Latrodectus

Malware updated 3 months ago (2024-06-04T18:17:37.214Z)

Download STIX

Preview STIX

Latrodectus, a new type of malware discovered in late 2023, is being used by Initial Access Brokers (IABs) in email threat campaigns. Initially mistaken for a variant of the well-known IcedID malware due to similar characteristics, researchers at Proofpoint and Team Cymru S2 Threat Research Team have determined that Latrodectus is a distinct entity, likely developed by the same creators as IcedID. Throughout February and March 2024, there was a significant increase in threat activity using this new loader, leading experts to predict that its use will continue to rise among threat actors. The malware operates through sophisticated sandbox evasion techniques, which can delay researchers and defenders from analyzing its samples. It has been named "Latrodectus" based on a string of code found during analysis. On February 9th, 22nd, and 23rd of 2024, data dumps were reported from contact form campaigns involving Latrodectus. The malware utilizes command and control servers (C2s) to send HTTP requests instructing it to execute files, collect system information, or terminate its own processes. Multiple indicators of compromise (IoCs) have been identified, including numerous URLs associated with the malware's activities. To mitigate the risks posed by Latrodectus, continued user awareness training is recommended as the malware requires user execution. As a newer loader within the threat landscape, Latrodectus has been leveraged by multiple threat actors and employs various anti-analysis techniques, such as checking the operating system version and the number of running processes. Its capabilities include collecting system information, executing files, and terminating its own processes.

Description last updated: 2024-06-04T17:18:01.630Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
IcedID	4	IcedID is a malicious software (malware) that has been linked to various cybercrime operations. The malware can infiltrate systems via suspicious downloads, emails, or websites and proceed to steal personal information, disrupt operations, or hold data for ransom. IcedID has been associated with oth

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Loader

Malware

Windows

Downloader

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Qbot	Unspecified	4	Qbot, also known as Qakbot or Pinkslipbot, is a modular information-stealing malware that emerged in 2007 as a banking trojan. Over the years, it has evolved into an advanced malware strain used by multiple cybercriminal groups to compromise networks and prepare them for ransomware attacks. The firs

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
TA577	Unspecified	4	TA577 is a threat actor, or malicious entity, known for its extensive use of QBot, a banking Trojan. In November 2023, Proofpoint's Threat Research Team identified TA577 as an initial access broker that began using Latrodectus, a new malware, in three separate intrusion campaigns. The group typicall

Source Document References

Information about the Latrodectus Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Pulsedive	3 months ago	Pulsedive Blog \| Latrodectus Threat Research
InfoSecurity-magazine	5 months ago	New Malware “Latrodectus” Linked to IcedID
BankInfoSecurity	5 months ago	Sophisticated Latrodectus Malware Linked to 2017 Strain
DARKReading	5 months ago	Latrodectus Downloader Picks Up Where QBot Left Off
Malware-traffic-analysis.net	6 months ago	Malware-Traffic-Analysis.net - 2024-02-09, 02-22 and 02-23 - Data dump: Latrodectus from Contact Forms campaign