← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
This Spider Bytes Like Ice
WHITE TA578 AlienVault 2024-04-04 Modified: 2024-05-04
108
IOCs
HIGH VOLUME
Proofpoint first observed new malware named Latrodectus in late November 2023, employed in email campaigns. While Latrodectus usage declined in December 2023 and January 2024, it resurged in February and March 2024 campaigns. Initially distributed by threat actor TA577 but later adopted by TA578, Latrodectus is an emerging downloader with sandbox evasion capabilities. Although sharing similarities with IcedID, researchers confirmed Latrodectus as a new malware likely created by IcedID's developers, exhibiting infrastructure overlap with historic IcedID operations.
bumblebeedanabotdownloaderpikabotcampaignsicedidlatrodectusmalspam
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Latrodectus IcedID - S0483 Pikabot DanaBot Bumblebee - S1039
Indicators of Compromise (39 / 108 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
URL http://128.140.36.37/cQtDIo/0.43650426987684443.dat 2024-04-04
URL http://157.90.166.88/O3ZlYNW/0.7797109211833805.dat 2024-04-04
URL http://162.55.217.30/gRMS/0.6395541546258323.dat 2024-04-04
URL http://178.23.190.199:80/share/gsm.msi 2024-04-04
URL http://5.252.21.207 2024-04-04
URL http://5.252.21.207/share/escape.msi 2024-04-04
URL http://74.119.193.200:443 2024-04-04
URL http://77.91.73.187:443 2024-04-04
URL http://95.164.3.171/share/cisa.msi 2024-04-04
URL http://popfealt.one/files/sysinfo.bin. 2024-04-04
URL http://sokingscrosshotel.com/share/upd.msi 2024-04-04
URL http://superior-coin.com/ga/index.php 2024-04-04
URL http://superior-coin.com/ga/m/6.dll 2024-04-04
URL https://aprettopizza.world/live/ 2024-04-04
URL https://arsimonopa.com/live 2024-04-04
URL https://aytobusesre.com/live/ 2024-04-04
URL https://drifajizo.fun/live/ 2024-04-04
URL https://fluraresto.me/live/ 2024-04-04
URL https://frotneels.shop/live/ 2024-04-04
URL https://ginzbargatey.tech/live/ 2024-04-04
URL https://grebiunti.top/live/ 2024-04-04
URL https://hukosafaris.com/elearning/f/q/daas-area/chief/index.php 2024-04-04
URL https://jertacco.com/live/ 2024-04-04
URL https://lemonimonakio.com/live 2024-04-04
URL https://mastralakkot.live/live/ 2024-04-04
URL https://mazdakrichest.com/live/ 2024-04-04
URL https://miistoria.com/live 2024-04-04
URL https://minndarespo.icu/live/ 2024-04-04
URL https://nimeklroboti.info/live/ 2024-04-04
URL https://peermangoz.me/live/ 2024-04-04
URL https://plwskoret.top/live 2024-04-04
URL https://popfealt.one/live/ 2024-04-04
URL https://postolwepok.tech/live/ 2024-04-04
URL https://riverhasus.com/live/ 2024-04-04
URL https://scifimond.com/live/ 2024-04-04
URL https://sluitionsbad.tech/live/ 2024-04-04
URL https://titnovacrion.top/live/ 2024-04-04
URL https://trasenanoyr.best/live/ 2024-04-04
URL https://zumkoshapsret.com/live/ 2024-04-04
References (1)
↗ https://www.proofpoint.com/us/blog/threat-insight/latrodectus-spider-bytes-ice