| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Buhtrap has been active since 2014, however their first attacks against financial institutions were only detected in August 2015. Earlier, the group had only focused on targeting banking clients. At the moment, the group is known to target Russian and Ukrainian banks. From August 2015 to February 2016 Buhtrap managed to conduct 13 successful attacks against Russian banks for a total amount of 1.8 billion rubles ($25.7 mln). The number of successful attacks against Ukrainian banks has not been identified. Buhtrap is the first hacker group using a network worm to infect the overall bank infrastructure that significantly increases the difficulty of removing all malicious functions from the network. As a result, banks have to shut down the whole infrastructure which provokes delay in servicing customers and additional losses. Malicious programs intentionally scan for machines with an automated Bank-Customer system of the Central Bank of Russia (further referred to as BCS CBR). We have not identified incidents of attacks involving online money transfer systems, ATM machines or payment gates which are known to be of interest for other criminal groups.
| 2020-06-11
⋅
SCYTHE
⋅
#ThreatThursday - Buhtrap Buhtrap |
| 2020-05-24
⋅
Positive Technologies
⋅
Operation TA505: network infrastructure. Part 3. AndroMut Buhtrap SmokeLoader |
| 2020-03-04
⋅
CrowdStrike
⋅
2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER |
| 2019-07-11
⋅
ESET Research
⋅
Buhtrap group uses zero‑day in latest espionage campaigns Buhtrap |
| 2019-04-30
⋅
ESET Research
⋅
Buhtrap backdoor and Buran ransomware distributed via major advertising platform Buhtrap ClipBanker RTM |
| 2019-03-14
⋅
DCSO
⋅
Pegasus/Buhtrap analysis of the malware stage based on the leaked source code Buhtrap |
| 2019-02-20
⋅
Kaspersky Labs
⋅
Cybercrime is focusing on accountants BuhTrap |
| 2018-07-11
⋅
GelosSnake Blog
⋅
NotCarbanak Mystery - Source Code Leak Buhtrap |
| 2016-09-28
⋅
Forcepoint
⋅
Highly Evasive Code Injection Awaits User Interaction Before Delivering Malware BuhTrap |
| 2016-03-01
⋅
Group-IB
⋅
BUHTRAP: The Evolution of Targetted Attacks Against Financial Instituitions BuhTrap |
| 2016-02-22
⋅
Symantec
⋅
Russian bank employees received fake job offers in targeted email attack Buhtrap BuhTrap |
| 2016-02-22
⋅
Symantec
⋅
Russian bank employees received fake job offers in targeted email attack Buhtrap BuhTrap |
| 2015-11-11
⋅
ESET Research
⋅
Operation Buhtrap malware distributed via ammyy.com BuhTrap |
| 2015-04-09
⋅
ESET Research
⋅
Operation Buhtrap, the trap for Russian accountants Buhtrap BuhTrap |