The Mahagrass Organization (APT-Q-36) uses the Spyder downloader to deliver the Remcos Trojan [Tuesday, November 28, 2023]

The Mahagrass Organization (APT-Q-36) uses the Spyder downloader to deliver the Remcos Trojan [Tuesday, November 28, 2023]
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/ATTACK-REPORT-LOGO-2.png
Report

The Mahagrass Organization (APT-Q-36) uses the Spyder downloader to deliver the Remcos Trojan

Description :
In just a few months, the Spyder downloader has undergone several updates, which shows the determination of the attack group to avoid detection by security protection software and complete the task of stealing intelligence, according to MP Weixin.

Published :
2023-11-28T18:27:55.149Z

Created :
2023-11-28T18:27:55.149Z

Modified :
2023-11-28T18:32:45.491Z

Tags

  • spyder
  • malware
  • remcos
  • c2 server
  • http
  • rc4 decpryption

Indicators

URLs :
  • www.wingtiptoys.com
Domains :
  • morimocanab.com
  • mfaturk.com
  • grand123099ggcarnivol.com
  • omeri12oncloudd.com
  • firebasebackups.com
Hashes :
  • 27b2cbb45e866e8db8bf8933d6749164dc97995351704f0d33f62982a9abf955
  • fbd567c08b493a4c406fcd4d9a6d7403dc572f9b4c50fc4a56d37982c25dc457
Attacks Pattern :
  • TA0011
  • T1001
  • T1204
  • T1105
External References :

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.