Pulse Detail — Threat Intelligence

PULSE NAME

This Spider Bytes Like Ice

WHITE TA578 AlienVault 2024-04-04 Modified: 2024-05-04

108

IOCs

HIGH VOLUME

Proofpoint first observed new malware named Latrodectus in late November 2023, employed in email campaigns. While Latrodectus usage declined in December 2023 and January 2024, it resurged in February and March 2024 campaigns. Initially distributed by threat actor TA577 but later adopted by TA578, Latrodectus is an emerging downloader with sandbox evasion capabilities. Although sharing similarities with IcedID, researchers confirmed Latrodectus as a new malware likely created by IcedID's developers, exhibiting infrastructure overlap with historic IcedID operations.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1583 T1543 T1489 T1071 T1053 T1055 T1010 T1107 T1090 T1059 T1568 T1064 T1497 T1204 T1574 T1027 T1056 T1136 T1105 T1126

MALWARE FAMILIES

Latrodectus IcedID - S0483 Pikabot DanaBot Bumblebee - S1039

Indicators of Compromise (3 / 108 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	6e008b699fb7ba79a0fbd9ddc7fe975a	—	2024-04-04
FileHash-MD5	e27c6586dba78d5d302589f3b231be40	—	2024-04-04
FileHash-MD5	f9425561701935d358f4f5b7fc2e5502	—	2024-04-04

References (1)

↗ https://www.proofpoint.com/us/blog/threat-insight/latrodectus-spider-bytes-ice