Today > 1 Critical | 6 High | 24 Medium vulnerabilities   -   You can now download lists of IOCs here!

Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID

May 21, 2024, 9:06 a.m.

Description

LATRODECTUS is a malware loader gaining popularity among cybercriminals, with strong connections to the ICEDID malware family. It offers standard capabilities for deploying payloads and conducting post-exploitation activities. Initially discovered by Walmart researchers in 2023, it continues evolving with new features like process discovery and desktop file listing. LATRODECTUS shares infrastructure and techniques with ICEDID operators, suggesting it may be a potential replacement. Elastic Security provides robust detection capabilities through memory signatures, behavioral rules, and hunting opportunities to respond to threats like LATRODECTUS.

Date

Published: May 17, 2024, 9:03 a.m.

Created: May 17, 2024, 9:03 a.m.

Modified: May 21, 2024, 9:06 a.m.

Indicators

da45560d3d24464831b5f84de7e1fbb4d52b5c46

aee22a35cbdac3f16c3ed742c0b1bfe9739a13469cf43b36fb2c63565111028c

http://www.meow123.com/test

gyxplonto.com

neaachar.com

scifimond.com

aytobusesre.com

Attack Patterns

LATRODECTUS

IcedID - S0483

T1053.005

T1218.011

T1218.007

T1059.003

T1059.007

T1070.004

T1047

T1055

T1027