Back

Marko Polo Navigates Uncharted Waters with Infostealer Empire

Sept. 17, 2024, 8:40 p.m.

Tags

impersonation
infostealers
scams
social_engineering
2024-09-17
cybercriminal
marko polo

External References

https://go.recordedfuture.com/

https://otx.alienvault.com/

Description

An analysis has uncovered a highly adaptable cybercriminal group, codenamed 'Marko Polo', that operates sophisticated scams employing information-stealing malware to target individuals and organizations globally. They primarily operate through social media, impersonating legitimate brands in sectors like online gaming, virtual meetings, productivity software, and cryptocurrency. Their extensive operation involves over 30 distinct scams, 50 malware payloads, numerous malicious domains, and hundreds of fraudulent social media accounts. This widespread campaign likely compromised tens of thousands of devices globally, exposing sensitive personal and corporate data, posing risks to consumer privacy and business continuity while generating substantial illicit revenue.

Date

Published Created Modified
Sept. 17, 2024, 7:51 p.m. Sept. 17, 2024, 7:51 p.m. Sept. 17, 2024, 8:40 p.m.

Indicators

fa634cee8d9b6d25081c943ca1c9156f846b7915ce2cba4f01329cc411e6e081

f7dcc0c21c78db4698e03bf787c4d9329c4ec9fca1c546903a3af34d9c05d449

de78d04f0c049d53a40c4af5589a18aee85bd6a40fce7ad6114e421921ebfb93

d9f006c0b4cd266e641424865631091a125b4c95ae53b8341af1d9988de94383

d17cb6113ccf97b7bc0d02da26afa766bea2e5067e745fab574b0b5b78880065

cf8f04c3f1be5a27acbcaf08a2f0461ee48d2b4d48ddaca87904cb7c9831ab51

cbfb45a16512c901cdfa9eff356bd7f139edc0c51133733ba80a7c0d9d1a2a61

c7fa247cd265cbaf766be6a041fc18ecf6380ee41196ad3b7d36bc61c1130118

c6c76d3dad043e0d516d446ca438727ddec6bd978f77eea768d6eaeb216a84d1

c0a1c698a5d84366a7f2b64751ee0a69f5e4887e0a0bc62841fae6d9f33417aa

9c2c9dd2cd873c8999c3631aac8a34f32f1efed54dd31fe47527d842185ff92d

9a7a070029bb51daf70514402e9f6aeed4acd46a18c13478ddd3fa242a9f8a95

9099108338539e613d8fce7067b9e69d9cf09d1082bbedc0718c9f6d77e46288

87806649eaabc3da46a8ef6a983d561f8716d24dee9406bf2cd68b914c6a06a3

77ee7274f0a8208fccefb0138258421113554281bdf21e4d9f25fe6b11856dc4

724d7e92e789640991c1066399cdd96f9ddfb7a59d42fd9d8d7e2bf48d39bc2d

6798c877acdbcc2feec0f43fda970bc0428d8a9a7394e72325ae8cbd5e150602

66f085adee21f3c30ad6d7b8273a4ccac395b958536f7daf3a1772e768ee70cc

66085c5ac7b06960e90d4babc1a3e92fb57eaf557f61cc605865950039398a59

61db02e38f376e6639130ed344498b7ad190006e9e7eea46a98f83001bb419dd

56adf4dfb61292ceef302e1988ac2ba4551109186ad1c9f3ce87d11914157b0c

5528e226b747abad7e843e6d7f92f48dda13f626a766285b2e889bd8fc746b12

5068e7c3a1822f2f66bc99a8b20d86d66a72a828c9d01214a076a415826667ce

374fe0a3bd4b4dc99e1e07976fc0171c28a86f34d6810bc77e69bc58ccd764c7

35be11ddfa4f1d776f0b6b814a325f50189100222fe04436a50563c89c2a02bd

35b9d0b528f576048ea10c9087010b4df0b5d05a9c8af8a3b88e1b88b607f08f

257476099858ef9d284a0cf5be8e442ec59d30f4453b3807c8e5fcf091b07f6d

2f32a84122f86e686f93debcf02b635b0339c6d0b085e02419dff1eaa5724ec0

222e01ce240bf795a31775bfbd74806dd904af514935308cc89188aa1c05b621

1c8705af8ea8598cf5d0b7af572d7e50540bfc146fa1c2ea0859ac554d088b0b

16c1c1b15f8473f1babbbcae1124c7481e9a4e25331beeae5611dc4f153e7b4b

0b5b9d6be11c9a806763741d52d0e186e6f0e9e54d124fa2fa0374d2465599f5

0b4f5327c6c89f8aa2d642fc7a1955bc90ffcd8b41f21974517b7f58c3ed7323

00a0cb5fb4053ba9a04920ca023aae50859af4bd15fd31286ebca6d0d97f3852

609129a9188ca3d16832594d44d746d7434e67a99c6dd20c1785aface9ed117d

bde29a5215e685805f00fee5f03de3478f8214195ecf93fb81562bcd6122149d

856979042a3c1f61050cc08e8f11856dc714ec16969bd0fc562fd47c9e6c8e4c

79.137.202.22

45.156.27.45

45.156.27.196

188.130.207.115

147.45.43.197

194.116.217.148

147.45.43.136

79.137.197.159

77.221.151.54

193.233.132.137

Attack Patterns

HijackLoader

StealC

Rhadamanthys

Marko Polo

T1566.002

T1189

T1071.001

T1204.002

T1005

T1082

T1566.001

T1020

T1027

T1041

T1003