentials from the targeted system. This information is then exfiltrated to a C2 server.af3c06f050382913e38f4177345a8808e3d77111887e85f2b2c5a0975876c8954a49a9c3 af3c06f050382913e38f4177345a8808 1b6d23ded662ec5bfb5d34904fda6f337be2069557dddc139e69d48672bf5c96 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-lh001Telegrab_efd2fbd9Windows This strike sends a malware sample known as Telegrab. This malware exfiltrates credentials, cookies, and text files, as well as hijacks the target's session, contact, and chat information from the Telegram instant messaging service.efd2fbd9bfccc94d9bfb3be9430d218b3c567b0f5bf0f2010b8aea09186312507b9fb226 efd2fbd9bfccc94d9bfb3be9430d218b 683aca7614f51d52e2121e240dd2d5fc72858d7dbc6e27f97be83a987f9c5103 https://blog.talosintelligence.com/2018/05/telegrab.html
M18-smu01lcloader_8d3cd586Windows This strike sends a malware sample known as lcloader. This malware is a dropper that downloads and installs other malicious applications.8d3cd5866ca85b4008507fdb445e0a3dd092ab86ce83a79f0a580488239459b16268db1d 8d3cd5866ca85b4008507fdb445e0a3d 524c3716396d539e0ab0b4801fe784e81a32395a9ce0222cd4ab8348831c2a70 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-kv801lcloader_cc7fb184Windows This strike sends a malware sample known as lcloader. This malware is a dropper that downloads and installs other malicious applications.cc7fb1844e3ab2bf0b39bc625c91ab806d38dd51548bdd9003e8e7d38123d58c71bc9ec6 cc7fb1844e3ab2bf0b39bc625c91ab80 f573a18c7b57275b2737e62c5c0468acf688a9c2fad9a3c5b83d5209bc96cceb https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-ma101Betabot_b01137b5Windows This strike sends a malware sample known as Betabot. Initially a banking trojan, this current iteration of Betabot leverages CVE-2017–11882 as the exploit entry point to deliver the next stage payloads. This exploit allows for an attacker to embed an OLE object in an RTF file which then executes commands on the infected system. Once infected it employs anti-debugging, anti-vm, and anti-analysis techniques to ensure it is safe to continue running. It also communicates with C2 servers to relay sensitive information back to the attackers and receive future commands.b01137b556e968582730f9fe4186de087eb8bb9e4a63cfbfd9ac421f68a37a34e74353cd b01137b556e968582730f9fe4186de08 0f16a492f4444d0ce3ebf781a8ac1247e6bec6d8e2b91ee0e0b1fa886f251d7a https://www.securityweek.com/multi-layered-infection-attack-installs-betabot-malware https://medium.com/@woj_ciech/betabot-still-alive-with-multi-stage-packing-fbe8ef211d39
M18-48p01lcloader_5f2bdd77Windows This strike sends a malware sample known as lcloader. This malware is a dropper that downloads and installs other malicious applications.5f2bdd7760cfd638e7d606fa26336e65551e1988b54e62dba95499e1f7cab223cab7d801 5f2bdd7760cfd638e7d606fa26336e65 800a0533147b774a1fd6940e948772ec20114ad4d2856ae1160dd09708695b38 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-sbj01Betabot_13ae5af7Windows This strike sends a malware sample known as Betabot. Initially a banking trojan, this current iteration of Betabot leverages CVE-2017–11882 as the exploit entry point to deliver the next stage payloads. This exploit allows for an attacker to embed an OLE object in an RTF file which then executes commands on the infected system. Once infected it employs anti-debugging, anti-vm, and anti-analysis techniques to ensure it is safe to continue running. It also communicates with C2 servers to relay sensitive information back to the attackers and receive future commands.13ae5af773e63f65d5b0748676fcff75c3f979f797284114452308751a7aaa163501357c 13ae5af773e63f65d5b0748676fcff75 a26df1557a76f75dc81bfde9e5038097df129bd2ece1a6a0f61434321fd73e4e https://www.securityweek.com/multi-layered-infection-attack-installs-betabot-malware https://medium.com/@woj_ciech/betabot-still-alive-with-multi-stage-packing-fbe8ef211d39
M18-lro01Triton_27c69aa3Mixed This strike sends a malware sample known as Triton. This sample is part of the attack framework that was designed to interact with Triconex Safety Instrumented System (SIS) controllers. The attackers have controller over the SIS functions allowing for the ability to reprogram its logic, interrupt operating processes and shutdown functionality. This poses a great risk to human safety and operational downtime.27c69aa39024d21ea109cc9c9d944a0466d39af5d61507cf7ea29e4b213f8d7dc9598bed 27c69aa39024d21ea109cc9c9d944a04 758598370c3b84c6fbb452e3d7119f700f970ed566171e879d3cb41102154272 https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html
M18-ks201VPNFilter_19dd8b95Linux This strike sends a malware sample known as VPNFilter. The VPNFilter malware is a multi-stage, modular platform with versatile capabilities to support both intelligence-collection and destructive cyber attack operations. This is stage 2 of the malware.19dd8b95fcca498582642f5a0b2fc58b0752c7e01025cf3689ce283e0389d388f7268048 19dd8b95fcca498582642f5a0b2fc58b 37e29b0ea7a9b97597385a12f525e13c3a7d02ba4161a6946f2a7d978cc045b4 https://blog.talosintelligence.com/2018/05/VPNFilter.html
M18-zat01Fareit_a2e59eb1Windows This strike sends a malware sample known as Fareit. Fareit steals and harvests credentials from the targeted system. This information is then exfiltrated to a C2 server.a2e59eb136406bc3bb5c88784c43c7344aa6abfca24c568ff88ca45b29c37dee5bf4aaaf a2e59eb136406bc3bb5c88784c43c734 a9ae093f49608d3220681a69f8873156369f86a4b5dbb135a5ed295dfb01a6df https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-3x401Snojan_dcad2ea9Windows This strike sends a malware sample known as Snojan. Snojan is a downloader that downloads additional malware to execute.dcad2ea93cde58fa619211dede708ace64434820bbbaf522a7a949923bd812ba6378e29d dcad2ea93cde58fa619211dede708ace 80382158e2bb303c7e046d5144fa0f49d3c525f84fde81f4bb9fbb8e162927f5 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-csq01lcloader_29d0c225Windows This strike sends a malware sample known as lcloader. This malware is a dropper that downloads and installs other malicious applications.29d0c22533cb5f17982e0c61f6835f20ba8f5190437c3b85e2003f81036686587f51803e 29d0c22533cb5f17982e0c61f6835f20 ac1164f631b5ca03ee6e2dd39a492ca0b49c9d14a2ae4b2714e135ed48669dbf https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-vsc01Telegrab_cab2fea4Windows This strike sends a malware sample known as Telegrab. This malware exfiltrates credentials, cookies, and text files, as well as hijacks the target's session, contact, and chat information from the Telegram instant messaging service.cab2fea4a7b22afe32f681ac789261b937b6297980725e5f0c62cf35b843fa804f923779 cab2fea4a7b22afe32f681ac789261b9 0f44cbc19862c6a2208d506564c3a3676e22c8203d2f3055a88c00c00ebf1c1e https://blog.talosintelligence.com/2018/05/telegrab.html
M18-ztk01Snojan_9c06e769Windows This strike sends a malware sample known as Snojan. Snojan is a downloader that downloads additional malware to execute.9c06e7699bdd5f4163e7cfa86fdcc8620cc99cdc08fa29fe2f351c475e82b7195958980e 9c06e7699bdd5f4163e7cfa86fdcc862 cf30e3d3df78f487c056a09d220ea29ee17f1478304146f1395dcd4273db6deb https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-a8b01Betabot_76c94647Mixed This strike sends a malware sample known as Betabot. Initially a banking trojan, this current iteration of Betabot leverages CVE-2017–11882 as the exploit entry point to deliver the next stage payloads. This exploit allows for an attacker to embed an OLE object in an RTF file which then executes commands on the infected system. Once infected it employs anti-debugging, anti-vm, and anti-analysis techniques to ensure it is safe to continue running. It also communicates with C2 servers to relay sensitive information back to the attackers and receive future commands.76c94647524188152c6488600cc438b07ad2e8fb058e9c49bb24585ec4e55ee245f583ac 76c94647524188152c6488600cc438b0 3b15e835ec20c66ffebdd3486cd8673c833e07ff2816bec17fa8b1343e6cad7b https://www.securityweek.com/multi-layered-infection-attack-installs-betabot-malware https://medium.com/@woj_ciech/betabot-still-alive-with-multi-stage-packing-fbe8ef211d39
M18-oc901Fareit_2cd3107cWindows This strike sends a malware sample known as Fareit. Fareit steals and harvests credentials from the targeted system. This information is then exfiltrated to a C2 server.2cd3107ccc49c68ff0b2a376f2d0a75a3c0a4f7ba290b725e5c680c450aa8ddaa177a472 2cd3107ccc49c68ff0b2a376f2d0a75a 2e7d24541da31ab5a130cf7df030e1c3d2ee31241713cd2a55733ac2557888fb https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-1zh01Telegrab_5d096a99Windows This strike sends a malware sample known as Telegrab. This malware exfiltrates credentials, cookies, and text files, as well as hijacks the target's session, contact, and chat information from the Telegram instant messaging service.5d096a99c597457295bd44c1597f3e053741cedcfc6e810767413d14b9b29ce18e0ede96 5d096a99c597457295bd44c1597f3e05 e6fa65c97244ff34348b958bb53c2046897d4c5137d06a9dff327597f5b5430f https://blog.talosintelligence.com/2018/05/telegrab.html
M18-n3301Snojan_841d1734Windows This strike sends a malware sample known as Snojan. Snojan is a downloader that downloads additional malware to execute.841d17349909f02a561d847f8628ae67f4840ad7a800564e7886b8ae4db4d1ffb0d7a828 841d17349909f02a561d847f8628ae67 5a6a4807e91e3a706999d60a44cadd362f89ec94ff19088b24aad9239c676f78 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-hcx01Fareit_6ed25474Windows This strike sends a malware sample known as Fareit. Fareit steals and harvests credentials from the targeted system. This information is then exfiltrated to a C2 server.6ed254744f0d92f3baac916b30a9ffae0e29bdd0b2772fb135e480e5d3b1d37b0ab61e8f 6ed254744f0d92f3baac916b30a9ffae 87cd1118be63b7fc999c715f5a54877b72db273cff33d95427518a489959a755 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-ylo01lcloader_73b8864cWindows This strike sends a malware sample known as lcloader. This malware is a dropper that downloads and installs other malicious applications.73b8864cff3649fc5a41189ab8346821dd4b52e9f349fc0bab24acc487e8c08dac2cd98e 73b8864cff3649fc5a41189ab8346821 c08e6b6708db6621a434275fa085516873cdd6ff39e818b741891b2377dfca2d https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-hpx01CVE-2018-4990_bd23ad33Mixed This strike sends a malware sample known as CVE-2018-4990. This sample is an Adobe Acrobat Reader Pdf parser zero day vulnerability. This vulnerability allows the attacker to use javascript to escalate their privileges on the victim machine and execute code.bd23ad33accef14684d42c32769092a00d3f335ccca4575593054446f5f219eba6cd93fe bd23ad33accef14684d42c32769092a0 4b672deae5c1231ea20ea70b0bf091164ef0b939e2cf4d142d31916a169e8e01 https://www.welivesecurity.com/2018/05/15/tale-two-zero-days/ https://srcincite.io/blog/2018/05/21/adobe-me-and-a-double-free.html
M18-89z01Johnnie_2ad5fb97Windows This strike sends a malware sample known as Johnnie. The Johnnie or Mikey malware family is known both for persistence and having a plugin architecture.2ad5fb97059de2eb57382f3ecbd7a415509688f40911edf983052cfc7df0c9e0fcf8438a 2ad5fb97059de2eb57382f3ecbd7a415 26e6871828aba6f30916bbcc6d8d60d9320f11d791993fe7fec1c7ecfa1cd733 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-0hw01Fareit_156d6c7dWindows This strike sends a malware sample known as Fareit. Fareit steals and harvests credentials from the targeted system. This information is then exfiltrated to a C2 server.156d6c7ddeb6b8b52ccd818d5db22b8712a0633786b3fb1331c7532f103a64085330732f 156d6c7ddeb6b8b52ccd818d5db22b87 bb8213867ea8ba9a16071d4e4f817fdf66f70e2a18a7fea1791efa885701ba87 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-n6j01Telegrab_78b83cc8Windows This strike sends a malware sample known as Telegrab. This malware exfiltrates credentials, cookies, and text files, as well as hijacks the target's session, contact, and chat information from the Telegram instant messaging service.78b83cc8c8a51c2fa8f24a445de5eab52cefae78adf0f66e0eb978ac69dc2b2230cdc547 78b83cc8c8a51c2fa8f24a445de5eab5 cb5abc9a8ef7936892e4627fe4d94d28120bb653002c1fd6f1a449ce86d9e909 https://blog.talosintelligence.com/2018/05/telegrab.html
M18-11s01Fareit_27a3a50cWindows This strike sends a malware sample known as Fareit. Fareit steals and harvests credentials from the targeted system. This information is then exfiltrated to a C2 server.27a3a50c60274ccba96c4e78875d02af2d71e4bda765b0ad4e98d674e84f4f23f22e520e 27a3a50c60274ccba96c4e78875d02af 47f7b3ccdc0a8a91da054181d31a15f756762608e577750bd4c90c892fd47768 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-r7601Telegrab_1147d6e2Windows This strike sends a malware sample known as Telegrab. This malware exfiltrates credentials, cookies, and text files, as well as hijacks the target's session, contact, and chat information from the Telegram instant messaging service.1147d6e22ec5865dfa510e2feed7ad9657c82eb1882d54497acd2654aa6d71b2330b2322 1147d6e22ec5865dfa510e2feed7ad96 3e6044de4c65c6e4290d22a03c8c67c18dbc264de0b8da0f4a8711415073fe15 https://blog.talosintelligence.com/2018/05/telegrab.html
M18-f0001lcloader_5c95be5aWindows This strike sends a malware sample known as lcloader. This malware is a dropper that downloads and installs other malicious applications.5c95be5ab1b08c1a60b65588af2fde52b7cccd1caea42fa5da226d98f6599fa895febf2b 5c95be5ab1b08c1a60b65588af2fde52 7b7bce1098190011792b81b744fb21870fc99f3060882112a305b153d7140d4a https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-24k01Fareit_9f481f87Windows This strike sends a malware sample known as Fareit. Fareit steals and harvests credentials from the targeted system. This information is then exfiltrated to a C2 server.9f481f87c945651c2dd129f32240f561f57735f82b5e175f50df8043c9bdfa7551c6dc0b 9f481f87c945651c2dd129f32240f561 90c33b025fea52ec12cab793625eccf08fc55e544976d8aeed82c883c78ea8d6 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-okm01Johnnie_80278898Windows This strike sends a malware sample known as Johnnie. The Johnnie or Mikey malware family is known both for persistence and having a plugin architecture.802788985b6a46cb2ccce5cd04d5d0196d2f54b0dcb0599c9a1769e13cf76abc176d50f6 802788985b6a46cb2ccce5cd04d5d019 cb9be6bbc4bf545cdbfb87585289197202bcd5cfb31aa88813bad0277756a175 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-fuk01Telegrab_4c4529a9Windows This strike sends a malware sample known as Telegrab. This malware exfiltrates credentials, cookies, and text files, as well as hijacks the target's session, contact, and chat information from the Telegram instant messaging service.4c4529a917c628bd1f9c89934f03c73bf59ba84892709f6091b95913b3c456493c4b5785 4c4529a917c628bd1f9c89934f03c73b bb3219959f1e25a415adf56481be96da1145c03e347d8852de310070256a09cc https://blog.talosintelligence.com/2018/05/telegrab.html
M18-xvo01VPNFilter_92d47495Linux This strike sends a malware sample known as VPNFilter. The VPNFilter malware is a multi-stage, modular platform with versatile capabilities to support both intelligence-collection and destructive cyber attack operations. This is stage 2 of the malware.92d47495c92d8c5dba107163df2bb21260a5b825c197a8788b8934c31e7453bd9a87e452 92d47495c92d8c5dba107163df2bb212 8a20dc9538d639623878a3d3d18d88da8b635ea52e5e2d0c2cce4a8c5a703db1 https://blog.talosintelligence.com/2018/05/VPNFilter.html
M18-c2u01Snojan_3a6b77c6Windows This strike sends a malware sample known as Snojan. Snojan is a downloader that downloads additional malware to execute.3a6b77c6b8fc8d5046f03a5883853a7d067692b7eed7f525ce2bf02f4fc25702569b6b0c 3a6b77c6b8fc8d5046f03a5883853a7d ad71f36a2cfdd5cd113a12009ef4e56e21fe028ac449841ab2effa87292292ec https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-f7401Telegrab_1bb01194Windows This strike sends a malware sample known as Telegrab. This malware exfiltrates credentials, cookies, and text files, as well as hijacks the target's session, contact, and chat information from the Telegram instant messaging service.1bb01194f9eb7ca39fab94d820c19fb765fe7d3a04e96cad57bd534f042e63184cad9434 1bb01194f9eb7ca39fab94d820c19fb7 a9e4d7aa5b6d83943aa4845dc467040ae4cd223ef603a5ab2d1896d9c2573932 https://blog.talosintelligence.com/2018/05/telegrab.html
M18-fz501VPNFilter_93ff3674Linux This strike sends a malware sample known as VPNFilter. The VPNFilter malware is a multi-stage, modular platform with versatile capabilities to support both intelligence-collection and destructive cyber attack operations. This is stage 2 of the malware.93ff367439becebd9d71c3e12041c95ea0d9f148e319fb604d7a70f4b482a2d9d06232fb 93ff367439becebd9d71c3e12041c95e 0649fda8888d701eb2f91e6e0a05a2e2be714f564497c44a3813082ef8ff250b https://blog.talosintelligence.com/2018/05/VPNFilter.html
M18-wzm01Typeframe_77b50bb4Windows This strike sends a malware sample known as Typeframe. This malware has been associated with the North Korean government group known as HIDDEN COBRA. It has the capability to download and install malware, install proxies, RATS, and utilizes C2 for additional functionality.77b50bb476a85a7aa30c962a389838aadf466a1f473c7c5eba5f22d90822fd1430b6a244 77b50bb476a85a7aa30c962a389838aa 3c809a10106990ba93ec0ed3b63ec8558414c6680f6187066b1aacd4d8c58210 https://threatpost.com/hidden-cobra-strikes-again-with-custom-rat-smb-malware/132375/ https://www.us-cert.gov/ncas/analysis-reports/AR18-165A
M18-ajy01Johnnie_e785debeWindows This strike sends a malware sample known as Johnnie. The Johnnie or Mikey malware family is known both for persistence and having a plugin architecture.e785debe1def27b788eac5e737004e053fc63ccb4015e6c0f8b36a87f16de3d4441eb0cc e785debe1def27b788eac5e737004e05 5fbe25ba6c8e8a52932053adaa22028ac2ddc3f14b187884bd40f8a0f3d02cf8 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-34l01Triton_28816695Mixed This strike sends a malware sample known as Triton. This sample is part of the attack framework that was designed to interact with Triconex Safety Instrumented System (SIS) controllers. The attackers have controller over the SIS functions allowing for the ability to reprogram its logic, interrupt operating processes and shutdown functionality. This poses a great risk to human safety and operational downtime.288166952f934146be172f6353e9a1f5d6e997a4b6a54d1aeedb646731f3b0893aee4b82 288166952f934146be172f6353e9a1f5 1a2ab4df156ccd685f795baee7df49f8e701f271d3e5676b507112e30ce03c42 https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html
M18-qj001lcloader_0906b7d8Windows This strike sends a malware sample known as lcloader. This malware is a dropper that downloads and installs other malicious applications.0906b7d8eb1bbece6cb2cfc287ecd0ea3ee6fcbbb88b94bb5608c4994f961e8d03483289 0906b7d8eb1bbece6cb2cfc287ecd0ea 94afc3856a03eab297025cfc6f5f3ed81cb81a925b745103b619d409baeb4b13 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-3jq01Telegrab_e65227a7Windows This strike sends a malware sample known as Telegrab. This malware exfiltrates credentials, cookies, and text files, as well as hijacks the target's session, contact, and chat information from the Telegram instant messaging service.e65227a76685fed53ad88e5a1da851b6be3955886fe802c0c04c5c5e4cee3e72f6e2fe7b e65227a76685fed53ad88e5a1da851b6 2a990c1e97b0329b2c4f75766314d1fe91f554b3ac524d4229b6068d007c8e33 https://blog.talosintelligence.com/2018/05/telegrab.html
M18-r9n01VPNFilter_42d891bcLinux This strike sends a malware sample known as VPNFilter. The VPNFilter malware is a multi-stage, modular platform with versatile capabilities to support both intelligence-collection and destructive cyber attack operations. This is stage 2 of the malware.42d891bcdee9588f8ed5d27456896a5eb0e0853d1aa3c318627f92bec64fe7d42490cb3a 42d891bcdee9588f8ed5d27456896a5e 9eb6c779dbad1b717caa462d8e040852759436ed79cc2172692339bc62432387 https://blog.talosintelligence.com/2018/05/VPNFilter.html
M18-9pa01lcloader_06bfde89Windows This strike sends a malware sample known as lcloader. This malware is a dropper that downloads and installs other malicious applications.06bfde89502a746ceeda9c9ee99ecd8f581394bdc62db15297b04cb2b40b5bc221e71f22 06bfde89502a746ceeda9c9ee99ecd8f 44eeef3be66e7530c1201ade7a5e9e8ea15066bc91916173aa104d4576ce4b18 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-xt001Telegrab_285a0a18Windows This strike sends a malware sample known as Telegrab. This malware exfiltrates credentials, cookies, and text files, as well as hijacks the target's session, contact, and chat information from the Telegram instant messaging service.285a0a18b1538be114eb834d4a10dc75d854358be4e4d3cb5f454d2bd257260adb8e88af 285a0a18b1538be114eb834d4a10dc75 831b7b91b48c5c745b04731949c1ed32a2e9e68df66b6cc7f9e0b1fb0c6df5eb https://blog.talosintelligence.com/2018/05/telegrab.html
M18-49601Fareit_28b9d06cWindows This strike sends a malware sample known as Fareit. Fareit steals and harvests credentials from the targeted system. This information is then exfiltrated to a C2 server.28b9d06cc8f83132266d9897d4a6c45bda2c43b53803afe8a7752bfb743f5903ac23e1c2 28b9d06cc8f83132266d9897d4a6c45b 3c2c7e48c16c4f9ba5238d397243f0aac758a37feea57f08ae0df78a957324da https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-p3j01Fareit_9a98af19Windows This strike sends a malware sample known as Fareit. Fareit steals and harvests credentials from the targeted system. This information is then exfiltrated to a C2 server.9a98af19bd82730a0bb170169b59a42571ca51e0693c09517ddecaef44c23ce08150df1d 9a98af19bd82730a0bb170169b59a425 27d159cc11b0eab97c37e8cde3c13cd2d7e9720e7ffa41a7e8451d08c8e9da0a https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-ad501Telegrab_9ed45e95Windows This strike sends a malware sample known as Telegrab. This malware exfiltrates credentials, cookies, and text files, as well as hijacks the target's session, contact, and chat information from the Telegram instant messaging service.9ed45e952a0150c487aaed9b97d3eb4bcc49022afd7cc4c90c5a8b684d769ae5c692b1a6 9ed45e952a0150c487aaed9b97d3eb4b 57bdbb582ad09382aa3d4e015269eddd56f7d712d11cde58cf0debac9fcd1829 https://blog.talosintelligence.com/2018/05/telegrab.html
M18-0e901Johnnie_8678a08fWindows This strike sends a malware sample known as Johnnie. The Johnnie or Mikey malware family is known both for persistence and having a plugin architecture.8678a08f960ae6561d8f4ea9dc5183ae7a35759b6033da68494519f16a24c956d77448ce 8678a08f960ae6561d8f4ea9dc5183ae 62e97b12781c36ac029176ce7b10cbfcf6fd58ff4552025aa1d8fc60bcde4bee https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-el501Prepscram_8c20ffbcWindows This strike sends a malware sample known as Prepscram. This malware is a software bundler that installs other unwanted software applications.8c20ffbce869f50bf08df5cc9d5ebcf4ddaade1086d77cfdaa0b15105e75cd1401c52485 8c20ffbce869f50bf08df5cc9d5ebcf4 a1d8ff6306950d4a55402737a42f613a0eccc5fce66c7aa0a60d11c2ca598525 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-c6m01Telegrab_6e9212e6Windows This strike sends a malware sample known as Telegrab. This malware exfiltrates credentials, cookies, and text files, as well as hijacks the target's session, contact, and chat information from the Telegram instant messaging service.6e9212e6f1c8d08891e325b33549037971ad6de1cece3cc014627f5780ee61d8a0fd93b9 6e9212e6f1c8d08891e325b335490379 6d728e557152d8f5613ca8ea06329f1a08e8e13923ed0fa0a5142c3dd7cb0155 https://blog.talosintelligence.com/2018/05/telegrab.html
M18-67f01Telegrab_76c06910Windows This strike sends a malware sample known as Telegrab. This malware exfiltrates credentials, cookies, and text files, as well as hijacks the target's session, contact, and chat information from the Telegram instant messaging service.76c069104ecbf8f71840fde95a61b897becc8c255ec4b70087a49c28ae2bcca61fda3502 76c069104ecbf8f71840fde95a61b897 4ebf3e5afa85a48a34cf0e344c685c9f97d59c002d54eb3ee19d6b79bae9e4dd https://blog.talosintelligence.com/2018/05/telegrab.html
M18-ax001Telegrab_8dd7b27cWindows This strike sends a malware sample known as Telegrab. This malware exfiltrates credentials, cookies, and text files, as well as hijacks the target's session, contact, and chat information from the Telegram instant messaging service.8dd7b27ca8d407721ac023132556e768b5fd990207d82c21cac12adab8df53349927853d 8dd7b27ca8d407721ac023132556e768 a5dbbbc7996967cf7f16f998fab6dbc09a087082a0d17287418b8ffc2b6228f3 https://blog.talosintelligence.com/2018/05/telegrab.html
M18-1zf01VPNFilter_8e74e36bLinux This strike sends a malware sample known as VPNFilter. The VPNFilter malware is a multi-stage, modular platform with versatile capabilities to support both intelligence-collection and destructive cyber attack operations. This is stage 2 of the malware.8e74e36ba104389aa6dc4d4429bcf0cff16c48ead435d2574abd2e18836681ba2ce788e7 8e74e36ba104389aa6dc4d4429bcf0cf 776cb9a7a9f5afbaffdd4dbd052c6420030b2c7c3058c1455e0a79df0e6f7a1d https://blog.talosintelligence.com/2018/05/VPNFilter.html
M18-fqv03Snojan_0a8951f3Windows This strike sends a malware sample known as Snojan. Snojan is a downloader that downloads additional malware to execute.0a8951f3995432c4e4e4963bbe9bc6b6dcab0d7dcddbd2c50537883ca693e45e9f8ecbc7 0a8951f3995432c4e4e4963bbe9bc6b6 c6739a0e1151cb69ab43089901da6c5f1b932dc41048d02e4bd242b0e38e91fc https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-l4s01NavRAT_7c53c4d2Windows This strike sends a malware sample known as NavRAT. This malware is a RAT that downloads, uploads, and execute commands and keylogging on the target system. It uses Naver to communicate with the attackers by sending and retrieving files through email and attachments.7c53c4d23f2f92f6c5ee9c1d0158a6c947e676f43ae179e825e4a5f2bdf30c67f1732f54 7c53c4d23f2f92f6c5ee9c1d0158a6c9 e0257d187be69b9bee0a731437bf050d56d213b50a6fd29dd6664e7969f286ef https://blog.talosintelligence.com/2018/05/navrat.html
M18-50101lcloader_e3e16ea9Windows This strike sends a malware sample known as lcloader. This malware is a dropper that downloads and installs other malicious applications.e3e16ea93eea5e5a12dad06206793757d4121f457df8e4c6d9e28c1450c76812bc5abb1d e3e16ea93eea5e5a12dad06206793757 2f6f1cf599cef00e89b826b408f62d0949dc3dd8a1f6ef7b64a4d3368f7f0e6b https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-dni01Johnnie_fd55d185Windows This strike sends a malware sample known as Johnnie. The Johnnie or Mikey malware family is known both for persistence and having a plugin architecture.fd55d18583c73c88b5453aa5a197b102273032e5bd7112d56f84c30fbe92c0fbb740d801 fd55d18583c73c88b5453aa5a197b102 d7e0958d2eaa5f17e0ffc2ee6a4549401c30b381499df3a52384ef04023e0c80 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-n7b01Triton_f6b3a73cMixed This strike sends a malware sample known as Triton. This sample is part of the attack framework that was designed to interact with Triconex Safety Instrumented System (SIS) controllers. The attackers have controller over the SIS functions allowing for the ability to reprogram its logic, interrupt operating processes and shutdown functionality. This poses a great risk to human safety and operational downtime.f6b3a73c8c87506acda430671360ce15a6357a8792e68b05690a9736bc3051cba4b43227 f6b3a73c8c87506acda430671360ce15 5c776a33568f4c16fee7140c249c0d2b1e0798a96c7a01bfd2d5684e58c9bb32 https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html
M18-mee01Prepscram_a99dfa9cWindows This strike sends a malware sample known as Prepscram. This malware is a software bundler that installs other unwanted software applications.a99dfa9cf18a8f05f72471d84a01be0ab97272370f72e7f7a1f8ca2e368cd6d954f3e11d a99dfa9cf18a8f05f72471d84a01be0a 3bc6b0ea5ea71bbb67be5d06fb4d6bc7f5398f11bf2802bd381a645033e45922 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-86601lcloader_f4650df2Windows This strike sends a malware sample known as lcloader. This malware is a dropper that downloads and installs other malicious applications.f4650df2560799597c82f05ba564c45ca4dd689ff7f67703fa4a99d23be87b840aebba29 f4650df2560799597c82f05ba564c45c a4f236efc26615e3ade5ff9c961d698b0aafc40b1b257a441dccd8ca060dfa90 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-sxs01VPNFilter_97444b52Linux This strike sends a malware sample known as VPNFilter. The VPNFilter malware is a multi-stage, modular platform with versatile capabilities to support both intelligence-collection and destructive cyber attack operations. This is the stage 3 of the malware.97444b5209278ed611e6a94076e814c8a5e0d0ebe41683619d1b9802149f0403b1a7d8be 97444b5209278ed611e6a94076e814c8 f8286e29faa67ec765ae0244862f6b7914fcdde10423f96595cb84ad5cc6b344 https://blog.talosintelligence.com/2018/05/VPNFilter.html
M18-f5g01Telegrab_2e3a97b1Windows This strike sends a malware sample known as Telegrab. This malware exfiltrates credentials, cookies, and text files, as well as hijacks the target's session, contact, and chat information from the Telegram instant messaging service.2e3a97b13373c357c320f2eb4ba44f8ac7fda35b8a847ed8bd2773547c8f8af207414256 2e3a97b13373c357c320f2eb4ba44f8a 005bdb6b31dc26406694749f1de59d5cce330de603e8b407c80e8ff7dddda4a3 https://blog.talosintelligence.com/2018/05/telegrab.html
M18-s4e01Telegrab_49d9db42Windows This strike sends a malware sample known as Telegrab. This malware exfiltrates credentials, cookies, and text files, as well as hijacks the target's session, contact, and chat information from the Telegram instant messaging service.49d9db42163a25b5dcaec2f9021506b88d4396d25617e187ac1c46a20b94abb95868350a 49d9db42163a25b5dcaec2f9021506b8 c9c46a0f78abc1de95af1f26dd7c357146ce8ce462bd450617c138a81c2e119d https://blog.talosintelligence.com/2018/05/telegrab.html
M18-69r01lcloader_52900583Windows This strike sends a malware sample known as lcloader. This malware is a dropper that downloads and installs other malicious applications.52900583bc73310075a1ea79dc7d7084b0bcdb34b335959ec296efc17fd098000f458e05 52900583bc73310075a1ea79dc7d7084 d721a98df1592e152d2a096ca936bbe776d76e013478ceebac99114b07330e89 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-ugx01Johnnie_1799a8d3Windows This strike sends a malware sample known as Johnnie. The Johnnie or Mikey malware family is known both for persistence and having a plugin architecture.1799a8d396ffde4388cb1bc449b945003bb6638efdbac8fe480bf0ab98fb73e3457ea08e 1799a8d396ffde4388cb1bc449b94500 36b5297734e9ca147c71985b649d0f49fcc0324d2b61cefda1135fd9a5ffa0d2 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-bwu01Johnnie_21c4fd53Windows This strike sends a malware sample known as Johnnie. The Johnnie or Mikey malware family is known both for persistence and having a plugin architecture.21c4fd5316b6b5e3406f3b33c2a8cb06e33e4cc19cac474c84bff9f29cce4f5aa3ea1328 21c4fd5316b6b5e3406f3b33c2a8cb06 25c14e5ea990fee7091433ea8050caecb60be93c81d54100506ed23bb472bb8e https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-3q101Fareit_960b304eWindows This strike sends a malware sample known as Fareit. Fareit steals and harvests credentials from the targeted system. This information is then exfiltrated to a C2 server.960b304e5604ae26a1727e81c9f158dd88bd8bced31288ff35e35ba2dc81dbca7d95f753 960b304e5604ae26a1727e81c9f158dd db88e8ce7f0015c132e1a5924c0d51888b3c7edad698d7dd99a62408dded21d4 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-iu801Johnnie_02c1b455Windows This strike sends a malware sample known as Johnnie. The Johnnie or Mikey malware family is known both for persistence and having a plugin architecture.02c1b455b6d8ea93c7343ae87dbf10ee68e4116675161dc33a1551a650d5f33898327d29 02c1b455b6d8ea93c7343ae87dbf10ee 50dcb2e7e9f7443099dc66ea5f0c1c73f25af3425c7365fc8f58ec43b0f28d71 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-72f01Johnnie_34647139Windows This strike sends a malware sample known as Johnnie. The Johnnie or Mikey malware family is known both for persistence and having a plugin architecture.346471399a069ea886a231b6f5461700f711dcaef5333d83f76c8cf990bdad49f4c43f42 346471399a069ea886a231b6f5461700 023789cfc258b2d9bae00e94de0f1ee96f33f20a98415421d63f64be90e4b236 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-o8301VPNFilter_5f358afeLinux This strike sends a malware sample known as VPNFilter. VPNFilter malware is a multi-stage, modular platform with versatile capabilities to support both intelligence-collection and destructive cyber attack operations. This sample is the first stage of the malware.5f358afee76f2a74b1a3443c6012b27b4ac8d962c6072b77f157c5d6459b887a658d66d5 5f358afee76f2a74b1a3443c6012b27b 0e0094d9bd396a6594da8e21911a3982cd737b445f591581560d766755097d92 https://blog.talosintelligence.com/2018/05/VPNFilter.html
M18-r0801Snojan_5ad21cc0Windows This strike sends a malware sample known as Snojan. Snojan is a downloader that downloads additional malware to execute.5ad21cc033b7b24ec8e473548a5d2f419341bdeb461a1c285ee079263a2170d4117a6463 5ad21cc033b7b24ec8e473548a5d2f41 5761e20e73dadf7be05f7fafcb40d9b816885c8331fc69448eab3965ac8ae940 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-zcw01Johnnie_743614ffWindows This strike sends a malware sample known as Johnnie. The Johnnie or Mikey malware family is known both for persistence and having a plugin architecture.743614ff54d5a439351fc41e1f9cf0cb25c92c3308acb82de505e47dc585c6b351fd2661 743614ff54d5a439351fc41e1f9cf0cb 87ee726e7e84443d44cfcaaf2151938d7cbb04b2dbb60669c6a843ecf51588e6 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-l8801lcloader_29e4e21aWindows This strike sends a malware sample known as lcloader. This malware is a dropper that downloads and installs other malicious applications.29e4e21a2002abcf6075a572f6930c27ef1cf1a563c92607d80b1113c2e9f2723619ba67 29e4e21a2002abcf6075a572f6930c27 8054fdaa9d6c198ee592d03b236c3e78272f699e3149b288f8a1a4109a5aadd9 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-vr201lcloader_62c7c24fWindows This strike sends a malware sample known as lcloader. This malware is a dropper that downloads and installs other malicious applications.62c7c24f6f9b1d47083b25a7941fb9e5f9c0e5b780ed24e86b7f7a81f69d122406e53a15 62c7c24f6f9b1d47083b25a7941fb9e5 2b0fb049cb28726bef4586260e67d28e627ddc5421691d0fd32cce9a487d35ce https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-yuk01lcloader_2668e631Windows This strike sends a malware sample known as lcloader. This malware is a dropper that downloads and installs other malicious applications.2668e631dbe392bdf751a518950d3a69c674afb80d82d11badc23e6b8fd9a295b128ccd9 2668e631dbe392bdf751a518950d3a69 7b4abf2b425c28e2130cb43022fb18ca52c545f28cd74fff09db9a6ff4082b56 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-rzt01Prepscram_bd8ac9a3Windows This strike sends a malware sample known as Prepscram. This malware is a software bundler that installs other unwanted software applications.bd8ac9a30d2354323ce9ab295bcb5018577e8123471149ee31cce3243b078d8f5e991747 bd8ac9a30d2354323ce9ab295bcb5018 42691432711dfe36fcb46fbf93395e41bcb7afc7c6b57bf7295471dbf1928e9a https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-52x01VPNFilter_b5dc9760Linux This strike sends a malware sample known as VPNFilter. The VPNFilter malware is a multi-stage, modular platform with versatile capabilities to support both intelligence-collection and destructive cyber attack operations. This is the stage 3 of the malware.b5dc976043db9b42c9f6fa889205c68a4fcb3f9cdf5a6150cc111ac8f6ae0b273c0f740e b5dc976043db9b42c9f6fa889205c68a afd281639e26a717aead65b1886f98d6d6c258736016023b4e59de30b7348719 https://blog.talosintelligence.com/2018/05/VPNFilter.html
M18-hy601Fareit_5f97eef1Windows This strike sends a malware sample known as Fareit. Fareit steals and harvests credentials from the targeted system. This information is then exfiltrated to a C2 server.5f97eef1dd8f1fe5c73fa3464b6e0ff2cc7d68cfc86f9576bd38e45158a1e193499095d4 5f97eef1dd8f1fe5c73fa3464b6e0ff2 c7f53968de7b8c7c0f8311c9df55717844afe6f63a8e4ab7f0fddc6b31c5aa7e https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-ed501Betabot_20fc1511Mixed This strike sends a malware sample known as Betabot. Initially a banking trojan, this current iteration of Betabot leverages CVE-2017–11882 as the exploit entry point to deliver the next stage payloads. This exploit allows for an attacker to embed an OLE object in an RTF file which then executes commands on the infected system. Once infected it employs anti-debugging, anti-vm, and anti-analysis techniques to ensure it is safe to continue running. It also communicates with C2 servers to relay sensitive information back to the attackers and receive future commands.20fc1511a310ece324e40381e49f49c2fade8742aff2ec995852ae4044606fb1033a5df9 20fc1511a310ece324e40381e49f49c2 aa60923ae33b8627654eb9bfb9979cb80456a3ff4f35101e81fc9744da814c52 https://www.securityweek.com/multi-layered-infection-attack-installs-betabot-malware https://medium.com/@woj_ciech/betabot-still-alive-with-multi-stage-packing-fbe8ef211d39
M18-y8j01Telegrab_73eaa00fWindows This strike sends a malware sample known as Telegrab. This malware exfiltrates credentials, cookies, and text files, as well as hijacks the target's session, contact, and chat information from the Telegram instant messaging service.73eaa00f19c779466d97d4a3a8f52b9762136a06e7f3c8f505da10bb92adcaf8709d1731 73eaa00f19c779466d97d4a3a8f52b97 2c365caa7c41a871c5a32c357ffb832ef9fa1cf72f0033c84e9a4a4bdaeae992 https://blog.talosintelligence.com/2018/05/telegrab.html
M18-qt601Prepscram_a123d345Windows This strike sends a malware sample known as Prepscram. This malware is a software bundler that installs other unwanted software applications.a123d345b730755d4aea16bb64bb11f2958941d51120b13d8d7e62180bf0573bfd2bf38a a123d345b730755d4aea16bb64bb11f2 6fd913f9e1684e763628aa1faab9b414688f62692db53b3d6edcdb041a598445 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-49q01Prepscram_03ae7821Windows This strike sends a malware sample known as Prepscram. This malware is a software bundler that installs other unwanted software applications.03ae7821379e7c3972b1bbb027a3bc3bf132abaf75bb945515e7df79a75381fa88b2828e 03ae7821379e7c3972b1bbb027a3bc3b 14a27e53d748dd5a180f31283a24c420e0cf201f7deaf77140c9e07954fbc7e1 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-j8701VPNFilter_45871badLinux This strike sends a malware sample known as VPNFilter. VPNFilter malware is a multi-stage, modular platform with versatile capabilities to support both intelligence-collection and destructive cyber attack operations. This sample is the first stage of the malware.45871bad3a9b4594fc3de39e4b5930adcbf45c52046564af6fa40b65bc41725e23935cd7 45871bad3a9b4594fc3de39e4b5930ad 50ac4fcd3fbc8abcaa766449841b3a0a684b3e217fc40935f1ac22c34c58a9ec https://blog.talosintelligence.com/2018/05/VPNFilter.html
M18-trr01Telegrab_0e128af0Windows This strike sends a malware sample known as Telegrab. This malware exfiltrates credentials, cookies, and text files, as well as hijacks the target's session, contact, and chat information from the Telegram instant messaging service.0e128af01efcdc96c6114e3317e1f01eb2a9d03f50cad11f4d691aceb5eaf162822007f5 0e128af01efcdc96c6114e3317e1f01e da0d0bc24c204e5771f4d7334b322caed6cb0021b719741900b94d91fe01a7c4 https://blog.talosintelligence.com/2018/05/telegrab.html
M18-b7s01Triton_e98f4f35Mixed This strike sends a malware sample known as Triton. This sample is part of the attack framework that was designed to interact with Triconex Safety Instrumented System (SIS) controllers. The attackers have controller over the SIS functions allowing for the ability to reprogram its logic, interrupt operating processes and shutdown functionality. This poses a great risk to human safety and operational downtime.e98f4f3505f05bf90e17554fbc97bba997e785e92b416638c3a584ffbfce9f8f0434a5fd e98f4f3505f05bf90e17554fbc97bba9 2c1d3d0a9c6f76726994b88589219cb8d9c39dd9924bc8d2d02bf41d955fe326 https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html
M18-9o501VPNFilter_4912aad5Linux This strike sends a malware sample known as VPNFilter. The VPNFilter malware is a multi-stage, modular platform with versatile capabilities to support both intelligence-collection and destructive cyber attack operations. This is stage 2 of the malware.4912aad5e79c78bc143e71633df9c17b4abb20f92c04e1118e356936f36359620e998de7 4912aad5e79c78bc143e71633df9c17b 9683b04123d7e9fe4c8c26c69b09c2233f7e1440f828837422ce330040782d17 https://blog.talosintelligence.com/2018/05/VPNFilter.html
M18-82w01Johnnie_e14c8286Windows This strike sends a malware sample known as Johnnie. The Johnnie or Mikey malware family is known both for persistence and having a plugin architecture.e14c82866520db0232738719d1513723462aab0944a9b500f8249b0632989bedbe8bfce2 e14c82866520db0232738719d1513723 6ee5b5dcc0bbf0ea59be2a87d413f31c7775b44fa50787c6fef594f34666e757 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-sre01Fareit_6447cdc8Windows This strike sends a malware sample known as Fareit. Fareit steals and harvests credentials from the targeted system. This information is then exfiltrated to a C2 server.6447cdc8ce12d1f7fa1a84c6c710fae49e76aded2dc46e3b85cbf448671f2d2b4d35e0da 6447cdc8ce12d1f7fa1a84c6c710fae4 c98038f1367e8fced0f902e73ea97dfe07d6b2863ce5fad439e87f3a75eee2d2 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-xdm02Snojan_cf2a17a5Windows This strike sends a malware sample known as Snojan. Snojan is a downloader that downloads additional malware to execute.cf2a17a5201b19b505cbbfda659a608f7260dc13654a9242248a8356154e79905f59c615 cf2a17a5201b19b505cbbfda659a608f 3e7df4da29ac871c46a77e4bbc4dc1c080f73370a7db820cd6fc87884db7bf89 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-aqo01Prepscram_dbc747aaWindows This strike sends a malware sample known as Prepscram. This malware is a software bundler that installs other unwanted software applications.dbc747aa10c5e3a290f7c77af6d5e8e43179dcd4f81c3de7bca0648741030fe5ac251fe1 dbc747aa10c5e3a290f7c77af6d5e8e4 5c1d23211ee3e6fe222ad1e017aa56f00cdfb64678f1ffb457489e70dbbfa511 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-96501Prepscram_093983e0Windows This strike sends a malware sample known as Prepscram. This malware is a software bundler that installs other unwanted software applications.093983e05bec3760c8438a8fdfe8a7c9a102492d891bca14d6842460d0209deadd3296e3 093983e05bec3760c8438a8fdfe8a7c9 e47008ae92769ad08f74ef5ff7b6f97b0b018479adff00a5041b02adb71f3bf8 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-3gj01Johnnie_07b843fdWindows This strike sends a malware sample known as Johnnie. The Johnnie or Mikey malware family is known both for persistence and having a plugin architecture.07b843fd0ace78912cfd1bc8d2e3ebe9dde7d25a156e3f9cfa83ca5ba227e298ed084d3d 07b843fd0ace78912cfd1bc8d2e3ebe9 2c874006199614655a153045793254888ceb0d0aa68c0d40b56351f54b0fab68 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-fd201Johnnie_44baa0f6Windows This strike sends a malware sample known as Johnnie. The Johnnie or Mikey malware family is known both for persistence and having a plugin architecture.44baa0f6d0b05dbff6c40ae23ac65cfee4903728b6e191200a4c0bd9163e2234a1edfc80 44baa0f6d0b05dbff6c40ae23ac65cfe 1ff912cfaf566f4e5a76a8a53f5e423a78df1dc9e187c5485b894665f847e563 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-ear01Prepscram_a7b746a3Windows This strike sends a malware sample known as Prepscram. This malware is a software bundler that installs other unwanted software applications.a7b746a3ceb4e821b0eea7779faf75c245cfaef6539fbbc214fd6e7f8f760c911ee8b74a a7b746a3ceb4e821b0eea7779faf75c2 afce18cdd76a0e3e36dd2d9639fa1ba4f616952c1cc69e1d06089155d773a947 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-htw01Prepscram_f8536bebWindows This strike sends a malware sample known as Prepscram. This malware is a software bundler that installs other unwanted software applications.f8536beb4387ef5834ffa4ed90c40b64412ed2fe78da0919864a9a052990e9c3f3724c75 f8536beb4387ef5834ffa4ed90c40b64 d7fe56e6ce270a796adb2d14db0d2d4c7b02845737fa1973c6f790eefc3260ac https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-9oy01Telegrab_3d4b2979Windows This strike sends a malware sample known as Telegrab. This malware exfiltrates credentials, cookies, and text files, as well as hijacks the target's session, contact, and chat information from the Telegram instant messaging service.3d4b297960c1cbd19ab5f6bbd118f2eb846062421a29fa93585fd0b672af46c355c5bff6 3d4b297960c1cbd19ab5f6bbd118f2eb 04235dc68d798863ca1177864c7dba300cf1def2c6eb79885338fc8279b8aa49 https://blog.talosintelligence.com/2018/05/telegrab.html
M18-hyr01Prepscram_2bcfd52aWindows This strike sends a malware sample known as Prepscram. This malware is a software bundler that installs other unwanted software applications.2bcfd52a5722d20d4d5c70647ecabe81ff32c816ecaccbd774e0e2975f9d5c2ff8931fbe 2bcfd52a5722d20d4d5c70647ecabe81 fbc0a54ab9d6e1317867d478f765c4648ee0c3f156a4aaf29d851fa20b48d61f https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-3gm01Johnnie_47913652Windows This strike sends a malware sample known as Johnnie. The Johnnie or Mikey malware family is known both for persistence and having a plugin architecture.479136526f50f9023262253c0c9d66bb66d0bb7b7e03753800252625a1878df95748444b 479136526f50f9023262253c0c9d66bb 9e9b6c508e2d483b6ca8461a9629e9f0f7b452c7463248bc8879b880a5cb40cf https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-khv01Snojan_d6b981a9Windows This strike sends a malware sample known as Snojan. Snojan is a downloader that downloads additional malware to execute.d6b981a98055927e501d00e9de448e49bb2c1d3bf47f278f51ed1e9631e45644b7da5b0a d6b981a98055927e501d00e9de448e49 5a74303325990d5beb7f46f91429a6178fb1fbb0daf64e82d72906608b8a1e90 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-pye01Snojan_3c52608dWindows This strike sends a malware sample known as Snojan. Snojan is a downloader that downloads additional malware to execute.3c52608d4cc67a6e03dbe4ecfda6e9f108d15b59514ddf276312a7f9cb0724dc714c7a13 3c52608d4cc67a6e03dbe4ecfda6e9f1 cec042b98f1ca6d223a4a3ce911098493ef656c7f628e0404325b5f143fd26b8 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-dkq01lcloader_0b21e209Windows This strike sends a malware sample known as lcloader. This malware is a dropper that downloads and installs other malicious applications.0b21e2096c16628022453b25ef21d4fb4c8cf44666b1e3bab2c4553f54a659605b74c605 0b21e2096c16628022453b25ef21d4fb 9148c9000dfd4a1fe9a1fb64301c84eba312b578bc2c605ca1644169f8ab8916 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-cv401Johnnie_16204082Windows This strike sends a malware sample known as Johnnie. The Johnnie or Mikey malware family is known both for persistence and having a plugin architecture.162040829bbec6c20f8d89a7433902943419a68177c6c50466b5dce1cefa14421e513607 162040829bbec6c20f8d89a743390294 a14c508538dba4e05fcac66ddcfc1aaf4454507907523ba7d0983380e0a153da https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-mbb01Telegrab_5d317d35Windows This strike sends a malware sample known as Telegrab. This malware exfiltrates credentials, cookies, and text files, as well as hijacks the target's session, contact, and chat information from the Telegram instant messaging service.5d317d35fa28721ad3c6e71180eb8b70a800cbbf890e9e7aedf4524cb5dc56c40769f76f 5d317d35fa28721ad3c6e71180eb8b70 a9822090b68066332178fcd8fbaaf706ad478e0a7a5b50e1b99bda52bc6ab081 https://blog.talosintelligence.com/2018/05/telegrab.html
M18-5g101lcloader_d8ddfe99Windows This strike sends a malware sample known as lcloader. This malware is a dropper that downloads and installs other malicious applications.d8ddfe99893d0ca81ca7703dccebaafde88138530620890e3f60403e762d17968c1e83dd d8ddfe99893d0ca81ca7703dccebaafd ef50d5e5dcc2a1ea6f546304b266b5c8960b0ee9c87305fc63c3cca26019d7d6 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-k4m01Telegrab_7543e861Windows This strike sends a malware sample known as Telegrab. This malware exfiltrates credentials, cookies, and text files, as well as hijacks the target's session, contact, and chat information from the Telegram instant messaging service.7543e86119ff9e36669093694059567eb765a6b998c5c7190f237ea8d7f29e48fcfb2b2a 7543e86119ff9e36669093694059567e 286b7bf5ab74a5ed919b2caff250084e35ace2df1ed1b1c9e4ea556ba73f9e1b https://blog.talosintelligence.com/2018/05/telegrab.html
M18-otd01Fareit_c13cc2e3Windows This strike sends a malware sample known as Fareit. Fareit steals and harvests credentials from the targeted system. This information is then exfiltrated to a C2 server.c13cc2e3d78d8ebaa6a6e9156b7c0093987e05ee30e7f9b2ef3c31743461ddf8b9b85efe c13cc2e3d78d8ebaa6a6e9156b7c0093 b5eee79eb0cddb48fedce82ed4ae4ba364b995a97c536d528c739b01d7503eb4 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-oa101Snojan_0f8050ccWindows This strike sends a malware sample known as Snojan. Snojan is a downloader that downloads additional malware to execute.0f8050cc67eadf105266c85755210f25a0305d00f9c890d2f5b230fd9b92544acf7ff984 0f8050cc67eadf105266c85755210f25 5c712a999755291a8cd0204a2e18cf876117e10074d89c8ba1f4fbafaf4fcaf0 https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
M18-h8h01Prepscram_1c5609ffWindows This strike sends a malware sample known as Prepscram. This malware is a software bundler that installs other unwanted software applications.1c5609ffe66501dfc51df8e28610dcea62f819548d07ee7162224389b8a24c1a3f76ae36 1c5609ffe66501dfc51df8e28610dcea e7010999238fd3cc2cc144b4ba09e0affc6362811cd76d27dd55848b266f6388 https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
M18-ps001Telegrab_6456e99cWindows This strike sends a malware sample known as Telegrab. This malware exfiltrates credentials, cookies, and text files, as well as hijacks the target's session, contact, and chat information from the Telegram instant messaging service.6456e99c2391858484317ca4346d346d31308de4449701e05e3086fff255e8003cf7e6ec 6456e99c2391858484317ca4346d346d 2e608a18562ad0427b02cc225db8703eb55be189bf2bccc9250b3b30022fdd90 https://blog.talosintelligence.com/2018/05/telegrab.html

Malware Strikes May - 2018

Back to top
Strike ID Malware Platform Info MD5 External References
M18-ahq01Gandcrab_fec25d8fWindows This strike sends a malware sample known as Gandcrab.fec25d8f61087a4b55cf5d0299b6d37c79480e0f6b896d8eb9105f02cd47652486ece2d1 fec25d8f61087a4b55cf5d0299b6d37c 9ba83f1273348883e47f60b3497d14f259656d366cd9c38be1b15c99a4887433 https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-nyk01Trickbot_5fe7ef0eMixed This strike sends a malware sample known as Trickbot. TrickBot is a banking trojan which shares similarities with Dyre banking trojan. It is used by crooks to target customers of Australian banks.5fe7ef0e15a4e9468018e0a76457d159e07fca5f3053740be0eb6fb4ffbcc1c20671b2f3 5fe7ef0e15a4e9468018e0a76457d159 76338d11807ec055ff238c0dbfcd9a7d68d8297713a90ee87b07fcfc248ebb53 https://myonlinesecurity.co.uk/trickbot-delivered-by-fake-natwest-bank-you-have-a-new-encrypted-message/ http://www.malware-traffic-analysis.net/2018/05/03/index2.html https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+malware+on+Friday+20180511/23653/
M18-kus01Gandcrab_f6784398Windows This strike sends a malware sample known as Gandcrab. Gandcrab is a popular ransomware that utilizes both spam campaigns and exploit kits like Rig and Gandsoft. It exhibits common ransomware functionality like encrypting users files, changing the desktop background and communicating with TOR.f67843981e331b4034352506bee0229366a193c0b3e4df38f86c926dcbf3d7f7a74094a6 f67843981e331b4034352506bee02293 07adce515b7c2d6132713b32f0e28999e262832b47abc26ffc58297053f83257 https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-4pz01Gandcrab_a9a0ec2fWindows This strike sends a malware sample known as Gandcrab. Gandcrab is a popular ransomware that utilizes both spam campaigns and exploit kits like Rig and Gandsoft. It exhibits common ransomware functionality like encrypting users files, changing the desktop background and communicating with TOR.a9a0ec2f171b9aa400912a80334b247069f9dbace88d98bc0f04b7c417db14a41ca8d97c a9a0ec2f171b9aa400912a80334b2470 0f8ac8620229e7c64cf45470d637ea9bb7ae9d9f880777720389411b75cbdc2e https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-2al01Gozi_1157a7a7Mixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.1157a7a75d7d16ed2aeb80e631d4f33a21714237b26c5002491c082928563c9a17d44100 1157a7a75d7d16ed2aeb80e631d4f33a a7b9ddd84fc86c1eb09feba86b773961cc1d459287eae364bbe750533ac5ceb9 http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-c9a01Gandcrab_c8c5d8d3Windows This strike sends a malware sample known as Gandcrab.c8c5d8d3c888b6f1b37a66d4aefb16cdb966d1e794d2dd3e23a875f3bcf1deb5b7b144b4 c8c5d8d3c888b6f1b37a66d4aefb16cd 5cd57d70b048fa751d8d093614cb86096567958778c7bd99ac6ff0355b699d19 https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-1i201Tiggre_0463b0f4Windows This strike sends a malware sample known as Tiggre. Tiggre is a trojan that functions as spyware. It communicates with an external C2C server to exfiltrate information from the victim machine.0463b0f4bbadb22c5ad2ee12c61d775fe311db6bbae2cd1e8d3e93c26e4a07430e510438 0463b0f4bbadb22c5ad2ee12c61d775f 939d208be5589007d24178a92620411e2c6d84387c790699e57cb52e063a5348 https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-yl001Tiggre_1953a870Windows This strike sends a malware sample known as Tiggre. Tiggre is a trojan that functions as spyware. It communicates with an external C2C server to exfiltrate information from the victim machine.1953a8706763f9914ad99f9b3faa894bdcbb45c5f196c4757d0375066a272bb242cafb82 1953a8706763f9914ad99f9b3faa894b b5ace9a48d9b304066b4d355921495cf32d3a8b303b2f82800ef11556b310474 https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-auw01Gandcrab_c855f0f8Windows This strike sends a malware sample known as Gandcrab.c855f0f81d41363566223a019989b4e8658003452a03f481f22bd219bf924304340b38ab c855f0f81d41363566223a019989b4e8 a17fba572e8a74bc22061711196df78b603d6a857f8b687f55da21296b3cbba3 https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-jq801Zbot_d20236bdWindows This strike sends a malware sample known as Zbot. Zbot also known as Zeus is a trojan often associated with stealing banking information by keystroke logging and form grabbing techniques.d20236bdd97732d43cade1ff0bdd9d4f91b5b15d8e45d7b11ad1327e73431c9a95523a23 d20236bdd97732d43cade1ff0bdd9d4f 28a2e64885f1aa2d81fefb0fda91ae7eb2801dfdbf4d9dc65f3848e4bdbf4d65 https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-ov401Trickbot_35464492Windows This strike sends a malware sample known as Trickbot. TrickBot is a banking trojan which shares similarities with Dyre banking trojan. It is used by crooks to target customers of Australian banks.35464492a9b2e63ac10e12d3babc89a7f07111a7819f527581f46d08b5f14f8cfc6b9d11 35464492a9b2e63ac10e12d3babc89a7 bb2e040bb2652fab5eeb175daf2dc69ce2661087e21cebd166bdcc501b2f0986 https://myonlinesecurity.co.uk/trickbot-delivered-by-fake-natwest-bank-you-have-a-new-encrypted-message/ http://www.malware-traffic-analysis.net/2018/05/03/index2.html https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+malware+on+Friday+20180511/23653/
M18-6jv01Yakes_ac0583a3Windows This strike sends a malware sample known as Yakes. Yakes sets up persistence and modifies Windows Firewall rules to allow for external communication with the attacker.ac0583a33033f9fd6f098e452ad4bba5c76dfba9fa26645c3c573e9e174126733a662057 ac0583a33033f9fd6f098e452ad4bba5 ed57490c6876bf5d420841bdf5bf79002c323ea29b1e4b74093eb40290abb821 https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-ro301Gandcrab_d795ec58Windows This strike sends a malware sample known as Gandcrab.d795ec58b5fb7b0bab59d30ea4f91cbbcb4e0c967caa7d41108121e8ea0f159448d087c2 d795ec58b5fb7b0bab59d30ea4f91cbb fd2de37d51a398725239f1c9943604506d52bb623ecfcbc40f6fb474cde9fbd0 https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-7wy01Zbot_fafa6a6cWindows This strike sends a malware sample known as Zbot. Zbot also known as Zeus is a trojan often associated with stealing banking information by keystroke logging and form grabbing techniques.fafa6a6c17ae6a340c7bc95ed8852b1a875a89c20f0cdd74877ea59170570463f3783a3a fafa6a6c17ae6a340c7bc95ed8852b1a 158a7f507f494481083c4137dbb11474d7d8625c4ca45d0554caa4fcbb903992 https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-1au01Gandcrab_b28cbc90Windows This strike sends a malware sample known as Gandcrab. Gandcrab is a popular ransomware that utilizes both spam campaigns and exploit kits like Rig and Gandsoft. It exhibits common ransomware functionality like encrypting users files, changing the desktop background and communicating with TOR.b28cbc90bee7153a2050a476b9f34ce12cc0ef187f9220986019f5887a0a65f368f8811a b28cbc90bee7153a2050a476b9f34ce1 ee24d0d69b4e6c6ad479c886bb0536e60725bfa0becdafecadafc10e7a231a55 https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-9cd01Gozi_0fccc1bfMixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.0fccc1bf870df0df3b48e0b0ed50e5d5b3a442888010182a411a7b19ebc21d55da83aecc 0fccc1bf870df0df3b48e0b0ed50e5d5 b0e2cef91b30ab96b6893659537a44986767272dfc2438af8281455af0f892e0 http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-80101Khalesi_19593933Windows This strike sends a malware sample known as Khalesi. Khalesi is a trojan that attempts to steal information from the victim once it has infiltrated the system unknowingly.19593933c209eec2099dded69a90f2365ce28621828a5a2d5dd990ee25c63df5e97899a2 19593933c209eec2099dded69a90f236 093bd942ba8d60e579f1f6ec68f997e609d1ec2d1dee37369ea61e33d175ab0b https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-csh01Yakes_72b43077Windows This strike sends a malware sample known as Yakes. Yakes sets up persistence and modifies Windows Firewall rules to allow for external communication with the attacker.72b43077691804a095d5292fd23f09387c5d31f7c94e4462c2616930136dcaaf6c981c4d 72b43077691804a095d5292fd23f0938 ac7b2901d2dffff27e27c4e2889f729496b94c4ffef3802391f7aefd837f6109 https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-64q01Zbot_7ef1998cWindows This strike sends a malware sample known as Zbot. Zbot also known as Zeus is a trojan often associated with stealing banking information by keystroke logging and form grabbing techniques.7ef1998c5c0089b2820604cb047275dba669f261b36fa4c7aef7fbadda7a24eb6ef549e0 7ef1998c5c0089b2820604cb047275db dd8c0af99b112521bfebdb19afa5fe130925d158703180063c2b2c027b8adbc9 https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-qyv01Tiggre_013012fdWindows This strike sends a malware sample known as Tiggre. Tiggre is a trojan that functions as spyware. It communicates with an external C2C server to exfiltrate information from the victim machine.013012fd487edc318eee686e02e012f8f43c45c4b6ec6b796899b16dbf56ca4a2d648b52 013012fd487edc318eee686e02e012f8 9cbb5dbb783671ffbfa65ce3b5053259536de48f0d64312e5c46e6cf49d9c901 https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-met01Gozi_2938c7b0Mixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.2938c7b076107ec91b55067eb4d46a369cc180d0c4da14cf4458f2f493401b8a7127f265 2938c7b076107ec91b55067eb4d46a36 ad5c791ae004cbb1aea0a71fe2f8bc014cba005e8a20e16042dd4f41169dede0 http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-an401Gandcrab_1af7f05cWindows This strike sends a malware sample known as Gandcrab.1af7f05c890dc620832bda0fb9a24507e40e442c2286ee13af43795ede7375abcea38e14 1af7f05c890dc620832bda0fb9a24507 e4b1789755f543b508745baaa7325e337e6b7f132cc5e051985ca677836cc571 https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-kyg01Yakes_94f816c4Windows This strike sends a malware sample known as Yakes. Yakes sets up persistence and modifies Windows Firewall rules to allow for external communication with the attacker.94f816c478fc8d649d3ab94c98dc3cfd26d67c7d41360af1db0f7dd8962f6a6253eaa4f0 94f816c478fc8d649d3ab94c98dc3cfd 3a5cff60f6dce5a0f264921838486ce9a7f48c2d897eb57886211bc99130d132 https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-llw01Trickbot_99246603Windows This strike sends a malware sample known as Trickbot. TrickBot is a banking trojan which shares similarities with Dyre banking trojan. It is used by crooks to target customers of Australian banks.99246603209088dc1a80d4c9cd30f2dbd1a7f86f975b6d80f7663397c8558d04f0e663cd 99246603209088dc1a80d4c9cd30f2db 8bf06a4c2ef57383efdc8fe9b9860c8ede70c63f158b1f58ea9f1fb564710f50 https://myonlinesecurity.co.uk/trickbot-delivered-by-fake-natwest-bank-you-have-a-new-encrypted-message/ http://www.malware-traffic-analysis.net/2018/05/03/index2.html https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+malware+on+Friday+20180511/23653/
M18-vce01Gandcrab_bbb97ca6Windows This strike sends a malware sample known as Gandcrab. Gandcrab is a popular ransomware that utilizes both spam campaigns and exploit kits like Rig and Gandsoft. It exhibits common ransomware functionality like encrypting users files, changing the desktop background and communicating with TOR.bbb97ca6460707a4f0fecd302a33c9ec3d48df2009d98d75dc88874cf95a49a5e58e4953 bbb97ca6460707a4f0fecd302a33c9ec 0b8618ea4aea0b213278a41436bde306a71ca9ba9bb9e6f0d33aca1c4373b3b5 https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-zu101OperationWindows This strike sends a malware sample known as Operation GhostSecret. Operation GhostSecret is a global data reconnaissance campaign that has targeted a multitude of industries. It utilizes multiple implants, tools, and malware that have been associated with the Hidden Cobra group.d1cced59ad97f0f7c0fad78a46cca1518f2918c721511536d8c72144eabaf685ddc21a35 d1cced59ad97f0f7c0fad78a46cca151 ae65288f5c96b4656402853b14acd1d060b2a6303d833df5b1f10cc7a34b0025 https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
M18-qyn01Tiggre_0183d96cWindows This strike sends a malware sample known as Tiggre. Tiggre is a trojan that functions as spyware. It communicates with an external C2C server to exfiltrate information from the victim machine.0183d96c2394af160ad0b0a029743ad90b26f7e1d220b9814da6bc20d3ac45ec8ec780fa 0183d96c2394af160ad0b0a029743ad9 876b2e195cbc70915501f15a41b6f4e5b447985683427ba36d392bb0907ad021 https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-7fn01Gozi_7ea4bef6Mixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.7ea4bef65f98165b6d04252025b0c9a511757e130582f7b9ed748f5f870264efa2af618c 7ea4bef65f98165b6d04252025b0c9a5 9248bf0411d30d4f1616f3a2d7a055b4692c87717033a36ab630ba20ff599489 http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-73e01Gozi_1f3383feMixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.1f3383fec72b09050d5433266233ba0c1b196a21b3146d6711528c27c4be0fc2bdf947b1 1f3383fec72b09050d5433266233ba0c 91f122e42535165233ef5657279eadcc15bd90e723a13fb1b51ab9096b6e582d http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-ia701Gozi_94ec8bacMixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.94ec8bac411ca35917a304d48e8e6cd6fc60bcd6b753cc65c7f3e333a7c5b3c9edd92222 94ec8bac411ca35917a304d48e8e6cd6 9a16fe595e5e8dbe0604fa4d307250e4f47a86e7793378b5df7b16891ff21bb1 http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-rur01Khalesi_0f0bc639Windows This strike sends a malware sample known as Khalesi. Khalesi is a trojan that attempts to steal information from the victim once it has infiltrated the system unknowingly.0f0bc639456214392d100f9ca595842e0604c072716a53d2a2c734c2ac9475509a92d007 0f0bc639456214392d100f9ca595842e 8c668d6ec3c6a619342d674e6f696403bcb872342fa17d7b18642861b4c9b596 https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-pgh01Zbot_8386f43bWindows This strike sends a malware sample known as Zbot. Zbot also known as Zeus is a trojan often associated with stealing banking information by keystroke logging and form grabbing techniques.8386f43bd354f0c1b034669460c1ad45360b03db629b3eedaa94cd012ae5902d4c5d6fa1 8386f43bd354f0c1b034669460c1ad45 5f9afad7831895772534737ac2c036b1b65d02a46bc0f91ea0ef2879de3ba8fb https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-odf01Zbot_6c726d6fWindows This strike sends a malware sample known as Zbot. Zbot also known as Zeus is a trojan often associated with stealing banking information by keystroke logging and form grabbing techniques.6c726d6fe0772001721380cfbe8cd9b27a2038c1b829c45cc76c51f4578a79e408c89208 6c726d6fe0772001721380cfbe8cd9b2 a3a4c038aa654a5dac595465222404deef3f133828f6209f42ea8395156205da https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-ct401Gandcrab_b5dc95bcWindows This strike sends a malware sample known as Gandcrab. Gandcrab is a popular ransomware that utilizes both spam campaigns and exploit kits like Rig and Gandsoft. It exhibits common ransomware functionality like encrypting users files, changing the desktop background and communicating with TOR.b5dc95bc340047eba2440b61212cb8d128e5f4690222e413b847b3ca3e7982df14ea662c b5dc95bc340047eba2440b61212cb8d1 521fcb199a36d2c3b3bac40b025c2deac472f7f6f46c2eef253132e9f42ed95d https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-jpy01Gozi_557b1b7fMixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.557b1b7fc85e307b26f3cad2aabcfbbc4c9984a254c5c453a591fbc09edc916a43bec505 557b1b7fc85e307b26f3cad2aabcfbbc 9ab27bf6a30dd835d19c438bee3feeede1749c0ba9ef42fd601830f3950beab6 http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-v7501Gandcrab_e9e25680Windows This strike sends a malware sample known as Gandcrab.e9e25680aa9c7a8f13fb91a50363e70e767d48b8622074b8f6689635c122aaf9db5861e8 e9e25680aa9c7a8f13fb91a50363e70e a332b560a01b6e07a5810ec6428314c23e426ea4292280ee0d06bfc2201ac47b https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-qze01Gandcrab_a0704048Windows This strike sends a malware sample known as Gandcrab. Gandcrab is a popular ransomware that utilizes both spam campaigns and exploit kits like Rig and Gandsoft. It exhibits common ransomware functionality like encrypting users files, changing the desktop background and communicating with TOR.a070404845b2028aa7a3f1c6976dfb17f4e9450d8c33a518785759e02287cb3493f0f563 a070404845b2028aa7a3f1c6976dfb17 a62bd1ff7efca64002d5831c3ea43cb713f8501e2c83bd30ab60d91047d45a72 https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-opd01Yakes_74dc67adWindows This strike sends a malware sample known as Yakes. Yakes sets up persistence and modifies Windows Firewall rules to allow for external communication with the attacker.74dc67adf3f446709dc7a2a2719ce0f2ea168f8331ce30c38b5800e13bc2fe5a857c422e 74dc67adf3f446709dc7a2a2719ce0f2 26498d8b242924cad96dea24b39d5df88850c24c5e567db646c8d20891e87ab2 https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-m1r01OperationWindows This strike sends a malware sample known as Operation GhostSecret. Operation GhostSecret is a global data reconnaissance campaign that has targeted a multitude of industries. It utilizes multiple implants, tools, and malware that have been associated with the Hidden Cobra group.87a9511137154886ee03610c7a346c59fe887fcab66d7d7f79f05e0266c0649f0114ba7c 87a9511137154886ee03610c7a346c59 45e68dce0f75353c448865b9abafbef5d4ed6492cd7058f65bf6aac182a9176a https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
M18-vaa01Khalesi_29f92283Windows This strike sends a malware sample known as Khalesi. Khalesi is a trojan that attempts to steal information from the victim once it has infiltrated the system unknowingly.29f92283750de72e762be0defcaaf7bc2375cd5381df116fcd4e548065a1a1f8e6d9d4f3 29f92283750de72e762be0defcaaf7bc 214252466a63120c1473180e5f4d2558f59a6a12aa8f3c38d3d5f45712965d7c https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-54d01Gozi_22d01354Mixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.22d013541f27c6b017f805caedc7e1b0f78e584d918e74e8e7ff343a8801b50324374cae 22d013541f27c6b017f805caedc7e1b0 ad2cddbefebafe1b676c5429ce39ab46cb7cb947fa7f4ce4437e2bf8dc177cb5 http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-jbb01Zbot_d4d7d671Windows This strike sends a malware sample known as Zbot. Zbot also known as Zeus is a trojan often associated with stealing banking information by keystroke logging and form grabbing techniques.d4d7d671d710093a703dd619ede3076fe8af2c1d9324657b8f3e551894c63626d94e40d9 d4d7d671d710093a703dd619ede3076f 03eaea48946117d85dde3d2a4668eb24b94323a255bc1fb7536b1de2bd888e74 https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-z3601Gozi_8cc99c96Mixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.8cc99c96034e8ceee56d25c5be6d34cb18bed7f3557e84c93c4e7837171bc655385fcdc6 8cc99c96034e8ceee56d25c5be6d34cb 956c3c0a8b57b2322cc7269e08c0ecab13772093b964f6637a28f26c087f2783 http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-53101Gozi_c507c9bfMixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.c507c9bf763fa29ecce8b09e2987707d0d0ba39278fe0baea8c5b58777c98d9ec7dc8de6 c507c9bf763fa29ecce8b09e2987707d a0cf68c10d1d9ce0e73208e6e6bad32b2405d2c74c662dc7b20f9b567c4dda64 http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-hhw01Gozi_e0cc6866Mixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.e0cc68661299ee7f8b728b502b068dedc1c6daa77ca105f36a52de957bc6336e7e637a84 e0cc68661299ee7f8b728b502b068ded ae80eba1667456db827400aee3639bc03380ce4dec806c4c1b0485ce96b99bae http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-7my01Yakes_a1c17363Windows This strike sends a malware sample known as Yakes. Yakes sets up persistence and modifies Windows Firewall rules to allow for external communication with the attacker.a1c1736310b46a2d7f58bfca1a625cc5ef6deb667ce0695e653a9b43aa7f2485847cb354 a1c1736310b46a2d7f58bfca1a625cc5 39cd2440d772085b1f2b84e524363a6e260eef6f2031300b9b6e02e433010419 https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-jqw01Zbot_4f081c61Windows This strike sends a malware sample known as Zbot. Zbot also known as Zeus is a trojan often associated with stealing banking information by keystroke logging and form grabbing techniques.4f081c61edfa65080a2499a20270ef40ccff9c543efa4ab05558b198375871d48546e569 4f081c61edfa65080a2499a20270ef40 59de88ff962f019ad7b0bc2b242120ff0c916743c975f74c169247809ae2cfa5 https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-rh201Gozi_214cf043Mixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.214cf04320b749b795c189cf7cd2d804462dcfe908d67f60c19d4a5b94653ab87b2078ef 214cf04320b749b795c189cf7cd2d804 9371809d87c41170ba8bfab3241f5b31d664035c9a249ba6541ff9cd57cb374e http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-rj601Gozi_2d3f197fMixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.2d3f197f5e7dfc7c56af4d06fbccd6989131894f6864961f886b08e94276014385a6806b 2d3f197f5e7dfc7c56af4d06fbccd698 9511cf49008d992c336dd4e0d944a307043f9ce47fa0323a04585145ea18c0cc http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-32i01Khalesi_2517ebe0Windows This strike sends a malware sample known as Khalesi. Khalesi is a trojan that attempts to steal information from the victim once it has infiltrated the system unknowingly.2517ebe0c580891adf464e0ea24d9be8096ebbc7fafca6ed4cc00bb0dd95adb70adb391c 2517ebe0c580891adf464e0ea24d9be8 db560e6239674b9b4ea242d13e83269bc7cc26972bfc36d1ca729a95bec86311 https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-bq801Khalesi_c4700969Windows This strike sends a malware sample known as Khalesi. Khalesi is a trojan that attempts to steal information from the victim once it has infiltrated the system unknowingly.c4700969a40e6a1235f92a4c08c52a22330e727a55b2ca6687ae32cbadbe07d463869190 c4700969a40e6a1235f92a4c08c52a22 f047a66647005edfb80ce99ce23dfab6874989081d3ff33c0795ccfddb47b0c7 https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-unt01Gozi_769bfb1fMixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.769bfb1fd8f5eb181846c6d55845fec639212552a49b7097a7f6409f80141adb14ef04be 769bfb1fd8f5eb181846c6d55845fec6 8d74ae7b6a50c748ded262a822aa429a65666b965862ff2f4edafcd3a6f622d8 http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-cf201Gandcrab_283586ceWindows This strike sends a malware sample known as Gandcrab.283586ce7ad44c33edcfb429ec5d3fc11edde685dc8c738144dca19ecc5a2efc7485fe64 283586ce7ad44c33edcfb429ec5d3fc1 4f5d759ad38c44b01c5442a985f25c10b2863ac890d26f42a3661a39eb6233d3 https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-rln01Gandcrab_568a7adeWindows This strike sends a malware sample known as Gandcrab.568a7ade9b4b0d68cab32cdba71f63fa1d867b5887c25c4c19ce8a7a84f3f43ffe1dbbe0 568a7ade9b4b0d68cab32cdba71f63fa 722d9b3b235c118fd93c35d76535310f32ef383037645f9539dd46eedbe908a1 https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-p3q01Yakes_8a8d85abWindows This strike sends a malware sample known as Yakes. Yakes sets up persistence and modifies Windows Firewall rules to allow for external communication with the attacker.8a8d85ab018fd30f5127dfacb48dad68daf1a20f61a3aa054e7adfde29566e48afd31982 8a8d85ab018fd30f5127dfacb48dad68 c2ff1b2e48e269a22f10d7a89d2483af007fad5ac21d417e213802aaa0403870 https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-0bw01Gozi_3a58e1ecMixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.3a58e1ecf150a64992b851b7142d895c4d022d61ff4b5935a67754ecf030bba117c63128 3a58e1ecf150a64992b851b7142d895c a65093c35d1647563f840e42893d09809311f34c3861c2c9db479109ee31df37 http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-n1e01Gozi_7e402697Mixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.7e4026976a304ad0530aac84e5393dc1b2d4507bcab81d3038726eff176ca4fef28bd6d6 7e4026976a304ad0530aac84e5393dc1 a9992d6d8a97f54e2b08ac58e0a50bacc6307033a91315e3ff1bc0a531b3876d http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-1or01Gozi_c9fd0454Mixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.c9fd045485efe0eefabc6d81b4369d2c7caedadb59379ed1d502a391e37b4869425a2e58 c9fd045485efe0eefabc6d81b4369d2c a6a8117150a1bcb6ec16b6c002a341ab54a912190421cb404d147438bf39474a http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-rjg01Tiggre_089379c5Windows This strike sends a malware sample known as Tiggre. Tiggre is a trojan that functions as spyware. It communicates with an external C2C server to exfiltrate information from the victim machine.089379c51b84146e32dd5c8da027e4a85fd75f156fa232633bc81a0a13b2c89a48ad9dd8 089379c51b84146e32dd5c8da027e4a8 ae6f4e3c68704c99db60617c09405ffcd914141f6147f7234bc5639105fb702b https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-f2o01Trickbot_f0bd265cWindows This strike sends a malware sample known as Trickbot. TrickBot is a banking trojan which shares similarities with Dyre banking trojan. It is used by crooks to target customers of Australian banks.f0bd265c4732a39c800c7f36c4f6d5cc664b0bb2e21dd167d3fd5ee6f804b188773f9ded f0bd265c4732a39c800c7f36c4f6d5cc 609cc34749da7ce6e8dbb3de9b7d0be03eca4cea63a4f3b1c383a3d483d0ecd6 https://myonlinesecurity.co.uk/trickbot-delivered-by-fake-natwest-bank-you-have-a-new-encrypted-message/ http://www.malware-traffic-analysis.net/2018/05/03/index2.html https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+malware+on+Friday+20180511/23653/
M18-dn101Gandcrab_e0e54e43Windows This strike sends a malware sample known as Gandcrab. Gandcrab is a popular ransomware that utilizes both spam campaigns and exploit kits like Rig and Gandsoft. It exhibits common ransomware functionality like encrypting users files, changing the desktop background and communicating with TOR.e0e54e43e3e06a67f73178e18abd65d8ca62959be02a0eeea5f77dbebaf6a69e6cc3580c e0e54e43e3e06a67f73178e18abd65d8 4b53ebc0f9a4678c012151171718731e98d45f806b170ca04c7b2510b0e7c116 https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-3g401Gozi_147b20ddMixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.147b20ddc572866fe34695b79fb70047b5c236c5040ecf8c24a09c47ae73307953fc130f 147b20ddc572866fe34695b79fb70047 ae81c89e16a9e3fbff5b2054441c090afdf659470127b79f9662a5a12732049c http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-8gm01Yakes_00c90337Windows This strike sends a malware sample known as Yakes. Yakes sets up persistence and modifies Windows Firewall rules to allow for external communication with the attacker.00c90337756cc68be0ba22c6fdb182cff2500f8b40ce92373e1556d8aa5918e753cf007f 00c90337756cc68be0ba22c6fdb182cf e5bf1ff23ec9b7977e28643ba1102adb96576166de6e749c15f0fd54e8379a45 https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-xhg01Gozi_9b6b9239Mixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.9b6b92395d9cf055dab9b7e66f846ee50bf1aff8aba805b348731ed52b047aa2e0982147 9b6b92395d9cf055dab9b7e66f846ee5 ab0f7d145f178f26444e9c5b1815911131a7f6ba4b41647280320a363e626b1a http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-ltb01Gandcrab_f11c2c3bWindows This strike sends a malware sample known as Gandcrab. Gandcrab is a popular ransomware that utilizes both spam campaigns and exploit kits like Rig and Gandsoft. It exhibits common ransomware functionality like encrypting users files, changing the desktop background and communicating with TOR.f11c2c3bd013d10f8cdfc43018327725a68da9e5696f18e5972665660553b72df7b79550 f11c2c3bd013d10f8cdfc43018327725 812a7387e6728f462b213ff0f6ccc3c74aff8c258748e4635e1ddfa3b45927f0 https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-cyh01Gandcrab_96dc3e20Windows This strike sends a malware sample known as Gandcrab. Gandcrab is a popular ransomware that utilizes both spam campaigns and exploit kits like Rig and Gandsoft. It exhibits common ransomware functionality like encrypting users files, changing the desktop background and communicating with TOR.96dc3e20ed8581139d1ee270041fe050a5909db80d5e1c1149d213bb1c29185fda4080a0 96dc3e20ed8581139d1ee270041fe050 ad48c3770736588b17b4af2599704b5c86ff8ae6dadd30df59ea2b1ccc221f9c https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-0tx01Gandcrab_915a65f6Windows This strike sends a malware sample known as Gandcrab.915a65f6454abb500fb45eed10a9049dfec6a781a66789f98f46abfc02d9e3046b8dd237 915a65f6454abb500fb45eed10a9049d ba7cc79a6b9ee4973b90ce17f4552a6c8a869ebcda495109e7558788f5dd4581 https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-z5q01Zbot_592bd612Windows This strike sends a malware sample known as Zbot. Zbot also known as Zeus is a trojan often associated with stealing banking information by keystroke logging and form grabbing techniques.592bd612a4f4cf06c17b62ea9b1919bb9bfd3a632d9fd5555a7c1b22cde06867d13fae59 592bd612a4f4cf06c17b62ea9b1919bb 908f86c043b0bb012e639d6c2b102a6af11288b7596c574abc4734213f5d95cb https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-7q201Yakes_8c886e8cWindows This strike sends a malware sample known as Yakes. Yakes sets up persistence and modifies Windows Firewall rules to allow for external communication with the attacker.8c886e8c458c2343f83b120f1cefbbfbd9106fec662c8e4a31a45b642fb925ea1f38d9c6 8c886e8c458c2343f83b120f1cefbbfb 50d4bc39a6a426f9980a64bc464703dabe3ea4fa183265c66cb3d1c8adf82ddf https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-a1x01Gozi_94d2add6Mixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.94d2add64b1e07760e8e4d19f5990a6d2304d54247853d33128b1606929b55c2e178b947 94d2add64b1e07760e8e4d19f5990a6d 90d3cad13e03fa3a586c84deacd68bf6ae37f60ea030d1efaea5fbacc1a1e93f http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-g3r01Gandcrab_265c7eceWindows This strike sends a malware sample known as Gandcrab.265c7ecec8d117a39b7480ae37d8c635dd42da294b64c6d455f7f75c32d99af1b6b35f45 265c7ecec8d117a39b7480ae37d8c635 a7250b307556cb0e6716312dce166ce8d6329cdbbe1e7a7ec7d9ad8dc37bef1c https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-oow01Khalesi_6d1fa5fcWindows This strike sends a malware sample known as Khalesi. Khalesi is a trojan that attempts to steal information from the victim once it has infiltrated the system unknowingly.6d1fa5fc36cf6dce7a44b002caf39794af193c9757fd499ff1859fb77f8b7b49ab15c2aa 6d1fa5fc36cf6dce7a44b002caf39794 f40486fa225ebc8fdfc133136453d84649860c55bdb03966f58500030c4d50d7 https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-7bs01Yakes_2c2b99adWindows This strike sends a malware sample known as Yakes. Yakes sets up persistence and modifies Windows Firewall rules to allow for external communication with the attacker.2c2b99ad896bb3ea3a79f8b04adab2f681a24d4bb6cccd310ed4749d8783be7fcc9f3d63 2c2b99ad896bb3ea3a79f8b04adab2f6 76dc4a0faea60ed479dca96a57faa6eb4249665d32f23530ae57ebe63a1911b3 https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-r7001Gandcrab_d87b1a40Windows This strike sends a malware sample known as Gandcrab.d87b1a406d3af5d9c512d270d11e24a517e8a3585cda464afcf0fde4052cfbf6e0024631 d87b1a406d3af5d9c512d270d11e24a5 6637106cacc9767350a3ad1518e513996accbf45daeb9bebdffb699ae2d89dac https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-d9x01Zbot_be863b62Windows This strike sends a malware sample known as Zbot. Zbot also known as Zeus is a trojan often associated with stealing banking information by keystroke logging and form grabbing techniques.be863b62e2e65ad4805c121e29f37e4097e316f8a383a00026d21df5b3abbeb2c380ade6 be863b62e2e65ad4805c121e29f37e40 48fcb5ce8670e1829205abd6a911937a9b591d079067c8b25f6867bac059897c https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-u8201Yakes_f228aa96Windows This strike sends a malware sample known as Yakes. Yakes sets up persistence and modifies Windows Firewall rules to allow for external communication with the attacker.f228aa9699a7b2fb309d9cbe5d86543cc15000828019a7baad9c54bccd42d9d9b1d83740 f228aa9699a7b2fb309d9cbe5d86543c 3015144e74631e7990953621367f33a673dea745154e904147532239ae5fedc6 https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-mz901Gozi_3df21381Mixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.3df2138116d2fedafb91816cd7167012d938099905038f767c2492672f489e5e66b8c39c 3df2138116d2fedafb91816cd7167012 904285c01b8b7fda39b5ffdad48101a2fb3c2ea82bc47d480383bf11ce926c7c http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-0l201Gandcrab_11cff7efWindows This strike sends a malware sample known as Gandcrab. Gandcrab is a popular ransomware that utilizes both spam campaigns and exploit kits like Rig and Gandsoft. It exhibits common ransomware functionality like encrypting users files, changing the desktop background and communicating with TOR.11cff7ef24061d8d59c6e1c2981a40e44a7f533c3206fc4fcbed10b3cf43e44a45db4548 11cff7ef24061d8d59c6e1c2981a40e4 d25d1aba05f4a66a90811c31c6f4101267151e4ec49a7f393e53d87499d5ea7a https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-f5801Gozi_4a1eb334Mixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.4a1eb3343df894ef4d6c4d63362896caf7fa8cc65e936f5a7d7f62a9b4eeb35d964eaf3e 4a1eb3343df894ef4d6c4d63362896ca 9032651ccf32fa0acad949d32bacd2220582ac13c364033641413457dbb3b3b9 http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-hsa01Zbot_d28aaf9eWindows This strike sends a malware sample known as Zbot. Zbot also known as Zeus is a trojan often associated with stealing banking information by keystroke logging and form grabbing techniques.d28aaf9e33387807d3c64a72136da64a3952a0d1b003d8d2eca86fe893a2d243049dee40 d28aaf9e33387807d3c64a72136da64a 7326ec6dcf89d8e86d797ab70d4a8ad1a08b672af0c0a45cfb315ef83685cf43 https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-7kr01Yakes_07050297Windows This strike sends a malware sample known as Yakes. Yakes sets up persistence and modifies Windows Firewall rules to allow for external communication with the attacker.070502977eae54e84de1f7017ad6d4cab754c853e09f8827548fca9691b4e63f36d27aff 070502977eae54e84de1f7017ad6d4ca d77b972781dcf37a1c6a8f3d17077db8ef83f01f0e6449595836dafde9dabd13 https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-20801Zbot_ef83ac1cWindows This strike sends a malware sample known as Zbot. Zbot also known as Zeus is a trojan often associated with stealing banking information by keystroke logging and form grabbing techniques.ef83ac1c99aeb5cfc8a33e87ee7bff09007f15c528e3d146d3ecd79fd69ec9647caae088 ef83ac1c99aeb5cfc8a33e87ee7bff09 f92989215865e61e5cfed94d716d37b4b9fdd92ddd3699ab269b2dad39d0e93a https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-8dx01Yakes_08d603deWindows This strike sends a malware sample known as Yakes. Yakes sets up persistence and modifies Windows Firewall rules to allow for external communication with the attacker.08d603dee6afb84312549c2a33b23561c4f30a40a2bddbde503804e38962f867e839a2a5 08d603dee6afb84312549c2a33b23561 c4a606577fe097b9f3eb9ad1bf3e3d95f917383c765ba929b428fdb8bd17f44c https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-j5701Gozi_a494c62dMixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.a494c62d136444826d33af373c59305c31082b96d15f45cc5408ad044ba03191a4bab937 a494c62d136444826d33af373c59305c 903b1d2fc5f0fd013506915bf31dccf18f96a12efbfa89fa0f27410b98197518 http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-uxc01Trickbot_45de8d04Mixed This strike sends a malware sample known as Trickbot. TrickBot is a banking trojan which shares similarities with Dyre banking trojan. It is used by crooks to target customers of Australian banks.45de8d0447d08540f140480468b61e80f0b3aeaddf8cbb0ec98309efcaafe427c8843eb2 45de8d0447d08540f140480468b61e80 64a73552356e540436bf362e68118615f3bea4e3bdb987e2bbd5b51570aa1f6f https://myonlinesecurity.co.uk/trickbot-delivered-by-fake-natwest-bank-you-have-a-new-encrypted-message/ http://www.malware-traffic-analysis.net/2018/05/03/index2.html https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+malware+on+Friday+20180511/23653/
M18-gc801Gandcrab_0cddd7f2Windows This strike sends a malware sample known as Gandcrab. Gandcrab is a popular ransomware that utilizes both spam campaigns and exploit kits like Rig and Gandsoft. It exhibits common ransomware functionality like encrypting users files, changing the desktop background and communicating with TOR.0cddd7f2e0f61895e40df348aa3c01ffb5bee3462c052963223681118d71f10c7d8c8a34 0cddd7f2e0f61895e40df348aa3c01ff 6a623b1e016fc0df94fe27a3eb9cc1128c5ee3831a7dcc8e4879427167a41501 https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-hw701Gozi_1e0220c4Mixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.1e0220c4b3b7df9f64f35de39aa9886c25b03486e53fd57f21be2b2dad2ff6375b60d9b6 1e0220c4b3b7df9f64f35de39aa9886c a3d86b86f08def93a12afbbcb1748d60859277c3515c2fbf211a1e0d9cf0998d http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-cx101Zbot_e04bd333Windows This strike sends a malware sample known as Zbot. Zbot also known as Zeus is a trojan often associated with stealing banking information by keystroke logging and form grabbing techniques.e04bd3333d506e459f6a4c63f85663acf753268393f59aa0f5c1025522bfe79b0dfcb40d e04bd3333d506e459f6a4c63f85663ac 8db0ff52b62f3f07bc3c7a359dd06cf78e875a18f8b5120107a7f39bed3243b9 https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-03v01Gozi_e6491fb8Mixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.e6491fb88600c6dad54a9bc22374d697b055ab57f2b0276d859be243a9240965637aa4bd e6491fb88600c6dad54a9bc22374d697 9e0ec586bb991db7b41440e6ab3988f7b379c17e7a8963e8f41ab153960b5b24 http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-2ll01Zbot_43bd5b45Windows This strike sends a malware sample known as Zbot. Zbot also known as Zeus is a trojan often associated with stealing banking information by keystroke logging and form grabbing techniques.43bd5b45e6df150410a70fbed737cb80d9a9ecca496a742ae21b9dd76aba2dadc18f0131 43bd5b45e6df150410a70fbed737cb80 1392b5afc478adfc11e6690ff6b6f9d55658bb2edf064b1cfbf655e674dcdc0f https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-jb801OperationWindows This strike sends a malware sample known as Operation GhostSecret. Operation GhostSecret is a global data reconnaissance campaign that has targeted a multitude of industries. It utilizes multiple implants, tools, and malware that have been associated with the Hidden Cobra group.35cd770bd67168229200933511eb45f433ffbc8d6850794fa3b7bccb7b1aa1289e6eaa45 35cd770bd67168229200933511eb45f4 05a567fe3f7c22a0ef78cc39dcf2d9ff283580c82bdbe880af9549e7014becfc https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
M18-uyy01Gozi_314e533eMixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.314e533e5f7af75fcb0da934290ae6e151575e91aeb11ad7fafdc25983c50f587f5b4a56 314e533e5f7af75fcb0da934290ae6e1 92121041f5102caa8e0d95a48c32161648fe54c0f839ec54c8faf1595b0ea3d3 http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-n0k01Yakes_0acbab83Windows This strike sends a malware sample known as Yakes. Yakes sets up persistence and modifies Windows Firewall rules to allow for external communication with the attacker.0acbab8343a3d181fc3b4010f76e17195151677dae4845c732d8c1da6c40ff1cd33bb123 0acbab8343a3d181fc3b4010f76e1719 cd5ac2fd508dc3db95995fc643090f73581d937ac7620e058b7bef011e5c7eed https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-cjg01Yakes_230bd074Windows This strike sends a malware sample known as Yakes. Yakes sets up persistence and modifies Windows Firewall rules to allow for external communication with the attacker.230bd0740782bd06802816e0bbc31c16a5e262d650cb9fc78f25b1b3db925fb45a3bdf71 230bd0740782bd06802816e0bbc31c16 0d6f846d3a96d84279a28b990201473882ffa08d733300b0da19e7897580d0e1 https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-5os01Gozi_0b42241dMixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.0b42241d62892e79ba105f81e2132c7ccd1d007ec54c80fd222d6e7fb847546af539deb7 0b42241d62892e79ba105f81e2132c7c a51dbcb87d67fc1edb0be26d35a632140383b47d2ba16c053825b551cf152f3d http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-ae001Gandcrab_7d24d9e0Windows This strike sends a malware sample known as Gandcrab.7d24d9e09f7b1313f5c5ef460864d6ea6174808d680374c03cf756fff66ba2ff81dda917 7d24d9e09f7b1313f5c5ef460864d6ea 82128b025ada18df07ae8ea6b24f3cb3a22ff91d8795a697cf03ca28f0601eb3 https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-jwj01Gozi_a55555ebMixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.a55555eb16d14828109fc31285a8fca367eca0a4a2e2589007d94ee23fc0f8d16a659572 a55555eb16d14828109fc31285a8fca3 8f4533d820eb7f55e55c9ddff65cb629b0bdbe97d0f14d25d5d820acd18938af http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-dsg01Yakes_32f79689Windows This strike sends a malware sample known as Yakes. Yakes sets up persistence and modifies Windows Firewall rules to allow for external communication with the attacker.32f796899006a838053f973f78999e8af3350cc9edb2712c6b56782a264202f86d64d392 32f796899006a838053f973f78999e8a bf131b8194cdc3073adc2913e3133d049361cc0d8ffd09161e71c537abbc9b46 https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-9wg01Zbot_c19c8f9eWindows This strike sends a malware sample known as Zbot. Zbot also known as Zeus is a trojan often associated with stealing banking information by keystroke logging and form grabbing techniques.c19c8f9ee84867cf641fd83b1e35d3df8f8bea90bdfa1508c24296c7cdfc66520c2150f1 c19c8f9ee84867cf641fd83b1e35d3df a6b52e4b6803092c91f81aeff5093cdee346b810b415b7b82a24afd63a33c309 https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-1ax01Zbot_7ab30c72Windows This strike sends a malware sample known as Zbot. Zbot also known as Zeus is a trojan often associated with stealing banking information by keystroke logging and form grabbing techniques.7ab30c72c20c0333f319c24c8e2f1a417caedd204b194ed7f37c723ef01652596ee03c8d 7ab30c72c20c0333f319c24c8e2f1a41 38a951f8f57f1028a92d658841df63068d0a59aa9f140087870b2b6450002baa https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-vbi01Yakes_2fd05317Windows This strike sends a malware sample known as Yakes. Yakes sets up persistence and modifies Windows Firewall rules to allow for external communication with the attacker.2fd053173602ba48806ec0620dfd94dcfab45fea8603fb7b5c35c000e4f8cacf96ae1732 2fd053173602ba48806ec0620dfd94dc 1d0a138b233dd25cfba925034778bc05e911407633385de30ebe15be61984bae https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-f3f01Gandcrab_a7af2c9bWindows This strike sends a malware sample known as Gandcrab. Gandcrab is a popular ransomware that utilizes both spam campaigns and exploit kits like Rig and Gandsoft. It exhibits common ransomware functionality like encrypting users files, changing the desktop background and communicating with TOR.a7af2c9b8c040970b886bf255757c9deda1e95499d82b4031d3df5beb3a3f7dba034a519 a7af2c9b8c040970b886bf255757c9de 692c023850bbd95f116d5a623a5e0de9ad0ad13fadb3d89e584cc0aa5dc71f08 https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-wzn01Yakes_24b47947Windows This strike sends a malware sample known as Yakes. Yakes sets up persistence and modifies Windows Firewall rules to allow for external communication with the attacker.24b479476594147d8f2a1501702dff6b92c285dd54acaa9a779221c37510dfa48a694f71 24b479476594147d8f2a1501702dff6b ff06a02731588c4dd5b78584f5342739f4b65c37cfb34d73380d8e98a66fa18e https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-nv401Gandcrab_bef96830Windows This strike sends a malware sample known as Gandcrab. Gandcrab is a popular ransomware that utilizes both spam campaigns and exploit kits like Rig and Gandsoft. It exhibits common ransomware functionality like encrypting users files, changing the desktop background and communicating with TOR.bef9683038c472c25817cdb80ae4441afb1d50070923986e18b341e0b27386b32881954b bef9683038c472c25817cdb80ae4441a 022995fa1ce1451aac2d87c8b85cdddd68f5bea4563c3af98987c4d3dca2f824 https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-y4a01Gozi_b90d4398Mixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.b90d43982901803c61b3ab1132e376768bc267785b484d54047ec8352995b3b0dd8ea85d b90d43982901803c61b3ab1132e37676 98861a1dd370bcfee107017e75cf1d527fbe8845181042de3493d0d0e7a624ca http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-hom01Khalesi_12c3c469Windows This strike sends a malware sample known as Khalesi. Khalesi is a trojan that attempts to steal information from the victim once it has infiltrated the system unknowingly.12c3c469d6928d9b82da23e984cc88484da8d082a4b4294b92d221a1607714d8d8d12607 12c3c469d6928d9b82da23e984cc8848 ef52d2737ded930694deb98880041e97a22be13240e143e9fe7c665dd8ba486d https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-e7i01Gandcrab_ed33e32eWindows This strike sends a malware sample known as Gandcrab. Gandcrab is a popular ransomware that utilizes both spam campaigns and exploit kits like Rig and Gandsoft. It exhibits common ransomware functionality like encrypting users files, changing the desktop background and communicating with TOR.ed33e32e29b9562954495895005715d43457923f5e072f51dcc9dceaeda7bf077f09c9bd ed33e32e29b9562954495895005715d4 3486088d40d41b251017b4b6d21e742c78be820eaa8fe5d44eee79cf5974477e https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-4jn01Gozi_10a9c654Mixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.10a9c65499b1921019f9704b9d461f5af6229c6a1b417d24451b86e7d40318f221d53b32 10a9c65499b1921019f9704b9d461f5a 901354b147cba30d916c0dc57a74fd24cfb44c20bcbe950aaff3e32856ea220e http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-69c01Khalesi_04875ad7Windows This strike sends a malware sample known as Khalesi. Khalesi is a trojan that attempts to steal information from the victim once it has infiltrated the system unknowingly.04875ad7817929ec688a06af7c89add8a76b65dcd1c2152e167129bd59b9ca78e5e6d5b7 04875ad7817929ec688a06af7c89add8 ba8e4a8555628171ee51b9730e3d5fb549936921645b34e4bc5669573fa1fccd https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-pt301Yakes_40efb899Windows This strike sends a malware sample known as Yakes. Yakes sets up persistence and modifies Windows Firewall rules to allow for external communication with the attacker.40efb8990ac61a319a2faba86cfb546a4f137da0324f1e091cc4daaeb9cca24f313671f3 40efb8990ac61a319a2faba86cfb546a cc52ae1383c424b2481b3e975aa0b6c93061e63c28b7f93935222e474b75fae6 https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-lbf01Gozi_f2e43e55Mixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.f2e43e556ec1d89e283cd22af4d3fca95f42072c970484a09da377c8bb3b2b651ba1696a f2e43e556ec1d89e283cd22af4d3fca9 aeb1e902075da6dc2d2526751276cc6602c819bbea2e668e9dc3baaf9d177adc http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-46201Gozi_13b32557Mixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.13b32557ffd89f5b79e73c235bb242f55f3af6334f2518cf32c7e4dda4e0d1b513c3dd91 13b32557ffd89f5b79e73c235bb242f5 9b48f0818738ddda0adce3560770e8618dac6bd341d5e116d967562146d51a7f http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-xe601Khalesi_429eec4aWindows This strike sends a malware sample known as Khalesi. Khalesi is a trojan that attempts to steal information from the victim once it has infiltrated the system unknowingly.429eec4a4b674d0922d72aaac8adfb971d84014a3f321f8d90a02da72028f3a8e3515dc2 429eec4a4b674d0922d72aaac8adfb97 8aeecbac14b07c7498a0a14ec5f6faba3586ef253e63a6ff035090e937cee4ad https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-3ws01Gandcrab_38807c11Windows This strike sends a malware sample known as Gandcrab. Gandcrab is a popular ransomware that utilizes both spam campaigns and exploit kits like Rig and Gandsoft. It exhibits common ransomware functionality like encrypting users files, changing the desktop background and communicating with TOR.38807c1194045999a6d798446b6273fc43cccbdc420b1b21fe145394f3b666e4910e7d92 38807c1194045999a6d798446b6273fc 0678aafb4eb91d68de4c9354e4a254ece02422cbb43157ae06b5b925a1165992 https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-9c201Gandcrab_babdec16Windows This strike sends a malware sample known as Gandcrab. Gandcrab is a popular ransomware that utilizes both spam campaigns and exploit kits like Rig and Gandsoft. It exhibits common ransomware functionality like encrypting users files, changing the desktop background and communicating with TOR.babdec16c40c2e6997ce71ece2d223b445e7b60ae1c592820603682e183d59b4445c04fe babdec16c40c2e6997ce71ece2d223b4 d1901ded57b17e405c68f235db33d7be48cef6b0a9a45eb58de7b771b7582004 https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-vo701Gozi_65783e3aMixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.65783e3a26527fc07f3bbe65d546383c7557fbbe757946ed3d519abd470fc951d6b2cd60 65783e3a26527fc07f3bbe65d546383c 9894ba3b6c110bcd9b245058f8cdd8943cb7515b53cabe7589368de005cfcbd7 http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-yhm01Gozi_b28f3adeMixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.b28f3ade5237a99db046b52d00a4e12cf670e53a32369cba2da1efa3e0560b03b54fc56a b28f3ade5237a99db046b52d00a4e12c 90ca9d15eb5815f8b3302fc35c8c67fc7481198a1c91eb3970799fc3782eba6b http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-y1m01Gandcrab_1d08ad42Windows This strike sends a malware sample known as Gandcrab.1d08ad42c54673829c340ff29434d0b322a7d249eb0e9b44a0dff7dcb2900b9096c8f930 1d08ad42c54673829c340ff29434d0b3 1c69810013cb87242df28f48ff1b80bd006b2bd0cec8bdcb3ad0c0441a9c48a7 https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-vmq01Gandcrab_07f2ac3cWindows This strike sends a malware sample known as Gandcrab. Gandcrab is a popular ransomware that utilizes both spam campaigns and exploit kits like Rig and Gandsoft. It exhibits common ransomware functionality like encrypting users files, changing the desktop background and communicating with TOR.07f2ac3ca63b6eff0761e0184123c492d4ef54c4c223e10782a60037ddfd446bd6d13021 07f2ac3ca63b6eff0761e0184123c492 27431cce6163d4456214baacbc9fd163d9e7e16348f41761bac13b65e3947aad https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-phg01Gandcrab_b081e5f4Windows This strike sends a malware sample known as Gandcrab. Gandcrab is a popular ransomware that utilizes both spam campaigns and exploit kits like Rig and Gandsoft. It exhibits common ransomware functionality like encrypting users files, changing the desktop background and communicating with TOR.b081e5f45cd118d68e51e26dfa8665b34c4b4cbd493def32f9964d5cdcf04fca1012a38e b081e5f45cd118d68e51e26dfa8665b3 4b64922b694e26c5abcd2bf8ba9954520009e4c1088e4ce9417fb2d06a2c79db https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-vhq01Yakes_41642e28Windows This strike sends a malware sample known as Yakes. Yakes sets up persistence and modifies Windows Firewall rules to allow for external communication with the attacker.41642e28db0281aba6e1a61843c70c6d8b02fba415f4b39c57bb5f650e90e22ea1176440 41642e28db0281aba6e1a61843c70c6d f8d14cf852d1a450866d4749733dca06ce08f0b48534874b46218d671526eef5 https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-y5d01Gandcrab_d82121c2Windows This strike sends a malware sample known as Gandcrab.d82121c2a303d3e7cda5178f67310393193efd99a35fbd16a9752915b4bb2dc119f1a7a7 d82121c2a303d3e7cda5178f67310393 749cc6d350bccd23970b70463abcd9efb782a35da7c03bc8de5c555f2bdda430 https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-5gq01Gandcrab_a57143d3Windows This strike sends a malware sample known as Gandcrab. Gandcrab is a popular ransomware that utilizes both spam campaigns and exploit kits like Rig and Gandsoft. It exhibits common ransomware functionality like encrypting users files, changing the desktop background and communicating with TOR.a57143d3e1b381531850738b2317ee406fa5180c2df4a45e5fde734e9655683f40b379af a57143d3e1b381531850738b2317ee40 d71337186b871ad011ae9b1f568290997ec445f468702273a68a7f5366bfb2d9 https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-40a01Gozi_24309e61Mixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.24309e61b949da868ea5f31b3f064c4018d64a9b1df49ccabc13344cbf57e94ae3f4b185 24309e61b949da868ea5f31b3f064c40 b044fd1e0ae000eeb04d0529b3920a38f839e910bfb6bb9d0837da22f0ace15e http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html
M18-za801Yakes_0ab0d945Windows This strike sends a malware sample known as Yakes. Yakes sets up persistence and modifies Windows Firewall rules to allow for external communication with the attacker.0ab0d9458353d09d20430e9440eff2c4ba5a683b165db323f340bf11c60eafee65d49806 0ab0d9458353d09d20430e9440eff2c4 14b2f4fb032f20cedbdd692dcc1a8cefcd445a94198f58adc474fee8dc7d57af https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-8ze01Gandcrab_a2bbae61Windows This strike sends a malware sample known as Gandcrab. Gandcrab is a popular ransomware that utilizes both spam campaigns and exploit kits like Rig and Gandsoft. It exhibits common ransomware functionality like encrypting users files, changing the desktop background and communicating with TOR.a2bbae61bf0cf64b9d04b18cdd2a419dd8eb074db4eabe9d48502b4a6ba8183c5337527c a2bbae61bf0cf64b9d04b18cdd2a419d ce9c9917b66815ec7e5009f8bfa19ef3d2dfc0cf66be0b4b99b9bebb244d6706 https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-04001Gandcrab_1e631e76Windows This strike sends a malware sample known as Gandcrab.1e631e7635702a857b490331d7d0a8e4faa8ef1ab9001777412a4ada4ccf9a3c83f16f3a 1e631e7635702a857b490331d7d0a8e4 8b0122198f51599af74f7e40783bf8f8273e8c5bd1a0e0747161bb3fb74bff75 https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
M18-lds01Gandcrab_e9d24074Windows This strike sends a malware sample known as Gandcrab. Gandcrab is a popular ransomware that utilizes both spam campaigns and exploit kits like Rig and Gandsoft. It exhibits common ransomware functionality like encrypting users files, changing the desktop background and communicating with TOR.e9d240745860b54cdfa5ca95f2d3e4d593d03cb1a1a1b83885d833a0c4d21a137f49b691 e9d240745860b54cdfa5ca95f2d3e4d5 8b59359e89fbddfd85ac6af0641ebec1881aa7c28a6479205b876abdc47fc8bb https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
M18-y4g01Gozi_45fde170Mixed This strike sends a malware sample known as Gozi. Gozi is a popular banking malware that has been around since 2007 and was recently spotted by researchers in specific targeted campaigns. These are Document related samples that have been related to the malware campaigns.45fde170eec6aca0c6db4c4044343e238591d082074590978cf847