NimzaLoader: TA800’s New Initial Access Malware | Proofpoint US
Tags
attack-pattern: Data Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID be1c6898-9191-4ede-b4dc-4ccc656fa009
Fingerprint ac150550a8b78e99
Analysis status DONE
Considered CTI value 2
Text language
Published March 10, 2021, 7:39 p.m.
Added to db Sept. 11, 2022, 12:43 p.m.
Last updated Nov. 18, 2024, 9:32 a.m.
Headline NimzaLoader: TA800’s New Initial Access Malware
Title NimzaLoader: TA800’s New Initial Access Malware | Proofpoint US
Detected Hints/Tags/Attributes 52/1/9
Source URLs
Redirection Url
Details Source https://www.proofpoint.com/us/blog/threat-insight/nimzaloader-ta800s-new-initial-access-malware
URL Provider
Details Provider Source level domain
Details proofpoint.com www.proofpoint.com
Attributes
Details Type #Events CTI Value
Details File 2128 
cmd.exe
Details File 1210 
powershell.exe
Details sha256 3 
540c91d46a1aa2bb306f9cc15b93bdab6c4784047d64b95561cf2759368d3d1d
Details sha256 2 
e8cbd40fda2500cd496b55df43402d8ed077b8cd965701a205c17f2b0389fce1
Details sha256 3 
52bbe09c7150ea66269c71bac8d0237fb0e6b0cae4ca63ab19807c310d6a1a0b
Details Url 2 
https://centralbancshares\.com
Details Url 2 
https://gariloy\.com
Details Url 2 
https://liqui-technik\.com
Details Url 2 
http://liqui-technik\.com/about/disassociation/better-known