Malware Monthly Update June - 2022

Malware Strikes

Strike ID Malware Platform Info MD5 External References
M22-M6039Qakbot_b78d07e0Windows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.b78d07e05cd8716afc4c929b8b810033https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 151c33f7cc6970eb9d6cf8d1bc6f3c34899aea570381712a1059688478097693
SHA1: 59213afce1bdb37b450db49476526fe5a58b8c6f
MD5: b78d07e05cd8716afc4c929b8b810033
M22-M600bRazy_252b278eWindows This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process.252b278eca0767c82901c901c3cfd469https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 5489417e8b65281a8c91c86bbeee1d0730e30db31ade1453d9b75e8eb74ae0e7
SHA1: fbf67e241797abad01d829de29f90466d6361cb2
MD5: 252b278eca0767c82901c901c3cfd469
M22-M6055Johnnie_38c0b11fWindows This strike sends a polymorphic malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.The binary has the debug flag removed in the PE file format.38c0b11fddbfbc2806cfacb08ecd6ca1https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 1bde3bbe189e4c8511112ec85ddb601205d2245c286eaca0e8a279f939bd2db6
https://arxiv.org/abs/1801.08917
PARENTID: M22-M602f
SSDEEP: 12288:VYt6ffPnlddBo4IlV1FnwkFe1vSpoDoKPfeREneu7TdCDpbx5vsXaQoca8c24LNo:VOWPnc4
SHA1: bdf828ddd03d74ac57c64c60d5b6f2afe23df389
MD5: 38c0b11fddbfbc2806cfacb08ecd6ca1
M22-M605eJohnnie_a14f71feWindows This strike sends a polymorphic malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.The binary has the checksum removed in the PE file format.a14f71fe7ea29bb40ad88b302881dab6https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 42d8f9b6ae825c3b853057a96f11b6f1574638813c84c707aebf1bf5f0c74582
https://arxiv.org/abs/1801.08917
PARENTID: M22-M6001
SSDEEP: 12288:66LAvp6lpYdh5snsgbv+9IlycgO9rxRMhhJPdZ13Sy3cg5FkN06XsJXpNwjO5O88:6OAvpepYdhj
SHA1: a0b10a1963e6d4b2079187bf420eabbcf988d6c1
MD5: a14f71fe7ea29bb40ad88b302881dab6
M22-M600dRazy_2ea5d78aWindows This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process.2ea5d78aab51ab807a91a44d5b76f1d5https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: ae5233f7947ccc7339a4d3beee2ab2d82d82ee445df4010b87a9e30585f0a73d
SHA1: 103eeb565292dfc10a6c0eddb9ef9b8e917bf310
MD5: 2ea5d78aab51ab807a91a44d5b76f1d5
M22-M601aJohnnie_473f83f1Windows This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.473f83f197ba26d4599757b81ce0dd52https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 1432f96255366adb5119d016f627bf241da64b3d5aba0dc9e8e5bc941f138c02
SHA1: 3ccf38d783571c2548a6bf39d666bc16d4b33b3a
MD5: 473f83f197ba26d4599757b81ce0dd52
M22-M6007Johnnie_15459468Windows This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.15459468e06d5d7a87da077876f8f92chttps://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 1300417d32610e74c37897b0e1f73efd9edeea5ded6052cf093e0555e685df2f
SHA1: 1ae2de3db2b17ef50bb64cfe2d429b30a91bf0ab
MD5: 15459468e06d5d7a87da077876f8f92c
M22-M6050Razy_f1c1283dWindows This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process.f1c1283d8cac50b7b8e9c0541f254d08https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 27d33499047b98a15fa6bea859f83308e1b7c2f4d08330dcaaa050d6f11ed81b
SHA1: 05d4fa33426c2c1c8b5f5c28577dae11e718b5f7
MD5: f1c1283d8cac50b7b8e9c0541f254d08
M22-M6004Gamarue_0dc48d5dWindows This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.0dc48d5d1bd8637abbaa22a7c2628b3ahttps://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 209e035ae0466fab69f5fc4b2bf69a5cb30e80b22d29558ef2d3074da57fdb03
SHA1: acabb972077beb3a7eb9036942cf4e4bb73fdb91
MD5: 0dc48d5d1bd8637abbaa22a7c2628b3a
M22-M6060Gamarue_aef60c6dWindows This strike sends a polymorphic malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.The binary has random bytes appended at the end of the file.aef60c6d7f959e086091da6e009bf27dhttps://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: a06be84c33e2c6bb51a4dc2d611709de6a1993ef081eefcfbe00fe7a244367b0
https://attack.mitre.org/techniques/T1009/
PARENTID: M22-M6052
SSDEEP: 12288:/WBasotvO7uknSY7J1o3xIamffkReBiNo+L7NSDAkiOolkY:eBasowSg1ohSkROMo+f1kZolj
SHA1: 9e517a663c30f6d3415f77155bb235429bb3a180
MD5: aef60c6d7f959e086091da6e009bf27d
M22-M6058Johnnie_61477e80Windows This strike sends a polymorphic malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.The binary has a random section name renamed according to the PE format specification.61477e80eecd0c78d674edb9798ffef5https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: f213c454d331c1dedb929ab1e54b70f69677ed88c6d4b36f2129b8c873977694
https://arxiv.org/abs/1801.08917
PARENTID: M22-M6001
SSDEEP: 12288:C6LAvp6lpYdh5hnsgbv+9IlycgO9rxRMhhJPdZ13Sy3cg5FkN06XsJXpNwjO5O88:COAvpepYdhA
SHA1: babbe12666d57a8bda8c0730bbab990dd48a8377
MD5: 61477e80eecd0c78d674edb9798ffef5
M22-M602eRazy_9b6a7a52Windows This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process.9b6a7a5208bbb45777920653c8b23855https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 18ee3f1aa87930381c08be6b1265fa6ce96802528c319a9421d6836eb0eaf6b6
SHA1: 12493718a1b2e94d4c67db9ba0ab7f98214f52eb
MD5: 9b6a7a5208bbb45777920653c8b23855
M22-M6006Gamarue_11c69541Windows This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.11c695418eadfc9c1c6e83a538bc30a6https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 1809966444e6d698474d4e0a7f79218318beb82f29ab2c22e979d1b35524c014
SHA1: 8cf9272233657d2e2b6a45bd02bfa43c571e8b96
MD5: 11c695418eadfc9c1c6e83a538bc30a6
M22-M6027Gamarue_84071b13Windows This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.84071b13ac60297978051069223b60c0https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 0427a620e90ac9ef63604fadde7d29b83a9a436bf77a5379e6c29d60be9cabd3
SHA1: 31af2fe15be19b4ab17e244ad148a875d731d157
MD5: 84071b13ac60297978051069223b60c0
M22-M6043Johnnie_cb652b95Windows This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.cb652b95e5fe643cda5838279a73c3e6https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 03ed8536f865b257cb84d00578d68b30f7e4f5e2b8b11ea2c536f4a73fcc88bc
SHA1: b355538efe8cdf768a84dc5ec887792939e56ebe
MD5: cb652b95e5fe643cda5838279a73c3e6
M22-M6061Johnnie_b3de3cd3Windows This strike sends a polymorphic malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.The binary has random contents appended in one of the existing sections in the PE file format.b3de3cd3f7f35383af885a9daceda7e1https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: bea89517329904463770be7516c3acc721aa2aae81d7198e371809aff1e90326
https://arxiv.org/abs/1801.08917
PARENTID: M22-M6001
SSDEEP: 12288:66LAvp6lpYdh5snsgbv+9IlycgO9rxRMhhJPdZ13Sy3cg5FkN06XsJXpNwjO5O88:6OAvpepYdhj
SHA1: 591102f85bafa807056cb5ce773e20681da7e0c8
MD5: b3de3cd3f7f35383af885a9daceda7e1
M22-M6012Gamarue_3861c6dfWindows This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.3861c6df0f2c6ceba149bc09e51509b7https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 0f14936181bf66d953049f2b3773ab21454630c1c89814b3f3625ef69748865e
SHA1: d1d9313ce35ce87ade6d11273e9db2bd51cdef4d
MD5: 3861c6df0f2c6ceba149bc09e51509b7
M22-M6041Razy_c9f10d7cWindows This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process.c9f10d7c9f46eacb6dce566f889fa8b1https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 399f262d92079f2ffecf0fcb16829620c05deab661bf5c6783b5ba3ae362f448
SHA1: 0da52959066b9ea03981989fd959dbe1da2c3c17
MD5: c9f10d7c9f46eacb6dce566f889fa8b1
M22-M6054Johnnie_38887b35Windows This strike sends a polymorphic malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.The binary has random strings (lorem ipsum) appended at the end of the file.38887b351d676a1a552cb3c9af280e90https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 35fd463ccc2fc250ccc077fc200d41c126b20235e817ccb94038da1714185cd3
https://attack.mitre.org/techniques/T1009/
PARENTID: M22-M6001
SSDEEP: 12288:66LAvp6lpYdh5hnsgbv+9IlycgO9rxRMhhJPdZ13Sy3cg5FkN06XsJXpNwjO5O8c:6OAvpepYdhAy
SHA1: d0595641d7c04c1bba4a82eb35c7e191d088371f
MD5: 38887b351d676a1a552cb3c9af280e90
M22-M600aRazy_22f324e1Windows This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process.22f324e17259132c9b849a25159b18adhttps://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 63f0cee4f9bc1e9186a85684bd57b9b74ccdac7031ccb9d58b064b960b1a227d
SHA1: bc09aa876b53b46b4ff5866f67c4826a6a858001
MD5: 22f324e17259132c9b849a25159b18ad
M22-M6052Gamarue_fde8fb71Windows This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.fde8fb71e98e02c81f20004bba7919f7https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 01369a57c3ff4aac43b9b32940ba0e6266ab59bc7ca494b050c1b368ba59f63b
SHA1: 974fe5910c946c4f6ec2ec3f81d4b54e9e3736f0
MD5: fde8fb71e98e02c81f20004bba7919f7
M22-M6020Razy_6e668a86Windows This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process.6e668a860579dbd302a187a98076b93ahttps://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 79e1510f7caeeb6249bc2d2064f2b9c5aebb438ebf97e4d24791c090258112c0
SHA1: eb72410f44980cdd027eb58a93ae05647ca1d2a8
MD5: 6e668a860579dbd302a187a98076b93a
M22-M6051Qakbot_f36c3faaWindows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.f36c3faa276a50373ad163bc5d3f8fe0https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 7c8320812c0c1c634d9c6a425e057fc045d0bccccd0165712348cbe757db653b
SHA1: 5200ac2ab52130ea1bedd922b0f7f31bd04a51d1
MD5: f36c3faa276a50373ad163bc5d3f8fe0
M22-M6022Johnnie_7a526e82Windows This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.7a526e82d6249af223c93a4bad5629bfhttps://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 1394fe31d98ae7f742189f75e1ee7f0593540b79a46ffe07d61d4397de0f12c1
SHA1: 6e79a3be3ea27ff78279a76065c81e089e83927e
MD5: 7a526e82d6249af223c93a4bad5629bf
M22-M603bRazy_b9a11c5dWindows This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process.b9a11c5d2dc977651fc892b50a18cc2dhttps://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: bc873e9989a8343cd09b3b15c76a9c863c10489023c1340ac00db4df23ed50e1
SHA1: 943519013fdf62c404858a154841103a35a6e719
MD5: b9a11c5d2dc977651fc892b50a18cc2d
M22-M6049Johnnie_debdb48bWindows This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.debdb48baba37bc651ecd823605cd46chttps://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 0a52a1b56ac888497a88371c954325d312eae19cad14460b572aac8c5ac37d6d
SHA1: bf8fc654dd506f975ce1674415938ecb6198e07f
MD5: debdb48baba37bc651ecd823605cd46c
M22-M6013Razy_3b0e0563Windows This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process.3b0e0563d8e5d58dab416cef38ca179chttps://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 2881007599ebd28af75ae82cd8a908dba72fe55451718a0ee6fba55aa871e6d5
SHA1: 3dbbbfb7766b073154d637e1e87da417a387ba77
MD5: 3b0e0563d8e5d58dab416cef38ca179c
M22-M604bQakbot_e0f2fec0Windows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.e0f2fec052912f010cb1d82d348d7e31https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: a3ec040f43b7374bb1f00c32700119847dae3763c191c174d48e5e26c2d9ef49
SHA1: f866c5fbb5e7dd5fda54d598d3e172d358b7215c
MD5: e0f2fec052912f010cb1d82d348d7e31
M22-M6010Gamarue_3109f7b5Windows This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.3109f7b5e2b3feb06e6876797ca5b964https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 1997d9b57a35492a00181ab2991d801b9b7009528351f281b982a10a783f1dba
SHA1: 0c2c2083db4c4d73ef7a3d1a8d223968bb0a628c
MD5: 3109f7b5e2b3feb06e6876797ca5b964
M22-M6034Razy_b1d1bedbWindows This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process.b1d1bedb59a544bfa5beba3067560a1bhttps://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 283977145a129fabde4321fd2551e1837e8e3e11e1b6ee7b6f52ab486875356f
SHA1: 6e65d03fac4419d508d53063558fc20149703079
MD5: b1d1bedb59a544bfa5beba3067560a1b
M22-M6017Qakbot_42284715Windows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.42284715939561b2992346faaaeef610https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 080d33d769ff2c3d103174031d146d606bb0cb57a8fffaa18b4818b512e15c46
SHA1: 1cd153a12247e111070784876f01b3f8fe728bc1
MD5: 42284715939561b2992346faaaeef610
M22-M6005Gamarue_0f2af894Windows This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.0f2af89460de5fe7331967d5f71a0bb9https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 1197004d327cf90d046b76e1583eafb948e3d1c4fec2633beb03984dfe081a02
SHA1: 3abbfce22d452cccf4f65da50209f10cfebae963
MD5: 0f2af89460de5fe7331967d5f71a0bb9
M22-M6030Razy_9ef22e9cWindows This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process.9ef22e9c85adf31eff472e50319aa8bdhttps://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 362e58c8a3f41f656de671ce9ec0aab32e0f551a244744aff53388c58fc4a6e2
SHA1: 16c3728c156b9ce747b4632386ecead21d186778
MD5: 9ef22e9c85adf31eff472e50319aa8bd
M22-M600cGamarue_28a8fa22Windows This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.28a8fa223f15bd707365602b9d07c409https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 1a7bf9542c232c8bb7988e2d983fc11494316515102750dfa6b69da58561465a
SHA1: 08384628eac7375b8fbc1cf37498fb85e549db2a
MD5: 28a8fa223f15bd707365602b9d07c409
M22-M604eJohnnie_e6faa2e3Windows This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.e6faa2e3d72d4a8cbbff122b335e72a0https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 0c8ef4eda585236858772e3bd0f981a5aeec797a5af7888a6ca9c71a9de6c274
SHA1: 4d31363c2b92087a67d09c9d386892c430fd3e67
MD5: e6faa2e3d72d4a8cbbff122b335e72a0
M22-M6046Gamarue_d55fe6faWindows This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.d55fe6fa8d2ba3c2c6300a71990f38c2https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 19091358be18e480437b6d681782309cd63a87377cd6fbd807cc4e821423bcd8
SHA1: f932be3c6859305b8a84810d74d50a96f5d6d18e
MD5: d55fe6fa8d2ba3c2c6300a71990f38c2
M22-M6067Johnnie_f492468bWindows This strike sends a polymorphic malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.The binary has the checksum removed in the PE file format.f492468be9b84083fc48b102b9ce1efahttps://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: e2cb075dcc7f7f49c99e99c26083124d63a24f4e59fc870c131388f99d5747fb
https://arxiv.org/abs/1801.08917
PARENTID: M22-M602f
SSDEEP: 12288:7Yt6ffPnlddBo4IlV1FnwkFe1vSpoDoKPfeREneu7TdCDpbx5vsXaQoca8c24LNo:7OWPnc4
SHA1: 1dd1f9cf8c72f009ef91ad491fd1919c9f91373d
MD5: f492468be9b84083fc48b102b9ce1efa
M22-M6032Johnnie_a2e7a4afWindows This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.a2e7a4afaad0d86de5deb1d4a273d6abhttps://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 089988b533e82f9d61020b3b6979bc61aa693d163f398e0a9054fd6e64a29b4b
SHA1: d1a1c8c03219fef5c9c4f0ca032188ac80e7a72f
MD5: a2e7a4afaad0d86de5deb1d4a273d6ab
M22-M6053Gamarue_0bcb4a2dWindows This strike sends a polymorphic malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.The binary has the timestamp field updated in the PE file header.0bcb4a2d2efa5f211f5d9dc4aac1246ahttps://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: c7222148c714487f16df272b3db46d87c5d452e2c3133244dcb07e416fac7e63
https://attack.mitre.org/techniques/T1099/
PARENTID: M22-M6052
SSDEEP: 12288:LWBasotvO7uknSY7J1o3xIamffkReBiNo+L7NSDAkiOolk/:qBasowSg1ohSkROMo+f1kZolM
SHA1: f312ede2b4c71113c88de8fbda7f249bdd3755fb
MD5: 0bcb4a2d2efa5f211f5d9dc4aac1246a
M22-M6045Qakbot_cf2bc340Windows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.cf2bc34058f6e9684f0851a5fb0b59c7https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: a96ff0b409b0155e9c0aeb2a7a1c4416e8e836dec3a4aa09d88f4f5f2f9a59bb
SHA1: 2d7e38c4fb4b3fb4716941a1ea15f1493b3494ad
MD5: cf2bc34058f6e9684f0851a5fb0b59c7
M22-M6031Gamarue_a208ad70Windows This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.a208ad7018437136b64d2f4c1af7c747https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 1b74245e622f51c04daed48cb8e464732ec5ef8e26d3ed2d6e06be7696b41f0c
SHA1: e091b2c97fdac028e464c499153a4403b9a0fef5
MD5: a208ad7018437136b64d2f4c1af7c747
M22-M6011Johnnie_3489533aWindows This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.3489533aef88a0ebbf18393459d212b0https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 07d4eb068b92809328866c660e46882d3a056e86ea55aee5b564ea54a9cb16f1
SHA1: 3dd0ef53bb320584e4d4604521f510a3194f2a5e
MD5: 3489533aef88a0ebbf18393459d212b0
M22-M6024Gamarue_7df6bd24Windows This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.7df6bd248b00fe3458591c996ca969fdhttps://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 1b3590917d3cf25450d66f2c4bd9a7a9bd45a8628d9f04f8731bb24518d20881
SHA1: 409b1d78a7f98eaad7c4e4da0d4dc73632136758
MD5: 7df6bd248b00fe3458591c996ca969fd
M22-M6025Razy_7ee9e970Windows This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process.7ee9e9701b2c5d1b0345eea51fe0f564https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 9d6ce349ae7a92237eafbbd66687e784e78f50c5cc92a22afe09a2971f9724d6
SHA1: 059c2bf9028c6cf71f74874731dac8c4d15bcfac
MD5: 7ee9e9701b2c5d1b0345eea51fe0f564
M22-M601fQakbot_65e20699Windows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.65e206996470de6b6a4d5a69e3e35848https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: c14031bddf471d354211f9f9341c716e5a5860e7ecc128de82afc37bbd2a96af
SHA1: 03ac4e8c53a54abe897e42f53ed783202819cfdb
MD5: 65e206996470de6b6a4d5a69e3e35848
M22-M6035Johnnie_b20dcf58Windows This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.b20dcf58c0cfb67f1fe389302e033d4fhttps://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 121377d50799144f5d718ba9c1e805915fc3bd9d7594eb6115acd09e3d76f7d5
SHA1: ea2d856cbe2da776a8999ee9ed1c6dda5ddcc425
MD5: b20dcf58c0cfb67f1fe389302e033d4f
M22-M602aQakbot_93c6b502Windows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.93c6b50240c4e7c220c55de4e12430achttps://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 9a3686674c39ed0fd41b8f833aa9aa53a72451f4cf3def546643112b6aac97a3
SHA1: 9c010c92fd0fc191855ba7971b5816fafb0b98b5
MD5: 93c6b50240c4e7c220c55de4e12430ac
M22-M604cGamarue_e3752433Windows This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.e3752433d62f4dbf29345aa5ecacafa9https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 18f0ffcc1d1ba6b6088a6bbdcc85c4a49e932a8250193be18496634903f30bfb
SHA1: 285afa5ec84ef732fb92db5e8e893056562dff9b
MD5: e3752433d62f4dbf29345aa5ecacafa9
M22-M601bQakbot_52575508Windows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.5257550892a72d7bec8a4e2c20fd106dhttps://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 6c9ac84b13412ef8bed642d1efa2a6d249ce68b13aa7127a5e03b1ebd47f4efb
SHA1: aec6e74eedaa80f993cf3a456da112e9424fb5a0
MD5: 5257550892a72d7bec8a4e2c20fd106d
M22-M6019Johnnie_44a6f92eWindows This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.44a6f92e70e8e011d6e39dbfc387157bhttps://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 10ad3015e2d6967c07d012358fcdae6f02f57e69616b0a91c0e6cdf6b683e9c3
SHA1: c0b65f38493de8d65606779d442795e1a937684e
MD5: 44a6f92e70e8e011d6e39dbfc387157b
M22-M6029Gamarue_89a1e176Windows This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.89a1e176858e569ef99593d7f58929echttps://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 0e5598348a8a169b8200db978dd941804ddd26cf2bfd4f894f32d24829950fc1
SHA1: f9efa3c6767e889f71ba16e5b09f0f82fcd827cb
MD5: 89a1e176858e569ef99593d7f58929ec
M22-M6015Razy_408a2d09Windows This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process.408a2d09fddf9ba44cac548bb77173a7https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 41c32d860c96e3ed10747ae31b44c923037d1285ed59555c6056cd5d945bc835
SHA1: 685f8f05a945116432b81f1ff1765d2c862660f6
MD5: 408a2d09fddf9ba44cac548bb77173a7
M22-M605cRazy_8115eaffWindows This strike sends a polymorphic malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process.The binary has a random section name renamed according to the PE format specification.8115eafffd3dc5616b473a855a1462a7https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 687d129075fff7768e75d6c1eb50021f30711a692feb9804042227a2e302fc0c
https://arxiv.org/abs/1801.08917
PARENTID: M22-M6028
SSDEEP: 3072:xrHFTDdWZbxDrs5/V3og5NHs4I/w9/F5eCYRoiOUu4J/Wq1aDUezJUy0j92ISzzC:xTRdWZNWoUNHs4y2/eC5ihu4lWqaUoqA
SHA1: 646ea4bf1088556e50e36e008030ce6d76270c59
MD5: 8115eafffd3dc5616b473a855a1462a7
M22-M604dJohnnie_e429ec31Windows This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.e429ec317e88a45ffe3338aeee9fe11chttps://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 071463e9857ac23eb26297a19681e96be05122bf1e42f79fa2804b2e7df4deab
SHA1: 9e00795b242a38662fe422eb010e4ecc0432b6f5
MD5: e429ec317e88a45ffe3338aeee9fe11c
M22-M6066Johnnie_ee9b176eWindows This strike sends a polymorphic malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.The binary has random strings (lorem ipsum) appended at the end of the file.ee9b176eef23f5a4e9a759f80de3f3a0https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 2ac7070adb51da9a0b3e5d28226aa548c0061dbad1e7c5e0cdad31bfa802460a
https://attack.mitre.org/techniques/T1009/
PARENTID: M22-M602f
SSDEEP: 12288:7Yt6ffPnlddJo4IlV1FnwkFe1vSpoDoKPfeREneu7TdCDpbx5vsXaQoca8c24LNg:7OWPnE4H
SHA1: aba7219146316744e379f514c768ae17ad3314ac
MD5: ee9b176eef23f5a4e9a759f80de3f3a0
M22-M6023Razy_7bdfb61dWindows This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process.7bdfb61dfb48061bb799543090f8bb54https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 28daa8d1fe18bbd9ac7565bbc0cf64480ce5ce5241564f1571299eaa4bd3f192
SHA1: 5d5f3d241eadd1f5d78b269c9c7f65e48dfced2a
MD5: 7bdfb61dfb48061bb799543090f8bb54
M22-M6063Qakbot_d2715637Windows This strike sends a polymorphic malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.The binary has the timestamp field updated in the PE file header.d2715637f4f9a631de611b64fa57ca82https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 371831616c77311df27fdae959e5d2b4730455ee495d8c8adac4d7c06932df97
https://attack.mitre.org/techniques/T1099/
PARENTID: M22-M6036
SSDEEP: 12288:IWouglFY69tmVqhL3MJPO+O6JSNxR36/g6LOmnBz:/poavxOu8msmBz
SHA1: 3db8af082fcebc80429f0de7156131dc031292bd
MD5: d2715637f4f9a631de611b64fa57ca82
M22-M602cRazy_967d450cWindows This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process.967d450cda75fadc84009f55723311d0https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 71957a63cf8a7387d640ef4f29b1285db34432c053b56048a660912ad5c868f2
SHA1: 6ab55aaac22a7f4aa2eae12c1715355a8adb992c
MD5: 967d450cda75fadc84009f55723311d0
M22-M6033Johnnie_add45c04Windows This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.add45c044a3c692d3c7a5bc5fe383751https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 1008d9650c0b5b87e4791b18dad3458ee2cc0fe29a7262a86a4a83308c5fcfc3
SHA1: 8a83df82ae83e463447d97b6d3d725ffcf587f1e
MD5: add45c044a3c692d3c7a5bc5fe383751
M22-M605fJohnnie_a31b0f6eWindows This strike sends a polymorphic malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.The binary has the timestamp field updated in the PE file header.a31b0f6e146fc15ebbc5b147b3f097c5https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 289a96d44296c7486830d504438130829c9abc302c22f18d35cdf368341de689
https://attack.mitre.org/techniques/T1099/
PARENTID: M22-M602f
SSDEEP: 12288:oYt6ffPnlddJo4IlV1FnwkFe1vSpoDoKPfeREneu7TdCDpbx5vsXaQoca8c24LNo:oOWPnE4
SHA1: ca0567c1948138edb945939a73c9f063438986d9
MD5: a31b0f6e146fc15ebbc5b147b3f097c5
M22-M604fGamarue_e9ec1a06Windows This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.e9ec1a063f0d557bfec2b04153b20cbehttps://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 123c43a6eb32fcd0218d59c8c65ce064b4ce307c89319fec49303c4d5039fb54
SHA1: 483347ac7c86a3a07d34c2eecac609763fe2e689
MD5: e9ec1a063f0d557bfec2b04153b20cbe
M22-M601cRazy_53ad5cd4Windows This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process.53ad5cd4141a2ac1b9ac77e5b0f28eefhttps://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: a9bc9070ba0b1f3cc6ca78e24ea830524cc5a9821c857f2ebc98bc74fabe7b4e
SHA1: d05f6341f1b327475744493a84f8f63aecdba7ca
MD5: 53ad5cd4141a2ac1b9ac77e5b0f28eef
M22-M6068Razy_f93a2a58Windows This strike sends a polymorphic malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process.The binary has random bytes appended at the end of the file.f93a2a5865439f6a08c183969e4e661ehttps://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 7fefa768b139e0e38e4587db31cabc4d534417e5e433f431280823541c812e40
https://attack.mitre.org/techniques/T1009/
PARENTID: M22-M6028
SSDEEP: 6144:7TRdWZNWoUNHs4y2/eC5ihu4lWqaUoqReRV:PDolR2/hcu4l3y
SHA1: 8fb6558b64ae1d9c5dcd6b44cea2774f64c6c870
MD5: f93a2a5865439f6a08c183969e4e661e
M22-M6014Qakbot_4036ff97Windows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.4036ff97f2229b2262f95014bf58df9bhttps://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 976aeff3a8234476c9757b3ad85be23a1d453e5d3960652d53e0c8c1ba3a531f
SHA1: edb4d49f67d1b0d167ce4d584736922d8165d25c
MD5: 4036ff97f2229b2262f95014bf58df9b
M22-M6069Johnnie_d2fd1878Windows This strike sends a polymorphic malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.The binary has random bytes appended at the end of the file.d2fd187823f6e78e1967b1cf04dac07fhttps://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 08be4e45469f6bb550c00c7fce8d461b3803198b40288da5be42543634e19501
https://attack.mitre.org/techniques/T1009/
PARENTID: M22-M602f
SSDEEP: 12288:7Yt6ffPnlddJo4IlV1FnwkFe1vSpoDoKPfeREneu7TdCDpbx5vsXaQoca8c24LN1:7OWPnE4a
SHA1: af0b3d670e2605f884807a8f0019f4b4d9aeb385
MD5: d2fd187823f6e78e1967b1cf04dac07f
M22-M603fGamarue_c53222eaWindows This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.c53222eacadfe39272f6fcf3303c2e98https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 19f5bb9e7e78da536d1623407d10b0702f008008bcef66ff11838a4248d93caf
SHA1: 09c5790360816689db65f28fbd33276d01b0e1b5
MD5: c53222eacadfe39272f6fcf3303c2e98
M22-M6016Johnnie_414e319dWindows This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.414e319d8a4769b01b783bb2c7297449https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 09a45da2f4cc0f91e3a6af29095f73607287871573828495d1cd8679f00ee197
SHA1: 56ac2f3f627660fafe4af9b5b8425c39fea3a036
MD5: 414e319d8a4769b01b783bb2c7297449
M22-M6062Johnnie_cfe3f1b2Windows This strike sends a polymorphic malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.The binary has random contents appended in one of the existing sections in the PE file format.cfe3f1b25bf77334bef22e6db871358bhttps://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 4fbd3a7b51d641dd8d022681861f3b3f1a8d5301b646659fe1e326a6151d5aee
https://arxiv.org/abs/1801.08917
PARENTID: M22-M602f
SSDEEP: 12288:7Yt6ffPnlddMo4IlV1FnwkFe1vSpoDoKPfeREneu7TdCDpbx5vsXaQoca8c24LNo:7OWPnn4
SHA1: 8fe9d45b9679c75e85cf8fc06ba7eb507700f5e3
MD5: cfe3f1b25bf77334bef22e6db871358b
M22-M603eJohnnie_bb97ffe2Windows This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.bb97ffe2b81520714594a1a4a0fbf161https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 07d45e42c071baed5f213a9cb454f423558dd8d227b5a385b5eea836166ed2a3
SHA1: 4061938af34c5ac91c14dd6d494f6153206c9d69
MD5: bb97ffe2b81520714594a1a4a0fbf161
M22-M603dGamarue_bae65735Windows This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.bae6573551f8db9dff7435e48c237c7fhttps://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 0d1d6fdd42506925cdd591e6e1937e0ca700acadb96b84105c2ad0c896d8654e
SHA1: 9122ce6ca9b1521d2f74a5d7a5336cd5fdccebae
MD5: bae6573551f8db9dff7435e48c237c7f
M22-M6057Gamarue_51b30f40Windows This strike sends a polymorphic malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.The binary has random contents appended in one of the existing sections in the PE file format.51b30f403012636119e3b5fdacfa74f9https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: fe9ac8858bdc374d4e862abdc9901248c809375d727d1196add83f38ff633adf
https://arxiv.org/abs/1801.08917
PARENTID: M22-M6052
SSDEEP: 12288:/WBasotvO7uknSY7J1o3xIamffkReBiNo+LDNSDAkiOolk/:eBasowSg1ohSkROMo+/1kZolM
SHA1: 123007e521aa131e42a432fd6e7ea9002e0cf7ae
MD5: 51b30f403012636119e3b5fdacfa74f9
M22-M6040Qakbot_c579791bWindows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.c579791b7d102d18967aa4bf05f28281https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: a0e9c9bbd5717e2510416977201c65868f73c805f7e4c38495fa766bef4ece9b
SHA1: d1f729de4fe6865a0ab2da53273062c5dc353d2f
MD5: c579791b7d102d18967aa4bf05f28281
M22-M6026Johnnie_823ae99bWindows This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.823ae99b9a63bea70795d4aeb40373d2https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 0651a3d54f5d93d46b458c172788bc789310228f66f52adeed3f5b14f3926020
SHA1: cef1ef0657ec110bc64410cb95b46a6e939b1282
MD5: 823ae99b9a63bea70795d4aeb40373d2
M22-M6056Johnnie_44a08a4aWindows This strike sends a polymorphic malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.The binary has the timestamp field updated in the PE file header.44a08a4a0e364cf65eae97000baffd06https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 933456f843bf7f976612a8886dc1d69d15e9d8b8908540a5ffcfb8070e7bb0e7
https://attack.mitre.org/techniques/T1099/
PARENTID: M22-M6001
SSDEEP: 12288:G6LAvp6lpYdh5hnsgbv+9IlycgO9rxRMhhJPdZ13Sy3cg5FkN06XsJXpNwjO5O88:GOAvpepYdhA
SHA1: c93f7aabbe805c18d2968df5b2d4138d74d96b8f
MD5: 44a08a4a0e364cf65eae97000baffd06
M22-M601dRazy_5d412f49Windows This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process.5d412f493bf3599382b93dae9d321197https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 41b11c06a7b8fb5d150b000be312d14192c3bbed2f5223e8f8100004ef7d3769
SHA1: c87ee822473fb7b57a0ebe84d0148bdfe4480b11
MD5: 5d412f493bf3599382b93dae9d321197
M22-M602bJohnnie_93d523a8Windows This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.93d523a8b43d457b5406fcb6320d0f58https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 08994b0dd47da89a34c9bbbe8e15bb03150d1823a3daac94e86ce333964727ba
SHA1: cf5d4e2382addcdf349a26111135b63a8a207381
MD5: 93d523a8b43d457b5406fcb6320d0f58
M22-M6038Johnnie_b5435acaWindows This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.b5435acae01e6f182ec43d92e86c73f0https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 16f56872942abbf6b94ab2993cc94039d99ac7288af5f5368184c9e587bd0230
SHA1: f93fa89ab000a018ae8c4250bcbc6c99844e6849
MD5: b5435acae01e6f182ec43d92e86c73f0
M22-M602fJohnnie_9bd611deWindows This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.9bd611decef5a788290814c6f4236cb2https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 18d541517e2f22e05b92f1e29cba6a06a155892d61c8bd24a56ccf5ba2ea7070
SHA1: dbee4e2f3a57edb5b3f29ab17ef502febe414f9c
MD5: 9bd611decef5a788290814c6f4236cb2
M22-M6065Gamarue_e8c5bb4fWindows This strike sends a polymorphic malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.The binary has random strings (lorem ipsum) appended at the end of the file.e8c5bb4f6d9ed4ec046cb8989dba860ehttps://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 6ccd749a17d1e4f39dc944c88496e217ae4650aafd71a66bc8328b802e668a95
https://attack.mitre.org/techniques/T1009/
PARENTID: M22-M6052
SSDEEP: 12288:/WBasotvO7uknSY7J1o3xIamffkReBiNo+L7NSDAkiOolk2:eBasowSg1ohSkROMo+f1kZolt
SHA1: 5a6e6ca27f3956cde58661fbff86833b6bde3dc3
MD5: e8c5bb4f6d9ed4ec046cb8989dba860e
M22-M6037Johnnie_b39fc516Windows This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.b39fc51671033a3abefdb125a58ffd14https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 03b205636ddacee2791b3bea1bc540c52dbf764d263ff7e6b78e339976bbf1bd
SHA1: 84895a8347323c2242026963db29a67a4d871567
MD5: b39fc51671033a3abefdb125a58ffd14
M22-M6064Gamarue_e438a983Windows This strike sends a polymorphic malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.The binary has a random section name renamed according to the PE format specification.e438a983fb2dc274d39702d4a860df15https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: bb63f08e4fd4ed4af9d5570517b86ee9bdcf3804490769d5ff61f0017218cf8d
https://arxiv.org/abs/1801.08917
PARENTID: M22-M6052
SSDEEP: 12288:sWBasotvO7uknSY7J1o3xIamffkReBiNo+L7NSDAkiOolk/:rBasowSg1ohSkROMo+f1kZolM
SHA1: e076fcc396e061cc8f41c25141756ed8085242ef
MD5: e438a983fb2dc274d39702d4a860df15
M22-M600fRazy_2f7483baWindows This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process.2f7483ba3742b150b83cf1f643a6b6d7https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 5448e82c3d4e1b46d6f0f77762d1ee2ff2aebd10333475e2b95e269f37a0c74b
SHA1: ec29f2f52a443bfe36d7260040c13c4deb219ce9
MD5: 2f7483ba3742b150b83cf1f643a6b6d7
M22-M6001Johnnie_006d8728Windows This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.006d8728a4620369481696802a18b6aehttps://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 178a7baba15d9bfde158fb181b45b7e12dbccbc49c2d7f27c1b5f2728b9dec24
SHA1: ae94dd5083407906cb00f0d3857e78c56f9176ef
MD5: 006d8728a4620369481696802a18b6ae
M22-M6018Razy_42570f5dWindows This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process.42570f5dd072311421769b660b8d3b23https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 7c4f0c7a3f02b3f3dc335e5f4bcab2b1902696ce749498dc9e4681ff1ae8b574
SHA1: 9527498d0723b999b9fabe9daf13350739738ed8
MD5: 42570f5dd072311421769b660b8d3b23
M22-M603cRazy_b9bde5f9Windows This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process.b9bde5f9ae8e82d14e7e2edab02885a6https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 8a4d8ba8bcf91642892e946437a3471848b6dad25d80f7a6f6d4f4cf05b24b00
SHA1: 9a7d554ceede97b191b59a498f3f2548044479b0
MD5: b9bde5f9ae8e82d14e7e2edab02885a6
M22-M6044Gamarue_cca88bd6Windows This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.cca88bd68a1ba8bfdca268cace9a27f6https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 11b8882e4b57cd2bfb9983a4c4834b6cdaa333a70a23c122239cd557e32fc4d9
SHA1: bb66f6aeb7165c830ef82f743313a1f964022339
MD5: cca88bd68a1ba8bfdca268cace9a27f6
M22-M6042Razy_cae50e27Windows This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process.cae50e27b70d5bab0e7b7ee5ddbaae89https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: bfafe7f6c07945cb86bb8f0c340745a723c54cbe7eb841e7a2261f46e65e28cc
SHA1: 0bd03db5844a8fb70c5470f04e1b4495727d2ad7
MD5: cae50e27b70d5bab0e7b7ee5ddbaae89
M22-M6003Johnnie_0318ec7bWindows This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.0318ec7b3f61394e00293704921dd4c6https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 139e428d990500159cc153a5c1cd4558026542ed4c51dbd88e884e0c14f5f3a2
SHA1: 85ca4f9a3d0c69eaf6d4effd38e6fa2f649e8b64
MD5: 0318ec7b3f61394e00293704921dd4c6
M22-M6059Qakbot_620bda71Windows This strike sends a polymorphic malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.The binary has the checksum removed in the PE file format.620bda711e7c51e6451af5d75de1c7f9https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 6fd4dc20c884b0eb8c6354a474c441b33681ebafdb4b22338bc52495d654d1a9
https://arxiv.org/abs/1801.08917
PARENTID: M22-M6036
SSDEEP: 12288:VWouglFY69tmVqhL3MJPO+O6JSNxR36/g6LOmnBz:YpoavxOu8msmBz
SHA1: a8275c39f1d2b3b7d3e81f2815a1c11111328ab3
MD5: 620bda711e7c51e6451af5d75de1c7f9
M22-M602dGamarue_9681ced1Windows This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.9681ced1fbff560cd894d2785639ca51https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 0bc473b1333b01b134c140ff84f0c0577dedd8355de11459f6e78a49b1ef3209
SHA1: e9354eec89d92995f32b3f94f992ab69b5659de2
MD5: 9681ced1fbff560cd894d2785639ca51
M22-M6008Johnnie_1bfd9858Windows This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.1bfd985899f6a9d83478eb869df273d1https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 07dd67ea6bec0584094609bee43a10b3a9f43cbb015e82987ebeb5c411af91d9
SHA1: ba9660ab29487ae2b29152536eb7faed8e931f38
MD5: 1bfd985899f6a9d83478eb869df273d1
M22-M600eRazy_2f600bebWindows This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process.2f600bebf301bb078c8e27505c37cf31https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 57e55994a83b9dfaadd43d8e4b0bd64b5af7d9d89b4d911ba8abdae6259f049f
SHA1: 9e68ac62368ff926d3a2137ccc6d77710b1d5ddf
MD5: 2f600bebf301bb078c8e27505c37cf31
M22-M605dQakbot_8c6445deWindows This strike sends a polymorphic malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.The binary has a random section name renamed according to the PE format specification.8c6445de424b22dfb3339f5dea072156https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: d97caf17ec7f16b7619800d2fe576279bf18f4b3b4a5a2134f4d85b795fd5411
https://arxiv.org/abs/1801.08917
PARENTID: M22-M6036
SSDEEP: 12288:EWouglFY69tmVqhL3MJPO+O6JSNxR36/g6LOmnBz:DpoavxOu8msmBz
SHA1: 544b7caf033c6c7951ccd58f52b5edcfb4990607
MD5: 8c6445de424b22dfb3339f5dea072156
M22-M6048Qakbot_da8ab69aWindows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.da8ab69a032a706a1ba7b0ed620d79c3https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 12408009ac27b79c45fbab67e7db0b59b4bb83da75957d7d62b796d2c67e4975
SHA1: 8f926cfc6df901e888a0304d2a194257ff034d66
MD5: da8ab69a032a706a1ba7b0ed620d79c3
M22-M6047Qakbot_d7d6b087Windows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.d7d6b087e5fb0450a0fbb8c747850489https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: c02f6c468924b34ade33d3e940ead79be5a68fce12ea7a227e2a4bba300f02a5
SHA1: 19d61bd3f357c02f514a7fd10d0e3f82023af759
MD5: d7d6b087e5fb0450a0fbb8c747850489
M22-M605aJohnnie_707cc8efWindows This strike sends a polymorphic malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.The binary has the debug flag removed in the PE file format.707cc8ef9a179285e235974314c3449ehttps://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: d94e9f5225dce9bdda60e58780fb5854ca1f5bfa8598378949b2711fa9c14b23
https://arxiv.org/abs/1801.08917
PARENTID: M22-M6001
SSDEEP: 12288:s6LAvp6lpYdh5snsgbv+9IlycgO9rxRMhhJPdZ13Sy3cg5FkN06XsJXpNwjO5O88:sOAvpepYdhj
SHA1: 50c16c89f1c5c07afda769882cc89d0991393292
MD5: 707cc8ef9a179285e235974314c3449e
M22-M6021Johnnie_7236d785Windows This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.7236d785527143086ea1e77b3e975342https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 0b2d71a663e60bb5cca8f76d2fd23468a8cc74b199bb382305c7412aceb3f63d
SHA1: 07d8a22b1b5359fbf8d144becaa2def061dc4f0c
MD5: 7236d785527143086ea1e77b3e975342
M22-M6036Qakbot_b2f82fffWindows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.b2f82fffaf5edbbc741cc7423c54a204https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 09cb67546950ba43047a6f5b905a86c5c69227f47f20ed1f0813b43263c3785c
SHA1: 741e21bf7ac486223dd9773e4d8a883c4d457054
MD5: b2f82fffaf5edbbc741cc7423c54a204
M22-M605bJohnnie_7583af11Windows This strike sends a polymorphic malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.The binary has random bytes appended at the end of the file.7583af11e00d12f390a15c3fe33a4b4fhttps://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 77d7ae7cefd8183f76942766825a45d206ed0d122aa3b4f5f1f97ad0f1bbde1a
https://attack.mitre.org/techniques/T1009/
PARENTID: M22-M6001
SSDEEP: 12288:66LAvp6lpYdh5hnsgbv+9IlycgO9rxRMhhJPdZ13Sy3cg5FkN06XsJXpNwjO5O8L:6OAvpepYdhAR
SHA1: 248214d4fd93cdb7c6ae73a4998db045ec4de3c2
MD5: 7583af11e00d12f390a15c3fe33a4b4f
M22-M6009Qakbot_2189e297Windows This strike sends a malware sample known as Qakbot. Qakbot, aka Qbot, has been around for since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.2189e297d1900f7766d07be488c05502https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: d5a6e983c273a9a052574325259822d49512da45f9ada076ed53015c80d1e1d4
SHA1: 68aea8b6af4abcae2ac65010bb986fc868309ada
MD5: 2189e297d1900f7766d07be488c05502
M22-M6028Razy_89731bbfWindows This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process.89731bbf0ff24e5ab793221aa5fa793dhttps://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 256d2a981895d7571e7a8487dcdb22a15ac4da676156cfd998a003b15a0b9ef8
SHA1: 7376ab5acee8bfaae84210e09e527efc35bf6b20
MD5: 89731bbf0ff24e5ab793221aa5fa793d
M22-M601eRazy_614a7da1Windows This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process.614a7da1251aea20e234b2024fd082f6https://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 5acc61f6ce684068fe6f07ce1e0636ac82498a816058083c44601f26ccb7e850
SHA1: 1569761f84a6feb7f2be5c791d3ad461651096da
MD5: 614a7da1251aea20e234b2024fd082f6
M22-M6002Gamarue_01d30b58Windows This strike sends a malware sample known as Gamarue. Win.Trojan.Gamarue covers a family that, after installing itself on the system to survive after reboot, will spread itself to USB drives and modify system configuration settings to weaken its security and disable certain features, such as the task manager or the Windows shell, in order to protect itself. It can exfiltrate sensitive data and receive additional commands.01d30b58ced0722029bf33d9c8380aedhttps://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 1a92ba667ee165a80326fae74af7cedf8eacbc97edc0623fc92a21918062ed04
SHA1: 51714ae0529feee8b6c9d023068e01badcca0a39
MD5: 01d30b58ced0722029bf33d9c8380aed
M22-M604aJohnnie_e09ba79aWindows This strike sends a malware sample known as Johnnie. Johnnie, also known as Mikey, is a malware family that focuses on persistence and is known for its plugin architecture.e09ba79a177bf796e44b10f67cc45d8fhttps://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
SHA256: 0757ed3e6a6a99d98abae124a05ee33e191fd42481e9f9af456ea5d87cb0256f
SHA1: 9dae00f7ca4afd83e81d3e27951876cb7fe864c4
MD5: e09ba79a177bf796e44b10f67cc45d8f
M22-M603aRazy_b99915c7Windows This strike sends a malware sample known as Razy. Razy is often used as a generic detection name for a Windows Trojan. This cluster of samples contains encrypted code in the resources section that could be injected to a legitimate process.b99915c7b410a6460dd0f1e0281ee0behttps://blog.talosintelligence.com/2022/06/threat-roundup-0527-0603.html
SHA256: 883fcb50f17c3e54e7f04aa8b38894119ba6baace124426030119b580fed33a9
SHA1: 396885b5c93ac796ad07c6f3dc0c33c1631c8a50
MD5: b99915c7b410a6460dd0f1e0281ee0be