NARWHAL SPIDER (Threat Actor)

SYMBOL	COMMON_NAME	aka. SYNONYMS

NARWHAL SPIDER (Back to overview)

aka: GOLD ESSEX, TA544

NARWHAL SPIDER’s operation of Cutwail v2 was limited to country-specific spam campaigns, although late in 2019 there appeared to be an effort to expand by bringing in INDRIK SPIDER as a customer.

Associated Families

win.cutwail

References

2022-02-08 ⋅ DARKNET DIARIES ⋅ DARKNET DIARIES
EP 110: Spam Botnets
Cutwail Rustock

2021-03-11 ⋅ IBM ⋅ Dave McMillen, Limor Kessem
Dridex Campaign Propelled by Cutwail Botnet and Poisonous PowerShell Scripts
Cutwail Dridex

2021-02-23 ⋅ CrowdStrike ⋅ CrowdStrike
2021 Global Threat Report
RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER

2021-02-16 ⋅ Proofpoint ⋅ Proofpoint Threat Research Team
Q4 2020 Threat Report: A Quarterly Analysis of Cybersecurity Trends, Tactics and Themes
Emotet Ryuk NARWHAL SPIDER TA800

2021-01-06 ⋅ Mimecast ⋅ Matthew Gardiner
How to Slam a Door on the Cutwail Botnet: Enforce DMARC
Cutwail

2020-09-07 ⋅ Github (pan-unit42) ⋅ Brad Duncan
Collection of recent Dridex IOCs
Cutwail Dridex

2020-07-17 ⋅ CERT-FR ⋅ CERT-FR
The Malware Dridex: Origins and Uses
Andromeda CryptoLocker Cutwail DoppelPaymer Dridex Emotet FriedEx Gameover P2P Gandcrab ISFB Murofet Necurs Predator The Thief Zeus

2020-03-15 ⋅ The Shadowserver Foundation ⋅ Shadowserver Foundation
Has The Sun Set On The Necurs Botnet?
Andromeda Cutwail Kelihos Necurs Pushdo

2020-03-04 ⋅ CrowdStrike ⋅ CrowdStrike
2020 CrowdStrike Global Threat Report
MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER

2020-01-17 ⋅ Ken Sajo, Yasuhiro Takeda, Yusuke Niwa
Battle Against Ursnif Malspam Campaign targeting Japan
Cutwail ISFB TrickBot UrlZone

2020-01-01 ⋅ Secureworks ⋅ SecureWorks
GOLD ESSEX
Cutwail Pony Pushdo NARWHAL SPIDER

2019-09-09 ⋅ McAfee ⋅ Chintan Shah, Marc Rivero López, Thomas Roccia
Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study
Cutwail Dridex Dyre Kovter Locky Phorpiex Simda

2019-07-22 ⋅ Proofpoint ⋅ Kafeine, Proofpoint Threat Insight Team
BrushaLoader still sweeping up victims one year later
BrushaLoader NARWHAL SPIDER

2019-07-11 ⋅ Proofpoint ⋅ Proofpoint Threat Insight Team
Threat Actor Profile: TA544 targets geographies from Italy to Japan with a range of malware
ISFB PandaBanker UrlZone NARWHAL SPIDER

2019-06-19 ⋅ Proofpoint ⋅ Proofpoint Threat Insight Team
URLZone top malware in Japan, while Emotet and LINE Phishing round out the landscape
ISFB UrlZone NARWHAL SPIDER

2018-01-12 ⋅ Proofpoint ⋅ Proofpoint Staff
Holiday lull? Not so much
Dridex Emotet GlobeImposter ISFB Necurs PandaBanker UrlZone NARWHAL SPIDER

2010-01-01 ⋅ Mandiant ⋅ Ero Carrera, Peter Silberman
State of Malware: Family Ties
Bredolab Conficker Cutwail KoobFace Oderoor Poison Ivy Rustock Sinowal Szribi Zeus

Credits: MISP Project