Malware Monthly Update May - 2022

Malware Strikes

Strike ID Malware Platform Info MD5 External References
M22-M5042Hupigon_bbdd2e9eWindows This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.bbdd2e9e288862a2e2048871ec43a398https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: 7edf7c40ae4faca38743888c32ea5f0ca9ba738de120ec6c21f08b46a2561e1a
SHA1: 79a266bd77c1b9547580998591fe200a74e09679
MD5: bbdd2e9e288862a2e2048871ec43a398
M22-M5069TrickBot_ed20b235Windows This strike sends a polymorphic malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.The binary has random bytes appended at the end of the file.ed20b2358d873d1699b1af76d15816f2https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 68ee0cbcae4eb83300ae8e4133b329e49cbb2dd27f17b29a4706c88c0947a0d7
https://attack.mitre.org/techniques/T1009/
PARENTID: M22-M500f
SSDEEP: 12288:TPXywR1k/1qZLqnmqI+IQP+cqo+f+8IW4MuFK1kFSFT5XQQu/IID/OW/toXiy9dY:TfRLDB+Rqo+f+TcXXDMICzox9ZDGfi2R
SHA1: 0602fede622864272a72e3e12f3eb5fa59ee1fa5
MD5: ed20b2358d873d1699b1af76d15816f2
M22-M502bTrickBot_82130c33Windows This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.82130c33ba1635a09ab4d109a3ec6d0ahttps://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 4970c1befe8ed3cab71cd9d43317b9f311d10b49ffc18e1a71f6685cdce05c5c
SHA1: c77c751abef13d659c8d64337f50dc52761909de
MD5: 82130c33ba1635a09ab4d109a3ec6d0a
M22-M5036TrickBot_a3854599Windows This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.a3854599ec95b48d8aa1e2ad9cb66d16https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 16ffb81083c9c988e526a1fd6fd8143dc21ea2f4876833ba43b64ead08ca9aee
SHA1: 1fbbea5dc2fd293784e4d403e49858709a52ba2f
MD5: a3854599ec95b48d8aa1e2ad9cb66d16
M22-M5046Qakbot_c611fb97Windows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.c611fb978592e9b1357244627049350dhttps://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.html
SHA256: 3fc05b1cc4b4af7a9dd6d32f0b729840a4025325d864a689a389350fbcc4e20c
SHA1: 3c455e7cfab196ca93389c4cb4f12750fe68f924
MD5: c611fb978592e9b1357244627049350d
M22-M5056Hupigon_3eb62f14Windows This strike sends a polymorphic malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.The binary has random bytes appended at the end of the file.3eb62f14ed0821f7b9b366c83f3dcad1https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: de74296762a8a8f7d4de62b5d9c82ee15aa255b238b0c79cf0a9204480109251
https://attack.mitre.org/techniques/T1009/
PARENTID: M22-M501e
SSDEEP: 12288:j3J92NUqv51AI0oW5AFOrxXLEAbskhTgXDfX3nXXqfzdPHtx50VExUv6gCDl03nt:j3vbUEITW5A0F7V398ezdPnUv6rD2
SHA1: 9e27eafaf8a3a63e37b86247b30de490ca1be7b6
MD5: 3eb62f14ed0821f7b9b366c83f3dcad1
M22-M500aQakbot_203699e7Windows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.203699e7484d7c46a2c545a19b31f614https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.html
SHA256: bdd605f7dbe00d45eb8e8927d70a30d9ee646b5c18c13f7ae50ee9454217739a
SHA1: 2e2fe711787fa7a86957f601f9e3e3e4eea8d259
MD5: 203699e7484d7c46a2c545a19b31f614
M22-M5003TeslaCrypt_02689622Windows This strike sends a malware sample known as TeslaCrypt. This ransomware demands Bitcoin in order to decrypt files from the system.02689622fffb34c0b816a26f937bc2c8https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 291aab875adf6ae867713b06cd7e7456e395324d5de067a9e578441a39a7af3b
SHA1: bf27e2c6d481ff2001c522572c15e6d524002dd0
MD5: 02689622fffb34c0b816a26f937bc2c8
M22-M504eTeslaCrypt_f5c24ce9Windows This strike sends a malware sample known as TeslaCrypt. This ransomware demands Bitcoin in order to decrypt files from the system.f5c24ce99fc9ffc9ff25cf8bdfe7c033https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 181a39b9477057e050e6b88583ffb21bc4b94a8783030735ee8ee677a9986e2a
SHA1: a282a719be7a4d280185cf062f22bc90c272e967
MD5: f5c24ce99fc9ffc9ff25cf8bdfe7c033
M22-M5034TrickBot_988a76f0Windows This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.988a76f02c98bf4730c3cc8af8e77e08https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 956446e6fce0d16ad5ad2dfe21d6fcaa52fcda2baa7b96695d47d948bf07adcb
SHA1: d9fbbcb4ff7e149ff64b8aa289f46eb3866cee53
MD5: 988a76f02c98bf4730c3cc8af8e77e08
M22-M5025Hupigon_660a2d53Windows This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.660a2d53655c5ff3c1fc1852095c1624https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: 66b1d91bade1537ceb60419cfa294cdf8c00f1a7479e0b87838aa8ea4ce645d2
SHA1: 687033439d44d27627c2d0bafaa7597e61b3cd87
MD5: 660a2d53655c5ff3c1fc1852095c1624
M22-M5023TeslaCrypt_6127d0d5Windows This strike sends a malware sample known as TeslaCrypt. This ransomware demands Bitcoin in order to decrypt files from the system.6127d0d566524543ede893d4713d4ea5https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: a536cc094459b15044b7030ae665be94f01b9ce5467ff254af170d742e935be1
SHA1: 0bc91247727d298ba210f834a104290e0f6c2845
MD5: 6127d0d566524543ede893d4713d4ea5
M22-M5054Hupigon_1f9f5ce9Windows This strike sends a polymorphic malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.The binary has been packed using upx packer, with the default options.1f9f5ce911834cf72f799844da29d977https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: eac67c228dd9acf91d3dcd29233782384a967d471fb6120044954652a039d180
https://attack.mitre.org/techniques/T1045/
PARENTID: M22-M501e
SSDEEP: 6144:1LgkgMyvjQuJXNJLkYH5UMVwv7+sDryZ0kXbLimi:ZgculXV+DtrymkLLy
SHA1: 37dd6bedfc25587a24f677671d96535bb419c7e0
MD5: 1f9f5ce911834cf72f799844da29d977
M22-M5027TrickBot_6d6da629Windows This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.6d6da6296555ff0bb1b022431a05f6a2https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 8266bd94da8a881040beec0e10ee3a15a146fd8f4e0772a2fbe8903d9c8f07b5
SHA1: dbad408e38e55fcaa8593d920bd87ef016c0f8d3
MD5: 6d6da6296555ff0bb1b022431a05f6a2
M22-M504fBarys_f7298f17Windows This strike sends a malware sample known as Barys. Barys is a trojan and downloader that will upload malicious files to the victim machine.f7298f1722540763da5a2e2c82368b25https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: 876cd4901754ed356fa8f205b4dfa6e915edc5cfee8659b5d2e993c22a27ae9a
SHA1: 1bd87034f715f55216fb9ab47dac917323163a2d
MD5: f7298f1722540763da5a2e2c82368b25
M22-M5006TrickBot_15bdc351Windows This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.15bdc351812c393bdfb6c4de694754d0https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 148d77d752a0f883a10231c4b082a5faf76df3fae754e7d4d50f78194532b9b2
SHA1: 797f289ae581a116a48fa614c0841f5b059e06e9
MD5: 15bdc351812c393bdfb6c4de694754d0
M22-M504aTrickBot_d2f1c8b8Windows This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.d2f1c8b83b13ca3ea422a3ea847f7390https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 901cdae9018e02b8e9fe37f6f96f6bd88d07b95f10fd6db5e506d9e1dbf3eb94
SHA1: 6f86e0e1ab4bb8b123aebf1247fad767b4673a57
MD5: d2f1c8b83b13ca3ea422a3ea847f7390
M22-M504dQakbot_f1f9f5bbWindows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.f1f9f5bb60f4ea8ccf648f8d23dc29edhttps://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.html
SHA256: bf156122bf6860f8383c94c2ea0dd5d6c0e1706c106a101020d411d4f8b68de1
SHA1: 599775e1bfdaf2cc3a4a571428f34d706ad86495
MD5: f1f9f5bb60f4ea8ccf648f8d23dc29ed
M22-M501cHupigon_5096942bWindows This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.5096942b5ae645047759f038bde79ee2https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: 1850ed9626ce5dcae67338227f1596364cf5497bd43706b20f9867bf44bf734e
SHA1: cbd7ea30dc681f105d1a0e0bc02ca25170978750
MD5: 5096942b5ae645047759f038bde79ee2
M22-M5016Qakbot_3f774b7eWindows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.3f774b7e5eb656c1e174b9d3f3003e79https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.html
SHA256: a84c3002d8c7ea3f511c1223709389a12b4fb93d4ab248a59d63eee3d09b7fad
SHA1: 2df97250b30de1add68b15637933c4f8a193578c
MD5: 3f774b7e5eb656c1e174b9d3f3003e79
M22-M505aQakbot_6f149572Windows This strike sends a polymorphic malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.The binary has a random section name renamed according to the PE format specification.6f1495721e6f5576a8d076571f84df47https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.html
SHA256: 6fe76b18168b0f1748999c559433d3789dcc9ab89cc62ab23ee7d9bed078700e
https://arxiv.org/abs/1801.08917
PARENTID: M22-M5017
SSDEEP: 12288:L4Z52dj02g1PG9kBQLCyF1jHItQOhcrga114QFdy4unYkAi5QVhP3v82xidH7iKd:krj9RTy0tQOhygaFdyHYkANb82xili
SHA1: 6761a21b9126b6d53053e34b51a071c7a9a1eae7
MD5: 6f1495721e6f5576a8d076571f84df47
M22-M5029TrickBot_76376460Windows This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.763764609377b0f3dbfa81a3cf8d9effhttps://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 2c08d65f8d68f44346ec045c62374246c7eddcb1a1c5f3b3854b0ade90539aa9
SHA1: dc906156d3905c96b6536351c64fe238a6c89ab9
MD5: 763764609377b0f3dbfa81a3cf8d9eff
M22-M5013Barys_36642d69Windows This strike sends a malware sample known as Barys. Barys is a trojan and downloader that will upload malicious files to the victim machine.36642d69e2d734c634e8fa854e54ecaehttps://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: bb820fbdf6453f1e896b50a577dec3b7bc00254a036bec399e0e0238240a6d2e
SHA1: 306042bb30cd56cd2de08808c91f4d849df063e2
MD5: 36642d69e2d734c634e8fa854e54ecae
M22-M501dTeslaCrypt_5104dda9Windows This strike sends a malware sample known as TeslaCrypt. This ransomware demands Bitcoin in order to decrypt files from the system.5104dda9b6b6558fcfd70c784f56cacdhttps://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: c8748a99549d45eff46cc2cd6687d257478ecad14a5a8a0436e96d48315267cf
SHA1: 2c86a4cbaa53d2ec1469d10f0dff998adaf29a0c
MD5: 5104dda9b6b6558fcfd70c784f56cacd
M22-M5063Hupigon_aeab478cWindows This strike sends a polymorphic malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.The binary has a random section name renamed according to the PE format specification.aeab478c4e5be8e682730d61ff01ac6ehttps://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: 3a5ae148fb26b2f2bb54e7a180cb545611b67131f93a5fc2550abed405da810d
https://arxiv.org/abs/1801.08917
PARENTID: M22-M503f
SSDEEP: 12288:i31RUjaaV7LHLneWW5AAs5D98i7OFthdEbvxidX3aXXqYSRKfDL5K5JTKvlR1X2P:i3HxK7/nDW5AA25vGroxi4SRKmuvlR1K
SHA1: 8b9f25f09cea8f1b43912348989c53592aa4036c
MD5: aeab478c4e5be8e682730d61ff01ac6e
M22-M5008Qakbot_1b7f60cdWindows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.1b7f60cd44c6a084aa5144a1a119a5e2https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.html
SHA256: 630172a8554497585e6fd7ebb266e040d29f49b09f728ef00d33b178a6604120
SHA1: bd03d129975bcc51f79769c305e1acda8a1387a1
MD5: 1b7f60cd44c6a084aa5144a1a119a5e2
M22-M5026TeslaCrypt_69d66bd8Windows This strike sends a malware sample known as TeslaCrypt. This ransomware demands Bitcoin in order to decrypt files from the system.69d66bd8dc40d804d2896855b381d1c7https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 282e1666932d8debcc4ab86746e6791d49fd972582b2778062616d52a8866a96
SHA1: 165de4d7dd9eb893a2cc38f2b8e9c2a87a9bc608
MD5: 69d66bd8dc40d804d2896855b381d1c7
M22-M5051Hupigon_06f83b6cWindows This strike sends a polymorphic malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.The binary has a random section name renamed according to the PE format specification.06f83b6c4f704afffe9d48727720416ahttps://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: 064bc2ca6b544fa8c896fc4d07b0aa29b509c6947fa14fa6a9cb792820b8063c
https://arxiv.org/abs/1801.08917
PARENTID: M22-M501e
SSDEEP: 12288:03J92NUqv51AI0oW5AFOrxXLEAbskhTgXDfX3nXXqfzdPHtx50VExUv6gCDl03n+:03vbUEITW5A0F7V398ezdPnUv6rD
SHA1: b519db40543d17b56096c99b666eaee6794cf30f
MD5: 06f83b6c4f704afffe9d48727720416a
M22-M5058Qakbot_5ba7f847Windows This strike sends a polymorphic malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.The binary has the checksum removed in the PE file format.5ba7f847655bb5bec39f148edfc75db0https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.html
SHA256: e8995958edb5b9ce7b2323c78d3150873a25b7da3269b2d3503c695de8570545
https://arxiv.org/abs/1801.08917
PARENTID: M22-M5017
SSDEEP: 12288:X4Z52dj02g1PG9kBQLCyF1jHItQOhcrga114QFdy4unYkAi5QVhP3v82xidH7iKd:orj9RTy0tQOhygaFdyHYkANb82xili
SHA1: 2e8b26ef9252aed0e5bfb03f623f5e5659efa9aa
MD5: 5ba7f847655bb5bec39f148edfc75db0
M22-M500eTeslaCrypt_25a8164aWindows This strike sends a malware sample known as TeslaCrypt. This ransomware demands Bitcoin in order to decrypt files from the system.25a8164a44d68e0989967bec65e2818dhttps://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: b261d6b8833f07990a69c4f88cdd54f703f465d162a6b1c3acf95561a17890b2
SHA1: d8f2d401999188d915777fcba3fef045576a92ba
MD5: 25a8164a44d68e0989967bec65e2818d
M22-M5038Qakbot_a683a2f7Windows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.a683a2f746b192a4a2dd8e8fa683c714https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.html
SHA256: 903cfbb0bbee35282cd9f433403be7055ff84ab5f038ab9a6a7e0086a0374c6f
SHA1: 9b2ed3c95f91882dacfb9a83550166f5124d7f53
MD5: a683a2f746b192a4a2dd8e8fa683c714
M22-M5030TrickBot_8c3a027dWindows This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.8c3a027dcfb199989fea5ba940e56052https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 5a260230cafe0229937d77eea28779f134ae0fd2d2b17bde92942b5a11073ec4
SHA1: aaf2006b76c8af8730ad8dee1db7bdbe77c9635f
MD5: 8c3a027dcfb199989fea5ba940e56052
M22-M500fTrickBot_25ba363dWindows This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.25ba363d1849134fd7943aa631d266behttps://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 089b366e8793cbc83d91a234bd8f50fb8dfcd8e1c9d4ec12a557a5087654cb09
SHA1: 7706c8f8c6ada681e54e482a0e7213357ba2aa68
MD5: 25ba363d1849134fd7943aa631d266be
M22-M5055Hupigon_339275e0Windows This strike sends a polymorphic malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.The binary has random strings (lorem ipsum) appended at the end of the file.339275e0728bc68486e1862bae27b0b6https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: ea1807c25715c3610230995960af817c341101c26263dc5d488af602bf3181d0
https://attack.mitre.org/techniques/T1009/
PARENTID: M22-M501e
SSDEEP: 12288:j3J92NUqv51AI0oW5AFOrxXLEAbskhTgXDfX3nXXqfzdPHtx50VExUv6gCDl03n+:j3vbUEITW5A0F7V398ezdPnUv6rDt
SHA1: 48f5064e87e3695dee2e37600829d5e35ec3628d
MD5: 339275e0728bc68486e1862bae27b0b6
M22-M5067Hupigon_debde42bWindows This strike sends a polymorphic malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.The binary has random contents appended in one of the existing sections in the PE file format.debde42b74a9c09d210f40a2da174330https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: 34e868e7c2a6e8c37e3e30e1c5ac496f14627090348a39cf0c51c99026cb3d89
https://arxiv.org/abs/1801.08917
PARENTID: M22-M501e
SSDEEP: 12288:J3J92NUqv51AI0oW5AFOrxXLEAbskhTgXDfX3nXXqfzdPHtx50VExUv6gCDl0Rn+:J3vbUEITW5A0F7V398ezdPnUv6rD
SHA1: 962e6c358e46e84d07f4e32d09e07a178a337ad7
MD5: debde42b74a9c09d210f40a2da174330
M22-M5045Qakbot_c31c0436Windows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.c31c0436a53ccc0d10da3f42a3605451https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.html
SHA256: b33e1413f137a5f0d845c04fccfbe4fafb6e537b0ce9ea64319453ced6247a80
SHA1: 3dd5865750bcb545c54025c6f7ae285957975be3
MD5: c31c0436a53ccc0d10da3f42a3605451
M22-M5052TrickBot_15755349Windows This strike sends a polymorphic malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.The binary has random strings (lorem ipsum) appended at the end of the file.15755349b8ab974d167749cfc763bc80https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 8dcff0a46407c20b7fc1b152924ee5a0f46d88d59a907c281e85b577c13764de
https://attack.mitre.org/techniques/T1009/
PARENTID: M22-M500f
SSDEEP: 12288:TPXywR1k/1qZLqnmqI+IQP+cqo+f+8IW4MuFK1kFSFT5XQQu/IID/OW/toXiy9du:TfRLDB+Rqo+f+TcXXDMICzox9ZDGfi2b
SHA1: e161f620a385bc179273d5c851823f68e708c491
MD5: 15755349b8ab974d167749cfc763bc80
M22-M505bREvil_79668390Windows This strike sends a polymorphic malware sample known as REvil. In July of 2021 a supply chain ransomware attack leveraging an SQL injection vulnerability in Kaseya VSA software was carried out against multiple MSPs and their customers. The ransomware being used in this attack, REvil also known as Sodinokibi, was pushed via an automated malicious update to their customers.The binary has been packed using upx packer, with the default options.796683909b5036791e015a01609dc751https://www.bleepingcomputer.com/news/security/revil-ransomware-returns-new-malware-sample-confirms-gang-is-back/
SHA256: caec63febf5a317814578c43195860e4a8adf67a9198b3b78b2863e6ba025c6d
https://attack.mitre.org/techniques/T1045/
PARENTID: M22-M503a
SSDEEP: 768:4Nlm2nKvGwUVtOlVXa52ZM+vjtnptpgccBHqL+b:4Nl0vz+OlVXTV5qc
SHA1: c6cc1c2e15b32f57ce50c4e2f03bf2c646a8ecf6
MD5: 796683909b5036791e015a01609dc751
M22-M5004Hupigon_07c75baeWindows This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.07c75baee5a6ae81ac978acba8a3d8aahttps://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: 371852ac7b74eb35be9852a914a103b8033138adea0850c7f101b2945da538b5
SHA1: 48d30e57551966375ea44316c4909f9cb00e069e
MD5: 07c75baee5a6ae81ac978acba8a3d8aa
M22-M5065TrickBot_c14c3f99Windows This strike sends a polymorphic malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.The binary has a new section added in the PE file format with random contents.c14c3f99bb7182a1cd190f04e9af9c43https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 1cf90d23d942d6c48353842a3f9a63f94cdae38f647d824769f621857d2a1457
https://arxiv.org/abs/1801.08917
PARENTID: M22-M500f
SSDEEP: 12288:GPXywR1k/1qZLqnmqI+IQP+cqo+f+8IW4MuFK1kFSFT5XQQu/IID/OW/toXiy9dG:GfRLDB+Rqo+f+TcXXDMICzox9ZDGfi2H
SHA1: 4c3a498e176e83aca10c57f51b133f63f3726af8
MD5: c14c3f99bb7182a1cd190f04e9af9c43
M22-M5002TeslaCrypt_01df1af3Windows This strike sends a malware sample known as TeslaCrypt. This ransomware demands Bitcoin in order to decrypt files from the system.01df1af3f09abbea8a92331c7305356bhttps://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: b89b656a2ce0c5f6f1a37f39b86096551eb04551bb352a651c03732d2b2b501f
SHA1: a68a426c91a49f6302aeee20ac18b0c849352975
MD5: 01df1af3f09abbea8a92331c7305356b
M22-M5049Qakbot_cd76cab9Windows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.cd76cab9e70999010d4549f660024bfehttps://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.html
SHA256: 475800c77b04c9d9877abc8b57f3fcb85492ef01b8480b0fa98621c4cb81a049
SHA1: 3e7db439cf54d6c5649ec7b1870048847f511065
MD5: cd76cab9e70999010d4549f660024bfe
M22-M5014TrickBot_3be39381Windows This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.3be39381a1994f0055c41666e86221c7https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 12b485f8bb93df3ef543ac9c2df5a6c881ad8d80e7a0500acf5d5ff7a8350454
SHA1: ffe05c467e107fe7bf6f9acd7602875fe4c3c0d0
MD5: 3be39381a1994f0055c41666e86221c7
M22-M5040Hupigon_b8aec15bWindows This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.b8aec15bb1d5f7690685c735fb285483https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: 30371f13135df527a7454ec9e77df9692b96e40fd53d84ec34d3e4f5a5f572f1
SHA1: 0d785fd8be017a3f885b03ff567c94a19f88ed6e
MD5: b8aec15bb1d5f7690685c735fb285483
M22-M5035Hupigon_9d00848bWindows This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.9d00848b8978a0fd33214b78662f90c1https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: 51972f701179f2a3d00afe06fa2cf44c70c9cc2e52b4825e443b51c631ca5c28
SHA1: 3aad7617655ed380a98b1c7e6d683fd379fbcc4e
MD5: 9d00848b8978a0fd33214b78662f90c1
M22-M506aTrickBot_f3591383Windows This strike sends a polymorphic malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.The binary has random contents appended in one of the existing sections in the PE file format.f35913834ff4b111ee7971561136d185https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 4eeba107a2533f19740d166af9e03988e88d7cc25bbb8b9a6588764b445a53d9
https://arxiv.org/abs/1801.08917
PARENTID: M22-M500f
SSDEEP: 12288:TPXywR1k/1qZLqnmqI+IQP+cqo+f+8IW4MuFK1kFXFT5XQQu/IID/OW/toXiy9dH:TfRLDB+Rqo+f+TcWXDMICzox9ZDGfi2S
SHA1: 9603407a04d92dd9bfc31f366556a52a19cbb1ad
MD5: f35913834ff4b111ee7971561136d185
M22-M5001TrickBot_010c5005Windows This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.010c50055f097fa6bb7d839d3147a2eahttps://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 72cb744b57f3183e15da3780cbfd4411dc77b36411c1fcca65ec59e2d15713f0
SHA1: f79454f4b97a2a1b04426f158dbe0e220a0826cf
MD5: 010c50055f097fa6bb7d839d3147a2ea
M22-M501fHupigon_57ae6c60Windows This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.57ae6c6014102b320c80edcc1f385366https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: 55e93fe87b94d76f69d454de62dfed8dc7c0d97e2f3369aa346a27ba5f071534
SHA1: 7ee253058fe2e5bccbdcb37772d114abf91393ac
MD5: 57ae6c6014102b320c80edcc1f385366
M22-M5048TrickBot_cb1f7a9aWindows This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.cb1f7a9a6ce503974b34d8e396fe2e5ahttps://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 6463c1b28ff09bfd3895b958249ce7e3220ec35b5a49422219407ee5f51cd47d
SHA1: 3b12ba24f874b6e5c39308c89d3f6d77dcfa763f
MD5: cb1f7a9a6ce503974b34d8e396fe2e5a
M22-M5010TrickBot_2a4e6863Windows This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.2a4e68634737e0655ce279c6211eac59https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 464bc95d917d9ec52420bf440a55f4099396d2af4af43d41694f30a70d00761b
SHA1: c4b706e4ae230498c41b33ea0498bed846a03302
MD5: 2a4e68634737e0655ce279c6211eac59
M22-M5068TrickBot_e3af376fWindows This strike sends a polymorphic malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.The binary has the debug flag removed in the PE file format.e3af376f2df425e0364f9f40bcfe1124https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: e30f6a643088ffa302b46d65855bdaa3cca24de0e2dd9188f5904a38ae93d2b0
https://arxiv.org/abs/1801.08917
PARENTID: M22-M500f
SSDEEP: 12288:GPXywR1k/1qZLqnmqI+IQP+cqo+f+8IW4MuFK1kFSFT5XQQu/IID/OW/toXiy9dH:GfRLDB+Rqo+f+TcXXDMICzox9ZDGfi2S
SHA1: 699307c5b71fe04ba2e01d0689aa9c0c2ebc7e6b
MD5: e3af376f2df425e0364f9f40bcfe1124
M22-M5015Hupigon_3d4a8ff6Windows This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.3d4a8ff63982abce0518079deb731a83https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: 6ab58b19fa30990b48550fb6bdb26c8b4dbab5e03c15764f23c2d86aba65dac9
SHA1: 755098a568a2f77c4ae7a5c5da8840a5ae75a20a
MD5: 3d4a8ff63982abce0518079deb731a83
M22-M5044Hupigon_be41beeeWindows This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.be41beee7e99e2a6fc79bd6bc0032b59https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: 1efc883750179e5b3bde866fc14b92a89231be24ae854a7a038781b0b927879e
SHA1: 26f17d2f16a724152712fbf5af31b33cb919599d
MD5: be41beee7e99e2a6fc79bd6bc0032b59
M22-M5041TrickBot_b951c1dfWindows This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.b951c1df23a3735b1351577f3521a876https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 704f3472d96b7a5ca6a31e7608ad29d5c0c331516367a6eca0ccd5ada61afdf6
SHA1: 2951b520fb37d5275b171bd1c546156e6fbc8081
MD5: b951c1df23a3735b1351577f3521a876
M22-M502dTrickBot_84834e1fWindows This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.84834e1fc670e9375f83839273c886dfhttps://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 259ba57d1ce1868c12144dc3fec87c8f882e201f3093048f7e933f53346b0afd
SHA1: 18810d7025a0781b6070b41f5f828dceb47622f1
MD5: 84834e1fc670e9375f83839273c886df
M22-M502fTrickBot_8a341bdfWindows This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.8a341bdf26de60144d5c5aaba12f6227https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 904df9175e7c173fa0d09bd57f4c038ecfa0bd438aa233807dfdc973f6f08679
SHA1: a49133fc4dbecd231fb12993a2ec3cb180d5c040
MD5: 8a341bdf26de60144d5c5aaba12f6227
M22-M500bHupigon_20517e6bWindows This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.20517e6b94106686ef81d375c90c2022https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: 780f97f11b68ba98658bbf5fc5716af7a303c76a02348fef98792b1065b96c46
SHA1: 6e9fcf762d5072f472777951f5b5e9ab86687c66
MD5: 20517e6b94106686ef81d375c90c2022
M22-M506bTrickBot_f59c6952Windows This strike sends a polymorphic malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.The binary has the timestamp field updated in the PE file header.f59c695229c7b02cfe3440338c53dc20https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: cbb463b05c06c5f6f536975661a620c0bdecc17640000adb376718a2078b358b
https://attack.mitre.org/techniques/T1099/
PARENTID: M22-M500f
SSDEEP: 12288:rPXywR1k/1qZLqnmqI+IQP+cqo+f+8IW4MuFK1kFSFT5XQQu/IID/OW/toXiy9dH:rfRLDB+Rqo+f+TcXXDMICzox9ZDGfi2S
SHA1: e169846029349cbf1a52b464948046892f6df60f
MD5: f59c695229c7b02cfe3440338c53dc20
M22-M5064Hupigon_b17a8e87Windows This strike sends a polymorphic malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.The binary has random bytes appended at the end of the file.b17a8e87539667748cd74b4c4da8aea9https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: 98b53debeae1b28169234bcb33e51f34cbdb460773cf561b12f559fba698853c
https://attack.mitre.org/techniques/T1009/
PARENTID: M22-M503f
SSDEEP: 12288:631RUjaaV7LHLneWW5AAs5D98i7OFthdEbvxidX3aXXqYSRKfDL5K5JTKvlR1X2Y:63HxK7/nDW5AA25vGroxi4SRKmuvlR1h
SHA1: d2234a2b43cea3613a96e083cb91c5fc3f8d3792
MD5: b17a8e87539667748cd74b4c4da8aea9
M22-M5053TrickBot_1b4476b8Windows This strike sends a polymorphic malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.The binary has a random section name renamed according to the PE format specification.1b4476b84e3eea57dece04f6682402cfhttps://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 5f678db83e745f56a0994ca61d6193af36936c05ca36a21f828ea4568cc48571
https://arxiv.org/abs/1801.08917
PARENTID: M22-M500f
SSDEEP: 12288:rPXywR1k/1qZLqnmqI+IQP+cqo+f+8IW4MuFK1kFSFT5XQQu/IID/OW/toXiy9dH:rfRLDB+Rqo+f+TcXXDMICzox9ZDGfi2S
SHA1: 72d6e5f8ddbb9ba79a757a3f433f5c0ba0a585c8
MD5: 1b4476b84e3eea57dece04f6682402cf
M22-M503aREvil_ad49374eWindows This strike sends a malware sample known as REvil. In July of 2021 a supply chain ransomware attack leveraging an SQL injection vulnerability in Kaseya VSA software was carried out against multiple MSPs and their customers. The ransomware being used in this attack, REvil also known as Sodinokibi, was pushed via an automated malicious update to their customers.ad49374e3c72613023fe420f0d6010d9https://www.bleepingcomputer.com/news/security/revil-ransomware-returns-new-malware-sample-confirms-gang-is-back/
SHA256: 0c10cf1b1640c9c845080f460ee69392bfaac981a4407b607e8e30d2ddf903e8
SHA1: eb563ab4caca7e19bdeee807b025ab2d54e23624
MD5: ad49374e3c72613023fe420f0d6010d9
M22-M5043Hupigon_bceef9b5Windows This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.bceef9b557f482e6395108967b42e159https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: b83679856384e21172278479a81d0ccefb0b849f2643b65cf2f823b9c25dee7c
SHA1: 15e817df37bdecc54f6dec8fcbc01634667d8782
MD5: bceef9b557f482e6395108967b42e159
M22-M505eTeslaCrypt_9d13bae9Windows This strike sends a polymorphic malware sample known as TeslaCrypt. This ransomware demands Bitcoin in order to decrypt files from the system.The binary has the timestamp field updated in the PE file header.9d13bae96cf4e77b52e630586907ac16https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: d02f3ed678bf675a924d1cefff2b5a86b7105abc67d14dd5939350b469e00deb
https://attack.mitre.org/techniques/T1099/
PARENTID: M22-M504e
SSDEEP: 6144:sCk5T0HPFjZy2MqqG9zugobEYfglIkzQmBPDFF0HPFjZy2MqqG9zugobEYfg:y0vIq9oAXzQmR0vIq9oA
SHA1: 335e5259fe32e78910ac71410e3f2bf5e6dcd5bc
MD5: 9d13bae96cf4e77b52e630586907ac16
M22-M5019Hupigon_43b43e55Windows This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.43b43e552fbd6948382c4f7bd8c80017https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: 13e4ffd70d314bd55ff275c34c8c0e17b68d0ade75a5a36d304e30a18e3695c5
SHA1: cc6f81984baacc00c494c7dc0f0ecbf49c842a0e
MD5: 43b43e552fbd6948382c4f7bd8c80017
M22-M5017Qakbot_405dc314Windows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.405dc3140fd0f010ff08a3b5b7833158https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.html
SHA256: 03a8937c5d9637b60be1f02b835fd04320ca05ed0d38cbbe40e4a3f83bc6d3c8
SHA1: 6e3f86094328267564b0ae0320f4c2fbae03c3fd
MD5: 405dc3140fd0f010ff08a3b5b7833158
M22-M501eHupigon_51e34a25Windows This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.51e34a25e65889cf833ec220329c487chttps://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: 114a95b36d5eb06500920fab99ae2827515af308635d2b61b62563badf1414c4
SHA1: e8e410db87bb5ec8d39ab8cda5312786f11df7c6
MD5: 51e34a25e65889cf833ec220329c487c
M22-M505dQakbot_91257224Windows This strike sends a polymorphic malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.The binary has a random section name renamed according to the PE format specification.91257224c05e3e3d8c1ee8d7fe014a91https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.html
SHA256: d2eac392345ed0cd8e3cced110b9d68c164c853d3559b88d08a7d54a6a4066b9
https://arxiv.org/abs/1801.08917
PARENTID: M22-M5005
SSDEEP: 12288:M4Z52dj02g1PG9kBQLCygwjHItQOhcrga114QFdy4unYkAi5QVhP3v82xidH7FKb:Nrj9RTyEtQOhygaFdyHYkANb82xilFu
SHA1: 9c1ad286710217267c0a26477c667e2c8561e40e
MD5: 91257224c05e3e3d8c1ee8d7fe014a91
M22-M502cQakbot_82189898Windows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.82189898694af9b8e5ea9058da56261ehttps://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.html
SHA256: 1e4112132b6ccbb5113f2886e1083f777a08b3d6268b73d76b38cd0b927f4ecf
SHA1: d38be295de2f425819a06e8cada74520d8615ce9
MD5: 82189898694af9b8e5ea9058da56261e
M22-M504cBlackByte_eef97710Mixed This strike sends a malware sample known as BlackByte. BlackByte is a ransomware group that employs a ransomware-as-a-service offering to malicious actors. Once infected communication with C2 servers is established. AnyDesk remote management software is installed as well as other publicly available software like 'netscanold' or 'psexec to perform lateral movement and establish persistence on the victim's machine. Once this functionality has been established the attacker demands a bitcoin ransom in order to decrypt the files on the system.eef977108c7a7aef512532cc6e2f49cchttps://blog.talosintelligence.com/2022/05/the-blackbyte-ransomware-group-is.html
SHA256: 884e96a75dc568075e845ccac2d4b4ccec68017e6ef258c7c03da8c88a597534
SHA1: 7273bf0db30a12428f7046ef99ebe3e7472cdfbe
MD5: eef977108c7a7aef512532cc6e2f49cc
M22-M5009TrickBot_1fc6a697Windows This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.1fc6a6970218db54923a3418851d9244https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 88e3c9743f423655a60801b44e4d8783c1a444f27748a7f00e827421eb7fd6c0
SHA1: c483ab691205fad531b17c9eb68d44e23ffcf452
MD5: 1fc6a6970218db54923a3418851d9244
M22-M5024Qakbot_61847aecWindows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.61847aec901fcbb00992d7563f026e5dhttps://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.html
SHA256: db5972b4ab47c92b52c37ae694ccc5316c6cf4af79de52fc249fdb46a194596d
SHA1: 9b28c2c03a145bbd5e0cb0d9cc6ed404beea4197
MD5: 61847aec901fcbb00992d7563f026e5d
M22-M503eHupigon_b6f5353fWindows This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.b6f5353f224817d241ef24fdf594b22chttps://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: dc3b95c3c45f8aa3c95d58686b90492637cfc2dffbd0a553e6b0afefd0716c75
SHA1: 4cd5b45658c85e9b21f67cc327162b7cec48eb25
MD5: b6f5353f224817d241ef24fdf594b22c
M22-M503fHupigon_b8776276Windows This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.b8776276dcd39631753cac978f8ec9a1https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: 07d5c5e817a04a24afe129e3f05c42ca0ed9c4fba0f8c8ed464ef49aba1b2319
SHA1: a8bceffd4d3c3e62c2800ea3a0d1e2e81a8aa1b6
MD5: b8776276dcd39631753cac978f8ec9a1
M22-M5061Hupigon_a43dd785Windows This strike sends a polymorphic malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.The binary has the checksum removed in the PE file format.a43dd7859c056269b1de939f77e7136bhttps://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: 51daf9ec0c400291722f6363ba6ff462bf91f7a0efa82dc2106b605b8bb06536
https://arxiv.org/abs/1801.08917
PARENTID: M22-M501e
SSDEEP: 12288:J3J92NUqv51AI0oW5AFOrxXLEAbskhTgXDfX3nXXqfzdPHtx50VExUv6gCDl03n+:J3vbUEITW5A0F7V398ezdPnUv6rD
SHA1: 02c4949d3289586e143a7eaed29801f90961e76d
MD5: a43dd7859c056269b1de939f77e7136b
M22-M5031Hupigon_90468611Windows This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.90468611aba2c7267ab82b46b69eb413https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: cb94d6ac6f0200280bacb3a5436d2b768a8b5bb3f18a275853e9b6a4d577a794
SHA1: b418ffba848521772781b270ef27b556f43deaa2
MD5: 90468611aba2c7267ab82b46b69eb413
M22-M5060Qakbot_9f8e8dd6Windows This strike sends a polymorphic malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.The binary has random contents appended in one of the existing sections in the PE file format.9f8e8dd6c3b95d095fdd39687b2b6a0bhttps://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.html
SHA256: dfc92dc312035598894983828098371ad4e39fba75df1509e10b0a96a7cff570
https://arxiv.org/abs/1801.08917
PARENTID: M22-M5005
SSDEEP: 12288:c4Z52dj02g1PG9kBQLCy+wjHItQOhcrga114QFdy4unYkAi5QVhP3v82xidH7FKb:drj9RTy2tQOhygaFdyHYkANb82xilFu
SHA1: 29e0e1b166ba39eb1aeb0c6571f52d21c9504f7c
MD5: 9f8e8dd6c3b95d095fdd39687b2b6a0b
M22-M503bQakbot_aea860a2Windows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.aea860a2c9b5de2e6a9619affef59ab6https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.html
SHA256: bc5f0344277a72a9e4520f49150e00ef3ccefe916e08ef248ab6b762621b2c98
SHA1: c23707053d15eee4393b3e17390c45e958dad561
MD5: aea860a2c9b5de2e6a9619affef59ab6
M22-M5011Hupigon_2b20a40bWindows This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.2b20a40beb5838ae90e96d1ae9d25283https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: cb4fcfdc6c787b264971a83772af1ecb872d45a07e8e28933a563366804f16b0
SHA1: 6b18811cf9d535e7bf2e6c2233a367ab67a9c81b
MD5: 2b20a40beb5838ae90e96d1ae9d25283
M22-M502eTrickBot_87f56dddWindows This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.87f56ddd321f7c16fc1702e4112e7313https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 4d4ad9bd0b51be44878ad59d1d9e3fa110a629ea52305cfc2ba3e9106698ca71
SHA1: 002bb0b49e03e6b55220bc86709f20a20949192d
MD5: 87f56ddd321f7c16fc1702e4112e7313
M22-M5039TrickBot_a6882fe6Windows This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.a6882fe62b5165f6ec4d64caa7f49448https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 7131c68df5ded52136e0dd93456da13dd3cef68f5222157d20fd61b04a86f038
SHA1: 4fbbc27badb1dd70b7e58b8f511c05a8f572d820
MD5: a6882fe62b5165f6ec4d64caa7f49448
M22-M5028Hupigon_743e0997Windows This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.743e0997dae362f311869bb9f4fa5abchttps://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: 7834e2a91eea26e48e98a6b04d28f4f1432f808bb6c7d41e6a2a896f45c2bb46
SHA1: 257ddf98568a018a04b8198ab62919ee9da7388a
MD5: 743e0997dae362f311869bb9f4fa5abc
M22-M5020TeslaCrypt_5869bba8Windows This strike sends a malware sample known as TeslaCrypt. This ransomware demands Bitcoin in order to decrypt files from the system.5869bba88bcd0a572bdf48bf79a96084https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 235e75a04e4622be8e18ab647a77a87a65a0b33dd0a9edf07e5ada784dc32bb5
SHA1: 05eed71cccf0e543219c11e548cc0914c4f6847c
MD5: 5869bba88bcd0a572bdf48bf79a96084
M22-M5005Qakbot_11a1f578Windows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.11a1f578e4f9f2b621b8be07345c05bbhttps://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.html
SHA256: 0e6a4d17945d9c103fda3eabba411094f46bef60629254b5eb513cb1704549d6
SHA1: f6105f910e79a4ab7683513f71f1a97b31b91837
MD5: 11a1f578e4f9f2b621b8be07345c05bb
M22-M5037TrickBot_a5cf1da0Windows This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.a5cf1da0e0cf75d265090f3246a73cc1https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 96d60053f8d2be82d6fee5348e6ceff040525c149ec6d7642edce54d0251e0a3
SHA1: bc905773db803b6a0eadf65c429d70d17a2b0abe
MD5: a5cf1da0e0cf75d265090f3246a73cc1
M22-M500dHupigon_227154fbWindows This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.227154fb5f024c0d8a0be9b0df612ea3https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: f75acca5bc2009ef78b856541bfac9e60d30298e742d781f07843a2330209415
SHA1: 1f3c8a292551483dbfeedaabb083225e23ac860b
MD5: 227154fb5f024c0d8a0be9b0df612ea3
M22-M503cQakbot_b4675efbWindows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.b4675efb7af833494f30356b6d8e6578https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.html
SHA256: 284947350f2b5ba8d274ce35fe7d4046bd5d60075a598b1f080ed415dfd9e322
SHA1: 4e73c869b53cb25ee01b5b2465f127916da513c1
MD5: b4675efb7af833494f30356b6d8e6578
M22-M5062Hupigon_a94f8d04Windows This strike sends a polymorphic malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.The binary has been packed using upx packer, with the default options.a94f8d044abf12e2bd92184ad1e7fa22https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: 2c7795877263cc9e702b1f8e6e28003c825485051c115c82e4303bc4086380e9
https://attack.mitre.org/techniques/T1045/
PARENTID: M22-M503f
SSDEEP: 6144:7ywk+OSgP6aZ2bWrlPzTOpSNBmJU7ze+qxE9jX6zLdi6lZ5U9fcQ:GwkBP6GXlPzTOwNWUv6/dDj5y
SHA1: f53c4b49d35c6c83a646cc853a88ce4a1f7cfd55
MD5: a94f8d044abf12e2bd92184ad1e7fa22
M22-M5021Qakbot_5df167f3Windows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.5df167f3192b8e23833a0a5f8d2fca45https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.html
SHA256: 8cf4485ebcbdcaadbb806642b98578d2e1cd1eeac0d8605acdf4790a772010d5
SHA1: 3cbebc239bc9a13ad32e1473c31ae53384d7b370
MD5: 5df167f3192b8e23833a0a5f8d2fca45
M22-M500cBarys_20d6e9bbWindows This strike sends a malware sample known as Barys. Barys is a trojan and downloader that will upload malicious files to the victim machine.20d6e9bb4eb08715b9c14437b90c059dhttps://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: 9f762428f1e64805ef0e622c492bb610a811f5bd85c0d859052efc10ce63819a
SHA1: 123181de2b2cc98a7d16103d185abd2251855613
MD5: 20d6e9bb4eb08715b9c14437b90c059d
M22-M5022Hupigon_5e185489Windows This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.5e18548913107bd5506a21bd541b25aehttps://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: 1afa8bf0e717c709e3793ad09bd1a5c84eb55d492c6c3b79e91eb9e9626ff1e4
SHA1: 9871b911387dd1e6523384cbb93213660d37d258
MD5: 5e18548913107bd5506a21bd541b25ae
M22-M501aQakbot_4c08497dWindows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.4c08497dcc46ef0bb965a34d9e5fd32chttps://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.html
SHA256: 9995a209ed064f38bfb1bea4d35d26e6103c969d91bee45e942523f53e853c0b
SHA1: 8843c999ecc045dacfaee4a9b23406b39baeb7f0
MD5: 4c08497dcc46ef0bb965a34d9e5fd32c
M22-M501bTrickBot_4d9829c8Windows This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.4d9829c8ddc45429fa8f40a758e821bfhttps://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 57f6bba7f29a365466af5dd3cd9a9f61e57543f4d83d76bef81640b3048e2cdd
SHA1: e2678a51fe2ba86903045b5c5ff4bd119a668c6d
MD5: 4d9829c8ddc45429fa8f40a758e821bf
M22-M505fHupigon_9efb0665Windows This strike sends a polymorphic malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.The binary has random strings (lorem ipsum) appended at the end of the file.9efb06656eabd91cf27272343e11f014https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: e5fe80188b307693b9a8fc3b8ea0d8ef5523dc8014b8c6a1128f8b537c08ddd3
https://attack.mitre.org/techniques/T1009/
PARENTID: M22-M503f
SSDEEP: 12288:631RUjaaV7LHLneWW5AAs5D98i7OFthdEbvxidX3aXXqYSRKfDL5K5JTKvlR1X2h:63HxK7/nDW5AA25vGroxi4SRKmuvlR1U
SHA1: 77cef7c40b5080815806d738d87288b26817e578
MD5: 9efb06656eabd91cf27272343e11f014
M22-M5047TrickBot_c8f68051Windows This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.c8f68051462b3f1bd59c4501b9daec3bhttps://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 13edd954aa2cb6615acce1a1f169366f6d12554012d185b22150b4ac3b1e2b5c
SHA1: cd6f15ba6357cd03f2bbe07f883951831ead838b
MD5: c8f68051462b3f1bd59c4501b9daec3b
M22-M5059Hupigon_689678d7Windows This strike sends a polymorphic malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.The binary has random contents appended in one of the existing sections in the PE file format.689678d733098fafa9138197421f1b25https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: f7a7d771d50880a3ba5523aa1353ace313f89aa6146b6a158a4a44f4edbd6e44
https://arxiv.org/abs/1801.08917
PARENTID: M22-M503f
SSDEEP: 12288:a31RUjaaV7LHLneWW5AAs5D98i7OFthdEbvxidX3aXXqYSRKfDL5K5JTKvlR1X2P:a3HxK7/nDW5AA25vGroxi4SRKmuvlR1K
SHA1: 10cf36c21b525100ab83b054f9a3f9529c9fe3cf
MD5: 689678d733098fafa9138197421f1b25
M22-M5032Qakbot_94cdc6bdWindows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.94cdc6bdf1021e5a632018c13d2cb5b7https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.html
SHA256: ff716935c2651546934d9cbbd61d039abc89da049fe7e9d0acf8b8c6035bd3e5
SHA1: e46deb493c7425dafcb6c158c96ce1f285316dbc
MD5: 94cdc6bdf1021e5a632018c13d2cb5b7
M22-M5057TrickBot_4ce52d89Windows This strike sends a polymorphic malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.The binary file has one more imports added in the import table.4ce52d89efff02ddd3995af5d69b65f4https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 4228374bc763ff5014c3b6e63ab6b1009b51e4509174d6fb00b6e582780c6b11
https://arxiv.org/abs/1702.05983
PARENTID: M22-M500f
SSDEEP: 12288:SPXywR1k/1qZLqnmqI+IQP+cqo+f+8IW4MuFK1kFSFT5XQQu/IID/OW/toXiy9dB:SfRLDB+Rqo+f+TcXXDMICzox9ZD6fi2M
SHA1: e74f8e87ae95e67e29d7ea3d7da4b3f5355f3767
MD5: 4ce52d89efff02ddd3995af5d69b65f4
M22-M502aTeslaCrypt_796aa3c8Windows This strike sends a malware sample known as TeslaCrypt. This ransomware demands Bitcoin in order to decrypt files from the system.796aa3c80d4b3be5333cbc910071612ahttps://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: b57ca40eab68c52c47e979fae218dcb91cb833caeadd53538695b12f5f70c51c
SHA1: 2a7ab2b23b194258042c1b79e5a9fa91812948e2
MD5: 796aa3c80d4b3be5333cbc910071612a
M22-M5012Hupigon_2da2d409Windows This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.2da2d4091b9ad9050d9f2127e69f56b0https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: 651b5e5f4f933fe94ae0d5438ed7af2f051db6c718150ab1538e41f4effc9f09
SHA1: 34ed2bf88dccc2669d79e5d8bbdf3f7a06007ff8
MD5: 2da2d4091b9ad9050d9f2127e69f56b0
M22-M5050TeslaCrypt_f8c510f5Windows This strike sends a malware sample known as TeslaCrypt. This ransomware demands Bitcoin in order to decrypt files from the system.f8c510f569bb2daf365c01e002e9bf48https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 77f8d351f3f9b27c42ddd98965269e809e0b864571013240bc3f1e6c7cd51ddd
SHA1: bf809ae8c877defcdae0345dc42989c938e622ea
MD5: f8c510f569bb2daf365c01e002e9bf48
M22-M506cREvil_fa4fb07bWindows This strike sends a polymorphic malware sample known as REvil. In July of 2021 a supply chain ransomware attack leveraging an SQL injection vulnerability in Kaseya VSA software was carried out against multiple MSPs and their customers. The ransomware being used in this attack, REvil also known as Sodinokibi, was pushed via an automated malicious update to their customers.The binary has random strings (lorem ipsum) appended at the end of the file.fa4fb07b8139347c27b5087b1ce4a524https://www.bleepingcomputer.com/news/security/revil-ransomware-returns-new-malware-sample-confirms-gang-is-back/
SHA256: 9d16a0be7bbe5b4efb98be296c00187b778610c26feaeb18b4b6b605d3c88f72
https://attack.mitre.org/techniques/T1009/
PARENTID: M22-M503a
SSDEEP: 1536:nhxY8CkSIxCSWY52x2xEpymgCICS4Ao7f/L7WG:hrxNWA2x2xgacOG
SHA1: 10770d0a2c430da045157b498eaf41277fcaa552
MD5: fa4fb07b8139347c27b5087b1ce4a524
M22-M5033Hupigon_964bd073Windows This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.964bd07332952fe78d3cdc44a20e64d7https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: e5c2cf38779a1bc5bc9837f32547153083a3fc890cab311ded8109bc72d8b3f5
SHA1: 2efff529d530cc47fe96a94bed17eba744a5f2b4
MD5: 964bd07332952fe78d3cdc44a20e64d7
M22-M5066Qakbot_dbb7ecb8Windows This strike sends a polymorphic malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.The binary has random bytes appended at the end of the file.dbb7ecb89e18360dd41a60adf94587echttps://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.html
SHA256: ffd453c46b72d8333b1b4aa1a791c302e79af23e8029cebadd9b9150fc5ad2f8
https://attack.mitre.org/techniques/T1009/
PARENTID: M22-M5017
SSDEEP: 12288:74Z52dj02g1PG9kBQLCyF1jHItQOhcrga114QFdy4unYkAi5QVhP3v82xidH7iKM:Urj9RTy0tQOhygaFdyHYkANb82xiliv
SHA1: 7ba84b92a81a2b3ad1881ab50efd6a56e717b711
MD5: dbb7ecb89e18360dd41a60adf94587ec
M22-M5018TrickBot_421993b2Windows This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.421993b2fc82e644b71d638028410316https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 3c62ba077f17b25160bd01df9ce8ecdd730eacece2a7947a62981cec829fb894
SHA1: 8931d11d33072de5e871863049d712024d6e52e7
MD5: 421993b2fc82e644b71d638028410316
M22-M503dHupigon_b5f51c06Windows This strike sends a malware sample known as Hupigon. The Hupigon malware are trojans that allow the remote user to execute commands on the system, such as to delete files and folders, download and execute files, and terminate processes.b5f51c06af27f4f20d9e30b2fd7bc809https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
SHA256: 568c2616afc3c02bc1ecdd56e794e7518241337abb250e23d7d058c94e1c3a4d
SHA1: 637c58fcf8a50ee825490c21f8cc56e4de5653f3
MD5: b5f51c06af27f4f20d9e30b2fd7bc809
M22-M505cQakbot_85d4e77bWindows This strike sends a polymorphic malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.The binary has the checksum removed in the PE file format.85d4e77b12ae4eb3e9ed09c98fa44d86https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.html
SHA256: 25bce15d32996348aabf2972fb97a8c21995cec50d0762387d01b0026fc9639a
https://arxiv.org/abs/1801.08917
PARENTID: M22-M5005
SSDEEP: 12288:V4Z52dj02g1PG9kBQLCygwjHItQOhcrga114QFdy4unYkAi5QVhP3v82xidH7FKb:+rj9RTyEtQOhygaFdyHYkANb82xilFu
SHA1: 23437700e457079befd268ff20aeaf52055ad871
MD5: 85d4e77b12ae4eb3e9ed09c98fa44d86
M22-M504bTrickBot_e4e07dbcWindows This strike sends a malware sample known as TrickBot. Trickbot is a banking trojan targeting sensitive information for select financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB Scripts.e4e07dbc061bbc8f4069eddf0896a23chttps://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 3f0e21c9807bcbe3081e0dfc1a28f15b483efe760afa382d891a97de6876f8aa
SHA1: c3f5121b1f0e4a8c80f039b97108455a401cb7b1
MD5: e4e07dbc061bbc8f4069eddf0896a23c
M22-M5007TeslaCrypt_1a1f3710Windows This strike sends a malware sample known as TeslaCrypt. This ransomware demands Bitcoin in order to decrypt files from the system.1a1f3710088a7a5c062ad9c43b0628f8https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
SHA256: 8fcafc56c480b5b6492aa5b4882f7b4351e0113b5c20fa69f73db0b2d9dbc82a
SHA1: d11d211bbef09daac9aae26782cd9c71adf12cc3
MD5: 1a1f3710088a7a5c062ad9c43b0628f8