Malware Monthly Update January - 2022

Malware Strikes

Strike ID Malware Platform Info MD5 External References
M22-M1046Formbook_e890cec2Windows This strike sends a malware sample known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target.e890cec215217d4bb349ed6d944f018dhttps://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 9974a429ec5d7d08fd7622a4af3b4f3825655d288315dbc79d216fe5c05f1041
SHA1: 487b7bb68bc7575ae8fc413559e9b37ac45a4f71
MD5: e890cec215217d4bb349ed6d944f018d
M22-M105aKnot_0436580fWindows This strike sends a polymorphic malware sample known as Knot. Knot is a ransomware that downloads key data to "d.jpg" in the %TEMP%. It requests a ransom to be paid in bitcoin and supplies a knodecryptor once paid to decrypt the user's files.The binary has the checksum removed in the PE file format.0436580f7e118a3062450ffd13288c02https://twitter.com/malwrhunterteam/status/1346154943422586880
SHA256: 276f2c8f2c9f3db510c2f95d612b0e95d54d4f2ea42a9beca88ba93171653f83
https://arxiv.org/abs/1801.08917
PARENTID: M22-M1019
SSDEEP: 192:wk1AJN2nWdIJKsmRESwfXslNjRGZsP1oynK7UyqYUMt3BK16hnFHD:JAGnbG9lNoZy107UrE3OIH
SHA1: eb4027b470cb077659cbd1c92821c371e77062b1
MD5: 0436580f7e118a3062450ffd13288c02
M22-M105cDarkComet_a8ad7b28Windows This strike sends a polymorphic malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.The binary has random bytes appended at the end of the file.a8ad7b28b6b312633f97d542d3e18c66https://blog.talosintelligence.com/2022/01/threat-roundup-1231-0107.html
SHA256: 9da89f9be1fa7809e0a8e9b9dc5a750c0628d0ebc567823f22c5aa695582ae6b
https://attack.mitre.org/techniques/T1009/
PARENTID: M22-M1002
SSDEEP: 12288:NDCuBzlFUioLkrbg52IrPoZvyZmaAazWVoXzDtAq/4Mxumka2:NpBzlFUioLkrbg52IUZvyZmaZzwoPtAZ
SHA1: 4445f3eb26da75b593e2edc709e0f7bf9b67b029
MD5: a8ad7b28b6b312633f97d542d3e18c66
M22-M1045Emotet_e7902137Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.e79021377681dd21a34ea9a4d33dfbf6https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: c54e4cbc85743f3abe69ed618cb2a286ade902b863475430ba266c2743a327f0
SHA1: fe65e79a6c0d2b7f466666d9bc2d255e7cd23236
MD5: e79021377681dd21a34ea9a4d33dfbf6
M22-M1026Diavol_82177e34Windows This strike sends a malware sample known as Diavol. Diavol ransomware was first seen in 2021, but in 2022 the FBI formally linked the ransomware operation to the Trickbot group. The ransomware is known for using Asynchronous Procedure Calls with an asynchronous encryption algorithm. The ransomware also doesn't utilize obfuscation or anti-analysis techniques, but manages to make analysis difficult by storing its main routines inside bitmap images.82177e344fdd64c38e52f97120f60350https://www.zdnet.com/article/fbi-warning-this-new-ransomware-makes-demands-of-up-to-500000/
https://www.ic3.gov/Media/News/2022/220120.pdf
https://www.bleepingcomputer.com/news/security/fbi-links-diavol-ransomware-to-the-trickbot-cybercrime-group/
SHA256: 79456569b6aba9d00e641ce0067a0b18e4fe69232d6c356201d1ab62ebfe4c8f
SHA1: 0566976b068f5260c6b3197764d289fad3ae99b4
MD5: 82177e344fdd64c38e52f97120f60350
M22-M1029TeslaCrypt_854bca4dWindows This strike sends a malware sample known as TeslaCrypt.854bca4dcd3f09e07df658db8c2daed0https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 258dbee3dac0b5c1eec64c0d83082d14d6dd89672992812323b706c3cd3088d3
SHA1: 9159db2f37b02d02639d7fb45444cdd4083ad4d3
MD5: 854bca4dcd3f09e07df658db8c2daed0
M22-M1032Emotet_ab3cfa53Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.ab3cfa539864768c3f40d148911a6dcehttps://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: a54180d4143c442afb920bece4f3d9b230a8b0f4131a4955c17bbd87834b4d09
SHA1: 79021fa1dea58f13ee7dada4ec3c8f5633fe4ff6
MD5: ab3cfa539864768c3f40d148911a6dce
M22-M1068DarkComet_f1672da4Windows This strike sends a polymorphic malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.The binary has the checksum removed in the PE file format.f1672da40e317021e8e81a73de0aeaa3https://blog.talosintelligence.com/2022/01/threat-roundup-1231-0107.html
SHA256: b0fc1c54a929d5765e48be8bbb37d9727c91eda37790a20a08ea181cca38bf81
https://arxiv.org/abs/1801.08917
PARENTID: M22-M1002
SSDEEP: 12288:uDCuBzlFUioLkrbg52IrPoZvyZmaAazWVoXzDtAq/4Mxumka:upBzlFUioLkrbg52IUZvyZmaZzwoPtAR
SHA1: 3abe8ba617fd4be22d26342c806dd076573d8572
MD5: f1672da40e317021e8e81a73de0aeaa3
M22-M1049Emotet_f2110b23Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.f2110b231bf6209e17b59f232ca21b94https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 8d67e0c6a7c092fb47394fd2fd447e19f97b7f5e8d7c19142d5a99d3f1da9b9b
SHA1: a31be0e567dadcb6525fd4ae43aebb4da8eb6344
MD5: f2110b231bf6209e17b59f232ca21b94
M22-M1050DarkComet_8f371632Windows This strike sends a polymorphic malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.The binary has the timestamp field updated in the PE file header.8f3716323dee1adc19440a1a0ea4cbb7https://blog.talosintelligence.com/2022/01/threat-roundup-1231-0107.html
SHA256: d4febaf32282a69844cf5d2db0d64d849bab1666727ab774db340c383ce64eb3
https://attack.mitre.org/techniques/T1099/
PARENTID: M22-M1002
SSDEEP: 12288:aDCuBzlFUioLkrbg52IrPoZvyZmaAazWVoXzDtAq/4MxumkaU:apBzlFUioLkrbg52IUZvyZmaZzwoPtA/
SHA1: 4e4f3ad43af1db36b14b774a2c0a38f21eb16569
MD5: 8f3716323dee1adc19440a1a0ea4cbb7
M22-M1002DarkComet_06844957Windows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.06844957c6215d0ff53804e7e5a46567https://blog.talosintelligence.com/2022/01/threat-roundup-1231-0107.html
SHA256: 2c721d02e7bc49b5fa732bb8d04696b6268386b18e3b96237beba8d7f03a90ef
SHA1: 10d958496c0d1757331bcfb15f8e40f4123b9442
MD5: 06844957c6215d0ff53804e7e5a46567
M22-M1001Emotet_061262ceWindows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.061262ce488b46d0252fdc21d3d4bc7fhttps://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 393a5aa28bd615ef295ebb1039035b4714759c1c240693baab0b182ca4424331
SHA1: b8ff14625aa25fe8f4fb97bb194ac93571691ec0
MD5: 061262ce488b46d0252fdc21d3d4bc7f
M22-M1015Emotet_52316a19Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.52316a19d6a9ce260ca3e63a56168de8https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 13a830253182c44b1dcecd27f19ee2606108ef30208c73845326b536f3f57dc1
SHA1: 400f5382a49b4cb045eaa532c79e094254185a97
MD5: 52316a19d6a9ce260ca3e63a56168de8
M22-M100bEmotet_31457286Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.314572861360db51d2d49afb464d4a72https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 66d8e0cb70f93456f8b46b6035f1cb4a6b1bd062ecc48da03d5a4c8c23183fe5
SHA1: d4a55de3948089b82e93172c86766ab55b25a88e
MD5: 314572861360db51d2d49afb464d4a72
M22-M1062Knot_db44127cWindows This strike sends a polymorphic malware sample known as Knot. Knot is a ransomware that downloads key data to "d.jpg" in the %TEMP%. It requests a ransom to be paid in bitcoin and supplies a knodecryptor once paid to decrypt the user's files.The binary has a random section name renamed according to the PE format specification.db44127c7cdff0469fab4474cdaaa452https://twitter.com/malwrhunterteam/status/1346154943422586880
SHA256: dbece0f06e8a112850f12dfe2504fb4bcf7b70ad03137413c91feb03a6bd4cda
https://arxiv.org/abs/1801.08917
PARENTID: M22-M1019
SSDEEP: 192:wA1AJN2nWdIJKsmRESwfXslNjRGZsP1oynK7UyqYUMt3BK16hY6FHD:JAGnbG9lNoZy107UrE3O2H
SHA1: f7d092ff14c074d11369c2db332b21098c5d710c
MD5: db44127c7cdff0469fab4474cdaaa452
M22-M100aEmotet_2c8fd0a8Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.2c8fd0a8e770e5944ae20aa5c3f45e1ahttps://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 481c0933fec97ae812b0a3f19db4832c54b9f672b146d128dd0dedd8802e3cf3
SHA1: b078affbf7b91f0eef33c120992dcd9c108e1539
MD5: 2c8fd0a8e770e5944ae20aa5c3f45e1a
M22-M104fEmotet_6b8e4dc4Windows This strike sends a polymorphic malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.The binary has been packed using upx packer, with the default options.6b8e4dc413f5f537594d193dda39efe9https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: aed5c50c814cdf574dfd63ffac81fc58accf1746715b2597dbbf094488a4d186
https://attack.mitre.org/techniques/T1045/
PARENTID: M22-M102e
SSDEEP: 3072:DCwe8YOXcNgTYC1Ks59tGeYHlMKRVi6MrmsgArd4HmgTJpUVVP:DuOXc0YC8s5Ce2Vi6cmzArd4HmgteVP
SHA1: 75424b6e3034558ebb2528a96cef7ac286bc51a0
MD5: 6b8e4dc413f5f537594d193dda39efe9
M22-M1034TeslaCrypt_af3c3d0dWindows This strike sends a malware sample known as TeslaCrypt.af3c3d0d579ee843d7957d1a1423f2fchttps://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: b2b4c5872a530dc00005092804e35f5b6d940be0eae91321bec0963f1734972d
SHA1: cad2c063717dacb8b0077fbe98ca6889b59502d0
MD5: af3c3d0d579ee843d7957d1a1423f2fc
M22-M1037TeslaCrypt_b3b0743dWindows This strike sends a malware sample known as TeslaCrypt.b3b0743dc39bf9963736e85f61002134https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: da1ce7c3f19d0313188e4be9e06d363fb4f6faea0f98ad827afcac654de01093
SHA1: 597b2a9bd8014c1ea41c126967a7b1bd64f53b5b
MD5: b3b0743dc39bf9963736e85f61002134
M22-M1053DarkComet_74fa1e21Windows This strike sends a polymorphic malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.The binary has random strings (lorem ipsum) appended at the end of the file.74fa1e218c757e3745df3add55fff2c6https://blog.talosintelligence.com/2022/01/threat-roundup-1231-0107.html
SHA256: 216341d2c77c4c1c99cdc8ba8725e87a40aa07bce059be216915b01b89ba7a13
https://attack.mitre.org/techniques/T1009/
PARENTID: M22-M1012
SSDEEP: 12288:NDCuBzlFUioLkrbg52IrPoZvyZmaAazWVoXzDtAq/4Mxumkav:NpBzlFUioLkrbg52IUZvyZmaZzwoPtAE
SHA1: 73639070f46124ad171f9fa185df5a4784110752
MD5: 74fa1e218c757e3745df3add55fff2c6
M22-M1006Diavol_1aadb27cWindows This strike sends a malware sample known as Diavol. Diavol ransomware was first seen in 2021, but in 2022 the FBI formally linked the ransomware operation to the Trickbot group. The ransomware is known for using Asynchronous Procedure Calls with an asynchronous encryption algorithm. The ransomware also doesn't utilize obfuscation or anti-analysis techniques, but manages to make analysis difficult by storing its main routines inside bitmap images.1aadb27c19050b903a8cfc63f426db36https://www.zdnet.com/article/fbi-warning-this-new-ransomware-makes-demands-of-up-to-500000/
https://www.ic3.gov/Media/News/2022/220120.pdf
https://www.bleepingcomputer.com/news/security/fbi-links-diavol-ransomware-to-the-trickbot-cybercrime-group/
SHA256: b3da793a00eebaf8987fe2b759369e3d7ff02d91111c219c707bcb9709357637
SHA1: 8d890c547c1ca7538a6762e0077962661c3e0438
MD5: 1aadb27c19050b903a8cfc63f426db36
M22-M1052Emotet_22d632bdWindows This strike sends a polymorphic malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.The binary has the checksum removed in the PE file format.22d632bddf6ea7f623a15414b9b63669https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: dc1631a78d9230bec057e4cc3a9bbe5716ef9fd362d16c0adb1335faf7fc03ec
https://arxiv.org/abs/1801.08917
PARENTID: M22-M102e
SSDEEP: 6144:nykxrGZmfUiMANKYPRCeX94lMgasceGPpK/RHOVcD3l:DIcNKCRCa4lSsMAuoV
SHA1: 2b7e0f931941f710455023bb3c09cd02f4c5c980
MD5: 22d632bddf6ea7f623a15414b9b63669
M22-M1066Clop_eb846aabWindows This strike sends a polymorphic malware sample known as Clop. Clop ransomware was originally detected as a variant of the CryptoMix ransomware family. It currently targets entire networks instead of individual machines and even attempts to disable Windows Defender and other security tools. Before it begins encryption of the system, it disables target processes, which can include debuggers, text editors, IDEs, as well as a host of Windows processes like Windows 10 and Microsoft applications.The binary has a random section name renamed according to the PE format specification.eb846aab3d964db15250f61d12d20dc0https://www.blackfog.com/the-state-of-ransomware-in-2021/
https://www.picussecurity.com/resource/blog/3-ransomware-trends-you-need-to-know-in-2022-raas-multiple-extortion-iabs
SHA256: f5d401743e52dd2baff75ff0fbd9020ba40ec7a50f695201435fc9e082dcf052
https://arxiv.org/abs/1801.08917
PARENTID: M22-M1030
SSDEEP: 3072:unBo+To4tcI8C2Ey+gR06isZbNiY09pObCoz4lXEgARDkvdU5Rh4BmWGbsn5T:unBAG2dZbNiY09pObCoz4lXEgARDkvdH
SHA1: 4bb652c57713b5fe2339088d138d5c7ff68bfd11
MD5: eb846aab3d964db15250f61d12d20dc0
M22-M104dDarkComet_1a7f4440Windows This strike sends a polymorphic malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.The binary has been packed using upx packer, with the default options.1a7f44409dc48a420368033cc6e3c532https://blog.talosintelligence.com/2022/01/threat-roundup-1231-0107.html
SHA256: 626304938baeac4aa86f71df007f9e6d0c7091ae31ca0392bf0f5d58f093af3b
https://attack.mitre.org/techniques/T1045/
PARENTID: M22-M1012
SSDEEP: 12288:7atRptw45OywJRUgH2V52Vyv5bqxcZsqB+XVNgC4m7402yxPEoKUR:76HtLOyGRUKwIVyv5bq2uq0FNgC5f2y8
SHA1: 1bbc1f210a5320f20b7f05b03ea44803b459c42a
MD5: 1a7f44409dc48a420368033cc6e3c532
M22-M1040Emotet_d4e7d65bWindows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.d4e7d65bfdbdc3a4330bbb70b4ceefefhttps://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 06c3d2648b1d2b475f68b090a57e1a6663f4655911bf1189cdf2dba7fd5c7041
SHA1: 6d55e110af1612560d53fb98ee35322a9fd806cd
MD5: d4e7d65bfdbdc3a4330bbb70b4ceefef
M22-M103dTeslaCrypt_cea7506cWindows This strike sends a malware sample known as TeslaCrypt.cea7506c22e161b3703543ee421f70c8https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: e79d61e835be8d8fa45e2ff6ebcdbee0a78bdbe96967161feb8df880ecaaa80c
SHA1: ebe9a9c60d21d27b858b9f740a53e32cdef29cbb
MD5: cea7506c22e161b3703543ee421f70c8
M22-M105fKnot_b26cbc5cWindows This strike sends a polymorphic malware sample known as Knot. Knot is a ransomware that downloads key data to "d.jpg" in the %TEMP%. It requests a ransom to be paid in bitcoin and supplies a knodecryptor once paid to decrypt the user's files.The binary has random bytes appended at the end of the file.b26cbc5c13740cc38a8514e3db80ba49https://twitter.com/malwrhunterteam/status/1346154943422586880
SHA256: 29166aeb88cf0b7bcd72a7587f38b1c5d1e8e2ac74f5d2238418467a191650e1
https://attack.mitre.org/techniques/T1009/
PARENTID: M22-M1019
SSDEEP: 192:wk1AJN2nWdIJKsmRESwfXslNjRGZsP1oynK7UyqYUMt3BK16hY6FHDp:JAGnbG9lNoZy107UrE3O2Ht
SHA1: e7876026008ea1e550c3f5d28ed58d1db2c3e8c1
MD5: b26cbc5c13740cc38a8514e3db80ba49
M22-M1035Formbook_b0de6a61Windows This strike sends a malware sample known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target.b0de6a61550374c5e342fda91ee21533https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: b6abe895c1e9f421a725d5f366307e791adcd236f369bfb8e8c01277137b7bec
SHA1: 8db87a92f246e49d582305b87cc13511f320aa0a
MD5: b0de6a61550374c5e342fda91ee21533
M22-M1007DarkComet_2231d047Windows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.2231d047078a80ee15afbee2a34d554bhttps://blog.talosintelligence.com/2022/01/threat-roundup-1231-0107.html
SHA256: 3a6a64646baea4c118e22d54ebaac75368c7fd200acf29776769700e05142569
SHA1: cc3ea1e64b72e705933a4a8696415790004991c1
MD5: 2231d047078a80ee15afbee2a34d554b
M22-M104cDarkComet_ffc9ea7fWindows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.ffc9ea7f613f903d31218a0b3394600ahttps://blog.talosintelligence.com/2022/01/threat-roundup-1231-0107.html
SHA256: 429fa9f299eb2a772aa2a110007b50c95300b495d052ce68aaecac5e40734f44
SHA1: 11f2f7fb14963524dd004c0e42dc449e9e6a7bd0
MD5: ffc9ea7f613f903d31218a0b3394600a
M22-M1008Formbook_27765727Windows This strike sends a malware sample known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target.27765727c5049dc8be15211d83f12326https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 510f7f38ab0ec6700fc6c5bcae1573814e3745c491db14842f225a811529f7b6
SHA1: 6154bf18fc0b205c2bbcf899fe5d2263f6f3fc36
MD5: 27765727c5049dc8be15211d83f12326
M22-M1047TeslaCrypt_eae946a1Windows This strike sends a malware sample known as TeslaCrypt.eae946a10a840370d1d8ddb919b284f2https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 121c2f7f45a145aef70bb2135d432eccb619bcaf25ec17bc0a9ca7ff996e0b79
SHA1: d997726a00654f755c71e8b15dcfc6a4d8d8a733
MD5: eae946a10a840370d1d8ddb919b284f2
M22-M1059Emotet_35989c84Windows This strike sends a polymorphic malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.The binary has been packed using upx packer, with the default options.35989c844a2a70f6965b8a0559af7455https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 451cdfe9490c44f8b2a1b4a79c5beef9d52e4b175b41b428ec91710e6d376404
https://attack.mitre.org/techniques/T1045/
PARENTID: M22-M1040
SSDEEP: 3072:EYCsnI0y3TotI4O1VXuuU/Mx8fX4xyZJ2bHUMuRhUVVhsNgsACWHD3lYg:EtspITo4XuuU/UDbUMZVpD3l
SHA1: 92c2aab425ce91ed98e6deda0dd3330234ba1e2d
MD5: 35989c844a2a70f6965b8a0559af7455
M22-M104aFormbook_f416d6cbWindows This strike sends a malware sample known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target.f416d6cb3fe1c8dcfe901640810c34dahttps://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 7c994023900780cf406b0faadbf714648a26c0b8902c2751273ee778b62214f8
SHA1: f3eedb4167f04257df826ec4701dc3251d6d9640
MD5: f416d6cb3fe1c8dcfe901640810c34da
M22-M101eFormbook_74556c50Windows This strike sends a malware sample known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target.74556c50f37bc613e26d6c69383ba6c9https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: cd6500082d8a960ebc84d42debc785f4493e010dc10f98abf573578b747b6550
SHA1: 046d0ee1d50aa5999cfe37885b0593b075cc8df7
MD5: 74556c50f37bc613e26d6c69383ba6c9
M22-M1058Clop_5700ff4dWindows This strike sends a polymorphic malware sample known as Clop. Clop ransomware was originally detected as a variant of the CryptoMix ransomware family. It currently targets entire networks instead of individual machines and even attempts to disable Windows Defender and other security tools. Before it begins encryption of the system, it disables target processes, which can include debuggers, text editors, IDEs, as well as a host of Windows processes like Windows 10 and Microsoft applications.The binary has random bytes appended at the end of the file.5700ff4de05433adf34b7d953921309chttps://www.blackfog.com/the-state-of-ransomware-in-2021/
https://www.picussecurity.com/resource/blog/3-ransomware-trends-you-need-to-know-in-2022-raas-multiple-extortion-iabs
SHA256: 4a740ee92de3debd5dc8a56aea64630cc738d0baa2cd896b37e3f620e1e21b1a
https://attack.mitre.org/techniques/T1009/
PARENTID: M22-M1030
SSDEEP: 3072:bnBo+To4tcI8C2Ey+gR06isZbNiY09pObCoz4lXEgARDkvdU5Rh4BmWGbsn5Te:bnBAG2dZbNiY09pObCoz4lXEgARDkvdK
SHA1: 8e62c72af44a215f58793668cfe2cb24f215c22f
MD5: 5700ff4de05433adf34b7d953921309c
M22-M103eTeslaCrypt_d05d1a0cWindows This strike sends a malware sample known as TeslaCrypt.d05d1a0c12ab22e18f491d6e14c22eb5https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: d4127a66676797078995faf039c18f440e5c887095914fb181512f6b43f31218
SHA1: 1cf2c5ecca7b5ff4e4ceb061e16944e1f49a1e36
MD5: d05d1a0c12ab22e18f491d6e14c22eb5
M22-M105dDarkComet_ad8417d8Windows This strike sends a polymorphic malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.The binary has the timestamp field updated in the PE file header.ad8417d8eaacf3b633b9bead2ee3ef87https://blog.talosintelligence.com/2022/01/threat-roundup-1231-0107.html
SHA256: 7a479cae781431c23d2cddec910c7d041dd31e4811bee5b9cacc5258a27bc15e
https://attack.mitre.org/techniques/T1099/
PARENTID: M22-M1012
SSDEEP: 12288:hDCuBzlFUioLkrbg52IrPoZvyZmaAazWVoXzDtAq/4Mxumkae:hpBzlFUioLkrbg52IUZvyZmaZzwoPtA1
SHA1: 4a612a88de0359165a12e3ee29b5b3538d5abe20
MD5: ad8417d8eaacf3b633b9bead2ee3ef87
M22-M103aEmotet_bd2970adWindows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.bd2970ad4cc61e3c623b9d9d54ebbad5https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 5ea3ca9687bb119089f17f1d0296d3c7c8513fd0587856acb3df268665ec1b64
SHA1: c9f88a90088ea843167a7b66138ec816b16d6517
MD5: bd2970ad4cc61e3c623b9d9d54ebbad5
M22-M101fTeslaCrypt_751ec5f3Windows This strike sends a malware sample known as TeslaCrypt.751ec5f39b6fe277cad8374f11331f15https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 1ea238583665aa02e0b945dbd60d30c2aafe56a626f68d0b5a49a45d0a033d99
SHA1: 9dd93ea7948b3d045f9236f6e55098ea50efe51c
MD5: 751ec5f39b6fe277cad8374f11331f15
M22-M104eClop_3c8041dbWindows This strike sends a polymorphic malware sample known as Clop. Clop ransomware was originally detected as a variant of the CryptoMix ransomware family. It currently targets entire networks instead of individual machines and even attempts to disable Windows Defender and other security tools. Before it begins encryption of the system, it disables target processes, which can include debuggers, text editors, IDEs, as well as a host of Windows processes like Windows 10 and Microsoft applications.The binary file has one more imports added in the import table.3c8041db612aaae02f6a7817722d3860https://www.blackfog.com/the-state-of-ransomware-in-2021/
https://www.picussecurity.com/resource/blog/3-ransomware-trends-you-need-to-know-in-2022-raas-multiple-extortion-iabs
SHA256: ac4a5c09b1f100562e8d2db0291c88ff6801b2882f44b27b6379051646db6358
https://arxiv.org/abs/1702.05983
PARENTID: M22-M1030
SSDEEP: 3072:unBo+To4tcI8C2ET+gR06isZbNiY09pObCoz4lXEgARDkvdU5Rh4BmWGbsq5TsV:unBAG2uZbNiY09pObCoz4lXEgARDkvdI
SHA1: 71f9ce71f7d5bfc6fd5a3c6019c91db933f79fef
MD5: 3c8041db612aaae02f6a7817722d3860
M22-M1041TeslaCrypt_d9807993Windows This strike sends a malware sample known as TeslaCrypt.d9807993573f3877545868116b424bc7https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: c49a26ea4a0d5d886cb1ae31fea67ecbc6560bef1238315545a49daeea1e41d7
SHA1: 0816f1364acb25d7d84c3952c9b2be2feca57071
MD5: d9807993573f3877545868116b424bc7
M22-M1069Knot_f5254af2Windows This strike sends a polymorphic malware sample known as Knot. Knot is a ransomware that downloads key data to "d.jpg" in the %TEMP%. It requests a ransom to be paid in bitcoin and supplies a knodecryptor once paid to decrypt the user's files.The binary has random strings (lorem ipsum) appended at the end of the file.f5254af2e940448221167d674cc11fc0https://twitter.com/malwrhunterteam/status/1346154943422586880
SHA256: b2f8bcecf54b924901985766a14a3dfd8cb9091e21802cdfc5a13873ef71d02f
https://attack.mitre.org/techniques/T1009/
PARENTID: M22-M1019
SSDEEP: 192:wk1AJN2nWdIJKsmRESwfXslNjRGZsP1oynK7UyqYUMt3BK16hY6FHDHbU:JAGnbG9lNoZy107UrE3O2HvU
SHA1: 126f4e29c31e1ef5465b0d012459d308db36b9c1
MD5: f5254af2e940448221167d674cc11fc0
M22-M1023DarkComet_7ada5970Windows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.7ada5970aa4eaeff202d0e67d872ee2ehttps://blog.talosintelligence.com/2022/01/threat-roundup-1231-0107.html
SHA256: 3f38e55e17238844b9cffed80231074f946373717e2df5b308133fb3baab3294
SHA1: b818f9a77727cc20ba384812c65af793c934a174
MD5: 7ada5970aa4eaeff202d0e67d872ee2e
M22-M100eTeslaCrypt_3d1d2104Windows This strike sends a malware sample known as TeslaCrypt.3d1d21040e9d68cbf02e146ad0ad67ebhttps://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 4c1047afcf72657f290338efac15c4bb109735512edee5556f76307f975c4f68
SHA1: 1ba5dc500339977ef248125ccc8f6f66f3cb0f6f
MD5: 3d1d21040e9d68cbf02e146ad0ad67eb
M22-M1027Emotet_82c1170cWindows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.82c1170c14c34f977c5a1d7ff26da6f1https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 12e95f61882c78a85e157e3e2a55b8618d2db88dc1e2c9c78ca268add1df8536
SHA1: 77f7a237cdc62d487d72eb3685ddf999b9bf1cef
MD5: 82c1170c14c34f977c5a1d7ff26da6f1
M22-M1065Clop_df84820dWindows This strike sends a polymorphic malware sample known as Clop. Clop ransomware was originally detected as a variant of the CryptoMix ransomware family. It currently targets entire networks instead of individual machines and even attempts to disable Windows Defender and other security tools. Before it begins encryption of the system, it disables target processes, which can include debuggers, text editors, IDEs, as well as a host of Windows processes like Windows 10 and Microsoft applications.The binary has the timestamp field updated in the PE file header.df84820d39d82e9b44b189046271e03dhttps://www.blackfog.com/the-state-of-ransomware-in-2021/
https://www.picussecurity.com/resource/blog/3-ransomware-trends-you-need-to-know-in-2022-raas-multiple-extortion-iabs
SHA256: db8b145e5497abf7a115d21b89b6d299b3a611799ae4731d13b33e11c8a91320
https://attack.mitre.org/techniques/T1099/
PARENTID: M22-M1030
SSDEEP: 3072:dnBo+To4tcI8C2Ey+gR06isZbNiY09pObCoz4lXEgARDkvdU5Rh4BmWGbsn5T:dnBAG2dZbNiY09pObCoz4lXEgARDkvdH
SHA1: ce1968f26ad3c7d0ea95eb7aedabbf09d82ea538
MD5: df84820d39d82e9b44b189046271e03d
M22-M1016TeslaCrypt_54dff53bWindows This strike sends a malware sample known as TeslaCrypt.54dff53b7630c027c95c7285dd8d001ehttps://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 365600560bda560bfb54da92e92b5e9c041107f74b537387f6decb93ee62407d
SHA1: d7b63e7ee16b9e91845895cb4d4f2ac838c2db2d
MD5: 54dff53b7630c027c95c7285dd8d001e
M22-M104bFormbook_f5224cd8Windows This strike sends a malware sample known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target.f5224cd89a4c889a4dbff21a7386370ahttps://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 1647e862cda8703a09fae83fd3b186a556e8e95974bbe9044b02654681c93e37
SHA1: 67d354b6d12665e0a1cdbebb2c85b23bb01925be
MD5: f5224cd89a4c889a4dbff21a7386370a
M22-M102dTeslaCrypt_975117b1Windows This strike sends a malware sample known as TeslaCrypt.975117b1c5fd0363e160b381280a33fehttps://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 913b905a5986a297fe3d12e6230d2f5049d88694476934ea23503d316f93a469
SHA1: 3f6ecbdb96e74466cfc365985bf554a64fbcc898
MD5: 975117b1c5fd0363e160b381280a33fe
M22-M1042Emotet_ded35670Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.ded35670bda388674fbdf6cfb90d51c5https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 9eb8d59e0cd59a13c29a4659825ee710bcdc12c540ccf97c3fff64395e7325b9
SHA1: 8efd94a01a683cc90e85a65f30950f8f7eb09f37
MD5: ded35670bda388674fbdf6cfb90d51c5
M22-M1055Knot_302b61ccWindows This strike sends a polymorphic malware sample known as Knot. Knot is a ransomware that downloads key data to "d.jpg" in the %TEMP%. It requests a ransom to be paid in bitcoin and supplies a knodecryptor once paid to decrypt the user's files.The binary has random contents appended in one of the existing sections in the PE file format.302b61cc09ad102f5b1c05574d91579bhttps://twitter.com/malwrhunterteam/status/1346154943422586880
SHA256: 085711bdf0cc39109e61159819b3453df4eb6fc0d16863c2f2cc02a955c7d615
https://arxiv.org/abs/1801.08917
PARENTID: M22-M1019
SSDEEP: 192:wk1AJN2nWdIJKsmRESwfXslNjRGZsP1oynK7UyqYUMt3BK16hXIFHD:JAGnbG9lNoZy107UrE3OzH
SHA1: 52d686347587bbc1e03ce2fd8274c235e824b1ba
MD5: 302b61cc09ad102f5b1c05574d91579b
M22-M105eDarkComet_b6e67772Windows This strike sends a polymorphic malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.The binary has random bytes appended at the end of the file.b6e677725ccab82655970e14e88c61d8https://blog.talosintelligence.com/2022/01/threat-roundup-1231-0107.html
SHA256: b611bffce7bc0598d2883c45afd1b470a6f9e87bcd75ba0d8e28ecf5f79439b0
https://attack.mitre.org/techniques/T1009/
PARENTID: M22-M1012
SSDEEP: 12288:NDCuBzlFUioLkrbg52IrPoZvyZmaAazWVoXzDtAq/4Mxumka6:NpBzlFUioLkrbg52IUZvyZmaZzwoPtAl
SHA1: 733d7e7a4870bc07ad8aaca0bc634b9ecc22c270
MD5: b6e677725ccab82655970e14e88c61d8
M22-M102cClop_9609f431Windows This strike sends a malware sample known as Clop. Clop ransomware was originally detected as a variant of the CryptoMix ransomware family. It currently targets entire networks instead of individual machines and even attempts to disable Windows Defender and other security tools. Before it begins encryption of the system, it disables target processes, which can include debuggers, text editors, IDEs, as well as a host of Windows processes like Windows 10 and Microsoft applications.9609f431724b58e4830caa8edbe80762https://www.blackfog.com/the-state-of-ransomware-in-2021/
https://www.picussecurity.com/resource/blog/3-ransomware-trends-you-need-to-know-in-2022-raas-multiple-extortion-iabs
SHA256: e805dd0124b9f062f6b5bc9de627eabc601b9d6e8ffe1d90ee552a1ece598a89
SHA1: 129904a3c2162d7f028285a911d95b2d84887f45
MD5: 9609f431724b58e4830caa8edbe80762
M22-M1067DarkComet_f1672da4Windows This strike sends a polymorphic malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.The binary has the checksum removed in the PE file format.f1672da40e317021e8e81a73de0aeaa3https://blog.talosintelligence.com/2022/01/threat-roundup-1231-0107.html
SHA256: b0fc1c54a929d5765e48be8bbb37d9727c91eda37790a20a08ea181cca38bf81
https://arxiv.org/abs/1801.08917
PARENTID: M22-M1012
SSDEEP: 12288:uDCuBzlFUioLkrbg52IrPoZvyZmaAazWVoXzDtAq/4Mxumka:upBzlFUioLkrbg52IUZvyZmaZzwoPtAR
SHA1: 3abe8ba617fd4be22d26342c806dd076573d8572
MD5: f1672da40e317021e8e81a73de0aeaa3
M22-M1014Formbook_4c2e538cWindows This strike sends a malware sample known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target.4c2e538cb6b68a7d8c36cdfcd1a845efhttps://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 240bdc96945fcfa4ba9cb6de44b6a934169c3880851fb544e4bea0520deabc71
SHA1: 280acbd7761b2f6941abc731708fed95e5e7aaab
MD5: 4c2e538cb6b68a7d8c36cdfcd1a845ef
M22-M101cEmotet_69833f53Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.69833f53d536888fc2c2d533b33c571dhttps://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: ca71c92a2a19eacd0e821a7c61ffca8e97d9130da1f34c470b8e21b27c6ada86
SHA1: 4925c7b5c8bcdd0e09fe9d38f2f96e211d0d0278
MD5: 69833f53d536888fc2c2d533b33c571d
M22-M100dFormbook_3915ee59Windows This strike sends a malware sample known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target.3915ee5917342673cd8edf72819784e6https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 950782dc6a03bd8b6c5efed3b97e10a8b00487dfab7ddd2141cf6762a56fa5ba
SHA1: 76731433c31fa973fc56772da33d3cb698049fab
MD5: 3915ee5917342673cd8edf72819784e6
M22-M1020Diavol_76cecfeaWindows This strike sends a malware sample known as Diavol. Diavol ransomware was first seen in 2021, but in 2022 the FBI formally linked the ransomware operation to the Trickbot group. The ransomware is known for using Asynchronous Procedure Calls with an asynchronous encryption algorithm. The ransomware also doesn't utilize obfuscation or anti-analysis techniques, but manages to make analysis difficult by storing its main routines inside bitmap images.76cecfea2747a8b486ceb431a4e99149https://www.zdnet.com/article/fbi-warning-this-new-ransomware-makes-demands-of-up-to-500000/
https://www.ic3.gov/Media/News/2022/220120.pdf
https://www.bleepingcomputer.com/news/security/fbi-links-diavol-ransomware-to-the-trickbot-cybercrime-group/
SHA256: 2723c9b143ef85be072e18f670e06335c45bdb0ba369381f97f96658ae3503b0
SHA1: 873ef2b7990ae5ffd8ffcefb9ab3e47d7921d77f
MD5: 76cecfea2747a8b486ceb431a4e99149
M22-M101dEmotet_6a874f58Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.6a874f582aa5cfd1c75a52c5ed8e8a92https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: a63fa24b9383773af9520175db4ab4c68736534eae4149a120aa80b310697800
SHA1: a0e326f597ac33f3a615a28c46d3132802ae5dc5
MD5: 6a874f582aa5cfd1c75a52c5ed8e8a92
M22-M1054Clop_77e19f05Windows This strike sends a polymorphic malware sample known as Clop. Clop ransomware was originally detected as a variant of the CryptoMix ransomware family. It currently targets entire networks instead of individual machines and even attempts to disable Windows Defender and other security tools. Before it begins encryption of the system, it disables target processes, which can include debuggers, text editors, IDEs, as well as a host of Windows processes like Windows 10 and Microsoft applications.The binary has the debug flag removed in the PE file format.77e19f056443b6dbbcccc1336251a7e4https://www.blackfog.com/the-state-of-ransomware-in-2021/
https://www.picussecurity.com/resource/blog/3-ransomware-trends-you-need-to-know-in-2022-raas-multiple-extortion-iabs
SHA256: 9673af9c2daee895d2a85ea4ea48ad6b58f6e59644d291eb93135593747cc76e
https://arxiv.org/abs/1801.08917
PARENTID: M22-M1030
SSDEEP: 3072:HnBo+To4tcI8C2Ey+gR06isZbNiY09pObCoz4lXEgARDkvdU5Rh4BmWGbsn5T:HnBAG2dZbNiY09pObCoz4lXEgARDkvdH
SHA1: 7e8ced2733cbdff8b8d026a272ad318f81ec1ebc
MD5: 77e19f056443b6dbbcccc1336251a7e4
M22-M1019Knot_5e9dcfb6Windows This strike sends a malware sample known as Knot. Knot is a ransomware that downloads key data to "d.jpg" in the %TEMP%. It requests a ransom to be paid in bitcoin and supplies a knodecryptor once paid to decrypt the user's files.5e9dcfb6141d521b6f2b16ab0dbe237ehttps://twitter.com/malwrhunterteam/status/1346154943422586880
SHA256: 597f7c7dea4d318bdab40158490f504a9c62a3f5691984ee26c7ebb92cce39d8
SHA1: ec3e863c38c88d1e05f833aa7693a8abb409fe5a
MD5: 5e9dcfb6141d521b6f2b16ab0dbe237e
M22-M102bFormbook_8f905d0cWindows This strike sends a malware sample known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target.8f905d0c1831985db19e53d2b442fbd4https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: a0866c2fec646dcdd2fd6a7d6b1789c83035d3d9fbee428ba1cfa004c854a513
SHA1: 00496e98cc1f6ece3c5d149f73635cbadceed6c4
MD5: 8f905d0c1831985db19e53d2b442fbd4
M22-M103cEmotet_c7962586Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.c7962586a21f367da0b957cb181e83e5https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: b87d179fdf5096d136fc20fef244fcb76b40fa18e714a72e850981c63cff5751
SHA1: 5f4fd5463110215ba2a5e874eaf458796fe2d920
MD5: c7962586a21f367da0b957cb181e83e5
M22-M1057DarkComet_525c90b0Windows This strike sends a polymorphic malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.The binary has random strings (lorem ipsum) appended at the end of the file.525c90b09a41da79d49ba246b6c2e5c1https://blog.talosintelligence.com/2022/01/threat-roundup-1231-0107.html
SHA256: 60a5205e5bf34c82ae8610e31ab72ec17fb47c9e871d249f98a1a9d71d10b746
https://attack.mitre.org/techniques/T1009/
PARENTID: M22-M1002
SSDEEP: 12288:NDCuBzlFUioLkrbg52IrPoZvyZmaAazWVoXzDtAq/4Mxumkal:NpBzlFUioLkrbg52IUZvyZmaZzwoPtA2
SHA1: 0e0422be631dcde11fa1ebd24e90baa2e5c76256
MD5: 525c90b09a41da79d49ba246b6c2e5c1
M22-M1003Emotet_07a132c1Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.07a132c19d1feaecd623e3c271134af2https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 1cb866787cde396a05930e6b98bacdc1400a7f4eb118a0b2411170f41bb98fa6
SHA1: 7fed04b1ad408c00aaade8510a4bc09403185d10
MD5: 07a132c19d1feaecd623e3c271134af2
M22-M1028DarkComet_82c13f1aWindows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.82c13f1ae5f54f140e91b1f06187fc4chttps://blog.talosintelligence.com/2022/01/threat-roundup-1231-0107.html
SHA256: 404d69ad873e280aab7c640312c0cc54e39bd77daf1b91f4b9b617a8ad752449
SHA1: d95185b61f4839131fe918b482933b50f24c1252
MD5: 82c13f1ae5f54f140e91b1f06187fc4c
M22-M106aKnot_fe2bf4f2Windows This strike sends a polymorphic malware sample known as Knot. Knot is a ransomware that downloads key data to "d.jpg" in the %TEMP%. It requests a ransom to be paid in bitcoin and supplies a knodecryptor once paid to decrypt the user's files.The binary has the timestamp field updated in the PE file header.fe2bf4f242f5e4f03eb16a4b48126212https://twitter.com/malwrhunterteam/status/1346154943422586880
SHA256: 40cfcc73662f8f1fa146441bb2646730e8b6dbaaec65c5ac59f2c6619bd768b3
https://attack.mitre.org/techniques/T1099/
PARENTID: M22-M1019
SSDEEP: 192:wB1AJN2nWdIJKsmRESwfXslNjRGZsP1oynK7UyqYUMt3BK16hY6FHD:wAGnbG9lNoZy107UrE3O2H
SHA1: b4c9baebd17d4b41b36b03a7e88027cf6d3fc99f
MD5: fe2bf4f242f5e4f03eb16a4b48126212
M22-M1064DarkComet_dd9c342aWindows This strike sends a polymorphic malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.The binary has a random section name renamed according to the PE format specification.dd9c342a0c4ce50441af2794586eb243https://blog.talosintelligence.com/2022/01/threat-roundup-1231-0107.html
SHA256: ab72b16cc6c7cad7cc8a454eb0047ff4d471d236be3ac493626184c5e86c50de
https://arxiv.org/abs/1801.08917
PARENTID: M22-M1012
SSDEEP: 12288:MDCuBzlFUioLkrbg52IrPoZvyZmaAazWVoXzDtAq/4Mxumkae:MpBzlFUioLkrbg52IUZvyZmaZzwoPtA1
SHA1: c62b7ec8a4ed5688241f3433cbebc9785bb562bb
MD5: dd9c342a0c4ce50441af2794586eb243
M22-M1024Emotet_7e8708c2Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.7e8708c2095b5b3bd833f96fc20e4dc7https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 4e0e7a0e5c0c43c1c30bf5205ea89c582b72acbb8c2ec2de2d55181e14a004d0
SHA1: fc4ec20e2ce1d1c19f5f829cc8c845bf1aa31cc9
MD5: 7e8708c2095b5b3bd833f96fc20e4dc7
M22-M1025Formbook_7ecee2abWindows This strike sends a malware sample known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target.7ecee2ab9f46ab359d0978df98ac4fafhttps://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: a7021b70e6a1da764ad426f42cba3192dc9625c5e52db71663486a500d2f8c57
SHA1: 0048327e6c613aaf8846a652902b2e1732bc88c2
MD5: 7ecee2ab9f46ab359d0978df98ac4faf
M22-M1031Formbook_a8cea309Windows This strike sends a malware sample known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target.a8cea309992bd4d8ba810a134c6e42f9https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 4dc279688497b4d2667aac434da1844f3ad71d2a9243aec603bc5f54bae4de7f
SHA1: f8b9f2ff40fee33766cfaf37a5b4ce7e1ab37db1
MD5: a8cea309992bd4d8ba810a134c6e42f9
M22-M1021Emotet_77157bacWindows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.77157bac82df74cfbc5010f637893c51https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 92eae079aa909c98c6780a8f204511cea4907dc69c7a0de7c3a49d144082053c
SHA1: 02015841911b9f7e7283584d13a45c86860de91b
MD5: 77157bac82df74cfbc5010f637893c51
M22-M1010TeslaCrypt_412f4761Windows This strike sends a malware sample known as TeslaCrypt.412f4761dcf9e20ad8a05a16663fbc7ehttps://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 4325a158eb0bec5be2f27ab85e7ae85817637981da91949e0ccb655089664173
SHA1: 6ddbb7dadce5e01bcce0ac718e7e875a673b6d29
MD5: 412f4761dcf9e20ad8a05a16663fbc7e
M22-M1012DarkComet_4728b416Windows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.4728b41696a634edc12be912acf8cd82https://blog.talosintelligence.com/2022/01/threat-roundup-1231-0107.html
SHA256: 336e70f824c8b75b7af305a30d7a30951230f7b9620db472f5b9e3b6b498ac65
SHA1: c21c5c59f41b85525443559f70ce581b7bb41ad9
MD5: 4728b41696a634edc12be912acf8cd82
M22-M100cFormbook_3887644aWindows This strike sends a malware sample known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target.3887644a8b40a31b9916c390acff825chttps://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: e917a56bea4a95040d834f7abbb434930469c41eb338b45100eababa5e8dbe72
SHA1: bae6c0daaf22de1abbbdc2c3dd2e2e7bb174ad91
MD5: 3887644a8b40a31b9916c390acff825c
M22-M103fFormbook_d1ef4711Windows This strike sends a malware sample known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target.d1ef4711e6d940cfbdf343767f94d5f4https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: e25e855ed9ec167424b52fcb74a7bc062c97d95d6717d9e7e4a4bc30422bf27e
SHA1: 15433f7fd8527af2c3bc62b27f884921141fa548
MD5: d1ef4711e6d940cfbdf343767f94d5f4
M22-M1051DarkComet_9c8da8aeWindows This strike sends a polymorphic malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.The binary has been packed using upx packer, with the default options.9c8da8ae53f23da497a103cb532e06abhttps://blog.talosintelligence.com/2022/01/threat-roundup-1231-0107.html
SHA256: 6a2de2ed9ed17f5af6bc000cb6fe2c5e6be7990832e3b1310f6387968a8c51ff
https://attack.mitre.org/techniques/T1045/
PARENTID: M22-M1002
SSDEEP: 12288:Okj6KQCL/nkQ0krM6I5+E2qKjAjgNxqRlK4+c3yzJUlxdOPTQWR:+KQCL/nQk/I5BZTjigRE4DizSlxdOc
SHA1: 73412d31dbf3b99c093f245ebfccee6aa74d5593
MD5: 9c8da8ae53f23da497a103cb532e06ab
M22-M1036TeslaCrypt_b345e64aWindows This strike sends a malware sample known as TeslaCrypt.b345e64a78fb601f096abf9e024ca89chttps://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 7c7e50f0309a712d68fab3101725e85d0941abf89bf8878a2c2f1d2c1d0cf004
SHA1: 7d0467f6611c556564fa6d9623b0670185f198f2
MD5: b345e64a78fb601f096abf9e024ca89c
M22-M1044TeslaCrypt_e747b47bWindows This strike sends a malware sample known as TeslaCrypt.e747b47bf6413c1c9c8b390c1d6968f3https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 304bcf21c5b43dbab900364c0191b0724f012700d682f2d4d74dcd36a4e5b350
SHA1: f0612d911b7dd4b97810e4352d81dbfcfa591a61
MD5: e747b47bf6413c1c9c8b390c1d6968f3
M22-M1048Emotet_eb1db6d0Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.eb1db6d06bccf86bc8d8240cda956938https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 752bec3d4f7336dbd0119835c1832bde97712d1729a1d19fa0735cc042c3d1df
SHA1: 085a155175d2ff0ed7ef9cc590f2c2347f8fcf37
MD5: eb1db6d06bccf86bc8d8240cda956938
M22-M102aFormbook_8a8fa678Windows This strike sends a malware sample known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target.8a8fa678e6d18beffd6edf5ab7c8f87ahttps://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 7966c0e03744516fe703cf940ddb8aa1cff90f44033db7a528f85aa690c92b6a
SHA1: 002a463964705d2e99fdd12f89c903c8d1da6301
MD5: 8a8fa678e6d18beffd6edf5ab7c8f87a
M22-M1030Clop_a8cc764eWindows This strike sends a malware sample known as Clop. Clop ransomware was originally detected as a variant of the CryptoMix ransomware family. It currently targets entire networks instead of individual machines and even attempts to disable Windows Defender and other security tools. Before it begins encryption of the system, it disables target processes, which can include debuggers, text editors, IDEs, as well as a host of Windows processes like Windows 10 and Microsoft applications.a8cc764e7c7a62a0fc26bbe3df31daa6https://www.blackfog.com/the-state-of-ransomware-in-2021/
https://www.picussecurity.com/resource/blog/3-ransomware-trends-you-need-to-know-in-2022-raas-multiple-extortion-iabs
SHA256: ae355c321f1fe36c9539457301a3cf5d8babc58c72a3f6a5ef160253b4002b1a
SHA1: 2a35dbc6480a6834f3b506c50418c4e77472db06
MD5: a8cc764e7c7a62a0fc26bbe3df31daa6
M22-M106dBotenaGo_aa594ae6Linux The malware BotenaGo is written in the open-source programming language Golang. It was originally discovered in 2021, but the source code was pushed to Github in 2022 and made available to the public. This BotenaGo variant as well as many others is expected to be used in future Exploit-Kits and malware targeting routers and IoT devices, as it contains roughly 33 exploits aimed at the vulnerabilities in these devices. To communicate it uses a reverse shell and a telnet loader to create a backdoor to receive commands from its command-and-control server.aa594ae685122794921ee62696102718https://cybersecurity.att.com/blogs/labs-research/botenago-strike-again-malware-source-code-uploaded-to-github
https://www.darkreading.com
https://threatpost.com/botenago-botnet-code-leaked-to-github/178059/
SHA256: fef2b32e34ac1b64281c5083e7fc6e055c885820a38fa5eed1f563e38e04c6db
SHA1: cca00b32d610becf3c5ae9e99ce86a320d5dac87
MD5: aa594ae685122794921ee62696102718
M22-M1033Clop_abdf4986Windows This strike sends a malware sample known as Clop. Clop ransomware was originally detected as a variant of the CryptoMix ransomware family. It currently targets entire networks instead of individual machines and even attempts to disable Windows Defender and other security tools. Before it begins encryption of the system, it disables target processes, which can include debuggers, text editors, IDEs, as well as a host of Windows processes like Windows 10 and Microsoft applications.abdf498691f2b028bae0fa4276edc04bhttps://www.blackfog.com/the-state-of-ransomware-in-2021/
https://www.picussecurity.com/resource/blog/3-ransomware-trends-you-need-to-know-in-2022-raas-multiple-extortion-iabs
SHA256: 15f9ed36d9efc6e570b4f506791ce2c6a849853e2f6d587f30fb12d39dba2649
SHA1: fb81951ebcd5cb111633bf4b6f78a18c522f37b9
MD5: abdf498691f2b028bae0fa4276edc04b
M22-M1060DarkComet_c288a312Windows This strike sends a polymorphic malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.The binary has random contents appended in one of the existing sections in the PE file format.c288a31269c6d2b85e08603cfe6eafe4https://blog.talosintelligence.com/2022/01/threat-roundup-1231-0107.html
SHA256: b5fd65ed705ed1333c5c75f62ac7025a6da142acb26050b705d2f4b1e8d831b4
https://arxiv.org/abs/1801.08917
PARENTID: M22-M1002
SSDEEP: 12288:NDCuBzlFUioLkrbg52IrPoZvyZmaAazWVoXzDtAq/4Mxumka:NpBzlFUioLkrbg52IUZvyZmaZzwoPtAR
SHA1: 38ca8d7ed1b38e35dd32e3df95b511c6a6c6f219
MD5: c288a31269c6d2b85e08603cfe6eafe4
M22-M101aEmotet_61214202Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.61214202b2cf47ac495e9a26dd967ab1https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: a4139348f896ad35e43df357c61fabce3b9fd50ff27dbec5ca0dcd41a9bf3793
SHA1: 6f83b69078da606e7d897463fae0a1d781dcaef3
MD5: 61214202b2cf47ac495e9a26dd967ab1
M22-M100fEmotet_3eb9a044Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.3eb9a044ac8c8f5685c9b43deb4c8755https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 0a6fb19750d81167a396597ae6064d7bae8ce3023a89c992e476eefeec762efc
SHA1: db72b3f3b363afa35d4ebb62612b7ed8598374e1
MD5: 3eb9a044ac8c8f5685c9b43deb4c8755
M22-M102eEmotet_a2935c23Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.a2935c23622f35302f4b43121d62727bhttps://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 05f3e913f57d9be016e050e214f25b803249583c29c62e867db3c4049bc4c0cd
SHA1: 4b4b5b7c5e5dc98883ea479c155ff69cb794fc6f
MD5: a2935c23622f35302f4b43121d62727b
M22-M1009Emotet_2a0d4de9Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.2a0d4de98de7038d61185c4fcfa5e0b6https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: a6ea26ed68e3d13b013fcd70ecacd95482b15f4d5309afbb68e172eeda148d08
SHA1: 3b26c3c7e7d73f3b1c0fe7f76ddc83ea64acb861
MD5: 2a0d4de98de7038d61185c4fcfa5e0b6
M22-M106cBotenaGo_29cb03edLinux The malware BotenaGo is written in the open-source programming language Golang. It was originally discovered in 2021, but the source code was pushed to Github in 2022 and made available to the public. This BotenaGo variant as well as many others is expected to be used in future Exploit-Kits and malware targeting routers and IoT devices, as it contains roughly 33 exploits aimed at the vulnerabilities in these devices. To communicate it uses a reverse shell and a telnet loader to create a backdoor to receive commands from its command-and-control server.29cb03edd8b97afe1d3d95c0fc6fa249https://cybersecurity.att.com/blogs/labs-research/botenago-strike-again-malware-source-code-uploaded-to-github
https://www.darkreading.com
https://threatpost.com/botenago-botnet-code-leaked-to-github/178059/
SHA256: 0c395715bfeb8f89959be721cd2f614d2edb260614d5a21e90cc4c142f5d83ad
SHA1: 01dc59199691ce32fd9ae77e90dad70647337c25
MD5: 29cb03edd8b97afe1d3d95c0fc6fa249
M22-M1022Formbook_79071d4bWindows This strike sends a malware sample known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target.79071d4b37fd17e5e11aa6519894631fhttps://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 740123e812161d9fa12ee440ea789be2073b071a60fc1c9979052d73a0cb1b2c
SHA1: cd0770c34008ae798d9746ebaac9c74aff6719f3
MD5: 79071d4b37fd17e5e11aa6519894631f
M22-M106bBotenaGo_27a4dfa1Linux The malware BotenaGo is written in the open-source programming language Golang. It was originally discovered in 2021, but the source code was pushed to Github in 2022 and made available to the public. This BotenaGo variant as well as many others is expected to be used in future Exploit-Kits and malware targeting routers and IoT devices, as it contains roughly 33 exploits aimed at the vulnerabilities in these devices. To communicate it uses a reverse shell and a telnet loader to create a backdoor to receive commands from its command-and-control server.27a4dfa1380e3866d89c79dd8f27f6achttps://cybersecurity.att.com/blogs/labs-research/botenago-strike-again-malware-source-code-uploaded-to-github
https://www.darkreading.com
https://threatpost.com/botenago-botnet-code-leaked-to-github/178059/
SHA256: b1bcf8deb7861e7292f6b5881e5fe22ba8886653790f0128cdc4979cb5945e1b
SHA1: eb6bbfe8d2860f1ee1b269157d00bfa0c0808932
MD5: 27a4dfa1380e3866d89c79dd8f27f6ac
M22-M1013TeslaCrypt_4bdd826eWindows This strike sends a malware sample known as TeslaCrypt.4bdd826e9cd92d7cd6a44d36d8793301https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 6a0157683ee747506022765d6fa3d56e2e49d0b757b6deedffafce6c10cd9122
SHA1: 3cfe5e855b65aefd7511e5b522a2a8af60dca4ad
MD5: 4bdd826e9cd92d7cd6a44d36d8793301
M22-M103bFormbook_c7427f66Windows This strike sends a malware sample known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target.c7427f66130867e74aa2bb018117d5fbhttps://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: d7f3cc4b2274089a62b05e2b63297c32f5e2f10938f8161449103b9504a664fb
SHA1: 96c800bc728b72e889146356801cca3533a0d5ae
MD5: c7427f66130867e74aa2bb018117d5fb
M22-M1039Emotet_bbcb2ae7Windows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.bbcb2ae776fc56d292f741c4de5394fchttps://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: c33bd8aa85521609d4ad4e2cb10d41b770aa03db793e81e678f884eb9a07666c
SHA1: b43f747678f93d25ca3aa0750ac9fd8b7f186296
MD5: bbcb2ae776fc56d292f741c4de5394fc
M22-M1018Emotet_5a53c95eWindows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.5a53c95ec818e32cec3e647a41420fbdhttps://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 950711d737cbe3f898176f4fd63e3b2f56949cfe284321471fda9c712b4900af
SHA1: 40f13efd8d0273f5f4ba7f1555a6735966f05d14
MD5: 5a53c95ec818e32cec3e647a41420fbd
M22-M1056DarkComet_356cc373Windows This strike sends a polymorphic malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.The binary has random contents appended in one of the existing sections in the PE file format.356cc3735d57b3a84584561c260dfc66https://blog.talosintelligence.com/2022/01/threat-roundup-1231-0107.html
SHA256: 9d88bb9ef7c19df3a53a42596b156d429c6fef4c2a0ab34ec9817479424f181c
https://arxiv.org/abs/1801.08917
PARENTID: M22-M1012
SSDEEP: 12288:NDCuBzlFUioLkrbg52IrPoZvyZmaAazWVoXzDtAq/4Mxumka:NpBzlFUioLkrbg52IUZvyZmaZzwoPtAR
SHA1: 5c10c397ce64d480a355543849d8eac21d68e9b6
MD5: 356cc3735d57b3a84584561c260dfc66
M22-M1038Formbook_b5035713Windows This strike sends a malware sample known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target.b50357138009c1963250582b787bd78ahttps://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 5ad37f7fa1266038aaab477b4449d03e5ef05670b792e95adedc0a76e50f6c23
SHA1: f43ee730521216e0fa97bdc5f4f08982fb3b84a3
MD5: b50357138009c1963250582b787bd78a
M22-M1063DarkComet_dbf7ba48Windows This strike sends a polymorphic malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.The binary has a random section name renamed according to the PE format specification.dbf7ba480e7019322a3c7b12bcee3060https://blog.talosintelligence.com/2022/01/threat-roundup-1231-0107.html
SHA256: 9fd647803dfc1fb4886c2a11ebf757c62c21f8c7e348b1bf2fc79b70284bad01
https://arxiv.org/abs/1801.08917
PARENTID: M22-M1002
SSDEEP: 12288:TDCuBzlFUioLkrbg52IrPoZvyZmaAazWVoXzDtAq/4MxumkaU:TpBzlFUioLkrbg52IUZvyZmaZzwoPtA/
SHA1: 5bf49c8556aa91f18cbb1271211ea723397fbb85
MD5: dbf7ba480e7019322a3c7b12bcee3060
M22-M102fFormbook_a2a964f2Windows This strike sends a malware sample known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target.a2a964f29b250bc0a0f02dc27da66af7https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: cb46011cd6fd2d8931a706b9d3f218b99098e0046b614698846b195c98c287a2
SHA1: f5f1760418e74f30ffa09401b9ff7108524aaeb4
MD5: a2a964f29b250bc0a0f02dc27da66af7
M22-M101bTeslaCrypt_6626b29fWindows This strike sends a malware sample known as TeslaCrypt.6626b29fab9e9465d265344871bc897ehttps://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: d835ed425ab7e55384fb59d3c4e3a48dec10438d1bc8ec8ec5e57ae6216728d9
SHA1: 62f9ee4a45bb6f16dcb742ddfffa46de99a00778
MD5: 6626b29fab9e9465d265344871bc897e
M22-M1061Clop_cff8284fWindows This strike sends a polymorphic malware sample known as Clop. Clop ransomware was originally detected as a variant of the CryptoMix ransomware family. It currently targets entire networks instead of individual machines and even attempts to disable Windows Defender and other security tools. Before it begins encryption of the system, it disables target processes, which can include debuggers, text editors, IDEs, as well as a host of Windows processes like Windows 10 and Microsoft applications.The binary has been packed using upx packer, with the default options.cff8284fc354db8d10f0b98c207a990ahttps://www.blackfog.com/the-state-of-ransomware-in-2021/
https://www.picussecurity.com/resource/blog/3-ransomware-trends-you-need-to-know-in-2022-raas-multiple-extortion-iabs
SHA256: de1d61c54b2cbb10a0b0d186940c73922e314cb51cae6cec3eed943739433349
https://attack.mitre.org/techniques/T1045/
PARENTID: M22-M1030
SSDEEP: 768:AAm/ZfZJMgKnleYRR+bpaiZqDRO1/5g+hAqM4GC4QUr/3mBOFNBK3IeXlVn+1AJE:AA0rKnleq+8Nc1/lKv7r/3mBOb1l1e
SHA1: f5d7d91e2472aca30f0885cabbd1ff7556ed1b24
MD5: cff8284fc354db8d10f0b98c207a990a
M22-M1011Formbook_44bf8f92Windows This strike sends a malware sample known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target.44bf8f92e9f2f06894bc8b897202baf4https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 87e005cb13d5df4083aa802e64a630b6b6b7473e0e76b11b9a49ef6f2a812742
SHA1: 7557f34643586de2ecdfbdd9f575e6e37e8a9e79
MD5: 44bf8f92e9f2f06894bc8b897202baf4
M22-M105bEmotet_882439a0Windows This strike sends a polymorphic malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.The binary has the timestamp field updated in the PE file header.882439a02af524719ca974b0925d42c9https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 338114e0df755efa49171ed5a95a30622a07acb09b94d8ca95218dd29a5b2cfd
https://attack.mitre.org/techniques/T1099/
PARENTID: M22-M1040
SSDEEP: 6144:cykxrGZmfUiMANKYPRCeX94lMgasceGP/K/RHOVcD3l7:iIcNKCRCa4lSsM6uoV7
SHA1: 7094e0d429aa6882bd7c975cfdb4e3c43cff8494
MD5: 882439a02af524719ca974b0925d42c9
M22-M1043Emotet_df080c0cWindows This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.df080c0cfa03ff1444dd310bbeec1fe4https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 584f6fdb2f6741744255b292312bde5abeda33eabdbabfef6a43d6cf0c2aa6d7
SHA1: 0d7e0f4fa4e086b46a70e3e9ac6a752b43d5fdba
MD5: df080c0cfa03ff1444dd310bbeec1fe4
M22-M1005TeslaCrypt_1a0731a3Windows This strike sends a malware sample known as TeslaCrypt.1a0731a3fde61b4f8d190fe11a6022abhttps://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: e69435b3c13c78d4d813513f3b558563fe4397497fdcb51f1e01368627dbbd78
SHA1: 79c283851b71bafd5d39a97c87e22fbca5e7db4a
MD5: 1a0731a3fde61b4f8d190fe11a6022ab
M22-M1004Formbook_0d6b09e8Windows This strike sends a malware sample known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target.0d6b09e8ded8569b94bc181419a4b3dbhttps://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: 51c8411a517e81f9e38e1d38eafdf6e5f3ab7021bd07cfcbbaf51b84301e5971
SHA1: e298add3ca1ad6063501cd1a6b7029f4e5be4c2a
MD5: 0d6b09e8ded8569b94bc181419a4b3db
M22-M1017Formbook_564ef895Windows This strike sends a malware sample known as Formbook. Formbook is an information stealer that attempts to collect sensitive information from the target.564ef895bb45e19d54814fe65bf9efa4https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
SHA256: e036c46d572d4eabd9c88402451bb052ef47505b6c1f2248d929d2b853a5c89f
SHA1: abc7596b370ed3d32be159c60b80186890285fba
MD5: 564ef895bb45e19d54814fe65bf9efa4