SYMBOLCOMMON_NAMEaka. SYNONYMS

NARWHAL SPIDER  (Back to overview)

aka: GOLD ESSEX

NARWHAL SPIDER’s operation of Cutwail v2 was limited to country-specific spam campaigns, although late in 2019 there appeared to be an effort to expand by bringing in INDRIK SPIDER as a customer.


Associated Families
win.cutwail

References
2021-03-11IBMDave McMillen, Limor Kessem
@online{mcmillen:20210311:dridex:1140b01, author = {Dave McMillen and Limor Kessem}, title = {{Dridex Campaign Propelled by Cutwail Botnet and Poisonous PowerShell Scripts}}, date = {2021-03-11}, organization = {IBM}, url = {https://securityintelligence.com/dridex-campaign-propelled-by-cutwail-botnet-and-powershell/}, language = {English}, urldate = {2021-03-12} } Dridex Campaign Propelled by Cutwail Botnet and Poisonous PowerShell Scripts
Cutwail Dridex
2021-02-23CrowdStrikeCrowdStrike
@techreport{crowdstrike:20210223:2021:bf5bc4f, author = {CrowdStrike}, title = {{2021 Global Threat Report}}, date = {2021-02-23}, institution = {CrowdStrike}, url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf}, language = {English}, urldate = {2021-02-25} } 2021 Global Threat Report
RansomEXX Amadey Anchor Avaddon Ransomware BazarBackdoor Clop Cobalt Strike Conti Ransomware Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet Ransomware ShadowPad SmokeLoader Snake Ransomware SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader
2021-01-06MimecastMatthew Gardiner
@online{gardiner:20210106:how:b9e3a36, author = {Matthew Gardiner}, title = {{How to Slam a Door on the Cutwail Botnet: Enforce DMARC}}, date = {2021-01-06}, organization = {Mimecast}, url = {https://www.mimecast.com/blog/how-to-slam-a-door-on-the-cutwail-botnet-enforce-dmarc/}, language = {English}, urldate = {2021-01-27} } How to Slam a Door on the Cutwail Botnet: Enforce DMARC
Cutwail
2020-09-07Github (pan-unit42)Brad Duncan
@online{duncan:20200907:collection:09ab7be, author = {Brad Duncan}, title = {{Collection of recent Dridex IOCs}}, date = {2020-09-07}, organization = {Github (pan-unit42)}, url = {https://github.com/pan-unit42/tweets/blob/master/2020-09-07-Dridex-IOCs.txt}, language = {English}, urldate = {2020-09-15} } Collection of recent Dridex IOCs
Cutwail Dridex
2020-07-17CERT-FRCERT-FR
@techreport{certfr:20200717:malware:5c58cdf, author = {CERT-FR}, title = {{The Malware Dridex: Origins and Uses}}, date = {2020-07-17}, institution = {CERT-FR}, url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-008.pdf}, language = {English}, urldate = {2020-07-20} } The Malware Dridex: Origins and Uses
Andromeda CryptoLocker Cutwail DoppelPaymer Dridex Emotet FriedEx Gameover P2P Gandcrab ISFB Murofet Necurs Predator The Thief Zeus
2020-03-15The Shadowserver FoundationShadowserver Foundation
@online{foundation:20200315:has:80a92d5, author = {Shadowserver Foundation}, title = {{Has The Sun Set On The Necurs Botnet?}}, date = {2020-03-15}, organization = {The Shadowserver Foundation}, url = {https://www.shadowserver.org/news/has-the-sun-set-on-the-necurs-botnet/}, language = {English}, urldate = {2020-03-17} } Has The Sun Set On The Necurs Botnet?
Andromeda Cutwail Kelihos Necurs Pushdo
2020-03-04CrowdStrikeCrowdStrike
@techreport{crowdstrike:20200304:2020:818c85f, author = {CrowdStrike}, title = {{2020 CrowdStrike Global Threat Report}}, date = {2020-03-04}, institution = {CrowdStrike}, url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf}, language = {English}, urldate = {2020-07-24} } 2020 CrowdStrike Global Threat Report
MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Ransomware Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot vidar Winnti ANTHROPOID SPIDER Anunak APT31 APT39 BlackTech BuhTrap Charming Kitten CLOCKWORD SPIDER DOPPEL SPIDER Gamaredon Group Leviathan MONTY SPIDER Mustang Panda NARWHAL SPIDER NOCTURNAL SPIDER Pinchy Spider Pirate Panda Salty Spider SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER
2020-01-17Ken Sajo, Yasuhiro Takeda, Yusuke Niwa
@techreport{sajo:20200117:battle:2b146f5, author = {Ken Sajo and Yasuhiro Takeda and Yusuke Niwa}, title = {{Battle Against Ursnif Malspam Campaign targeting Japan}}, date = {2020-01-17}, institution = {}, url = {https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_5_sajo-takeda-niwa_en.pdf}, language = {English}, urldate = {2020-01-17} } Battle Against Ursnif Malspam Campaign targeting Japan
Cutwail ISFB TrickBot UrlZone
2020SecureworksSecureWorks
@online{secureworks:2020:gold:65f4550, author = {SecureWorks}, title = {{GOLD ESSEX}}, date = {2020}, organization = {Secureworks}, url = {http://www.secureworks.com/research/threat-profiles/gold-essex}, language = {English}, urldate = {2020-05-27} } GOLD ESSEX
Cutwail Pony Pushdo NARWHAL SPIDER
2019-09-09McAfeeThomas Roccia, Marc Rivero López, Chintan Shah
@online{roccia:20190909:evolution:baf3b6c, author = {Thomas Roccia and Marc Rivero López and Chintan Shah}, title = {{Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study}}, date = {2019-09-09}, organization = {McAfee}, url = {https://www.mcafee.com/blogs/other-blogs/mcafee-labs/evolution-of-malware-sandbox-evasion-tactics-a-retrospective-study/}, language = {English}, urldate = {2020-08-30} } Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study
Cutwail Dridex Dyre Kovter Locky Phorpiex Simda

Credits: MISP Project