NimzaLoader: TA800’s New Initial Access Malware | Proofpoint UK
Tags
attack-pattern: Data Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 20c778bb-2efe-49ee-9aa1-116514019cf9
Fingerprint ac050550a8b78e99
Analysis status DONE
Considered CTI value 2
Text language
Published March 10, 2021, 7:39 p.m.
Added to db Jan. 18, 2023, 11:35 p.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline NimzaLoader: TA800’s New Initial Access Malware
Title NimzaLoader: TA800’s New Initial Access Malware | Proofpoint UK
Detected Hints/Tags/Attributes 53/1/9
Source URLs
Redirection Url
Details Source https://www.proofpoint.com/uk/blog/threat-insight/nimzaloader-ta800s-new-initial-access-malware
URL Provider
Details Provider Source level domain
Details proofpoint.com www.proofpoint.com
Attributes
Details Type #Events CTI Value
Details File 2127 
cmd.exe
Details File 1209 
powershell.exe
Details sha256 3 
540c91d46a1aa2bb306f9cc15b93bdab6c4784047d64b95561cf2759368d3d1d
Details sha256 2 
e8cbd40fda2500cd496b55df43402d8ed077b8cd965701a205c17f2b0389fce1
Details sha256 3 
52bbe09c7150ea66269c71bac8d0237fb0e6b0cae4ca63ab19807c310d6a1a0b
Details Url 2 
https://centralbancshares\.com
Details Url 2 
https://gariloy\.com
Details Url 2 
https://liqui-technik\.com
Details Url 2 
http://liqui-technik\.com/about/disassociation/better-known