Lmst

🕷️ Latrodectus: The “Black Widow” Malware of 2025

A new threat has emerged — Latrodectus, a stealthy malware loader evolving from IcedID’s shadow.

Read the full article:
👉 https://wardenshield.com/latrodectus-malware-analysis-a-deep-dive-into-the-black-widow-of-cyber-threats-in-2025

#CyberSecurity #InfoSec #Latrodectus #ThreatIntel #MalwareAnalysis #Privacy #IcedID #DigitalSecurity #WardenShield #CyberThreats #FOSS #TechNews

Operation Endgame 2: 15 Millionen E-Mail-Adressen und 43 Millionen Passwörter | Security https://www.heise.de/news/Operation-Endgame-2-15-Millionen-E-Mail-Adressen-und-43-Millionen-Passwoerter-10396199.html #HaveIBeenPwned #Malware #Ransomware #Hacking #CyberCrime #Bumblebee #Latrodectus #Qakbot #DanaBot #HijackLoader #Warmcookie #Trickbot #Prolock #Doppelpaymer #REvil #Conti #BlackBasta #Cactus #OperationEndgame2

Operation Endgame 2.0: 20 Haftbefehle, Hunderte Server außer Gefecht gesetzt | Security https://www.heise.de/news/Operation-Endgame-2-0-20-Haftbefehle-Hunderte-Server-ausser-Gefecht-gesetzt-10394215.html #OperationEndgame #OperationEndgame2 #Malware #Ranswomware #Hacking #CyberCrime #Bumblebee #Latrodectus #Qakbot #DanaBot #HijackLoader #Warmcookie #Trickbot #Prolock #Doppelpaymer #REvil #Conti #BlackBasta #Cactus

🔥 Operation Endgame is BACK! This time targeting #BumbleBee, #Latrodectus, #DanaBot, #WarmCookie, #Qakbot and #Trickbot!

Once again this is a HUGE win, with a truly international effort! 💪

As with phase one of #OperationEndgame, Spamhaus are providing remediation support - those affected will be contacted in due course with steps to take.

For more information, read our write-up here:
👉 https://www.spamhaus.org/resource-hub/malware/botnets-disrupted-worldwide-operation-endgame-is-back/

brown widow egg sack

#latrodectus #spiders

#BREAKING: new Travis McEnery video just dropped and it's a 1h20m look at the black widow spider!! https://youtu.be/DHl_wRE4H0Y

(Two of the arachnologists who regularly advise on the series have studied black widows so this is gonna be a good one)

#SpidersOfMastodon #spiders #Theridiidae #Latrodectus

A new version of #Latrodectus is out 📣🔥

Version: 1.9
Campaign: Mimikast

The corresponding botnet C2s have been caught earlier today by @r0ny_123 🎣
📡https://threatfox.abuse.ch/browse/malware/win.latrodectus/

The relevant malware sample is available on MalwareBazaar:
📄 https://bazaar.abuse.ch/sample/762d06bfa27f703890e9eda2ba03189518c87c85826621126545cf4c78f4194c/

eingesetzt. Ein mehrschichtiger Sicherheitsansatz, unterstützt durch Tools wie Wazuh für Echtzeitüberwachung und Bedrohungserkennung, ist entscheidend, um sich vor dieser Bedrohung zu schützen. #CyberSecurity #Malware #Latrodectus #Wazuh #ThreatDetection

Ein mehrschichtiger Sicherheitsansatz, unterstützt durch Tools wie Wazuh für Echtzeitüberwachung und Bedrohungserkennung, ist entscheidend, um sich vor dieser Bedrohung zu schützen. #CyberSecurity #Malware #Latrodectus #Wazuh #ThreatDetection

The payload itself is classified as #brutel / #Latrodectus / #BruteRatel :
https://www.virustotal.com/gui/file/6ab1bee44804b0821933c7b20bbdc92deb6a21fd587a51d43761ba1500c2149d/behavior

Finally we also witnessed in the wild one of those #ClearFake / #ClickFix bait delivered per email as reported by Proofpoint in June - ending with a #brutel / #Latrodectus / #BruteRatel
payload https://www.proofpoint.com/au/blog/threat-insight/clipboard-compromise-powershell-self-pwn

#Latrodectus #Loader version 1.4
https://x.com/albertzsigovits/status/1823778045607506262

Latrodectus dropped by BR4
#Latrodectus #BruteRatel
https://blog.krakz.fr/articles/latrodectus/

Latrodectus Affiliate Resumes Operations Using Brute Ratel C4 Post Operation Endgame
#Latrodectus #BruteRatel
https://blog.reveng.ai/latrodectus-distribution-via-brc4/

Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID
#Latrodectus
https://www.elastic.co/security-labs/spring-cleaning-with-latrodectus

Spamhaus Malware Labs witnessed Smoke Loader (aka Dofoil) dropping a fresh Latrodectus sample yesterday 🤖🔥...full details below:

Compile timestamp: Thu May 09 11:08:17 2024

Payload URL:
🌐 https://urlhaus.abuse.ch/url/2844417/

Latrodectus malware sample:
📄 https://bazaar.abuse.ch/sample/240677752d6ba09cc9f98275d694c500ed75808080fd6f8d750c16a526dc4ba7/

Botnet C2 domains:
🤖 https://threatfox.abuse.ch/ioc/1268945/
🤖 https://threatfox.abuse.ch/ioc/1268946/

#malwaresample #Latrodectus

Happy Wednesday everyone!

The Proofpoint Threat Research team paired up with the Team Cymru to dissect the #Latrodectus malware. "First seen being used by #TA577 and more recently #TA578, Latrodectus is a downloader that likes to evade sandbox environments." The researchers take a deep dive into the code to see what information they could extract and found PLENTY!

After you are done reading, why not take a Cyborg Security Community Hunt Package to hunt for a threat like this? In the article, the researchers mention that the malware sets an AutoRun registry key for persistence, which is a common technique used by different adversaries and malware due to the capability and functionality of those registry keys. So, take this hunt package with you, it's dangerous out there! Enjoy and Happy Hunting!

Autorun or ASEP Registry Key Modification
https://hunter.cyborgsecurity.io/research/hunt-package/8289e2ad-bc74-4ae3-bfaa-cdeb4335135c

Source of article:
https://www.proofpoint.com/us/blog/threat-insight/latrodectus-spider-bytes-ice

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #huntoftheday #getHunting