Latrodectus
Essential information
- Confidence
- 100/100
- Is family
- No
- Published
- 16/09/2024 20:47
- Modified
- 15/06/2026 20:15
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Related entities
- 67 attack patterns (mitre), 1 intrusion sets (apt), 16 sectors, 11 countries, 99 indicators, 6 vulnerabilities (cve), 19 reports
Aliases
Unidentified 111 IceNova
Description
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (67)
-
-
T1021.002 usesSMB/Windows Admin Shares MITRE
-
T1564.001 usesHidden Files and Directories MITRE
-
T1132 usesData Encoding MITRE
-
T1059.003 usesWindows Command Shell MITRE
-
Multi-Stage Channels usesT1104 MITRE
-
T1105 usesIngress Tool Transfer MITRE
-
T1047 usesWindows Management Instrumentation MITRE
-
T1010 usesApplication Window Discovery MITRE
-
T1048.003 usesExfiltration Over Unencrypted Non-C2 Protocol MITRE
-
T1518.001 usesSecurity Software Discovery MITRE
-
T1568 usesDynamic Resolution MITRE
Intrusion sets (APT) (1)
-
TA577 usesThe MITRE Corporation Confidence 100
[TA577](https://attack.mitre.org/groups/G1037) is an initial access broker (IAB) that has distributed [QakBot](https://attack.mitre.org/software/S0650) and [Pikabot](https://attack.mitre.org/software/S1145), and was among the first observed groups distributing [Latrodectus](https://attack.mitre.org/software/S1160) in 2023.(Citation: Latrodectus APR 2024)
First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (16)
-
Non-Governmental Organizations (NGOs) targets
-
Finance targets
-
Technology targets
-
Agriculture and agribusiness targets
-
Defense targets
-
Media targets
-
Telecommunications targets
-
Engineering consulting targets
-
Consulting targets
-
Education targets
-
Road transport targets
-
Retail targets
Countries (11)
-
Poland targets
-
Luxembourg targets
-
Australia targets
-
Russian Federation targets
-
China targets
-
Portugal targets
-
Hungary targets
-
British Indian Ocean Territory targets
-
Spain targets
-
United States of America targets
-
India targets
Indicators (99)
-
https://grebiunti.top/live/indicatesstix 100/100 Revoked· Valid until 21/05/2024 · Source: AlienVault -
servilinisfadustrit.comindicatesstix 100/100 Revoked· Valid until 17/03/2026 · Source: AlienVault -
http://superior-coin.com/ga/index.phpindicatesstix 100/100 Revoked· Valid until 21/05/2024 · Source: AlienVault -
stix 100/100· Valid until 09/06/2027 · Source: AlienVault
-
stix 100/100· Valid until 30/10/2026 · Source: AlienVault
-
stix 100/100· Valid until 15/02/2027 · Source: AlienVault
-
stix 100/100· Valid until 30/10/2026 · Source: AlienVault
-
stix 100/100· Valid until 30/10/2026 · Source: AlienVault
-
stix 100/100· Valid until 26/09/2026 · Source: AlienVault
Vulnerabilities (CVE) (6)
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to …
- Attack vector
- NETWORK
- Complexity
- Low
- Published
- 04/03/2026
- Modified
- 14/04/2026
Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.
- Attack vector
- Local
- Complexity
- Low
- Published
- 15/11/2017
- Modified
- 29/05/2026
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) …
- Attack vector
- Network
- Published
- 31/01/2024
- Modified
- 27/05/2026
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web …
- Attack vector
- Network
- Published
- 10/01/2024
- Modified
- 27/05/2026
7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of …
- Attack vector
- LOCAL
- Published
- 22/11/2024
- Modified
- 21/12/2025
Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.
- Attack vector
- Network
- Published
- 10/12/2021
- Modified
- 27/05/2026
Reports (19)
-
10 MITREs 9 Malwares
-
10 MITREs 3 Malwares 1 APT
-
8 MITREs 6 Malwares 11 Observables
-
11 MITREs 2 Malwares 20 Observables 1 APT
-
9 MITREs 2 Malwares 10 Observables
-
6 CVEs 10 MITREs 2 Malwares 15 Observables
-
9 MITREs 2 Malwares 7 Observables