SPOONBEARD

Description

(FireEye) In May 2019, a SPOONBEARD-packed SCRAPMINT sample was uploaded to VirusTotal. Based on several Mandiant incident response cases, we believe SCRAPMINT has been used by multiple actors to conduct POS malware operations including FIN6.

Between August and December 2019, we identified SPOONBEARD samples that delivered AZORult or VIDAR credential theft malware. It is plausible that FIN11 used these credential stealers; however, both AZORult and VIDAR have been sold on underground forums and are used by multiple actors.

In late 2019 and early 2020, we identified SPOONBEARD samples that delivered SLOWROLL and JESTBOT respectively. SLOWROLL is a backdoor associated with TEMP.TruthTeller (aka Silent Group) post-compromise activity.

Names

Name
SPOONBEARD

Type

Dropper

Other Information

Uuid

357bbbd7-42d1-45b6-af22-637727196ab6

Last Card Change

2020-10-20

Threat Intelligence Garden

Explorer

SPOONBEARD

SPOONBEARD

Description

Names

Category

Type

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks