M21-uuqg1 | REvil_5d8bf296 | Windows |
This strike sends a polymorphic malware sample known as REvil. REvil malware also known as Sodinokibi is a ransomware that has recently been seen targeting law firms of A-list celebrities. The attackers not only pose the threat of losing all encrypted data but of also leaking stolen client data to the public.The binary has random strings (lorem ipsum) appended at the end of the file. | 5d8bf296740b5399e0d6a70a5585a557 | https://threatpost.com/revil-ransomware-ground-down-jbs-sources/166597/https://twitter.com/VK_Intel/status/1402027278842961925SHA256: 854930a525ef287ffb338107c50b78c57ff76fdfb0d44787c628b7065333f72fhttps://attack.mitre.org/techniques/T1009/PARENTID: M21-kpqd1SSDEEP: 1536:hxOUyl20w8bVZQ40iMSO1fY+iUyQs2r8t5p1ySotICS4A6Ud0RkARjTJi33tUmgC:hMhQNDEtb3Ai0RpRpi33tUzW2qSHA1: fca32aee8293a7fc3be9767636e8698c332bb4a0MD5: 5d8bf296740b5399e0d6a70a5585a557 |
M21-gtmj1 | REvil_2c7ae560 | Windows |
This strike sends a polymorphic malware sample known as REvil. REvil malware also known as Sodinokibi is a ransomware that has recently been seen targeting law firms of A-list celebrities. The attackers not only pose the threat of losing all encrypted data but of also leaking stolen client data to the public.The binary has random contents appended in one of the existing sections in the PE file format. | 2c7ae560e8df6f5c6d698edc2c860e83 | https://threatpost.com/revil-ransomware-ground-down-jbs-sources/166597/https://twitter.com/VK_Intel/status/1402027278842961925SHA256: da2b6740da5e66b2b9d598bdb865e57a93d1b89ef6b4ecaad938923baa6ab088https://arxiv.org/abs/1801.08917PARENTID: M21-kpqd1SSDEEP: 1536:hxOUyl20w8bVZQ40iMSO1fY+iUyQs2r8t5p1ySotICS4ADUd0RkARjTJi33tUmgf:hMhQNDEtb3li0RpRpi33tUzW2SHA1: 1d4447407d0a9735565a19452a12306fa37618f7MD5: 2c7ae560e8df6f5c6d698edc2c860e83 |
M21-9bv01 | Adrozek_85172625 | Windows |
This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage. | 8517262559ecf71f29621ba6a2fa79e9 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: e54fb4b85b5ede5ccbbdb4d245899dc98f5a83acb17a36e066a5d6a009f3aa52SHA1: 9ad4e8c7d87c7f0b28ff609fc1dd8d3d5a041a2eMD5: 8517262559ecf71f29621ba6a2fa79e9 |
M21-mw271 | Scar_e6511a4a | Windows |
This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media. | e6511a4aee70c7d7a9c5619167d925ee | https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.htmlSHA256: 380de4261374d646161ed28b7363af5431110f2974f04b22f95795daf583363aSHA1: bd3d95d720f2de2922aa67a367f7f4012618d959MD5: e6511a4aee70c7d7a9c5619167d925ee |
M21-i1ce1 | DarkComet_f09ebc3e | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | f09ebc3e8c61f3cc45059c41857f36fb | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 8af940f8d26765f1f3b6bd2e2c21c29c127a5139afc100dbc4e565a04f217aa4SHA1: 08a62beb9b0f4dc375493dbc319b52e61294b2ceMD5: f09ebc3e8c61f3cc45059c41857f36fb |
M21-rb831 | DarkComet_5288ee62 | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | 5288ee620e47eff39ba4db70e62e249b | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 5ba083bc4ba7e5035e723c186b3361fa972072d77de7f640cee396ceb2a2ffccSHA1: a798e0b67678f06d4dfc436432ab871930613ff1MD5: 5288ee620e47eff39ba4db70e62e249b |
M21-nf5k1 | Expiro_d40dd121 | Windows |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | d40dd121d3362943bf820a1749dfb7d3 | https://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.htmlSHA256: d1fd5987461ed40a0feed9983da5524d0aa929d1e3151a174e0c60a844e88ab8SHA1: a9cc769683c974da2e7fd14bd71b52b40ab280a8MD5: d40dd121d3362943bf820a1749dfb7d3 |
M21-e0m41 | Expiro_35e46887 | Windows |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | 35e46887a497633076821bc083f29dff | https://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.htmlSHA256: 25231cc105f6a68131889260eb4149bcc4a1aec161e7485438de9b8176d2516fSHA1: 92dea6a01a8ca30a1c5e2d652c6b1780137e2dbfMD5: 35e46887a497633076821bc083f29dff |
M21-d3zg1 | DarkComet_520f4745 | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | 520f4745b30071068ed610873843c165 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 2ff8aea2453cac540b24ec205968f370e3ca69ef8d3309e8633f32c8a6ada9a4SHA1: 41f8068d658f0bba26ffed4e1f90e0ead657fb2dMD5: 520f4745b30071068ed610873843c165 |
M21-p7ii1 | DarkComet_c2f62b1b | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | c2f62b1bcfae0de0c672cbe79e56064c | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 93e5685f6b1d5b5263c1266479e44a4d6f6f7f82b9a842b5e206735c082b9f81SHA1: 28b0072e485fdcd58f2241ad4be2c587d9ba7cb8MD5: c2f62b1bcfae0de0c672cbe79e56064c |
M21-1z1x1 | Expiro_ff06b123 | Windows |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | ff06b1238c898d4450611bbeb1947ff3 | https://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.htmlSHA256: 90ab34cb1c7a39cae0187d3b586f294174893502e4682d4555dc96bca4a8bf8cSHA1: e2b152028a5e5d331619185209d233de6325dce3MD5: ff06b1238c898d4450611bbeb1947ff3 |
M21-45ke1 | Scar_8c15f415 | Windows |
This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media. | 8c15f415f158443db22461bb7b4dc62e | https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.htmlSHA256: ebbb412e53011de88fd5f69283ae1370eb1b89e86833e34bd1a4b60409ea098eSHA1: 0f843f6676ac8c9b5797d7afacea12077bb7006bMD5: 8c15f415f158443db22461bb7b4dc62e |
M21-iw3g1 | REvil_2075566e | Windows |
This strike sends a malware sample known as REvil. REvil malware also known as Sodinokibi is a ransomware that has recently been seen targeting law firms of A-list celebrities. The attackers not only pose the threat of losing all encrypted data but of also leaking stolen client data to the public. | 2075566e7855679d66705741dabe82b4 | https://threatpost.com/revil-ransomware-ground-down-jbs-sources/166597/https://twitter.com/VK_Intel/status/1402027278842961925SHA256: 12d8bfa1aeb557c146b98f069f3456cc8392863a2f4ad938722cd7ca1a773b39SHA1: 136443e2746558b403ae6fc9d9b40bfa92b23420MD5: 2075566e7855679d66705741dabe82b4 |
M21-1wv41 | DarkComet_46c9ea27 | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | 46c9ea27274f4a7685f801c47c08e5df | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 3a69896675c61b49ae9bc53429bfd9e2385b167d61267d521af60c5fbb9fe022SHA1: 293ae29b9f3d8c3e61d4cbc4206e294243ea7280MD5: 46c9ea27274f4a7685f801c47c08e5df |
M21-7px01 | DarkComet_9798305f | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | 9798305f8ecb993465ae08c4fefc4688 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 3d197e47b245198870c23786b63cd2cd1781fdaf18c78766a2b25f18b73d4723SHA1: b12911efdab36a9702ba0392fdf1c360ea62e8acMD5: 9798305f8ecb993465ae08c4fefc4688 |
M21-9vj21 | Scar_1ecbcd7c | Windows |
This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media. | 1ecbcd7cb132b302d1987d6354639341 | https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.htmlSHA256: 97eb8efcba3f1ea4de5ae8b92ffca9fcef30149d34ab46bee3273b2b0c27d1c3SHA1: 446972b63f274df169368a29bf695b7bafd5646dMD5: 1ecbcd7cb132b302d1987d6354639341 |
M21-iq911 | Adrozek_4c0b0223 | Windows |
This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage. | 4c0b0223e8703e5347038ca240c8f703 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 7d7c8697ad7cf150272bcc9122313beb6ac6bd8ab332d273a0c362d45a44942eSHA1: d020ec3966d7d61cd4991c300c275620a6294fa9MD5: 4c0b0223e8703e5347038ca240c8f703 |
M21-hmoy1 | Adrozek_37c8cd08 | Windows |
This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage. | 37c8cd0861e71380adf860424819b9f2 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 7593f048565f8f670235752d0eadd89283642914b0880b17a7d62e7d2828cdd4SHA1: 5a5d370e5190de898d6e63d068a81012f7a3f94eMD5: 37c8cd0861e71380adf860424819b9f2 |
M21-f3ww1 | Scar_6b1d7e40 | Windows |
This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media. | 6b1d7e4042b9a77daa058ae57dd4702a | https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.htmlSHA256: 0de3e11f175808c17e473bc12213413853c718d6dcb11a2ca5710f143eed5ec8SHA1: e02afc5fdd67fa4fa7009ada30530dbeba4e1552MD5: 6b1d7e4042b9a77daa058ae57dd4702a |
M21-t5261 | Adrozek_022fd996 | Windows |
This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage. | 022fd9966a974597ef3ea8a2053eebab | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 3875fc6e3943320f325744e333fbece600ae698bd487a35e3213ffb39a4a1d0dSHA1: e0aeecb87260b270de67b99a95172ff96dde3c0eMD5: 022fd9966a974597ef3ea8a2053eebab |
M21-cqez1 | Scar_67bbf0d5 | Windows |
This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media. | 67bbf0d5bb33948dcfde61bf415fdb8c | https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.htmlSHA256: a9bc5265b517e74e9f40ee3032a0e0d8bcaf9dfa2c47b3988bf7245d73a6ab34SHA1: 99c90f1861d28285f7f49904208704805ae01a07MD5: 67bbf0d5bb33948dcfde61bf415fdb8c |
M21-kpqd1 | REvil_95eb5380 | Windows |
This strike sends a malware sample known as REvil. REvil malware also known as Sodinokibi is a ransomware that has recently been seen targeting law firms of A-list celebrities. The attackers not only pose the threat of losing all encrypted data but of also leaking stolen client data to the public. | 95eb5380f665c8f21795b5ef2716f86d | https://threatpost.com/revil-ransomware-ground-down-jbs-sources/166597/https://twitter.com/VK_Intel/status/1402027278842961925SHA256: 04419b76566142902680b2c44b216905b44a5743502530066e408bac72d20864SHA1: ff2c2fcd062d1a878712823e0e9a5d38488710f9MD5: 95eb5380f665c8f21795b5ef2716f86d |
M21-xc8z1 | DarkComet_6b41728e | Windows |
This strike sends a polymorphic malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.The binary has been packed using upx packer, with the default options. | 6b41728e3ab0def43977ee60eaea6efa | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: f9903d5f808f5470f2e92b4e29ed4d2fdce376cbb93b5b456e80aee716e65821https://attack.mitre.org/techniques/T1045/PARENTID: M21-mpzo1SSDEEP: 1536:1d+udEMIRgWQRQcLFjYlagx0Fft6TTvcAbvPOJQazxNCoZnoX4xFIhvmn23Somit:TdCGWCH1esfSNvPuQaOotnghFMka5mJSHA1: 85b66f83aea143560d303c734fc45fc22dbdc91bMD5: 6b41728e3ab0def43977ee60eaea6efa |
M21-rau21 | DarkComet_751f9f9d | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | 751f9f9de9d38623fe0c1fd867e7782f | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: a75b9a10e13f21c0bc7d4f6fa3b4c4e4725e7930a777544d66a135cf488556c8SHA1: 0f818fa373e7af98ea59dfada012a8e060a8e2b6MD5: 751f9f9de9d38623fe0c1fd867e7782f |
M21-7x7g1 | Expiro_a5106972 | Windows |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | a51069723865a6aba2a58439c373801d | https://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.htmlSHA256: 300e0593ce2eaba403829afcd4913c955db9dd1c526c745c3f2476258bdffee6SHA1: 58b4749fb831a110c392b01d37d8032119df9b6bMD5: a51069723865a6aba2a58439c373801d |
M21-fvrm1 | DarkComet_f8fa861a | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | f8fa861a87d39fb63a9b0dff18a24d90 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 50164ae1061dcedf87dda17c8d2bae38cc190d313bcf15d269fcf9ef1c18ffecSHA1: 3575f0a42ea118bec7d423de70e617ab6a4ac02bMD5: f8fa861a87d39fb63a9b0dff18a24d90 |
M21-28za1 | Expiro_f92e78f0 | Windows |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | f92e78f03a38b86402273707777ad553 | https://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.htmlSHA256: 2193a6e1b9cddd381f5f6f9b416d9e91c2a0d63ea2c4b1aa8b74e6da57d96f56SHA1: acc49407d54444271e4434cec1e29966ea5ba82bMD5: f92e78f03a38b86402273707777ad553 |
M21-ieta1 | Scar_220ef7f4 | Windows |
This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media. | 220ef7f41f700600d04c3a8b64964900 | https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.htmlSHA256: 509aeffe10ee5ef168782bd240adc2f4e19fc0067a8a2e7a7667a82ed11ca90cSHA1: b167926b4cb9c2d532ed0e1151736e1c319294efMD5: 220ef7f41f700600d04c3a8b64964900 |
M21-40vj1 | Scar_c96441e8 | Windows |
This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media. | c96441e8d833155cc125c819d4ef680f | https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.htmlSHA256: dc8e581065ecdd414e76d069f0d355e565f4cb6d0f4991ba51176042a9c445a1SHA1: c91ff321e08a7e8e5217685bea687285710b703eMD5: c96441e8d833155cc125c819d4ef680f |
M21-xhhd1 | DarkComet_280678a2 | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | 280678a2509c1a6f5f95251ae64f8ea9 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: e9a6c94a8107475fe5069a28b9bbd076056ef4a77b6a295d376a79cec364c119SHA1: 50c852c5afa01f5ea1426812843476e40b6cf465MD5: 280678a2509c1a6f5f95251ae64f8ea9 |
M21-wske1 | Adrozek_195cbbfd | Windows |
This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage. | 195cbbfd4bb76b0fe346ad80df06f627 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 08fd3bb559801fab985948ff60e1c401748f15f984cc97eba1b5df40d3ea7f3dSHA1: dce0068cdb7c270d2c05a76aaa3933ed55979d82MD5: 195cbbfd4bb76b0fe346ad80df06f627 |
M21-gmy71 | Scar_9adb6b64 | Windows |
This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media. | 9adb6b64a3edebaea039c4f45bee5bef | https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.htmlSHA256: 20b5e0c00a50f514047ae19df5058ce3d8802a635e710f0d7cc7394faa2109acSHA1: 11567d07303a4e3900a7a593de88ea24b5ee8e07MD5: 9adb6b64a3edebaea039c4f45bee5bef |
M21-xgmd1 | DarkComet_853a59fd | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | 853a59fdea0237da61f6bd8119eaedfe | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: f1c0261b4ced400fe85a54b10310e8202fe685863ac1e56d007eca8f067f7719SHA1: ca815fe6673017718cabff1f5b038fbcb6672a5aMD5: 853a59fdea0237da61f6bd8119eaedfe |
M21-llmu1 | DarkComet_6d8497e4 | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | 6d8497e484b8c215c417bea6db3b5550 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 6bb97d306df67a11a36fc5b749717199f4d8ad828962e558e36add96aeee7d6bSHA1: bd4fb0c1cb4173c1893e5dc9dadc634664f73926MD5: 6d8497e484b8c215c417bea6db3b5550 |
M21-kenm1 | Scar_d1133bb1 | Windows |
This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media. | d1133bb179cf07980c1b118ae16c6b2f | https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.htmlSHA256: 94fba396beffc62745de248d711f6d26bb6c8a7bbe0274a0035034997e561b32SHA1: a635d1702c95f1ad8fb0cba858b272afe0b50226MD5: d1133bb179cf07980c1b118ae16c6b2f |
M21-2q071 | DarkComet_d6b4318e | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | d6b4318e91f5422c2a55a9b40228a365 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 2c17c9a5bd677dc0ed8c34cd1d67945e20d4815df50f62272817f50846bf43e0SHA1: cb67c7af77cfbba28b2a92ba103eae7926e6e087MD5: d6b4318e91f5422c2a55a9b40228a365 |
M21-nnhv1 | Expiro_40c756f6 | Windows |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | 40c756f6a8b4c1944540fa90b0658bcf | https://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.htmlSHA256: 6c53baa9240daa1c0dba2db1fca9d0120e98be5a266b4dd24474be1e0f858ccfSHA1: 56a66a3e709fcf1889dfba714a08e88caac7f55bMD5: 40c756f6a8b4c1944540fa90b0658bcf |
M21-ij7j1 | Adrozek_88bcf085 | Windows |
This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage. | 88bcf0852d8b458e5629596ef0c7871b | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: f81893efe49e8f32bc1c894530357ed6cb745ff4f4f3b4e8b68b6fae424befd3SHA1: 05b0d80cbe3cb099e174a31118480acf099bc19fMD5: 88bcf0852d8b458e5629596ef0c7871b |
M21-adoi1 | DarkComet_6f2fdbda | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | 6f2fdbdadd5bc65bcda1a5450aafc7a3 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 6369abc9e939af548125e49aa17ac509a85af4f8add224a272d6a9c2d9a6956aSHA1: 8ddd1672dd8209b3021370574153bd0ae104514fMD5: 6f2fdbdadd5bc65bcda1a5450aafc7a3 |
M21-3ksj1 | DarkComet_e0ba1170 | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | e0ba1170722739bd05a56e350eb08310 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 6ae94873b9d2e21ea9d7ccb6e935d360630d7e6ee0e3439193b9d50f4c2b4111SHA1: c1571acfc949a1ca35eb8a10d347f3930682b91cMD5: e0ba1170722739bd05a56e350eb08310 |
M21-mpzo1 | DarkComet_afa7e1cf | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | afa7e1cf7d0c1dcf3e55e57590286549 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: ac935ffa7c7f9b43b2edc3e79f88e0271bc6abe8e2a03c5efbf1d86a23070938SHA1: 826385ae6f04762752e7f73af832aa5e1a9abc88MD5: afa7e1cf7d0c1dcf3e55e57590286549 |
M21-a9e01 | Adrozek_f16f2431 | Windows |
This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage. | f16f24310f498026a447286847b83c54 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 6aff8643efe69aecf3d4622625798b096d51b5fd059bc1951eeb7fcf6000bea4SHA1: 27295c8990afd196333bcdd0cb008c1945c14a00MD5: f16f24310f498026a447286847b83c54 |
M21-pcdt1 | Expiro_1f0e8f82 | Windows |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | 1f0e8f826901b1a0ee03d9f73f48609c | https://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.htmlSHA256: 4acd6c270a50e1abeb0ff1f978699101dfde225210538c4cf4ab3a7d44207307SHA1: 0c5ae7e27e8323189cff0077fdf1916d82eca4c1MD5: 1f0e8f826901b1a0ee03d9f73f48609c |
M21-ifz51 | DarkComet_76771df5 | Windows |
This strike sends a polymorphic malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.The binary has the timestamp field updated in the PE file header. | 76771df5c70cdcfb31d6ac6d2eb0fe9c | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 3149b8144e64797941cdf7a86da72867d981757a83bd20c3af461a2193cc20c5https://attack.mitre.org/techniques/T1099/PARENTID: M21-mpzo1SSDEEP: 3072:LnglhmBQH6ED/Hu7c1iqXwTV/pFYLxFxBotnghFMka5mJ:LKhmPIPYciqXwTV/wLotghyEJSHA1: a5834b531ada4f85f557e1b9e3b6babc1e6cf33eMD5: 76771df5c70cdcfb31d6ac6d2eb0fe9c |
M21-3lmb1 | Adrozek_3ff3ab8e | Windows |
This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage. | 3ff3ab8ea667738e005cb419c51d1960 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 8314fcd8b479a297bfa032f346c9b756e9d7ad09e60f2dbc28c63c01568c34d8SHA1: 840284abefbc5765190228b0f02c52e6d1693b95MD5: 3ff3ab8ea667738e005cb419c51d1960 |
M21-vnce1 | Adrozek_12168815 | Windows |
This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage. | 12168815ad176df39aac31d8680e8e63 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 70f8c5bda086c2c7c57323a73cdd79733f96e6469425a64a3831220deb39e410SHA1: f5603445b6f932e633974bc711fd70a766cb062aMD5: 12168815ad176df39aac31d8680e8e63 |
M21-91bu1 | Adrozek_2ad72cab | Windows |
This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage. | 2ad72cab2e2307bc31d2796f9b860f9f | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: c03bf4b9260aea99dffc7018f146e526d06c4223c0960569053f332c2eb0f85bSHA1: 7b209cc1a203603264b17120ba52fd255d7d3e8dMD5: 2ad72cab2e2307bc31d2796f9b860f9f |
M21-wqxe1 | DarkComet_506f3057 | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | 506f3057b3a4ea70644ec59d6d591b81 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 6aca30d0d7f15f6f6b6c1a9f69f1acab06edacbb4955c4ef5f18f41ec7b17984SHA1: f36a27abf923f26007010904dfc300f553505d8bMD5: 506f3057b3a4ea70644ec59d6d591b81 |
M21-h63a1 | Clop_06198fed | Windows |
This strike sends a malware sample known as Clop. Clop ransomware was originally detected as a variant of the CryptoMix ransomware family. It currently targets entire networks instead of individual machines and even attempts to disable Windows Defender and other security tools. Before it begins encryption of the system, it disables target processes, which can include debuggers, text editors, IDEs, as well as a host of Windows processes like Windows 10 and Microsoft applications. | 06198fed029adbc90796ca6d83a67789 | https://twitter.com/malwrhunterteam/status/1098578106112245760https://twitter.com/VK_Intel/status/1405283994074189827SHA256: 79b8c37a5e2a32e8f7e000822cec6f2f4e317620a2296f1aa3f35b2374c396ecSHA1: d13ae07d65eb0457ba61d622a1bc1ac5f79df670MD5: 06198fed029adbc90796ca6d83a67789 |
M21-aars1 | DarkComet_cb2776d1 | Windows |
This strike sends a polymorphic malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.The binary has a random section name renamed according to the PE format specification. | cb2776d128575116707d78e3bd858fb2 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 920487e053112950b715f85f3343378e94a6cc49b66f4c077d5006c907a4de45https://arxiv.org/abs/1801.08917PARENTID: M21-mpzo1SSDEEP: 3072:snglhmBQH6ED/Hu7c1iqXwTV/pFYLxFxBotnghFMka5mJ:sKhmPIPYciqXwTV/wLotghyEJSHA1: daf924ebebbda2c807fa9e6b3b17af18b9d38dc4MD5: cb2776d128575116707d78e3bd858fb2 |
M21-l0c51 | Adrozek_6ab15660 | Windows |
This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage. | 6ab15660f883d6c313a84f3092c2af7c | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: d84613966bf88a906e11fbeaaa7fd3aa1b89fec4d1bb5fb56de42e5becf198e7SHA1: 5bb78efa67c1b3eb2d96fceb5ddeb49d51a4fa13MD5: 6ab15660f883d6c313a84f3092c2af7c |
M21-hiw01 | Adrozek_512870c5 | Windows |
This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage. | 512870c58ca92bf9cf31969e6ff95233 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: d741991f7f94b13b60a425b7e08f9c23f0e7090b50043739faba65986765cd77SHA1: b695230b692ce3e0caad8c1ed36b459a9652320bMD5: 512870c58ca92bf9cf31969e6ff95233 |
M21-n33o1 | Adrozek_55499c0c | Windows |
This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage. | 55499c0c9d2df98f821ed55071f5bc1c | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 335a85988d6bacc3a40953cf08bd6c4b566d9709047a88afe2a39853e4e1c100SHA1: 746b5e1a56b022f9bc6b5d4d58595219f0d8dcfcMD5: 55499c0c9d2df98f821ed55071f5bc1c |
M21-6gmg1 | DarkComet_c8e7b11f | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | c8e7b11fa51f2ae03e9cb863b55df78d | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: e4faef951b3f224091290539faa2794ea7d4e0ba28f7d4b544778367c850681fSHA1: c8f28f567bd53c72c959b2eba8f14f79566a504eMD5: c8e7b11fa51f2ae03e9cb863b55df78d |
M21-oacr1 | Adrozek_85120da5 | Windows |
This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage. | 85120da5492577b6e462bcaf567302c5 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: a7eb6746122f4956c799dc5a6867482d20d6283c236cdf365a3b798960e2b6a4SHA1: c3f8f2f702870feb520a9ca9c705588363f786c7MD5: 85120da5492577b6e462bcaf567302c5 |
M21-23zl1 | Expiro_506c9e8d | Windows |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | 506c9e8dba60419f3956cd6f2860b60a | https://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.htmlSHA256: f670b25c1e3b394beb0f6fcf9fb47481451fd9eafd7af02fb70ff1e9bd0c8a2cSHA1: e79727fa7b17f8c9ff7a232ba2758788f1654449MD5: 506c9e8dba60419f3956cd6f2860b60a |
M21-t87s1 | Scar_f90256f5 | Windows |
This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media. | f90256f556b2743291103bbaa4f66302 | https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.htmlSHA256: f3e82a5b81e904b06ad0a2eb487520d1cbdc322708795d3e6a640c6601c7b315SHA1: 0f28365c3cf0f04fde1ffd116ba4482ab14eb6b4MD5: f90256f556b2743291103bbaa4f66302 |
M21-wq4d1 | DarkComet_6246b3fa | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | 6246b3fab642506182bd3cfe2b08f071 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 61604334c548f33082a6554f21855ccd872d5d20a2c02b36959b805777eae92cSHA1: ac23775208c296d2d2aa4ec71c0c2419678269cdMD5: 6246b3fab642506182bd3cfe2b08f071 |
M21-xie91 | Adrozek_68fc74f9 | Windows |
This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage. | 68fc74f99d0665401261f7cb9d5967db | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 38f59793db1d3bec60edc5ed713806c5da7849bf5d3f650ccae4a2401cf1a9d3SHA1: 0f43eff1aac52807912733c002fd97e2e1d18aa5MD5: 68fc74f99d0665401261f7cb9d5967db |
M21-pj7f1 | Adrozek_ce83b6ce | Windows |
This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage. | ce83b6ce2230e9069de9e65310793aa6 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 9a08ad7762d034f89cd79ffe2572d2fab89afa2469e3e4f79cdba306692bfab7SHA1: a649e6d1bb04aed4dd0eb4b65b39e34cec2971daMD5: ce83b6ce2230e9069de9e65310793aa6 |
M21-xbyy1 | DarkComet_0a420405 | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | 0a4204058a34296805b9823fac136750 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 2438d98520bff9aa704d0c66af92f06bb1fa2301a23e3fe3a451ab11731d6cfaSHA1: abcb2ff64d5c0ebff9fa982e151388716258ffd6MD5: 0a4204058a34296805b9823fac136750 |
M21-6s201 | Scar_1951faf5 | Windows |
This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media. | 1951faf55309f61702bcda986e5229bf | https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.htmlSHA256: dfbe911d1380be0f7a078287ec87b0dad5dbefadd312bfb61905745396b168c2SHA1: 1fd7c5b88792be90e9edbebf9b38edb113ac3d6aMD5: 1951faf55309f61702bcda986e5229bf |
M21-0wi61 | Adrozek_76dc151b | Windows |
This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage. | 76dc151b8ef17e2b51180919e40e3d7f | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 34e9a6dc3305522fe0f7c2fc5b32470cb9b7030399540cfbd77c446c5e4deef5SHA1: a26085342848ec2ebb818d4a8d5e5953268ba62aMD5: 76dc151b8ef17e2b51180919e40e3d7f |
M21-gj2h1 | REvil_31c17b36 | Windows |
This strike sends a polymorphic malware sample known as REvil. REvil malware also known as Sodinokibi is a ransomware that has recently been seen targeting law firms of A-list celebrities. The attackers not only pose the threat of losing all encrypted data but of also leaking stolen client data to the public.The binary has been packed using upx packer, with the default options. | 31c17b36a1392448458c41447c040639 | https://threatpost.com/revil-ransomware-ground-down-jbs-sources/166597/https://twitter.com/VK_Intel/status/1402027278842961925SHA256: 286b5e3c2ac813c2505b01603afa50d961efecb0683dff4974e9319516a8d7d6https://attack.mitre.org/techniques/T1045/PARENTID: M21-kpqd1SSDEEP: 1536:ewLa3puaUokvnp7Pu1bMJIKoW3GoeL2h41r5POE+5:pLMh8vp7BJ7oWWow2urYSHA1: 6e4ea1933826688cc089f79e78b35c202893f449MD5: 31c17b36a1392448458c41447c040639 |
M21-6c851 | Expiro_c7a25967 | Windows |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | c7a259674474b0eab3a37fab1b08f826 | https://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.htmlSHA256: bd43d101142ab04f22e04aac987430b53cc62c5a78e8e66b02c83c8b11f97b4fSHA1: 6b54b338e0fc03393a5c0bbce5921c378bf59f57MD5: c7a259674474b0eab3a37fab1b08f826 |
M21-fpcp1 | DarkComet_a6eafe7f | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | a6eafe7f3fa6053ef50baa7c167ace49 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 87f26093f674d95d8b56f5dc97fcda5dbc29c9c8d2e8f9283e53d2329a41af6cSHA1: 1022b563792265c42ed4b41b98ca70696f68b09eMD5: a6eafe7f3fa6053ef50baa7c167ace49 |
M21-zd1o1 | REvil_6e4e9299 | Windows |
This strike sends a polymorphic malware sample known as REvil. REvil malware also known as Sodinokibi is a ransomware that has recently been seen targeting law firms of A-list celebrities. The attackers not only pose the threat of losing all encrypted data but of also leaking stolen client data to the public.The binary has random bytes appended at the end of the file. | 6e4e92997bbb44ee50a69ff1e6f61ba7 | https://threatpost.com/revil-ransomware-ground-down-jbs-sources/166597/https://twitter.com/VK_Intel/status/1402027278842961925SHA256: 748fdba889851594f0da3695ac60ec78e89323b10b8a1c840c2a549fd44bcd45https://attack.mitre.org/techniques/T1009/PARENTID: M21-kpqd1SSDEEP: 1536:hxOUyl20w8bVZQ40iMSO1fY+iUyQs2r8t5p1ySotICS4A6Ud0RkARjTJi33tUmgf:hMhQNDEtb3Ai0RpRpi33tUzW2nSHA1: 94c2d2b550599c31d02c9e9ada4d9699101204d4MD5: 6e4e92997bbb44ee50a69ff1e6f61ba7 |
M21-tbo11 | DarkComet_7a1a393e | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | 7a1a393eb5215996cabd8346bcb7eb10 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 122e3fbcc83775250b7f82d371aea1a2ac5ab90bfa78d2fac7b0e86c51fdc00aSHA1: 398d43cff7ffb7054d0ff7b71d9fd27e4e5e809bMD5: 7a1a393eb5215996cabd8346bcb7eb10 |
M21-uvsh1 | DarkComet_be43f6c3 | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | be43f6c3f4445ab4aa4d75cb1f2b1e9d | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 4b9b56ba115ddca985c105f715a69e33de0aca8269f142f56efeb74c9676da2aSHA1: f0015d0f208a0b74543263e673fae44c548f9ee7MD5: be43f6c3f4445ab4aa4d75cb1f2b1e9d |
M21-1qya1 | Adrozek_807592e6 | Windows |
This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage. | 807592e6eb531ffeb53a27c0f62b71b7 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 91b8754b8cce45e799a6a0065aa40510b415685a4c2ef5cab481732e445c9c93SHA1: 25f48be9e301ba52dff63ff41614924edffb5106MD5: 807592e6eb531ffeb53a27c0f62b71b7 |
M21-znsk1 | Scar_ff9bd65f | Windows |
This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media. | ff9bd65f29492a559e2f630afbe9accd | https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.htmlSHA256: a7fb6b83e5212b86d3c6c898f0426fb568b3c170558108dd0eff8e0d7bb33e31SHA1: 9c55d6f02bf943d049a36938be26a30d4fd5428bMD5: ff9bd65f29492a559e2f630afbe9accd |
M21-dhzt1 | DarkComet_3e0bc2a9 | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | 3e0bc2a9652485354c3eeae5cd098261 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 5376c102bf941a26d25ee42a66546b2600da62a6f2f5caa2742ea44894db2667SHA1: ac362acc59ee9c951a0d87b5d0e4a7fba7aa7817MD5: 3e0bc2a9652485354c3eeae5cd098261 |
M21-q3lk1 | Expiro_8bb30113 | Windows |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | 8bb301137c9cf0781df8dcd295d904dc | https://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.htmlSHA256: fe21a1fa1a0e2eaddb2c0bf1eb324c9ba188387ceb75b81a6074258c7a789aeeSHA1: 3e44bba2997ef9dcbfd8fad53b59f28d382136aeMD5: 8bb301137c9cf0781df8dcd295d904dc |
M21-j5sc1 | DarkComet_ef078a83 | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | ef078a8364715c9e2c9ec6441db3aa0b | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 579d36a4d7bd44e868f5dec198050a727d093897e0395d456fe927c90a665fdfSHA1: 827ec2f088857f94346d267f6b487f5d3876b60dMD5: ef078a8364715c9e2c9ec6441db3aa0b |
M21-wzz51 | Expiro_fd75e90e | Windows |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | fd75e90e1c0fd610860085c1c642bf9c | https://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.htmlSHA256: 8ab104c5aedbee37d22ddcc53fbc0b4344086f85c1321801102ab2772937b23fSHA1: 3407e5c2237584e8f8dc84bcd420e864bf6b689bMD5: fd75e90e1c0fd610860085c1c642bf9c |
M21-pjym1 | Scar_50ef4e47 | Windows |
This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media. | 50ef4e475ee9ccf98e596a606d9d32e4 | https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.htmlSHA256: 26a351eedcc2597880558caae3c502808d854f0d9c8fc263168b941927988fd1SHA1: f53f333895bbe945658bf1776737cd66dc2471e8MD5: 50ef4e475ee9ccf98e596a606d9d32e4 |
M21-pn2p1 | Scar_20a3ed89 | Windows |
This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media. | 20a3ed89cdf16707930a21217f912b97 | https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.htmlSHA256: 9f2951d56edd918490349c68e9728a5cd6861c8816276141da807d0b4411ae28SHA1: 1f2b86b577532275e703e430722098d67bf35889MD5: 20a3ed89cdf16707930a21217f912b97 |
M21-9rnt1 | Adrozek_cc3ab50b | Windows |
This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage. | cc3ab50be1cfacb7860ee1f3776e57e0 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 4e9dd245afef951c71a630ec50aabdbc78a124ea4998a0c387a83d25c13a1534SHA1: f83af47b3462bb5b9cf6df1c55da866878a1cb7cMD5: cc3ab50be1cfacb7860ee1f3776e57e0 |
M21-qjqt1 | Scar_8628f5f1 | Windows |
This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media. | 8628f5f1d6593915cf23b60c46377cc1 | https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.htmlSHA256: d7536a536700237fbe1ce5612390c565055a59187866b7dcfedca6e5128da2d7SHA1: e85c9f423d6bc35c5d0d5d17f8af635cdd992fb5MD5: 8628f5f1d6593915cf23b60c46377cc1 |
M21-dob51 | DarkComet_9ddc588c | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | 9ddc588c0382050b2a736c2a2ad6ccb0 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: b7f9e06d289e23cf2b1e6c3392c9cfab88444c4595b3a29bc109f578611b7c58SHA1: 7eaa079ff297e6bf66e0cc3216bfee85eeaea29cMD5: 9ddc588c0382050b2a736c2a2ad6ccb0 |
M21-55zt1 | Scar_d71c3fe6 | Windows |
This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media. | d71c3fe641a6e1379ec2648d524de8f0 | https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.htmlSHA256: b14554f8e230b0eaff1a0a6c6c3b4032041cb1410a16d4b71b87edbe7de1f427SHA1: c088b0bb038194937ba14bc209b7a8198b01bedaMD5: d71c3fe641a6e1379ec2648d524de8f0 |
M21-2elx1 | Expiro_7e379a9a | Windows |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | 7e379a9a3a6a2bc52ac50157b6239c95 | https://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.htmlSHA256: 036795412a7cbfc1f5f9bbb07f10da6c3bfd0633ba9df5c62b9b4daa59c714d4SHA1: cbd8d083ef64e5284d58c7456c3d5c153f08f6e9MD5: 7e379a9a3a6a2bc52ac50157b6239c95 |
M21-4teg1 | DarkComet_223524c6 | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | 223524c6bc8859c4f43b2965a5a52aa5 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 94b68fb51993400f1f80b3236973a839ec6aaee6611cc3412e19939dd8406c11SHA1: 8dfd58de0fb7f3e6086c86354a329b3995ac73e6MD5: 223524c6bc8859c4f43b2965a5a52aa5 |
M21-246o1 | Adrozek_fb187560 | Windows |
This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage. | fb1875607626cab63dfd07273c45fc7f | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 343ac51ead89330503b44ae586bab14aac56eb79a66b516008bed071c8249b44SHA1: 0e779fa9e07ba6171aa1f930523ae5687953d1a2MD5: fb1875607626cab63dfd07273c45fc7f |
M21-9mzk1 | Adrozek_55dd45f4 | Windows |
This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage. | 55dd45f49c6f87bc0e838313e29ed47f | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 36efdada787fd28c159aeed83f6b0705aef2500bdcd580e6cc99fae2c877bcdfSHA1: 6e693e53262067e9b658f0752997b250961f5b68MD5: 55dd45f49c6f87bc0e838313e29ed47f |
M21-4fa91 | DarkComet_65a19a73 | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | 65a19a730f50c5daea17f95adf114c90 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: db42b08f61b945fa39065f62c1cf89b9c1cad5a3ae8a81820b6b76ac42da3a6cSHA1: 08fe9e67bd6efcaf6ffb53acf9f306643a592d65MD5: 65a19a730f50c5daea17f95adf114c90 |
M21-91zr1 | DarkComet_23d09c0c | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | 23d09c0cd70265deb19ccc2d87c71145 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 19bea011f0b7cd8b007071076698db3f363af0117624ab2acecb445d0effc104SHA1: 4429597b9079e5e7f0342aa9a1dec005c8f453e5MD5: 23d09c0cd70265deb19ccc2d87c71145 |
M21-omoo1 | Scar_f8396a17 | Windows |
This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media. | f8396a17869a29e9f125e8459327d954 | https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.htmlSHA256: 57c40500eb80c9e4715261df8eb06d322943d93424a6c785db68d3208092577eSHA1: d52aa986a30239cec14b6f2170ce9908095f6e0eMD5: f8396a17869a29e9f125e8459327d954 |
M21-glme1 | Adrozek_dcb287af | Windows |
This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage. | dcb287aff31159ff8e4fc6d8b3343036 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: c0a51cea4eae1fe116c4ca31cb3894056cdb59b74297947b36e34dc6cf382ab0SHA1: 0f55a578dea58564f2f1a34dd8053d6407a154b2MD5: dcb287aff31159ff8e4fc6d8b3343036 |
M21-oiam1 | DarkComet_520560d0 | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | 520560d0a4f433a735ddc5c316fbcd24 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 7e89204ad455a0ec5d98b8cf85d64e4632ad4d924262f780d1b197705a088ef0SHA1: 4c815847a5932fe210ee509ea117f42094eebe38MD5: 520560d0a4f433a735ddc5c316fbcd24 |
M21-q8m91 | Expiro_ff731130 | Windows |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | ff7311302542ef3e9acd37302823b586 | https://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.htmlSHA256: 83b7d7e733d27f0a7199bb95dc03e9f5d0678ddb4eb431be451539d481da2f38SHA1: 7e51b99abef76ce7c92b9d4d6a63a56314744d65MD5: ff7311302542ef3e9acd37302823b586 |
M21-oh5z1 | Scar_ddd4f409 | Windows |
This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media. | ddd4f4098ac6f562a1933aaeb3f764e6 | https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.htmlSHA256: 7f9bf7e5dd287d63cd295f27c9ef83f5545ce28b7e2859d2a2573d4340915693SHA1: 81e1b8fd6af76d74546026dafe741e05829bb351MD5: ddd4f4098ac6f562a1933aaeb3f764e6 |
M21-cm351 | DarkComet_31cc19f2 | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | 31cc19f2cc08e7df9711899b6c27fd92 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: bd89f6e28818d522bf1a0c1b55606d406aea0b3ad5883c92ab422d061aa282e1SHA1: db34e26a048421b373fa11f762f655052d23b21fMD5: 31cc19f2cc08e7df9711899b6c27fd92 |
M21-06l61 | DarkComet_14c54f08 | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | 14c54f08e7b9421fc79e475494287e88 | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 3f342b83a383083e518e0ba9691df2f3e63b9042e2564fe5fcdcf3198b58ae8cSHA1: 17615b4cd78f742cf961ce35084d535ae432b5c8MD5: 14c54f08e7b9421fc79e475494287e88 |
M21-rd2r1 | DarkComet_df4a6de4 | Windows |
This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. | df4a6de44c1341c71251aa7b1930cf6f | https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.htmlSHA256: 29203df0cc62299c95e3489bb1fc765221e9467c83196791d8d008525a2050e6SHA1: 34bde56acf48ab2267ae36bfc5fe22d4dd4cbf35MD5: df4a6de44c1341c71251aa7b1930cf6f |
M21-kzpc1 | Expiro_02191a87 | Windows |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | 02191a875603620180d8e1ce5766176a | https://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.htmlSHA256: 249d80e8dfbb29e545d50980ea31afad50f96ed8d94095e628cd90980a77089bSHA1: 261221672cb572bb914c36dd20ab1bccbe2025c6MD5: 02191a875603620180d8e1ce5766176a |
M21-bncd1 | Scar_55932750 | Windows |
This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media. | 5593275031b345882d5e64aa7c9bb728 | https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.htmlSHA256: 967172f2991b28400466f63a3179cbf12435a072b51704bc4b2de19f5b4e3a95SHA1: 74010e7f2773fb9d6ce132f72e093c4553fc069fMD5: 5593275031b345882d5e64aa7c9bb728 |
M21-ur631 | Scar_b1d50917 | Windows |
This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media. | b1d50917fe432a627a56ad8045fa845c | https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.htmlSHA256: 24327e0c3c90b42e97e86beec792f72131c7d57488728cd1cd96e7d36a17bf09SHA1: 6e279579af8fc5575246d4c56ff41dd2292c8395MD5: b1d50917fe432a627a56ad8045fa845c |
M21-y8cr1 | Expiro_3daea3b8 | Windows |
This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | 3daea3b8bbb4ead9495ee4aff49b3a83 | https://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.htmlSHA256: 51b8e5b10da5e56bb55b6234e750230447ffdf598069f8fbd103250e2c70559fSHA1: 7babdf39128d1193704c31f31f9818e73a4740a3MD5: 3daea3b8bbb4ead9495ee4aff49b3a83 |
M21-j5fg1 | Scar_50e9db8d | Windows |
This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media. | 50e9db8d9efe0597e7b8d9cbaa6d79c7 | https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.htmlSHA256: 37e2bb6a3010b997a3210811cc09eea13d5fbc927d28da60c98ce0fc820ce98fSHA1: cc44664ff498d332dba890c6a78c9bab0d4f380cMD5: 50e9db8d9efe0597e7b8d9cbaa6d79c7 |
M21-nm1g1 | Scar_36a91fe4 | Windows |
This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media. | 36a91fe472d4ddfff1c296a3e798deed | https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.htmlSHA256: fa54058a1ff9a1b549a264457440486c55ef120537c4b62cc213e5e80afd23d5SHA1: e41cad42fe66cc2e685b4d3f1409e666acbbb644MD5: 36a91fe472d4ddfff1c296a3e798deed |
M21-knai1 | Scar_09b3dde0 | Windows |
This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media. | 09b3dde0483c4d3d61b29c4c9622fea6 | https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.htmlSHA256: e9862e9d7ab96e635ad5a00f335dab84b4f243572ea268685c083ed74cfae78dSHA1: 1d731884429a597570edecab33e96b4f371946daMD5: 09b3dde0483c4d3d61b29c4c9622fea6 |
M21-r8qn1 | REvil_585d9cf2 | Windows |
This strike sends a polymorphic malware sample known as REvil. REvil malware also known as Sodinokibi is a ransomware that has recently been seen targeting law firms of A-list celebrities. The attackers not only pose the threat of losing all encrypted data but of also leaking stolen client data to the public.The binary has a random section name renamed according to the PE format specification. | 585d9cf2230ea8c331c911d1762db092 | https://threatpost.com/revil-ransomware-ground-down-jbs-sources/166597/https://twitter.com/VK_Intel/status/1402027278842961925SHA256: e6b89a786c8582074e28f12194eecb1e50f690c4add14fa3c06af08f96a88757https://arxiv.org/abs/1801.08917PARENTID: M21-iw3g1SSDEEP: 1536:kjxXC9jVwbhEW8z3w1R+KjJLRiOQJo0SoLCdpuOk2ICS4Ang6lUgvfYiFyRFywX/:5mV1wKdLoLC/OemUWYjfywpbPaSHA1: dd23368a80d8205866db27a793ab74be36a9279cMD5: 585d9cf2230ea8c331c911d1762db092 |