Molerats APT Makes a Comeback Now Leveraging NimbleMamba Malware

Molerats APT group also dubbed TA402 returns by leading a new reportedly cyberespionage campaign that employs NimbleMamba malware.

NimbleMamba Malware Leveraged in New Malicious Campaign

A report has been recently published by the Proofpoint researchers on a new email phishing campaign. According to them, various foreign-policy think tanks, Middle Eastern governments, and a state-affiliated airline are targeted.

The threat actors are using this time a malware called NimbleMamba described as a trojan that collects intelligence and is distributed by means of phishing lures. Besides, the experts also noticed the usage of a secondary payload dubbed BrittleBush.

Three types of emails were employed in this malicious campaign, posing as emails from Dropbox, UGG boots, and Quora. The timeframe these were delivered indicates November 2021 and January 2022. In one of the malicious emails, hackers made use of a Gmail account, however, a shift happened as they further used Dropbox URLs to spread compromised .rar files encompassing NimbleMamba malware.

NimbleMamba’s configuration is retrieved from a paste on the website JustPasteIt. NimbleMamba takes the current timestamp from an online real-time service to ensure that the timestamp matches the current time. Some computers may have modified time settings and this method ensures that the

Read More: https://heimdalsecurity.com/blog/molerats-apt-is-back-now-leveraging-nimblemamba-malware/