Domino

Malware Profile Updated 25 days ago
Download STIX
Preview STIX
Domino is a potent malware that has caused significant disruptions and damage to various systems. The first known attack was on Romania's Pitesi Pediatric Hospital on February 10, with subsequent attacks on other hospitals on February 11 and February 12. The malware infiltrates systems via suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. It specifically targets IBM Domino Server (CProgramFilesIBMDominodata) and several versions of ESET software, including NOD32 Antivirus, Internet Security, Smart Security Premium, Security Ultimate, Endpoint Antivirus and Endpoint Security for Windows, Server Security for Windows Server, Mail Security for Exchange Server and IBM Domino, Security for SharePoint Server, File Security for Microsoft Azure. The impact of the Domino malware has been widespread, affecting not just healthcare institutions but also businesses. Large-cap companies like Gold producer Northern Star, Seek, and Domino’s Pizza experienced substantial declines in their share prices due to the domino effect of the cyberattack. MAC Pizza Management, an operator of Domino’s Pizza restaurants based out of College Station, Texas, was also affected. Despite companies' efforts to implement workarounds, the domino effect of the attack has been palpable, indicating the severity of the threat posed by this malware. In August 2023, the situation escalated when the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”) placed Tornado Cash on the “Specially Designated Nationals” (SDN) list, effectively prohibiting anybody in the United States from interacting with or doing business with Tornado Cash. This decision was upheld by a federal judge in Texas. The cybersecurity firm has since released patches to address the issues in all vulnerable software versions, but the risk remains high in OT/ICS environments where a breach isn’t merely a data compromise but could potentially have a domino effect on physical systems.
What's your take? (Question 1 of 5)
e6a2158c-4dca-4abc-bc90-513b6cf57eff Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Domino Loader
3
Domino Loader is a sophisticated malware with significant similarities to the Domino Backdoor. It operates as a loader, infiltrating systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it gathers basic system information and sends this data to a com
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Loader
Malware
Backdoor
Cobalt Strike
Ransomware
Windows
Exploit
Infostealer
Payload
Bot
Vulnerability
Antivirus
Healthcare
Eset
Sharepoint
Azure
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ContiUnspecified
5
Conti is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them, often stealing personal information or disrupting operations. This malicious software has been used in conjunction with other forms of malware such as Trickbot, BazarLoader, IcedID, and Cobalt S
Project NemesisUnspecified
4
Project Nemesis is a malicious software, or malware, that was first advertised on the dark web in December 2021. It is designed to exploit and damage computer systems by infiltrating them through suspicious downloads, emails, or websites. Once inside, Project Nemesis can steal personal information,
DiceloaderUnspecified
3
Diceloader is a type of malware, short for malicious software, that is designed to infiltrate and damage computer systems. It can infect systems through various means such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside a system, it can steal personal in
TirionUnspecified
3
Tirion, also known as Lizar or DiceLoader, is a type of malware developed by the threat group ITG14, also known as FIN7. First reported in March 2020, Tirion has been observed in numerous ITG14 campaigns up until the end of 2022. This malicious software can infiltrate systems through suspicious down
LizarUnspecified
3
Lizar, also known as Tirion or Diceloader, is a malicious software developed by the threat group ITG14. It's designed to exploit and damage computers or devices, infiltrating systems through suspicious downloads, emails, or websites. Once installed, it can steal personal information, disrupt operati
Dave LoaderUnspecified
3
Dave Loader, also known as Domino Backdoor, is a potent malware that has been utilized in various cybercrime operations. This malicious software is designed to infiltrate computer systems and compromise user data, often without the victim's knowledge. It can be delivered through dubious downloads, e
NemesisUnspecified
3
Nemesis is a type of malware, specifically known as an infostealer, which infiltrates systems to exploit and cause damage. It often enters systems undetected through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. A deeper lo
CarbanakUnspecified
2
Carbanak is a potent form of malware, short for malicious software, which infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Carbanak can steal personal information, disrupt operations, or even hold data hostage for ransom. The
Newworldorder LoaderUnspecified
2
NewWorldOrder Loader is a potent malware that was identified in December 2022. It operates as a loader for other malicious software, effectively helping them infiltrate systems undetected. This harmful program is particularly notable for its association with the Domino Backdoor and Carbanak Backdoor
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
FIN7Unspecified
5
FIN7, a well-known threat actor group, has been actively targeting large-scale industries with sophisticated cyber attacks. Notably, they have been involved in a series of phishing attacks against a major U.S. carmaker. These targeted operations reflect FIN7's persistent and evolving strategies to c
Trickbot/conti SyndicateUnspecified
2
The Trickbot/Conti syndicate, also known as ITG23, is a threat actor group associated with various malicious activities. Since late February 2023, this group has been linked to Domino Backdoor campaigns utilizing the Dave Loader, a tool used to load malware onto targeted systems. The IBM Security X-
ITG14Unspecified
2
ITG14, a threat actor identified in the cybersecurity industry, has recently been linked to malicious activities involving the Domino Backdoor. X-Force researchers have found substantial evidence connecting the Domino Backdoor to ITG14’s Carbanak Backdoor. The Domino Backdoor not only shares signifi
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Domino Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
SecurityIntelligence.com
a year ago
Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor
SecurityIntelligence.com
a year ago
Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor
Securityaffairs
a year ago
The intricate relationships between the FIN7 group and members of the Conti gang
DARKReading
a year ago
FIN7, Former Conti Gang Members Collaborate on 'Domino' Malware
Malwarebytes
a year ago
Malware authors join forces and target organisations with Domino Backdoor
CERT-EU
8 months ago
‘Oh to see sweet justice be served.’ Woman’s Domino’s App Was Hacked And Free Pizza Credit Was Stolen, But She Got The Last Laugh. » TwistedSifter | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
Fortinet
3 months ago
Ransomware Roundup – Abyss Locker | FortiGuard Labs
CERT-EU
9 months ago
Scarabs colon-izing vulnerable servers
CERT-EU
a year ago
FIN7 cybergang tied to April PaperCut attacks | #ransomware | #cybercrime – National Cyber Security Consulting
CERT-EU
9 months ago
Mysterious Malware Uses Wi-Fi Scanning to Get Location of Infected Device
Securityaffairs
3 months ago
ESET fixed high-severity local privilege escalation bug in Windows products
CERT-EU
9 months ago
Stealthy ‘LabRat’ Campaign Abuses TryCloudflare to Hide Infrastructure
CERT-EU
5 months ago
Has your private info been compromised? These six Texas industries were hacked in 2023 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
a year ago
MAC Pizza Files Notice of Data Breach Following Recent Ransomware Attack | Console and Associates, P.C. | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
a year ago
FIN7 Hackers Caught Exploiting Recent Veeam Vulnerability
CERT-EU
5 months ago
Apple TV+ shows and movies: What to watch on Apple TV Plus
CERT-EU
a year ago
Indian Ticketing Platform RailYatri Hacked | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker – National Cyber Security Consulting
CERT-EU
9 months ago
General Stanley McChrystal announced as dinner keynote speaker for SNG 2023
DARKReading
a year ago
Schneider Power Meter Vulnerability Opens Door to Power Outages
CERT-EU
7 months ago
Winning citizens’ trust