M21-y05z1 | Gh0stRAT_38db1ea3 | Mixed |
This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a remote access Trojan that provides control over an infected system. Some of its known functions include the ability to record keystrokes, record screenshots and download additional malicious payloads. | 38db1ea30d13a611098c91721bd7daeb | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 34471230c1fda37cce67aa5ae85dfb13310a0065f079eb35d05a410e91c99cdeSHA1: 1b4d01966deeb75a23f8c20fdd1a95f80f7fdc59MD5: 38db1ea30d13a611098c91721bd7daeb |
M21-jtgk1 | Gh0stRAT_a872d440 | Mixed |
This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a remote access Trojan that provides control over an infected system. Some of its known functions include the ability to record keystrokes, record screenshots and download additional malicious payloads. | a872d44042b1ca69c033a89657d60c27 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 74daff7ba7d570971481bd23a433d1d98ba7e61216badad6c895d8f9ab512e96SHA1: 1f29f52a933528ef57e4f9f0cb59234b63f4ba0fMD5: a872d44042b1ca69c033a89657d60c27 |
M21-qq1m1 | Johnnie_a2701860 | Mixed |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | a27018604fc28b1b3becb277e770ba09 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: ad24d52cb8be574ab4d2a3746dd1bfb4584b2545cdcd07e6e078096ff0e78ab6SHA1: 1ccc6546b2cae97b90a6beae5495b760581b466bMD5: a27018604fc28b1b3becb277e770ba09 |
M21-vvq41 | Zegost_10d7b4f7 | Mixed |
This strike sends a malware sample known as Zegost. Zegost, also known as Zusy, steals banking information. It displays a form to trick the user into submitting personal information when visiting a banking website. | 10d7b4f78c61a60f124b65233b2dd6c2 | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: d96135894616742836f8c0520c4db3a925623dba9ae6e60dcfd10a299406ac3bSHA1: 6ffff4d9b3120a12df2bfc96d8501f3f1a0f1660MD5: 10d7b4f78c61a60f124b65233b2dd6c2 |
M21-kji81 | Cerber_dc82432a | Mixed |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | dc82432a6a69957fcc2e326fbd97924a | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 9fa01de00a4e35f91029810e347598055a53cf9baeae6716cd088e25652912eeSHA1: 06233168eb94af1e8ec800550423f06ffdb7f5f2MD5: dc82432a6a69957fcc2e326fbd97924a |
M21-ut371 | Expiro_0155baf3 | Mixed |
This strike sends a malware sample known as Expiro. Expiro also known as Xpiro is a known file infector and information-stealer that hinders analysis with anti-debugging and anti-analysis tricks. | 0155baf3b793202061b0c43ca7c9cec2 | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: e9bd0fd8a733b3d3839e92ecb6f31f69aafc3d4c8ea81230e197920d98f8be89SHA1: f4957ec8a74f095f5829965de2818e29271f74b7MD5: 0155baf3b793202061b0c43ca7c9cec2 |
M21-1ab31 | Gh0stRAT_c0835179 | Mixed |
This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a remote access Trojan that provides control over an infected system. Some of its known functions include the ability to record keystrokes, record screenshots and download additional malicious payloads. | c083517967757144fafbb58bf094d240 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 50d9fb29eb06f9a965d43e0691e71044b691de7053215691d100793220980b8fSHA1: a5eb291e56cb2f03dfd49e6c21b50c9ede5f91a9MD5: c083517967757144fafbb58bf094d240 |
M21-hgh91 | HAFNIUM | Mixed |
This strike sends a malware sample known as HAFNIUM Webshell. This HAFNIUM Webshell malware is one of many that has been used in conjunction with Microsoft Exchange Server 0day attacks against a large number of entities primarily based in the United States. After initial infection these web shells are deployed, allowing attackers to steal data and perform further malicious functionality like command execution, file read/write capabilities and tunneling. The Webshell malware has been documented residing in one of several installation paths below. | 4b3039cf227c611c45d2242d1228a121 | https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/SHA256: b75f163ca9b9240bf4b37ad92bc7556b40a17e27c2b8ed5c8991385fe07d17d0SHA1: 0ba9a76f55aaa495670d74d21850d0155ff5d6a5MD5: 4b3039cf227c611c45d2242d1228a121 |
M21-04ru1 | Zbot_8ebb01a1 | Mixed |
This strike sends a malware sample known as Zbot. Zbot also known as Zeus is a trojan often associated with stealing banking information by keystroke logging and form grabbing techniques. | 8ebb01a18e6a4766213809c2de63a5b1 | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: 8ac5cfda7819b7f982e0da37494baf2fac075a32cf245fa732ff3e18a2027038SHA1: 39221a97108995a668735d85b08778f08055afc4MD5: 8ebb01a18e6a4766213809c2de63a5b1 |
M21-a0yl1 | Johnnie_ac4c707d | Mixed |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | ac4c707dc7839f5f587225bfe3ec2fde | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: b201a936c0dfb4f9d87e9667e4356ba0cf311c6695487c000c4664c4ae4aa773SHA1: 735f7eade9b7356538d0e4df3792340ebc31b7aaMD5: ac4c707dc7839f5f587225bfe3ec2fde |
M21-gc2b1 | Remcos_5f48006d | Mixed |
This strike sends a malware sample known as Remcos. Remcos is a RAT that logs keystrokes, and performs other interactions with the host like capturing screenshots. It is typically delivered via documents with macros in phishing emails. | 5f48006dfa96344985342dbc60d87c95 | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: b8189bf838099e9c6aebaa083abe32c23d5eeb2737467151fe58ef17cc919a9eSHA1: 1ee3680a51194f9d65e2ff35e1bb8f7c5269f3b1MD5: 5f48006dfa96344985342dbc60d87c95 |
M21-qgn21 | Johnnie_a338cd03 | Mixed |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | a338cd032054e9146ee5b8ebd99f9e58 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: b7483ac9d0804aa72996c24c8307d72d664cf5914df5f377e27667ba117dde8aSHA1: 08d6a0b6b50da6af156cc96a65cedb520c247e66MD5: a338cd032054e9146ee5b8ebd99f9e58 |
M21-tz5m1 | Zegost_eaddbf2d | Mixed |
This strike sends a malware sample known as Zegost. Zegost, also known as Zusy, steals banking information. It displays a form to trick the user into submitting personal information when visiting a banking website. | eaddbf2d17a8e690a58e195e35451222 | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: 0a23f7f118563e505bfa822035b533f3bbb2e0cbc102dfb2d3549ee79db2c74bSHA1: f348bbfc07b18da345cdddfcc115673839fe674cMD5: eaddbf2d17a8e690a58e195e35451222 |
M21-tdj81 | Cerber_ba2cb51a | Mixed |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | ba2cb51a7d5946eaee662404c55fc180 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 96a2b53b1ddf5c5c54053c7b635d95deacac03ffe22c710d2b0ff2388997bb18SHA1: 7307e03403106218950029959ef9cc93108e164fMD5: ba2cb51a7d5946eaee662404c55fc180 |
M21-efq61 | Cerber_20fece6d | Mixed |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 20fece6d01f396ae919275b8f48af3de | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 387fccecd60cfd9a3f767983f4b9ca5572762434a7371a119b57bfdd079c88a2SHA1: f659f2e3aa97a05e1d9ce2c698f9846dcdd22d38MD5: 20fece6d01f396ae919275b8f48af3de |
M21-6o0w1 | Remcos_6b171762 | Mixed |
This strike sends a malware sample known as Remcos. Remcos is a RAT that logs keystrokes, and performs other interactions with the host like capturing screenshots. It is typically delivered via documents with macros in phishing emails. | 6b171762ebb3aa6d0dfd8df3dc97f3bf | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: 89de0738d31cdaca830f1e511eab1fb92f824d6da0b9e1a6ae2e3ef5419b1f0eSHA1: 55834bf2224c6c82808fa19525356ba0be64ffefMD5: 6b171762ebb3aa6d0dfd8df3dc97f3bf |
M21-bg1f1 | Johnnie_dcf7af3e | Mixed |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | dcf7af3ecdaff092c3649383e9baecc4 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 31f400e041c61d1aa2337d6beb74a853a31ac6fe5c26af63e7b76123050e6265SHA1: dc75456bd135064275b21e91be63772fbc0c2419MD5: dcf7af3ecdaff092c3649383e9baecc4 |
M21-wcy91 | Remcos_b37cbd5b | Mixed |
This strike sends a malware sample known as Remcos. Remcos is a RAT that logs keystrokes, and performs other interactions with the host like capturing screenshots. It is typically delivered via documents with macros in phishing emails. | b37cbd5bde82458f0c0ad7ab45db03c2 | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: 8d47d932cd5c29686d796320a2d14821df531ae1b0f839c5c887191448ecc777SHA1: abdb829f7a09c6959015043801712a6cd2ab5809MD5: b37cbd5bde82458f0c0ad7ab45db03c2 |
M21-djy41 | Johnnie_8e1b7f46 | Mixed |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | 8e1b7f46cf344b314299c80919c1ef33 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: df75e5465189a11a4640c9e9bd30ae3aa37bb9f6c607fff2371351bf08a97412SHA1: d4e34bf72e4d95f69304f90271567c9521fc3e40MD5: 8e1b7f46cf344b314299c80919c1ef33 |
M21-9omf1 | Remcos_99548f77 | Mixed |
This strike sends a malware sample known as Remcos. Remcos is a RAT that logs keystrokes, and performs other interactions with the host like capturing screenshots. It is typically delivered via documents with macros in phishing emails. | 99548f77a249924a7355728f3ba1c328 | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2bSHA1: 8bd6a8afb1f7749a1de864c6cbbf297ccdb83b1fMD5: 99548f77a249924a7355728f3ba1c328 |
M21-isa71 | Gh0stRAT_f9c41e77 | Mixed |
This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a remote access Trojan that provides control over an infected system. Some of its known functions include the ability to record keystrokes, record screenshots and download additional malicious payloads. | f9c41e775ffc495c2afaf795acc3d4eb | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 3c5ab72abf3efd72aa5c4f9528239e9cadd1066f74b53102cbd0e7366c1afdedSHA1: d06b9cc53ecf81494b9baf18b86386921bc18a23MD5: f9c41e775ffc495c2afaf795acc3d4eb |
M21-dziq1 | Cerber_360dde65 | Mixed |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 360dde65f7547c1b9993e31e2c72fdab | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 57da8c90d12de206331bddadee6b8bbbdab8648563830b1e553b9ed2baf0dc13SHA1: 2ac979c82a0a9f7a71cc0bdba50f2f2e5d99a8c6MD5: 360dde65f7547c1b9993e31e2c72fdab |
M21-ly8g1 | Remcos_44be3e0a | Mixed |
This strike sends a malware sample known as Remcos. Remcos is a RAT that logs keystrokes, and performs other interactions with the host like capturing screenshots. It is typically delivered via documents with macros in phishing emails. | 44be3e0a09970a7d85d158e24963765b | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: c8335dcc276062f714b7dcb5857a1773b5762ca763323537dde98fc81cce3f2fSHA1: 234142561af893c9fad495cdea7684d008fe592aMD5: 44be3e0a09970a7d85d158e24963765b |
M21-a8c01 | Remcos_755ae12d | Mixed |
This strike sends a malware sample known as Remcos. Remcos is a RAT that logs keystrokes, and performs other interactions with the host like capturing screenshots. It is typically delivered via documents with macros in phishing emails. | 755ae12d9f12fc76f382ec1282faa029 | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: eb75f663d2145a509ae8db9126cee9d77d4942f0e24044db324ac45f894b4197SHA1: 0120cb07e334a8b0948238df3a86e55b1341e28fMD5: 755ae12d9f12fc76f382ec1282faa029 |
M21-edsh1 | Gh0stRAT_0f6550a7 | Mixed |
This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a remote access Trojan that provides control over an infected system. Some of its known functions include the ability to record keystrokes, record screenshots and download additional malicious payloads. | 0f6550a771aef1df84f85e95ff7adb9b | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 7ba92ec4b7d80aafde49b343b950ac416efae8d1e8d88759a74e33d9837bf6c1SHA1: 1f747e550225e06b4f2b8aba9a2967b61e631b53MD5: 0f6550a771aef1df84f85e95ff7adb9b |
M21-h6ye1 | Gh0stRAT_596fcbea | Mixed |
This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a remote access Trojan that provides control over an infected system. Some of its known functions include the ability to record keystrokes, record screenshots and download additional malicious payloads. | 596fcbea1a5f3fa86bcf5039881aa576 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 2a657b5cfb584ae465b438df429968a2f15f06b70813705f6e2dc7beec0f29d0SHA1: 5fc0af4f081fd3a0d910aa7b90a79e8216688758MD5: 596fcbea1a5f3fa86bcf5039881aa576 |
M21-y4e81 | Remcos_a6725728 | Mixed |
This strike sends a malware sample known as Remcos. Remcos is a RAT that logs keystrokes, and performs other interactions with the host like capturing screenshots. It is typically delivered via documents with macros in phishing emails. | a6725728d876de2468707a0e2609edad | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: a50c6bc01cacaf3c8bd51ac98b682501f25486ad25c43f2f3ce6cdcd98fab40fSHA1: acbca76a0d8bfff78b29fa68b0acb78b6476d8dfMD5: a6725728d876de2468707a0e2609edad |
M21-60h11 | Zegost_5bbc6e17 | Mixed |
This strike sends a malware sample known as Zegost. Zegost, also known as Zusy, steals banking information. It displays a form to trick the user into submitting personal information when visiting a banking website. | 5bbc6e178e98a48301ba1c78671c89e5 | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: eedb3753a1321c56557a8c51362cd6ed66d59360b4e12e78983c8659a299aeefSHA1: 3b6ce47969f65f8f79588a60320f78db701c0c29MD5: 5bbc6e178e98a48301ba1c78671c89e5 |
M21-8hi11 | HAFNIUM | Mixed |
This strike sends a malware sample known as HAFNIUM Webshell. This HAFNIUM Webshell malware is one of many that has been used in conjunction with Microsoft Exchange Server 0day attacks against a large number of entities primarily based in the United States. After initial infection these web shells are deployed, allowing attackers to steal data and perform further malicious functionality like command execution, file read/write capabilities and tunneling. The Webshell malware has been documented residing in one of several installation paths below. | 4ef04cba6bec2c3a164b9b755efbeb1c | https://blog.talosintelligence.com/2021/03/threat-advisory-hafnium-and-microsoft.htmlSHA256: 8e90ed33c7ee82c0b64078ea36ec95f7420ba435c693b3b3dd728b494abf7dfcSHA1: 49644cbbb9d234bd4f7a47ed596c8bbfefd39065MD5: 4ef04cba6bec2c3a164b9b755efbeb1c |
M21-enn61 | Remcos_769fed4d | Mixed |
This strike sends a malware sample known as Remcos. Remcos is a RAT that logs keystrokes, and performs other interactions with the host like capturing screenshots. It is typically delivered via documents with macros in phishing emails. | 769fed4d63791d8a4b8ce332b916cd5e | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: cbf9a46b64bd4c5122f5bdf7a50b8e635f9cd8792d124a2d818df1562074d916SHA1: 60b248f84a2b504b247c988807717d8ea85649b8MD5: 769fed4d63791d8a4b8ce332b916cd5e |
M21-40l71 | Cerber_9d225aba | Mixed |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 9d225abad306db39bb37c6c4e9ccbe17 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: b02791ac42414f2879a49846bb34632c02cfc3cdd39809e59989913168f64b00SHA1: a8d0fc2b578bac925863b9a345358dbfadf66363MD5: 9d225abad306db39bb37c6c4e9ccbe17 |
M21-mqlt1 | Cerber_f633f7b4 | Mixed |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | f633f7b424983cef70eae8bcbf81ff19 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 9fe2b7cc0364ef640854594c02026f78d27af5a94faba8c22e86164668014d48SHA1: 898f8c50f97d69c91d1673a28725970f28cc6129MD5: f633f7b424983cef70eae8bcbf81ff19 |
M21-533b1 | Remcos_5b3b0765 | Mixed |
This strike sends a polymorphic malware sample known as Remcos. Remcos is a RAT that logs keystrokes, and performs other interactions with the host like capturing screenshots. It is typically delivered via documents with macros in phishing emails.The binary has random strings (lorem ipsum) appended at the end of the file. | 5b3b07657907de883d44735ac1c270df | https://attack.mitre.org/techniques/T1009/SHA256: 9b93e7152e96c44741d2961b25d35bddb82c2cd2c1c0a91ecae17cdc248ed2a6SHA1: f2071970fc15755ea397cd0eb59512739f687655PARENTID: M21-a8c01SSDEEP: 1536:wbQihzJ0RAQCAqTAj2jo8MG7m80PuYjuq:rkJsA5Aj2UmqMD5: 5b3b07657907de883d44735ac1c270df |
M21-ul9f1 | Gh0stRAT_b640f7ed | Mixed |
This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a remote access Trojan that provides control over an infected system. Some of its known functions include the ability to record keystrokes, record screenshots and download additional malicious payloads. | b640f7ed51715ed04cf89f794e5ae924 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 798fbc4fb65b81b4b94c582718074a82b02f6bee8e6e4f58186a1d923a989863SHA1: 72c0fdbcdafd80d4a0c4611e940f8870cd76131aMD5: b640f7ed51715ed04cf89f794e5ae924 |
M21-alk71 | Cerber_71785297 | Mixed |
This strike sends a polymorphic malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber". The binary has the timestamp field updated in the PE file header. | 71785297665f915f985e52f395678c35 | https://attack.mitre.org/techniques/T1099/SHA256: 534ca84f14a3938500572ef064713e0c54a03f998c2a21fc51617634d45a991dSHA1: 7581a3646c6850fcb048e94959eea86bd3b87111PARENTID: M21-fgfb1SSDEEP: 12288:R2PtcpSGpXTPyduxsddfDhEvSKSmJLXj6hq:R2PtcUGpXryU+dd7KvShmJsqMD5: 71785297665f915f985e52f395678c35 |
M21-xal31 | Johnnie_f4805a5a | Mixed |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | f4805a5a3e898264b8ed4b43de37b60b | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 3b5f97b5c404c22bad550e105a9154234d43c13e4b32f3738dd1d29d0b67e8cfSHA1: 50ec9cace3353a1cf357a4cc8da0913aa2b5a143MD5: f4805a5a3e898264b8ed4b43de37b60b |
M21-zkh61 | Zegost_3ec0f08b | Mixed |
This strike sends a malware sample known as Zegost. Zegost, also known as Zusy, steals banking information. It displays a form to trick the user into submitting personal information when visiting a banking website. | 3ec0f08b9a5e8cd350d60ea98b66bc6b | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: 36c65ee22789d37e92d6fbcc135eb6fd3a9cee15bb01727607ff65f06e29adbfSHA1: 150d375eb4940dbec5d408798932c5163dd940b2MD5: 3ec0f08b9a5e8cd350d60ea98b66bc6b |
M21-zl0u1 | Zbot_fe2e0db4 | Mixed |
This strike sends a malware sample known as Zbot. Zbot also known as Zeus is a trojan often associated with stealing banking information by keystroke logging and form grabbing techniques. | fe2e0db42c21c90dcbdbe0983ab89276 | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: 81fb97b88520f85d7b8f23a119e410785a99646362bc532d034fb0e3ad581211SHA1: 1280ec13477f13f2b9708b69cec0b1619bd4606aMD5: fe2e0db42c21c90dcbdbe0983ab89276 |
M21-nx2y1 | HAFNIUM | Mixed |
This strike sends a malware sample known as HAFNIUM Webshell. This HAFNIUM Webshell malware is one of many that has been used in conjunction with Microsoft Exchange Server 0day attacks against a large number of entities primarily based in the United States. After initial infection these web shells are deployed, allowing attackers to steal data and perform further malicious functionality like command execution, file read/write capabilities and tunneling. The Webshell malware has been documented residing in one of several installation paths below. | 5544ba9ad1b56101b5d52b5270421d4a | https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/SHA256: 511df0e2df9bfa5521b588cc4bb5f8c5a321801b803394ebc493db1ef3c78fa1SHA1: fc6f5ce56166d9b4516ba207f3a653b722e1a8dfMD5: 5544ba9ad1b56101b5d52b5270421d4a |
M21-c9jc1 | Remcos_179fc66a | Mixed |
This strike sends a polymorphic malware sample known as Remcos. Remcos is a RAT that logs keystrokes, and performs other interactions with the host like capturing screenshots. It is typically delivered via documents with macros in phishing emails.The binary has been packed using upx packer, with the default options. | 179fc66a0416442f19fe51271f5dfcfd | https://attack.mitre.org/techniques/T1045/SHA256: 8776dd843bb43d1a6336239192f357a4bd918033bc4784529856f3589d5db668SHA1: 512c8fd7ad4804e403116504468c91140e2c1192PARENTID: M21-a8c01SSDEEP: 768:5hCIKPQ0nbAQEbZ12jV/HAsDDq1ur61Aa:SIjsbAQEDeV/Dyur61AaMD5: 179fc66a0416442f19fe51271f5dfcfd |
M21-lw5i1 | Johnnie_e0079301 | Mixed |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | e0079301b101c37ff3e5b8f424e92faa | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: fd731b97e8ec6140e434e09a69903a718b2bcc99d33def43800acaaa7397b04cSHA1: 4980f52cd80fd0262c8ca10c07b8498ad7e9d10eMD5: e0079301b101c37ff3e5b8f424e92faa |
M21-r0pi1 | Remcos_d006c280 | Mixed |
This strike sends a polymorphic malware sample known as Remcos. Remcos is a RAT that logs keystrokes, and performs other interactions with the host like capturing screenshots. It is typically delivered via documents with macros in phishing emails.The binary has random bytes appended at the end of the file. | d006c28009f6706e5f5c10237b353229 | https://attack.mitre.org/techniques/T1009/SHA256: 31067b35e0e621793905281fefa26fb9e467423501d893ccdfee98ceef6b3a65SHA1: 4afcc554fbb391f307da93dd67b8c59311b90870PARENTID: M21-a8c01SSDEEP: 1536:wbQihzJ0RAQCAqTAj2jo8MG7m80PuYjua:rkJsA5Aj2UmaMD5: d006c28009f6706e5f5c10237b353229 |
M21-helx1 | Johnnie_dc7e8f77 | Mixed |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | dc7e8f77cbbd7450502f7ffe563cb7bb | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: de7a7371e0113b3b8ca14ce1683824898ee5f3044caec9c550436d43bbd57cf5SHA1: e2c2b40bcff550a35362127c6a0496600375093cMD5: dc7e8f77cbbd7450502f7ffe563cb7bb |
M21-353j1 | Zbot_8fd8d53c | Mixed |
This strike sends a malware sample known as Zbot. Zbot also known as Zeus is a trojan often associated with stealing banking information by keystroke logging and form grabbing techniques. | 8fd8d53c05e3b556917a507ed6ec6b48 | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: 786c63680d8479cc659709f118c03c1785a700fc690861d851b63d46f4d14fa2SHA1: 56e771057a4e336298b52bc08c54f282e1413f27MD5: 8fd8d53c05e3b556917a507ed6ec6b48 |
M21-z8di1 | Johnnie_573c737a | Mixed |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | 573c737af7ee30678c11ec775ce9bca9 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 31cc204b627e09a0cb4bc8b2091742c448837a9be8021d70cd84b308f16dec38SHA1: d5fa20d2ba40706810a7c1278ea4c8addaa682a2MD5: 573c737af7ee30678c11ec775ce9bca9 |
M21-kjas1 | HAFNIUM | Mixed |
This strike sends a malware sample known as HAFNIUM Webshell. This HAFNIUM Webshell malware is one of many that has been used in conjunction with Microsoft Exchange Server 0day attacks against a large number of entities primarily based in the United States. After initial infection these web shells are deployed, allowing attackers to steal data and perform further malicious functionality like command execution, file read/write capabilities and tunneling. The Webshell malware has been documented residing in one of several installation paths below. | fe15fc6341baad2a111462854f96a2bc | https://blog.talosintelligence.com/2021/03/threat-advisory-hafnium-and-microsoft.htmlSHA256: a291305f181e24fe7194154b4cd355ccb039d5765709c80999e392efec69c90aSHA1: 90cd4f920d48c05fd3cad8275223f596c6388cbdMD5: fe15fc6341baad2a111462854f96a2bc |
M21-jz5x1 | Zegost_461c6d64 | Mixed |
This strike sends a malware sample known as Zegost. Zegost, also known as Zusy, steals banking information. It displays a form to trick the user into submitting personal information when visiting a banking website. | 461c6d648ad38eaf49feb08a5f7a34d8 | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: c1d4338fb9c6697e129499664ea108524fb0fa4b2c46182dc87c4c2bb06358c5SHA1: 71bff8528310cf83b5522d0d0505e5717baf5b73MD5: 461c6d648ad38eaf49feb08a5f7a34d8 |
M21-c59q1 | Gh0stRAT_4793b3b8 | Mixed |
This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a remote access Trojan that provides control over an infected system. Some of its known functions include the ability to record keystrokes, record screenshots and download additional malicious payloads. | 4793b3b82cd0ad256572aff6109f78f5 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 010877d5ffefd651a6591f043e42c884c772a6caebc4874cd359015e2b742d27SHA1: 085b51fbc4ccb45566e138433660c3b8e140f6d2MD5: 4793b3b82cd0ad256572aff6109f78f5 |
M21-v6b21 | Johnnie_5a66dd86 | Mixed |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | 5a66dd86de39a4eaf55ded4320a8ff43 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 017283a74e46d4d1e3e725cd56e1afeb1ee54068b7f71032db25fec31d68d1b2SHA1: b0c16251083c5c03a1ebbbdd3e5f527437636ae6MD5: 5a66dd86de39a4eaf55ded4320a8ff43 |
M21-tjb61 | Remcos_fba106ad | Mixed |
This strike sends a malware sample known as Remcos. Remcos is a RAT that logs keystrokes, and performs other interactions with the host like capturing screenshots. It is typically delivered via documents with macros in phishing emails. | fba106ad4a1e85d868858350f0aa8574 | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: 5b4a1cdb25a26b59a7debb9a800df48fc287c78e21fbd373cf59cd7aec08225fSHA1: 61e6ed74c533038e5b5bf05d1b1e05ec7625c62dMD5: fba106ad4a1e85d868858350f0aa8574 |
M21-3zhr1 | Gh0stRAT_65a69489 | Mixed |
This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a remote access Trojan that provides control over an infected system. Some of its known functions include the ability to record keystrokes, record screenshots and download additional malicious payloads. | 65a69489423b963beee69ad1b7644c49 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 1beb18be175e10331aa29066888d0c256afffc8b2dfb53bfb1596b11d5bf7f63SHA1: a840c42973491c503716a98e6f150e6cd7e4799eMD5: 65a69489423b963beee69ad1b7644c49 |
M21-x45i1 | Gh0stRAT_2b65b00a | Mixed |
This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a remote access Trojan that provides control over an infected system. Some of its known functions include the ability to record keystrokes, record screenshots and download additional malicious payloads. | 2b65b00a17cf1a52a6bd1514436681fd | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 23eefadaca3164a75bfe16cd4caad20a39a7c7c3a034b4d47c4e0b7913024b7fSHA1: 92f3d38f49bbde9543833be71d32b92dcbd61c4cMD5: 2b65b00a17cf1a52a6bd1514436681fd |
M21-4uli1 | Remcos_31266fef | Mixed |
This strike sends a malware sample known as Remcos. Remcos is a RAT that logs keystrokes, and performs other interactions with the host like capturing screenshots. It is typically delivered via documents with macros in phishing emails. | 31266fefa52798b306939c3fc169c0ea | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: e5e57425094babc789cd69616394e888681f05992a1cb14073655172ae3221dfSHA1: bc9f848c8355b36e803beb76ea608222d9ad5be0MD5: 31266fefa52798b306939c3fc169c0ea |
M21-3xsc1 | Remcos_89affee5 | Mixed |
This strike sends a malware sample known as Remcos. Remcos is a RAT that logs keystrokes, and performs other interactions with the host like capturing screenshots. It is typically delivered via documents with macros in phishing emails. | 89affee5f44a964e2cc9fcabeb5a1a0f | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: 9a12983c930602627ad459fba134a76ec4a419a103903155a54cc288a44bae35SHA1: 3dfa04a9253488833610a3e3f906513c8e38796fMD5: 89affee5f44a964e2cc9fcabeb5a1a0f |
M21-srvj1 | Cerber_26deaff2 | Mixed |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 26deaff26ac1591b8bd7786f5f481ab2 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 94510d2d24fe42afb50d9d577ac315897fe510f2513ef15e53af70632aa98724SHA1: 40e228abe10b3efeb903ed6d607a96f3b0c0b319MD5: 26deaff26ac1591b8bd7786f5f481ab2 |
M21-wo991 | Johnnie_b522d0cf | Mixed |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | b522d0cf76121d9e4fcc1ba12718ce3c | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 3a3205b31ee1f99fb887ce5c7d724b8fae13dc9689ca0509489345f7a2f43647SHA1: 76ca00608b28275b745d076e6babb17299e07149MD5: b522d0cf76121d9e4fcc1ba12718ce3c |
M21-hff61 | Remcos_5ff832b3 | Mixed |
This strike sends a polymorphic malware sample known as Remcos. Remcos is a RAT that logs keystrokes, and performs other interactions with the host like capturing screenshots. It is typically delivered via documents with macros in phishing emails.The binary has the timestamp field updated in the PE file header. | 5ff832b37c2e809c3b7cf09ab9c94a2d | https://attack.mitre.org/techniques/T1099/SHA256: b40ca1beec7a5b1ef23bf6f0ee890092495bf1d8e869062c7b11abc442306cfbSHA1: f4321f29a4983c462096e25ce7e77acefe242e42PARENTID: M21-a8c01SSDEEP: 1536:zbQihzJ0RAQCAqTAj2jo8MG7m80PuYjub:IkJsA5Aj2UmbMD5: 5ff832b37c2e809c3b7cf09ab9c94a2d |
M21-oorw1 | Johnnie_ab5fa6b3 | Mixed |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | ab5fa6b31ab7c53af696f3c235675498 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 5992c6bba20eb7a5a6fc7d2d66c793b57d76bd0c78c39258c4fbd5d8dcf78403SHA1: 88aadc3bbf97082acc61f8c77530d415f80b652bMD5: ab5fa6b31ab7c53af696f3c235675498 |
M21-cshx1 | Zbot_b67643a6 | Mixed |
This strike sends a polymorphic malware sample known as Zbot. Zbot also known as Zeus is a trojan often associated with stealing banking information by keystroke logging and form grabbing techniques.The binary has the timestamp field updated in the PE file header. | b67643a6adadf9d104309476df6e7234 | https://attack.mitre.org/techniques/T1099/SHA256: dff2ca2baf92eabc572cd79b16f61119b18db5e498fa645f4effb0fffbbb625bSHA1: ee57d1edd9a57776794a94f7ef853fb145554e61PARENTID: M21-kb5m1SSDEEP: 3072:QYDn8rjuO2aTOT4+UM9sQOvDyBPzGN/GZ2tu/TG4cxhILl+Z8bSnLq+0IXD:QInQju6r+UMIbu7GN/lcS4cxhTnLqKMD5: b67643a6adadf9d104309476df6e7234 |
M21-ttbg1 | Zbot_68a18f08 | Mixed |
This strike sends a malware sample known as Zbot. Zbot also known as Zeus is a trojan often associated with stealing banking information by keystroke logging and form grabbing techniques. | 68a18f089ca381727f149f727d03193e | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: 6bb31571dfbc84cb6286e9e57e781326792d1b218125b32a4a46a390aa173471SHA1: e4b005018f9c2926509a9848d1c8781a82ca9036MD5: 68a18f089ca381727f149f727d03193e |
M21-70h01 | Gh0stRAT_16c59693 | Mixed |
This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a remote access Trojan that provides control over an infected system. Some of its known functions include the ability to record keystrokes, record screenshots and download additional malicious payloads. | 16c596936a8c80d6d8810257527f377d | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 0cfb39f94222726dbf26800c8d8135d8235088ea8ba61df14c483f0a128cba80SHA1: 6a6e36671c676a02374aefb7833bf50967332afaMD5: 16c596936a8c80d6d8810257527f377d |
M21-dd091 | Johnnie_81c7f75d | Mixed |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | 81c7f75dea4d7583fe012af46c343717 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: c2c7d89d7b4b3042052bcbaa5407d034c5d539721e1b8653231eddd754cc27fbSHA1: aef44e0b8558e8687c614626d64467bdc56cc09cMD5: 81c7f75dea4d7583fe012af46c343717 |
M21-mi4z1 | Remcos_52910f26 | Mixed |
This strike sends a malware sample known as Remcos. Remcos is a RAT that logs keystrokes, and performs other interactions with the host like capturing screenshots. It is typically delivered via documents with macros in phishing emails. | 52910f268831cf97d5d3f561052be6e5 | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: d6575780888ebc64ba8cc181c289c2193d68d658bb79fbad75cb014e5843fe0fSHA1: 08e0a536de0cc2038655c500a43e42734c293f1dMD5: 52910f268831cf97d5d3f561052be6e5 |
M21-yv051 | Cerber_a2c19fe2 | Mixed |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | a2c19fe2ebdc074bf4c533cc929f2da9 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: f8f52a3aeb4a35b8a047153c7f38c5dce395a1ef2027b6334563f23c5ee4e419SHA1: 3767a4b21325cd8e0c1092ac482e6af3916f1b49MD5: a2c19fe2ebdc074bf4c533cc929f2da9 |
M21-idad1 | Remcos_305a77fb | Mixed |
This strike sends a malware sample known as Remcos. Remcos is a RAT that logs keystrokes, and performs other interactions with the host like capturing screenshots. It is typically delivered via documents with macros in phishing emails. | 305a77fbfb5624727c07ee5425e55e02 | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: 7e30717f2e9ba0317731b37c96d2412d36cd150f9ee35f952568e4ca855fe4f0SHA1: 365b0f0a232979010682c3656aee4ca041542ad9MD5: 305a77fbfb5624727c07ee5425e55e02 |
M21-iqag1 | Johnnie_7e1abfa8 | Mixed |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | 7e1abfa80d07ed765c6325f18e024246 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 421431abe3f3bc0d459ca27b9f36e6ad9e5bc256a46a418b32b49bdcae394072SHA1: 50c424827abbb6012fc02e500dd69b3d3878a680MD5: 7e1abfa80d07ed765c6325f18e024246 |
M21-97md1 | Cerber_c80008df | Mixed |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | c80008df5fa7cb0f90f41a151b35e653 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: bc299adf8792562681aede4dd15f81db7bf0103c9c965770cb8c3d0159afb2afSHA1: 99b9b3b6fa31d170a51fcf163b1cbe6f130aecc1MD5: c80008df5fa7cb0f90f41a151b35e653 |
M21-yh1y1 | Zbot_a26f582f | Mixed |
This strike sends a malware sample known as Zbot. Zbot also known as Zeus is a trojan often associated with stealing banking information by keystroke logging and form grabbing techniques. | a26f582f48d3b9f65e57254df0e6a3c1 | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: 9dffc20f428c686f9cb23e661e84a4685bc30753c974b93ae888b5fd4fd3839cSHA1: 7995b4bb8fbb7714254be5241da97021319f26dcMD5: a26f582f48d3b9f65e57254df0e6a3c1 |
M21-uhd81 | Zbot_13899a88 | Mixed |
This strike sends a polymorphic malware sample known as Zbot. Zbot also known as Zeus is a trojan often associated with stealing banking information by keystroke logging and form grabbing techniques.The binary has a random section name renamed according to the PE format specification. | 13899a886a4d9dec340f4c976203ce2a | https://arxiv.org/abs/1801.08917SHA256: 3d49bf7202514de8669c7c7310ad985d5e81c33460d99622c54a321a01cacba7SHA1: e5e38758b611b69020712659b9d8135a0a76cda4PARENTID: M21-kb5m1SSDEEP: 3072:CYDn8rjuO2aTOT4+UM9sQOvDyBPzGN/GZ2tu/TG4cxhILl+Z8bSnLq+0IXD:CInQju6r+UMIbu7GN/lcS4cxhTnLqKMD5: 13899a886a4d9dec340f4c976203ce2a |
M21-hid91 | Cerber_17577ca7 | Mixed |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 17577ca743581e2ed7d4d26fc398f1ae | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 988d69b0cdc4a75aa26a8e058441bca37d5544731aaa41b14600b61e70341b73SHA1: c92a1ac8469db106350c897d562de6b627f87c17MD5: 17577ca743581e2ed7d4d26fc398f1ae |
M21-jgv61 | Cerber_fe2ccd90 | Mixed |
This strike sends a polymorphic malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber.The binary has random contents appended in one of the existing sections in the PE file format. | fe2ccd90af759a48ec678af945fb84c5 | https://arxiv.org/abs/1801.08917SHA256: e4476e754f762a372f2ea220eb4a8266a25a16fe74eb930b8589441a0a4ce22fSHA1: f153ac690d69e1ed400c458d2794690861008c2bPARENTID: M21-fgfb1SSDEEP: 12288:P2PtcpSGpXTPydtxsddfDhEvSKSmJLXj6hq:P2PtcUGpXryX+dd7KvShmJsqMD5: fe2ccd90af759a48ec678af945fb84c5 |
M21-0t441 | Gh0stRAT_8f223f8f | Mixed |
This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a remote access Trojan that provides control over an infected system. Some of its known functions include the ability to record keystrokes, record screenshots and download additional malicious payloads. | 8f223f8fba761d9d15d1a842eaecedaf | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 4a95c949eafaa51b2de503dcf241a12bead970842154b5371e6e0adc3c8f7772SHA1: d49ade4329e3b3ce26f42cdf150774df61ebc4a8MD5: 8f223f8fba761d9d15d1a842eaecedaf |
M21-gfrr1 | Gh0stRAT_8acac9bc | Mixed |
This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a remote access Trojan that provides control over an infected system. Some of its known functions include the ability to record keystrokes, record screenshots and download additional malicious payloads. | 8acac9bca9605fc425aaeeba1d90c19a | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 4149565f66311deef8fae44d164b73ab477ad59e372310ee713cce768fab9a63SHA1: 658d074a6c313dcb7711c4ef42af282f71bbf1adMD5: 8acac9bca9605fc425aaeeba1d90c19a |
M21-7q1d1 | Gh0stRAT_8068c7ce | Mixed |
This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a remote access Trojan that provides control over an infected system. Some of its known functions include the ability to record keystrokes, record screenshots and download additional malicious payloads. | 8068c7ce20d94bdf1d843c98e916a009 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 48153323aedf8b07e8a316dc3602c88caa45158e234eecc391c9ba8f35717768SHA1: 8c2d5d68098fde1eed2a930d24a7e3b35f06e705MD5: 8068c7ce20d94bdf1d843c98e916a009 |
M21-51j41 | Zbot_53398513 | Mixed |
This strike sends a malware sample known as Zbot. Zbot also known as Zeus is a trojan often associated with stealing banking information by keystroke logging and form grabbing techniques. | 53398513c9b00ac5c9e11bc0ac41d1b6 | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: 99d874daee72df966dc53ffb6e32672bb3568ac3c58fb56cce34329cb3538137SHA1: 02cfa3c62945f18fbba204355801341de0d54720MD5: 53398513c9b00ac5c9e11bc0ac41d1b6 |
M21-3xcp1 | Gh0stRAT_cb107719 | Mixed |
This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a remote access Trojan that provides control over an infected system. Some of its known functions include the ability to record keystrokes, record screenshots and download additional malicious payloads. | cb1077195da0ed778a3180ab0aaf4c92 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 1fec76e020199fb8aea686bbeda5cb851244d0acba405ea2ef887bfe27b7a91eSHA1: 52d4d743a228a6ad86e9f7657135d938275b73b7MD5: cb1077195da0ed778a3180ab0aaf4c92 |
M21-jfo01 | Cerber_b055cf6b | Mixed |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | b055cf6b4059ac70de7497ee0ae501c5 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: bf4876d6a6c55678b3930b2bf2f8a4bf9a98364fc274d649729848190a9375d5SHA1: 83073b8b93019efc618535e783597d830bde1968MD5: b055cf6b4059ac70de7497ee0ae501c5 |
M21-9ugu1 | Gh0stRAT_b170ba52 | Mixed |
This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a remote access Trojan that provides control over an infected system. Some of its known functions include the ability to record keystrokes, record screenshots and download additional malicious payloads. | b170ba528f2ade834483f410b22fd910 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 08b333da19cb0a14d6d67de0aaf6cade6191dd01b5aaf08e248192c00f24cd2eSHA1: 114c237d946aeb8ac724b375f8cf85319bb9742dMD5: b170ba528f2ade834483f410b22fd910 |
M21-w5gb1 | Cerber_6f518175 | Mixed |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | 6f5181752a3e47b0671cd8579143fe36 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: de7ceb985789e6bac83dc6ce4ddd66716fc646c83cf7a4886a5d35f7fe9c5481SHA1: a9661da89b37e52f1eb72438ad9dc29fe918cd99MD5: 6f5181752a3e47b0671cd8579143fe36 |
M21-wp3e1 | Zbot_45fca4d6 | Mixed |
This strike sends a malware sample known as Zbot. Zbot also known as Zeus is a trojan often associated with stealing banking information by keystroke logging and form grabbing techniques. | 45fca4d6d8f0649b29b475a6ca4eb6cb | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: 8cef6afdfbe964f5839d1f616578a5a648d24152c483b4291c954585b612e53dSHA1: 4bbe71af5501e41fc6b72e8b65f3645fe5b01f54MD5: 45fca4d6d8f0649b29b475a6ca4eb6cb |
M21-snkz1 | Johnnie_be0e6047 | Mixed |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | be0e6047078cdce823e27cfd0ff8a5ee | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 7e8df264b1aa78a5eff69c18bc45b62c37ee32929e2bf47a00bc2ad1959cc58cSHA1: c2697ce8af49398d16d7fe1d4994fd36ee9ed379MD5: be0e6047078cdce823e27cfd0ff8a5ee |
M21-9tro1 | Remcos_21e43f1b | Mixed |
This strike sends a polymorphic malware sample known as Remcos. Remcos is a RAT that logs keystrokes, and performs other interactions with the host like capturing screenshots. It is typically delivered via documents with macros in phishing emails.The binary has a random section name renamed according to the PE format specification. | 21e43f1bec6e4eb7a86da442d462332c | https://arxiv.org/abs/1801.08917SHA256: 304ebf5790f5759aac1ca27b69397aa1b13dfc6a6f2ca8995993e92ca7feaa70SHA1: e7d697d2e9ceb1787b28f0fe804f55ac7dae30e0PARENTID: M21-a8c01SSDEEP: 1536:wbQihzJ0RAQCAqTAj2jo8MG7m80PuYjub:rkJsA5Aj2UmbMD5: 21e43f1bec6e4eb7a86da442d462332c |
M21-who71 | Zbot_e51be375 | Mixed |
This strike sends a malware sample known as Zbot. Zbot also known as Zeus is a trojan often associated with stealing banking information by keystroke logging and form grabbing techniques. | e51be375b6b37bc31fb815e35e8fa238 | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: aeaa3ca819bb66d0b37c3431b1f2f06292f2ef5d087953d421bff33daea4d05aSHA1: d1d0ff69e7c3eeb6497c1a4b3da18de2bb229d67MD5: e51be375b6b37bc31fb815e35e8fa238 |
M21-kpmn1 | Cerber_ae7d7901 | Mixed |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | ae7d7901de45faca15a9575b702cea61 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 81c2c50ef0e6dc05d2c2bb6ae7fc284fcdd30e35a2470f123737113b51a04d83SHA1: 0bd327f183d9cbfc31acbfdaf74c88ec04a0b639MD5: ae7d7901de45faca15a9575b702cea61 |
M21-tvgh1 | Remcos_0471eecc | Mixed |
This strike sends a malware sample known as Remcos. Remcos is a RAT that logs keystrokes, and performs other interactions with the host like capturing screenshots. It is typically delivered via documents with macros in phishing emails. | 0471eeccce6c5f38967035375fd45316 | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: dbbbf8a197a81a53158c3ea83feea35b23716df8f5ba7e92265484c157749943SHA1: 8fbe8257a2660c4c05de779d0691fd3bd9d2cd1eMD5: 0471eeccce6c5f38967035375fd45316 |
M21-huee1 | Zegost_9d4c308c | Mixed |
This strike sends a malware sample known as Zegost. Zegost, also known as Zusy, steals banking information. It displays a form to trick the user into submitting personal information when visiting a banking website. | 9d4c308c78451e878ba18901b4a0df90 | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: dbfb0576d8d5917bf4231a870525191f93915a97f255694184d94761e5887e05SHA1: bd15e9de052cf94b232a8a19710f6d89ff2326baMD5: 9d4c308c78451e878ba18901b4a0df90 |
M21-u1pm1 | Zbot_0262db6c | Mixed |
This strike sends a malware sample known as Zbot. Zbot also known as Zeus is a trojan often associated with stealing banking information by keystroke logging and form grabbing techniques. | 0262db6c1bd924b0718f7957c7e18a0c | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: 72c4886dc019c3135205759375a6461d85288628c69d842c700bd867455810e0SHA1: 3a9458d0df0561b7f4376caedaf219778a2737e0MD5: 0262db6c1bd924b0718f7957c7e18a0c |
M21-rsnr1 | Gh0stRAT_8fe74bf9 | Mixed |
This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a remote access Trojan that provides control over an infected system. Some of its known functions include the ability to record keystrokes, record screenshots and download additional malicious payloads. | 8fe74bf9a3b754612869be86468b432f | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 45f6d29433ada10f19c88b0461b35285f4478fc73ee49c8ad7189acc0854370dSHA1: c25e7f6cd92c8fa1c99c936e5a730d7386df4df7MD5: 8fe74bf9a3b754612869be86468b432f |
M21-nl4v1 | Cerber_271c2d2c | Mixed |
This strike sends a polymorphic malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber".The binary has a random section name renamed according to the PE format specification. | 271c2d2c8487d35a5d40f5b15a4f8382 | https://arxiv.org/abs/1801.08917SHA256: d51eb428e9ea9773495e1fd07a485fca103b284c682d866c9f01a37ed839007dSHA1: 5f983bcd8f799b0eaf3f10aa3e182dd7ff3a21a5PARENTID: M21-fgfb1SSDEEP: 12288:J2PtcpSGpXTPyduxsddfDhEvSKSmJLXj6hq:J2PtcUGpXryU+dd7KvShmJsqMD5: 271c2d2c8487d35a5d40f5b15a4f8382 |
M21-k10r1 | Zegost_72ab4d3f | Mixed |
This strike sends a malware sample known as Zegost. Zegost, also known as Zusy, steals banking information. It displays a form to trick the user into submitting personal information when visiting a banking website. | 72ab4d3f08f9136464836d4b0d633ba3 | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: 15e497d04bd67acedf599fbdbcf16ce5f71e1ba0f1d001282b7e4bd6d9e3e8e9SHA1: 08c2dbd24cbda8dfdc3b3d33d374b067dc2f4fd3MD5: 72ab4d3f08f9136464836d4b0d633ba3 |
M21-h4v41 | Gh0stRAT_31a7ba62 | Mixed |
This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a remote access Trojan that provides control over an infected system. Some of its known functions include the ability to record keystrokes, record screenshots and download additional malicious payloads. | 31a7ba6276ad876d12d537c8f4076d14 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 61b4e4297ede515f3c632b5c55a06d7b9c7e5e42dd084a56c2aa385f6cf74efcSHA1: 503f6ab9cb8376f7ff58f7decd82dba37f3e60d0MD5: 31a7ba6276ad876d12d537c8f4076d14 |
M21-t1vi1 | Gh0stRAT_eba0031e | Mixed |
This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a remote access Trojan that provides control over an infected system. Some of its known functions include the ability to record keystrokes, record screenshots and download additional malicious payloads. | eba0031e564ce3b9d7c37bb4f9648480 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 1228068d719215b7cad5ec1493521057e150a3850a6e9e9caa93dc406d500c6fSHA1: e7426adf3c63d8ccac5e5339f6190917c3067454MD5: eba0031e564ce3b9d7c37bb4f9648480 |
M21-fgfb1 | Cerber_fce00a14 | Mixed |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | fce00a14d4542ddada0bebf0a40cb7ea | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: da2ffc90fe2f322410c23093d0823070b7a1edd85f98e5ec2b9e9df66c70d1baSHA1: edd3368d9cf7c8d53ff1fa64c1bd304ee29dbb19MD5: fce00a14d4542ddada0bebf0a40cb7ea |
M21-gdng1 | Zegost_2a361689 | Mixed |
This strike sends a malware sample known as Zegost. Zegost, also known as Zusy, steals banking information. It displays a form to trick the user into submitting personal information when visiting a banking website. | 2a361689bd76bb804dc4f9b2088c152f | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: 0aa9328fe3389516d2fd282e56138b9c130d368e82ea70dd9419667b19b191fbSHA1: b25b36694be4a64d54482acc1ceb3108cfe7644bMD5: 2a361689bd76bb804dc4f9b2088c152f |
M21-u9xb1 | Zbot_ae999d4e | Mixed |
This strike sends a malware sample known as Zbot. Zbot also known as Zeus is a trojan often associated with stealing banking information by keystroke logging and form grabbing techniques. | ae999d4ee4684b297f66ffea7c38f611 | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: 7b7b3078f9ced8cd158ed3cf3c86c2a21425b88c717db7b064746ac7eeb20bcaSHA1: 11175d74151fdc9b8076aaca3cd2b43089fc2b7fMD5: ae999d4ee4684b297f66ffea7c38f611 |
M21-naqa1 | Zegost_1cf31a4e | Mixed |
This strike sends a malware sample known as Zegost. Zegost, also known as Zusy, steals banking information. It displays a form to trick the user into submitting personal information when visiting a banking website. | 1cf31a4eed8b843df39342fb99984f24 | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: c89b76b189cb388e323df3f8055ccad897158c5b485afa01711b87fc47620255SHA1: 33a6b73373563f2871164978f82b4cfdb7dc2b2cMD5: 1cf31a4eed8b843df39342fb99984f24 |
M21-M18061 | Zegost_6c6181b4 | Mixed |
This strike sends a malware sample known as Zegost. Zegost, also known as Zusy, steals banking information. It displays a form to trick the user into submitting personal information when visiting a banking website. | 6c6181b4a564254c0d5f16512632660c | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: 3d6172eab86b890404efea00baa9f39de291ab1c31b65bce1d5a15419a2dab6eSHA1: 8b70970984cc9f6cfacbdcdd49f4e53895fcd0bfMD5: 6c6181b4a564254c0d5f16512632660c |
M21-sdph1 | Zbot_4a245548 | Mixed |
This strike sends a malware sample known as Zbot. Zbot also known as Zeus is a trojan often associated with stealing banking information by keystroke logging and form grabbing techniques. | 4a24554855308b574ae2327d733fc1f6 | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: 7155b2bf1f3f12bb43e2dc14e97d654c96632f015111bc5df1aa8a3092e3709bSHA1: e768730b7a1f9a4a5c11e0732fefca9d1986c9b3MD5: 4a24554855308b574ae2327d733fc1f6 |
M21-bhge1 | HAFNIUM | Mixed |
This strike sends a malware sample known as HAFNIUM Webshell. This HAFNIUM Webshell malware is one of many that has been used in conjunction with Microsoft Exchange Server 0day attacks against a large number of entities primarily based in the United States. After initial infection these web shells are deployed, allowing attackers to steal data and perform further malicious functionality like command execution, file read/write capabilities and tunneling. The Webshell malware has been documented residing in one of several installation paths below. | 1a7a85b0390b308b1801679e11567eac | https://blog.talosintelligence.com/2021/03/threat-advisory-hafnium-and-microsoft.htmlSHA256: 406b680edc9a1bb0e2c7c451c56904857848b5f15570401450b73b232ff38928SHA1: aea0999c6e5952ec04bf9ee717469250cddf8a6fMD5: 1a7a85b0390b308b1801679e11567eac |
M21-mktd1 | Gh0stRAT_bd3b1251 | Mixed |
This strike sends a malware sample known as Gh0stRAT. Gh0stRAT is a remote access Trojan that provides control over an infected system. Some of its known functions include the ability to record keystrokes, record screenshots and download additional malicious payloads. | bd3b12515725e179f1e4678223066247 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 1535b2383a6c2be5adf2682b39ffd0b37c3c5abfacafd575e6895ba8e9faeb34SHA1: 3df3bef7e918b575760097306b5dc88364423e37MD5: bd3b12515725e179f1e4678223066247 |
M21-mf5t1 | Cerber_fb4af472 | Mixed |
This strike sends a polymorphic malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber". The binary has random bytes appended at the end of the file. | fb4af472afa96bd412d67b9080699494 | https://attack.mitre.org/techniques/T1009/SHA256: 60383648c4b5d929c55f8ee9bfbb03329cba4e51065a333e03ac3a17d48b75e4SHA1: ef7789ffe72c84a963b71269fb5887a072083dd3PARENTID: M21-fgfb1SSDEEP: 12288:b2PtcpSGpXTPyduxsddfDhEvSKSmJLXj6hs:b2PtcUGpXryU+dd7KvShmJssMD5: fb4af472afa96bd412d67b9080699494 |
M21-ag2v1 | Cerber_a40ee742 | Mixed |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | a40ee74258c0f9d49dc18bc4dd27df93 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 74fc7b703cecd047723d05e8654593f48d1801fa5fbd56b8a6330727da1b73beSHA1: 85518e2675a7e3ab565812df1188e00ebcf85735MD5: a40ee74258c0f9d49dc18bc4dd27df93 |
M21-9dr31 | Johnnie_00826892 | Mixed |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | 0082689270c8db3432602ace4edb0ad2 | https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.htmlSHA256: 505511c169de43c71e439a82ef3a821707e1b698382b4c41f05bcc3b9a14e5c7SHA1: ca25c5caa56f0e4f5de44b47a13bd4a05bbf1f1eMD5: 0082689270c8db3432602ace4edb0ad2 |
M21-dr8t1 | Remcos_b1fea42d | Mixed |
This strike sends a malware sample known as Remcos. Remcos is a RAT that logs keystrokes, and performs other interactions with the host like capturing screenshots. It is typically delivered via documents with macros in phishing emails. | b1fea42d2bec29cc100f5cd47262c1cf | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: b87f1dc302e0bf49a65cd8fb24f8e44809d5488dce30257597a3856afb9f55c1SHA1: 67395944e3b1d69d966e4f3e12801795435565baMD5: b1fea42d2bec29cc100f5cd47262c1cf |
M21-kb5m1 | Zbot_376b9a6c | Mixed |
This strike sends a malware sample known as Zbot. Zbot also known as Zeus is a trojan often associated with stealing banking information by keystroke logging and form grabbing techniques. | 376b9a6c75d6c7da8dc7c0e21338f7f4 | https://blog.talosintelligence.com/2021/03/threat-roundup-0312-0319.htmlSHA256: 9f568cc3b8ebc6d459507dc82cbcbdf281f9026b0c3a102be356e42c414f0c0aSHA1: d2c7ae3a6794e35a4cd00043cd4ded603c1f4b82MD5: 376b9a6c75d6c7da8dc7c0e21338f7f4 |