Threat: NimbleMamba
Proofpoint recently documented a new phishing campaign and associated malware by a threat actor dubbed TA402/MoleRats.
Affects: The NimbleMamba malware is a Windows-targeted intelligence-gathering tool. The associated phishing campaign seems to be primarily targeted geographically in the Middle East.
Detected by: Jamf Threat Defense identifies any phishing attempts for this current phishing campaign as of 2/10/2022.
Prevented by: Jamf Threat Defense blocks phishing attempts for this current phishing campaign as of 2/11/2022.
IOCs (as published by Proofpoint):
430c12393a1714e3f5087e1338a3e3846ab62b18d816cc4916749a935f8dab44
c61fcd8bed15414529959e8b5484b2c559ac597143c1775b1cec7d493a40369d
925aff03ab009c8e7935cfa389fc7a34482184cc310a8d8f88a25d9a89711e86
2e4671c517040cbd66a1be0f04fb8f2af7064fef2b5ee5e33d1f9d347e4c419f
Web exploit URLs:
hxxps[://]uggboots4sale[.]com
hxxps[://]easyuploadservice[.]com
Concerned about NimbleMamba taking a bite out of your Windows fleet?
Jamf Threat Defense has what it takes to defang this and countless other malware to keep your macOS, iOS, Windows and Android endpoints protected.
Subscribe to the Jamf Blog
Have market trends, Apple updates and Jamf news delivered directly to your inbox.
To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.