Ravie Lakshmanan is a threat actor affiliated with the FIN7 cybercrime group. He has developed a new strain of malware known as Domino, which is primarily designed to facilitate follow-on exploitation on compromised systems. The malware is being used by members of the now-defunct Conti ransomware gang, indicating collaboration between the two crews. Domino is capable of gathering basic sensitive information and retrieving encrypted payloads from a remote server. It delivers the Project Nemesis information stealer that is able to amass sensitive data from clipboard, Discord, web browsers, crypto wallets, VPN services, and other apps. Domino has been linked to other malware families such as DICELOADER and NewWorldOrder Loader, which are also associated with FIN7. Microsoft has also discovered intrusions mounted by a threat actor known as DEV-0569, who leveraged BATLOADER malware to deliver Vidar and Cobalt Strike.
This article has highlighted the complexity and collaboration between threat actors when it comes to cybercrime. It has detailed the new strain of malware developed by Ravie Lakshmanan and its implications. It has also discussed the connections between Domino and other malware families, as well as the intrusions by DEV-0569.
Key Points:
• Ravie Lakshmanan is a threat actor affiliated with the FIN7 cybercrime group.
• Domino is a new strain of malware developed by Ravie Lakshmanan and is being used by members of the now-defunct Conti ransomware gang.
• Domino is capable of gathering basic sensitive information and retrieving encrypted payloads from a remote server.
• Domino is linked to other malware families such as DICELOADER and NewWorldOrder Loader.
• Microsoft has also discovered intrusions mounted by a threat actor known as DEV-0569, who leveraged BATLOADER malware to deliver Vidar and Cobalt Strike.