LegionLoader exposed!
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
LegionLoader, also known as Satacom, CurlyGate, and RobotDropper, is an active downloader malware that has gained significant traction recently, amassing over 2,000 samples in weeks. The campaign appears to have started on December 19, 2024, with Brazil being the most affected country. The malware is delivered through drive-by downloads from insecure websites, often using the .monster TLD for malicious redirections. It employs anti-sandbox techniques and uses a multi-stage infection process. The initial MSI file extracts and executes a malicious DLL, which then downloads and executes a second stage payload. The final payload communicates with command and control servers to potentially download additional malware.
OPENCTI LABELS :
brazil,downloader,multi-stage,msi,drive-by download,robotdropper,anti-sandbox,legionloader,dll injection,curlygate,satacom
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
LegionLoader exposed!