Project Nemesis

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
Project Nemesis is a malicious software, or malware, that was first advertised on the dark web in December 2021. It is designed to exploit and damage computer systems by infiltrating them through suspicious downloads, emails, or websites. Once inside, Project Nemesis can steal personal information, disrupt operations, or even hold data hostage for ransom. The malware has been used sparingly since its introduction, but it has played a role in a complex network of cybercriminal activities involving other malware such as Dave Loader, Domino Backdoor, and Domino Loader. The Domino Loader, in particular, has been instrumental in delivering the final payload of Project Nemesis. This payload is identified as a .NET assembly with an MD5 hash D9FFB202D6B679E5AD7303C0334CD000. The Domino backdoor and loader are both 64-bit DLLs written in Visual C++, and they have been used to deliver Project Nemesis since at least October 2022. In some cases, instead of downloading Project Nemesis, the Domino Backdoor contacts a Command and Control (C2) server to download post-exploitation tools such as Cobalt Strike. The use of these various types of malware in a single campaign underscores the complexity involved in tracking threat actors. However, it also provides insight into how these actors operate and collaborate. For instance, former Trickbot/Conti ransomware developers were spotted collaborating with FIN7, a financially motivated cybercrime gang, on new malware that delivers Project Nemesis. Furthermore, ex-Conti members likely used the Project Nemesis infostealer against lower-value targets. These intricate relationships between cybercriminal groups highlight the evolving nature of cybersecurity threats.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Domino Backdoor
3
The Domino Backdoor is a type of malware that has been linked to multiple threat groups, highlighting the complexity of tracking these actors and their operations. This malicious software, designed to exploit and damage computers or devices, can steal personal information, disrupt operations, or hol
Nemesis
3
Nemesis is a type of malware, specifically known as an infostealer, which infiltrates systems to exploit and cause damage. It often enters systems undetected through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. A deeper lo
Dave Loader
2
Dave Loader, also known as Domino Backdoor, is a potent malware that has been utilized in various cybercrime operations. This malicious software is designed to infiltrate computer systems and compromise user data, often without the victim's knowledge. It can be delivered through dubious downloads, e
Domino Loader
2
Domino Loader is a sophisticated malware with significant similarities to the Domino Backdoor. It operates as a loader, infiltrating systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it gathers basic system information and sends this data to a com
Newworldorder Loader
1
NewWorldOrder Loader is a potent malware that was identified in December 2022. It operates as a loader for other malicious software, effectively helping them infiltrate systems undetected. This harmful program is particularly notable for its association with the Domino Backdoor and Carbanak Backdoor
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Infostealer
Malware
Backdoor
Exploit
Payload
Infostealer ...
Loader
Ransomware
Cybercrime
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
DominoUnspecified
4
The Domino malware, a harmful program designed to exploit and damage computer systems, has been identified as the culprit behind a series of high-profile cyber attacks. The first notable incident occurred when a hacker claimed to have accessed Domino's India's massive 13 TB database on the Dark Web,
ContiUnspecified
1
Conti is a type of malware, specifically ransomware, which was designed to infiltrate systems, disrupt operations, and potentially hold data hostage for ransom. The malware has been used by various threat actors, including ITG23, who have utilized it alongside other malicious software such as Trickb
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
FIN7Unspecified
2
FIN7, a known threat actor in the cybersecurity world, has been recognized for its malicious activities against various entities. This group, which could be an individual, a private company, or part of a government body, is notorious for executing actions with harmful intent. One notable instance of
ITG14Unspecified
2
ITG14, a threat actor identified in the cybersecurity industry, has recently been linked to malicious activities involving the Domino Backdoor. X-Force researchers have found substantial evidence connecting the Domino Backdoor to ITG14’s Carbanak Backdoor. The Domino Backdoor not only shares signifi
ITG23Unspecified
1
ITG23, also known as the Trickbot/Conti syndicate, is a significant threat actor that has been active since 2016 in the East European cybercrime arena. This group is renowned for its use of Reflective DLL Injection code in many of its crypters, with the presence of these crypters on a file sample be
Trickbot/conti SyndicateUnspecified
1
The Trickbot/Conti syndicate, also known as ITG23, is a threat actor group associated with various malicious activities. Since late February 2023, this group has been linked to Domino Backdoor campaigns utilizing the Dave Loader, a tool used to load malware onto targeted systems. The IBM Security X-
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Project Nemesis Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
4 months ago
Ransomware crews lean into infostealers for initial access
Securityaffairs
a year ago
The intricate relationships between the FIN7 group and members of the Conti gang
Malwarebytes
a year ago
Malware authors join forces and target organisations with Domino Backdoor
SecurityIntelligence.com
a year ago
Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor
SecurityIntelligence.com
a year ago
Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor
DARKReading
a year ago
FIN7, Former Conti Gang Members Collaborate on 'Domino' Malware