M22-M401f | Banload_66b8cd3b | Windows |
This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection. | 66b8cd3b1eb25169bf41beba0fc5c788 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 372c47dbe69f8d2e4b17307d0e2217e03f2ff58d919cf190ead55f8f82471a76SHA1: 0b4399d492428519110b4d47c3797cf38e685a96MD5: 66b8cd3b1eb25169bf41beba0fc5c788 |
M22-M4014 | Nanocore_38cee96e | Windows |
This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes. | 38cee96e344836bcf081a164e1499cd8 | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 40df493c4a50394fa3b2e482afc505bfedaa459f03d89986786c4b6ef3567d30SHA1: 9ea765bc3d90ac852c479f8112f40c66054524c6MD5: 38cee96e344836bcf081a164e1499cd8 |
M22-M4060 | LokiBot_5d6e02f7 | Windows |
This strike sends a polymorphic malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.The binary has random bytes appended at the end of the file. | 5d6e02f77ca51f9a8d22da843ee87791 | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 469e335bc86bf64c02119e25b3a7ba2e3cda81f6caa688a853a31660ec530fb5https://attack.mitre.org/techniques/T1009/PARENTID: M22-M4056SSDEEP: 6144:viGuElqq+5tom1lGRvxDe8yITrLUbgPmNO:viUEq+cm1GpxTrSXOSHA1: 0fd289932941c2195a7d3f88c515d2583f782927MD5: 5d6e02f77ca51f9a8d22da843ee87791 |
M22-M4040 | Banload_c4d27160 | Windows |
This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection. | c4d27160fcce47b741bb2dad01d63b20 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 6e88c0fc568192968be1ea2c0242bce09141b8b151b469a9d378b66c32909207SHA1: e038f73943676207b8a294897a9c1f66291ddad7MD5: c4d27160fcce47b741bb2dad01d63b20 |
M22-M4059 | Lydra_0af3b3f7 | Windows |
This strike sends a polymorphic malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.The binary has random strings (lorem ipsum) appended at the end of the file. | 0af3b3f763055e7c0437e5f0b57eaeaf | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 615f9ebc63f95f1f24a1fa2d2c12e168ee4366da175c7d3fad894bb941588ee8https://attack.mitre.org/techniques/T1009/PARENTID: M22-M400dSSDEEP: 12288:S5kXzk3f1nZaJl2qIYGnhT2AsnPiKySRsxy8iZV1nUIW2eZ/8djVOWDvqb2bxq9b:qYwpZyl24K2AIPiK0K/5Hbi8djIWw2bYSHA1: 1c51ccbaf55a263dcc79275dca612955a4857993MD5: 0af3b3f763055e7c0437e5f0b57eaeaf |
M22-M4047 | Banload_d93d32b2 | Windows |
This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection. | d93d32b2df1365aba50a850cdcf9ac41 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 219eacfdeef7b353ece6c4c8565d117724b4eaf8a386744291e62850b6397a0fSHA1: 5eaf9c3cc686090c2885f13b115a73423cb838b5MD5: d93d32b2df1365aba50a850cdcf9ac41 |
M22-M4049 | Banload_deaf3862 | Windows |
This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection. | deaf38621cc351ca073766c3217631d0 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 08f4433c7d01f6ab5e7913900e2b01107108bedd1a616836ad06659622fd6031SHA1: 0040e6440f338eb2b6ea6ac5c1dd089b88e1c2ccMD5: deaf38621cc351ca073766c3217631d0 |
M22-M400a | Lydra_1770b93c | Windows |
This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup. | 1770b93c9a0507f45d89744818055350 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 9479afa1493073b4eaeb85046180765e880c7b8858758ddc4417e543f495e890SHA1: eba0040e227b6edc40b84481b845f868bfc3ee1aMD5: 1770b93c9a0507f45d89744818055350 |
M22-M4011 | Lydra_2cf374f0 | Windows |
This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup. | 2cf374f0fc3fe25804ccf3a30d30362d | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 5e1caf77eec956a0a0ca4f1698852d697a8bc01cda546ac447e089844a32de4eSHA1: d2bcd840dc43c45d4cb3c2eee07ffe7c4f04ef5eMD5: 2cf374f0fc3fe25804ccf3a30d30362d |
M22-M401b | Nanocore_5d1b8c65 | Windows |
This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes. | 5d1b8c65e931124a25d4b51f0b5a3562 | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 36c5b920e561d5dd5c946d8005823d7824aa0413b543c0a02c5d205d47399479SHA1: 2d51ae9f60010bcb34ff7d0bc0bc3787a2dd09adMD5: 5d1b8c65e931124a25d4b51f0b5a3562 |
M22-M4004 | Banload_07816243 | Windows |
This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection. | 0781624361d6a6f65cd2c114ec4d800a | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 72e2512c5f40728072de1ebb947f8933dfb2b2db39a94c95c18e83b27f290d01SHA1: 793e52eada42de33a26abbf6e00c114053280a84MD5: 0781624361d6a6f65cd2c114ec4d800a |
M22-M4038 | Nanocore_9fdc8981 | Windows |
This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes. | 9fdc898122e5048dd40054608952290c | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 45319a1170865bb1328f449b5548f36d6abdcf3a949e2621d63d2bbb4989dc14SHA1: 574b6403539da25e33d7b77aa4947914e1e5255dMD5: 9fdc898122e5048dd40054608952290c |
M22-M4015 | Nanocore_3b72cad1 | Windows |
This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes. | 3b72cad1541f9f0e9723c7b6b462cfb3 | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 48376b001034bf0016b7096f4ce337f537738ea0ba99be14705ec513af5cb3faSHA1: 9e7cfe9c0d7fff33cd8fea71899ef20e1282da09MD5: 3b72cad1541f9f0e9723c7b6b462cfb3 |
M22-M4029 | Lydra_74059b01 | Windows |
This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup. | 74059b0184b8ca790207caa5ef25680c | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 2cddab879e997d08b85ac4ccafeac2ff7433ab5d48e52dd5dd930fd471485e03SHA1: e1818d6cd224e1e86a3e79d153c14e5db8a59371MD5: 74059b0184b8ca790207caa5ef25680c |
M22-M4061 | Lydra_5f1583c9 | Windows |
This strike sends a polymorphic malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.The binary has random bytes appended at the end of the file. | 5f1583c98600b138a80b5940dc48b78d | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 322f02a1c696951ab36e8f05db16d33ad56b92fbe9103bdc853a4ae3261f1ee7https://attack.mitre.org/techniques/T1009/PARENTID: M22-M4010SSDEEP: 24576:fDJkk/Zyl24K2AIPiKnw84YdEf/5Hbi8djIWNw5X:fDJk8ZyQ4D3w84s8ZcWw5XSHA1: 87a6de2bb04b8e292a2f71003394ddf10613f94aMD5: 5f1583c98600b138a80b5940dc48b78d |
M22-M4068 | Lydra_c92de4ae | Windows |
This strike sends a polymorphic malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.The binary has the timestamp field updated in the PE file header. | c92de4ae19118495095c6c37af78ac10 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 5e04b393e8848480e5833c199209ab55b9d7441a78e27440e4e6c239e6ace278https://attack.mitre.org/techniques/T1099/PARENTID: M22-M4010SSDEEP: 24576:+DJkk/Zyl24K2AIPiKnw84YdEf/5Hbi8djIWNw5R:+DJk8ZyQ4D3w84s8ZcWw5RSHA1: 49ab71d48cf6b2c1c3f4b737daccb84638c3e86bMD5: c92de4ae19118495095c6c37af78ac10 |
M22-M4016 | Lydra_3b96101a | Windows |
This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup. | 3b96101a3bb9cfc85a0dc6992a465384 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 53545c5ae81ea8b75a6fa94331aa906271adcaddeae675817a25650e8a874e43SHA1: a9039ed3fac9a26119ec687f84b2e168b9b885ecMD5: 3b96101a3bb9cfc85a0dc6992a465384 |
M22-M4044 | Lydra_d432eb6e | Windows |
This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup. | d432eb6ee625acd6397249c1aa090832 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 2b46dd145a0ce192005b3810dbcccf4e954fdeb83e447dcada03b899b0ed9ae4SHA1: 020821b146385b167915b95d5de574af1339a1e7MD5: d432eb6ee625acd6397249c1aa090832 |
M22-M4054 | Lydra_fd5fe179 | Windows |
This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup. | fd5fe1794394752c0731c8bfad7ef61d | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 31c50e33c2f46b0e3fd16769df950caae32d0b0f39e2dfd9352e4ad610566608SHA1: fd07cb5c8882a20ec38baa5a102647e06a543f40MD5: fd5fe1794394752c0731c8bfad7ef61d |
M22-M4066 | LokiBot_ab04f52f | Windows |
This strike sends a polymorphic malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.The binary has the checksum removed in the PE file format. | ab04f52f3035256aa8b91ad784fd6724 | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 4dd792e3a9d3ebd7760520bb6bd1021fb549706a2dec31edf2e8ed8fe9f25411https://arxiv.org/abs/1801.08917PARENTID: M22-M4056SSDEEP: 6144:AiGuElqq+5tom1lGRvxDe8yITrLUbgPmN:AiUEq+cm1GpxTrSXSHA1: ff23356750b0c1d46a8f87a4e00b0ce44d1b47ccMD5: ab04f52f3035256aa8b91ad784fd6724 |
M22-M402a | Lydra_77eb6d25 | Windows |
This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup. | 77eb6d2555b1bf5020c3ed6c96c36914 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 5e2082ca86065448d21059b22422a3923d020c2a1b2e54b863b73adf4a8aa04aSHA1: e7b8b3551de19d10e15e9c4866f90a2453dca80bMD5: 77eb6d2555b1bf5020c3ed6c96c36914 |
M22-M406b | Lydra_dc303021 | Windows |
This strike sends a polymorphic malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.The binary has a random section name renamed according to the PE format specification. | dc3030213c6d17ccad1dff4bc9201872 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: b22a392253fa1e3f1cef9624efe2900ee10402f02b4e2a1ee521794a5800cb6chttps://arxiv.org/abs/1801.08917PARENTID: M22-M400dSSDEEP: 12288:15kXzk3f1nZaJl2qIYGnhT2AsnPiKySRsxy8iZV1nUIW2eZ/8djVOWDvqb2bxq9S:PYwpZyl24K2AIPiK0K/5Hbi8djIWw2bhSHA1: e14ff9321b4b2247febe65c424d562c82c91d9ebMD5: dc3030213c6d17ccad1dff4bc9201872 |
M22-M402d | Banload_80cb5601 | Windows |
This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection. | 80cb5601683bbc10eaa9bd6c0a69ff29 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 061f5fbc2bd1520c16d7f44644ff3dafa1e6a3d54968a9cb14597a6f6600f2cfSHA1: 70ff9494bce081f8700aa626b4e13b473972ed05MD5: 80cb5601683bbc10eaa9bd6c0a69ff29 |
M22-M4045 | Lydra_d5c033ac | Windows |
This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup. | d5c033ac824b36409ef2db6ffc040fe6 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 3acbb8c2603812159c09e2d8a55bf0d0f51caea52bc478c7ce25c13c019bcf78SHA1: 37d0855d272892927205e2c2e811124026336131MD5: d5c033ac824b36409ef2db6ffc040fe6 |
M22-M401a | Banload_57890324 | Windows |
This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection. | 5789032400a88264ddd37c1599304bd2 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 1eef3dccbe68b4fe916f8300a17f3e7113128fc70339d0cb44d5037a8f282233SHA1: 48785845ce7ae86c0c7784d9828bebf135a11a4eMD5: 5789032400a88264ddd37c1599304bd2 |
M22-M4067 | Lydra_afec8070 | Windows |
This strike sends a polymorphic malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.The binary has the timestamp field updated in the PE file header. | afec8070f50efcc17d2ed37ecbb62836 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 7d4b46b745b2cc95cf65307d253d4053d402df64024749304fdd049be606ef51https://attack.mitre.org/techniques/T1099/PARENTID: M22-M400dSSDEEP: 12288:R5kXzk3f1nZaJl2qIYGnhT2AsnPiKySRsxy8iZV1nUIW2eZ/8djVOWDvqb2bxq9S:7YwpZyl24K2AIPiK0K/5Hbi8djIWw2bhSHA1: 4231bb806ed23874fbfadaff2c05ed7467f1748cMD5: afec8070f50efcc17d2ed37ecbb62836 |
M22-M4046 | Nanocore_d8661f7d | Windows |
This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes. | d8661f7d65f4a2123b5257131c8ba54c | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 2300264d67bb1e27e5d716c1b890c448212ed46e76ddbf886b1a4f9f5bc66bebSHA1: bb0ce041fba4de2d183c8796bf64cf3a78ea3f3fMD5: d8661f7d65f4a2123b5257131c8ba54c |
M22-M405c | Bumblebee_23c611cb | Windows |
This strike sends a polymorphic malware sample known as Bumblebee. Bumblebee is a downloader that contains anti-virtualization checks and the ability to download and execute other malicious payloads. Bumblebee has been associated with multiple campaigns, and has been known to deliver shellcode, Meterpreter, Silver and Cobalt Strike.The binary has random bytes appended at the end of the file. | 23c611cb0d5f3d9d18f24eb1155d14da | https://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transformingSHA256: 7370703798ce709cf95253375d619bf32bfecf90fc9488070642b712acdb0d9bhttps://attack.mitre.org/techniques/T1009/PARENTID: M22-M404cSSDEEP: 49152:KR7M9r/8AmAJXPasx29pSvKtxqJ7w+dIM9qPGrfepLXr:VqSv/J7H+M91rmpzrSHA1: 4ac30befebdd920a4daac14294246811949466e0MD5: 23c611cb0d5f3d9d18f24eb1155d14da |
M22-M4056 | LokiBot_ff0e4f8a | Windows |
This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | ff0e4f8a8a1bdd195568c08aa7ed885b | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 153cfd3b0e0aa6b8b3145dbc33f5916e28464296dc95622a3d26aae72545407bSHA1: 60533311017617f0501ac8beebf22bad19c4c5aaMD5: ff0e4f8a8a1bdd195568c08aa7ed885b |
M22-M4007 | Lydra_0eddb35f | Windows |
This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup. | 0eddb35f4053a1560d8e615a692bacf2 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 15d97d53e293b73f3d0337d6ce94554159fa686f831f0adaf7acb0ef5851c3e3SHA1: 580fb14472b733b5a243da5a0130e9fce1afd23aMD5: 0eddb35f4053a1560d8e615a692bacf2 |
M22-M403b | Lydra_be8460bd | Windows |
This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup. | be8460bd64827960aea8b219e2d3fb3a | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 14b9ceba92c03832303b4e168ae02040808d4627ae7eec3d9ae6f10d548c3de0SHA1: b76669d8bdef04e07532b978ea57983f77bdcb9fMD5: be8460bd64827960aea8b219e2d3fb3a |
M22-M4062 | Lydra_801ec30d | Windows |
This strike sends a polymorphic malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.The binary has random bytes appended at the end of the file. | 801ec30dfa8188cc0c6a81955564956e | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 4fd026798203c7881526d73368d9b89af289c25f82508dce0897108d2ffee4a1https://attack.mitre.org/techniques/T1009/PARENTID: M22-M400dSSDEEP: 12288:S5kXzk3f1nZaJl2qIYGnhT2AsnPiKySRsxy8iZV1nUIW2eZ/8djVOWDvqb2bxq9R:qYwpZyl24K2AIPiK0K/5Hbi8djIWw2bSSHA1: 55ba4364bb83644153d37cd9ff2e972be3890ce9MD5: 801ec30dfa8188cc0c6a81955564956e |
M22-M405e | LokiBot_2f6f3af9 | Windows |
This strike sends a polymorphic malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.The binary file has one more imports added in the import table. | 2f6f3af90b6df93d8d98909ca888a2ed | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 83316ae9fac648fd60c829e6d67e4a6de6ddd35ecd7766d9f96dc82d2db70d69https://arxiv.org/abs/1702.05983PARENTID: M22-M4056SSDEEP: 6144:MiGuElqq+5tom1lGRvxpe8yITrLUbgPmN:MiUEq+cm1GpHTrSXSHA1: f869f5d5f71309ebba9fe5149259e26314190ce3MD5: 2f6f3af90b6df93d8d98909ca888a2ed |
M22-M405b | Bumblebee_21c886ea | Windows |
This strike sends a polymorphic malware sample known as Bumblebee. Bumblebee is a downloader that contains anti-virtualization checks and the ability to download and execute other malicious payloads. Bumblebee has been associated with multiple campaigns, and has been known to deliver shellcode, Meterpreter, Silver and Cobalt Strike.The binary has the timestamp field updated in the PE file header. | 21c886eae8ce6dcef907160e430bba92 | https://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transformingSHA256: 9fcce29e265440008d2921e28da643901044998efe06279340161868cc762ad1https://attack.mitre.org/techniques/T1099/PARENTID: M22-M404cSSDEEP: 49152:lR7M9r/8AmAJXPasx29pSvKtxqJ7w+dIM9qPGrfepLX:mqSv/J7H+M91rmpzSHA1: a8495b46cb81a22b8ca337f3c7eb07d60ee3ad7aMD5: 21c886eae8ce6dcef907160e430bba92 |
M22-M4013 | Nanocore_343a00e0 | Windows |
This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes. | 343a00e0236966f55dcd7f7793821ea3 | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 0f3819365183904f2847e83c0e4c0b74abe59630517dcb426ba460bc0289f68eSHA1: 4b159434886459b344d4a798dbfedf0ce79e8e06MD5: 343a00e0236966f55dcd7f7793821ea3 |
M22-M403e | Nanocore_c24e32e2 | Windows |
This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes. | c24e32e2f5e4dcd95f76722619b1c0a1 | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 355de03119506a646343e7bdc80c930128228a31b5cda9fc604e78c3339cd15aSHA1: f99f79767b28610d570bbb88e292e25539d9fad1MD5: c24e32e2f5e4dcd95f76722619b1c0a1 |
M22-M4035 | Nanocore_97531e3a | Windows |
This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes. | 97531e3a2e53b602f0fe470d0080f568 | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 0fd82328c74f24e7628f8f5b057d1f4c4c00111cdfc32ea375f566bd83767c93SHA1: 46ffd4c2de12166c8bf7e59399a2bdc4e4ccb914MD5: 97531e3a2e53b602f0fe470d0080f568 |
M22-M4069 | Bumblebee_d11663fa | Windows |
This strike sends a polymorphic malware sample known as Bumblebee. Bumblebee is a downloader that contains anti-virtualization checks and the ability to download and execute other malicious payloads. Bumblebee has been associated with multiple campaigns, and has been known to deliver shellcode, Meterpreter, Silver and Cobalt Strike.The binary has random strings (lorem ipsum) appended at the end of the file. | d11663fa06c252e4601c21fc7233603c | https://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transformingSHA256: dd846fdbd0628040042b25017f716f2157fce108e7a967a3d67c3aded21e6cd8https://attack.mitre.org/techniques/T1009/PARENTID: M22-M404cSSDEEP: 49152:KR7M9r/8AmAJXPasx29pSvKtxqJ7w+dIM9qPGrfepLXD:VqSv/J7H+M91rmpzDSHA1: 926a135b55eedd089e22944c3f9da46146b5d392MD5: d11663fa06c252e4601c21fc7233603c |
M22-M403f | Lydra_c38cc376 | Windows |
This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup. | c38cc3765d0716273c8ed79329236862 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 1cc4db7bd0b80b86907654bc7cffad4cb075836a47386324cffa3090ec26ce85SHA1: 53c2f0b291c96a476fc553a4734d25849c8d6739MD5: c38cc3765d0716273c8ed79329236862 |
M22-M4009 | Lydra_1197632f | Windows |
This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup. | 1197632f08b212c0eaa0826a24126771 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 313b0792573b08e5ad6266858c45d624da6b759f0cd36e7a140b60479a192a12SHA1: e47102c2e0acce11937505f1203677684759d1dbMD5: 1197632f08b212c0eaa0826a24126771 |
M22-M404e | Lydra_efceda07 | Windows |
This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup. | efceda078559280ccc602f9ddc4dec45 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 0f166551e865da185662a2f71ef0d64521f1554be174c0f7e2bd8d44d02ccc69SHA1: 25c17ab09bb33a8f3838a3774bfff25f7598f89fMD5: efceda078559280ccc602f9ddc4dec45 |
M22-M401e | Nanocore_656265f4 | Windows |
This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes. | 656265f4773e9fce528b9dd1d3685c5f | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 32a8fadf13aea651d7de1c2204f9ca34240e9ca112b96f86eac59c55b1565959SHA1: 02182c2c4612dc1985aff097e1313eefcf341d3dMD5: 656265f4773e9fce528b9dd1d3685c5f |
M22-M4032 | Banload_8bbc6745 | Windows |
This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection. | 8bbc6745481a14d26d118c7a36dbe57d | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 578415c1ead7c074899c39062af2afcb3dfd614b564b2cfbc459bbeae8e950ceSHA1: 0da92b56b06645fdc87bd76c209d1c6a633df3d1MD5: 8bbc6745481a14d26d118c7a36dbe57d |
M22-M4039 | Nanocore_a7755817 | Windows |
This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes. | a775581737895ae440ada6d5eb68f1b4 | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 0a44490562afa0b283ce371cc320340db6e77665fee1525551eb9673b88cbeddSHA1: 39cd214fd219ba80c674ba72c3c85effe8f6b0d9MD5: a775581737895ae440ada6d5eb68f1b4 |
M22-M4037 | Banload_9f95f5e6 | Windows |
This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection. | 9f95f5e64e39f57da72e25d609f64586 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 7a81b340e62044d7611d4a6a105b1d1eea78a259513d5767dbe4931c6e6e5504SHA1: e20a34647ac602598a6e8c810bdacea9c0b5a865MD5: 9f95f5e64e39f57da72e25d609f64586 |
M22-M401d | Banload_5f4c32fd | Windows |
This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection. | 5f4c32fdc71c7d660158b4a4e5f0cc73 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 5d0d5ff7e8f13ec20a843639956327ab5dd568cce99e92e0ac10ad7223617a45SHA1: e7f587756204d41851d8a7243f954f7151378aebMD5: 5f4c32fdc71c7d660158b4a4e5f0cc73 |
M22-M4006 | Nanocore_0df610ea | Windows |
This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes. | 0df610eaf1432e0b18aa27e4eabc931a | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 4268f21ca6e9828bb3d1e3d83023afb59d9bd7f8bd80aec20949747f28eef2bdSHA1: 5c01ce7b25a01bc9cde659cf2701b7594517f18aMD5: 0df610eaf1432e0b18aa27e4eabc931a |
M22-M4058 | LokiBot_01f2e3a9 | Windows |
This strike sends a polymorphic malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.The binary has random contents appended in one of the existing sections in the PE file format. | 01f2e3a946d22c470784c71b442a2901 | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: b6b7b0f13f6ec7dc365ab2df9f6ea3addcf6349d82153f88ee90a7fcdb5cd0cdhttps://arxiv.org/abs/1801.08917PARENTID: M22-M4056SSDEEP: 6144:viGuElqq+5tom1lGRvxDe8yITrLUbgPmN:viUEq+cm1GpxTrSXSHA1: f56e340407b748f185bd6f17e067e94c97110371MD5: 01f2e3a946d22c470784c71b442a2901 |
M22-M4024 | Banload_6c2ad02c | Windows |
This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection. | 6c2ad02c4757738a272804d6d9bea945 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 357e7e3938085403df07804b7df5bfb204383383e471dcc8fadc621e0827fae6SHA1: b99884e185f8a2648485892bac4067fd44f820faMD5: 6c2ad02c4757738a272804d6d9bea945 |
M22-M4028 | LokiBot_6f06a830 | Windows |
This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 6f06a830e7610d4f2e9a1a5c2a4b542b | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: f766b8e7d891d8cfe0ac028a7b81856e060305051f499a7567e59587a922be7cSHA1: b1d92cb2ed3660ea44afbf16bf1c6787ec8106f3MD5: 6f06a830e7610d4f2e9a1a5c2a4b542b |
M22-M4019 | Nanocore_5345f05c | Windows |
This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes. | 5345f05c846bcec9128116d080cc8aa8 | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 321475afa7b20e9f0365e632ff78a7cf4a41069a8ab60c9ca1cb1c432e28e8fbSHA1: 54ef057394aff06c7732e50432e5cb6a0f5fc500MD5: 5345f05c846bcec9128116d080cc8aa8 |
M22-M405a | Bumblebee_171e9b04 | Windows |
This strike sends a polymorphic malware sample known as Bumblebee. Bumblebee is a downloader that contains anti-virtualization checks and the ability to download and execute other malicious payloads. Bumblebee has been associated with multiple campaigns, and has been known to deliver shellcode, Meterpreter, Silver and Cobalt Strike.The binary has the debug flag removed in the PE file format. | 171e9b04a8b64c8b131c2d97bdc77879 | https://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transformingSHA256: 5784bf194bf7301dc13c2ee4c0ace3cb8d095eefde82e7204fe64e334d5f7783https://arxiv.org/abs/1801.08917PARENTID: M22-M404cSSDEEP: 49152:6R7M9r/8AmAJXPasx29pSvKtxqJ7w+dIM9qPGrfepLX:FqSv/J7H+M91rmpzSHA1: 5543bc535f9803afad124f8f6a1bad8b7b8c6449MD5: 171e9b04a8b64c8b131c2d97bdc77879 |
M22-M400d | Lydra_26d60427 | Windows |
This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup. | 26d6042786097f5611ca308e85cf45fa | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 09f2388dacbe3d50df9f104bba77ffc8866e2d71827eba15a53f8fc943c1d59eSHA1: 05ab56cad631c8404d9ac2b461488387b8d0be6dMD5: 26d6042786097f5611ca308e85cf45fa |
M22-M4042 | Lydra_cd9194b6 | Windows |
This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup. | cd9194b61a41fa54750c3a0c8c8213b6 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 128f9fad1fd6d4c61a2f5fb3ee5bbd5bcabf15f73c89ceddd816102e52156bc3SHA1: 038636671718a571f6f6332c85cf228502c25e5bMD5: cd9194b61a41fa54750c3a0c8c8213b6 |
M22-M402e | Banload_817f6461 | Windows |
This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection. | 817f6461ce3b8252058920db2cfc9942 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 5cb4672e1fdec37c22b06e3f4eb6ade056d96967811818c1a66066c52184783dSHA1: a7198f87dca906362be2dacd591f72963d802ea4MD5: 817f6461ce3b8252058920db2cfc9942 |
M22-M4023 | Nanocore_6a98fe51 | Windows |
This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes. | 6a98fe519e79a71d03da47d2ae68d529 | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 218da733de5fd562ba8bbe14ce5f45ea05efbe4eb777494e04e25bcc26453c3cSHA1: b6080ec0d8b5cf454ab17c36b7a8a0001851eff0MD5: 6a98fe519e79a71d03da47d2ae68d529 |
M22-M4055 | LokiBot_feb2366b | Windows |
This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | feb2366b62e5204c8b4f70efc8a297d0 | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 78a241cb500e2d69b09e031983af0ccdbf00e090ce1b25a468c07ebd42368250SHA1: 393280a691a15d97e8d4dbe161aa7d8d98bf6770MD5: feb2366b62e5204c8b4f70efc8a297d0 |
M22-M400c | Nanocore_1f9b44c9 | Windows |
This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes. | 1f9b44c987c087f9ac0df45510701795 | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 1b57755d46a6257a0ebe36dd0a6c79550c64d7e53e15b856ba844b37bcb0970aSHA1: 9d01758d26a5741e9cd5d4657a91c47ac0f7098bMD5: 1f9b44c987c087f9ac0df45510701795 |
M22-M4048 | Nanocore_daab0fbd | Windows |
This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes. | daab0fbde90d733f89e781e6613a88e6 | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 3e0d4dd9d8474170103e384e2a2fb6d535257bc7340f1fec5fee6be613026eecSHA1: b80a817f77e2fca4b1390b743eb290e074783e6bMD5: daab0fbde90d733f89e781e6613a88e6 |
M22-M403c | Nanocore_beb5e37d | Windows |
This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes. | beb5e37de290abb7ad40624b67ffe93a | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 0bf8c2d09aef9aa0b347f71a96e4d496999a50289e2d165d4beb70a65341e8baSHA1: 0d661c89ad1a34e1f5da5d1bf326be0be8b78c85MD5: beb5e37de290abb7ad40624b67ffe93a |
M22-M4051 | Banload_f9606989 | Windows |
This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection. | f9606989388e71a12e1fb6e0ee1b7210 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 375259b9f3d308a8617b072a915381a636a715ea81978ddedb6f2499bbb46f02SHA1: 2ef805b70119cf85a69a71b1432f82f2256f2ac0MD5: f9606989388e71a12e1fb6e0ee1b7210 |
M22-M4043 | LokiBot_d2cf28ad | Windows |
This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | d2cf28ad06a13f24e906790eae874fb3 | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 8d7af5c4f9ed587f532e5d34a12a7f6bb600a9988bf3697075b2582513999f10SHA1: 9ffbad9b4ea5362b7e7c595d23d4ea6f5c19c7b6MD5: d2cf28ad06a13f24e906790eae874fb3 |
M22-M401c | Lydra_5eb3637d | Windows |
This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup. | 5eb3637da49f89486eb76a70cdbd4ed7 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 9024c00da7dede2b35fcb56b31ab2fd863ee21bd0544b242823585af7b6edff7SHA1: ef9c5180d207760c29df0c0d3ea04a1efabdcad7MD5: 5eb3637da49f89486eb76a70cdbd4ed7 |
M22-M4052 | Banload_fbed3502 | Windows |
This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection. | fbed3502397bc90ac4008f6593c666a6 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 39c7d0a1168f924b67a457bf741540fe4d1e3b14723cec4898c700f42ee3f75fSHA1: f795a41ddb26a0c0fdb692f916318f5a8179cc2fMD5: fbed3502397bc90ac4008f6593c666a6 |
M22-M402f | Nanocore_818a1477 | Windows |
This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes. | 818a1477cbbdf0888524352ff075e68f | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 06a7efd4edec1fb0334aa83b381d6d378a093747550ff6d1b02d1b9c279a2df4SHA1: 6f00fbd5c926d66bf6d6aee67d5435eefb66c819MD5: 818a1477cbbdf0888524352ff075e68f |
M22-M404b | LokiBot_e378a018 | Windows |
This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | e378a01869a371d579f14129b6ef6c7b | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: cf14f4abcf042298b59bcfb17035fbd3fcad5fcd7b5d3969b9eea24f70853addSHA1: c072830a71dafa0ad3d4f391dd9bc268cfca3d2cMD5: e378a01869a371d579f14129b6ef6c7b |
M22-M4018 | LokiBot_4973f991 | Windows |
This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 4973f991a4f80bb49052af30e8922a17 | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 2428e37a7c159b8094fcd1437fa361469d5cf9f24e64c5b263ff7ee88fd7313bSHA1: e4ba89e39e37f93ea763c6d0e68a40bc6aed08d2MD5: 4973f991a4f80bb49052af30e8922a17 |
M22-M4001 | Elephant | Windows |
This strike sends a malware sample known as Elephant Dropper. SaintBear also known as UAC-0056 or UNC2589 is a malicious threat actor group that has been tied to the WhisperGate and WhisperKill attacks against Ukraine. Elephant is a campaign that begins as a phishing email that contains a macro embedded Microsoft Excel document that drops a Microsoft signed Elephant Dropper named 'Base-Update.exe' written in Golang. The dropper decodes a C2 address and retrieves the Elephant Downloader named 'java-sdk.exe'. The downloader, also written in Golang, retrieves the final stages of the attack the Elephant Implant and the Elephant Client. The Implant named 'oracle-java.exe' also known as GrimPlant backdoor allows the malware to communicate to the C2 via RPC requests. The Elephant Client named 'microsoft-cortana.exe' also known as Graph Steel backdoor steals user information like Wifi data and browser credentials. This sample is the Elephant Dropper. | 06124da5b4d6ef31dbfd7a6094fc52a6 | https://blog.malwarebytes.com/threat-intelligence/2022/04/new-uac-0056-activity-theres-a-go-elephant-in-the-room/SHA256: 9e9fa8b3b0a59762b429853a36674608df1fa7d7f7140c8fccd7c1946070995aSHA1: 265a613ac405e6c3557e36a19f0ead2d18638cb0MD5: 06124da5b4d6ef31dbfd7a6094fc52a6 |
M22-M4003 | Lydra_06fa2eb4 | Windows |
This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup. | 06fa2eb46ad814569baadb2549fd27c3 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 810591beb27efe7b5a6e052247f872a128c6b2e08b6d2f02bf9ad3760293807fSHA1: 915300506605daa46c99f7868b9fbfd59dd16188MD5: 06fa2eb46ad814569baadb2549fd27c3 |
M22-M4027 | Banload_6d1bdafe | Windows |
This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection. | 6d1bdafed059c665ed9abca1c5f55767 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 1cb3411d3b74e5b641c87d836c23bd3e4488fbfd68168e550f93f5e0a952b99aSHA1: 58abfe39779f0eef9371a40395e3aedf532ea498MD5: 6d1bdafed059c665ed9abca1c5f55767 |
M22-M4025 | Banload_6c65c7e6 | Windows |
This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection. | 6c65c7e6a017df322ef5f3f5746b933a | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 3a40c2b7f384ca5ae335e394b944778eae4c0138ec56e01b0656be9025ae6951SHA1: 7bdae42eb895d8dda6d837a146c201a24ef738dfMD5: 6c65c7e6a017df322ef5f3f5746b933a |
M22-M4057 | LokiBot_0160f5c8 | Windows |
This strike sends a polymorphic malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.The binary has a random section name renamed according to the PE format specification. | 0160f5c8e9e1e2676d8d1f253ce8f8a8 | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 467a7d91c8e36f20ffb74aa6b8480cdd71c636779ab1af49d00dd43da5e464cehttps://arxiv.org/abs/1801.08917PARENTID: M22-M4056SSDEEP: 6144:SiGuElqq+5tom1lGRvxDe8yITrLUbgPmN:SiUEq+cm1GpxTrSXSHA1: dd8c719b7a5dd4a13f7ba47470c81336b180b835MD5: 0160f5c8e9e1e2676d8d1f253ce8f8a8 |
M22-M402b | Banload_7c5d1fa0 | Windows |
This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection. | 7c5d1fa04c00c879d314027f037e0abf | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 14f30b9128a38b31ade71a6e8a94bb1aee6c361e92c7c24dae9fb9b36e027edfSHA1: a2612f62d37a21e01e043a6b8057126d12aa6b1bMD5: 7c5d1fa04c00c879d314027f037e0abf |
M22-M403d | Banload_c2076b76 | Windows |
This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection. | c2076b766832250f6a662167587ff22f | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 117bdceaa7d909bda125a9bf75c94d43c14801fcfb2be2103f840c819ba1bc93SHA1: c3adecd9090fd8c9e84fb854ed72a9d7312b4c2cMD5: c2076b766832250f6a662167587ff22f |
M22-M400e | LokiBot_2986dd0d | Windows |
This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 2986dd0d1fc472a96a02c5ef9644c1d8 | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 2936b663d2b774656e7e71b15b03cee2e119bb9e5e0b3b4937186231854f059fSHA1: 16e7fa91e2966cf6bf8b1ba6cff1b0532919d952MD5: 2986dd0d1fc472a96a02c5ef9644c1d8 |
M22-M4053 | Nanocore_fbfbb66e | Windows |
This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes. | fbfbb66e81bbbd6156f6c62a5b5ee138 | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 039d907add08d646102f91cec4fd8f41e769a9ccdc702a0cfe614a5ad0da0ea4SHA1: b5fbb1e2e29dcecbfbe328b9cd09f5b6513956d7MD5: fbfbb66e81bbbd6156f6c62a5b5ee138 |
M22-M4065 | Lydra_a6bbb58c | Windows |
This strike sends a polymorphic malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.The binary has random strings (lorem ipsum) appended at the end of the file. | a6bbb58c1f7c4f0922dfd96c4b79236f | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: c035f4dfa78dafdf1436453e23f2adef4511604b83aa36d97a3b300a98cbf2ffhttps://attack.mitre.org/techniques/T1009/PARENTID: M22-M4010SSDEEP: 24576:fDJkk/Zyl24K2AIPiKnw84YdEf/5Hbi8djIWNw5I:fDJk8ZyQ4D3w84s8ZcWw5ISHA1: eaaeabae5ad3cfc3cb5b0259a53d6c300ff6c7a0MD5: a6bbb58c1f7c4f0922dfd96c4b79236f |
M22-M4031 | Nanocore_8b4b1d7c | Windows |
This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes. | 8b4b1d7c42d2db7f3a5ccb826ab1c894 | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 186979ef685f3a500a5c4d5d11421e0973d9584e0c95005ec89373236fe72abfSHA1: c1e0da1e306bb5ff5689c015e9b33bd197b8ae8cMD5: 8b4b1d7c42d2db7f3a5ccb826ab1c894 |
M22-M404d | AcidRain_ecbe1b1e | Linux |
This strike sends a malware sample known as AcidRain. AcidRain is a wiper malware associated with the Russian invasion of Ukraine, and was used in 2022 in an attack against Viasat modems. It is a MIPS ELF binary that performs a wipe of the target filesystem. The malware also shares some common linked libraries with the VPNFilter plugin ,'dstr', which was meant to wipe devices. | ecbe1b1e30a1f4bffaf1d374014c877f | https://www.sentinelone.com/labs/acidrain-a-modem-wiper-rains-down-on-europe/?msclkid=ca40420bb10711ecb81c3cc4ca9556b9SHA256: 9b4dfaca873961174ba935fddaf696145afe7bbf5734509f95feb54f3584fd9aSHA1: 86906b140b019fdedaaba73948d0c8f96a6b1b42MD5: ecbe1b1e30a1f4bffaf1d374014c877f |
M22-M4002 | Banload_06d7088e | Windows |
This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection. | 06d7088ee3d6560a888025a8c28cabe0 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 381dcc8dfcbad074115ba93780a7275ec0d3a3004850597a4dafa7a29851e2e7SHA1: d67353f7784e2299b968fe937f63ff274434630aMD5: 06d7088ee3d6560a888025a8c28cabe0 |
M22-M4030 | Nanocore_87bb61d6 | Windows |
This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes. | 87bb61d698092811de9c9608eb3535fb | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 2e3b6eaaa432ed0491cb75301646d0820489b2dd04cbb3dabd5332054a8e7dd8SHA1: 888c043b0beb8725bbd109c009c95ed79641b535MD5: 87bb61d698092811de9c9608eb3535fb |
M22-M4050 | Nanocore_f28a8791 | Windows |
This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes. | f28a87919c239a05f71658d8708548fd | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 206ff86eaef9ebe2f7179916fcb3a2ec788c2c7c354ebce72d6b843bae446681SHA1: 56d9aff13a0f9255c2a6456fc34589442102e9acMD5: f28a87919c239a05f71658d8708548fd |
M22-M4026 | LokiBot_6c8a1688 | Windows |
This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 6c8a16888e371f15f0b018fb0ddaae2e | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 314f45ffb068c464f1ecad8aff18f23693ff5857057f862a7a830b64e1fd2849SHA1: 7ab5a8a027df0f10ef8bfb667b96b0eb10190532MD5: 6c8a16888e371f15f0b018fb0ddaae2e |
M22-M4012 | Nanocore_2e2dfbb1 | Windows |
This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes. | 2e2dfbb18adceb71d6785790792b5fd5 | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 3d78ae0a3dbd639b87b905888b5535e2a41e5ce3fe57bc9f1cc3c3a5a0523b24SHA1: 005c33757e915751fb386d63acaaa1568b892d3dMD5: 2e2dfbb18adceb71d6785790792b5fd5 |
M22-M4034 | LokiBot_92d1f7e5 | Windows |
This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 92d1f7e5f1d35e4c3744798b583da7e8 | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: f52025ad2e051afc5b3a48f9b84d88c929a1a27df132c78be3956e34f7ed473bSHA1: 5d443129743f48695089ffb822b1e0ddebba0a89MD5: 92d1f7e5f1d35e4c3744798b583da7e8 |
M22-M4008 | LokiBot_0f454af3 | Windows |
This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 0f454af34a3a6e3a26db1bc14e0c1ee3 | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: a4fbcf0da39f90df5791fa1f3908403eb99e2cf21fd02d069501e2833dc24bfdSHA1: dc341247add5c6ab99bf3c4768bbe6cf27ecd015MD5: 0f454af34a3a6e3a26db1bc14e0c1ee3 |
M22-M4020 | Nanocore_677d8f9d | Windows |
This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes. | 677d8f9dc4f65fd974e3df7d579d2205 | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 186ccc173ff83160dc51bd63a4498fc31ac410ef4c9449dce6a95d8aaa083fc1SHA1: 3b54122884531314447d5eea1395dcdc8184b05eMD5: 677d8f9dc4f65fd974e3df7d579d2205 |
M22-M400b | Nanocore_1a74354a | Windows |
This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes. | 1a74354aa911475d3787eb9f63a57acd | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 020a7f0aa3a9236e11ae59e0451e1cee322d8cc274f152e5d5050ec39e32ebf1SHA1: 9fc074042b0b7d770b4865c28181d22479bf00adMD5: 1a74354aa911475d3787eb9f63a57acd |
M22-M4010 | Lydra_2afe516c | Windows |
This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup. | 2afe516c0fc84c348396394f2222d3df | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 0dc3f18cd8840916c3cc6e481ba39e9dd35e7b410816e7bc82133bb7e05d3e6eSHA1: 42652e1d658a94953938f9c5f89dcf37f9377265MD5: 2afe516c0fc84c348396394f2222d3df |
M22-M4005 | LokiBot_08ed7ada | Windows |
This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 08ed7ada50256212d5ff62819036ec92 | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 7e059156d292c91d41f8ff92dcf6bd40e47d0aef0140c51d5bfbdfc865e80f09SHA1: 56b8bb4be2f0921ac541baceca47842527619060MD5: 08ed7ada50256212d5ff62819036ec92 |
M22-M4033 | Banload_8c79f698 | Windows |
This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection. | 8c79f698f784995d572bbe1259d62b4e | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 4b9d9c9e82e7f214a76bf0f2953ec60f40af4b028e9e431db156df40cf96ea94SHA1: d5120d629dd8df5bb20a67543e1b1ce4eda86373MD5: 8c79f698f784995d572bbe1259d62b4e |
M22-M4036 | Banload_9769f7da | Windows |
This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection. | 9769f7dae9a2ae1d6ec10cbdbbb2ee2c | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 2accb3de127578d3cbf8693a40cd754e8b4085f91404137929c9e4a362b450cbSHA1: e00620db5950067092087e92b09d1e497072c888MD5: 9769f7dae9a2ae1d6ec10cbdbbb2ee2c |
M22-M402c | Banload_7f5fd9a3 | Windows |
This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection. | 7f5fd9a3772ca1d9e2e4ad11132d89a4 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 2f6024bfebce0b14fc299832f636092ceae3f3c9c34232dc78d43e2a7b44c85dSHA1: a63c99b0f835545f6a9ea1b074178811e7fda6beMD5: 7f5fd9a3772ca1d9e2e4ad11132d89a4 |
M22-M406c | Bumblebee_f225b34f | Windows |
This strike sends a polymorphic malware sample known as Bumblebee. Bumblebee is a downloader that contains anti-virtualization checks and the ability to download and execute other malicious payloads. Bumblebee has been associated with multiple campaigns, and has been known to deliver shellcode, Meterpreter, Silver and Cobalt Strike.The binary has random contents appended in one of the existing sections in the PE file format. | f225b34ffcf75bcd79a6dfc6a55c4d94 | https://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transformingSHA256: 2cf6bc082a9540ec0a5d133272fa08555849ed4607c79382dc792892a6501276https://arxiv.org/abs/1801.08917PARENTID: M22-M404cSSDEEP: 49152:KR7M9r/8AmAJXPasx29pSvKtxqJ7w+dIM9qPGrfeyLX:VqSv/J7H+M91rmyzSHA1: 524598af0cf218faa2dbd7b4343f0aff6792ed58MD5: f225b34ffcf75bcd79a6dfc6a55c4d94 |
M22-M403a | BlackCat_b6b9d449 | Windows |
This strike sends a malware sample known as BlackCat. BlackCat is ransomware written in rust. It has been tied to the BlackMatter ransomware group. The ransomware uses AES or CHACHA20 algorithms are for file encryption, and the executable is compiled specifically for the target organization. | b6b9d449c9416abf96d21b356a41a28e | https://securelist.com/a-bad-luck-blackcat/106254/SHA256: be8c5d07ab6e39db28c40db20a32f47a97b7ec9f26c9003f9101a154a5a98486SHA1: 38fa2979382615bbee32d1f58295447c33ca4316MD5: b6b9d449c9416abf96d21b356a41a28e |
M22-M404f | Nanocore_f100541a | Windows |
This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes. | f100541afa58ccf5a261829e822f9a36 | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 09292e509fcb22c28b769af2513ddcbeaa994397e878be2ea136f2f8a40b1e27SHA1: 3fdbb7124d95af3f798c06c3b807bf79fc9000d9MD5: f100541afa58ccf5a261829e822f9a36 |
M22-M404c | Bumblebee_e6a046d1 | Windows |
This strike sends a malware sample known as Bumblebee. Bumblebee is a downloader that contains anti-virtualization checks and the ability to download and execute other malicious payloads. Bumblebee has been associated with multiple campaigns, and has been known to deliver shellcode, Meterpreter, Silver and Cobalt Strike. | e6a046d1baa7cd2100bdf48102b8a144 | https://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transformingSHA256: 08cd6983f183ef65eabd073c01f137a913282504e2502ac34a1be3e599ac386bSHA1: a7838aa4f42c95ee245f9b62d2c894a4c2067894MD5: e6a046d1baa7cd2100bdf48102b8a144 |
M22-M406a | Lydra_d7a51c98 | Windows |
This strike sends a polymorphic malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.The binary has random contents appended in one of the existing sections in the PE file format. | d7a51c9826dbb49d8231ec75fa41e0e2 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 1c40ea53a9861e2a14d8a97af4a2dcd935c7631c07e79eec5ab8796521b4b375https://arxiv.org/abs/1801.08917PARENTID: M22-M4010SSDEEP: 24576:MDJkk/Zyl24K2AIPiKnw84YdEf/5Hbi8djIWNw5R:MDJk8ZyQ4D3w84s8ZcWw5RSHA1: c345254b087997ec89d4bb7246454e6a06e6ddfeMD5: d7a51c9826dbb49d8231ec75fa41e0e2 |
M22-M404a | LokiBot_e2d55f15 | Windows |
This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | e2d55f15beeecc19914b40971a0f413e | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 3be5a9fae4019ebe9b1edfe4645472cbfd9df1a0b566d0a342da2cd09f229a30SHA1: 969c89ae9fb488c4c849ee04abfb47bd13775f10MD5: e2d55f15beeecc19914b40971a0f413e |
M22-M405f | Lydra_5997ac16 | Windows |
This strike sends a polymorphic malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.The binary has a random section name renamed according to the PE format specification. | 5997ac16c6a669d83b99a296289c71b8 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: f67053fefc084b48b9770a04810e77f604c06b8627621777f5443ad6b78c4293https://arxiv.org/abs/1801.08917PARENTID: M22-M4010SSDEEP: 24576:ODJkk/Zyl24K2AIPiKnw84YdEf/5Hbi8djIWNw5R:ODJk8ZyQ4D3w84s8ZcWw5RSHA1: 2d77cbc673640963c2ab2814b04ce33e6dd625c0MD5: 5997ac16c6a669d83b99a296289c71b8 |
M22-M405d | Bumblebee_25a8caa9 | Windows |
This strike sends a polymorphic malware sample known as Bumblebee. Bumblebee is a downloader that contains anti-virtualization checks and the ability to download and execute other malicious payloads. Bumblebee has been associated with multiple campaigns, and has been known to deliver shellcode, Meterpreter, Silver and Cobalt Strike.The binary has a random section name renamed according to the PE format specification. | 25a8caa929eb681e1f75b495e8ddbdde | https://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transformingSHA256: f58b1233cada673b12ca1a6aca3a75bb3ba05bde0480d64d5b14b99e934672b4https://arxiv.org/abs/1801.08917PARENTID: M22-M404cSSDEEP: 49152:hR7M9r/8AmAJXPasx29pSvKtxqJ7w+dIM9qPGrfepLX:yqSv/J7H+M91rmpzSHA1: 4f2457caf16f699a5da2506890adb99d6767eeb5MD5: 25a8caa929eb681e1f75b495e8ddbdde |
M22-M4041 | LokiBot_c5c06432 | Windows |
This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | c5c06432bc7c0780e0de5028dd4098c4 | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 9918641f49c29eb6488268510c824c1a2ebbecea8121c94fa83dcebadf83796cSHA1: 45acc9ff1a32b1e9ad979514cf2f5ac41cfd3f98MD5: c5c06432bc7c0780e0de5028dd4098c4 |
M22-M4064 | LokiBot_89e9dbf2 | Windows |
This strike sends a polymorphic malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.The binary has random strings (lorem ipsum) appended at the end of the file. | 89e9dbf2546d9f1949c3ae8b7e16ce12 | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: c7e8b908ba77fd1d8dbc48b9177d6658a957b7948329aac022e60d39062105b0https://attack.mitre.org/techniques/T1009/PARENTID: M22-M4056SSDEEP: 6144:viGuElqq+5tom1lGRvxDe8yITrLUbgPmNy:viUEq+cm1GpxTrSXySHA1: f3f17311f7eca9b1be14100efc634cf6f50517ceMD5: 89e9dbf2546d9f1949c3ae8b7e16ce12 |
M22-M400f | LokiBot_2ae52ed0 | Windows |
This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 2ae52ed06d8466acf2ba526c9808c44c | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: b9291afeb5418b38950175e191ba50b942bf18824ec4b853d9b6a1ce0f6d6f51SHA1: b1f5f8c246ee482b58f8ecaa181465427a023753MD5: 2ae52ed06d8466acf2ba526c9808c44c |
M22-M4022 | Lydra_6a56292d | Windows |
This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup. | 6a56292dca5d844048c166288dfb8d12 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 552324621c91b8b07255d6bf8ff8a5b3aa4deb196a9e226e53cf0f6f7cd75bceSHA1: a39064aa6aa5c90e4f0eae7ce7811885789ff0ebMD5: 6a56292dca5d844048c166288dfb8d12 |
M22-M4017 | Banload_3c8d18b6 | Windows |
This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection. | 3c8d18b6e55095a225e09bbe7a171fc4 | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 4768068b2d5b009ed00ab89f3e828fb3baa396118c18e5c3f53831c15542bdedSHA1: bc56cd12a7f69c19e1c297304783257b36331656MD5: 3c8d18b6e55095a225e09bbe7a171fc4 |
M22-M4021 | LokiBot_6882fe2e | Windows |
This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails. | 6882fe2e90093a2bfd5d96371330e809 | https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.htmlSHA256: 6daf2f4b11e77d52247a97aa5a8640a9b7957301a152ad48d493581a0148a752SHA1: 75bffbd17c24bd34b1fec8408fab3acbc4cba051MD5: 6882fe2e90093a2bfd5d96371330e809 |
M22-M4063 | Lydra_840710a5 | Windows |
This strike sends a polymorphic malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.The binary has random contents appended in one of the existing sections in the PE file format. | 840710a56264b708f3eb3bbbc5c1321d | https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.htmlSHA256: 6450c6748ee1d2cbd963d8350198300150a3a44b561fdbc835c466d207e5baf6https://arxiv.org/abs/1801.08917PARENTID: M22-M400dSSDEEP: 12288:C5kXzk3f1nZaJl2qIYGnhT2AsnPiKySRsxy8iZV1nUIW2eZ/8djVOWDvqb2bxq9S:6YwpZyl24K2AIPiK0K/5Hbi8djIWw2bhSHA1: e4fe2778e28d36526ec331ac510cf293278ec134MD5: 840710a56264b708f3eb3bbbc5c1321d |