Threat: NimbleMamba
Proofpoint recently documented a new phishing campaign and associated malware by a threat actor dubbed TA402/MoleRats.
Affects: The NimbleMamba malware is a Windows-targeted intelligence-gathering tool. The associated phishing campaign seems to be primarily targeted geographically in the Middle East.
Detected by: Jamf Threat Defense identifies any phishing attempts for this current phishing campaign as of 2/10/2022.
Prevented by: Jamf Threat Defense blocks phishing attempts for this current phishing campaign as of 2/11/2022.
IOCs (as published by Proofpoint):
430c12393a1714e3f5087e1338a3e3846ab62b18d816cc4916749a935f8dab44
c61fcd8bed15414529959e8b5484b2c559ac597143c1775b1cec7d493a40369d
925aff03ab009c8e7935cfa389fc7a34482184cc310a8d8f88a25d9a89711e86
2e4671c517040cbd66a1be0f04fb8f2af7064fef2b5ee5e33d1f9d347e4c419f
Web exploit URLs:
hxxps[://]uggboots4sale[.]com
hxxps[://]easyuploadservice[.]com
Concerned about NimbleMamba taking a bite out of your Windows fleet?
Jamf Threat Defense has what it takes to defang this and countless other malware to keep your macOS, iOS, Windows and Android endpoints protected.
Jamf protects against DazzleSpy backdoor malware making the rounds
Sysjoker Malware got you down? Jamf’s got you covered
‘WizardUpdate’ malware recasts a malicious spell, yet still no match for Jamf Protect
How to Establish a Threat Hunting Team in Your Organization
by Category:
Have market trends, Apple updates and Jamf news delivered directly to your inbox.
To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.