Latrodectus

Latrodectus is a Windows malware downloader that has been used since at least 2023 to download and execute additional payloads and modules. Latrodectus has most often been distributed through email campaigns, primarily by TA577 and TA578, and has infrastructure overlaps with historic IcedID operations.^[1]^[2]^[3]

ID: S1160

ⓘ

Associated Software: IceNova, Unidentified 111

ⓘ

Type: MALWARE

ⓘ

Platforms: Windows

Contributors: Riku Katsuse, NEC Corporation; Sareena Karapoola, NEC Corporation India; Pooja Natarajan, NEC Corporation India; Cris Tomboc, Truswave SpiderLabs

Version: 1.0

Created: 16 September 2024

Last Modified: 30 September 2024

Version Permalink

Live Version

Associated Software Descriptions

Name	Description
IceNova	^[2]
Unidentified 111	^[2]

Techniques Used

Domain	ID		Name	Use
Enterprise	T1087	.002	Account Discovery: Domain Account	Latrodectus can run `C:\Windows\System32\cmd.exe /c net group "Domain Admins" /domain` to identify domain administrator accounts.^[4]
Enterprise	T1071	.001	Application Layer Protocol: Web Protocols

Latrodectus

Associated Software Descriptions

Enterprise Layer

Techniques Used