SYMBOLCOMMON_NAMEaka. SYNONYMS

MONTY SPIDER  (Back to overview)


Spambots continued to decline in 2019, with MONTY SPIDER’s CraP2P spambot falling silent in April.


Associated Families
win.necurs

References
2021-12-01NCC GroupNikolaos Pantazopoulos, Michael Sandee
@online{pantazopoulos:20211201:tracking:b67c8f7, author = {Nikolaos Pantazopoulos and Michael Sandee}, title = {{Tracking a P2P network related to TA505}}, date = {2021-12-01}, organization = {NCC Group}, url = {https://research.nccgroup.com/2021/12/01/tracking-a-p2p-network-related-with-ta505/}, language = {English}, urldate = {2021-12-01} } Tracking a P2P network related to TA505
FlawedGrace Necurs
2021SecureworksSecureWorks
@online{secureworks:2021:threat:6493b56, author = {SecureWorks}, title = {{Threat Profile: GOLD RIVERVIEW}}, date = {2021}, organization = {Secureworks}, url = {http://www.secureworks.com/research/threat-profiles/gold-riverview}, language = {English}, urldate = {2021-05-28} } Threat Profile: GOLD RIVERVIEW
Necurs GOLD RIVERVIEW
2020-07-17CERT-FRCERT-FR
@techreport{certfr:20200717:malware:5c58cdf, author = {CERT-FR}, title = {{The Malware Dridex: Origins and Uses}}, date = {2020-07-17}, institution = {CERT-FR}, url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-008.pdf}, language = {English}, urldate = {2020-07-20} } The Malware Dridex: Origins and Uses
Andromeda CryptoLocker Cutwail DoppelPaymer Dridex Emotet FriedEx Gameover P2P Gandcrab ISFB Murofet Necurs Predator The Thief Zeus
2020-05-21Intel 471Intel 471
@online{471:20200521:brief:048d164, author = {Intel 471}, title = {{A brief history of TA505}}, date = {2020-05-21}, organization = {Intel 471}, url = {https://intel471.com/blog/a-brief-history-of-ta505}, language = {English}, urldate = {2022-02-14} } A brief history of TA505
AndroMut Bart Dridex FlawedAmmyy FlawedGrace Gandcrab Get2 GlobeImposter Jaff Kegotip Locky Necurs Philadephia Ransom Pony QuantLoader Rockloader SDBbot ServHelper Shifu Snatch TrickBot
2020-03-15The Shadowserver FoundationShadowserver Foundation
@online{foundation:20200315:has:80a92d5, author = {Shadowserver Foundation}, title = {{Has The Sun Set On The Necurs Botnet?}}, date = {2020-03-15}, organization = {The Shadowserver Foundation}, url = {https://www.shadowserver.org/news/has-the-sun-set-on-the-necurs-botnet/}, language = {English}, urldate = {2020-03-17} } Has The Sun Set On The Necurs Botnet?
Andromeda Cutwail Kelihos Necurs Pushdo
2020-03-10MicrosoftTom Burt
@online{burt:20200310:new:251948a, author = {Tom Burt}, title = {{New action to disrupt world’s largest online criminal network}}, date = {2020-03-10}, organization = {Microsoft}, url = {https://blogs.microsoft.com/on-the-issues/2020/03/10/necurs-botnet-cyber-crime-disrupt/}, language = {English}, urldate = {2020-03-11} } New action to disrupt world’s largest online criminal network
Necurs
2020-03-04CrowdStrikeCrowdStrike
@techreport{crowdstrike:20200304:2020:818c85f, author = {CrowdStrike}, title = {{2020 CrowdStrike Global Threat Report}}, date = {2020-03-04}, institution = {CrowdStrike}, url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf}, language = {English}, urldate = {2020-07-24} } 2020 CrowdStrike Global Threat Report
MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER
2020SecureworksSecureWorks
@online{secureworks:2020:gold:76e58fb, author = {SecureWorks}, title = {{GOLD RIVERVIEW}}, date = {2020}, organization = {Secureworks}, url = {https://www.secureworks.com/research/threat-profiles/gold-riverview}, language = {English}, urldate = {2020-05-23} } GOLD RIVERVIEW
Necurs
2018-08-15CofenseJason Meurer, Darrel Rendell
@online{meurer:20180815:necurs:cfffc46, author = {Jason Meurer and Darrel Rendell}, title = {{Necurs Targeting Banks with PUB File that Drops FlawedAmmyy}}, date = {2018-08-15}, organization = {Cofense}, url = {https://cofense.com/necurs-targeting-banks-pub-file-drops-flawedammyy/}, language = {English}, urldate = {2020-01-08} } Necurs Targeting Banks with PUB File that Drops FlawedAmmyy
Necurs
2018-07BluelivBlueliv
@techreport{blueliv:201807:necurs:652cee2, author = {Blueliv}, title = {{Necurs Malware Overview}}, date = {2018-07}, institution = {Blueliv}, url = {https://www.blueliv.com/wp-content/uploads/2018/07/Blueliv-Necurs-report-2017.pdf}, language = {English}, urldate = {2019-12-10} } Necurs Malware Overview
Necurs
2018-06-28Trend MicroTrendmicro
@online{trendmicro:20180628:new:f03edd7, author = {Trendmicro}, title = {{The New Face of Necurs: Noteworthy Changes to Necurs’ Behaviors}}, date = {2018-06-28}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/the-new-face-of-necurs-noteworthy-changes-to-necurs-behaviors}, language = {English}, urldate = {2020-01-07} } The New Face of Necurs: Noteworthy Changes to Necurs’ Behaviors
Necurs
2018-05-04AvastAdolf Středa, Jan Širmer
@online{steda:20180504:botception:3a422fe, author = {Adolf Středa and Jan Širmer}, title = {{Botception with Necurs: Botnet distributes script with bot capabilities}}, date = {2018-05-04}, organization = {Avast}, url = {https://blog.avast.com/botception-with-necurs-botnet-distributes-script-with-bot-capabilities-avast-threat-labs}, language = {English}, urldate = {2019-11-29} } Botception with Necurs: Botnet distributes script with bot capabilities
Necurs
2018-04-26Trend MicroMiguel Ang
@online{ang:20180426:necurs:83d08fc, author = {Miguel Ang}, title = {{Necurs Evolves to Evade Spam Detection via Internet Shortcut File}}, date = {2018-04-26}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/necurs-evolves-to-evade-spam-detection-via-internet-shortcut-file/}, language = {English}, urldate = {2020-01-10} } Necurs Evolves to Evade Spam Detection via Internet Shortcut File
Necurs QuantLoader
2018-01-12ProofpointProofpoint Staff
@online{staff:20180112:holiday:b4225b8, author = {Proofpoint Staff}, title = {{Holiday lull? Not so much}}, date = {2018-01-12}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/holiday-lull-not-so-much}, language = {English}, urldate = {2021-05-31} } Holiday lull? Not so much
Dridex Emotet GlobeImposter ISFB Necurs PandaBanker UrlZone NARWHAL SPIDER
2017-10-06CERT.PLMaciej Kotowicz, Jarosław Jedynak
@techreport{kotowicz:20171006:peering:668c82e, author = {Maciej Kotowicz and Jarosław Jedynak}, title = {{Peering into spam botnets}}, date = {2017-10-06}, institution = {CERT.PL}, url = {https://lokalhost.pl/txt/peering.into.spam.botnets.VirusBulletin2017.pdf}, language = {English}, urldate = {2020-04-06} } Peering into spam botnets
Emotet Kelihos Necurs SendSafe Tofsee
2017-05-31TrustwaveHomer Pacag
@online{pacag:20170531:necurs:07ea4cc, author = {Homer Pacag}, title = {{Necurs Recurs}}, date = {2017-05-31}, organization = {Trustwave}, url = {https://www.trustwave.com/Resources/SpiderLabs-Blog/Necurs-Recurs/}, language = {English}, urldate = {2019-12-19} } Necurs Recurs
Necurs
2017-03-20Cisco TalosSean Baird, Edmund Brumaghin, Earl Carter, Jaeson Schultz
@online{baird:20170320:necurs:ee5da07, author = {Sean Baird and Edmund Brumaghin and Earl Carter and Jaeson Schultz}, title = {{Necurs Diversifies Its Portfolio}}, date = {2017-03-20}, organization = {Cisco Talos}, url = {http://blog.talosintelligence.com/2017/03/necurs-diversifies.html}, language = {English}, urldate = {2020-01-07} } Necurs Diversifies Its Portfolio
Necurs
2017-02-24BitSightSofia Luis
@online{luis:20170224:necurs:629636f, author = {Sofia Luis}, title = {{Necurs Proxy Module With DDOS Features}}, date = {2017-02-24}, organization = {BitSight}, url = {https://www.bitsighttech.com/blog/necurs-proxy-module-with-ddos-features}, language = {English}, urldate = {2019-12-06} } Necurs Proxy Module With DDOS Features
Necurs
2016-09-02CERT.PLAdam Krasuski
@online{krasuski:20160902:necurs:d01f298, author = {Adam Krasuski}, title = {{Necurs – hybrid spam botnet}}, date = {2016-09-02}, organization = {CERT.PL}, url = {https://www.cert.pl/en/news/single/necurs-hybrid-spam-botnet/}, language = {English}, urldate = {2019-11-20} } Necurs – hybrid spam botnet
Necurs
2015-02-20Johannes Bader's BlogJohannes Bader
@online{bader:20150220:dgas:b2e059a, author = {Johannes Bader}, title = {{The DGAs of Necurs}}, date = {2015-02-20}, organization = {Johannes Bader's Blog}, url = {https://bin.re/blog/the-dgas-of-necurs/}, language = {English}, urldate = {2023-04-27} } The DGAs of Necurs
Necurs

Credits: MISP Project