Domino

Malware Profile Updated 17 days ago
Download STIX
Preview STIX
The Domino malware, a harmful program designed to exploit and damage computer systems, has been identified as the culprit behind a series of high-profile cyber attacks. The first notable incident occurred when a hacker claimed to have accessed Domino's India's massive 13 TB database on the Dark Web, leading to a significant data leak that impacted the company severely. The attack was facilitated by a vulnerability in various versions of software such as NOD32, ESET Internet Security, ESET Smart Security Premium, and others, including those specifically designed for IBM Domino Server, which were all susceptible to the malware. The impacts of the Domino malware have not been limited to Domino's India. Other large-cap companies like Gold producer Northern Star, Seek, and even other Domino's Pizza franchises like MAC Pizza Management based out of College Station, Texas, have also experienced declines. These incidents demonstrate the so-called "domino effect" of the malware, where a single vulnerability can compromise multiple systems and services, causing widespread disruption. The situation was further complicated in August 2023 when a federal judge in Texas upheld the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”) designation, placing Tornado Cash on the “Specially Designated Nationals” (SDN) list, thereby prohibiting any U.S. interactions or business with Tornado Cash. In response to these attacks, cybersecurity experts like Dror Liwer, co-founder of Coro, have highlighted the role of human error in facilitating such breaches. According to Liwer, the first domino to fall is often a well-meaning employee who inadvertently falls into the criminal's trap. Despite efforts to implement workarounds, the effects of the Domino malware attacks continue to be felt across the affected organizations, underlining the urgent need for robust cybersecurity measures and comprehensive staff training to prevent future incidents.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Domino Loader
3
Domino Loader is a sophisticated malware with significant similarities to the Domino Backdoor. It operates as a loader, infiltrating systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it gathers basic system information and sends this data to a com
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Loader
Backdoor
Cobalt Strike
Ransomware
Exploit
Infostealer
Vulnerability
Bot
Payload
Windows
Azure
India
Antivirus
Healthcare
Eset
Sharepoint
Encryption
Remote Code ...
Infostealer ...
Microsoft
Tiktok
Apple
Data Leak
Trap
Hospitals
Cybercrime
Trojan
exploitation
Zero Day
Exploits
Ics
Linux
Ftc
Google
Denial of Se...
Moveit
Extortion
Chinese
dos
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ContiUnspecified
5
Conti is a type of malware, specifically ransomware, known for its ability to disrupt operations, steal personal information, and hold data hostage for ransom. The malicious software infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. It has been used in
Project NemesisUnspecified
4
Project Nemesis is a malicious software, or malware, that was first advertised on the dark web in December 2021. It is designed to exploit and damage computer systems by infiltrating them through suspicious downloads, emails, or websites. Once inside, Project Nemesis can steal personal information,
NemesisUnspecified
3
Nemesis is a type of malware, specifically known as an infostealer, which infiltrates systems to exploit and cause damage. It often enters systems undetected through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. A deeper lo
Dave LoaderUnspecified
3
Dave Loader, also known as Domino Backdoor, is a potent malware that has been utilized in various cybercrime operations. This malicious software is designed to infiltrate computer systems and compromise user data, often without the victim's knowledge. It can be delivered through dubious downloads, e
TirionUnspecified
3
Tirion, also known as Lizar or DiceLoader, is a type of malware developed by the threat group ITG14, also known as FIN7. First reported in March 2020, Tirion has been observed in numerous ITG14 campaigns up until the end of 2022. This malicious software can infiltrate systems through suspicious down
DiceloaderUnspecified
3
Diceloader is a type of malware, short for malicious software, that is designed to infiltrate and damage computer systems. It can infect systems through various means such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside a system, it can steal personal in
LizarUnspecified
3
Lizar, also known as Tirion or Diceloader, is a malicious software developed by the threat group ITG14. It's designed to exploit and damage computers or devices, infiltrating systems through suspicious downloads, emails, or websites. Once installed, it can steal personal information, disrupt operati
CarbanakUnspecified
2
Carbanak is a sophisticated type of malware, short for malicious software, that is designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt
Newworldorder LoaderUnspecified
2
NewWorldOrder Loader is a potent malware that was identified in December 2022. It operates as a loader for other malicious software, effectively helping them infiltrate systems undetected. This harmful program is particularly notable for its association with the Domino Backdoor and Carbanak Backdoor
Carbanak BackdoorUnspecified
1
The Carbanak Backdoor is a notorious malware, designed to exploit and damage computer systems. It is associated with the FIN7 threat group, also known as the "Carbanak Group", although not all usage of the Carbanak Backdoor can be directly linked to FIN7. This malicious software infiltrates systems
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
FIN7Unspecified
5
FIN7, a notorious threat actor group known for its malicious activities, has recently been identified as targeting a large U.S. carmaker with phishing attacks. This group, which has previously operated behind fake cybersecurity companies such as Combi Security and Bastion Secure to recruit security
ITG14Unspecified
2
ITG14, a threat actor identified in the cybersecurity industry, has recently been linked to malicious activities involving the Domino Backdoor. X-Force researchers have found substantial evidence connecting the Domino Backdoor to ITG14’s Carbanak Backdoor. The Domino Backdoor not only shares signifi
Trickbot/conti SyndicateUnspecified
2
The Trickbot/Conti syndicate, also known as ITG23, is a threat actor group associated with various malicious activities. Since late February 2023, this group has been linked to Domino Backdoor campaigns utilizing the Dave Loader, a tool used to load malware onto targeted systems. The IBM Security X-
Tornado CashUnspecified
1
Tornado Cash, a known threat actor in the cybersecurity landscape, has been under the spotlight for its illicit activities. The group is associated with various malicious intents and actions, ranging from a single person to a private company or even part of a government entity. In recent times, it h
Conti Ransomware GangUnspecified
1
The Conti ransomware gang, a notorious threat actor in the cybersecurity landscape, has been responsible for extorting at least $180 million globally. The gang is infamous for the HSE cyberattack in 2021 and has been sanctioned by the National Crime Agency (NCA). In late 2021, experts suggested that
ITG23Unspecified
1
ITG23, also known as the Trickbot/Conti syndicate, is a significant threat actor that has been active since 2016 in the East European cybercrime arena. This group is renowned for its use of Reflective DLL Injection code in many of its crypters, with the presence of these crypters on a file sample be
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2023-38148Unspecified
1
None
Source Document References
Information about the Domino Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Quick Heal Technologies Ltd.
17 days ago
EXPOSED! The Terrifying Truth Behind 2022-2023 Data Breaches! How Safe Are You?
DARKReading
a month ago
LA County Dept. of Public Health Data Breach Impacts 200K
Securityaffairs
2 months ago
Critical Apache Log4j2 flaw still threatens global finance - Security Affairs
CERT-EU
5 months ago
Apple TV+ shows and movies: What to watch on Apple TV Plus
CERT-EU
5 months ago
Apple TV+ shows and movies: What to watch on Apple TV Plus
CERT-EU
5 months ago
Ransomware Attack on Change Healthcare Disrupts U.S. Healthcare Services | #ransomware | #cybercrime | National Cyber Security Consulting
Fortinet
5 months ago
Ransomware Roundup – Abyss Locker | FortiGuard Labs
CERT-EU
5 months ago
Apple TV+ shows and movies: What to watch on Apple TV Plus
CERT-EU
5 months ago
A Buyer’s Guide to OT/ICS Security Solutions
Securityaffairs
5 months ago
ESET fixed high-severity local privilege escalation bug in Windows products
DARKReading
5 months ago
Ransomware Wave at Romanian Hospitals Tied to Healthcare App
CERT-EU
6 months ago
What we can learn about preventative cybersecurity from mass hacking incidents | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
6 months ago
The Threat of Lateral Movement and 5 Ways to Prevent It
CERT-EU
7 months ago
Biden administration on track meeting initial AI order actions
CERT-EU
7 months ago
Apple TV+ shows and movies: What to watch on Apple TV Plus
CERT-EU
7 months ago
Has your private info been compromised? These six Texas industries were hacked in 2023 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
7 months ago
US tech sell-off weighs on Australian sharemarket
CERT-EU
7 months ago
Apple TV+ shows and movies: What to watch on Apple TV Plus
Securityaffairs
7 months ago
ESET fixed a high-severity bug in the Secure Traffic Scanning Feature of several products
CERT-EU
7 months ago
MitM attack in multiple ESET products