Introduction
Malteiro is a financially motivated criminal group that is likely based in Brazil and has been active since at least November 2019. The group operates and distributes the Mispadu banking trojan via a Malware-as-a-Service (MaaS) business model. Malteiro mainly targets victims throughout Latin America (particularly Mexico) and Europe (particularly Spain and Portugal). SCILabs Malteiro 2021
Activities and Tactics
Country of Origin: 🇧🇷 Brazil
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
- T1204.002 Malicious File
- T1555.003 Credentials from Web Browsers
- T1055.001 Dynamic-link Library Injection
- T1657 Financial Theft
- T1082 System Information Discovery
- T1059.005 Visual Basic
- T1027.013 Encrypted/Encoded File
- T1518.001 Security Software Discovery
- T1566.001 Spearphishing Attachment
- T1555 Credentials from Password Stores
- T1140 Deobfuscate/Decode Files or Information
- T1614.001 System Language Discovery
ATT&CK technique IDs (denormalized)
- T1027.013
- T1055.001
- T1059.005
- T1082
- T1140
- T1204.002
- T1518.001
- T1555
- T1555.003
- T1566.001
- T1614.001
- T1657
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
- Trojan.Karagany
- Trojan.Mebromi
- CyberGate
- Cyber Eye RAT
MITRE ATT&CK Software
Attribution and Evidence
Country of Origin: Brazil Additional attribution information pending cataloguing.
References
[1] mitre-attack [2] SCILabs Malteiro 2021 SCILabs. (2021, December 23). Cyber Threat Profile Malteiro. Retrieved March 13, 2024.