Related Families: WhiteSnake, Meduza
Verticals Targeted: Finance, Business Administration
BabbleLoader
Nov 29, 2024 12:54:44 PM / by The Hivemind posted in Threat Bulletin, Loader, BabbleLoader, Meduza, WhiteSnake, Donut Loader
BumbleBee Returns With New Infection Chain
Oct 28, 2024 12:26:54 PM / by The Hivemind posted in Threat Bulletin, Loader, Bumblebee, Operation Endgame, Evolving Threat
Related Families: BazarLoader, BazaLoader
Executive Summary
BumbleBee is a sophisticated loader. It was first seen in the wild in 2022 and was a replacement for BazarLoader. It recently re-emerged with a new infection chain, indicating an evolving threat.
DarkGate
Apr 15, 2024 3:29:16 PM / by The Hivemind posted in Threat Bulletin, Loader, DarkGate, CVE-2023-36025, CVE-2024-21412
Verticals Targeted: Financial
Executive Summary
DarkGate was observed in early 2024 in a campaign leveraging CVE-2024-21412 to target entities in the financial vertical.
BunnyLoader 3.0
Mar 25, 2024 2:06:27 PM / by The Hivemind posted in Threat Bulletin, Loader, BunnyLoader, MaaS, BunnyLoader 3.0
Executive Summary
BunnyLoader malware as a service (MaaS) released its latest variant, BunnyLoader 3.0, in February. BunnyLoader 3.0 boasts multiple improvements, including a reduced payload size, keylogging capabilities, and a modular structure.
AresLoader
Oct 13, 2023 2:27:36 PM / by The Hivemind posted in Russia, Threat Bulletin, Loader, Cybercrime, AresLoader, MaaS
Executive Summary
AresLoader is a loader malware-as-a-service (MaaS) active in the wild since at least November 2022. AresLoader is designed to masquerade as legitimate software, while covertly downloading malicious payloads.
BunnyLoader
Oct 9, 2023 12:00:10 PM / by The Hivemind posted in Threat Bulletin, Loader, BunnyLoader, Malware-As-A-Service, Cybercrime
Executive Summary
BunnyLoader is a recently discovered malware-as-a-service (MaaS) threat being sold on multiple forums. It was released in September 2023 and appears to be under active development, with feature updates and bug fixes available.
Winnti Targets Hong Kong With Spyder Loader
Nov 7, 2022 1:37:10 PM / by PolySwarm Tech Team posted in Threat Bulletin, Espionage, APT41, Wicked Panda, China, Winnti, Loader, Spyder Loader
Verticals Targeted: Government
Executive Summary
Symantec recently reported on Spyder Loader, a tool used by Chinese nexus state-sponsored threat actor group Winnti to target government entities in Hong Kong.
Emotet Observed Using New TTPs
Oct 20, 2022 11:06:46 AM / by PolySwarm Tech Team posted in Threat Bulletin, Banking, Loader, Trojan, Botnet, Emotet
Related Families: TrickBot, Ryuk, QakBot, Zloader, Quantum, BlackCat