M22-M901c | BlackMatter_6e9a1ea0 | Windows |
This strike sends a malware sample known as BlackMatter. BlackMatter is a Ransomware-as-a-Service or RaaS. It has followed in the footsteps of its predecessors DarkSide and REvil with a lot of the same functionality. It can elevate privileges, kill processes, and even steals the victim's details. | 6e9a1ea049f79e227503fb5681a58d8e | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 333f19529de011757c299888e57b8d37801b6adbf7e2d270b71726150aeef90cSHA1: 4a175c514477d79cd3218b4cfc5d47309e2eabc1MD5: 6e9a1ea049f79e227503fb5681a58d8e |
M22-M9062 | HomeLand | Windows |
This strike sends a polymorphic malware sample known as HomeLand Justice Encryptor. Iranian state cyber actors calling themselves "HomeLand Justice" launched a cyber attack against the Government of Albania. During the attack the attackers conducted lateral movements, network reconnaissance, and credential harvesting against the Albanian Government. This attack also included a ransomware-style file encryptor and disk wiping malware. This sample is the GoXML.exe ransomware encryptor.The binary has a random section name renamed according to the PE format specification. | 9adc34da79436d216d6c19f992196f6b | https://www.cisa.gov/uscert/ncas/alerts/aa22-264aSHA256: 535a8b8467fd379278d176e718f9eca215a858a5b8d5cc9b697a9f20332f19bfhttps://arxiv.org/abs/1801.08917PARENTID: M22-M9044SSDEEP: 768:9OFu8Q3w6QzfR5Jni6SQD7qSFDs6P93/q0XIc/UB5EPABWX:IFu8QAFzffJui79f13/AnB5EPAkXSHA1: 296d399f19cba615671347aa5720a2b034ddb805MD5: 9adc34da79436d216d6c19f992196f6b |
M22-M9029 | DarkKomet_9ff86eff | Windows |
This strike sends a malware sample known as DarkKomet. DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc. | 9ff86eff19a08360ed26733e73e71abd | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 0edde1077db95438d2598acd555a39b3c2ac432f98b60d3c77415fd650b13516SHA1: dd67dc239af783cb850604e7c33a23b7bd4a28d2MD5: 9ff86eff19a08360ed26733e73e71abd |
M22-M9031 | Cerber_a477662e | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | a477662edef8ab16496caf23a208250f | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: 5ed48cdf13e9681085390956e25883680a6b1b4600d99608d84c126d57832025SHA1: 0a4b77a89b9a546fd0ac863dbf0b648a37a139c6MD5: a477662edef8ab16496caf23a208250f |
M22-M9024 | DarkKomet_8ecfcd69 | Windows |
This strike sends a malware sample known as DarkKomet. DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc. | 8ecfcd699de69ff65a3cd3f6b6de329b | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 1a85cf3317d5a030ab87d02649769a6a0bfb1b342ecc46f1bc26e1f651fbb1edSHA1: 854dc9818abd7ddd4bc782a178263444d6c84557MD5: 8ecfcd699de69ff65a3cd3f6b6de329b |
M22-M901b | Shikitega_6e684589 | Linux |
This strike sends a malware sample known as Shikitega. Shikitega is malware that targets devices that running the Linux OS. It is delivered in a multistage infection chain where each module responds to a part of the payload and then proceeds to download and execute the next module. When run a cryptominer is executed and the attacker can is potentially granted full access to the machine. | 6e6845896222ee7d48e76ea2bf11b97d | https://cybersecurity.att.com/blogs/labs-research/shikitega-new-stealthy-malware-targeting-linuxSHA256: d5bd2b6b86ce14fbad5442a0211d4cb1d56b6c75f0b3d78ad8b8dd82483ff4f8SHA1: 6f89acd56678b4c9b929794334777fd8d93e6cd0MD5: 6e6845896222ee7d48e76ea2bf11b97d |
M22-M9042 | Cerber_b9a116e6 | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | b9a116e602ac51e388b56b5769065af6 | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: e50306b8c8b4bfd52da321a30e3e28bbef41b333e5803a303791f27798a1299cSHA1: 11713fc4d027c1dd1b34b3d5673a3c6435ffccc6MD5: b9a116e602ac51e388b56b5769065af6 |
M22-M902a | Cerber_a084f960 | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | a084f96088ac607afafa8a41fae13449 | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: 52573c863390fde5244133cc965bf2501f0eb28e7d76a9996bc300070d41941bSHA1: 4138b3144dcb46be42d3ac033ed9078895624e61MD5: a084f96088ac607afafa8a41fae13449 |
M22-M900e | DarkKomet_472cf260 | Windows |
This strike sends a malware sample known as DarkKomet. DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc. | 472cf260266980cbbed9d6054ee1d161 | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 4bb436856e6c78ebac6ef0f48a76fad96268add5dc1583a0e20b986d4532bce4SHA1: 35169b791e2557d93ce03282a66c9ad4053acb71MD5: 472cf260266980cbbed9d6054ee1d161 |
M22-M9034 | BlackMatter_a6237d50 | Windows |
This strike sends a malware sample known as BlackMatter. BlackMatter is a Ransomware-as-a-Service or RaaS. It has followed in the footsteps of its predecessors DarkSide and REvil with a lot of the same functionality. It can elevate privileges, kill processes, and even steals the victim's details. | a6237d5041d5a178c50bcad6387b405e | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 0400ee8269aba8f79bfd0c65f64689b06febae22a7535c9fda728a7eaa29ae0dSHA1: 4c6892316a83fe36d1f74e121be09a525821dc39MD5: a6237d5041d5a178c50bcad6387b405e |
M22-M901f | Deadbolt_76022a94 | Linux |
This strike sends a malware sample known as Deadbolt. Deadbolt malware is a ransomware that was first seen targeting QNAP NAS devices during Jan 2022. It has a multi-tiered payment and extortion scheme, a flexible configuration, and is heavily automated. | 76022a94288bbb07e22d8509b37eea71 | https://www.bleepingcomputer.com/news/security/deadbolt-ransomware-now-targets-asustor-devices-asks-50-btc-for-master-key/SHA256: 14a13534d21d9f85a21763b0e0e86657ed69b230a47e15efc76c8a19631a8d04SHA1: 9c652d74007890873b8ade8f78b333a4f5e84ebfMD5: 76022a94288bbb07e22d8509b37eea71 |
M22-M9016 | DarkKomet_64916b96 | Windows |
This strike sends a malware sample known as DarkKomet. DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc. | 64916b96176449c7aec4d0adec055111 | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 3adb310c1ed97474f55974c05a17c56a89d082eb3069592d5734f91b330a8d96SHA1: 5ebfadbc37700fc52eb6aaf27b63811ac53edd24MD5: 64916b96176449c7aec4d0adec055111 |
M22-M900f | NetWire_4ca8ed01 | Windows |
This strike sends a malware sample known as NetWire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | 4ca8ed01742bee59de7f772cc63485f6 | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: 17d3937fb3aceacc0ac99f94a2347b87b22cbc2e7c341830ad9ad0a8f88babeeSHA1: a14e2ac0ca546856baef1d406fbdd31a97c20844MD5: 4ca8ed01742bee59de7f772cc63485f6 |
M22-M9023 | DarkKomet_88123242 | Windows |
This strike sends a malware sample known as DarkKomet. DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc. | 88123242d631fb205b49827cabb3a306 | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 1abb5ce77ce286aac491f9363161554eb0894dfb425e4457aee3cd3fc22982e9SHA1: 5e85511a0537dc66c4d0823829be1a19d50e267fMD5: 88123242d631fb205b49827cabb3a306 |
M22-M900a | DarkKomet_29749cd4 | Windows |
This strike sends a malware sample known as DarkKomet. DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc. | 29749cd4791f34d76d620d80b833f307 | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 44317a91b1c813dc8423423cc5a1130e34264f5ab8cc4b35e05da3b7eaacc3f2SHA1: 31e5b2e3d9de87c070c089a0947c1ae0d5608106MD5: 29749cd4791f34d76d620d80b833f307 |
M22-M905b | DarkKomet_fca9ed0f | Windows |
This strike sends a malware sample known as DarkKomet. DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc. | fca9ed0f8759e5c71e0911cd6e819273 | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 07fb7af6f5ebe683cea86ec012a0a002771d658873ea3428d989f8ecaccc2e0bSHA1: 0e090ad8c62d5d61f062e563e84be43523d2def7MD5: fca9ed0f8759e5c71e0911cd6e819273 |
M22-M901d | Deadbolt_718ae697 | Linux |
This strike sends a malware sample known as Deadbolt. Deadbolt malware is a ransomware that was first seen targeting QNAP NAS devices during Jan 2022. It has a multi-tiered payment and extortion scheme, a flexible configuration, and is heavily automated. | 718ae69788dc752a8db46b0e43e42f13 | https://www.bleepingcomputer.com/news/security/deadbolt-ransomware-now-targets-asustor-devices-asks-50-btc-for-master-key/SHA256: 444e537f86cbeeea5a4fcf94c485cc9d286de0ccd91718362cecf415bf362bcfSHA1: 338c16a49899ee08b5284b9bb3b2b14d6e5bdfe3MD5: 718ae69788dc752a8db46b0e43e42f13 |
M22-M903f | Cerber_b3923fb7 | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | b3923fb72ad8b7ca15ad85d7082a1429 | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: 74c864c6b31afa1db6c8d6fb2bb8860b655d3554c8d309a91d894fd210351b7eSHA1: 1c617abd784d40e709d365f6f1f39247452a82a1MD5: b3923fb72ad8b7ca15ad85d7082a1429 |
M22-M903d | Shikitega_b035f858 | Linux |
This strike sends a malware sample known as Shikitega. Shikitega is malware that targets devices that running the Linux OS. It is delivered in a multistage infection chain where each module responds to a part of the payload and then proceeds to download and execute the next module. When run a cryptominer is executed and the attacker can is potentially granted full access to the machine. | b035f85870bb17380b25189bd97b8e65 | https://cybersecurity.att.com/blogs/labs-research/shikitega-new-stealthy-malware-targeting-linuxSHA256: fc97a8992fa2fe3fd98afddcd03f2fc8f1502dd679a32d1348a9ed5b208c4765SHA1: 029dbe8df57f3d89ee1f1fe7f50fbf4519ee9522MD5: b035f85870bb17380b25189bd97b8e65 |
M22-M9011 | DarkKomet_535f56be | Windows |
This strike sends a malware sample known as DarkKomet. DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc. | 535f56be2c6bd965548864e65e1433c6 | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 0ce96b476d6d0aeaa983de1cf41c4553f68156d6cbbe9d48ae852ef0e5143de7SHA1: a9a4755a723a91f062b539df2e2f0738adf9e05cMD5: 535f56be2c6bd965548864e65e1433c6 |
M22-M904d | Cerber_ce478d86 | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | ce478d8638a31fd6593c31ceb29fdad2 | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: 0fb820719ef10ee032dbb69607c6fc222fa70b64844af4f04f6eecafc08345a7SHA1: cd2867f31622ac01754cbacfb3f99a09d071530aMD5: ce478d8638a31fd6593c31ceb29fdad2 |
M22-M904a | Cerber_cb6d7b58 | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | cb6d7b58eec5efe3fa44c873529e7db0 | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: 05602feb977139c96c226969997d8bc55bd47b1d142252d3ec4067591dda85f2SHA1: ab36c7fa9e52c9d2704e2d88336ba5c8d8b98d3cMD5: cb6d7b58eec5efe3fa44c873529e7db0 |
M22-M9014 | DarkKomet_602d5277 | Windows |
This strike sends a malware sample known as DarkKomet. DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc. | 602d5277edc95076d58c33dd2dde428e | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 01dc08a7611de9ed95addbdc484f028da8c4cc4f2f04bf007955e8e7771af2adSHA1: 4ecb9707512bc1845d0f4744fb90f94f7e3e0840MD5: 602d5277edc95076d58c33dd2dde428e |
M22-M9025 | BlackMatter_9200233d | Windows |
This strike sends a malware sample known as BlackMatter. BlackMatter is a Ransomware-as-a-Service or RaaS. It has followed in the footsteps of its predecessors DarkSide and REvil with a lot of the same functionality. It can elevate privileges, kill processes, and even steals the victim's details. | 9200233d9b991b290c16d33a9956bea8 | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 2e641dbe994f931adeff6b65fb9db481a42717454a0ea6b1e2222ba24d890fa9SHA1: 75acfcaed3d1ec23e82b6b70bf8957d4b333b151MD5: 9200233d9b991b290c16d33a9956bea8 |
M22-M9050 | NetWire_d5684dac | Windows |
This strike sends a malware sample known as NetWire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | d5684dac5c8e7081056494a1b8c0eb3d | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: 4101b1f2efa7e4ac9711140c8e5e724bf5a74ac0b4ab76f0d6c4e23374977627SHA1: 83c5cbc25f910f43fcdcaec4c9d3fa12b128aea3MD5: d5684dac5c8e7081056494a1b8c0eb3d |
M22-M9038 | Cerber_aa038ee8 | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | aa038ee865d3da0373c92a693bcc1459 | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: f330c988680055316a3aa2bc341e409096517381395469a32aa369a1940e9e5cSHA1: 0b71aa42733b9d024af60b6488cc98dbb8a567e0MD5: aa038ee865d3da0373c92a693bcc1459 |
M22-M902c | Cerber_a0e22f8b | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | a0e22f8b2be97dd7f539209350aabaf5 | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: 09768afcaa8eae74f05841e49ece1ac338318c0d5f0153c2db6cecf169718698SHA1: fb4960f7df677859f43ec693340aaa2175a2f56bMD5: a0e22f8b2be97dd7f539209350aabaf5 |
M22-M9010 | DarkKomet_52db481d | Windows |
This strike sends a malware sample known as DarkKomet. DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc. | 52db481d13883721bdeeec442a293781 | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 2ba447c32a9cfa066bbc502772d11c9fb62404c090a9de7c83d9aa4151dbf35cSHA1: e71d2bea6c848ce1a13dc7ec4dcc4e846aa90284MD5: 52db481d13883721bdeeec442a293781 |
M22-M9043 | Cerber_b9a78094 | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | b9a78094607d6b3e2b6b46076a954cb5 | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: c4698b067e10ecf2ac5a4e318703d46b33cbdcd9803ffabc4a9da147e5d271f1SHA1: 9b6ddc378ba72b0a280962bcbd0c68faea752935MD5: b9a78094607d6b3e2b6b46076a954cb5 |
M22-M9022 | HomeLand | Windows |
This strike sends a malware sample known as HomeLand Justice Wiper. Iranian state cyber actors calling themselves "HomeLand Justice" launched a cyber attack against the Government of Albania. During the attack the attackers conducted lateral movements, network reconnaissance, and credential harvesting against the Albanian Government. This attack also included a ransomware-style file encryptor and disk wiping malware. This sample is the disk wiper. | 7b71764236f244ae971742ee1bc6b098 | https://www.cisa.gov/uscert/ncas/alerts/aa22-264aSHA256: e1204ebbd8f15dbf5f2e41dddc5337e3182fc4daf75b05acc948b8b965480ca0SHA1: f22a7ec80fbfdc4d8ed796119c76bfac01e0a908MD5: 7b71764236f244ae971742ee1bc6b098 |
M22-M9015 | BlackMatter_60f217dd | Windows |
This strike sends a malware sample known as BlackMatter. BlackMatter is a Ransomware-as-a-Service or RaaS. It has followed in the footsteps of its predecessors DarkSide and REvil with a lot of the same functionality. It can elevate privileges, kill processes, and even steals the victim's details. | 60f217dd352109f05550b9473d22dc6b | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 55b45145bf1ed50d1e72c74c0743ce36e279a10e55dada004824f3eb7db5646dSHA1: fcd9e27651bbfca937d7d6441639b617388bd538MD5: 60f217dd352109f05550b9473d22dc6b |
M22-M905c | Shikitega_fd3bc823 | Linux |
This strike sends a malware sample known as Shikitega. Shikitega is malware that targets devices that running the Linux OS. It is delivered in a multistage infection chain where each module responds to a part of the payload and then proceeds to download and execute the next module. When run a cryptominer is executed and the attacker can is potentially granted full access to the machine. | fd3bc823d9e6b1aa0622c36ebd5e69f2 | https://cybersecurity.att.com/blogs/labs-research/shikitega-new-stealthy-malware-targeting-linuxSHA256: 29aafbfd93c96b37866a89841752f29b55badba386840355b682b1853efafcb8SHA1: 009639d09c5955ae5fda4a5e1c161579a684b514MD5: fd3bc823d9e6b1aa0622c36ebd5e69f2 |
M22-M901e | DarkKomet_758f1590 | Windows |
This strike sends a malware sample known as DarkKomet. DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc. | 758f159012adf559276f74dec143e4f1 | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 32c9b04c79b44e5c331c6497b9c11ce942b53e9fe6d6b57211e2dac442bb4d8bSHA1: adb07fd1c79941eeca31d92b318420beab492120MD5: 758f159012adf559276f74dec143e4f1 |
M22-M9060 | HomeLand | Windows |
This strike sends a polymorphic malware sample known as HomeLand Justice Encryptor. Iranian state cyber actors calling themselves "HomeLand Justice" launched a cyber attack against the Government of Albania. During the attack the attackers conducted lateral movements, network reconnaissance, and credential harvesting against the Albanian Government. This attack also included a ransomware-style file encryptor and disk wiping malware. This sample is the GoXML.exe ransomware encryptor.The binary has the timestamp field updated in the PE file header. | 369ddb9e0d94793f0f70dfa3d8d2079f | https://www.cisa.gov/uscert/ncas/alerts/aa22-264aSHA256: 7d81fa60433f4c50358e52926ed297cdbbca459d9d93af864e09694c433ce91ehttps://attack.mitre.org/techniques/T1099/PARENTID: M22-M9044SSDEEP: 768:JOFu8Q3w6QzfR5Jni6SQD7qSFDs6P93/q0XIc/UB5EPABWX:sFu8QAFzffJui79f13/AnB5EPAkXSHA1: 5c78162ce35b518f6f7b9cb5a0054b98cc0d7d29MD5: 369ddb9e0d94793f0f70dfa3d8d2079f |
M22-M9020 | Shikitega_7a34ca9c | Linux |
This strike sends a malware sample known as Shikitega. Shikitega is malware that targets devices that running the Linux OS. It is delivered in a multistage infection chain where each module responds to a part of the payload and then proceeds to download and execute the next module. When run a cryptominer is executed and the attacker can is potentially granted full access to the machine. | 7a34ca9c59cde0af620ffa30783348a9 | https://cybersecurity.att.com/blogs/labs-research/shikitega-new-stealthy-malware-targeting-linuxSHA256: 6b514e9a30cbb4d6691dd0ebdeec73762a488884eb0f67f8594e07d356e3d275SHA1: c193d71ab61054ea7b5445a5a7a5745624171cf8MD5: 7a34ca9c59cde0af620ffa30783348a9 |
M22-M9054 | DarkKomet_eb6eda8d | Windows |
This strike sends a malware sample known as DarkKomet. DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc. | eb6eda8d9e47e427383fb7a2c33e0591 | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 483c61bf01f6404f78a83413bf011e0e86c6adae8cce6e1a622ff1ee6e95c1eeSHA1: 82e0378464dcbe72a412740433fabf4b86408744MD5: eb6eda8d9e47e427383fb7a2c33e0591 |
M22-M9044 | HomeLand | Windows |
This strike sends a malware sample known as HomeLand Justice Encryptor. Iranian state cyber actors calling themselves "HomeLand Justice" launched a cyber attack against the Government of Albania. During the attack the attackers conducted lateral movements, network reconnaissance, and credential harvesting against the Albanian Government. This attack also included a ransomware-style file encryptor and disk wiping malware. This sample is the GoXML.exe ransomware encryptor. | bbe983dba3bf319621b447618548b740 | https://www.cisa.gov/uscert/ncas/alerts/aa22-264aSHA256: f116acc6508843f59e59fb5a8d643370dce82f492a217764521f46a856cc4cb5SHA1: 5d117d8ef075f3f8ed1d4edcc0771a2a0886a376MD5: bbe983dba3bf319621b447618548b740 |
M22-M9048 | NetWire_c687c676 | Windows |
This strike sends a malware sample known as NetWire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | c687c676f0cfa41262d69b051d600609 | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: 815132096b824dbe0c8497cfd85f7508eeac3718c147541c791701df09b6f196SHA1: cb54c10606ebce1a4768e8f426bdfacf8918de1eMD5: c687c676f0cfa41262d69b051d600609 |
M22-M904f | Shikitega_d1cd3293 | Linux |
This strike sends a malware sample known as Shikitega. Shikitega is malware that targets devices that running the Linux OS. It is delivered in a multistage infection chain where each module responds to a part of the payload and then proceeds to download and execute the next module. When run a cryptominer is executed and the attacker can is potentially granted full access to the machine. | d1cd3293ac4b312e0b3218e80376bd88 | https://cybersecurity.att.com/blogs/labs-research/shikitega-new-stealthy-malware-targeting-linuxSHA256: 0233dcf6417ab33b48e7b54878893800d268b9b6e5ca6ad852693174226e3bedSHA1: c49bd909be55892f75d81b174588b5af15d2a6ffMD5: d1cd3293ac4b312e0b3218e80376bd88 |
M22-M900d | NetWire_44e152bf | Windows |
This strike sends a malware sample known as NetWire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | 44e152bf429a978efaacc69aaa15f411 | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: a96ccfc5b5b64660b986d22b9bcc96cb5e178d3d506893bd24a959a5338a4a32SHA1: cbc264cc28e5bb477fbc6675388437309be811f1MD5: 44e152bf429a978efaacc69aaa15f411 |
M22-M9032 | NetWire_a482429d | Windows |
This strike sends a malware sample known as NetWire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | a482429d1a13c6d0f3a879a6673391c5 | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: 39ef261dd5ada5c7b29412ca0e95e6950de77ac8ab9f6e096692fd553a6e3aceSHA1: 17c069f52138457ea210670b831cf21c89c1f0afMD5: a482429d1a13c6d0f3a879a6673391c5 |
M22-M9003 | DarkKomet_0e5bc969 | Windows |
This strike sends a malware sample known as DarkKomet. DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc. | 0e5bc9695442dcabb77be26c203708e3 | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 4326fb1eabf2fd7bde99777bc0283746791e7398cacdf575affe537ab33cf16fSHA1: 6739d2aca9fcd305564d40c840ef2a8cad617fb2MD5: 0e5bc9695442dcabb77be26c203708e3 |
M22-M905a | NetWire_f6be0865 | Windows |
This strike sends a malware sample known as NetWire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | f6be08653b37cc6bf40b589ccc712b97 | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: e2ad52e5cc9b5e5a51811e13daeed3f6d61e239a079ec3617f2c1a4400f6dcafSHA1: 4f08649ea8b75da6fd1cc90c327e676e1ca6b100MD5: f6be08653b37cc6bf40b589ccc712b97 |
M22-M9006 | DarkKomet_16b1b477 | Windows |
This strike sends a malware sample known as DarkKomet. DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc. | 16b1b477b093a551a88d1e62a340cd94 | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 234eb8f2d2c1a731eb5672006b5c449761e8536b2f6d4b40d20f54e74d631807SHA1: 0eb2eab77451f868beba7a3a21e213b7b96ed6b3MD5: 16b1b477b093a551a88d1e62a340cd94 |
M22-M903c | Cerber_af77aefb | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | af77aefb38535197e5551c0549beeb7c | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: 8642a1c54c99774f7ffc1ade073f2ccc90b6e2fcacb0118f1eca20b20018d590SHA1: 18375fabd9b92a3bb6592801c2b499a7f91cbbfdMD5: af77aefb38535197e5551c0549beeb7c |
M22-M9039 | BlackMatter_ad291818 | Windows |
This strike sends a malware sample known as BlackMatter. BlackMatter is a Ransomware-as-a-Service or RaaS. It has followed in the footsteps of its predecessors DarkSide and REvil with a lot of the same functionality. It can elevate privileges, kill processes, and even steals the victim's details. | ad2918181f609861ccb7bda8ebcb10e5 | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 95ddbeacd79ad7d944e75f55ca323a13076b756c4accefd28e206a76b3ea268bSHA1: 76d2207b8d2494016c2b2ab2a9ac9796b2564906MD5: ad2918181f609861ccb7bda8ebcb10e5 |
M22-M9026 | Shikitega_932df67e | Linux |
This strike sends a malware sample known as Shikitega. Shikitega is malware that targets devices that running the Linux OS. It is delivered in a multistage infection chain where each module responds to a part of the payload and then proceeds to download and execute the next module. When run a cryptominer is executed and the attacker can is potentially granted full access to the machine. | 932df67ea6b8900a30249e311195a58f | https://cybersecurity.att.com/blogs/labs-research/shikitega-new-stealthy-malware-targeting-linuxSHA256: e4a58509fea52a4917007b1cd1a87050b0109b50210c5d00e08ece1871af084dSHA1: d6b7c2388a75c2c3b71d5ad7130f1d3dfeb7fd83MD5: 932df67ea6b8900a30249e311195a58f |
M22-M902b | Cerber_a0a620a9 | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | a0a620a900c4a3fc42db9c2632f55a96 | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: 3eb0b591eb274fa052c4a7cdfcb6c943361c9a199ca33679678791399e8b8988SHA1: 34198f85fb314458d9c253c72e331511256247f1MD5: a0a620a900c4a3fc42db9c2632f55a96 |
M22-M9033 | Cerber_a5741d01 | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | a5741d01be4d0cc52fc4988a6337a834 | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: 2738e1df3421ba011f912c22e19bdae3b29d1fb1092be51174da6dbbbc72df8dSHA1: 217cd381c6c395af34f8a9efd3cf61b46d56909fMD5: a5741d01be4d0cc52fc4988a6337a834 |
M22-M9018 | Shikitega_6b13e69c | Linux |
This strike sends a malware sample known as Shikitega. Shikitega is malware that targets devices that running the Linux OS. It is delivered in a multistage infection chain where each module responds to a part of the payload and then proceeds to download and execute the next module. When run a cryptominer is executed and the attacker can is potentially granted full access to the machine. | 6b13e69cc37757b1f2dbc2a1c8f806f1 | https://cybersecurity.att.com/blogs/labs-research/shikitega-new-stealthy-malware-targeting-linuxSHA256: d318e9f2086c3cf2a258e275f9c63929b4560744a504ced68622b2e0b3f56374SHA1: 01364dc40e5f1005fd7cd6e087368d64b35896f7MD5: 6b13e69cc37757b1f2dbc2a1c8f806f1 |
M22-M904b | BlackMatter_cd2d2003 | Windows |
This strike sends a malware sample known as BlackMatter. BlackMatter is a Ransomware-as-a-Service or RaaS. It has followed in the footsteps of its predecessors DarkSide and REvil with a lot of the same functionality. It can elevate privileges, kill processes, and even steals the victim's details. | cd2d2003cc0c59535a090f015ed629b7 | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: fe20b163358d90a39f3afc632dedd029231428474dd42c71a333b2a6d514f1e8SHA1: 9e265782d4ece0551c0bf4d21d535bd8bf54a744MD5: cd2d2003cc0c59535a090f015ed629b7 |
M22-M9052 | Shikitega_da193f6b | Linux |
This strike sends a malware sample known as Shikitega. Shikitega is malware that targets devices that running the Linux OS. It is delivered in a multistage infection chain where each module responds to a part of the payload and then proceeds to download and execute the next module. When run a cryptominer is executed and the attacker can is potentially granted full access to the machine. | da193f6bf387f9884d88ace9c04278a0 | https://cybersecurity.att.com/blogs/labs-research/shikitega-new-stealthy-malware-targeting-linuxSHA256: 7c70716a66db674e56f6e791fb73f6ce62ca1ddd8b8a51c74fc7a4ae6ad1b3adSHA1: 9eeef2f22ae1f96b49e45989a8e935c825be92adMD5: da193f6bf387f9884d88ace9c04278a0 |
M22-M9030 | Cerber_a42c9151 | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | a42c91514cbd1eb343e69c1ce2aa0f81 | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: 4505a343015d3ef0ad624e61ecfc61e2fc499a11fc5a52911c424de5ccd99d9eSHA1: d9a81ee032b3e6003f697492283d54b3fd7886e3MD5: a42c91514cbd1eb343e69c1ce2aa0f81 |
M22-M902f | Cerber_a2656455 | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | a26564559325bccd013c7db518e2f4d6 | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: 61a051fabbf66383709e43bf77fb49c6a645f2f479eaddffa6769010cb690eeaSHA1: dba65d631a363d3e72e36bed62496e48f753301aMD5: a26564559325bccd013c7db518e2f4d6 |
M22-M9009 | DarkKomet_296477f4 | Windows |
This strike sends a malware sample known as DarkKomet. DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc. | 296477f4a6ee0696f492ab955578f1a2 | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 2f6fa4f49fb85c80342285a08bd5fc0b9e3f3198f4854973824567fb131b07e0SHA1: d4fba062ae468a899c583e31df5d0d4835b46b92MD5: 296477f4a6ee0696f492ab955578f1a2 |
M22-M903b | Cerber_af26a65a | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | af26a65adeef251c7ee04c4457d2135d | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: dee4d4d3b765fc0ad7ba88d69104b5cf90a448eaf1623445033a0f671e44ffd1SHA1: 75114a3d99da6e379fa391f11b153fabc270fd6fMD5: af26a65adeef251c7ee04c4457d2135d |
M22-M9002 | DarkKomet_07cd9307 | Windows |
This strike sends a malware sample known as DarkKomet. DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc. | 07cd93078bf5a5a28360fce833ac75a3 | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 259941e22122288262ef81fd0d0412a9b2725a9a0d77f7c6442020b0733ebbedSHA1: af60a63a6eef76b4195a51f6d1f565c1304f90d2MD5: 07cd93078bf5a5a28360fce833ac75a3 |
M22-M9017 | Deadbolt_6821f568 | Linux |
This strike sends a malware sample known as Deadbolt. Deadbolt malware is a ransomware that was first seen targeting QNAP NAS devices during Jan 2022. It has a multi-tiered payment and extortion scheme, a flexible configuration, and is heavily automated. | 6821f568afd50383f31ceac886a99ab7 | https://www.bleepingcomputer.com/news/security/deadbolt-ransomware-now-targets-asustor-devices-asks-50-btc-for-master-key/SHA256: acb3522feccc666e620a642cadd4657fdb4e9f0f8f32462933e6c447376c2178SHA1: e61603823104865cb633d8f5a6aae7c74c68e98bMD5: 6821f568afd50383f31ceac886a99ab7 |
M22-M9007 | Deadbolt_1b5d415e | Linux |
This strike sends a malware sample known as Deadbolt. Deadbolt malware is a ransomware that was first seen targeting QNAP NAS devices during Jan 2022. It has a multi-tiered payment and extortion scheme, a flexible configuration, and is heavily automated. | 1b5d415eeb8d926fcaaec6e345c5d0c1 | https://www.bleepingcomputer.com/news/security/deadbolt-ransomware-now-targets-asustor-devices-asks-50-btc-for-master-key/SHA256: 3c4af1963fc96856a77dbaba94e6fd5e13c938e2de3e97bdd76e1fca6a7ccb24SHA1: e236d0736875ab3a29b9ef5714d0ff9adf1d53aaMD5: 1b5d415eeb8d926fcaaec6e345c5d0c1 |
M22-M9051 | DarkKomet_d67857bf | Windows |
This strike sends a malware sample known as DarkKomet. DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc. | d67857bf55235d7bd2af03785e61073f | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 433bedd8a7ee7e1585a93cc9076941d3d31c33c602f116e407da8bddd9db9ea6SHA1: 246e8608a5b4a9703bd6fd8a59d75394c7cef50eMD5: d67857bf55235d7bd2af03785e61073f |
M22-M9049 | NetWire_c69a5fdc | Windows |
This strike sends a malware sample known as NetWire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | c69a5fdc28d64c93f41e8944d88ebd1c | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: f7a74e6284a41f39cba3f0c186c61ad96fac8a3099b88e04071fdd8e1eabe9bfSHA1: ee6ec5ff0a45b890d088af5ada8e957182f0ad13MD5: c69a5fdc28d64c93f41e8944d88ebd1c |
M22-M9004 | Shikitega_0f1f2d4a | Linux |
This strike sends a malware sample known as Shikitega. Shikitega is malware that targets devices that running the Linux OS. It is delivered in a multistage infection chain where each module responds to a part of the payload and then proceeds to download and execute the next module. When run a cryptominer is executed and the attacker can is potentially granted full access to the machine. | 0f1f2d4a6fc26df7cf5d5a8c65ac8578 | https://cybersecurity.att.com/blogs/labs-research/shikitega-new-stealthy-malware-targeting-linuxSHA256: 8462d0d14c4186978715ad5fa90cbb679c8ff7995bcefa6f9e11b16e5ad63732SHA1: 6acba32a32d4d0dd01ad17db719d0d0bc26b551dMD5: 0f1f2d4a6fc26df7cf5d5a8c65ac8578 |
M22-M9046 | DarkKomet_c311aa40 | Windows |
This strike sends a malware sample known as DarkKomet. DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc. | c311aa4054689cce23a9d3daa0188312 | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 0521c25b0e73636633fc888ecb616c71e37cc63cdef64d531938fb41cb5190c3SHA1: 83a446e68474bcafc2a0f3227f14f660a40b9543MD5: c311aa4054689cce23a9d3daa0188312 |
M22-M901a | DarkKomet_6c7bb741 | Windows |
This strike sends a malware sample known as DarkKomet. DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc. | 6c7bb74133fa4462f030de13415108d1 | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 0b8d380e9ff7c2cdd17b4e95d6663d1b21db1c955b0c933d68bd66c9c8b1b74bSHA1: 61f2bc88935451f0525ccd9e2dba7ff00a3f641bMD5: 6c7bb74133fa4462f030de13415108d1 |
M22-M9053 | NetWire_e124339f | Windows |
This strike sends a malware sample known as NetWire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | e124339f08506d6b5bab4d071784a65e | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: 8f8813e3ed0cdb3ac92de8e6003bc83c0ec859fc717748cab6a45f56a98a9201SHA1: bcac9d8f2919ed3e57ad78f4a5c999b3b9faf88fMD5: e124339f08506d6b5bab4d071784a65e |
M22-M905f | HomeLand | Windows |
This strike sends a polymorphic malware sample known as HomeLand Justice Encryptor. Iranian state cyber actors calling themselves "HomeLand Justice" launched a cyber attack against the Government of Albania. During the attack the attackers conducted lateral movements, network reconnaissance, and credential harvesting against the Albanian Government. This attack also included a ransomware-style file encryptor and disk wiping malware. This sample is the GoXML.exe ransomware encryptor.The binary has random strings (lorem ipsum) appended at the end of the file. | 2fc18ad9d19c40895dfa3aa743188082 | https://www.cisa.gov/uscert/ncas/alerts/aa22-264aSHA256: a2ac771515d37a4c7fced4d0b2c691feaff021596ebdd16ed1cd1e18e12c4188https://attack.mitre.org/techniques/T1009/PARENTID: M22-M9044SSDEEP: 768:+OFu8Q3w6QzfR5Jni6SQD7qSFDs6P93/q0XIc/UB5EPABWhU:RFu8QAFzffJui79f13/AnB5EPAk+SHA1: 971f059d73486eb88e3488a497751b0b7dcca4d0MD5: 2fc18ad9d19c40895dfa3aa743188082 |
M22-M9056 | NetWire_ee8b2b97 | Windows |
This strike sends a malware sample known as NetWire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | ee8b2b973977faff498e0ab45b01251c | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: 49f2bb5892eda8223f4709f6b84366911b000652eb19085b09dc5998fe8c8259SHA1: c064c5f7d6af57c6211231e463e68de132b81440MD5: ee8b2b973977faff498e0ab45b01251c |
M22-M9036 | Cerber_a8aa7411 | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | a8aa7411837c2341c9c281d60c18a934 | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: b86d1564a606793a4427d5795a37825eeb11296b01cae339da01ab64feb73922SHA1: a921a2dddd3eadaebf277e3a61557c273952cf81MD5: a8aa7411837c2341c9c281d60c18a934 |
M22-M9021 | Shikitega_7b229d73 | Linux |
This strike sends a malware sample known as Shikitega. Shikitega is malware that targets devices that running the Linux OS. It is delivered in a multistage infection chain where each module responds to a part of the payload and then proceeds to download and execute the next module. When run a cryptominer is executed and the attacker can is potentially granted full access to the machine. | 7b229d73b7c5c55fda0e1f57ceaaf118 | https://cybersecurity.att.com/blogs/labs-research/shikitega-new-stealthy-malware-targeting-linuxSHA256: f7f105c0c669771daa6b469de9f99596647759d9dd16d0620be90005992128ebSHA1: a046a2ddb1d4baa6cbc6611a3d072a28ff893e1fMD5: 7b229d73b7c5c55fda0e1f57ceaaf118 |
M22-M9012 | Shikitega_557bdc56 | Linux |
This strike sends a malware sample known as Shikitega. Shikitega is malware that targets devices that running the Linux OS. It is delivered in a multistage infection chain where each module responds to a part of the payload and then proceeds to download and execute the next module. When run a cryptominer is executed and the attacker can is potentially granted full access to the machine. | 557bdc5602b301d5584a34b27328b019 | https://cybersecurity.att.com/blogs/labs-research/shikitega-new-stealthy-malware-targeting-linuxSHA256: b9db845097bbf1d2e3b2c0a4a7ca93b0dc80a8c9e8dbbc3d09ef77590c13d331SHA1: 74d584862b851fbf54605c205f447fc5cfb517eeMD5: 557bdc5602b301d5584a34b27328b019 |
M22-M9045 | BlackMatter_c06b8cb2 | Windows |
This strike sends a malware sample known as BlackMatter. BlackMatter is a Ransomware-as-a-Service or RaaS. It has followed in the footsteps of its predecessors DarkSide and REvil with a lot of the same functionality. It can elevate privileges, kill processes, and even steals the victim's details. | c06b8cb2c5e3e282c7cc26836ce83f9b | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 00d3f19ff84cddc5b0cfc9d9b053a99b493add5a9bf8ec74659ef9b3d9298de6SHA1: 19c82b4e28245d30e7002d52ec1385886412a14fMD5: c06b8cb2c5e3e282c7cc26836ce83f9b |
M22-M9019 | NetWire_6c7173b5 | Windows |
This strike sends a malware sample known as NetWire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | 6c7173b5cb3cc73798312015cca492b7 | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: 27288965d55cf7459cfa35b7a37ab9298f34e6e7734f6d6609527d573e5db71eSHA1: e4792eb9aa651f0e03df2c9819e1d13b754093a3MD5: 6c7173b5cb3cc73798312015cca492b7 |
M22-M902d | Cerber_a1456115 | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | a1456115c9688f5792bdcd2723764f9c | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: ff2c3f6c56786af4fea96c55bb7877094ea482a162050721397dda1d82246ea0SHA1: 85c1bb03535fc78749bae6ea616d094f4490770cMD5: a1456115c9688f5792bdcd2723764f9c |
M22-M905e | HomeLand | Windows |
This strike sends a polymorphic malware sample known as HomeLand Justice Encryptor. Iranian state cyber actors calling themselves "HomeLand Justice" launched a cyber attack against the Government of Albania. During the attack the attackers conducted lateral movements, network reconnaissance, and credential harvesting against the Albanian Government. This attack also included a ransomware-style file encryptor and disk wiping malware. This sample is the GoXML.exe ransomware encryptor.The binary has the checksum removed in the PE file format. | 2e3f4d0c18c040e8ff0b8d8da1cbcc84 | https://www.cisa.gov/uscert/ncas/alerts/aa22-264aSHA256: 3f22dfd09ede9be350bd9b73e693e99450b993cb1080411ef5a772a56dc7103ahttps://arxiv.org/abs/1801.08917PARENTID: M22-M9044SSDEEP: 768:7OFu8Q3w6QzfR5Jni6SQD7qSFDs6P93/q0XIc/UB5EPABWX:qFu8QAFzffJui79f13/AnB5EPAkXSHA1: 60b266557b64485d31e6fe358fac03617cbfa9f9MD5: 2e3f4d0c18c040e8ff0b8d8da1cbcc84 |
M22-M9037 | Cerber_a916a0a7 | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | a916a0a7a6efbc763d8f3e7efbcfb631 | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: 5ce6f26a04a5bf871018eecafb8e9f8f7284ebbd134230574da1574830d4646eSHA1: 3d4357870352209092989ff47d0e394e02235c7fMD5: a916a0a7a6efbc763d8f3e7efbcfb631 |
M22-M9040 | Cerber_b54b348b | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | b54b348b1d7081f03c73e4b6ddc647bd | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: 9d14c9d7fca8e623607986ac1c27a149dfa9a82ac267475bed080636a5870269SHA1: cd38a694037b9082258c8c48b427db2cbef1ca7cMD5: b54b348b1d7081f03c73e4b6ddc647bd |
M22-M903a | Cerber_aed47450 | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | aed474509baebe1b716d5c65d21a2cfc | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: e5af2faef6688bf5e5889e78357bf993e13a1d21086dfb8a4ae268ae2004068fSHA1: b21625c56a0393b54fecafa92879c75e4202f89bMD5: aed474509baebe1b716d5c65d21a2cfc |
M22-M9035 | Cerber_a7b5ca0a | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | a7b5ca0afd68452ccfa9f037936f06f5 | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: 06cba247d80b0c6c4f5865e34ad3c33fc1ef5ffd0a285f3009d64109b0ee3d22SHA1: a6e705c1ed0425f4ab778b841e26309072601fcdMD5: a7b5ca0afd68452ccfa9f037936f06f5 |
M22-M902e | Cerber_a1652735 | Windows |
This strike sends a malware sample known as Cerber. Cerber is ransomware that encrypts documents, photos, databases and other important files using the file extension ".cerber. | a16527350f21508630e955fc6efab7d8 | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: 3c6776dd10054cad73b50c96d62e3b7a1e807ef1f8e6355d097cac12ddccb8c8SHA1: 3d0e4aea6eac68fd1f2150f4a69d515b0bb612c5MD5: a16527350f21508630e955fc6efab7d8 |
M22-M9013 | Deadbolt_5e185a8b | Linux |
This strike sends a malware sample known as Deadbolt. Deadbolt malware is a ransomware that was first seen targeting QNAP NAS devices during Jan 2022. It has a multi-tiered payment and extortion scheme, a flexible configuration, and is heavily automated. | 5e185a8b4077a9149fa5cc6ae2bea12c | https://www.bleepingcomputer.com/news/security/deadbolt-ransomware-now-targets-asustor-devices-asks-50-btc-for-master-key/SHA256: 80986541450b55c0352beb13b760bbd7f561886379096cf0ad09381c9e09fe5cSHA1: e70114e0bcf764c8bffbe740158535302880ef0fMD5: 5e185a8b4077a9149fa5cc6ae2bea12c |
M22-M9047 | DarkKomet_c633939e | Windows |
This strike sends a malware sample known as DarkKomet. DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc. | c633939e77b5cad28435cd6d1992f733 | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 34e3b029473a25d0eed41532071b5fd8f217e24e31642985324e48e0cd832313SHA1: beb9eb6895f973e8652f93ec792ce899653e07f2MD5: c633939e77b5cad28435cd6d1992f733 |
M22-M9059 | Deadbolt_f2bf3c75 | Linux |
This strike sends a malware sample known as Deadbolt. Deadbolt malware is a ransomware that was first seen targeting QNAP NAS devices during Jan 2022. It has a multi-tiered payment and extortion scheme, a flexible configuration, and is heavily automated. | f2bf3c75b172112d492d985917064f0b | https://www.bleepingcomputer.com/news/security/deadbolt-ransomware-now-targets-asustor-devices-asks-50-btc-for-master-key/SHA256: e16dc8f02d6106c012f8fef2df8674907556427d43caf5b8531e750cf3aeed77SHA1: 9d408f9c17575bfe09c1adb5830bfcdd6c3ee061MD5: f2bf3c75b172112d492d985917064f0b |
M22-M904c | NetWire_cdc526f8 | Windows |
This strike sends a malware sample known as NetWire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | cdc526f81bb9883a6027caf1befea29f | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: 3788fc76ea84b87735527d224d39b4672b970c6bbcdd59b60978945b76d0fb1bSHA1: bf9b7bc7823baf60787f8270eb3ff3782fb19087MD5: cdc526f81bb9883a6027caf1befea29f |
M22-M905d | HomeLand | Windows |
This strike sends a polymorphic malware sample known as HomeLand Justice Encryptor. Iranian state cyber actors calling themselves "HomeLand Justice" launched a cyber attack against the Government of Albania. During the attack the attackers conducted lateral movements, network reconnaissance, and credential harvesting against the Albanian Government. This attack also included a ransomware-style file encryptor and disk wiping malware. This sample is the GoXML.exe ransomware encryptor.The binary has random bytes appended at the end of the file. | 11e534e8f9f6d2068a97d07e6b2e95d4 | https://www.cisa.gov/uscert/ncas/alerts/aa22-264aSHA256: 420625daf0e68ba1a82713137c7b9c3bb025633485a6c07dc9f585b474f8b564https://attack.mitre.org/techniques/T1009/PARENTID: M22-M9044SSDEEP: 768:+OFu8Q3w6QzfR5Jni6SQD7qSFDs6P93/q0XIc/UB5EPABW6:RFu8QAFzffJui79f13/AnB5EPAk6SHA1: a5260618d78045609fea3b4e374f3a8f7dbe97c8MD5: 11e534e8f9f6d2068a97d07e6b2e95d4 |
M22-M9001 | Shikitega_04ad59ff | Linux |
This strike sends a malware sample known as Shikitega. Shikitega is malware that targets devices that running the Linux OS. It is delivered in a multistage infection chain where each module responds to a part of the payload and then proceeds to download and execute the next module. When run a cryptominer is executed and the attacker can is potentially granted full access to the machine. | 04ad59ff2b2b8461a6d990af16bc5ca7 | https://cybersecurity.att.com/blogs/labs-research/shikitega-new-stealthy-malware-targeting-linuxSHA256: 130888cb6930500cf65fc43522e2836d21529cab9291c8073873ad7a90c1fbc5SHA1: f437d04482e90d459c4bb6722cbec928f7317871MD5: 04ad59ff2b2b8461a6d990af16bc5ca7 |
M22-M904e | BlackMatter_d19ab335 | Windows |
This strike sends a malware sample known as BlackMatter. BlackMatter is a Ransomware-as-a-Service or RaaS. It has followed in the footsteps of its predecessors DarkSide and REvil with a lot of the same functionality. It can elevate privileges, kill processes, and even steals the victim's details. | d19ab33523d0d070451213c05ed55eba | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: a6f7f973e63f3c2ef886a98663bd4aa08deb3ec9a4a8c60ead43ce5a9b9787f5SHA1: 1a80b6374e8062b44cbfd88dd7aef4265e6e7d69MD5: d19ab33523d0d070451213c05ed55eba |
M22-M9055 | BlackMatter_ec17046c | Windows |
This strike sends a malware sample known as BlackMatter. BlackMatter is a Ransomware-as-a-Service or RaaS. It has followed in the footsteps of its predecessors DarkSide and REvil with a lot of the same functionality. It can elevate privileges, kill processes, and even steals the victim's details. | ec17046c66d51485a7d029acffa1599e | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: e5bb89bea6c854818b9b5884bf9e46e51873ccba73e73ef61ff2e63def151ce0SHA1: 22964faa014445538f55af6e09091476e5f64b40MD5: ec17046c66d51485a7d029acffa1599e |
M22-M9058 | BlackMatter_f263c8c7 | Windows |
This strike sends a malware sample known as BlackMatter. BlackMatter is a Ransomware-as-a-Service or RaaS. It has followed in the footsteps of its predecessors DarkSide and REvil with a lot of the same functionality. It can elevate privileges, kill processes, and even steals the victim's details. | f263c8c7872ff7f565fa1c6af55b97ca | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: e4eda1e494929b5bf8a5affbbe56d8fa89e4868042cf844c9124d58c9094d77bSHA1: 5caf8eed546d5792f8668b54111d3c024d019af2MD5: f263c8c7872ff7f565fa1c6af55b97ca |
M22-M900b | Shikitega_2f56a330 | Linux |
This strike sends a malware sample known as Shikitega. Shikitega is malware that targets devices that running the Linux OS. It is delivered in a multistage infection chain where each module responds to a part of the payload and then proceeds to download and execute the next module. When run a cryptominer is executed and the attacker can is potentially granted full access to the machine. | 2f56a330fb253a1520e00668c6f94e47 | https://cybersecurity.att.com/blogs/labs-research/shikitega-new-stealthy-malware-targeting-linuxSHA256: 4ed78c4e90ca692f05189b80ce150f6337d237aaa846e0adf7d8097fcebacfe7SHA1: 8ef509c2b25e6475dbdc92f14117c7592af70b88MD5: 2f56a330fb253a1520e00668c6f94e47 |
M22-M9028 | DarkKomet_9d801556 | Windows |
This strike sends a malware sample known as DarkKomet. DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc. | 9d801556b05b156c65a6fcc06157ec47 | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 1dc5ac655a745dc442a017eb4fe0d86a0877726d4c84a026e8eb3dbe528953f9SHA1: 64c0732df1411bfe15d4323301db82d5e1d63229MD5: 9d801556b05b156c65a6fcc06157ec47 |
M22-M9041 | BlackMatter_b786eef4 | Windows |
This strike sends a malware sample known as BlackMatter. BlackMatter is a Ransomware-as-a-Service or RaaS. It has followed in the footsteps of its predecessors DarkSide and REvil with a lot of the same functionality. It can elevate privileges, kill processes, and even steals the victim's details. | b786eef4adf086e8dbccc1c1f8d4d164 | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 4707b114756307df755bbe231a468d02503d82947d32f9037d011075d826445eSHA1: ad42462fdc02d5ee27716eb9b348794108ca458eMD5: b786eef4adf086e8dbccc1c1f8d4d164 |
M22-M900c | DarkKomet_31f421d6 | Windows |
This strike sends a malware sample known as DarkKomet. DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc. | 31f421d6f9684d27cbf27bf9f50049ee | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 2bc2fc0088f069fb5bb5e448b106a6dc91e5177e00c443571baecac8b8afd8f9SHA1: 26a8731d067b666383200bce59252dcd4ff09d1cMD5: 31f421d6f9684d27cbf27bf9f50049ee |
M22-M9057 | BlackMatter_f13669a4 | Windows |
This strike sends a malware sample known as BlackMatter. BlackMatter is a Ransomware-as-a-Service or RaaS. It has followed in the footsteps of its predecessors DarkSide and REvil with a lot of the same functionality. It can elevate privileges, kill processes, and even steals the victim's details. | f13669a48189b6b982ca2ec90c596d39 | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: a24db7475958186ec57258d44edd465b1a060b52aff714e7f261cce41d052debSHA1: 620ec93124854065384f30977a2c21c3f0ff0383MD5: f13669a48189b6b982ca2ec90c596d39 |
M22-M9005 | BlackMatter_1060dca3 | Windows |
This strike sends a malware sample known as BlackMatter. BlackMatter is a Ransomware-as-a-Service or RaaS. It has followed in the footsteps of its predecessors DarkSide and REvil with a lot of the same functionality. It can elevate privileges, kill processes, and even steals the victim's details. | 1060dca3875b4c027b247807b0a46ef9 | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 060bd55768e0edc037651bf50c54248e9451d57d4da795b9d8ea03829085cea1SHA1: 0f6361044459498f35a811601189488d87da5daeMD5: 1060dca3875b4c027b247807b0a46ef9 |
M22-M9008 | DarkKomet_1c4705bc | Windows |
This strike sends a malware sample known as DarkKomet. DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc. | 1c4705bccd3a8c4992eeab0daeb63a49 | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 01d99de8be5d399beb94238ded93f68cecce9b05010ec2095fb88dfea30be905SHA1: dd3cd49ee4558c23aa278bf15d4896c0eb39570bMD5: 1c4705bccd3a8c4992eeab0daeb63a49 |
M22-M9027 | DarkKomet_95b89858 | Windows |
This strike sends a malware sample known as DarkKomet. DarkKomet is a freeware remote access trojan that was released by an independent software developer. It provides the same functionality you would expect from a remote access tool: keylogging, webcam access, microphone access, remote desktop, URL download, program execution, etc. | 95b8985804bcb843b80594617f027c52 | https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.htmlSHA256: 35a047096848277ecedf71875652c55466a6d1a167bb82e810591951d991c0ffSHA1: 4eeda95eb4f1120b68f1f3e9a30e5e7a3f8d6a4cMD5: 95b8985804bcb843b80594617f027c52 |
M22-M903e | NetWire_b1c25ebd | Windows |
This strike sends a malware sample known as NetWire. Netwire is a Remote Access Trojan that lets attackers execute commands on the infected host. | b1c25ebd733fcfa1c80420ddd3dad995 | https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.htmlSHA256: d22989a65a91ee78b6af2fd2a9cadf2656637959cc07cd1b92baeb8c5950b45dSHA1: 082f36859980d945b406bdafb49c4d132fa63ed8MD5: b1c25ebd733fcfa1c80420ddd3dad995 |
M22-M9061 | HomeLand | Windows |
This strike sends a polymorphic malware sample known as HomeLand Justice Encryptor. Iranian state cyber actors calling themselves "HomeLand Justice" launched a cyber attack against the Government of Albania. During the attack the attackers conducted lateral movements, network reconnaissance, and credential harvesting against the Albanian Government. This attack also included a ransomware-style file encryptor and disk wiping malware. This sample is the GoXML.exe ransomware encryptor.The binary has random contents appended in one of the existing sections in the PE file format. | 64035692b7c55caf9fd4d2535a5face3 | https://www.cisa.gov/uscert/ncas/alerts/aa22-264aSHA256: 99eb6c0a6f1960dae2d79f5513ab82715531dc5014425bad282336205e316671https://arxiv.org/abs/1801.08917PARENTID: M22-M9044SSDEEP: 768:+OFu8Q3w6QzfR5Jni6SQD7qSFDs6P93/q0XIc/UB5EPAcWX:RFu8QAFzffJui79f13/AnB5EPAtXSHA1: ce51fb7dd3e10545fa32cfb0e940d7f0f4483bfcMD5: 64035692b7c55caf9fd4d2535a5face3 |