Newworldorder Loader

Malware updated 4 months ago (2024-05-05T03:17:47.495Z)

Download STIX

Preview STIX

NewWorldOrder Loader is a potent malware that was identified in December 2022. It operates as a loader for other malicious software, effectively helping them infiltrate systems undetected. This harmful program is particularly notable for its association with the Domino Backdoor and Carbanak Backdoor, two notorious cyber threats. The malware is designed to exploit and damage computer systems, often infecting them through suspicious downloads, emails, or websites without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. The NewWorldOrder Loader was discovered by cybersecurity researchers when they noticed a change in the loading mechanism of the Domino Backdoor samples. The new loader, dubbed NewWorldOrder, was found to be more sophisticated and effective at bypassing security measures. Around the same time, researchers also uncovered instances where the NewWorldOrder Loader was used to load the Carbanak Backdoor. In both cases, the malware was disguised under the filename ThunderboltService.exe, further complicating detection efforts. IBM researchers also discovered the NewWorldOrder Loader being used to load the FIN7’s Carbanak Backdoor during the same period. This revelation highlighted the widespread use and adaptability of this loader across different cybercriminal operations. Furthermore, experts found the NewWorldOrder Loader (ThunderboltService.exe) being used to load the Project Nemesis Stealer, another dangerous malware. These findings underscore the critical role of the NewWorldOrder Loader in facilitating various cyber threats and the importance of robust cybersecurity measures to counter it.

Description last updated: 2024-05-05T03:01:00.795Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Carbanak	2	Carbanak is a sophisticated malware known for its involvement in various cyberattacks since it was first identified. This malicious software, created by the Russian criminal group FIN7 (also known as Carbanak, Carbon Spider, Cobalt Group, Navigator Group), has been active since mid-2015. The group p
Carbanak Backdoor	2	The Carbanak Backdoor is a notorious malware, designed to exploit and damage computer systems. It is associated with the FIN7 threat group, also known as the "Carbanak Group", although not all usage of the Carbanak Backdoor can be directly linked to FIN7. This malicious software infiltrates systems

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Loader

Backdoor

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Domino	Unspecified	2	The Domino malware, a harmful program designed to exploit and damage computer systems, has been identified as the culprit behind a series of high-profile cyber attacks. The first notable incident occurred when a hacker claimed to have accessed Domino's India's massive 13 TB database on the Dark Web,
Domino Backdoor	Unspecified	2	The Domino Backdoor is a type of malware that has been linked to multiple threat groups, highlighting the complexity of tracking these actors and their operations. This malicious software, designed to exploit and damage computers or devices, can steal personal information, disrupt operations, or hol

Source Document References

Information about the Newworldorder Loader Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
SecurityIntelligence.com	a year ago	Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor
SecurityIntelligence.com	a year ago	Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor
Securityaffairs	a year ago	The intricate relationships between the FIN7 group and members of the Conti gang