Pulse Detail — Threat Intelligence

PULSE NAME

This Spider Bytes Like Ice

WHITE TA578 AlienVault 2024-04-04 Modified: 2024-05-04

108

IOCs

HIGH VOLUME

Proofpoint first observed new malware named Latrodectus in late November 2023, employed in email campaigns. While Latrodectus usage declined in December 2023 and January 2024, it resurged in February and March 2024 campaigns. Initially distributed by threat actor TA577 but later adopted by TA578, Latrodectus is an emerging downloader with sandbox evasion capabilities. Although sharing similarities with IcedID, researchers confirmed Latrodectus as a new malware likely created by IcedID's developers, exhibiting infrastructure overlap with historic IcedID operations.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1583 T1543 T1489 T1071 T1053 T1055 T1010 T1107 T1090 T1059 T1568 T1064 T1497 T1204 T1574 T1027 T1056 T1136 T1105 T1126

MALWARE FAMILIES

Latrodectus IcedID - S0483 Pikabot DanaBot Bumblebee - S1039

Indicators of Compromise (5 / 108 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-SHA1	305031a6d93a744cf61552ab673ddb27843ee845	—	2024-04-04
FileHash-SHA1	46b5367c51540b5b78c64d01e70115b5fcc42aa3	—	2024-04-04
FileHash-SHA1	9b5ee969ca96ba0d4547a6041c5a86bf80fd4c96	—	2024-04-04
FileHash-SHA1	eb51f3b6b62c69672dbeced9ce2252675db44222	—	2024-04-04
FileHash-SHA1	f00b5a6bbd7f500c439bfa4e4dedc79850732597	—	2024-04-04

References (1)

↗ https://www.proofpoint.com/us/blog/threat-insight/latrodectus-spider-bytes-ice