We found a new Latrodectus version (1.4) which switched its string encryption routine to AES-256. 

This new version also utilizes the /test/ C2 endpoint, indicating that it is an early testing sample for this version.

See why we think this is malicious in plain language.

See the whole path of the sample’s execution

Map the malicious activities on the MITRE ATT&CK Framework

Explore detailed information on the IP addresses, URLs and DNS, including function logs and PCAP Streams

Download the IOCs and artifacts to have a clear picture of the threat.

Download the files that the malware downloads, drops or modifies.