Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
‎07-28-2024 01:37 AM
‎07-28-2024 01:37 AM

Hive0137 and AI-supplemented malware distribution

Hi All

 

IBM X-Force tracks dozens of threat actor groups. One group in particular, tracked by X-Force as Hive0137, has been a highly active malware distributor since at least October 2023. Nominated by X-Force as having the “Most Complex Infection Chain” in a campaign in 2023, Hive0137 campaigns deliver DarkGate, NetSupport, T34-Loader and Pikabot malware payloads, some of which are likely used for initial access in ransomware attacks. The crypters used in the infection chains also suggest a close relationship with former members of ITG23 (Conti/Trickbot group). Following law enforcement efforts known as Operation Endgame, Hive0137 was found delivering a new backdoor known as WarmCookie.

 

https://securityintelligence.com/x-force/hive0137-on-ai-journey/

 

Regards

 

Caute_Cautim

 

 

Reply
2 Replies
Kyaw_Myo_Oo
Contributor III
‎07-31-2024 02:24 AM
‎07-31-2024 02:24 AM

Thanks for sharing @Caute_cautim.

 

 

Kyaw Myo Oo
Manager , CB BANK PCL
CCIE #58769 | PCNSE | CCSM | CISSP | PMP
Reply
0 Kudos
leefarrellhelps
Newcomer I
‎08-02-2024 01:49 PM
‎08-02-2024 01:49 PM

Hive0137 is a significant threat actor group tracked by IBM X-Force, known for its complex infection chains and active malware distribution since at least October 2023. They have been involved in campaigns delivering malware like DarkGate, NetSupport, T34-Loader, and Pikabot, which are often used for initial access in ransomware attacks. Their use of crypters indicates a possible connection with former ITG23 members. Despite law enforcement's Operation Endgame, Hive0137 has adapted, now deploying a new backdoor called WarmCookie.

Reply