https://community.isc2.org/t5/Threats/Hive0137-and-AI-supplemented-malware-distribution/m-p/72515#M1277 <P>Hi All</P><P>&nbsp;</P><P>IBM X-Force tracks dozens of threat actor groups. One group in particular, tracked by X-Force as Hive0137, has been a highly active malware distributor since at least October 2023. <A href="https://securityintelligence.com/x-force/spam-trends-campaigns-senior-superlatives-2023/" target="_blank" rel="noopener nofollow">Nominated by X-Force as having the “Most Complex Infection Chain</A>” in a campaign in 2023, Hive0137 campaigns deliver DarkGate, NetSupport, T34-Loader and Pikabot malware payloads, some of which are likely used for initial access in ransomware attacks. The crypters used in the infection chains also suggest a close relationship with former members of ITG23 (Conti/Trickbot group). Following law enforcement efforts known as Operation Endgame, Hive0137 was found delivering a new backdoor known as WarmCookie.</P><P>&nbsp;</P><P><A href="https://securityintelligence.com/x-force/hive0137-on-ai-journey/" target="_blank">https://securityintelligence.com/x-force/hive0137-on-ai-journey/</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P><P>&nbsp;</P><P>&nbsp;</P> Sun, 28 Jul 2024 05:37:23 GMT Caute_cautim 2024-07-28T05:37:23Z https://community.isc2.org/t5/Threats/Hive0137-and-AI-supplemented-malware-distribution/m-p/72515#M1277 <P>Hi All</P><P>&nbsp;</P><P>IBM X-Force tracks dozens of threat actor groups. One group in particular, tracked by X-Force as Hive0137, has been a highly active malware distributor since at least October 2023. <A href="https://securityintelligence.com/x-force/spam-trends-campaigns-senior-superlatives-2023/" target="_blank" rel="noopener nofollow">Nominated by X-Force as having the “Most Complex Infection Chain</A>” in a campaign in 2023, Hive0137 campaigns deliver DarkGate, NetSupport, T34-Loader and Pikabot malware payloads, some of which are likely used for initial access in ransomware attacks. The crypters used in the infection chains also suggest a close relationship with former members of ITG23 (Conti/Trickbot group). Following law enforcement efforts known as Operation Endgame, Hive0137 was found delivering a new backdoor known as WarmCookie.</P><P>&nbsp;</P><P><A href="https://securityintelligence.com/x-force/hive0137-on-ai-journey/" target="_blank">https://securityintelligence.com/x-force/hive0137-on-ai-journey/</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P><P>&nbsp;</P><P>&nbsp;</P> Sun, 28 Jul 2024 05:37:23 GMT https://community.isc2.org/t5/Threats/Hive0137-and-AI-supplemented-malware-distribution/m-p/72515#M1277 Caute_cautim 2024-07-28T05:37:23Z https://community.isc2.org/t5/Threats/Hive0137-and-AI-supplemented-malware-distribution/m-p/72651#M1298 <P>Thanks for sharing&nbsp;<a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/809125741">@Caute_cautim</a>.</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 31 Jul 2024 06:24:59 GMT https://community.isc2.org/t5/Threats/Hive0137-and-AI-supplemented-malware-distribution/m-p/72651#M1298 Kyaw_Myo_Oo 2024-07-31T06:24:59Z https://community.isc2.org/t5/Threats/Hive0137-and-AI-supplemented-malware-distribution/m-p/72742#M1314 <P>Hive0137 is a significant threat actor group tracked by IBM X-Force, known for its complex infection chains and active malware distribution since at least October 2023. They have been involved in campaigns delivering malware like DarkGate, NetSupport, T34-Loader, and Pikabot, which are often used for initial access in ransomware attacks. Their use of crypters indicates a possible connection with former ITG23 members. Despite law enforcement's Operation Endgame, Hive0137 has adapted, now deploying a new backdoor called WarmCookie.</P> Fri, 02 Aug 2024 17:49:06 GMT https://community.isc2.org/t5/Threats/Hive0137-and-AI-supplemented-malware-distribution/m-p/72742#M1314 leefarrellhelps 2024-08-02T17:49:06Z