Malware Monthly Update June - 2021

Malware Strikes

Strike ID Malware Platform Info MD5 External References
M21-uuqg1REvil_5d8bf296Windows This strike sends a polymorphic malware sample known as REvil. REvil malware also known as Sodinokibi is a ransomware that has recently been seen targeting law firms of A-list celebrities. The attackers not only pose the threat of losing all encrypted data but of also leaking stolen client data to the public.The binary has random strings (lorem ipsum) appended at the end of the file.5d8bf296740b5399e0d6a70a5585a557https://threatpost.com/revil-ransomware-ground-down-jbs-sources/166597/
https://twitter.com/VK_Intel/status/1402027278842961925
SHA256: 854930a525ef287ffb338107c50b78c57ff76fdfb0d44787c628b7065333f72f
https://attack.mitre.org/techniques/T1009/
PARENTID: M21-kpqd1
SSDEEP: 1536:hxOUyl20w8bVZQ40iMSO1fY+iUyQs2r8t5p1ySotICS4A6Ud0RkARjTJi33tUmgC:hMhQNDEtb3Ai0RpRpi33tUzW2q
SHA1: fca32aee8293a7fc3be9767636e8698c332bb4a0
MD5: 5d8bf296740b5399e0d6a70a5585a557
M21-gtmj1REvil_2c7ae560Windows This strike sends a polymorphic malware sample known as REvil. REvil malware also known as Sodinokibi is a ransomware that has recently been seen targeting law firms of A-list celebrities. The attackers not only pose the threat of losing all encrypted data but of also leaking stolen client data to the public.The binary has random contents appended in one of the existing sections in the PE file format.2c7ae560e8df6f5c6d698edc2c860e83https://threatpost.com/revil-ransomware-ground-down-jbs-sources/166597/
https://twitter.com/VK_Intel/status/1402027278842961925
SHA256: da2b6740da5e66b2b9d598bdb865e57a93d1b89ef6b4ecaad938923baa6ab088
https://arxiv.org/abs/1801.08917
PARENTID: M21-kpqd1
SSDEEP: 1536:hxOUyl20w8bVZQ40iMSO1fY+iUyQs2r8t5p1ySotICS4ADUd0RkARjTJi33tUmgf:hMhQNDEtb3li0RpRpi33tUzW2
SHA1: 1d4447407d0a9735565a19452a12306fa37618f7
MD5: 2c7ae560e8df6f5c6d698edc2c860e83
M21-9bv01Adrozek_85172625Windows This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage.8517262559ecf71f29621ba6a2fa79e9https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: e54fb4b85b5ede5ccbbdb4d245899dc98f5a83acb17a36e066a5d6a009f3aa52
SHA1: 9ad4e8c7d87c7f0b28ff609fc1dd8d3d5a041a2e
MD5: 8517262559ecf71f29621ba6a2fa79e9
M21-mw271Scar_e6511a4aWindows This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media.e6511a4aee70c7d7a9c5619167d925eehttps://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.html
SHA256: 380de4261374d646161ed28b7363af5431110f2974f04b22f95795daf583363a
SHA1: bd3d95d720f2de2922aa67a367f7f4012618d959
MD5: e6511a4aee70c7d7a9c5619167d925ee
M21-i1ce1DarkComet_f09ebc3eWindows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.f09ebc3e8c61f3cc45059c41857f36fbhttps://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 8af940f8d26765f1f3b6bd2e2c21c29c127a5139afc100dbc4e565a04f217aa4
SHA1: 08a62beb9b0f4dc375493dbc319b52e61294b2ce
MD5: f09ebc3e8c61f3cc45059c41857f36fb
M21-rb831DarkComet_5288ee62Windows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.5288ee620e47eff39ba4db70e62e249bhttps://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 5ba083bc4ba7e5035e723c186b3361fa972072d77de7f640cee396ceb2a2ffcc
SHA1: a798e0b67678f06d4dfc436432ab871930613ff1
MD5: 5288ee620e47eff39ba4db70e62e249b
M21-nf5k1Expiro_d40dd121Windows This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.d40dd121d3362943bf820a1749dfb7d3https://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.html
SHA256: d1fd5987461ed40a0feed9983da5524d0aa929d1e3151a174e0c60a844e88ab8
SHA1: a9cc769683c974da2e7fd14bd71b52b40ab280a8
MD5: d40dd121d3362943bf820a1749dfb7d3
M21-e0m41Expiro_35e46887Windows This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.35e46887a497633076821bc083f29dffhttps://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.html
SHA256: 25231cc105f6a68131889260eb4149bcc4a1aec161e7485438de9b8176d2516f
SHA1: 92dea6a01a8ca30a1c5e2d652c6b1780137e2dbf
MD5: 35e46887a497633076821bc083f29dff
M21-d3zg1DarkComet_520f4745Windows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.520f4745b30071068ed610873843c165https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 2ff8aea2453cac540b24ec205968f370e3ca69ef8d3309e8633f32c8a6ada9a4
SHA1: 41f8068d658f0bba26ffed4e1f90e0ead657fb2d
MD5: 520f4745b30071068ed610873843c165
M21-p7ii1DarkComet_c2f62b1bWindows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.c2f62b1bcfae0de0c672cbe79e56064chttps://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 93e5685f6b1d5b5263c1266479e44a4d6f6f7f82b9a842b5e206735c082b9f81
SHA1: 28b0072e485fdcd58f2241ad4be2c587d9ba7cb8
MD5: c2f62b1bcfae0de0c672cbe79e56064c
M21-1z1x1Expiro_ff06b123Windows This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.ff06b1238c898d4450611bbeb1947ff3https://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.html
SHA256: 90ab34cb1c7a39cae0187d3b586f294174893502e4682d4555dc96bca4a8bf8c
SHA1: e2b152028a5e5d331619185209d233de6325dce3
MD5: ff06b1238c898d4450611bbeb1947ff3
M21-45ke1Scar_8c15f415Windows This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media.8c15f415f158443db22461bb7b4dc62ehttps://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.html
SHA256: ebbb412e53011de88fd5f69283ae1370eb1b89e86833e34bd1a4b60409ea098e
SHA1: 0f843f6676ac8c9b5797d7afacea12077bb7006b
MD5: 8c15f415f158443db22461bb7b4dc62e
M21-iw3g1REvil_2075566eWindows This strike sends a malware sample known as REvil. REvil malware also known as Sodinokibi is a ransomware that has recently been seen targeting law firms of A-list celebrities. The attackers not only pose the threat of losing all encrypted data but of also leaking stolen client data to the public.2075566e7855679d66705741dabe82b4https://threatpost.com/revil-ransomware-ground-down-jbs-sources/166597/
https://twitter.com/VK_Intel/status/1402027278842961925
SHA256: 12d8bfa1aeb557c146b98f069f3456cc8392863a2f4ad938722cd7ca1a773b39
SHA1: 136443e2746558b403ae6fc9d9b40bfa92b23420
MD5: 2075566e7855679d66705741dabe82b4
M21-1wv41DarkComet_46c9ea27Windows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.46c9ea27274f4a7685f801c47c08e5dfhttps://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 3a69896675c61b49ae9bc53429bfd9e2385b167d61267d521af60c5fbb9fe022
SHA1: 293ae29b9f3d8c3e61d4cbc4206e294243ea7280
MD5: 46c9ea27274f4a7685f801c47c08e5df
M21-7px01DarkComet_9798305fWindows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.9798305f8ecb993465ae08c4fefc4688https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 3d197e47b245198870c23786b63cd2cd1781fdaf18c78766a2b25f18b73d4723
SHA1: b12911efdab36a9702ba0392fdf1c360ea62e8ac
MD5: 9798305f8ecb993465ae08c4fefc4688
M21-9vj21Scar_1ecbcd7cWindows This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media.1ecbcd7cb132b302d1987d6354639341https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.html
SHA256: 97eb8efcba3f1ea4de5ae8b92ffca9fcef30149d34ab46bee3273b2b0c27d1c3
SHA1: 446972b63f274df169368a29bf695b7bafd5646d
MD5: 1ecbcd7cb132b302d1987d6354639341
M21-iq911Adrozek_4c0b0223Windows This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage.4c0b0223e8703e5347038ca240c8f703https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 7d7c8697ad7cf150272bcc9122313beb6ac6bd8ab332d273a0c362d45a44942e
SHA1: d020ec3966d7d61cd4991c300c275620a6294fa9
MD5: 4c0b0223e8703e5347038ca240c8f703
M21-hmoy1Adrozek_37c8cd08Windows This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage.37c8cd0861e71380adf860424819b9f2https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 7593f048565f8f670235752d0eadd89283642914b0880b17a7d62e7d2828cdd4
SHA1: 5a5d370e5190de898d6e63d068a81012f7a3f94e
MD5: 37c8cd0861e71380adf860424819b9f2
M21-f3ww1Scar_6b1d7e40Windows This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media.6b1d7e4042b9a77daa058ae57dd4702ahttps://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.html
SHA256: 0de3e11f175808c17e473bc12213413853c718d6dcb11a2ca5710f143eed5ec8
SHA1: e02afc5fdd67fa4fa7009ada30530dbeba4e1552
MD5: 6b1d7e4042b9a77daa058ae57dd4702a
M21-t5261Adrozek_022fd996Windows This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage.022fd9966a974597ef3ea8a2053eebabhttps://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 3875fc6e3943320f325744e333fbece600ae698bd487a35e3213ffb39a4a1d0d
SHA1: e0aeecb87260b270de67b99a95172ff96dde3c0e
MD5: 022fd9966a974597ef3ea8a2053eebab
M21-cqez1Scar_67bbf0d5Windows This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media.67bbf0d5bb33948dcfde61bf415fdb8chttps://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.html
SHA256: a9bc5265b517e74e9f40ee3032a0e0d8bcaf9dfa2c47b3988bf7245d73a6ab34
SHA1: 99c90f1861d28285f7f49904208704805ae01a07
MD5: 67bbf0d5bb33948dcfde61bf415fdb8c
M21-kpqd1REvil_95eb5380Windows This strike sends a malware sample known as REvil. REvil malware also known as Sodinokibi is a ransomware that has recently been seen targeting law firms of A-list celebrities. The attackers not only pose the threat of losing all encrypted data but of also leaking stolen client data to the public.95eb5380f665c8f21795b5ef2716f86dhttps://threatpost.com/revil-ransomware-ground-down-jbs-sources/166597/
https://twitter.com/VK_Intel/status/1402027278842961925
SHA256: 04419b76566142902680b2c44b216905b44a5743502530066e408bac72d20864
SHA1: ff2c2fcd062d1a878712823e0e9a5d38488710f9
MD5: 95eb5380f665c8f21795b5ef2716f86d
M21-xc8z1DarkComet_6b41728eWindows This strike sends a polymorphic malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.The binary has been packed using upx packer, with the default options.6b41728e3ab0def43977ee60eaea6efahttps://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: f9903d5f808f5470f2e92b4e29ed4d2fdce376cbb93b5b456e80aee716e65821
https://attack.mitre.org/techniques/T1045/
PARENTID: M21-mpzo1
SSDEEP: 1536:1d+udEMIRgWQRQcLFjYlagx0Fft6TTvcAbvPOJQazxNCoZnoX4xFIhvmn23Somit:TdCGWCH1esfSNvPuQaOotnghFMka5mJ
SHA1: 85b66f83aea143560d303c734fc45fc22dbdc91b
MD5: 6b41728e3ab0def43977ee60eaea6efa
M21-rau21DarkComet_751f9f9dWindows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.751f9f9de9d38623fe0c1fd867e7782fhttps://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: a75b9a10e13f21c0bc7d4f6fa3b4c4e4725e7930a777544d66a135cf488556c8
SHA1: 0f818fa373e7af98ea59dfada012a8e060a8e2b6
MD5: 751f9f9de9d38623fe0c1fd867e7782f
M21-7x7g1Expiro_a5106972Windows This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.a51069723865a6aba2a58439c373801dhttps://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.html
SHA256: 300e0593ce2eaba403829afcd4913c955db9dd1c526c745c3f2476258bdffee6
SHA1: 58b4749fb831a110c392b01d37d8032119df9b6b
MD5: a51069723865a6aba2a58439c373801d
M21-fvrm1DarkComet_f8fa861aWindows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.f8fa861a87d39fb63a9b0dff18a24d90https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 50164ae1061dcedf87dda17c8d2bae38cc190d313bcf15d269fcf9ef1c18ffec
SHA1: 3575f0a42ea118bec7d423de70e617ab6a4ac02b
MD5: f8fa861a87d39fb63a9b0dff18a24d90
M21-28za1Expiro_f92e78f0Windows This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.f92e78f03a38b86402273707777ad553https://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.html
SHA256: 2193a6e1b9cddd381f5f6f9b416d9e91c2a0d63ea2c4b1aa8b74e6da57d96f56
SHA1: acc49407d54444271e4434cec1e29966ea5ba82b
MD5: f92e78f03a38b86402273707777ad553
M21-ieta1Scar_220ef7f4Windows This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media.220ef7f41f700600d04c3a8b64964900https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.html
SHA256: 509aeffe10ee5ef168782bd240adc2f4e19fc0067a8a2e7a7667a82ed11ca90c
SHA1: b167926b4cb9c2d532ed0e1151736e1c319294ef
MD5: 220ef7f41f700600d04c3a8b64964900
M21-40vj1Scar_c96441e8Windows This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media.c96441e8d833155cc125c819d4ef680fhttps://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.html
SHA256: dc8e581065ecdd414e76d069f0d355e565f4cb6d0f4991ba51176042a9c445a1
SHA1: c91ff321e08a7e8e5217685bea687285710b703e
MD5: c96441e8d833155cc125c819d4ef680f
M21-xhhd1DarkComet_280678a2Windows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.280678a2509c1a6f5f95251ae64f8ea9https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: e9a6c94a8107475fe5069a28b9bbd076056ef4a77b6a295d376a79cec364c119
SHA1: 50c852c5afa01f5ea1426812843476e40b6cf465
MD5: 280678a2509c1a6f5f95251ae64f8ea9
M21-wske1Adrozek_195cbbfdWindows This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage.195cbbfd4bb76b0fe346ad80df06f627https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 08fd3bb559801fab985948ff60e1c401748f15f984cc97eba1b5df40d3ea7f3d
SHA1: dce0068cdb7c270d2c05a76aaa3933ed55979d82
MD5: 195cbbfd4bb76b0fe346ad80df06f627
M21-gmy71Scar_9adb6b64Windows This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media.9adb6b64a3edebaea039c4f45bee5befhttps://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.html
SHA256: 20b5e0c00a50f514047ae19df5058ce3d8802a635e710f0d7cc7394faa2109ac
SHA1: 11567d07303a4e3900a7a593de88ea24b5ee8e07
MD5: 9adb6b64a3edebaea039c4f45bee5bef
M21-xgmd1DarkComet_853a59fdWindows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.853a59fdea0237da61f6bd8119eaedfehttps://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: f1c0261b4ced400fe85a54b10310e8202fe685863ac1e56d007eca8f067f7719
SHA1: ca815fe6673017718cabff1f5b038fbcb6672a5a
MD5: 853a59fdea0237da61f6bd8119eaedfe
M21-llmu1DarkComet_6d8497e4Windows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.6d8497e484b8c215c417bea6db3b5550https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 6bb97d306df67a11a36fc5b749717199f4d8ad828962e558e36add96aeee7d6b
SHA1: bd4fb0c1cb4173c1893e5dc9dadc634664f73926
MD5: 6d8497e484b8c215c417bea6db3b5550
M21-kenm1Scar_d1133bb1Windows This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media.d1133bb179cf07980c1b118ae16c6b2fhttps://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.html
SHA256: 94fba396beffc62745de248d711f6d26bb6c8a7bbe0274a0035034997e561b32
SHA1: a635d1702c95f1ad8fb0cba858b272afe0b50226
MD5: d1133bb179cf07980c1b118ae16c6b2f
M21-2q071DarkComet_d6b4318eWindows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.d6b4318e91f5422c2a55a9b40228a365https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 2c17c9a5bd677dc0ed8c34cd1d67945e20d4815df50f62272817f50846bf43e0
SHA1: cb67c7af77cfbba28b2a92ba103eae7926e6e087
MD5: d6b4318e91f5422c2a55a9b40228a365
M21-nnhv1Expiro_40c756f6Windows This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.40c756f6a8b4c1944540fa90b0658bcfhttps://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.html
SHA256: 6c53baa9240daa1c0dba2db1fca9d0120e98be5a266b4dd24474be1e0f858ccf
SHA1: 56a66a3e709fcf1889dfba714a08e88caac7f55b
MD5: 40c756f6a8b4c1944540fa90b0658bcf
M21-ij7j1Adrozek_88bcf085Windows This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage.88bcf0852d8b458e5629596ef0c7871bhttps://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: f81893efe49e8f32bc1c894530357ed6cb745ff4f4f3b4e8b68b6fae424befd3
SHA1: 05b0d80cbe3cb099e174a31118480acf099bc19f
MD5: 88bcf0852d8b458e5629596ef0c7871b
M21-adoi1DarkComet_6f2fdbdaWindows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.6f2fdbdadd5bc65bcda1a5450aafc7a3https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 6369abc9e939af548125e49aa17ac509a85af4f8add224a272d6a9c2d9a6956a
SHA1: 8ddd1672dd8209b3021370574153bd0ae104514f
MD5: 6f2fdbdadd5bc65bcda1a5450aafc7a3
M21-3ksj1DarkComet_e0ba1170Windows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.e0ba1170722739bd05a56e350eb08310https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 6ae94873b9d2e21ea9d7ccb6e935d360630d7e6ee0e3439193b9d50f4c2b4111
SHA1: c1571acfc949a1ca35eb8a10d347f3930682b91c
MD5: e0ba1170722739bd05a56e350eb08310
M21-mpzo1DarkComet_afa7e1cfWindows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.afa7e1cf7d0c1dcf3e55e57590286549https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: ac935ffa7c7f9b43b2edc3e79f88e0271bc6abe8e2a03c5efbf1d86a23070938
SHA1: 826385ae6f04762752e7f73af832aa5e1a9abc88
MD5: afa7e1cf7d0c1dcf3e55e57590286549
M21-a9e01Adrozek_f16f2431Windows This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage.f16f24310f498026a447286847b83c54https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 6aff8643efe69aecf3d4622625798b096d51b5fd059bc1951eeb7fcf6000bea4
SHA1: 27295c8990afd196333bcdd0cb008c1945c14a00
MD5: f16f24310f498026a447286847b83c54
M21-pcdt1Expiro_1f0e8f82Windows This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.1f0e8f826901b1a0ee03d9f73f48609chttps://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.html
SHA256: 4acd6c270a50e1abeb0ff1f978699101dfde225210538c4cf4ab3a7d44207307
SHA1: 0c5ae7e27e8323189cff0077fdf1916d82eca4c1
MD5: 1f0e8f826901b1a0ee03d9f73f48609c
M21-ifz51DarkComet_76771df5Windows This strike sends a polymorphic malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.The binary has the timestamp field updated in the PE file header.76771df5c70cdcfb31d6ac6d2eb0fe9chttps://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 3149b8144e64797941cdf7a86da72867d981757a83bd20c3af461a2193cc20c5
https://attack.mitre.org/techniques/T1099/
PARENTID: M21-mpzo1
SSDEEP: 3072:LnglhmBQH6ED/Hu7c1iqXwTV/pFYLxFxBotnghFMka5mJ:LKhmPIPYciqXwTV/wLotghyEJ
SHA1: a5834b531ada4f85f557e1b9e3b6babc1e6cf33e
MD5: 76771df5c70cdcfb31d6ac6d2eb0fe9c
M21-3lmb1Adrozek_3ff3ab8eWindows This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage.3ff3ab8ea667738e005cb419c51d1960https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 8314fcd8b479a297bfa032f346c9b756e9d7ad09e60f2dbc28c63c01568c34d8
SHA1: 840284abefbc5765190228b0f02c52e6d1693b95
MD5: 3ff3ab8ea667738e005cb419c51d1960
M21-vnce1Adrozek_12168815Windows This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage.12168815ad176df39aac31d8680e8e63https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 70f8c5bda086c2c7c57323a73cdd79733f96e6469425a64a3831220deb39e410
SHA1: f5603445b6f932e633974bc711fd70a766cb062a
MD5: 12168815ad176df39aac31d8680e8e63
M21-91bu1Adrozek_2ad72cabWindows This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage.2ad72cab2e2307bc31d2796f9b860f9fhttps://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: c03bf4b9260aea99dffc7018f146e526d06c4223c0960569053f332c2eb0f85b
SHA1: 7b209cc1a203603264b17120ba52fd255d7d3e8d
MD5: 2ad72cab2e2307bc31d2796f9b860f9f
M21-wqxe1DarkComet_506f3057Windows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.506f3057b3a4ea70644ec59d6d591b81https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 6aca30d0d7f15f6f6b6c1a9f69f1acab06edacbb4955c4ef5f18f41ec7b17984
SHA1: f36a27abf923f26007010904dfc300f553505d8b
MD5: 506f3057b3a4ea70644ec59d6d591b81
M21-h63a1Clop_06198fedWindows This strike sends a malware sample known as Clop. Clop ransomware was originally detected as a variant of the CryptoMix ransomware family. It currently targets entire networks instead of individual machines and even attempts to disable Windows Defender and other security tools. Before it begins encryption of the system, it disables target processes, which can include debuggers, text editors, IDEs, as well as a host of Windows processes like Windows 10 and Microsoft applications.06198fed029adbc90796ca6d83a67789https://twitter.com/malwrhunterteam/status/1098578106112245760
https://twitter.com/VK_Intel/status/1405283994074189827
SHA256: 79b8c37a5e2a32e8f7e000822cec6f2f4e317620a2296f1aa3f35b2374c396ec
SHA1: d13ae07d65eb0457ba61d622a1bc1ac5f79df670
MD5: 06198fed029adbc90796ca6d83a67789
M21-aars1DarkComet_cb2776d1Windows This strike sends a polymorphic malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.The binary has a random section name renamed according to the PE format specification.cb2776d128575116707d78e3bd858fb2https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 920487e053112950b715f85f3343378e94a6cc49b66f4c077d5006c907a4de45
https://arxiv.org/abs/1801.08917
PARENTID: M21-mpzo1
SSDEEP: 3072:snglhmBQH6ED/Hu7c1iqXwTV/pFYLxFxBotnghFMka5mJ:sKhmPIPYciqXwTV/wLotghyEJ
SHA1: daf924ebebbda2c807fa9e6b3b17af18b9d38dc4
MD5: cb2776d128575116707d78e3bd858fb2
M21-l0c51Adrozek_6ab15660Windows This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage.6ab15660f883d6c313a84f3092c2af7chttps://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: d84613966bf88a906e11fbeaaa7fd3aa1b89fec4d1bb5fb56de42e5becf198e7
SHA1: 5bb78efa67c1b3eb2d96fceb5ddeb49d51a4fa13
MD5: 6ab15660f883d6c313a84f3092c2af7c
M21-hiw01Adrozek_512870c5Windows This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage.512870c58ca92bf9cf31969e6ff95233https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: d741991f7f94b13b60a425b7e08f9c23f0e7090b50043739faba65986765cd77
SHA1: b695230b692ce3e0caad8c1ed36b459a9652320b
MD5: 512870c58ca92bf9cf31969e6ff95233
M21-n33o1Adrozek_55499c0cWindows This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage.55499c0c9d2df98f821ed55071f5bc1chttps://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 335a85988d6bacc3a40953cf08bd6c4b566d9709047a88afe2a39853e4e1c100
SHA1: 746b5e1a56b022f9bc6b5d4d58595219f0d8dcfc
MD5: 55499c0c9d2df98f821ed55071f5bc1c
M21-6gmg1DarkComet_c8e7b11fWindows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.c8e7b11fa51f2ae03e9cb863b55df78dhttps://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: e4faef951b3f224091290539faa2794ea7d4e0ba28f7d4b544778367c850681f
SHA1: c8f28f567bd53c72c959b2eba8f14f79566a504e
MD5: c8e7b11fa51f2ae03e9cb863b55df78d
M21-oacr1Adrozek_85120da5Windows This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage.85120da5492577b6e462bcaf567302c5https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: a7eb6746122f4956c799dc5a6867482d20d6283c236cdf365a3b798960e2b6a4
SHA1: c3f8f2f702870feb520a9ca9c705588363f786c7
MD5: 85120da5492577b6e462bcaf567302c5
M21-23zl1Expiro_506c9e8dWindows This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.506c9e8dba60419f3956cd6f2860b60ahttps://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.html
SHA256: f670b25c1e3b394beb0f6fcf9fb47481451fd9eafd7af02fb70ff1e9bd0c8a2c
SHA1: e79727fa7b17f8c9ff7a232ba2758788f1654449
MD5: 506c9e8dba60419f3956cd6f2860b60a
M21-t87s1Scar_f90256f5Windows This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media.f90256f556b2743291103bbaa4f66302https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.html
SHA256: f3e82a5b81e904b06ad0a2eb487520d1cbdc322708795d3e6a640c6601c7b315
SHA1: 0f28365c3cf0f04fde1ffd116ba4482ab14eb6b4
MD5: f90256f556b2743291103bbaa4f66302
M21-wq4d1DarkComet_6246b3faWindows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.6246b3fab642506182bd3cfe2b08f071https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 61604334c548f33082a6554f21855ccd872d5d20a2c02b36959b805777eae92c
SHA1: ac23775208c296d2d2aa4ec71c0c2419678269cd
MD5: 6246b3fab642506182bd3cfe2b08f071
M21-xie91Adrozek_68fc74f9Windows This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage.68fc74f99d0665401261f7cb9d5967dbhttps://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 38f59793db1d3bec60edc5ed713806c5da7849bf5d3f650ccae4a2401cf1a9d3
SHA1: 0f43eff1aac52807912733c002fd97e2e1d18aa5
MD5: 68fc74f99d0665401261f7cb9d5967db
M21-pj7f1Adrozek_ce83b6ceWindows This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage.ce83b6ce2230e9069de9e65310793aa6https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 9a08ad7762d034f89cd79ffe2572d2fab89afa2469e3e4f79cdba306692bfab7
SHA1: a649e6d1bb04aed4dd0eb4b65b39e34cec2971da
MD5: ce83b6ce2230e9069de9e65310793aa6
M21-xbyy1DarkComet_0a420405Windows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.0a4204058a34296805b9823fac136750https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 2438d98520bff9aa704d0c66af92f06bb1fa2301a23e3fe3a451ab11731d6cfa
SHA1: abcb2ff64d5c0ebff9fa982e151388716258ffd6
MD5: 0a4204058a34296805b9823fac136750
M21-6s201Scar_1951faf5Windows This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media.1951faf55309f61702bcda986e5229bfhttps://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.html
SHA256: dfbe911d1380be0f7a078287ec87b0dad5dbefadd312bfb61905745396b168c2
SHA1: 1fd7c5b88792be90e9edbebf9b38edb113ac3d6a
MD5: 1951faf55309f61702bcda986e5229bf
M21-0wi61Adrozek_76dc151bWindows This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage.76dc151b8ef17e2b51180919e40e3d7fhttps://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 34e9a6dc3305522fe0f7c2fc5b32470cb9b7030399540cfbd77c446c5e4deef5
SHA1: a26085342848ec2ebb818d4a8d5e5953268ba62a
MD5: 76dc151b8ef17e2b51180919e40e3d7f
M21-gj2h1REvil_31c17b36Windows This strike sends a polymorphic malware sample known as REvil. REvil malware also known as Sodinokibi is a ransomware that has recently been seen targeting law firms of A-list celebrities. The attackers not only pose the threat of losing all encrypted data but of also leaking stolen client data to the public.The binary has been packed using upx packer, with the default options.31c17b36a1392448458c41447c040639https://threatpost.com/revil-ransomware-ground-down-jbs-sources/166597/
https://twitter.com/VK_Intel/status/1402027278842961925
SHA256: 286b5e3c2ac813c2505b01603afa50d961efecb0683dff4974e9319516a8d7d6
https://attack.mitre.org/techniques/T1045/
PARENTID: M21-kpqd1
SSDEEP: 1536:ewLa3puaUokvnp7Pu1bMJIKoW3GoeL2h41r5POE+5:pLMh8vp7BJ7oWWow2urY
SHA1: 6e4ea1933826688cc089f79e78b35c202893f449
MD5: 31c17b36a1392448458c41447c040639
M21-6c851Expiro_c7a25967Windows This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.c7a259674474b0eab3a37fab1b08f826https://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.html
SHA256: bd43d101142ab04f22e04aac987430b53cc62c5a78e8e66b02c83c8b11f97b4f
SHA1: 6b54b338e0fc03393a5c0bbce5921c378bf59f57
MD5: c7a259674474b0eab3a37fab1b08f826
M21-fpcp1DarkComet_a6eafe7fWindows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.a6eafe7f3fa6053ef50baa7c167ace49https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 87f26093f674d95d8b56f5dc97fcda5dbc29c9c8d2e8f9283e53d2329a41af6c
SHA1: 1022b563792265c42ed4b41b98ca70696f68b09e
MD5: a6eafe7f3fa6053ef50baa7c167ace49
M21-zd1o1REvil_6e4e9299Windows This strike sends a polymorphic malware sample known as REvil. REvil malware also known as Sodinokibi is a ransomware that has recently been seen targeting law firms of A-list celebrities. The attackers not only pose the threat of losing all encrypted data but of also leaking stolen client data to the public.The binary has random bytes appended at the end of the file.6e4e92997bbb44ee50a69ff1e6f61ba7https://threatpost.com/revil-ransomware-ground-down-jbs-sources/166597/
https://twitter.com/VK_Intel/status/1402027278842961925
SHA256: 748fdba889851594f0da3695ac60ec78e89323b10b8a1c840c2a549fd44bcd45
https://attack.mitre.org/techniques/T1009/
PARENTID: M21-kpqd1
SSDEEP: 1536:hxOUyl20w8bVZQ40iMSO1fY+iUyQs2r8t5p1ySotICS4A6Ud0RkARjTJi33tUmgf:hMhQNDEtb3Ai0RpRpi33tUzW2n
SHA1: 94c2d2b550599c31d02c9e9ada4d9699101204d4
MD5: 6e4e92997bbb44ee50a69ff1e6f61ba7
M21-tbo11DarkComet_7a1a393eWindows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.7a1a393eb5215996cabd8346bcb7eb10https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 122e3fbcc83775250b7f82d371aea1a2ac5ab90bfa78d2fac7b0e86c51fdc00a
SHA1: 398d43cff7ffb7054d0ff7b71d9fd27e4e5e809b
MD5: 7a1a393eb5215996cabd8346bcb7eb10
M21-uvsh1DarkComet_be43f6c3Windows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.be43f6c3f4445ab4aa4d75cb1f2b1e9dhttps://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 4b9b56ba115ddca985c105f715a69e33de0aca8269f142f56efeb74c9676da2a
SHA1: f0015d0f208a0b74543263e673fae44c548f9ee7
MD5: be43f6c3f4445ab4aa4d75cb1f2b1e9d
M21-1qya1Adrozek_807592e6Windows This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage.807592e6eb531ffeb53a27c0f62b71b7https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 91b8754b8cce45e799a6a0065aa40510b415685a4c2ef5cab481732e445c9c93
SHA1: 25f48be9e301ba52dff63ff41614924edffb5106
MD5: 807592e6eb531ffeb53a27c0f62b71b7
M21-znsk1Scar_ff9bd65fWindows This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media.ff9bd65f29492a559e2f630afbe9accdhttps://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.html
SHA256: a7fb6b83e5212b86d3c6c898f0426fb568b3c170558108dd0eff8e0d7bb33e31
SHA1: 9c55d6f02bf943d049a36938be26a30d4fd5428b
MD5: ff9bd65f29492a559e2f630afbe9accd
M21-dhzt1DarkComet_3e0bc2a9Windows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.3e0bc2a9652485354c3eeae5cd098261https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 5376c102bf941a26d25ee42a66546b2600da62a6f2f5caa2742ea44894db2667
SHA1: ac362acc59ee9c951a0d87b5d0e4a7fba7aa7817
MD5: 3e0bc2a9652485354c3eeae5cd098261
M21-q3lk1Expiro_8bb30113Windows This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.8bb301137c9cf0781df8dcd295d904dchttps://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.html
SHA256: fe21a1fa1a0e2eaddb2c0bf1eb324c9ba188387ceb75b81a6074258c7a789aee
SHA1: 3e44bba2997ef9dcbfd8fad53b59f28d382136ae
MD5: 8bb301137c9cf0781df8dcd295d904dc
M21-j5sc1DarkComet_ef078a83Windows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.ef078a8364715c9e2c9ec6441db3aa0bhttps://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 579d36a4d7bd44e868f5dec198050a727d093897e0395d456fe927c90a665fdf
SHA1: 827ec2f088857f94346d267f6b487f5d3876b60d
MD5: ef078a8364715c9e2c9ec6441db3aa0b
M21-wzz51Expiro_fd75e90eWindows This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.fd75e90e1c0fd610860085c1c642bf9chttps://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.html
SHA256: 8ab104c5aedbee37d22ddcc53fbc0b4344086f85c1321801102ab2772937b23f
SHA1: 3407e5c2237584e8f8dc84bcd420e864bf6b689b
MD5: fd75e90e1c0fd610860085c1c642bf9c
M21-pjym1Scar_50ef4e47Windows This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media.50ef4e475ee9ccf98e596a606d9d32e4https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.html
SHA256: 26a351eedcc2597880558caae3c502808d854f0d9c8fc263168b941927988fd1
SHA1: f53f333895bbe945658bf1776737cd66dc2471e8
MD5: 50ef4e475ee9ccf98e596a606d9d32e4
M21-pn2p1Scar_20a3ed89Windows This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media.20a3ed89cdf16707930a21217f912b97https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.html
SHA256: 9f2951d56edd918490349c68e9728a5cd6861c8816276141da807d0b4411ae28
SHA1: 1f2b86b577532275e703e430722098d67bf35889
MD5: 20a3ed89cdf16707930a21217f912b97
M21-9rnt1Adrozek_cc3ab50bWindows This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage.cc3ab50be1cfacb7860ee1f3776e57e0https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 4e9dd245afef951c71a630ec50aabdbc78a124ea4998a0c387a83d25c13a1534
SHA1: f83af47b3462bb5b9cf6df1c55da866878a1cb7c
MD5: cc3ab50be1cfacb7860ee1f3776e57e0
M21-qjqt1Scar_8628f5f1Windows This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media.8628f5f1d6593915cf23b60c46377cc1https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.html
SHA256: d7536a536700237fbe1ce5612390c565055a59187866b7dcfedca6e5128da2d7
SHA1: e85c9f423d6bc35c5d0d5d17f8af635cdd992fb5
MD5: 8628f5f1d6593915cf23b60c46377cc1
M21-dob51DarkComet_9ddc588cWindows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.9ddc588c0382050b2a736c2a2ad6ccb0https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: b7f9e06d289e23cf2b1e6c3392c9cfab88444c4595b3a29bc109f578611b7c58
SHA1: 7eaa079ff297e6bf66e0cc3216bfee85eeaea29c
MD5: 9ddc588c0382050b2a736c2a2ad6ccb0
M21-55zt1Scar_d71c3fe6Windows This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media.d71c3fe641a6e1379ec2648d524de8f0https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.html
SHA256: b14554f8e230b0eaff1a0a6c6c3b4032041cb1410a16d4b71b87edbe7de1f427
SHA1: c088b0bb038194937ba14bc209b7a8198b01beda
MD5: d71c3fe641a6e1379ec2648d524de8f0
M21-2elx1Expiro_7e379a9aWindows This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.7e379a9a3a6a2bc52ac50157b6239c95https://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.html
SHA256: 036795412a7cbfc1f5f9bbb07f10da6c3bfd0633ba9df5c62b9b4daa59c714d4
SHA1: cbd8d083ef64e5284d58c7456c3d5c153f08f6e9
MD5: 7e379a9a3a6a2bc52ac50157b6239c95
M21-4teg1DarkComet_223524c6Windows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.223524c6bc8859c4f43b2965a5a52aa5https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 94b68fb51993400f1f80b3236973a839ec6aaee6611cc3412e19939dd8406c11
SHA1: 8dfd58de0fb7f3e6086c86354a329b3995ac73e6
MD5: 223524c6bc8859c4f43b2965a5a52aa5
M21-246o1Adrozek_fb187560Windows This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage.fb1875607626cab63dfd07273c45fc7fhttps://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 343ac51ead89330503b44ae586bab14aac56eb79a66b516008bed071c8249b44
SHA1: 0e779fa9e07ba6171aa1f930523ae5687953d1a2
MD5: fb1875607626cab63dfd07273c45fc7f
M21-9mzk1Adrozek_55dd45f4Windows This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage.55dd45f49c6f87bc0e838313e29ed47fhttps://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 36efdada787fd28c159aeed83f6b0705aef2500bdcd580e6cc99fae2c877bcdf
SHA1: 6e693e53262067e9b658f0752997b250961f5b68
MD5: 55dd45f49c6f87bc0e838313e29ed47f
M21-4fa91DarkComet_65a19a73Windows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.65a19a730f50c5daea17f95adf114c90https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: db42b08f61b945fa39065f62c1cf89b9c1cad5a3ae8a81820b6b76ac42da3a6c
SHA1: 08fe9e67bd6efcaf6ffb53acf9f306643a592d65
MD5: 65a19a730f50c5daea17f95adf114c90
M21-91zr1DarkComet_23d09c0cWindows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.23d09c0cd70265deb19ccc2d87c71145https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 19bea011f0b7cd8b007071076698db3f363af0117624ab2acecb445d0effc104
SHA1: 4429597b9079e5e7f0342aa9a1dec005c8f453e5
MD5: 23d09c0cd70265deb19ccc2d87c71145
M21-omoo1Scar_f8396a17Windows This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media.f8396a17869a29e9f125e8459327d954https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.html
SHA256: 57c40500eb80c9e4715261df8eb06d322943d93424a6c785db68d3208092577e
SHA1: d52aa986a30239cec14b6f2170ce9908095f6e0e
MD5: f8396a17869a29e9f125e8459327d954
M21-glme1Adrozek_dcb287afWindows This strike sends a malware sample known as Adrozek. Adrozek hooks into web browsers to inject ads on webpages and steals login credentials when users visit the webpage.dcb287aff31159ff8e4fc6d8b3343036https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: c0a51cea4eae1fe116c4ca31cb3894056cdb59b74297947b36e34dc6cf382ab0
SHA1: 0f55a578dea58564f2f1a34dd8053d6407a154b2
MD5: dcb287aff31159ff8e4fc6d8b3343036
M21-oiam1DarkComet_520560d0Windows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.520560d0a4f433a735ddc5c316fbcd24https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 7e89204ad455a0ec5d98b8cf85d64e4632ad4d924262f780d1b197705a088ef0
SHA1: 4c815847a5932fe210ee509ea117f42094eebe38
MD5: 520560d0a4f433a735ddc5c316fbcd24
M21-q8m91Expiro_ff731130Windows This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.ff7311302542ef3e9acd37302823b586https://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.html
SHA256: 83b7d7e733d27f0a7199bb95dc03e9f5d0678ddb4eb431be451539d481da2f38
SHA1: 7e51b99abef76ce7c92b9d4d6a63a56314744d65
MD5: ff7311302542ef3e9acd37302823b586
M21-oh5z1Scar_ddd4f409Windows This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media.ddd4f4098ac6f562a1933aaeb3f764e6https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.html
SHA256: 7f9bf7e5dd287d63cd295f27c9ef83f5545ce28b7e2859d2a2573d4340915693
SHA1: 81e1b8fd6af76d74546026dafe741e05829bb351
MD5: ddd4f4098ac6f562a1933aaeb3f764e6
M21-cm351DarkComet_31cc19f2Windows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.31cc19f2cc08e7df9711899b6c27fd92https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: bd89f6e28818d522bf1a0c1b55606d406aea0b3ad5883c92ab422d061aa282e1
SHA1: db34e26a048421b373fa11f762f655052d23b21f
MD5: 31cc19f2cc08e7df9711899b6c27fd92
M21-06l61DarkComet_14c54f08Windows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.14c54f08e7b9421fc79e475494287e88https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 3f342b83a383083e518e0ba9691df2f3e63b9042e2564fe5fcdcf3198b58ae8c
SHA1: 17615b4cd78f742cf961ce35084d535ae432b5c8
MD5: 14c54f08e7b9421fc79e475494287e88
M21-rd2r1DarkComet_df4a6de4Windows This strike sends a malware sample known as DarkComet. DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system.df4a6de44c1341c71251aa7b1930cf6fhttps://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
SHA256: 29203df0cc62299c95e3489bb1fc765221e9467c83196791d8d008525a2050e6
SHA1: 34bde56acf48ab2267ae36bfc5fe22d4dd4cbf35
MD5: df4a6de44c1341c71251aa7b1930cf6f
M21-kzpc1Expiro_02191a87Windows This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.02191a875603620180d8e1ce5766176ahttps://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.html
SHA256: 249d80e8dfbb29e545d50980ea31afad50f96ed8d94095e628cd90980a77089b
SHA1: 261221672cb572bb914c36dd20ab1bccbe2025c6
MD5: 02191a875603620180d8e1ce5766176a
M21-bncd1Scar_55932750Windows This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media.5593275031b345882d5e64aa7c9bb728https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.html
SHA256: 967172f2991b28400466f63a3179cbf12435a072b51704bc4b2de19f5b4e3a95
SHA1: 74010e7f2773fb9d6ce132f72e093c4553fc069f
MD5: 5593275031b345882d5e64aa7c9bb728
M21-ur631Scar_b1d50917Windows This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media.b1d50917fe432a627a56ad8045fa845chttps://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.html
SHA256: 24327e0c3c90b42e97e86beec792f72131c7d57488728cd1cd96e7d36a17bf09
SHA1: 6e279579af8fc5575246d4c56ff41dd2292c8395
MD5: b1d50917fe432a627a56ad8045fa845c
M21-y8cr1Expiro_3daea3b8Windows This strike sends a malware sample known as Expiro. Expiro or Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks.3daea3b8bbb4ead9495ee4aff49b3a83https://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.html
SHA256: 51b8e5b10da5e56bb55b6234e750230447ffdf598069f8fbd103250e2c70559f
SHA1: 7babdf39128d1193704c31f31f9818e73a4740a3
MD5: 3daea3b8bbb4ead9495ee4aff49b3a83
M21-j5fg1Scar_50e9db8dWindows This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media.50e9db8d9efe0597e7b8d9cbaa6d79c7https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.html
SHA256: 37e2bb6a3010b997a3210811cc09eea13d5fbc927d28da60c98ce0fc820ce98f
SHA1: cc44664ff498d332dba890c6a78c9bab0d4f380c
MD5: 50e9db8d9efe0597e7b8d9cbaa6d79c7
M21-nm1g1Scar_36a91fe4Windows This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media.36a91fe472d4ddfff1c296a3e798deedhttps://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.html
SHA256: fa54058a1ff9a1b549a264457440486c55ef120537c4b62cc213e5e80afd23d5
SHA1: e41cad42fe66cc2e685b4d3f1409e666acbbb644
MD5: 36a91fe472d4ddfff1c296a3e798deed
M21-knai1Scar_09b3dde0Windows This strike sends a malware sample known as Scar. Scar is a worm and will download files while also trying to spread to other machines by copying itself to removable media.09b3dde0483c4d3d61b29c4c9622fea6https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.html
SHA256: e9862e9d7ab96e635ad5a00f335dab84b4f243572ea268685c083ed74cfae78d
SHA1: 1d731884429a597570edecab33e96b4f371946da
MD5: 09b3dde0483c4d3d61b29c4c9622fea6
M21-r8qn1REvil_585d9cf2Windows This strike sends a polymorphic malware sample known as REvil. REvil malware also known as Sodinokibi is a ransomware that has recently been seen targeting law firms of A-list celebrities. The attackers not only pose the threat of losing all encrypted data but of also leaking stolen client data to the public.The binary has a random section name renamed according to the PE format specification.585d9cf2230ea8c331c911d1762db092https://threatpost.com/revil-ransomware-ground-down-jbs-sources/166597/
https://twitter.com/VK_Intel/status/1402027278842961925
SHA256: e6b89a786c8582074e28f12194eecb1e50f690c4add14fa3c06af08f96a88757
https://arxiv.org/abs/1801.08917
PARENTID: M21-iw3g1
SSDEEP: 1536:kjxXC9jVwbhEW8z3w1R+KjJLRiOQJo0SoLCdpuOk2ICS4Ang6lUgvfYiFyRFywX/:5mV1wKdLoLC/OemUWYjfywpbPa
SHA1: dd23368a80d8205866db27a793ab74be36a9279c
MD5: 585d9cf2230ea8c331c911d1762db092