Malware Update 2019

Malware Monthly Strikes

Malware December
Malware November
Malware October
Malware September
Malware August
Malware July
Malware June
Malware May
Malware April
Malware March
Malware February
Malware January

Note: New metadata fields were added to all previous malware builds: fileExtension, fileSize, <reference... type="sha1">, <reference... type="md5">, <reference... type="sha256">.


Malware Strikes December - 2019

Back to top
Strike ID Malware Platform Info MD5 External References
M19-lmb02Zbot_7244acd1Windows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.7244acd1054894f2a9b8c191d65572d2https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 522ce96681db4ef5d4731a8cf2007e7a46e650fc2f547f88d492700970b6af61 87cf2ca1c3211dec63bc96d4c54f252876cddd37 7244acd1054894f2a9b8c191d65572d2
M19-x7801LokiBot_5662c896Windows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.5662c896fd126f65a2f8c1712ffab6d2https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 4b4ba6c0f8cbadc871bcc6b3e175a569fe292973499bbf239aaaff7e75495888 2a2e52f4b677f2f596d218204e87ebd5989c0182 5662c896fd126f65a2f8c1712ffab6d2
M19-j0g01Cerber_a88abeb7Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.a88abeb7892ccbbc01acf10522d6ee58https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html bbd6aadc606953b27f5592a2da7909949616b81b4f767ded89119644a71d2dd7 d51ea82d102c564f1f6736e90c33072a1d6fc48e a88abeb7892ccbbc01acf10522d6ee58
M19-ly901Gh0stRAT_ba0e8096Windows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.ba0e80964a1ad3eeab4797ac584660b6https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 019f88e9cc8c503c1ac8c6054beb978b445922cf5857f347bc8b2193a0592e82 f16a91767c04d1801ab6144650bda5374b133be6 ba0e80964a1ad3eeab4797ac584660b6
M19-4mf01Zbot_65a948efWindows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.65a948efcabc918042742355db7dc7c6https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 5409660ef23234d04ad204cb3791a96b3895286e258be036bfb43410e1dca08f a6f037e468b1f1fe43dacea411bf93834ac3659b 65a948efcabc918042742355db7dc7c6
M19-ugj01Zbot_dc747dd1Windows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.dc747dd13de392a93caa66b9d45e0861https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 2ccfd0f36677f438ff1120f21d6e5929d91531fd965dda6232ddd6de7a0c52d9 a00141eb0334ddc2d05b0d0c7ee4f48112d0ce6d dc747dd13de392a93caa66b9d45e0861
M19-gkd01LokiBot_a63db4eeWindows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.a63db4ee8940ebef98b9f32990324e44https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 32f8e0daef5bb91fb0908277ad5f5d2c97398a64a8c9ff60611a103ba0d5004f 81a3ab91b1b78a25b32114d4a07b39686535fb05 a63db4ee8940ebef98b9f32990324e44
M19-8rg01Cerber_be75eb2eWindows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.be75eb2ef919c60c4b07f9b6a105ac34https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html efda569c35853456630d1e2fa27973aeb6386338f163ca0f60e3fbb4643a5b87 d1b7745dfa2916cbaf627d9eec59f30d57b99ee7 be75eb2ef919c60c4b07f9b6a105ac34
M19-b2r01LokiBot_8bdea89bWindows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.8bdea89b97d19ae66c0eea7cfe2a7b86https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html bb71b57a4cbf596fb6978df0e6fbdfbbbdebec8d182a62c6ecfbaa5261117aba 5a9c73bf8d2b21ac21a1767788ab3d0b1fb7eaef 8bdea89b97d19ae66c0eea7cfe2a7b86
M19-hh601Netwire_300719ccWindows This strike sends a malware sample known as Netwire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.300719ccf950bb81bae2c6595ba9198bhttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html ea34a08deaac08c7f79e6cd2e94a74ad5b0c95dec43f81e0a218d957088b8f10 1570046ac7707279d30c06a65b041afbce073c37 300719ccf950bb81bae2c6595ba9198b
M19-8hb01Netwire_54d0b496Windows This strike sends a malware sample known as Netwire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.54d0b496a37d2670295d7e4965bee28fhttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 79aa89119d9e26dc366a7af72d47c323168d2ad881bca31e9075a41f5ce081f2 cbb3de5fb8bb63a915dd52cd01a90607c65d897a 54d0b496a37d2670295d7e4965bee28f
M19-q5001Zbot_0134ac69Windows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.0134ac69f5736122b46a5b53a08ef5d9https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html b22e02f4a2e6a2deabbc8ed5c7ff7d30c07c43d80e8d9d50ca1c85724a008619 888d1bf89202db482affd9aed1e945aade6ae6ca 0134ac69f5736122b46a5b53a08ef5d9
M19-c0n01LokiBot_b0277e5eWindows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.b0277e5e3890a477ba333adba35348a5https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html cbb00a83c374bcca6a2bf0cbfabaf1f5c655d9cb046437225bbbd04988f22811 c2342294a99bf20054f3d8c3d61b24718c1b16a1 b0277e5e3890a477ba333adba35348a5
M19-hdh01Zbot_340cc3d9Windows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.340cc3d974503bd7cab46d45487c62b5https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 072bcc63bca4fa1946c71a3f9562a6d76af8fd1a5034132e2befbbde9aba9c98 fa039becfbc28c67321fd045d498ee56f4c709e1 340cc3d974503bd7cab46d45487c62b5
M19-j2j01LokiBot_5bd5e2f4Windows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.5bd5e2f4a4901bb3cec38ca3c8f5cd47https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 46646d0f2e8e990abe331586d98fe95a61dc40d7cb2c05144a09fd8b956f7526 a24ce20ae29ca92de9187de86219522fe7235a90 5bd5e2f4a4901bb3cec38ca3c8f5cd47
M19-hqw01Tofsee_ea690dc3Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.ea690dc3b862976ef7042e37dd7823d9https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 74ac087c43dc71971fddc1d65b4586b57d4b6ec6182914d0d176722a3a70b4bc aa9eccd13714bded2116c787c59a894d29d927b0 ea690dc3b862976ef7042e37dd7823d9
M19-ug802Cerber_d5f9142eWindows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.d5f9142eb6cf9ac3fe15ca8cab636f9bhttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html ce2b0b2037810060edbf86fc7ac78c5e0d4771b79181e39718498b02195e3642 cdfb35d9283c5990a91cd041862c4f18a5752a5c d5f9142eb6cf9ac3fe15ca8cab636f9b
M19-qeg01LokiBot_dea7bb26Windows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.dea7bb26593416dcb5d3d0b87ac25df9https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 2a3ad80cfac1cd63eeba8f7d8019df51df16e22ef34d2826d0aba9a56cff5c60 270053d62e8b91f1a9c6e20541caa12c5869c952 dea7bb26593416dcb5d3d0b87ac25df9
M19-iu801Zbot_76402b51Windows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.76402b51d119b20b12c3662da133c6dahttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 59b94ae4bdf3a3f4291e67e73316632b73a369391fbed4d8f3259d0ff0dc5468 7fea26a86492dec96bf0696dccbeee86993a5cd3 76402b51d119b20b12c3662da133c6da
M19-atl01Emotet_1c1dd6b2Mixed This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.1c1dd6b299ed49d392450272e23fab5b81fc2cb7ae6b7006b185b89427136ab8a520cbd687d0bbb5f1fc31b1a1c0f4ba 600f8e1908fd27dff29a080c42a5cb7b1671f39e 1c1dd6b299ed49d392450272e23fab5b
M19-of401Netwire_aa380355Windows This strike sends a malware sample known as Netwire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.aa38035579a2c71fa1c98ec615695350https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html b18a45a4345f442efcc02d6efb9110b9e35bb98fac4613c83a39fecbee78aaa4 0a62fa2e006cab0069be815961f13987c399163f aa38035579a2c71fa1c98ec615695350
M19-f7t01Gh0stRAT_3ee263dbWindows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.3ee263db3034bc07a6544830d4a77114https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 14b65331773ad534dada9c7b055e34a1e6ab2a54f3d8eec4d1da6298f0477c71 575c1ee3986c5e21cd33e4df0012cd505b82c1f2 3ee263db3034bc07a6544830d4a77114
M19-wqv01Tofsee_a9c05e58Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.a9c05e58b652f0f13a38c21d9ab74edahttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 30cadaa9bbf5f83ebad9e4738db169bacca7f78b4ae4256cc326533099dd64c2 37aa5bb26af5803d1b7c285923b79e33c9f86408 a9c05e58b652f0f13a38c21d9ab74eda
M19-6sw01Zbot_7dc622daWindows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.7dc622da0f45e3bd386aa0d01053dd5fhttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html a807970fdd58b833a23e0c8b611a17ea5448399336f3ec0a3ecd5036486c0b08 c3403820f519bbdc8c4760c0db61c83241263439 7dc622da0f45e3bd386aa0d01053dd5f
M19-4vw01LokiBot_921a4d77Windows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.921a4d771ff80ff010cc85630bb68864https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 2eee4a29498a0d25c8d53e306c3b2414b839363992364cabbbe3fe2fd46caa9c ecf4388471dd3a63aeebed63d4363b0adac76cca 921a4d771ff80ff010cc85630bb68864
M19-3k101ZeroCleare_33f98b61Windows This strike sends a malware sample known as ZeroCleare. This strike sends a sample known as ZeroCleare. ZeroCleare is a destructive malware believed to be created by Iranian nation state hackers to target energy companies in the Middle East. The malware is considered a wiper that was created to delete data from the victim in an attempt to keep it from carrying out normal functions.33f98b613b331b49e272512274669844https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 2fc39463b6db44873c9c07724ac28b63cdd72f5863a4a7064883e3afdd141f8d cc99395963de6da81dac96929a8e234c8415714a 33f98b613b331b49e272512274669844
M19-hdx01Zbot_4e196c2eWindows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.4e196c2ec18394a367384fa171d56c28https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 37403ce75f4908eb2e823a4e8c56c410e57441dde38c022819521a7fc3358701 0ad3a46653fca021420c7646c55c41fac8c1454b 4e196c2ec18394a367384fa171d56c28
M19-lz601Emotet_b4e505a3Mixed This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.b4e505a3113e0d9ee9219bb0d670ba1a83fe7400534e8efcc5cec209b9b2835d61be0d88914bbfd6495fb675378aa2dd a88cb39cb5d30d8d4b1c5c6141f891c1ff83453a b4e505a3113e0d9ee9219bb0d670ba1a
M19-5vv01Netwire_43952d0bWindows This strike sends a malware sample known as Netwire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.43952d0bd21d808144d0044273d52af5https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 3cf7e6a7776e15f8c01bde5788e5e7dbbe25beb37e977abe38b3b4cb256c3ec3 b9daed8349b43ca7631e1884814874c3752b0831 43952d0bd21d808144d0044273d52af5
M19-j2n02Tofsee_982d5ac3Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.982d5ac378540ac0351b8adf9325e9e4https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html eaf18fa3b771523ea252436b6dd15d1c2e0d6f93a17f5a861251dbc38f0cf951 cfa4f8075e6cad8bc6f462317cc840c258932620 982d5ac378540ac0351b8adf9325e9e4
M19-k9b01Zbot_9e6f1b27Windows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.9e6f1b27f18ed480ea50bfd1f21d9194https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html f50b78d0ffed37ecbab524a44b4606ab7246711b3487af0a17343fb5fc93ffba 7883a6199b514d724183aecfde87ca24e3a9abb4 9e6f1b27f18ed480ea50bfd1f21d9194
M19-au601Gh0stRAT_65bea256Windows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.65bea256272d171f9f3bc720fa0ef8e8https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 1035eeb50c81c381f7b2909d062fb6d51d9e6ddc8c68478a3ef67d7b4a67b0f6 5ca188b0ea8f02734ffaf26cf78917610e490415 65bea256272d171f9f3bc720fa0ef8e8
M19-ex701Gh0stRAT_df966b26Windows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.df966b268cbc8b0304ec99a9f5f25bachttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 00275609032024a2a413b2697b6763c964a5eeb54709ae803b68d5a77d1b46a4 ab7b08760289ca9d193d76e52a13528038ad55ba df966b268cbc8b0304ec99a9f5f25bac
M19-vwp01LokiBot_e2c85fb0Windows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.e2c85fb028d6d07b0d74f4e3ee8ce4f6https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html ebe841b611a116cee961119df457aaa5f8b5ada4dc6e93381d59d2bb12bdf522 f85fb6955f4473c7540c940f9aa9982026b07aeb e2c85fb028d6d07b0d74f4e3ee8ce4f6
M19-zul01Netwire_a7fd6f08Windows This strike sends a malware sample known as Netwire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.a7fd6f083a56c84da2fe5c2da265805bhttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 6485a616654adee2d573a983c687a8d8ea3d126dfbf86df3a065c5e7846bd57b 32e4969e0c28df0cf986a3ff9eb1d5424f538073 a7fd6f083a56c84da2fe5c2da265805b
M19-fl501LokiBot_ed190dedWindows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.ed190ded03785d32be51edc23f48ac5chttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html df289130d1adda822989a8255dcd2a417ad0a8f19d753dd9ebdaf78a13e3bf7e fec0bf0b8d3c1e5f9af0591337928c7b4c16affa ed190ded03785d32be51edc23f48ac5c
M19-r0h01Netwire_fb99276dWindows This strike sends a malware sample known as Netwire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.fb99276db0a1804ba0faabcbd33e212bhttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html de8be762d85eb4014992a174acd115de70b89884d21933d7e972e6d4972904fe 3113684a585703d05e046c0f4da2ac026045c1a9 fb99276db0a1804ba0faabcbd33e212b
M19-kdy01Gh0stRAT_aac94f0eWindows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.aac94f0ec954cf2e46ffc485bb83b432https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 04d5f107aa253ca81d99fce0201dcb6da6b21497fce62e2d37a90661951c63d8 c817037a6f8d80031171d3e6cd224c912fce33fb aac94f0ec954cf2e46ffc485bb83b432
M19-0c701Zbot_cb486179Windows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.cb486179ad532f17b76cd2b664bcbc46https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 15c235fefdfd798bff9bf039155762f0c0674cbf239c10df6aca52a7e2139488 b43c1c3b047d29bd62526cc30c0ab81d1d9c05d1 cb486179ad532f17b76cd2b664bcbc46
M19-dfo01Emotet_41988007Mixed This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.419880072c659ba9d06522c4d9881ea0456f0957a36e00bf03b0e37d18e119d74b3bb08054f6248a2e7e87ddb93d7782 0dcee66f75d7624505945d9682e5c3bfa65ddc6a 419880072c659ba9d06522c4d9881ea0
M19-7gm01Emotet_9e763f24Mixed This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.9e763f24205308742e49f7e84b39845c1ff11781388f142f3dd92900380de4501f12f652d20911b502dbea6d4e7c2533 fd557c799eaa4d9c7b1435cebe7483e7b02b9d70 9e763f24205308742e49f7e84b39845c
M19-nwr01Tofsee_9e79110bWindows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.9e79110bfb49aef98f59197bf32f40d4https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 973e8cb33dae5fab6505ffb140ad80587081f131bb6bb5305582e874ec8d10b0 3bd88b9181a33629faffc4b587953efef21724cd 9e79110bfb49aef98f59197bf32f40d4
M19-ply01Emotet_8e442d04Mixed This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.8e442d040975723902cd6af3c35810719f48da5cd641b0bb9dffd3dec5d2442da67ed23367331eb8c181fc61ee54c41e 74b14f64d6d1b46b88c5895090764eda4f967c9f 8e442d040975723902cd6af3c3581071
M19-0y301Cerber_b2978f5bWindows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.b2978f5becda7b94eb0c83bd058ed9behttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 4a60b63273210c8ebc4e6d07fba9b331011f852f4f5c1b5b1ae7ab5aa7df0f03 6cd8b244d0f1619b4a12d05057d2a3888f4c0294 b2978f5becda7b94eb0c83bd058ed9be
M19-of901Tofsee_afd74c51Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.afd74c51760ac4e4765f42d7e10ad95bhttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 284d642a2ae70ba3890f39595cf215c06037f514580bcc8766b3c136cb1c4df9 bbf0fa50cc0113e4d013df0293a0454ff712a150 afd74c51760ac4e4765f42d7e10ad95b
M19-hnr01Tofsee_3ca41842Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.3ca418425bfd739a3d3da6b45c9cef6ahttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html f551911671d006e8164ba14c2024bbe55646f5e1ec6c4fb16b7f199c51be6864 6c57b9596cffc6bb5289609edb10a7379f13efb0 3ca418425bfd739a3d3da6b45c9cef6a
M19-s9101Zbot_81b4148fWindows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.81b4148fa1c26ee4ac4db67cccdb1ac1https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html fa58139b16a96c81b415d2cfe950fff73ca98ba9f0e09c753cb16cbb4b18b820 2c5bf9bff9d6a9f634f2b13aab9205fbb8506782 81b4148fa1c26ee4ac4db67cccdb1ac1
M19-vay01Tofsee_e6541e67Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.e6541e6788b9c719c070486f25314d04https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 2c84c7ac4fdbcaba7ac72b01a03d5ee7d62db4e4986670d17d420a45872f3158 8ce7e58ed9a8389b8a399b500d9500afd6b18c6c e6541e6788b9c719c070486f25314d04
M19-ao001Emotet_947f8e19Mixed This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.947f8e193903b2c4761657e79ab17eeece11fa55f6717dadca7bdd3759b3d46217d085e78ea8bb94bb8145754741b5c5 3800ab371f40b97356352349ac34d99a56130a32 947f8e193903b2c4761657e79ab17eee
M19-lcv01Tofsee_9c35463aWindows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.9c35463a674ca5f3d5b2d5c7ad332889https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 2835bade0deb4c1f1af1beff0102a7122990fd5b868f82b5f23b5ddea782d862 5b6067d3c941efd75c3926431d0dab6659dd3d9a 9c35463a674ca5f3d5b2d5c7ad332889
M19-hiu01LokiBot_31a2e6a2Windows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.31a2e6a291af3effc17f63506182c167https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 7936c85dd96e641541e6e39e7a7388b8b6b16ef97569a81efceaed4abdc62ad6 ac0a9a2bc77286313ca3065f463488a4d0ffcd89 31a2e6a291af3effc17f63506182c167
M19-fmi01Tofsee_d4d520c8Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.d4d520c87102038899648f955947efbfhttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html d0ec6c954e91bde1e104cec6f316aa1d2f94389883d602790aec0128f492547c 99cd805cacde56f0d7ed66d06e93fc31916f7f0a d4d520c87102038899648f955947efbf
M19-e9o01Tofsee_64e9d0f6Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.64e9d0f684341b4195d0856a518847b1https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 7c6e8e91b032ae87eb17d1ff4edfdbf9f3d2b7e6cc1849cadffd40650f073538 ed995ceb0e66a63b613ab61047e4ff27ef11d9a8 64e9d0f684341b4195d0856a518847b1
M19-cg501Tofsee_cf331003Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.cf33100360ba3fa25f25e84c17b27d51https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 84c98359fa8967beb941ffa16550358d39e1fd005dccbc697267b6f170c08aeb 03ba333a73ceaf12dcc33a9d8507224a55a93880 cf33100360ba3fa25f25e84c17b27d51
M19-eja02Gh0stRAT_dd3d83efWindows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.dd3d83ef6c15eb030e6b6156dca9c2aehttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 0dd6bc63d982e053c01753cb5819362827bde9338b3d28a0b17669c0523489e0 c292dcf8fca1c9de9cf47ccb520fa2f3cc450ba8 dd3d83ef6c15eb030e6b6156dca9c2ae
M19-aaj01Gh0stRAT_18ba621cWindows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.18ba621c304a771563fb2160fd332a7ehttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 094797bbc7234e18f2a7a30fc182a690f2f7f7b080b889ab5e6c87bb730bc911 34531e7b28c53faa7c45d4ed47a7017baa6530c3 18ba621c304a771563fb2160fd332a7e
M19-7hv01LokiBot_1bef928eWindows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.1bef928e7e047849fb845e3b15f275behttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 938456e91538b5f4267bedb11d8cca26229f3dbdb3c24ff3a1132f3970c0d24a 35d1292355203adb2eea946490e34533f0401973 1bef928e7e047849fb845e3b15f275be
M19-5ux01Zbot_138bbbbfWindows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.138bbbbf63d3bbb2e87ee701f460ab0fhttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html bf315e9e1ac06c214296722191b08a2925e5ed49dfcbba616606b8422047cb63 ea0b4f063b9b4929a866cfb189d0d0d7adde1881 138bbbbf63d3bbb2e87ee701f460ab0f
M19-i3q01Netwire_92c1dd32Windows This strike sends a malware sample known as Netwire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.92c1dd3298e5a1e692f67919e115f838https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html d26438798f502364eea85bbf2804165d0709b90833ddf4512f95ac77f881edaf 70278ea556ee0ad4b4d862bb6dab25e63df1d7ae 92c1dd3298e5a1e692f67919e115f838
M19-glz01Cerber_a2e887c2Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.a2e887c2f6ad663c5e17d3d2bad87609https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html b8058ef9c3394ce2ea9318b06d6cf01080a0ad4ce87ee1cff78e57373192603e 9040e2b57cc6e69f78d2441b9f737a266d103971 a2e887c2f6ad663c5e17d3d2bad87609
M19-n9801Zbot_b795389cWindows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.b795389c40ba199454f39b133c9e9e28https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html b5f339fcebb67c4826f94c31eab0a3e8e8137a65204b03c8ee6a72a1a313a48e 46a5f6ac466c8c7cf953252bfc93409104064eff b795389c40ba199454f39b133c9e9e28
M19-64q01Netwire_3d6ea23cWindows This strike sends a malware sample known as Netwire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.3d6ea23cb771671a297ae1a79e2ceb7ahttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 91856d29ac1f9720917a40e5533c7dacf528b25acfb5a82a00f6882b053c9b5a 86299e0e4b443f05172866c7a2bf8af69ed1f823 3d6ea23cb771671a297ae1a79e2ceb7a
M19-cm801Netwire_eab9f189Windows This strike sends a malware sample known as Netwire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.eab9f18981c5241239ce2ea866c6c1b3https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 905b2347215e7ce0f02f8e7274941982c56c1b817fbfd4b9eaf97d2a65f6146d bfa72eef161aaa65e4576f8a8f439bccf54180c2 eab9f18981c5241239ce2ea866c6c1b3
M19-9z301Cerber_b8ad540aWindows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.b8ad540ae69ec6f3699327b9ed3240a5https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 8aeadd92f66576dfd9b60ba352a7a61f43da7112eb127c28c5ceb54fb5e7b4c5 bc0ba69bca41cf663bdc80f16c78a610306ddae2 b8ad540ae69ec6f3699327b9ed3240a5
M19-ghi01Emotet_d3afe72fMixed This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.d3afe72f8d96e06afd2d8902b62e60651220dd6c5523dc0b6b6409e5b739216bc979826bcb8e43428f0889ff120fd63d c1c16ca7200364bb4c71ca205229a2a8f001fabe d3afe72f8d96e06afd2d8902b62e6065
M19-tfn02Netwire_cf8b4d46Windows This strike sends a malware sample known as Netwire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.cf8b4d467d27a6e39a1a5a9143b9a43chttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 527ff73f2e6d99bbcc7fa02804ab7380e2fe12689b70bb1b0840ac1b02331a93 75eb710606cdae8184d26ea181f0b92c6d4bb1aa cf8b4d467d27a6e39a1a5a9143b9a43c
M19-88w01Tofsee_6b3c0357Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.6b3c0357e0c3af7d8d1315d6368397cfhttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html eab97c31815fc018ec26360c575b02ec3cf7595c1c4c6bcd121ee2123335515f 26e0972993d28f24c4280297a8208eef3b8adf01 6b3c0357e0c3af7d8d1315d6368397cf
M19-ydz01LokiBot_348da37aWindows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.348da37ab7c13cbc4f5bca37225d06d7https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html c5f72bae432197bdbef019507fe69905549bbb7dcf9c455bd24e6eef008e96ea ce6bba5215f4e1402f73d54a345d61215d2ee4d2 348da37ab7c13cbc4f5bca37225d06d7
M19-weq02Emotet_44fa194aMixed This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.44fa194a31da1ae93a009f247dcc87b30a574aa7865ad973827f08457d92a690b80c51594c0cc95345062f4838d38aab ade09fd8b016d66a25c0ac65d05d49e6da40d3fd 44fa194a31da1ae93a009f247dcc87b3
M19-61i01Gh0stRAT_3014b27aWindows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.3014b27ad64141ef247b2ee145834afchttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 15c6ec4928627e4f9c56c567811e5b0b0b6c20b32374ac931257145d42365b61 8a80ac88bc6a345cedf02c3e27735ca6f279166b 3014b27ad64141ef247b2ee145834afc
M19-03v01Emotet_7f16c9d3Mixed This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.7f16c9d322ac40ba46ffb138d3733949e74421edc6c5a113acbd4f754d64ac9502f59cbdae14ffa129357bc5251e9afc d1a2e6d1de316b24a5896d0410e92daa8ca14f49 7f16c9d322ac40ba46ffb138d3733949
M19-qs801Zbot_a5c17b50Windows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.a5c17b50888dfd526519c1c6bcfddb1ehttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html b2787b4197407051f4a5fe4ddc6b483d3245222d0b6301ba67e7feae14b87342 c02d1a638024e4d318297e8748ba5d8370873c8b a5c17b50888dfd526519c1c6bcfddb1e
M19-9ky01Zbot_b64ec499Windows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.b64ec49901f7116ee5ae19d602fce87dhttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html e3ced6661c4f5fd339cba232c6693c79d30dd5bc8db5882e7a86e959537af18d f5244724431ead0829acc6f68e704a259ccb3736 b64ec49901f7116ee5ae19d602fce87d
M19-35n01Cerber_aa5332e4Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.aa5332e4e550b3e859e954e9f9296646https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 8a6c828f54dc34e260698e0347cce9e62d8fbc773e265c39c63e812201533724 e24222fff32c2718bb413c94dd86985fcbe2e749 aa5332e4e550b3e859e954e9f9296646
M19-w2h01Emotet_574e273bMixed This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.574e273b12242b0c6cd1c74e97a1f4f02c9b1c7443421bc46987ae098dd00fa013b9722dfe6b6b518c3ab474d888d984 b2693b5e478e5e30644795dc472421f7b4792308 574e273b12242b0c6cd1c74e97a1f4f0
M19-7lb01Zbot_66a0ab6bWindows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.66a0ab6b2b41e805b9949255e22aadeahttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html e014acc73e32e1d1cb74ab4049b46abb2bd5c06ee9d4c82aeca7f4440cbb011d a65bf159f2580e9fcd458425901c29746f4764b7 66a0ab6b2b41e805b9949255e22aadea
M19-a7f01Netwire_96efc22aWindows This strike sends a malware sample known as Netwire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.96efc22a0fd01a77b9e6560b96df8899https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html def9d601134017c678cbd058f41b4ad7d3dd8d2c8ef1eef01a9a17ebf38ea6fa bfff1bd755d425980a33445151b44217021d0738 96efc22a0fd01a77b9e6560b96df8899
M19-3c101Tofsee_0776e529Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.0776e5299cb9cea58d92399ec99db076https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 64a3e41af01cf5443314c0d49d7a83f081c99dbadda2dfe2af5d93ff49464f4b 26a9783445cc62cf99fbdb77abdbd8697aded94d 0776e5299cb9cea58d92399ec99db076
M19-zug01Tofsee_7ab7ed51Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.7ab7ed5123144b6374f755380274aaadhttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html e46c3033d16ed60026ee74546aaaf17fe0e0dccfe9c40bd0b434758c01fc8a17 57f40d867264a79a2f44760e7b2aaeae13f3b88b 7ab7ed5123144b6374f755380274aaad
M19-h1602Tofsee_b77e55afWindows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.b77e55af8ca122398a95101b88c0fc6ahttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 91637560be3528716ac0c5586b39c763c54798a0b03a55db086a3128fa665fee 22f45ce59e52851dcc60bf96afd55912020a36c7 b77e55af8ca122398a95101b88c0fc6a
M19-08w01Gh0stRAT_a670d03eWindows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.a670d03ec86e2accf78e37317879d383https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 0f75c94f848e561c2fe1bd90a5260e47267c334444579530ddfe2ad90f0e6806 5b321c217563fa66fd56697155b127ca93e43dbc a670d03ec86e2accf78e37317879d383
M19-ptv01Gh0stRAT_a85e42aeWindows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.a85e42aeb51ca8181dc24c48b54fbf11https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 0af079ed6e9914b102d9c3007e7c96318a1fdb659212c35f22e2e5293d8cbeb9 351c1cbf81547e76d1919d05291f8b1b56005df1 a85e42aeb51ca8181dc24c48b54fbf11
M19-wbx01Gh0stRAT_08c2642aWindows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.08c2642a75839a3ed8dfc696871541f1https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 0a44d155b4568d97d161d18e90e4c9e719e4c37769c2a32ca5a41d56cc101172 76c1c6c3ef9268a66502edc7bb8003fb67247014 08c2642a75839a3ed8dfc696871541f1
M19-xx101Tofsee_aec08c2fWindows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.aec08c2f0e5303e7d1a50e3a8a9ccb57https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 109ca5f094a4e98b6dac4191043bcbc4a9e849a456ca581226f42fdd7812966a 25f76b31892e2ce6e412a2cc3a3ed52a8d6d5099 aec08c2f0e5303e7d1a50e3a8a9ccb57
M19-jxe01Cerber_c39e7990Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.c39e7990a73918227978e2eb66bc34f2https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 34a0f0bc799b5fd0cf9a89bce7d2ca2da158cf22940212b5c09fb1ec64bc9b65 93a46064ceb44a27e025aa1f06af534b49fc4eeb c39e7990a73918227978e2eb66bc34f2
M19-8r101Zbot_0c0681a1Windows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.0c0681a1d736657547d15a1f2dcbaf84https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 40ecf36a4c2474cfff01980d68602d7bbaacfca2bdfda5ac58390b57c73b424a 38d3ea73cabe97619b7350a471e5813b3951d6d8 0c0681a1d736657547d15a1f2dcbaf84
M19-usy01Emotet_857f8026Mixed This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.857f8026ac9c8de1c1d8886e0ee32a75e0ab84847c95820096ec02c1c23c15589320ddc180e6d9f0d61315409b755dc8 e33ed8265a7cf04d184562a46bf1d2fa9dcba716 857f8026ac9c8de1c1d8886e0ee32a75
M19-0eb01Cerber_ba55c151Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.ba55c1515932c3e08ca3cf5be23cf94chttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html b590d46794fad9c62040ce7941cf775282d1939c45267ec955e9be6ee8dd092a 08cf87c57a7d613fb9c568acbc5d72736d737d9d ba55c1515932c3e08ca3cf5be23cf94c
M19-rxe01Zbot_ad90639fWindows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.ad90639f42181db6523e292b35c6f913https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 8ea4ffdbfb16cd39bdf20a5a51ffbd6a523b78ad9a2c78bfffb46fcf0653f550 d3d198d731cf3be656005784d49f61362fd6fdab ad90639f42181db6523e292b35c6f913
M19-mir01Gh0stRAT_b3257690Windows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.b32576909fa8d968d66ac6beee978609https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 06ee23a5be29f166749cd47784c9dafe66c0ca4ec7b70e6e837e59ccd5a02c63 4f608c89514d543b1e97c06d1c500be4d8be097a b32576909fa8d968d66ac6beee978609
M19-rrb01Gh0stRAT_181ae729Windows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.181ae72927cdd32eb43aa8221fed4e54https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 0a03aba2e42912a9c43e5cd9c724c4991007ecd6950bda27e82446070a08bb02 a872d3edc6f552ca629d00b468b3f9d4a831e05c 181ae72927cdd32eb43aa8221fed4e54
M19-xtb01Cerber_af3cbb72Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.af3cbb72a35eb8314f40f9b01cf5568fhttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 1d07399e5b31727fc4dadba07d062f7eff6864e33f17fb1a65f71b9b41b61282 634a5afa7c7c701f52da613cff875f5242c68cb4 af3cbb72a35eb8314f40f9b01cf5568f
M19-hmg01LokiBot_82cbd08eWindows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.82cbd08e1548fb0c1305cc6b1f111cb2https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 548bacb5d7484fd4d4328579d18b3e62fdbf6bb7acdf6ade4ddcf6a0db61847b 65784404e1d1f46baa376a2fead150b5f417baaa 82cbd08e1548fb0c1305cc6b1f111cb2
M19-2z601Zbot_cc94200aWindows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.cc94200adcdab693e903201710216c07https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 8914444fb30823c586d7df581c201dad5f1428284b7880395f2bc49ece5a1611 097c740ea46d055048364387efe8cdc21167d686 cc94200adcdab693e903201710216c07
M19-46001Netwire_4d3a3307Windows This strike sends a malware sample known as Netwire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.4d3a33077e9903f30ff191b36c310d4bhttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 182dadc51371a709b901f1de489a52ff7295749427a8cf9d112358a605e2ed6d 8b7ac57877a8224a07a9e0d30762fc881312715f 4d3a33077e9903f30ff191b36c310d4b
M19-x8n01Emotet_3b0e1ee8Mixed This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.3b0e1ee8e05371a6ab150074d7887faec8078630214d7c029d23de03dedb7fab8a2f7f8df12ba99245682e3ca235179b f2f5cd624471bf1bf631a160e7d65dab19b63d2d 3b0e1ee8e05371a6ab150074d7887fae
M19-igj01LokiBot_729deefdWindows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.729deefd22eb97fc550bacee2a5f5a5ehttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html c5bb3fd84e761402d2da77b8c0462e9f670f56d65f3ccd602cfb4326c98c4c9a 0b88a31b72072d83df2205447741f120dabf8fa6 729deefd22eb97fc550bacee2a5f5a5e
M19-ojd01Cerber_ae691d8fWindows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.ae691d8fce2e05d71ce45f32dca449b8https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html c8af6329fcfdfd4f9df33f2f4f59fb958e2416eebe8d78ab1444e763cf04d08c 2cd4de0e6b25922f270dd2c7fb21baa68a1e8e4a ae691d8fce2e05d71ce45f32dca449b8
M19-ysa01Zbot_e44e07d8Windows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.e44e07d8e053920f714c3e574d7749d4https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 66c6cb07d601f35490752227fe1d4687fbbc47af0f219eb178f89c670adccb0a 858daf900b1f768e160fa1961def8d76339838ef e44e07d8e053920f714c3e574d7749d4
M19-fcr01Gh0stRAT_b5ad2aadWindows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.b5ad2aade4b600d66cd49cdd81ab0b38https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 1439afcf233b1c829cbac8747623b3b05332ecd057660bc3639980ada64d1149 de70c4899392034ca09ae7e348bd0f0eb978b3a7 b5ad2aade4b600d66cd49cdd81ab0b38
M19-q1401Gh0stRAT_a153ff54Windows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.a153ff54b38b4154553f68ee7d8f6180https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 08e84db9a91341f82d0dc50775e75879fc2ac20ede3abffe53cf35dc9a656019 d47ceb91b04e9126e42ce80938d25f183f1e9b2e a153ff54b38b4154553f68ee7d8f6180
M19-hkh01Zbot_ec77d620Windows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.ec77d620ad9496201d3a922107fe495fhttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 924f2ea483135213b988584241da5e5b8b152ab427fa933089e493d2dcd92c34 96bff44bf03f1ade7f97d2896d2be95a0e191be9 ec77d620ad9496201d3a922107fe495f
M19-9hx01Gh0stRAT_e1ebbb86Windows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.e1ebbb86725d3482e2b94d3d07892779https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 0dc8ab2ec624c65ff0c071b80b349c8e6de4fc4491e9751e099b63ce98c8c52e f1d5adfc23fcca92237f9d179cb121b63cc618de e1ebbb86725d3482e2b94d3d07892779
M19-nbs01LokiBot_7fa2d908Windows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.7fa2d908e8e82f7df0216b48037f1f39https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 02b5ef62978197b43a62d05de25c67a67cb1b4a0f09111e79cc83688e7881674 e143de0e5483d006414b4409797b0eeb587e15e1 7fa2d908e8e82f7df0216b48037f1f39
M19-oft02Gh0stRAT_beb517caWindows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.beb517ca2b1e8e5f6e76dcefc1293047https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 037e1df212fbfc6c77ea55754f52b11366da8e0fd5437834762339a30e705614 5c67907e1ab01a98ce2eddf8e11f38d20518ee48 beb517ca2b1e8e5f6e76dcefc1293047
M19-rca01LokiBot_34c724ecWindows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.34c724ecad5b59b551814bbac6e48110https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 2374d2482bfecb87307d036b7e9750a0c28738c8a0afd4abf60a9b9ea3b81e83 373ae473287449d5722fa931ca68beb2e8ce821a 34c724ecad5b59b551814bbac6e48110
M19-fk101LokiBot_ccc5683eWindows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.ccc5683ea50d75db96cf8c98b382b1f0https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html e329ca0b2964c410ba3c5d228a13b27d733d7f9999dee5a6511f91ea891473a9 bdfda694f2a39e8d5636c3444b58399ddbebcf42 ccc5683ea50d75db96cf8c98b382b1f0
M19-3og01Emotet_7e921d01Mixed This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.7e921d013602fd36ff95ff9d08a52116f3de992434fc44f62318ddbe2c209a11af19205bb347dac52d7534e7f3c5579a e3a5df085d6bdda60009142662b71e14a8b584a7 7e921d013602fd36ff95ff9d08a52116
M19-3vc01Netwire_56af5aa9Windows This strike sends a malware sample known as Netwire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.56af5aa9cf0e1545dba399a2ba3b4dfehttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 5aa45dcf729d53a3fc6e5d02980835fe78f3f7b7ae262b8aebf2edb6abb59bc4 c7a4911d59557ea663376b07f3a4599d87f73166 56af5aa9cf0e1545dba399a2ba3b4dfe
M19-2vt01Zbot_7bec980aWindows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.7bec980af00c7c9ae322ef0c465d263ahttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 8daf28936db0201df94f89bd80acaae000fa018f93d6d1a1dc131b91be665382 4274dca8b46c10bc78c1e2365899f3de6feca85c 7bec980af00c7c9ae322ef0c465d263a
M19-2p301Emotet_519a1c43Mixed This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.519a1c4359612bf67b596a0b5cc5bacb8c483708b5b4230562f3d0d4dce10c6168b94ccb6e85ff5052c42513feda741e 7ba859028a8320fa3eef000d657b285939594e3c 519a1c4359612bf67b596a0b5cc5bacb
M19-kv101Gh0stRAT_8f5ec135Windows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.8f5ec135c3143484ae1beb709e28f7c3https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 1564fc8499c21f5426c4f15aaab34acc8936b43df39464f88003209c0ae3ea17 9623eae02659d87c8e735b8bfdb10a2aad4faa11 8f5ec135c3143484ae1beb709e28f7c3
M19-yzo01Cerber_b8efcd78Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.b8efcd7883d58650b7a2d13e5e43390fhttps://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 0e1509af88618c8cb273196c4213e26c2219c3a1fba9ed8c51a22d871e316ccc 15ebd16ebf49fc507f6689684d6fecd09ff12a86 b8efcd7883d58650b7a2d13e5e43390f
M19-urz01Gh0stRAT_e50cab6fWindows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.e50cab6f7d84555e294f1d0e8c691064https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html 072e4fa823cf7e9646dd7e1aaa3a308d9e789700dccffacfb646bf7c7fad9ad3 3edd1a5e33406831a2797e9d341decc166ede290 e50cab6f7d84555e294f1d0e8c691064
M19-6ic01Netwire_cc666d41Windows This strike sends a malware sample known as Netwire. This strike sends a malware sample known as Netwire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host.cc666d41d5ac0e8ce428362cb66e7041https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html e0acbefe824d29143e303ba8596d1436150bf1ad7ec533b56e4ae2b1bafcf07f 2b5125bbac488594e8605a7b5ee642a5e91fc51d cc666d41d5ac0e8ce428362cb66e7041

Malware Strikes November - 2019

Back to top
Strike ID Malware Platform Info MD5 External References
M19-gus01DarkComet_1fa0421fWindows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system.1fa0421fc4a708c047ef588873face99https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 6283cb17aa670de5710f160fe411ba49cd8d6f12ec96141c787311f03d3dbfa0 b3decfb6b5849129e56a58f9f14fc0da5bf4277d 1fa0421fc4a708c047ef588873face99
M19-gpx01Remcos_ace36d4dWindows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.ace36d4d07949c1d96178b5990176e90https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 7df44706454b41154f074f55a4bb5c42942a7e4a2dd244dd3d979dd28f81c602 a30ead2ed9240fc2cb19098ceff9036ee7766fcd ace36d4d07949c1d96178b5990176e90
M19-10r01Trickbot_81502942Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.81502942eab49154ab3bbdefdaaa72bbhttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 84b2e1dadf6434fbd682ad5443c07fd584e9ba90ca78cff4e34453da08f9b1a0 183f70605704cc8ca523b416f5f70e3d82fd3f26 81502942eab49154ab3bbdefdaaa72bb
M19-qvp01Zbot_c85cfb2bWindows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.c85cfb2b35a83d76562ff7f7190bf2fdhttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 23a1c96747d375ef9098389078a48ffe53305fce872ae8d056697aa1f4aee4bf 5f3ff557e3cdb3396bccef3b98228562d9b055b5 c85cfb2b35a83d76562ff7f7190bf2fd
M19-vqs01Trickbot_41ff5c4aWindows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.41ff5c4af41e5a1095c121e9c0bae244https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html aa2709ee07f4479a85e0d64e8f4f08c87ff747fe658f8e93e30713ab6d46724c 1cb1ac4ea6b197bbd4b1737b73e84c55c47e1f16 41ff5c4af41e5a1095c121e9c0bae244
M19-k1t01Zbot_17023300Windows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.170233003e9260c66644d4b676be0146https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 0008d767954ff4cd48317862040f44a8550279d2f80730db9d8c9a6c3e6f69f7 2ecd59f7ce89957e46216e6924495d15343f6c2e 170233003e9260c66644d4b676be0146
M19-onh02Zbot_a13ca371Windows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.a13ca3713479a4219d3fa14610ccc124https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 249534c79cd24e2d4f756ee051f5fa3da34a85ac4d60b24afc19d0d01b03f446 61f817186eb4889d4a679a060a5b1803408ab3be a13ca3713479a4219d3fa14610ccc124
M19-eev01DarkComet_3022bccbWindows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system.3022bccbf3617e109bba665eb4c5cf0ahttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html d4c3d0934d55956d694a8097bcd0b69c4743e681ab1985e689d71827514fdd63 153439ed6eca57364757cc2877ec5d2db4df2c3f 3022bccbf3617e109bba665eb4c5cf0a
M19-j2401ZeroAccess_1e809110Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.1e80911037d3cf2aaa21f61861fe61a6https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html e8a06267aade079e638ab09d0ca9b2697079be1292c237846f93bf802d9c8746 8a3127f86aa5994800f58aed86ecc03acd0e7091 1e80911037d3cf2aaa21f61861fe61a6
M19-gl801Trickbot_83d0cd5aWindows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.83d0cd5ae210332bbed3ac6b0d8cd573https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html a169e851112a15be3a17a6059e50cfedccd2928a7a2afde40aa21a13bbb31dd5 5468aca78ac607b07ea4fd50e8ddeae65ce003f2 83d0cd5ae210332bbed3ac6b0d8cd573
M19-vis01Zbot_c433168bWindows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.c433168b02db7431950fe58a6922fd60https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 01b1b04fd8af635ddc5953b9c3bd87d510c38476477f201fa59b6ac1ebc89265 32edeb978d35eabe55403e59520df9c203dfb626 c433168b02db7431950fe58a6922fd60
M19-mf201Remcos_749d98c1Windows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.749d98c138964f41d417bd3cbd0e5149https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 99f7c0b78dac66e3fb5c571c466004e97ef6a75662ed2b1a7e49d17f85fa66f0 0a6bffe6c89e2e1b937387a602bdb2241576f600 749d98c138964f41d417bd3cbd0e5149
M19-ie401Zbot_0c620808Windows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.0c620808ad53d50093fa94837705b49ehttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 0878a61c44c6f24ea9b7455e663c9ae1f059f5581067957564af8cc90d7bead1 26d6621c1023212c97f104481a3db8d8594f9fef 0c620808ad53d50093fa94837705b49e
M19-1rt01Phorpiex_94a0f5a2Windows This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners.94a0f5a2de8f5146566e17ef4bf3fc1ehttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html af69f159ac7741ff8c72ea41fe76436512c84f7de6870caa6268ca28ac87aabd f46e9d32630612faa69aa1b315ed21c18a74dc0e 94a0f5a2de8f5146566e17ef4bf3fc1e
M19-igw01Remcos_6e89391eWindows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.6e89391e5b9f4d18bb82d1a8749543e5https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 1c74e101e6c49184a2766afafc33ab421900927ca39bfb8afc6e0c29c1d4bc4a a22aa193b0dcd79d9bd6d2a671186abfaf319373 6e89391e5b9f4d18bb82d1a8749543e5
M19-i8601Trickbot_97a4da2dWindows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.97a4da2db4c7fb864c1e851a910a227fhttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 918b82b76908de34fc26f1addda953604c608071d2e960aa7ac024dac36b445a a65a9a889aad702702f25bcad799087f26c771d8 97a4da2db4c7fb864c1e851a910a227f
M19-4c801Phorpiex_5b7026daWindows This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners.5b7026da2a73f9079b79e2083cd89dc9https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html d70bed520eccb3afa3ebaac4a1644e1b603e407c386a5a3dfeee864acc8be52d c9e1386b7a32d5092479bfebbccdf080c9d912c1 5b7026da2a73f9079b79e2083cd89dc9
M19-vdg01Phorpiex_55c7f0b2Windows This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners.55c7f0b2984542d2f77d86656c4b6acdhttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html e96f931910f1f64cadda65519f52c5ccd2311cd9d4aa705815b28a21559a4f18 69ee06b7acdbad334cd8f607eff6ba488f3ddc8a 55c7f0b2984542d2f77d86656c4b6acd
M19-vao01Trickbot_ef098d4fWindows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.ef098d4f7ed780fe9b48212143ca7942https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 8a8e4c0576135b4d7e53e8d371cbaa3044d04aa7487b5165d3a25c7ceb98ef40 bf3c71d05684b941dcb8d5542244fd82e77b24f6 ef098d4f7ed780fe9b48212143ca7942
M19-ctr01Remcos_5f8e9032Windows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.5f8e9032a3cfbe516116cd54d2d50947https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 5752b25814c46d5084fa204ab381a18ebfb75fd0229ddac048fc673607ae52c1 740860ce185dade221d3e49d3facd85d1af97d9c 5f8e9032a3cfbe516116cd54d2d50947
M19-b7a01Remcos_605f8350Windows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.605f8350f2fb5f8a4d80094e1fa1bedahttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 622bb6dc7e751fc9352e7a23c9bc3ccd2e1855f6d5c37656516a54fe63ae6230 dbfdd20391772a75aaa33b1ef444715377f6a07c 605f8350f2fb5f8a4d80094e1fa1beda
M19-vh501Phorpiex_e5faf9acWindows This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners.e5faf9ac1eec39f587f2e5f7d90cc067https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 94179eab10b3a394790f3bfd5cf10c5bcabb16cd534997f6361064ac5e686342 46eb345e49b358077070855d8ebe5010f9b05e94 e5faf9ac1eec39f587f2e5f7d90cc067
M19-5qn01Zbot_ce704ce0Windows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.ce704ce085ae85d89fad16dbe1dfad4ahttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 24cfdb52074fedadb316ec85968e36576f44660b618edc8582c4a9d1134a4344 82e226da1cf97f0b34c78d4d91eb1db52fe4b272 ce704ce085ae85d89fad16dbe1dfad4a
M19-qno01Remcos_dda19f33Windows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.dda19f3387325b1c91056470f086e47fhttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 46eb980bd84f49f16aab9a9af815caedfffe92ddf0db272b330f6a9b625716cf 8f3f33ae032f51312405356a100310bc6cfeb357 dda19f3387325b1c91056470f086e47f
M19-vge01Phorpiex_36ccfbe5Windows This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners.36ccfbe5c7cfd8e0e03e342eda3a10a7https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html e1ef644770cf7cb312df7b2112a140386e246e6bb8c5fb607707e08bc1ad31ad bf733a77bc760fa4118b218e921a7c03e3a79a1f 36ccfbe5c7cfd8e0e03e342eda3a10a7
M19-36h01ZeroAccess_50bf6b6cWindows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.50bf6b6ce6a7f1b0f71042a9fa35a85ahttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 559ecb68cce08a6d1d5b27d96295fc81ddc3df2edf1dbf3d765a9831262402c5 7a2c8d1de7cd337731b20338372816cca4dc2aee 50bf6b6ce6a7f1b0f71042a9fa35a85a
M19-y2a01ZeroAccess_a525893eWindows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.a525893e0772eb8000ec51ef38eb7db8https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 1d2d42263d68f09b1946be33971dcc04706ccc597993007b59806c3a23f1ffac 269f05dc9cc55212a472a484272a974044d018c9 a525893e0772eb8000ec51ef38eb7db8
M19-5i301Zbot_0c909111Windows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.0c909111ff7d0c1983ca313ae8463535https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 296d4d39691aa73e5392b57a1dff3cf34f7f1e3548ab38d22e7c1bcceb30fc11 0b6f60857ac2db88991284b76eba584729226e8d 0c909111ff7d0c1983ca313ae8463535
M19-d4l01DarkComet_ecf0d4c0Windows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system.ecf0d4c09c2e778adeaf072ae0c81dd1https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html b7cfcc21847f1be733342c7c635d30152e3cbc7ac456d44faeb3d0d61933f02d 35d536f641491770e3926e7b0dc15ab17b741345 ecf0d4c09c2e778adeaf072ae0c81dd1
M19-ddq01Zbot_e64184fcWindows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.e64184fc2439a77023931d4fa290bd06https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 0be41d1d76850b8b1bd55121ecb12c43b20493e7ef00a83d366092998b126a66 408258fbc0644daac993ac7c3a28c0a84d16c02e e64184fc2439a77023931d4fa290bd06
M19-a2b02Trickbot_ace78c34Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.ace78c34cc8f220b21645b7a3618465ahttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 90343d4a110021355c361ba1187512cd992644f1f563451014c330b6100c31bb 7e9b85803f26de44251c36e5bf736c2de8ebd14e ace78c34cc8f220b21645b7a3618465a
M19-12a01Emotet_eebf6a4eWindows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.eebf6a4e9cdcf557bcac80a7233e73c2https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 02fc8369a88b82e3f3071515dacd5d66dac4a7bbc30c0273ce94f1d1c17016c2 6cd34102ed02a66565fce08e3bcf2681b2ccdc56 eebf6a4e9cdcf557bcac80a7233e73c2
M19-1f501Zbot_f73d48a7Windows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.f73d48a7e35421c3829260172676c9e8https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 29286b6965a37a18bb510f2ceff996456133395c0af62e2d87e58c86877b7a5b 567e0dd3ad17fe189acbbd9308c3d0142a64f0e1 f73d48a7e35421c3829260172676c9e8
M19-6xu01Emotet_c6c7a0d8Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.c6c7a0d8d0c92d6962ebd522204ae484https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 0358ed9153522829b222680b6308ca2bfbb9af02f7577527d290bd6b5a45741a e531c79f18c72dc41cc259b4579e6bff2002f6ff c6c7a0d8d0c92d6962ebd522204ae484
M19-qk401Remcos_def4642eWindows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.def4642ed5253721fa1ad334343a38dehttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 44a4d693d208abf527c5d286fdb45791d6bc97fbda6857f2d952a659a39f02fd cb9498c85bbe63fba7ee8479d274138aee092515 def4642ed5253721fa1ad334343a38de
M19-blm01DarkComet_f71f7d40Windows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system.f71f7d409428e7f2aa4f90f2f50476b3https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 54f3ab508247399214721d27e61b5f9be1797cf54e1f80590a6075f1086df697 895234b427c9b02833c39886f4958819ca63c2f1 f71f7d409428e7f2aa4f90f2f50476b3
M19-bim01Trickbot_30ae7f57Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.30ae7f57f89c8309d0b73651503147e0https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html a94fb77c70d6d08e50aa251e619f7f6a2bd0983322677a5f0b38ba3cd2c46abb d9a8e88b6cf7ea229f91309755d67cf9b8f3179c 30ae7f57f89c8309d0b73651503147e0
M19-fpt01Trickbot_50e1701aWindows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.50e1701a6bfd55c4ee39ecdb0ec4b051https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 99aad62bb62905258fd7b9ee63811f16c0cb686dc86b49e5f33e0d465d2ecc0b c0f9c424b8d3ce1e1f74c82c6ac05ad043936ec4 50e1701a6bfd55c4ee39ecdb0ec4b051
M19-iq801Remcos_c64ccf8dWindows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.c64ccf8d1b465a4b135383643dc916e7https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html b1b18b3fb4c4da002c4f8449042569a53be13971036b2b15bccb8a31392e8ce8 ecc41cb12865441427c2629b96075179c57b178e c64ccf8d1b465a4b135383643dc916e7
M19-6gs01Emotet_dd617d37Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.dd617d3790334de1f26a546c61adde10https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 08a60b24edee93c10a2f7f88f771cada9d5fdb220e236ac7685bc5467187cc7d cb7985e5953650f57918342d753072c020d784f7 dd617d3790334de1f26a546c61adde10
M19-jh801Emotet_46575cacWindows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.46575cac33062c3750e572a066980432https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 23f18138a5aa4ff7284e25faa8490b14706170a7980b73a2cb69527fa19a9655 c51a829cf2f9a90130657b6b72e579d2966c93c3 46575cac33062c3750e572a066980432
M19-n8r01Zbot_a6b6712fWindows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.a6b6712f486b581fc137fc7bfbc55a38https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 20a5e8c87d9d5f9c4f212c8324e1c51941c2c92e4193bb460454451c43763c65 25d3b730ecb1a161c5d03941ec6bbb83fe166008 a6b6712f486b581fc137fc7bfbc55a38
M19-u3u01ZeroAccess_3a5d44f6Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.3a5d44f63bf420d12caf06cdc4859baahttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html a026a103b42e4fd2a1b1b21931983d477e53b94210900f2a464cf71dd4868f27 e55c6fdd2cccc73ce2a0aa34f550f9d57125e20e 3a5d44f63bf420d12caf06cdc4859baa
M19-ox101Emotet_ae03a6f8Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.ae03a6f8fb74d401b403647d28e21574https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 1ad1ff05930f27ef4b349c7a612235d1632ef7ceaa1a17adf7c7b3a97b40ca4d 6ee320cedc77499f5df9ae9c93ef42c0d91f3ce8 ae03a6f8fb74d401b403647d28e21574
M19-ajp01Zbot_5e30e5efWindows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.5e30e5ef75f2237ad99dd7b3c41dac06https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 2bf03d005dc768b24c4a27218e41c5781902edd872f934d24c02958fd172fbc0 08539c81c6e93e4f2523fc53b6d057db6a3e620f 5e30e5ef75f2237ad99dd7b3c41dac06
M19-iqc01ZeroAccess_48b01d1eWindows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.48b01d1e3c24c7be49760f773cbea031https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 9117e953fe785d1b5c2f350921bd8ec6e14f1e34c0a26059c66c4abfb98e7a55 5c8c5eed11eed355f85b0aca019ac49ee95370d1 48b01d1e3c24c7be49760f773cbea031
M19-3xk01Phorpiex_9707f717Windows This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners.9707f71722590082d86a1d596ae7c253https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 01800a0b77486384e49b910debe10f7cee0b315bcf58fde71697f0dd4ec3540e dbbaf69d3029fe2cc8b5941e754200e822b98597 9707f71722590082d86a1d596ae7c253
M19-4ef01Trickbot_49c19c0aWindows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.49c19c0aaeb04d00ce5d9d637e0f25b4https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 977cc7fd45f54546066ab08ae04f31876d2347948b2631a011756f2a45f8588e 3e7daacc43c343a0e676430d663e3ab1a4647c39 49c19c0aaeb04d00ce5d9d637e0f25b4
M19-q1y01Emotet_27ae4d0bWindows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.27ae4d0b6cad6ab284b1851df1923d47https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 2a80f80c219f9554c9779e86c47a51a27858a767bb7b1c45b1d52055f6b9a30a 06a40e791c9fa900b5e4e632f2907abc87c6892a 27ae4d0b6cad6ab284b1851df1923d47
M19-zmd01Emotet_8ba55889Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.8ba558894ac03bc2c8e95b165673beedhttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 0cc6fb091ca3119744ef99cc1a75bf093351962ede75fe01d9689ad6e611eed7 0baa64bb5aa6b0369e5e40942a1682871d9f7f1a 8ba558894ac03bc2c8e95b165673beed
M19-7g101Emotet_a75f1238Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.a75f12389fa58ccb23fb519df6df9e4ehttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 179dcfe6679c7d9e7527dbc7280807c7abe2ab8b6cd74671ca3a240bdb9f9b13 2c77d7b8d6dce69ab21194792e4164d18d5cb42d a75f12389fa58ccb23fb519df6df9e4e
M19-yv401Remcos_1a3c5d01Windows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.1a3c5d012a6c911e7da061884bda3653https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 2993970ed0df750fb8ead03397e7d209d50c790ccea889f8cd3a57a3257d229a 40d6d28e8392c3da1d79c50ef20551cf44fadab7 1a3c5d012a6c911e7da061884bda3653
M19-7ad01Phorpiex_557c6d63Windows This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners.557c6d63173e0932c10723edfeabc0c4https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 5cf483ced208bc37ee1e71346a22615c88ee294a8b3b411b5d11e77571e2e4fd 0e18418257d43d417898fb6372d12286218692ea 557c6d63173e0932c10723edfeabc0c4
M19-10901Trickbot_6d1887e8Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.6d1887e860ce594f58e49ddcaa911182https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 63fc0be214ba24b78e8af0c3fcc739bc65f2c93f47f2c0fd5fc36fab7c3b1ee9 0cdd5f392da1d516e309af43469fb92783782222 6d1887e860ce594f58e49ddcaa911182
M19-c4h01Trickbot_ac990e4fWindows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.ac990e4f02d712c43118366ca0025819https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 8b3ce83864c0fe181a9dc5fc05db1ed0f5b8fa8afb21bf47e13cb42012f99d37 b3c3ddbc02db2ebaeff2d0ae6a22a2e235d6d337 ac990e4f02d712c43118366ca0025819
M19-jft01DarkComet_b98d5243Windows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system.b98d52433adddf98fe759cfcf91cd192https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html fbaf7fd94f82e6f9dc6de640564350f00b0901763249e14ad29748a79bc41a43 17b2f078e3c09849d27d1cd543a3c5f2eafe7c94 b98d52433adddf98fe759cfcf91cd192
M19-rob01DarkComet_262898d5Windows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system.262898d5151272199ef45df4afc84cabhttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html a7b843e8ece17f12410ed58e1de94c03126d74192d3732dae6071aefb6b190f2 b31d62d2e9d0f21b37151bb0aaf6a8d96c647e61 262898d5151272199ef45df4afc84cab
M19-as701Zbot_8d2d1cf7Windows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.8d2d1cf77f9a3a885ee6265d8377c696https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 285c4a1f783602c538395337b0724f384806f308be12fef1654f77f667762412 f1f634cd47998e4c1d325800984fb21d72dfc02e 8d2d1cf77f9a3a885ee6265d8377c696
M19-3ra01Zbot_f715b6d8Windows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.f715b6d88c401e1676f267916fa8af21https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 08c3aed6e3b36b219a22d80947cb02a1da27cdd955dcab8938f366c938641d99 42d2407153dba744e1efa2d220027f112febd867 f715b6d88c401e1676f267916fa8af21
M19-3fa01Trickbot_55f3c900Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.55f3c90084c265be03b6d4a96f8e6f6bhttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 533fbff0ab14351994eda4fdbfd54521f69b26aea55f1f4cbdc0a766ea665475 b06d1ce9881a3d92b7096a4a6e80488ea6ce7d04 55f3c90084c265be03b6d4a96f8e6f6b
M19-7qj01DarkComet_5c6e1f90Windows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system.5c6e1f90d79e621348d0460c01ee5f9fhttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 3201cfb883cd1c3b8f13b639a40cd08b3a701df41d6488228b586d7909a6f9c3 c06b0094c99b5868422d4976630ae64d13a4d2bd 5c6e1f90d79e621348d0460c01ee5f9f
M19-urf01Phorpiex_4b4bb13bWindows This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners.4b4bb13b3fe355e85630394bcf2630e2https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html f22b9841d6cfca96f89543e43f6dce478dbed764c3083b7a2dce8ba42e8a2b34 0969cb588f9797335a44595ffc881adc16177cb1 4b4bb13b3fe355e85630394bcf2630e2
M19-6qj01DarkComet_d9e0d95cWindows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system.d9e0d95cc46ad7c31c4e3962e724f156https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 384fb4c37f5649edff99a8ce89b65b66a74fffe0e27dc8ad0abc6b949391e7e6 61f28daaaa608b05c8bddb7a1a0372896b6c1072 d9e0d95cc46ad7c31c4e3962e724f156
M19-3ph01Trickbot_518157bfWindows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.518157bf4252bf852f739d90fbd1f5c8https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 3614608cb133bd6ee5c664d32a70a4f6daabd51c5aa3e8305481a2c8e8e5e050 2437e7d33ca27ee1e2882276b6150e3a7cae066e 518157bf4252bf852f739d90fbd1f5c8
M19-r6l01Zbot_cb14b3ceWindows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.cb14b3ce72ad7355d4399841b2f7a46dhttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 02e089e46e5d3a515394aec09a6f8a37cb8be989730bc9a7c29660bfe8f2e1aa 43d0697062da989375bfe2603573173f9f64814a cb14b3ce72ad7355d4399841b2f7a46d
M19-03k01Emotet_522535eeWindows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.522535eeb50ed0dda2a876fc67afe47bhttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 2275693f9a5b245d54030abaaa757f799c369df22b26cce4a8df84d1497b682b b3da8bcc175cd2acaf7a5f7a97ba7194fdaeef1c 522535eeb50ed0dda2a876fc67afe47b
M19-qgb01Trickbot_d0d3882cWindows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.d0d3882cadb3da6593d6ada34698bbbehttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html a77f072f98bba728809627c5cce0408dffd1e6277a5febf654f11c8e5a63f6c7 c652cfb0179fb8d61693643a6001908cfb097afb d0d3882cadb3da6593d6ada34698bbbe
M19-s8901Emotet_c890c0f8Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.c890c0f87c24af4ac172967b82f9ed43https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 05cb5ec98746d64d138330942f339979762f3d9e2103176927e5298aab38b44d 4bf8d84d996ba88d6685a1f2029b6b65a82d1dfd c890c0f87c24af4ac172967b82f9ed43
M19-u5001Trickbot_05ebc848Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.05ebc848f26ae1aa433a02f419198fa9https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 33174b58598cbfad8263865a35541f8cb45fb8c6bfef793fe8cf959386a01f5d 4aa2681a1c02e1ddc0e3f926abc2737a2f1f07d8 05ebc848f26ae1aa433a02f419198fa9
M19-h1601Phorpiex_dec0416dWindows This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners.dec0416df4f22eb3f65c2c919a8f30fehttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html c6365099edb25124ad0ac0ffbe5a246d3d27a15c42e5bebb3a6a5994797611ef 88ccb465aea9b84e778c84a285e2dd58c379b784 dec0416df4f22eb3f65c2c919a8f30fe
M19-gtr02DarkComet_7165067dWindows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system.7165067d21c676db6e7548717e5ba705https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 3ca6b7c42876362f7c1b27c86e45f5d95443a385ffa01226ab25cea998176219 d7e4cf337148e5cd4e65608bc409ef0f80cff0c6 7165067d21c676db6e7548717e5ba705
M19-bxc02Trickbot_f85025d9Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.f85025d961b957b22ea38b11ba185bd0https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 0997acfd174ab60400f87700683b13a8e30003187a1ac95f8e03e7ef42722ed0 c6de20e1f20e2d8e3980c3e202afbcc6a519bd65 f85025d961b957b22ea38b11ba185bd0
M19-gjw01Emotet_61c741e6Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.61c741e6f835aa90c291c21dd2e4bf7bhttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 1360747298f09ad4a3231036c557fddae2e65e0544fa2bcd42847fd13793eeeb e0758adf028a63dc79871d0ab86f67a30493cf05 61c741e6f835aa90c291c21dd2e4bf7b
M19-48z01Emotet_1ac1c7a7Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.1ac1c7a701f60f669da981feda1e6beehttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 07ee440c02863990aa804fe41894616f5a660a07cea93bf9f4e21b379637cd04 e2c15725b5604100cd37f6ec40eaaab86d7286b6 1ac1c7a701f60f669da981feda1e6bee
M19-8x801Phorpiex_0492b5fbWindows This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners.0492b5fb4e91f6fe686c4d26e0e84f2ehttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 43503180b734d83a724db448cd4d94b1b4a3096dabec6b9411af061337af8c35 c5218deb28965017aa02c09d954d92f00c8c275a 0492b5fb4e91f6fe686c4d26e0e84f2e
M19-gvu01Emotet_886b150cWindows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.886b150ca810a5aecc753c1fc7b5dc29https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 2089c98c6d15a5c669795eea5a310ec83cbf7614be2aae5bc1ed1721e406360d 6be9983f1bf170d78c5bcb5b99b0604eb3fdde17 886b150ca810a5aecc753c1fc7b5dc29
M19-pqs01Trickbot_08eac24bWindows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.08eac24b6c0724438db7cc837f0feb5chttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 6f9d90e562dbc99bf48c6da0f62acca06483e4cc237f823fd420972e4cab8acb 8faac3acd92e6ffd23b1bae45fd443613706d4f8 08eac24b6c0724438db7cc837f0feb5c
M19-l1a01DarkComet_9b67368eWindows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system.9b67368e130d19e987ebe0508830cfe6https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 198fd0be4b6734556acf2ac56b3caff28d402ef10c0875180ab02a62d320b9c1 c5634d7aca1b276413118d971f5e38f804c00370 9b67368e130d19e987ebe0508830cfe6
M19-h9t01Emotet_e0070475Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.e00704755af09aaf23f2b531cb05a2afhttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 2175ae9fcf2321d5855a81146a650a9fe69d622a3d0303076fbfe32ddc645bd1 b88fc470be9374d8b4005d8b7f9d9cb040494692 e00704755af09aaf23f2b531cb05a2af
M19-gco01Emotet_33a11bedWindows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.33a11bedd56b4a3d4ff68e1903e34822https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 10f54c55d5df2aba0a5f86addb10e2b6022040f9e30541e865e823456526d181 4e297190479b6bdc59431b58a4f2e841b7cec043 33a11bedd56b4a3d4ff68e1903e34822
M19-1cn01Phorpiex_1b3d27acWindows This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners.1b3d27ac65b78dbecc430a48eae3abf5https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html cea3556aa39780fa88283ac4b89f75bb9e0070fc870f8c2f2940d74c124999ca 0b3ccdc7c09d38f29e58834c08a0f3fc86df37b3 1b3d27ac65b78dbecc430a48eae3abf5
M19-gzc02Phorpiex_893ee291Windows This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners.893ee2912607aed807d4d8fdefa42adahttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 8e56d2ba3bf9e86c66e0eeafe453a8c36f692b4f22edb9e96fecaaef8e894d51 33c2f974836da66ec0c9d0879cc46ae2da12529e 893ee2912607aed807d4d8fdefa42ada
M19-d1401Phorpiex_e989822dWindows This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners.e989822d6e80e6bde7ee3ea5bef2178chttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html f00fe52b605c93783f69f8ff95605484c73600a0c4ef33336b565e3adfd7bf8b f6e22a0cc395a5cf6838969963dcfd19b1483d91 e989822d6e80e6bde7ee3ea5bef2178c
M19-qze01Trickbot_42a8f6b9Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.42a8f6b92747152a5985b2cda4811d93https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 93c68821eea7086225918c163c8480f2f49f3a6b155a221af7211c795ce6b32e 9a0d040549283a873b954619ab4d5378367c411b 42a8f6b92747152a5985b2cda4811d93
M19-mfk01Emotet_66eb7eadWindows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.66eb7ead010825ff0016a375c2d5cfc2https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 1d92855b93ac6e841ca7afe057ceef7c6a52eb1aa511c47c523d25c7f542785b 4155041776cb25b517b4384324bb81b9c498155a 66eb7ead010825ff0016a375c2d5cfc2
M19-cab01Emotet_42e9442cWindows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.42e9442c745081fa02d553f9294f5332https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 06bee1b52d91c40d92e37313f5a41dd75ccfe06f4081c8d82cc150de85afa8fc 49b70e677b60f3d1e5d973cbb77232754b5de095 42e9442c745081fa02d553f9294f5332
M19-li201DarkComet_50b2e01aWindows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system.50b2e01a27f34d8a010db12165705dd1https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 7175a539ad4450790dcb7fc70b3a83c8fb85001b2fca89e5bdef6b106175c586 c790aacc16a8a91061f297ec6ba1ef06ff3b6220 50b2e01a27f34d8a010db12165705dd1
M19-zq301Emotet_855b2368Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.855b2368ea7760f011604f7cd0132088https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 26213f98dda98e08963a7a2934a6eadb665121a23aa14493cc45f5c6b23e7099 01d6eece505290cee666c7757e8ba6b95016792d 855b2368ea7760f011604f7cd0132088
M19-xa001Trickbot_09f87895Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.09f878953684a88db93c74a3a88fc110https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 1b4e99fdce2dd1e3fec9d2544d998991b7db608fc546f3fcd095116c74abf5a6 a28b439409e5d7b2c62a97bea0ef05f1eac0edbf 09f878953684a88db93c74a3a88fc110
M19-po201Zbot_66b160c3Windows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.66b160c309e53cafbc453b24899d7a1ehttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 11f76ef08d086a6e3f87466f8a77c7bc63dd754dbd5aaf27deaf4e78abe46c4e 6b6988c11dc2011b94bf322ff1c9e5a3874e5a16 66b160c309e53cafbc453b24899d7a1e
M19-q2x02ZeroAccess_c66f34fdWindows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.c66f34fd3c7ee0c616be0e683995d50dhttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 907c8629bcd73adf85f6163bacf17831830f0410f7e9840a146b364fb0bb2945 a0963ff2f89b29b1319f578ed6d7b2a85ba3a8ff c66f34fd3c7ee0c616be0e683995d50d
M19-fil01Emotet_122bd634Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.122bd6348e0affd7a87984288e06bc05https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 15683fc25f400427b06f471235d0080d9b340760e1cf0e53b402cc3f92724904 697c0e238d5cd60e6d960a53e744dda72375474d 122bd6348e0affd7a87984288e06bc05
M19-hrd01DarkComet_91c5206aWindows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system.91c5206aa27921d6b50f3dd962518706https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html b18d500a121437df8d1170fdf315b8dbe53d0f69214963a665c484bc47a1d3cd ccddc92f58a60edb9f0c2f2b81ac144396695cec 91c5206aa27921d6b50f3dd962518706
M19-99o01Phorpiex_6c7bea45Windows This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners.6c7bea450225c2ee40a01b9b936d7157https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 2032430a872c8bf354dcd1d6ae0f7aca4d02f5b4f0dcfa43ce3d1f795c8c9c72 eebb2820cf04858991b3dfb4b08a04456b11d4fe 6c7bea450225c2ee40a01b9b936d7157
M19-7ly01Remcos_cf8d2a5dWindows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.cf8d2a5d97ac31fa92d97f463258b56dhttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 3a725a79cc91e882a52237eda542e29d44734c64fce0edd924e1fee62e69bead 62d4bf34fad6ec72c9425834835e827b5f146645 cf8d2a5d97ac31fa92d97f463258b56d
M19-xxh01Emotet_66d9ec4bWindows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.66d9ec4b741b685e6f552076e125efc2https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 197b6142da885afd536a49e192dd6259abdb324bd3a278850c74b54d3ad819a4 2b3223bb2c0dcedd3c5ca34e4cb47f681e74f514 66d9ec4b741b685e6f552076e125efc2
M19-iin01ZeroAccess_015bbaa2Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.015bbaa2abde0dd847778cf1125589a6https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html b05d35fe02909b09b6a2c347f619430495530617f209ddba7b357db26cd154d1 fdb693a53a95540a3812898e36cb4ee7047ae149 015bbaa2abde0dd847778cf1125589a6
M19-i8b01Emotet_f4bceb90Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.f4bceb90e7389254202b22cfd1d05aaehttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 0aef359713281304cb60b92f7f9a4f046e7ae0902809830a306e683830c0621e 602acda07ac06afbbbc38f56b60465b2b9de8ef5 f4bceb90e7389254202b22cfd1d05aae
M19-ra501ZeroAccess_7e33cd06Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.7e33cd066481d929a3117813f51a8275https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html d038daa7418565e12cd449a5c13d9f36eef7c3cf76c7739db4f41df68649837f 9a90228c6596baca07581f389bc3a37c83a81cd7 7e33cd066481d929a3117813f51a8275
M19-07o01Trickbot_0a5bcc69Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.0a5bcc690244bc23e2429d70a5b28d50https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 16a4034a84ee8568cb2f8eb5dadabc4602c0a8e8868f73672d50dfbf1a7f4d58 8ccba863529fb9298cbe07e9db40c591e69b8041 0a5bcc690244bc23e2429d70a5b28d50
M19-chr01Remcos_8ef4cae9Windows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.8ef4cae96c9e53d1897b95446998efabhttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html d78ec2e34df6a80321bac318055f095f49f244117f0307e3c59aa7326f834ca7 46962f3031094196f1ddc92d77b6816e6ed57c3d 8ef4cae96c9e53d1897b95446998efab
M19-zbb01DarkComet_09f30e92Windows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system.09f30e92fceabb75e24bc968b90ed9e6https://blog.talosintelligence.com/2019/11/threat-roundup-1101be338.html 386a72805830c4e97a5970ab2c50e973394d2f0c2d89f1be33219a79ae988ab5 0204bbd81de7cfb875cee853a5e3221ebeeea231 09f30e92fceabb75e24bc968b90ed9e6
M19-3u101Zbot_a5667e9cWindows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.a5667e9c1d8e440036e99e25371d5a01https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 0a586547643e008b351990181c6434a4ad1b1d91e2d8cfd2dcc654459e415652 97a8eee96f60511116a475db06df5835080bdafc a5667e9c1d8e440036e99e25371d5a01
M19-2l301Zbot_6be0093cWindows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.6be0093c0a77b928aea6f6dc41cfe7b5https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 1142bde6260aacc7770f40931f1b10a3d72e479e482536590df5c8af3fe7cdb2 7d5520ca82e035ab7738dfa133438d329487327e 6be0093c0a77b928aea6f6dc41cfe7b5
M19-ih201Trickbot_47f73227Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.47f73227ff677ec0788803fc9b5f28e0https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 690160e08d961b5eb173e8d83489182ff1bc593fbacc1ccef29d34b2c123f852 de04aea0d89de5e559d0a6304cb772969da1fae3 47f73227ff677ec0788803fc9b5f28e0
M19-y8n02Remcos_68b713eeWindows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.68b713eeff5f58707db4a57deb4106b1https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 2a0933719e5f6762061641d337324fe2b9778e13ac4785dfce00b10e3134a7de c0d8bd679b1aac7146bee3659ff234539b78f065 68b713eeff5f58707db4a57deb4106b1
M19-r4501Phorpiex_3aff2563Windows This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners.3aff25631bf938d94b3e66d74b3a364chttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 7aa31bf90f13024bbcb547c126115b112b17a130fc8169712351c418f93516ca c3f54c37cc4928c4fb13b1368a836a177dcd995c 3aff25631bf938d94b3e66d74b3a364c
M19-jjf01Phorpiex_cb4e05a5Windows This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners.cb4e05a527649a89ee2f4516fc23b818https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html ca4a36212c31444ed2f0c173c0fb9a2ca43a8cfdf2ba7663b3eea52e150a02f3 a9e288307aad26e10c4bd7d77acf89e58e80bdf1 cb4e05a527649a89ee2f4516fc23b818
M19-vhf01Remcos_4fdb3ee9Windows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.4fdb3ee91b1a85e56a2d27972fbef885https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 01f18d1d2a28f1fa3df286d745ebe04521031af989db17818db42f6118417f60 ebf9dc56e8c6582ff4808659af95f303d2142469 4fdb3ee91b1a85e56a2d27972fbef885
M19-uz201Trickbot_d31fa425Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.d31fa4259092c12c59329c0db9696aechttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 1d004310b4da6128d37fbbc500fd2edaaac340ad0c02a6d955bb865b6bbf5a36 c910e19200ef7d4e1505373b1b5bcad2ad8bc0f3 d31fa4259092c12c59329c0db9696aec
M19-45w01Zbot_c124b5d8Windows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.c124b5d875ae07b11072edd6e039cf67https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 171fdd6c8d3e43050ab23eb0327fd74094ec7d813c5fb4f2f5668a6650e5088a 926bec213c12fee2638984b0fa1dfe3dfe1ec01d c124b5d875ae07b11072edd6e039cf67
M19-5yj01DarkComet_53ebc34eWindows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system.53ebc34e9f1af928e338ea3ad108c132https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 42b444b7738492be745183895147d005f825dfa44c4b2cb1e256f6a146e3fa63 5399134fde2666916eb29dc97820e7cd818be762 53ebc34e9f1af928e338ea3ad108c132
M19-nn401Trickbot_ee7a37c7Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.ee7a37c7032fb73a66bf1796fa86c448https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 3be01a7decf86e147148172f9fd49a1dddb0fc61fa19f1f513200bef005d5621 6b9e6ac6e50484cbb80c35679473509673ab712e ee7a37c7032fb73a66bf1796fa86c448
M19-z4e01Emotet_b163c1f1Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.b163c1f1601b930de46ca66dc966891ahttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 25da27f6d266e9986c93a48d93be82632fdfc607416d42e183c27b404591a808 1e8d40c10ebe7620682de9255485044ec11cc710 b163c1f1601b930de46ca66dc966891a
M19-0cb01Emotet_2d5e8adbWindows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.2d5e8adb0784b0b80c905ba26dde57f4https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 068c95ddf6682151bfac5a348f3cdc83dd28dbb3636945893c40919e5c2529f6 45ea401f1a0db7374fd5cc300379765bf8bc251d 2d5e8adb0784b0b80c905ba26dde57f4
M19-q3c01Phorpiex_8ed3d42dWindows This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners.8ed3d42d6cdcaaeead757faebb93f28ehttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 86d2c77b7dc01092d3591f95f99a7ba79c06e06e83759b7965d18032102a823a 7d7df5a736272bedb2b877f8bd0eb5d491a589fd 8ed3d42d6cdcaaeead757faebb93f28e
M19-ra701DarkComet_a7dd1c3bWindows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system.a7dd1c3b146925c44c3ce39b86c77f31https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html dcfc58bbe29cd4d7634c21ac390cca9c3f12becaf8584ac3d3a90da2cd329585 0e7bf955f706586b416c5f39f7a51bdd7dd3b063 a7dd1c3b146925c44c3ce39b86c77f31
M19-13e01DarkComet_cb4c892bWindows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system.cb4c892b9d1d4bb7f7539773bd3aca55https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 7d82900300161ba47eb3ec68e9ebea0f55986a33affff5bbe43e0dd5fee2d907 95ea152ba6b714d9cd738e9373be091d7ef6c082 cb4c892b9d1d4bb7f7539773bd3aca55
M19-cas01Zbot_5601577eWindows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.5601577e5e1c6f29ff989d1ea180d74chttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 143471cc5a4f7299a4009841fb1b92ec52bec2f78b426281d0bacc02946855b7 6319d1ef812730d188b5f20e898ce14c5d6dee62 5601577e5e1c6f29ff989d1ea180d74c
M19-dh301ZeroAccess_4fe47838Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.4fe478387b1964651ef6680fab04e58ahttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html ec683faba46071aa2c11667714ee9d1abbbc1b4a6d6d024b77fc97e497eb5673 ed1d1d1231298ecf2267857b69c9d8e5b9cb8e64 4fe478387b1964651ef6680fab04e58a
M19-mji01Trickbot_5ba42e0fWindows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.5ba42e0f72a667083ba4291a4bd94332https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 22a575f49efea2455bba405158a36e037ffb74a54d19a3594b9b91496235b94a 3477bf45618b99bd5156d158138d745b00bf9e91 5ba42e0f72a667083ba4291a4bd94332
M19-7lo01ZeroAccess_1dd3fd4eWindows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns.1dd3fd4e257b88f379348ce2521f68b7https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 4f59080cc3450aab4dbfae69f1223e79069e3c315bac2df45ea845a68439bcde cc8ef15e9e5aaeace8069999e71f8bbb48823c78 1dd3fd4e257b88f379348ce2521f68b7
M19-fh401Emotet_e3cc0ef5Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.e3cc0ef51820bee8392d84bc608ceeabhttps://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 05813a34ed66ce894edfe1283dcbb4aac108a27a9d100cd1beda364c3a9a14d8 9ee50c2e179005607e605729c0c955d0c8978137 e3cc0ef51820bee8392d84bc608ceeab
M19-94401Emotet_85c071f6Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.85c071f64570c451763277e1a6340210https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 09b5cd03af0aeff661f64799a67a1e4b68fe95ed8c19f33b9f79c6ba891e1961 fb4cb6af74b05631c8bd13fbecb922222127174f 85c071f64570c451763277e1a6340210
M19-h9b01Zbot_d51d83e9Windows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods like key-logging and form-grabbing.d51d83e99a5d0cbee6c4f2a627544430https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html 1ed93147bbaf222006509898c620b1cb65866d1f57d12c7f69a0db49cb459730 0e5899984c3dfac38936425532859516ab5188b7 d51d83e99a5d0cbee6c4f2a627544430

Malware Strikes October - 2019

Back to top
Strike ID Malware Platform Info MD5 External References
M19-9s401Lokibot_90246fc8Windows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.90246fc89badc99554dd344ed4a06acbhttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 11ce93263d26a1d77158f01d3964e36753a90e26487560b52e26658dd935d2f8 7fc9e218c21194e74baf037c2960619f96b4006a 90246fc89badc99554dd344ed4a06acb
M19-edq01Remcos_17a0b55aWindows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.17a0b55af09a4691123f967542ff7a87https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 81685e6e788710a878b16cb2febbc7cff3f8bf5905811fc392e840da73f79b50 c2595f24fe411afc47679f0fe05df3a5649a5dbe 17a0b55af09a4691123f967542ff7a87
M19-1oc01Lokibot_e64e79dfWindows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.e64e79dffd8d5cda597f95d83fd2c6a3https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 842f8e3e24829467b0c4becd601cf310569cfc40320fef7242dd05d292c02bea 0871aac099fd7478ff8db00017ccbf6c8f57aeed e64e79dffd8d5cda597f95d83fd2c6a3
M19-o7x01Gozi_6b54f7acWindows This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites.6b54f7ace819cbcd19517ae69ea31b99https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 3509cf8e68799db2677703e49caea882b6d2c5971379ac0e8619aeb30876a2a8 016a2a939172cda8cd6f17f91a9d440aab4a893a 6b54f7ace819cbcd19517ae69ea31b99
M19-zsi01Gozi_d68674f1Windows This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites.d68674f1133db719103fb8e2e69683fdhttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 49cf6e4d3589018819869dc3cd1733a1b3c42326b52cc0e48edafe113593019c 7d1d706da7b8688c1ce08c580362581f0ab16fd3 d68674f1133db719103fb8e2e69683fd
M19-jcw01Esfury_7fd9b6baWindows This strike sends a malware sample known as Esfury. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.7fd9b6bab65b18e93f21fae39348ffe0https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 17ce758c92d7c785b153845c53809f7b04a77d6f0352dff7944057cb6ace4c8f 1919f4460af9512a5516b61dd5fd282fd02ae08f 7fd9b6bab65b18e93f21fae39348ffe0
M19-8ai01Lokibot_5df92635Windows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.5df9263526c68726684bf176f6a29c8ehttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 6c5b6bd100bdbb0680c9bcefc4fddeec307400fcbef04bc8adaf466b99a3bd69 aa41187515b85c036d5444e3d8158cd72b49721f 5df9263526c68726684bf176f6a29c8e
M19-gao01Zusy_562adfe0Windows This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information.562adfe09dadb4470baef2eb66f1c8d4https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 0f91c67b52b53430a9bd2e1a9df5b151056cfee5f026c1da0b5e2342cf9c936e 2cbcba6c0c6e3d4a1131f8148405964a2464d71b 562adfe09dadb4470baef2eb66f1c8d4
M19-qrj01Gozi_83a02216Windows This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites.83a022160f5495b3e11f2a0d7de3f1f0https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 3bf729f719580998bd65e13d02129e96efdd74448f84c504829f418ed87607e3 8a56e4884588d8112bb2c30ef7f2b8f2253c8224 83a022160f5495b3e11f2a0d7de3f1f0
M19-use01Remcos_7169edf0Windows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.7169edf0863f94b372bd27504b2c012bhttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 8e4638e4d6cc97ebc401533a5bd4cd22ccaca17a584f24610040aff5e8ffa64e 85cf426ae458dfc87ee88fb5abcb3520de9d96f6 7169edf0863f94b372bd27504b2c012b
M19-ino01Emotet_ae237800Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.ae237800c7da2b9afafb91666baa8293https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 289c04314df3679f04bf1817fbf1589fb19dbd481f8c20daac8861068a7c5a32 f356dfad72540336a54bbc81350107f0eb583a7e ae237800c7da2b9afafb91666baa8293
M19-nuw01Gootkit_47919d2aWindows This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts.47919d2a8632c13c9231f7f440cdf7fdhttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 7eb13e84eac78a616ef498adb7fad002e912fbdd699891a8b0da63f224a7c277 1967ed8ae099aded1f6b65d1bc3c7cfaf549051c 47919d2a8632c13c9231f7f440cdf7fd
M19-xad01Gozi_9d77a58cWindows This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites.9d77a58cb6aab4af5fd2ac3870ef850ahttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 2be8b60b9bf8fc8f81e8c1ec54af862351e6428922f285d4c816d64aab86189a 0b7738a262ecf19d6a3c883abf77e59d3ce5ece6 9d77a58cb6aab4af5fd2ac3870ef850a
M19-os001Gootkit_ed79ef40Windows This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts.ed79ef4011b6caef234a2843c74509f4https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 0e6f4226f190a84de26df937557d624fb130e4a0b0e692a494a937d144506433 ed3ac226e8d6d2419f30083ce5a119e9050d17f4 ed79ef4011b6caef234a2843c74509f4
M19-utp01Gootkit_cc0af32fWindows This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts.cc0af32f0b4e27e11846f616f894fba3https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 3e8167eb0553a7be23864cd48db852623c95b884682df95c13c196bec9122bc7 bfaa35b21035d3cd94d68552b64293765b053650 cc0af32f0b4e27e11846f616f894fba3
M19-p4f01Remcos_e42aa04aWindows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.e42aa04a17cfbf6cbddff1dc283fc064https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html c5ff8271d4820962d7ad72526ae7aca7b7df84e2cab249dcff099f4bfa740bc1 5c5bdc418331f6059138707ff32cd8dbc8678b6f e42aa04a17cfbf6cbddff1dc283fc064
M19-f6502Emotet_f71c7393Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.f71c73934912ee3a6bb5dd5baa76e070https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html d8614f65c65df8ca408d493fa9ef65894a84d9a49ddcb08be7b0798b670d367d 6a76380d4b3b2d7937cafbce002e149984dae724 f71c73934912ee3a6bb5dd5baa76e070
M19-2a601Zusy_4650e86fWindows This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information.4650e86fcb19f28162bcd7b489ca454chttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 2a94932f389d8c44cea94a8ac8099869312cd3337d81a423e58bcf041819f803 9a608c49300dcd3f041079c8f36b028752c574f8 4650e86fcb19f28162bcd7b489ca454c
M19-63401Gozi_960a696dWindows This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites.960a696d0303987103184c57124e8940https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 3e41a7ae208fa0e8cf28a8610533dd2ef965062f38577af2c35dd8f8950669bf c235519ab7d3c6a328c91c0efdb17a42540c6ecf 960a696d0303987103184c57124e8940
M19-ufe01Remcos_b4f7ef50Windows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.b4f7ef50fed5ea32179a4c658ddbae5ehttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 47a9af0fcc8f26b71865398d4cf372b2d8005f5b93cf75233f44439da9378beb 5122b876f59b08346c79e91d7a6259caf324c339 b4f7ef50fed5ea32179a4c658ddbae5e
M19-3dy02Esfury_f7d3d6daWindows This strike sends a malware sample known as Esfury. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.f7d3d6da202522e195a574273d576831https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html b7e13fae589f5403964e0169c1269c91ddd6a7e06f06404207ca4f61922fa30b 2b7d164550b81ffa5605090beae4923c6f881ae3 f7d3d6da202522e195a574273d576831
M19-c2i01Emotet_bada3bf0Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.bada3bf01142a56b6d2c33764c2405d1https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html e6630adfc5882be333236fd4da6b8fb8c86866b4768b7914fa9102a3de3bc3b0 e8a2d57eb827e4e9a22946cbe35cbfeb15ae191f bada3bf01142a56b6d2c33764c2405d1
M19-2cj01Remcos_e998de7eWindows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.e998de7ee7147dc50b3bd36106be6620https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 4cf3770d9c9b2ea152ccf677f4f03e46fd6ee497362fa1a9fbd4d6994ec48244 844e106d2a044b8dc1c6d87d6d65affcc7e083d8 e998de7ee7147dc50b3bd36106be6620
M19-tgq01Gootkit_c8adf4ddWindows This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts.c8adf4dd124818e93145335a6c6b1fe9https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 02b5fd5e99d5df445989bdf6fc390c6a91868627931a215ffe4b7c0c6575d3d2 312f173eae96a4e3d7b5ae782437106c5fc7be95 c8adf4dd124818e93145335a6c6b1fe9
M19-6az01Esfury_7fde9c7eWindows This strike sends a malware sample known as Esfury. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.7fde9c7ea62c9ede950deafe1bffb3cfhttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html d70d846815613e61511492bafcc00470c9af8579b1491fa9996a1f5267e47ce2 1ff071696ee03982af462ad66b95168dc7bfacc0 7fde9c7ea62c9ede950deafe1bffb3cf
M19-bp701Remcos_be87c925Windows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.be87c9259c24c36493754525ac3c1004https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html b6c098d02c8eceaf072fdf7b91c832a0c86e529a7c276fbc28ed2c242053a35a 734f6a4e4b12745d01230dd12985cf28ef722f8f be87c9259c24c36493754525ac3c1004
M19-hy701Neshta_745966ebWindows This strike sends a malware sample known as Neshta. Neshta is file-infecting malware that also collects sensitive information from an infected machine and sends it to a C2 server.745966eb2f638737cc6957e208a84155https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 2df99a6334f489425dbe0e0cb2b84e2fc708ead88e4bfcf8773bd614f16ab97b a9bf8205345a651e6e3ce5b10928a42550675b0e 745966eb2f638737cc6957e208a84155
M19-uun01Zusy_b2a89082Windows This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information.b2a890827cd4bb75ab9f310971c7e8bahttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 1746421b4db63c1a41a395541947fb44e9f889fd0ea62b9de6759b42c3f5e096 0888bc0d6ff8813fc0f304680b5455c47f73e9f3 b2a890827cd4bb75ab9f310971c7e8ba
M19-phg01Neshta_c2dbb6f3Windows This strike sends a malware sample known as Neshta. Neshta is file-infecting malware that also collects sensitive information from an infected machine and sends it to a C2 server.c2dbb6f3e53e1375ddfe368246bb6b84https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 010a8e1d056b6a79142ec8abc46ae9bcd54c914f62d453370e4b74e75076b1e0 77a9be0d5992679b3ff5818b33962d6e872c62a1 c2dbb6f3e53e1375ddfe368246bb6b84
M19-fu801Gootkit_badc4c52Windows This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts.badc4c52beefd2ffbea65a0296d57074https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 9da94873a87609b0c6471981b57fc4e6a8abe1b649e571a0eaffbaa80f4b4961 1a26a1cf07e02a2072bb69c570a00eba9ca8e471 badc4c52beefd2ffbea65a0296d57074
M19-8ys01Gozi_9d0b35baWindows This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites.9d0b35ba01c4a7949732967ee62a1b8chttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 1fbeca47536689cd3ab5b692171a6bd8c93cd21a2d327d107631ce98e85429bd de557521aaabd602448682970b66c5f5ed64bfc5 9d0b35ba01c4a7949732967ee62a1b8c
M19-f8901Neshta_11f78264Windows This strike sends a malware sample known as Neshta. Neshta is file-infecting malware that also collects sensitive information from an infected machine and sends it to a C2 server.11f78264e19995b54d2dbb226193d335https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 376fa4f35782601e163d4d8f8aca8589ab4b44d44b89bf13c50c639809976b87 8150a1c276af08c473238b45646df639c2d500df 11f78264e19995b54d2dbb226193d335
M19-hai02Neshta_581c17baWindows This strike sends a malware sample known as Neshta. Neshta is file-infecting malware that also collects sensitive information from an infected machine and sends it to a C2 server.581c17bacbde7dfe2d0de8d04b2e4ad0https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 496fb4b66415e7269cc6f20be797434401d94876757f6a5e0e1e0732fb27dc41 703c85501b91c6a624f2ec3354ea7407f7e85a52 581c17bacbde7dfe2d0de8d04b2e4ad0
M19-m6p01Gozi_4583a176Windows This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites.4583a176d26561508f39bd2addf88042https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 064409558cbc89bbff58cbd3baaad0227a15109d4771635deb4b4f5a7f226ff3 88764fe7f6bb5c2b41c6fcc64c71a90dac551e34 4583a176d26561508f39bd2addf88042
M19-sl401Zusy_eddfb766Windows This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information.eddfb766c8752d5b7b447e70c0267794https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 225ebaaeafb848823607654663516210377b0901e5e354c8603b9c8c2d85a650 f9c53d5a56720f204e8df5b2b9ab6170764d7ccc eddfb766c8752d5b7b447e70c0267794
M19-dcq01Emotet_1e31dd95Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.1e31dd955b2e7b5943d4b090d250ebcchttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 0fe2c7cfab6e55d92fcfe60d66e236bef5d44450c6ae7b759bf694f6097d935d 877eea5b1e3314c05877ce054e39ac6c6a8fc0bf 1e31dd955b2e7b5943d4b090d250ebcc
M19-zsk01Zusy_dcf95eb7Windows This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information.dcf95eb79a291aa0e8a9b5e0f4f90637https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 0f00ea06e5b2bc5801a0d4370facc65c0a51e00d810d9f6b16723629a1b7536b 76f584ef2c6028bada52981c8b4e4f1c91a19659 dcf95eb79a291aa0e8a9b5e0f4f90637
M19-mkx01Gootkit_d6d5e9b5Windows This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts.d6d5e9b51b845b1d92fbc04c9da27102https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 26f188069d3f42e5a0e5f217e807703347d46c84953ccd4d39e897dd0d4ac45e db3fd1d40616be9fec2b2db89d24267d71e93640 d6d5e9b51b845b1d92fbc04c9da27102
M19-8sz01Gozi_1c8ae136Windows This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites.1c8ae1367e04b7dfa4804128a2bf952fhttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 0c527506d50c4f105f4e85180c3f2e2db58d969303883e7fdda26673d7a9e460 b2c616fe299b8663520c0e48d07d4e9b1d0f4f09 1c8ae1367e04b7dfa4804128a2bf952f
M19-w3x01Esfury_bfed8239Windows This strike sends a malware sample known as Esfury. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.bfed82391552b1b003ec4ba6c0651950https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html b4c81dcc370ebb3bb2361000a64e87d15939c1dc10beb740b577de29cd8dde93 5e9a2a0177abd13e996cddb815d932cae3eca6a0 bfed82391552b1b003ec4ba6c0651950
M19-3z601Zusy_161a3d06Windows This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information.161a3d067bb764a20cb69eedeebbb7cfhttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 0a8cc8f4dc0dc5c04431546304d67187403caa684d60ff0787084fdde5d40abe e462bdf4144e8ebb0bec5259b5be3737b73ce63e 161a3d067bb764a20cb69eedeebbb7cf
M19-o4101Lokibot_7f6a2bc0Windows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.7f6a2bc03b05fdb114f74d028d639d1ahttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html f93b944b29282aa07065b9f34298db2b351cdbbe60c340984d6bb4bb822d9763 8313eb06583a2e6a3becb80130939f14f3e0ed9b 7f6a2bc03b05fdb114f74d028d639d1a
M19-rrm01Zusy_625e50bbWindows This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information.625e50bb55976b12d877044eec4b26fchttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 107dff905969dbbe792ab5d170f2d47538afe49fa6c07f20b26f4de1edd88688 ae6ae1ca9f4915bb2a043bd5cc713dc0cf465357 625e50bb55976b12d877044eec4b26fc
M19-8n301Zusy_94255406Windows This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information.942554068ddd566ba18cff4cd2dc7dc7https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 217b3f26c0b5033615a26161c5f34b42ac6dc3c12385b9efcc5a6baab1ca0369 8cdf5dc9ba4dc8b48560e430e056cbe3cf1b0e3c 942554068ddd566ba18cff4cd2dc7dc7
M19-2la01Remcos_cad837cfWindows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.cad837cf29b9fd872e5e1df17070b685https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 65573233fca2347e6aa28de9caec5f49d3ff0f5b844aa1d672d822970228d8f0 9f0c53943c91d3f5ceaa63663b4510d1661f0de5 cad837cf29b9fd872e5e1df17070b685
M19-pa501Lokibot_afbfd515Windows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.afbfd51545b437dd610f364941ae8ff2https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 9986a87b66047bca053c918b33d18c4779c25afa0badfdec5e15742c98cb214e bc37525b475b3b367c4482f74aa11189393eb6da afbfd51545b437dd610f364941ae8ff2
M19-xee01Zusy_f4487f20Windows This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information.f4487f20b79308be96a604d52ccfffdahttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 2b8c4770f8239882117c9e990e9a96aeb134d23be3f3cd147800594d4aad9992 4e17b44e3f2e5d308dab9499f423e460493a1aaf f4487f20b79308be96a604d52ccfffda
M19-nj801Esfury_29dff987Windows This strike sends a malware sample known as Esfury. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.29dff987814881d6c8c257c6e4163c11https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html d3867c8d29d5f430de171e9269a1766ed9b0a565dd38bb01438f50fd7902c6ea 6814b305c8a0bcf60b3ba973fcded7ed46d20460 29dff987814881d6c8c257c6e4163c11
M19-ylf01Neshta_d760af75Windows This strike sends a malware sample known as Neshta. Neshta is file-infecting malware that also collects sensitive information from an infected machine and sends it to a C2 server.d760af75c8132545cb70f0f6121a9c16https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 34d03297d8dfaaad8b61b26b2b45287da4a3b252a47bc9fd64bcd4cb1478f2c7 567eca09e2f6465deff932819790c0f9d56dc859 d760af75c8132545cb70f0f6121a9c16
M19-4fu01Emotet_58ccf3adWindows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.58ccf3ad599b328c7dd0eaa2da596fcfhttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html cdbe742cd698ed504e7636811a13b8328c0a9905f4158fb25cde01dca66230fc 0a41a232f2787b6799e5bd59b7669a1a81ac62da 58ccf3ad599b328c7dd0eaa2da596fcf
M19-8zc01Lokibot_03e49ef3Windows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.03e49ef3b672a484759a853dbe36179dhttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 7a8ace6f25d06c3b91e5aeb33304576fda2ec9664caee9f1489bfd39392d927b db050f4f5cb30e046c99d3fba616aba87fb1cf74 03e49ef3b672a484759a853dbe36179d
M19-br001Gootkit_3672c250Windows This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts.3672c25099dcdd8df6496e2256b4b22ehttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html c96b2b221a2071b92cc21f75edfb0fea967271b8d15bedfece0ab686ad6431a7 fdf7b733126890a31f21d9f4cec9b6e34c9d45ed 3672c25099dcdd8df6496e2256b4b22e
M19-e8901Emotet_c2bbf0b2Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.c2bbf0b2726dd5f0100d991dbf017e3chttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html ee35b43c9bf1a9c24ab983a470e1cf5eb9508c741df45f5829c8d918a771b584 b79eeab681eb8dfc0effe4e1fd2d9b265127a3a6 c2bbf0b2726dd5f0100d991dbf017e3c
M19-hcs01Zusy_37708726Windows This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information.37708726e979a63395420b2f084d132ahttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 43039465047c23211ef9831701d46fcb73effcf40ca7485c95a6d9c786ca6c5f cead867cc8e71977e0d01bf9576c756bdf540afb 37708726e979a63395420b2f084d132a
M19-tc101Gozi_cb973903Windows This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites.cb9739035fe19272b6165534115618ffhttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 33a74f4ec4ae12674a0079c6af7c22c059ca950690a82e1fd11e4bb1f3f21305 f6736bfbc2d1787789a44bdc0d74b38b3eb35c46 cb9739035fe19272b6165534115618ff
M19-qiz01Remcos_a776161eWindows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.a776161e844f74903bfb06e2ffe9091dhttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html b29bd09e5a11bb8b46ca1363f3455d66057c8bd24f3ea6a643851d288ee0239c 8c5aa08d1584f2a4b32933623f48f981bc140518 a776161e844f74903bfb06e2ffe9091d
M19-6pm01Lokibot_d54271f2Windows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.d54271f2d1ef8ed6f3e43a95ecfe1849https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html f3c3be739e71786ca3a56d7570a109593ebedeec931be2eaca8b241a6d008dae fa4e4ec8b9a7fd83d1b347f25a57970f3a40dd3d d54271f2d1ef8ed6f3e43a95ecfe1849
M19-6u901Zusy_1148beaeWindows This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information.1148beaee73771729a4b67173e4c7dd1https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 066b0fc2b1d64ddd9ff30b8046686a6cc8f43656e54f8301ddd7d3a1baf9170c 7e712f08aded04c6230351067365eae786c64ba4 1148beaee73771729a4b67173e4c7dd1
M19-srb01Remcos_1a10537dWindows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.1a10537da84801b53ecb33aae713e330https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 0164052cd74b2d406c5503faf58f1794d6ba14092b7a9fa9509bc8a85eae01cd d710c0cd253cb76a2d30dc95ff227a447608f0eb 1a10537da84801b53ecb33aae713e330
M19-6dn01Emotet_68fd865bWindows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.68fd865b3569e41999da09b1965c737ehttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 68cb95f7e0d2a77e5a4832fb75243520a5ccc109849bbc933062379df4e7d164 c8a72c177bb6ebbc60eaf54ef266313aece016ef 68fd865b3569e41999da09b1965c737e
M19-f8s01Emotet_537b7401Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.537b74013a37bb5746f8f0cd9d54e7a0https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 066d31cc0e6f45e89297334aad69cca12d60e9b4fe6aad341d08bcf6bce37c45 dd9b2d199ae252bbd7bfbad64877caad1b76049b 537b74013a37bb5746f8f0cd9d54e7a0
M19-nso01Remcos_64a43a53Windows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.64a43a53fc9244899541e8972651a3bdhttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 9f01d27ac72c5194859d657ee8b024786469661cc65b29cf795b66d10fb35770 a4016da21299ea55810ffb1ad41eeaa1fb7d29df 64a43a53fc9244899541e8972651a3bd
M19-wao01Gootkit_6d249fb9Windows This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts.6d249fb933f093398da159ca07711f20https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 877b0ef2e019d8f102373c6a09975c84053eb5705b8e8d4508e0b4b9418b458f adf0969d11ec62238c86c4a7de93c7cf992be7f1 6d249fb933f093398da159ca07711f20
M19-nv201Zusy_45f5782bWindows This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information.45f5782b53eec3af9b32108900b11a3fhttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 035bcabbe75aa88cbb8dc016119ad2c1901ea759fb90b69eee45b3809e98f381 ce58ef0775bb87cea1c3da842acaba43a6e5b404 45f5782b53eec3af9b32108900b11a3f
M19-qxn01Remcos_e85d3fc4Windows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.e85d3fc48c1dabfe33eade86b5867585https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 5a5b57e664e35d5528b3c9c32b7123861125e5b6789a7699e076821e0eaece10 6a7e1422726321f4b025ba4cc451ceae454d8e5e e85d3fc48c1dabfe33eade86b5867585
M19-v2c01Gozi_9c447d99Windows This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites.9c447d998a9ea74d6ccde88f741d5d15https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 42ce932aae9b15b7deaf92694fb5a4db12f0bf9936da2f1d06c7a20714af3ca0 f7cf0ec8c343669ceef07d060e3b51393f521780 9c447d998a9ea74d6ccde88f741d5d15
M19-wl201Zusy_a34125c0Windows This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information.a34125c0dc12f09c093aebf654a47bcbhttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 125e0437a1098570183dca847d7533461318214e4a5a746c5ed7933a1cc8d17d 5b285decaa611386ca67b76e692f7c64ec0cfd9f a34125c0dc12f09c093aebf654a47bcb
M19-mpp01Emotet_59998a2aWindows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.59998a2a1c236bbb5bdffe04393b53f8https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 63cb6cd04a691f5af02e6a045cdf357e93ee8be5002100b90088b5dd65b24b70 13e549989289b68a5bcd8fad6ab31dafe1836f7a 59998a2a1c236bbb5bdffe04393b53f8
M19-38401Neshta_23de99e7Windows This strike sends a malware sample known as Neshta. Neshta is file-infecting malware that also collects sensitive information from an infected machine and sends it to a C2 server.23de99e7ae884341285ea519371aaaefhttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 411d9aad484f849527e3c0ea7c3f08cf5ceae2d62766c5de08fdd16e33154516 2c9aacf2a73a583e903caa26e7510576a82ca211 23de99e7ae884341285ea519371aaaef
M19-puc01Zusy_e6132ed6Windows This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information.e6132ed62a67882ad33fa56d3347abd5https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 2143c563658e9288b205d78775d73ab849ef5de550a398d6976e44c93988da98 8931f6dfd369adaf4239809e1b8fd72cb7ebf572 e6132ed62a67882ad33fa56d3347abd5
M19-h0b01Emotet_54b03bd7Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.54b03bd71a79b2969801abc7ffc77bb8https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 5e121e16757f3a3bafbc9b3e696de9473b4f1af5a314194cdfca68ab40332e9c 8bbeb4d98972554c0ad12eab9782cf7ee9b2bf94 54b03bd71a79b2969801abc7ffc77bb8
M19-zu801Zusy_d5745436Windows This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information.d5745436b3326c46e71650f0c2a9884fhttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 4eb88671b506f84d1f3bd63c7e857e1082820f2d90aba7091a93bf70d9f6d290 ff2199ae9b9a178c01d7811711a08b24babcf484 d5745436b3326c46e71650f0c2a9884f
M19-dip01Emotet_daf5bee9Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.daf5bee9b2aa05bdeaacdf2217d92057https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html b77f540a0cf278192870bab7fa677c0e858269ce1321814573934a6d095d89e4 1157eeba8a116349f3dfa05d63b059223db26bcc daf5bee9b2aa05bdeaacdf2217d92057
M19-nvx01Esfury_42ee5d16Windows This strike sends a malware sample known as Esfury. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.42ee5d16a43191d97eec9d0f0930a030https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 0f32b4ed36c393942ae9177eb4b2acd977bb2283de1b3278256a24049c2e7b8f 7ccff07790486ca28c7f1be0b87304715443f068 42ee5d16a43191d97eec9d0f0930a030
M19-6bi01Lokibot_a1dec5b7Windows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.a1dec5b74f5547843eb25339045c83c2https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html a84d17a5eb16dfc8202648bb9580a3381d71b567069efb68339607c2c3594e23 760535015eb5f19d77ede90b1fba82dcaace4d77 a1dec5b74f5547843eb25339045c83c2
M19-q9i01Esfury_af5e6b09Windows This strike sends a malware sample known as Esfury. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.af5e6b098bb8d7e0875a66b87b80e9a5https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html ba4accd438dedd49930217bcd04cda2230e3a9d32d1f457ab98c50dec9dffa9e 660bec633ae37b37e81bb5aaababbed6c5857ccf af5e6b098bb8d7e0875a66b87b80e9a5
M19-fyl01Emotet_6bfd134eWindows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.6bfd134ef15bb058183737ba521b1c4ahttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 640086c532c00aade40f11146f735fd3e969fe1565e5890800fe4b7551100523 3d81e043fd4527741a709b2c49cc7908df30663b 6bfd134ef15bb058183737ba521b1c4a
M19-pf001Remcos_a057944bWindows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.a057944ba8294e434387334ece16a0a3https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 24175b88c78d6089ee1dac7875b71c6194c5292d826911050bde8ebc55b4491f 656a062be5fe6b545085e10649f90245e53a4a9f a057944ba8294e434387334ece16a0a3
M19-b2901Neshta_a4da9ec6Windows This strike sends a malware sample known as Neshta. Neshta is file-infecting malware that also collects sensitive information from an infected machine and sends it to a C2 server.a4da9ec668e9e91163c9b6295e3354c5https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 1077dd3eae47e67505ddbfca24db29cc86a8272f4cd292dc134f8b3abfac2350 4f417ef2f7762aec91b22709b8bf953de5d2be99 a4da9ec668e9e91163c9b6295e3354c5
M19-0j001Emotet_42b188b8Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.42b188b8832ec9e0192a533252d73b4bhttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 3251a00155619dd1ba363b7fe477dab326fe791d2135129d3133c0cb716dd58b 2d98c87552925017c7ad1bda77ab265835a807d4 42b188b8832ec9e0192a533252d73b4b
M19-fr601Gozi_f3346d18Windows This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites.f3346d18e031eb7d527b92b3ba46a855https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 384373f044464197697af0c96e2028a6d76875524d6bf6650ff68a5e5e92eabf 52ddb5aabe3628ae837eeaae26fa2b7374ea05e5 f3346d18e031eb7d527b92b3ba46a855
M19-yio01Gootkit_a5b498b5Windows This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts.a5b498b5ec3a12f3354146bc91894cc2https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 0ed33f996aa50dc73876f30aec07446dcaa0384c2c8268478a7857724c118759 168de95d6d2da4a3ee82e47b856ee490a4793eac a5b498b5ec3a12f3354146bc91894cc2
M19-k9w01Gozi_5d98320bWindows This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites.5d98320b70f7eab7a8f15eb33e565a3chttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 135653620d85d3016638d83a2f863eb480bc5e5f113f45e357037aedc7dd045a e6087236528220d73d2c76f4615c9fccc081595d 5d98320b70f7eab7a8f15eb33e565a3c
M19-l0101Gozi_b891403cWindows This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites.b891403cef1e0e2f5e00bc244b8f151fhttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 1bd260a766aef952a2bb52dc926af5042f7d0361a5d869a167465400ab4af823 17f87512d927f7d0df1dce6735faeae7c5a25f30 b891403cef1e0e2f5e00bc244b8f151f
M19-uhk01Remcos_adf07725Windows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.adf077258c5af6c83027615f3089c370https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 7e559c9077c5b416db0fcd99cfee7e9fa80212ed53b0bef7c37c00373c7e2cc2 d6cbe2d001c8cb566ea5df388ecc2fd4d6c03130 adf077258c5af6c83027615f3089c370
M19-18m01Remcos_038dfb5aWindows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.038dfb5a9f56802c36c725665c6337b8https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 6eebb872f1c301f54c77849a128e5500a7e3cfaafee2513004fabaf880bb75f9 6e48e89cf78aa822aeb84ad250d7d630f179b7ac 038dfb5a9f56802c36c725665c6337b8
M19-4ex01Remcos_82fd835eWindows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.82fd835e870ffbcb965dc00b6e344601https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html c9e5d6fbd34df45539a162af73ce141406c182cb072e92a7a815762ff90dcd4f 55ff45ffc37e1c69ad231cd4e8357aed6784b71d 82fd835e870ffbcb965dc00b6e344601
M19-8z001Emotet_b779bd66Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.b779bd669d3082bf59143e3be55130afhttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 2bc8c8cf127365a2a94bf47dc26ae14d11e62c38fd0df564bfc7867e025d94c1 8de6214bb433cc4325397a006d3cd74fdee134d0 b779bd669d3082bf59143e3be55130af
M19-6pv01Emotet_30db3103Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.30db31030c798490e1bd8e000b730a48https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 1e4cdfb7252c74369fc5007e70c6746994f9e7a2e9f2f11b3012718b415d77a1 32a427a062da90dc5260580f8fbc57e7e8221b61 30db31030c798490e1bd8e000b730a48
M19-5vp01Gozi_2d867163Windows This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites.2d8671638e7480ea636cfe681187f7b6https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 3ce58e9e556c87216307495378b2b1d0eb61517771b9bb10426a2ab7d14aeefe 990b5e79c1ff91e2f06c50d6a9b02774663b56ff 2d8671638e7480ea636cfe681187f7b6
M19-ztd01Esfury_0b7cf2a6Windows This strike sends a malware sample known as Esfury. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.0b7cf2a60de25818fa432124041a6763https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 47f286283bb6d0451650d993e656cfe32c33fc547838b8fe7cfbf1f648694d1a 4bc38f7aebd3e4b6466a915c5bc36335ef7d4f7a 0b7cf2a60de25818fa432124041a6763
M19-pes02Gozi_d9b5953eWindows This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites.d9b5953ee496f629a010341930f71162https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 10b22994ffe103af6f1d690ba1abf3e13cec9712a913ff024d9d1c656b92dbc0 4140eaf042b8724570d447ee2b119a8076124475 d9b5953ee496f629a010341930f71162
M19-p2901Remcos_0cba585eWindows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.0cba585e8bf8721709ab9592e54e9535https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html b03eece2320b96ba1c1057f3adead7c347626f6f45e867af798f03a78d030fe9 f2d4ddf3c23ed176144e57aab7bde86dd5fe57ed 0cba585e8bf8721709ab9592e54e9535
M19-8mz01Zusy_02de3e1cWindows This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information.02de3e1c3288d1a0d2f1efc7de2a3d0dhttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 130c0eeebc22bcc4fd4edf40239b66fc5d12d497c7a39851a580e82aa4433e9a 18b77530a8c42ed9b50cea0f375a8cb914648659 02de3e1c3288d1a0d2f1efc7de2a3d0d
M19-1gz01Remcos_f286e667Windows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.f286e667faf2dc05d8ea237a4e774203https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 7d2b477f6a2ae69257c9626cd87ca89b741b0397e2b4743194b1e95d802637d4 453d363015e52fe83eb14b0bde458772463a3f70 f286e667faf2dc05d8ea237a4e774203
M19-afv01Esfury_f98f4089Windows This strike sends a malware sample known as Esfury. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.f98f40896bbd8281fa55285549302bc3https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 094d75233bfdfc837e0b461eb47ef442277b022f102b8f6adc80e20ec0909e2b 0b7f61a950bff3279b5bae458c690c2523594296 f98f40896bbd8281fa55285549302bc3
M19-84801Emotet_4cbb5e33Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.4cbb5e337b80cf08c4e3e107981cea90https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html b6c5d6655ef066545f8b9b8094c7347bf283e771b8f9b46b8e8f6e08144dcf13 7c7e4fdfba82e7d5c35b1e8a79072dcdf7fbaccd 4cbb5e337b80cf08c4e3e107981cea90
M19-eg601Remcos_66609c5cWindows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.66609c5c00fa27a5d8062b649ae62cefhttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 24d2b912a0ffbde3afbef7e4460693ae84976b689ae7a150b914fb09a7551b13 59c7fdb09421c7c76031f0c281f9c824883f7299 66609c5c00fa27a5d8062b649ae62cef
M19-v5i01Emotet_2bb192b9Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.2bb192b9c179958e6943a2a265b92bd6https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html b5617d46830e9a3a362c97b9c6140c15c04b1dd64136ac1abf1dea3e65d83ccf 21f7b1b840c1e88626e9b4d850e22c289e9e5561 2bb192b9c179958e6943a2a265b92bd6
M19-xr501Zusy_0126dd7dWindows This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information.0126dd7d84f2da59a2fec1313239f008https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 181be8f9157f806aea3f70181b143e12a8c95e85842f10dc31120db4dfb0e1a5 4b8ff098e6e39634e2b80672feacb5b8df27d496 0126dd7d84f2da59a2fec1313239f008
M19-tyk01Neshta_e30947daWindows This strike sends a malware sample known as Neshta. Neshta is file-infecting malware that also collects sensitive information from an infected machine and sends it to a C2 server.e30947da243deafe6cf313ca746951eahttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 1d62a3dc5a827604e330ff1ee26dd32786b2b371adec06bc136c4d02dc31d3a1 63a135b9bbf270f6a58e2679e422b822c95fc137 e30947da243deafe6cf313ca746951ea
M19-qhy01Gozi_ecf32687Windows This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites.ecf326877b3970ce41f76544f7050b19https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 12e98f72b4b5e225a1d465a7b121f56360bc9fd6ad538d56ee774874e4159e97 88257293f9ce9dc40fb24688eb190ad48ff5826a ecf326877b3970ce41f76544f7050b19
M19-lqq01Emotet_ae99af47Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.ae99af47e843ea18d19b386b03293fa6https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 9af3c4f8514d9c318ac90df6fc0e3a0278b41247ecd568b30a8266d0370f3eb0 6c74276a5f8d3571cd4d5782ff5c5e847b23cb70 ae99af47e843ea18d19b386b03293fa6
M19-6zd01Emotet_25789424Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.25789424f2c378c5ce44d8ae5876894bhttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 14bc54ea2759508a18c4e79734d328510897db0a2c71bd4ac2dffb34f99df2b2 8a3ae411c9ce33a76ce465707bb0bf57cee685b5 25789424f2c378c5ce44d8ae5876894b
M19-4e701Zusy_60a6d5f4Windows This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information.60a6d5f48c9fea7ada7b583c38a6439dhttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 203bfb6936585624eaeefadb5ef6f0679663b09df0b46d9a9945936a787ab20b a22fa5fc1c2792f00034f0db551a5e5484fe500a 60a6d5f48c9fea7ada7b583c38a6439d
M19-zrx01Emotet_476b8110Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.476b81105a59df1f9913256059d20f6dhttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 52dae4128bb378dc4a877aab9287fc1ceb7576e1cc8506351a5679c6e9dd2e95 005fa77f4b5a586f42df97e556deba61b9951916 476b81105a59df1f9913256059d20f6d
M19-boa01Neshta_e1f15e26Windows This strike sends a malware sample known as Neshta. Neshta is file-infecting malware that also collects sensitive information from an infected machine and sends it to a C2 server.e1f15e269d32b978826f48e0570100b9https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 24cd7a38f026dd924b59253c62616dec2bc20498ee7226be8a00bcfa1631e164 88956ea15d34a71b0336afc51fbc958743703f8a e1f15e269d32b978826f48e0570100b9
M19-fr101Gozi_73bbc10cWindows This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites.73bbc10c87479e9e3d633887497e1291https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 3214ab12ebd572aff4147227140915d21f0c5ca0f3efb949cf6796356f6d4d11 39127aa5b06049107be621035e42fade13c6f34a 73bbc10c87479e9e3d633887497e1291
M19-yev01Gozi_c0559924Windows This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites.c05599243fada209c118a631a590a9cehttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 48f89fac46dcc1f813d87d4cbedbae83d90f660558718e52bdcad554d71ecd35 ab9d68e6de6c9eda64d158da9bc9496b8b001f6d c05599243fada209c118a631a590a9ce
M19-3e501Emotet_5f4d705aWindows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.5f4d705a18bc034a7fd401d6331e5a4ahttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html db9ab62920e6a46ca2ed59de12132eb16c5c6205f3328a4d5a26cb52ae298ebb 8aa12e19f436a59e68b1eeab8ef9293a4c93969f 5f4d705a18bc034a7fd401d6331e5a4a
M19-f5p01Esfury_153743cfWindows This strike sends a malware sample known as Esfury. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.153743cf937f2fad72315ec63376c353https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 920e28b817c5d1376715b7654ee6c5476b6b80adff54bafe2f7c5f1d952f1bc9 62e6aa067475ea3d3980a6c5ff2993686d7c65bd 153743cf937f2fad72315ec63376c353
M19-qfe01Zusy_ff2237fdWindows This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information.ff2237fd782d334d1fec60d3d2c969d6https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 4b105589e8a96f695998816c224f250bcc02973f92bcbace3205487c75a4877f 7c32f071707a8bf837a37162627cfd46e7837e14 ff2237fd782d334d1fec60d3d2c969d6
M19-0gx01Lokibot_b64ea428Windows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.b64ea428d0c9e367cd4f2cc796ad06echttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 930dea8f876d9f5f8f0d49886477b7d22fb72a73c5d22f01f0f0fb8fe674b076 101ba26d7136dfca633d17db573e7f68b85ae41d b64ea428d0c9e367cd4f2cc796ad06ec
M19-8oo01Gozi_2a6412ffWindows This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites.2a6412ff884a66ac747dc930932221c4https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 0551e4b2c94f0796f7bd0108a1415ddbbb1126b9ff489fc5467e7dc3ab602f9b 237760cb65db7cf7ee2c07cef11f7647dd99a2ef 2a6412ff884a66ac747dc930932221c4
M19-3n201Lokibot_8d28b94bWindows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.8d28b94b09638c466968950cd2118b3ehttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 9e4101e8a41db4810e032fcf0c13eb3dc1213b0d864ab4a0b76183ee17ec6fa9 abc43738849a021cb5e0d0ffc238cb3563296041 8d28b94b09638c466968950cd2118b3e
M19-ip501Esfury_3528ac7fWindows This strike sends a malware sample known as Esfury. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.3528ac7f84148f157e23ed001e70ad1ahttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html f4bbf7ec8be46bc611663482937506b1288b5f2d0b479df2d4aa24a5207435ba 4b1d7ff2cad2b250892e4e02e4ec804ea1f31492 3528ac7f84148f157e23ed001e70ad1a
M19-xd001Gozi_d0ff5defWindows This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites.d0ff5def176bba054ad3d01de2875153https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 47109959af2b7fee21af66b6eeaf948ad4bb28c7428f59c9bb90ac7ea3753f24 d8e00f48f488311fb339088a2489f7dddad4bc6b d0ff5def176bba054ad3d01de2875153
M19-xj801Gootkit_6dfb0dcaWindows This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts.6dfb0dca3f54292c0c13b01a0ac48963https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 5c077e0950fdd99df11e389d2b830f241b35efdfb9dc6522b457c66fd64b79a0 3be3f645ff98a339978e09f212c13ac6319599e0 6dfb0dca3f54292c0c13b01a0ac48963
M19-58x01Zusy_8ebf472cWindows This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information.8ebf472c3d09d69bcb9ee21f98549569https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 29ab42409df20428f7e03bce732c534698c260338e410985d112ce4410738579 6d3ee5010999b1f67a679b788f2830b22a345254 8ebf472c3d09d69bcb9ee21f98549569
M19-m4i01Esfury_ea9289ffWindows This strike sends a malware sample known as Esfury. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.ea9289ffff919665acb85a8f1b005aa3https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 14e3b621de29654add1fe1fe1a1770279330dfb1920cdd0bc92cdd0f8ca489f6 37acf67dafcf2ce16b9e6790852e56de6abeebc0 ea9289ffff919665acb85a8f1b005aa3
M19-ofn01Remcos_04243844Windows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.0424384415f8b521f8c8ffa631fa9b30https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 2f260e1c62dd6ce1d6c042bd488881d4b562ee1990d20cc383866fd6f805abdc 222d4c4e6348f14962ac14f24acd7cdf897da308 0424384415f8b521f8c8ffa631fa9b30
M19-zzi01Esfury_69cb42c0Windows This strike sends a malware sample known as Esfury. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.69cb42c0bbbd820644a2c181a31b6664https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 5a5c0a62f7d53b6b1ee826a5baf8ff0c39d35ce6817fbee78a6398355747042f 40ec6c166db1f429a351a7cbe7949054f6948350 69cb42c0bbbd820644a2c181a31b6664
M19-81x01Gootkit_30d2617bWindows This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts.30d2617bf442fe494f28889c851d2ac0https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html d3c1a8df4b8112ebf3c3edc53ebe8adb3680accebc243040b3d438a4e5489f2a bdd3fb4a7bb8f8c4ac077da5d2da638aff818869 30d2617bf442fe494f28889c851d2ac0
M19-18501Gozi_107583c1Windows This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites.107583c1a21a6dd95af3aa75181f6493https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 0ef66832ac9e94ce9f81840d4a40fa5e65bab3d930ad93503fbd77de4b74559a 24fa70465b53410ac5ca957b7892ac958be39c91 107583c1a21a6dd95af3aa75181f6493
M19-fia01Lokibot_c8e402aeWindows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.c8e402aed51b2f8c778a2c6e851b3dabhttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html c3e63e52d9810263c08ae33457a8995f822d6159b61904e77c1d338fa4dd0513 3dc9acf216e13991a12a97031937e2b112aada7d c8e402aed51b2f8c778a2c6e851b3dab
M19-zhv01Gootkit_c11c002eWindows This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts.c11c002ed4b63296d3ca735e89d487b2https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 20d12b744bd651c35171626f1ce6d85bd9a3362acfee4f91934da6f7d4414cce 138c59978597bcebdd55515a64e117fd0e759b6c c11c002ed4b63296d3ca735e89d487b2
M19-qrd01Lokibot_bb1d7a6eWindows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.bb1d7a6e1622bc21af1f65b7f03c3e88https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 906215654e5e6e6cee920b8d245c0eb7dedcc35e923e0e50f1cb8091339ef420 d7d84cf21544dae525ee9546dee7a065836c28f6 bb1d7a6e1622bc21af1f65b7f03c3e88
M19-e3h01Zusy_8f306766Windows This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information.8f306766a2604882fca9a6c7c11eee5fhttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 2e668b329248a40c1f1dd54864023731d6862dce26efe70690d7e6ad9f2082f5 6c678a7461960107f5252e723ce2452f1907e8fb 8f306766a2604882fca9a6c7c11eee5f
M19-tgu01Remcos_e52ced0dWindows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.e52ced0d00cb4bc663ef1ffdec0e44b4https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html b0894a209477e906130c6a493a8d34cde4ae16442753c2513053f4e33a39ca80 7315f78968b4cc5c02cd4045171f5bba945b8eae e52ced0d00cb4bc663ef1ffdec0e44b4
M19-eek01Esfury_1bf75b24Windows This strike sends a malware sample known as Esfury. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.1bf75b24902721bbab2d02ba2b55c79ahttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 1a6aab3064593291c0696c1efd2ac2dcd5df96bf923ae7670562cfeac3ee5478 4fe60cbe0095c5b0ea50c4965d587ddbcb24c174 1bf75b24902721bbab2d02ba2b55c79a
M19-mah01Lokibot_52900986Windows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.529009864fafd93226171e8fafaee8d9https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 4e0b291e2ce71731179d297d11186265907fe73ae9feb6734d9520784dd643ab 599edf951ffc71b6e2ae86c6ac8f0a52f908e0c0 529009864fafd93226171e8fafaee8d9
M19-1o901Gozi_14e0f4ceWindows This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites.14e0f4ce0f39f976a2a8cbe6b0682e4fhttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 0003b0a5bfd7488160015e4e0e81e2d2a61ea5f5db53cabd9b4a404be8412250 c59cdc285549eef0389c7e66bb69a14364fd5dc7 14e0f4ce0f39f976a2a8cbe6b0682e4f
M19-18001Gozi_6e817bb5Windows This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites.6e817bb5f571681d67ef3c5d1b236fdbhttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 2de56515f487b70c3ad879e784838da3efb0d3f44539c1eddd9ea218398a3335 c5095a15c6059e3bec8232ecb41d2fb184fed984 6e817bb5f571681d67ef3c5d1b236fdb
M19-9sk01Lokibot_22ac8d41Windows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.22ac8d4140d4afc8c66c3c5eafcf39f5https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 6333008e4ed2f8af449faa9c222bf412733928a4dd0fb8011ef50d07f23bb926 5686fad5e359684508d7609dda604cebad6d10cd 22ac8d4140d4afc8c66c3c5eafcf39f5
M19-eyw01Emotet_d67c711bWindows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.d67c711b9422767cebbd27a4eb4db4f5https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 4a98c1b48e25ed7a590d7fc89d65e07e40896e90c7977658c3bfcd8da7392181 1a804b4a5845c249fe9d5e4a0693189417e68887 d67c711b9422767cebbd27a4eb4db4f5
M19-fxt01Esfury_37988e0cWindows This strike sends a malware sample known as Esfury. Esfury is a type of worm that commonly spreads via removable drives or platforms with user interaction (e.g. emails, instant messages, web pages). When executed, Esfury modifies multiple registry keys in order to execute when certain Windows applications are opened, including security products, registry editor and task manager. Esfury may also contact a remote server to download and execute arbitrary files.37988e0c50a72cf81ff81458efe5facehttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html b75e84103d3e74ab2ab1b3a0bab01e0272fd361ec808942a598a0165e169edb0 20abbb33e6fe596abac0dc8e8f9cfcd7de84c4ce 37988e0c50a72cf81ff81458efe5face
M19-6k401Remcos_655a04d5Windows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.655a04d512021089ffe3745d4cd2ddfehttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 556c8f046af879ab852ab13e2cde6ebf653fa436840bde821c4b7b26cc626f73 2ec3814bdf9ced363c9f52da3cf144bc54174095 655a04d512021089ffe3745d4cd2ddfe
M19-ovv01Remcos_c6a6a27dWindows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.c6a6a27d79e34adcfe0663999eabc2d5https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html caffbaf16f0fa50066efc7435b21330c05b2b3ca602253558e4bf30cb0ddad67 7396f2f13e1409c962b90a1eb1ac3d6ae0803509 c6a6a27d79e34adcfe0663999eabc2d5
M19-sm901Zusy_813645bcWindows This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information.813645bc5a8f821b349862298b0969cdhttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 19af7d81cf89adf71bb0af50d6bfe4171b7454daaece6e2883aa08fa06629274 36cf17fdeaef1b082212f665dc6608caed951a89 813645bc5a8f821b349862298b0969cd
M19-9qu01Gootkit_4c52b5baWindows This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts.4c52b5baa3bcdbf55276228300e3643bhttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 195932578c922415b99e2e292acbaf32133de4727384f5860c9c5d59436ce671 a4a147bf63e3df7e73705d739ccf4ff977f799b9 4c52b5baa3bcdbf55276228300e3643b
M19-od101Gootkit_f64011d9Windows This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts.f64011d96de4b6a8ce7fef576f13a409https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 0a98f18e5602852de2a00e1d4e4b87a9aa73bada595e14b7d05844aa85a0cb3a d1f11c11ff31b39203ade2042b1d9612482be19e f64011d96de4b6a8ce7fef576f13a409
M19-hlx01Lokibot_9c9de90eWindows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.9c9de90e98d18e6034aa02bdd1a05927https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 9627bcfd08a534505001cb8e2e3166cba4e60dc20af10dfa50a00c24425447b3 9cfc767715275f7d3c0755aaa51411653f6ff72c 9c9de90e98d18e6034aa02bdd1a05927
M19-1z501Zusy_4da01018Windows This strike sends a malware sample known as Zusy. Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as "explorer.exe" and "winver.exe." When the user accesses a banking website, it displays a form to trick the user into submitting personal information.4da0101856b1a8847bd16d2fa37fbeeehttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 0c04864961c1edea6dd4231766af85f4031d3eae0756eec731bba81a98b46505 6b518481cb9643dd7349d271aa44131ce77e974e 4da0101856b1a8847bd16d2fa37fbeee
M19-pns01Remcos_a1f2e184Windows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.a1f2e1848c6bda4cece32c181b5a8438https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 47232b513efbd2c6fcd3dd1778aa00ca018710c8afd597d238ab1c94433747c4 70eff3eb0fef6239ae0d1041a98d93bdeba26980 a1f2e1848c6bda4cece32c181b5a8438
M19-j0y01Gozi_2e91dbdeWindows This strike sends a malware sample known as Gozi. Gozi refers to a family of banking trojans dating back to 2006 with many well-known descendants and variants, including as Ursnif, Dreambot, Vawtrak, and GozNym. Its primary purpose is to steal login credentials for financial institution websites.2e91dbdedb9c8d1710bfc5ea71601347https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 23e78be8e4244831011a7bd02e497d15cf8ab29b8fd647881418e664ff0ab4be 0212069cb9fdfcb6da018b05951b545612f2f69e 2e91dbdedb9c8d1710bfc5ea71601347
M19-9j301Neshta_e0ed67d7Windows This strike sends a malware sample known as Neshta. Neshta is file-infecting malware that also collects sensitive information from an infected machine and sends it to a C2 server.e0ed67d7270d0d60bba2640453c39000https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 1e5802bd82d8f5944e573720a81ba56de336600e576c8b6b095d1130b61c5e16 27943fdc1bb5536853925eefbb50c798c73d0e6c e0ed67d7270d0d60bba2640453c39000
M19-53v01Lokibot_63b0ec8cWindows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.63b0ec8cfb3af0eb24f0b7c5cddd4065https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 7ad49cca3a6db9a75954dc7d137ed702cf3b5102588e22234a53861d47df1371 66c10098271063876c6724c639b96993b71da550 63b0ec8cfb3af0eb24f0b7c5cddd4065
M19-p9501Gootkit_269bbd07Windows This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts.269bbd07facaeb04ee9584d12e7fab2chttps://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 7a2ae75210913c882e0f6d848bfc06d729b7d0c6faf1c42ea9dec67da18c41e4 05a88e76b870abc1935b494eee7905030efbe827 269bbd07facaeb04ee9584d12e7fab2c
M19-i3g01Gootkit_7de520fcWindows This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts.7de520fc1de0472e9068db034e238ad0https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 417d2f400fb2c53c28407632edf46189f4cb4482cf5b323b55b3d75312c954dd a88fded7a0b1bebb538b0ed8aee08802002e499d 7de520fc1de0472e9068db034e238ad0
M19-4tk01Gootkit_79ee8e01Windows This strike sends a malware sample known as Gootkit. Gootkit is a banking trojan particularly interesting due to the anti-analysis techniques that it employs. It has received several updates that implement new procedures for evading automated analysis and hindering reverse engineering efforts.79ee8e013fafb247e7ea50b3fced5830https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html 0a75195584a2ff98ff416153d7ae3c5f470201bacae816a9040e1545ad1ed71c cd01e3c666e6a7fa1ab75f123a9b69668440bab7 79ee8e013fafb247e7ea50b3fced5830

Malware Strikes September - 2019

Back to top
Strike ID Malware Platform Info MD5 External References
M19-x9101Tofsee_1bf77cc7Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.1bf77cc7694b3cac6f7c92d8b6aed73e91f017059803913ff88476e34c162924f117f419 1bf77cc7694b3cac6f7c92d8b6aed73e b2ba1ec34c107072d07a962d8ce3fbaefe195969c03be6a3d0dda19aef4665a2 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-f7y01GandCrab_c73bccc4Windows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.c73bccc4be436e66fd5fc2943c0875b164df676e5cc13a9c7a788efc11f5f53c6b95731c c73bccc4be436e66fd5fc2943c0875b1 f8d8c881aa3b875216dff9aad38648fe95ad99ee53b3b6652d3172187eded48f https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-l1001GandCrab_d033a170Windows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.d033a170477e3a49fb24b13e366efa6cc445c058388f2e645ac3cf4029cfb21ee0f15881 d033a170477e3a49fb24b13e366efa6c 4135c6461d7866f9b1841bc7ecbc3e4ff58681e2b80f79e9a7daade0ca014678 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-nzi01Phorpiex_8c05a41bWindows This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners.8c05a41b756921f14ea62021e63de059168578d8ea580a7ef52bf0cd69a4b5200c6bb824 8c05a41b756921f14ea62021e63de059 de730a7cf6d436b4e93c0a857cd72074bb2bc1dfd5fda10e25125773711526a9 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-c9c01Sage_8248387fWindows This strike sends a malware sample known as Sage. Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.8248387f0fc537577c4b5b6eac21d3b206fdaebfc833f8efd6ec4114267888a4f685ea63 8248387f0fc537577c4b5b6eac21d3b2 d59ec8d355d30d035faf50a342e1f1b67b44764db114a373c503098847718db3 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-p2301Nymaim_c0aae382Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.c0aae38244814cac80da04828fd02083b8989769cae58df5eb16c8bad546460661592702 c0aae38244814cac80da04828fd02083 fcccfc04baab2622fbc4cf0ee2f47bd9eeb53e98a57a9754286805c0580ff79f https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-3zr01Nymaim_6bafdf7fWindows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.6bafdf7febf2dc4d511bb2c51fab8f41c1c58d2226a8e5cdd8debbac81814a38609bc24e 6bafdf7febf2dc4d511bb2c51fab8f41 ca3a1e4d93207501cd2911bf88a92431ec5ef877b7b1a7200072c976339a07ae https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-d0601Kuluoz_b6a98091Windows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.b6a980917843477ba9463671f9c9cf373d81f67a14c70a51ca3aaf812faab309096ee990 b6a980917843477ba9463671f9c9cf37 078e7fba23d21250e959935ba3ab9559dddad02240443543616eab37547ddd86 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-q5e01Kuluoz_f69ebd50Windows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.f69ebd501cae2a6579a03d9a7a36cf7ccc66d73a39061e24e0a27fadfdff6a6f98adee20 f69ebd501cae2a6579a03d9a7a36cf7c 05fa1a824e573e2db9dfbf4e3358a5f2c88956ae6a669f6336c42812a67a524f https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-98001Dorkbot_261fa96eWindows This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely.261fa96e95f2683cd56ea32d901ec8355a76cabcc07dfde6a32b7da30f4e68f921bfccc3 261fa96e95f2683cd56ea32d901ec835 e5cbafb8ceee5d6573f199acdff34ab85d2dcd0d0d8e4eb34bd1afed33fe405a https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-pjy01Nymaim_9dd69dbaWindows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.9dd69dbacb86195ad458c891c4a815ad77c6b8e425236949fb4f4ea92c7484b35ac8f0e4 9dd69dbacb86195ad458c891c4a815ad 78838c78442dd1afb4d1806e0eb81ddb4931a1f51dd021a24109a461105232c0 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-ruc01Kuluoz_6b0d1fcdWindows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.6b0d1fcdef1ca1a01b4b180597bca45aa4cbfe948d2ca63744bbdbf15f8a8ab666a8889d 6b0d1fcdef1ca1a01b4b180597bca45a 15381012927b9852633c0943aab2d0522dbf3d3d0a326e4b0e18e21ba29f6065 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-isi01Dorkbot_0d2f2139Windows This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely.0d2f2139e312b2151bfa18d260cd93d4e2b832fbc633734c0035258d6129a9ee4f3d92a3 0d2f2139e312b2151bfa18d260cd93d4 39a3a1ccf3c4f36cc72bd45985058d31b02ee345fc844be3b94da5a4c5a03bb6 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-t4g01Kuluoz_9c6b420fWindows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.9c6b420fa8a54ea9e84f0ea5e324000161883e6ef0bade09c7bcaf91129178125d4a1cc9 9c6b420fa8a54ea9e84f0ea5e3240001 109a6498f4d7b51f0ede104d4bd8f78782913d641147930e07c6dc236dc04a94 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-erh01Kuluoz_564c6d2dWindows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.564c6d2df4874638084d3f0dff08add729fc7a81b7436547866f5dfce9d989bf13339dfb 564c6d2df4874638084d3f0dff08add7 07b13ab67c36b30dc081deebdd0bc5a9319a3ddf05e17a5d4552c16ded433d4e https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-zzk01Ursnif_42992f72Windows This strike sends a malware sample known as Ursnif. Ursnif is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits.42992f722c198a1ad1b5b89757529df684b3045b73c98e75394b113a2d334f1a3e65251d 42992f722c198a1ad1b5b89757529df6 2a88b621e291815db268dd8a9e95f2fbff5b2216358ed24eab198917fe65742b https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-b3u01Dorkbot_66bd1507Windows This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely.66bd150770847ab5bf57e869c1cced850430f076c42fc15b3e798a2ef3a2cbfa7e07c02d 66bd150770847ab5bf57e869c1cced85 4388646391e39334c69e5ff223f0a17d8f3dd11e34921344a30f78772550ca03 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-edh01Sage_5d1f3d6bWindows This strike sends a malware sample known as Sage. Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.5d1f3d6beedc739709462c3a482c2ac86790560792c17ab7f39de732fee52eef6576dfd0 5d1f3d6beedc739709462c3a482c2ac8 f44c64cc3c06ebb0c2e3333227e82568a14e7cc4400679cd85228f8882f0a416 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-4yd01Nymaim_e6f36f06Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.e6f36f06a490c9f36051d04180e2070af17e42c62028014cc0e1c5a998ecf8edfd722034 e6f36f06a490c9f36051d04180e2070a 123573d7840dccbc368911be620c2c839fcb81642abeaed5a67316c003bb67a4 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-7su01Tofsee_b0f00fddWindows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.b0f00fdd525f81ce7811da5ccc696b9baddbcdcea50c69a16a048f519fe887e1b5774b91 b0f00fdd525f81ce7811da5ccc696b9b 69a09f081ee022239d1b11214da3f6cfc4c256c91c61f806faa71d1997ca31d9 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-rmy01Sage_43a0eb71Windows This strike sends a malware sample known as Sage. Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.43a0eb71b8ffe4d656c70f9c87a2d9881e09936b99c6416f9331e2fd33af89f9db90bd36 43a0eb71b8ffe4d656c70f9c87a2d988 b61628da0124170e6bfeb5f282da74d06c5a6cffcd05681ce8cd069ec7831404 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-ut101Nymaim_7ab60aadWindows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.7ab60aade246ec95637d1bccd244b10ab5e424150c89deacffcca90828caa47f46433ec3 7ab60aade246ec95637d1bccd244b10a fc5b7ae3747c98d4658a0599130d5374c71bf2aa88483fab28d2e643e6283164 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-h1001Nymaim_69ed54ddWindows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.69ed54dd23a0147d4209e81d6132ba6bee6a85ad6e183dc54d6cd67464e3283949205a5f 69ed54dd23a0147d4209e81d6132ba6b ac1887855401066432456e2890c97b7b303e08b7b65e20a8fd004052175a5b18 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-ay501Kuluoz_89e9dfaeWindows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.89e9dfae23adff17d9c0dd999d892ca9b61647a66a680aaf6d90f902a14f00b04e07e3a6 89e9dfae23adff17d9c0dd999d892ca9 0d3ce20b680e2dbf203a10e9c8ed97c4f7006be9b3a6fddbeb443937480d98b5 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-pz201Kuluoz_8577046dWindows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.8577046da42fe9f14c91164cfaef5b6587b75dd4ed9eb2b20bae474d7b13950d2388ad96 8577046da42fe9f14c91164cfaef5b65 06de3f442bfeee18831cebef86194b8166a188af312b739fb628c203e4d5f2ea https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-kgs01Kuluoz_b483417eWindows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.b483417ecaa903a6f9cf3571be781fd09c59e233ddc3fc9739fa45fa206ea6471ad174a4 b483417ecaa903a6f9cf3571be781fd0 0383d381bf8f010ebfe0215528a7289429052487a2fe90ce35eae0f7f11e1fea https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-ndo01GandCrab_848450ddWindows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.848450dddf0bfb4b8ffaa42d194cbc37791d24c521bfcbb016ff9eb4a0cbf89916de940f 848450dddf0bfb4b8ffaa42d194cbc37 a10f24291658cec5c7674d2a0a28ce019a69db9af92f3ce8b5b5a8c01c166e5f https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-a5001Sage_098488f7Windows This strike sends a malware sample known as Sage. Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.098488f7930862d7a40d76529ef5e4a446d296956b40a300b64588f7ef1b9d547eb35bb8 098488f7930862d7a40d76529ef5e4a4 25fd8664218cae1ca68b42245729c6cd00bbf3033704adf66c3ed56604d7e49c https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-vcx01Phorpiex_be2cf6a6Windows This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners.be2cf6a6685aeb47aeba6f74a429fb75aee4304318d90e6dc57d7d3b18377e55253fb647 be2cf6a6685aeb47aeba6f74a429fb75 6d65ccab03a62d84f12ac21fd02f44805c34696951e3dfb79ca042d8b832cd89 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-q6x01Dorkbot_ad0fad47Windows This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely.ad0fad470f824f1c1a004a59837b8ef1992d765d200b91179027548a5b13bb2d0fa4ce33 ad0fad470f824f1c1a004a59837b8ef1 cb95aedf7037adb0c4d756ca1ddb3038341ca20cb276156b782726eff3dfca99 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-m8d01Nymaim_37956ab8Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.37956ab83e5f31f6401cc461141611f3b435ed6686a6844741996bf6736a4a542bb7f28e 37956ab83e5f31f6401cc461141611f3 7a06a8e0fc5ee2416369f3638bb42a7b4994fd2e74b89b6a533636de6f8a4a86 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-lmf01Kuluoz_d954b98bWindows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.d954b98b931fa6875733c85535c636313c779a6d0600248494fc0690ab778e0c05f58bb9 d954b98b931fa6875733c85535c63631 0de776cb80503f7daa3effefbb2739f9c927f028df4445fa051cb33377de359f https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-3z001Ursnif_0d7c70fdWindows This strike sends a malware sample known as Ursnif. Ursnif is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits.0d7c70fd14fac69f118251a2a65faa997d0f3c331d996e0d507dffbab894a581a6fb5443 0d7c70fd14fac69f118251a2a65faa99 cd83db4c5a03f1fae1fa4183e70ea6a6acfc0657e45fbecabc48adfb281f39fe https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-jkz01Nymaim_c93218f9Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.c93218f9d93841e0bd17a9e7712688d29881f76800188186900e5685fc066543cb7865ae c93218f9d93841e0bd17a9e7712688d2 c1d686b25508f66fd32aaaeb1caccf0fd233f5303418a3658088205f543182a3 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-h3501Tofsee_08a4a489Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.08a4a48955608d743f8c9c28d3dcb2f314594ed7facbfd317664df5bbce866801159f79c 08a4a48955608d743f8c9c28d3dcb2f3 461f7cb0c6be901935666279cc26d155df22ddffbd4d65372b6ffe9aa3f4ff31 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-vpj01Kuluoz_e438c93dWindows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.e438c93d57104f6f7be0d3068562219695aa871efe471e6be5c34149458e120942900d40 e438c93d57104f6f7be0d30685622196 087d4788799c0e935673ef2572bebf8f86ca61e8966b2404e20432a417e73894 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-0w901Kuluoz_02e96baeWindows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.02e96bae5b3bc1c2a2ee4801c2f719d50893fd0f00b7c9c46d40135a58aead92c4a810aa 02e96bae5b3bc1c2a2ee4801c2f719d5 14e13631f15fc311ef20c9e87ef28675dc14cd83ed871f44266811e103b45284 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-5fz01Nymaim_0543b723Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.0543b72344a54966080f090e04d93b315e12d98cd55816e2ef283b1160406d6cebf45ddd 0543b72344a54966080f090e04d93b31 79158026c4d06723c530813c1e2a90024e88dddac9aa84cf0314f004eb49062c https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-dz801GandCrab_b7a7428eWindows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.b7a7428eb80f1c3406c3ac1794a39924dfba29cda22f4b9caf178a730baaa383fe5e5f0a b7a7428eb80f1c3406c3ac1794a39924 b2526566d9c11b59d36b80c035653ec56a23c5aac8c49c6d7ce3657441e357b2 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-vpg01Tofsee_8166c18aWindows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and aro seed to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.8166c18ad1ab3790843c3c18bcf36245048688345ae17b5e381946a1fc66109da38e8f02 8166c18ad1ab3790843c3c18bcf36245 4b57c99f86103e7b26c7bee052f5c5c92c6ac82c34f21ac1b8aa333887a51068 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-hki01Dorkbot_e4ef7f75Windows This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely.e4ef7f75e984d4aebb7852f99315fb7c2bb2d700b9f97a59a8ed12f4af1afbfd2de2e1ef e4ef7f75e984d4aebb7852f99315fb7c 4fcf9f3dcd2df360e1069126acd734ded1b43ea7a7dbb5912db0d23eea505bc9 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-oo401GandCrab_184c376aWindows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.184c376a68da4f2775fe34b45c3ed8c8c8ffb7c8fbb110501ecb8e26aeadb8ddef1640d4 184c376a68da4f2775fe34b45c3ed8c8 a2f4c15b34be976d49f35e8363e220f88d59e17ab056b9049d872c6eec04f27f https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-pf801Nymaim_54706861Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.54706861aca0ddbf152a9477cfa1b76305d468b2fc269fe4abf1601141c690dd63f13b6e 54706861aca0ddbf152a9477cfa1b763 792daabd16b1ceb49a85bccc8cdd8fcf8c21a9a0df3eb909e06df9cd81f786c7 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-5zs01Sage_a5a53cd7Windows This strike sends a malware sample known as Sage. Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.a5a53cd7d5df58df95db5305f465832f3dd5735fad3eaa25002916b1254b69abd6753f41 a5a53cd7d5df58df95db5305f465832f adf288cbaea7fadb2b2f152ebccab141a94cccce33d343fd9c5d42bfe65e57eb https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-9cg01Dorkbot_ef6fedcbWindows This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely.ef6fedcb9bb6a19d8656a06180cca8076f2739c93d0efd53e0606bbffb8903729076dced ef6fedcb9bb6a19d8656a06180cca807 20f7f4a0bd9e9e531df4c14276eb290f5cb7efc37156ec9ba46fa2a7891206f1 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-30o01GandCrab_41353e8cWindows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.41353e8c6ff1e68cd5733ac5f2db45d4f13d63da1886d816f89245b6f277b1bff2293948 41353e8c6ff1e68cd5733ac5f2db45d4 32c22604944c7f284fdd4495613bb7d0f7cf274677df9f2d4fb2c38369dba438 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-1om01Dorkbot_39ecc94cWindows This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely.39ecc94cd3b08c4dd2e6dd6726e1db32f3bdb73dcf9e86fba85c49004b78168f1b663e2f 39ecc94cd3b08c4dd2e6dd6726e1db32 ee10cd27e27378d4ad3f6122168c3e60270031b337e90683481c061d192401f7 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-ash01Phorpiex_e0bdd40bWindows This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners.e0bdd40b131befd6db1879185ad19c4b0af71b72a2549b25ffd6bc0cbf0038872ec1a058 e0bdd40b131befd6db1879185ad19c4b c9d8bbeecb57aa0e4f59bad6e574470fe3ff8cc1685f38b16b6fa5435791231f https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-dns01Kuluoz_00cb18a2Windows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.00cb18a23ed80e16d9c5f6a53f5174479797a64e62974b42fb72f6fe2c363ecfe664dd5a 00cb18a23ed80e16d9c5f6a53f517447 0c86168150197d12329c57ad9c8d616a15f285483ba3cec4a9bb4ede46e4d234 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-ki001Dorkbot_5693597cWindows This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely.5693597cffc6520ff8020d830272abbdce2a224c6539d10bf9f830d205361125c1056bde 5693597cffc6520ff8020d830272abbd 1f2f1041c73af88cc46eb86719cf66e3b51da1c4d7ac70a80cc5b6e7ee4ad73a https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-ujn01Dorkbot_24c40a64Windows This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely.24c40a641b426dc7882df9d310599a587571bddae582a8c633eedb97c62951ba40b2a62a 24c40a641b426dc7882df9d310599a58 738a68fc7864cd87bfaa8336f87b8cdc888fe9fb918de29114b419e2944d29dc https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-o9s01Kuluoz_67c9ff84Windows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.67c9ff84ab76ae833fac3508ffa957b8e5debedb0aefdebe43c64bac47713d0f7020534f 67c9ff84ab76ae833fac3508ffa957b8 0364c9b75b03b9ed56059c9bea7f8a8f81f13d2cfc061c0b6e13525dcc3bd7dd https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-y8p01Dorkbot_dcef9821Windows This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely.dcef98218206053d4a8656cefee7f209b42662c89377025d072bf1510c9bc8f195bd9010 dcef98218206053d4a8656cefee7f209 def2ba6dc7842c6b35f09283b68aaa9558e7339ba4b4aa53da83bfed57188ecd https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-g6n01Nymaim_23a5cb3fWindows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.23a5cb3f982fa59a1850541e13c7314a41ef00f7f3352e1143a59a4aae9f4e7badddaaaf 23a5cb3f982fa59a1850541e13c7314a 2f485d4cf77a8079c75d584aed08d769b864ba76373250e583b7268a444fc2b4 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-cnx01Dorkbot_83deb4fcWindows This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely.83deb4fc6ae1ad657f4a95f77b34c8028fb4eebc88096e362b7a622cedcb212e07b00332 83deb4fc6ae1ad657f4a95f77b34c802 a2c072ec77e1736120ff202bfd7f23495921f04375e09fcedc43be1e61ce4a18 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-zf401Phorpiex_94bbe47fWindows This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners.94bbe47fdf9d03a1064f241bbc8b64cbb839d85d8a57fb7e7739f74a516fc246440896ac 94bbe47fdf9d03a1064f241bbc8b64cb 8a60f95d39f7255e1fd83aac66e0d922ca0a235069d7fca74a4ca07aa5ff5f96 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-lhj01Nymaim_a886f711Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.a886f711b1b81a2245d0668510df223aecde4f3e4720f142387705969d7184640d2795ba a886f711b1b81a2245d0668510df223a 7c8ff85a4e95716c990a60b5f5a5992c0fe530e7a366f80bafbc6621ffff0fbb https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-s0v01Kuluoz_933bfdb0Windows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.933bfdb0178f68a70f5bb085edeb463fdb111d25eab2216803c049859f8a3f97e493b4ad 933bfdb0178f68a70f5bb085edeb463f 0ce022144a2b3d712579d8a63c9c73109ac74eff4ad68f1b6fbd8f593c706aa6 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-b3401Ursnif_da094160Windows This strike sends a malware sample known as Ursnif. Ursnif is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits.da094160989c3513c04ec79362632ab2422e9b03a11b6c1b4c8d0efceaae179191f4ee27 da094160989c3513c04ec79362632ab2 3b306bbe5aaabdd008259ac755b50ac5c53144bd2f79b90d1f29c3c576172661 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-jqs01Sage_c4fba7faWindows This strike sends a malware sample known as Sage. Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.c4fba7fa2659adf9493d8ebdfb0cf0d16dca2ed8fa772f1d055d9e929169b6aeb4099fac c4fba7fa2659adf9493d8ebdfb0cf0d1 b238d1eb5e3ef4e3f5c93ead5032ad0bd67716ff555cf1a3649397ad2e3dcaef https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-p4i01Dorkbot_94fea149Windows This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely.94fea1499406de22ac4509359700e7dd28fb74043f6f57f45ee2afca015ab0987a71c4d1 94fea1499406de22ac4509359700e7dd 642106449fb781a3f5de12b52b54c97961e61f76160ef8c169bd2b0615e98a2c https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-nbv01Dorkbot_5f6ef3abWindows This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely.5f6ef3ab4723b33c2c92340b3b87e74086f46b63115573471481238ee76de6e90dd8769b 5f6ef3ab4723b33c2c92340b3b87e740 f31763a353bf7a525e14f500f70c1924948db63d0bde94567dd908917f69133f https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-8v701Dorkbot_b07db28aWindows This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely.b07db28a5a3c844e43dd4a8feaa3721a288535fbb72481b1991bdd3983b8916ce4229a5f b07db28a5a3c844e43dd4a8feaa3721a bf1102d0fb6cff725e38c7a6f6ca0e538aebcc546b711f9a2d5fac84fdb981f4 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-ag701Dorkbot_2dde9c95Windows This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely.2dde9c9590c3f51db7e99a28474d2a19f8bbbd7a93cf9d8a00670d75f2a60e60c57c15ba 2dde9c9590c3f51db7e99a28474d2a19 3d8aa371276f3f11f2640c559dc5edbc792f8126604cb0e8d0ac3c7e521d4f24 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-9hr01Dorkbot_3375ba2bWindows This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely.3375ba2bc3a70dd78cee45a0bc172c2dfc43a98cf3951d7705f68aba6fd602bba2d24226 3375ba2bc3a70dd78cee45a0bc172c2d 53d77cbc31d6ada99bd858417c8a8ec67907a82e6bc20e8641a3f71cbcfbe4f3 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-mxm01Kuluoz_7baa3655Windows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.7baa36551ccf2fcbc2ba9306e1d170ba1c901619e2a03dc3e390bdcf11f805cc54b6f0d4 7baa36551ccf2fcbc2ba9306e1d170ba 168c0dd6882307664579943b5786594e94435ccab43618aee5b04d6f974bda2c https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-y2201GandCrab_d290970eWindows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.d290970e6fa8e3a0da1fa20600e43a461d5d8849d82035232cced9490c3a77586bd47c04 d290970e6fa8e3a0da1fa20600e43a46 7deada88e32db501dfcfb1aa0b9328c94b8a92561477d01e6b1a3b74e092e56f https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-k6z01Phorpiex_5e91ef7dWindows This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners.5e91ef7d792742f1460490354b8044c5408b1c580fbaf8b430bd0bf5a67440baca27e38a 5e91ef7d792742f1460490354b8044c5 e0af9dcc27483bcdad52558aa19224a0338343e0456ad1e663e0b42fdd53520f https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-ddb01Sage_2e3fa32cWindows This strike sends a malware sample known as Sage. Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.2e3fa32cc28d6a8f557164ae4e64c73f82777637a79df16a8d36254dae17d619007fcb6b 2e3fa32cc28d6a8f557164ae4e64c73f 42266cea4387c3bfa085ead6686fb91936a65bf8110c328b4e898771240e7b00 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-ezq01Ursnif_635f67feWindows This strike sends a malware sample known as Ursnif. Ursnif is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits.635f67fe5e83193401a48c7583de9b182d35e44b452df67fb2789202883a46981c5c9e27 635f67fe5e83193401a48c7583de9b18 7cbc76561f75ead55fd3a776ba7b44d253783da767f4fb20b09616fa1039ac8b https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-mfa01Kuluoz_6fa75a54Windows ee4dis strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.6fa75a54e147b5c2bd808cb7ee4dec79d186b355f6ee64d6d40073492bb8e10fb7fc25a5 6fa75a54e147b5c2bd808cb7ee4dec79 12e80c62f20986a8abe96df7be0c1b91d5fd32bef9781bf669d7a5d538af778c https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-3l901Dorkbot_1ce04525Windows This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely.1ce045250e1f64931d334e12aa1de3efa4dbc06ab2923928aa5578f1eb4a321633174086 1ce045250e1f64931d334e12aa1de3ef b5bc85bf00d89cc18ffd0749f4783e5c4dd855fa37ce6c37a97ac6e8aa0a10e7 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-j0601Dorkbot_cde28567Windows This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely.cde2856798e20b47f0438766aa301cd48e2efb67f4a569bbe9a9e2dfe5865ae95c90fbf2 cde2856798e20b47f0438766aa301cd4 f71e42635ad5e9c0edac076a736ee15dd705ee119e2d485cb27db7c203bd0e0b https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-6el01Sage_312b832eWindows This strike sends a malware sample known as Sage. Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.312b832e198816369d74871420959b5884b69267796e45bd2cfa5808b03c67efd7bf09a7 312b832e198816369d74871420959b58 91a103e0a3a93dc681e7de5af18850933d2435a1d6cef35f85e7855f14c3ec02 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-a1p01Dorkbot_f01e74ebWindows This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely.f01e74eb05e282951c15c144e25e498b46ddda0126f0886653ae540ecf2852a25a8a2de3 f01e74eb05e282951c15c144e25e498b 1b7787bd1726468e25ab200665e57b1b470b7ba531d60cee8642646443725cf8 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-9qp01Kuluoz_c312024dWindows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.c312024d2b6717aeb13dbc8c3b51c759f3740349b8064afcf5956df39c2e46c4d8bae4b6 c312024d2b6717aeb13dbc8c3b51c759 0c04b5f60896203a5d39a707080f344d27aa39048f171e9284d6d8b665e226e5 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-jmt01GandCrab_1d2846a2Windows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.1d2846a2f1a42670ccd10b60cdad793b0ed6ab2c4210ea04cd141c1dbc0e6e481ae67c60 1d2846a2f1a42670ccd10b60cdad793b 72ca8e7098802482b51ba77305cb22d52180444ff2925ed20d8eb1ca0dac5c56 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-04601Tofsee_fb7f1e80Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.fb7f1e80f04608081a274ae345a76b9765d06871e44cea78fb1fda78d8bc10d8e4f217ae fb7f1e80f04608081a274ae345a76b97 4f734c7197b0c73e62e042cdef1cb4dfb056bc5e144a44ec00f8239796b203a9 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-66x01Sage_3cd2a162Windows This strike sends a malware sample known as Sage. Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.3cd2a16208bd80b1d4ff7b4909fd58c9ddf884617901687b2a084f89344e043c00d65396 3cd2a16208bd80b1d4ff7b4909fd58c9 a462ea6b325c5b91513498401fe7213cee84b61f04278616c51cae7238e57225 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-ssa01Kuluoz_7ac68272Windows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.7ac68272d5b461e6c6404e70fa1231e51e30d1d2a794668dcad706006b695b02968c047b 7ac68272d5b461e6c6404e70fa1231e5 0a482d15c908dd7b8936e0900fcabef622708b79cd2020c730376aec9c7ca388 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-ivx01Dorkbot_23340e78Windows This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely.23340e784ed12095c78850dac26812d297abeb5d201b469a0a04e51dc9d6bb0d4e8f042d 23340e784ed12095c78850dac26812d2 ef4abe8f4692c99b8d9bdc30b458d830905e6149ae1ae50bf7eb494f0c8bd229 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-hjz01Tofsee_6c30cf40Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.6c30cf40b1688b70e9e98c1339a8d881849c36ecb0ef1482a22512a0af25d6d482aadee8 6c30cf40b1688b70e9e98c1339a8d881 a0738035727d477bae527df884eb986a9c8e6aea75a354782038e3840b6fa3af https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-8hp01Tofsee_6fbbd08aWindows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.6fbbd08ae2a227a1f8db1025d553d4eb64021da4f803b3a503ad733406ec321e28326aa6 6fbbd08ae2a227a1f8db1025d553d4eb ad601c1a9bc018b918cbc9eb6c4ccd625f9096c01115a2eb4a7c1387f2bf1d10 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-lu702Phorpiex_130ef945Windows This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners.130ef945ab2247c2b91655179c141b51d1b1d65b3b2ce98a763e55919384946a8b64f19c 130ef945ab2247c2b91655179c141b51 65ebf8cd6280fc0c6d3261ecb07e928dec08a6c3a9a814008faeb9053da5485e https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-elb01Ursnif_4d35772bWindows This strike sends a malware sample known as Ursnif. Ursnif is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits.4d35772b47ae7101fc352bb9329cd16b27bc81fa6c6d97adabd657f67a41c504e6bf76c3 4d35772b47ae7101fc352bb9329cd16b d257e0242bc63f343d6712fe05e5b8c9d9be84645e5a2063a1d12820aae450fa https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-7qr01Tofsee_0b48bf76Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.0b48bf765f6273d9c6ce56457f0ce128b8a39483e39e19fad4685d174d1bd2658d415099 0b48bf765f6273d9c6ce56457f0ce128 07cbb12e22655ae68bae25e8aedee6bea64d0d430d77afb86227758740b1dfcd https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-qof01Nymaim_25fb372dWindows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.25fb372d699969fd70f1663ca5b124279d27b4d7b65138d37bad0a12ed6370d7a9163329 25fb372d699969fd70f1663ca5b12427 c19036fc9959e2003d48bb68b2cd6c95a6423b6fa7a434c7ce96d77d69c6e532 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-jd701GandCrab_8de8bcdbWindows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.8de8bcdb9055e97e7912f82f9998973b48d12fa7c004f35e5f9119d420073bb465cb14c3 8de8bcdb9055e97e7912f82f9998973b f8a6408e3a5a75772246c8dba4a39311ef82a5c5e5445fd817375610606bac66 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-ses01Tofsee_b39828ffWindows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.b39828ff2e9557e571f8d3b819de011f53c7a2a4752667cba8c876e6a20c2273bf0ffc42 b39828ff2e9557e571f8d3b819de011f afc2ab3eb8b9a23623603c03e7b7d1f0fca18b7b64f33976dd102681eb2a217a https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-sr301Dorkbot_ec75a4d1Windows This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely.ec75a4d14b66f8a93d1f46902cfe14f725c58b64c368e2634f2fc7971ca9b45d3f33f87a ec75a4d14b66f8a93d1f46902cfe14f7 33f4666ed81d7e61ccdae3a895aa21d670b714727ae68639aeb064f58e387744 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-v8501Sage_30274facWindows This strike sends a malware sample known as Sage. Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.30274fac8096678a175291c1aa4daf8bce3df66cd269062d6d9a734d9b7da1a5a37b376e 30274fac8096678a175291c1aa4daf8b b5678f253a2c15a3caa25840b16421b4458928d0ddffaf1fb941a4aff1061f38 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-3ep01Dorkbot_6cb7b9c3Windows This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely.6cb7b9c369f8a71933a2b4d63df39f5a1d66f3269c3edd9f1695b357d630d669b0946384 6cb7b9c369f8a71933a2b4d63df39f5a a4f42f84cb704690aa10a2ebdce33e964b67a57cee554019d33f1a7cd9d3f4f3 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-j5s01Sage_d6608da8Windows This strike sends a malware sample known as Sage. Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.d6608da8c025db4397d33e41fe49cfbbd253e0c16791447d97a70364bd5052b43ac4d621 d6608da8c025db4397d33e41fe49cfbb 0558a89422c627ed31af6d34293b1de99ebd9f8538d8c29bf830b9302dd9aa56 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-rhz01Kuluoz_12a92181Windows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.12a921814452398d68c2505d6fa69ca87fa5b28cc9f74ecbfa63f3fd3f8bf6be0b8366d6 12a921814452398d68c2505d6fa69ca8 13705e3f984dc79824e22fa9349c3704dbe5d67a606f59029622887379eeb302 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-9zb01Sage_5128613bWindows This strike sends a malware sample known as Sage. Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.5128613bdbd49ab657fa1e45b6e1d280eeb374241c5b402f918e37f8b8fe51b218c5fb36 5128613bdbd49ab657fa1e45b6e1d280 d7e794446a774f9f3cacdbd58345a1a52f988eaff24c122800a9aa9b0e094e08 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-p4k01Kuluoz_4fe6186fWindows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.4fe6186f2f142cde6596e336e68d1a973a5e6f1e431dbc765223b6cd76a387b1f8433119 4fe6186f2f142cde6596e336e68d1a97 0ce6ae758bdc6f4c44b249f4ecf327f5a00a238ebed3bbe8b06f317b91335f1c https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-j9u01Kuluoz_15a2db50Windows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.15a2db503f657f02b379a3f4ae5567f54378b7b75c6d85d6284ba6b2fa4ed7c2663d89ff 15a2db503f657f02b379a3f4ae5567f5 01412a2d6877375f88d6b502600e45a26197396a1f0b019d8d10437729f52257 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-y8n01Phorpiex_c6424aefWindows This strike sends a malware sample known as Phorpiex. Phorpiex is a trojan and worm that infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, including malware that sends spam emails, ransomware and cryptocurrency miners.c6424aef94c0dfa968a4322855a1fd3af2a27af3576d885ad60b37ee905771144eb6d3d6 c6424aef94c0dfa968a4322855a1fd3a 48eac3b34c05886e1338554f54ca7022fa15215dd22d4a6bf62d6c531ba1a3f7 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-pzn02Tofsee_86ca6f16Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.86ca6f162225a778615348830f04b09a1af715b26604f7fabf7b0b62969b8888c376a6ed 86ca6f162225a778615348830f04b09a a2a94ca3039111688fe1304a3fd4ad245b79d0b6d2ce58bcecdcfdb1b34c0208 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-6t601Ursnif_e324a9c8Windows This strike sends a malware sample known as Ursnif. Ursnif is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits.e324a9c857784d678950574d1c87dc9f9b5a4928e4c77e21a22ee4cd21eeed23d132f7fb e324a9c857784d678950574d1c87dc9f fb1eac4151a47e030a0d372c40fc3c70cd4ba76bc40571fa69d60f398196726a https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-bq501Tofsee_1163010fWindows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.1163010f1a517c12bb0979e7dd343b33e3a3c1e0af9fd7f0696399fdc87a24d6a69dc0e5 1163010f1a517c12bb0979e7dd343b33 564e5e2f864ce52b923daf130c30efd97ba3eab872e04cc8849ed6133ed7abe8 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-9zs02Tofsee_a116a435Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.a116a435b8f21df3fc8b31842d7ce8610d4ad83025f572978efe58ea3a0dd7d17de87d25 a116a435b8f21df3fc8b31842d7ce861 b1f1d675c5d97b3ecf4085f1326bf67e5b1ee0b30ed1499df1552283d5fde731 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-fg601Nymaim_c2a73802Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.c2a738022d7fc40d7d1f6644bdcef194f8fe8b6139b63a32bbbd4f5d38a4cf80d5ab327a c2a738022d7fc40d7d1f6644bdcef194 04f91d0532ceec2b0455ab9745dff5b423f34e8f32cee261db68ad28db024a08 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-2ws01Kuluoz_c5ce01c1Windows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.c5ce01c15c640ee7f1f19852ec39159058862494709d82809f12098f776ccbe5e4f7c676 c5ce01c15c640ee7f1f19852ec391590 0909060506cdf2d77307b2ae36380fc7f85de0a9c1c103ca629d3089ba507df3 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-h8d01Sage_cb8375fdWindows This strike sends a malware sample known as Sage. Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.cb8375fd6fa86b6a54f47ac9578921e38c5002405eb68905d651d7deb15f0f49b385d246 cb8375fd6fa86b6a54f47ac9578921e3 9dd1839b1090c0467211f689214df91e5eb8e73830f2a2ea9e3408e527fe4096 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-ko602Kuluoz_2ad1254cWindows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.2ad1254c2640c8ec91687c90175f0804f94e643365ba1301a015e36a7502c5954cf7f08b 2ad1254c2640c8ec91687c90175f0804 126266edb2a41407ba26f72e127430dd5932b07ab2e312dfd09285bc9f5db40b https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-x6b01Dorkbot_67a5c71eWindows This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely.67a5c71e23be4e0b8cee069fefa18f8119a3752937f0c2fad7dd0075ab91807c31e58e3e 67a5c71e23be4e0b8cee069fefa18f81 ea0479b081905b195d7dc9f37f81cd07945691ab84b395013e2653594e40522e https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-qai01Dorkbot_93b72917Windows This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely.93b72917c3e01ede55ae6d3204a9f3976530fdb5591577855b6dfa5bfc2240cc0d407450 93b72917c3e01ede55ae6d3204a9f397 791b43d7009c8bceb849274e51607d89283bddfa94d215ede8cc3bc76953f7a7 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-3s101Kuluoz_89670c3dWindows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.89670c3df7702c13e18f983442f0819348b806c9b4ff322ccd5e3dd65c92de737a83cb4a 89670c3df7702c13e18f983442f08193 091b1cb41a31ffd75781295ec748bb6b82bc6624dd7853405304a08a322c51ec https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-21r01Dorkbot_3680727cWindows This strike sends a malware sample known as Dorkbot. Dorkbot is a worm that spreads itself through social networking sites and messaging apps. Once installed, the infected computer becomes part of a botnet, allowing the controller to control the machine remotely.3680727c50bba736fcb53f8d6ad5954a40eee7a2876f211b9675f65f7530657d5a0cb63c 3680727c50bba736fcb53f8d6ad5954a 31012f9ba68cf7e8ac73561fee2c8b2e2a538196d264f3d4c3d89341e77e2495 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-3yb01Sage_99dd9ab5Windows This strike sends a malware sample known as Sage. Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.99dd9ab5e730e1b7b211b256e6ee745b8a8843884c93f141933742f37e9b72c992e6c96a 99dd9ab5e730e1b7b211b256e6ee745b 785c3dde4d85cd5ff2e1a826801c3813c2dd08fd547628aaf83bd9baeaf1f9c9 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-an401GandCrab_0bb83e40Windows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.0bb83e40d8aad33f4e3ed4bac27e87d75122322cb9816b8ffde2cef3ffeaf8bda2a7be50 0bb83e40d8aad33f4e3ed4bac27e87d7 d2ec413f2c120332e05f71f899094794a9c0092b220ef86633d499bcdcf997ee https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-hpk01Nymaim_a3b20533Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.a3b205339fa9fccd2c75b25d33544ccdb03bc5bc930477736418ef0c144e56e8cfeb7f97 a3b205339fa9fccd2c75b25d33544ccd 037d05e6a51414ff22c6f27f5758bab12a237fae5a8da61b3d9579e77cf68cc9 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-3do01Tofsee_edcfee25Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.edcfee25afde67a147ff11d14aafb1640cd012d85261ef987ba9b1dc5eca506df96047bd edcfee25afde67a147ff11d14aafb164 1ef2f6a958ffc7e4c2733100f10b53baec777d197d345012d464c2e9987cdd43 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-1bb01Kuluoz_e2ec4718Windows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.e2ec4718d67aa1c54584e7ef5d0c4aba83941220823a6a70fc2ada450ca95b59dcbf27e1 e2ec4718d67aa1c54584e7ef5d0c4aba 02205537e0ac5c8b8b66f53e8d2993b706a8f7fa5757346a7312db646a471143 https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
M19-zns01GandCrab_149be314Windows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB," ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.149be31476fdd3ca6ba4420e5cb4d13cfdb8229068cca38c36b39ec36ffef3234c1c6c0a 149be31476fdd3ca6ba4420e5cb4d13c 067cdd8df478938f229dcedc5f65fd4cf92c66d3c516ba60ae4355d5cfd06a4b https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html

Malware Strikes August - 2019

Back to top
Strike ID Malware Platform Info MD5 External References
M19-xx201Shiz_1ab70f41Windows This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site.1ab70f413a9ad4fb83445cb9d691ec1cc38bf63b1b5481006d0226a7dfe1ddf72215ec26 1ab70f413a9ad4fb83445cb9d691ec1c e4c8b631c928eec873f54c2811315e48962a8f5e067e3f820e22fbfbb04755eb https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-1co01Nymaim_cda11198Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.cda11198947a061962a94f9a014a1a67339940dcb46616dc8f67bfb6793bb9449b71aff1 cda11198947a061962a94f9a014a1a67 485e521ef0299ede43da514cdf8992bddc95529209889e562d0cab884bf71cdd https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-y8g01ZeroAccess_3e78d270Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns.3e78d270be37a4b082ba5942d1a007e0b4c4b0ad6d018e91c1c4b3a2956765e04a6b3335 3e78d270be37a4b082ba5942d1a007e0 91fff0045ed0ac9433217ee7dd1f5ede0554588995892e026044d8d9f9371e1a https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-1bw01Trickbot_bf12a005Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts.bf12a0050dd763ba244c0825fcc8b972f1bdd325cf2316426548e0e656e94ff94c30413d bf12a0050dd763ba244c0825fcc8b972 639adafd87d067c1cc5c5d1be870f3800e719637dab20e435f379fc86b268d15 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-us501Trickbot_644334bdWindows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts.644334bdfcad2c402d980f9fdb406c445d807cb896f43d7451686057c4b4a5e8557073be 644334bdfcad2c402d980f9fdb406c44 30f321827bea98609847dc047de756f7b86074bb3f5c6e4c7875f25db5dcd627 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-cod01Cybergate_6272a3a7Windows This strike sends a malware sample known as Cybergate. Cybergate, also known as Rebhip, is a Remote Access Trojan that allows attackers to fully control the target system. Functionality includes command shell interaction, screenshot capturing, audio/video capturing, keylogging, as well as uploading/downloading files from the target system.6272a3a7a872fec00997c41e1db820b25e6bc3f4419bfbc1c0ee0c2c2eceab6fc5f4aca9 6272a3a7a872fec00997c41e1db820b2 19f9ab1a6f01c5bb060fd865f165d48789f6b6c561960071823b6fcfbddc733b https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-p1s01Nymaim_d3a408d6Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.d3a408d6ae7f683c1ac41e95ef09b39f4655ea2fd30c1eb2099b8c90dda186de93da183a d3a408d6ae7f683c1ac41e95ef09b39f 01fbd952fe57f673aea818e12a0aa675c9e29e1ba0f85d28645a926f3df4f7f4 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-bvx01Shiz_47a02af1Windows This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site.47a02af1e32ffa586e37af235735ef421e9e337977dba8b65e21c6e5435a368f4462d7ab 47a02af1e32ffa586e37af235735ef42 bf6c06b4720c871f38fe90fc4c2dd2a17fd3879b37668facd78f433309123094 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-onx01Cybergate_ab7cb2ceWindows This strike sends a malware sample known as Cybergate. Cybergate, also known as Rebhip, is a Remote Access Trojan that allows attackers to fully control the target system. Functionality includes command shell interaction, screenshot capturing, audio/video capturing, keylogging, as well as uploading/downloading files from the target system.ab7cb2cebff981e4618404d0131e54766edff0719e5d5f395c9a7aa9bbe27bc18189656d ab7cb2cebff981e4618404d0131e5476 40fc7ace7357cb61cb7ad47e655d7d33c0952cbea1fae151f969eca85deea68d https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-wn601ZeroAccess_38d87798Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns.38d877981d7895a094d64c917ee6a2dbd576697601fed8daf7c6db626ff737a94c220430 38d877981d7895a094d64c917ee6a2db dcfd777c230140e79392ba5adf4f6aa9ae249d68eb18cf2ba3b74eca47a2b3c2 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-1xx01Trickbot_094fbe60Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts.094fbe606cb497823dc381689bad3e093c8a8d96631f50fdf8904cd5e97bc0c96b4704a9 094fbe606cb497823dc381689bad3e09 653fc5565b1e8746ddaa507722815fc225ce5c327fa69dbbdaf8924880197035 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-xmg01Nymaim_0896907eWindows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.0896907e2c1b48b2c6ef1a1eeadcc57993a8ed12c50dea43ff6ce7ee41bb495c4454fcad 0896907e2c1b48b2c6ef1a1eeadcc579 028423fc9b5fb8f3fc0f985e43b703ce05e69a3828f7152dda5d6e6bc3175da7 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-6im01Shiz_84d445f4Windows This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site.84d445f440d02b40eb355731306699f8c3991e23c163b8710f47fbd26ae9b431503a9b50 84d445f440d02b40eb355731306699f8 d736eb2fa68eb8da82c3823e90bee6fb374f00d59b5ce26df9a8f8f6e807bf39 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-fca01Trickbot_5933d1daWindows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts.5933d1da80f39a264e33161e9dcab4b33eea0363a8477e7ac75809ee3be597179c45de97 5933d1da80f39a264e33161e9dcab4b3 051eeb1a5f4ef84caff3c5a7abcebb1839569516480df43c929aba282eb8ecb2 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-g2v01Tofsee_9396ffccWindows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.9396ffcc501642e85538b7ddcf3db0725eac51d49468a57234c08ab59eb27f0e5fa0353c 9396ffcc501642e85538b7ddcf3db072 9bf983cc999b2a3bd029e21e445bca85853b58d66247c7221157fab41fbd19d8 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-7b301Shiz_4dc0e9c3Windows This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site.4dc0e9c37518c7c9a60977403484c83d95d323d81d751839f3f5cdb63762b56b4b9a22ce 4dc0e9c37518c7c9a60977403484c83d eeb8342fd7c3ee5b7bb9b714899dc0b2b97597562022015b9d1d2464e7cd55d3 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-o4a01ZeroAccess_07d4dbe3Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns.07d4dbe37041634baa6564f686472bdd48cb42e93f1dec05fe5c2787e9d526cf867194cc 07d4dbe37041634baa6564f686472bdd efbf80ac6287c82b3231e87957271cadf5c5130eeea7b2e456ffa8b002cbde62 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-o3101Gh0stRAT_897b3facWindows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.897b3fac62dd77759344a54cf2cd34623c2d4dc965b2622ebe4bf4001245b55b9339729a 897b3fac62dd77759344a54cf2cd3462 2dae697a1aa350218fb9c4c6ed9d28caa9eff1ad7bfbd0feb32dc523e5c7baf9 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-3a001Trickbot_b2888a54Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts.b2888a5432c8c65cc0c7cad4de2d99400ae0c8e78e925f9ae2b20595ceb2ba63b72839ac b2888a5432c8c65cc0c7cad4de2d9940 112a18bcbc8424b2bdb7ea574f5696288d28a28dda3f0aaa9894a84285c932aa https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-7l701Shiz_27d6b22bWindows This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site.27d6b22baad9755cceac2086f06f63333f45e8830c4302e5c55a0274c55a74d2f92e5d1b 27d6b22baad9755cceac2086f06f6333 9ca9c80c7aef1de747e8fb0fbe2fdabe0242862341eac562799b96f94830bd7a https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-i8101Gh0stRAT_3a7b7432Windows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.3a7b743255b7a9aa3f07d2f51612e4625bae57163767f1c853a688c151888b63b60f2550 3a7b743255b7a9aa3f07d2f51612e462 2512e7506467e005bda030357121e832ff0dddc6a670ae4c732bac8345a0e2cf https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-zun01Shiz_d6914a36Windows This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site.d6914a3674d74f7f7feb9505c1423e429c3dec68c4506e223098167d1f82ed886125e52c d6914a3674d74f7f7feb9505c1423e42 cefb5097f6431abfd8ecaa842f8fd18e7c37b585c90ed7dab5cc58c985f327ce https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-yul01Shiz_33a27aaeWindows This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site.33a27aae2d274e9be4161612b7b3165c4a6ef3f0ed4eefaee74dbed51f5717e976aff5c7 33a27aae2d274e9be4161612b7b3165c 15e38b549194635dbbce0ddc2fa97744992498292843924d0ef12fb1804a285c https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-26j01HawkEye_01114d71Windows This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.01114d7100d23b26e2b3a1aef43244c13378cf1b8527eead50346f6c6fa476d5dba80031 01114d7100d23b26e2b3a1aef43244c1 1c38e7e3f9a7277e60399523a664c73ad1e950de5ab59981f6ce77c908403448 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-ty501ZeroAccess_e8f0168fWindows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns.e8f0168f83dee93e76ca78cb22de73cffcb977a76aecf9e5e2bab66750fa3af8df1cc50f e8f0168f83dee93e76ca78cb22de73cf df6e0399978745daad9974c24eecc3859740bc2e2ece4a7ec970cefcdd5a5bbe https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-7bf01Cybergate_0f1ec177Windows This strike sends a malware sample known as Cybergate. Cybergate, also known as Rebhip, is a Remote Access Trojan that allows attackers to fully control the target system. Functionality includes command shell interaction, screenshot capturing, audio/video capturing, keylogging, as well as uploading/downloading files from the target system.0f1ec17725ef52046f35e1dea3f123d4b6cb8d34a123ae7f1e8edf79c72d071d7bf05546 0f1ec17725ef52046f35e1dea3f123d4 dc416c86df2bad0adde036bda83db1fbcac13036a2ea7f73453597e7a3d5788c https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-ed201Nymaim_0aa69713Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.0aa69713006a195dd71163ba798d2587c651006920ff7dd3ba9fcd3f04801be63f0f942d 0aa69713006a195dd71163ba798d2587 143c9de178660a194d5e22ba45bd7d1d56d3f286eb16ff9a1206cbbecaf811a1 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-hk601HawkEye_4abfa5d7Windows This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.4abfa5d704ffe75ecede2d2f7f78cd0fb1ab7400eeb8c63e809c7d9d8d3898949d697da0 4abfa5d704ffe75ecede2d2f7f78cd0f 939b12fcce7c902fff5730a6cde141311baf0a322e9334cf1dd13230c68e7794 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-chu01Gh0stRAT_ee5a17b1Windows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.ee5a17b1b84a2be9d1fe606787afffdd5c7c1785df2aac73744f8ab2c8091251ea27be9e ee5a17b1b84a2be9d1fe606787afffdd 249cea1515c2c625b5e117a9495cce088f64dfe39dfab2b9d47d9071e2516900 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-2dh01Shiz_02880bf4Windows This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site.02880bf45fdcfecbe10915b4d4293e64713f6fb4e72e3c9b44707731366a87dc7eff7328 02880bf45fdcfecbe10915b4d4293e64 fce2a9dee62b71966aca7874ff8f37066a0323c73e5e524162b36b114a92894f https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-ak201Nymaim_737802e4Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.737802e46bfc6275946e930867e04f418aeeadad39664b141ac22120a8a345a939411d70 737802e46bfc6275946e930867e04f41 c3120a24f20ecedf04b17c71bc7f1588d1daa776ea66b1b85f713ffe7136c944 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-tpu01Cybergate_cd1af03fWindows This strike sends a malware sample known as Cybergate. Cybergate, also known as Rebhip, is a Remote Access Trojan that allows attackers to fully control the target system. Functionality includes command shell interaction, screenshot capturing, audio/video capturing, keylogging, as well as uploading/downloading files from the target system.cd1af03f5b702bf06f42b91cd8c252b2dfeec000850eea461184760c0dc8fd24ab22ca3d cd1af03f5b702bf06f42b91cd8c252b2 c5d0479add616c17dfdef957dc106522ff40bebd08ab070b0941474715a29dfb https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-rtk01Nymaim_cc1bc741Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.cc1bc74105c8bfea61473f0b4ccff3a90a0608762c2f29ccf82e015189dbb80fe23171f7 cc1bc74105c8bfea61473f0b4ccff3a9 c9017faf332ab5c93fadda86db30d7e6b6a67afd6aa0cf1334b1744e16497b69 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-weq01Gh0stRAT_64014bc5Windows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.64014bc500d568bb0a00c976a53cdff92ea34a2f47d49b75ca48b9cd10655f400f1ec97a 64014bc500d568bb0a00c976a53cdff9 1156fabd2305bd3ce5b218a59c3f3cfd99671dc8323fda13c156aebf26ee3ed8 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-iyx01Trickbot_24365377Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts.24365377ecc0363888759a764b10b0ed4a701bb1e053f8d572d54443220ea476fd5128b9 24365377ecc0363888759a764b10b0ed 362d936eebd48241b9e3b6ae0f8650365af42aa307320438ae170862750b2a08 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-04n01Tofsee_ad6e664aWindows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.ad6e664a14bb694f66fdbc97913a901b924e3d51e5387a1d0cd65df7f80e568f1e8f7eb8 ad6e664a14bb694f66fdbc97913a901b be8a71e6dfa63485be4a848cf6d0bc1da15b20fb9735e0c0ed08e346840096e0 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-wti01Shiz_2c91d979Windows This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site.2c91d9791faf9c214281deb6c339edceb6e3cd30d170219612d8cad4a1b6918f7b63941f 2c91d9791faf9c214281deb6c339edce c0b1f1dcd503c8e254cbc80478848db14d2ab731df0a3d3cd185d5df43727d54 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-va401Gh0stRAT_5ca19eb6Windows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.5ca19eb6bd546a2302c83da78c6b90c1cc88548d1924a3e1a1a70432b319ae262eb85a36 5ca19eb6bd546a2302c83da78c6b90c1 30fe5c510a0dc5ad89fcd66491ff24f605a90a2c4a53c67a9969fe15a4a5d0a7 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-bqx01ZeroAccess_5b331b71Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns.5b331b71bc6080f4f9466135db3414fc47168b386448ea369586f536d906cabb399ec0ad 5b331b71bc6080f4f9466135db3414fc 67ebc3153ede004c1af8b82ecd6f4713573f4c29b4a84c0500d761f483ad9172 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-ni901ZeroAccess_db8335d6Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns.db8335d68db2bf86ab85bd10d3ea9cb5b7435e2d1cd486d018306fb14a6a0753c34509ce db8335d68db2bf86ab85bd10d3ea9cb5 c11c70ca57c92e7224b2c011bb8559d5214ff644fec730a52e02eee172a8a043 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-nun01Gh0stRAT_36d574eaWindows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.36d574eaa21344ddc4272f98817ed0fc25d281464b40b11f1bf97daeb35ba7a9f2733340 36d574eaa21344ddc4272f98817ed0fc 26f34567a93de01d7e6853e9ae31eb0f1848dee525b0ee605e1c1884accc4982 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-xf301Nymaim_aa53b3d0Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.aa53b3d01dfbe0d5c083337b8019efb9251068aba327ccf106d3ea81632d76fa18ade681 aa53b3d01dfbe0d5c083337b8019efb9 54875c46bc6795dd22af5760a5452f3814a5b6827ed996d6a475ec95b9107626 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-30b01Tofsee_5bb2f386Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.5bb2f386bacd1c438be6af5c57963ac6627b5ec632d023f834f2fc9486ffa8c9d5fc97f5 5bb2f386bacd1c438be6af5c57963ac6 1c916b795f49331678816ef6cfba0dbdbddd4b92a421e086ab2fe2ea095d10e9 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-rnk01Trickbot_ac1f9c63Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts.ac1f9c6362ad0990378f91888ab08d1b3f04671e7dafc8bf4a51ae4c00f0840ddb73b66d ac1f9c6362ad0990378f91888ab08d1b 0143365726dffade4573b49e8c816d414c8ca96567a8163cbb714a4b9c18df2d https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-mjx01Shiz_a0ee636bWindows This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site.a0ee636b69789ecbb8423b9079f1f18bf53d1d8e2d4c23fd614ebe69305167a66df73811 a0ee636b69789ecbb8423b9079f1f18b a798d57162ee4fac07d2e23a16f9d0557d39f6c615a33add2a8f570177ae250e https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-kmy01Nymaim_fe2a01deWindows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.fe2a01deaf0a0865b2bbecb382920dfe6b93dc943d1c1dac079e53d8cf86385303d83cc2 fe2a01deaf0a0865b2bbecb382920dfe e1797282c01e2bcf9e03707136cfc60bfdee5818cb1ec59984befd55de4c6719 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-k9d01njRAT_1826b00cWindows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.1826b00cb9e7d3e90e08bc5e2159cd812aa30f7bdcaf7cd73cbfa88b0b7c953e67d46b94 1826b00cb9e7d3e90e08bc5e2159cd81 9ec10adc83de49e13e491384047b11e40f2b7567991a11ab03a9703899ab55f0 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-ds701Nymaim_c2ad76e5Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.c2ad76e5f357c06065fc18efb7910a12c5bc2a700420e142c9de3a070c165ec6da9a4b65 c2ad76e5f357c06065fc18efb7910a12 05263f754c5456ad772dd2448b85e9fefd1c4204f12391d8068bcba7cc388c53 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-3ze01Cybergate_49a01b81Windows This strike sends a malware sample known as Cybergate. Cybergate, also known as Rebhip, is a Remote Access Trojan that allows attackers to fully control the target system. Functionality includes command shell interaction, screenshot capturing, audio/video capturing, keylogging, as well as uploading/downloading files from the target system.49a01b81be95c083274242c45faada6428432d1394f31fef2698db9e0a50bb90ada3a336 49a01b81be95c083274242c45faada64 6b185c176128cf98a5241c3d10d0486cb3b4c3a8877d7831beed7088b688ee93 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-com01ZeroAccess_ded2c66dWindows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns.ded2c66d135d55d81e9da4dfc37a700eee7c91cdeda049eb19aa7380f7c516e40604a7a1 ded2c66d135d55d81e9da4dfc37a700e d17a1fb8e452ae4fce1f2763a32b209b6663c600dcf253fd1e943e481ca90e63 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-iv901Cybergate_c3da5814Windows This strike sends a malware sample known as Cybergate. Cybergate, also known as Rebhip, is a Remote Access Trojan that allows attackers to fully control the target system. Functionality includes command shell interaction, screenshot capturing, audio/video capturing, keylogging, as well as uploading/downloading files from the target system.c3da58149cfde1bb3e67ccc984eebb2b71e7a5ffe6ddf8b703a07bf7fded7f7a5c27a054 c3da58149cfde1bb3e67ccc984eebb2b 889728767005bed83d50f8ac92d4f8685be74f71155537c011dbdfb5da861b26 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-51t01Trickbot_ebf36c19Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts.ebf36c1943b5c020195aa446091fba008cdceff5170f0e1ea2956739876ea9c42139be3a ebf36c1943b5c020195aa446091fba00 8a58ff91b277c4b10565d90fa8e0d847759276fa77983762337dc6bf916aa78e https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-0ev01Shiz_9b10f9b4Windows This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site.9b10f9b42f0db432b6b31fe93c9434b48d27cd1214b565b9b0be240c73585a0619ff9805 9b10f9b42f0db432b6b31fe93c9434b4 ba8e2507b98e11681912eb982779c5791bfd084f1683d0ec211f187c04444b4b https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-6zb01Cybergate_93cfaeaeWindows This strike sends a malware sample known as Cybergate. Cybergate, also known as Rebhip, is a Remote Access Trojan that allows attackers to fully control the target system. Functionality includes command shell interaction, screenshot capturing, audio/video capturing, keylogging, as well as uploading/downloading files from the target system.93cfaeae2aa5506f9605d14577031830691f1b5311598ab5c7078d6239f8fe2311983274 93cfaeae2aa5506f9605d14577031830 ee13ecb06987aeef5bef6de64e0e5439b44f07f9f0783d8cdb6ace3fa950a6a1 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-ojf01Shiz_9a4f5042Windows This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site.9a4f504273a4ca10c6cd701950ce21ef7a27c132868d87480145c3f120dfc962d5cb9299 9a4f504273a4ca10c6cd701950ce21ef e7df207595977cf6802d5d039c76a91ace32521f290d115c06325bb8a72ce18e https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-mpw01HawkEye_e701da26Windows This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.e701da26b2782f0fe3cfcaa166963b65cdd3241428a092cda28d73db62fd82da1a79ade5 e701da26b2782f0fe3cfcaa166963b65 e584d0e379aa3fcb0c7f9de3106ae4234d88ceca407a9645a4edcf57b9202cce https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-a6101HawkEye_b82bdc2aWindows This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.b82bdc2a43b0974a2243abcbed830c328312529f045001961e07e8bf3ab829dfe272e89d b82bdc2a43b0974a2243abcbed830c32 d187fe363c737c1c3babe56649a39a1dc1d0da4cc7aef65e4782ba0c801e5079 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-uy901Cybergate_1201e001Windows This strike sends a malware sample known as Cybergate. Cybergate, also known as Rebhip, is a Remote Access Trojan that allows attackers to fully control the target system. Functionality includes command shell interaction, screenshot capturing, audio/video capturing, keylogging, as well as uploading/downloading files from the target system.1201e0017ec744d837b8ce7588756b863c54fa18e52bdb0ea8970c6352ef607812430610 1201e0017ec744d837b8ce7588756b86 b3ded4b6a12a5a232816b33546167fa3e90eb78ac2876d1c6b4adaad4b75abc1 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-k9101ZeroAccess_ff75ff4cWindows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns.ff75ff4cb2fad310dc021e2f2524801f171af2938bc2721a165983970d573f2bf2103769 ff75ff4cb2fad310dc021e2f2524801f 64f81a35325dd38c136a632f0e23d167407a0c4963a70761d4ab5707775f0d23 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-i6101Trickbot_eaf81074Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts.eaf810745c1b68d891559ff172a43581de74148d2bdc62c325d98f190ca9bb4ba92255cc eaf810745c1b68d891559ff172a43581 11513df12b19240af3485b6b0d0c871c305e2644e6503770baf8fb2949542462 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-uqy01HawkEye_b8e17879Windows This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.b8e17879bac5b53174a69521c43276da9208b2b72d81efcd694a7ea6eb0675632fdff6b9 b8e17879bac5b53174a69521c43276da 0360cd478f78ed02dc9cebf82d31721fbc6915b0201900cd922e59ccc32f6038 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-1pe01Tofsee_43c81f49Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.43c81f4959c752e5977f86772574242c999e0004e21368b2907293654c3024f6511c0010 43c81f4959c752e5977f86772574242c d62553c4ef53220d32af9e5eb1a0accca3ca6aac7e9f3539119fec0718edd65b https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-xbx01Gh0stRAT_449e068aWindows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.449e068a1c741603b500f7990e1ab27960b9820b2f455314d78f3747019b7f661a6de2c6 449e068a1c741603b500f7990e1ab279 2c771b1e0003485b554e8014b428c9d53ad93d457c04c96b9e514f0f33e2e6ba https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-7ui01Tofsee_0451fcc8Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.0451fcc805e395a13acd53d64d3d76c2e156b42dbc801b100c94c6db6f87bb26ca9bce36 0451fcc805e395a13acd53d64d3d76c2 5f4bd5a0728432e4731b9d2606bacb05d7c6f10ad926735f3e4d9dee10791f85 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-rhf01njRAT_808b9614Windows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.808b961476324019a42a43e0367d836bb1a61a20e9338c63db17fe3c44e1d16c0725746f 808b961476324019a42a43e0367d836b fe84c213aa4643ba68eeca9e6af567aa809a6c0a3d2b0f9f5fa13aba4033a5de https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-6ma01Tofsee_2f59e5d8Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.2f59e5d8cd1900f62e1c2f2c9d27b0f5337ed6d740b4ad0c150a4652c86f107a2edecd1d 2f59e5d8cd1900f62e1c2f2c9d27b0f5 ad34ec4764147faaee82935e142eedfe5569f88ef81195281539075a0f3c91ac https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-ict01Shiz_c866d866Windows This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site.c866d866e57a8385ed9eb283e333857c33e4b4f11fb75949a3b6ffd65478fc419db65d78 c866d866e57a8385ed9eb283e333857c b45da6a6c26ccecac46deeceed64bea1dc7753ebbd6fb93ad33048e0f8587f95 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-arw01Nymaim_cb4ca71fWindows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.cb4ca71f21409d275e68f90c39b82d8d174b675f069c61eb9540f22f4c43db182f216c2d cb4ca71f21409d275e68f90c39b82d8d 8519328e272602bc7117a7c9da2c00e40e8d45a97528ed3fa7c86f2fdeb9b679 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-fga01njRAT_c599d320Windows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.c599d320b8611864718be28c7153c5ea49ced9f294c2e38e01b0f5c1c79aff9ad5482912 c599d320b8611864718be28c7153c5ea 95ba99bc91142b433da3a42eaaeefb1ce2a7abe93f2d8816b931eaccff600192 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-jeo01Trickbot_ce64f853Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts.ce64f853b906569ad859f17f496e157c7bb90f1981fc692ef4f702a53a9fb6e5f8751a50 ce64f853b906569ad859f17f496e157c 6809cf34ac7fa454a8d8c25482c7a9acb44be1222bc89f2d478a953d93f63f3d https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-3jm01ZeroAccess_0ec6e981Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns.0ec6e98169f7278347ad3f180aa0d2b2d15b53e2299f2123333c3ba318905a73073d251e 0ec6e98169f7278347ad3f180aa0d2b2 688db1253d2dcdaf11bb2e8f03790dea9b10625b14b20531f4ea108801066f62 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-gml01Gh0stRAT_dbd08d77Windows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.dbd08d77980f1639184eefe604f5b19d1f508099d0a81de727a0b549f0e606f1810fef3c dbd08d77980f1639184eefe604f5b19d 11978ef69a330b0d4cc544f48bafbca5125019fe147fcaf2db0bd72fe94c4b4a https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-w8j01Tofsee_7c335b53Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.7c335b53b15a40dd7de3efe56f8f687db110b895a615112c561cf9a04fc4c3c1b605a112 7c335b53b15a40dd7de3efe56f8f687d b4f6aa14eb833c83413f72a4e901d0e92c7da45828c5438594693f68c2a3ebfe https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-srd01HawkEye_1466449dWindows This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.1466449d8294ce6090af5bf5eeaf1a36581b27f5f2d96b41b59dafa81a74eb297117f49e 1466449d8294ce6090af5bf5eeaf1a36 d5a45f2dac9346b72a23fe10c07dc4ce234e7e577fd6c2e471464276651df1f9 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-x6d01HawkEye_9fe12ca4Windows This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.9fe12ca4929c901a87b89eda6399aeec105d16972912370297f1217472242153c3ecd8e1 9fe12ca4929c901a87b89eda6399aeec b23e50aa8217e033f01bfe6c52e651a3d169a202e6949a4d0d7c5a4ad145a857 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-yhm01Trickbot_7c06687bWindows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts.7c06687bb0b9414790cd069910aa06a75ecbd545f07636f8f83ab2fa851ac312727791ba 7c06687bb0b9414790cd069910aa06a7 854124fe1ae699a3dfd99b89a0b44101e74039ea8f06c781254f4aeca07b7013 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-sn501Gh0stRAT_cf98aebcWindows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.cf98aebc8bc3e6910a1a5281cf810bf1708247e56c3f0912e0004b7b150da27f1be5dbf3 cf98aebc8bc3e6910a1a5281cf810bf1 1af0bbdad437c6f711447ccb84444b92df5ba237acc0b33f6eebe0d48fd2f5a2 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-g9v01Cybergate_9fee7b00Windows This strike sends a malware sample known as Cybergate. Cybergate, also known as Rebhip, is a Remote Access Trojan that allows attackers to fully control the target system. Functionality includes command shell interaction, screenshot capturing, audio/video capturing, keylogging, as well as uploading/downloading files from the target system.9fee7b00bf3375d28e27cc7e86bbd1eea0153ce3188e06688f39c38b8107e3d295e3ea3a 9fee7b00bf3375d28e27cc7e86bbd1ee 949809f505011d5b9aacc19fde3bead211004bce92921a460afe8e8f57b92923 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-ee101Tofsee_202c4d76Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.202c4d7639540dff53d9840b016ad1b3279f2bbfd1ad1538becb0e34b13e145e65162775 202c4d7639540dff53d9840b016ad1b3 4d660a6519c258074627f7d30a4878e15a4e621bd79f21a34f4550c54ef38c4e https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-j1j01njRAT_b1cecc93Windows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.b1cecc93cd701d029069c8639576d5df28b7b51c033f483a4df2240db9a391eae17e8cf6 b1cecc93cd701d029069c8639576d5df b168b7b5acf2cb602aacb9c737a9a6e252461e7a4f2a4c0c1eab2fdbd36fdd7a https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-nm501Trickbot_e566e3d8Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts.e566e3d84f6df07b1d11e209376568df8ab99d48d8d008230176c7adb2ac0d7393096cd3 e566e3d84f6df07b1d11e209376568df 2807fea0af4c94116f0677eb94d798b6f40c3a3cc50ed8d2d2184a061ce30904 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-s7f01Nymaim_ffc88f83Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.ffc88f8367fee470b4da89c0cd043c1646919697d90979ec26322f33a69dbad3abf3ea69 ffc88f8367fee470b4da89c0cd043c16 2dbd752e0cb2b3b1d20fa8e714281b8856fc121b4a2670937f7956f90dfe9ecd https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-f1d01Gh0stRAT_f8a4e80dWindows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.f8a4e80d33b1dbab389b7b28ac5f3b501e6cc615e65aa81f14e8ec6f6faafedc97143bb9 f8a4e80d33b1dbab389b7b28ac5f3b50 24436d1687d5a814d3552f9fe6aed8d3778a66888508d1685d7c8c39d4b3b5a5 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-ger01Gh0stRAT_43c532c4Windows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.43c532c424d6066bb6c3e953bc06fffcae7b46b389c5e749e006a22d1bb3c9d98d21ae01 43c532c424d6066bb6c3e953bc06fffc 3176a16b8d3fdcd6162a24ea2979f82d8d1ec4bb98e15c299affd56704bf30d6 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-oyw01Nymaim_309f6c7dWindows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.309f6c7d8dc0dbe2dd73818aa4ae7990f737a4071d4436c1b466b1aa1c4e4b42283fd028 309f6c7d8dc0dbe2dd73818aa4ae7990 b0eb5e5599605584271a1513740039d6cfc363d7203e8654d9ece9d7df1b06a2 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-nvl01Tofsee_2074f45eWindows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.2074f45eca511f964e5c38bef84620041ee57efda609f6daba8265724adb75d5e355ef32 2074f45eca511f964e5c38bef8462004 a8f74812b66b89f9c0450b2f565d3ba2b417e7e10514618c3306de37749af886 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-n2401Gh0stRAT_47eec7b2Windows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.47eec7b2046cf954a6f0d34b3a5703bd77dcd555a67ddb9f795bb4495636b8e3ea66ec48 47eec7b2046cf954a6f0d34b3a5703bd 313e7c484e87f221fe3e7af0aab2e17eac7c5a1f1a6c6fcf96140f1a24ba95ba https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-l7x01ZeroAccess_39ed4a80Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns.39ed4a80d12c733ec8fd9766c062c488a6e07c036a1401a1ffeedefa9c46fbafb8de37f9 39ed4a80d12c733ec8fd9766c062c488 c443515f2c11f9cce0be0bd88532bd2b0885d2836bb0b5abb4c2e9198bb2121b https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-sep01HawkEye_5413b258Windows This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.5413b258b2df4929d974ea5ffbc650b6a2052e95c79ea6f146f27d2c887e89ae52125685 5413b258b2df4929d974ea5ffbc650b6 7da2b98047bf4812b37f670b7a75b1b0ccd414802a3c59e564fe0437d23964da https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-xhx01Tofsee_5fa95d05Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.5fa95d05d30be4291b3fd3249abda10d2a2e280929a85f85580a3e77724ca9667d7c9df5 5fa95d05d30be4291b3fd3249abda10d 7d96ef5dfba65346fa3ffbcd23016f21e0a523e2215e963f21cc8c939c2e35a0 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-7sb01Gh0stRAT_78085b84Windows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.78085b84d0d5536f48dd1cd39cebf0ace75ce54cdeddd3ba628093c60a6a32bfcd986770 78085b84d0d5536f48dd1cd39cebf0ac 32824a80e061fa64a2cc928d3fbde4f742dfb22b4bd9daa13c2e5ab80697c836 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-0k601HawkEye_43009f0dWindows This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.43009f0d160d779c518b9c7bc7417f144b8d7d43f68c32b1dddca7d2bb417e1b754b2de2 43009f0d160d779c518b9c7bc7417f14 49d6cfdd06d8d9a234f5e59849b47199e52a0355479563c76896edd91ca7c04e https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-1w001Trickbot_f08a84d0Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts.f08a84d0e47f8bc7069afa147b1791abbaccdbe92184444c98b80e9588589a5e88672276 f08a84d0e47f8bc7069afa147b1791ab 74547a954562f29ea05230900daab9c043e088fd1a38cb2d077ba4624ef51523 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-jnj01Cybergate_b788cee4Windows This strike sends a malware sample known as Cybergate. Cybergate, also known as Rebhip, is a Remote Access Trojan that allows attackers to fully control the target system. Functionality includes command shell interaction, screenshot capturing, audio/video capturing, keylogging, as well as uploading/downloading files from the target system.b788cee4d46f846f726116bed8e05462d1e87131b5d575a7e385eb63512b2fe1fcf907cd b788cee4d46f846f726116bed8e05462 b3b914069bb60dab4a0679f912c43f77a3c4bf71804fcbd5085646336dc41908 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-f0901ZeroAccess_934936e5Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns.934936e53890796218c227c127c86ef312afa8106a619328f7cfb2f17460e12899b340a4 934936e53890796218c227c127c86ef3 9db192e4eced11fc3f84d6d8f6302e0230798993bc2b9efca6170428fba13906 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-nmu01Gh0stRAT_e2e1a12cWindows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.e2e1a12c00f1f7da52c947a59ab0fba7062be73c1760145410a6dd3f38c0e472beaeb17d e2e1a12c00f1f7da52c947a59ab0fba7 3073891867551a6f111eb2f8af3e02729bf97627da4d019fc289433de4cfc35b https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-vsy01Nymaim_4735c798Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.4735c798e9b38cc102c3c702fd1a936500d128f4ecff94cc9cd860403d3d1b526bcc34c8 4735c798e9b38cc102c3c702fd1a9365 862346823cef73fdd9a155b84edb2feb180a61390a3817ef97fa272cb01d7994 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-3c901Tofsee_096dd5a2Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.096dd5a2c5c5ca6912650ddfc95ece603bec8386a5c758b89082a2d0324b82d09e43721a 096dd5a2c5c5ca6912650ddfc95ece60 398c23230679c69942c5d64c7aaf0e9e8ca3434d54559871f3a3a24fbd9ffa3c https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-psb01Trickbot_0d2ab3cdWindows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts.0d2ab3cd6624494efdba1bd667b0d00d108700804bb8cfaba8591bfd9a216bea466f6597 0d2ab3cd6624494efdba1bd667b0d00d 3ecf64c343752bfbed1a8984cfb207309133df964da0b2e086509e8aed167a66 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-j1b01Gh0stRAT_3c3fdc46Windows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.3c3fdc46e3f1d7129740a36253680a835657a423d3e02d5d0f9a14684eefb457843fae9a 3c3fdc46e3f1d7129740a36253680a83 164c0c94d252f388ab7825a8bd9abf8cacc45cbf34281edb72951982874591ab https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-fhq01Nymaim_97b276c9Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.97b276c94cea71aeeb89d0a288174be217f25a5b9ae92d1808cb97209f3728929d10d439 97b276c94cea71aeeb89d0a288174be2 3180f041ff1ccd52f829f222e5d124935a11bc3aa9fc908e3ce93f84e1ec49dc https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-hu602njRAT_d14e6a58Windows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.d14e6a58abb27be931c6c9f170887488e2411b67df4b379b08a8ee583273b959fdf1ebd3 d14e6a58abb27be931c6c9f170887488 eac06f1399c63d11fb621d348a2a8fb6256262639d239b142092fde76a684eff https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-9l301Gh0stRAT_a53074ecWindows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.a53074ecc8277d5ff066be44c1ca8c46a1bb3e2eaee47ca6825fb624ed49d0538abe052e a53074ecc8277d5ff066be44c1ca8c46 2cdd4e59d78f0a3537c1e1c5a7b9fb4c369a20d79a057568a51a2cbebb2f8241 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-hc601HawkEye_b3d1aa85Windows This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.b3d1aa851d81aa4dc76596edd35182f1d24c4e942d7d6149b87c81084e0b0a25b6b8ea38 b3d1aa851d81aa4dc76596edd35182f1 04e3d5854d00d835e206b0982889a079e3710296d33ed1ebdaf349b4bbcf790a https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-pue01ZeroAccess_b958c2adWindows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns.b958c2ad4fcc9c0996b3310b4593af22766370b08e5bbe35cfa9d0685ae5cc2b9e39ac2c b958c2ad4fcc9c0996b3310b4593af22 a1335dcc4001df7691151413c8c1280dcda1a28a5bd21e82673de4d7560116b7 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-tfn01Nymaim_51b6cd35Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.51b6cd35b56a8864a8fedbbe25020c3d689a5077d803d21601270760dd38de2fdef921d4 51b6cd35b56a8864a8fedbbe25020c3d 3f88dae29802bbbd85c175ce34b40b4bf34f884768b6669a91981f374bd1cd1f https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-f6501Tofsee_dff076baWindows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.dff076ba2abe316ae6c6d2308a33ef1cd6d5116fd778857c08e3155e9a85034ecf5a6dcf dff076ba2abe316ae6c6d2308a33ef1c 9e5897942fac812b74be41b06b5e1cd1ff4e9fd9b71d10aadca3d5f368cda0d1 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-tje01Cybergate_9d3fc93cWindows This strike sends a malware sample known as Cybergate. Cybergate, also known as Rebhip, is a Remote Access Trojan that allows attackers to fully control the target system. Functionality includes command shell interaction, screenshot capturing, audio/video capturing, keylogging, as well as uploading/downloading files from the target system.9d3fc93c9d38fc1f6d67cd068f083e472ee2e0891e6bd2c71c044a80cc303d0755bc69dc 9d3fc93c9d38fc1f6d67cd068f083e47 ad8f56bddd8a0cae565c243ff0e4422781f78cc3033763d2a9100e32c2ffe98c https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-u1i01Cybergate_a5e6f88dWindows This strike sends a malware sample known as Cybergate. Cybergate, also known as Rebhip, is a Remote Access Trojan that allows attackers to fully control the target system. Functionality includes command shell interaction, screenshot capturing, audio/video capturing, keylogging, as well as uploading/downloading files from the target system.a5e6f88dec5c1c8ad4b15145f1610dab2924a661a6db6382359032c96caa6440edbdb35c a5e6f88dec5c1c8ad4b15145f1610dab f2a2dc50a052bc4a25cc8fcdd235d89286fec24beede6f6cb78b7641162bec0e https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-i3e01njRAT_1634ff1cWindows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.1634ff1c0c89dc7e144f6f425a4d22b665c22d6398dd2bbe9ea2a214f7403acffd21ba1f 1634ff1c0c89dc7e144f6f425a4d22b6 f446642655c929d6b069a874364d6da67a6d07f4a2a5f78a77087fb2f1f243aa https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-gfd01Trickbot_4659f606Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts.4659f606dd426b45b66972f9a74c1fcba977d9086af9bcd71267061f84fc96665dd0d625 4659f606dd426b45b66972f9a74c1fcb 00c98d727a85576416dba2a3a68010f986ae276935435e6d9eb02d33fb71b3a3 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-eeq01Tofsee_a6589348Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.a6589348aa65e4d4317d05df3af1a0bdcb6c32f2acb65d9164a7d8cc722decd7c5a74717 a6589348aa65e4d4317d05df3af1a0bd f095b72dc6ba5c3c3f2e410d0f1766a8f6ebbecec1a4914b957f9a7225cc6c00 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-hl601Shiz_5d27f1e6Windows This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site.5d27f1e6d94b3e8ae38f14238333f76eda9ebaa7bc2c684ac6dc21057b808f760214b949 5d27f1e6d94b3e8ae38f14238333f76e ea0ea261f2a0211dc179b23bf18609749df13f024db3384cf1f7f54d09a3e21d https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-cgm01ZeroAccess_e158678bWindows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns.e158678bcadc45a72a7f656c3be8a1e71ed6b140d1b45fadc1634dc5435b2653d5bbe433 e158678bcadc45a72a7f656c3be8a1e7 f12f6a6b3358a8dee157fa6bc7170d94cbf2e6f890c86791af20c1a841c01c17 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-rnd01Shiz_af00e6eaWindows This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site.af00e6ea4f32d6a1c41e692ab969984d1430d66bdd69a6465008d9030769a5ff578d77a6 af00e6ea4f32d6a1c41e692ab969984d cab99b6945c6ee017c2297f13f5962ff2be066c3c9f4b812f1183334ab133de0 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-ri401Cybergate_86eebfaaWindows This strike sends a malware sample known as Cybergate. Cybergate, also known as Rebhip, is a Remote Access Trojan that allows attackers to fully control the target system. Functionality includes command shell interaction, screenshot capturing, audio/video capturing, keylogging, as well as uploading/downloading files from the target system.86eebfaa5987bfaeaa8ff1cf51e77841308c45c783337896dd9480b746b758287169f4a2 86eebfaa5987bfaeaa8ff1cf51e77841 c7f2645df614351360457a892f9849df80155330e10449d4448d357c3d717ceb https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-p5p01njRAT_044b3e11Windows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.044b3e11e36480a70f9b74ce6103646e1710f1cda4bcd376b5fd49b7c01a7ba3eb43f36c 044b3e11e36480a70f9b74ce6103646e e81f03b9fcfb674248f670d60be4918781bc0c6d6b343f890c2c2fcab15d7ea0 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-q3901Trickbot_735676b9Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts.735676b9cf6e17e0bdb615ccf7abbb71ac5f57f6a926f6cb3aebedc6d7c8b3a1dd85a5f1 735676b9cf6e17e0bdb615ccf7abbb71 3e98c771dd86669152fb58cfc0ecd7d264426ebe125ee4d96893efad5af5d236 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-j9801Nymaim_72562e84Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.72562e8492ba9a906f9a851bd90302e13c2fd6662833e1d470ac4b9cf9dbdce9a8ea3355 72562e8492ba9a906f9a851bd90302e1 441649516eb75a61f2ca4d0570dd2e201c6528b452ce7bc04c5120a5b36ee090 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-weg01Tofsee_2b6fb71bWindows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.2b6fb71b774a08bad927f01a1869615690c75106b3584f6b7baaf4c21fb175e21ca1cc22 2b6fb71b774a08bad927f01a18696156 a8adbab4a72506f7343b7ff78a028fd26ec944a1d4de846ee0bf9651196d7724 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-8z801Nymaim_58790744Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.5879074407606c542a04dc45d402a613451464e9aca3269244c5d41329a01affc42d557d 5879074407606c542a04dc45d402a613 6802f2b005b9e02f395117ce2f753d98d239d9271825871105cca11f86764ada https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-wjl01Nymaim_74eed5f7Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.74eed5f710d7ad5294365eac4fb49e37b90495178fb6b2bdca337daefdf2d47771592bb6 74eed5f710d7ad5294365eac4fb49e37 bc11794224c3dba73fefc8be9bea7ddc8782db3e3173467a1726e02588e56019 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-gzc01ZeroAccess_096937bcWindows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns.096937bce310d223ae9dc664dbee49ecbf9add6458bf5e70d4d32ca8a536ba963287adb0 096937bce310d223ae9dc664dbee49ec 9a254fc4e4ca669bab5ad0a830ab43a9ebee6b835fdf794f76a8575d2ca8d548 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-pvi01Trickbot_8b071679Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts.8b0716799ec6a41fd505c67a97c5a3aec54b8323575a3c1c2b72b0c737ebe0d6b7eee64f 8b0716799ec6a41fd505c67a97c5a3ae 3dd50fe971d7256311dab97ac7afeb0a6ec91de2feccb125eb09ac8a22947005 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-5d601ZeroAccess_928c2266Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns.928c2266e373f9c189074cbe6e4500722e97e3537abf861cf6bff78d3f348cd2e37f5ad4 928c2266e373f9c189074cbe6e450072 7d8a67472d130e64d41205a7c1e5263b4fe6a4c6dc2b413618fd9e38ce47f536 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-55j02ZeroAccess_0761e548Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns.0761e548a747367ab5742ef6ffec196751983287057d713650365aca93f24c4e71d68e90 0761e548a747367ab5742ef6ffec1967 a2f377e3ff205bc71b5c2a88957578d2a6fb9d390d7ba19fa5117fb0f17736b3 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-mvh01ZeroAccess_31f9d5d5Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns.31f9d5d539b35d62be9ab2f93778402c093bcd6ac22798da3c7543d6906023a2f865d5ac 31f9d5d539b35d62be9ab2f93778402c eb5d5d7b8119f0819a9f00bd20e3c200e9e938a7705bcad0afc86f254d62a78c https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-wu801njRAT_13c42385Windows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.13c423852fe40c200d6889f879a91c174466797fa496b23d5d63676568e1a00a3b9ca608 13c423852fe40c200d6889f879a91c17 c2d48bfb920ccc59958d456262b6313d6c1246790e1ad0270ea775665e411dac https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-xiu01Trickbot_7d8ba73bWindows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts.7d8ba73b92dd18f207dc593736eb841fa8464bbd57e0de7478582f4d1f1853d5bacef519 7d8ba73b92dd18f207dc593736eb841f 7bf167e2fd1ad3b45e42fcfce427c702cdb4df6e96602a183fee57d777140a18 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-dsr01Nymaim_72c9183fWindows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.72c9183f52521697ee521e97bd9e91106c029b7a24a710e96aa5c4dc4db89408bc29ecc7 72c9183f52521697ee521e97bd9e9110 95556cf5e5a160d2940014413d4948bc4877a127ce142bf27a7295ca212e48ae https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-6wd01Shiz_ca15f439Windows This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site.ca15f43938b55c23d88b842c120160ff492a9829e9c2c962b8f5c4e717ccebd458d7d02a ca15f43938b55c23d88b842c120160ff ea9b003f2dd1f2293add17f6607370a130d3efff27d55c5068c7ac8abcbfb76b https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-rj101Nymaim_d6cfc97bWindows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.d6cfc97b4783a0a9f0e38e87b788099eecd62b76a345c6b68a8dee136b1d620dfadede2d d6cfc97b4783a0a9f0e38e87b788099e 0b51bc5550062212ed1ac0a7099235e2fd0296b93446106b0220fab519fd634e https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-ccu02Trickbot_cd93c001Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts.cd93c0018ac58da8820c5ceedbd53534db4937fdf035e1223ded691792eeb4244abbbc0f cd93c0018ac58da8820c5ceedbd53534 292920637d78485e4053b4a056d569f2e17cb8ab531f3372d18402c35fd735bf https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-re501Gh0stRAT_07789a44Windows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.07789a44e08e0c7e22bcb9a743370226bc28ffa1278e42fdbad03b97f34654ecf2df8d28 07789a44e08e0c7e22bcb9a743370226 274d09e6e43dc96ba17a782a30afd525c972f3ad50e73655d8cbfe94ea97b481 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-nxr01Nymaim_e871fd80Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.e871fd8071af9b511d498b564df744bb7f1ef6e0e9617424ef68e9614c92db6ed4ca11ba e871fd8071af9b511d498b564df744bb 991bd9883c36b2fdf326418d6ec660c6a5d57e88f2355a49a5c69b2490c848b3 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-nuk01ZeroAccess_383f2468Windows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns.383f2468706d7c893970a23f4611fdefe4692dd8dc2647e98d16aa465a5e8195f920cdbf 383f2468706d7c893970a23f4611fdef 8eea2b29e69058398957d5972b62b47947d090c2610bcd45ee593fa92bf25004 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-nkl01Gh0stRAT_fc59e9feWindows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.fc59e9fe8368bccdf96b23c369ea7648c95235b4fe227b282f4434aeb046109189276f9e fc59e9fe8368bccdf96b23c369ea7648 333afdc84193d7b7b0d4d1c1e94fcd38426660db5f0fe8fb6dff57d0436a72eb https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-5ac01Trickbot_9edefa7eWindows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts.9edefa7e118b937aff078ef650e434b8f039a453f4ab0df62e9707947f14dbb666b84fdf 9edefa7e118b937aff078ef650e434b8 30938782dd1ae8ff1a35c17821860745f613a5267e18171e7336d1c6d5f5b6b1 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-s5701Gh0stRAT_6c253be8Windows This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.6c253be82df55aebec7e51352904d880c298751c3e417dac40a1712865d7a699eb3e8382 6c253be82df55aebec7e51352904d880 1ef070ae000ecca44fd13b1c3b642a7a5ef8894becc9a228f2aba33c04f267d5 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-kf001Tofsee_b32c7838Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.b32c78389d90b51425e6e51504b2d3e448e25f969ca737bd4ceef67eaf267e1ea470e050 b32c78389d90b51425e6e51504b2d3e4 b75a2838b93b6ec47b27bd5c9798386775e9a3dfcac5c3562a7ff139eaa14ce3 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-fub01Trickbot_5345d177Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts.5345d177eb79da82fa23a2a050e70ad42c221993e78451fa3ba834d4517097c54650b560 5345d177eb79da82fa23a2a050e70ad4 19910cf1b0fb40f8143c459e93a6110393b502de81646ed7685c7a0766e4823d https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-xn501Nymaim_c256f569Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.c256f56905cf6ee105156cf9a2c3306793cb35f4290a76f1504d152b107d2c4cb9ba8def c256f56905cf6ee105156cf9a2c33067 645c58460c7d1b0ef4769d505492eb5a9bba5efadf9f6a456313df72bf706eda https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-gej01Nymaim_ab7ae350Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.ab7ae350012b34d6bfc09c19b9900b7fe78d285a84ac0f2fad522f053b3af07fe3843f4a ab7ae350012b34d6bfc09c19b9900b7f 9d30abaa088f71f0914d083a8c6232e37e1fb13bdb495c6d3b1485b50f764e42 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-5kk01Trickbot_35163fceWindows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts.35163fcec32b9b32c097b830b28dc3c06153092a302044f339e7440d3858de19b95c9eec 35163fcec32b9b32c097b830b28dc3c0 0fff84cfd0c674f7d55a39cb6be3bb7fccb3549dbfd9bc8f8b4c8c6307cc5102 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-ywe01Shiz_2fb42ac2Windows This strike sends a malware sample known as Shiz. Shiz is a remote access trojan that allows an attacker to access an infected machine in order to harvest sensitive information. It is commonly spread via droppers or by visiting a malicious site.2fb42ac2640b8a323ba50fe4b875586d8189927143ea80d63778393989ca86faa3b86143 2fb42ac2640b8a323ba50fe4b875586d 90fb3fc2fa229953c808954a8eec46b36f1edc0f41ab088c82ea755ffa3c43c2 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-fvk01njRAT_a24608d9Windows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.a24608d919130fb3704e2c02954069e994a4067592441c5e3111eb3696b4ce8bcbfb17b0 a24608d919130fb3704e2c02954069e9 9b7a41fc9ccb0392a9d609fcb583e3b966ed713732342822898ac6d560d569b1 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-g3q01HawkEye_f97a48eeWindows This strike sends a malware sample known as HawkEye. HawkEye is an information stealing malware that specifically targets usernames and passwords stored by web browsers and mail clients on an infected machine. It is commonly spread via email and can also propagate through removable media.f97a48eedc8ad59c683e7f9de9d90d8a0e3aa7530d21c08437e2df1471698317c0356bdb f97a48eedc8ad59c683e7f9de9d90d8a 621448e4a383b6bcba18f2b522331c6f79764db97a73d596d92308f36a2b5add https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-2mq01Nymaim_62e047b1Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.62e047b17485cf9b1d07d53df402ad2dddc033188604c592e368e908bfa4a4c19c4f9ecd 62e047b17485cf9b1d07d53df402ad2d d0f6e3867416053747e82117e4cf5b5dd1a0f573316ddf6d1716465726bbb215 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-ng601ZeroAccess_ab9185efWindows This strike sends a malware sample known as ZeroAccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns.ab9185ef70e3ebc3517ef67d0ced830808534fb42efa6a28387cbae3dac2ac1a42cd1d5b ab9185ef70e3ebc3517ef67d0ced8308 78951871e9a63fa3907da13165bab1119addd1ce8a3b376afae47b532e5d3653 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
M19-dmf01Trickbot_2fcf7000Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts.2fcf70007723a73a2d6e68e902035f8bf1716455faba8b464a3d0b4eabb625c34b3da51e 2fcf70007723a73a2d6e68e902035f8b 541729295b97eaa2ec3a566c2095b5e4c03239d9b1235d4a2b6331f3dd986f75 https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html

Malware Strikes July - 2019

Back to top
Strike ID Malware Platform Info MD5 External References
M19-zfz01njRAT_7477b2a9Windows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.7477b2a99b3e1eb4329e229008f9b788e2e08292cef2454f28ecbfda037c6a4dc86ff18a 7477b2a99b3e1eb4329e229008f9b788 37cf34ef1a59fa7f2a821d2aea146aa341d56ad8cbe8b60c028218919d9fb65c https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-and01njRAT_8361f4d2Windows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.8361f4d28e1604a6ff4f82aeb5fd362466ac52cde6ad89cbe705d244f7703d903ca8670c 8361f4d28e1604a6ff4f82aeb5fd3624 b1a0998fd2465208767650c597906941f2c95d9acaa69254238f1923ab6290fb https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-c4001Cerber_b53cc66bWindows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.b53cc66bc377bfd0ec04e57abd44f336aea3297ab930742e122e417351ac33cc7340a9a3 b53cc66bc377bfd0ec04e57abd44f336 d41538fe9d4c4edb975df9af8850749b9db89cd470139b0a58ff8d68e5b6240f https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-enj02Trickbot_cafa77faWindows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.cafa77fa825cf89cd7be636b7a5886ce677654bf31aef0f03f951129cd96bb4db192adab cafa77fa825cf89cd7be636b7a5886ce f01e645d797000911da3221face197fd3a6eeb12d2e6acc99b984236530d117b https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-43101GandCrab_501d2975Windows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.501d29751f237e66f59d99d26f6ca37ea168c5b1457c69042cef2e19410d8ad6b1972729 501d29751f237e66f59d99d26f6ca37e c992d5faf5fc1cbafaf5e40e3fcfc0daad218bda2768b3640a97ed5185f91627 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-ur501Trickbot_68ae2687Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.68ae26871a4173d33515bc02bda4198f01e1140ceda519aa0581ab7d090ce5397de2b426 68ae26871a4173d33515bc02bda4198f 7ee35d3aca75c64bff75826baa082a1d65e5d0a0c4bc5a258d37d22facbaf159 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-kk101Cerber_6a4cb196Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.6a4cb19678e6979fdc2074b3dd5fc777da1d9e05265306bdf766efa06e1420a4abf16191 6a4cb19678e6979fdc2074b3dd5fc777 84237ea2516de3f238fbcc495a5c50b3c2ef72001b0afc14d0939a984d1dbf22 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-rbm01Trickbot_7022ab0cWindows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.7022ab0c2794e6d9fbd0e5eac3ed563c5ff36133aca0c0cfaa01ec3a07c8c61755b01f65 7022ab0c2794e6d9fbd0e5eac3ed563c 71d157b247885a9fac9d5a2de95d62675a2887bd539face9f6d97a749bf368a9 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-8vp01GandCrab_cef6a5a1Windows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.cef6a5a18b13bd309859d1b346e2084cde28da67a0aabe79920521d17d2a7306c79efdc6 cef6a5a18b13bd309859d1b346e2084c 4229d9cbca43732abbe849cf9b41cb92e62702a9716a36040a51ae4ae53b4035 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-orw01Cerber_96c25ec7Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.96c25ec7e03368c932ff57fb5cb223c86b8b814071b2a0809a0ac7cef9f671bcc299541f 96c25ec7e03368c932ff57fb5cb223c8 7fe89fee44b718691ba4af29f533b375ad78bdee6660a89071f80f8b12c58295 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-mjb01GandCrab_b0072037Windows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.b00720376307d3f579376578940754f25765b623bab59381c47e8a7fa54ac9a4bcad4de7 b00720376307d3f579376578940754f2 9c0e9a4eadea6cab1ec7faf191e77e77b91e709d8222b5c2a1d30059d026f266 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-97001Kuluoz_be0e47beWindows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.be0e47befb6977317988f5086158caedef2fba55512dc7a3ef1418d370070eb720efb58a be0e47befb6977317988f5086158caed 0a579fd78803ea10efd73e5e1a36986f5a4f1caba4fecb0774d918ba578818de https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-51901Trickbot_1810112aWindows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.1810112afcfe9dc6ac1bff3022e4e9a1170748396d1b7587ae8adcc20e00891048ba79ee 1810112afcfe9dc6ac1bff3022e4e9a1 98a9522efeef7720f8ba8aad303259eb1e52b35d9b38cc5a44715439d4729b0e https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-gj901GandCrab_a08399abWindows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.a08399ab9b949d6b99f4bea87872a11bbd4082c479d5a3c493b8cbed223578652d187878 a08399ab9b949d6b99f4bea87872a11b 4eb064297e7f7c2353d9a6838527168e38765163f252277049fa55eab0adc8d7 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-w7a01njRAT_4b1aaba2Windows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.4b1aaba26b7b93d55ae4ae6d64f22f126afef9795bb6d9f60ded672e6625a6d01639edc3 4b1aaba26b7b93d55ae4ae6d64f22f12 438a539d7fc684ff23c37d28f6968e16a26361baa95611374e844b527d8348f2 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-0c501Expiro_deeed92dWindows This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.deeed92dd77489ca379a6e7797e5e84ece77990311e570f0824fcc1734ae7665e784c935 deeed92dd77489ca379a6e7797e5e84e 1a4c6b55be877c65e946d24812000fb8dfccbdfe19be1b8acc67bce8b4893743 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-goa01Expiro_ad19814fWindows This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.ad19814fa75831ed8da504cb7925a82f62a5fdc8bd25a46dd24b9e6046f4d4e925a3c74d ad19814fa75831ed8da504cb7925a82f 6cf2f544a52878b86e09d4a6938949fffb1b65c2afae49241c99913e3046baa3 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-r1801Kuluoz_f170bd6eWindows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.f170bd6eb865b4b062a39b1bfee8fc2a34eedfd2b1a339b41efce089435764901d2344a8 f170bd6eb865b4b062a39b1bfee8fc2a 0ae4096d1264141e9714700691f6fcad18b1ccac36f73d9e580a652b6b9e2743 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-1sd01GandCrab_5a754487Windows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.5a7544871eca9a2d8bdf7ae7f0b0694d740cfb0108d20c4eb311d21948079a6e49f916a8 5a7544871eca9a2d8bdf7ae7f0b0694d bb187240ab8850d6b731921ab5d3ae0caeb5015ac5986af51af789ea75a3ef71 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-qgm01Kuluoz_83fd753bWindows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.83fd753b85ac21fbc3d35368f7e1ebebf62ccb02a2e8ba4c00e9d59118ef59ef22d2448a 83fd753b85ac21fbc3d35368f7e1ebeb 06370b03ef47ca5e5547d750f49034fbeb3782c201e36921c2577f074123ccb8 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-5l201Cerber_931cfffeWindows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.931cfffeae140f25a215faf2f8531ed25366790e3eb835ee1b114679f70ee958f3b852db 931cfffeae140f25a215faf2f8531ed2 ad93c9f4410bb99238320518457308695053b36d9034ba6a3720a9294b6b4c4f https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-9fk01Expiro_9b355ec6Windows This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.9b355ec6665ba6d6a0ac55a5f23f3ccaa61bfdc6c7a171489e975e295dc35f037e72ddbd 9b355ec6665ba6d6a0ac55a5f23f3cca 288fb9363990e5cbbad51e4e0436b4ea69a1cf148dbabae124ffd00151b7bc33 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-nwk01GandCrab_a213b0f3Windows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.a213b0f32134e9d775badb0880c39c62dc64f7f13220a8c7b6a2e411e1b48a4fa21f170c a213b0f32134e9d775badb0880c39c62 b423e1d48c0278c2844858deff96748e9d28e8fb076990a57de6b85d8beacb03 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-5bc01Kuluoz_fb36352eWindows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.fb36352e290f700be09818a2b5d306097fdb6bfdd9085fa7ab24c5d0fa10abc2bd9b7fe8 fb36352e290f700be09818a2b5d30609 0c042729532173d9c64ab369c0710861299ed553b201c218a1453c52d967032c https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-g1302Tofsee_1339888bWindows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.1339888b1c34782a60c1909cd13f3d8086a6a2e00239990160987fe3ec9f1b3973fa7d93 1339888b1c34782a60c1909cd13f3d80 b1a7847311263f61d845e04d26d4bdb477ebc511e53438ab11408b69f079140c https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-rzr01Expiro_ad2c9816Windows This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.ad2c9816fdd73e58ccaa53fd5735579f9460da8a3441c57faf45ef9cd243881cb40ce8f2 ad2c9816fdd73e58ccaa53fd5735579f 2458be6e8b13f29643ab1bbb040b78d1a94e55e50146eade0a705740eebf054a https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-nx001Tofsee_1b5b7994Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.1b5b799488518e52fba5fea518671c600192b71883fb7a5f9a5349dd831e485ab62d73e8 1b5b799488518e52fba5fea518671c60 130c448935b7cda787b3b2c25759959feb78b4da0578993910dea9810ac5d65b https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-gfi01Trickbot_ea38a830Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.ea38a8306c5eba3d0034573da9fdd86ca8eedaf978883247e46db6f18f029fee14d752b4 ea38a8306c5eba3d0034573da9fdd86c 82b686b66ad703470800edb64763f2b64e1cffaa6830accbe7ff8178e6b48724 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-yyf01Tofsee_86f31c24Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.86f31c24a19654952c5ee7c9025cd3b32fa02beeb22ec38a8579330a18849799a91b1c54 86f31c24a19654952c5ee7c9025cd3b3 8b5bcebde67ea9f0f71b9dbceff20f719334b364efe2555c0a7faa53c2cccab9 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-g8z01Kuluoz_d3722747Windows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.d3722747bbb52b01745d83578d25b91219f403061f1dae30ffbfc157a9f26022d34477a7 d3722747bbb52b01745d83578d25b912 00722db9477ac36de1c2862fc9f35cafc7a01347110d29102dce98cdf72155bc https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-xf801njRAT_4adc5dc9Windows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.4adc5dc90ca104b72058468d816f29603b2ee47250572e309a708edc48d536490ded7f85 4adc5dc90ca104b72058468d816f2960 8b9d87a3c7b4a03bf14459e9efdb89b4a73c3ffb006396638163ccd0ac73a72f https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-p4q01Expiro_cda4b7e3Windows This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.cda4b7e3b9751fe6bc3986130603c3eec3b68882153128d556a3943888069f067a3236a6 cda4b7e3b9751fe6bc3986130603c3ee 4624f0bdb4bb2092cfc73dbd30f7ab61403a0d1c60bef5290c6ed9fe60bff849 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-50r01Kuluoz_05a567d9Windows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.05a567d927b8a3229b7c5d04ad37779bf2a5e638e70673a7a41745d82a5b9ca7107b1250 05a567d927b8a3229b7c5d04ad37779b 012c77f8b7c99a1d27823d452e130abc5cac6f000adf05d56c7f2ae47a9d72bf https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-51x01Trickbot_d2fc080aWindows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.d2fc080ac4be912a2c57c9e3519aa2c8aad9a0fab860702fef16655d4a298ab57e0b0586 d2fc080ac4be912a2c57c9e3519aa2c8 928e054bade6765803e23936c60ede96cb02603eeecbd98abbef98f88d431c06 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-cu001Tofsee_30625655Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.3062565595b6b05035fb055fe13c7e5e8face1d64ec60c71bf2a2fed7d2286c9e6a414d9 3062565595b6b05035fb055fe13c7e5e 1849aaffd6046b733d684532e2c96e9022df4a024f5d906f112d1dbe3a8cfe3b https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-c2x01Expiro_c8a11d71Windows This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.c8a11d71462a8a32c262fdad9d54153b20292c69d1920b28991a0484c21eee7984eadee5 c8a11d71462a8a32c262fdad9d54153b 79732b1aeb27cb1ead7ab37e4681c96d5f97d9e72c6a934b779f05fd82c51473 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-db801Tofsee_69413c5cWindows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.69413c5caae207e5376a4a330c49f7008ecfc76864e87565278a196e797873b9415443a8 69413c5caae207e5376a4a330c49f700 3857377eca60c925c02e5225156497b7e048239b492c2bba6e183ffa11a1fca2 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-a3s01Trickbot_37fd6ce9Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.37fd6ce97c38368b6faeee494032f8c2318eb2ba79f2954c9cdbc5776e2826d7e119d03f 37fd6ce97c38368b6faeee494032f8c2 36c46dd363ce161955f1fe561791fe7a6f923e8c185b8dd0408211d8001f3515 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-few01Kuluoz_19112d61Windows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.19112d61965d34ca2d6ac0b7ca56c17b4d9e1a7d2b761735d6670a36713119f78090cd43 19112d61965d34ca2d6ac0b7ca56c17b 02494b4c16f22b6d4f92ce1eef08a661cea52f673c7eb0289579290d46717898 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-ife01Kuluoz_843edb69Windows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.843edb69e38368cfb0b3b37ba20a05de68d4ef85117660467b77e44a2c382fc052105755 843edb69e38368cfb0b3b37ba20a05de 0eacc634900f97e7c7b7e421db1f38c40e869dc86e79c0f490b71572510e6085 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-kvy01njRAT_3cb0c170Windows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.3cb0c1708d425d1bcbf3761bdb5ecf1f52ffc748aa198f9c6bf4100cdd792396f26e838c 3cb0c1708d425d1bcbf3761bdb5ecf1f 09332d76d630cf20549d849b207a78ac2608d719c7bdfedcf3904d9b07587210 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-4i701njRAT_5032cb3cWindows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.5032cb3ce7a1d587c74f63155ba81d515661ff88c9ae40e3715e1e5636f618e7837d1762 5032cb3ce7a1d587c74f63155ba81d51 59c9a7f0f2c8c0abdbe9790fe6d1f4b08dadb7764500fee60fd9782c076cdf40 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-m4q01Nymaim_029e0298Windows This strike sends a malware sample known as Nymaim.029e029816cacf9b1bf7fb6f507f3b0bee2f334145c4516204772dc52db09dbef6fca394 029e029816cacf9b1bf7fb6f507f3b0b 4e242fcebfb964c32ae3d53ac0bb5d85ff940cd58e26733bb677c4fafbd1c7c7 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-zh001Kuluoz_2b0d6dc0Windows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.2b0d6dc00cef0aa2962d0b32a174f0289f8581d6ee3ce189b40b122cb05ebce5379e2445 2b0d6dc00cef0aa2962d0b32a174f028 06bc29e3a3c0cdc268fca231cb64458228d9d11b5f72cb6416321c986832aaf8 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-94z01Kuluoz_a14fd1a9Windows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.a14fd1a9ee7df83efb4ee49d1545d709511d5a104eee806f6c6db6643d237b34ba019f96 a14fd1a9ee7df83efb4ee49d1545d709 012ab737e3a2128c76e48db7bef2768bdd57778e4af397ec133c6079c42411c5 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-azs01GandCrab_a08f5af2Windows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.a08f5af2c6e92cf431d6c150536fd6d7de42e4b815cf9d344b2beb09a55d59ba89725374 a08f5af2c6e92cf431d6c150536fd6d7 3cb3e5d46cfbd6e6f7e1cb2398df4ff36d615657e9156bd5381564e283ce58a8 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-1mb01GandCrab_f0ae8f46Windows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.f0ae8f46ac1c37dd2886fc0c6b2c6e63f5fd6eb78b031e27bb597e348419472c464f2db0 f0ae8f46ac1c37dd2886fc0c6b2c6e63 b00ff6be8bc64d83f2d33042b9bc17110e03acc140dc3a26aa777767f210bd1e https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-w8h01Cerber_a62352e0Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.a62352e0ba2e4fb11bbbe78d3a4d0cc94a783e18cc682aac0bb579c8a6d118e480d16ab4 a62352e0ba2e4fb11bbbe78d3a4d0cc9 f8c55ef8913ff76ec97e8d226fdbe88c82a2ccaab4662fd6859585f3db946d6d https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-qw301Trickbot_97f0acc6Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.97f0acc6bb039161842ef01dac5a42fa6ee20cf8ff9367f03ff48eba08cf25525d1c420c 97f0acc6bb039161842ef01dac5a42fa 008d13100397cf0ce26850e3bcbb5a8c2fc01502d9a2b452439c101aea7d0824 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-zg201Cerber_93a8b7eeWindows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.93a8b7eedc7baceb16098f2e8ca111bd297bce7707b6a6bb49018d26dd357885cb19416d 93a8b7eedc7baceb16098f2e8ca111bd 5a7a2465a741812bb9f5f6d203600e190db972f3e04dba331af035ccb27c61fb https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-lem01Nymaim_4ccf0efaWindows This strike sends a malware sample known as Nymaim.4ccf0efa8dfb3f85c7eee64adcb3788ceef55fea68f16c0c3d9a26f0df579665c17ec23b 4ccf0efa8dfb3f85c7eee64adcb3788c 59a7dd286660811bb00e121c3e46c7e591f28e73fffa1d0b2b90eedb8a7824b1 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-ulx01Expiro_c0ed6658Windows This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.c0ed6658f2e049f480bba8407ed89dcd46f4a3a9117fcc9eb2b1653a92f698ea436f3fa3 c0ed6658f2e049f480bba8407ed89dcd 73aa657a49c7c13b1c0727c05ef7d51fe9fd138862c15fdcc0fd64cdb06ece8d https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-hvt01Expiro_a6237ce8Windows This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.a6237ce874b07ae6e874883957d224f06b7c85fecfa22b4e5519b32ab93bbbac03fcd6ee a6237ce874b07ae6e874883957d224f0 32beb33b4e36b69c79c50928e05d24a8f175d25701bb507e1ad03cdf70b63f3f https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-esd01njRAT_45ce85d1Windows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.45ce85d12fe2696801892f362e3f9a2f46dcf1981fae45093db13d515aacb64565a12c34 45ce85d12fe2696801892f362e3f9a2f 30ba3ca3f8bfe1be88a41da21b74b442f89ac3b9bc991f1429620cfe43a3d957 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-8fz01Cerber_b017b472Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.b017b472ec32123969fd95fc5fe8a321f41542b4033b3bb4b74df45bf767bf3a8bfb8575 b017b472ec32123969fd95fc5fe8a321 934861f1991b586ea681132cf93cc5a3d0892158ffa310ac55691c996e6bec19 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-7k501njRAT_71734584Windows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.71734584226809067684ff8d7ef6c93f9aeb1ddb9e75e056bb8d0fb0eb0383874b103f3f 71734584226809067684ff8d7ef6c93f 9d46831f0a0d012493bde6165661a9af05199aa7451ca4bd89c840546d2c9d0e https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-z1c01Tofsee_c24484b8Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.c24484b8e00f11678a441cd3db7acbd0d955d931bec7700ce40f1b339d8ed029b8f0d475 c24484b8e00f11678a441cd3db7acbd0 e0def1110bf0854a33f83b38925aee003e3264a35c41df58f39cc6cface46412 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-oje01njRAT_2b484fa1Windows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.2b484fa144b47592a2b521bc273fbbd41d25dcb9c7afdc349ef5f7808a436cfdb0ce46cd 2b484fa144b47592a2b521bc273fbbd4 3afaa0d40d4d857113aa2211bb268bb71a9f172a66581172c891171f3ec595d1 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-dz301Kuluoz_f7aa9c97Windows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.f7aa9c97eb6e97f50eed76388cc01f81f71348c9ee8fe966dde4d88f5f71292bf2a9105d f7aa9c97eb6e97f50eed76388cc01f81 04b02fc83ba2785e3216acccb81490bb1db3807bc2a2a255a193313ed90717fd https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-lkt01Trickbot_84ce3ba8Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.84ce3ba8fcf9ba00e4253231232de12acea315b602cd5e183fd1c1ddbae6367720a8705e 84ce3ba8fcf9ba00e4253231232de12a 0214625318a30153d364581fb580334f05be63bd5a355cbf86f12be66461716d https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-m9801Kuluoz_73ba359fWindows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.73ba359fab867366a868df5a443bf11fc63c91689f170bd666412720871807af39e15ce5 73ba359fab867366a868df5a443bf11f 03c783b4a26b0d890a71bdf0a643bdb96de4818898177a4716333b435ca1cd28 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-8rc01Tofsee_03af00cbWindows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.03af00cb76e06a18f1e16ef9482879ebd70fc5fe9507d4b6b8737274aa1dd7724bfbcd98 03af00cb76e06a18f1e16ef9482879eb 144f230d8ff21cebd98c9baceb3f6bf183cddf3faf499ef998265ce229c6c96f https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-xud01GandCrab_62832be2Windows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.62832be2e9a1e3f1c35018f0a0a709aa5037e1a8eb227b1634d84beb4ba87873a461ab74 62832be2e9a1e3f1c35018f0a0a709aa d88411b37cb58467d6f6050675757d8ec5cb7dfa1bbb9804f898010d4611eac6 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-5go01GandCrab_38114f7dWindows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.38114f7d252ed3a27eefd91652cb8f1e1f39810b9d9a06128223004500f3fcdf402318bd 38114f7d252ed3a27eefd91652cb8f1e 11f5d5328ee2f9cef980dcfbb30621c0310eda7a6d7827c5781b32dd0d15ec22 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-z9g01Trickbot_9b605b1fWindows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.9b605b1fe712f9a690bc129a592fef48111570b2979c9b3679bfd8951a836f20b96c72e1 9b605b1fe712f9a690bc129a592fef48 ebe4c5cdda2437d323417c8d4e43a4fb973665c89a6a7dcf28c2ad0803612f5d https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-pao01Cerber_933752dfWindows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.933752df8c493b55993520453a25893bb75e00e0caf01886e212ff9e5bd2e3d55f514746 933752df8c493b55993520453a25893b ec3b5abf71ccbe9986bf6033ab48cb2f616519825047dbdf7668f7fea8bcebeb https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-qwm01Expiro_a10ee99dWindows This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.a10ee99d80eca1fc91e6dcc46ef7bfacdbb330d94f49aee9c1da7c51f32f60cc7d9137a4 a10ee99d80eca1fc91e6dcc46ef7bfac 8ef41dc44a6c264c6c475b4d24ad44649a15f4bbbb4e237580621865361b995b https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-jch01Expiro_eb69b8b1Windows This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.eb69b8b1efd813da82d0b887f15e687b0df79730092f03886e767fccb55ffa4ad66ec908 eb69b8b1efd813da82d0b887f15e687b 7057f866649141c5f09b96dbece2db447ac2ef1a25ea992d16cc1f44afe9622e https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-7et01Trickbot_8941f3fdWindows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.8941f3fde20cee6f1c9df73165aa6bea429d8e9c6aa8a31bce5d9b66fe80d91ab7e8f8af 8941f3fde20cee6f1c9df73165aa6bea 6c0f7bb7d6d7782d9fbf4b5c9659a8e3502e7ad6ccdb9527311cbd554b716459 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-g8i01njRAT_76cde427Windows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.76cde427cbc898d63a86110b63d9653cfe57592fb89a06b630b3a32eaffde851763d8e50 76cde427cbc898d63a86110b63d9653c 9cfe4f5840153f5bd81ac360c812854063952cb01fc5f3848fe9d460d84b17d7 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-dkl01njRAT_80fe74f5Windows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.80fe74f527100800ef05f2238d39ad264ee0914a151647b98e7871c2daabf64aa1f29671 80fe74f527100800ef05f2238d39ad26 4492ee2ea728db7e9ef4a385f08890082d7754aad197aec3d3ad8a1f1b2e0554 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-wm001GandCrab_9ecf3124Windows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.9ecf3124dbb7b5ba6d6dd395dc9c0ccf43fdd79314538f39fce4a7c8b6d7533de4d5702a 9ecf3124dbb7b5ba6d6dd395dc9c0ccf 720b56fd906ba499f031c7747f630fec03bec5c0bcd4a48751783550fb089df5 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-bey01njRAT_ca5ab44dWindows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.ca5ab44d3e2588d798a4de7963b240a3d64f2612ada26b39c3f71f4a95b17eba03222b76 ca5ab44d3e2588d798a4de7963b240a3 a0d93958f9ccada56204fafd970d87ff67d40f78014c65cc3ce063979578aaf7 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-khz01njRAT_3764214cWindows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.3764214cc0b929438d23e4335a0d01fad0b2c5fdccd55710cf177c8c95190e917085262c 3764214cc0b929438d23e4335a0d01fa 3709900a8d262b587769688b9ad51196212647f0c461cfa7c6aa02aad03f4c8e https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-cmy01GandCrab_646536d3Windows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.646536d383cf028e335a6c56ee51f7cb75b04088da3a360d49e5ac299bc9bf541dabe92a 646536d383cf028e335a6c56ee51f7cb 87b9a389d2797a074483d4147805e82f225702363afe8d1f95416cdc6dc77678 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-75601Cerber_6251e873Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.6251e873f82ced71d6f6c4c1fb2e4e35ab2c52f53ed181b615099f4a4e5b8a771f08ebbf 6251e873f82ced71d6f6c4c1fb2e4e35 eefe9124619775ab69b2cd620988245f928a8bb9c988298b9340f82cdf0187a7 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-1yj01Trickbot_cb9d09b1Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.cb9d09b168487cabc4a4fa0a7df744d34444a913eb79d0d714e5e8bce4ff2fce8e84f587 cb9d09b168487cabc4a4fa0a7df744d3 646d1f9f85c1d2db58748961f9c08147f011434cd79be11cafff4db43a10218a https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-zaz01Kuluoz_8406348bWindows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.8406348b64c376c6d3648e2df2294ffb6dd5bdf5fe803c1c517fe0ba45c43aa010584283 8406348b64c376c6d3648e2df2294ffb 069df491cffe2a3fe59b8e85dce0e6520b61c2a8d9fd164277ee0f9a254354d0 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-d4002GandCrab_9b510c7bWindows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.9b510c7bac2f1e10067c8724fdd764dc1f985de1ad51e7b3ab4907d772f205d74bd5608a 9b510c7bac2f1e10067c8724fdd764dc 5c9db3e49d5f7633752a11bf74e9d11140ddfab0957bbdabd6c55eadaa9b87f9 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-3cw01Expiro_a078beb7Windows This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.a078beb7ca50ace0de38a9c28bd580ec10c9d7c967a57acf06213ff7190c2f18f9af6cc1 a078beb7ca50ace0de38a9c28bd580ec 47b7d95889199a717407c7a6e8278f5ab9a32c499aabe9930da52f9051304ff2 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-bi501njRAT_cd073df3Windows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.cd073df3fcdbd453dcc358f463edb8ab76eab4b968eb6140f095c9c129c80f4d4888d736 cd073df3fcdbd453dcc358f463edb8ab 29a28ff8074cacda1ee387ea13ea3264fc0819a32ba207002014b69a01e7d20a https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-ac601Cerber_d774cce4Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.d774cce4aa7bd231eaa306139181d2048e95a04b17b1ff74f3c9786115c2c9560ba020f5 d774cce4aa7bd231eaa306139181d204 209658cf26f8038c101648b334666a1cbd99ba42a080a43876e8029213fd405b https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-eqw01GandCrab_015d5353Windows This strike sends a malware sample known as GandCrab. GandCrab is a ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.015d53535659eb3aa8a83814bfc54d7fd7701c0fd6c36eab14ed7e414ba15a93a8a58ad3 015d53535659eb3aa8a83814bfc54d7f 567c39590d4590c201b42384e0188ce2e621613444da676c5a4a5010fd27e4a8 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-c5501njRAT_330dc0dfWindows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.330dc0df2a34787255e3ecd68c1aabef009e1e5053109583a7fd8f66699e1abaa7c8863e 330dc0df2a34787255e3ecd68c1aabef 07ae3ba8b6bb636c3cbc305d25f60d1b8544cbd3932ec60a41979aca444a0c8a https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-od301Tofsee_0ced670eWindows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.0ced670e6dd6e3dfda6509e653f9ea7b140245761edc212fac64f23396fd8209244ea986 0ced670e6dd6e3dfda6509e653f9ea7b ae2cc0636044f30a1c0c662699b23bb371584fe4a53cad4ed63f91c25afa5dbb https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-o0q01Kuluoz_7b5ede1bWindows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.7b5ede1b958d75de158505120ce16b9bdbb3cb967f5626f00d9573515160ab02bbf8efad 7b5ede1b958d75de158505120ce16b9b 0522ba3cf1a33345ee6bffade7ff3f73d8d3d018994f08e1a9d36df93efa9299 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-v0q01Expiro_b6dbd0a0Windows This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.b6dbd0a0d404f9636dff90e2f4a80b5784e6577ee9a00c5aa60cfda28afaa7b346a5457d b6dbd0a0d404f9636dff90e2f4a80b57 535bb9df4d41d57fc44572ebc1a535ac726546a41a8b2fcf3b904ed037a96db6 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-xf001Kuluoz_7483b2a9Windows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.7483b2a97e38d8019b015b19a4215626dae8bec8af506110e307e2711c84c41b3300bf32 7483b2a97e38d8019b015b19a4215626 091fabce8131379f261ab41ade48b8b5ffb939f66e0219cc5083c85346d99661 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-gla01Kuluoz_c59412e5Windows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.c59412e55120458ab3345dfb3952a1849de3e8ec9ebf403e358f54365ec6c77686d91ee5 c59412e55120458ab3345dfb3952a184 07067626f964e49a6efde18624deed513c1a53f5ac096e2bc422fdf23d70dedf https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-czz01Kuluoz_a4c449b3Windows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.a4c449b3161c79cd324d1a5cc01d7976d3a55239055ce45db703abf66163e1f34ce67486 a4c449b3161c79cd324d1a5cc01d7976 01afc54230a064be47e8948f41b699a33ed1fef92eada1fbab8cde2ab0655d03 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-ctu01Cerber_e12e50fcWindows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.e12e50fcab0e5c9c97757e76027dba8fe745d4d2329673409cbdda36abd83b15c9891321 e12e50fcab0e5c9c97757e76027dba8f f65d7ea6666e7aa4d3bac195a0493c4b736c995d36118915a1d10567a2b31b3f https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-u3d01Kuluoz_dacee86cWindows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.dacee86c28e619b8f10caa3b38c7e946dff2a5efc946812506ecfcc33823e2cd2b9c4504 dacee86c28e619b8f10caa3b38c7e946 0763b04d0acac49c55a7fec6f47169e7567ccd9c0ed9264ddadd848bb08b7b65 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-o0901GandCrab_02ba76bdWindows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.02ba76bda750cd825b0e7993c253881bc7807679ee755e52ee1fe05ea5d6edb233348c1a 02ba76bda750cd825b0e7993c253881b ddee26d282c0eac34452e28c3295638fc9c887ee8f5750913f7de255b929b493 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-goh01Tofsee_26346356Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.2634635612af204aae5f40b3a15ac3e435fcbd12df8ec248f8aeb14bb00b3ecdaeca64e3 2634635612af204aae5f40b3a15ac3e4 b2b29afc2cf0d1f3d4d0e29cf102c168d09405d7f1aa98426f1b2f6ae79ca1eb https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-osp01GandCrab_ee66e4f6Windows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.ee66e4f62694b1e176fd534c30b9977c328f361cdde20711f217849859fa0e815b53e191 ee66e4f62694b1e176fd534c30b9977c 7662ed6be2dda454c3660d65db1a0c4d67af16a563a0c128bcf6d8a498526c7a https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-j7d01njRAT_9018ed16Windows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.9018ed166087099ad28922df8631d342e646193de8855999896800c662aa5f954508aa96 9018ed166087099ad28922df8631d342 83e0d7c8af1ab2095ebfd11d195f5b2f1f999d741c0487c97c4f814050d0bb6f https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-iy601Kuluoz_7ffcc90bWindows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.7ffcc90b0dee8bd58ba6c290fc46be4cf80b32491881133e00e12ae30ff50799ebb58d32 7ffcc90b0dee8bd58ba6c290fc46be4c 0ef4c5d715006cba42eb775a72e285c59c7ccf64082dcc85e3ed2843b1fc1be7 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-8kd01Kuluoz_c93e1608Windows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.c93e160817b21a1dccf83f71fe1685326fe086d1f2ed7f49ee24fbbcec5574b544417113 c93e160817b21a1dccf83f71fe168532 08f908d9480fc99e75ba466f9fa113495db64e6decf5d26ced63a24a9c240caa https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-h3n01GandCrab_ce20d8a3Windows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.ce20d8a32f300b9197e49cde0abd9c740e666d4e3f8bf5141af16bb46d44dc6769acd300 ce20d8a32f300b9197e49cde0abd9c74 0341bda36f866ba3f1577ff22863cc98f3db2eb576f9ddba0efd72226362fc43 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-tly01Nymaim_429289bdWindows This strike sends a malware sample known as Nymaim.429289bd564b05f37c9714afba74b349da6a4fe1beac7b49678c46b4a2b52fb8dd483375 429289bd564b05f37c9714afba74b349 21ca501957eb98d23abf16f253027ccf878f8045408dfefe9428df4357d8e4ac https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-k4b01Expiro_d87c73adWindows This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.d87c73ad426813f4ee733ff1008b77764a38e6380ac87d9e8e8b928b47eb9aa15797410c d87c73ad426813f4ee733ff1008b7776 6669a807690556293a60830285c9c2c9ad52842a1c7646e99852724b1b049ab0 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-m1t01Expiro_a0c7cbbaWindows This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.a0c7cbba1a6efd07571b68ff29d81c3d0cc43ff506d1b07fad98b1ab0c4e6aea3f428484 a0c7cbba1a6efd07571b68ff29d81c3d 552a987dd3722960cba7fd8c4fc1cd36cc5bf2668c9f0ffe5b452eecdc1824e9 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-peq01Cerber_926de47cWindows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.926de47c91b988132f6917c0da99bc24d12a75214f787bfd53cfeef5794f4e013cc13e92 926de47c91b988132f6917c0da99bc24 9bf0aa931cd9e7faf11a6b17ead1493b98dae3155d948eb648d2b797e301a2cc https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-cs901Expiro_b60751e5Windows This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.b60751e57b4356ab0618c44898690e2772fb82bea7cd8ffd03b6ec0a479dd2fc4d2d16c9 b60751e57b4356ab0618c44898690e27 26dcb212b2eace9a14bc33b421505143fa0a247df2418b575046df6ef80ee6a9 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-5tp01Kuluoz_2f919a1dWindows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.2f919a1de7b45c64117b868d1ddfc5d4268dcd6a980caf1e1a4b35f44472156b1e0689c2 2f919a1de7b45c64117b868d1ddfc5d4 04a85f4471adefcba2b10c0e32a2fe12ff81b804205730f3cc21f3db4bc49b7c https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-z3o01Tofsee_c22ccd29Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.c22ccd29e9942fa8e81bfcfad4fda3a92d3b11588036bfd0ae3799a6ddf0396a4a334ba6 c22ccd29e9942fa8e81bfcfad4fda3a9 993beed87fcc986b4dacb829f412f3cd0d8d3bd055abf62ad4b2808e308d2a90 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-iqk01njRAT_5f49a244Windows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.5f49a24478698e5cc059ff0d4e2807ef4cb231cbc82ac3743e74cedb4b9ef40d8a5712ff 5f49a24478698e5cc059ff0d4e2807ef a1739268211e4f63d1f8d89a897272a945f709e9350a4a8a8f788995b5086c54 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-gxf01njRAT_a0b2f8c8Windows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.a0b2f8c8fba15b2d26fd27fa4c8ec5aa3ddc93a339d2b385366feccc78c27d503a7eed7c a0b2f8c8fba15b2d26fd27fa4c8ec5aa 14f0bf6f2bb1706c7c64c42a6dec0d18743ce84455cfa5507671628f09e0056b https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-jan01njRAT_a705ca9eWindows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.a705ca9ebe47897ad23fbd7f7cc291b377c52cbfa3d54a574d0ebcfb923cf9b78578fa25 a705ca9ebe47897ad23fbd7f7cc291b3 4ff6b9d3c069558001457fef65c1623d05ef503580db96a5b444ccc8dfb58fe8 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-bhm01Cerber_eb6aee10Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.eb6aee1001ca1bff6aba6ebcbcd96c8bf887bbd528ed23455025bf2ae58abc35570cf9e1 eb6aee1001ca1bff6aba6ebcbcd96c8b eaf534a49e96dcbd62b64e4ca52c2aa087f554eec76d40760393841f4440f451 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-mvk01njRAT_ae3f2f3dWindows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.ae3f2f3db2d27989ae23105c0d8cd10fd1194a59ac1eed3af89fb7fbd2b1c5ed7795d584 ae3f2f3db2d27989ae23105c0d8cd10f bc63a9907ef52f5c765a390b140e94b253b97f83aa3959f45c2ee0dcb823e0bb https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-8kk01Nymaim_f4b957f0Windows This strike sends a malware sample known as Nymaim.f4b957f0723ff44f91b4ef136cdd5e1f3574fa3e2484889a4a5fbee453bbc6c34f84b558 f4b957f0723ff44f91b4ef136cdd5e1f 2f281ae6cd2f21d87ddd323ea4f1fe37949fd97e9d8fd69019c88754537dbd69 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-npf01njRAT_fb31c718Windows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.fb31c718b3388c6d6b88517b014f0473d91edc44077e598b86be1c105ba6213175294d76 fb31c718b3388c6d6b88517b014f0473 8e225d1629cb1c372d096f3d32bb621fadeba5b1c4489b08069ff977130d7bdd https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-4y301Cerber_42b74292Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.42b74292d97e288bf84f3ca29103de0fe4c53c6424debcae4245af8d47a464954f8aa11f 42b74292d97e288bf84f3ca29103de0f b8148a65912385e4ce63f6ea7bb78b30479dddbc84d2bd6cbe9fa1a3425c27a3 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-k4m01GandCrab_8a3eb75bWindows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.8a3eb75bd58027312eef768fbc4765b1a68372a6420de187ebcc9d066f58619dcb19dd68 8a3eb75bd58027312eef768fbc4765b1 a0c0eab3ce2d8be0e79d2f45b106095912f28f3f55e179cb376d7c71323146f6 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-a5k01Expiro_e890c86dWindows This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.e890c86df2082f498f054ca9d3428132930635a3f818868f18d2f0560841c8e58919b2c4 e890c86df2082f498f054ca9d3428132 8de151ef4f21b6e74cc96403debbdd50ecb97299cac0fa7dc988dba68e30c44b https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-ci401GandCrab_a2b2ee91Windows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.a2b2ee91b149b8d1e7de1751f15b2232d7dd8718857eaba1bec7c0ca65d5159be464afdd a2b2ee91b149b8d1e7de1751f15b2232 68ae6904af508a6fdd6cb66f8db5ddb8fc1d3da7c97241ffe31a818fa0e8ed72 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-yqx01njRAT_170e3677Windows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.170e3677da936945441ef6da484bf92a8dba12fccec26e2b959c70bf0b980100a1ac6856 170e3677da936945441ef6da484bf92a 59e1820154d4a5e6bc42158847a3f82cb25f4e7ac6a89fec036357a5e9ce6342 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-75x01Expiro_ab23b9e9Windows This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.ab23b9e9ebabb5289c3121e91bc606693705cc279be9c09d5e2696e3598e8f73860d2b57 ab23b9e9ebabb5289c3121e91bc60669 3550e5495f8922d17929b8a9bac9c23135d1418356b82576c7dd0a4f15aa95f6 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-gj201Kuluoz_20db9e30Windows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.20db9e30c7589d500615d47502c9b2b1306976b8423bbd9a23bc68af5865da44db4e4788 20db9e30c7589d500615d47502c9b2b1 0e0e274ce9e54e585f9ac7d096f3092f152f090fb5f5273d6086270f2b8da40d https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-ora01Expiro_e7b0d9c6Windows This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.e7b0d9c67db28d0c8b21dca9c2c013be540174675bc2f0850f7454bdbcaf244ab7821fa7 e7b0d9c67db28d0c8b21dca9c2c013be 710a3ca2a0030b4b064dc29da045ab7ff61a5f1a5cf11b100ab89a9b1d9ffc83 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-94001GandCrab_d3623065Windows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.d3623065bb73d3d15149d3a46cf789a492d9d1c5042195bf4ce8ebe946e2e28b1a724586 d3623065bb73d3d15149d3a46cf789a4 0420cacdcaf5e4dea7eacab7a960a18bc6037a88b87c1965636e70a1c3227721 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-56501Trickbot_8435861bWindows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.8435861b340aa9c77a6663be9382e8635255d86ada0ce34ba357c9443c74af5670decc32 8435861b340aa9c77a6663be9382e863 11f8a050648d0b8c70d19a99c48aeb9ba0d893d348ee503b96313b4499d96c63 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-rd901Trickbot_f9f69af0Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.f9f69af083d1b0bf4d54cbba7ef6cc60d5d1b7b4efe8490d14108a93a839fb352d929180 f9f69af083d1b0bf4d54cbba7ef6cc60 198311c124d55765d5488c44a27d94087c67599f88e7b7afdcce4a1bc936c0c3 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-6bo01GandCrab_80bedba4Windows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.80bedba4ab7b07972a5d65ab54511100a7bbd4419f56cf76a018cb23a1d2e45b79510cd4 80bedba4ab7b07972a5d65ab54511100 8c099167fbe1897dc8390979486353371194c2cfcb8095b6542f13670c75cab4 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-81b01Kuluoz_42e30bf6Windows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.42e30bf6fb848fc5ed3e479d85186fa8f1d32171c88fe997a2455465e29b73abf00a7c92 42e30bf6fb848fc5ed3e479d85186fa8 0146c339fb7ec7f1284c123da8e8a4d4faf8c52301949b1da482696a054c87d1 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-xft01njRAT_cdd5764fWindows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.cdd5764f7940b540404e1e7185d9552708ada638bcc77f7a8ecc9e5a260e884e1aacbcb7 cdd5764f7940b540404e1e7185d95527 2ce9507eca7390d1447568f575a31b3cccc185239956c34df11b8a97d5a41d6f https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-0dp01GandCrab_ac5b537bWindows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.ac5b537b8850d6297fb7d6cff598ae9f7e9a3fa1488e21a90ed01ad5570e188ae46a7e89 ac5b537b8850d6297fb7d6cff598ae9f c6b096d8100033e510406c7d3f5ae5e16c8d3fb976509dacbc435c0bd0e3a118 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-9rn01Tofsee_8f0ea42eWindows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.8f0ea42ec1285d562fccce2087844b4532335486bb445cb8690dbf42bdd45770bbca415b 8f0ea42ec1285d562fccce2087844b45 d63483697d4daef64ece202d8d000b45c5db118d55865b2c981b49dbc2ec80ea https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-63001GandCrab_69c15e3aWindows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.69c15e3aba9af00e6fb5f6d64bd1b2a4b097ad1d09e292ca0636c1b50596f703e83334dd 69c15e3aba9af00e6fb5f6d64bd1b2a4 4ce34bd577092109a075a1889b0a7de35348d6e1c5055e8fed4c78f1deed3ffe https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-bko01Tofsee_54ca939fWindows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.54ca939fbab74487ade3caa0a953bb48d56b574d99260decdc2e291bea4bc1c72f6fc4ab 54ca939fbab74487ade3caa0a953bb48 ade3682626c6aa2269e28672fe60ebbeafc42a60f5e02922d2506d6bbe8f353c https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-nlu01njRAT_1e7a814fWindows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.1e7a814fcd5c21ba8ae749560d95357e57b779b6b90ffc8ba602e1ba22ece6263b3ecb75 1e7a814fcd5c21ba8ae749560d95357e 9c36c86b6d998c5c3bded236f5fe94ac15239d8d283afe73acffb35bf45fea39 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-uvd01Expiro_b1d429a3Windows This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.b1d429a32e864a24cc582795804318a84d56b7a4f1428140498003ccddffec2e45be14a7 b1d429a32e864a24cc582795804318a8 5f998984132fabb1879ddca658baa12d891afbbfd0738d2a2063a491be833a0a https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-8ca01Expiro_ab9125bdWindows This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.ab9125bdd2bd7b9dfe32ff1d1d1c370bb24aae2d3a191ac113cb56160afca716c9f261e6 ab9125bdd2bd7b9dfe32ff1d1d1c370b 7327a9114c1facf322d5c31744aa1199a15ba9f57825650b3a548495630c1d63 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-23m01njRAT_844d0cc7Windows This strike sends a malware sample known as njRAT. njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.844d0cc7d6585f73a37878a46762582b2b949461146fa1d075a03a1e7cb6eea3520f0a7f 844d0cc7d6585f73a37878a46762582b 49b6302a30504389f9f9fc0efb48da95aa52053e9c1a1ebcb309dcc0c60c071e https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-jzg01Expiro_e243ae03Windows This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.e243ae03b67f4b4206e46f0662fcdd1bb7c5523e000430f1be123db84a28097d9c0aa196 e243ae03b67f4b4206e46f0662fcdd1b 67dc0704b4393c6dc523756d107279340eaba04a62d49048588ecd4be5a88aac https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-dcs01Nymaim_d1cc7f14Windows This strike sends a malware sample known as Nymaim.d1cc7f14eac0ad963cdfaa028a9183a24cf40dac60e6ee728f0f634475b5e46a168e6ec8 d1cc7f14eac0ad963cdfaa028a9183a2 2c7e7c4b50c4eccd7d68eb6aeea2a234a8b6f16cbc82740f85cf950755195aed https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-f7901Expiro_bb6e492dWindows This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.bb6e492d79c8e40c49cdbb0d6130b8d010398ce4f1edb2eb39da125e98d3bca5c3ec3db4 bb6e492d79c8e40c49cdbb0d6130b8d0 6c0f5ca1ab0562b3c285c5556f1a68fbe8a2a5fcec892bbd8333c8a6414c46d8 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-ywx02Kuluoz_01df875cWindows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.01df875c6ee111a7b1e5d3cb1fe3eb29986507483bf1d2130449e7566230535a36cc45d3 01df875c6ee111a7b1e5d3cb1fe3eb29 04f45879c4e79a6bea82e39aea468d8e1f8e55f13c8dbde1e4855141b19b26e6 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-0vx01Expiro_a97ddc48Windows This strike sends a malware sample known as Expiro. Expiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.a97ddc48c8587fe311242f7d98744210414a0b32713ebadea92243d84e7f46c39bfb3d47 a97ddc48c8587fe311242f7d98744210 3b2f5faad148f5ed6a824553dded90c2de38978845deb2fbdf99816cabfb8854 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-fe201Trickbot_1c749b20Windows This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.1c749b20e51cda4635b1282c65ddc0915616a0eec416823b56f249eac613438b516b2444 1c749b20e51cda4635b1282c65ddc091 48994b0e9f9a32783b49759a81e09e818a0faad7b854f349819a0cca9e04ebbb https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-j0301Cerber_3f366268Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.3f366268737c62e49f874bc25ed1f321f8d6098166382acbbaa1e718f5e5c6a6f57389a3 3f366268737c62e49f874bc25ed1f321 39c03cb39ccac093652c84050ce94ee6369a61bc8a1ca6a29da77e29085b2911 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-y6h01Kuluoz_0f488956Windows This strike sends a malware sample known as Kuluoz. Kuluoz, sometimes known as "Asprox," is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.0f488956bc3aceb6990e0046f9552aec077a34db19a000b115a85bbdda6bd19ed08ee041 0f488956bc3aceb6990e0046f9552aec 0b7adc1b0cfd8e7b0b24f98a7ff788ef6ce9f361f09b286bee4d99ec5bd2c0ac https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-zjc01Cerber_c77f3226Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.c77f32265c3fbf23a02d2c1cccf4fb08173791ad932c9a948bd4fdc638c82aa98287aa13 c77f32265c3fbf23a02d2c1cccf4fb08 274afa596526d108c10f535087a70a4fa67b6f1fd104d21e3c8674af03f7adfe https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-qxl01Cerber_e54ac1a5Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.e54ac1a5cfde09308f4a36cb538fe90234bc88200a8672d4b885d66d4b5991e049868e98 e54ac1a5cfde09308f4a36cb538fe902 70ee34b58fdfb524314767a6054328bd22fe04b57d6ac91e4509ec4ca11255ea https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-iyc01Cerber_bebeab98Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.bebeab9889d5320c502776405cd3ed2834c381403236ec49044d14382f61a4b94e112432 bebeab9889d5320c502776405cd3ed28 b52f586b1d185c332aa2c8ec7e196747b817344e508896bb24996c607cbd4581 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
M19-0ne01GandCrab_6b3eae8bWindows This strike sends a malware sample known as GandCrab. GandCrab is ransomware that encrypts documents, photos, databases and other important files typically using the file extension ".GDCB", ".CRAB" or ".KRAB." GandCrab is spread through both traditional spam campaigns, as well as multiple exploit kits, including Rig and GrandSoft.6b3eae8b346e179388a5a009301984c89a4780a84e387aa673575a45f139a420536f41bd 6b3eae8b346e179388a5a009301984c8 4844c20d9a7b7f968d0dc2a2155abb371b53098f17c14d02eca4c3e318532d59 https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html

Malware Strikes June - 2019

Back to top
Strike ID Malware Platform Info MD5 External References
M19-nfz01Remcos_f0bd833bWindows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.f0bd833bfec2f69938648e5a7d21b286409f288d7b098710073657c5142680ffa567a5a7 f0bd833bfec2f69938648e5a7d21b286 b67255713feb497e145187f505da1cb42becbc0684f2b23efb1bbeff2f2f7431 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-b2501Kovter_5ff37e80Windows This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware.5ff37e801900f7df699ed30f3e8546b6679fe6aa17a5d9aee862f3c3b03a9117d166b981 5ff37e801900f7df699ed30f3e8546b6 065d2473aa32a471228eba99fd58773ee61a634e4f2466b69f6f9c2c94ae56d3 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-5xk01Ircbot_2cee0ee6Windows This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files.2cee0ee6ea7da45933323599c0ed556caefcb458e5bf9d7ab351c45b6ca774ba6e683a15 2cee0ee6ea7da45933323599c0ed556c 2d32b4679e6550adb81a453813e8a820f9d61133d946a32035a4ec3ab566e421 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-7a801Ircbot_9efd35e2Windows This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files.9efd35e2f42d8acb9278955f17d120d85690dc983628971a94d6c539d989bbcc450ccce8 9efd35e2f42d8acb9278955f17d120d8 2a9836c84b839afa60b4fec08b0285404b065a596458237bdbadd9937b637ae2 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-ab901Ircbot_e7b7e461Windows This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files.e7b7e46141f83f5b47f8d7ef328b74dcaf97c2eccbbb5adcd6ef3c3b9403e938477ad46d e7b7e46141f83f5b47f8d7ef328b74dc 3451ccb4bdf160e6150d3f1f4ed55dc943544780edcef3098283e41502c8b4ab https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-my401Cerber_67a1eb8eWindows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.67a1eb8e4c829499d2be85ae4650b121785d08d8b65700d479f96c88c24cff8df18a5afe 67a1eb8e4c829499d2be85ae4650b121 24e2f47a00dba0b61b7ef2994f56318cc775c6fab40ad232598cebf0410b3da8 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-0dv01Ircbot_664032bfWindows This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files.664032bf9071d5306bb9f9ed71ecedeaff3e1f75dbcbfbb7e7cabc0c61e785075148e7db 664032bf9071d5306bb9f9ed71ecedea 36dc719c3e47172a121189c734406055df92e986d1e202769a2432191f028bf1 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-3n101Kovter_b3813659Windows This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware.b3813659276ff4ebbf920ab5e1b4d2152051ac5cb4bb24e0a86f65beb9c0dc70d11940db b3813659276ff4ebbf920ab5e1b4d215 18b1f735465a3b6fba65570dbe125f10b8489587410a872973216ec853cb125b https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-18w01Kovter_bcbd3f6dWindows This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware.bcbd3f6dae5f3f0f973b7b9c20b22efe07da869ebc014e3de57404849f5c5d1c72d24c2c bcbd3f6dae5f3f0f973b7b9c20b22efe 1e663349f267cef450ab939b3904bdd33e0809f9080235241929e09fb7b770ae https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-tvx01Kovter_4aae1e6bWindows This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware.4aae1e6bc2d2f30639144334ef04d6ffb5271fc4f726e0475c3c7e16d3105c6b92d4f66f 4aae1e6bc2d2f30639144334ef04d6ff 449d58bad679912feee287ed8e17ce6221bc61432707e9f189490119bcb9a76d https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-h1y01Lokibot_ccf925f6Windows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.ccf925f642ac71cdf6d21381af107a4962528945854f390d4cb32bdae8fd545e5f668427 ccf925f642ac71cdf6d21381af107a49 4e59cb8c79d9dd7964e5319be30a91b8dee1744054e6e7c470717dab91c95905 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-7cj01Cerber_4a9300c1Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.4a9300c1c93a1edeb61af7b3000920c029a2a11b96d82bcb68d474c2cc8ebe0fcaaae584 4a9300c1c93a1edeb61af7b3000920c0 33b70cc445e8fa02e56ea688be53f7c2993826388539adf7bf48fef3c45995a7 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-jw801Ircbot_40e11fe9Windows This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files.40e11fe921bef33f213f8f3071b8a81898987071061fade12502dbe99d7a863ca5425e2f 40e11fe921bef33f213f8f3071b8a818 1db1f2b0cf7c31206624f21c76587f97e41797d4b034e60577167c751a41c9d7 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-yzw01Sage_3554b675Windows This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.3554b6750e70b7cb4b156564289e15b76f164485a4b49467677b7eb1b7310373f67d2702 3554b6750e70b7cb4b156564289e15b7 80e3c7ad157c9b87a49817973591df737a0d1399bdc9c0a0093acecb7d50d21a https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-ege01Lokibot_29e5cd8bWindows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.29e5cd8bb837ba04c43350e9b0458bf986b9dde62d96111e6429a4cc0b4d3a29ebec41d0 29e5cd8bb837ba04c43350e9b0458bf9 30120ab8f904030dcd4748b4b5edc38f9437ee18d582ffd86c63882ef0afc1e5 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-ztk01Ircbot_92fd7f9cWindows This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files.92fd7f9ca9255141b41313fc74b77e0b4be55e6b4646ed5534823638cc7db8bef1cb923b 92fd7f9ca9255141b41313fc74b77e0b 16eae34bfa90161d7948d421636687c4b2e7cd4bf66d33dc27da05370f1f1cdd https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-gh101Sage_d17d3d66Windows This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.d17d3d666027ac6dff9071700d6738338839dcc3b26433b29e6d6baa8ef58bca5d1a39f6 d17d3d666027ac6dff9071700d673833 1160b42660eafdbaa7e8eb963f3bb9ae17058c06248965265df0fe8b3d39fda0 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-mtm01Zbot_10bf70ffWindows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods such as key-logging and form grabbing.10bf70ffb17350a5a8360907042ae74409510a58b11af60d0b92100a0b62d80b340464cc 10bf70ffb17350a5a8360907042ae744 9f47c7fb5108b7802a9721115563d8485389e29d08082e747e5317e4b85a93b9 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-6fd01Sage_7a579d6aWindows This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.7a579d6a936f0ef1d7b7a0a6d5da26636af64d44ad857c098b17f1018d4acd870c36bd58 7a579d6a936f0ef1d7b7a0a6d5da2663 bc584c0d484c2f772bfdfe5afce3860f8de64fc3f7a147aa731c48e62b8f895f https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-zx201Zbot_1a353741Windows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods such as key-logging and form grabbing.1a353741aeb91b3d6262cbfe371743fa35d8559ec64f337e15040e94316bd6e6d5d0a0f3 1a353741aeb91b3d6262cbfe371743fa edd63bc56a1a477e20d52a7931177a65e4ab7f78f4f807a8eed1f3785a7fe704 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-m2y01Lokibot_94551b87Windows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.94551b8703f171481e9935fa45a7a5ce896d43944da3afd1ea08fce038e0dc58ccc31b09 94551b8703f171481e9935fa45a7a5ce 46773272beedf1cbcd61b41e399df8c437d8c915e3f942115eaa48c5a44af025 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-jwj01Yobrowser_cf3f4836Windows This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software.cf3f4836b1e77c893a814b7972a61946abc1c576ce6ecc9b528eab2446b89c8aba50f7a8 cf3f4836b1e77c893a814b7972a61946 224b4f9f98e7d9887ebcae15c02d8973264f31d12ff87a30d696139a316e2cf9 https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html
M19-2g801Sage_3e51a317Windows This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.3e51a31754e6449ec99b202ab01fecf80a339ed7e7e571a80dd624b58c2f65e6e2502470 3e51a31754e6449ec99b202ab01fecf8 6c4aa0ea8d6828c79bfc6e973ed1b03f88cf311dd7cd5b0ca2982221a29317d5 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-j0p01Ircbot_a98bf9e4Windows This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files.a98bf9e49d3cd5100041ecff7aa711ae18af4e99657c0cd2393e93d6a19cce2c41326a55 a98bf9e49d3cd5100041ecff7aa711ae 15647f00761bb8ff63128c4af1e1277e69b4f51c627779259833c6e2d474aea0 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-1s201Kovter_f754c1c2Windows This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware.f754c1c29b6d4f3b6f77e773d47aefcdce64cc25a33f46db1110909eea43cd6b52c0ae2b f754c1c29b6d4f3b6f77e773d47aefcd 3ed50e60a4117ffb607a4843f95df60f6cacbc29498f05371073ae06a562dfc3 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-of001Lokibot_84d42335Windows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.84d423358360b753576bb87dc557ab8cfa85cac0aff7d147c410747281472d118b851614 84d423358360b753576bb87dc557ab8c 527eee4d3d2df6305545a95c33e17524a22464ba921f5091489bc776287e9082 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-mtq02Kovter_e15814e6Windows This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware.e15814e6776a8c4a4df41b691518b771191e786631e289ff8d4ff4615b5a5fc7c4ab4f9d e15814e6776a8c4a4df41b691518b771 039c52e2bd728ba1ac902a0f4af7363d28aced0ba6f5622fbd0e118d959f59b2 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-rpk01Yobrowser_5706e1ccWindows This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software.5706e1ccd180e0099bd06d459f651288d9da228285fde5dcfcdc114d35b13c53f6b47bf6 5706e1ccd180e0099bd06d459f651288 36c8f82ff5ebd1647044f14b83dbfb93e1ad5e8e80d95cb2f6e3f463cf4ac94e https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html
M19-n9p01Cerber_bd69353aWindows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.bd69353a375bea9f7b68eaa2e5f3f95563a5a0cb62c0db55d2405c4b647d97c5cdb6028c bd69353a375bea9f7b68eaa2e5f3f955 30731c843ed73bf36620d943ddce0a0237d8694b7afb212541e2e91416096b2b https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-gsj01Yobrowser_b1a6bea1Windows This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software.b1a6bea14f1cf87c1484e3947a6fb81a265707bd31798df6fa68c5fbf6d0389b119867ca b1a6bea14f1cf87c1484e3947a6fb81a 5677386b0050cff2f5a2c12430999d569dc744944f2f2d9c29f3bab6d5d43edf https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html
M19-7ro01Ircbot_88c797a7Windows This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files.88c797a77f075dd8610e0fe730bedb6a7d03b62a7ef2a73addf1f5e345e3f4927ffcc567 88c797a77f075dd8610e0fe730bedb6a 0851ddc919f0ea470c3c23e296b6a76b378678364d63a119f6ebab2779e75c00 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-ccu01Sage_2428b5adWindows This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.2428b5ad8c49270b7326befaa09ed5db97ed9190fb441c17c2a97773146dfc124e902216 2428b5ad8c49270b7326befaa09ed5db 98cc91e7d693e7b41f471f256ecf7f780847d37576696c94f005203a614be616 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-y7u01Sage_cf3fe414Windows This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.cf3fe41400d2d5c261082f7eabcbf33b75aa3240636c25aff27129a07cf054643887edb1 cf3fe41400d2d5c261082f7eabcbf33b a5d950f3e43db37527ed31959ffeecb5fb8e7b96d5caae1356577b16dccf183b https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-kb901Lokibot_4750f73aWindows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.4750f73a87c978124540bc1b0ad27afa629fd2e0c03dfc747f2b7b9ccc9af7cd3e115854 4750f73a87c978124540bc1b0ad27afa 21ea64cf87a724414eaaa6cc7a69a38cebef6b5507084f036b486adb3f805417 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-9b701Lokibot_21ece5bcWindows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.21ece5bc5ebae2ce3d6ff6c8e707c4b68c991383a7d261f57fe4406bce1a7e30d9af6988 21ece5bc5ebae2ce3d6ff6c8e707c4b6 72394394c1b0b5d02fe6e362fd07940a6d69551fa7fcacef03c0d82f41fc8fbc https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-0i001Sage_93b66980Windows This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.93b6698034eba5329862fab3bf296862e49f713fff29e776134df6d0f5974b673fd5b7ed 93b6698034eba5329862fab3bf296862 7aec11754a7a9c23b313376a188c4231e1d6f1e5110b689de56236d891f956d5 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-xav01Sage_3ecd7f12Windows This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.3ecd7f12367d097f09b4b524e7a4029e3a35a7290cb74cd9dd03b6b6379d644bf7245f05 3ecd7f12367d097f09b4b524e7a4029e 7f89228c94c44ab61cc5ba06ce6dad7524343a0c50dc394a39b0066a8378a349 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-k6401Cerber_3ef295abWindows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.3ef295ab9ec95b93e74252a81eb62cbdb7282f57d2c9108ea32690648605162aa572404f 3ef295ab9ec95b93e74252a81eb62cbd 341e0f811782bc5c95e195f6f4d88de2aece469919de8c2c7b61794f99f40d82 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-4u701Kovter_f9b241e4Windows This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware.f9b241e4521e0f15a02788d38314edb5f88d1106444a1e81c2d2686c92157bcb4f0b21ae f9b241e4521e0f15a02788d38314edb5 270d791b5a9c8f7723563afffcb54932ee840920c7b68bed13d8c7aa689190ff https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-u6p01Lokibot_9945c195Windows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.9945c19557f5e1ac1e5dd0d359afa387d868eebbe3967aa7c7418bcf364609717871e34b 9945c19557f5e1ac1e5dd0d359afa387 39bd8e2feb6ff6b4b8d25f5e8f9e2e413d7df9241c9effde6cf5c074b0360964 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-wce01Ircbot_865b253cWindows This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files.865b253c4a92289127df850d549c4eeab54d1811315d4f6199e6ca9df36cc19ce39fd596 865b253c4a92289127df850d549c4eea 368ff13ab0807019f61b3ab0ee083c2ab701151582fd59e3b055be3f4e2c63ed https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-nme01Yobrowser_ce00bf70Windows This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software.ce00bf703197119b1d85e6229b664ba1eafd9385fce2131457542c4fc60544ec9be85c66 ce00bf703197119b1d85e6229b664ba1 2fc0b64cf4ab9d6a6a3b607b999b1e47551bfb62acf143bd08faebf0485157d7 https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html
M19-hu601Yobrowser_46d479feWindows This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software.46d479fe49f73dea4c6a8c312a62375b2a1452049baab58ed469768cb65a2b86556ab224 46d479fe49f73dea4c6a8c312a62375b 26b5593a4e7c8b5accf97029cf6c646c7769cecd36d105153f228f03a20f24be https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html
M19-0gs01Yobrowser_e4789285Windows This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software.e4789285c8ad4b131f6b2cf2edbda9c3389db7f5253cbea4f81b59005f875f26e1f20f89 e4789285c8ad4b131f6b2cf2edbda9c3 32dfee8be7cca7d0ed5b84fe8deff6d7177042a802586d16c26176ec58952309 https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html
M19-ik401Sage_794392e7Windows This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.794392e7b6e01e0a1aaf185b6cf8885dd9ef723003eebcac0a4be4eccaf67e1462d3ae07 794392e7b6e01e0a1aaf185b6cf8885d a24fef8d4b55e29dec0b57011e4aa605a39b0ce3d6f207d94ca6e83cd11edaa6 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-6kx01Kovter_07e34623Windows This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware.07e34623e14d5380949b1d97c63fc53e5902929f72baf7f31c31d34c9b123f5ba7feb876 07e34623e14d5380949b1d97c63fc53e 08e337c9f049aa7529aa727fcb8898d1eb2bf14d4b656af95d740e07d7ef9b67 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-xcy01Ircbot_1d638023Windows This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files.1d638023b682c2e308749ed06a46ac5073763ce65f186edda86880e317d4ba3b56c1407e 1d638023b682c2e308749ed06a46ac50 2da6a2799761b83b1206e7dab4d590dfb689af837cf3ac66fa3e58bb8484ee21 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-nck01Cerber_a720f4c5Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.a720f4c56fb4483912eeba6326f4421555ea832872e3db6ea9193fb1f5ecbaadbefa85bf a720f4c56fb4483912eeba6326f44215 5b54c5a4b56149231c5b2c0b9f0f40e226a4a198c9081068d245320f502fb439 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-dii01Cerber_32488901Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.324889012844812ca8144bc7304ac1b60ee56879cfd6bed3d015b4f5496eace25436c9ea 324889012844812ca8144bc7304ac1b6 12c882e47ae5e2ef9e3621b1d8a719458041ce6f1ed38b370c45c821a5e8c59b https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-5m101Cerber_ad62494dWindows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.ad62494d684d7b30a440fc2b66e9013b8d147ddb5945994b68384634e245192776064c71 ad62494d684d7b30a440fc2b66e9013b ff4ab281a403144dcd8fcf788e5421e739276389fcfe5cf31c708257d0474799 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-ipe01Ircbot_48af7806Windows This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files.48af7806457a51b6729af66efe4ce57d6a739351c8562b3d143440c64302f42ec2ea6cf3 48af7806457a51b6729af66efe4ce57d 1ffc4c395bbb6a3a25b17845a5bf7d897e7c9455c29a7d930607dddb1539f72e https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-bzs01Lokibot_17efe18dWindows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.17efe18d151342873460c27b04afc04ecef4b5fc5cee3234e801e29a26bf7ca7149a43bf 17efe18d151342873460c27b04afc04e cce98d91043e66d5b85e536b8864e604d2b26566a8d875dda21e93f51efc6f71 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-c7r01Lokibot_403f4bf7Windows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.403f4bf77f633d855293634fde91faed13becf404e2a6d0f8ba45058fe306cfafb34e35a 403f4bf77f633d855293634fde91faed 6f86b9a80e340cae7b6ce7c70b06f7237c54019c37faa9dd888b57fe15568d6c https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-vjb01Ircbot_c7314ffcWindows This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files.c7314ffcf97d67498941b2b7f65deb41c871da475b43f3ce26dfb8290bbea21867d38af9 c7314ffcf97d67498941b2b7f65deb41 386fdf3836ad5b3bf1588e6b40700abdc69eb793cfe7c6f36895da751944d2bb https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-i0z01Cerber_5f140dafWindows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.5f140dafdea9c587d604e9250da0dbf9cc0b2c11314c662701f096dad6cb6330ca1f2d73 5f140dafdea9c587d604e9250da0dbf9 18ca84623943190fa4ac1f756742b2ae30666d74acc7deee679b3a91bbd75e6f https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-1ya01Remcos_013b5699Windows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.013b5699c6eaa0bcd5a77ee05fa47bbf951d561a3a9493a2ba58cb4fe64327234dd65c00 013b5699c6eaa0bcd5a77ee05fa47bbf a280c5a73c7388441c7b06d600fd0237cce304d02b93a80a88dff73e1e1fbcc8 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-rj801Yobrowser_b96ebd1eWindows This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software.b96ebd1e7387d7317d443c57926131c1c60161a8eb66d3bcb58f0c48bbd37fb8863b47c8 b96ebd1e7387d7317d443c57926131c1 0912999b354d903202f981d327670d3dd5a6f37f3c3374cfbf29b9d5dce86e5a https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html
M19-omd01Yobrowser_171cbd6aWindows This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software.171cbd6ab232425f721dd90e93ca8126399b199bc6383efa029142dee418c12a466ea849 171cbd6ab232425f721dd90e93ca8126 1150e22d4d164cd9a07ee28a6c6d33e657e10e1af6f06a3423c56a5f0449b02c https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html
M19-lhv01Zbot_3f129862Windows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods such as key-logging and form grabbing.3f129862e14f2b578ff433b9570d7a6a03be6332cc5f381048b064554bbdce9c85ee600c 3f129862e14f2b578ff433b9570d7a6a 87aef6c3658a5e31c59df0dbd604d1309cff42b84cbe2761634e8e5f8add3cba https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-7ak01Zbot_25566363Windows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods such as key-logging and form grabbing.255663635b26f94e34e33c1862458ead04b7eb26d30fd96e4593c5db9ea8e01b28a47aa6 255663635b26f94e34e33c1862458ead a8ccd6f1a376356ec6a54a0f233d495183d52bfbe0da041403c32717d5321853 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-e6n01Remcos_0d5a2032Windows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.0d5a2032b8d57480744e43f135e0bfe5ad0f8076ea27ef1e6d1118ba7ef312f0e652538e 0d5a2032b8d57480744e43f135e0bfe5 abd1175388917b260096ca11cc3a8c3e56425abd0dc04650f528ad1669214923 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-y6w01Sage_1899dab9Windows This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.1899dab9d4b234ad4aa6325d66f28a051a7479f90f8b7b3f84e776b8913bb6840d4f8b82 1899dab9d4b234ad4aa6325d66f28a05 3599109b2d20e97baaec09e11e917058dc902158a377015c425a7371ff584054 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-ych01Ircbot_a16831e3Windows This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files.a16831e39036aeea2c125016f7a0dc022c673faaf625b8310f6867111e28ffec15dc4c7e a16831e39036aeea2c125016f7a0dc02 168070acbb2cb5200981e8d0dbed8255bb389feef078162f1ba140dc3ea33553 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-0tu01Ircbot_d82a7ec5Windows This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files.d82a7ec59ab7aadf1d8f4c407a3d2a9d13b2aa4bab7d286964a27efa6c400dd88a22db3d d82a7ec59ab7aadf1d8f4c407a3d2a9d 02fb71eb8559f95fd9d1bc2a31b119306c15a0921ab79101bc35e5ee1729e873 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-2eg01Kovter_3caf1de8Windows This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware.3caf1de8fe743ab6307dd0d0df9cc31a43f447e538d45f781aa83140501240707ddce036 3caf1de8fe743ab6307dd0d0df9cc31a 10f8c098454c63c90a986d037d571d055f5174a00e1f380931157a84ecdc2c01 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-oc801Sage_cf5ff562Windows This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.cf5ff562b0feecd5b40d389de13af80c80bef063e84862dd5e8c8a87db31449c992a4906 cf5ff562b0feecd5b40d389de13af80c 901ff9ae67350d0d294b9b666a7b1fc5612df5fa7e15acf78561716f5a6567f7 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-drw01Yobrowser_b33e2b5cWindows This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software.b33e2b5cb98ab7638db85054f70bd7e73e0976ab8d8aa51d2463ac7a52b5f1af509571b9 b33e2b5cb98ab7638db85054f70bd7e7 36ca931623f279c6683ace47e425666510034f5e18441f90e895a3fc6cd2bbdb https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html
M19-sgy01Remcos_ded0e6b3Windows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.ded0e6b301e1e21a75b5a6142124e8b55c4220f81089f7c1b4a470327bdee0f4e7810f35 ded0e6b301e1e21a75b5a6142124e8b5 b95ea3839a21dfeac94eb4f21efd35d2f1652a7e4c7f65b08bdc846685a7de44 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-mca01Lokibot_b439f139Windows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.b439f139528066555e953c94553d292d97c7d13bc6ed7b189c2ae9a59e8cf0c8a4c3f6b8 b439f139528066555e953c94553d292d 9ad80c24445040b882abd94406f5bd389ab83b400ac4177687e653277788d7f3 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-tw301Yobrowser_8066be8fWindows This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software.8066be8fdda63e708d67e9b87a20f22e64c904730f9fda75f485d3f192437ee64aa64d4c 8066be8fdda63e708d67e9b87a20f22e 42827e85051a54995e67aeb54b9418968224f6c299887e4afca574e08b2b76c1 https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html
M19-7je01Remcos_76af44f4Windows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.76af44f4f24edd1245d0c9f1ea28329d31448fa15fb427235ab414f7aae428007f40d73b 76af44f4f24edd1245d0c9f1ea28329d 7f3e2f8ba14f4f08655e53d1e4daf2fd581e58a444c8c66c57292e28fdde1afc https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-f9d01Ircbot_dea22492Windows This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files.dea22492ce9b1c0207067f19604a2c2800e16f8f8ebeca0c3406463159d51b94c2e1db9f dea22492ce9b1c0207067f19604a2c28 343054da58235802ed6126128c9b5d1017e32f0831ed5bc09748c0c3707d5433 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-8b801Lokibot_4700527bWindows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.4700527b90dfb9a27750fd59a81bfe67ee879d8a6995368e89113b9d1d3f5488636c1df2 4700527b90dfb9a27750fd59a81bfe67 25fa58e7d7821ca2c5cdb947422289eae7d3909efc9455a7a5ef4e476947f4ce https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-dw501Sage_6006bb76Windows This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.6006bb763a8ad197858ff6be46a8a30fa0dfa464bc4a081025221d4a1968440453457a2f 6006bb763a8ad197858ff6be46a8a30f 239d51f57e2cb6b6dd712deeef8d87a4a1f78b10269424edf028f79eccf70bec https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-yns01Yobrowser_ebad5af4Windows This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software.ebad5af413ab26c70f017688d6f0d94a8233ca8945a1bab2e988feaf69e9cc9af055dcc8 ebad5af413ab26c70f017688d6f0d94a 482675e5774d1714ae17b5daefd13697fe3a921feb20fc4360065c2135b9c7b0 https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html
M19-6l901Lokibot_e0d3f98cWindows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.e0d3f98c6f7d8db55a804e295c276136c8ed0bf981ac84f291e2f1371d3ba7cbc86a1684 e0d3f98c6f7d8db55a804e295c276136 a493e9a4662dabc9083cde701821e1df98e499dd9404f49dbedbe3f55fedd764 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-1jz01Zbot_ddf16a0bWindows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods such as key-logging and form grabbing.ddf16a0b3a810bac98062b4d356b513a056673a8ae6b9490f6844e7a4a075006314f7172 ddf16a0b3a810bac98062b4d356b513a b16564e7e63b6761a2a307d0f03b5eb8725b7f688693df8d4cea881f09b2d959 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-qt101Cerber_acd1e3c0Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.acd1e3c0f70d521bb0bdd00777dc3a0d157f5ac1744edbe06beef507ceef248cffe9b208 acd1e3c0f70d521bb0bdd00777dc3a0d 734e3caad97e6edc7e62687d5a8a4628348ee24726938204779f3f5eb7a0f400 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-bcj01Remcos_d19c9600Windows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.d19c96003b2febcb82983e99eab01ec4ba8696d200af8980c71eb326ae291eb8976edf42 d19c96003b2febcb82983e99eab01ec4 516aee696300bb4b56085134b659caa5800a89badc46fc6611864ff5e79ca872 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-v8w01Ircbot_e5cca6abWindows This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files.e5cca6ab7d9252e2bf4640293b83ebfdabf71c9b639c803f182b4c05d83fe026b25e0a5c e5cca6ab7d9252e2bf4640293b83ebfd 1538cc3c6f059ee7b734150f5e8eab97739c226119edd8b07c543ac77fc68ca5 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-jyh01Cerber_9d0b1882Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.9d0b1882259c04447a9086bb566f1fd27b41f93bf05320cffce59c5b921ce654a0edce6b 9d0b1882259c04447a9086bb566f1fd2 4c3c95c99f5d583e2bbf8fb237e55aee3595dcdf24096dc0336190a067487e15 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-3jn01Remcos_e4188a48Windows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.e4188a4875bd58740d22042871b3c034578209bd082836e247e90db10f664b32fc82d9d2 e4188a4875bd58740d22042871b3c034 430d466c1c81f8b680b5e8d57eb696a1c09efc0727009ee3412698bdbd77cede https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-ter01Yobrowser_8a9a13b8Windows This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software.8a9a13b865a80733906c7b7a7c17a9813891be7000b9ea0e9a044c49ecf635b29826a072 8a9a13b865a80733906c7b7a7c17a981 259546449e9e630fbe3bdcfbda7c51de9c1e7bb93022bda08d89bea95ad23a24 https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html
M19-gz901Tofsee_b436bf78Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.b436bf78e9cd10362efed6ec0a687a7db8587e77f07630c00f84af401f6d46446fa736b5 b436bf78e9cd10362efed6ec0a687a7d f1e790bcc0711047ab255646e07ef7d2fb644c45b24a4bc67250e2c8ee9318a1 https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html
M19-a2b01Lokibot_618c3a07Windows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.618c3a07f02b60888dd14c14f3d4dc4afc5fee1352d47e44876a8476c5c22ab6dd16a31c 618c3a07f02b60888dd14c14f3d4dc4a e25beccc8caa3518794a0ba5edbdc99916a66cee94fd55e25d9d34a23420bbe0 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-itd01Zbot_20dd6abdWindows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods such as key-logging and form grabbing.20dd6abd7c62ed311362b2c30db0b7be0667d3a2935490c576d31ce64f3df5c108b59f6f 20dd6abd7c62ed311362b2c30db0b7be 75a96e041086cc1af7696888b0519dcfdba518234345f55746ef5a3c5b7db554 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-mjd01Cerber_62c89150Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.62c89150526aa2f90c565365cc3484d25dd6b14278ec5ef94b9168625239e5846d25f22d 62c89150526aa2f90c565365cc3484d2 4f5e962ece139e2478863ad05e2d92ed0f8d37c98616faa2338adb84efe99744 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-kyk01Lokibot_fc79e212Windows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.fc79e21239ba9ea978ca4ce8a7539edd0b7381679b656ae6e7a52f88b01feac97bdc234c fc79e21239ba9ea978ca4ce8a7539edd 90836122fddbc258f491d097e53e155258999cee41fe1550c78354aa3c8f2e04 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-ngi01Ircbot_ffeb2315Windows This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files.ffeb2315d56610199a6a57dccd7400bcec663713f89791ee3adf065e959452cd82f7f454 ffeb2315d56610199a6a57dccd7400bc 1b0cff388754655704d76af041b56978edd261dd7c2bb8a64a7a79a808312e00 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-dxo01Tofsee_4ad06142Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.4ad06142531f44652583a40b2054ebd1ebd8f4750e55cc6780777531d586bc23952cc833 4ad06142531f44652583a40b2054ebd1 e1cfadc86259f90b2f1fb5cd23bd267a94ed8c8a2d72035b6e335fd5e68d5866 https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html
M19-lbg01Cerber_0c04b480Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.0c04b480d79746d697d164b2503f56289ab6c26f05c27ca735c6a9ad9c6530f33c5b4890 0c04b480d79746d697d164b2503f5628 692772293eb858cc1aa0bc9844448d3330a057992453e6a75e0a20e528ee4c6b https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-qu601Kovter_54144778Windows This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware.541447789dbe90613fc9113d6c2ed0c5acc6fba13e98e405e8ffcfe62605fb13201a2cae 541447789dbe90613fc9113d6c2ed0c5 00bd28d59cb4b7018516410c9664eec2eefe7adba447a37edb587d4829eb760d https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-od901Sage_dfbe7383Windows This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.dfbe73830b8b1927e73474933b28c08264c6cfd74c49eff5f50f5d9c5c2c00dc26f9482b dfbe73830b8b1927e73474933b28c082 97c9f82d70fb957f74e31413b9ac00e56bdab268727f11189c781e7ac93b5479 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-yqm01Zbot_a32f89a2Windows This strike sends a malware sample known as Zbot. Zbot, also known as Zeus, is trojan that steals information such as banking credentials using methods such as key-logging and form grabbing.a32f89a20dcbb31b36e30950803feb30061ca6ee3e76041c6df1f3a1db81497f1e1c503f a32f89a20dcbb31b36e30950803feb30 efd021314885ae49896a01c9244a4ca301cfe74e72a3ad6ca35afc8dcbbc01f0 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-9lv01Cerber_86606705Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.8660670565231f52918f61e930d12821c47be8dab247d4c292027bbfc9608c7720a24511 8660670565231f52918f61e930d12821 6179ede1ad0a80f932189cf1035fe8fe2329b4bde4ccdfcc1d3cbec15179d2b7 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-phm01Tofsee_ade06892Windows This strike sends a malware sample known as Tofsee. Tofsee is multi-purpose malware that features a number of modules used to carry out various activities, such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator’s control.ade06892269543056df2c938e4f9a850e4d6d0f3700828f94c1e18de08ef9214f3e5db84 ade06892269543056df2c938e4f9a850 de76a7d7af2c38342333014608b75117a2d1868d9020f62fdd117cdfb5ed30fa https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html
M19-m6s01Lokibot_bde9ff6cWindows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.bde9ff6c0e644e6f8f88b34f133b4654e134584d2c8b6cd646f31aa0369dc7f4a7cbfe37 bde9ff6c0e644e6f8f88b34f133b4654 45332fc059e1f72e4c9c27bd61e33b9af765299f3685bc1e33e31dae5206311b https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-yjy01Remcos_5efb746cWindows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.5efb746c5e9ed4a134e5e4f854c5bf8dd773308abedbe6b7f0289433dc21853ee4da5f55 5efb746c5e9ed4a134e5e4f854c5bf8d 30f9c76cd44a579c337269351ab40daf575e5996769cf23ab9a0047663593809 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-6za01Sage_d289ed5fWindows This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.d289ed5f16c91139588ceeba0790492c413288238860ed62655d93c3a81ecaed5163ba57 d289ed5f16c91139588ceeba0790492c 5e9e35441ce1473fedd37ca2356cb4932d47f62a9125903383706dba1c356896 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-ye301Cerber_d926c76bWindows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.d926c76b79f77635df2c59e6ec8865cbd12bcc239ff219961f1c734bcb0570c6d8675501 d926c76b79f77635df2c59e6ec8865cb f378761bf7237c3355845ae18cc335b384e4ea7ba5f8ec1deea3fc59e3880050 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-73p01Kovter_3bd6d23eWindows This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware.3bd6d23ef83d111aba238fcd8a733527888589720334df271bc818e6db8a1f11f1471c4a 3bd6d23ef83d111aba238fcd8a733527 0adc56352600d4dd0a413986ffa45cbeaf04b973abdbd86c9b0c87a53440e294 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-txr01Sage_7303471fWindows This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.7303471f8b6f2ddf6ebe0a2c1eb9acbf4bcc4e1a07cff1748942c2662d76f8b1ee4d75ac 7303471f8b6f2ddf6ebe0a2c1eb9acbf 9c7b75a7daae70019419abd51ce4c2bea8e383bd7e618b45d640b08a5f07b99c https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-onh01Cerber_3e4c2df0Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.3e4c2df0ff6c1ab4d6fff18f48f896414a641440ce71c5668c96c9f5e38647db9e57c2cd 3e4c2df0ff6c1ab4d6fff18f48f89641 80616c2ddd1a8c4e8be8c6053a905c9687e1f83336cc5661dca04c5ffb056afe https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-q4f01Yobrowser_a54ac404Windows This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software.a54ac404317c099aa1d6f7ae3be685c8970ab1f07cc123adc078032ba9b302598664f9a0 a54ac404317c099aa1d6f7ae3be685c8 4f349d22bc1cb7e4defbd97debebe906a5408351e7069cf5cc2333338d5be8ed https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html
M19-hz501Remcos_45f914a0Windows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.45f914a0e68ab66379277202806b6198625f8fea0c0c463b9d8f2526daa20fc0c3e0ca92 45f914a0e68ab66379277202806b6198 4ee4c01b513f59cef746c45b14b8211597937dfba27fb58b5e003fe97b7c87ce https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-53m01Lokibot_43a1036cWindows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.43a1036c24cd8fe552570cbb8afb27acc4018be704aa1e968753132fd14577e8935920b0 43a1036c24cd8fe552570cbb8afb27ac dd33d5c467751e8f531bd557cc74f91619d43e3c8ebd1a516c339f33d3be9ac3 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-1vy01Lokibot_ac0756efWindows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.ac0756ef758bc0072f7be7a54d09d10295b52f7bfac19f4ede21db1eca13cfa20fb2ac23 ac0756ef758bc0072f7be7a54d09d102 33527e13eaf4f1ad749a5d00e5f2f8c06e55503a492cdd3a2a01bebc79360aa3 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-t3k01Kovter_06f0f2a8Windows This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware.06f0f2a8e20f8b08a92542ad282fc22d526bdbf0729c24bda5c6012b884c053f569afa17 06f0f2a8e20f8b08a92542ad282fc22d 56b0d6771543530d8a49ff3e8581f0a81330500ca9e6794a15f6876a394285f7 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-dot01Ircbot_7aa9c156Windows This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files.7aa9c156e34e877c1231368079429c69b2038e6ca0b7a5b9e7f2776e24bf371a8b2042bd 7aa9c156e34e877c1231368079429c69 22e62621d215f605a6ad76325c08c8ade8a78a55411fad1e4081e0406069404d https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-smd01Lokibot_95a2928eWindows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.95a2928e049ecdc9db9eb8c8a53eb66a0a1efda0d8755255aaad9c100e9a0274cffa1f3f 95a2928e049ecdc9db9eb8c8a53eb66a c6605ed53413e717e788b8f551455a1f9e94a313ebd00613fac0c63f7bfb920f https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-io701Cerber_70aa9502Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.70aa95022d5e359322411a91bffd0bf51fe9891dfb2d311e46f71542765b6c1f9253cd0c 70aa95022d5e359322411a91bffd0bf5 20b9ff24148baa96dbe1a0a7a48bbbeada81598988ee10605ebb21b139359e09 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-yr901Cerber_8b1f0773Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.8b1f077382505e657b7597f29911861bc2680941e063ace0c28ad75a4f0013edb7eb9e3b 8b1f077382505e657b7597f29911861b fa754655007b7b726ede666f2838940ea89d3349dd9c1278a8c998e2eecda3e3 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-0nz01Sage_a0b2ec93Windows This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.a0b2ec9372ba0900a3d1c81b6562d0c6c49d1036172b3f4c386d6696230c37115a3f069e a0b2ec9372ba0900a3d1c81b6562d0c6 a9ed29372780e5c7c43144308475457df9bc9767c5bdcc294a41eb4fb18a5ac1 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-cns01Kovter_0c026925Windows This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware.0c0269258864c6f0eab8c656b57b7ad12900cc0eeb8839e0539762840c716c8892779e43 0c0269258864c6f0eab8c656b57b7ad1 037385b8865ee894bf36cdce3b370265b7da03447b3b4e18dd72d114330e9942 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-5l501Lokibot_b6303517Windows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.b6303517fe0bf05681aad8adc9d90429e89c454531445c97c7a0e3a35a338f72664acbae b6303517fe0bf05681aad8adc9d90429 98a3e55133d7a23d343f2d690650e5579e485500447f0fff3e0e23f29c9fa86f https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-nb501Sage_7705105eWindows This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.7705105e138e43c7655a5ce5078c7af2df81e27a2b9435912ef43d5c12ca72408e6cc86e 7705105e138e43c7655a5ce5078c7af2 5d62a735a26a9c4494ad3abefd99287889264451798948b8e3dd2a83370312c3 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-3dy01Cerber_b709ea10Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.b709ea10291c200ea548f851e925a146668097ef2957441c64ff812cbb967bbc7655c733 b709ea10291c200ea548f851e925a146 825848fa43ac2ea280104225d930c7c85f33700c51528113295e75c8dc160aec https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-o5w01Ircbot_e9d41925Windows This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files.e9d419251de054f96f9abf1d63701a0ccf0814a5e6183000c2dcb465731e1b2af4e604c3 e9d419251de054f96f9abf1d63701a0c 1f9c1401a3d5279386e59811bd6a916fd555d0ce2701f955110cf548219f64f8 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-mpq01Sage_4e6e7336Windows This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.4e6e73362e09d82992d646850a782f8ff6e34e41bd8624dd6d9d551f257a1f2a2da11207 4e6e73362e09d82992d646850a782f8f c039c4ba185062fd62b7033dbf3b323f15ee8ec385029c7e91560dab1e1b6a4b https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-17l01Cerber_14d9b70dWindows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.14d9b70d8ad76170bbf6dcc720a99564a7f37c16511f7bd64fa33f67ad0ce6006f8e33b0 14d9b70d8ad76170bbf6dcc720a99564 9721c8e97b3ba15a00de9ab4dbcc0d3236253b5bb73f2b3e9d4f57c7ed3dd922 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-3oa01Yobrowser_479b5370Windows This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software.479b5370033003ded350c0e119a42ac16a31252dae91aaf7722f175cf33cfeadecc1b98a 479b5370033003ded350c0e119a42ac1 3f2c22316bc2184f740f39499e41002c6d525a2c4c18dd0b9170c90410a5e4d1 https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html
M19-1zo01Ircbot_6a229e4fWindows This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files.6a229e4f888ba226c0276ff723c5af37e21299639bb8d36c60f3943e13aa65afd78df762 6a229e4f888ba226c0276ff723c5af37 2d2d8936c9f938e60799545e538bc2397f1c2db0d5bf6a8e8afbb7cd561a81f5 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-bm901Yobrowser_099150c4Windows This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software.099150c46581af8adfc766b3d9aeb56447c4948dac66ce00819dacadf24639d0f8c21fc4 099150c46581af8adfc766b3d9aeb564 02be7ea7484ce02344237e4aab046aaa3af0f67f5b5bc7530b7757c182008374 https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html
M19-zk101Lokibot_b3916926Windows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.b391692651c947850ee6dc9107d376b2a5b920726543d0deef76c95b61da9506b02aed86 b391692651c947850ee6dc9107d376b2 425b00366b5e0bbcbecaa17a6f3767ce182d10cb54d14b8146d60795e0a91b4a https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-dfj01Cerber_861543dcWindows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.861543dcf6c1d0bb272eb425394c77380588967eff54b5d06a2b2230ed2c7c2dbdc9ddf2 861543dcf6c1d0bb272eb425394c7738 d9cf96f1f2dd702e618982028129009100e88e30c325775f98e77df4bf907af1 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-loq01Ircbot_5a4de868Windows This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files.5a4de8686cb6cb7e2a145293eaf15e201394002b5790765f8ccf1b7231d87230a1683fdc 5a4de8686cb6cb7e2a145293eaf15e20 0e455cc4d487203ed86f96707ddcf09546c523b14238b003959d29db80db022a https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-rkc01Lokibot_a0a85726Windows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.a0a85726658454e4b4ebd2aa891772db149a67d091665a5385694378ec142be217db4eed a0a85726658454e4b4ebd2aa891772db 83ad9a9b79964ccec70ccf12c7e01c0ea6ea0dcf391dd2ac014d2381e1ba42f1 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-a3701Ircbot_c716badaWindows This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files.c716badac432fec69833ade4e7756850a91dc5cfbe579e0008e2e30bb670070d653bfd52 c716badac432fec69833ade4e7756850 0b30c46cb7774dfa26d40809d4a665ba733364f3e9768314f5ac258c1ca2b213 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-2lk01Kovter_cf26b312Windows This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware.cf26b3124afe895fbc859b5638e4d41de45afd2052aa80d4b5ba407c2f10a5d087317f58 cf26b3124afe895fbc859b5638e4d41d 5263e898133a652e1e0ff1c94919d31c4c3da2bb1bf2fdbf876ba1dd18a01502 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-d6r01Ircbot_e85740e6Windows This strike sends a malware sample known as Ircbot. Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files.e85740e6d161cf564c2f120a1cc6c12cf9d4ebc5323d71f1ffda9ee17ae796c98d22f291 e85740e6d161cf564c2f120a1cc6c12c 3a6e2efe8331037681da5ee01f8deb8aa7cd9960b21f5975aef7d876f7e82b86 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-j9701Yobrowser_3ffba7e5Windows This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software.3ffba7e5d3216bcf3dab157c753dadb482ef608a6126287bbeb106f54a31df416b58febf 3ffba7e5d3216bcf3dab157c753dadb4 1609b08dc860872a1a37967ec01e9c8d90813e42f4c32a4a5c7651b226bf1c7f https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html
M19-iv501Cerber_ba7be368Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.ba7be3688e0393961f26fecf36e44a3c607a307bb962cffd05a973f7c1cf30694ea3b48c ba7be3688e0393961f26fecf36e44a3c 12ec0e3ccef67f877fefce823785ac7d7dbb0f85f8ad001bdf7fc6bfe46e3981 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-1j601Cerber_0ab20a4aWindows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.0ab20a4ab237947931361403291a97cb91d4317df382db98989df4360fa2c95474eb6543 0ab20a4ab237947931361403291a97cb dc7f0f8206c6b155e04cca65f269b7f2a2238297e9782c4605ecd5cf5eb5d8a7 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-53s01Sage_64f33ba1Windows This strike sends a malware sample known as Sage. The Sage ransomware encrypts files and then demands a payment for the files to be recovered. Sage typically spreads via malicious email attachments, and the encrypted file extensions vary.64f33ba18f9e15479db2396b4e0619a51bde3ca8aa609f0f66d93e2318bcf0ccc23806ea 64f33ba18f9e15479db2396b4e0619a5 c771267b2194218e3e8c81795f9e13382415cefea5809260acc7f2a2a0ff8838 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-kpl01Kovter_23145db2Windows This strike sends a malware sample known as Kovter. Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware.23145db2c3a0c7c1c57b51405c10b496068bc76aef7d4399c059b69bbe55a69c2eca4746 23145db2c3a0c7c1c57b51405c10b496 3fea545cce296bbbeb27176f2ce630493d3b680f789effa6d9dc26478d5f00cb https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-fvo01Yobrowser_e47ff0b9Windows This strike sends a malware sample known as Yobrowser. Yobrowser is adware that typically masquerades as cracked versions of legitimate software.e47ff0b90281125c219a70f269f5f1aa31faad739f1600a5d92590b13a5ecda61456771b e47ff0b90281125c219a70f269f5f1aa 2e39806e189e988a6bb094359db5aab14638a1737fded6ab00095425672aa13d https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html
M19-xae01Lokibot_b34f704bWindows This strike sends a malware sample known as Lokibot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.b34f704b0a2a783d2c065c0d6aea75a2a194ff215fbfdd471583a7c137b0e384dd20a25d b34f704b0a2a783d2c065c0d6aea75a2 dc9c4bb8db7e3b0d26dab3572df9ab97cd0218c14a17621104c2a6c095a61f40 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-uyd01Remcos_2791e161Windows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.2791e1618f2495d9fcccfd5973abc2435d2774bd86ab43df3ce92853744f199dbcdf1587 2791e1618f2495d9fcccfd5973abc243 876ba61de5a3feb2e34181bc9a6e1197e70215b51cc169126c2d0bf0bb7588d4 https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-diy01Cerber_9d1205c4Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.9d1205c424f143ef50b04b6ad2b56bc0502be5093402912d930cd1865f0b16984cc83bdd 9d1205c424f143ef50b04b6ad2b56bc0 c381125d95a755659683f75fbf32b57546d7ef099e266ca1c00a305a1938736f https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
M19-ur101Remcos_df315b64Windows This strike sends a malware sample known as Remcos. Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. Remcos is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.df315b646641a9b46b930f55f081596fe389634e523e2b54a84d446767e5dc8c3149d720 df315b646641a9b46b930f55f081596f f601204c1446b69b8a5606eb6bfe4e8bded5287513a1beab99160d0495e79f4f https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html

Malware Strikes May - 2019

Back to top
Strike ID Malware Platform Info MD5 External References
M19-byd01Emotet_96f06429Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads.96f06429ca22db74d0bda87a2ac4efbf95207a5ce166bc6482b8918ad45b748d0d9bc3e4 96f06429ca22db74d0bda87a2ac4efbf 7dbcdbf63ed234c18481358441ee78e0c156f3da60bee606c6c52eafa25fe499 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
M19-kxu01Kryptik_f3216528Windows This strike sends a malware sample known as Kryptik. Kryptik is oftentimes a generic detection name for a Windows trojan. Some of the malicious activities that could be performed by these samples, without the user's knowledge, include collecting system information, downloading/uploading files and dropping additional samples.f321652814b4f73ee6e1a4192476ffc08285c6ce70c13677a97f9a6e646509b03a0b5f37 f321652814b4f73ee6e1a4192476ffc0 0a8dbca58db6fd04e3b0fcb3ba3a08843676eb43362794b13d2b294b1428a8e5 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
M19-jtb01Python_ecd4b808Windows This strike sends a malware sample known as Python. Win.Malware.Python is a generic name given to malware written in Python and, typically, compiled into a Windows executable using tools like PyInstaller. There are a vast array of supporting libraries, proof-of-concept exploit tools, and example code that makes developing malware in Python easier than with lower-level languages. Examples of functionality commonly seen in this type of malware include the ability to spread laterally by exploiting EternalBlue PoC scripts and file encryption performed by ransomware.ecd4b8082fd119a89eacc86be82fdc4613607aa4280fafe7e08eb22b22b5bb204a4ae8f0 ecd4b8082fd119a89eacc86be82fdc46 2d5c9619b85111c8af13ad75bc334b26713839eed3ac96e9b22447039296aa0e https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
M19-vle01Powload_b01c06edMixed This strike sends a malware sample known as Powload. Powload is a malicious document that uses PowerShell to download malware. This campaign is currently distributing Emotet malware.b01c06ed89d2362b9f5ced838de5cc8319fc4d3ecd6ae75869828f32097cc20e66d58a7f b01c06ed89d2362b9f5ced838de5cc83 1e0b73c5ec4b9516709c10ec708fc295df021451f958a89144d79d99604b3664 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html
M19-aqn01Uiwix_762ed51dWindows This strike sends a malware sample known as Uiwix. Uiwix uses ETERNALBLUE and DOUBLEPULSAR to install ransomware on the infected system. Encrypted file names include "UIWIX" as part of the file extension. Unlike the well-known WannaCry ransomware, Uiwix doesn't "worm itself." It only installs itself on the system.762ed51daa67d2a6a4ea641ec5a5b6f39d6f2b7db9b2ee86206fc209824bd4fc23f594cd 762ed51daa67d2a6a4ea641ec5a5b6f3 181ce9db0dea2a3a2e08860620c3015e61995a93729cb07e0b157d0e75c73343 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html
M19-cjd01Cerber_d62798b0Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.d62798b0d0ad13f88b296e19ed69c9b29a44ba6220cc1c4f99ffefea143d9597dac45dad d62798b0d0ad13f88b296e19ed69c9b2 212ef6edb374b8aab38ad19fa15e2e2f4674b7d2cbb024f36b9477fc71c71769 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html
M19-az801Zeroaccess_24f80c93Windows This strike sends a malware sample known as Zeroaccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns.24f80c93b79467d414f7ba1309a573f9d14c16697e9e61905bb4481dc97429b2bf6e66a5 24f80c93b79467d414f7ba1309a573f9 456d4a6d6fbdc25b6c9cafde2af81b6023293e564ddd6473e42f8e420f1fcdd5 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
M19-98201Fareit_4f047604Windows This strike sends a malware sample known as Fareit. The Fareit trojan is primarily an information stealer that downloads and installs other malware.4f047604fd21285542b46c11849029e75dd1959064b82d4450472fab8b9b31fd9308c5a8 4f047604fd21285542b46c11849029e7 446166d1a9e7e1b7e12547510f7de7bc4c281681cce1f9f8576fce9de7b1dc05 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html
M19-72701Python_febbce8aWindows This strike sends a malware sample known as Python. Win.Malware.Python is a generic name given to malware written in Python and, typically, compiled into a Windows executable using tools like PyInstaller. There are a vast array of supporting libraries, proof-of-concept exploit tools, and example code that makes developing malware in Python easier than with lower-level languages. Examples of functionality commonly seen in this type of malware include the ability to spread laterally by exploiting EternalBlue PoC scripts and file encryption performed by ransomware.febbce8a98358aba249a283847f3165312c5cd41e3d9038f8b8c401ac74c72291b854645 febbce8a98358aba249a283847f31653 605cbd5701cbbc4a36935599525e6d0d5c1a043c9252aa081cb9c2f3724fc8ba https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
M19-w6j01Tovkater_85987857Windows This strike sends a malware sample known as Tovkater. This malware is able to download and upload files, inject malicious code and install additional malware.8598785738be465fef9e90ff59f45fab000d9ed680a0d60b806fcb02c58301f1f210b1c0 8598785738be465fef9e90ff59f45fab 21a9fb85cec099bdc2bf419b9bc07dbe6f9b1dc40b8e2853c119093706d1a3a8 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html
M19-aaf02Fareit_91ae66ddWindows This strike sends a malware sample known as Fareit. The Fareit trojan is primarily an information stealer that downloads and installs other malware.91ae66dd51f1ab4ec562a5256266e756238dbd7b0cdf049678366d57f7217446fdd6fc6f 91ae66dd51f1ab4ec562a5256266e756 5c0016d2122382734395929696e2d737162f797bb4e21ab1cb9af7c9429823bf https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html
M19-3bs01Zeroaccess_ec19367dWindows This strike sends a malware sample known as Zeroaccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns.ec19367d1a6dbbb79c8e38242ee740223b2d183bcfb85fadae991aac7e20b70746b75b61 ec19367d1a6dbbb79c8e38242ee74022 658a040596a2b67e36bd8af81037fefd039eae1bcf63b99928f3b5125e414019 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
M19-niy01Fareit_56238237Windows This strike sends a malware sample known as Fareit. The Fareit trojan is primarily an information stealer that downloads and installs other malware.562382378ca63f0bf1ee7d3d4c3d8cf204a83aac9dd1906189ba17e30a81ea097ce8c5ef 562382378ca63f0bf1ee7d3d4c3d8cf2 3409a0970239cd2fc61b66db3c6e7c49921b2c828b59530e37dc34504ee46081 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html
M19-id901Kryptik_c8eabee0Windows This strike sends a malware sample known as Kryptik. Kryptik is oftentimes a generic detection name for a Windows trojan. Some of the malicious activities that could be performed by these samples, without the user's knowledge, include collecting system information, downloading/uploading files and dropping additional samples.c8eabee0a135cfa0e74d26b5664a6b6e616aaea86a9bd5a15d34f287b9a6b324e3845cf5 c8eabee0a135cfa0e74d26b5664a6b6e 516873875312e95e415216eecdbb0fe3799559cd774d68dd10f67b2e413cb646 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
M19-03z01Razy_73f42ebaWindows This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan.73f42eba27780506aadb448098905c5becb934fc91d4c2741ee467dfdd07266b4053ce0d 73f42eba27780506aadb448098905c5b 14a95d66f90495fcc278258097ed704aca265dd6bbb966903abe00dd7225cd11 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html
M19-ld801Python_b34e9260Windows This strike sends a malware sample known as Python. Win.Malware.Python is a generic name given to malware written in Python and, typically, compiled into a Windows executable using tools like PyInstaller. There are a vast array of supporting libraries, proof-of-concept exploit tools, and example code that makes developing malware in Python easier than with lower-level languages. Examples of functionality commonly seen in this type of malware include the ability to spread laterally by exploiting EternalBlue PoC scripts and file encryption performed by ransomware.b34e9260bef9c4b49ca7451095cb5e8701364de560d285d4270e217d2ddbbef8c154dfca b34e9260bef9c4b49ca7451095cb5e87 70c258ff7c21f6319d1434480d5ae6f2e111feb864a5e33b81b01f8364247d11 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
M19-hqn01Emotet_0a295f2dWindows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads.0a295f2d33bf58f843405bd5dec13b9600a56517ba358e22a7fdd66c2c1cabef7a20de82 0a295f2d33bf58f843405bd5dec13b96 e6c00d963b75e7e5e3f037d54dd3d7099f92dfae0cda82fb5d483e6e8ce8b33b https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
M19-qxr01Darkkomet_c4066298Windows This strike sends a malware sample known as Darkkomet. DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc.c4066298c44a7c3128c76e3c0e588469d1fe938d5d05a7fd03766eda31f05d1c5e9e80b2 c4066298c44a7c3128c76e3c0e588469 548d4d3ee7271c7b57f7b99c0b1348da5d1c94e7acfe1adc47f296a562af47d0 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
M19-m2j01Emotet_fbf55dadWindows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads.fbf55dad5de292c9b41ea5c215d2d05577f46d6286fd77a4dac02134f7742b5a89ec2eb7 fbf55dad5de292c9b41ea5c215d2d055 42697c161579c4e96b49f91935b12b3ec042ce5bfc5a583e8b44b416eb5fcf8f https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
M19-l7r01Fareit_134d0a6dWindows This strike sends a malware sample known as Fareit. The Fareit trojan is primarily an information stealer that downloads and installs other malware.134d0a6d6f32d87291860510e08ff9bdd64ecd587b4344225ee58c97089aa4a8d792c7d3 134d0a6d6f32d87291860510e08ff9bd 0758f55d7c977e33b0c64c6bdf273d1fc639440505d3f015c5d519dc6200017f https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html
M19-xs401Razy_2496fc6bWindows This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan.2496fc6b368867b87a675fd477392ffe1b0d86e46efe7c4a4a8dec503b9ac2129314cf77 2496fc6b368867b87a675fd477392ffe 003c194a95c7849375590c48f1c5bc5fa23099976e09c997f29b22b367c1d3d2 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html
M19-w3101Emotet_463dd67aWindows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads.463dd67a128356a408cc0a584ad2a73b8653a8cb93ced9bdab697b91e2b8eb8fc085bd2c 463dd67a128356a408cc0a584ad2a73b 2d7102eb62f9f8c523b7500c5b47eb4cadeff07b2980552e5f8f59aede506eb1 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
M19-7vt01Tovkater_f6080842Windows This strike sends a malware sample known as Tovkater. This malware is able to download and upload files, inject malicious code and install additional malware.f608084220669e65d38a496240326af40004841578ffa0d3daf048a682c80034b829aa3d f608084220669e65d38a496240326af4 2e23eb71950087f2212e0e591fa462b1706571fe55c87454de7003de4a982d95 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html
M19-n8a01Ursnif_9e435e34Windows This strike sends a malware sample known as Ursnif. Ursnif is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits.9e435e345f96544d8df42877df00d4e773f1e5fe9ea9e61dee93cb786a77d13cc4c0f3a5 9e435e345f96544d8df42877df00d4e7 e450ad1c3dad95a579f43bf2deb9b58acc8c661e0090a162da75dd66ef608e8b https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html
M19-qm701Cerber_a26d16f9Windows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.a26d16f9cb06754d9705c804d1e73fd98c6f776e7b50b8e562733cbd2a609ee326c23160 a26d16f9cb06754d9705c804d1e73fd9 0536d5867571e0ed9998dfe458e7cf42334a9abc67e1cbd9ea3004507f899e3c https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html
M19-95p01Emotet_365a2203Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads.365a22038cd02413d7d3ee14b936961c2deedfc38356cb873cfc2ce9a7b0b9b95577567c 365a22038cd02413d7d3ee14b936961c d9d2d222e053edc845ce56cdc0ff3516f8e962ee226434772609ee8ce6edfc91 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
M19-2zl01Zeroaccess_236639f5Windows This strike sends a malware sample known as Zeroaccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns.236639f5664b215fb1225525e555ebe46066d3bbe74a08a701abfa66596538f9315d213c 236639f5664b215fb1225525e555ebe4 2db74b28c8d6fb6cd5dc708a4f63b5f0552edfdef708c2f86ea3a40361e963fd https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
M19-kxr01Kryptik_cf1315beWindows This strike sends a malware sample known as Kryptik. Kryptik is oftentimes a generic detection name for a Windows trojan. Some of the malicious activities that could be performed by these samples, without the user's knowledge, include collecting system information, downloading/uploading files and dropping additional samples.cf1315be229b53d9237f5a7f55c1b394fbf201ee0bc59515850d873ea96e363134395ec1 cf1315be229b53d9237f5a7f55c1b394 70b6964498ad91dc5cf69bca30abec8c65f549e6f11ce47b62cc999bfe167374 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
M19-ae201Qakbot_8de03ff1Windows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.8de03ff177e5f2f7c52a75351b7758ddfe7995c236b5df20b3723fd23392ac116d304c11 8de03ff177e5f2f7c52a75351b7758dd 117466b3e9dabd69d510d9e034eec875d9ca2ad9dbb8c5d123b388ac2a65ebbf https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html
M19-sff01Nymaim_32039ef4Windows This strike sends a malware sample known as Nymaim. Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.32039ef4571578729105854fdc9dc4000a88e04a6b276782db3db0029d9f73357fa67e21 32039ef4571578729105854fdc9dc400 4268fb8266c18ba7392e2ac655dad69b952bcfce10a71b34a821f0ea32a02954 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html
M19-wof01Razy_715b4dffWindows This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan.715b4dff5be71bbba5ce04f9a03787631ffa935813afc8c9ec13aa4ab21194e2e28f8d14 715b4dff5be71bbba5ce04f9a0378763 76097734f64ce5ae9b008273431fa4c81e32b05a9b8586c39b80e68ee70d0a8a https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html
M19-a2s01Ursnif_4724303fWindows This strike sends a malware sample known as Ursnif. Ursnif is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits.4724303f3a4d6cdf3da88f17ee8efe5e2826bdb9f3a26f41168a15e2e9b2af21757a5642 4724303f3a4d6cdf3da88f17ee8efe5e 395a5bb5a15f3d0c277835b62372c985cf718cdd2b1a5a504b5e9433c5dab8a5 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html
M19-4by01Qakbot_8dac95d3Windows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.8dac95d33cbd0ee9b11bc82d26a8aec9f5ff220ef3311216b4d15922b90cd39dcda4e166 8dac95d33cbd0ee9b11bc82d26a8aec9 1c0c7d00ccfb9f12299fd7df7ec2ad497cb6c8fa60b903694f2d2bf54af7c30c https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html
M19-qjn01Qakbot_48334a7eWindows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.48334a7edeabd113b2c571d652548e88f9e4934d26d44125b854765cf65257eeef0461e5 48334a7edeabd113b2c571d652548e88 17d23f910311aeb341ee348586bb212d1cddb70152bc4d1bc31ac579693d7741 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html
M19-kti01Emotet_68244389Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads.6824438966eec56c062e02707e9ebdb7ff47ebf64a88356e29b354193bd4d85a2401e8dd 6824438966eec56c062e02707e9ebdb7 1e04bcdb51abfed7d2093115cbcaec092b5e8840556f172f368c0a62057c7a37 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
M19-tg101Cerber_ddb4bd2dWindows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.ddb4bd2d62d064cad58400ed96ceeacb45bdcfec6a31ef76df98cd587b41bb954f4a3e45 ddb4bd2d62d064cad58400ed96ceeacb 2b7669616638e5976b1c65b492d9e775ab668648d0b2ca5df81bcbe26b7e1123 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html
M19-mmh01Zeroaccess_720fbf92Windows This strike sends a malware sample known as Zeroaccess. ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click fraud campaigns.720fbf92a42b6ba85b8ebb5c360300813e8ba35b2b6ea5d0566725c814a8e2d6fa48ef49 720fbf92a42b6ba85b8ebb5c36030081 5a0f61ab9e096aa16c514f37f60853a708b3eed62dfe8c14643dcc2652141d96 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
M19-8cp01Kryptik_1ebce373Windows This strike sends a malware sample known as Kryptik. Kryptik is oftentimes a generic detection name for a Windows trojan. Some of the malicious activities that could be performed by these samples, without the user's knowledge, include collecting system information, downloading/uploading files and dropping additional samples.1ebce373ec8b68159d59828948822ac7747f9d5c6e17e431bbe4d9f3c3d450205d17aeeb 1ebce373ec8b68159d59828948822ac7 6155690a39ca14c04877424c2292c638910cce74e766d55036e6c3f8133f0c8c https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
M19-jts01Darkkomet_c3e96c1eWindows This strike sends a malware sample known as Darkkomet. DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc.c3e96c1ee7813a2979285c389c269722bb18b7e2d8202a90bd14526bc5f504789f093700 c3e96c1ee7813a2979285c389c269722 725fc28899391ced1970b4caffa22f4b92a636a4a5596c587855f4040f93e557 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
M19-nyj01Emotet_2d1f7f0cWindows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads.2d1f7f0c5884e31b953353c29e0edc541f712b5b5291ebcf58dc3192ad24b259e06fba37 2d1f7f0c5884e31b953353c29e0edc54 d77d9f14025de5483c623673b3f5c4bbe8cdd01c55658c25b62970bf1be6a736 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
M19-m8801Cerber_6d46312bWindows This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.6d46312b28144112af7239a98b13cdd098e6d5221cbc33ad2b50d35c723dcb53c1c28332 6d46312b28144112af7239a98b13cdd0 33dcb7c8ce845f1840cb6508a67595d415227babe474eae0f3a06383eab16e63 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html
M19-s9501Razy_42cd924fWindows This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan.42cd924fdc6168ac07e6674f8240f81bc22e53132a4a0b6c496881f9284c3a72e60bfe61 42cd924fdc6168ac07e6674f8240f81b 649e6217744762016fadb2f7f36a654c607ad160d136714946aa6e0478dc7a87 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html
M19-vip01Razy_4fbd1c06Windows This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan.4fbd1c0640b2a4cbee070635a7921f7fea0d7c08bb3bee5b971cc8fd194412ec20f39c26 4fbd1c0640b2a4cbee070635a7921f7f 6e01014528a359c81851b2197a4656e13d87b15424dc961cc6d770e4d4c747ee https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html
M19-0le01Emotet_bf0b98dfWindows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads.bf0b98dfe641080ce0a47e79236fd99e82cb3a47fcb87541e11d08507f0bbc09785858d2 bf0b98dfe641080ce0a47e79236fd99e 8b2699e4d5ac77bdd3674321b114c05e674f30979b0f032c53a4fcf5a3b11aa5 https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
M19-0xf01Ursnif_acf898c7Windows This strike sends a malware sample known as Ursnif. Ursnif is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits.acf898c7c0d7bfc2aebaaa38148d19e6554d6a490b42316349d6484a0074a512afb9a8d4 acf898c7c0d7bfc2aebaaa38148d19e6 f58c95835e8a08cbef55c00ae86d03399302cdf7d500ab499f312156f275f2f9 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html
M19-fq301Tovkater_4608e086Windows This strike sends a malware sample known as Tovkater. This malware is able to download and upload files, inject malicious code and install additional malware.4608e086942d3d24f262dd614f2b556b007717801bcfbf5f2e8eb5f98f2464d19baf0f50 4608e086942d3d24f262dd614f2b556b 1187cf65c782ea451e0a46f8e5ea18f8133cc209d58db1c08793bb086b96df4f https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html
M19-bp601Uiwix_90abd435Windows This strike sends a malware sample known as Uiwix. Uiwix uses ETERNALBLUE and DOUBLEPULSAR to install ransomware on the infected system. Encrypted file names include "UIWIX" as part of the file extension. Unlike the well-known WannaCry ransomware, Uiwix doesn't "worm itself." It only installs itself on the system.90abd43565adc2fb59c0d00d19cb7cf94a7933491bc6d4368a82c81cb033b088b1f97dee 90abd43565adc2fb59c0d00d19cb7cf9 23e3a6d9ce11a9ceef4f1a0731368a85587d612063d67fb518156fa88e20a277 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html
M19-hr001Razy_5836031dWindows This strike sends a malware sample known as Razy. Razy is oftentimes a generic detection name for a Windows trojan.5836031df97646d19d8a012d5bf3a3f3b44e4d50b4e4c23ae46ddaf97415f0513faffe1c 5836031df97646d19d8a012d5bf3a3f3 0e390dd0547334471c08c3b8b4e7ec3ad1d8fe4facabdb5df674af76c8e149d0 https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html
M19-moj01Zeroaccess_374e9a68Windows This strike sends a malware sample known as Zeroaccess. ZeroAccess is a trojan that