M22-M6039 | Qakbot_b78d07e0 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | b78d07e05cd8716afc4c929b8b810033 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 151c33f7cc6970eb9d6cf8d1bc6f3c34899aea570381712a1059688478097693SHA1: 59213afce1bdb37b450db49476526fe5a58b8c6fMD5: b78d07e05cd8716afc4c929b8b810033 |
M22-M600b | Razy_252b278e | Windows |
This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process. | 252b278eca0767c82901c901c3cfd469 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 5489417e8b65281a8c91c86bbeee1d0730e30db31ade1453d9b75e8eb74ae0e7SHA1: fbf67e241797abad01d829de29f90466d6361cb2MD5: 252b278eca0767c82901c901c3cfd469 |
M22-M6055 | Johnnie_38c0b11f | Windows |
This strike sends a polymorphic malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.The binary has the debug flag removed in the PE file format. | 38c0b11fddbfbc2806cfacb08ecd6ca1 | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 1bde3bbe189e4c8511112ec85ddb601205d2245c286eaca0e8a279f939bd2db6https://arxiv.org/abs/1801.08917PARENTID: M22-M602fSSDEEP: 12288:VYt6ffPnlddBo4IlV1FnwkFe1vSpoDoKPfeREneu7TdCDpbx5vsXaQoca8c24LNo:VOWPnc4SHA1: bdf828ddd03d74ac57c64c60d5b6f2afe23df389MD5: 38c0b11fddbfbc2806cfacb08ecd6ca1 |
M22-M605e | Johnnie_a14f71fe | Windows |
This strike sends a polymorphic malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.The binary has the checksum removed in the PE file format. | a14f71fe7ea29bb40ad88b302881dab6 | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 42d8f9b6ae825c3b853057a96f11b6f1574638813c84c707aebf1bf5f0c74582https://arxiv.org/abs/1801.08917PARENTID: M22-M6001SSDEEP: 12288:66LAvp6lpYdh5snsgbv+9IlycgO9rxRMhhJPdZ13Sy3cg5FkN06XsJXpNwjO5O88:6OAvpepYdhjSHA1: a0b10a1963e6d4b2079187bf420eabbcf988d6c1MD5: a14f71fe7ea29bb40ad88b302881dab6 |
M22-M600d | Razy_2ea5d78a | Windows |
This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process. | 2ea5d78aab51ab807a91a44d5b76f1d5 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: ae5233f7947ccc7339a4d3beee2ab2d82d82ee445df4010b87a9e30585f0a73dSHA1: 103eeb565292dfc10a6c0eddb9ef9b8e917bf310MD5: 2ea5d78aab51ab807a91a44d5b76f1d5 |
M22-M601a | Johnnie_473f83f1 | Windows |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | 473f83f197ba26d4599757b81ce0dd52 | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 1432f96255366adb5119d016f627bf241da64b3d5aba0dc9e8e5bc941f138c02SHA1: 3ccf38d783571c2548a6bf39d666bc16d4b33b3aMD5: 473f83f197ba26d4599757b81ce0dd52 |
M22-M6007 | Johnnie_15459468 | Windows |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | 15459468e06d5d7a87da077876f8f92c | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 1300417d32610e74c37897b0e1f73efd9edeea5ded6052cf093e0555e685df2fSHA1: 1ae2de3db2b17ef50bb64cfe2d429b30a91bf0abMD5: 15459468e06d5d7a87da077876f8f92c |
M22-M6050 | Razy_f1c1283d | Windows |
This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process. | f1c1283d8cac50b7b8e9c0541f254d08 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 27d33499047b98a15fa6bea859f83308e1b7c2f4d08330dcaaa050d6f11ed81bSHA1: 05d4fa33426c2c1c8b5f5c28577dae11e718b5f7MD5: f1c1283d8cac50b7b8e9c0541f254d08 |
M22-M6004 | Gamarue_0dc48d5d | Windows |
This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands. | 0dc48d5d1bd8637abbaa22a7c2628b3a | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 209e035ae0466fab69f5fc4b2bf69a5cb30e80b22d29558ef2d3074da57fdb03SHA1: acabb972077beb3a7eb9036942cf4e4bb73fdb91MD5: 0dc48d5d1bd8637abbaa22a7c2628b3a |
M22-M6060 | Gamarue_aef60c6d | Windows |
This strike sends a polymorphic malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.The binary has random bytes appended at the end of the file. | aef60c6d7f959e086091da6e009bf27d | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: a06be84c33e2c6bb51a4dc2d611709de6a1993ef081eefcfbe00fe7a244367b0https://attack.mitre.org/techniques/T1009/PARENTID: M22-M6052SSDEEP: 12288:/WBasotvO7uknSY7J1o3xIamffkReBiNo+L7NSDAkiOolkY:eBasowSg1ohSkROMo+f1kZoljSHA1: 9e517a663c30f6d3415f77155bb235429bb3a180MD5: aef60c6d7f959e086091da6e009bf27d |
M22-M6058 | Johnnie_61477e80 | Windows |
This strike sends a polymorphic malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.The binary has a random section name renamed according to the PE format specification. | 61477e80eecd0c78d674edb9798ffef5 | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: f213c454d331c1dedb929ab1e54b70f69677ed88c6d4b36f2129b8c873977694https://arxiv.org/abs/1801.08917PARENTID: M22-M6001SSDEEP: 12288:C6LAvp6lpYdh5hnsgbv+9IlycgO9rxRMhhJPdZ13Sy3cg5FkN06XsJXpNwjO5O88:COAvpepYdhASHA1: babbe12666d57a8bda8c0730bbab990dd48a8377MD5: 61477e80eecd0c78d674edb9798ffef5 |
M22-M602e | Razy_9b6a7a52 | Windows |
This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process. | 9b6a7a5208bbb45777920653c8b23855 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 18ee3f1aa87930381c08be6b1265fa6ce96802528c319a9421d6836eb0eaf6b6SHA1: 12493718a1b2e94d4c67db9ba0ab7f98214f52ebMD5: 9b6a7a5208bbb45777920653c8b23855 |
M22-M6006 | Gamarue_11c69541 | Windows |
This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands. | 11c695418eadfc9c1c6e83a538bc30a6 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 1809966444e6d698474d4e0a7f79218318beb82f29ab2c22e979d1b35524c014SHA1: 8cf9272233657d2e2b6a45bd02bfa43c571e8b96MD5: 11c695418eadfc9c1c6e83a538bc30a6 |
M22-M6027 | Gamarue_84071b13 | Windows |
This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands. | 84071b13ac60297978051069223b60c0 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 0427a620e90ac9ef63604fadde7d29b83a9a436bf77a5379e6c29d60be9cabd3SHA1: 31af2fe15be19b4ab17e244ad148a875d731d157MD5: 84071b13ac60297978051069223b60c0 |
M22-M6043 | Johnnie_cb652b95 | Windows |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | cb652b95e5fe643cda5838279a73c3e6 | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 03ed8536f865b257cb84d00578d68b30f7e4f5e2b8b11ea2c536f4a73fcc88bcSHA1: b355538efe8cdf768a84dc5ec887792939e56ebeMD5: cb652b95e5fe643cda5838279a73c3e6 |
M22-M6061 | Johnnie_b3de3cd3 | Windows |
This strike sends a polymorphic malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.The binary has random contents appended in one of the existing sections in the PE file format. | b3de3cd3f7f35383af885a9daceda7e1 | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: bea89517329904463770be7516c3acc721aa2aae81d7198e371809aff1e90326https://arxiv.org/abs/1801.08917PARENTID: M22-M6001SSDEEP: 12288:66LAvp6lpYdh5snsgbv+9IlycgO9rxRMhhJPdZ13Sy3cg5FkN06XsJXpNwjO5O88:6OAvpepYdhjSHA1: 591102f85bafa807056cb5ce773e20681da7e0c8MD5: b3de3cd3f7f35383af885a9daceda7e1 |
M22-M6012 | Gamarue_3861c6df | Windows |
This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands. | 3861c6df0f2c6ceba149bc09e51509b7 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 0f14936181bf66d953049f2b3773ab21454630c1c89814b3f3625ef69748865eSHA1: d1d9313ce35ce87ade6d11273e9db2bd51cdef4dMD5: 3861c6df0f2c6ceba149bc09e51509b7 |
M22-M6041 | Razy_c9f10d7c | Windows |
This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process. | c9f10d7c9f46eacb6dce566f889fa8b1 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 399f262d92079f2ffecf0fcb16829620c05deab661bf5c6783b5ba3ae362f448SHA1: 0da52959066b9ea03981989fd959dbe1da2c3c17MD5: c9f10d7c9f46eacb6dce566f889fa8b1 |
M22-M6054 | Johnnie_38887b35 | Windows |
This strike sends a polymorphic malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.The binary has random strings (lorem ipsum) appended at the end of the file. | 38887b351d676a1a552cb3c9af280e90 | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 35fd463ccc2fc250ccc077fc200d41c126b20235e817ccb94038da1714185cd3https://attack.mitre.org/techniques/T1009/PARENTID: M22-M6001SSDEEP: 12288:66LAvp6lpYdh5hnsgbv+9IlycgO9rxRMhhJPdZ13Sy3cg5FkN06XsJXpNwjO5O8c:6OAvpepYdhAySHA1: d0595641d7c04c1bba4a82eb35c7e191d088371fMD5: 38887b351d676a1a552cb3c9af280e90 |
M22-M600a | Razy_22f324e1 | Windows |
This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process. | 22f324e17259132c9b849a25159b18ad | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 63f0cee4f9bc1e9186a85684bd57b9b74ccdac7031ccb9d58b064b960b1a227dSHA1: bc09aa876b53b46b4ff5866f67c4826a6a858001MD5: 22f324e17259132c9b849a25159b18ad |
M22-M6052 | Gamarue_fde8fb71 | Windows |
This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands. | fde8fb71e98e02c81f20004bba7919f7 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 01369a57c3ff4aac43b9b32940ba0e6266ab59bc7ca494b050c1b368ba59f63bSHA1: 974fe5910c946c4f6ec2ec3f81d4b54e9e3736f0MD5: fde8fb71e98e02c81f20004bba7919f7 |
M22-M6020 | Razy_6e668a86 | Windows |
This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process. | 6e668a860579dbd302a187a98076b93a | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 79e1510f7caeeb6249bc2d2064f2b9c5aebb438ebf97e4d24791c090258112c0SHA1: eb72410f44980cdd027eb58a93ae05647ca1d2a8MD5: 6e668a860579dbd302a187a98076b93a |
M22-M6051 | Qakbot_f36c3faa | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | f36c3faa276a50373ad163bc5d3f8fe0 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 7c8320812c0c1c634d9c6a425e057fc045d0bccccd0165712348cbe757db653bSHA1: 5200ac2ab52130ea1bedd922b0f7f31bd04a51d1MD5: f36c3faa276a50373ad163bc5d3f8fe0 |
M22-M6022 | Johnnie_7a526e82 | Windows |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | 7a526e82d6249af223c93a4bad5629bf | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 1394fe31d98ae7f742189f75e1ee7f0593540b79a46ffe07d61d4397de0f12c1SHA1: 6e79a3be3ea27ff78279a76065c81e089e83927eMD5: 7a526e82d6249af223c93a4bad5629bf |
M22-M603b | Razy_b9a11c5d | Windows |
This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process. | b9a11c5d2dc977651fc892b50a18cc2d | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: bc873e9989a8343cd09b3b15c76a9c863c10489023c1340ac00db4df23ed50e1SHA1: 943519013fdf62c404858a154841103a35a6e719MD5: b9a11c5d2dc977651fc892b50a18cc2d |
M22-M6049 | Johnnie_debdb48b | Windows |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | debdb48baba37bc651ecd823605cd46c | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 0a52a1b56ac888497a88371c954325d312eae19cad14460b572aac8c5ac37d6dSHA1: bf8fc654dd506f975ce1674415938ecb6198e07fMD5: debdb48baba37bc651ecd823605cd46c |
M22-M6013 | Razy_3b0e0563 | Windows |
This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process. | 3b0e0563d8e5d58dab416cef38ca179c | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 2881007599ebd28af75ae82cd8a908dba72fe55451718a0ee6fba55aa871e6d5SHA1: 3dbbbfb7766b073154d637e1e87da417a387ba77MD5: 3b0e0563d8e5d58dab416cef38ca179c |
M22-M604b | Qakbot_e0f2fec0 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | e0f2fec052912f010cb1d82d348d7e31 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: a3ec040f43b7374bb1f00c32700119847dae3763c191c174d48e5e26c2d9ef49SHA1: f866c5fbb5e7dd5fda54d598d3e172d358b7215cMD5: e0f2fec052912f010cb1d82d348d7e31 |
M22-M6010 | Gamarue_3109f7b5 | Windows |
This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands. | 3109f7b5e2b3feb06e6876797ca5b964 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 1997d9b57a35492a00181ab2991d801b9b7009528351f281b982a10a783f1dbaSHA1: 0c2c2083db4c4d73ef7a3d1a8d223968bb0a628cMD5: 3109f7b5e2b3feb06e6876797ca5b964 |
M22-M6034 | Razy_b1d1bedb | Windows |
This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process. | b1d1bedb59a544bfa5beba3067560a1b | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 283977145a129fabde4321fd2551e1837e8e3e11e1b6ee7b6f52ab486875356fSHA1: 6e65d03fac4419d508d53063558fc20149703079MD5: b1d1bedb59a544bfa5beba3067560a1b |
M22-M6017 | Qakbot_42284715 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 42284715939561b2992346faaaeef610 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 080d33d769ff2c3d103174031d146d606bb0cb57a8fffaa18b4818b512e15c46SHA1: 1cd153a12247e111070784876f01b3f8fe728bc1MD5: 42284715939561b2992346faaaeef610 |
M22-M6005 | Gamarue_0f2af894 | Windows |
This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands. | 0f2af89460de5fe7331967d5f71a0bb9 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 1197004d327cf90d046b76e1583eafb948e3d1c4fec2633beb03984dfe081a02SHA1: 3abbfce22d452cccf4f65da50209f10cfebae963MD5: 0f2af89460de5fe7331967d5f71a0bb9 |
M22-M6030 | Razy_9ef22e9c | Windows |
This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process. | 9ef22e9c85adf31eff472e50319aa8bd | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 362e58c8a3f41f656de671ce9ec0aab32e0f551a244744aff53388c58fc4a6e2SHA1: 16c3728c156b9ce747b4632386ecead21d186778MD5: 9ef22e9c85adf31eff472e50319aa8bd |
M22-M600c | Gamarue_28a8fa22 | Windows |
This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands. | 28a8fa223f15bd707365602b9d07c409 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 1a7bf9542c232c8bb7988e2d983fc11494316515102750dfa6b69da58561465aSHA1: 08384628eac7375b8fbc1cf37498fb85e549db2aMD5: 28a8fa223f15bd707365602b9d07c409 |
M22-M604e | Johnnie_e6faa2e3 | Windows |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | e6faa2e3d72d4a8cbbff122b335e72a0 | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 0c8ef4eda585236858772e3bd0f981a5aeec797a5af7888a6ca9c71a9de6c274SHA1: 4d31363c2b92087a67d09c9d386892c430fd3e67MD5: e6faa2e3d72d4a8cbbff122b335e72a0 |
M22-M6046 | Gamarue_d55fe6fa | Windows |
This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands. | d55fe6fa8d2ba3c2c6300a71990f38c2 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 19091358be18e480437b6d681782309cd63a87377cd6fbd807cc4e821423bcd8SHA1: f932be3c6859305b8a84810d74d50a96f5d6d18eMD5: d55fe6fa8d2ba3c2c6300a71990f38c2 |
M22-M6067 | Johnnie_f492468b | Windows |
This strike sends a polymorphic malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.The binary has the checksum removed in the PE file format. | f492468be9b84083fc48b102b9ce1efa | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: e2cb075dcc7f7f49c99e99c26083124d63a24f4e59fc870c131388f99d5747fbhttps://arxiv.org/abs/1801.08917PARENTID: M22-M602fSSDEEP: 12288:7Yt6ffPnlddBo4IlV1FnwkFe1vSpoDoKPfeREneu7TdCDpbx5vsXaQoca8c24LNo:7OWPnc4SHA1: 1dd1f9cf8c72f009ef91ad491fd1919c9f91373dMD5: f492468be9b84083fc48b102b9ce1efa |
M22-M6032 | Johnnie_a2e7a4af | Windows |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | a2e7a4afaad0d86de5deb1d4a273d6ab | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 089988b533e82f9d61020b3b6979bc61aa693d163f398e0a9054fd6e64a29b4bSHA1: d1a1c8c03219fef5c9c4f0ca032188ac80e7a72fMD5: a2e7a4afaad0d86de5deb1d4a273d6ab |
M22-M6053 | Gamarue_0bcb4a2d | Windows |
This strike sends a polymorphic malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.The binary has the timestamp field updated in the PE file header. | 0bcb4a2d2efa5f211f5d9dc4aac1246a | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: c7222148c714487f16df272b3db46d87c5d452e2c3133244dcb07e416fac7e63https://attack.mitre.org/techniques/T1099/PARENTID: M22-M6052SSDEEP: 12288:LWBasotvO7uknSY7J1o3xIamffkReBiNo+L7NSDAkiOolk/:qBasowSg1ohSkROMo+f1kZolMSHA1: f312ede2b4c71113c88de8fbda7f249bdd3755fbMD5: 0bcb4a2d2efa5f211f5d9dc4aac1246a |
M22-M6045 | Qakbot_cf2bc340 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | cf2bc34058f6e9684f0851a5fb0b59c7 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: a96ff0b409b0155e9c0aeb2a7a1c4416e8e836dec3a4aa09d88f4f5f2f9a59bbSHA1: 2d7e38c4fb4b3fb4716941a1ea15f1493b3494adMD5: cf2bc34058f6e9684f0851a5fb0b59c7 |
M22-M6031 | Gamarue_a208ad70 | Windows |
This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands. | a208ad7018437136b64d2f4c1af7c747 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 1b74245e622f51c04daed48cb8e464732ec5ef8e26d3ed2d6e06be7696b41f0cSHA1: e091b2c97fdac028e464c499153a4403b9a0fef5MD5: a208ad7018437136b64d2f4c1af7c747 |
M22-M6011 | Johnnie_3489533a | Windows |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | 3489533aef88a0ebbf18393459d212b0 | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 07d4eb068b92809328866c660e46882d3a056e86ea55aee5b564ea54a9cb16f1SHA1: 3dd0ef53bb320584e4d4604521f510a3194f2a5eMD5: 3489533aef88a0ebbf18393459d212b0 |
M22-M6024 | Gamarue_7df6bd24 | Windows |
This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands. | 7df6bd248b00fe3458591c996ca969fd | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 1b3590917d3cf25450d66f2c4bd9a7a9bd45a8628d9f04f8731bb24518d20881SHA1: 409b1d78a7f98eaad7c4e4da0d4dc73632136758MD5: 7df6bd248b00fe3458591c996ca969fd |
M22-M6025 | Razy_7ee9e970 | Windows |
This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process. | 7ee9e9701b2c5d1b0345eea51fe0f564 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 9d6ce349ae7a92237eafbbd66687e784e78f50c5cc92a22afe09a2971f9724d6SHA1: 059c2bf9028c6cf71f74874731dac8c4d15bcfacMD5: 7ee9e9701b2c5d1b0345eea51fe0f564 |
M22-M601f | Qakbot_65e20699 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 65e206996470de6b6a4d5a69e3e35848 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: c14031bddf471d354211f9f9341c716e5a5860e7ecc128de82afc37bbd2a96afSHA1: 03ac4e8c53a54abe897e42f53ed783202819cfdbMD5: 65e206996470de6b6a4d5a69e3e35848 |
M22-M6035 | Johnnie_b20dcf58 | Windows |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | b20dcf58c0cfb67f1fe389302e033d4f | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 121377d50799144f5d718ba9c1e805915fc3bd9d7594eb6115acd09e3d76f7d5SHA1: ea2d856cbe2da776a8999ee9ed1c6dda5ddcc425MD5: b20dcf58c0cfb67f1fe389302e033d4f |
M22-M602a | Qakbot_93c6b502 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 93c6b50240c4e7c220c55de4e12430ac | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 9a3686674c39ed0fd41b8f833aa9aa53a72451f4cf3def546643112b6aac97a3SHA1: 9c010c92fd0fc191855ba7971b5816fafb0b98b5MD5: 93c6b50240c4e7c220c55de4e12430ac |
M22-M604c | Gamarue_e3752433 | Windows |
This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands. | e3752433d62f4dbf29345aa5ecacafa9 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 18f0ffcc1d1ba6b6088a6bbdcc85c4a49e932a8250193be18496634903f30bfbSHA1: 285afa5ec84ef732fb92db5e8e893056562dff9bMD5: e3752433d62f4dbf29345aa5ecacafa9 |
M22-M601b | Qakbot_52575508 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 5257550892a72d7bec8a4e2c20fd106d | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 6c9ac84b13412ef8bed642d1efa2a6d249ce68b13aa7127a5e03b1ebd47f4efbSHA1: aec6e74eedaa80f993cf3a456da112e9424fb5a0MD5: 5257550892a72d7bec8a4e2c20fd106d |
M22-M6019 | Johnnie_44a6f92e | Windows |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | 44a6f92e70e8e011d6e39dbfc387157b | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 10ad3015e2d6967c07d012358fcdae6f02f57e69616b0a91c0e6cdf6b683e9c3SHA1: c0b65f38493de8d65606779d442795e1a937684eMD5: 44a6f92e70e8e011d6e39dbfc387157b |
M22-M6029 | Gamarue_89a1e176 | Windows |
This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands. | 89a1e176858e569ef99593d7f58929ec | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 0e5598348a8a169b8200db978dd941804ddd26cf2bfd4f894f32d24829950fc1SHA1: f9efa3c6767e889f71ba16e5b09f0f82fcd827cbMD5: 89a1e176858e569ef99593d7f58929ec |
M22-M6015 | Razy_408a2d09 | Windows |
This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process. | 408a2d09fddf9ba44cac548bb77173a7 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 41c32d860c96e3ed10747ae31b44c923037d1285ed59555c6056cd5d945bc835SHA1: 685f8f05a945116432b81f1ff1765d2c862660f6MD5: 408a2d09fddf9ba44cac548bb77173a7 |
M22-M605c | Razy_8115eaff | Windows |
This strike sends a polymorphic malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process.The binary has a random section name renamed according to the PE format specification. | 8115eafffd3dc5616b473a855a1462a7 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 687d129075fff7768e75d6c1eb50021f30711a692feb9804042227a2e302fc0chttps://arxiv.org/abs/1801.08917PARENTID: M22-M6028SSDEEP: 3072:xrHFTDdWZbxDrs5/V3og5NHs4I/w9/F5eCYRoiOUu4J/Wq1aDUezJUy0j92ISzzC:xTRdWZNWoUNHs4y2/eC5ihu4lWqaUoqASHA1: 646ea4bf1088556e50e36e008030ce6d76270c59MD5: 8115eafffd3dc5616b473a855a1462a7 |
M22-M604d | Johnnie_e429ec31 | Windows |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | e429ec317e88a45ffe3338aeee9fe11c | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 071463e9857ac23eb26297a19681e96be05122bf1e42f79fa2804b2e7df4deabSHA1: 9e00795b242a38662fe422eb010e4ecc0432b6f5MD5: e429ec317e88a45ffe3338aeee9fe11c |
M22-M6066 | Johnnie_ee9b176e | Windows |
This strike sends a polymorphic malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.The binary has random strings (lorem ipsum) appended at the end of the file. | ee9b176eef23f5a4e9a759f80de3f3a0 | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 2ac7070adb51da9a0b3e5d28226aa548c0061dbad1e7c5e0cdad31bfa802460ahttps://attack.mitre.org/techniques/T1009/PARENTID: M22-M602fSSDEEP: 12288:7Yt6ffPnlddJo4IlV1FnwkFe1vSpoDoKPfeREneu7TdCDpbx5vsXaQoca8c24LNg:7OWPnE4HSHA1: aba7219146316744e379f514c768ae17ad3314acMD5: ee9b176eef23f5a4e9a759f80de3f3a0 |
M22-M6023 | Razy_7bdfb61d | Windows |
This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process. | 7bdfb61dfb48061bb799543090f8bb54 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 28daa8d1fe18bbd9ac7565bbc0cf64480ce5ce5241564f1571299eaa4bd3f192SHA1: 5d5f3d241eadd1f5d78b269c9c7f65e48dfced2aMD5: 7bdfb61dfb48061bb799543090f8bb54 |
M22-M6063 | Qakbot_d2715637 | Windows |
This strike sends a polymorphic malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.The binary has the timestamp field updated in the PE file header. | d2715637f4f9a631de611b64fa57ca82 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 371831616c77311df27fdae959e5d2b4730455ee495d8c8adac4d7c06932df97https://attack.mitre.org/techniques/T1099/PARENTID: M22-M6036SSDEEP: 12288:IWouglFY69tmVqhL3MJPO+O6JSNxR36/g6LOmnBz:/poavxOu8msmBzSHA1: 3db8af082fcebc80429f0de7156131dc031292bdMD5: d2715637f4f9a631de611b64fa57ca82 |
M22-M602c | Razy_967d450c | Windows |
This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process. | 967d450cda75fadc84009f55723311d0 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 71957a63cf8a7387d640ef4f29b1285db34432c053b56048a660912ad5c868f2SHA1: 6ab55aaac22a7f4aa2eae12c1715355a8adb992cMD5: 967d450cda75fadc84009f55723311d0 |
M22-M6033 | Johnnie_add45c04 | Windows |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | add45c044a3c692d3c7a5bc5fe383751 | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 1008d9650c0b5b87e4791b18dad3458ee2cc0fe29a7262a86a4a83308c5fcfc3SHA1: 8a83df82ae83e463447d97b6d3d725ffcf587f1eMD5: add45c044a3c692d3c7a5bc5fe383751 |
M22-M605f | Johnnie_a31b0f6e | Windows |
This strike sends a polymorphic malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.The binary has the timestamp field updated in the PE file header. | a31b0f6e146fc15ebbc5b147b3f097c5 | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 289a96d44296c7486830d504438130829c9abc302c22f18d35cdf368341de689https://attack.mitre.org/techniques/T1099/PARENTID: M22-M602fSSDEEP: 12288:oYt6ffPnlddJo4IlV1FnwkFe1vSpoDoKPfeREneu7TdCDpbx5vsXaQoca8c24LNo:oOWPnE4SHA1: ca0567c1948138edb945939a73c9f063438986d9MD5: a31b0f6e146fc15ebbc5b147b3f097c5 |
M22-M604f | Gamarue_e9ec1a06 | Windows |
This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands. | e9ec1a063f0d557bfec2b04153b20cbe | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 123c43a6eb32fcd0218d59c8c65ce064b4ce307c89319fec49303c4d5039fb54SHA1: 483347ac7c86a3a07d34c2eecac609763fe2e689MD5: e9ec1a063f0d557bfec2b04153b20cbe |
M22-M601c | Razy_53ad5cd4 | Windows |
This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process. | 53ad5cd4141a2ac1b9ac77e5b0f28eef | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: a9bc9070ba0b1f3cc6ca78e24ea830524cc5a9821c857f2ebc98bc74fabe7b4eSHA1: d05f6341f1b327475744493a84f8f63aecdba7caMD5: 53ad5cd4141a2ac1b9ac77e5b0f28eef |
M22-M6068 | Razy_f93a2a58 | Windows |
This strike sends a polymorphic malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process.The binary has random bytes appended at the end of the file. | f93a2a5865439f6a08c183969e4e661e | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 7fefa768b139e0e38e4587db31cabc4d534417e5e433f431280823541c812e40https://attack.mitre.org/techniques/T1009/PARENTID: M22-M6028SSDEEP: 6144:7TRdWZNWoUNHs4y2/eC5ihu4lWqaUoqReRV:PDolR2/hcu4l3ySHA1: 8fb6558b64ae1d9c5dcd6b44cea2774f64c6c870MD5: f93a2a5865439f6a08c183969e4e661e |
M22-M6014 | Qakbot_4036ff97 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 4036ff97f2229b2262f95014bf58df9b | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 976aeff3a8234476c9757b3ad85be23a1d453e5d3960652d53e0c8c1ba3a531fSHA1: edb4d49f67d1b0d167ce4d584736922d8165d25cMD5: 4036ff97f2229b2262f95014bf58df9b |
M22-M6069 | Johnnie_d2fd1878 | Windows |
This strike sends a polymorphic malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.The binary has random bytes appended at the end of the file. | d2fd187823f6e78e1967b1cf04dac07f | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 08be4e45469f6bb550c00c7fce8d461b3803198b40288da5be42543634e19501https://attack.mitre.org/techniques/T1009/PARENTID: M22-M602fSSDEEP: 12288:7Yt6ffPnlddJo4IlV1FnwkFe1vSpoDoKPfeREneu7TdCDpbx5vsXaQoca8c24LN1:7OWPnE4aSHA1: af0b3d670e2605f884807a8f0019f4b4d9aeb385MD5: d2fd187823f6e78e1967b1cf04dac07f |
M22-M603f | Gamarue_c53222ea | Windows |
This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands. | c53222eacadfe39272f6fcf3303c2e98 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 19f5bb9e7e78da536d1623407d10b0702f008008bcef66ff11838a4248d93cafSHA1: 09c5790360816689db65f28fbd33276d01b0e1b5MD5: c53222eacadfe39272f6fcf3303c2e98 |
M22-M6016 | Johnnie_414e319d | Windows |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | 414e319d8a4769b01b783bb2c7297449 | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 09a45da2f4cc0f91e3a6af29095f73607287871573828495d1cd8679f00ee197SHA1: 56ac2f3f627660fafe4af9b5b8425c39fea3a036MD5: 414e319d8a4769b01b783bb2c7297449 |
M22-M6062 | Johnnie_cfe3f1b2 | Windows |
This strike sends a polymorphic malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.The binary has random contents appended in one of the existing sections in the PE file format. | cfe3f1b25bf77334bef22e6db871358b | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 4fbd3a7b51d641dd8d022681861f3b3f1a8d5301b646659fe1e326a6151d5aeehttps://arxiv.org/abs/1801.08917PARENTID: M22-M602fSSDEEP: 12288:7Yt6ffPnlddMo4IlV1FnwkFe1vSpoDoKPfeREneu7TdCDpbx5vsXaQoca8c24LNo:7OWPnn4SHA1: 8fe9d45b9679c75e85cf8fc06ba7eb507700f5e3MD5: cfe3f1b25bf77334bef22e6db871358b |
M22-M603e | Johnnie_bb97ffe2 | Windows |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | bb97ffe2b81520714594a1a4a0fbf161 | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 07d45e42c071baed5f213a9cb454f423558dd8d227b5a385b5eea836166ed2a3SHA1: 4061938af34c5ac91c14dd6d494f6153206c9d69MD5: bb97ffe2b81520714594a1a4a0fbf161 |
M22-M603d | Gamarue_bae65735 | Windows |
This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands. | bae6573551f8db9dff7435e48c237c7f | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 0d1d6fdd42506925cdd591e6e1937e0ca700acadb96b84105c2ad0c896d8654eSHA1: 9122ce6ca9b1521d2f74a5d7a5336cd5fdccebaeMD5: bae6573551f8db9dff7435e48c237c7f |
M22-M6057 | Gamarue_51b30f40 | Windows |
This strike sends a polymorphic malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.The binary has random contents appended in one of the existing sections in the PE file format. | 51b30f403012636119e3b5fdacfa74f9 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: fe9ac8858bdc374d4e862abdc9901248c809375d727d1196add83f38ff633adfhttps://arxiv.org/abs/1801.08917PARENTID: M22-M6052SSDEEP: 12288:/WBasotvO7uknSY7J1o3xIamffkReBiNo+LDNSDAkiOolk/:eBasowSg1ohSkROMo+/1kZolMSHA1: 123007e521aa131e42a432fd6e7ea9002e0cf7aeMD5: 51b30f403012636119e3b5fdacfa74f9 |
M22-M6040 | Qakbot_c579791b | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | c579791b7d102d18967aa4bf05f28281 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: a0e9c9bbd5717e2510416977201c65868f73c805f7e4c38495fa766bef4ece9bSHA1: d1f729de4fe6865a0ab2da53273062c5dc353d2fMD5: c579791b7d102d18967aa4bf05f28281 |
M22-M6026 | Johnnie_823ae99b | Windows |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | 823ae99b9a63bea70795d4aeb40373d2 | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 0651a3d54f5d93d46b458c172788bc789310228f66f52adeed3f5b14f3926020SHA1: cef1ef0657ec110bc64410cb95b46a6e939b1282MD5: 823ae99b9a63bea70795d4aeb40373d2 |
M22-M6056 | Johnnie_44a08a4a | Windows |
This strike sends a polymorphic malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.The binary has the timestamp field updated in the PE file header. | 44a08a4a0e364cf65eae97000baffd06 | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 933456f843bf7f976612a8886dc1d69d15e9d8b8908540a5ffcfb8070e7bb0e7https://attack.mitre.org/techniques/T1099/PARENTID: M22-M6001SSDEEP: 12288:G6LAvp6lpYdh5hnsgbv+9IlycgO9rxRMhhJPdZ13Sy3cg5FkN06XsJXpNwjO5O88:GOAvpepYdhASHA1: c93f7aabbe805c18d2968df5b2d4138d74d96b8fMD5: 44a08a4a0e364cf65eae97000baffd06 |
M22-M601d | Razy_5d412f49 | Windows |
This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process. | 5d412f493bf3599382b93dae9d321197 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 41b11c06a7b8fb5d150b000be312d14192c3bbed2f5223e8f8100004ef7d3769SHA1: c87ee822473fb7b57a0ebe84d0148bdfe4480b11MD5: 5d412f493bf3599382b93dae9d321197 |
M22-M602b | Johnnie_93d523a8 | Windows |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | 93d523a8b43d457b5406fcb6320d0f58 | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 08994b0dd47da89a34c9bbbe8e15bb03150d1823a3daac94e86ce333964727baSHA1: cf5d4e2382addcdf349a26111135b63a8a207381MD5: 93d523a8b43d457b5406fcb6320d0f58 |
M22-M6038 | Johnnie_b5435aca | Windows |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | b5435acae01e6f182ec43d92e86c73f0 | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 16f56872942abbf6b94ab2993cc94039d99ac7288af5f5368184c9e587bd0230SHA1: f93fa89ab000a018ae8c4250bcbc6c99844e6849MD5: b5435acae01e6f182ec43d92e86c73f0 |
M22-M602f | Johnnie_9bd611de | Windows |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | 9bd611decef5a788290814c6f4236cb2 | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 18d541517e2f22e05b92f1e29cba6a06a155892d61c8bd24a56ccf5ba2ea7070SHA1: dbee4e2f3a57edb5b3f29ab17ef502febe414f9cMD5: 9bd611decef5a788290814c6f4236cb2 |
M22-M6065 | Gamarue_e8c5bb4f | Windows |
This strike sends a polymorphic malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.The binary has random strings (lorem ipsum) appended at the end of the file. | e8c5bb4f6d9ed4ec046cb8989dba860e | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 6ccd749a17d1e4f39dc944c88496e217ae4650aafd71a66bc8328b802e668a95https://attack.mitre.org/techniques/T1009/PARENTID: M22-M6052SSDEEP: 12288:/WBasotvO7uknSY7J1o3xIamffkReBiNo+L7NSDAkiOolk2:eBasowSg1ohSkROMo+f1kZoltSHA1: 5a6e6ca27f3956cde58661fbff86833b6bde3dc3MD5: e8c5bb4f6d9ed4ec046cb8989dba860e |
M22-M6037 | Johnnie_b39fc516 | Windows |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | b39fc51671033a3abefdb125a58ffd14 | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 03b205636ddacee2791b3bea1bc540c52dbf764d263ff7e6b78e339976bbf1bdSHA1: 84895a8347323c2242026963db29a67a4d871567MD5: b39fc51671033a3abefdb125a58ffd14 |
M22-M6064 | Gamarue_e438a983 | Windows |
This strike sends a polymorphic malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.The binary has a random section name renamed according to the PE format specification. | e438a983fb2dc274d39702d4a860df15 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: bb63f08e4fd4ed4af9d5570517b86ee9bdcf3804490769d5ff61f0017218cf8dhttps://arxiv.org/abs/1801.08917PARENTID: M22-M6052SSDEEP: 12288:sWBasotvO7uknSY7J1o3xIamffkReBiNo+L7NSDAkiOolk/:rBasowSg1ohSkROMo+f1kZolMSHA1: e076fcc396e061cc8f41c25141756ed8085242efMD5: e438a983fb2dc274d39702d4a860df15 |
M22-M600f | Razy_2f7483ba | Windows |
This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process. | 2f7483ba3742b150b83cf1f643a6b6d7 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 5448e82c3d4e1b46d6f0f77762d1ee2ff2aebd10333475e2b95e269f37a0c74bSHA1: ec29f2f52a443bfe36d7260040c13c4deb219ce9MD5: 2f7483ba3742b150b83cf1f643a6b6d7 |
M22-M6001 | Johnnie_006d8728 | Windows |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | 006d8728a4620369481696802a18b6ae | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 178a7baba15d9bfde158fb181b45b7e12dbccbc49c2d7f27c1b5f2728b9dec24SHA1: ae94dd5083407906cb00f0d3857e78c56f9176efMD5: 006d8728a4620369481696802a18b6ae |
M22-M6018 | Razy_42570f5d | Windows |
This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process. | 42570f5dd072311421769b660b8d3b23 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 7c4f0c7a3f02b3f3dc335e5f4bcab2b1902696ce749498dc9e4681ff1ae8b574SHA1: 9527498d0723b999b9fabe9daf13350739738ed8MD5: 42570f5dd072311421769b660b8d3b23 |
M22-M603c | Razy_b9bde5f9 | Windows |
This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process. | b9bde5f9ae8e82d14e7e2edab02885a6 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 8a4d8ba8bcf91642892e946437a3471848b6dad25d80f7a6f6d4f4cf05b24b00SHA1: 9a7d554ceede97b191b59a498f3f2548044479b0MD5: b9bde5f9ae8e82d14e7e2edab02885a6 |
M22-M6044 | Gamarue_cca88bd6 | Windows |
This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands. | cca88bd68a1ba8bfdca268cace9a27f6 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 11b8882e4b57cd2bfb9983a4c4834b6cdaa333a70a23c122239cd557e32fc4d9SHA1: bb66f6aeb7165c830ef82f743313a1f964022339MD5: cca88bd68a1ba8bfdca268cace9a27f6 |
M22-M6042 | Razy_cae50e27 | Windows |
This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process. | cae50e27b70d5bab0e7b7ee5ddbaae89 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: bfafe7f6c07945cb86bb8f0c340745a723c54cbe7eb841e7a2261f46e65e28ccSHA1: 0bd03db5844a8fb70c5470f04e1b4495727d2ad7MD5: cae50e27b70d5bab0e7b7ee5ddbaae89 |
M22-M6003 | Johnnie_0318ec7b | Windows |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | 0318ec7b3f61394e00293704921dd4c6 | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 139e428d990500159cc153a5c1cd4558026542ed4c51dbd88e884e0c14f5f3a2SHA1: 85ca4f9a3d0c69eaf6d4effd38e6fa2f649e8b64MD5: 0318ec7b3f61394e00293704921dd4c6 |
M22-M6059 | Qakbot_620bda71 | Windows |
This strike sends a polymorphic malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.The binary has the checksum removed in the PE file format. | 620bda711e7c51e6451af5d75de1c7f9 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 6fd4dc20c884b0eb8c6354a474c441b33681ebafdb4b22338bc52495d654d1a9https://arxiv.org/abs/1801.08917PARENTID: M22-M6036SSDEEP: 12288:VWouglFY69tmVqhL3MJPO+O6JSNxR36/g6LOmnBz:YpoavxOu8msmBzSHA1: a8275c39f1d2b3b7d3e81f2815a1c11111328ab3MD5: 620bda711e7c51e6451af5d75de1c7f9 |
M22-M602d | Gamarue_9681ced1 | Windows |
This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands. | 9681ced1fbff560cd894d2785639ca51 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 0bc473b1333b01b134c140ff84f0c0577dedd8355de11459f6e78a49b1ef3209SHA1: e9354eec89d92995f32b3f94f992ab69b5659de2MD5: 9681ced1fbff560cd894d2785639ca51 |
M22-M6008 | Johnnie_1bfd9858 | Windows |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | 1bfd985899f6a9d83478eb869df273d1 | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 07dd67ea6bec0584094609bee43a10b3a9f43cbb015e82987ebeb5c411af91d9SHA1: ba9660ab29487ae2b29152536eb7faed8e931f38MD5: 1bfd985899f6a9d83478eb869df273d1 |
M22-M600e | Razy_2f600beb | Windows |
This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process. | 2f600bebf301bb078c8e27505c37cf31 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 57e55994a83b9dfaadd43d8e4b0bd64b5af7d9d89b4d911ba8abdae6259f049fSHA1: 9e68ac62368ff926d3a2137ccc6d77710b1d5ddfMD5: 2f600bebf301bb078c8e27505c37cf31 |
M22-M605d | Qakbot_8c6445de | Windows |
This strike sends a polymorphic malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.The binary has a random section name renamed according to the PE format specification. | 8c6445de424b22dfb3339f5dea072156 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: d97caf17ec7f16b7619800d2fe576279bf18f4b3b4a5a2134f4d85b795fd5411https://arxiv.org/abs/1801.08917PARENTID: M22-M6036SSDEEP: 12288:EWouglFY69tmVqhL3MJPO+O6JSNxR36/g6LOmnBz:DpoavxOu8msmBzSHA1: 544b7caf033c6c7951ccd58f52b5edcfb4990607MD5: 8c6445de424b22dfb3339f5dea072156 |
M22-M6048 | Qakbot_da8ab69a | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | da8ab69a032a706a1ba7b0ed620d79c3 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 12408009ac27b79c45fbab67e7db0b59b4bb83da75957d7d62b796d2c67e4975SHA1: 8f926cfc6df901e888a0304d2a194257ff034d66MD5: da8ab69a032a706a1ba7b0ed620d79c3 |
M22-M6047 | Qakbot_d7d6b087 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | d7d6b087e5fb0450a0fbb8c747850489 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: c02f6c468924b34ade33d3e940ead79be5a68fce12ea7a227e2a4bba300f02a5SHA1: 19d61bd3f357c02f514a7fd10d0e3f82023af759MD5: d7d6b087e5fb0450a0fbb8c747850489 |
M22-M605a | Johnnie_707cc8ef | Windows |
This strike sends a polymorphic malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.The binary has the debug flag removed in the PE file format. | 707cc8ef9a179285e235974314c3449e | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: d94e9f5225dce9bdda60e58780fb5854ca1f5bfa8598378949b2711fa9c14b23https://arxiv.org/abs/1801.08917PARENTID: M22-M6001SSDEEP: 12288:s6LAvp6lpYdh5snsgbv+9IlycgO9rxRMhhJPdZ13Sy3cg5FkN06XsJXpNwjO5O88:sOAvpepYdhjSHA1: 50c16c89f1c5c07afda769882cc89d0991393292MD5: 707cc8ef9a179285e235974314c3449e |
M22-M6021 | Johnnie_7236d785 | Windows |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | 7236d785527143086ea1e77b3e975342 | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 0b2d71a663e60bb5cca8f76d2fd23468a8cc74b199bb382305c7412aceb3f63dSHA1: 07d8a22b1b5359fbf8d144becaa2def061dc4f0cMD5: 7236d785527143086ea1e77b3e975342 |
M22-M6036 | Qakbot_b2f82fff | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | b2f82fffaf5edbbc741cc7423c54a204 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 09cb67546950ba43047a6f5b905a86c5c69227f47f20ed1f0813b43263c3785cSHA1: 741e21bf7ac486223dd9773e4d8a883c4d457054MD5: b2f82fffaf5edbbc741cc7423c54a204 |
M22-M605b | Johnnie_7583af11 | Windows |
This strike sends a polymorphic malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.The binary has random bytes appended at the end of the file. | 7583af11e00d12f390a15c3fe33a4b4f | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 77d7ae7cefd8183f76942766825a45d206ed0d122aa3b4f5f1f97ad0f1bbde1ahttps://attack.mitre.org/techniques/T1009/PARENTID: M22-M6001SSDEEP: 12288:66LAvp6lpYdh5hnsgbv+9IlycgO9rxRMhhJPdZ13Sy3cg5FkN06XsJXpNwjO5O8L:6OAvpepYdhARSHA1: 248214d4fd93cdb7c6ae73a4998db045ec4de3c2MD5: 7583af11e00d12f390a15c3fe33a4b4f |
M22-M6009 | Qakbot_2189e297 | Windows |
This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB. | 2189e297d1900f7766d07be488c05502 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: d5a6e983c273a9a052574325259822d49512da45f9ada076ed53015c80d1e1d4SHA1: 68aea8b6af4abcae2ac65010bb986fc868309adaMD5: 2189e297d1900f7766d07be488c05502 |
M22-M6028 | Razy_89731bbf | Windows |
This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process. | 89731bbf0ff24e5ab793221aa5fa793d | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 256d2a981895d7571e7a8487dcdb22a15ac4da676156cfd998a003b15a0b9ef8SHA1: 7376ab5acee8bfaae84210e09e527efc35bf6b20MD5: 89731bbf0ff24e5ab793221aa5fa793d |
M22-M601e | Razy_614a7da1 | Windows |
This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process. | 614a7da1251aea20e234b2024fd082f6 | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 5acc61f6ce684068fe6f07ce1e0636ac82498a816058083c44601f26ccb7e850SHA1: 1569761f84a6feb7f2be5c791d3ad461651096daMD5: 614a7da1251aea20e234b2024fd082f6 |
M22-M6002 | Gamarue_01d30b58 | Windows |
This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands. | 01d30b58ced0722029bf33d9c8380aed | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 1a92ba667ee165a80326fae74af7cedf8eacbc97edc0623fc92a21918062ed04SHA1: 51714ae0529feee8b6c9d023068e01badcca0a39MD5: 01d30b58ced0722029bf33d9c8380aed |
M22-M604a | Johnnie_e09ba79a | Windows |
This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture. | e09ba79a177bf796e44b10f67cc45d8f | https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.htmlSHA256: 0757ed3e6a6a99d98abae124a05ee33e191fd42481e9f9af456ea5d87cb0256fSHA1: 9dae00f7ca4afd83e81d3e27951876cb7fe864c4MD5: e09ba79a177bf796e44b10f67cc45d8f |
M22-M603a | Razy_b99915c7 | Windows |
This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process. | b99915c7b410a6460dd0f1e0281ee0be | https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.htmlSHA256: 883fcb50f17c3e54e7f04aa8b38894119ba6baace124426030119b580fed33a9SHA1: 396885b5c93ac796ad07c6f3dc0c33c1631c8a50MD5: b99915c7b410a6460dd0f1e0281ee0be |