M22-M304d | Maze_64e4ae61 | Windows |
This strike sends a polymorphic malware sample known as Maze. Maze, also known as ChaCha, is ransomware not only known for encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult.The binary has random strings (lorem ipsum) appended at the end of the file. | 64e4ae61550c249b0d4dfb649baa64fc | https://blog.talosintelligence.com/2022/03/threat-roundup-0304-0311.htmlSHA256: 479bb7e83c554fe228f83d08fc8cc53babdb279765b7dfe80a35180d5c59864ahttps://attack.mitre.org/techniques/T1009/PARENTID: M22-M3033SSDEEP: 6144:jx0s5c9jrLrLrLZMEQ9V6wZqEZw0eNsd19pV50DEreNg/ydlb4fQ6wFMvMj:9MAwmMD/Ng6dNoQl+vSSHA1: 3aa040ce302d16034e1b11cb058f82004b8aca1eMD5: 64e4ae61550c249b0d4dfb649baa64fc |
M22-M3042 | Emotet_fb3a1577 | Windows |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | fb3a157718a1851fe9fccde52c5b7e11 | https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.htmlSHA256: 1b2954317be1391fc7f46739f70e58a88364176a19b03f087472c73c41c6f8fcSHA1: 31cd63c4f357ee63496ecb9f6c78c78cb6b33320MD5: fb3a157718a1851fe9fccde52c5b7e11 |
M22-M3057 | Emotet_ef569bb3 | Windows |
This strike sends a polymorphic malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.The binary has been packed using upx packer, with the default options. | ef569bb3d1670f0a4cbed0b8be1475fb | https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.htmlSHA256: c5ec9d2c7f1e19f26911ec06854656d6d274bc222f3e385ffe5787c49854789dhttps://attack.mitre.org/techniques/T1045/PARENTID: M22-M302fSSDEEP: 6144:aQn7MiqHIvbxAjNFsOiTfFk5BSywNPRkH+3D:aQ7MdHFjNFsfb+SywNIyDSHA1: a15ba707aac6edd209a9f015097b79cae5711d16MD5: ef569bb3d1670f0a4cbed0b8be1475fb |
M22-M3029 | Qakbot_906e7e71 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 906e7e7182eef7c85a0d3ebe8283ae36 | https://blog.talosintelligence.com/2022/03/threat-roundup-0318-0325.htmlSHA256: 2608b4e01cfd647dcc1b2690f63be9c4d22db47a9da3305ae8be563e2098b71eSHA1: a69ae9079c8328c4216c6c2b158325724acfee96MD5: 906e7e7182eef7c85a0d3ebe8283ae36 |
M22-M300d | Maze_314d2715 | Windows |
This strike sends a malware sample known as Maze. Maze, also known as ChaCha, is ransomware not only known for encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult. | 314d27152364f25a27b57456ee6af2ff | https://blog.talosintelligence.com/2022/03/threat-roundup-0304-0311.htmlSHA256: 734e20c760cffc9ab1f48064ba44c42f65e2a557308e215409e3d2cb580326d2SHA1: de154768279094afbb2df7652265d5aee11349c3MD5: 314d27152364f25a27b57456ee6af2ff |
M22-M3035 | Emotet_bd50c433 | Windows |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | bd50c4330c3b2288a7fc014c14eab7e6 | https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.htmlSHA256: 1a0476ed453a877ee6a756fb334ee843b7d5eeaf42a849045cebf1ae23688bc0SHA1: dbe4b2280fd8646ed6f4787253fc9b55a02ab7a8MD5: bd50c4330c3b2288a7fc014c14eab7e6 |
M22-M3037 | Qakbot_c6404685 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | c640468581a747f755c21a044bd30f77 | https://blog.talosintelligence.com/2022/03/threat-roundup-0318-0325.htmlSHA256: 2fafff6c8b26a0de2531150cb601111b0064f655c9bbba4ed9d7200172b04975SHA1: d518b3ef93557786dcb432a3eb1d4ec4402e5d00MD5: c640468581a747f755c21a044bd30f77 |
M22-M3058 | Emotet_fdb16564 | Windows |
This strike sends a polymorphic malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.The binary has random contents appended in one of the existing sections in the PE file format. | fdb16564b8d78cc7b97715394e958c64 | https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.htmlSHA256: 19af48f3d701f45e6f436f8eee2e15ff2efe9af2e078fc241e4ee0d37dd9d451https://arxiv.org/abs/1801.08917PARENTID: M22-M302fSSDEEP: 6144:1x8FPmWqwcz68XkgP+iJW8g/UcFqPm0iXc5n4MEP:eqw4jGi9wZnLXc5nxEPSHA1: a28f8ae4a367d2dc35bec81e3cb7e33fc0fc86fbMD5: fdb16564b8d78cc7b97715394e958c64 |
M22-M3020 | Emotet_70601b3d | Windows |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 70601b3dfc803b1f79e85989da8354ff | https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.htmlSHA256: 0787b3d94f969f9779f228f1009748a84592a014bda3681e1ce1d8db7db8ea44SHA1: d7021fce8f571ab1e99cbaa4a8c516524537b97cMD5: 70601b3dfc803b1f79e85989da8354ff |
M22-M3044 | CaddyWiper_01fe1c58 | Windows |
This strike sends a polymorphic malware sample known as CaddyWiper. CaddyWiper is a Ukraine targeted, relatively small in size wiper malware with the purpose of destroying all the contents of a system's drives. Before erasing these files it checks that the machine is not a domain controller, and if it is it will halt execution. If it is not a dc it will continue by wiping files on each drive on the system.The binary has random bytes appended at the end of the file. | 01fe1c580fdd0837b8119953689aa1ae | https://blog.talosintelligence.com/2022/03/threat-advisory-caddywiper.htmlSHA256: 7d3f4f9715150aeb92d1030a4b6018aa9cb37bc00a52819d09cc1e55c087043ehttps://attack.mitre.org/techniques/T1009/PARENTID: M22-M3015SSDEEP: 192:76f0CW5P2Io4evFrDv2ZRJzCn7URRsjVJaZFrz57T:76fPWl24evFrT2ZR5Cn7UR0VJoNz5fSHA1: ee0cfa1887fbe6d48f0cfe5d9e9fa1a7a220c7fbMD5: 01fe1c580fdd0837b8119953689aa1ae |
M22-M3024 | Liberator_876b71d3 | Windows |
This strike sends a malware sample known as Liberator. Liberator is malware distributed by the group known as disBalancer as a tool that offers users the ability to perform DDoS attacks against Russian propaganda websites in an effort to help Ukraine. However unknown to users, these files once downloaded infect the system with malware like info-stealers designed to dump credentials and cryptocurrency-related information. | 876b71d32631eb0980cf48e839566204 | https://blog.talosintelligence.com/2022/03/threat-advisory-cybercriminals.htmlSHA256: eca6a8e08b30d190a4956e417f1089bde8987aa4377ca40300eea99794d298d6SHA1: 6bf0b1b8a5a55ee7146ade30257c65b04922889cMD5: 876b71d32631eb0980cf48e839566204 |
M22-M3050 | Liberator_a177262e | Windows |
This strike sends a polymorphic malware sample known as Liberator. Liberator is malware distributed by the group known as disBalancer as a tool that offers users the ability to perform DDoS attacks against Russian propaganda websites in an effort to help Ukraine. However unknown to users, these files once downloaded infect the system with malware like info-stealers designed to dump credentials and cryptocurrency-related information.The binary has the timestamp field updated in the PE file header. | a177262efae98183e97bd29357c9aad2 | https://blog.talosintelligence.com/2022/03/threat-advisory-cybercriminals.htmlSHA256: d7e76137aa7d0c00cee3a07c9dde880ef65c97adee0b519884d6a1bbf23b511chttps://attack.mitre.org/techniques/T1099/PARENTID: M22-M301eSSDEEP: 98304:LNLN/quh1K8Hs46qTBG6J9gfDA5OCHxdWXAZWm5y1F/uMTMVWD/ML+dkYYvZN5eG:LT5c8HsWpJf0Qdo1DqMcN5efOSHA1: c6c813f56de3045c429c9c1349864371cd70c776MD5: a177262efae98183e97bd29357c9aad2 |
M22-M302b | Qakbot_9f45de46 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 9f45de469dd7fec59078d0fd0a76b033 | https://blog.talosintelligence.com/2022/03/threat-roundup-0318-0325.htmlSHA256: 0f8928f41391b40a1c440275689a59c9711d33bb29f8e333ebf02608a19f733cSHA1: ef3ef42f2eac8666c22bc3cc92004a82a42337f5MD5: 9f45de469dd7fec59078d0fd0a76b033 |
M22-M3009 | Qakbot_21745986 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 21745986c938cf7ce19211df7bc2217d | https://blog.talosintelligence.com/2022/03/threat-roundup-0318-0325.htmlSHA256: 168cb2f24c40ceaca3dd15347e2658f3e4aa69e0beb2759145204bcfb2e4b89bSHA1: 37320b814097db775e42983a800a3b6746dfdce3MD5: 21745986c938cf7ce19211df7bc2217d |
M22-M3017 | Qakbot_531911a3 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 531911a31393a80fc654597d2e7b3abb | https://blog.talosintelligence.com/2022/03/threat-roundup-0318-0325.htmlSHA256: 243ad378e3050fb1269c63045fec3fffe72ea391ef3c214541dc2a1ad4da35a2SHA1: 6dd255f5491a24c3bf0f5d2bfd6fe8c22ee3a60cMD5: 531911a31393a80fc654597d2e7b3abb |
M22-M3001 | Emotet_0333ae5d | Windows |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 0333ae5de2a0d61a36fcedfbbb28e977 | https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.htmlSHA256: 0a434fa279fc7895486b05c3a94d174f2343432cb876592306b0fc3fef0e69fcSHA1: 2505c222ede416ed915e699e1b3f6d822c726e8aMD5: 0333ae5de2a0d61a36fcedfbbb28e977 |
M22-M303e | Liberator_dd20876b | Windows |
This strike sends a malware sample known as Liberator. Liberator is malware distributed by the group known as disBalancer as a tool that offers users the ability to perform DDoS attacks against Russian propaganda websites in an effort to help Ukraine. However unknown to users, these files once downloaded infect the system with malware like info-stealers designed to dump credentials and cryptocurrency-related information. | dd20876bf25544aa55e0c3725103c666 | https://blog.talosintelligence.com/2022/03/threat-advisory-cybercriminals.htmlSHA256: 33e5d605c1c13a995d4a2d7cb9dca9facda4c97c1c7b41dc349cc756bfc0bd67SHA1: d00d689de9f35159188935d3bd93677c807ed655MD5: dd20876bf25544aa55e0c3725103c666 |
M22-M303b | Maze_d6e2396d | Windows |
This strike sends a malware sample known as Maze. Maze, also known as ChaCha, is ransomware not only known for encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult. | d6e2396df72ada10e2bbf0f48cb70462 | https://blog.talosintelligence.com/2022/03/threat-roundup-0304-0311.htmlSHA256: 18f03c65bf58549e8e230b8ef8595287fe51db0e5e411adfeaf261f87574543eSHA1: 27b1fa00a1a1edce9d2aa976aff216466042c930MD5: d6e2396df72ada10e2bbf0f48cb70462 |
M22-M3012 | Qakbot_412af7b4 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 412af7b412d0b758a78c788e48d480bd | https://blog.talosintelligence.com/2022/03/threat-roundup-0318-0325.htmlSHA256: 0b860e8a40437dabe41c89076fc54d472ef7841efef12464788a6cbd4c7739cfSHA1: 3a56e1c6e3935dbfb9cddd0db66a98c739cb3112MD5: 412af7b412d0b758a78c788e48d480bd |
M22-M3006 | Emotet_1d6b71de | Windows |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 1d6b71ded16731da9f674977017a1b46 | https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.htmlSHA256: 02675ec69c038e03b70cdeb79d8b770997f28f6384e41146a01890e220c09586SHA1: 54ca509b62098e40205b053b0efa99e2b420bf6cMD5: 1d6b71ded16731da9f674977017a1b46 |
M22-M3051 | Maze_b2e20c97 | Windows |
This strike sends a polymorphic malware sample known as Maze. Maze, also known as ChaCha, is ransomware not only known for encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult.The binary has random bytes appended at the end of the file. | b2e20c97cf72558517d227b7adaf8002 | https://blog.talosintelligence.com/2022/03/threat-roundup-0304-0311.htmlSHA256: 3b5d01f312ee84bde1d25f2911e2d019776422494c018e7c4ebcc5b1db70e78ahttps://attack.mitre.org/techniques/T1009/PARENTID: M22-M3033SSDEEP: 6144:jx0s5c9jrLrLrLZMEQ9V6wZqEZw0eNsd19pV50DEreNg/ydlb4fQ6wFMvM3:9MAwmMD/Ng6dNoQl+vWSHA1: b429a93362433628d8dd5c46dfb6f7522db7ed75MD5: b2e20c97cf72558517d227b7adaf8002 |
M22-M3026 | Qakbot_8a6837b6 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 8a6837b631b6b816867a216174b8a004 | https://blog.talosintelligence.com/2022/03/threat-roundup-0318-0325.htmlSHA256: 3ffd62eba858da0f4da41432a94857ec9b15169d4cef87e84509f2d47f179a7dSHA1: b338641db46c6cab344711a5498c8c76c5c1b5c3MD5: 8a6837b631b6b816867a216174b8a004 |
M22-M3003 | Qakbot_083ac8b9 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 083ac8b93aabdd9c11c15cc2e279d6f0 | https://blog.talosintelligence.com/2022/03/threat-roundup-0318-0325.htmlSHA256: 34738fa839fb1a46400c417d8f381c63e27b6eb9af7335de3560fb1c00d833d6SHA1: 45cc3477cb850cc7a190161251c2b24d1d2e357fMD5: 083ac8b93aabdd9c11c15cc2e279d6f0 |
M22-M301c | Emotet_5ee3d0bb | Windows |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 5ee3d0bb7042031785c185e3402f8298 | https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.htmlSHA256: 187356f3c7d0ac51f8b4392f84384b6203abcf323dacbc3149f374c3135a9439SHA1: ca4365e0fbce3041dec7f2803bb38ef31ed5e7bdMD5: 5ee3d0bb7042031785c185e3402f8298 |
M22-M3014 | CaddyWiper_42e2b6e4 | Windows |
This strike sends a malware sample known as CaddyWiper. CaddyWiper is a Ukraine targeted, relatively small in size wiper malware with the purpose of destroying all the contents of a system's drives. Before erasing these files it checks that the machine is not a domain controller, and if it is it will halt execution. If it is not a dc it will continue by wiping files on each drive on the system. | 42e2b6e4fba51ec71235e28ddff27a76 | https://blog.talosintelligence.com/2022/03/threat-advisory-caddywiper.htmlSHA256: 1e87e9b5ee7597bdce796490f3ee09211df48ba1d11f6e2f5b255f05cc0ba176SHA1: 4f3362ebac2503906179bd7c002f573886fa85a5MD5: 42e2b6e4fba51ec71235e28ddff27a76 |
M22-M302f | Emotet_ab6e5de9 | Windows |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | ab6e5de935d30d6ecedccf1296cd4ba8 | https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.htmlSHA256: 03c47580b274be16a91bca31ae9632f20e915fdb4e9f5b29d2714d1c629b30efSHA1: 136f5c26b1a3e5e0ed0009c0eb6f7d33b18366b4MD5: ab6e5de935d30d6ecedccf1296cd4ba8 |
M22-M3041 | Maze_f83cef2b | Windows |
This strike sends a malware sample known as Maze. Maze, also known as ChaCha, is ransomware not only known for encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult. | f83cef2bf33a4d43e58b771e81af3ecc | https://blog.talosintelligence.com/2022/03/threat-roundup-0304-0311.htmlSHA256: bba288819f375cbdd1a274609924aeba786e1d1b43065846a85e30bc998d9015SHA1: 12133b783cef924cbc2911deb11cba148d97dad4MD5: f83cef2bf33a4d43e58b771e81af3ecc |
M22-M3033 | Maze_b93616a1 | Windows |
This strike sends a malware sample known as Maze. Maze, also known as ChaCha, is ransomware not only known for encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult. | b93616a1ea4f4a131cc0507e6c789f94 | https://blog.talosintelligence.com/2022/03/threat-roundup-0304-0311.htmlSHA256: 2a6c602769ac15bd837f9ff390acc443d023ee62f76e1be8236dd2dd957eef3dSHA1: 0b97455143e682e818fc4a9b615f57349dc84894MD5: b93616a1ea4f4a131cc0507e6c789f94 |
M22-M300b | Qakbot_291b6ad9 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 291b6ad955a0d64fae7c9aafbef2ac5e | https://blog.talosintelligence.com/2022/03/threat-roundup-0318-0325.htmlSHA256: 26cb0a447ab1b430aa58713e13e8f4a8a40612862a710e8a11693119161b96e2SHA1: 2f964aed12de77782a27e197c89901afa32af801MD5: 291b6ad955a0d64fae7c9aafbef2ac5e |
M22-M300c | Maze_2dc7d46a | Windows |
This strike sends a malware sample known as Maze. Maze, also known as ChaCha, is ransomware not only known for encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult. | 2dc7d46a099972e5fabcaaea4cbcf3da | https://blog.talosintelligence.com/2022/03/threat-roundup-0304-0311.htmlSHA256: e70c6f64f28e594d0c3d751d1b0c3c3b8aebfbf581eb23b4fc72f1ccbd8c17cfSHA1: 07ac2dd21c9da8000b1f5d3ee92ad85e88acd888MD5: 2dc7d46a099972e5fabcaaea4cbcf3da |
M22-M3018 | Qakbot_53c3ad17 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 53c3ad170d9b83f584696e7f5507d7e3 | https://blog.talosintelligence.com/2022/03/threat-roundup-0318-0325.htmlSHA256: 4948ce48418a8478cfc87c488cc16bd9da27161d4e6bb48f61af8a4e028b2e34SHA1: 4a156d18d766549d57c3560b91f7f0f4ee1403d8MD5: 53c3ad170d9b83f584696e7f5507d7e3 |
M22-M301b | Qakbot_5e48d9b9 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 5e48d9b9341030080107f977b9ce9263 | https://blog.talosintelligence.com/2022/03/threat-roundup-0318-0325.htmlSHA256: 2857f7b66c7300d2c37a7ce9bdbd2ea16647f8b0c32b6a3eb78c62d0ff68cd27SHA1: af04cae5fe6db5648c1378bcb8e58303430f2995MD5: 5e48d9b9341030080107f977b9ce9263 |
M22-M3023 | Emotet_86c8733c | Windows |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 86c8733c7bbafc20abc4d91eab8faca5 | https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.htmlSHA256: 0bac57995899762116d754da07e22d8325b0925b0df8f2daf50a94b3e3c794bbSHA1: b352edd8de39b6efb98b3808187b27bca10ee347MD5: 86c8733c7bbafc20abc4d91eab8faca5 |
M22-M3048 | CaddyWiper_3d2ef2ef | Windows |
This strike sends a polymorphic malware sample known as CaddyWiper. CaddyWiper is a Ukraine targeted, relatively small in size wiper malware with the purpose of destroying all the contents of a system's drives. Before erasing these files it checks that the machine is not a domain controller, and if it is it will halt execution. If it is not a dc it will continue by wiping files on each drive on the system.The binary has been packed using upx packer, with the default options. | 3d2ef2ef006e37aa4e7aed84d33f243c | https://blog.talosintelligence.com/2022/03/threat-advisory-caddywiper.htmlSHA256: 1c67471f3a5b464084d841ee7e6711d79218069826d9823b81da3a2384dcd546https://attack.mitre.org/techniques/T1045/PARENTID: M22-M3015SSDEEP: 96:bOy+DusYEFJ1K9K3xY5tOEkfhsMwOXsuKiX+yq3TlBQ/rda8yP79ed8:iy+6XEsmEgSMwI1OTG8P7od8SHA1: b250ce153e5574417906229360d74a9d051ca09eMD5: 3d2ef2ef006e37aa4e7aed84d33f243c |
M22-M3010 | CaddyWiper_3a4b1c1f | Windows |
This strike sends a malware sample known as CaddyWiper. CaddyWiper is a Ukraine targeted, relatively small in size wiper malware with the purpose of destroying all the contents of a system's drives. Before erasing these files it checks that the machine is not a domain controller, and if it is it will halt execution. If it is not a dc it will continue by wiping files on each drive on the system. | 3a4b1c1f68811b38be74e99e572efae9 | https://blog.talosintelligence.com/2022/03/threat-advisory-caddywiper.htmlSHA256: f1e8844dbfc812d39f369e7670545a29efef6764d673038b1c3edd11561d6902SHA1: c22e17dd8f7b2687011cecc8b2208ceb6cf9b995MD5: 3a4b1c1f68811b38be74e99e572efae9 |
M22-M300f | Maze_35a4ba50 | Windows |
This strike sends a malware sample known as Maze. Maze, also known as ChaCha, is ransomware not only known for encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult. | 35a4ba50a7d6aac61fc36980a6153df2 | https://blog.talosintelligence.com/2022/03/threat-roundup-0304-0311.htmlSHA256: 33d489bbcc6f10df8c67eae9712d07c45ae7ca3d6405aa5814fa6edd7ae58181SHA1: e51368fbd2c00cb84b84ef65aad179848d9bd564MD5: 35a4ba50a7d6aac61fc36980a6153df2 |
M22-M3028 | Emotet_90198f7c | Windows |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 90198f7cc5a722554e939f84d8dcb97d | https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.htmlSHA256: 05502ebba659cc3b0a23127f8d79b68fdfe83902b20b382a5085910500b0a8d5SHA1: d1aa2be091baeb2580c2ab4c67abc4bd1c4224b4MD5: 90198f7cc5a722554e939f84d8dcb97d |
M22-M302a | Emotet_93835135 | Windows |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 938351350f6df43ec1aa024352175807 | https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.htmlSHA256: 061b23881e85763e3efb0085878a2a589a6e90e4b6f4b1c6e3da9c47c0f5862eSHA1: bb34150d0d71473778486d8f96417e3b66095b53MD5: 938351350f6df43ec1aa024352175807 |
M22-M303f | Qakbot_f0d0539e | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | f0d0539ec7c89476a77c629d03014694 | https://blog.talosintelligence.com/2022/03/threat-roundup-0318-0325.htmlSHA256: 27b35c7fc337526a7f714e02bced75985040905d8fb3c5d0744c35aee9932c4eSHA1: c0bb86aeb2fc7c733f37b3c93962b801e86fe3ecMD5: f0d0539ec7c89476a77c629d03014694 |
M22-M3053 | Liberator_cc720105 | Windows |
This strike sends a polymorphic malware sample known as Liberator. Liberator is malware distributed by the group known as disBalancer as a tool that offers users the ability to perform DDoS attacks against Russian propaganda websites in an effort to help Ukraine. However unknown to users, these files once downloaded infect the system with malware like info-stealers designed to dump credentials and cryptocurrency-related information.The binary has random bytes appended at the end of the file. | cc7201057f28437d8c1d32deb8bcf4b7 | https://blog.talosintelligence.com/2022/03/threat-advisory-cybercriminals.htmlSHA256: 5d0405ecb8b3f93965a166d94d153965c77524acdfa3b652b49d023868f9a506https://attack.mitre.org/techniques/T1009/PARENTID: M22-M301eSSDEEP: 98304:5NLN/quh1K8Hs46qTBG6J9gfDA5OCHxdWXAZWm5y1F/uMTMVWD/ML+dkYYvZN5e5:5T5c8HsWpJf0Qdo1DqMcN5efRSHA1: 9931eb305da5ab395e67c870b6bcd8f189ee9f82MD5: cc7201057f28437d8c1d32deb8bcf4b7 |
M22-M304f | Emotet_9be366b8 | Windows |
This strike sends a polymorphic malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.The binary has random strings (lorem ipsum) appended at the end of the file. | 9be366b807f0599182773345a95fa466 | https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.htmlSHA256: f1fa355481e88c81794497293bff6c7fde5b057cb641823c48711a77f42db4dehttps://attack.mitre.org/techniques/T1009/PARENTID: M22-M302fSSDEEP: 6144:1x8FPmWqwcz68XkgP+iUW8g/UcFqPm0iXc5n4MEPA:eqw4jGiCwZnLXc5nxEPASHA1: 32d579e3abb7138d80c398d5a099b980f9acfa8aMD5: 9be366b807f0599182773345a95fa466 |
M22-M301e | Liberator_62b9e5b4 | Windows |
This strike sends a malware sample known as Liberator. Liberator is malware distributed by the group known as disBalancer as a tool that offers users the ability to perform DDoS attacks against Russian propaganda websites in an effort to help Ukraine. However unknown to users, these files once downloaded infect the system with malware like info-stealers designed to dump credentials and cryptocurrency-related information. | 62b9e5b4b36511838fc8960202a88d45 | https://blog.talosintelligence.com/2022/03/threat-advisory-cybercriminals.htmlSHA256: f297c69795af08fd930a3d181ac78df14d79e30ba8b802666605dbc66dffd994SHA1: 2d71fedd9644bfe8437137b3e4b98d915cc5cfbbMD5: 62b9e5b4b36511838fc8960202a88d45 |
M22-M3032 | Maze_b9078b6d | Windows |
This strike sends a malware sample known as Maze. Maze, also known as ChaCha, is ransomware not only known for encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult. | b9078b6db33deb83201c8d2cbb3ced4e | https://blog.talosintelligence.com/2022/03/threat-roundup-0304-0311.htmlSHA256: 8e2e8b266bf451bce36445ef9fe0284f2d171518b61ed4dc2e025799c7949e6eSHA1: f4767c509c5c6b5b0ba97931f810bbf8a4d3e02bMD5: b9078b6db33deb83201c8d2cbb3ced4e |
M22-M3002 | Maze_07ba093c | Windows |
This strike sends a malware sample known as Maze. Maze, also known as ChaCha, is ransomware not only known for encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult. | 07ba093cb068d944bb37d2818313bd22 | https://blog.talosintelligence.com/2022/03/threat-roundup-0304-0311.htmlSHA256: 981546610644efa23bf9322dd96ccb008278135689866cb54cb027de74496a3aSHA1: 94e366da598bd5458becff39be0125248ef93049MD5: 07ba093cb068d944bb37d2818313bd22 |
M22-M3027 | Emotet_8dde30a4 | Windows |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 8dde30a43ef9d22ec22c1d7bcec31b20 | https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.htmlSHA256: 1b8a701233084c541ad5988667ce83c36e03d102742b13d24240f00b7183d6f8SHA1: 383a6d0b3588e9ee123f50c63028216336caeb62MD5: 8dde30a43ef9d22ec22c1d7bcec31b20 |
M22-M3013 | Emotet_42a50d33 | Windows |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 42a50d33c68d817c700f1bbbb79b6c83 | https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.htmlSHA256: 01de908c657aeb4f521632b035316d3f85ffce8dd16186e9d37798a8fd50492bSHA1: 5445c9b2b58ae49fbab546862667d592a162ee06MD5: 42a50d33c68d817c700f1bbbb79b6c83 |
M22-M3056 | Liberator_ee1b1be4 | Windows |
This strike sends a polymorphic malware sample known as Liberator. Liberator is malware distributed by the group known as disBalancer as a tool that offers users the ability to perform DDoS attacks against Russian propaganda websites in an effort to help Ukraine. However unknown to users, these files once downloaded infect the system with malware like info-stealers designed to dump credentials and cryptocurrency-related information.The binary has random strings (lorem ipsum) appended at the end of the file. | ee1b1be464867edc5e847b3f219ab85b | https://blog.talosintelligence.com/2022/03/threat-advisory-cybercriminals.htmlSHA256: 73f9ff8432d5e142b83de527d1b49016c2009435c335dfb7be8a90dd13ba3d46https://attack.mitre.org/techniques/T1009/PARENTID: M22-M301eSSDEEP: 98304:5NLN/quh1K8Hs46qTBG6J9gfDA5OCHxdWXAZWm5y1F/uMTMVWD/ML+dkYYvZN5en:5T5c8HsWpJf0Qdo1DqMcN5effSHA1: 71f0649789c88b8d1c3bc0ae9743b7071ee94374MD5: ee1b1be464867edc5e847b3f219ab85b |
M22-M304a | Emotet_5870c54f | Windows |
This strike sends a polymorphic malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.The binary has the checksum removed in the PE file format. | 5870c54fd187968c3c347703bd59ab1d | https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.htmlSHA256: 8132d011e0a7d5d0e629431215a65ccea952beb2d564cfd26116831d281b1cdbhttps://arxiv.org/abs/1801.08917PARENTID: M22-M302fSSDEEP: 6144:Ax8FPmWqwcz68XkgP+iJW8g/UcFqPm0iXc5n4MEP:rqw4jGi9wZnLXc5nxEPSHA1: 03af3f809635eb6038a6e9e28f77156190b5e29cMD5: 5870c54fd187968c3c347703bd59ab1d |
M22-M303c | Qakbot_da3b944d | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | da3b944da04513346d8eded4304fefc1 | https://blog.talosintelligence.com/2022/03/threat-roundup-0318-0325.htmlSHA256: 4dc3983e5af920472c15e49dcdc3437c5ac389c3a6a1e14d560a38bc4c9f8ac5SHA1: 639f67954fa48ce5431204d8edc4d6d83687a3acMD5: da3b944da04513346d8eded4304fefc1 |
M22-M304b | Liberator_5acdd854 | Windows |
This strike sends a polymorphic malware sample known as Liberator. Liberator is malware distributed by the group known as disBalancer as a tool that offers users the ability to perform DDoS attacks against Russian propaganda websites in an effort to help Ukraine. However unknown to users, these files once downloaded infect the system with malware like info-stealers designed to dump credentials and cryptocurrency-related information.The binary has the checksum removed in the PE file format. | 5acdd8541c6085cd0dc03670bb4cf157 | https://blog.talosintelligence.com/2022/03/threat-advisory-cybercriminals.htmlSHA256: 3f911ee30ca7031266245c01829eda08e5416495c21465c1ab8785b6e1c61b06https://arxiv.org/abs/1801.08917PARENTID: M22-M301eSSDEEP: 98304:RNLN/quh1K8Hs46qTBG6J9gfDA5OCHxdWXAZWm5y1F/uMTMVWD/ML+dkYYvZN5eG:RT5c8HsWpJf0Qdo1DqMcN5efOSHA1: 42a7651f5da4c34b54fd16dc62178ab325a9498aMD5: 5acdd8541c6085cd0dc03670bb4cf157 |
M22-M3047 | CaddyWiper_1dc1b969 | Windows |
This strike sends a polymorphic malware sample known as CaddyWiper. CaddyWiper is a Ukraine targeted, relatively small in size wiper malware with the purpose of destroying all the contents of a system's drives. Before erasing these files it checks that the machine is not a domain controller, and if it is it will halt execution. If it is not a dc it will continue by wiping files on each drive on the system.The binary has random strings (lorem ipsum) appended at the end of the file. | 1dc1b96929eda836f0461b13b23ef173 | https://blog.talosintelligence.com/2022/03/threat-advisory-caddywiper.htmlSHA256: 3681f9936b9b50d347ad8f5abe744ddda139acadb23b59fd0dcb0acd659fda28https://attack.mitre.org/techniques/T1009/PARENTID: M22-M3015SSDEEP: 192:76f0CW5P2Io4evFrDv2ZRJzCn7URRsjVJaZFUbU:76fPWl24evFrT2ZR5Cn7UR0VJoIUSHA1: d828b29b3341b45f5cbc008a3a2a3216e8591de5MD5: 1dc1b96929eda836f0461b13b23ef173 |
M22-M3036 | Qakbot_c378ead9 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | c378ead9fe62c17f0124b12246d9057b | https://blog.talosintelligence.com/2022/03/threat-roundup-0318-0325.htmlSHA256: 2f42bc6da8bc81d3aec30cf848a14b9a2f473213cce86d99afee302e37e95f1bSHA1: 0b0f8467da75fd5eb9c1d89a080ab806bb9ac704MD5: c378ead9fe62c17f0124b12246d9057b |
M22-M3008 | Emotet_2082c7d3 | Windows |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 2082c7d38e1a7296dd6c49582d1c5fd0 | https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.htmlSHA256: 033bee773cc102d1d4ae1d72c2599154405865a52a8afb6a66c2d8cb456d0b00SHA1: 2b461c21ac1a212fac606657f0bfc8873c685269MD5: 2082c7d38e1a7296dd6c49582d1c5fd0 |
M22-M3038 | Emotet_ca12d7e7 | Windows |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | ca12d7e789a88651cb742f0f5dc41e11 | https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.htmlSHA256: 106d339edea1338ecb20ac2c3453208b05c5c5891a079d15a7d4d1a4ee21b3eaSHA1: 0ed3e3901457169e361ec748677bb3114dfc2ee6MD5: ca12d7e789a88651cb742f0f5dc41e11 |
M22-M3021 | Emotet_777fb72a | Windows |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 777fb72a680ea2ccb37c6d98d4ae427c | https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.htmlSHA256: 04834495862eb040ca9ab450f27b5530bcedaaa472973d7ea50f0f8343e27a98SHA1: 288a2fee861650576b6be7c74e9806338c711282MD5: 777fb72a680ea2ccb37c6d98d4ae427c |
M22-M301f | Qakbot_6a65ec4b | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 6a65ec4b09b37ebdedfee5d38ffa1cbe | https://blog.talosintelligence.com/2022/03/threat-roundup-0318-0325.htmlSHA256: 0aaca0bbf56e8fc19ba0265a7a36485e92e7a039748f291d21c6ab1797f52a40SHA1: 2c1789dfee94981eef8ad2a3da17f6a4bf1d8df4MD5: 6a65ec4b09b37ebdedfee5d38ffa1cbe |
M22-M3007 | Maze_1d746808 | Windows |
This strike sends a malware sample known as Maze. Maze, also known as ChaCha, is ransomware not only known for encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult. | 1d74680891b4955ff98287f689d23016 | https://blog.talosintelligence.com/2022/03/threat-roundup-0304-0311.htmlSHA256: fda037a68cb707b4609ae9d9f609ac73a3a2a53f279840983d1131eb04b5da9fSHA1: 7a297b8a73f34d9600e0942b9e79ea03825d43bcMD5: 1d74680891b4955ff98287f689d23016 |
M22-M3011 | CaddyWiper_3bac736d | Windows |
This strike sends a malware sample known as CaddyWiper. CaddyWiper is a Ukraine targeted, relatively small in size wiper malware with the purpose of destroying all the contents of a system's drives. Before erasing these files it checks that the machine is not a domain controller, and if it is it will halt execution. If it is not a dc it will continue by wiping files on each drive on the system. | 3bac736dfc996976ebd089338cf38c8b | https://blog.talosintelligence.com/2022/03/threat-advisory-caddywiper.htmlSHA256: ea6a416b320f32261da8dafcf2faf088924f99a3a84f7b43b964637ea87aef72SHA1: fc11fb670300addfd203da826c3d0c7b8b8efe24MD5: 3bac736dfc996976ebd089338cf38c8b |
M22-M3046 | Maze_15b1551e | Windows |
This strike sends a polymorphic malware sample known as Maze. Maze, also known as ChaCha, is ransomware not only known for encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult.The binary has the checksum removed in the PE file format. | 15b1551e3f04415a74af35e5313288c0 | https://blog.talosintelligence.com/2022/03/threat-roundup-0304-0311.htmlSHA256: 564ff414db83e5a27f8f68008f7921ff10ec4bc83a9fae3c22068e81cde9c55chttps://arxiv.org/abs/1801.08917PARENTID: M22-M3033SSDEEP: 6144:Hx0s5c9jrLrLrLZMEQ9V6wZqEZw0eNsd19pV50DEreNg/ydlb4fQ6wFMvM:hMAwmMD/Ng6dNoQl+vSHA1: 1fd8a54f0dd516881ee42da3a3e8baf84f9f558fMD5: 15b1551e3f04415a74af35e5313288c0 |
M22-M3059 | Emotet_4c5d5d22 | Windows |
This strike sends a polymorphic malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.The binary has the timestamp field updated in the PE file header. | 4c5d5d22aeec6ef3e98136bd9d3e20ec | https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.htmlSHA256: 51233902a12d1b581816b0098b65fec7c568c050da69c0ef35869af572cedd03https://attack.mitre.org/techniques/T1099/PARENTID: M22-M302fSSDEEP: 6144:mx8FPmWqwcz68XkgP+iUW8g/UcFqPm0iXc5n4MEP5:pqw4jGiCwZnLXc5nxEP5SHA1: de6399f24c410bd297f17aaab7416aab7637aa9dMD5: 4c5d5d22aeec6ef3e98136bd9d3e20ec |
M22-M302e | Qakbot_aaf9db74 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | aaf9db74093b270f8742864361ba3a45 | https://blog.talosintelligence.com/2022/03/threat-roundup-0318-0325.htmlSHA256: 44d28956c8ca91b1a81492faa9f8358e543441642bb8be7d1d17c5bb3bc8c69fSHA1: f9921915af95beea1ff4971617c23d89d8b7d32cMD5: aaf9db74093b270f8742864361ba3a45 |
M22-M3015 | CaddyWiper_42e52b8d | Windows |
This strike sends a malware sample known as CaddyWiper. CaddyWiper is a Ukraine targeted, relatively small in size wiper malware with the purpose of destroying all the contents of a system's drives. Before erasing these files it checks that the machine is not a domain controller, and if it is it will halt execution. If it is not a dc it will continue by wiping files on each drive on the system. | 42e52b8daf63e6e26c3aa91e7e971492 | https://blog.talosintelligence.com/2022/03/threat-advisory-caddywiper.htmlSHA256: a294620543334a721a2ae8eaaf9680a0786f4b9a216d75b55cfd28f39e9430eaSHA1: 98b3fb74b3e8b3f9b05a82473551c5a77b576d54MD5: 42e52b8daf63e6e26c3aa91e7e971492 |
M22-M300a | Maze_2332f770 | Windows |
This strike sends a malware sample known as Maze. Maze, also known as ChaCha, is ransomware not only known for encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult. | 2332f770b014f21bcc63c7bee50d543a | https://blog.talosintelligence.com/2022/03/threat-roundup-0304-0311.htmlSHA256: 1156e9951df46c4854cf9bc5bb96101b0b923c4e10adcffc286a0a1078fcb3daSHA1: 21ef6f89c9604acdd15ec430343ada05640cb869MD5: 2332f770b014f21bcc63c7bee50d543a |
M22-M303d | Emotet_dbf37811 | Windows |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | dbf378111040a4cdbfea91d8743c332d | https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.htmlSHA256: 18f7b09aeacae25461f2ec4a5253da88cc406efd221dbbbe09c36a1d63bbba9cSHA1: 8909eb1a17a45354ee77fab24b224eb42dc723cdMD5: dbf378111040a4cdbfea91d8743c332d |
M22-M3043 | Qakbot_fc1fdfb4 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | fc1fdfb4cdda0f41bfb255359e442568 | https://blog.talosintelligence.com/2022/03/threat-roundup-0318-0325.htmlSHA256: 3a4c1d7cd0e016297101037c66f79f3cacae073b1d9e695d5a41ed9d26062132SHA1: 20209fce5f296e25d5b829312169b85ab9674cecMD5: fc1fdfb4cdda0f41bfb255359e442568 |
M22-M303a | Qakbot_d647b7bb | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | d647b7bb5d864949249f51d1a7927b47 | https://blog.talosintelligence.com/2022/03/threat-roundup-0318-0325.htmlSHA256: 290280575775ab86cd5e1e568148049969fd2acc258a9c70ce288e31728d9211SHA1: 5f91d19d7c065a6af2cd633d0416c110056a0881MD5: d647b7bb5d864949249f51d1a7927b47 |
M22-M304c | Maze_5f1ca1b1 | Windows |
This strike sends a polymorphic malware sample known as Maze. Maze, also known as ChaCha, is ransomware not only known for encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult.The binary has a random section name renamed according to the PE format specification. | 5f1ca1b153a69bdb23c814540ba0000d | https://blog.talosintelligence.com/2022/03/threat-roundup-0304-0311.htmlSHA256: 0d4c086b8b4ec20cd53c67467720281795a7308066bf843d4e631a96ae6d8cb5https://arxiv.org/abs/1801.08917PARENTID: M22-M3033SSDEEP: 6144:Ux0s5c9jrLrLrLZMEQ9V6wZqEZw0eNsd19pV50DEreNg/ydlb4fQ6wFMvM:UMAwmMD/Ng6dNoQl+vSHA1: edb14023dcc4cccba892ae301c4228ede4aae6b8MD5: 5f1ca1b153a69bdb23c814540ba0000d |
M22-M3022 | Maze_7f152df4 | Windows |
This strike sends a malware sample known as Maze. Maze, also known as ChaCha, is ransomware not only known for encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult. | 7f152df418bbb484337fc8ed1383b27d | https://blog.talosintelligence.com/2022/03/threat-roundup-0304-0311.htmlSHA256: ac457fc7c907ca04a4aa2e243d4b5120c58d338b44771c84e0d282d625d463a0SHA1: fc433e7db24eb38690746575375d9890457e6711MD5: 7f152df418bbb484337fc8ed1383b27d |
M22-M3040 | Maze_f190f9be | Windows |
This strike sends a malware sample known as Maze. Maze, also known as ChaCha, is ransomware not only known for encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult. | f190f9be2a9e5fca00029676722f3e78 | https://blog.talosintelligence.com/2022/03/threat-roundup-0304-0311.htmlSHA256: 585a23ba498d842a1087b164dfe4e325d7fb41d83bf84bf6256737df68c5fcafSHA1: 67b29dbade9e75b1735a1b81eacf82935d07051fMD5: f190f9be2a9e5fca00029676722f3e78 |
M22-M304e | Maze_7fdff4b0 | Windows |
This strike sends a polymorphic malware sample known as Maze. Maze, also known as ChaCha, is ransomware not only known for encrypting files on the targeted system but for releasing stolen victim information to the public if the ransom is not paid. The ransomware has been delivered via several methods including exploits kits, remote desktop connections and phishing emails. This malware also utilizes many anti reversing and analysis features that make examining it much more difficult.The binary has been packed using upx packer, with the default options. | 7fdff4b02371ce3739f8e47f97ad8568 | https://blog.talosintelligence.com/2022/03/threat-roundup-0304-0311.htmlSHA256: 05664b902cd019d230816444e1f086ba7cec2c5947ed49763287dfa568587735https://attack.mitre.org/techniques/T1045/PARENTID: M22-M3033SSDEEP: 6144:IUcefi4m/hXJdvBqptg9vQXgEfbaOylBz9iMWGnxfOh:NfirJJBqptvtfeOeBzsM1fOSHA1: c04a4f5bb9e09830c5881dcd5abdd21fc606b6d3MD5: 7fdff4b02371ce3739f8e47f97ad8568 |
M22-M3005 | Emotet_1a6995e8 | Windows |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 1a6995e8668456e77f554af0dc360b7f | https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.htmlSHA256: 11570acaf889061defb63717564fbb5b12e1df19a1ec09277939de2cf9c2de65SHA1: cc5a87176107a47a4f71bb890209afd230242f3dMD5: 1a6995e8668456e77f554af0dc360b7f |
M22-M3004 | Qakbot_1330fdb5 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 1330fdb5121c445cb1bad6a2d04df63e | https://blog.talosintelligence.com/2022/03/threat-roundup-0318-0325.htmlSHA256: 4c70f64526f28d74ba969e89577ba242e12acf141a8bc0a96bc9e7dd33eadcfaSHA1: 485209a850213cfe52324658efc7066db78378dcMD5: 1330fdb5121c445cb1bad6a2d04df63e |
M22-M3054 | Liberator_d60e2151 | Windows |
This strike sends a polymorphic malware sample known as Liberator. Liberator is malware distributed by the group known as disBalancer as a tool that offers users the ability to perform DDoS attacks against Russian propaganda websites in an effort to help Ukraine. However unknown to users, these files once downloaded infect the system with malware like info-stealers designed to dump credentials and cryptocurrency-related information.The binary has a random section name renamed according to the PE format specification. | d60e2151cc438b1c6378d23aedd7f3b1 | https://blog.talosintelligence.com/2022/03/threat-advisory-cybercriminals.htmlSHA256: 04ed4e243093e7b0d3bf91c217c349b38235f1a82ea55ed694df1427b0beb30ahttps://arxiv.org/abs/1801.08917PARENTID: M22-M301eSSDEEP: 98304:jNLN/quh1K8Hs46qTBG6J9gfDA5OCHxdWXAZWm5y1F/uMTMVWD/ML+dkYYvZN5eG:jT5c8HsWpJf0Qdo1DqMcN5efOSHA1: 838090fc0c254127a612b6758226d48c79144089MD5: d60e2151cc438b1c6378d23aedd7f3b1 |
M22-M3039 | Emotet_cefea1e3 | Windows |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | cefea1e3ce55f515d59c388b3ec1407c | https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.htmlSHA256: 1a5144a47a46d376e1b2cd4e9fa293242e8e450357f0a46382b4219b440b4037SHA1: f4a478b2ef098a1312bd8575536594cacfbc021dMD5: cefea1e3ce55f515d59c388b3ec1407c |
M22-M3030 | Qakbot_b0ffde08 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | b0ffde08f15d2543caf52fc8863efbca | https://blog.talosintelligence.com/2022/03/threat-roundup-0318-0325.htmlSHA256: 2afe6f6d4dc8faa0eafc030f53e278fb5c0ea925681e6c3a74514662fd105774SHA1: 4de3e5e1abd7b6a2eb5116cda8baccd78d99abb5MD5: b0ffde08f15d2543caf52fc8863efbca |
M22-M3045 | Emotet_1034405a | Windows |
This strike sends a polymorphic malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.The binary has the debug flag removed in the PE file format. | 1034405a7a4f24541844597170e8467f | https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.htmlSHA256: 3437536e7dd517bb69f29ac2e28fd2b0cf158d10022ef90c62c5e6fa67391a1chttps://arxiv.org/abs/1801.08917PARENTID: M22-M302fSSDEEP: 6144:rx8FPmWqwcz68XkgP+iJW8g/UcFqPm0iXc5n4MEP:Mqw4jGi9wZnLXc5nxEPSHA1: 832a9e2413cf2e5f398f0f49a017fbfc7e1441d5MD5: 1034405a7a4f24541844597170e8467f |
M22-M301a | Liberator_5c0693ed | Mixed |
This strike sends a malware sample known as Liberator. Liberator is malware distributed by the group known as disBalancer as a tool that offers users the ability to perform DDoS attacks against Russian propaganda websites in an effort to help Ukraine. However unknown to users, these files once downloaded infect the system with malware like info-stealers designed to dump credentials and cryptocurrency-related information. | 5c0693ed5953c01ccf046b8a9461efa3 | https://blog.talosintelligence.com/2022/03/threat-advisory-cybercriminals.htmlSHA256: 705380e21e1a27b7302637ae0e94ab37c906056ccbf06468e1d5ad63327123f9SHA1: 24c748f725358f8559cc4295c52f0476ba911c5cMD5: 5c0693ed5953c01ccf046b8a9461efa3 |
M22-M300e | Qakbot_32608fee | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 32608fee5f14e3733f1367a95abcf569 | https://blog.talosintelligence.com/2022/03/threat-roundup-0318-0325.htmlSHA256: 06b6236e6e96179c2bc7ee424225a4a4cde9aa5e231478f21c8589d18dbd6783SHA1: 05b76b372ec3593b9f606557a29eedc6e140b624MD5: 32608fee5f14e3733f1367a95abcf569 |
M22-M3055 | CaddyWiper_da4ae5cf | Windows |
This strike sends a polymorphic malware sample known as CaddyWiper. CaddyWiper is a Ukraine targeted, relatively small in size wiper malware with the purpose of destroying all the contents of a system's drives. Before erasing these files it checks that the machine is not a domain controller, and if it is it will halt execution. If it is not a dc it will continue by wiping files on each drive on the system.The binary has random contents appended in one of the existing sections in the PE file format. | da4ae5cf38e4cef1113a7acc04830d2d | https://blog.talosintelligence.com/2022/03/threat-advisory-caddywiper.htmlSHA256: f427055854e6f1544658e86d48656f256e7510fc9a762ca81b019b5c49ac7563https://arxiv.org/abs/1801.08917PARENTID: M22-M3015SSDEEP: 192:76f0CW5P2Io4evFrDv2ZRJzCn7URRsjVJaZa:76fPWl24evFrT2ZR5Cn7UR0VJoSHA1: 40f5cd9b177ca595f958178a99d9153724ca5918MD5: da4ae5cf38e4cef1113a7acc04830d2d |
M22-M302d | Emotet_a30ba05c | Windows |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | a30ba05c61d91c62087ef7bbbb054f50 | https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.htmlSHA256: 0171757dc2cb9afa28bcaa4b9dd5b0171f48aecaf7de49ac2d2c0b38bb525d9eSHA1: 363ba0fc5fa58b8c6ce659855582a28c96b8b7a5MD5: a30ba05c61d91c62087ef7bbbb054f50 |
M22-M3025 | Emotet_87ef8852 | Windows |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 87ef88526bb7178f95a43099a8225dd0 | https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.htmlSHA256: 112b0ad9bc9668209f119ced4722a79477e54cd360b903d5288d19fce336ce9cSHA1: b4964852435a0d10b3ba911a02816c86231a829cMD5: 87ef88526bb7178f95a43099a8225dd0 |
M22-M3016 | Emotet_4b9584ee | Windows |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 4b9584eec0429d422bca4eb61e3acd5e | https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.htmlSHA256: 0cd18237a5a63c83bfb05aa547c4ad56d1e0a0151a469b0771eaa1ff79312a77SHA1: 37c9c0a572b3e748ca5322ebc5298b7953804294MD5: 4b9584eec0429d422bca4eb61e3acd5e |
M22-M3052 | CaddyWiper_b8da675f | Windows |
This strike sends a polymorphic malware sample known as CaddyWiper. CaddyWiper is a Ukraine targeted, relatively small in size wiper malware with the purpose of destroying all the contents of a system's drives. Before erasing these files it checks that the machine is not a domain controller, and if it is it will halt execution. If it is not a dc it will continue by wiping files on each drive on the system.The binary has a random section name renamed according to the PE format specification. | b8da675f41ea93ea27c76db661bc095d | https://blog.talosintelligence.com/2022/03/threat-advisory-caddywiper.htmlSHA256: 17528161d75d5c13b9a35bd523a1f4f36cb9554dcc2cc609755107f55b1cd45bhttps://arxiv.org/abs/1801.08917PARENTID: M22-M3015SSDEEP: 192:t6f0CW5P2Io4evFrDv2ZRJzCn7URRsjVJaZF:t6fPWl24evFrT2ZR5Cn7UR0VJoSHA1: 92bfaca3eddc06df24ae768793a07da10e7ca71aMD5: b8da675f41ea93ea27c76db661bc095d |
M22-M301d | Qakbot_5f428832 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 5f4288328492c707e1d6398224417a27 | https://blog.talosintelligence.com/2022/03/threat-roundup-0318-0325.htmlSHA256: 20839bc89ca241bcd77ea69a2e36e40d7c1bd0dd91952502de8cd1db6fe771e1SHA1: 1af7047a115c1d098d3d5e1ea82580d7ea79b606MD5: 5f4288328492c707e1d6398224417a27 |
M22-M3049 | Emotet_498307c2 | Windows |
This strike sends a polymorphic malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.The binary has a random section name renamed according to the PE format specification. | 498307c24d3857a0300974df6787faf0 | https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.htmlSHA256: 290ea40d13a7cdd44b2a177fdf3e3bc617eb3a376e31d9fc933ea225515c7f23https://arxiv.org/abs/1801.08917PARENTID: M22-M302fSSDEEP: 6144:2x8FPmWqwcz68XkgP+iUW8g/UcFqPm0iXc5n4MEP5:Zqw4jGiCwZnLXc5nxEP5SHA1: 70522fffdfaea8602cb5924d5ab51fa0e3fdf8ffMD5: 498307c24d3857a0300974df6787faf0 |
M22-M302c | Qakbot_a290eda0 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | a290eda0a5a565042e2019ddc51610e9 | https://blog.talosintelligence.com/2022/03/threat-roundup-0318-0325.htmlSHA256: 57b45bf71364f9f885bab3a7a1f6ccdbb60dc24c6a4d2d71a6af59954cb6d390SHA1: 8d7693c8c62bbe122035c046d38f438393ca65c3MD5: a290eda0a5a565042e2019ddc51610e9 |
M22-M3034 | Emotet_b9c7ae5b | Windows |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | b9c7ae5b0efad2fb73c47cb81c52d729 | https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.htmlSHA256: 0970728c25babd07c157ef0bc965118df879161379c27bace0acbdd9f08ee1d6SHA1: 035a83d69af8d997215a2c369e6ae8edc74753b3MD5: b9c7ae5b0efad2fb73c47cb81c52d729 |
M22-M3031 | Emotet_b6c73e75 | Windows |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | b6c73e75e309ca965c41e0d063224add | https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.htmlSHA256: 18ae9f8ea5ef2e4272d574569d31208d327207611d5919496352eea444514e69SHA1: 91e9e9092dc1c1c43ce67be784f7b33b67670644MD5: b6c73e75e309ca965c41e0d063224add |
M22-M3019 | Emotet_5ba6287e | Windows |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 5ba6287e4ade00a379c143507cb72822 | https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.htmlSHA256: 0462f02bb4a67c54bc158b56586bad32ede3c57edee988a4f5179b41111283cbSHA1: 79a35ed15a60037a0fbf5a208fd8bb8de4f7429eMD5: 5ba6287e4ade00a379c143507cb72822 |