Happy Wednesday everyone!

The Proofpoint Threat Research team paired up with the Team Cymru to dissect the #Latrodectus malware. "First seen being used by #TA577 and more recently #TA578, Latrodectus is a downloader that likes to evade sandbox environments." The researchers take a deep dive into the code to see what information they could extract and found PLENTY!

After you are done reading, why not take a Cyborg Security Community Hunt Package to hunt for a threat like this? In the article, the researchers mention that the malware sets an AutoRun registry key for persistence, which is a common technique used by different adversaries and malware due to the capability and functionality of those registry keys. So, take this hunt package with you, it's dangerous out there! Enjoy and Happy Hunting!

Autorun or ASEP Registry Key Modification
https://hunter.cyborgsecurity.io/research/hunt-package/8289e2ad-bc74-4ae3-bfaa-cdeb4335135c

Source of article:
https://www.proofpoint.com/us/blog/threat-insight/latrodectus-spider-bytes-ice

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #huntoftheday #getHunting

Proofpoint and Team Cymru collaborated on a report on Latrodectus malware. Latrodectus is an up-and-coming downloader with various sandbox evasion functionality. It first appeared in email threat campaigns in late November 2023. Latrodectus shares infrastructure overlap with historic IcedID operations. It is being distributed by financially motivated TA577, as well as TA578. Proofpoint provides malware analysis, C2 infrastructure, links to IcedID, and list of IOC. 🔗 https://www.proofpoint.com/us/blog/threat-insight/latrodectus-spider-bytes-ice

#Latrodectus #threatintel #IcedID ##IOC #TA577 #TA578 #cybercrime