Domino

Malware updated a month ago (2024-10-24T14:31:57.860Z)
Download STIX
Preview STIX
Domino is a malicious software that infiltrated various systems, most notably IBM Domino Server and ESET Mail Security for IBM Domino, causing significant disruptions and data breaches. The malware was particularly potent due to its ability to exploit vulnerabilities in one system and trigger a domino effect, compromising other systems and services. This resulted in massive data leaks, with the most notable incident involving Domino’s India, where a hacker claimed to have accessed a 13 TB database, creating a nightmare scenario for the company. The first indication of the domino malware's impact emerged when major corporations such as Northern Star, Seek, and Domino’s Pizza experienced considerable declines in their market performance. Domino's Pizza was particularly affected, with its share price dropping by 4.1%. Further highlighting the severity of the situation, cybersecurity company CrowdStrike reported enhanced detection fidelity among its customers, including Greenhill and Domino’s Pizza Eurasia, suggesting a broad-based attack on multiple fronts. The domino malware saga took a legal turn in August 2023 when the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) placed Tornado Cash on the “Specially Designated Nationals” (SDN) list, following a federal judge's ruling in Texas. This decision effectively prohibited anyone in the United States from interacting or doing business with Tornado Cash. Despite efforts to mitigate the effects of the attack, the repercussions were widespread and palpable, underscoring the far-reaching implications of the domino malware.
Description last updated: 2024-10-22T17:40:19.557Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Domino Loader is a possible alias for Domino. Domino Loader is a sophisticated malware with significant similarities to the Domino Backdoor. It operates as a loader, infiltrating systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it gathers basic system information and sends this data to a com
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Loader
Malware
Backdoor
Ransomware
Cobalt Strike
Vulnerability
Windows
Exploit
Infostealer
Payload
Bot
India
Antivirus
Healthcare
Eset
Sharepoint
Azure
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Conti Malware is associated with Domino. Conti is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. Often spreading through suspicious downloads, emails, or websites, it can steal personal information, disrupt operations, or hold data hostage for ransom. Notably, Conti was linked to several raUnspecified
5
The Project Nemesis Malware is associated with Domino. Project Nemesis is a malicious software, or malware, that was first advertised on the dark web in December 2021. It is designed to exploit and damage computer systems by infiltrating them through suspicious downloads, emails, or websites. Once inside, Project Nemesis can steal personal information, Unspecified
4
The Diceloader Malware is associated with Domino. Diceloader is a type of malware, short for malicious software, that is designed to infiltrate and damage computer systems. It can infect systems through various means such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside a system, it can steal personal inUnspecified
3
The Lizar Malware is associated with Domino. Lizar, also known as Tirion or Diceloader, is a malicious software developed by the threat group ITG14. It's designed to exploit and damage computers or devices, infiltrating systems through suspicious downloads, emails, or websites. Once installed, it can steal personal information, disrupt operatiUnspecified
3
The Tirion Malware is associated with Domino. Tirion, also known as Lizar or DiceLoader, is a type of malware developed by the threat group ITG14, also known as FIN7. First reported in March 2020, Tirion has been observed in numerous ITG14 campaigns up until the end of 2022. This malicious software can infiltrate systems through suspicious downUnspecified
3
The Dave Loader Malware is associated with Domino. Dave Loader, also known as Domino Backdoor, is a potent malware that has been utilized in various cybercrime operations. This malicious software is designed to infiltrate computer systems and compromise user data, often without the victim's knowledge. It can be delivered through dubious downloads, eUnspecified
3
The Carbanak Malware is associated with Domino. Carbanak is a notorious malware developed by the cybercrime collective known as FIN7, also referred to as Carbon Spider, Cobalt Group, and Navigator Group. The group, which has been active since 2012, is of Russian origin and has been particularly focused on exploiting the restaurant, gambling, and Unspecified
2
The Newworldorder Loader Malware is associated with Domino. NewWorldOrder Loader is a potent malware that was identified in December 2022. It operates as a loader for other malicious software, effectively helping them infiltrate systems undetected. This harmful program is particularly notable for its association with the Domino Backdoor and Carbanak BackdoorUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The FIN7 Threat Actor is associated with Domino. FIN7, also known as Carbanak, Carbon Spider, Cobalt Group, and Navigator Group, is a notorious cybercrime group that has been active since 2012. The group is recognized for its advanced combination of malware and social engineering tactics, having executed numerous successful attacks against global Unspecified
5
The Trickbot/conti Syndicate Threat Actor is associated with Domino. The Trickbot/Conti syndicate, also known as ITG23, is a threat actor group associated with various malicious activities. Since late February 2023, this group has been linked to Domino Backdoor campaigns utilizing the Dave Loader, a tool used to load malware onto targeted systems. The IBM Security X-Unspecified
2
The ITG14 Threat Actor is associated with Domino. ITG14, a threat actor identified in the cybersecurity industry, has recently been linked to malicious activities involving the Domino Backdoor. X-Force researchers have found substantial evidence connecting the Domino Backdoor to ITG14’s Carbanak Backdoor. The Domino Backdoor not only shares signifiUnspecified
2
Source Document References
Information about the Domino Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CrowdStrike
a month ago
DARKReading
2 months ago
Securityaffairs
2 months ago
Quick Heal Technologies Ltd.
4 months ago
DARKReading
5 months ago
Securityaffairs
6 months ago
CERT-EU
8 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
Fortinet
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
Securityaffairs
9 months ago
DARKReading
9 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago
CERT-EU
a year ago
CERT-EU
a year ago