Jamf Blog
February 16, 2022 by Matthias Wollnik

Jamf protects against NimbleMamba malware slithering about

Jamf Threat Labs updates Jamf Threat Defense, preventing NimbaMamba from threatening your Windows devices.

Threat: NimbleMamba

Proofpoint recently documented a new phishing campaign and associated malware by a threat actor dubbed TA402/MoleRats.

Affects: The NimbleMamba malware is a Windows-targeted intelligence-gathering tool. The associated phishing campaign seems to be primarily targeted geographically in the Middle East.

Detected by: Jamf Threat Defense identifies any phishing attempts for this current phishing campaign as of 2/10/2022.

Prevented by: Jamf Threat Defense blocks phishing attempts for this current phishing campaign as of 2/11/2022.

IOCs (as published by Proofpoint):

 430c12393a1714e3f5087e1338a3e3846ab62b18d816cc4916749a935f8dab44 

c61fcd8bed15414529959e8b5484b2c559ac597143c1775b1cec7d493a40369d

925aff03ab009c8e7935cfa389fc7a34482184cc310a8d8f88a25d9a89711e86

2e4671c517040cbd66a1be0f04fb8f2af7064fef2b5ee5e33d1f9d347e4c419f

Web exploit URLs:

 hxxps[://]uggboots4sale[.]com 

hxxps[://]easyuploadservice[.]com 

Concerned about NimbleMamba taking a bite out of your Windows fleet?

Jamf Threat Defense has what it takes to defang this and countless other malware to keep your macOS, iOS, Windows and Android endpoints protected.

Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.