Pulse Detail — Threat Intelligence

PULSE NAME

This Spider Bytes Like Ice

WHITE TA578 AlienVault 2024-04-04 Modified: 2024-05-04

108

IOCs

HIGH VOLUME

Proofpoint first observed new malware named Latrodectus in late November 2023, employed in email campaigns. While Latrodectus usage declined in December 2023 and January 2024, it resurged in February and March 2024 campaigns. Initially distributed by threat actor TA577 but later adopted by TA578, Latrodectus is an emerging downloader with sandbox evasion capabilities. Although sharing similarities with IcedID, researchers confirmed Latrodectus as a new malware likely created by IcedID's developers, exhibiting infrastructure overlap with historic IcedID operations.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1583 T1543 T1489 T1071 T1053 T1055 T1010 T1107 T1090 T1059 T1568 T1064 T1497 T1204 T1574 T1027 T1056 T1136 T1105 T1126

MALWARE FAMILIES

Latrodectus IcedID - S0483 Pikabot DanaBot Bumblebee - S1039

Indicators of Compromise (33 / 108 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-SHA256	090f2c5abb85a7b115dc25ae070153e4e958ae4e1bc2310226c05cd3e9429446	—	2024-04-04
FileHash-SHA256	0ac5030e2171914f43e0769cb10b602683ccc9da09369bcd4b80da6edb8be80e	—	2024-04-04
FileHash-SHA256	0e96cf6166b7cc279f99d6977ab0f45e9f47e827b8a24d6665ac4c29e18b5ce0	—	2024-04-04
FileHash-SHA256	10c129e2310342a55df5fa88331f338452835790a379d5230ee8de7d5f28ea1a	—	2024-04-04
FileHash-SHA256	378d220bc863a527c2bca204daba36f10358e058df49ef088f8b1045604d9d05	—	2024-04-04
FileHash-SHA256	3b63ea8b6f9b2aa847faa11f6cd3eb281abd9b9cceedb570713c4d78a47de567	—	2024-04-04
FileHash-SHA256	4416b8c36cb9d7cc261ff6612e105463eb2ccd4681930ca8e277a6387cb98794	—	2024-04-04
FileHash-SHA256	47d66c576393a4256d94f5ed1e77adc28426dea027f7a23e2dbf41b93b87bd78	—	2024-04-04
FileHash-SHA256	5d881d14d2336273e531b1b3d6f2d907539fe8489cbe80533280c9c72efa2273	—	2024-04-04
FileHash-SHA256	60c4b6c230a40c80381ce283f64603cac08d3a69ceea91e257c17282f66ceddc	—	2024-04-04
FileHash-SHA256	6904d382bc045eb9a4899a403a8ba8a417d9ccb764f6e0b462bc0232d3b7e7ea	—	2024-04-04
FileHash-SHA256	71fb25cc4c05ce9dd94614ed781d85a50dccf69042521abc6782d48df85e6de9	—	2024-04-04
FileHash-SHA256	77270e13d01b2318a3f27a9a477b8386f1a0ebc6d44a2c7e185cfbe55aac8017	—	2024-04-04
FileHash-SHA256	781c63cf4981fa6aff002188307b278fac9785ca66f0b6dfcf68adbe7512e491	—	2024-04-04
FileHash-SHA256	856dfa74e0f3b5b7d6f79491a94560dbf3eacacc4a8d8a3238696fa38a4883ea	—	2024-04-04
FileHash-SHA256	88573297f17589963706d9da6ced7893eacbdc7d6bc43780e4c509b88ccd2aef	—	2024-04-04
FileHash-SHA256	97e08d1c7970c1c12284c4644e2321ce41e40cdaac941e451db4d334cb9c5492	—	2024-04-04
FileHash-SHA256	97e093f2e0bf6dec8392618722dd6b4411088fe752bedece910d11fffe0288a2	—	2024-04-04
FileHash-SHA256	9a8847168fa869331faf08db71690f24e567c5cdf1f01cc5e2a8d08c93d282c9	—	2024-04-04
FileHash-SHA256	9c27405cf926d36ed8e247c17e6743ac00912789efe0c530914d7495de1e21ec	—	2024-04-04
FileHash-SHA256	a189963ff252f547fddfc394c81f6e9d49eac403c32154eebe06f4cddb5a2a22	—	2024-04-04
FileHash-SHA256	aa29a8af8d615b1dd9f52fd49d42563fbeafa35ff0ab1b4afc4cb2b2fa54a119	—	2024-04-04
FileHash-SHA256	aee22a35cbdac3f16c3ed742c0b1bfe9739a13469cf43b36fb2c63565111028c	—	2024-04-04
FileHash-SHA256	bb525dc6b7a7ebefd040e01fd48d7d4e178f8d9e5dec9033078ced4e9aa4e241	—	2024-04-04
FileHash-SHA256	d9471b038c44619739176381815bfa9a13b5ff77021007a4ede9b146ed2e04ec	—	2024-04-04
FileHash-SHA256	d98cd810d568f338f16c4637e8a9cb01ff69ee1967f4cfc004de3f283d61ba81	—	2024-04-04
FileHash-SHA256	db03a34684feab7475862080f59d4d99b32c74d3a152a53b257fd1a443e8ee77	—	2024-04-04
FileHash-SHA256	dedbc21afc768d749405de535f9b415baaf96f7664ded55d54829a425fc61d7e	—	2024-04-04
FileHash-SHA256	e7ff6a7ac5bfb0bb29547d413591abc7628c7d5576a3b43f6d8e5d95769e553a	—	2024-04-04
FileHash-SHA256	e99f3517a36a9f7a55335699cfb4d84d08b042d47146119156f7f3bab580b4d7	—	2024-04-04
FileHash-SHA256	edeacd49aff3cfea35d593e455f7caca35ac877ad6dc19054458d41021e0e13a	—	2024-04-04
FileHash-SHA256	ee1e5b80a1d3d47c7703ea2b6b64ee96283ab3628ee4fa1fef6d35d1d9051e9f	—	2024-04-04
FileHash-SHA256	f9c69e79e7799df31d6516df70148d7832b121d330beebe52cff6606f0724c62	—	2024-04-04

References (1)

↗ https://www.proofpoint.com/us/blog/threat-insight/latrodectus-spider-bytes-ice