M21-fd7z1 | Expiro_34c50d3b | Mixed |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | 34c50d3baf3bfdc586c0a5127f2d1199 | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 3d2cdbe5cd494a6ef592f20dd73c873036ea0350aea3d954f7774c372ed9a1b3SHA1: 83874bf68bb617bdfb34ef6dad91cd366c84719bMD5: 34c50d3baf3bfdc586c0a5127f2d1199 |
M21-rwly1 | Dofoil_1301e933 | Mixed |
This strike sends a malware sample known as Dofoil. Dofoil also known as SmokeLoader is typicall used to download and execute various other malware. It has been associated with dropping and executing coin miners that mine cryptocurrency. | 1301e933ffd26d973e2d92726a5cb165 | https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.htmlSHA256: 1df87baeeac67f7eadf3875c0a12a610ec21b285e6b6be97bc0c6969b33277e7SHA1: b15df6958f1f19ea62df0c4a3eb31b0c4142e9e4MD5: 1301e933ffd26d973e2d92726a5cb165 |
M21-sup11 | Trickbot_09277e8a | Mixed |
This strike sends a polymorphic malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.The binary has been packed using upx packer, with the default options. | 09277e8a44f4688f77dd958bb22d4380 | https://attack.mitre.org/techniques/T1045/SHA256: 228da49149bb63a53c1fd38daf6fe22c1770c02d747c9dd09b47c31bb7311804SHA1: ce6d6e08f36c64bd3b5219671f811541e3fce4a9PARENTID: M21-7qla1SSDEEP: 6144:O0ek78425ufcfIYHM/egni+yKxLMxy2VsZd1npQk/vZdo398f20:O0ek78NufcfbbKxLMxyd1nNvZ+uf20MD5: 09277e8a44f4688f77dd958bb22d4380 |
M21-wu8j1 | Bifrost_88918aa9 | Mixed |
This strike sends a malware sample known as Bifrost. Bifrost is a backdoor that allows a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. It contains standard Remote Access Trojan capabilities including taking screenshots, camera monitoring, and keylogging. | 88918aa93a7020accbf4cd82147f2d1d | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 0bbf08d0cda307470313eb0df62a3d98fcad269eb91a36560ced7dd2932ecd50SHA1: 0017adffb17c14c5eb58b5be3d134818a21083e5MD5: 88918aa93a7020accbf4cd82147f2d1d |
M21-n28c1 | Expiro_4458b006 | Mixed |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | 4458b00653b951bc82cb9e7319a287fd | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 16717154e740e73113cab232a58600906dd96c0c1b4847c04b534ce0976f3445SHA1: 59ca5591fdaac0252b3e76844a8b79afb48adfdcMD5: 4458b00653b951bc82cb9e7319a287fd |
M21-5le11 | Trickbot_3e4fdfbb | Mixed |
This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 3e4fdfbb216a4919534246f749aab839 | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: 4af6c2550d9aa636c26f169479043bf950dcb7c7f64392ec17cec97c6b29362bSHA1: 4972a7735bc3b0c9397bd122043beb4db5d48da1MD5: 3e4fdfbb216a4919534246f749aab839 |
M21-zoq41 | Bifrost_f3695bb5 | Mixed |
This strike sends a malware sample known as Bifrost. Bifrost is a backdoor that allows a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. It contains standard Remote Access Trojan capabilities including taking screenshots, camera monitoring, and keylogging. | f3695bb57ee730b63a99285b3e58af03 | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 09891f0d840b7f7fbcf046d95fcf8374d9dc59dc5f0a22daf9017afadfda2a6bSHA1: 0cd7419b16e6de4b127cd1719151c3cb32abb4ffMD5: f3695bb57ee730b63a99285b3e58af03 |
M21-d76z1 | Emotet_3e9f7bc3 | Mixed |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 3e9f7bc31ba3adb2638de4ebec51df91 | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: f30553a6bca371b8ca323014524527771b09ad91de5ca29f7bb0c96590a4e9cfSHA1: 3871cc3510bf552e0f31de82d08299bb8a2123ceMD5: 3e9f7bc31ba3adb2638de4ebec51df91 |
M21-om701 | Dofoil_286321a5 | Mixed |
This strike sends a malware sample known as Dofoil. Dofoil also known as SmokeLoader is typicall used to download and execute various other malware. It has been associated with dropping and executing coin miners that mine cryptocurrency. | 286321a5c27acf660cdf4305ad33a661 | https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.htmlSHA256: c2bea2314e29228dc45397436380ce833cd456e95a36b04396da5bc512589a5bSHA1: c42af99f955ad00e37f0566312dbdde9e9ff93c2MD5: 286321a5c27acf660cdf4305ad33a661 |
M21-j5js1 | Trickbot_72593a33 | Mixed |
This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 72593a33eada2ecfac60ecf452ccfcb1 | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: 4aecc28c37f0cbca6bd0abdd1017a9f23fce02834b0cc442ebf6711b73036153SHA1: 80d26d4c2c3065b44a244d1776b85fd177b160f8MD5: 72593a33eada2ecfac60ecf452ccfcb1 |
M21-p4p41 | Bifrost_70c04126 | Mixed |
This strike sends a malware sample known as Bifrost. Bifrost is a backdoor that allows a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. It contains standard Remote Access Trojan capabilities including taking screenshots, camera monitoring, and keylogging. | 70c04126abb95a5378868c486b91c453 | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 036651a9fbc85ffd6027bcb89f99fa3c8cf1a36abedbc8808aa066aa90c3e972SHA1: 0aa0d6047ab6ac484050f1fe4f09ccd04683e60eMD5: 70c04126abb95a5378868c486b91c453 |
M21-1x841 | Emotet_3da1215c | Mixed |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 3da1215cabb6bb88d9a1432f78df501e | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: 0ba291a889d3c24013aeda5a880ad0a0304a8bf1385f3997f96e9049d4bf1bf3SHA1: 64d4a59561ce6f4168d0686d51ebdb96a4527e24MD5: 3da1215cabb6bb88d9a1432f78df501e |
M21-ygdr1 | Dofoil_e81d1b51 | Mixed |
This strike sends a malware sample known as Dofoil. Dofoil also known as SmokeLoader is typicall used to download and execute various other malware. It has been associated with dropping and executing coin miners that mine cryptocurrency. | e81d1b51ee7a971cbbe4cb91f09a5d90 | https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.htmlSHA256: 91b5b42102b2a55ccf2cf8644e6c310c85b4061ec9ecdc228929769d51cf9ee3SHA1: 2582a807ecb7661bf032de796762b419f56cf7bfMD5: e81d1b51ee7a971cbbe4cb91f09a5d90 |
M21-bq451 | Bifrost_399c3a89 | Mixed |
This strike sends a malware sample known as Bifrost. Bifrost is a backdoor that allows a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. It contains standard Remote Access Trojan capabilities including taking screenshots, camera monitoring, and keylogging. | 399c3a89a43ab12f22d0218a717355ec | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 07243c8b5c0cdd6505573399ab88a7aaaa314dc3958c73d18f783c96922dd26fSHA1: 069d8f2b23a4d336fd49b39d5ff9c6247c3ae717MD5: 399c3a89a43ab12f22d0218a717355ec |
M21-scxu1 | Dofoil_abb7e72b | Mixed |
This strike sends a malware sample known as Dofoil. Dofoil also known as SmokeLoader is typicall used to download and execute various other malware. It has been associated with dropping and executing coin miners that mine cryptocurrency. | abb7e72b41ed57f9c36c429e9c07fd56 | https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.htmlSHA256: 11959868974ed014b69f572db4c68a1e7547121a759241e32856f208b64c88a8SHA1: b0a025ee2a8c0217bcd7e27d5bd22ce7e0c466fbMD5: abb7e72b41ed57f9c36c429e9c07fd56 |
M21-yp9q1 | Bifrost_b60f966a | Mixed |
This strike sends a polymorphic malware sample known as Bifrost. Bifrost is a backdoor that allows a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. It contains standard Remote Access Trojan capabilities including taking screenshots, camera monitoring, and keylogging.The binary has random strings (lorem ipsum) appended at the end of the file. | b60f966ae955ef8523dd28fdb5d252c0 | https://attack.mitre.org/techniques/T1009/SHA256: 6625ef549d939de8352519e1194e06ccc568d77551f1176230539fae62509ca4SHA1: 820cefc9c0f1ce8f340c3b532aac58d65d259118PARENTID: M21-q2r61SSDEEP: 24576:dM9FUzQIyFfybd0nnbpfDYpY9OLSCR2Isb3ojRdhann6LjmHl25D+0ZpEo0Yv8al:qFmQIQ6x0nt7YbeO2Is3odK4OM5D+aJvMD5: b60f966ae955ef8523dd28fdb5d252c0 |
M21-4o6j1 | Dofoil_17238a77 | Mixed |
This strike sends a malware sample known as Dofoil. Dofoil also known as SmokeLoader is typicall used to download and execute various other malware. It has been associated with dropping and executing coin miners that mine cryptocurrency. | 17238a77d4115a153200b352da8667e4 | https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.htmlSHA256: 2047537c162e02f2135b3386f5cfec72c94a7dbe030c7ec12083a93e0a308d3bSHA1: f4b65e5bb28e855f824e8c4356aa6a54500e9c1fMD5: 17238a77d4115a153200b352da8667e4 |
M21-7wt21 | Dofoil_bc8169b8 | Mixed |
This strike sends a malware sample known as Dofoil. Dofoil also known as SmokeLoader is typicall used to download and execute various other malware. It has been associated with dropping and executing coin miners that mine cryptocurrency. | bc8169b8f36da028c90537694d4dedf0 | https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.htmlSHA256: c8d5bef4f8a9c5ca0ae5fbeed8494952a2eb2068e716b075682d056b496493c6SHA1: b0ba75389ce9ba4502c2126a1c5a2b353d4294bbMD5: bc8169b8f36da028c90537694d4dedf0 |
M21-0szw1 | Emotet_c0c2630f | Mixed |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | c0c2630f15827788f864b51ad4e66f2e | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: 7caba7cb01b4d53ec27d165e2910cfa79babd8d5f0a29eb236459d9eede5a040SHA1: 439587c874fc262731d2ffa4cd18553adb03dca6MD5: c0c2630f15827788f864b51ad4e66f2e |
M21-rydf1 | Bifrost_90005a6e | Mixed |
This strike sends a malware sample known as Bifrost. Bifrost is a backdoor that allows a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. It contains standard Remote Access Trojan capabilities including taking screenshots, camera monitoring, and keylogging. | 90005a6ee45152b570fd53742b878be7 | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 0526c1ec541f196f5abc71044373be256a1073cb0b5f58820709a0f2c85eabf6SHA1: 1298ccdbe057ec5573039bd118312fd2b5027afeMD5: 90005a6ee45152b570fd53742b878be7 |
M21-3aka1 | Trickbot_90b291b0 | Mixed |
This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 90b291b0c3e284b4e64072330a8b9f59 | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: 413de3f8b19c0bbda810761cca2ecdf16735932baa3f0b916f3e61d7a97e49a0SHA1: 12720bf6dfc3f8a2dac002616f26e0a015e4ac18MD5: 90b291b0c3e284b4e64072330a8b9f59 |
M21-g1v11 | Expiro_e16a3cdf | Mixed |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | e16a3cdf66e2a3d2bbc0b512c79e5314 | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 20f9e4557de5ed6a79576d5817b535d6edfe7f2584b5ff84f3fedcd41b551c1fSHA1: 5b6cf1a8695df5047690480adf59caad4ac084c5MD5: e16a3cdf66e2a3d2bbc0b512c79e5314 |
M21-xaxz1 | Bifrost_597907c7 | Mixed |
This strike sends a polymorphic malware sample known as Bifrost. Bifrost is a backdoor that allows a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. It contains standard Remote Access Trojan capabilities including taking screenshots, camera monitoring, and keylogging.The Parent binary was packed using upx, hence this binary is the unpacked version generated using upx -d. | 597907c703cddcff731ac25dc8a8becc | https://attack.mitre.org/techniques/T1045/SHA256: a57a7547994cbe3291c9feae7904a25c2c25d59ca9d8bb200c2ad2d4025b0283SHA1: 3bdcc6cab14b89277c585fb9ec71c69182455975PARENTID: M21-q2r61SSDEEP: 49152:6UZug8M3/4JXQCirb/77lVha9bHTKZGCb9afCCD31k961UlMXJ:67MeMrbTfhuSLaF1LXJMD5: 597907c703cddcff731ac25dc8a8becc |
M21-8xdb1 | Trickbot_0fdecaba | Mixed |
This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 0fdecabaa0d325922c0330049e68a826 | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: 4c4200de9e89d65e9da6d397719400e59ce391c5515e706e456138a01eed4192SHA1: d4697abf47007b652c61f677dc78512c0c4503d9MD5: 0fdecabaa0d325922c0330049e68a826 |
M21-fq5t1 | Bifrost_8799cf57 | Mixed |
This strike sends a malware sample known as Bifrost. Bifrost is a backdoor that allows a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. It contains standard Remote Access Trojan capabilities including taking screenshots, camera monitoring, and keylogging. | 8799cf572264225b73066d118e6de76f | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 073269b833d4a7cb6d3467f7e4cf7d519aad1ece80a54b83125d1e9feda5990eSHA1: 0ed6772c68c8d9393cb8736466a031197d9c9089MD5: 8799cf572264225b73066d118e6de76f |
M21-dgjo1 | Bifrost_2f0c11af | Mixed |
This strike sends a malware sample known as Bifrost. Bifrost is a backdoor that allows a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. It contains standard Remote Access Trojan capabilities including taking screenshots, camera monitoring, and keylogging. | 2f0c11af00219f9eec567c45a1ae97ff | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 076941594cd31c57524f62f03b08acb901e3fdfb082635d36d40f4947227b7a2SHA1: 04f73602956543f4096ea15bd4e6894d38990596MD5: 2f0c11af00219f9eec567c45a1ae97ff |
M21-t7gp1 | Emotet_e73d0b88 | Mixed |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | e73d0b8841158cc52a3f52c1162b4f1a | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: 9368f2b61d539e999e5f3e9bc812fef6f5b3110fdc28174b21125d204fa77418SHA1: 3fe920bdb02799fe1c7aff4f298805366f528a9cMD5: e73d0b8841158cc52a3f52c1162b4f1a |
M21-q2r61 | Bifrost_796e5e8b | Mixed |
This strike sends a malware sample known as Bifrost. Bifrost is a backdoor that allows a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. It contains standard Remote Access Trojan capabilities including taking screenshots, camera monitoring, and keylogging. | 796e5e8b154e8defa316ada29f9c6d4c | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 0b2603cb0c45cec83355196b186b3b71ce336fc96f5ffc5f796e89f00dd27821SHA1: 12fd721d0ac5e8b04e64a3ab44b6a47cd018de10MD5: 796e5e8b154e8defa316ada29f9c6d4c |
M21-bfxc1 | Expiro_a9929ed0 | Mixed |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | a9929ed0a4b86f22d6773ba7f3a309f2 | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 1cb113a94790adf51cc820f4490412a8f6e7404e70689a7348129529ce6f85e8SHA1: 85ad9f26d6e4106b63bb784c4505c2b55087e04cMD5: a9929ed0a4b86f22d6773ba7f3a309f2 |
M21-7qla1 | Trickbot_a40a1b35 | Mixed |
This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | a40a1b35110eb63c97b6552e8fe765ad | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: e7c8998b7196abde8112fbe3b1abe119f1337bc3ce69eaa94ac356681352b169SHA1: 676d7c4909e15925a90f7143b8e928dace0f8286MD5: a40a1b35110eb63c97b6552e8fe765ad |
M21-jh561 | Bifrost_ce832708 | Mixed |
This strike sends a malware sample known as Bifrost. Bifrost is a backdoor that allows a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. It contains standard Remote Access Trojan capabilities including taking screenshots, camera monitoring, and keylogging. | ce832708d4933212087f74c828bbaaa5 | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 070f2e267f5deb9d63c46699e72331e4d4f59730a13d0b58f4dd0bf2ff6a0da9SHA1: 0c90b3b65a3bdb05707b374861f0fbd4938b34ddMD5: ce832708d4933212087f74c828bbaaa5 |
M21-dpuk1 | Bifrost_51d44d8f | Mixed |
This strike sends a malware sample known as Bifrost. Bifrost is a backdoor that allows a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. It contains standard Remote Access Trojan capabilities including taking screenshots, camera monitoring, and keylogging. | 51d44d8fcdd031a645e823d282e7d047 | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 01563bf8352120e455b157eb6a976ef36805d7078d78e0d561af2d6967b9431dSHA1: 0f49dca62ebbc3ca950f38d068a7be8be95324aeMD5: 51d44d8fcdd031a645e823d282e7d047 |
M21-6eni1 | Expiro_5146796f | Mixed |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | 5146796f105b5a619b59e6ded6b53fb3 | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 217b940bffdcb10b56ec9f1fba455ff499cc36087bde3d12a4b6638313b8beaaSHA1: 742b85699d62354c466c982e9476dc90a0e5f26bMD5: 5146796f105b5a619b59e6ded6b53fb3 |
M21-kb7r1 | Emotet_91adac33 | Mixed |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 91adac33b6d93c6991e2cfb4530a6464 | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: 88146887d14178ba82c74f3d0eb7ef8370c2fbcb0e0ede3bbbac24d39c49c1cbSHA1: 78308743d59ffa97e8487d5c864d55b42eff0359MD5: 91adac33b6d93c6991e2cfb4530a6464 |
M21-xbyj1 | Dofoil_44aad9ee | Mixed |
This strike sends a malware sample known as Dofoil. Dofoil also known as SmokeLoader is typicall used to download and execute various other malware. It has been associated with dropping and executing coin miners that mine cryptocurrency. | 44aad9eeb8af28286b332ab628d28f95 | https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.htmlSHA256: 4d11b045a577258f2ed62c1a56584c6ad8b0128398d19e2ad114c53dc091a734SHA1: 61f23a050ea29cacad27fdebf376caa80f56e523MD5: 44aad9eeb8af28286b332ab628d28f95 |
M21-g75r1 | Bifrost_df74478b | Mixed |
This strike sends a polymorphic malware sample known as Bifrost. Bifrost is a backdoor that allows a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. It contains standard Remote Access Trojan capabilities including taking screenshots, camera monitoring, and keylogging.The binary has the timestamp field updated in the PE file header. | df74478b8494a2a17157a8cd0cce6158 | https://attack.mitre.org/techniques/T1099/SHA256: 5c6307296de9c30a309c16132a18bda9ea38c9ee09475edbc8fb996d57a9a923SHA1: ae144d37e36136a6877b77fedecfd7e016bc95abPARENTID: M21-q2r61SSDEEP: 24576:gM9FUzQIyFfybd0nnbpfDYpY9OLSCR2Isb3ojRdhann6LjmHl25D+0ZpEo0Yv8aU:VFmQIQ6x0nt7YbeO2Is3odK4OM5D+aJeMD5: df74478b8494a2a17157a8cd0cce6158 |
M21-7kf21 | Bifrost_5797bcc3 | Mixed |
This strike sends a malware sample known as Bifrost. Bifrost is a backdoor that allows a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. It contains standard Remote Access Trojan capabilities including taking screenshots, camera monitoring, and keylogging. | 5797bcc39cdc4731ceae5c87a9c673f1 | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 07c6c3dfd9312096f5afc63ae43d1f550b1da2a034116a062564cda0371b14a0SHA1: 13e3e2ea984425712cd3557e631864f70baa5566MD5: 5797bcc39cdc4731ceae5c87a9c673f1 |
M21-p8cu1 | Expiro_4f42c310 | Mixed |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | 4f42c3100de4b453ab5f13a1b66792b5 | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 21e29cf941252b7027daed128c49c4639e1a880d96ad23577147e4a5f0e054e4SHA1: a0214e924a3d48145935a8a5385dbe5ad2ca974eMD5: 4f42c3100de4b453ab5f13a1b66792b5 |
M21-xllw1 | Bifrost_5f0e5fcf | Mixed |
This strike sends a malware sample known as Bifrost. Bifrost is a backdoor that allows a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. It contains standard Remote Access Trojan capabilities including taking screenshots, camera monitoring, and keylogging. | 5f0e5fcf4039b92c816086ba6d0a7e70 | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 0a55e423a2695d91190c31dc08c945839863c5ea59b98a3f8494f7fcc9379391SHA1: 118fa0f66b3a0cc1fe20aa63fc47ee88519d84f4MD5: 5f0e5fcf4039b92c816086ba6d0a7e70 |
M21-p9wv1 | Emotet_57674369 | Mixed |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 57674369f83c58d391eff88877f0fce2 | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: 224cc5e51285c9523bfaf67d7baf8ddc62eee0657797f39343409087a00a6c18SHA1: 7505f2fe477cf679094f2c96bd93621d81105f5dMD5: 57674369f83c58d391eff88877f0fce2 |
M21-4y1r1 | Bifrost_ef19d9ec | Mixed |
This strike sends a malware sample known as Bifrost. Bifrost is a backdoor that allows a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. It contains standard Remote Access Trojan capabilities including taking screenshots, camera monitoring, and keylogging. | ef19d9ec2a52269c50210d279066638a | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 07182ebed691e51e974f25abe319401af0df574372a33393c2b01a10dba7af62SHA1: 0f9cf0666a35b1c8634aa7ad73dfa7f3a75327bdMD5: ef19d9ec2a52269c50210d279066638a |
M21-204f1 | Trickbot_46b94155 | Mixed |
This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 46b941555f3008c0a72ae5688f6c1f9b | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: 3fecbe5f0b60d94a8a07e6bd2121968c3413d6be1be1909cc00f6ee1a1a180c3SHA1: 484896ccccb6bfbc88ba068531e27683e10f3ebcMD5: 46b941555f3008c0a72ae5688f6c1f9b |
M21-g9pl1 | Trickbot_00dc9c34 | Mixed |
This strike sends a polymorphic malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.The binary has random bytes appended at the end of the file. | 00dc9c346cd84fa75d43ccae5bb86c4a | https://attack.mitre.org/techniques/T1009/SHA256: e7bfdbd6376496dbf0f25341a6b7fb0fdfa5ee975b900659d948d086bfa2b333SHA1: 5c4d01490b652ebac9cf5276f65dc316cae304d9PARENTID: M21-7qla1SSDEEP: 6144:qmJK9dt1qaV//8N/ctawG1m3Ozse10puYfmsuv22eo:BJdc0wL410pDesu+roMD5: 00dc9c346cd84fa75d43ccae5bb86c4a |
M21-xabs1 | Trickbot_81538286 | Mixed |
This strike sends a polymorphic malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.The binary has random strings (lorem ipsum) appended at the end of the file. | 81538286e9c717293649effac6b84286 | https://attack.mitre.org/techniques/T1009/SHA256: cf6c522f751c61a3c8be5acda60780daa0f915af630ff275c1292ab7cd8c663aSHA1: d76c922d4f04d18fe93a8d06bd918139ad0ce216PARENTID: M21-7qla1SSDEEP: 6144:qmJK9dt1qaV//8N/ctawG1m3Ozse10puYfmsuv22eY:BJdc0wL410pDesu+rYMD5: 81538286e9c717293649effac6b84286 |
M21-q1me1 | Emotet_64c5ac3e | Mixed |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 64c5ac3e5f42ff74c1a174513517e894 | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: 556297f467fa407294459887692200c5dc04a6ee74b5ec974bbdfe0f62640cc6SHA1: d58be09aa60e50540e8d5cf99f65b3060d3dea8fMD5: 64c5ac3e5f42ff74c1a174513517e894 |
M21-99i61 | Emotet_4249fe0b | Mixed |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 4249fe0bca2c3b5b5cb48d42814cefbb | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: 0fb01a55c22f907b3a4563bde5412ae15d75661e11f96bd679d6c4e59e2f8331SHA1: 1c7e99c14ade3a98307fff41b03842eaec2d2ecaMD5: 4249fe0bca2c3b5b5cb48d42814cefbb |
M21-bycj1 | Hades_9fa1ba3e | Mixed |
This strike sends a malware sample known as Hades. Hades is a ransomware created by the cyber-criminal group INDRIK SPIDER, also known as Evil Corp. It shares most of its functionality with WastedLocker and is thus considered a derivative of it. | 9fa1ba3e7d6e32f240c790753cdaaf8e | https://www.crowdstrike.com/blog/hades-ransomware-successor-to-indrik-spiders-wastedlocker/SHA256: fe997a590a68d98f95ac0b6c994ba69c3b2ece9841277b7fecd9dfaa6f589a87SHA1: 7bcea3fbfcb4c170c57c9050499e1fae40f5d731MD5: 9fa1ba3e7d6e32f240c790753cdaaf8e |
M21-avst1 | Bifrost_175db028 | Mixed |
This strike sends a malware sample known as Bifrost. Bifrost is a backdoor that allows a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. It contains standard Remote Access Trojan capabilities including taking screenshots, camera monitoring, and keylogging. | 175db028ffcd0b6c109d80b3d9cfa06f | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 06212381e4cf287bd20cc6b4db8f794afb237015191b3ced584709c8fb9d27e4SHA1: 106ae81caf5c63bf999d95451daa03a84c8d573eMD5: 175db028ffcd0b6c109d80b3d9cfa06f |
M21-6vze1 | Bifrost_7ade2faa | Mixed |
This strike sends a malware sample known as Bifrost. Bifrost is a backdoor that allows a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. It contains standard Remote Access Trojan capabilities including taking screenshots, camera monitoring, and keylogging. | 7ade2faad28324ad407b1e430fc0d4fd | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 00e7cdd19741cc41b53311925f0eed9d105bfb13dd7f3006f77c096fb358abb5SHA1: 085ae71992ceac8a1134ffada06eabd20c24554cMD5: 7ade2faad28324ad407b1e430fc0d4fd |
M21-npdy1 | Emotet_5dba15ae | Mixed |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 5dba15aec0800e03cac012455c47504c | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: cde952e9e44a1cab956bd6b0942d33ab23908ed090cc378946a8ca874744e3f2SHA1: 141e7dd78494b194c95c021ab819cf4ec3734342MD5: 5dba15aec0800e03cac012455c47504c |
M21-uxtl1 | Bifrost_4c39d9a1 | Mixed |
This strike sends a malware sample known as Bifrost. Bifrost is a backdoor that allows a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. It contains standard Remote Access Trojan capabilities including taking screenshots, camera monitoring, and keylogging. | 4c39d9a16e07a866fd6b34604cd32860 | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 06ad224230699fab463da86b25bb30f80fb85fd0c94c969a4a2a1e174b175b24SHA1: 0e3a9996e85505db346680ade18a0ee67cc129ddMD5: 4c39d9a16e07a866fd6b34604cd32860 |
M21-bdsu1 | Expiro_c5877275 | Mixed |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | c5877275ffbfab064142094638cb4dc9 | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 362e1a15f0db166301d978cc8cfdc0aa40f8f80da2658951cbd4c95ef07d631dSHA1: 65c4f46136b9590cb59870d0dfa607b7dc2111f8MD5: c5877275ffbfab064142094638cb4dc9 |
M21-45oq1 | Dofoil_d6b15dd2 | Mixed |
This strike sends a malware sample known as Dofoil. Dofoil also known as SmokeLoader is typicall used to download and execute various other malware. It has been associated with dropping and executing coin miners that mine cryptocurrency. | d6b15dd2c82446ef06feb78f18ed6435 | https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.htmlSHA256: be801f78febf260293a7977dfd7f539f97faf3badbb8d21fe95ca894dd373e0eSHA1: 37efd0e6bcbb2b46a2f0735c189a7d73d1ecc530MD5: d6b15dd2c82446ef06feb78f18ed6435 |
M21-rpwh1 | Bifrost_b9d3c518 | Mixed |
This strike sends a malware sample known as Bifrost. Bifrost is a backdoor that allows a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. It contains standard Remote Access Trojan capabilities including taking screenshots, camera monitoring, and keylogging. | b9d3c5182f8dca8fb5006ca1f4e5f96e | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 05211b35f49fba994db8781ee448c13f420ec81614faa2d9362df8b746c71ddaSHA1: 05d090e247bcdeade22e259cc92588d6c2799841MD5: b9d3c5182f8dca8fb5006ca1f4e5f96e |
M21-vywv1 | Expiro_f654a322 | Mixed |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | f654a322a5da0d94ca89ae517c421d00 | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 3ef66b99897d50fed0647a6dbc6f9ac39ae43ad7dc6106b501c1fc0b1946b939SHA1: 8e2cacb3ce853726fede6faa6bb6a79c2d85631aMD5: f654a322a5da0d94ca89ae517c421d00 |
M21-ugm51 | Trickbot_0a92735e | Mixed |
This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 0a92735e7370e9c08f1b67480060ef8b | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: 957e347e4df5faa6a8324f7f101ca3bd7f5a4fd254e18e10600708b09e6b847eSHA1: 84f658220497fb1a933d497c4def34b0dc3d4589MD5: 0a92735e7370e9c08f1b67480060ef8b |
M21-huwg1 | Dofoil_3584fb56 | Mixed |
This strike sends a malware sample known as Dofoil. Dofoil also known as SmokeLoader is typicall used to download and execute various other malware. It has been associated with dropping and executing coin miners that mine cryptocurrency. | 3584fb561a89745f5562f34ca6d2d90e | https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.htmlSHA256: aec1921b68b08b6524304f0857bf328c7a404f25fdac2cd9ee88aaa822be6567SHA1: e511f26a984ab22712ced571e753be42b3280dccMD5: 3584fb561a89745f5562f34ca6d2d90e |
M21-kggw1 | Emotet_6d7e080c | Mixed |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 6d7e080c1ffd4194b7620d26cc77f6f3 | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: aab15a7ace0d41bd1e7b13dcf9d030aa4fd558d588c328d1b97470e9059eb8c8SHA1: fa63c2d3bd3ce5ba565b798f1198fc41484a128eMD5: 6d7e080c1ffd4194b7620d26cc77f6f3 |
M21-4iag1 | Emotet_caf8cac0 | Mixed |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | caf8cac0abd6e928a6de6e4d618ca5b2 | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: df15bb8e09ff23c5d5adec1a7315a628745cb56c71a1ca19d84693a23e1b600dSHA1: f8bc83970091160ea077b9256d579a46fa972824MD5: caf8cac0abd6e928a6de6e4d618ca5b2 |
M21-1v7h1 | Expiro_ab58a757 | Mixed |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | ab58a757aa734d1ee7beba9262ea851f | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 40ac0bc43296018eda50d2f5c7017a4ceebd1a0639dad9838adf434ec8047b1aSHA1: 17e31f7c12adcca9e4a9c317d98049fae095485dMD5: ab58a757aa734d1ee7beba9262ea851f |
M21-0sys1 | Bifrost_6815b438 | Mixed |
This strike sends a malware sample known as Bifrost. Bifrost is a backdoor that allows a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. It contains standard Remote Access Trojan capabilities including taking screenshots, camera monitoring, and keylogging. | 6815b438ef2c105a05bd5a3137da5b6c | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 03d8fbebbf69625c566cd95f140076f49c6dc9ec05cab41848b6ab8d8e5d1282SHA1: 109831fcb515f2bdb72ea029a3a8346d9669b540MD5: 6815b438ef2c105a05bd5a3137da5b6c |
M21-hx1h1 | Dofoil_f80691f4 | Mixed |
This strike sends a malware sample known as Dofoil. Dofoil also known as SmokeLoader is typicall used to download and execute various other malware. It has been associated with dropping and executing coin miners that mine cryptocurrency. | f80691f47500b11ae90d642583a87781 | https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.htmlSHA256: 1e7e024929426dc634eb67cdf25e1ea621bcaa437707f1956a96c62d66307c30SHA1: 17cd5b44e24a926a16e177f5c1978e1bd2a5fde3MD5: f80691f47500b11ae90d642583a87781 |
M21-341v1 | Bifrost_72f8e14e | Mixed |
This strike sends a malware sample known as Bifrost. Bifrost is a backdoor that allows a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. It contains standard Remote Access Trojan capabilities including taking screenshots, camera monitoring, and keylogging. | 72f8e14ee194325d3390fa9d558b8349 | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 02d2fb1816985fbaf7f90d3c44aac8a57c5fbf1b70f0af969c1ed299710831ecSHA1: 07a1e82195d19c809f68f371f53a3fc963e44899MD5: 72f8e14ee194325d3390fa9d558b8349 |
M21-0m9u1 | Expiro_d9a35ce3 | Mixed |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | d9a35ce3b7c6e201054527769d208dab | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 1453ff97ce2fca719c6041bfb74700e530bc580b64713b2b5697365741df3ec5SHA1: 259d8475cf0c0993e84b32814d06a6f95fd16482MD5: d9a35ce3b7c6e201054527769d208dab |
M21-auiq1 | Trickbot_a67fcd6d | Mixed |
This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | a67fcd6db8f635da1bf4fe903199ccc8 | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: 0eeb131101c7687e7c5238e74c1104546db23ef58fa2be1b494d48683054903eSHA1: e35a4e45e750eebeba659219c797f8d216115a4eMD5: a67fcd6db8f635da1bf4fe903199ccc8 |
M21-fqgp1 | Emotet_bd57c86b | Mixed |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | bd57c86b7951578d3a4a163b6d6da6c5 | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: 7989d1d090d3ff076ff23b5d9e796bf0ab5810c2cf83a0e2bd1fb22266a5b359SHA1: 828ed81217f6941890de9eba2c616f568d722bb5MD5: bd57c86b7951578d3a4a163b6d6da6c5 |
M21-1b191 | Emotet_553e53c9 | Mixed |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 553e53c975d2ff6346302210a2145b14 | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: 6cd2ce8b2839be56753bfe8ab166c793a6fafac873ed4169ad3fcc4dad6d520aSHA1: 4b9bac7826ab1f141de2adfff8362950eab04701MD5: 553e53c975d2ff6346302210a2145b14 |
M21-e2o01 | Dofoil_acdbed3a | Mixed |
This strike sends a malware sample known as Dofoil. Dofoil also known as SmokeLoader is typicall used to download and execute various other malware. It has been associated with dropping and executing coin miners that mine cryptocurrency. | acdbed3ae6e2a055308a239fe9747eea | https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.htmlSHA256: 1ebcb62975ca935c0c538d1a421fe94c35c42ca42ebae3fdddce3b23240899b0SHA1: cb7d3b519fc0e70017ebda359f7e270c58d6e8d8MD5: acdbed3ae6e2a055308a239fe9747eea |
M21-xzx61 | Expiro_b45603d9 | Mixed |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | b45603d9ea29859e52e80cf2d5169ce7 | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 347559db36d953aa093c91479a9dad8ca4fb655dd29b6028c3ea0b934e5bf564SHA1: 4423f6cce0f6d6a1f4e57d95b8ed798c167f834cMD5: b45603d9ea29859e52e80cf2d5169ce7 |
M21-58rz1 | Trickbot_e4751c1f | Mixed |
This strike sends a polymorphic malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.The binary has the timestamp field updated in the PE file header. | e4751c1f57c370d74ef96f814c1a1b06 | https://attack.mitre.org/techniques/T1099/SHA256: 0793acdbefb25ad72d3551fe1d0a0afae96b74a10a0654ceffa77ef83ba125caSHA1: 46cbf5d3d9e4a5c754c085fb5cdbdc29ef48bc95PARENTID: M21-7qla1SSDEEP: 6144:xmJK9dt1qaV//8N/ctawG1m3Ozse10puYfmsuv22eh:MJdc0wL410pDesu+rhMD5: e4751c1f57c370d74ef96f814c1a1b06 |
M21-08zh1 | Dofoil_945cb107 | Mixed |
This strike sends a malware sample known as Dofoil. Dofoil also known as SmokeLoader is typicall used to download and execute various other malware. It has been associated with dropping and executing coin miners that mine cryptocurrency. | 945cb1078a84c7ab1871fe5d7989dc8d | https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.htmlSHA256: 8176f5b87011d4d4db43e23663350820ef7a8f31ab452cf5ceae53b49d51b41eSHA1: 55940d51faa17bc48bc6286f8cef7d8ed073fb57MD5: 945cb1078a84c7ab1871fe5d7989dc8d |
M21-zm7g1 | Dofoil_5b7add55 | Mixed |
This strike sends a malware sample known as Dofoil. Dofoil also known as SmokeLoader is typicall used to download and execute various other malware. It has been associated with dropping and executing coin miners that mine cryptocurrency. | 5b7add55ea91cae73e7c851667f4f227 | https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.htmlSHA256: 83f1e0aceccf0ee054b7f0a933f3ccea3b2306d5b3bea741ea9206c08428a58fSHA1: ccd538a6cff51b360d118b89256ee343da9d2620MD5: 5b7add55ea91cae73e7c851667f4f227 |
M21-126c1 | Emotet_c3b7af5b | Mixed |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | c3b7af5b876b04e9e246d9e4e727807d | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: 21d13676ec24bbe21071be6ef56082744a3703904941d062ae1d59b38db2b394SHA1: 2341941968f51dbd68de701fe0c973d933fbdd2fMD5: c3b7af5b876b04e9e246d9e4e727807d |
M21-dwpa1 | Bifrost_5a40d3ac | Mixed |
This strike sends a malware sample known as Bifrost. Bifrost is a backdoor that allows a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. It contains standard Remote Access Trojan capabilities including taking screenshots, camera monitoring, and keylogging. | 5a40d3ac2a6fe1eab16d1500ede4db8c | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 06588f3c7deebe0f4ea951e17ddb11ebea92712137aa971756f6102451da5539SHA1: 03f20c4eba47173487e2b77597f8baf6a1a0ef70MD5: 5a40d3ac2a6fe1eab16d1500ede4db8c |
M21-y5tt1 | Emotet_a047e8bc | Mixed |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | a047e8bc82f34dffefd1748eee7a7160 | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: 1f60fa927adf69656e2386239b01e6b5a22fbde11034a1561d462d480efc1c32SHA1: be0860a33e72eba157a66080de7bb13a699a8f5eMD5: a047e8bc82f34dffefd1748eee7a7160 |
M21-6v7w1 | Bifrost_4f86b517 | Mixed |
This strike sends a malware sample known as Bifrost. Bifrost is a backdoor that allows a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. It contains standard Remote Access Trojan capabilities including taking screenshots, camera monitoring, and keylogging. | 4f86b517e0ff6130ae58d272476f5de8 | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 095bbc10705d60a2cdc7c6aa3236914eef708da30fa2ec4053a6c3ffab3890f1SHA1: 03378d809f6ddb26346437ca26a47cbec909ab24MD5: 4f86b517e0ff6130ae58d272476f5de8 |
M21-k0gj1 | Expiro_2f1f1c29 | Mixed |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | 2f1f1c29323c486eb5e256a8c1f16050 | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 29305fc76610930fed67b93437d1f277ba5ee851f64b3de72b939d88395e50f5SHA1: 6bd77555ca59834a6813be772cda4c4414f907c5MD5: 2f1f1c29323c486eb5e256a8c1f16050 |
M21-iib61 | Expiro_04e0b84b | Mixed |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | 04e0b84b8474dcefbc68b7782cf61fa3 | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 3366dbd762fc25c9517465349e74058f1ae080085cd3196f5626392b5884e233SHA1: 3e0ca975108b86b1fb75bec187fde395c764274bMD5: 04e0b84b8474dcefbc68b7782cf61fa3 |
M21-e8xw1 | Expiro_ee1389b2 | Mixed |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | ee1389b23c27eba03147d094e5da3355 | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 28946810f7b8577132a0dcf57de19767a0cb4a8e2db1317fd63c98d44e538cb8SHA1: 4e8a1f2d5b43a7407f9141bb83bb0ed90646ec44MD5: ee1389b23c27eba03147d094e5da3355 |
M21-nrg21 | Expiro_eee03c27 | Mixed |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | eee03c2746f5188eb4b2dc0ede35e9e5 | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 11672b01e740ce812e9488a5c30862848b58aaaab7019445c1e2ce14f1dfdd6cSHA1: 85d36966385244ac3c014387ae75977cce40f210MD5: eee03c2746f5188eb4b2dc0ede35e9e5 |
M21-rn2w1 | Trickbot_94e65f4a | Mixed |
This strike sends a polymorphic malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.The binary has a random section name renamed according to the PE format specification. | 94e65f4a15aacf78dbf61522bc83ed71 | https://arxiv.org/abs/1801.08917SHA256: 181e774c9a5f6a0eef011f8f635d404056d17fd95cbc1a17d25e1262373e32caSHA1: 8c0294b3831da1a6664641d06ec90f4c7a1b4136PARENTID: M21-7qla1SSDEEP: 6144:AmJK9dt1qaV//8N/ctawG1m3Ozse10puYfmsuv22eh:zJdc0wL410pDesu+rhMD5: 94e65f4a15aacf78dbf61522bc83ed71 |
M21-xnp01 | Bifrost_7b2cfdf1 | Mixed |
This strike sends a polymorphic malware sample known as Bifrost. Bifrost is a backdoor that allows a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. It contains standard Remote Access Trojan capabilities including taking screenshots, camera monitoring, and keylogging.The binary has a random section name renamed according to the PE format specification. | 7b2cfdf149b30ce6f15c3771f77c7430 | https://arxiv.org/abs/1801.08917SHA256: ab511f84960c1b9fdafa7e47ef1cc459d214590a9143fae40f39c5ba218ffadbSHA1: ed5f6f66a297e908dfe3583dc619a6cda5c364edPARENTID: M21-q2r61SSDEEP: 24576:pM9FUzQIyFfybd0nnbpfDYpY9OLSCR2Isb3ojRdhann6LjmHl25D+0ZpEo0Yv8aU:eFmQIQ6x0nt7YbeO2Is3odK4OM5D+aJeMD5: 7b2cfdf149b30ce6f15c3771f77c7430 |
M21-pye11 | Emotet_524e824a | Mixed |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 524e824ac17c816c0bd50ffeae623507 | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: 0538f769fea2d8714add22948a753b8fc39e3e920c7d3b8d5431b05f7a699ed5SHA1: 4886b4aacbd812cb08194b79bfce10b3e7a51769MD5: 524e824ac17c816c0bd50ffeae623507 |
M21-g30n1 | Dofoil_a41b3582 | Mixed |
This strike sends a malware sample known as Dofoil. Dofoil also known as SmokeLoader is typicall used to download and execute various other malware. It has been associated with dropping and executing coin miners that mine cryptocurrency. | a41b35821e750b19e71cdc5ece08b91f | https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.htmlSHA256: a8546a9766dec41398b77083033656665b0b2b456bafeef6787284e224edde7dSHA1: 6935cbacefbb4bf931db6ccce992af238eda7f9eMD5: a41b35821e750b19e71cdc5ece08b91f |
M21-2uxv1 | Trickbot_118d0859 | Mixed |
This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 118d08599d7b68c09fb4c698d1a6a2f7 | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: 8aba45ca10552918328b739471cf92085b98411f47bd4c09ea385c7e24ddd830SHA1: 4e5364c175d9438f9f8a975f34bf6af1a569827eMD5: 118d08599d7b68c09fb4c698d1a6a2f7 |
M21-rb991 | Emotet_8cdace86 | Mixed |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 8cdace8642fe8dd4c649bf6a9dc6d632 | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: 6b9956c7c01261725ee15cb28a9b9c90170a3dd559c25f1f053d10db32b591b2SHA1: 999417edf48bb5db9c9e5c592198c71b122dbe9dMD5: 8cdace8642fe8dd4c649bf6a9dc6d632 |
M21-alii1 | Bifrost_50c35460 | Mixed |
This strike sends a malware sample known as Bifrost. Bifrost is a backdoor that allows a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. It contains standard Remote Access Trojan capabilities including taking screenshots, camera monitoring, and keylogging. | 50c35460a0eb4151aee2ad125710ee03 | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 09feb90ba24cf83b11b864527eb961a30d5f958f46cdb2b52f19ed789cef39b5SHA1: 130846e960c6947efcebc906aa070995eaa3f06bMD5: 50c35460a0eb4151aee2ad125710ee03 |
M21-klpc1 | Bifrost_7bfd93ce | Mixed |
This strike sends a malware sample known as Bifrost. Bifrost is a backdoor that allows a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. It contains standard Remote Access Trojan capabilities including taking screenshots, camera monitoring, and keylogging. | 7bfd93ce9a580270c34f0ee1d96720de | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 02c89c2a5e4723b104338e05aff1a4fdd61d3b7bdec2b22a38ef6fb37e3b82bdSHA1: 09bf7c2d1ee5f4abc8cabe3172735909f142ff4aMD5: 7bfd93ce9a580270c34f0ee1d96720de |
M21-4zfk1 | Trickbot_91ff661e | Mixed |
This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 91ff661eecc2a978f43dd537ecc40212 | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: a004e7f21a0a353ab8af5759fc610dd78ae69fdff944ec0a4652d4325b1908c7SHA1: b8b3c7afa69f9feb2af3934185fd32f3c376eda0MD5: 91ff661eecc2a978f43dd537ecc40212 |
M21-3a5t1 | Expiro_550cab38 | Mixed |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | 550cab38c32073db8b332701584439fe | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 3408ccbdb816bc9f2e540f9cd90a5edd7a1f383518909edd50599545838bd072SHA1: df14646f16649c57a4dbfef5bd66173c7d10641eMD5: 550cab38c32073db8b332701584439fe |
M21-vuue1 | Dofoil_7dd17081 | Mixed |
This strike sends a malware sample known as Dofoil. Dofoil also known as SmokeLoader is typicall used to download and execute various other malware. It has been associated with dropping and executing coin miners that mine cryptocurrency. | 7dd17081fb73d13df36e28ce13b0fc8c | https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.htmlSHA256: 0c451e42735fa72cb36d1cc6911cd78ff5a6605bbf104c5f43b90342b1cc38dbSHA1: 5d816f1f3d2ab9afee6a34c99db52f25f49b9110MD5: 7dd17081fb73d13df36e28ce13b0fc8c |
M21-yabp1 | Dofoil_77bbe1ee | Mixed |
This strike sends a malware sample known as Dofoil. Dofoil also known as SmokeLoader is typicall used to download and execute various other malware. It has been associated with dropping and executing coin miners that mine cryptocurrency. | 77bbe1ee50b49407d6d05afb4ca96ff7 | https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.htmlSHA256: 62438d9ec56061fb81f514d6c8eff718f765d3101c16f70051c605deb3e4d788SHA1: f0c0e7db4fceb57c2b34d819dbe9b4ae7f6678d9MD5: 77bbe1ee50b49407d6d05afb4ca96ff7 |
M21-1o0d1 | Bifrost_fa32787c | Mixed |
This strike sends a polymorphic malware sample known as Bifrost. Bifrost is a backdoor that allows a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. It contains standard Remote Access Trojan capabilities including taking screenshots, camera monitoring, and keylogging.The binary has the checksum removed in the PE file format. | fa32787cb971f620bed716b862ac6ed0 | https://arxiv.org/abs/1801.08917SHA256: fcd995669be091cde67e3735fca549940276cfc5cb59eb0f57b8c56074c9ad5dSHA1: e1683de04a7b0d5badf2538ae2fec338763469caPARENTID: M21-q2r61SSDEEP: 24576:eM9FUzQIyFfybd0nnbpfDYpY9OLSCR2Isb3ojRdhann6LjmHl25D+0ZpEo0Yv8aU:7FmQIQ6x0nt7YbeO2Is3odK4OM5D+aJeMD5: fa32787cb971f620bed716b862ac6ed0 |
M21-kc3n1 | Trickbot_d4350a2f | Mixed |
This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | d4350a2f7e1cad0ee465f0f8170f8ecf | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: 83bf6d1bc398ff7edcbdb3d3bfbca3ef8789c3eef2668eeaba3fdb436aa43f64SHA1: f42ecc12a8a89c0b83d8d4c563441d09f0bab627MD5: d4350a2f7e1cad0ee465f0f8170f8ecf |
M21-03w41 | Expiro_cfec50d3 | Mixed |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | cfec50d3ddb50a9ebd752d069837ee2b | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 0dd0073d65e8985095d97de67bc5e38794d1c578af45d6a473a2ff84dab4e39fSHA1: b71a8adf05938ded71cc556bf72c0dd5eab77460MD5: cfec50d3ddb50a9ebd752d069837ee2b |
M21-oh1p1 | Expiro_0e9dcdba | Mixed |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | 0e9dcdba66ee4d9753292f4112a4537b | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 09e2c7b6e3163c9aae91096dba1dd1faa25e9f0d652548112705fca9b9769b10SHA1: 959ead9a980da4ffa8bbfed862581ebaddf0f6c9MD5: 0e9dcdba66ee4d9753292f4112a4537b |
M21-s3x81 | Trickbot_9dfac898 | Mixed |
This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 9dfac8989e68abdfda410a3513d9668e | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: 11179c3750414ddb59b561e6f67c79ecc1cb0b0bf0886f2c2b41eff8d3819a69SHA1: 18a822ebb2a93f211489312d5477aa46e7d59644MD5: 9dfac8989e68abdfda410a3513d9668e |
M21-pvmk1 | Trickbot_29824072 | Mixed |
This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 298240723718547126344e86ac09f7d0 | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: 925a1279cf8207ff1256a6a382c151b75c1701debc924b6e29f74ec66189e416SHA1: c64818187686483855a811a3f911383c8a59f548MD5: 298240723718547126344e86ac09f7d0 |
M21-51931 | Emotet_caeb9d29 | Mixed |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | caeb9d29e22f04ae4c66b039c8fd650c | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: cd2c6d5071413fa5f112989c7164a9640643362ed8c6b74227f5506dd9ce3a6eSHA1: 6779ec403dd1e4290b21d7757e595e329c7064b7MD5: caeb9d29e22f04ae4c66b039c8fd650c |
M21-wjfj1 | Expiro_01eeb5c6 | Mixed |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | 01eeb5c6a9382fe8bc0691971dcda6da | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 0aae3ca82b76371035d02163fd7cdd531181c925cb5f00c33abd858234c530e0SHA1: 17f951b2f0842e9fc117b7180ea1032deab227f1MD5: 01eeb5c6a9382fe8bc0691971dcda6da |
M21-3jby1 | Expiro_86174a83 | Mixed |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | 86174a83ca172ce4d48cc347c92f780b | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 3411f562655203024dbeaf365d15fcf4c93741790445068f4f9670dbbcad91bdSHA1: acb64d90f9b44a9942aaa2ae3639856c3b7b534aMD5: 86174a83ca172ce4d48cc347c92f780b |
M21-ut771 | Bifrost_1208f352 | Mixed |
This strike sends a malware sample known as Bifrost. Bifrost is a backdoor that allows a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. It contains standard Remote Access Trojan capabilities including taking screenshots, camera monitoring, and keylogging. | 1208f3526e1cd37fa37017c07bda23e9 | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 04058a97246390c61befe641ff8c059c523bef02d760254025451c49573c55f8SHA1: 0e094169c4a5fc2149fbdccd5726e7d71ac53b9aMD5: 1208f3526e1cd37fa37017c07bda23e9 |
M21-8ecf1 | DarkSide_f87a2e1c | Mixed |
This strike sends a malware sample known as DarkSide. DarkSide is a ransomware that made headlines recently when it was attributed to the attack against CompuCom resulting in 20 million dollars in losses. DarkSide is known for its very specific approach to targeting victims. Each executable is carefully crafted for its intended target. | f87a2e1c3d148a67eaeb696b1ab69133 | https://www.channelfutures.com/security/compucom-ransomware-attack-prompts-more-than-20-million-in-losseshttps://www.insurancebusinessmag.com/ca/news/cyber/canadian-hardware-store-chain-gets-slammed-by-ransomware-attack-251259.aspxhttps://www.digitalshadows.com/blog-and-research/darkside-the-new-ransomware-group-behind-highly-targeted-attacks/SHA256: 9cee5522a7ca2bfca7cd3d9daba23e9a30deb6205f56c12045839075f7627297SHA1: d1dfe82775c1d698dd7861d6dfa1352a74551d35MD5: f87a2e1c3d148a67eaeb696b1ab69133 |
M21-eud31 | Dofoil_41cbc9f1 | Mixed |
This strike sends a malware sample known as Dofoil. Dofoil also known as SmokeLoader is typicall used to download and execute various other malware. It has been associated with dropping and executing coin miners that mine cryptocurrency. | 41cbc9f14ba35bc3fbc01fa373366684 | https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.htmlSHA256: d43fc5bd5ab07811b01def3be2a57a4bf0126fd6ced7b73e55f1bf2fe80b95b1SHA1: 0cf7ecf3ba1952ac468b8c7600312a4b46cd00e7MD5: 41cbc9f14ba35bc3fbc01fa373366684 |
M21-os8u1 | Expiro_0413d149 | Mixed |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | 0413d149c8f13c37c59b4045d19e104b | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 0a9cd6bd37c054cfde77225849e84f9c5dda52e6ccc41f1a8f7e2550208ab323SHA1: 2cc968a06c6d1d3904244c71000c8d646654dcebMD5: 0413d149c8f13c37c59b4045d19e104b |
M21-2g6d1 | Expiro_56edfa30 | Mixed |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | 56edfa303cfc02984450540bb6d5b664 | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 08ca431a8a649b53efe585f4be86baedabe95cafaaf6bb794794d094b1fce99cSHA1: 73657701fb4d6acb088ef4ff4ee210243c57bdcfMD5: 56edfa303cfc02984450540bb6d5b664 |
M21-a0qt1 | Expiro_43d02938 | Mixed |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | 43d0293877c77a8d6686fefe31c48e2a | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 1c0923926a6798d84a3ae8df9cca7b7deb1c833d79b7e3597dff595fafc1cb17SHA1: 3fecbd1837d1cb5924e9372555465db6b671bf41MD5: 43d0293877c77a8d6686fefe31c48e2a |
M21-ih6s1 | Dofoil_b4f02682 | Mixed |
This strike sends a malware sample known as Dofoil. Dofoil also known as SmokeLoader is typicall used to download and execute various other malware. It has been associated with dropping and executing coin miners that mine cryptocurrency. | b4f02682465301d17d8658d1c69abe6d | https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.htmlSHA256: 1dc196190e82a017a81937d0b42f96ecd86673b7cc4d4a5fcebe0b4c63495879SHA1: fa416599f2a7a182ea956f08f8c3c183a0b1f4f8MD5: b4f02682465301d17d8658d1c69abe6d |
M21-soot1 | Expiro_a2f7ae1d | Mixed |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | a2f7ae1ddd9611233e0cd0b29202e653 | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 14b29c62bc67865818adb29351da249dbaa100a75eefe0d767734d0b16bc0f12SHA1: 375f20dd4f8c31da7c6bed1da6e4a66aa82877ccMD5: a2f7ae1ddd9611233e0cd0b29202e653 |
M21-0eo21 | Expiro_3f71b02f | Mixed |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | 3f71b02ff093f424563ddce686a2b6f4 | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 1e47c3fb48c30915162b17d319d304d74916769d22d5f2699dd025d8652d7bbfSHA1: f3721b248c9e4aee288b96dfa3eab33e4f6eaedfMD5: 3f71b02ff093f424563ddce686a2b6f4 |
M21-s5rr1 | Bifrost_d9f9f3d3 | Mixed |
This strike sends a malware sample known as Bifrost. Bifrost is a backdoor that allows a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. It contains standard Remote Access Trojan capabilities including taking screenshots, camera monitoring, and keylogging. | d9f9f3d3ebf767b3219bf16b8c3e1b80 | https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.htmlSHA256: 06fd9c2363806dae2cdc543f0d6d1541339ee756b7a56098414de31955a8cbffSHA1: 0583573bef32475c5723ef99b6bc3ffc7a8c1d5cMD5: d9f9f3d3ebf767b3219bf16b8c3e1b80 |
M21-ru0o1 | Dofoil_3fa850b7 | Mixed |
This strike sends a malware sample known as Dofoil. Dofoil also known as SmokeLoader is typicall used to download and execute various other malware. It has been associated with dropping and executing coin miners that mine cryptocurrency. | 3fa850b77ae570c62822109783db290a | https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.htmlSHA256: 7f6ebd301c47243a0c909c8f59f1600eacfe56dba2ccfb2639b24d9b16c9ec92SHA1: 3493d6c800786c0365b7cb932d5856c93b4be840MD5: 3fa850b77ae570c62822109783db290a |
M21-bvs01 | Dofoil_b0f774c3 | Mixed |
This strike sends a malware sample known as Dofoil. Dofoil also known as SmokeLoader is typicall used to download and execute various other malware. It has been associated with dropping and executing coin miners that mine cryptocurrency. | b0f774c3bbb838aaafdaedae70b4e752 | https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.htmlSHA256: 78568ae742d82478786a06e8639fac6a2da6fa032a576ba89bc85261771abb18SHA1: b8d2f644544c648f2cec4dac0399d908a77efe76MD5: b0f774c3bbb838aaafdaedae70b4e752 |
M21-dmch1 | Emotet_0ae74d12 | Mixed |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 0ae74d12e881daf1de8c05d48a6f5867 | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: 8ed73c6ac29afcebb066c7362806fd3157803af3338e39af7831e13dd1bf78ccSHA1: 96fc89eb2757dce3b4aa1edcf00b2a7ef50bb4f1MD5: 0ae74d12e881daf1de8c05d48a6f5867 |
M21-xkgz1 | Trickbot_439a3893 | Mixed |
This strike sends a malware sample known as Trickbot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 439a38934558b6a2a2d66d9891dc6584 | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: c2d3c394f6f56ad24c61383de4171d8ae8157b5284fa5f22bdf69a20091454bdSHA1: 0bf1ecc6f528d5341ec2c53806f76ba0ba29f1c5MD5: 439a38934558b6a2a2d66d9891dc6584 |
M21-3f311 | Emotet_23fe2956 | Mixed |
This strike sends a malware sample known as Emotet. Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails. | 23fe29563e7cae4a432566c693bbc9ca | https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.htmlSHA256: 20bec3f93a046eabd36a038fd46ffce5fbdd0b91d2d1027dc357f36cd01a570fSHA1: 5d7db79bdb46f6b2a2377b9b0827f5db66eed37dMD5: 23fe29563e7cae4a432566c693bbc9ca |
M21-hk3q1 | Phoenix | Mixed |
This strike sends a malware sample known as Phoenix Cryptolocker. Phoenix Cyrptolocker is a ransomware that made headlines when it was detected in an attack against CNA Financial. The malware is able to infiltrate by appearing to be a legitimate utility and coming signed with a digital certificate. After infection and file encryption, the malware deletes all traces of itself leaving behind only the ransom note with instructions for the victim. | d86f451bbff804e59a549f9fb33d6e3f | https://www.bleepingcomputer.com/news/security/insurance-giant-cna-hit-by-new-phoenix-cryptolocker-ransomware/https://blogs.blackberry.com/en/2021/04/threat-thursday-blackberry-protect-vs-phoenix-cryptolockerSHA256: 008ec79765325200361d9c93ac35edd430f8b17894ff843268caa5acd6224549SHA1: 3cb0cb07cc2542f1d98060adccda726ea865db98MD5: d86f451bbff804e59a549f9fb33d6e3f |
M21-apkd1 | Bifrost_4f1975b3 | Mixed |
This strike sends a polymorphic malware sample known as Bifrost. Bifrost is a backdoor that allows a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. It contains standard Remote Access Trojan capabilities including taking screenshots, camera monitoring, and keylogging.The binary has random bytes appended at the end of the file. | 4f1975b3411e631aa3340b0b278c6aff | https://attack.mitre.org/techniques/T1009/SHA256: 78168756c961afe3b0d87e008a7d1cb840e4d84bff5b6187ac58f52fdbf8bbceSHA1: f68210d5397dd89519b844480b08a38fad2718b1PARENTID: M21-q2r61SSDEEP: 24576:dM9FUzQIyFfybd0nnbpfDYpY9OLSCR2Isb3ojRdhann6LjmHl25D+0ZpEo0Yv8ai:qFmQIQ6x0nt7YbeO2Is3odK4OM5D+aJQMD5: 4f1975b3411e631aa3340b0b278c6aff |
M21-ea5c1 | Dofoil_2ec070d0 | Mixed |
This strike sends a malware sample known as Dofoil. Dofoil also known as SmokeLoader is typicall used to download and execute various other malware. It has been associated with dropping and executing coin miners that mine cryptocurrency. | 2ec070d0df92af50a6f873e02c0afcde | https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.htmlSHA256: 1498e1536f2beb0d4e2ff9e1ace10e5c37fde536b3ed8d3ac2f6614ef37c9216SHA1: 9a04d7e364dd6b4ef5694e2a83e3d9c4e70f7424MD5: 2ec070d0df92af50a6f873e02c0afcde |