Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID
May 21, 2024, 9:06 a.m.
Tags
External References
Description
LATRODECTUS is a malware loader gaining popularity among cybercriminals, with strong connections to the ICEDID malware family. It offers standard capabilities for deploying payloads and conducting post-exploitation activities. Initially discovered by Walmart researchers in 2023, it continues evolving with new features like process discovery and desktop file listing. LATRODECTUS shares infrastructure and techniques with ICEDID operators, suggesting it may be a potential replacement. Elastic Security provides robust detection capabilities through memory signatures, behavioral rules, and hunting opportunities to respond to threats like LATRODECTUS.
Date
Published: May 17, 2024, 9:03 a.m.
Created: May 17, 2024, 9:03 a.m.
Modified: May 21, 2024, 9:06 a.m.
Indicators
da45560d3d24464831b5f84de7e1fbb4d52b5c46
aee22a35cbdac3f16c3ed742c0b1bfe9739a13469cf43b36fb2c63565111028c
http://www.meow123.com/test
gyxplonto.com
neaachar.com
scifimond.com
aytobusesre.com
Attack Patterns
LATRODECTUS
IcedID - S0483
T1053.005
T1218.011
T1218.007
T1059.003
T1059.007
T1070.004
T1047
T1055
T1027