Newworldorder Loader

Malware updated 7 months ago (2024-05-05T03:17:47.495Z)

Download STIX

Preview STIX

NewWorldOrder Loader is a potent malware that was identified in December 2022. It operates as a loader for other malicious software, effectively helping them infiltrate systems undetected. This harmful program is particularly notable for its association with the Domino Backdoor and Carbanak Backdoor, two notorious cyber threats. The malware is designed to exploit and damage computer systems, often infecting them through suspicious downloads, emails, or websites without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. The NewWorldOrder Loader was discovered by cybersecurity researchers when they noticed a change in the loading mechanism of the Domino Backdoor samples. The new loader, dubbed NewWorldOrder, was found to be more sophisticated and effective at bypassing security measures. Around the same time, researchers also uncovered instances where the NewWorldOrder Loader was used to load the Carbanak Backdoor. In both cases, the malware was disguised under the filename ThunderboltService.exe, further complicating detection efforts. IBM researchers also discovered the NewWorldOrder Loader being used to load the FIN7’s Carbanak Backdoor during the same period. This revelation highlighted the widespread use and adaptability of this loader across different cybercriminal operations. Furthermore, experts found the NewWorldOrder Loader (ThunderboltService.exe) being used to load the Project Nemesis Stealer, another dangerous malware. These findings underscore the critical role of the NewWorldOrder Loader in facilitating various cyber threats and the importance of robust cybersecurity measures to counter it.

Description last updated: 2024-05-05T03:01:00.795Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Carbanak is a possible alias for Newworldorder Loader. Carbanak is a notorious malware developed by the cybercrime collective known as FIN7, also referred to as Carbon Spider, Cobalt Group, and Navigator Group. The group, which has been active since 2012, is of Russian origin and has been particularly focused on exploiting the restaurant, gambling, and	2
Carbanak Backdoor is a possible alias for Newworldorder Loader. The Carbanak Backdoor is a notorious malware, designed to exploit and damage computer systems. It is associated with the FIN7 threat group, also known as the "Carbanak Group", although not all usage of the Carbanak Backdoor can be directly linked to FIN7. This malicious software infiltrates systems	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Loader

Backdoor

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Domino Malware is associated with Newworldorder Loader. Domino is a malicious software that infiltrated various systems, most notably IBM Domino Server and ESET Mail Security for IBM Domino, causing significant disruptions and data breaches. The malware was particularly potent due to its ability to exploit vulnerabilities in one system and trigger a domi	Unspecified	2
The Domino Backdoor Malware is associated with Newworldorder Loader. The Domino Backdoor is a type of malware that has been linked to multiple threat groups, highlighting the complexity of tracking these actors and their operations. This malicious software, designed to exploit and damage computers or devices, can steal personal information, disrupt operations, or hol	Unspecified	2

Source Document References

Information about the Newworldorder Loader Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
SecurityIntelligence.com	2 years ago	Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor
SecurityIntelligence.com	2 years ago	Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor
Securityaffairs	2 years ago	The intricate relationships between the FIN7 group and members of the Conti gang