TA505  (Back to overview)

aka: SectorJ04 Group

TA505, the name given by Proofpoint, has been in the cybercrime business for at least four years. This is the group behind the infamous Dridex banking trojan and Locky ransomware, delivered through malicious email campaigns via Necurs botnet. Other malware associated with TA505 include Philadelphia and GlobeImposter ransomware families.


Associated Families
win.andromut win.clop win.dridex win.flawedammyy win.flawedgrace win.get2 win.locky win.rms win.sdbbot win.servhelper

References
2020-01-07 ⋅ Github (albertzsigovits)Albert Zsigovits
@online{zsigovits:20200107:clop:07d2a90, author = {Albert Zsigovits}, title = {{Clop ransomware Notes}}, date = {2020-01-07}, organization = {Github (albertzsigovits)}, url = {https://github.com/albertzsigovits/malware-notes/blob/master/Clop.md}, language = {English}, urldate = {2020-01-09} } Clop ransomware Notes
Clop
2019-12-20 ⋅ Binary DefenseJames Quinn
@online{quinn:20191220:updated:2408ee7, author = {James Quinn}, title = {{An Updated ServHelper Tunnel Variant}}, date = {2019-12-20}, organization = {Binary Defense}, url = {https://www.binarydefense.com/an-updated-servhelper-tunnel-variant/}, language = {English}, urldate = {2020-01-13} } An Updated ServHelper Tunnel Variant
ServHelper
2019-12-17 ⋅ BluelivAdrián Ruiz, Jose Miguel Esparza, Blueliv Labs Team
@online{ruiz:20191217:ta505:1c1204e, author = {Adrián Ruiz and Jose Miguel Esparza and Blueliv Labs Team}, title = {{TA505 evolves ServHelper, uses Predator The Thief and Team Viewer Hijacking}}, date = {2019-12-17}, organization = {Blueliv}, url = {https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/research/servhelper-evolution-and-new-ta505-campaigns/}, language = {English}, urldate = {2020-01-09} } TA505 evolves ServHelper, uses Predator The Thief and Team Viewer Hijacking
ServHelper
2019-11-24 ⋅ Jacob Pimental
@online{pimental:20191124:ta505:fb32d29, author = {Jacob Pimental}, title = {{TA505 Get2 Analysis}}, date = {2019-11-24}, url = {https://www.goggleheadedhacker.com/blog/post/13}, language = {English}, urldate = {2019-12-17} } TA505 Get2 Analysis
Get2
2019-11-22 ⋅ CERT-FRCERT-FR
@online{certfr:20191122:rapport:c457ee8, author = {CERT-FR}, title = {{RAPPORT MENACES ET INCIDENTS DU CERT-FR}}, date = {2019-11-22}, organization = {CERT-FR}, url = {https://www.cert.ssi.gouv.fr/cti/CERTFR-2019-CTI-009/}, language = {French}, urldate = {2020-01-07} } RAPPORT MENACES ET INCIDENTS DU CERT-FR
Clop
2019-11-19 ⋅ ACTURédaction Normandie
@online{normandie:20191119:une:d09ec98, author = {Rédaction Normandie}, title = {{Une rançon après la cyberattaque au CHU de Rouen ? Ce que réclament les pirates}}, date = {2019-11-19}, organization = {ACTU}, url = {https://actu.fr/normandie/rouen_76540/une-rancon-apres-cyberattaque-chu-rouen-ce-reclament-pirates_29475649.html}, language = {French}, urldate = {2019-12-05} } Une rançon après la cyberattaque au CHU de Rouen ? Ce que réclament les pirates
Clop
2019-10-16 ⋅ ProofpointProofpoint
@online{proofpoint:20191016:ta505:9bca8d0, author = {Proofpoint}, title = {{TA505 Timeline}}, date = {2019-10-16}, organization = {Proofpoint}, url = {https://www.proofpoint.com/sites/default/files/ta505_timeline_final4_0.png}, language = {English}, urldate = {2020-01-08} } TA505 Timeline
TA505
2019-10-16 ⋅ ProofpointDennis Schwarz, Kafeine, Matthew Mesa, Axel F, Proofpoint Threat Insight Team
@online{schwarz:20191016:ta505:9d7155a, author = {Dennis Schwarz and Kafeine and Matthew Mesa and Axel F and Proofpoint Threat Insight Team}, title = {{TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader}}, date = {2019-10-16}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/ta505-distributes-new-sdbbot-remote-access-trojan-get2-downloader}, language = {English}, urldate = {2020-01-10} } TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader
Get2 SDBbot
2019-10-10 ⋅ AhnLabASEC
@techreport{asec:20191010:asec:6452cd4, author = {ASEC}, title = {{ASEC Report Vol. 96}}, date = {2019-10-10}, institution = {AhnLab}, url = {https://global.ahnlab.com/global/upload/download/asecreport/ASEC%20REPORT_vol.96_ENG.pdf}, language = {English}, urldate = {2020-01-13} } ASEC Report Vol. 96
SDBbot
2019-10-10 ⋅ Github (StrangerealIntel)StrangerealIntel
@online{strangerealintel:20191010:analysis:45d6c09, author = {StrangerealIntel}, title = {{Analysis of the new TA505 campaign}}, date = {2019-10-10}, organization = {Github (StrangerealIntel)}, url = {https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/cybercriminal%20groups/TA505/04-10-2019/Malware%20Analysis%2004-10-2019.md}, language = {English}, urldate = {2020-01-13} } Analysis of the new TA505 campaign
Get2
2019-09-09 ⋅ McAfeeThomas Roccia, Marc Rivero López, Chintan Shah
@online{roccia:20190909:evolution:baf3b6c, author = {Thomas Roccia and Marc Rivero López and Chintan Shah}, title = {{Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study}}, date = {2019-09-09}, organization = {McAfee}, url = {https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/evolution-of-malware-sandbox-evasion-tactics-a-retrospective-study/}, language = {English}, urldate = {2020-01-10} } Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study
Cutwail Dridex Dyre Kovter Locky Phorpiex Simda
2019-08-29 ⋅ ThreatReconThreatRecon Team
@online{team:20190829:sectorj04:ce6cc4b, author = {ThreatRecon Team}, title = {{SectorJ04 Group’s Increased Activity in 2019}}, date = {2019-08-29}, organization = {ThreatRecon}, url = {https://threatrecon.nshc.net/2019/08/29/sectorj04-groups-increased-activity-in-2019/}, language = {English}, urldate = {2019-10-13} } SectorJ04 Group’s Increased Activity in 2019
FlawedAmmyy ServHelper TA505
2019-08-27 ⋅ Trend MicroHara Hiroaki, Jaromír Hořejší, Loseway Lu
@online{hiroaki:20190827:ta505:9bcbff1, author = {Hara Hiroaki and Jaromír Hořejší and Loseway Lu}, title = {{TA505 At It Again: Variety is the Spice of ServHelper and FlawedAmmyy}}, date = {2019-08-27}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/ta505-at-it-again-variety-is-the-spice-of-servhelper-and-flawedammyy/}, language = {English}, urldate = {2019-11-27} } TA505 At It Again: Variety is the Spice of ServHelper and FlawedAmmyy
FlawedAmmyy ServHelper
2019-08-13 ⋅ AdalogicsDavid Korczynski
@online{korczynski:20190813:state:a4ad074, author = {David Korczynski}, title = {{The state of advanced code injections}}, date = {2019-08-13}, organization = {Adalogics}, url = {https://adalogics.com/blog/the-state-of-advanced-code-injections}, language = {English}, urldate = {2020-01-13} } The state of advanced code injections
Dridex Emotet Tinba
2019-08-01 ⋅ McAfeeAlexandre Mundo, Marc Rivero López
@online{mundo:20190801:clop:fa3429f, author = {Alexandre Mundo and Marc Rivero López}, title = {{Clop Ransomware}}, date = {2019-08-01}, organization = {McAfee}, url = {https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/clop-ransomware/}, language = {English}, urldate = {2020-01-06} } Clop Ransomware
Clop
2019-07-12 ⋅ CrowdStrikeBrett Stone-Gross, Sergei Frankoff, Bex Hartley
@online{stonegross:20190712:bitpaymer:113a037, author = {Brett Stone-Gross and Sergei Frankoff and Bex Hartley}, title = {{BitPaymer Source Code Fork: Meet DoppelPaymer Ransomware and Dridex 2.0}}, date = {2019-07-12}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/}, language = {English}, urldate = {2019-12-20} } BitPaymer Source Code Fork: Meet DoppelPaymer Ransomware and Dridex 2.0
DoppelPaymer Dridex FriedEx
2019-07-04 ⋅ Trend MicroTrend Micro
@techreport{micro:20190704:latest:dd6099a, author = {Trend Micro}, title = {{Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi}}, date = {2019-07-04}, institution = {Trend Micro}, url = {https://documents.trendmicro.com/assets/Tech-Brief-Latest-Spam-Campaigns-from-TA505-Now-Using-New-Malware-Tools-Gelup-and-FlowerPippi.pdf}, language = {English}, urldate = {2020-01-13} } Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi
AndroMut
2019-07-02 ⋅ ProofpointMatthew Mesa, Dennis Schwarz, Proofpoint Threat Insight Team
@online{mesa:20190702:ta505:7f99961, author = {Matthew Mesa and Dennis Schwarz and Proofpoint Threat Insight Team}, title = {{TA505 begins summer campaigns with a new pet malware downloader, AndroMut, in the UAE, South Korea, Singapore, and the United States}}, date = {2019-07-02}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/ta505-begins-summer-campaigns-new-pet-malware-downloader-andromut-uae-south}, language = {English}, urldate = {2019-11-26} } TA505 begins summer campaigns with a new pet malware downloader, AndroMut, in the UAE, South Korea, Singapore, and the United States
AndroMut FlawedAmmyy
2019-05-31 ⋅ Youtube (0verfl0w_)0verfl0w_
@online{0verfl0w:20190531:defeating:eb0994e, author = {0verfl0w_}, title = {{Defeating Commercial and Custom Packers like a Pro - VMProtect, ASPack, PECompact, and more}}, date = {2019-05-31}, organization = {Youtube (0verfl0w_)}, url = {https://www.youtube.com/watch?v=N4f2e8Mygag}, language = {English}, urldate = {2020-01-08} } Defeating Commercial and Custom Packers like a Pro - VMProtect, ASPack, PECompact, and more
FlawedAmmyy Ramnit
2019-05-29 ⋅ YoroiZLAB-Yoroi
@online{zlabyoroi:20190529:ta505:07b59dd, author = {ZLAB-Yoroi}, title = {{TA505 is Expanding its Operations}}, date = {2019-05-29}, organization = {Yoroi}, url = {https://blog.yoroi.company/research/ta505-is-expanding-its-operations/}, language = {English}, urldate = {2020-01-13} } TA505 is Expanding its Operations
RMS
2019-05-28 ⋅ MITREMITRE
@online{mitre:20190528:flawedammyy:c4f6363, author = {MITRE}, title = {{FlawedAmmyy}}, date = {2019-05-28}, organization = {MITRE}, url = {https://attack.mitre.org/software/S0381/}, language = {English}, urldate = {2020-01-13} } FlawedAmmyy
FlawedAmmyy
2019-05-16 ⋅ YoroiLuigi Martire, Davide Testa, Antonio Pirozzi, Luca Mella
@online{martire:20190516:stealthy:930aa98, author = {Luigi Martire and Davide Testa and Antonio Pirozzi and Luca Mella}, title = {{The Stealthy Email Stealer in the TA505 Arsenal}}, date = {2019-05-16}, organization = {Yoroi}, url = {https://blog.yoroi.company/research/the-stealthy-email-stealer-in-the-ta505-arsenal/}, language = {English}, urldate = {2019-10-14} } The Stealthy Email Stealer in the TA505 Arsenal
TA505
2019-05-14 ⋅ GovCERT.chGovCERT.ch
@online{govcertch:20190514:rise:8fd8ef4, author = {GovCERT.ch}, title = {{The Rise of Dridex and the Role of ESPs}}, date = {2019-05-14}, organization = {GovCERT.ch}, url = {https://www.govcert.admin.ch/blog/28/the-rise-of-dridex-and-the-role-of-esps}, language = {English}, urldate = {2020-01-09} } The Rise of Dridex and the Role of ESPs
Dridex
2019-04-25 ⋅ CybereasonCybereason Nocturnus
@online{nocturnus:20190425:threat:63e7d51, author = {Cybereason Nocturnus}, title = {{Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware}}, date = {2019-04-25}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-actor-ta505-targets-financial-enterprises-using-lolbins-and-a-new-backdoor-malware}, language = {English}, urldate = {2020-01-08} } Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware
ServHelper TA505
2019-04-22 ⋅ SANSMike Downey
@online{downey:20190422:unpacking:2cb6558, author = {Mike Downey}, title = {{Unpacking & Decrypting FlawedAmmyy}}, date = {2019-04-22}, organization = {SANS}, url = {https://www.sans.org/reading-room/whitepapers/reverseengineeringmalware/unpacking-decrypting-flawedammyy-38930}, language = {English}, urldate = {2020-01-09} } Unpacking & Decrypting FlawedAmmyy
FlawedAmmyy
2019-04-02 ⋅ DeepInstinctShaul Vilkomir-Preisman
@online{vilkomirpreisman:20190402:new:4dbdc56, author = {Shaul Vilkomir-Preisman}, title = {{New ServHelper Variant Employs Excel 4.0 Macro to Drop Signed Payload}}, date = {2019-04-02}, organization = {DeepInstinct}, url = {https://www.deepinstinct.com/2019/04/02/new-servhelper-variant-employs-excel-4-0-macro-to-drop-signed-payload/}, language = {English}, urldate = {2019-07-11} } New ServHelper Variant Employs Excel 4.0 Macro to Drop Signed Payload
ServHelper
2019-03-05 ⋅ Bleeping ComputerLawrence Abrams
@online{abrams:20190305:cryptomix:33e7eac, author = {Lawrence Abrams}, title = {{CryptoMix Clop Ransomware Says It's Targeting Networks, Not Computers}}, date = {2019-03-05}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/cryptomix-clop-ransomware-says-its-targeting-networks-not-computers/}, language = {English}, urldate = {2020-01-13} } CryptoMix Clop Ransomware Says It's Targeting Networks, Not Computers
Clop
2019-02-02 ⋅ Medium SebdravenSébastien Larinier
@online{larinier:20190202:unpacking:894335d, author = {Sébastien Larinier}, title = {{Unpacking Clop}}, date = {2019-02-02}, organization = {Medium Sebdraven}, url = {https://medium.com/@Sebdraven/unpacking-clop-416b83718e0f}, language = {English}, urldate = {2020-01-06} } Unpacking Clop
Clop
2019-01-24 ⋅ 奇安信威胁情报中心事件追踪
@online{:20190124:excel:2dd401c, author = {事件追踪}, title = {{Excel 4.0 Macro Utilized by TA505 to Target Financial Institutions Recently}}, date = {2019-01-24}, organization = {奇安信威胁情报中心}, url = {https://ti.360.net/blog/articles/excel-4.0-macro-utilized-by-ta505-to-target-financial-institutions-recently-en/}, language = {English}, urldate = {2019-12-02} } Excel 4.0 Macro Utilized by TA505 to Target Financial Institutions Recently
ServHelper
2019-01-14 ⋅ Möbius Strip Reverse EngineeringRolf Rolles
@online{rolles:20190114:quick:42a2552, author = {Rolf Rolles}, title = {{A Quick Solution to an Ugly Reverse Engineering Problem}}, date = {2019-01-14}, organization = {Möbius Strip Reverse Engineering}, url = {https://www.msreverseengineering.com/blog/2019/1/14/a-quick-solution-to-an-ugly-reverse-engineering-problem}, language = {English}, urldate = {2020-01-13} } A Quick Solution to an Ugly Reverse Engineering Problem
FlawedGrace
2019-01-11 ⋅ ThreatpostTara Seals
@online{seals:20190111:ta505:48e9745, author = {Tara Seals}, title = {{TA505 Crime Gang Debuts Brand-New ServHelper Backdoor}}, date = {2019-01-11}, organization = {Threatpost}, url = {https://threatpost.com/ta505-servhelper-malware/140792/}, language = {English}, urldate = {2020-01-08} } TA505 Crime Gang Debuts Brand-New ServHelper Backdoor
TA505
2019-01-10 ⋅ Bleeping ComputerIonut Ilascu
@online{ilascu:20190110:ta505:12f4881, author = {Ionut Ilascu}, title = {{TA505 Group Adopts New ServHelper Backdoor and FlawedGrace RAT}}, date = {2019-01-10}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/ta505-group-adopts-new-servhelper-backdoor-and-flawedgrace-rat/}, language = {English}, urldate = {2019-12-20} } TA505 Group Adopts New ServHelper Backdoor and FlawedGrace RAT
TA505
2019-01-09 ⋅ ProofpointDennis Schwarz, Proofpoint Staff
@online{schwarz:20190109:servhelper:e20586c, author = {Dennis Schwarz and Proofpoint Staff}, title = {{ServHelper and FlawedGrace - New malware introduced by TA505}}, date = {2019-01-09}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/servhelper-and-flawedgrace-new-malware-introduced-ta505}, language = {English}, urldate = {2019-12-20} } ServHelper and FlawedGrace - New malware introduced by TA505
FlawedGrace ServHelper
2019 ⋅ CyberIntCyberInt
@techreport{cyberint:2019:legit:9925ea3, author = {CyberInt}, title = {{Legit Remote Admin Tools Turn into Threat Actors' Tools}}, date = {2019}, institution = {CyberInt}, url = {https://e.cyberint.com/hubfs/Report%20Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors%20Tools/CyberInt_Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors'%20Tools_Report.pdf}, language = {English}, urldate = {2019-12-19} } Legit Remote Admin Tools Turn into Threat Actors' Tools
RMS ServHelper TA505
2018-12-18 ⋅ Trend MicroTrendmicro
@online{trendmicro:20181218:ursnif:cc5ce31, author = {Trendmicro}, title = {{URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader}}, date = {2018-12-18}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/ursnif-emotet-dridex-and-bitpaymer-gangs-linked-by-a-similar-loader/}, language = {English}, urldate = {2020-01-07} } URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader
Dridex Emotet FriedEx ISFB
2018-07-19 ⋅ ProofpointProofpoint Staff
@online{staff:20180719:ta505:3c29d5a, author = {Proofpoint Staff}, title = {{TA505 Abusing SettingContent-ms within PDF files to Distribute FlawedAmmyy RAT}}, date = {2018-07-19}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/ta505-abusing-settingcontent-ms-within-pdf-files-distribute-flawedammyy-rat}, language = {English}, urldate = {2019-12-20} } TA505 Abusing SettingContent-ms within PDF files to Distribute FlawedAmmyy RAT
FlawedAmmyy
2018-06-28 ⋅ Secrary BlogLasha Khasaia
@online{khasaia:20180628:brief:d854824, author = {Lasha Khasaia}, title = {{A Brief Overview of the AMMYY RAT Downloader}}, date = {2018-06-28}, organization = {Secrary Blog}, url = {https://secrary.com/ReversingMalware/AMMY_RAT_Downloader/}, language = {English}, urldate = {2020-01-13} } A Brief Overview of the AMMYY RAT Downloader
FlawedAmmyy
2018-03-07 ⋅ ProofpointProofpoint Staff
@online{staff:20180307:leaked:5e33f64, author = {Proofpoint Staff}, title = {{Leaked Ammyy Admin Source Code Turned into Malware}}, date = {2018-03-07}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/leaked-source-code-ammyy-admin-turned-flawedammyy-rat}, language = {English}, urldate = {2019-12-20} } Leaked Ammyy Admin Source Code Turned into Malware
FlawedAmmyy QuantLoader
2018-01-26 ⋅ ESET ResearchMichal Poslušný
@online{poslun:20180126:friedex:3c3f46b, author = {Michal Poslušný}, title = {{FriedEx: BitPaymer ransomware the work of Dridex authors}}, date = {2018-01-26}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2018/01/26/friedex-bitpaymer-ransomware-work-dridex-authors/}, language = {English}, urldate = {2019-11-14} } FriedEx: BitPaymer ransomware the work of Dridex authors
Dridex FriedEx
2017-11-07 ⋅ ThreatVectorCylance Threat Research Team
@online{team:20171107:locky:a38e9b5, author = {Cylance Threat Research Team}, title = {{Locky Ransomware}}, date = {2017-11-07}, organization = {ThreatVector}, url = {https://www.cylance.com/en_us/blog/threat-spotlight-locky-ransomware.html}, language = {English}, urldate = {2020-01-07} } Locky Ransomware
Locky
2017-09-27 ⋅ ProofpointProofpoint Staff
@online{staff:20170927:threat:272e6ac, author = {Proofpoint Staff}, title = {{Threat Actor Profile: TA505, From Dridex to GlobeImposter}}, date = {2017-09-27}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta505-dridex-globeimposter}, language = {English}, urldate = {2019-12-20} } Threat Actor Profile: TA505, From Dridex to GlobeImposter
TA505
2017-09-21 ⋅ MalwarebytesJérôme Segura
@online{segura:20170921:fake:5f5963f, author = {Jérôme Segura}, title = {{Fake IRS notice delivers customized spying tool}}, date = {2017-09-21}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2017/09/cve-2017-0199-used-to-deliver-modified-rms-agent-rat/}, language = {English}, urldate = {2019-12-20} } Fake IRS notice delivers customized spying tool
RMS
2017-08-16 ⋅ Bleeping ComputerLawrence Abrams
@online{abrams:20170816:locky:7445bd0, author = {Lawrence Abrams}, title = {{Locky Ransomware switches to the Lukitus extension for Encrypted Files}}, date = {2017-08-16}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/locky-ransomware-switches-to-the-lukitus-extension-for-encrypted-files/}, language = {English}, urldate = {2019-12-20} } Locky Ransomware switches to the Lukitus extension for Encrypted Files
Locky
2017-08-10 ⋅ botfrei BlogTom Berchem
@online{berchem:20170810:weltweite:5df6bfa, author = {Tom Berchem}, title = {{Weltweite Spamwelle verbreitet teuflische Variante des Locky}}, date = {2017-08-10}, organization = {botfrei Blog}, url = {https://blog.botfrei.de/2017/08/weltweite-spamwelle-verbreitet-teufliche-variante-des-locky/}, language = {German}, urldate = {2019-12-10} } Weltweite Spamwelle verbreitet teuflische Variante des Locky
Locky
2017-07-25 ⋅ Github (viql)Johannes Bader
@online{bader:20170725:dridex:44f64d8, author = {Johannes Bader}, title = {{Dridex Loot}}, date = {2017-07-25}, organization = {Github (viql)}, url = {https://viql.github.io/dridex/}, language = {English}, urldate = {2020-01-07} } Dridex Loot
Dridex
2017-06-22 ⋅ Bleeping ComputerCatalin Cimpanu
@online{cimpanu:20170622:locky:4a088f0, author = {Catalin Cimpanu}, title = {{Locky Ransomware Returns, but Targets Only Windows XP & Vista}}, date = {2017-06-22}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/locky-ransomware-returns-but-targets-only-windows-xp-and-vista/}, language = {English}, urldate = {2019-12-20} } Locky Ransomware Returns, but Targets Only Windows XP & Vista
Locky
2017-06-21 ⋅ CiscoAlex Chiu, Warren Mercer, Jaeson Schultz, Sean Baird, Matthew Molyett
@online{chiu:20170621:player:b44064a, author = {Alex Chiu and Warren Mercer and Jaeson Schultz and Sean Baird and Matthew Molyett}, title = {{Player 1 Limps Back Into the Ring - Hello again, Locky!}}, date = {2017-06-21}, organization = {Cisco}, url = {http://blog.talosintelligence.com/2017/06/necurs-locky-campaign.html}, language = {English}, urldate = {2019-12-17} } Player 1 Limps Back Into the Ring - Hello again, Locky!
Locky
2017-02-28 ⋅ Security IntelligenceMagal Baz, Or Safran
@online{baz:20170228:dridexs:f72a5ec, author = {Magal Baz and Or Safran}, title = {{Dridex’s Cold War: Enter AtomBombing}}, date = {2017-02-28}, organization = {Security Intelligence}, url = {https://securityintelligence.com/dridexs-cold-war-enter-atombombing/}, language = {English}, urldate = {2019-12-16} } Dridex’s Cold War: Enter AtomBombing
Dridex
2017-01-31 ⋅ MalwarebytesMalwarebytes Labs
@online{labs:20170131:locky:92db484, author = {Malwarebytes Labs}, title = {{Locky Bart ransomware and backend server analysis}}, date = {2017-01-31}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2017/01/locky-bart-ransomware-and-backend-server-analysis/}, language = {English}, urldate = {2019-12-20} } Locky Bart ransomware and backend server analysis
Locky
2017-01-26 ⋅ FlashpointFlashpoint
@online{flashpoint:20170126:dridex:2ca4920, author = {Flashpoint}, title = {{Dridex Banking Trojan Returns, Leverages New UAC Bypass Method}}, date = {2017-01-26}, organization = {Flashpoint}, url = {https://www.flashpoint-intel.com/blog-dridex-banking-trojan-returns/}, language = {English}, urldate = {2020-01-08} } Dridex Banking Trojan Returns, Leverages New UAC Bypass Method
Dridex
2016-07-07 ⋅ Pierluigi Paganini
@online{paganini:20160707:new:7c765a2, author = {Pierluigi Paganini}, title = {{New threat dubbed Zepto Ransomware is spreading out with a new email spam campaign. It is a variant of the recent Locky Ransomware.}}, date = {2016-07-07}, url = {http://securityaffairs.co/wordpress/49094/malware/zepto-ransomware.html}, language = {English}, urldate = {2019-11-22} } New threat dubbed Zepto Ransomware is spreading out with a new email spam campaign. It is a variant of the recent Locky Ransomware.
Locky
2016-03-01 ⋅ Malwarebyteshasherezade
@online{hasherezade:20160301:look:fe35696, author = {hasherezade}, title = {{Look Into Locky Ransomware}}, date = {2016-03-01}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2016/03/look-into-locky/}, language = {English}, urldate = {2019-12-20} } Look Into Locky Ransomware
Locky
2016-02-16 ⋅ SymantecDick O'Brien
@techreport{obrien:20160216:dridex:7abdc31, author = {Dick O'Brien}, title = {{Dridex: Tidal waves of spam pushing dangerous financial Trojan}}, date = {2016-02-16}, institution = {Symantec}, url = {https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/dridex-financial-trojan.pdf}, language = {English}, urldate = {2020-01-08} } Dridex: Tidal waves of spam pushing dangerous financial Trojan
Dridex
2015-11-10 ⋅ CERT.PLCERT.PL
@online{certpl:20151110:talking:d93cf24, author = {CERT.PL}, title = {{Talking to Dridex (part 0) – inside the dropper}}, date = {2015-11-10}, organization = {CERT.PL}, url = {https://www.cert.pl/en/news/single/talking-dridex-part-0-inside-the-dropper/}, language = {English}, urldate = {2020-01-06} } Talking to Dridex (part 0) – inside the dropper
Dridex
2015-10-26 ⋅ BluelivBlueliv
@techreport{blueliv:20151026:chasing:975ef1a, author = {Blueliv}, title = {{Chasing cybercrime: network insights of Dyre and Dridex Trojan bankers}}, date = {2015-10-26}, institution = {Blueliv}, url = {https://www.blueliv.com/downloads/documentation/reports/Network_insights_of_Dyre_and_Dridex_Trojan_bankers.pdf}, language = {English}, urldate = {2020-01-13} } Chasing cybercrime: network insights of Dyre and Dridex Trojan bankers
Dridex Dyre
2015-10-13 ⋅ SecureworksBrett Stone-Gross
@online{stonegross:20151013:dridex:46d9a58, author = {Brett Stone-Gross}, title = {{Dridex (Bugat v5) Botnet Takeover Operation}}, date = {2015-10-13}, organization = {Secureworks}, url = {https://www.secureworks.com/research/dridex-bugat-v5-botnet-takeover-operation}, language = {English}, urldate = {2020-01-08} } Dridex (Bugat v5) Botnet Takeover Operation
Dridex

Credits: MISP Project