SSLoad (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

win.ssload (Back to overview)

SSLoad

Actor(s): TA578

SSLoad runs an encrypted payload. It is easily recognizeable (for now) by the SSLoad/1.1 or SSLoad/1.2 user agent, as well as Telegram contact hXXps://t[.]me/+st2YadnCIU1iNmQy in later versions.

References

2024-04-24 ⋅ Securonix ⋅ Den Iyzvyk, Oleg Kolesnikov, Tim Peck
Analysis of Ongoing FROZEN#SHADOW Attack Campaign Leveraging SSLoad Malware and RMM Software for Domain Takeover
Cobalt Strike SSLoad

2024-04-16 ⋅ paloalto Netoworks: Unit42 ⋅ paloalto Networks: Unit42
ContactForms campaign pushing SSLoad malware
SSLoad

2024-04-11 ⋅ paloalto Netoworks: Unit42 ⋅ paloalto Networks: Unit42
Contact Forms Campaign Pushes SSLoad Malware
SSLoad

2024-01-09 ⋅ Anonymous
SSLoad
SSLoad

There is no Yara-Signature yet.

SSLoad Propose Change

References

SSLoad