Marko Polo Navigates Uncharted Waters with Infostealer Empire
Sept. 17, 2024, 8:40 p.m.
Description
An analysis has uncovered a highly adaptable cybercriminal group, codenamed 'Marko Polo', that operates sophisticated scams employing information-stealing malware to target individuals and organizations globally. They primarily operate through social media, impersonating legitimate brands in sectors like online gaming, virtual meetings, productivity software, and cryptocurrency. Their extensive operation involves over 30 distinct scams, 50 malware payloads, numerous malicious domains, and hundreds of fraudulent social media accounts. This widespread campaign likely compromised tens of thousands of devices globally, exposing sensitive personal and corporate data, posing risks to consumer privacy and business continuity while generating substantial illicit revenue.
Tags
Date
- Created: Sept. 17, 2024, 7:51 p.m.
- Published: Sept. 17, 2024, 7:51 p.m.
- Modified: Sept. 17, 2024, 8:40 p.m.
Indicators
- fa634cee8d9b6d25081c943ca1c9156f846b7915ce2cba4f01329cc411e6e081
- f7dcc0c21c78db4698e03bf787c4d9329c4ec9fca1c546903a3af34d9c05d449
- de78d04f0c049d53a40c4af5589a18aee85bd6a40fce7ad6114e421921ebfb93
- d9f006c0b4cd266e641424865631091a125b4c95ae53b8341af1d9988de94383
- d17cb6113ccf97b7bc0d02da26afa766bea2e5067e745fab574b0b5b78880065
- cf8f04c3f1be5a27acbcaf08a2f0461ee48d2b4d48ddaca87904cb7c9831ab51
- cbfb45a16512c901cdfa9eff356bd7f139edc0c51133733ba80a7c0d9d1a2a61
- c7fa247cd265cbaf766be6a041fc18ecf6380ee41196ad3b7d36bc61c1130118
- c6c76d3dad043e0d516d446ca438727ddec6bd978f77eea768d6eaeb216a84d1
- c0a1c698a5d84366a7f2b64751ee0a69f5e4887e0a0bc62841fae6d9f33417aa
- 9c2c9dd2cd873c8999c3631aac8a34f32f1efed54dd31fe47527d842185ff92d
- 9a7a070029bb51daf70514402e9f6aeed4acd46a18c13478ddd3fa242a9f8a95
- 9099108338539e613d8fce7067b9e69d9cf09d1082bbedc0718c9f6d77e46288
- 87806649eaabc3da46a8ef6a983d561f8716d24dee9406bf2cd68b914c6a06a3
- 77ee7274f0a8208fccefb0138258421113554281bdf21e4d9f25fe6b11856dc4
- 724d7e92e789640991c1066399cdd96f9ddfb7a59d42fd9d8d7e2bf48d39bc2d
- 6798c877acdbcc2feec0f43fda970bc0428d8a9a7394e72325ae8cbd5e150602
- 66f085adee21f3c30ad6d7b8273a4ccac395b958536f7daf3a1772e768ee70cc
- 66085c5ac7b06960e90d4babc1a3e92fb57eaf557f61cc605865950039398a59
- 61db02e38f376e6639130ed344498b7ad190006e9e7eea46a98f83001bb419dd
- 56adf4dfb61292ceef302e1988ac2ba4551109186ad1c9f3ce87d11914157b0c
- 5528e226b747abad7e843e6d7f92f48dda13f626a766285b2e889bd8fc746b12
- 5068e7c3a1822f2f66bc99a8b20d86d66a72a828c9d01214a076a415826667ce
- 374fe0a3bd4b4dc99e1e07976fc0171c28a86f34d6810bc77e69bc58ccd764c7
- 35be11ddfa4f1d776f0b6b814a325f50189100222fe04436a50563c89c2a02bd
- 35b9d0b528f576048ea10c9087010b4df0b5d05a9c8af8a3b88e1b88b607f08f
- 257476099858ef9d284a0cf5be8e442ec59d30f4453b3807c8e5fcf091b07f6d
- 2f32a84122f86e686f93debcf02b635b0339c6d0b085e02419dff1eaa5724ec0
- 222e01ce240bf795a31775bfbd74806dd904af514935308cc89188aa1c05b621
- 1c8705af8ea8598cf5d0b7af572d7e50540bfc146fa1c2ea0859ac554d088b0b
- 16c1c1b15f8473f1babbbcae1124c7481e9a4e25331beeae5611dc4f153e7b4b
- 0b5b9d6be11c9a806763741d52d0e186e6f0e9e54d124fa2fa0374d2465599f5
- 0b4f5327c6c89f8aa2d642fc7a1955bc90ffcd8b41f21974517b7f58c3ed7323
- 00a0cb5fb4053ba9a04920ca023aae50859af4bd15fd31286ebca6d0d97f3852
- 609129a9188ca3d16832594d44d746d7434e67a99c6dd20c1785aface9ed117d
- bde29a5215e685805f00fee5f03de3478f8214195ecf93fb81562bcd6122149d
- 856979042a3c1f61050cc08e8f11856dc714ec16969bd0fc562fd47c9e6c8e4c
- 79.137.202.22
- 45.156.27.45
- 45.156.27.196
- 188.130.207.115
- 147.45.43.197
- 194.116.217.148
- 147.45.43.136
- 79.137.197.159
- 77.221.151.54
- 193.233.132.137
Attack Patterns
- HijackLoader
- StealC
- Rhadamanthys
- Marko Polo
- T1566.002
- T1189
- T1071.001
- T1204.002
- T1005
- T1082
- T1566.001
- T1020
- T1027
- T1041
- T1003