| SYMBOL | COMMON_NAME | aka. SYNONYMS |
FIN11 is a well-established financial crime group that has recently focused its operations on ransomware and extortion. The group has been active since 2017 and has been tracked under UNC902 and later on as TEMP.Warlok. In some ways, FIN11 is reminiscent of APT1; they are notable not for their sophistication, but for their sheer volume of activity.(FireEye) Mandiant has also responded to numerous FIN11 intrusions, but we’ve only observed the group successfully monetize access in few instances. This could suggest that the actors cast a wide net during their phishing operations, then choose which victims to further exploit based on characteristics such as sector, geolocation or perceived security posture. Recently, FIN11 has deployed CLOP ransomware and threatened to publish exfiltrated data to pressure victims into paying ransom demands. The group’s shifting monetization methods—from point-of-sale (POS) malware in 2018, to ransomware in 2019, and hybrid extortion in 2020—is part of a larger trend in which criminal actors have increasingly focused on post-compromise ransomware deployment and data theft extortion. Notably, FIN11 includes a subset of the activity security researchers call TA505, Graceful Spider, Gold Evergreen, but we do not attribute TA505’s early operations to FIN11 and caution against using the names interchangeably. Attribution of both historic TA505 activity and more recent FIN11 activity is complicated by the actors’ use of criminal service providers. Like most financially motivated actors, FIN11 doesn’t operate in a vacuum. We believe that the group has used services that provide anonymous domain registration, bulletproof hosting, code signing certificates, and private or semi-private malware. Outsourcing work to these criminal service providers likely enables FIN11 to increase the scale and sophistication of their operations.
| 2024-05-30
⋅
Europol
⋅
Largest ever operation against botnets hits dropper malware ecosystem BumbleBee IcedID SmokeLoader SystemBC TrickBot |
| 2024-05-01
⋅
Natto Thoughts
⋅
Ransom-War: Russian Extortion Operations as Hybrid Warfare, Part One Clop Conti Maze TrickBot |
| 2024-02-12
⋅
Estrellas's Blog
⋅
Unveiling custom packers: A comprehensive guide Dridex Simda |
| 2023-12-30
⋅
Rewterz Information Security
⋅
Rewterz Threat Alert – Widely Abused MSIX App Installer Disabled by Microsoft – Active IOCs EugenLoader POWERTRASH BATLOADER DarkGate FlawedGrace NetSupportManager RAT SectopRAT Storm-0506 |
| 2023-12-01
⋅
The Record
⋅
Russian developer of Trickbot malware pleads guilty, faces 35-year sentence TrickBot |
| 2023-09-07
⋅
Department of Justice
⋅
Multiple Foreign Nationals Charged in Connection with Trickbot Malware and Conti Ransomware Conspiracies Conti Conti TrickBot |
| 2023-08-30
⋅
Nisos
⋅
Trickbot in Light of Trickleaks Data TrickBot |
| 2023-07-26
⋅
Talos
⋅
Incident Response trends Q2 2023: Data theft extortion rises, while healthcare is still most-targeted vertical BianLian Clop LockBit Royal Ransom LockBit 8Base BianLian Clop LockBit Money Message Royal Ransom |
| 2023-07-13
⋅
malware.love
⋅
TrueBot Analysis Part IV - Config Extraction Silence |
| 2023-07-06
⋅
CISA
⋅
Increased Truebot Activity Infects U.S. and Canada Based Networks Silence |
| 2023-06-27
⋅
SecurityIntelligence
⋅
The Trickbot/Conti Crypters: Where Are They Now? Black Basta Conti Mount Locker PhotoLoader Royal Ransom SystemBC TrickBot |
| 2023-06-23
⋅
Fourcore
⋅
Clop Ransomware: History, Timeline, And Adversary Simulation Clop |
| 2023-06-12
⋅
The DFIR Report
⋅
A Truly Graceful Wipe Out FlawedGrace Silence |
| 2023-06-01
⋅
vmware
⋅
Carbon Black’s TrueBot Detection Silence |
| 2023-05-23
⋅
loginsoft
⋅
Taming the Storm: Understanding and Mitigating the Consequences of CVE-2023-27350 Clop LockBit Silence |
| 2023-03-31
⋅
malware.love
⋅
TrueBot Analysis Part III - Capabilities Silence |
| 2023-03-30
⋅
IBM
⋅
X-Force Prevents Zero Day from Going Anywhere Silence |
| 2023-02-27
⋅
PRODAFT Threat Intelligence
⋅
RIG Exploit Kit: In-Depth Analysis Dridex IcedID ISFB PureCrypter Raccoon RecordBreaker RedLine Stealer Royal Ransom Silence SmokeLoader Zloader |
| 2023-02-18
⋅
malware.love
⋅
TrueBot Analysis Part II - Static unpacker Silence |
| 2023-02-12
⋅
malware.love
⋅
TrueBot Analysis Part I - A short glimpse into packed TrueBot samples Silence |
| 2023-02-09
⋅
U.S. Department of the Treasury
⋅
United States and United Kingdom Sanction Members of Russia-Based Trickbot Cybercrime Gang TrickBot |
| 2023-02-08
⋅
Huntress Labs
⋅
Investigating Intrusions From Intriguing Exploits Silence |
| 2023-01-30
⋅
Checkpoint
⋅
Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted Malware Agent Tesla Azorult Buer Cerber Cobalt Strike Emotet Formbook HawkEye Keylogger Loki Password Stealer (PWS) Maze NetWire RC Remcos REvil TrickBot |
| 2022-12-27
⋅
Palo Alto Networks Unit 42
⋅
Navigating the Vast Ocean of Sandbox Evasions TrickBot Zebrocy |
| 2022-12-08
⋅
Cisco Talos
⋅
Breaking the silence - Recent Truebot activity Clop Cobalt Strike FlawedGrace Raspberry Robin Silence Teleport |
| 2022-12-06
⋅
EuRepoC
⋅
Conti/Wizard Spider BazarBackdoor Cobalt Strike Conti Emotet IcedID Ryuk TrickBot WIZARD SPIDER |
| 2022-11-11
⋅
Codesec
⋅
GraceWire / FlawedGrace malware adventure FlawedGrace |
| 2022-10-31
⋅
paloalto Netoworks: Unit42
⋅
Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure Dridex Kronos TrickBot Zeus |
| 2022-10-27
⋅
Microsoft
⋅
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity FAKEUPDATES BumbleBee Clop Fauppod Raspberry Robin Roshtyak Silence DEV-0950 Mustard Tempest |
| 2022-10-27
⋅
Bleeping Computer
⋅
Microsoft links Raspberry Robin worm to Clop ransomware attacks Clop Raspberry Robin |
| 2022-10-13
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q3 2022 FluBot Arkei Stealer AsyncRAT Ave Maria BumbleBee Cobalt Strike DCRat Dridex Emotet Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT QakBot RecordBreaker RedLine Stealer Remcos Socelars Tofsee Vjw0rm |
| 2022-09-13
⋅
AdvIntel
⋅
AdvIntel's State of Emotet aka "SpmTools" Displays Over Million Compromised Machines Through 2022 Conti Cobalt Strike Emotet Ryuk TrickBot |
| 2022-09-06
⋅
PRODAFT
⋅
TA505 Group’s TeslaGun In-Depth Analysis Clop ServHelper |
| 2022-09-05
⋅
PRODAFT
⋅
TA505 Group’s TeslaGun In-Depth Analysis ServHelper |
| 2022-09-01
⋅
IBM
⋅
Raspberry Robin and Dridex: Two Birds of a Feather Dridex Raspberry Robin |
| 2022-08-24
⋅
Github (rad9800)
⋅
Malware Madness: EXCEPTION edition Dridex |
| 2022-08-18
⋅
IBM
⋅
From Ramnit To Bumblebee (via NeverQuest): Similarities and Code Overlap Shed Light On Relationships Between Malware Developers BumbleBee Karius Ramnit TrickBot Vawtrak |
| 2022-08-15
⋅
SentinelOne
⋅
Detecting a Rogue Domain Controller – DCShadow Attack MimiKatz TrickBot |
| 2022-07-26
⋅
Mandiant
⋅
Mandiant Red Team Emulates FIN11 Tactics To Control Operational Technology Servers Clop Industroyer MimiKatz Triton |
| 2022-07-09
⋅
Artik Blue
⋅
Malware analysis with IDA/Radare2 - Basic Unpacking (Dridex first stage) Dridex |
| 2022-06-23
⋅
Kaspersky
⋅
The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs (Download Form) BlackByte BlackCat Clop Conti Hive LockBit Mespinoza RagnarLocker |
| 2022-06-23
⋅
Kaspersky
⋅
The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs Conti Hive BlackByte BlackCat Clop LockBit Mespinoza Ragnarok |
| 2022-06-15
⋅
AttackIQ
⋅
Attack Graph Emulating the Conti Ransomware Team’s Behaviors BazarBackdoor Conti TrickBot |
| 2022-06-13
⋅
Jorge Testa
⋅
Killing The Bear - Evil Corp FAKEUPDATES Babuk Blister DoppelPaymer Dridex Entropy FriedEx Hades Macaw Phoenix Locker WastedLoader WastedLocker |
| 2022-06-02
⋅
Eclypsium
⋅
Conti Targets Critical Firmware Conti HermeticWiper TrickBot WhisperGate |
| 2022-06-02
⋅
Mandiant
⋅
To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions FAKEUPDATES Blister Cobalt Strike DoppelPaymer Dridex FriedEx Hades LockBit Macaw MimiKatz Phoenix Locker WastedLocker |
| 2022-05-28
⋅
Bleeping Computer
⋅
Clop ransomware gang is back, hits 21 victims in a single month Clop |
| 2022-05-24
⋅
Deep instinct
⋅
Blame the Messenger: 4 Types of Dropper Malware in Microsoft Office & How to Detect Them Dridex Emotet |
| 2022-05-24
⋅
The Hacker News
⋅
Malware Analysis: Trickbot Cobalt Strike Conti Ryuk TrickBot |
| 2022-05-19
⋅
Palo Alto Networks Unit 42
⋅
Weaponization of Excel Add-Ins Part 2: Dridex Infection Chain Case Studies Dridex |
| 2022-05-17
⋅
Trend Micro
⋅
Ransomware Spotlight: RansomEXX LaZagne Cobalt Strike IcedID MimiKatz PyXie RansomEXX TrickBot |
| 2022-05-10
⋅
RiskIQ
⋅
RiskIQ: Identifying Dridex C2 via SSL Certificate Patterns Dridex |
| 2022-05-09
⋅
Microsoft
⋅
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker BRONZE STARLIGHT |
| 2022-05-09
⋅
Microsoft Security
⋅
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself Griffon BazarBackdoor BlackCat BlackMatter Blister Gozi LockBit Pandora Rook SystemBC TrickBot |
| 2022-05-05
⋅
YouTube (Chris Greer)
⋅
MALWARE Analysis with Wireshark // TRICKBOT Infection TrickBot |
| 2022-04-28
⋅
Symantec
⋅
Ransomware: How Attackers are Breaching Corporate Networks AvosLocker Conti Emotet Hive IcedID PhotoLoader QakBot TrickBot |
| 2022-04-27
⋅
⋅
ANSSI
⋅
LE GROUPE CYBERCRIMINEL FIN7 Bateleur BELLHOP Griffon SQLRat POWERSOURCE Andromeda BABYMETAL BlackCat BlackMatter BOOSTWRITE Carbanak Cobalt Strike DNSMessenger Dridex DRIFTPIN Gameover P2P MimiKatz Murofet Qadars Ranbyus SocksBot |
| 2022-04-27
⋅
Medium elis531989
⋅
The chronicles of Bumblebee: The Hook, the Bee, and the Trickbot connection BumbleBee TrickBot |
| 2022-04-26
⋅
Intel 471
⋅
Conti and Emotet: A constantly destructive duo Cobalt Strike Conti Emotet IcedID QakBot TrickBot |
| 2022-04-20
⋅
CISA
⋅
AA22-110A Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader |
| 2022-04-20
⋅
CISA
⋅
Alert (AA22-110A): Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader Killnet |
| 2022-04-18
⋅
RiskIQ
⋅
RiskIQ: Trickbot Rickroll TrickBot |
| 2022-04-17
⋅
BushidoToken Blog
⋅
Lessons from the Conti Leaks BazarBackdoor Conti Emotet IcedID Ryuk TrickBot |
| 2022-04-15
⋅
Arctic Wolf
⋅
The Karakurt Web: Threat Intel and Blockchain Analysis Reveals Extension of Conti Business Model Conti Diavol Ryuk TrickBot |
| 2022-04-15
⋅
Bleeping Computer
⋅
Karakurt revealed as data extortion arm of Conti cybercrime syndicate Anchor BazarBackdoor Conti TrickBot |
| 2022-04-08
⋅
ReversingLabs
⋅
ConversingLabs Ep. 2: Conti pivots as ransomware as a service struggles Conti Emotet TrickBot |
| 2022-04-05
⋅
Intel 471
⋅
Move fast and commit crimes: Conti’s development teams mirror corporate tech BazarBackdoor TrickBot |
| 2022-03-31
⋅
Trellix
⋅
Conti Leaks: Examining the Panama Papers of Ransomware LockBit Amadey Buer Conti IcedID LockBit Mailto Maze PhotoLoader Ryuk TrickBot |
| 2022-03-23
⋅
Secureworks
⋅
GOLD ULRICK Leaks Reveal Organizational Structure and Relationships Conti Emotet IcedID TrickBot |
| 2022-03-23
⋅
Secureworks
⋅
Threat Intelligence Executive Report Volume 2022, Number 2 Conti Emotet IcedID TrickBot |
| 2022-03-21
⋅
Threat Post
⋅
Conti Ransomware V. 3, Including Decryptor, Leaked Cobalt Strike Conti TrickBot |
| 2022-03-18
⋅
Avast
⋅
Mēris and TrickBot standing on the shoulders of giants Glupteba Proxy Glupteba TrickBot |
| 2022-03-16
⋅
Microsoft
⋅
Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure TrickBot |
| 2022-03-15
⋅
RiskIQ
⋅
RiskIQ: Trickbot Abuse of Compromised MikroTik Routers for Command and Control TrickBot |
| 2022-03-13
⋅
Malcat
⋅
Cutting corners against a Dridex downloader Dridex |
| 2022-03-09
⋅
Bleeping Computer
⋅
CISA updates Conti ransomware alert with nearly 100 domain names BazarBackdoor Cobalt Strike Conti TrickBot |
| 2022-03-09
⋅
BreachQuest
⋅
The Conti Leaks | Insight into a Ransomware Unicorn Cobalt Strike MimiKatz TrickBot |
| 2022-03-04
⋅
Reuters
⋅
Details of another big ransomware group 'Trickbot' leak online, experts say TrickBot |
| 2022-03-02
⋅
KrebsOnSecurity
⋅
Conti Ransomware Group Diaries, Part II: The Office Conti Emotet Ryuk TrickBot |
| 2022-03-02
⋅
CyberArk
⋅
Conti Group Leaked! TeamTNT Conti TrickBot |
| 2022-03-02
⋅
Threatpost
⋅
Conti Ransomware Decryptor, TrickBot Source Code Leaked Conti TrickBot |
| 2022-03-01
⋅
Leaks: Conti / Trickbot Conti TrickBot |
| 2022-03-01
⋅
VirusTotal
⋅
VirusTotal's 2021 Malware Trends Report Anubis AsyncRAT BlackMatter Cobalt Strike DanaBot Dridex Khonsari MimiKatz Mirai Nanocore RAT Orcus RAT |
| 2022-02-25
⋅
CyberScoop
⋅
TrickBot malware suddenly got quiet, researchers say, but it's hardly the end for its operators BazarBackdoor Emotet TrickBot |
| 2022-02-24
⋅
The Record
⋅
TrickBot gang shuts down botnet after months of inactivity TrickBot |
| 2022-02-24
⋅
The Hacker News
⋅
TrickBot Gang Likely Shifting Operations to Switch to New Malware BazarBackdoor Emotet QakBot TrickBot |
| 2022-02-24
⋅
The Hacker News
⋅
Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure BazarBackdoor Emotet TrickBot |
| 2022-02-23
⋅
Sentinel LABS
⋅
Sanctions Be Damned | From Dridex to Macaw, The Evolution of Evil Corp Dridex WastedLocker |
| 2022-02-23
⋅
SophosLabs Uncut
⋅
Dridex bots deliver Entropy ransomware in recent attacks Cobalt Strike Dridex Entropy |
| 2022-02-22
⋅
Trend Micro
⋅
Ransomware Spotlight: Clop Clop |
| 2022-02-22
⋅
Bankinfo Security
⋅
Cybercrime Moves: Conti Ransomware Absorbs TrickBot Malware Conti TrickBot |
| 2022-02-20
⋅
Security Affairs
⋅
The Conti ransomware group takes over TrickBot malware operation and plans to replace it with BazarBackdoor malware. Conti TrickBot |
| 2022-02-18
⋅
Bleeping Computer
⋅
Conti ransomware gang takes over TrickBot malware operation Conti TrickBot |
| 2022-02-16
⋅
Threat Post
⋅
TrickBot Ravages Customers of Amazon, PayPal and Other Top Brands TrickBot |
| 2022-02-16
⋅
Advanced Intelligence
⋅
The TrickBot Saga’s Finale Has Aired: Spinoff is Already in the Works TrickBot |
| 2022-02-16
⋅
Check Point Research
⋅
A Modern Ninja: Evasive Trickbot Attacks Customers of 60 High-Profile Companies TrickBot |
| 2022-02-08
⋅
Intel 471
⋅
PrivateLoader: The first step in many malware schemes Dridex Kronos LockBit Nanocore RAT NjRAT PrivateLoader Quasar RAT RedLine Stealer Remcos SmokeLoader STOP Tofsee TrickBot Vidar |
| 2022-02-02
⋅
IBM
⋅
TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware BazarBackdoor TrickBot |
| 2022-02-01
⋅
Wired
⋅
Inside Trickbot, Russia’s Notorious Ransomware Gang TrickBot |
| 2022-02-01
⋅
Sentinel LABS
⋅
Sanctions be Damned | From Dridex To Macaw, The Evolution of Evil Corp Dridex FriedEx Hades Phoenix Locker WastedLocker |
| 2022-02-01
⋅
Wired
⋅
Inside Trickbot, Russia’s Notorious Ransomware Gang TrickBot |
| 2022-01-24
⋅
IBM
⋅
TrickBot Bolsters Layered Defenses to Prevent Injection Research TrickBot |
| 2022-01-24
⋅
Kryptos Logic
⋅
Deep Dive into Trickbot's Web Injection TrickBot |
| 2022-01-19
⋅
FBI
⋅
CU-000161-MW: Indicators of Compromise Associated with Diavol Ransomware Diavol TrickBot |
| 2022-01-18
⋅
Recorded Future
⋅
2021 Adversary Infrastructure Report BazarBackdoor Cobalt Strike Dridex IcedID QakBot TrickBot |
| 2022-01-14
⋅
RiskIQ
⋅
RiskIQ: Unique SSL Certificates and JARM Hash Connected to Emotet and Dridex C2 Servers Dridex Emotet |
| 2022-01-11
⋅
muha2xmad
⋅
Unpacking Dridex malware Dridex |
| 2022-01-09
⋅
Atomic Matryoshka
⋅
Malware Headliners: Dridex Dridex |
| 2021-12-23
⋅
Symantec
⋅
Log4j Vulnerabilities: Attack Insights Tsunami Conti Dridex Khonsari Orcus RAT TellYouThePass |
| 2021-12-20
⋅
InQuest
⋅
(Don't) Bring Dridex Home for the Holidays DoppelDridex Dridex |
| 2021-12-08
⋅
Check Point Research
⋅
When old friends meet again: why Emotet chose Trickbot for rebirth Emotet TrickBot |
| 2021-12-03
⋅
GoSecure
⋅
TrickBot Leverages Zoom Work from Home Interview Malspam, Heaven’s Gate and… Spamhaus? TrickBot |
| 2021-12-01
⋅
NCC Group
⋅
Tracking a P2P network related to TA505 FlawedGrace Necurs |
| 2021-11-21
⋅
Cyber-Anubis
⋅
Dridex Trojan | Defeating Anti-Analysis | Strings Decryption | C&C Extraction DoppelDridex Dridex |
| 2021-11-16
⋅
Yoroi
⋅
Office Documents: May the XLL technique change the threat Landscape in 2022? Agent Tesla Dridex Formbook |
| 2021-11-16
⋅
Trend Micro
⋅
Global Operations Lead to Arrests of Alleged Members of GandCrab/REvil and Cl0p Cartels REvil Clop Gandcrab REvil |
| 2021-11-16
⋅
Malwarebytes
⋅
TrickBot helps Emotet come back from the dead Emotet TrickBot |
| 2021-11-12
⋅
Recorded Future
⋅
The Business of Fraud: Botnet Malware Dissemination Mozi Dridex IcedID QakBot TrickBot |
| 2021-11-04
⋅
Security Service of Ukraine
⋅
Gamaredon / Armageddon Group: FSB RF Cyber attacks against Ukraine EvilGnome Pteranodon RMS |
| 2021-10-29
⋅
Europol
⋅
12 targeted for involvement in ransomware attacks against critical infrastructure Cobalt Strike Dharma LockerGoga MegaCortex TrickBot |
| 2021-10-29
⋅
⋅
Національна поліція України
⋅
Cyberpolice exposes transnational criminal group in causing $ 120 million in damage to foreign companies Cobalt Strike Dharma LockerGoga MegaCortex TrickBot |
| 2021-10-28
⋅
Department of Justice
⋅
Indictment: Russian National (Vladimir Dunaev) Extradited to United States to Face Charges for Alleged Role in Cybercriminal Organization TrickBot |
| 2021-10-28
⋅
Department of Justice
⋅
Russian National (Vladimir Dunaev) Extradited to United States to Face Charges for Alleged Role in Cybercriminal Organization TrickBot |
| 2021-10-27
⋅
VinCSS
⋅
[RE025] TrickBot ... many tricks TrickBot |
| 2021-10-21
⋅
CrowdStrike
⋅
Stopping GRACEFUL SPIDER: Falcon Complete’s Fast Response to Recent SolarWinds Serv-U Exploit Campaign Cobalt Strike FlawedGrace TinyMet |
| 2021-10-19
⋅
Proofpoint
⋅
Whatta TA: TA505 Ramps Up Activity, Delivers New FlawedGrace Variant FlawedGrace MirrorBlast |
| 2021-10-19
⋅
Kaspersky
⋅
Trickbot module descriptions TrickBot |
| 2021-10-14
⋅
Morphisec
⋅
Explosive New MirrorBlast Campaign Targets Financial Companies MirrorBlast |
| 2021-10-13
⋅
IBM
⋅
Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds BazarBackdoor TrickBot |
| 2021-10-08
⋅
Zscaler
⋅
New Trickbot and BazarLoader campaigns use multiple delivery vectorsi BazarBackdoor TrickBot |
| 2021-10-07
⋅
Mandiant
⋅
FIN12 Group Profile: FIN12 Priotizes Speed to Deploy Ransomware Aginst High-Value Targets Cobalt Strike Empire Downloader TrickBot |
| 2021-10-05
⋅
FRSecure
⋅
The REBOL Yell: A New Novel REBOL Exploit MirrorBlast |
| 2021-10-05
⋅
Trend Micro
⋅
Ransomware as a Service: Enabler of Widespread Attacks Cerber Conti DarkSide Gandcrab Locky Nefilim REvil Ryuk |
| 2021-10-04
⋅
Cisco
⋅
Threat hunting in large datasets by clustering security events BazarBackdoor TrickBot |
| 2021-10-01
⋅
HP
⋅
Threat Insights Report Q3 - 2021 STRRAT CloudEyE NetWire RC Remcos TrickBot Vjw0rm |
| 2021-09-24
⋅
Proofpoint
⋅
Daily Ruleset Update Summary 2021/09/24 MirrorBlast |
| 2021-09-19
⋅
HP
⋅
MirrorBlast and TA505: Examining Similarities in Tactics, Techniques and Procedures MirrorBlast |
| 2021-09-15
⋅
Palo Alto Networks Unit 42
⋅
Phishing Eager Travelers Dridex |
| 2021-09-14
⋅
CrowdStrike
⋅
Big Game Hunting TTPs Continue to Shift After DarkSide Pipeline Attack BlackMatter DarkSide REvil Avaddon BlackMatter Clop Conti CryptoLocker DarkSide DoppelPaymer Hades REvil |
| 2021-09-06
⋅
Bleeping Computer
⋅
TrickBot gang developer arrested when trying to leave Korea Diavol TrickBot |
| 2021-09-03
⋅
Trend Micro
⋅
The State of SSL/TLS Certificate Usage in Malware C&C Communications AdWind ostap AsyncRAT BazarBackdoor BitRAT Buer Chthonic CloudEyE Cobalt Strike DCRat Dridex FindPOS GootKit Gozi IcedID ISFB Nanocore RAT Orcus RAT PandaBanker Qadars QakBot Quasar RAT Rockloader ServHelper Shifu SManager TorrentLocker TrickBot Vawtrak Zeus Zloader |
| 2021-08-19
⋅
Blackberry
⋅
BlackBerry Prevents: Threat Actor Group TA575 and Dridex Malware Cobalt Strike Dridex TA575 |
| 2021-08-15
⋅
Symantec
⋅
The Ransomware Threat Babuk BlackMatter DarkSide Avaddon Babuk BADHATCH BazarBackdoor BlackMatter Clop Cobalt Strike Conti DarkSide DoppelPaymer Egregor Emotet FiveHands FriedEx Hades IcedID LockBit Maze MegaCortex MimiKatz QakBot RagnarLocker REvil Ryuk TrickBot WastedLocker |
| 2021-08-12
⋅
Cisco Talos
⋅
Signed MSI files, Raccoon and Amadey are used for installing ServHelper RAT Amadey Raccoon ServHelper |
| 2021-08-01
⋅
The DFIR Report
⋅
BazarCall to Conti Ransomware via Trickbot and Cobalt Strike BazarBackdoor Cobalt Strike Conti TrickBot |
| 2021-07-30
⋅
HP
⋅
Detecting TA551 domains Valak Dridex IcedID ISFB QakBot |
| 2021-07-21
⋅
splunk
⋅
Detecting Trickbot with Splunk TrickBot |
| 2021-07-12
⋅
Bitdefender
⋅
A Fresh Look at Trickbot’s Ever-Improving VNC Module TrickBot |
| 2021-07-06
⋅
Medium walmartglobaltech
⋅
TA505 adds GoLang crypter for delivering miners and ServHelper ServHelper |
| 2021-07-02
⋅
MalwareBookReports
⋅
Skip the Middleman: Dridex Document to Cobalt Strike Cobalt Strike Dridex |
| 2021-07-02
⋅
The Record
⋅
TrickBot: New attacks see the botnet deploy new banking module, new ransomware TrickBot |
| 2021-07-01
⋅
Kryptos Logic
⋅
TrickBot and Zeus TrickBot Zeus |
| 2021-06-30
⋅
Advanced Intelligence
⋅
Ransomware-&-CVE: Industry Insights Into Exclusive High-Value Target Adversarial Datasets BlackKingdom Ransomware Clop dearcry Hades REvil |
| 2021-06-25
⋅
KrCert
⋅
Attack patterns in AD environment Clop |
| 2021-06-24
⋅
Binance
⋅
Binance Helps Take Down Cybercriminal Ring Laundering $500M in Ransomware Attacks Clop |
| 2021-06-22
⋅
Twitter (@Cryptolaemus1)
⋅
Tweet on TA575, a Dridex affiliate delivering cobaltstrike (packed withe Cryptone) directly via the macro docs Cobalt Strike Dridex |
| 2021-06-16
⋅
The Record
⋅
Ukrainian police arrest Clop ransomware members, seize server infrastructure Clop |
| 2021-06-16
⋅
⋅
Youtube (Національна поліція України)
⋅
Кіберполіція викрила хакерське угруповання у розповсюдженні вірусу-шифрувальника (Clop operators) Clop |
| 2021-06-16
⋅
Proofpoint
⋅
The First Step: Initial Access Leads to Ransomware BazarBackdoor Egregor IcedID Maze QakBot REvil Ryuk TrickBot WastedLocker TA570 TA575 TA577 |
| 2021-06-16
⋅
KrebsOnSecurity
⋅
Ukrainian Police Nab Six Tied to CLOP Ransomware Clop |
| 2021-06-16
⋅
⋅
Національної поліції України
⋅
Cyberpolice exposes hacker group in spreading encryption virus and causing half a billion dollars in damage to foreign companies Clop Cobalt Strike FlawedAmmyy |
| 2021-06-15
⋅
Trend Micro
⋅
Ransomware Double Extortion and Beyond: REvil, Clop, and Conti Clop Conti REvil |
| 2021-06-08
⋅
Intel 471
⋅
The blurry boundaries between nation-state actors and the cybercrime underground Dridex Gameover P2P |
| 2021-06-07
⋅
Medium walmartglobaltech
⋅
Inside the SystemBC Malware-As-A-Service Ryuk SystemBC TrickBot |
| 2021-06-04
⋅
The Record
⋅
US arrests Latvian woman who worked on Trickbot malware source code TrickBot |
| 2021-06-04
⋅
Department of Justice
⋅
Latvian National Charged for Alleged Role in Transnational Cybercrime Organization TrickBot |
| 2021-06-03
⋅
YouTube (FIRST)
⋅
Breaking Dridex Malware Dridex |
| 2021-05-26
⋅
DeepInstinct
⋅
A Deep Dive into Packing Software CryptOne Cobalt Strike Dridex Emotet Gozi ISFB Mailto QakBot SmokeLoader WastedLocker Zloader |
| 2021-05-19
⋅
Intel 471
⋅
Look how many cybercriminals love Cobalt Strike BazarBackdoor Cobalt Strike Hancitor QakBot SmokeLoader SystemBC TrickBot |
| 2021-05-13
⋅
AWAKE
⋅
Catching the White Stork in Flight Cobalt Strike MimiKatz RMS |
| 2021-05-11
⋅
Mal-Eats
⋅
Campo, a New Attack Campaign Targeting Japan AnchorDNS BazarBackdoor campoloader Cobalt Strike Phobos Snifula TrickBot Zloader |
| 2021-05-11
⋅
CrowdStrike
⋅
Response When Minutes Matter: Rising Up Against Ransomware TinyMet |
| 2021-05-10
⋅
Mal-Eats
⋅
Overview of Campo, a new attack campaign targeting Japan AnchorDNS BazarBackdoor Cobalt Strike ISFB Phobos TrickBot Zloader |
| 2021-05-10
⋅
DarkTracer
⋅
Intelligence Report on Ransomware Gangs on the DarkWeb: List of victim organizations attacked by ransomware gangs released on the DarkWeb RansomEXX Avaddon Babuk Clop Conti Cuba DarkSide DoppelPaymer Egregor Hades LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker Nefilim Nemty Pay2Key PwndLocker RagnarLocker Ragnarok RansomEXX REvil Sekhmet SunCrypt ThunderX |
| 2021-05-05
⋅
RiskIQ
⋅
Viruses to Violations - TrickBot's Shift in Tactics During the Pandemic TrickBot |
| 2021-05-03
⋅
splunk
⋅
Clop Ransomware Detection: Threat Research Release, April 2021 Clop |
| 2021-05-02
⋅
The DFIR Report
⋅
Trickbot Brief: Creds and Beacons Cobalt Strike TrickBot |
| 2021-04-26
⋅
CoveWare
⋅
Ransomware Attack Vectors Shift as New Software Vulnerability Exploits Abound Avaddon Clop Conti DarkSide Egregor LockBit Mailto Phobos REvil Ryuk SunCrypt |
| 2021-04-25
⋅
Vulnerability.ch Blog
⋅
Ransomware and Data Leak Site Publication Time Analysis Avaddon Babuk Clop Conti DarkSide DoppelPaymer Mespinoza Nefilim REvil |
| 2021-04-21
⋅
SophosLabs Uncut
⋅
Nearly half of malware now use TLS to conceal communications Agent Tesla Cobalt Strike Dridex SystemBC |
| 2021-04-15
⋅
Twitter (@felixw3000)
⋅
Tweet on Dridex's evasion technique Dridex |
| 2021-04-15
⋅
Proofpoint
⋅
Threat Actors Pair Tax-Themed Lures With COVID-19, Healthcare Themes Dridex TrickBot |
| 2021-04-14
⋅
Vice
⋅
Meet The Ransomware Gang Behind One of the Biggest Supply Chain Hacks Ever Clop |
| 2021-04-13
⋅
Palo Alto Networks Unit 42
⋅
Threat Assessment: Clop Ransomware Clop |
| 2021-04-13
⋅
splunk
⋅
Detecting Clop Ransomware Clop |
| 2021-04-12
⋅
PTSecurity
⋅
PaaS, or how hackers evade antivirus software Amadey Bunitu Cerber Dridex ISFB KPOT Stealer Mailto Nemty Phobos Pony Predator The Thief QakBot Raccoon RTM SmokeLoader Zloader |
| 2021-04-06
⋅
Lexfo
⋅
Dridex Loader Analysis Dridex |
| 2021-04-06
⋅
Intel 471
⋅
EtterSilent: the underground’s new favorite maldoc builder BazarBackdoor ISFB QakBot TrickBot |
| 2021-04-05
⋅
Medium walmartglobaltech
⋅
TrickBot Crews New CobaltStrike Loader Cobalt Strike TrickBot |
| 2021-03-31
⋅
Kaspersky
⋅
Financial Cyberthreats in 2020 BetaBot DanaBot Emotet Gozi Ramnit RTM SpyEye TrickBot Zeus |
| 2021-03-31
⋅
Red Canary
⋅
2021 Threat Detection Report Shlayer Andromeda Cobalt Strike Dridex Emotet IcedID MimiKatz QakBot TrickBot |
| 2021-03-29
⋅
VMWare Carbon Black
⋅
Dridex Reloaded: Analysis of a New Dridex Campaign Dridex |
| 2021-03-26
⋅
Bleeping Computer
⋅
Ransomware gang urges victims’ customers to demand a ransom payment Clop |
| 2021-03-21
⋅
Blackberry
⋅
2021 Threat Report Bashlite FritzFrog IPStorm Mirai Tsunami elf.wellmess AppleJeus Dacls EvilQuest Manuscrypt Astaroth BazarBackdoor Cerber Cobalt Strike Emotet FinFisher RAT Kwampirs MimiKatz NjRAT Ryuk SmokeLoader TrickBot |
| 2021-03-18
⋅
PRODAFT Threat Intelligence
⋅
SilverFish GroupThreat Actor Report Cobalt Strike Dridex Koadic |
| 2021-03-17
⋅
HP
⋅
Threat Insights Report Q4-2020 Agent Tesla BitRAT ComodoSec Dridex Emotet Ficker Stealer Formbook Zloader |
| 2021-03-17
⋅
CISA
⋅
Alert (AA21-076A): TrickBot Malware TrickBot |
| 2021-03-11
⋅
IBM
⋅
Dridex Campaign Propelled by Cutwail Botnet and Poisonous PowerShell Scripts Cutwail Dridex |
| 2021-03-11
⋅
Flashpoint
⋅
CL0P and REvil Escalate Their Ransomware Tactics Clop REvil |
| 2021-03-02
⋅
Möbius Strip Reverse Engineering
⋅
An Exhaustively-Analyzed IDB for FlawedGrace FlawedGrace |
| 2021-03-01
⋅
Group-IB
⋅
Ransomware Uncovered 2020/2021 RansomEXX BazarBackdoor Buer Clop Conti DoppelPaymer Dridex Egregor IcedID Maze PwndLocker QakBot RansomEXX REvil Ryuk SDBbot TrickBot Zloader |
| 2021-02-28
⋅
PWC UK
⋅
Cyber Threats 2020: A Year in Retrospect elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team |
| 2021-02-25
⋅
ANSSI
⋅
Ryuk Ransomware BazarBackdoor Buer Conti Emotet Ryuk TrickBot |
| 2021-02-24
⋅
IBM
⋅
X-Force Threat Intelligence Index 2021 Emotet QakBot Ramnit REvil TrickBot |
| 2021-02-23
⋅
CrowdStrike
⋅
2021 Global Threat Report RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER |
| 2021-02-22
⋅
FireEye
⋅
Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion DEWMODE Clop |
| 2021-02-15
⋅
Medium s2wlab
⋅
Operation SyncTrek AbaddonPOS Azorult Clop DoppelDridex DoppelPaymer Dridex PwndLocker |
| 2021-02-08
⋅
ESET Research
⋅
THREAT REPORT Q4 2020 TrickBot |
| 2021-02-07
⋅
Technical Blog of Ali Aqeel
⋅
Dridex Malware Analysis Dridex |
| 2021-02-02
⋅
Twitter (@TheDFIRReport)
⋅
Tweet on recent dridex post infection activity Cobalt Strike Dridex |
| 2021-02-02
⋅
⋅
CRONUP
⋅
De ataque con Malware a incidente de Ransomware Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DanaBot Dharma Dridex Egregor Emotet Empire Downloader FriedEx GootKit IcedID MegaCortex Nemty Phorpiex PwndLocker PyXie QakBot RansomEXX REvil Ryuk SDBbot SmokeLoader TrickBot Zloader |
| 2021-02-01
⋅
Microsoft
⋅
What tracking an attacker email infrastructure tells us about persistent cybercriminal operations Dridex Emotet Makop Ransomware SmokeLoader TrickBot |
| 2021-02-01
⋅
Kryptos Logic
⋅
Trickbot masrv Module TrickBot |
| 2021-01-28
⋅
Youtube (Virus Bulletin)
⋅
The Bagsu banker case Azorult DreamBot Emotet Pony TrickBot ZeusAction |
| 2021-01-26
⋅
IBM
⋅
TrickBot’s Survival Instinct Prevails — What’s Different About the TrickBoot Version? TrickBot |
| 2021-01-20
⋅
Medium walmartglobaltech
⋅
Anchor and Lazarus together again? Anchor TrickBot |
| 2021-01-19
⋅
Medium elis531989
⋅
Funtastic Packers And Where To Find Them Get2 IcedID QakBot |
| 2021-01-19
⋅
HP
⋅
Dridex Malicious Document Analysis: Automating the Extraction of Payload URLs Dridex |
| 2021-01-19
⋅
Palo Alto Networks Unit 42
⋅
Wireshark Tutorial: Examining Emotet Infection Traffic Emotet GootKit IcedID QakBot TrickBot |
| 2021-01-11
⋅
The DFIR Report
⋅
Trickbot Still Alive and Well Cobalt Strike TrickBot |
| 2021-01-09
⋅
Marco Ramilli's Blog
⋅
Command and Control Traffic Patterns ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot |
| 2021-01-06
⋅
DomainTools
⋅
Holiday Bazar: Tracking a TrickBot-Related Ransomware Incident BazarBackdoor TrickBot |
| 2021-01-05
⋅
AhnLab
⋅
[Threat Analysis] CLOP Ransomware that Attacked Korean Distribution Giant Clop |
| 2021-01-04
⋅
Check Point
⋅
DRIDEX Stopping Serial Killer: Catching the Next Strike Dridex |
| 2021-01-04
⋅
SentinelOne
⋅
Building a Custom Malware Analysis Lab Environment TrickBot |
| 2021-01-01
⋅
Secureworks
⋅
Threat Profile: GOLD BLACKBURN Buer Dyre TrickBot WIZARD SPIDER |
| 2021-01-01
⋅
Secureworks
⋅
Threat Profile: GOLD HERON DoppelPaymer Dridex Empire Downloader DOPPEL SPIDER |
| 2021-01-01
⋅
Threat Profile: GOLD DRAKE Cobalt Strike Dridex FriedEx Koadic MimiKatz WastedLocker Evil Corp |
| 2020-12-21
⋅
KEYSIGHT TECHNOLOGIES
⋅
TrickBot: A Closer Look TrickBot |
| 2020-12-18
⋅
Intel 471
⋅
TA505’s modified loader means new attack campaign could be coming Get2 |
| 2020-12-15
⋅
Twitter (@darb0ng)
⋅
Tweet on Symrise group hit by Clop Ransomware Clop |
| 2020-12-14
⋅
Blueliv
⋅
Using Qiling Framework to Unpack TA505 packed samples AndroMut Azorult Silence TinyMet |
| 2020-12-10
⋅
Cybereason
⋅
Cybereason vs. Ryuk Ransomware BazarBackdoor Ryuk TrickBot |
| 2020-12-10
⋅
US-CERT
⋅
Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim REvil Ryuk Zeus |
| 2020-12-10
⋅
CyberInt
⋅
Ryuk Crypto-Ransomware Ryuk TrickBot |
| 2020-12-03
⋅
Bleeping Computer
⋅
Ransomware gang says they stole 2 million credit cards from E-Land Clop |
| 2020-12-03
⋅
Eclypsium
⋅
TrickBot Now Offers ‘TrickBoot’: Persist, Brick, Profit TrickBot |
| 2020-12-02
⋅
⋅
AhnLab
⋅
CLOP Ransomware Report Clop |
| 2020-11-23
⋅
S2W LAB Inc.
⋅
[S2W LAB] Analysis of Clop Ransomware suspiciously related to the Recent Incident Clop |
| 2020-11-23
⋅
Bitdefender
⋅
TrickBot is Dead. Long Live TrickBot! TrickBot |
| 2020-11-22
⋅
malware.love
⋅
Trickbot tricks again [UPDATE] TrickBot |
| 2020-11-20
⋅
ZDNet
⋅
The malware that usually installs ransomware and you need to remove right away Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DoppelPaymer Dridex Egregor Emotet FriedEx MegaCortex Phorpiex PwndLocker QakBot Ryuk SDBbot TrickBot Zloader |
| 2020-11-20
⋅
Bleeping Computer
⋅
LightBot: TrickBot’s new reconnaissance malware for high-value targets LightBot TrickBot |
| 2020-11-18
⋅
Sophos
⋅
SOPHOS 2021 THREAT REPORT Navigating cybersecurity in an uncertain world Agent Tesla Dridex TrickBot Zloader |
| 2020-11-17
⋅
Salesforce Engineering
⋅
Easily Identify Malicious Servers on the Internet with JARM Cobalt Strike TrickBot |
| 2020-11-17
⋅
malware.love
⋅
Trickbot tricks again TrickBot |
| 2020-11-17
⋅
Twitter (@VK_intel)
⋅
Tweet on a new fileless TrickBot loading method using code from MemoryModule TrickBot |
| 2020-11-16
⋅
Intel 471
⋅
Ransomware-as-a-service: The pandemic within a pandemic Avaddon Clop Conti DoppelPaymer Egregor Hakbit Mailto Maze Mespinoza RagnarLocker REvil Ryuk SunCrypt ThunderX |
| 2020-11-16
⋅
Fox-IT
⋅
TA505: A Brief History Of Their Time Clop Get2 SDBbot TA505 |
| 2020-11-12
⋅
Hurricane Labs
⋅
Splunking with Sysmon Part 4: Detecting Trickbot TrickBot |
| 2020-11-12
⋅
Australian Cyber Security Centre
⋅
Biotech research firm Miltenyi Biotec hit by ransomware, data leaked SDBbot |
| 2020-11-10
⋅
Intel 471
⋅
Trickbot down, but is it out? BazarBackdoor TrickBot |
| 2020-11-05
⋅
Kaspersky Labs
⋅
Attackson industrial enterprises using RMS and TeamViewer: new data RMS |
| 2020-11-04
⋅
VMRay
⋅
Trick or Threat: Ryuk ransomware targets the health care industry BazarBackdoor Cobalt Strike Ryuk TrickBot |
| 2020-10-29
⋅
Red Canary
⋅
A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak Cobalt Strike Ryuk TrickBot |
| 2020-10-29
⋅
Twitter (@anthomsec)
⋅
Tweet on UNC1878 activity BazarBackdoor Ryuk TrickBot UNC1878 |
| 2020-10-29
⋅
Mandiant
⋅
FIN11: A Widespread Ransomware and Extortion Operation (Webinar) FIN11 |
| 2020-10-29
⋅
CERT-FR
⋅
LE MALWARE-AS-A-SERVICE EMOTET Dridex Emotet ISFB QakBot |
| 2020-10-29
⋅
Palo Alto Networks Unit 42
⋅
Threat Assessment: Ryuk Ransomware and Trickbot Targeting U.S. Healthcare and Public Health Sector Anchor BazarBackdoor Ryuk TrickBot |
| 2020-10-26
⋅
Arbor Networks
⋅
Dropping the Anchor AnchorDNS Anchor TrickBot |
| 2020-10-23
⋅
Hornetsecurity
⋅
Leakware-Ransomware-Hybrid Attacks Avaddon Clop Conti DarkSide DoppelPaymer Mailto Maze Mespinoza Nefilim RagnarLocker REvil Sekhmet SunCrypt |
| 2020-10-20
⋅
⋅
Bundesamt für Sicherheit in der Informationstechnik
⋅
Die Lage der IT-Sicherheit in Deutschland 2020 Clop Emotet REvil Ryuk TrickBot |
| 2020-10-20
⋅
Microsoft
⋅
An update on disruption of Trickbot TrickBot |
| 2020-10-20
⋅
Intel 471
⋅
Global Trickbot disruption operation shows promise TrickBot |
| 2020-10-16
⋅
CrowdStrike
⋅
WIZARD SPIDER Update: Resilient, Reactive and Resolute BazarBackdoor Conti Ryuk TrickBot |
| 2020-10-16
⋅
Duo
⋅
Trickbot Up to Its Old Tricks TrickBot |
| 2020-10-15
⋅
Intel 471
⋅
That was quick: Trickbot is back after disruption attempts TrickBot |
| 2020-10-15
⋅
Department of Justice
⋅
Officials Announce International Operation Targeting Transnational Criminal Organization QQAAZZ that Provided Money Laundering Services to High-Level Cybercriminals Dridex ISFB TrickBot |
| 2020-10-14
⋅
FireEye
⋅
FIN11: Widespread Email Campaigns as Precursor for Ransomware and Data Theft FIN11 |
| 2020-10-12
⋅
Microsoft
⋅
New action to combat ransomware ahead of U.S. elections Ryuk TrickBot |
| 2020-10-12
⋅
Symantec
⋅
Trickbot: U.S. Court Order Hits Botnet’s Infrastructure Ryuk TrickBot |
| 2020-10-12
⋅
Lumen
⋅
A Look Inside The TrickBot Botnet TrickBot |
| 2020-10-12
⋅
ESET Research
⋅
ESET takes part in global operation to disrupt Trickbot TrickBot |
| 2020-10-12
⋅
Microsoft
⋅
Trickbot disrupted TrickBot |
| 2020-10-12
⋅
TRICKBOT complaint TrickBot |
| 2020-10-10
⋅
The Washington Post
⋅
Cyber Command has sought to disrupt the world’s largest botnet, hoping to reduce its potential impact on the election TrickBot |
| 2020-10-08
⋅
ZDNet
⋅
German tech giant Software AG down after ransomware attack Clop |
| 2020-10-08
⋅
Bromium
⋅
Droppers, Downloaders and TrickBot: Detecting a Stealthy COVID-19-themed Campaign using Toolmarks TrickBot |
| 2020-10-06
⋅
Telekom
⋅
Eager Beaver: A Short Overview of the Restless Threat Actor TA505 Clop Get2 SDBbot TA505 |
| 2020-10-03
⋅
Wikipedia
⋅
Wikipedia Page: Maksim Yakubets Dridex Feodo Evil Corp |
| 2020-10-03
⋅
Avira
⋅
TA505 targets the Americas in a new campaign ServHelper |
| 2020-10-02
⋅
Health Sector Cybersecurity Coordination Center (HC3)
⋅
Report 202010021600: Recent Bazarloader Use in Ransomware Campaigns BazarBackdoor Cobalt Strike Ryuk TrickBot |
| 2020-10-02
⋅
KrebsOnSecurity
⋅
Attacks Aimed at Disrupting the Trickbot Botnet TrickBot |
| 2020-09-30
⋅
CERT-XLM
⋅
Another Threat Actor day... SDBbot |
| 2020-09-29
⋅
PWC UK
⋅
What's behind the increase in ransomware attacks this year? DarkSide Avaddon Clop Conti DoppelPaymer Dridex Emotet FriedEx Mailto PwndLocker QakBot REvil Ryuk SMAUG SunCrypt TrickBot WastedLocker |
| 2020-09-29
⋅
Microsoft
⋅
Microsoft Digital Defense Report Emotet IcedID Mailto Maze QakBot REvil RobinHood TrickBot |
| 2020-09-22
⋅
OSINT Fans
⋅
What Service NSW has to do with Russia? TrickBot |
| 2020-09-18
⋅
AppGate
⋅
Reverse Engineering Dridex and Automating IOC Extraction Dridex |
| 2020-09-16
⋅
Intel 471
⋅
Partners in crime: North Koreans and elite Russian-speaking cybercriminals TrickBot |
| 2020-09-10
⋅
SANS ISC InfoSec Forums
⋅
Recent Dridex activity Dridex |
| 2020-09-07
⋅
Github (pan-unit42)
⋅
Collection of recent Dridex IOCs Cutwail Dridex |
| 2020-08-31
⋅
cyber.wtf blog
⋅
Trickbot rdpscanDll – Transforming Candidate Credentials for Brute-Forcing RDP Servers TrickBot |
| 2020-08-25
⋅
KELA
⋅
How Ransomware Gangs Find New Monetization Schemes and Evolve in Marketing Avaddon Clop DarkSide DoppelPaymer Mailto Maze MedusaLocker Mespinoza Nefilim RagnarLocker REvil Sekhmet |
| 2020-08-21
⋅
Palo Alto Networks Unit 42
⋅
Wireshark Tutorial: Decrypting HTTPS Traffic Dridex |
| 2020-08-20
⋅
sensecy
⋅
Global Ransomware Attacks in 2020: The Top 4 Vulnerabilities Clop Maze REvil Ryuk |
| 2020-08-20
⋅
CERT-FR
⋅
Development of the Activity of the TA505 Cybercriminal Group AndroMut Bart Clop Dridex FlawedAmmyy FlawedGrace Get2 Locky Marap QuantLoader SDBbot ServHelper tRat TrickBot |
| 2020-08-09
⋅
F5 Labs
⋅
Banking Trojans: A Reference Guide to the Malware Family Tree BackSwap Carberp Citadel DanaBot Dridex Dyre Emotet Gozi Kronos PandaBanker Ramnit Shylock SpyEye Tinba TrickBot Vawtrak Zeus |
| 2020-08-03
⋅
Dridex – From Word to Domain Dominance Dridex |
| 2020-07-29
⋅
ESET Research
⋅
THREAT REPORT Q2 2020 DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos PlugX Pony REvil Socelars STOP Tinba TrickBot WannaCryptor |
| 2020-07-22
⋅
SentinelOne
⋅
Enter the Maze: Demystifying an Affiliate Involved in Maze (SNOW) ISFB Maze TrickBot Zloader |
| 2020-07-21
⋅
YouTube ( OPCDE with Matt Suiche)
⋅
vOPCDE #9 - A Journey into Malware HTTP Communication Channels Spectacles (Mohamad Mokbel) Alureon Aytoke Cobra Carbon System CROSSWALK danbot ProtonBot Silence |
| 2020-07-20
⋅
Bleeping Computer
⋅
Emotet-TrickBot malware duo is back infecting Windows machines Emotet TrickBot |
| 2020-07-17
⋅
CERT-FR
⋅
The Malware Dridex: Origins and Uses Andromeda CryptoLocker Cutwail DoppelPaymer Dridex Emotet FriedEx Gameover P2P Gandcrab ISFB Murofet Necurs Predator The Thief Zeus |
| 2020-07-15
⋅
Intel 471
⋅
Flowspec – TA505’s bulletproof hoster of choice Get2 |
| 2020-07-15
⋅
Mandiant
⋅
Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families Clop DoppelPaymer LockerGoga Maze MegaCortex Nefilim Snake |
| 2020-07-13
⋅
JoeSecurity
⋅
TrickBot's new API-Hammering explained TrickBot |
| 2020-07-11
⋅
Advanced Intelligence
⋅
TrickBot Group Launches Test Module Alerting on Fraud Activity TrickBot |
| 2020-07-11
⋅
BleepingComputer
⋅
TrickBot malware mistakenly warns victims that they are infected TrickBot |
| 2020-07-09
⋅
Gdata
⋅
ServHelper: Hidden Miners ServHelper |
| 2020-07-07
⋅
Hornetsecurity
⋅
Clop, Clop! It’s a TA505 HTML malspam analysis Clop Get2 |
| 2020-07-06
⋅
NTT
⋅
TrickBot variant “Anchor_DNS” communicating over DNS AnchorDNS TrickBot |
| 2020-06-24
⋅
Morphisec
⋅
Obfuscated VBScript Drops Zloader, Ursnif, Qakbot, Dridex Dridex ISFB QakBot Zloader |
| 2020-06-22
⋅
Sentinel LABS
⋅
Inside a TrickBot Cobalt Strike Attack Server Cobalt Strike TrickBot |
| 2020-06-22
⋅
BleepingComputer
⋅
Indiabulls Group hit by CLOP Ransomware, gets 24h leak deadline Clop |
| 2020-06-22
⋅
⋅
CERT-FR
⋅
Évolution De Lactivité du Groupe Cybercriminel TA505 Amadey AndroMut Bart Clop Dridex FlawedGrace Gandcrab Get2 GlobeImposter Jaff Locky Marap Philadephia Ransom QuantLoader Scarab Ransomware SDBbot ServHelper Silence tRat TrickBot |
| 2020-06-19
⋅
Reaqta
⋅
Dridex: the secret in a PostMessage() Dridex |
| 2020-06-17
⋅
Youtube (Red Canary)
⋅
ATT&CK® Deep Dive: Process Injection ISFB Ramnit TrickBot |
| 2020-06-17
⋅
Twitter (@MsftSecIntel)
⋅
A tweet thread on TA505 using CAPTCHA to avoid detection and infecting victims with FlawedGrace FlawedGrace |
| 2020-06-17
⋅
Twitter (@VK_intel)
⋅
Tweet on signed Tinymet payload (V.02) used by TA505 TinyMet |
| 2020-06-16
⋅
Telekom
⋅
TA505 returns with a new bag of tricks Clop Get2 SDBbot TA505 |
| 2020-06-15
⋅
Fortinet
⋅
Global Malicious Spam Campaign Using Black Lives Matter as a Lure TrickBot |
| 2020-06-12
⋅
Hornetsecurity
⋅
Trickbot Malspam Leveraging Black Lives Matter as Lure TrickBot |
| 2020-06-11
⋅
Cofense
⋅
All You Need Is Text: Second Wave TrickBot |
| 2020-06-05
⋅
Votiro
⋅
Anatomy of a Well-Crafted UPS, FedEx, and DHL Phishing Email During COVID-19 Dridex |
| 2020-06-02
⋅
Lastline Labs
⋅
Evolution of Excel 4.0 Macro Weaponization Agent Tesla DanaBot ISFB TrickBot Zloader |
| 2020-05-31
⋅
Medium walmartglobaltech
⋅
WastedLoader or DridexLoader? Dridex WastedLocker |
| 2020-05-28
⋅
Palo Alto Networks Unit 42
⋅
Goodbye Mworm, Hello Nworm: TrickBot Updates Propagation Module TrickBot |
| 2020-05-27
⋅
GAIS-CERT
⋅
Dridex Banking Trojan Technical Analysis Report Dridex |
| 2020-05-25
⋅
⋅
CERT-FR
⋅
INDICATEURS DE COMPROMISSION DU CERT-FR - Objet: Le code malveillant Dridex Dridex |
| 2020-05-25
⋅
⋅
CERT-FR
⋅
Le Code Malveillant Dridex: Origines et Usages Dridex |
| 2020-05-24
⋅
Positive Technologies
⋅
Operation TA505: network infrastructure. Part 3. AndroMut Buhtrap SmokeLoader |
| 2020-05-22
⋅
Positive Technologies
⋅
Operation TA505: investigating the ServHelper backdoor with NetSupport RAT. Part 2. NetSupportManager RAT ServHelper |
| 2020-05-21
⋅
Intel 471
⋅
A brief history of TA505 AndroMut Bart Dridex FlawedAmmyy FlawedGrace Gandcrab Get2 GlobeImposter Jaff Kegotip Locky Necurs Philadephia Ransom Pony QuantLoader Rockloader SDBbot ServHelper Shifu Snatch TrickBot |
| 2020-05-20
⋅
PTSecurity
⋅
Operation TA505: how we analyzed new tools from the creators of the Dridex trojan, Locky ransomware, and Neutrino botnet FlawedAmmyy |
| 2020-05-19
⋅
AlienLabs
⋅
TrickBot BazarLoader In-Depth Anchor BazarBackdoor TrickBot |
| 2020-05-18
⋅
Threatpost
⋅
Ransomware Gang Arrested for Spreading Locky to Hospitals Locky |
| 2020-05-14
⋅
SentinelOne
⋅
Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant TrickBot |
| 2020-04-23
⋅
⋅
CERT-FR
⋅
LE GROUPE CYBERCRIMINEL SILENCE Silence |
| 2020-04-14
⋅
SecurityIntelligence
⋅
TA505 Continues to Infect Networks With SDBbot RAT SDBbot TinyMet TA505 |
| 2020-04-14
⋅
Intel 471
⋅
Understanding the relationship between Emotet, Ryuk and TrickBot Emotet Ryuk TrickBot |
| 2020-04-14
⋅
Intrinsec
⋅
Deobfuscating and hunting for OSTAP, Trickbot’s dropper and best friend ostap TrickBot |
| 2020-04-09
⋅
Zscaler
⋅
TrickBot Emerges with a Few New Tricks TrickBot |
| 2020-04-09
⋅
Github (Tera0017)
⋅
SDBbot Unpacker SDBbot |
| 2020-04-08
⋅
SentinelOne
⋅
Deep Dive Into TrickBot Executor Module “mexec”: Hidden “Anchor” Bot Nexus Operations Anchor TrickBot |
| 2020-04-07
⋅
SecurityIntelligence
⋅
ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework More_eggs Anchor TrickBot |
| 2020-04-01
⋅
Cisco
⋅
Navigating Cybersecurity During a Pandemic: Latest Malware and Threat Actors Azorult CloudEyE Formbook KPOT Stealer Metamorfo Nanocore RAT NetWire RC TrickBot |
| 2020-03-31
⋅
FireEye
⋅
It’s Your Money and They Want It Now - The Cycle of Adversary Pursuit Ryuk TrickBot UNC1878 |
| 2020-03-31
⋅
Cisco Talos
⋅
Trickbot: A primer TrickBot |
| 2020-03-30
⋅
Intezer
⋅
Fantastic payloads and where we find them Dridex Emotet ISFB TrickBot |
| 2020-03-26
⋅
Telekom
⋅
TA505's Box of Chocolate - On Hidden Gems packed with the TA505 Packer Amadey Azorult Clop FlawedGrace Get2 SDBbot Silence TinyMet TA505 |
| 2020-03-25
⋅
Wilbur Security
⋅
Trickbot to Ryuk in Two Hours Cobalt Strike Ryuk TrickBot |
| 2020-03-24
⋅
Bleeping Computer
⋅
Three More Ransomware Families Create Sites to Leak Stolen Data Clop DoppelPaymer Maze Nefilim Nemty REvil |
| 2020-03-18
⋅
Bitdefender
⋅
New TrickBot Module Bruteforces RDP Connections, Targets Select Telecommunication Services in US and Hong Kong TrickBot |
| 2020-03-18
⋅
Proofpoint
⋅
Coronavirus Threat Landscape Update Agent Tesla Get2 ISFB Remcos |
| 2020-03-09
⋅
Fortinet
⋅
New Variant of TrickBot Being Spread by Word Document TrickBot |
| 2020-03-05
⋅
Microsoft
⋅
Human-operated ransomware attacks: A preventable disaster Dharma DoppelPaymer Dridex EternalPetya Gandcrab Hermes LockerGoga MegaCortex MimiKatz REvil RobinHood Ryuk SamSam TrickBot WannaCryptor PARINACOTA |
| 2020-03-04
⋅
Bleeping Computer
⋅
Ryuk Ransomware Attacked Epiq Global Via TrickBot Infection Ryuk TrickBot |
| 2020-03-04
⋅
CrowdStrike
⋅
2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER |
| 2020-03-04
⋅
SentinelOne
⋅
Breaking TA505’s Crypter with an SMT Solver Clop CryptoMix MINEBRIDGE |
| 2020-03-03
⋅
PWC UK
⋅
Cyber Threats 2019:A Year in Retrospect KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA Sea Turtle |
| 2020-02-28
⋅
Morphisec
⋅
Trickbot Delivery Method Gets a New Upgrade Focusing on Windows 10 TrickBot |
| 2020-02-28
⋅
Financial Security Institute
⋅
Profiling of TA505 Threat Group That Continues to Attack the Financial Sector Amadey Clop FlawedAmmyy Rapid Ransom SDBbot TinyMet |
| 2020-02-26
⋅
SentinelOne
⋅
Revealing the Trick | A Deep Dive into TrickLoader Obfuscation TrickBot |
| 2020-02-20
⋅
ZDNet
⋅
Croatia's largest petrol station chain impacted by cyber-attack Clop |
| 2020-02-19
⋅
FireEye
⋅
M-Trends 2020 Cobalt Strike Grateful POS LockerGoga QakBot TrickBot |
| 2020-02-18
⋅
Sophos Labs
⋅
Nearly a quarter of malware now communicates using TLS Dridex IcedID TrickBot |
| 2020-02-13
⋅
Qianxin
⋅
APT Report 2019 Chrysaor Exodus Dacls VPNFilter DNSRat Griffon KopiLuwak More_eggs SQLRat AppleJeus BONDUPDATER Agent.BTZ Anchor AndroMut AppleJeus BOOSTWRITE Brambul Carbanak Cobalt Strike Dacls DistTrack DNSpionage Dtrack ELECTRICFISH FlawedAmmyy FlawedGrace Get2 Grateful POS HOPLIGHT Imminent Monitor RAT jason Joanap KerrDown KEYMARBLE Lambert LightNeuron LoJax MiniDuke PolyglotDuke PowerRatankba Rising Sun SDBbot ServHelper Snatch Stuxnet TinyMet tRat TrickBot Volgmer X-Agent Zebrocy |
| 2020-02-10
⋅
viXra
⋅
A Case Study into solving Crypters/Packers in Malware Obfuscation using an SMT approach Locky |
| 2020-02-10
⋅
Malwarebytes
⋅
2020 State of Malware Report magecart Emotet QakBot REvil Ryuk TrickBot WannaCryptor |
| 2020-02-07
⋅
Bleeping Computer
⋅
TA505 Hackers Behind Maastricht University Ransomware Attack Clop |
| 2020-01-31
⋅
Virus Bulletin
⋅
Rich Headers: leveraging this mysterious artifact of the PE format Dridex Exaramel Industroyer Neutrino RCS Sathurbot |
| 2020-01-30
⋅
Bleeping Computer
⋅
TrickBot Uses a New Windows 10 UAC Bypass to Launch Quietly TrickBot |
| 2020-01-30
⋅
Morphisec
⋅
Trickbot Trojan Leveraging a New Windows 10 UAC Bypass TrickBot |
| 2020-01-29
⋅
ANSSI
⋅
État de la menace rançongiciel Clop Dharma FriedEx Gandcrab LockerGoga Maze MegaCortex REvil RobinHood Ryuk SamSam |
| 2020-01-29
⋅
Bleeping Computer
⋅
Malware Tries to Trump Security Software With POTUS Impeachment TrickBot |
| 2020-01-27
⋅
⋅
T-Systems
⋅
Vorläufiger forensischer Abschlussbericht zur Untersuchung des Incidents beim Berliner Kammergericht Emotet TrickBot |
| 2020-01-23
⋅
Bleeping Computer
⋅
TrickBot Now Steals Windows Active Directory Credentials TrickBot |
| 2020-01-17
⋅
Battle Against Ursnif Malspam Campaign targeting Japan Cutwail ISFB TrickBot UrlZone |
| 2020-01-16
⋅
Bleeping Computer
⋅
TrickBot Now Uses a Windows 10 UAC Bypass to Evade Detection TrickBot |
| 2020-01-14
⋅
Telekom
⋅
Inside of CL0P’s ransomware operation Clop Get2 SDBbot |
| 2020-01-13
⋅
Github (Tera0017)
⋅
TAFOF Unpacker Clop Get2 Silence |
| 2020-01-10
⋅
CSIS
⋅
Threat Matrix H1 2019 Gustuff magecart Emotet Gandcrab Ramnit TrickBot |
| 2020-01-09
⋅
SonicWall
⋅
ServHelper 2.0: Enriched with bot capabilities and allow remote desktop access ServHelper |
| 2020-01-09
⋅
SentinelOne
⋅
Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets TrickBot WIZARD SPIDER |
| 2020-01-07
⋅
Github (albertzsigovits)
⋅
Clop ransomware Notes Clop |
| 2020-01-07
⋅
Github (albertzsigovits)
⋅
Clop ransomware Notes Clop |
| 2020-01-01
⋅
Secureworks
⋅
GOLD DRAKE Dridex Empire Downloader FriedEx Koadic MimiKatz |
| 2020-01-01
⋅
Secureworks
⋅
GOLD BLACKBURN Dyre TrickBot |
| 2020-01-01
⋅
Secureworks
⋅
GOLD SWATHMORE GlobeImposter Gozi IcedID TrickBot LUNAR SPIDER |
| 2020-01-01
⋅
Secureworks
⋅
GOLD NIAGARA Bateleur Griffon Carbanak Cobalt Strike DRIFTPIN TinyMet FIN7 |
| 2020-01-01
⋅
Secureworks
⋅
GOLD HERON DoppelPaymer Dridex Empire Downloader |
| 2020-01-01
⋅
Secureworks
⋅
GOLD ULRICK Empire Downloader Ryuk TrickBot WIZARD SPIDER |
| 2020-01-01
⋅
Secureworks
⋅
GOLD TAHOE Clop FlawedAmmyy FlawedGrace Get2 SDBbot ServHelper TA505 |
| 2019-12-20
⋅
Binary Defense
⋅
An Updated ServHelper Tunnel Variant ServHelper |
| 2019-12-19
⋅
KrebsOnSecurity
⋅
Inside ‘Evil Corp,’ a $100M Cybercrime Menace Dridex Gameover P2P Zeus Evil Corp |
| 2019-12-17
⋅
Blueliv
⋅
TA505 evolves ServHelper, uses Predator The Thief and Team Viewer Hijacking ServHelper TA505 |
| 2019-12-12
⋅
FireEye
⋅
Cyber Threat Landscape in Japan – Revealing Threat in the Shadow Cerberus TSCookie Cobalt Strike Dtrack Emotet Formbook IcedID Icefog IRONHALO Loki Password Stealer (PWS) PandaBanker PLEAD poisonplug TrickBot BlackTech |
| 2019-12-09
⋅
Palo Alto Networks Unit 42
⋅
TrickBot Campaign Uses Fake Payroll Emails to Conduct Phishing Attacks TrickBot |
| 2019-12-05
⋅
U.S. Department of the Treasury
⋅
Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware Dridex |
| 2019-11-24
⋅
TA505 Get2 Analysis Get2 |
| 2019-11-22
⋅
⋅
CERT-FR
⋅
RAPPORT MENACES ET INCIDENTS DU CERT-FR Clop |
| 2019-11-22
⋅
Palo Alto Networks Unit 42
⋅
Trickbot Updates Password Grabber Module TrickBot |
| 2019-11-19
⋅
⋅
ACTU
⋅
Une rançon après la cyberattaque au CHU de Rouen ? Ce que réclament les pirates Clop |
| 2019-11-13
⋅
CrowdStrike
⋅
Through the Eyes of the Adversary TrickBot CLOCKWORK SPIDER |
| 2019-11-08
⋅
Palo Alto Networks Unit 42
⋅
Wireshark Tutorial: Examining Trickbot Infections TrickBot |
| 2019-11-06
⋅
⋅
Heise Security
⋅
Emotet, Trickbot, Ryuk – ein explosiver Malware-Cocktail Emotet Ryuk TrickBot |
| 2019-10-29
⋅
SneakyMonkey Blog
⋅
TRICKBOT - Analysis Part II TrickBot |
| 2019-10-24
⋅
Sentinel LABS
⋅
How TrickBot Malware Hooking Engine Targets Windows 10 Browsers TrickBot |
| 2019-10-21
⋅
FireEye
⋅
Shikata Ga Nai Encoder Still Going Strong FIN11 |
| 2019-10-16
⋅
Proofpoint
⋅
TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader Get2 SDBbot TA505 |
| 2019-10-10
⋅
Github (StrangerealIntel)
⋅
Analysis of the new TA505 campaign Get2 |
| 2019-10-10
⋅
AhnLab
⋅
ASEC Report Vol. 96: Analysis Report on Operation Red Salt, Analysis on the Malicious SDB File Found in Ammyy Hacking Tool SDBbot |
| 2019-09-25
⋅
GovCERT.ch
⋅
Trickbot - An analysis of data collected from the botnet TrickBot |
| 2019-09-09
⋅
McAfee
⋅
Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study Cutwail Dridex Dyre Kovter Locky Phorpiex Simda |
| 2019-08-29
⋅
ThreatRecon
⋅
SectorJ04 Group’s Increased Activity in 2019 FlawedAmmyy ServHelper TA505 |
| 2019-08-27
⋅
Trend Micro
⋅
TA505 At It Again: Variety is the Spice of ServHelper and FlawedAmmyy FlawedAmmyy ServHelper |
| 2019-08-27
⋅
Secureworks
⋅
TrickBot Modifications Target U.S. Mobile Users TrickBot WIZARD SPIDER |
| 2019-08-26
⋅
InQuest
⋅
Memory Analysis of TrickBot TrickBot |
| 2019-08-20
⋅
Github (SherifEldeeb)
⋅
Source code: TinyMet TinyMet |
| 2019-08-13
⋅
Adalogics
⋅
The state of advanced code injections Dridex Emotet Tinba |
| 2019-08-05
⋅
Trend Micro
⋅
Latest Trickbot Campaign Delivered via Highly Obfuscated JS File ostap TrickBot |
| 2019-08-01
⋅
Group-IB
⋅
Silence 2.0 - Going Global Silence |
| 2019-08-01
⋅
Group-IB
⋅
Attacks by Silence Silence DDoS Kikothac Silence |
| 2019-08-01
⋅
McAfee
⋅
Clop Ransomware Clop |
| 2019-07-30
⋅
Dissecting Malware
⋅
Picking Locky Locky |
| 2019-07-12
⋅
DeepInstinct
⋅
TrickBooster – TrickBot’s Email-Based Infection Module TrickBot |
| 2019-07-12
⋅
CrowdStrike
⋅
BitPaymer Source Code Fork: Meet DoppelPaymer Ransomware and Dridex 2.0 DoppelDridex DoppelPaymer Dridex FriedEx |
| 2019-07-11
⋅
NTT Security
⋅
Targeted TrickBot activity drops 'PowerBrace' backdoor PowerBrace TrickBot |
| 2019-07-04
⋅
Trend Micro
⋅
Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi AndroMut |
| 2019-07-02
⋅
Proofpoint
⋅
TA505 begins summer campaigns with a new pet malware downloader, AndroMut, in the UAE, South Korea, Singapore, and the United States AndroMut FlawedAmmyy |
| 2019-06-04
⋅
SlideShare
⋅
Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vitali Kremez TrickBot |
| 2019-05-31
⋅
Youtube (0verfl0w_)
⋅
Defeating Commercial and Custom Packers like a Pro - VMProtect, ASPack, PECompact, and more FlawedAmmyy Ramnit |
| 2019-05-29
⋅
Yoroi
⋅
TA505 is Expanding its Operations RMS |
| 2019-05-28
⋅
MITRE
⋅
FlawedAmmyy FlawedAmmyy |
| 2019-05-22
⋅
TRICKBOT - Analysis TrickBot |
| 2019-05-14
⋅
GovCERT.ch
⋅
The Rise of Dridex and the Role of ESPs Dridex |
| 2019-05-09
⋅
GovCERT.ch
⋅
Severe Ransomware Attacks Against Swiss SMEs Emotet LockerGoga Ryuk TrickBot |
| 2019-05-02
⋅
CERT.PL
⋅
Detricking TrickBot Loader TrickBot |
| 2019-04-25
⋅
Cybereason
⋅
Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware ServHelper TA505 |
| 2019-04-22
⋅
SANS
⋅
Unpacking & Decrypting FlawedAmmyy FlawedAmmyy |
| 2019-04-05
⋅
Medium vishal_thakur
⋅
Trickbot — a concise treatise TrickBot |
| 2019-04-02
⋅
Cybereason
⋅
Triple Threat: Emotet Deploys Trickbot to Steal Data & Spread Ryuk Ryuk TrickBot |
| 2019-04-02
⋅
DeepInstinct
⋅
New ServHelper Variant Employs Excel 4.0 Macro to Drop Signed Payload ServHelper |
| 2019-03-28
⋅
Carbon Black
⋅
CryptoMix Clop Ransomware Disables Startup Repair, Removes & Edits Shadow Volume Copies Clop |
| 2019-03-20
⋅
Flashpoint
⋅
FIN7 Revisited: Inside Astra Panel and SQLRat Malware DNSRat TinyMet |
| 2019-03-05
⋅
Bleeping Computer
⋅
CryptoMix Clop Ransomware Says It's Targeting Networks, Not Computers Clop |
| 2019-03-05
⋅
PepperMalware Blog
⋅
Quick Analysis of a Trickbot Sample with NSA's Ghidra SRE Framework TrickBot |
| 2019-02-15
⋅
CrowdStrike
⋅
“Sin”-ful SPIDERS: WIZARD SPIDER and LUNAR SPIDER Sharing the Same Web Dyre IcedID TrickBot Vawtrak LUNAR SPIDER WIZARD SPIDER |
| 2019-02-12
⋅
Trend Micro
⋅
Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire TrickBot |
| 2019-02-11
⋅
One Night in Norfolk
⋅
How the Silence Downloader Has Evolved Over Time Silence |
| 2019-02-06
⋅
One Night in Norfolk
⋅
Some Notes on the Silence Proxy Silence |
| 2019-02-02
⋅
Medium Sebdraven
⋅
Unpacking Clop Clop |
| 2019-01-24
⋅
Reaqta
⋅
Silence group targeting Russian Banks via Malicious CHM Silence Silence group |
| 2019-01-24
⋅
奇安信威胁情报中心
⋅
Excel 4.0 Macro Utilized by TA505 to Target Financial Institutions Recently ServHelper |
| 2019-01-14
⋅
Möbius Strip Reverse Engineering
⋅
A Quick Solution to an Ugly Reverse Engineering Problem FlawedGrace |
| 2019-01-11
⋅
FireEye
⋅
A Nasty Trick: From Credential Theft Malware to Business Disruption Ryuk TrickBot GRIM SPIDER WIZARD SPIDER |
| 2019-01-09
⋅
Proofpoint
⋅
ServHelper and FlawedGrace - New malware introduced by TA505 FlawedGrace ServHelper |
| 2019-01-01
⋅
CyberInt
⋅
Legit Remote Admin Tools Turn into Threat Actors' Tools RMS ServHelper TA505 |
| 2018-12-18
⋅
Trend Micro
⋅
URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader Dridex Emotet FriedEx ISFB |
| 2018-12-12
⋅
SecureData
⋅
The TrickBot and MikroTik connection TrickBot |
| 2018-12-05
⋅
VIPRE
⋅
Trickbot’s Tricks TrickBot |
| 2018-11-12
⋅
Malwarebytes
⋅
What’s new in TrickBot? Deobfuscating elements TrickBot |
| 2018-11-08
⋅
Fortinet
⋅
Deep Analysis of TrickBot New Module pwgrab TrickBot |
| 2018-11-01
⋅
Trend Micro
⋅
Trickbot Shows Off New Trick: Password Grabber Module TrickBot |
| 2018-10-01
⋅
⋅
Macnica Networks
⋅
Trends in cyber espionage (targeted attacks) targeting Japan | First half of 2018 Anel Cobalt Strike Datper FlawedAmmyy Quasar RAT RedLeaves taidoor Winnti xxmm |
| 2018-08-14
⋅
Cyberbit
⋅
Latest Trickbot Variant has New Tricks Up Its Sleeve TrickBot |
| 2018-07-26
⋅
IEEE Symposium on Security and Privacy (SP)
⋅
Tracking Ransomware End-to-end Cerber Locky WannaCryptor |
| 2018-07-19
⋅
Proofpoint
⋅
TA505 Abusing SettingContent-ms within PDF files to Distribute FlawedAmmyy RAT FlawedAmmyy |
| 2018-07-03
⋅
Talos Intelligence
⋅
Smoking Guns - Smoke Loader learned new tricks SmokeLoader TrickBot |
| 2018-06-28
⋅
Secrary Blog
⋅
A Brief Overview of the AMMYY RAT Downloader FlawedAmmyy |
| 2018-06-20
⋅
Unpacking and Extracting TrickBot Malware Configuration With x64dbg and Python TrickBot |
| 2018-06-13
⋅
Github (JR0driguezB)
⋅
TrickBot config files TrickBot |
| 2018-04-16
⋅
Random RE
⋅
TrickBot & UACME TrickBot |
| 2018-04-03
⋅
Vitali Kremez Blog
⋅
Let's Learn: Trickbot Implements Network Collector Module Leveraging CMD, WMI & LDAP TrickBot |
| 2018-03-31
⋅
Youtube (hasherezade)
⋅
Deobfuscating TrickBot's strings with libPeConv TrickBot |
| 2018-03-27
⋅
Trend Micro
⋅
Evolving Trickbot Adds Detection Evasion and Screen-Locking Features TrickBot |
| 2018-03-21
⋅
Webroot
⋅
TrickBot Banking Trojan Adapts with New Module TrickBot |
| 2018-03-20
⋅
Stormshield
⋅
De-obfuscating Jump Chains with Binary Ninja Locky |
| 2018-03-07
⋅
Proofpoint
⋅
Leaked Ammyy Admin Source Code Turned into Malware FlawedAmmyy QuantLoader |
| 2018-02-15
⋅
SecurityIntelligence
⋅
TrickBot’s Cryptocurrency Hunger: Tricking the Bitcoin Out of Wallets TrickBot |
| 2018-02-01
⋅
Malware Traffic Analysis
⋅
Quick Test Drive of Trickbot (It now has a Monero Module) TrickBot |
| 2018-01-26
⋅
ESET Research
⋅
FriedEx: BitPaymer ransomware the work of Dridex authors Dridex FriedEx |
| 2018-01-12
⋅
Proofpoint
⋅
Holiday lull? Not so much Dridex Emotet GlobeImposter ISFB Necurs PandaBanker UrlZone NARWHAL SPIDER |
| 2017-12-30
⋅
Youtube (hasherezade)
⋅
Unpacking TrickBot with PE-sieve TrickBot |
| 2017-12-19
⋅
Vitali Kremez Blog
⋅
Let's Learn: Introducing New Trickbot LDAP "DomainGrabber" Module TrickBot |
| 2017-11-22
⋅
Flashpoint
⋅
Trickbot Gang Evolves, Incorporates Account Checking Into Hybrid Attack Model TrickBot |
| 2017-11-21
⋅
Let's Learn: Trickbot Socks5 Backconnect Module In Detail TrickBot |
| 2017-11-07
⋅
ThreatVector
⋅
Locky Ransomware Locky |
| 2017-11-01
⋅
Intezer
⋅
Silence of the Moles Silence |
| 2017-11-01
⋅
Kaspersky Labs
⋅
Silence – a new Trojan attacking financial organizations Silence Silence group |
| 2017-10-06
⋅
Blueliv
⋅
TrickBot banking trojan using EFLAGS as an anti-hook technique TrickBot |
| 2017-09-21
⋅
Malwarebytes
⋅
Fake IRS notice delivers customized spying tool RMS |
| 2017-08-20
⋅
MyOnlineSecurity
⋅
return of fake UPS cannot deliver malspam with an updated nemucod ransomware and Kovter payload Cold$eal Locky |
| 2017-08-16
⋅
Bleeping Computer
⋅
Locky Ransomware switches to the Lukitus extension for Encrypted Files Locky |
| 2017-08-10
⋅
⋅
botfrei Blog
⋅
Weltweite Spamwelle verbreitet teuflische Variante des Locky Locky |
| 2017-08-01
⋅
Malwarebytes
⋅
TrickBot comes up with new tricks: attacking Outlook and browsing data TrickBot |
| 2017-08-01
⋅
Panda Security
⋅
Malware Report: Dridex Version 4 Dridex |
| 2017-07-27
⋅
Flashpoint
⋅
New Version of “Trickbot” Adds Worm Propagation Module TrickBot |
| 2017-07-25
⋅
Github (viql)
⋅
Dridex Loot Dridex |
| 2017-07-18
⋅
Elastic
⋅
Ten process injection techniques: A technical survey of common and trending process injection techniques Cryakl CyberGate Dridex FinFisher RAT Locky |
| 2017-07-01
⋅
Ring Zero Labs
⋅
TrickBot Banking Trojan - DOC00039217.doc TrickBot |
| 2017-06-22
⋅
Bleeping Computer
⋅
Locky Ransomware Returns, but Targets Only Windows XP & Vista Locky |
| 2017-06-21
⋅
Cisco
⋅
Player 1 Limps Back Into the Ring - Hello again, Locky! Locky |
| 2017-06-15
⋅
F5
⋅
Trickbot Expands Global Targets Beyond Banks and Payment Processors to CRMs TrickBot |
| 2017-06-12
⋅
⋅
Security Art Work
⋅
Evolución de Trickbot TrickBot |
| 2017-05-26
⋅
PWC
⋅
TrickBot’s bag of tricks TrickBot |
| 2017-05-25
⋅
Kaspersky Labs
⋅
Dridex: A History of Evolution Dridex Feodo |
| 2017-05-15
⋅
Secureworks
⋅
Evolution of the GOLD EVERGREEN Threat Group CryptoLocker Dridex Dyre Gameover P2P Murofet TrickBot Zeus GOLD EVERGREEN |
| 2017-03-01
⋅
FraudWatch International
⋅
How Does the Trickbot Malware Work? TrickBot |
| 2017-02-28
⋅
Security Intelligence
⋅
Dridex’s Cold War: Enter AtomBombing Dridex |
| 2017-02-27
⋅
Palo Alto Networks Unit 42
⋅
The Gamaredon Group Toolset Evolution Pteranodon RMS Gamaredon Group |
| 2017-01-31
⋅
Malwarebytes
⋅
Locky Bart ransomware and backend server analysis Locky |
| 2017-01-26
⋅
Flashpoint
⋅
Dridex Banking Trojan Returns, Leverages New UAC Bypass Method Dridex |
| 2016-12-07
⋅
Botconf
⋅
The TrickBot Evolution TrickBot |
| 2016-12-06
⋅
Fortinet
⋅
Deep Analysis of the Online Banking Botnet TrickBot TrickBot |
| 2016-11-09
⋅
Tricks of the Trade: A Deeper Look Into TrickBot’s Machinations TrickBot |
| 2016-11-07
⋅
F5 Labs
⋅
Little Trickbot Growing Up: New Campaign TrickBot |
| 2016-10-25
⋅
NetScout
⋅
TrickBot Banker Insights Godzilla Loader TrickBot |
| 2016-10-24
⋅
Malwarebytes
⋅
Introducing TrickBot, Dyreza’s successor TrickBot |
| 2016-10-15
⋅
Fidelis Cybersecurity
⋅
TrickBot: We Missed you, Dyre TrickBot |
| 2016-10-11
⋅
Symantec
⋅
Odinaff: New Trojan used in high level financial attacks Batel FlawedAmmyy Odinaff RMS FIN7 |
| 2016-07-07
⋅
New threat dubbed Zepto Ransomware is spreading out with a new email spam campaign. It is a variant of the recent Locky Ransomware. Locky |
| 2016-03-01
⋅
Malwarebytes
⋅
Look Into Locky Ransomware Locky |
| 2016-02-16
⋅
Symantec
⋅
Dridex: Tidal waves of spam pushing dangerous financial Trojan Dridex |
| 2015-11-10
⋅
CERT.PL
⋅
Talking to Dridex (part 0) – inside the dropper Dridex |
| 2015-10-26
⋅
Blueliv
⋅
Chasing cybercrime: network insights of Dyre and Dridex Trojan bankers Dridex Dyre |
| 2015-10-15
⋅
BitSight
⋅
Dridex: Chasing a botnet from the inside Dridex |
| 2015-10-13
⋅
Secureworks
⋅
Dridex (Bugat v5) Botnet Takeover Operation Dridex Evil Corp |