Pulse Detail — Threat Intelligence

PULSE NAME

New Malware Strain Spotted In The Wild

WHITE AlienVault 2022-12-01 Modified: 2022-12-31

IOCs

MEDIUM VOLUME

A new malware strain named DuckLogs is emerging in the wild, according to Cyble Research and Intelligence Labs (CRIL). DuckLogs is a unique combination of Stealer, Keylogger, and Clipper malware bundled into one malicious software package available in cybercrime forums for a relatively low price, making this threat dangerous to a wider set of potential victims.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1056 T1548 T1127 T1566 T1115 T1496 T1027 T1140 T1047 T1055 T1057 T1059 T1071 T1082 T1102 T1105 T1204 T1497 T1518 T1547 T1562 T1573

MALWARE FAMILIES

DuckLogs

Indicators of Compromise (23)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	58a0f68310f775b4bd4ea251064ed667	—	2022-12-01
FileHash-MD5	5bbbef641b0d73309939c16a8bb1621b	—	2022-12-01
FileHash-SHA1	83c727335125f06b712cf4390bb9d265f77088a0	—	2022-12-01
FileHash-SHA1	c790ad50365158aecd4599ebab8db004bf9a9091	—	2022-12-01
FileHash-SHA256	e15bf47074cc31f3445b3efb8ad75fac95ab085b5598cc82075902292ab8276b	—	2022-12-01
FileHash-SHA256	e9bec9d4e28171c1a71acad17b20c32d503afa4f0ccfe5737171854b59344396	—	2022-12-01
URL	http://ilovetheducks.ru/host/drops/Gh879pKQj/btvM8o8sv.exe	—	2022-12-01
URL	http://ilovetheducks.ru/host/drops/JTQ4iHTm3/wT9lPlvPK.exe	—	2022-12-01
URL	http://ilovetheducks.ru/host/drops/e563bgj4y/hrldcrajl.exe	—	2022-12-01
URL	http://lovableduck.ru/host/drops/KI2kRAS0x/rrxgKvAJd.exe	—	2022-12-01
URL	http://lovableduck.ru/host/drops/eYjqq6Ezx/ee48v958r.exe	—	2022-12-01
URL	http://lovableduck.ru/host/drops/k1rf7fmny/lr2xfd9m9.exe	—	2022-12-01
URL	http://quackquack.ru/host/drops/Gh879pKQj/btvM8o8sv.exe	—	2022-12-01
URL	http://quackquack.ru/host/drops/g6tujhiry/hjt50kzbo.exe	—	2022-12-01
URL	http://quackquack.ru/host/drops/jgh1zyoel/fsgrvawrq.exe	—	2022-12-01
URL	http://smallduck.ru/host/drops/20NVT6CUe/9GseGAVEy.exe	—	2022-12-01
URL	http://smallduck.ru/host/drops/SrM7WQD2E/7s4udn5F1.exe	—	2022-12-01
URL	http://smallduck.ru/host/drops/ezQEvGqPI/nZAQiWiHm.exe	—	2022-12-01
domain	ducklogs.com	—	2022-12-01
domain	ilovetheducks.ru	—	2022-12-01
domain	lovableduck.ru	—	2022-12-01
domain	quackquack.ru	—	2022-12-01
domain	smallduck.ru	—	2022-12-01

References (1)

↗ https://blog.cyble.com/2022/12/01/ducklogs-new-malware-strain-spotted-in-the-wild/