M22-M5042 | Hupigon_bbdd2e9e | Windows |
This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes. | bbdd2e9e288862a2e2048871ec43a398 | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: 7edf7c40ae4faca38743888c32ea5f0ca9ba738de120ec6c21f08b46a2561e1aSHA1: 79a266bd77c1b9547580998591fe200a74e09679MD5: bbdd2e9e288862a2e2048871ec43a398 |
M22-M5069 | TrickBot_ed20b235 | Windows |
This strike sends a polymorphic malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.The binary has random bytes appended at the end of the file. | ed20b2358d873d1699b1af76d15816f2 | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 68ee0cbcae4eb83300ae8e4133b329e49cbb2dd27f17b29a4706c88c0947a0d7https://attack.mitre.org/techniques/T1009/PARENTID: M22-M500fSSDEEP: 12288:TPXywR1k/1qZLqnmqI+IQP+cqo+f+8IW4MuFK1kFSFT5XQQu/IID/OW/toXiy9dY:TfRLDB+Rqo+f+TcXXDMICzox9ZDGfi2RSHA1: 0602fede622864272a72e3e12f3eb5fa59ee1fa5MD5: ed20b2358d873d1699b1af76d15816f2 |
M22-M502b | TrickBot_82130c33 | Windows |
This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 82130c33ba1635a09ab4d109a3ec6d0a | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 4970c1befe8ed3cab71cd9d43317b9f311d10b49ffc18e1a71f6685cdce05c5cSHA1: c77c751abef13d659c8d64337f50dc52761909deMD5: 82130c33ba1635a09ab4d109a3ec6d0a |
M22-M5036 | TrickBot_a3854599 | Windows |
This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | a3854599ec95b48d8aa1e2ad9cb66d16 | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 16ffb81083c9c988e526a1fd6fd8143dc21ea2f4876833ba43b64ead08ca9aeeSHA1: 1fbbea5dc2fd293784e4d403e49858709a52ba2fMD5: a3854599ec95b48d8aa1e2ad9cb66d16 |
M22-M5046 | Qakbot_c611fb97 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | c611fb978592e9b1357244627049350d | https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.htmlSHA256: 3fc05b1cc4b4af7a9dd6d32f0b729840a4025325d864a689a389350fbcc4e20cSHA1: 3c455e7cfab196ca93389c4cb4f12750fe68f924MD5: c611fb978592e9b1357244627049350d |
M22-M5056 | Hupigon_3eb62f14 | Windows |
This strike sends a polymorphic malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.The binary has random bytes appended at the end of the file. | 3eb62f14ed0821f7b9b366c83f3dcad1 | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: de74296762a8a8f7d4de62b5d9c82ee15aa255b238b0c79cf0a9204480109251https://attack.mitre.org/techniques/T1009/PARENTID: M22-M501eSSDEEP: 12288:j3J92NUqv51AI0oW5AFOrxXLEAbskhTgXDfX3nXXqfzdPHtx50VExUv6gCDl03nt:j3vbUEITW5A0F7V398ezdPnUv6rD2SHA1: 9e27eafaf8a3a63e37b86247b30de490ca1be7b6MD5: 3eb62f14ed0821f7b9b366c83f3dcad1 |
M22-M500a | Qakbot_203699e7 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 203699e7484d7c46a2c545a19b31f614 | https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.htmlSHA256: bdd605f7dbe00d45eb8e8927d70a30d9ee646b5c18c13f7ae50ee9454217739aSHA1: 2e2fe711787fa7a86957f601f9e3e3e4eea8d259MD5: 203699e7484d7c46a2c545a19b31f614 |
M22-M5003 | TeslaCrypt_02689622 | Windows |
This strike sends a malware sample known as TeslaCrypt. This ransomware demands Bitcoin in order to decrypt files from the system. | 02689622fffb34c0b816a26f937bc2c8 | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 291aab875adf6ae867713b06cd7e7456e395324d5de067a9e578441a39a7af3bSHA1: bf27e2c6d481ff2001c522572c15e6d524002dd0MD5: 02689622fffb34c0b816a26f937bc2c8 |
M22-M504e | TeslaCrypt_f5c24ce9 | Windows |
This strike sends a malware sample known as TeslaCrypt. This ransomware demands Bitcoin in order to decrypt files from the system. | f5c24ce99fc9ffc9ff25cf8bdfe7c033 | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 181a39b9477057e050e6b88583ffb21bc4b94a8783030735ee8ee677a9986e2aSHA1: a282a719be7a4d280185cf062f22bc90c272e967MD5: f5c24ce99fc9ffc9ff25cf8bdfe7c033 |
M22-M5034 | TrickBot_988a76f0 | Windows |
This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 988a76f02c98bf4730c3cc8af8e77e08 | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 956446e6fce0d16ad5ad2dfe21d6fcaa52fcda2baa7b96695d47d948bf07adcbSHA1: d9fbbcb4ff7e149ff64b8aa289f46eb3866cee53MD5: 988a76f02c98bf4730c3cc8af8e77e08 |
M22-M5025 | Hupigon_660a2d53 | Windows |
This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes. | 660a2d53655c5ff3c1fc1852095c1624 | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: 66b1d91bade1537ceb60419cfa294cdf8c00f1a7479e0b87838aa8ea4ce645d2SHA1: 687033439d44d27627c2d0bafaa7597e61b3cd87MD5: 660a2d53655c5ff3c1fc1852095c1624 |
M22-M5023 | TeslaCrypt_6127d0d5 | Windows |
This strike sends a malware sample known as TeslaCrypt. This ransomware demands Bitcoin in order to decrypt files from the system. | 6127d0d566524543ede893d4713d4ea5 | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: a536cc094459b15044b7030ae665be94f01b9ce5467ff254af170d742e935be1SHA1: 0bc91247727d298ba210f834a104290e0f6c2845MD5: 6127d0d566524543ede893d4713d4ea5 |
M22-M5054 | Hupigon_1f9f5ce9 | Windows |
This strike sends a polymorphic malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.The binary has been packed using upx packer, with the default options. | 1f9f5ce911834cf72f799844da29d977 | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: eac67c228dd9acf91d3dcd29233782384a967d471fb6120044954652a039d180https://attack.mitre.org/techniques/T1045/PARENTID: M22-M501eSSDEEP: 6144:1LgkgMyvjQuJXNJLkYH5UMVwv7+sDryZ0kXbLimi:ZgculXV+DtrymkLLySHA1: 37dd6bedfc25587a24f677671d96535bb419c7e0MD5: 1f9f5ce911834cf72f799844da29d977 |
M22-M5027 | TrickBot_6d6da629 | Windows |
This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 6d6da6296555ff0bb1b022431a05f6a2 | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 8266bd94da8a881040beec0e10ee3a15a146fd8f4e0772a2fbe8903d9c8f07b5SHA1: dbad408e38e55fcaa8593d920bd87ef016c0f8d3MD5: 6d6da6296555ff0bb1b022431a05f6a2 |
M22-M504f | Barys_f7298f17 | Windows |
This strike sends a malware sample known as Barys. Barys is a trojan and downloader that will upload malicious files to the victim machine. | f7298f1722540763da5a2e2c82368b25 | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: 876cd4901754ed356fa8f205b4dfa6e915edc5cfee8659b5d2e993c22a27ae9aSHA1: 1bd87034f715f55216fb9ab47dac917323163a2dMD5: f7298f1722540763da5a2e2c82368b25 |
M22-M5006 | TrickBot_15bdc351 | Windows |
This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 15bdc351812c393bdfb6c4de694754d0 | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 148d77d752a0f883a10231c4b082a5faf76df3fae754e7d4d50f78194532b9b2SHA1: 797f289ae581a116a48fa614c0841f5b059e06e9MD5: 15bdc351812c393bdfb6c4de694754d0 |
M22-M504a | TrickBot_d2f1c8b8 | Windows |
This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | d2f1c8b83b13ca3ea422a3ea847f7390 | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 901cdae9018e02b8e9fe37f6f96f6bd88d07b95f10fd6db5e506d9e1dbf3eb94SHA1: 6f86e0e1ab4bb8b123aebf1247fad767b4673a57MD5: d2f1c8b83b13ca3ea422a3ea847f7390 |
M22-M504d | Qakbot_f1f9f5bb | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | f1f9f5bb60f4ea8ccf648f8d23dc29ed | https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.htmlSHA256: bf156122bf6860f8383c94c2ea0dd5d6c0e1706c106a101020d411d4f8b68de1SHA1: 599775e1bfdaf2cc3a4a571428f34d706ad86495MD5: f1f9f5bb60f4ea8ccf648f8d23dc29ed |
M22-M501c | Hupigon_5096942b | Windows |
This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes. | 5096942b5ae645047759f038bde79ee2 | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: 1850ed9626ce5dcae67338227f1596364cf5497bd43706b20f9867bf44bf734eSHA1: cbd7ea30dc681f105d1a0e0bc02ca25170978750MD5: 5096942b5ae645047759f038bde79ee2 |
M22-M5016 | Qakbot_3f774b7e | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 3f774b7e5eb656c1e174b9d3f3003e79 | https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.htmlSHA256: a84c3002d8c7ea3f511c1223709389a12b4fb93d4ab248a59d63eee3d09b7fadSHA1: 2df97250b30de1add68b15637933c4f8a193578cMD5: 3f774b7e5eb656c1e174b9d3f3003e79 |
M22-M505a | Qakbot_6f149572 | Windows |
This strike sends a polymorphic malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.The binary has a random section name renamed according to the PE format specification. | 6f1495721e6f5576a8d076571f84df47 | https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.htmlSHA256: 6fe76b18168b0f1748999c559433d3789dcc9ab89cc62ab23ee7d9bed078700ehttps://arxiv.org/abs/1801.08917PARENTID: M22-M5017SSDEEP: 12288:L4Z52dj02g1PG9kBQLCyF1jHItQOhcrga114QFdy4unYkAi5QVhP3v82xidH7iKd:krj9RTy0tQOhygaFdyHYkANb82xiliSHA1: 6761a21b9126b6d53053e34b51a071c7a9a1eae7MD5: 6f1495721e6f5576a8d076571f84df47 |
M22-M5029 | TrickBot_76376460 | Windows |
This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 763764609377b0f3dbfa81a3cf8d9eff | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 2c08d65f8d68f44346ec045c62374246c7eddcb1a1c5f3b3854b0ade90539aa9SHA1: dc906156d3905c96b6536351c64fe238a6c89ab9MD5: 763764609377b0f3dbfa81a3cf8d9eff |
M22-M5013 | Barys_36642d69 | Windows |
This strike sends a malware sample known as Barys. Barys is a trojan and downloader that will upload malicious files to the victim machine. | 36642d69e2d734c634e8fa854e54ecae | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: bb820fbdf6453f1e896b50a577dec3b7bc00254a036bec399e0e0238240a6d2eSHA1: 306042bb30cd56cd2de08808c91f4d849df063e2MD5: 36642d69e2d734c634e8fa854e54ecae |
M22-M501d | TeslaCrypt_5104dda9 | Windows |
This strike sends a malware sample known as TeslaCrypt. This ransomware demands Bitcoin in order to decrypt files from the system. | 5104dda9b6b6558fcfd70c784f56cacd | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: c8748a99549d45eff46cc2cd6687d257478ecad14a5a8a0436e96d48315267cfSHA1: 2c86a4cbaa53d2ec1469d10f0dff998adaf29a0cMD5: 5104dda9b6b6558fcfd70c784f56cacd |
M22-M5063 | Hupigon_aeab478c | Windows |
This strike sends a polymorphic malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.The binary has a random section name renamed according to the PE format specification. | aeab478c4e5be8e682730d61ff01ac6e | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: 3a5ae148fb26b2f2bb54e7a180cb545611b67131f93a5fc2550abed405da810dhttps://arxiv.org/abs/1801.08917PARENTID: M22-M503fSSDEEP: 12288:i31RUjaaV7LHLneWW5AAs5D98i7OFthdEbvxidX3aXXqYSRKfDL5K5JTKvlR1X2P:i3HxK7/nDW5AA25vGroxi4SRKmuvlR1KSHA1: 8b9f25f09cea8f1b43912348989c53592aa4036cMD5: aeab478c4e5be8e682730d61ff01ac6e |
M22-M5008 | Qakbot_1b7f60cd | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 1b7f60cd44c6a084aa5144a1a119a5e2 | https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.htmlSHA256: 630172a8554497585e6fd7ebb266e040d29f49b09f728ef00d33b178a6604120SHA1: bd03d129975bcc51f79769c305e1acda8a1387a1MD5: 1b7f60cd44c6a084aa5144a1a119a5e2 |
M22-M5026 | TeslaCrypt_69d66bd8 | Windows |
This strike sends a malware sample known as TeslaCrypt. This ransomware demands Bitcoin in order to decrypt files from the system. | 69d66bd8dc40d804d2896855b381d1c7 | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 282e1666932d8debcc4ab86746e6791d49fd972582b2778062616d52a8866a96SHA1: 165de4d7dd9eb893a2cc38f2b8e9c2a87a9bc608MD5: 69d66bd8dc40d804d2896855b381d1c7 |
M22-M5051 | Hupigon_06f83b6c | Windows |
This strike sends a polymorphic malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.The binary has a random section name renamed according to the PE format specification. | 06f83b6c4f704afffe9d48727720416a | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: 064bc2ca6b544fa8c896fc4d07b0aa29b509c6947fa14fa6a9cb792820b8063chttps://arxiv.org/abs/1801.08917PARENTID: M22-M501eSSDEEP: 12288:03J92NUqv51AI0oW5AFOrxXLEAbskhTgXDfX3nXXqfzdPHtx50VExUv6gCDl03n+:03vbUEITW5A0F7V398ezdPnUv6rDSHA1: b519db40543d17b56096c99b666eaee6794cf30fMD5: 06f83b6c4f704afffe9d48727720416a |
M22-M5058 | Qakbot_5ba7f847 | Windows |
This strike sends a polymorphic malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.The binary has the checksum removed in the PE file format. | 5ba7f847655bb5bec39f148edfc75db0 | https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.htmlSHA256: e8995958edb5b9ce7b2323c78d3150873a25b7da3269b2d3503c695de8570545https://arxiv.org/abs/1801.08917PARENTID: M22-M5017SSDEEP: 12288:X4Z52dj02g1PG9kBQLCyF1jHItQOhcrga114QFdy4unYkAi5QVhP3v82xidH7iKd:orj9RTy0tQOhygaFdyHYkANb82xiliSHA1: 2e8b26ef9252aed0e5bfb03f623f5e5659efa9aaMD5: 5ba7f847655bb5bec39f148edfc75db0 |
M22-M500e | TeslaCrypt_25a8164a | Windows |
This strike sends a malware sample known as TeslaCrypt. This ransomware demands Bitcoin in order to decrypt files from the system. | 25a8164a44d68e0989967bec65e2818d | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: b261d6b8833f07990a69c4f88cdd54f703f465d162a6b1c3acf95561a17890b2SHA1: d8f2d401999188d915777fcba3fef045576a92baMD5: 25a8164a44d68e0989967bec65e2818d |
M22-M5038 | Qakbot_a683a2f7 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | a683a2f746b192a4a2dd8e8fa683c714 | https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.htmlSHA256: 903cfbb0bbee35282cd9f433403be7055ff84ab5f038ab9a6a7e0086a0374c6fSHA1: 9b2ed3c95f91882dacfb9a83550166f5124d7f53MD5: a683a2f746b192a4a2dd8e8fa683c714 |
M22-M5030 | TrickBot_8c3a027d | Windows |
This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 8c3a027dcfb199989fea5ba940e56052 | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 5a260230cafe0229937d77eea28779f134ae0fd2d2b17bde92942b5a11073ec4SHA1: aaf2006b76c8af8730ad8dee1db7bdbe77c9635fMD5: 8c3a027dcfb199989fea5ba940e56052 |
M22-M500f | TrickBot_25ba363d | Windows |
This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 25ba363d1849134fd7943aa631d266be | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 089b366e8793cbc83d91a234bd8f50fb8dfcd8e1c9d4ec12a557a5087654cb09SHA1: 7706c8f8c6ada681e54e482a0e7213357ba2aa68MD5: 25ba363d1849134fd7943aa631d266be |
M22-M5055 | Hupigon_339275e0 | Windows |
This strike sends a polymorphic malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.The binary has random strings (lorem ipsum) appended at the end of the file. | 339275e0728bc68486e1862bae27b0b6 | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: ea1807c25715c3610230995960af817c341101c26263dc5d488af602bf3181d0https://attack.mitre.org/techniques/T1009/PARENTID: M22-M501eSSDEEP: 12288:j3J92NUqv51AI0oW5AFOrxXLEAbskhTgXDfX3nXXqfzdPHtx50VExUv6gCDl03n+:j3vbUEITW5A0F7V398ezdPnUv6rDtSHA1: 48f5064e87e3695dee2e37600829d5e35ec3628dMD5: 339275e0728bc68486e1862bae27b0b6 |
M22-M5067 | Hupigon_debde42b | Windows |
This strike sends a polymorphic malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.The binary has random contents appended in one of the existing sections in the PE file format. | debde42b74a9c09d210f40a2da174330 | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: 34e868e7c2a6e8c37e3e30e1c5ac496f14627090348a39cf0c51c99026cb3d89https://arxiv.org/abs/1801.08917PARENTID: M22-M501eSSDEEP: 12288:J3J92NUqv51AI0oW5AFOrxXLEAbskhTgXDfX3nXXqfzdPHtx50VExUv6gCDl0Rn+:J3vbUEITW5A0F7V398ezdPnUv6rDSHA1: 962e6c358e46e84d07f4e32d09e07a178a337ad7MD5: debde42b74a9c09d210f40a2da174330 |
M22-M5045 | Qakbot_c31c0436 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | c31c0436a53ccc0d10da3f42a3605451 | https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.htmlSHA256: b33e1413f137a5f0d845c04fccfbe4fafb6e537b0ce9ea64319453ced6247a80SHA1: 3dd5865750bcb545c54025c6f7ae285957975be3MD5: c31c0436a53ccc0d10da3f42a3605451 |
M22-M5052 | TrickBot_15755349 | Windows |
This strike sends a polymorphic malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.The binary has random strings (lorem ipsum) appended at the end of the file. | 15755349b8ab974d167749cfc763bc80 | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 8dcff0a46407c20b7fc1b152924ee5a0f46d88d59a907c281e85b577c13764dehttps://attack.mitre.org/techniques/T1009/PARENTID: M22-M500fSSDEEP: 12288:TPXywR1k/1qZLqnmqI+IQP+cqo+f+8IW4MuFK1kFSFT5XQQu/IID/OW/toXiy9du:TfRLDB+Rqo+f+TcXXDMICzox9ZDGfi2bSHA1: e161f620a385bc179273d5c851823f68e708c491MD5: 15755349b8ab974d167749cfc763bc80 |
M22-M505b | REvil_79668390 | Windows |
This strike sends a polymorphic malware sample known as REvil. In July of 2021 a supply chain ransomware attack leveraging an SQL injection vulnerability in Kaseya VSA software was carried out against multiple MSPs and their customers. The ransomware being used in this attack, REvil also known as Sodinokibi, was pushed via an automated malicious update to their customers.The binary has been packed using upx packer, with the default options. | 796683909b5036791e015a01609dc751 | https://www.bleepingcomputer.com/news/security/revil-ransomware-returns-new-malware-sample-confirms-gang-is-back/SHA256: caec63febf5a317814578c43195860e4a8adf67a9198b3b78b2863e6ba025c6dhttps://attack.mitre.org/techniques/T1045/PARENTID: M22-M503aSSDEEP: 768:4Nlm2nKvGwUVtOlVXa52ZM+vjtnptpgccBHqL+b:4Nl0vz+OlVXTV5qcSHA1: c6cc1c2e15b32f57ce50c4e2f03bf2c646a8ecf6MD5: 796683909b5036791e015a01609dc751 |
M22-M5004 | Hupigon_07c75bae | Windows |
This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes. | 07c75baee5a6ae81ac978acba8a3d8aa | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: 371852ac7b74eb35be9852a914a103b8033138adea0850c7f101b2945da538b5SHA1: 48d30e57551966375ea44316c4909f9cb00e069eMD5: 07c75baee5a6ae81ac978acba8a3d8aa |
M22-M5065 | TrickBot_c14c3f99 | Windows |
This strike sends a polymorphic malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.The binary has a new section added in the PE file format with random contents. | c14c3f99bb7182a1cd190f04e9af9c43 | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 1cf90d23d942d6c48353842a3f9a63f94cdae38f647d824769f621857d2a1457https://arxiv.org/abs/1801.08917PARENTID: M22-M500fSSDEEP: 12288:GPXywR1k/1qZLqnmqI+IQP+cqo+f+8IW4MuFK1kFSFT5XQQu/IID/OW/toXiy9dG:GfRLDB+Rqo+f+TcXXDMICzox9ZDGfi2HSHA1: 4c3a498e176e83aca10c57f51b133f63f3726af8MD5: c14c3f99bb7182a1cd190f04e9af9c43 |
M22-M5002 | TeslaCrypt_01df1af3 | Windows |
This strike sends a malware sample known as TeslaCrypt. This ransomware demands Bitcoin in order to decrypt files from the system. | 01df1af3f09abbea8a92331c7305356b | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: b89b656a2ce0c5f6f1a37f39b86096551eb04551bb352a651c03732d2b2b501fSHA1: a68a426c91a49f6302aeee20ac18b0c849352975MD5: 01df1af3f09abbea8a92331c7305356b |
M22-M5049 | Qakbot_cd76cab9 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | cd76cab9e70999010d4549f660024bfe | https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.htmlSHA256: 475800c77b04c9d9877abc8b57f3fcb85492ef01b8480b0fa98621c4cb81a049SHA1: 3e7db439cf54d6c5649ec7b1870048847f511065MD5: cd76cab9e70999010d4549f660024bfe |
M22-M5014 | TrickBot_3be39381 | Windows |
This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 3be39381a1994f0055c41666e86221c7 | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 12b485f8bb93df3ef543ac9c2df5a6c881ad8d80e7a0500acf5d5ff7a8350454SHA1: ffe05c467e107fe7bf6f9acd7602875fe4c3c0d0MD5: 3be39381a1994f0055c41666e86221c7 |
M22-M5040 | Hupigon_b8aec15b | Windows |
This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes. | b8aec15bb1d5f7690685c735fb285483 | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: 30371f13135df527a7454ec9e77df9692b96e40fd53d84ec34d3e4f5a5f572f1SHA1: 0d785fd8be017a3f885b03ff567c94a19f88ed6eMD5: b8aec15bb1d5f7690685c735fb285483 |
M22-M5035 | Hupigon_9d00848b | Windows |
This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes. | 9d00848b8978a0fd33214b78662f90c1 | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: 51972f701179f2a3d00afe06fa2cf44c70c9cc2e52b4825e443b51c631ca5c28SHA1: 3aad7617655ed380a98b1c7e6d683fd379fbcc4eMD5: 9d00848b8978a0fd33214b78662f90c1 |
M22-M506a | TrickBot_f3591383 | Windows |
This strike sends a polymorphic malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.The binary has random contents appended in one of the existing sections in the PE file format. | f35913834ff4b111ee7971561136d185 | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 4eeba107a2533f19740d166af9e03988e88d7cc25bbb8b9a6588764b445a53d9https://arxiv.org/abs/1801.08917PARENTID: M22-M500fSSDEEP: 12288:TPXywR1k/1qZLqnmqI+IQP+cqo+f+8IW4MuFK1kFXFT5XQQu/IID/OW/toXiy9dH:TfRLDB+Rqo+f+TcWXDMICzox9ZDGfi2SSHA1: 9603407a04d92dd9bfc31f366556a52a19cbb1adMD5: f35913834ff4b111ee7971561136d185 |
M22-M5001 | TrickBot_010c5005 | Windows |
This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 010c50055f097fa6bb7d839d3147a2ea | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 72cb744b57f3183e15da3780cbfd4411dc77b36411c1fcca65ec59e2d15713f0SHA1: f79454f4b97a2a1b04426f158dbe0e220a0826cfMD5: 010c50055f097fa6bb7d839d3147a2ea |
M22-M501f | Hupigon_57ae6c60 | Windows |
This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes. | 57ae6c6014102b320c80edcc1f385366 | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: 55e93fe87b94d76f69d454de62dfed8dc7c0d97e2f3369aa346a27ba5f071534SHA1: 7ee253058fe2e5bccbdcb37772d114abf91393acMD5: 57ae6c6014102b320c80edcc1f385366 |
M22-M5048 | TrickBot_cb1f7a9a | Windows |
This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | cb1f7a9a6ce503974b34d8e396fe2e5a | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 6463c1b28ff09bfd3895b958249ce7e3220ec35b5a49422219407ee5f51cd47dSHA1: 3b12ba24f874b6e5c39308c89d3f6d77dcfa763fMD5: cb1f7a9a6ce503974b34d8e396fe2e5a |
M22-M5010 | TrickBot_2a4e6863 | Windows |
This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 2a4e68634737e0655ce279c6211eac59 | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 464bc95d917d9ec52420bf440a55f4099396d2af4af43d41694f30a70d00761bSHA1: c4b706e4ae230498c41b33ea0498bed846a03302MD5: 2a4e68634737e0655ce279c6211eac59 |
M22-M5068 | TrickBot_e3af376f | Windows |
This strike sends a polymorphic malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.The binary has the debug flag removed in the PE file format. | e3af376f2df425e0364f9f40bcfe1124 | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: e30f6a643088ffa302b46d65855bdaa3cca24de0e2dd9188f5904a38ae93d2b0https://arxiv.org/abs/1801.08917PARENTID: M22-M500fSSDEEP: 12288:GPXywR1k/1qZLqnmqI+IQP+cqo+f+8IW4MuFK1kFSFT5XQQu/IID/OW/toXiy9dH:GfRLDB+Rqo+f+TcXXDMICzox9ZDGfi2SSHA1: 699307c5b71fe04ba2e01d0689aa9c0c2ebc7e6bMD5: e3af376f2df425e0364f9f40bcfe1124 |
M22-M5015 | Hupigon_3d4a8ff6 | Windows |
This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes. | 3d4a8ff63982abce0518079deb731a83 | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: 6ab58b19fa30990b48550fb6bdb26c8b4dbab5e03c15764f23c2d86aba65dac9SHA1: 755098a568a2f77c4ae7a5c5da8840a5ae75a20aMD5: 3d4a8ff63982abce0518079deb731a83 |
M22-M5044 | Hupigon_be41beee | Windows |
This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes. | be41beee7e99e2a6fc79bd6bc0032b59 | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: 1efc883750179e5b3bde866fc14b92a89231be24ae854a7a038781b0b927879eSHA1: 26f17d2f16a724152712fbf5af31b33cb919599dMD5: be41beee7e99e2a6fc79bd6bc0032b59 |
M22-M5041 | TrickBot_b951c1df | Windows |
This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | b951c1df23a3735b1351577f3521a876 | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 704f3472d96b7a5ca6a31e7608ad29d5c0c331516367a6eca0ccd5ada61afdf6SHA1: 2951b520fb37d5275b171bd1c546156e6fbc8081MD5: b951c1df23a3735b1351577f3521a876 |
M22-M502d | TrickBot_84834e1f | Windows |
This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 84834e1fc670e9375f83839273c886df | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 259ba57d1ce1868c12144dc3fec87c8f882e201f3093048f7e933f53346b0afdSHA1: 18810d7025a0781b6070b41f5f828dceb47622f1MD5: 84834e1fc670e9375f83839273c886df |
M22-M502f | TrickBot_8a341bdf | Windows |
This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 8a341bdf26de60144d5c5aaba12f6227 | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 904df9175e7c173fa0d09bd57f4c038ecfa0bd438aa233807dfdc973f6f08679SHA1: a49133fc4dbecd231fb12993a2ec3cb180d5c040MD5: 8a341bdf26de60144d5c5aaba12f6227 |
M22-M500b | Hupigon_20517e6b | Windows |
This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes. | 20517e6b94106686ef81d375c90c2022 | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: 780f97f11b68ba98658bbf5fc5716af7a303c76a02348fef98792b1065b96c46SHA1: 6e9fcf762d5072f472777951f5b5e9ab86687c66MD5: 20517e6b94106686ef81d375c90c2022 |
M22-M506b | TrickBot_f59c6952 | Windows |
This strike sends a polymorphic malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.The binary has the timestamp field updated in the PE file header. | f59c695229c7b02cfe3440338c53dc20 | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: cbb463b05c06c5f6f536975661a620c0bdecc17640000adb376718a2078b358bhttps://attack.mitre.org/techniques/T1099/PARENTID: M22-M500fSSDEEP: 12288:rPXywR1k/1qZLqnmqI+IQP+cqo+f+8IW4MuFK1kFSFT5XQQu/IID/OW/toXiy9dH:rfRLDB+Rqo+f+TcXXDMICzox9ZDGfi2SSHA1: e169846029349cbf1a52b464948046892f6df60fMD5: f59c695229c7b02cfe3440338c53dc20 |
M22-M5064 | Hupigon_b17a8e87 | Windows |
This strike sends a polymorphic malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.The binary has random bytes appended at the end of the file. | b17a8e87539667748cd74b4c4da8aea9 | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: 98b53debeae1b28169234bcb33e51f34cbdb460773cf561b12f559fba698853chttps://attack.mitre.org/techniques/T1009/PARENTID: M22-M503fSSDEEP: 12288:631RUjaaV7LHLneWW5AAs5D98i7OFthdEbvxidX3aXXqYSRKfDL5K5JTKvlR1X2Y:63HxK7/nDW5AA25vGroxi4SRKmuvlR1hSHA1: d2234a2b43cea3613a96e083cb91c5fc3f8d3792MD5: b17a8e87539667748cd74b4c4da8aea9 |
M22-M5053 | TrickBot_1b4476b8 | Windows |
This strike sends a polymorphic malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.The binary has a random section name renamed according to the PE format specification. | 1b4476b84e3eea57dece04f6682402cf | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 5f678db83e745f56a0994ca61d6193af36936c05ca36a21f828ea4568cc48571https://arxiv.org/abs/1801.08917PARENTID: M22-M500fSSDEEP: 12288:rPXywR1k/1qZLqnmqI+IQP+cqo+f+8IW4MuFK1kFSFT5XQQu/IID/OW/toXiy9dH:rfRLDB+Rqo+f+TcXXDMICzox9ZDGfi2SSHA1: 72d6e5f8ddbb9ba79a757a3f433f5c0ba0a585c8MD5: 1b4476b84e3eea57dece04f6682402cf |
M22-M503a | REvil_ad49374e | Windows |
This strike sends a malware sample known as REvil. In July of 2021 a supply chain ransomware attack leveraging an SQL injection vulnerability in Kaseya VSA software was carried out against multiple MSPs and their customers. The ransomware being used in this attack, REvil also known as Sodinokibi, was pushed via an automated malicious update to their customers. | ad49374e3c72613023fe420f0d6010d9 | https://www.bleepingcomputer.com/news/security/revil-ransomware-returns-new-malware-sample-confirms-gang-is-back/SHA256: 0c10cf1b1640c9c845080f460ee69392bfaac981a4407b607e8e30d2ddf903e8SHA1: eb563ab4caca7e19bdeee807b025ab2d54e23624MD5: ad49374e3c72613023fe420f0d6010d9 |
M22-M5043 | Hupigon_bceef9b5 | Windows |
This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes. | bceef9b557f482e6395108967b42e159 | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: b83679856384e21172278479a81d0ccefb0b849f2643b65cf2f823b9c25dee7cSHA1: 15e817df37bdecc54f6dec8fcbc01634667d8782MD5: bceef9b557f482e6395108967b42e159 |
M22-M505e | TeslaCrypt_9d13bae9 | Windows |
This strike sends a polymorphic malware sample known as TeslaCrypt. This ransomware demands Bitcoin in order to decrypt files from the system.The binary has the timestamp field updated in the PE file header. | 9d13bae96cf4e77b52e630586907ac16 | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: d02f3ed678bf675a924d1cefff2b5a86b7105abc67d14dd5939350b469e00debhttps://attack.mitre.org/techniques/T1099/PARENTID: M22-M504eSSDEEP: 6144:sCk5T0HPFjZy2MqqG9zugobEYfglIkzQmBPDFF0HPFjZy2MqqG9zugobEYfg:y0vIq9oAXzQmR0vIq9oASHA1: 335e5259fe32e78910ac71410e3f2bf5e6dcd5bcMD5: 9d13bae96cf4e77b52e630586907ac16 |
M22-M5019 | Hupigon_43b43e55 | Windows |
This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes. | 43b43e552fbd6948382c4f7bd8c80017 | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: 13e4ffd70d314bd55ff275c34c8c0e17b68d0ade75a5a36d304e30a18e3695c5SHA1: cc6f81984baacc00c494c7dc0f0ecbf49c842a0eMD5: 43b43e552fbd6948382c4f7bd8c80017 |
M22-M5017 | Qakbot_405dc314 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 405dc3140fd0f010ff08a3b5b7833158 | https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.htmlSHA256: 03a8937c5d9637b60be1f02b835fd04320ca05ed0d38cbbe40e4a3f83bc6d3c8SHA1: 6e3f86094328267564b0ae0320f4c2fbae03c3fdMD5: 405dc3140fd0f010ff08a3b5b7833158 |
M22-M501e | Hupigon_51e34a25 | Windows |
This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes. | 51e34a25e65889cf833ec220329c487c | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: 114a95b36d5eb06500920fab99ae2827515af308635d2b61b62563badf1414c4SHA1: e8e410db87bb5ec8d39ab8cda5312786f11df7c6MD5: 51e34a25e65889cf833ec220329c487c |
M22-M505d | Qakbot_91257224 | Windows |
This strike sends a polymorphic malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.The binary has a random section name renamed according to the PE format specification. | 91257224c05e3e3d8c1ee8d7fe014a91 | https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.htmlSHA256: d2eac392345ed0cd8e3cced110b9d68c164c853d3559b88d08a7d54a6a4066b9https://arxiv.org/abs/1801.08917PARENTID: M22-M5005SSDEEP: 12288:M4Z52dj02g1PG9kBQLCygwjHItQOhcrga114QFdy4unYkAi5QVhP3v82xidH7FKb:Nrj9RTyEtQOhygaFdyHYkANb82xilFuSHA1: 9c1ad286710217267c0a26477c667e2c8561e40eMD5: 91257224c05e3e3d8c1ee8d7fe014a91 |
M22-M502c | Qakbot_82189898 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 82189898694af9b8e5ea9058da56261e | https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.htmlSHA256: 1e4112132b6ccbb5113f2886e1083f777a08b3d6268b73d76b38cd0b927f4ecfSHA1: d38be295de2f425819a06e8cada74520d8615ce9MD5: 82189898694af9b8e5ea9058da56261e |
M22-M504c | BlackByte_eef97710 | Mixed |
This strike sends a malware sample known as BlackByte. BlackByte is a ransomware group that employs a ransomware-as-a-service offering to malicious actors. Once infected communication with C2 servers is established. AnyDesk remote management software is installed as well as other publicly available software like 'netscanold' or 'psexec to perform lateral movement and establish persistence on the victim's machine. Once this functionality has been established the attacker demands a bitcoin ransom in order to decrypt the files on the system. | eef977108c7a7aef512532cc6e2f49cc | https://blog.talosintelligence.com/2022/05/the-blackbyte-ransomware-group-is.htmlSHA256: 884e96a75dc568075e845ccac2d4b4ccec68017e6ef258c7c03da8c88a597534SHA1: 7273bf0db30a12428f7046ef99ebe3e7472cdfbeMD5: eef977108c7a7aef512532cc6e2f49cc |
M22-M5009 | TrickBot_1fc6a697 | Windows |
This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 1fc6a6970218db54923a3418851d9244 | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 88e3c9743f423655a60801b44e4d8783c1a444f27748a7f00e827421eb7fd6c0SHA1: c483ab691205fad531b17c9eb68d44e23ffcf452MD5: 1fc6a6970218db54923a3418851d9244 |
M22-M5024 | Qakbot_61847aec | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 61847aec901fcbb00992d7563f026e5d | https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.htmlSHA256: db5972b4ab47c92b52c37ae694ccc5316c6cf4af79de52fc249fdb46a194596dSHA1: 9b28c2c03a145bbd5e0cb0d9cc6ed404beea4197MD5: 61847aec901fcbb00992d7563f026e5d |
M22-M503e | Hupigon_b6f5353f | Windows |
This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes. | b6f5353f224817d241ef24fdf594b22c | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: dc3b95c3c45f8aa3c95d58686b90492637cfc2dffbd0a553e6b0afefd0716c75SHA1: 4cd5b45658c85e9b21f67cc327162b7cec48eb25MD5: b6f5353f224817d241ef24fdf594b22c |
M22-M503f | Hupigon_b8776276 | Windows |
This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes. | b8776276dcd39631753cac978f8ec9a1 | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: 07d5c5e817a04a24afe129e3f05c42ca0ed9c4fba0f8c8ed464ef49aba1b2319SHA1: a8bceffd4d3c3e62c2800ea3a0d1e2e81a8aa1b6MD5: b8776276dcd39631753cac978f8ec9a1 |
M22-M5061 | Hupigon_a43dd785 | Windows |
This strike sends a polymorphic malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.The binary has the checksum removed in the PE file format. | a43dd7859c056269b1de939f77e7136b | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: 51daf9ec0c400291722f6363ba6ff462bf91f7a0efa82dc2106b605b8bb06536https://arxiv.org/abs/1801.08917PARENTID: M22-M501eSSDEEP: 12288:J3J92NUqv51AI0oW5AFOrxXLEAbskhTgXDfX3nXXqfzdPHtx50VExUv6gCDl03n+:J3vbUEITW5A0F7V398ezdPnUv6rDSHA1: 02c4949d3289586e143a7eaed29801f90961e76dMD5: a43dd7859c056269b1de939f77e7136b |
M22-M5031 | Hupigon_90468611 | Windows |
This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes. | 90468611aba2c7267ab82b46b69eb413 | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: cb94d6ac6f0200280bacb3a5436d2b768a8b5bb3f18a275853e9b6a4d577a794SHA1: b418ffba848521772781b270ef27b556f43deaa2MD5: 90468611aba2c7267ab82b46b69eb413 |
M22-M5060 | Qakbot_9f8e8dd6 | Windows |
This strike sends a polymorphic malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.The binary has random contents appended in one of the existing sections in the PE file format. | 9f8e8dd6c3b95d095fdd39687b2b6a0b | https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.htmlSHA256: dfc92dc312035598894983828098371ad4e39fba75df1509e10b0a96a7cff570https://arxiv.org/abs/1801.08917PARENTID: M22-M5005SSDEEP: 12288:c4Z52dj02g1PG9kBQLCy+wjHItQOhcrga114QFdy4unYkAi5QVhP3v82xidH7FKb:drj9RTy2tQOhygaFdyHYkANb82xilFuSHA1: 29e0e1b166ba39eb1aeb0c6571f52d21c9504f7cMD5: 9f8e8dd6c3b95d095fdd39687b2b6a0b |
M22-M503b | Qakbot_aea860a2 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | aea860a2c9b5de2e6a9619affef59ab6 | https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.htmlSHA256: bc5f0344277a72a9e4520f49150e00ef3ccefe916e08ef248ab6b762621b2c98SHA1: c23707053d15eee4393b3e17390c45e958dad561MD5: aea860a2c9b5de2e6a9619affef59ab6 |
M22-M5011 | Hupigon_2b20a40b | Windows |
This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes. | 2b20a40beb5838ae90e96d1ae9d25283 | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: cb4fcfdc6c787b264971a83772af1ecb872d45a07e8e28933a563366804f16b0SHA1: 6b18811cf9d535e7bf2e6c2233a367ab67a9c81bMD5: 2b20a40beb5838ae90e96d1ae9d25283 |
M22-M502e | TrickBot_87f56ddd | Windows |
This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 87f56ddd321f7c16fc1702e4112e7313 | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 4d4ad9bd0b51be44878ad59d1d9e3fa110a629ea52305cfc2ba3e9106698ca71SHA1: 002bb0b49e03e6b55220bc86709f20a20949192dMD5: 87f56ddd321f7c16fc1702e4112e7313 |
M22-M5039 | TrickBot_a6882fe6 | Windows |
This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | a6882fe62b5165f6ec4d64caa7f49448 | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 7131c68df5ded52136e0dd93456da13dd3cef68f5222157d20fd61b04a86f038SHA1: 4fbbc27badb1dd70b7e58b8f511c05a8f572d820MD5: a6882fe62b5165f6ec4d64caa7f49448 |
M22-M5028 | Hupigon_743e0997 | Windows |
This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes. | 743e0997dae362f311869bb9f4fa5abc | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: 7834e2a91eea26e48e98a6b04d28f4f1432f808bb6c7d41e6a2a896f45c2bb46SHA1: 257ddf98568a018a04b8198ab62919ee9da7388aMD5: 743e0997dae362f311869bb9f4fa5abc |
M22-M5020 | TeslaCrypt_5869bba8 | Windows |
This strike sends a malware sample known as TeslaCrypt. This ransomware demands Bitcoin in order to decrypt files from the system. | 5869bba88bcd0a572bdf48bf79a96084 | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 235e75a04e4622be8e18ab647a77a87a65a0b33dd0a9edf07e5ada784dc32bb5SHA1: 05eed71cccf0e543219c11e548cc0914c4f6847cMD5: 5869bba88bcd0a572bdf48bf79a96084 |
M22-M5005 | Qakbot_11a1f578 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 11a1f578e4f9f2b621b8be07345c05bb | https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.htmlSHA256: 0e6a4d17945d9c103fda3eabba411094f46bef60629254b5eb513cb1704549d6SHA1: f6105f910e79a4ab7683513f71f1a97b31b91837MD5: 11a1f578e4f9f2b621b8be07345c05bb |
M22-M5037 | TrickBot_a5cf1da0 | Windows |
This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | a5cf1da0e0cf75d265090f3246a73cc1 | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 96d60053f8d2be82d6fee5348e6ceff040525c149ec6d7642edce54d0251e0a3SHA1: bc905773db803b6a0eadf65c429d70d17a2b0abeMD5: a5cf1da0e0cf75d265090f3246a73cc1 |
M22-M500d | Hupigon_227154fb | Windows |
This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes. | 227154fb5f024c0d8a0be9b0df612ea3 | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: f75acca5bc2009ef78b856541bfac9e60d30298e742d781f07843a2330209415SHA1: 1f3c8a292551483dbfeedaabb083225e23ac860bMD5: 227154fb5f024c0d8a0be9b0df612ea3 |
M22-M503c | Qakbot_b4675efb | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | b4675efb7af833494f30356b6d8e6578 | https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.htmlSHA256: 284947350f2b5ba8d274ce35fe7d4046bd5d60075a598b1f080ed415dfd9e322SHA1: 4e73c869b53cb25ee01b5b2465f127916da513c1MD5: b4675efb7af833494f30356b6d8e6578 |
M22-M5062 | Hupigon_a94f8d04 | Windows |
This strike sends a polymorphic malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.The binary has been packed using upx packer, with the default options. | a94f8d044abf12e2bd92184ad1e7fa22 | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: 2c7795877263cc9e702b1f8e6e28003c825485051c115c82e4303bc4086380e9https://attack.mitre.org/techniques/T1045/PARENTID: M22-M503fSSDEEP: 6144:7ywk+OSgP6aZ2bWrlPzTOpSNBmJU7ze+qxE9jX6zLdi6lZ5U9fcQ:GwkBP6GXlPzTOwNWUv6/dDj5ySHA1: f53c4b49d35c6c83a646cc853a88ce4a1f7cfd55MD5: a94f8d044abf12e2bd92184ad1e7fa22 |
M22-M5021 | Qakbot_5df167f3 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 5df167f3192b8e23833a0a5f8d2fca45 | https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.htmlSHA256: 8cf4485ebcbdcaadbb806642b98578d2e1cd1eeac0d8605acdf4790a772010d5SHA1: 3cbebc239bc9a13ad32e1473c31ae53384d7b370MD5: 5df167f3192b8e23833a0a5f8d2fca45 |
M22-M500c | Barys_20d6e9bb | Windows |
This strike sends a malware sample known as Barys. Barys is a trojan and downloader that will upload malicious files to the victim machine. | 20d6e9bb4eb08715b9c14437b90c059d | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: 9f762428f1e64805ef0e622c492bb610a811f5bd85c0d859052efc10ce63819aSHA1: 123181de2b2cc98a7d16103d185abd2251855613MD5: 20d6e9bb4eb08715b9c14437b90c059d |
M22-M5022 | Hupigon_5e185489 | Windows |
This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes. | 5e18548913107bd5506a21bd541b25ae | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: 1afa8bf0e717c709e3793ad09bd1a5c84eb55d492c6c3b79e91eb9e9626ff1e4SHA1: 9871b911387dd1e6523384cbb93213660d37d258MD5: 5e18548913107bd5506a21bd541b25ae |
M22-M501a | Qakbot_4c08497d | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 4c08497dcc46ef0bb965a34d9e5fd32c | https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.htmlSHA256: 9995a209ed064f38bfb1bea4d35d26e6103c969d91bee45e942523f53e853c0bSHA1: 8843c999ecc045dacfaee4a9b23406b39baeb7f0MD5: 4c08497dcc46ef0bb965a34d9e5fd32c |
M22-M501b | TrickBot_4d9829c8 | Windows |
This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 4d9829c8ddc45429fa8f40a758e821bf | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 57f6bba7f29a365466af5dd3cd9a9f61e57543f4d83d76bef81640b3048e2cddSHA1: e2678a51fe2ba86903045b5c5ff4bd119a668c6dMD5: 4d9829c8ddc45429fa8f40a758e821bf |
M22-M505f | Hupigon_9efb0665 | Windows |
This strike sends a polymorphic malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.The binary has random strings (lorem ipsum) appended at the end of the file. | 9efb06656eabd91cf27272343e11f014 | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: e5fe80188b307693b9a8fc3b8ea0d8ef5523dc8014b8c6a1128f8b537c08ddd3https://attack.mitre.org/techniques/T1009/PARENTID: M22-M503fSSDEEP: 12288:631RUjaaV7LHLneWW5AAs5D98i7OFthdEbvxidX3aXXqYSRKfDL5K5JTKvlR1X2h:63HxK7/nDW5AA25vGroxi4SRKmuvlR1USHA1: 77cef7c40b5080815806d738d87288b26817e578MD5: 9efb06656eabd91cf27272343e11f014 |
M22-M5047 | TrickBot_c8f68051 | Windows |
This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | c8f68051462b3f1bd59c4501b9daec3b | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 13edd954aa2cb6615acce1a1f169366f6d12554012d185b22150b4ac3b1e2b5cSHA1: cd6f15ba6357cd03f2bbe07f883951831ead838bMD5: c8f68051462b3f1bd59c4501b9daec3b |
M22-M5059 | Hupigon_689678d7 | Windows |
This strike sends a polymorphic malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.The binary has random contents appended in one of the existing sections in the PE file format. | 689678d733098fafa9138197421f1b25 | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: f7a7d771d50880a3ba5523aa1353ace313f89aa6146b6a158a4a44f4edbd6e44https://arxiv.org/abs/1801.08917PARENTID: M22-M503fSSDEEP: 12288:a31RUjaaV7LHLneWW5AAs5D98i7OFthdEbvxidX3aXXqYSRKfDL5K5JTKvlR1X2P:a3HxK7/nDW5AA25vGroxi4SRKmuvlR1KSHA1: 10cf36c21b525100ab83b054f9a3f9529c9fe3cfMD5: 689678d733098fafa9138197421f1b25 |
M22-M5032 | Qakbot_94cdc6bd | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 94cdc6bdf1021e5a632018c13d2cb5b7 | https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.htmlSHA256: ff716935c2651546934d9cbbd61d039abc89da049fe7e9d0acf8b8c6035bd3e5SHA1: e46deb493c7425dafcb6c158c96ce1f285316dbcMD5: 94cdc6bdf1021e5a632018c13d2cb5b7 |
M22-M5057 | TrickBot_4ce52d89 | Windows |
This strike sends a polymorphic malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.The binary file has one more imports added in the import table. | 4ce52d89efff02ddd3995af5d69b65f4 | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 4228374bc763ff5014c3b6e63ab6b1009b51e4509174d6fb00b6e582780c6b11https://arxiv.org/abs/1702.05983PARENTID: M22-M500fSSDEEP: 12288:SPXywR1k/1qZLqnmqI+IQP+cqo+f+8IW4MuFK1kFSFT5XQQu/IID/OW/toXiy9dB:SfRLDB+Rqo+f+TcXXDMICzox9ZD6fi2MSHA1: e74f8e87ae95e67e29d7ea3d7da4b3f5355f3767MD5: 4ce52d89efff02ddd3995af5d69b65f4 |
M22-M502a | TeslaCrypt_796aa3c8 | Windows |
This strike sends a malware sample known as TeslaCrypt. This ransomware demands Bitcoin in order to decrypt files from the system. | 796aa3c80d4b3be5333cbc910071612a | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: b57ca40eab68c52c47e979fae218dcb91cb833caeadd53538695b12f5f70c51cSHA1: 2a7ab2b23b194258042c1b79e5a9fa91812948e2MD5: 796aa3c80d4b3be5333cbc910071612a |
M22-M5012 | Hupigon_2da2d409 | Windows |
This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes. | 2da2d4091b9ad9050d9f2127e69f56b0 | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: 651b5e5f4f933fe94ae0d5438ed7af2f051db6c718150ab1538e41f4effc9f09SHA1: 34ed2bf88dccc2669d79e5d8bbdf3f7a06007ff8MD5: 2da2d4091b9ad9050d9f2127e69f56b0 |
M22-M5050 | TeslaCrypt_f8c510f5 | Windows |
This strike sends a malware sample known as TeslaCrypt. This ransomware demands Bitcoin in order to decrypt files from the system. | f8c510f569bb2daf365c01e002e9bf48 | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 77f8d351f3f9b27c42ddd98965269e809e0b864571013240bc3f1e6c7cd51dddSHA1: bf809ae8c877defcdae0345dc42989c938e622eaMD5: f8c510f569bb2daf365c01e002e9bf48 |
M22-M506c | REvil_fa4fb07b | Windows |
This strike sends a polymorphic malware sample known as REvil. In July of 2021 a supply chain ransomware attack leveraging an SQL injection vulnerability in Kaseya VSA software was carried out against multiple MSPs and their customers. The ransomware being used in this attack, REvil also known as Sodinokibi, was pushed via an automated malicious update to their customers.The binary has random strings (lorem ipsum) appended at the end of the file. | fa4fb07b8139347c27b5087b1ce4a524 | https://www.bleepingcomputer.com/news/security/revil-ransomware-returns-new-malware-sample-confirms-gang-is-back/SHA256: 9d16a0be7bbe5b4efb98be296c00187b778610c26feaeb18b4b6b605d3c88f72https://attack.mitre.org/techniques/T1009/PARENTID: M22-M503aSSDEEP: 1536:nhxY8CkSIxCSWY52x2xEpymgCICS4Ao7f/L7WG:hrxNWA2x2xgacOGSHA1: 10770d0a2c430da045157b498eaf41277fcaa552MD5: fa4fb07b8139347c27b5087b1ce4a524 |
M22-M5033 | Hupigon_964bd073 | Windows |
This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes. | 964bd07332952fe78d3cdc44a20e64d7 | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: e5c2cf38779a1bc5bc9837f32547153083a3fc890cab311ded8109bc72d8b3f5SHA1: 2efff529d530cc47fe96a94bed17eba744a5f2b4MD5: 964bd07332952fe78d3cdc44a20e64d7 |
M22-M5066 | Qakbot_dbb7ecb8 | Windows |
This strike sends a polymorphic malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.The binary has random bytes appended at the end of the file. | dbb7ecb89e18360dd41a60adf94587ec | https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.htmlSHA256: ffd453c46b72d8333b1b4aa1a791c302e79af23e8029cebadd9b9150fc5ad2f8https://attack.mitre.org/techniques/T1009/PARENTID: M22-M5017SSDEEP: 12288:74Z52dj02g1PG9kBQLCyF1jHItQOhcrga114QFdy4unYkAi5QVhP3v82xidH7iKM:Urj9RTy0tQOhygaFdyHYkANb82xilivSHA1: 7ba84b92a81a2b3ad1881ab50efd6a56e717b711MD5: dbb7ecb89e18360dd41a60adf94587ec |
M22-M5018 | TrickBot_421993b2 | Windows |
This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | 421993b2fc82e644b71d638028410316 | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 3c62ba077f17b25160bd01df9ce8ecdd730eacece2a7947a62981cec829fb894SHA1: 8931d11d33072de5e871863049d712024d6e52e7MD5: 421993b2fc82e644b71d638028410316 |
M22-M503d | Hupigon_b5f51c06 | Windows |
This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes. | b5f51c06af27f4f20d9e30b2fd7bc809 | https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.htmlSHA256: 568c2616afc3c02bc1ecdd56e794e7518241337abb250e23d7d058c94e1c3a4dSHA1: 637c58fcf8a50ee825490c21f8cc56e4de5653f3MD5: b5f51c06af27f4f20d9e30b2fd7bc809 |
M22-M505c | Qakbot_85d4e77b | Windows |
This strike sends a polymorphic malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.The binary has the checksum removed in the PE file format. | 85d4e77b12ae4eb3e9ed09c98fa44d86 | https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.htmlSHA256: 25bce15d32996348aabf2972fb97a8c21995cec50d0762387d01b0026fc9639ahttps://arxiv.org/abs/1801.08917PARENTID: M22-M5005SSDEEP: 12288:V4Z52dj02g1PG9kBQLCygwjHItQOhcrga114QFdy4unYkAi5QVhP3v82xidH7FKb:+rj9RTyEtQOhygaFdyHYkANb82xilFuSHA1: 23437700e457079befd268ff20aeaf52055ad871MD5: 85d4e77b12ae4eb3e9ed09c98fa44d86 |
M22-M504b | TrickBot_e4e07dbc | Windows |
This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts. | e4e07dbc061bbc8f4069eddf0896a23c | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 3f0e21c9807bcbe3081e0dfc1a28f15b483efe760afa382d891a97de6876f8aaSHA1: c3f5121b1f0e4a8c80f039b97108455a401cb7b1MD5: e4e07dbc061bbc8f4069eddf0896a23c |
M22-M5007 | TeslaCrypt_1a1f3710 | Windows |
This strike sends a malware sample known as TeslaCrypt. This ransomware demands Bitcoin in order to decrypt files from the system. | 1a1f3710088a7a5c062ad9c43b0628f8 | https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.htmlSHA256: 8fcafc56c480b5b6492aa5b4882f7b4351e0113b5c20fa69f73db0b2d9dbc82aSHA1: d11d211bbef09daac9aae26782cd9c71adf12cc3MD5: 1a1f3710088a7a5c062ad9c43b0628f8 |