TA505, the name given by Proofpoint, has been in the cybercrime business for at least four years. This is the group behind the infamous Dridex banking trojan and Locky ransomware, delivered through malicious email campaigns via Necurs botnet. Other malware associated with TA505 include Philadelphia and GlobeImposter ransomware families.
2021-01-11 ⋅ The DFIR Report ⋅ The DFIR Report @online{report:20210111:trickbot:d1011f9,
author = {The DFIR Report},
title = {{Trickbot Still Alive and Well}},
date = {2021-01-11},
organization = {The DFIR Report},
url = {https://thedfirreport.com/2021/01/11/trickbot-still-alive-and-well/},
language = {English},
urldate = {2021-01-11}
}
Trickbot Still Alive and Well Cobalt Strike TrickBot |
2021-01-06 ⋅ DomainTools ⋅ Joe Slowik @online{slowik:20210106:holiday:6ef0c9d,
author = {Joe Slowik},
title = {{Holiday Bazar: Tracking a TrickBot-Related Ransomware Incident}},
date = {2021-01-06},
organization = {DomainTools},
url = {https://www.domaintools.com/resources/blog/tracking-a-trickbot-related-ransomware-incident},
language = {English},
urldate = {2021-01-10}
}
Holiday Bazar: Tracking a TrickBot-Related Ransomware Incident BazarBackdoor TrickBot |
2021-01-04 ⋅ SentinelOne ⋅ Marco Figueroa @online{figueroa:20210104:building:37407a6,
author = {Marco Figueroa},
title = {{Building a Custom Malware Analysis Lab Environment}},
date = {2021-01-04},
organization = {SentinelOne},
url = {https://labs.sentinelone.com/building-a-custom-malware-analysis-lab-environment/},
language = {English},
urldate = {2021-01-13}
}
Building a Custom Malware Analysis Lab Environment TrickBot |
2021-01-04 ⋅ Check Point ⋅ Check Point Research @online{research:20210104:dridex:2741eba,
author = {Check Point Research},
title = {{DRIDEX Stopping Serial Killer: Catching the Next Strike}},
date = {2021-01-04},
organization = {Check Point},
url = {https://research.checkpoint.com/2021/stopping-serial-killer-catching-the-next-strike/},
language = {English},
urldate = {2021-01-05}
}
DRIDEX Stopping Serial Killer: Catching the Next Strike Dridex |
2020-12-21 ⋅ KEYSIGHT TECHNOLOGIES ⋅ Edsel Valle @online{valle:20201221:trickbot:425da88,
author = {Edsel Valle},
title = {{TrickBot: A Closer Look}},
date = {2020-12-21},
organization = {KEYSIGHT TECHNOLOGIES},
url = {https://blogs.keysight.com/blogs/tech/nwvs.entry.html/2020/12/21/trickbot_a_closerl-TpQ0.html},
language = {English},
urldate = {2021-01-01}
}
TrickBot: A Closer Look TrickBot |
2020-12-18 ⋅ Intel 471 ⋅ Intel 471 @online{471:20201218:ta505s:8fb97af,
author = {Intel 471},
title = {{TA505’s modified loader means new attack campaign could be coming}},
date = {2020-12-18},
organization = {Intel 471},
url = {https://intel471.com/blog/ta505-get2-loader-malware-december-2020/},
language = {English},
urldate = {2020-12-19}
}
TA505’s modified loader means new attack campaign could be coming Get2 |
2020-12-15 ⋅ Twitter (@darb0ng) ⋅ Minhee Lee @online{lee:20201215:symrise:e60ff65,
author = {Minhee Lee},
title = {{Tweet on Symrise group hit by Clop Ransomware}},
date = {2020-12-15},
organization = {Twitter (@darb0ng)},
url = {https://twitter.com/darb0ng/status/1338692764121251840},
language = {English},
urldate = {2020-12-15}
}
Tweet on Symrise group hit by Clop Ransomware Clop |
2020-12-14 ⋅ Blueliv ⋅ Alberto Marín, Carlos Rubio, Blueliv Labs Team @online{marn:20201214:using:e81621e,
author = {Alberto Marín and Carlos Rubio and Blueliv Labs Team},
title = {{Using Qiling Framework to Unpack TA505 packed samples}},
date = {2020-12-14},
organization = {Blueliv},
url = {https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/using-qiling-framework-to-unpack-ta505-packed-samples/},
language = {English},
urldate = {2020-12-15}
}
Using Qiling Framework to Unpack TA505 packed samples AndroMut Azorult Silence TinyMet |
2020-12-10 ⋅ Cybereason ⋅ Joakim Kandefelt @online{kandefelt:20201210:cybereason:0267d5e,
author = {Joakim Kandefelt},
title = {{Cybereason vs. Ryuk Ransomware}},
date = {2020-12-10},
organization = {Cybereason},
url = {https://www.cybereason.com/blog/cybereason-vs.-ryuk-ransomware},
language = {English},
urldate = {2020-12-14}
}
Cybereason vs. Ryuk Ransomware BazarBackdoor Ryuk TrickBot |
2020-12-10 ⋅ CyberInt ⋅ CyberInt @online{cyberint:20201210:ryuk:e74b8f6,
author = {CyberInt},
title = {{Ryuk Crypto-Ransomware}},
date = {2020-12-10},
organization = {CyberInt},
url = {https://blog.cyberint.com/ryuk-crypto-ransomware},
language = {English},
urldate = {2020-12-14}
}
Ryuk Crypto-Ransomware Ryuk TrickBot |
2020-12-10 ⋅ US-CERT ⋅ US-CERT, FBI, MS-ISAC @online{uscert:20201210:alert:a5ec77e,
author = {US-CERT and FBI and MS-ISAC},
title = {{Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data}},
date = {2020-12-10},
organization = {US-CERT},
url = {https://us-cert.cisa.gov/ncas/alerts/aa20-345a},
language = {English},
urldate = {2020-12-11}
}
Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim Ransomware REvil Ryuk Zeus |
2020-12-03 ⋅ Bleeping Computer ⋅ Lawrence Abrams @online{abrams:20201203:ransomware:186759f,
author = {Lawrence Abrams},
title = {{Ransomware gang says they stole 2 million credit cards from E-Land}},
date = {2020-12-03},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/ransomware-gang-says-they-stole-2-million-credit-cards-from-e-land/},
language = {English},
urldate = {2020-12-08}
}
Ransomware gang says they stole 2 million credit cards from E-Land Clop |
2020-12-03 ⋅ Eclypsium ⋅ Eclypsium @online{eclypsium:20201203:trickbot:7b5b0eb,
author = {Eclypsium},
title = {{TrickBot Now Offers ‘TrickBoot’: Persist, Brick, Profit}},
date = {2020-12-03},
organization = {Eclypsium},
url = {https://eclypsium.com/2020/12/03/trickbot-now-offers-trickboot-persist-brick-profit/},
language = {English},
urldate = {2020-12-03}
}
TrickBot Now Offers ‘TrickBoot’: Persist, Brick, Profit TrickBot |
2020-11-23 ⋅ S2W LAB Inc. ⋅ TALON @online{talon:20201123:s2w:97212ec,
author = {TALON},
title = {{[S2W LAB] Analysis of Clop Ransomware suspiciously related to the Recent Incident}},
date = {2020-11-23},
organization = {S2W LAB Inc.},
url = {https://www.notion.so/S2W-LAB-Analysis-of-Clop-Ransomware-suspiciously-related-to-the-Recent-Incident-English-088056baf01242409a6e9f844f0c5f2e},
language = {English},
urldate = {2020-12-03}
}
[S2W LAB] Analysis of Clop Ransomware suspiciously related to the Recent Incident Clop |
2020-11-23 ⋅ Bitdefender ⋅ Liviu Arsene, Radu Tudorica @online{arsene:20201123:trickbot:bcf3c42,
author = {Liviu Arsene and Radu Tudorica},
title = {{TrickBot is Dead. Long Live TrickBot!}},
date = {2020-11-23},
organization = {Bitdefender},
url = {https://labs.bitdefender.com/2020/11/trickbot-is-dead-long-live-trickbot/},
language = {English},
urldate = {2020-11-25}
}
TrickBot is Dead. Long Live TrickBot! TrickBot |
2020-11-22 ⋅ malware.love ⋅ Robert Giczewski @online{giczewski:20201122:trickbot:06baa84,
author = {Robert Giczewski},
title = {{Trickbot tricks again [UPDATE]}},
date = {2020-11-22},
organization = {malware.love},
url = {https://malware.love/trickbot/malware_analysis/reverse_engineering/2020/11/22/trickbot-fake-ips-part2.html},
language = {English},
urldate = {2020-11-23}
}
Trickbot tricks again [UPDATE] TrickBot |
2020-11-20 ⋅ Bleeping Computer ⋅ Lawrence Abrams @online{abrams:20201120:lightbot:473b7c3,
author = {Lawrence Abrams},
title = {{LightBot: TrickBot’s new reconnaissance malware for high-value targets}},
date = {2020-11-20},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/lightbot-trickbot-s-new-reconnaissance-malware-for-high-value-targets/},
language = {English},
urldate = {2020-11-23}
}
LightBot: TrickBot’s new reconnaissance malware for high-value targets LightBot TrickBot |
2020-11-20 ⋅ ZDNet ⋅ Catalin Cimpanu @online{cimpanu:20201120:malware:0b8ff59,
author = {Catalin Cimpanu},
title = {{The malware that usually installs ransomware and you need to remove right away}},
date = {2020-11-20},
organization = {ZDNet},
url = {https://www.zdnet.com/article/the-malware-that-usually-installs-ransomware-and-you-need-to-remove-right-away/},
language = {English},
urldate = {2020-11-23}
}
The malware that usually installs ransomware and you need to remove right away Avaddon Ransomware BazarBackdoor Buer Clop Cobalt Strike Conti Ransomware DoppelPaymer Dridex Egregor Emotet FriedEx MegaCortex Phorpiex PwndLocker QakBot Ryuk SDBbot TrickBot Zloader |
2020-11-18 ⋅ Sophos ⋅ Sophos @techreport{sophos:20201118:sophos:8fd201e,
author = {Sophos},
title = {{SOPHOS 2021 THREAT REPORT Navigating cybersecurity in an uncertain world}},
date = {2020-11-18},
institution = {Sophos},
url = {https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2021-threat-report.pdf},
language = {English},
urldate = {2020-11-19}
}
SOPHOS 2021 THREAT REPORT Navigating cybersecurity in an uncertain world Agent Tesla Dridex TrickBot Zloader |
2020-11-17 ⋅ Twitter (@VK_intel) ⋅ Vitali Kremez @online{kremez:20201117:new:2098c0a,
author = {Vitali Kremez},
title = {{Tweet on a new fileless TrickBot loading method using code from MemoryModule}},
date = {2020-11-17},
organization = {Twitter (@VK_intel)},
url = {https://twitter.com/VK_Intel/status/1328578336021483522},
language = {English},
urldate = {2020-12-14}
}
Tweet on a new fileless TrickBot loading method using code from MemoryModule TrickBot |
2020-11-17 ⋅ malware.love ⋅ Robert Giczewski @online{giczewski:20201117:trickbot:1bbf92a,
author = {Robert Giczewski},
title = {{Trickbot tricks again}},
date = {2020-11-17},
organization = {malware.love},
url = {https://malware.love/trickbot/malware_analysis/reverse_engineering/2020/11/17/trickbots-latest-trick.html},
language = {English},
urldate = {2020-11-19}
}
Trickbot tricks again TrickBot |
2020-11-17 ⋅ Salesforce Engineering ⋅ John Althouse @online{althouse:20201117:easily:172bd6d,
author = {John Althouse},
title = {{Easily Identify Malicious Servers on the Internet with JARM}},
date = {2020-11-17},
organization = {Salesforce Engineering},
url = {https://engineering.salesforce.com/easily-identify-malicious-servers-on-the-internet-with-jarm-e095edac525a},
language = {English},
urldate = {2020-12-03}
}
Easily Identify Malicious Servers on the Internet with JARM Cobalt Strike TrickBot |
2020-11-16 ⋅ Fox-IT ⋅ Antonis Terefos, Anne Postma, Tera0017 @online{terefos:20201116:ta505:8449383,
author = {Antonis Terefos and Anne Postma and Tera0017},
title = {{TA505: A Brief History Of Their Time}},
date = {2020-11-16},
organization = {Fox-IT},
url = {https://blog.fox-it.com/2020/11/16/ta505-a-brief-history-of-their-time/},
language = {English},
urldate = {2020-11-23}
}
TA505: A Brief History Of Their Time Clop Get2 SDBbot TA505 |
2020-11-16 ⋅ Intel 471 ⋅ Intel 471 @online{471:20201116:ransomwareasaservice:11a5a8b,
author = {Intel 471},
title = {{Ransomware-as-a-service: The pandemic within a pandemic}},
date = {2020-11-16},
organization = {Intel 471},
url = {https://public.intel471.com/blog/ransomware-as-a-service-2020-ryuk-maze-revil-egregor-doppelpaymer/},
language = {English},
urldate = {2020-11-17}
}
Ransomware-as-a-service: The pandemic within a pandemic Avaddon Ransomware Clop Conti Ransomware DoppelPaymer Egregor Hakbit Mailto Maze Mespinoza RagnarLocker REvil Ryuk SunCrypt ThunderX Ransomware |
2020-11-12 ⋅ Australian Cyber Security Centre ⋅ Australian Cyber Security Centre (ACSC) @online{acsc:20201112:biotech:edf0f4a,
author = {Australian Cyber Security Centre (ACSC)},
title = {{Biotech research firm Miltenyi Biotec hit by ransomware, data leaked}},
date = {2020-11-12},
organization = {Australian Cyber Security Centre},
url = {https://www.cyber.gov.au/acsc/view-all-content/alerts/sdbbot-targeting-health-sector},
language = {English},
urldate = {2020-11-18}
}
Biotech research firm Miltenyi Biotec hit by ransomware, data leaked SDBbot |
2020-11-10 ⋅ Intel 471 ⋅ Intel 471 @online{471:20201110:trickbot:5db76db,
author = {Intel 471},
title = {{Trickbot down, but is it out?}},
date = {2020-11-10},
organization = {Intel 471},
url = {https://public.intel471.com/blog/trickbot-update-november-2020-bazar-loader-microsoft/},
language = {English},
urldate = {2020-11-11}
}
Trickbot down, but is it out? BazarBackdoor TrickBot |
2020-11-05 ⋅ Kaspersky Labs ⋅ Kaspersky Lab ICS CERT, Vyacheslav Kopeytsev @techreport{cert:20201105:attackson:62f1e26,
author = {Kaspersky Lab ICS CERT and Vyacheslav Kopeytsev},
title = {{Attackson industrial enterprises using RMS and TeamViewer: new data}},
date = {2020-11-05},
institution = {Kaspersky Labs},
url = {https://ics-cert.kaspersky.com/media/Kaspersky-Attacks-on-industrial-enterprises-using-RMS-and-TeamViewer-EN.pdf},
language = {English},
urldate = {2020-11-06}
}
Attackson industrial enterprises using RMS and TeamViewer: new data RMS |
2020-11-04 ⋅ VMRay ⋅ Giovanni Vigna @online{vigna:20201104:trick:a59a333,
author = {Giovanni Vigna},
title = {{Trick or Threat: Ryuk ransomware targets the health care industry}},
date = {2020-11-04},
organization = {VMRay},
url = {https://blogs.vmware.com/networkvirtualization/2020/11/trick-or-threat-ryuk-ransomware-targets-the-health-care-industry.html/},
language = {English},
urldate = {2020-11-06}
}
Trick or Threat: Ryuk ransomware targets the health care industry BazarBackdoor Cobalt Strike Ryuk TrickBot |
2020-10-29 ⋅ CERT-FR ⋅ CERT-FR @techreport{certfr:20201029:le:d296223,
author = {CERT-FR},
title = {{LE MALWARE-AS-A-SERVICE EMOTET}},
date = {2020-10-29},
institution = {CERT-FR},
url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-010.pdf},
language = {English},
urldate = {2020-11-04}
}
LE MALWARE-AS-A-SERVICE EMOTET Dridex Emotet ISFB QakBot |
2020-10-29 ⋅ Palo Alto Networks Unit 42 ⋅ Brittany Barbehenn, Doel Santos, Brad Duncan @online{barbehenn:20201029:threat:de33a6d,
author = {Brittany Barbehenn and Doel Santos and Brad Duncan},
title = {{Threat Assessment: Ryuk Ransomware and Trickbot Targeting U.S. Healthcare and Public Health Sector}},
date = {2020-10-29},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/ryuk-ransomware/},
language = {English},
urldate = {2020-11-02}
}
Threat Assessment: Ryuk Ransomware and Trickbot Targeting U.S. Healthcare and Public Health Sector Anchor BazarBackdoor Ryuk TrickBot |
2020-10-29 ⋅ Twitter (@anthomsec) ⋅ Andrew Thompson @online{thompson:20201029:unc1878:26c88d4,
author = {Andrew Thompson},
title = {{Tweet on UNC1878 activity}},
date = {2020-10-29},
organization = {Twitter (@anthomsec)},
url = {https://twitter.com/anthomsec/status/1321865315513520128},
language = {English},
urldate = {2020-11-04}
}
Tweet on UNC1878 activity BazarBackdoor Ryuk TrickBot UNC1878 |
2020-10-29 ⋅ Red Canary ⋅ The Red Canary Team @online{team:20201029:bazar:1846b93,
author = {The Red Canary Team},
title = {{A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak}},
date = {2020-10-29},
organization = {Red Canary},
url = {https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/},
language = {English},
urldate = {2020-11-02}
}
A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak Cobalt Strike Ryuk TrickBot |
2020-10-26 ⋅ Arbor Networks ⋅ Suweera De Souza @online{souza:20201026:dropping:8ac1e1d,
author = {Suweera De Souza},
title = {{Dropping the Anchor}},
date = {2020-10-26},
organization = {Arbor Networks},
url = {https://www.netscout.com/blog/asert/dropping-anchor},
language = {English},
urldate = {2020-10-29}
}
Dropping the Anchor Anchor_DNS Anchor TrickBot |
2020-10-23 ⋅ Hornetsecurity ⋅ Hornetsecurity Security Lab @online{lab:20201023:leakwareransomwarehybrid:ae1de8e,
author = {Hornetsecurity Security Lab},
title = {{Leakware-Ransomware-Hybrid Attacks}},
date = {2020-10-23},
organization = {Hornetsecurity},
url = {https://www.hornetsecurity.com/en/security-informationen-en/leakware-ransomware-hybrid-attacks/},
language = {English},
urldate = {2020-12-08}
}
Leakware-Ransomware-Hybrid Attacks Avaddon Ransomware Clop Conti Ransomware DarkSide DoppelPaymer Mailto Maze Mespinoza Nefilim Ransomware RagnarLocker REvil Sekhmet Ransomware SunCrypt |
2020-10-20 ⋅ Intel 471 ⋅ Intel 471 @online{471:20201020:global:570e26f,
author = {Intel 471},
title = {{Global Trickbot disruption operation shows promise}},
date = {2020-10-20},
organization = {Intel 471},
url = {https://public.intel471.com/blog/global-trickbot-disruption-operation-shows-promise/},
language = {English},
urldate = {2020-10-21}
}
Global Trickbot disruption operation shows promise TrickBot |
2020-10-20 ⋅ Bundesamt für Sicherheit in der Informationstechnik ⋅ BSI @online{bsi:20201020:die:0683ad4,
author = {BSI},
title = {{Die Lage der IT-Sicherheit in Deutschland 2020}},
date = {2020-10-20},
organization = {Bundesamt für Sicherheit in der Informationstechnik},
url = {https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Lageberichte/Lagebericht2020.pdf?__blob=publicationFile&v=2},
language = {German},
urldate = {2020-10-21}
}
Die Lage der IT-Sicherheit in Deutschland 2020 Clop Emotet REvil Ryuk TrickBot |
2020-10-20 ⋅ Microsoft ⋅ Tom Burt @online{burt:20201020:update:12549c2,
author = {Tom Burt},
title = {{An update on disruption of Trickbot}},
date = {2020-10-20},
organization = {Microsoft},
url = {https://blogs.microsoft.com/on-the-issues/2020/10/20/trickbot-ransomware-disruption-update/},
language = {English},
urldate = {2020-10-23}
}
An update on disruption of Trickbot TrickBot |
2020-10-16 ⋅ Duo ⋅ Dennis Fisher @online{fisher:20201016:trickbot:be18c46,
author = {Dennis Fisher},
title = {{Trickbot Up to Its Old Tricks}},
date = {2020-10-16},
organization = {Duo},
url = {https://duo.com/decipher/trickbot-up-to-its-old-tricks},
language = {English},
urldate = {2020-10-23}
}
Trickbot Up to Its Old Tricks TrickBot |
2020-10-16 ⋅ CrowdStrike ⋅ The Crowdstrike Intel Team @online{team:20201016:wizard:12b648a,
author = {The Crowdstrike Intel Team},
title = {{WIZARD SPIDER Update: Resilient, Reactive and Resolute}},
date = {2020-10-16},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/wizard-spider-adversary-update/},
language = {English},
urldate = {2020-10-21}
}
WIZARD SPIDER Update: Resilient, Reactive and Resolute BazarBackdoor Conti Ransomware Ryuk TrickBot |
2020-10-15 ⋅ Intel 471 ⋅ Intel 471 @online{471:20201015:that:2d4b495,
author = {Intel 471},
title = {{That was quick: Trickbot is back after disruption attempts}},
date = {2020-10-15},
organization = {Intel 471},
url = {https://public.intel471.com/blog/trickbot-online-emotet-microsoft-cyber-command-disruption-attempts/},
language = {English},
urldate = {2020-10-15}
}
That was quick: Trickbot is back after disruption attempts TrickBot |
2020-10-15 ⋅ Department of Justice ⋅ Department of Justice @online{justice:20201015:officials:b340951,
author = {Department of Justice},
title = {{Officials Announce International Operation Targeting Transnational Criminal Organization QQAAZZ that Provided Money Laundering Services to High-Level Cybercriminals}},
date = {2020-10-15},
organization = {Department of Justice},
url = {https://www.justice.gov/opa/pr/officials-announce-international-operation-targeting-transnational-criminal-organization},
language = {English},
urldate = {2020-10-23}
}
Officials Announce International Operation Targeting Transnational Criminal Organization QQAAZZ that Provided Money Laundering Services to High-Level Cybercriminals Dridex ISFB TrickBot |
2020-10-12 ⋅ US District Court for the Eastern District of Virginia @techreport{virginia:20201012:trickbot:f3af852,
author = {US District Court for the Eastern District of Virginia},
title = {{TRICKBOT complaint}},
date = {2020-10-12},
institution = {},
url = {https://noticeofpleadings.com/trickbot/files/Complaint%20and%20Summons/2020-10-06%20Trickbot%201%20Complaint%20with%20exs.pdf},
language = {English},
urldate = {2020-10-13}
}
TRICKBOT complaint TrickBot |
2020-10-12 ⋅ Lumen ⋅ Black Lotus Labs @online{labs:20201012:look:7b422f7,
author = {Black Lotus Labs},
title = {{A Look Inside The TrickBot Botnet}},
date = {2020-10-12},
organization = {Lumen},
url = {https://blog.lumen.com/a-look-inside-the-trickbot-botnet/},
language = {English},
urldate = {2020-10-12}
}
A Look Inside The TrickBot Botnet TrickBot |
2020-10-12 ⋅ ESET Research ⋅ Jean-Ian Boutin @online{boutin:20201012:eset:a7eeb51,
author = {Jean-Ian Boutin},
title = {{ESET takes part in global operation to disrupt Trickbot}},
date = {2020-10-12},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2020/10/12/eset-takes-part-global-operation-disrupt-trickbot/},
language = {English},
urldate = {2020-10-12}
}
ESET takes part in global operation to disrupt Trickbot TrickBot |
2020-10-12 ⋅ Microsoft ⋅ Microsoft 365 Defender Threat Intelligence Team @online{team:20201012:trickbot:e4f086f,
author = {Microsoft 365 Defender Threat Intelligence Team},
title = {{Trickbot disrupted}},
date = {2020-10-12},
organization = {Microsoft},
url = {https://www.microsoft.com/security/blog/2020/10/12/trickbot-disrupted/},
language = {English},
urldate = {2020-10-12}
}
Trickbot disrupted TrickBot |
2020-10-12 ⋅ Microsoft ⋅ Tom Burt @online{burt:20201012:new:045c1c3,
author = {Tom Burt},
title = {{New action to combat ransomware ahead of U.S. elections}},
date = {2020-10-12},
organization = {Microsoft},
url = {https://blogs.microsoft.com/on-the-issues/2020/10/12/trickbot-ransomware-cyberthreat-us-elections/},
language = {English},
urldate = {2020-10-12}
}
New action to combat ransomware ahead of U.S. elections Ryuk TrickBot |
2020-10-12 ⋅ Symantec ⋅ Threat Hunter Team @online{team:20201012:trickbot:5c1e5bf,
author = {Threat Hunter Team},
title = {{Trickbot: U.S. Court Order Hits Botnet’s Infrastructure}},
date = {2020-10-12},
organization = {Symantec},
url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/trickbot-botnet-ransomware-disruption},
language = {English},
urldate = {2020-10-12}
}
Trickbot: U.S. Court Order Hits Botnet’s Infrastructure Ryuk TrickBot |
2020-10-10 ⋅ The Washington Post ⋅ Ellen Nakashima @online{nakashima:20201010:cyber:9f29985,
author = {Ellen Nakashima},
title = {{Cyber Command has sought to disrupt the world’s largest botnet, hoping to reduce its potential impact on the election}},
date = {2020-10-10},
organization = {The Washington Post},
url = {https://www.washingtonpost.com/national-security/cyber-command-trickbot-disrupt/2020/10/09/19587aae-0a32-11eb-a166-dc429b380d10_story.html},
language = {English},
urldate = {2020-10-12}
}
Cyber Command has sought to disrupt the world’s largest botnet, hoping to reduce its potential impact on the election TrickBot |
2020-10-08 ⋅ ZDNet ⋅ Catalin Cimpanu @online{cimpanu:20201008:german:7b88550,
author = {Catalin Cimpanu},
title = {{German tech giant Software AG down after ransomware attack}},
date = {2020-10-08},
organization = {ZDNet},
url = {https://www.zdnet.com/article/german-tech-giant-software-ag-down-after-ransomware-attack/},
language = {English},
urldate = {2020-10-12}
}
German tech giant Software AG down after ransomware attack Clop |
2020-10-08 ⋅ Bromium ⋅ Alex Holland @online{holland:20201008:droppers:b8a580e,
author = {Alex Holland},
title = {{Droppers, Downloaders and TrickBot: Detecting a Stealthy COVID-19-themed Campaign using Toolmarks}},
date = {2020-10-08},
organization = {Bromium},
url = {https://threatresearch.ext.hp.com/detecting-a-stealthy-trickbot-campaign/},
language = {English},
urldate = {2020-10-29}
}
Droppers, Downloaders and TrickBot: Detecting a Stealthy COVID-19-themed Campaign using Toolmarks TrickBot |
2020-10-06 ⋅ Telekom ⋅ Thomas Barabosch @online{barabosch:20201006:eager:54da318,
author = {Thomas Barabosch},
title = {{Eager Beaver: A Short Overview of the Restless Threat Actor TA505}},
date = {2020-10-06},
organization = {Telekom},
url = {https://www.telekom.com/en/blog/group/article/eager-beaver-a-short-overview-of-the-restless-threat-actor-ta505-609546},
language = {English},
urldate = {2020-10-08}
}
Eager Beaver: A Short Overview of the Restless Threat Actor TA505 Clop Get2 SDBbot TA505 |
2020-10-03 ⋅ Wikipedia ⋅ Wikpedia @online{wikpedia:20201003:wikipedia:70dbf1e,
author = {Wikpedia},
title = {{Wikipedia Page: Maksim Yakubets}},
date = {2020-10-03},
organization = {Wikipedia},
url = {https://en.wikipedia.org/wiki/Maksim_Yakubets},
language = {English},
urldate = {2020-11-02}
}
Wikipedia Page: Maksim Yakubets Dridex Feodo Evil Corp |
2020-10-03 ⋅ Avira ⋅ Avira Protection Labs @online{labs:20201003:ta505:b03fbee,
author = {Avira Protection Labs},
title = {{TA505 targets the Americas in a new campaign}},
date = {2020-10-03},
organization = {Avira},
url = {https://insights.oem.avira.com/ta505-apt-group-targets-americas/},
language = {English},
urldate = {2020-10-05}
}
TA505 targets the Americas in a new campaign ServHelper |
2020-10-02 ⋅ KrebsOnSecurity ⋅ Brian Krebs @online{krebs:20201002:attacks:a6dc6e3,
author = {Brian Krebs},
title = {{Attacks Aimed at Disrupting the Trickbot Botnet}},
date = {2020-10-02},
organization = {KrebsOnSecurity},
url = {https://krebsonsecurity.com/2020/10/attacks-aimed-at-disrupting-the-trickbot-botnet/},
language = {English},
urldate = {2020-10-05}
}
Attacks Aimed at Disrupting the Trickbot Botnet TrickBot |
2020-10-02 ⋅ Health Sector Cybersecurity Coordination Center (HC3) ⋅ Health Sector Cybersecurity Coordination Center (HC3) @techreport{hc3:20201002:report:0ca373f,
author = {Health Sector Cybersecurity Coordination Center (HC3)},
title = {{Report 202010021600: Recent Bazarloader Use in Ransomware Campaigns}},
date = {2020-10-02},
institution = {Health Sector Cybersecurity Coordination Center (HC3)},
url = {https://www.hhs.gov/sites/default/files/bazarloader.pdf},
language = {English},
urldate = {2020-11-02}
}
Report 202010021600: Recent Bazarloader Use in Ransomware Campaigns BazarBackdoor Cobalt Strike Ryuk TrickBot |
2020-09-30 ⋅ CERT-XLM ⋅ Paul Jung @techreport{jung:20200930:another:5edbad3,
author = {Paul Jung},
title = {{Another Threat Actor day...}},
date = {2020-09-30},
institution = {CERT-XLM},
url = {https://vblocalhost.com/uploads/VB2020-Jung.pdf},
language = {English},
urldate = {2020-12-08}
}
Another Threat Actor day... SDBbot |
2020-09-29 ⋅ Microsoft ⋅ Microsoft @techreport{microsoft:20200929:microsoft:6e5d7b0,
author = {Microsoft},
title = {{Microsoft Digital Defense Report}},
date = {2020-09-29},
institution = {Microsoft},
url = {https://download.microsoft.com/download/f/8/1/f816b8b6-bee3-41e5-b6cc-e925a5688f61/Microsoft_Digital_Defense_Report_2020_September.pdf},
language = {English},
urldate = {2020-10-05}
}
Microsoft Digital Defense Report Emotet IcedID Mailto Maze QakBot REvil RobinHood TrickBot |
2020-09-22 ⋅ OSINT Fans ⋅ Gabor Szathmari @online{szathmari:20200922:what:60d1e26,
author = {Gabor Szathmari},
title = {{What Service NSW has to do with Russia?}},
date = {2020-09-22},
organization = {OSINT Fans},
url = {https://osint.fans/service-nsw-russia-association},
language = {English},
urldate = {2020-09-23}
}
What Service NSW has to do with Russia? TrickBot |
2020-09-18 ⋅ AppGate ⋅ Gustavo Palazolo, Felipe Duarte @online{palazolo:20200918:reverse:689e4cb,
author = {Gustavo Palazolo and Felipe Duarte},
title = {{Reverse Engineering Dridex and Automating IOC Extraction}},
date = {2020-09-18},
organization = {AppGate},
url = {https://www.appgate.com/blog/reverse-engineering-dridex-and-automating-ioc-extraction},
language = {English},
urldate = {2020-09-25}
}
Reverse Engineering Dridex and Automating IOC Extraction Dridex |
2020-09-16 ⋅ Intel 471 ⋅ Intel 471 @online{471:20200916:partners:c65839f,
author = {Intel 471},
title = {{Partners in crime: North Koreans and elite Russian-speaking cybercriminals}},
date = {2020-09-16},
organization = {Intel 471},
url = {https://public.intel471.com/blog/partners-in-crime-north-koreans-and-elite-russian-speaking-cybercriminals/},
language = {English},
urldate = {2020-09-23}
}
Partners in crime: North Koreans and elite Russian-speaking cybercriminals TrickBot |
2020-09-10 ⋅ SANS ISC InfoSec Forums ⋅ Brad Duncan @online{duncan:20200910:recent:f9e103f,
author = {Brad Duncan},
title = {{Recent Dridex activity}},
date = {2020-09-10},
organization = {SANS ISC InfoSec Forums},
url = {https://isc.sans.edu/forums/diary/Recent+Dridex+activity/26550/},
language = {English},
urldate = {2020-09-15}
}
Recent Dridex activity Dridex |
2020-09-07 ⋅ Github (pan-unit42) ⋅ Brad Duncan @online{duncan:20200907:collection:09ab7be,
author = {Brad Duncan},
title = {{Collection of recent Dridex IOCs}},
date = {2020-09-07},
organization = {Github (pan-unit42)},
url = {https://github.com/pan-unit42/tweets/blob/master/2020-09-07-Dridex-IOCs.txt},
language = {English},
urldate = {2020-09-15}
}
Collection of recent Dridex IOCs Cutwail Dridex |
2020-08-31 ⋅ cyber.wtf blog ⋅ Luca Ebach @online{ebach:20200831:trickbot:c975ec5,
author = {Luca Ebach},
title = {{Trickbot rdpscanDll – Transforming Candidate Credentials for Brute-Forcing RDP Servers}},
date = {2020-08-31},
organization = {cyber.wtf blog},
url = {https://cyber.wtf/2020/08/31/trickbot-rdpscandll-password-transof/},
language = {English},
urldate = {2020-08-31}
}
Trickbot rdpscanDll – Transforming Candidate Credentials for Brute-Forcing RDP Servers TrickBot |
2020-08-21 ⋅ Palo Alto Networks Unit 42 ⋅ Brad Duncan @online{duncan:20200821:wireshark:d98d5ed,
author = {Brad Duncan},
title = {{Wireshark Tutorial: Decrypting HTTPS Traffic}},
date = {2020-08-21},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/wireshark-tutorial-decrypting-https-traffic/},
language = {English},
urldate = {2020-08-25}
}
Wireshark Tutorial: Decrypting HTTPS Traffic Dridex |
2020-08-20 ⋅ CERT-FR ⋅ CERT-FR @techreport{certfr:20200820:development:d518522,
author = {CERT-FR},
title = {{Development of the Activity of the TA505 Cybercriminal Group}},
date = {2020-08-20},
institution = {CERT-FR},
url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-009.pdf},
language = {English},
urldate = {2020-08-28}
}
Development of the Activity of the TA505 Cybercriminal Group AndroMut Bart Clop Dridex FlawedAmmyy FlawedGrace Get2 Locky Marap QuantLoader SDBbot ServHelper tRat TrickBot |
2020-08-20 ⋅ sensecy ⋅ cyberthreatinsider @online{cyberthreatinsider:20200820:global:34ee2ea,
author = {cyberthreatinsider},
title = {{Global Ransomware Attacks in 2020: The Top 4 Vulnerabilities}},
date = {2020-08-20},
organization = {sensecy},
url = {https://blog.sensecy.com/2020/08/20/global-ransomware-attacks-in-2020-the-top-4-vulnerabilities/},
language = {English},
urldate = {2020-11-04}
}
Global Ransomware Attacks in 2020: The Top 4 Vulnerabilities Clop Maze REvil Ryuk |
2020-08-03 ⋅ The DFIR Report @online{report:20200803:dridex:165cf39,
author = {The DFIR Report},
title = {{Dridex – From Word to Domain Dominance}},
date = {2020-08-03},
url = {https://thedfirreport.com/2020/08/03/dridex-from-word-to-domain-dominance/},
language = {English},
urldate = {2020-08-05}
}
Dridex – From Word to Domain Dominance Dridex |
2020-07-29 ⋅ ESET Research ⋅ welivesecurity @techreport{welivesecurity:20200729:threat:496355c,
author = {welivesecurity},
title = {{THREAT REPORT Q2 2020}},
date = {2020-07-29},
institution = {ESET Research},
url = {https://www.welivesecurity.com/wp-content/uploads/2020/07/ESET_Threat_Report_Q22020.pdf},
language = {English},
urldate = {2020-07-30}
}
THREAT REPORT Q2 2020 DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos Ransomware PlugX Pony REvil Socelars STOP Ransomware Tinba TrickBot WannaCryptor |
2020-07-22 ⋅ SentinelOne ⋅ Jason Reaves, Joshua Platt @online{reaves:20200722:enter:71d9038,
author = {Jason Reaves and Joshua Platt},
title = {{Enter the Maze: Demystifying an Affiliate Involved in Maze (SNOW)}},
date = {2020-07-22},
organization = {SentinelOne},
url = {https://labs.sentinelone.com/enter-the-maze-demystifying-an-affiliate-involved-in-maze-snow/},
language = {English},
urldate = {2020-07-23}
}
Enter the Maze: Demystifying an Affiliate Involved in Maze (SNOW) ISFB Maze TrickBot Zloader |
2020-07-20 ⋅ Bleeping Computer ⋅ Lawrence Abrams @online{abrams:20200720:emotettrickbot:a8e84d2,
author = {Lawrence Abrams},
title = {{Emotet-TrickBot malware duo is back infecting Windows machines}},
date = {2020-07-20},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/emotet-trickbot-malware-duo-is-back-infecting-windows-machines/},
language = {English},
urldate = {2020-07-21}
}
Emotet-TrickBot malware duo is back infecting Windows machines Emotet TrickBot |
2020-07-17 ⋅ CERT-FR ⋅ CERT-FR @techreport{certfr:20200717:malware:5c58cdf,
author = {CERT-FR},
title = {{The Malware Dridex: Origins and Uses}},
date = {2020-07-17},
institution = {CERT-FR},
url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-008.pdf},
language = {English},
urldate = {2020-07-20}
}
The Malware Dridex: Origins and Uses Andromeda CryptoLocker Cutwail DoppelPaymer Dridex Emotet FriedEx Gameover P2P Gandcrab ISFB Murofet Necurs Predator The Thief Zeus |
2020-07-15 ⋅ Intel 471 ⋅ Intel 471 @online{471:20200715:flowspec:683a5a1,
author = {Intel 471},
title = {{Flowspec – TA505’s bulletproof hoster of choice}},
date = {2020-07-15},
organization = {Intel 471},
url = {https://blog.intel471.com/2020/07/15/flowspec-ta505s-bulletproof-hoster-of-choice/},
language = {English},
urldate = {2020-07-16}
}
Flowspec – TA505’s bulletproof hoster of choice Get2 |
2020-07-13 ⋅ JoeSecurity ⋅ Joe Security @online{security:20200713:trickbots:a164ba5,
author = {Joe Security},
title = {{TrickBot's new API-Hammering explained}},
date = {2020-07-13},
organization = {JoeSecurity},
url = {https://www.joesecurity.org/blog/498839998833561473},
language = {English},
urldate = {2020-07-15}
}
TrickBot's new API-Hammering explained TrickBot |
2020-07-11 ⋅ BleepingComputer ⋅ Lawrence Abrams @online{abrams:20200711:trickbot:7e70ad3,
author = {Lawrence Abrams},
title = {{TrickBot malware mistakenly warns victims that they are infected}},
date = {2020-07-11},
organization = {BleepingComputer},
url = {https://www.bleepingcomputer.com/news/security/trickbot-malware-mistakenly-warns-victims-that-they-are-infected/},
language = {English},
urldate = {2020-07-15}
}
TrickBot malware mistakenly warns victims that they are infected TrickBot |
2020-07-11 ⋅ Advanced Intelligence ⋅ Vitali Kremez @online{kremez:20200711:trickbot:602fd73,
author = {Vitali Kremez},
title = {{TrickBot Group Launches Test Module Alerting on Fraud Activity}},
date = {2020-07-11},
organization = {Advanced Intelligence},
url = {https://www.advanced-intel.com/post/trickbot-group-launches-test-module-alerting-on-fraud-activity},
language = {English},
urldate = {2020-07-13}
}
TrickBot Group Launches Test Module Alerting on Fraud Activity TrickBot |
2020-07-09 ⋅ Gdata ⋅ G DATA Security Lab @online{lab:20200709:servhelper:13899fd,
author = {G DATA Security Lab},
title = {{ServHelper: Hidden Miners}},
date = {2020-07-09},
organization = {Gdata},
url = {https://www.gdatasoftware.com/blog/2020/07/36122-hidden-miners},
language = {English},
urldate = {2020-07-16}
}
ServHelper: Hidden Miners ServHelper |
2020-07-07 ⋅ Hornetsecurity ⋅ Hornetsecurity Security Lab @online{lab:20200707:clop:12bb60d,
author = {Hornetsecurity Security Lab},
title = {{Clop, Clop! It’s a TA505 HTML malspam analysis}},
date = {2020-07-07},
organization = {Hornetsecurity},
url = {https://www.hornetsecurity.com/en/security-information/clop-clop-ta505-html-malspam-analysis/},
language = {English},
urldate = {2020-07-30}
}
Clop, Clop! It’s a TA505 HTML malspam analysis Clop Get2 |
2020-07-06 ⋅ NTT ⋅ Security division of NTT Ltd. @online{ltd:20200706:trickbot:9612912,
author = {Security division of NTT Ltd.},
title = {{TrickBot variant “Anchor_DNS” communicating over DNS}},
date = {2020-07-06},
organization = {NTT},
url = {https://hello.global.ntt/en-us/insights/blog/trickbot-variant-communicating-over-dns},
language = {English},
urldate = {2020-07-30}
}
TrickBot variant “Anchor_DNS” communicating over DNS Anchor_DNS TrickBot |
2020-06-24 ⋅ Morphisec ⋅ Arnold Osipov @online{osipov:20200624:obfuscated:74bfeed,
author = {Arnold Osipov},
title = {{Obfuscated VBScript Drops Zloader, Ursnif, Qakbot, Dridex}},
date = {2020-06-24},
organization = {Morphisec},
url = {https://blog.morphisec.com/obfuscated-vbscript-drops-zloader-ursnif-qakbot-dridex},
language = {English},
urldate = {2020-06-25}
}
Obfuscated VBScript Drops Zloader, Ursnif, Qakbot, Dridex Dridex ISFB QakBot Zloader |
2020-06-22 ⋅ Sentinel LABS ⋅ Joshua Platt, Jason Reaves @online{platt:20200622:inside:b381dd5,
author = {Joshua Platt and Jason Reaves},
title = {{Inside a TrickBot Cobalt Strike Attack Server}},
date = {2020-06-22},
organization = {Sentinel LABS},
url = {https://labs.sentinelone.com/inside-a-trickbot-cobaltstrike-attack-server/},
language = {English},
urldate = {2020-06-23}
}
Inside a TrickBot Cobalt Strike Attack Server Cobalt Strike TrickBot |
2020-06-22 ⋅ CERT-FR ⋅ CERT-FR @techreport{certfr:20200622:volution:fba1cfa,
author = {CERT-FR},
title = {{Évolution De Lactivité du Groupe Cybercriminel TA505}},
date = {2020-06-22},
institution = {CERT-FR},
url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-006.pdf},
language = {French},
urldate = {2020-06-24}
}
Évolution De Lactivité du Groupe Cybercriminel TA505 Amadey AndroMut Bart Clop Dridex FlawedGrace Gandcrab Get2 GlobeImposter Jaff Locky Marap Philadephia Ransom QuantLoader Scarab Ransomware SDBbot ServHelper Silence tRat TrickBot |
2020-06-22 ⋅ BleepingComputer ⋅ Lawrence Abrams @online{abrams:20200622:indiabulls:ce0fcdb,
author = {Lawrence Abrams},
title = {{Indiabulls Group hit by CLOP Ransomware, gets 24h leak deadline}},
date = {2020-06-22},
organization = {BleepingComputer},
url = {https://www.bleepingcomputer.com/news/security/indiabulls-group-hit-by-clop-ransomware-gets-24h-leak-deadline/},
language = {English},
urldate = {2020-06-23}
}
Indiabulls Group hit by CLOP Ransomware, gets 24h leak deadline Clop |
2020-06-19 ⋅ Reaqta ⋅ Reaqta @online{reaqta:20200619:dridex:54f4dd5,
author = {Reaqta},
title = {{Dridex: the secret in a PostMessage()}},
date = {2020-06-19},
organization = {Reaqta},
url = {https://reaqta.com/2020/06/dridex-the-secret-in-a-postmessage/},
language = {English},
urldate = {2020-06-22}
}
Dridex: the secret in a PostMessage() Dridex |
2020-06-17 ⋅ Twitter (@MsftSecIntel) ⋅ Microsoft Security Intelligence @online{intelligence:20200617:thread:b4b74d5,
author = {Microsoft Security Intelligence},
title = {{A tweet thread on TA505 using CAPTCHA to avoid detection and infecting victims with FlawedGrace}},
date = {2020-06-17},
organization = {Twitter (@MsftSecIntel)},
url = {https://twitter.com/MsftSecIntel/status/1273359829390655488},
language = {English},
urldate = {2020-06-18}
}
A tweet thread on TA505 using CAPTCHA to avoid detection and infecting victims with FlawedGrace FlawedGrace |
2020-06-17 ⋅ Youtube (Red Canary) ⋅ Erika Noerenberg, Matt Graeber, Adam Pennington, David Kaplan @online{noerenberg:20200617:attck:934d73c,
author = {Erika Noerenberg and Matt Graeber and Adam Pennington and David Kaplan},
title = {{ATT&CK® Deep Dive: Process Injection}},
date = {2020-06-17},
organization = {Youtube (Red Canary)},
url = {https://redcanary.com/resources/webinars/deep-dive-process-injection/},
language = {English},
urldate = {2020-06-19}
}
ATT&CK® Deep Dive: Process Injection ISFB Ramnit TrickBot |
2020-06-17 ⋅ Twitter (@VK_intel) ⋅ Vitali Kremez, malwrhunterteam @online{kremez:20200617:signed:f8eecc6,
author = {Vitali Kremez and malwrhunterteam},
title = {{Tweet on signed Tinymet payload (V.02) used by TA505}},
date = {2020-06-17},
organization = {Twitter (@VK_intel)},
url = {https://twitter.com/VK_Intel/status/1273292957429510150},
language = {English},
urldate = {2020-06-18}
}
Tweet on signed Tinymet payload (V.02) used by TA505 TinyMet |
2020-06-16 ⋅ Telekom ⋅ Thomas Barabosch @online{barabosch:20200616:ta505:619f2c6,
author = {Thomas Barabosch},
title = {{TA505 returns with a new bag of tricks}},
date = {2020-06-16},
organization = {Telekom},
url = {https://www.telekom.com/en/blog/group/article/cybersecurity-ta505-returns-with-a-new-bag-of-tricks-602104},
language = {English},
urldate = {2020-06-18}
}
TA505 returns with a new bag of tricks Clop Get2 SDBbot TA505 |
2020-06-15 ⋅ Fortinet ⋅ Val Saengphaibul, Fred Gutierrez @online{saengphaibul:20200615:global:5c4be18,
author = {Val Saengphaibul and Fred Gutierrez},
title = {{Global Malicious Spam Campaign Using Black Lives Matter as a Lure}},
date = {2020-06-15},
organization = {Fortinet},
url = {https://www.fortinet.com/blog/threat-research/global-malicious-spam-campaign-using-black-lives-matter-as-a-lure},
language = {English},
urldate = {2020-06-16}
}
Global Malicious Spam Campaign Using Black Lives Matter as a Lure TrickBot |
2020-06-12 ⋅ Hornetsecurity ⋅ Security Lab @online{lab:20200612:trickbot:2bf54ef,
author = {Security Lab},
title = {{Trickbot Malspam Leveraging Black Lives Matter as Lure}},
date = {2020-06-12},
organization = {Hornetsecurity},
url = {https://www.hornetsecurity.com/en/security-information/trickbot-malspam-leveraging-black-lives-matter-as-lure/},
language = {English},
urldate = {2020-07-01}
}
Trickbot Malspam Leveraging Black Lives Matter as Lure TrickBot |
2020-06-11 ⋅ Cofense ⋅ Jason Meurer @online{meurer:20200611:all:cc2e167,
author = {Jason Meurer},
title = {{All You Need Is Text: Second Wave}},
date = {2020-06-11},
organization = {Cofense},
url = {https://cofenselabs.com/all-you-need-is-text-second-wave/},
language = {English},
urldate = {2020-06-12}
}
All You Need Is Text: Second Wave TrickBot |
2020-06-05 ⋅ Votiro ⋅ Votiro’s Research Team @online{team:20200605:anatomy:3047f6e,
author = {Votiro’s Research Team},
title = {{Anatomy of a Well-Crafted UPS, FedEx, and DHL Phishing Email During COVID-19}},
date = {2020-06-05},
organization = {Votiro},
url = {https://votiro.com/blog/anatomy-of-a-well-crafted-ups-fedex-and-dhl-phishing-email-during-covid-19/},
language = {English},
urldate = {2020-06-10}
}
Anatomy of a Well-Crafted UPS, FedEx, and DHL Phishing Email During COVID-19 Dridex |
2020-06-02 ⋅ Lastline Labs ⋅ James Haughom, Stefano Ortolani @online{haughom:20200602:evolution:3286d87,
author = {James Haughom and Stefano Ortolani},
title = {{Evolution of Excel 4.0 Macro Weaponization}},
date = {2020-06-02},
organization = {Lastline Labs},
url = {https://www.lastline.com/labsblog/evolution-of-excel-4-0-macro-weaponization/},
language = {English},
urldate = {2020-06-03}
}
Evolution of Excel 4.0 Macro Weaponization Agent Tesla DanaBot ISFB TrickBot Zloader |
2020-05-28 ⋅ Palo Alto Networks Unit 42 ⋅ Brad Duncan @online{duncan:20200528:goodbye:87a0245,
author = {Brad Duncan},
title = {{Goodbye Mworm, Hello Nworm: TrickBot Updates Propagation Module}},
date = {2020-05-28},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/goodbye-mworm-hello-nworm-trickbot-updates-propagation-module/},
language = {English},
urldate = {2020-05-29}
}
Goodbye Mworm, Hello Nworm: TrickBot Updates Propagation Module TrickBot |
2020-05-27 ⋅ GAIS-CERT ⋅ GAIS-CERT @techreport{gaiscert:20200527:dridex:90bd3bd,
author = {GAIS-CERT},
title = {{Dridex Banking Trojan Technical Analysis Report}},
date = {2020-05-27},
institution = {GAIS-CERT},
url = {https://gaissecurity.com/uploads/csirt/EN-Dridex-banking-trojan.pdf},
language = {English},
urldate = {2020-06-24}
}
Dridex Banking Trojan Technical Analysis Report Dridex |
2020-05-25 ⋅ CERT-FR ⋅ CERT-FR @online{certfr:20200525:indicateurs:642332f,
author = {CERT-FR},
title = {{INDICATEURS DE COMPROMISSION DU CERT-FR - Objet: Le code malveillant Dridex}},
date = {2020-05-25},
organization = {CERT-FR},
url = {https://www.cert.ssi.gouv.fr/ioc/CERTFR-2020-IOC-003/},
language = {French},
urldate = {2020-06-03}
}
INDICATEURS DE COMPROMISSION DU CERT-FR - Objet: Le code malveillant Dridex Dridex |
2020-05-25 ⋅ CERT-FR ⋅ CERT-FR @techreport{certfr:20200525:le:ac94f72,
author = {CERT-FR},
title = {{Le Code Malveillant Dridex: Origines et Usages}},
date = {2020-05-25},
institution = {CERT-FR},
url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-005.pdf},
language = {French},
urldate = {2020-05-26}
}
Le Code Malveillant Dridex: Origines et Usages Dridex |
2020-05-24 ⋅ Positive Technologies ⋅ PT ESC Threat Intelligence @online{intelligence:20200524:operation:2ce432b,
author = {PT ESC Threat Intelligence},
title = {{Operation TA505: network infrastructure. Part 3.}},
date = {2020-05-24},
organization = {Positive Technologies},
url = {https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/operation-ta505-part3/},
language = {English},
urldate = {2020-11-23}
}
Operation TA505: network infrastructure. Part 3. AndroMut Buhtrap SmokeLoader |
2020-05-22 ⋅ Positive Technologies ⋅ PT ESC Threat Intelligence @online{intelligence:20200522:operation:6e4f978,
author = {PT ESC Threat Intelligence},
title = {{Operation TA505: investigating the ServHelper backdoor with NetSupport RAT. Part 2.}},
date = {2020-05-22},
organization = {Positive Technologies},
url = {https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/operation-ta505-part2/},
language = {English},
urldate = {2020-11-23}
}
Operation TA505: investigating the ServHelper backdoor with NetSupport RAT. Part 2. NetSupportManager RAT ServHelper |
2020-05-21 ⋅ Intel 471 ⋅ Intel 471 @online{471:20200521:brief:048d164,
author = {Intel 471},
title = {{A brief history of TA505}},
date = {2020-05-21},
organization = {Intel 471},
url = {https://blog.intel471.com/2020/05/21/a-brief-history-of-ta505/},
language = {English},
urldate = {2020-05-23}
}
A brief history of TA505 AndroMut Bart Dridex FlawedAmmyy FlawedGrace Gandcrab Get2 GlobeImposter Jaff Kegotip Locky Necurs Philadephia Ransom Pony QuantLoader Rockloader SDBbot ServHelper Shifu Snatch TrickBot |
2020-05-20 ⋅ PTSecurity ⋅ PT ESC Threat Intelligence @online{intelligence:20200520:operation:7f6282e,
author = {PT ESC Threat Intelligence},
title = {{Operation TA505: how we analyzed new tools from the creators of the Dridex trojan, Locky ransomware, and Neutrino botnet}},
date = {2020-05-20},
organization = {PTSecurity},
url = {https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/operation-ta505/},
language = {English},
urldate = {2020-06-05}
}
Operation TA505: how we analyzed new tools from the creators of the Dridex trojan, Locky ransomware, and Neutrino botnet FlawedAmmyy |
2020-05-19 ⋅ AlienLabs ⋅ Ofer Caspi @online{caspi:20200519:trickbot:50c2a51,
author = {Ofer Caspi},
title = {{TrickBot BazarLoader In-Depth}},
date = {2020-05-19},
organization = {AlienLabs},
url = {https://cybersecurity.att.com/blogs/labs-research/trickbot-bazarloader-in-depth},
language = {English},
urldate = {2020-05-20}
}
TrickBot BazarLoader In-Depth Anchor BazarBackdoor TrickBot |
2020-05-18 ⋅ Threatpost ⋅ Tara Seals @online{seals:20200518:ransomware:265e1f4,
author = {Tara Seals},
title = {{Ransomware Gang Arrested for Spreading Locky to Hospitals}},
date = {2020-05-18},
organization = {Threatpost},
url = {https://threatpost.com/ransomware-gang-arrested-locky-hospitals/155842/},
language = {English},
urldate = {2020-07-06}
}
Ransomware Gang Arrested for Spreading Locky to Hospitals Locky |
2020-05-14 ⋅ SentinelOne ⋅ Jason Reaves @online{reaves:20200514:deep:1ee83b6,
author = {Jason Reaves},
title = {{Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant}},
date = {2020-05-14},
organization = {SentinelOne},
url = {https://labs.sentinelone.com/deep-dive-into-trickbot-executor-module-mexec-reversing-the-dropper-variant/},
language = {English},
urldate = {2020-05-18}
}
Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant TrickBot |
2020-04-14 ⋅ Intel 471 ⋅ Intel 471 @online{471:20200414:understanding:ca95961,
author = {Intel 471},
title = {{Understanding the relationship between Emotet, Ryuk and TrickBot}},
date = {2020-04-14},
organization = {Intel 471},
url = {https://blog.intel471.com/2020/04/14/understanding-the-relationship-between-emotet-ryuk-and-trickbot/},
language = {English},
urldate = {2020-04-26}
}
Understanding the relationship between Emotet, Ryuk and TrickBot Emotet Ryuk TrickBot |
2020-04-14 ⋅ Intrinsec ⋅ Jean Bichet @online{bichet:20200414:deobfuscating:d7320ab,
author = {Jean Bichet},
title = {{Deobfuscating and hunting for OSTAP, Trickbot’s dropper and best friend}},
date = {2020-04-14},
organization = {Intrinsec},
url = {https://www.intrinsec.com/deobfuscating-hunting-ostap/},
language = {English},
urldate = {2021-01-11}
}
Deobfuscating and hunting for OSTAP, Trickbot’s dropper and best friend ostap TrickBot |
2020-04-09 ⋅ Zscaler ⋅ Atinderpal Singh, Abhay Yadav @online{singh:20200409:trickbot:9db52c2,
author = {Atinderpal Singh and Abhay Yadav},
title = {{TrickBot Emerges with a Few New Tricks}},
date = {2020-04-09},
organization = {Zscaler},
url = {https://www.zscaler.com/blogs/research/trickbot-emerges-few-new-tricks},
language = {English},
urldate = {2020-07-01}
}
TrickBot Emerges with a Few New Tricks TrickBot |
2020-04-09 ⋅ Github (Tera0017) ⋅ Tera0017 @online{tera0017:20200409:sdbbot:a6c333e,
author = {Tera0017},
title = {{SDBbot Unpacker}},
date = {2020-04-09},
organization = {Github (Tera0017)},
url = {https://github.com/Tera0017/SDBbot-Unpacker},
language = {English},
urldate = {2020-04-13}
}
SDBbot Unpacker SDBbot |
2020-04-08 ⋅ SentinelOne ⋅ Jason Reaves @online{reaves:20200408:deep:87b83bb,
author = {Jason Reaves},
title = {{Deep Dive Into TrickBot Executor Module “mexec”: Hidden “Anchor” Bot Nexus Operations}},
date = {2020-04-08},
organization = {SentinelOne},
url = {https://labs.sentinelone.com/deep-dive-into-trickbot-executor-module-mexec-hidden-anchor-bot-nexus-operations/},
language = {English},
urldate = {2020-04-13}
}
Deep Dive Into TrickBot Executor Module “mexec”: Hidden “Anchor” Bot Nexus Operations Anchor TrickBot |
2020-04-07 ⋅ SecurityIntelligence ⋅ Ole Villadsen @online{villadsen:20200407:itg08:b0b782d,
author = {Ole Villadsen},
title = {{ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework}},
date = {2020-04-07},
organization = {SecurityIntelligence},
url = {https://securityintelligence.com/posts/itg08-aka-fin6-partners-with-trickbot-gang-uses-anchor-framework/},
language = {English},
urldate = {2020-04-13}
}
ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework More_eggs Anchor TrickBot |
2020-04-01 ⋅ Cisco ⋅ Shyam Sundar Ramaswami, Andrea Kaiser @online{ramaswami:20200401:navigating:965952a,
author = {Shyam Sundar Ramaswami and Andrea Kaiser},
title = {{Navigating Cybersecurity During a Pandemic: Latest Malware and Threat Actors}},
date = {2020-04-01},
organization = {Cisco},
url = {https://umbrella.cisco.com/blog/navigating-cybersecurity-during-a-pandemic-latest-malware-and-threat-actors},
language = {English},
urldate = {2020-08-19}
}
Navigating Cybersecurity During a Pandemic: Latest Malware and Threat Actors Azorult CloudEyE Formbook KPOT Stealer Metamorfo Nanocore RAT NetWire RC TrickBot |
2020-03-31 ⋅ FireEye ⋅ Van Ta, Aaron Stephens @online{ta:20200331:its:632dfca,
author = {Van Ta and Aaron Stephens},
title = {{It’s Your Money and They Want It Now - The Cycle of Adversary Pursuit}},
date = {2020-03-31},
organization = {FireEye},
url = {https://www.fireeye.com/blog/threat-research/2020/03/the-cycle-of-adversary-pursuit.html},
language = {English},
urldate = {2020-04-06}
}
It’s Your Money and They Want It Now - The Cycle of Adversary Pursuit Ryuk TrickBot UNC1878 |
2020-03-31 ⋅ Cisco Talos ⋅ Chris Neal @online{neal:20200331:trickbot:dcf5314,
author = {Chris Neal},
title = {{Trickbot: A primer}},
date = {2020-03-31},
organization = {Cisco Talos},
url = {https://blog.talosintelligence.com/2020/03/trickbot-primer.html},
language = {English},
urldate = {2020-04-01}
}
Trickbot: A primer TrickBot |
2020-03-30 ⋅ Intezer ⋅ Michael Kajiloti @online{kajiloti:20200330:fantastic:c01db60,
author = {Michael Kajiloti},
title = {{Fantastic payloads and where we find them}},
date = {2020-03-30},
organization = {Intezer},
url = {https://intezer.com/blog/intezer-analyze/fantastic-payloads-and-where-we-find-them},
language = {English},
urldate = {2020-04-07}
}
Fantastic payloads and where we find them Dridex Emotet ISFB TrickBot |
2020-03-26 ⋅ Telekom ⋅ Thomas Barabosch @online{barabosch:20200326:ta505s:24d9805,
author = {Thomas Barabosch},
title = {{TA505's Box of Chocolate - On Hidden Gems packed with the TA505 Packer}},
date = {2020-03-26},
organization = {Telekom},
url = {https://www.telekom.com/en/blog/group/article/cybersecurity-ta505-s-box-of-chocolate-597672},
language = {English},
urldate = {2020-03-27}
}
TA505's Box of Chocolate - On Hidden Gems packed with the TA505 Packer Amadey Azorult Clop FlawedGrace Get2 SDBbot Silence TinyMet TA505 |
2020-03-25 ⋅ Wilbur Security ⋅ JW @online{jw:20200325:trickbot:17b0dc3,
author = {JW},
title = {{Trickbot to Ryuk in Two Hours}},
date = {2020-03-25},
organization = {Wilbur Security},
url = {https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/},
language = {English},
urldate = {2020-03-26}
}
Trickbot to Ryuk in Two Hours Cobalt Strike Ryuk TrickBot |
2020-03-24 ⋅ Bleeping Computer ⋅ Lawrence Abrams @online{abrams:20200324:three:fb92d03,
author = {Lawrence Abrams},
title = {{Three More Ransomware Families Create Sites to Leak Stolen Data}},
date = {2020-03-24},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/three-more-ransomware-families-create-sites-to-leak-stolen-data/},
language = {English},
urldate = {2020-03-26}
}
Three More Ransomware Families Create Sites to Leak Stolen Data Clop DoppelPaymer Maze Nefilim Ransomware Nemty REvil |
2020-03-18 ⋅ Proofpoint ⋅ Axel F, Sam Scholten @online{f:20200318:coronavirus:8fe12a3,
author = {Axel F and Sam Scholten},
title = {{Coronavirus Threat Landscape Update}},
date = {2020-03-18},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/threat-insight/post/coronavirus-threat-landscape-update},
language = {English},
urldate = {2020-03-26}
}
Coronavirus Threat Landscape Update Agent Tesla Get2 ISFB Remcos |
2020-03-18 ⋅ Bitdefender ⋅ Liviu Arsene, Radu Tudorica, Alexandru Maximciuc, Cristina Vatamanu @techreport{arsene:20200318:new:2d895da,
author = {Liviu Arsene and Radu Tudorica and Alexandru Maximciuc and Cristina Vatamanu},
title = {{New TrickBot Module Bruteforces RDP Connections, Targets Select Telecommunication Services in US and Hong Kong}},
date = {2020-03-18},
institution = {Bitdefender},
url = {https://www.bitdefender.com/files/News/CaseStudies/study/316/Bitdefender-Whitepaper-TrickBot-en-EN-interactive.pdf},
language = {English},
urldate = {2020-03-19}
}
New TrickBot Module Bruteforces RDP Connections, Targets Select Telecommunication Services in US and Hong Kong TrickBot |
2020-03-09 ⋅ Fortinet ⋅ Xiaopeng Zhang @online{zhang:20200309:new:ff60491,
author = {Xiaopeng Zhang},
title = {{New Variant of TrickBot Being Spread by Word Document}},
date = {2020-03-09},
organization = {Fortinet},
url = {https://www.fortinet.com/blog/threat-research/new-variant-of-trickbot-being-spread-by-word-document.html},
language = {English},
urldate = {2020-04-26}
}
New Variant of TrickBot Being Spread by Word Document TrickBot |
2020-03-05 ⋅ Microsoft ⋅ Microsoft Threat Protection Intelligence Team @online{team:20200305:humanoperated:d90a28e,
author = {Microsoft Threat Protection Intelligence Team},
title = {{Human-operated ransomware attacks: A preventable disaster}},
date = {2020-03-05},
organization = {Microsoft},
url = {https://www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/},
language = {English},
urldate = {2020-03-06}
}
Human-operated ransomware attacks: A preventable disaster Dharma DoppelPaymer Dridex EternalPetya Gandcrab Hermes LockerGoga MegaCortex MimiKatz REvil RobinHood Ryuk SamSam TrickBot WannaCryptor |
2020-03-04 ⋅ CrowdStrike ⋅ CrowdStrike @techreport{crowdstrike:20200304:2020:818c85f,
author = {CrowdStrike},
title = {{2020 CrowdStrike Global Threat Report}},
date = {2020-03-04},
institution = {CrowdStrike},
url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf},
language = {English},
urldate = {2020-07-24}
}
2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Ransomware Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot vidar Winnti ANTHROPOID SPIDER Anunak APT31 APT39 BlackTech BuhTrap Charming Kitten CLOCKWORD SPIDER DOPPEL SPIDER Gamaredon Group Leviathan MONTY SPIDER Mustang Panda NARWHAL SPIDER NOCTURNAL SPIDER Pinchy Spider Pirate Panda Salty Spider SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER |
2020-03-04 ⋅ Bleeping Computer ⋅ Lawrence Abrams @online{abrams:20200304:ryuk:31f2ce0,
author = {Lawrence Abrams},
title = {{Ryuk Ransomware Attacked Epiq Global Via TrickBot Infection}},
date = {2020-03-04},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/ryuk-ransomware-attacked-epiq-global-via-trickbot-infection/},
language = {English},
urldate = {2020-03-09}
}
Ryuk Ransomware Attacked Epiq Global Via TrickBot Infection Ryuk TrickBot |
2020-03-04 ⋅ SentinelOne ⋅ Jason Reaves @online{reaves:20200304:breaking:8262e7e,
author = {Jason Reaves},
title = {{Breaking TA505’s Crypter with an SMT Solver}},
date = {2020-03-04},
organization = {SentinelOne},
url = {https://labs.sentinelone.com/breaking-ta505s-crypter-with-an-smt-solver/},
language = {English},
urldate = {2020-03-04}
}
Breaking TA505’s Crypter with an SMT Solver Clop CryptoMix MINEBIDGE |
2020-03-03 ⋅ PWC UK ⋅ PWC UK @techreport{uk:20200303:cyber:1f1eef0,
author = {PWC UK},
title = {{Cyber Threats 2019:A Year in Retrospect}},
date = {2020-03-03},
institution = {PWC UK},
url = {https://www.pwc.co.uk/cyber-security/assets/cyber-threats-2019-retrospect.pdf},
language = {English},
urldate = {2020-03-03}
}
Cyber Threats 2019:A Year in Retrospect KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare Axiom |
2020-02-28 ⋅ Financial Security Institute ⋅ Financial Security Institute @online{institute:20200228:profiling:ebaa39b,
author = {Financial Security Institute},
title = {{Profiling of TA505 Threat Group That Continues to Attack the Financial Sector}},
date = {2020-02-28},
organization = {Financial Security Institute},
url = {https://www.fsec.or.kr/common/proc/fsec/bbs/163/fileDownLoad/2297.do},
language = {English},
urldate = {2020-02-28}
}
Profiling of TA505 Threat Group That Continues to Attack the Financial Sector Amadey Clop FlawedAmmyy Rapid Ransom SDBbot TinyMet |
2020-02-28 ⋅ Morphisec ⋅ Michael Gorelik @online{gorelik:20200228:trickbot:678683b,
author = {Michael Gorelik},
title = {{Trickbot Delivery Method Gets a New Upgrade Focusing on Windows 10}},
date = {2020-02-28},
organization = {Morphisec},
url = {https://blog.morphisec.com/trickbot-delivery-method-gets-a-new-upgrade-focusing-on-windows},
language = {English},
urldate = {2020-03-03}
}
Trickbot Delivery Method Gets a New Upgrade Focusing on Windows 10 TrickBot |
2020-02-26 ⋅ SentinelOne ⋅ Jason Reaves @online{reaves:20200226:revealing:2c3fc63,
author = {Jason Reaves},
title = {{Revealing the Trick | A Deep Dive into TrickLoader Obfuscation}},
date = {2020-02-26},
organization = {SentinelOne},
url = {https://labs.sentinelone.com/revealing-the-trick-a-deep-dive-into-trickloader-obfuscation/},
language = {English},
urldate = {2020-02-27}
}
Revealing the Trick | A Deep Dive into TrickLoader Obfuscation TrickBot |
2020-02-20 ⋅ ZDNet ⋅ Catalin Cimpanu @online{cimpanu:20200220:croatias:ac07fa3,
author = {Catalin Cimpanu},
title = {{Croatia's largest petrol station chain impacted by cyber-attack}},
date = {2020-02-20},
organization = {ZDNet},
url = {https://www.zdnet.com/article/croatias-largest-petrol-station-chain-impacted-by-cyber-attack/},
language = {English},
urldate = {2020-02-26}
}
Croatia's largest petrol station chain impacted by cyber-attack Clop |
2020-02-19 ⋅ FireEye ⋅ FireEye @online{fireeye:20200219:mtrends:193613a,
author = {FireEye},
title = {{M-Trends 2020}},
date = {2020-02-19},
organization = {FireEye},
url = {https://content.fireeye.com/m-trends/rpt-m-trends-2020},
language = {English},
urldate = {2020-02-20}
}
M-Trends 2020 Cobalt Strike Grateful POS LockerGoga QakBot TrickBot |
2020-02-18 ⋅ Sophos Labs ⋅ Luca Nagy @online{nagy:20200218:nearly:8ff363f,
author = {Luca Nagy},
title = {{Nearly a quarter of malware now communicates using TLS}},
date = {2020-02-18},
organization = {Sophos Labs},
url = {https://news.sophos.com/en-us/2020/02/18/nearly-a-quarter-of-malware-now-communicates-using-tls/},
language = {English},
urldate = {2020-02-27}
}
Nearly a quarter of malware now communicates using TLS Dridex IcedID TrickBot |
2020-02-13 ⋅ Qianxin ⋅ Qi Anxin Threat Intelligence Center @techreport{center:20200213:report:146d333,
author = {Qi Anxin Threat Intelligence Center},
title = {{APT Report 2019}},
date = {2020-02-13},
institution = {Qianxin},
url = {https://ti.qianxin.com/uploads/2020/02/13/cb78386a082f465f259b37dae5df4884.pdf},
language = {English},
urldate = {2020-02-27}
}
APT Report 2019 Chrysaor Exodus Dacls elf.vpnfilter DNSRat Griffon KopiLuwak More_eggs SQLRat AppleJeus BONDUPDATER Agent.BTZ Anchor AndroMut AppleJeus BOOSTWRITE Brambul Carbanak Cobalt Strike Dacls DistTrack DNSpionage Dtrack ELECTRICFISH FlawedAmmyy FlawedGrace Get2 Grateful POS HOPLIGHT Imminent Monitor RAT jason Joanap KerrDown KEYMARBLE Lambert LightNeuron LoJax MiniDuke PolyglotDuke PowerRatankba Rising Sun SDBbot ServHelper Snatch Stuxnet TinyMet tRat TrickBot Volgmer X-Agent Zebrocy |
2020-02-10 ⋅ viXra ⋅ Jason Reaves @techreport{reaves:20200210:case:3f668be,
author = {Jason Reaves},
title = {{A Case Study into solving Crypters/Packers in Malware Obfuscation using an SMT approach}},
date = {2020-02-10},
institution = {viXra},
url = {https://vixra.org/pdf/2002.0183v1.pdf},
language = {English},
urldate = {2020-02-27}
}
A Case Study into solving Crypters/Packers in Malware Obfuscation using an SMT approach Locky |
2020-02-10 ⋅ Malwarebytes ⋅ Adam Kujawa, Wendy Zamora, Jérôme Segura, Thomas Reed, Nathan Collier, Jovi Umawing, Chris Boyd, Pieter Arntz, David Ruiz @techreport{kujawa:20200210:2020:3fdaf12,
author = {Adam Kujawa and Wendy Zamora and Jérôme Segura and Thomas Reed and Nathan Collier and Jovi Umawing and Chris Boyd and Pieter Arntz and David Ruiz},
title = {{2020 State of Malware Report}},
date = {2020-02-10},
institution = {Malwarebytes},
url = {https://resources.malwarebytes.com/files/2020/02/2020_State-of-Malware-Report.pdf},
language = {English},
urldate = {2020-02-13}
}
2020 State of Malware Report magecart Emotet QakBot REvil Ryuk TrickBot WannaCryptor |
2020-02-07 ⋅ Bleeping Computer ⋅ Sergiu Gatlan @online{gatlan:20200207:ta505:7a8e5a2,
author = {Sergiu Gatlan},
title = {{TA505 Hackers Behind Maastricht University Ransomware Attack}},
date = {2020-02-07},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/ta505-hackers-behind-maastricht-university-ransomware-attack/},
language = {English},
urldate = {2020-02-13}
}
TA505 Hackers Behind Maastricht University Ransomware Attack Clop |
2020-01-31 ⋅ Virus Bulletin ⋅ Michal Poslušný, Peter Kálnai @online{poslun:20200131:rich:c25f156,
author = {Michal Poslušný and Peter Kálnai},
title = {{Rich Headers: leveraging this mysterious artifact of the PE format}},
date = {2020-01-31},
organization = {Virus Bulletin},
url = {https://www.virusbulletin.com/virusbulletin/2020/01/vb2019-paper-rich-headers-leveraging-mysterious-artifact-pe-format/},
language = {English},
urldate = {2020-02-03}
}
Rich Headers: leveraging this mysterious artifact of the PE format Dridex Exaramel Industroyer Neutrino RCS Sathurbot |
2020-01-30 ⋅ Morphisec ⋅ Arnold Osipov @online{osipov:20200130:trickbot:da5c80d,
author = {Arnold Osipov},
title = {{Trickbot Trojan Leveraging a New Windows 10 UAC Bypass}},
date = {2020-01-30},
organization = {Morphisec},
url = {https://blog.morphisec.com/trickbot-uses-a-new-windows-10-uac-bypass},
language = {English},
urldate = {2020-02-03}
}
Trickbot Trojan Leveraging a New Windows 10 UAC Bypass TrickBot |
2020-01-30 ⋅ Bleeping Computer ⋅ Lawrence Abrams @online{abrams:20200130:trickbot:22db786,
author = {Lawrence Abrams},
title = {{TrickBot Uses a New Windows 10 UAC Bypass to Launch Quietly}},
date = {2020-01-30},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/trickbot-uses-a-new-windows-10-uac-bypass-to-launch-quietly/},
language = {English},
urldate = {2020-02-03}
}
TrickBot Uses a New Windows 10 UAC Bypass to Launch Quietly TrickBot |
2020-01-29 ⋅ ANSSI ⋅ ANSSI @techreport{anssi:20200129:tat:3d59e6e,
author = {ANSSI},
title = {{État de la menace rançongiciel}},
date = {2020-01-29},
institution = {ANSSI},
url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-001.pdf},
language = {English},
urldate = {2020-02-03}
}
État de la menace rançongiciel Clop Dharma FriedEx Gandcrab LockerGoga Maze MegaCortex REvil RobinHood Ryuk SamSam |
2020-01-29 ⋅ Bleeping Computer ⋅ Lawrence Abrams @online{abrams:20200129:malware:920dc7e,
author = {Lawrence Abrams},
title = {{Malware Tries to Trump Security Software With POTUS Impeachment}},
date = {2020-01-29},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/malware-tries-to-trump-security-software-with-potus-impeachment/},
language = {English},
urldate = {2020-02-03}
}
Malware Tries to Trump Security Software With POTUS Impeachment TrickBot |
2020-01-27 ⋅ T-Systems ⋅ T-Systems @techreport{tsystems:20200127:vorlufiger:39dc989,
author = {T-Systems},
title = {{Vorläufiger forensischer Abschlussbericht zur Untersuchung des Incidents beim Berliner Kammergericht}},
date = {2020-01-27},
institution = {T-Systems},
url = {https://www.berlin.de/sen/justva/presse/pressemitteilungen/2020/pm-11-2020-t-systems-forensik_bericht_public_v1.pdf},
language = {German},
urldate = {2020-01-28}
}
Vorläufiger forensischer Abschlussbericht zur Untersuchung des Incidents beim Berliner Kammergericht Emotet TrickBot |
2020-01-23 ⋅ Bleeping Computer ⋅ Lawrence Abrams @online{abrams:20200123:trickbot:5ca7827,
author = {Lawrence Abrams},
title = {{TrickBot Now Steals Windows Active Directory Credentials}},
date = {2020-01-23},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/trickbot-now-steals-windows-active-directory-credentials/},
language = {English},
urldate = {2020-01-27}
}
TrickBot Now Steals Windows Active Directory Credentials TrickBot |
2020-01-17 ⋅ Ken Sajo, Yasuhiro Takeda, Yusuke Niwa @techreport{sajo:20200117:battle:2b146f5,
author = {Ken Sajo and Yasuhiro Takeda and Yusuke Niwa},
title = {{Battle Against Ursnif Malspam Campaign targeting Japan}},
date = {2020-01-17},
institution = {},
url = {https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_5_sajo-takeda-niwa_en.pdf},
language = {English},
urldate = {2020-01-17}
}
Battle Against Ursnif Malspam Campaign targeting Japan Cutwail ISFB TrickBot UrlZone |
2020-01-16 ⋅ Bleeping Computer ⋅ Lawrence Abrams @online{abrams:20200116:trickbot:ed6fdb3,
author = {Lawrence Abrams},
title = {{TrickBot Now Uses a Windows 10 UAC Bypass to Evade Detection}},
date = {2020-01-16},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/trickbot-now-uses-a-windows-10-uac-bypass-to-evade-detection/},
language = {English},
urldate = {2020-01-20}
}
TrickBot Now Uses a Windows 10 UAC Bypass to Evade Detection TrickBot |
2020-01-14 ⋅ Telekom ⋅ Thomas Barabosch @online{barabosch:20200114:inside:2187ad3,
author = {Thomas Barabosch},
title = {{Inside of CL0P’s ransomware operation}},
date = {2020-01-14},
organization = {Telekom},
url = {https://www.telekom.com/en/blog/group/article/inside-of-cl0p-s-ransomware-operation-615824},
language = {English},
urldate = {2021-01-14}
}
Inside of CL0P’s ransomware operation Clop Get2 SDBbot |
2020-01-13 ⋅ Github (Tera0017) ⋅ Tera0017 @online{tera0017:20200113:tafof:d939bc6,
author = {Tera0017},
title = {{TAFOF Unpacker}},
date = {2020-01-13},
organization = {Github (Tera0017)},
url = {https://github.com/Tera0017/TAFOF-Unpacker},
language = {English},
urldate = {2020-03-30}
}
TAFOF Unpacker Clop Get2 Silence |
2020-01-10 ⋅ CSIS ⋅ CSIS @techreport{csis:20200110:threat:7454f36,
author = {CSIS},
title = {{Threat Matrix H1 2019}},
date = {2020-01-10},
institution = {CSIS},
url = {https://gallery.mailchimp.com/c35aef82661dad887b8162a4f/files/e24e8206-a157-4796-a8cb-2b7262cc76e8/CSIS_Threat_Matrix_H1_2019.pdf},
language = {English},
urldate = {2020-01-22}
}
Threat Matrix H1 2019 Gustuff magecart Emotet Gandcrab Ramnit TrickBot |
2020-01-09 ⋅ SentinelOne ⋅ Vitali Kremez, Joshua Platt, Jason Reaves @online{kremez:20200109:toptier:4f8de90,
author = {Vitali Kremez and Joshua Platt and Jason Reaves},
title = {{Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets}},
date = {2020-01-09},
organization = {SentinelOne},
url = {https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/},
language = {English},
urldate = {2020-01-13}
}
Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets TrickBot WIZARD SPIDER |
2020-01-09 ⋅ SonicWall ⋅ SonicWall @online{sonicwall:20200109:servhelper:3e6a00c,
author = {SonicWall},
title = {{ServHelper 2.0: Enriched with bot capabilities and allow remote desktop access}},
date = {2020-01-09},
organization = {SonicWall},
url = {https://securitynews.sonicwall.com/xmlpost/servhelper-2-0-enriched-with-bot-capabilities-and-allow-remote-desktop-access/},
language = {English},
urldate = {2020-09-18}
}
ServHelper 2.0: Enriched with bot capabilities and allow remote desktop access ServHelper |
2020-01-07 ⋅ Github (albertzsigovits) ⋅ Albert Zsigovits @online{zsigovits:20200107:clop:3e7202e,
author = {Albert Zsigovits},
title = {{Clop ransomware Notes}},
date = {2020-01-07},
organization = {Github (albertzsigovits)},
url = {https://github.com/albertzsigovits/malware-notes/blob/master/Ransomware/Clop.md},
language = {English},
urldate = {2020-02-01}
}
Clop ransomware Notes Clop |
2020-01-07 ⋅ Github (albertzsigovits) ⋅ Albert Zsigovits @online{zsigovits:20200107:clop:07d2a90,
author = {Albert Zsigovits},
title = {{Clop ransomware Notes}},
date = {2020-01-07},
organization = {Github (albertzsigovits)},
url = {https://github.com/albertzsigovits/malware-notes/blob/master/Clop.md},
language = {English},
urldate = {2020-01-09}
}
Clop ransomware Notes Clop |
2020 ⋅ Secureworks ⋅ SecureWorks @online{secureworks:2020:gold:0d8c853,
author = {SecureWorks},
title = {{GOLD DRAKE}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/gold-drake},
language = {English},
urldate = {2020-05-23}
}
GOLD DRAKE Dridex Empire Downloader FriedEx Koadic MimiKatz |
2020 ⋅ Secureworks ⋅ SecureWorks @online{secureworks:2020:gold:97e5784,
author = {SecureWorks},
title = {{GOLD NIAGARA}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/gold-niagara},
language = {English},
urldate = {2020-05-23}
}
GOLD NIAGARA Bateleur Griffon Carbanak Cobalt Strike DRIFTPIN TinyMet Anunak |
2020 ⋅ Secureworks ⋅ SecureWorks @online{secureworks:2020:gold:d8faa3e,
author = {SecureWorks},
title = {{GOLD ULRICK}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/gold-ulrick},
language = {English},
urldate = {2020-05-23}
}
GOLD ULRICK Empire Downloader Ryuk TrickBot WIZARD SPIDER |
2020 ⋅ Secureworks ⋅ SecureWorks @online{secureworks:2020:gold:b12ae49,
author = {SecureWorks},
title = {{GOLD HERON}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/gold-heron},
language = {English},
urldate = {2020-05-23}
}
GOLD HERON DoppelPaymer Dridex Empire Downloader |
2020 ⋅ Secureworks ⋅ SecureWorks @online{secureworks:2020:gold:21c4d39,
author = {SecureWorks},
title = {{GOLD BLACKBURN}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/gold-blackburn},
language = {English},
urldate = {2020-05-23}
}
GOLD BLACKBURN Dyre TrickBot |
2020 ⋅ Secureworks ⋅ SecureWorks @online{secureworks:2020:gold:f38f910,
author = {SecureWorks},
title = {{GOLD TAHOE}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/gold-tahoe},
language = {English},
urldate = {2020-05-23}
}
GOLD TAHOE Clop FlawedAmmyy FlawedGrace Get2 SDBbot ServHelper TA505 |
2020 ⋅ Secureworks ⋅ SecureWorks @online{secureworks:2020:gold:65fcc96,
author = {SecureWorks},
title = {{GOLD SWATHMORE}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/gold-swathmore},
language = {English},
urldate = {2020-05-23}
}
GOLD SWATHMORE GlobeImposter Gozi IcedID TrickBot Lunar Spider |
2019-12-20 ⋅ Binary Defense ⋅ James Quinn @online{quinn:20191220:updated:2408ee7,
author = {James Quinn},
title = {{An Updated ServHelper Tunnel Variant}},
date = {2019-12-20},
organization = {Binary Defense},
url = {https://www.binarydefense.com/an-updated-servhelper-tunnel-variant/},
language = {English},
urldate = {2020-01-13}
}
An Updated ServHelper Tunnel Variant ServHelper |
2019-12-19 ⋅ KrebsOnSecurity ⋅ Brian Krebs @online{krebs:20191219:inside:c7595ad,
author = {Brian Krebs},
title = {{Inside ‘Evil Corp,’ a $100M Cybercrime Menace}},
date = {2019-12-19},
organization = {KrebsOnSecurity},
url = {https://krebsonsecurity.com/2019/12/inside-evil-corp-a-100m-cybercrime-menace/},
language = {English},
urldate = {2020-11-02}
}
Inside ‘Evil Corp,’ a $100M Cybercrime Menace Dridex Gameover P2P Zeus Evil Corp |
2019-12-17 ⋅ Blueliv ⋅ Adrián Ruiz, Jose Miguel Esparza, Blueliv Labs Team @online{ruiz:20191217:ta505:1c1204e,
author = {Adrián Ruiz and Jose Miguel Esparza and Blueliv Labs Team},
title = {{TA505 evolves ServHelper, uses Predator The Thief and Team Viewer Hijacking}},
date = {2019-12-17},
organization = {Blueliv},
url = {https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/research/servhelper-evolution-and-new-ta505-campaigns/},
language = {English},
urldate = {2020-01-09}
}
TA505 evolves ServHelper, uses Predator The Thief and Team Viewer Hijacking ServHelper TA505 |
2019-12-12 ⋅ FireEye ⋅ Chi-en Shen, Oleg Bondarenko @online{shen:20191212:cyber:e01baca,
author = {Chi-en Shen and Oleg Bondarenko},
title = {{Cyber Threat Landscape in Japan – Revealing Threat in the Shadow}},
date = {2019-12-12},
organization = {FireEye},
url = {https://www.slideshare.net/codeblue_jp/cb19-cyber-threat-landscape-in-japan-revealing-threat-in-the-shadow-by-chi-en-shen-ashley-oleg-bondarenko},
language = {English},
urldate = {2020-04-16}
}
Cyber Threat Landscape in Japan – Revealing Threat in the Shadow Cerberus TSCookie Cobalt Strike Dtrack Emotet Formbook IcedID Icefog IRONHALO Loki Password Stealer (PWS) PandaBanker PLEAD poisonplug TrickBot BlackTech |
2019-12-09 ⋅ Palo Alto Networks Unit 42 ⋅ Bryan Lee, Brittany Ash, Mike Harbison @online{lee:20191209:trickbot:48d9da3,
author = {Bryan Lee and Brittany Ash and Mike Harbison},
title = {{TrickBot Campaign Uses Fake Payroll Emails to Conduct Phishing Attacks}},
date = {2019-12-09},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/trickbot-campaign-uses-fake-payroll-emails-to-conduct-phishing-attacks/},
language = {English},
urldate = {2020-01-22}
}
TrickBot Campaign Uses Fake Payroll Emails to Conduct Phishing Attacks TrickBot |
2019-11-24 ⋅ Jacob Pimental @online{pimental:20191124:ta505:fb32d29,
author = {Jacob Pimental},
title = {{TA505 Get2 Analysis}},
date = {2019-11-24},
url = {https://www.goggleheadedhacker.com/blog/post/13},
language = {English},
urldate = {2019-12-17}
}
TA505 Get2 Analysis Get2 |
2019-11-22 ⋅ CERT-FR ⋅ CERT-FR @online{certfr:20191122:rapport:c457ee8,
author = {CERT-FR},
title = {{RAPPORT MENACES ET INCIDENTS DU CERT-FR}},
date = {2019-11-22},
organization = {CERT-FR},
url = {https://www.cert.ssi.gouv.fr/cti/CERTFR-2019-CTI-009/},
language = {French},
urldate = {2020-01-07}
}
RAPPORT MENACES ET INCIDENTS DU CERT-FR Clop |
2019-11-22 ⋅ Palo Alto Networks Unit 42 ⋅ Brad Duncan @online{duncan:20191122:trickbot:e14933b,
author = {Brad Duncan},
title = {{Trickbot Updates Password Grabber Module}},
date = {2019-11-22},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/trickbot-updates-password-grabber-module/},
language = {English},
urldate = {2020-01-22}
}
Trickbot Updates Password Grabber Module TrickBot |
2019-11-19 ⋅ ACTU ⋅ Rédaction Normandie @online{normandie:20191119:une:d09ec98,
author = {Rédaction Normandie},
title = {{Une rançon après la cyberattaque au CHU de Rouen ? Ce que réclament les pirates}},
date = {2019-11-19},
organization = {ACTU},
url = {https://actu.fr/normandie/rouen_76540/une-rancon-apres-cyberattaque-chu-rouen-ce-reclament-pirates_29475649.html},
language = {French},
urldate = {2019-12-05}
}
Une rançon après la cyberattaque au CHU de Rouen ? Ce que réclament les pirates Clop |
2019-11-13 ⋅ CrowdStrike ⋅ Jen Ayers, Jason Rivera @techreport{ayers:20191113:through:70cc3b3,
author = {Jen Ayers and Jason Rivera},
title = {{Through the Eyes of the Adversary}},
date = {2019-11-13},
institution = {CrowdStrike},
url = {https://na.eventscloud.com/file_uploads/6568237bca6dc156e5c5557c5989e97c_CrowdStrikeFal.Con2019_ThroughEyesOfAdversary_J.Ayers.pdf},
language = {English},
urldate = {2020-03-22}
}
Through the Eyes of the Adversary TrickBot CLOCKWORD SPIDER |
2019-11-08 ⋅ Palo Alto Networks Unit 42 ⋅ Brad Duncan @online{duncan:20191108:wireshark:f37b983,
author = {Brad Duncan},
title = {{Wireshark Tutorial: Examining Trickbot Infections}},
date = {2019-11-08},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/wireshark-tutorial-examining-trickbot-infections/},
language = {English},
urldate = {2020-01-06}
}
Wireshark Tutorial: Examining Trickbot Infections TrickBot |
2019-11-06 ⋅ Heise Security ⋅ Thomas Hungenberg @online{hungenberg:20191106:emotet:1605954,
author = {Thomas Hungenberg},
title = {{Emotet, Trickbot, Ryuk – ein explosiver Malware-Cocktail}},
date = {2019-11-06},
organization = {Heise Security},
url = {https://www.heise.de/security/artikel/Emotet-Trickbot-Ryuk-ein-explosiver-Malware-Cocktail-4573848.html},
language = {German},
urldate = {2020-01-06}
}
Emotet, Trickbot, Ryuk – ein explosiver Malware-Cocktail Emotet Ryuk TrickBot |
2019-10-29 ⋅ SneakyMonkey Blog ⋅ SneakyMonkey @online{sneakymonkey:20191029:trickbot:bd7249c,
author = {SneakyMonkey},
title = {{TRICKBOT - Analysis Part II}},
date = {2019-10-29},
organization = {SneakyMonkey Blog},
url = {https://www.sneakymonkey.net/2019/10/29/trickbot-analysis-part-ii/},
language = {English},
urldate = {2019-12-17}
}
TRICKBOT - Analysis Part II TrickBot |
2019-10-24 ⋅ Sentinel LABS ⋅ Vitali Kremez @online{kremez:20191024:how:e6d838d,
author = {Vitali Kremez},
title = {{How TrickBot Malware Hooking Engine Targets Windows 10 Browsers}},
date = {2019-10-24},
organization = {Sentinel LABS},
url = {https://labs.sentinelone.com/how-trickbot-hooking-engine-targets-windows-10-browsers/},
language = {English},
urldate = {2020-07-03}
}
How TrickBot Malware Hooking Engine Targets Windows 10 Browsers TrickBot |
2019-10-16 ⋅ Proofpoint ⋅ Proofpoint @online{proofpoint:20191016:ta505:9bca8d0,
author = {Proofpoint},
title = {{TA505 Timeline}},
date = {2019-10-16},
organization = {Proofpoint},
url = {https://www.proofpoint.com/sites/default/files/ta505_timeline_final4_0.png},
language = {English},
urldate = {2020-01-08}
}
TA505 Timeline TA505 |
2019-10-16 ⋅ Proofpoint ⋅ Dennis Schwarz, Kafeine, Matthew Mesa, Axel F, Proofpoint Threat Insight Team @online{schwarz:20191016:ta505:9d7155a,
author = {Dennis Schwarz and Kafeine and Matthew Mesa and Axel F and Proofpoint Threat Insight Team},
title = {{TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader}},
date = {2019-10-16},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/threat-insight/post/ta505-distributes-new-sdbbot-remote-access-trojan-get2-downloader},
language = {English},
urldate = {2020-01-10}
}
TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader Get2 SDBbot TA505 |
2019-10-10 ⋅ AhnLab ⋅ ASEC @techreport{asec:20191010:asec:6452cd4,
author = {ASEC},
title = {{ASEC Report Vol. 96}},
date = {2019-10-10},
institution = {AhnLab},
url = {https://global.ahnlab.com/global/upload/download/asecreport/ASEC%20REPORT_vol.96_ENG.pdf},
language = {English},
urldate = {2020-01-13}
}
ASEC Report Vol. 96 SDBbot |
2019-10-10 ⋅ Github (StrangerealIntel) ⋅ StrangerealIntel @online{strangerealintel:20191010:analysis:45d6c09,
author = {StrangerealIntel},
title = {{Analysis of the new TA505 campaign}},
date = {2019-10-10},
organization = {Github (StrangerealIntel)},
url = {https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/cybercriminal%20groups/TA505/04-10-2019/Malware%20Analysis%2004-10-2019.md},
language = {English},
urldate = {2020-01-13}
}
Analysis of the new TA505 campaign Get2 |
2019-09-25 ⋅ GovCERT.ch ⋅ GovCERT.ch @online{govcertch:20190925:trickbot:8346dd7,
author = {GovCERT.ch},
title = {{Trickbot - An analysis of data collected from the botnet}},
date = {2019-09-25},
organization = {GovCERT.ch},
url = {https://www.govcert.ch/blog/37/trickbot-an-analysis-of-data-collected-from-the-botnet},
language = {English},
urldate = {2020-01-08}
}
Trickbot - An analysis of data collected from the botnet TrickBot |
2019-09-09 ⋅ McAfee ⋅ Thomas Roccia, Marc Rivero López, Chintan Shah @online{roccia:20190909:evolution:baf3b6c,
author = {Thomas Roccia and Marc Rivero López and Chintan Shah},
title = {{Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study}},
date = {2019-09-09},
organization = {McAfee},
url = {https://www.mcafee.com/blogs/other-blogs/mcafee-labs/evolution-of-malware-sandbox-evasion-tactics-a-retrospective-study/},
language = {English},
urldate = {2020-08-30}
}
Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study Cutwail Dridex Dyre Kovter Locky Phorpiex Simda |
2019-08-29 ⋅ ThreatRecon ⋅ ThreatRecon Team @online{team:20190829:sectorj04:ce6cc4b,
author = {ThreatRecon Team},
title = {{SectorJ04 Group’s Increased Activity in 2019}},
date = {2019-08-29},
organization = {ThreatRecon},
url = {https://threatrecon.nshc.net/2019/08/29/sectorj04-groups-increased-activity-in-2019/},
language = {English},
urldate = {2019-10-13}
}
SectorJ04 Group’s Increased Activity in 2019 FlawedAmmyy ServHelper TA505 |
2019-08-27 ⋅ Trend Micro ⋅ Hara Hiroaki, Jaromír Hořejší, Loseway Lu @online{hiroaki:20190827:ta505:9bcbff1,
author = {Hara Hiroaki and Jaromír Hořejší and Loseway Lu},
title = {{TA505 At It Again: Variety is the Spice of ServHelper and FlawedAmmyy}},
date = {2019-08-27},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/ta505-at-it-again-variety-is-the-spice-of-servhelper-and-flawedammyy/},
language = {English},
urldate = {2019-11-27}
}
TA505 At It Again: Variety is the Spice of ServHelper and FlawedAmmyy FlawedAmmyy ServHelper |
2019-08-27 ⋅ Secureworks ⋅ CTU Research Team @online{team:20190827:trickbot:fa5f95b,
author = {CTU Research Team},
title = {{TrickBot Modifications Target U.S. Mobile Users}},
date = {2019-08-27},
organization = {Secureworks},
url = {https://www.secureworks.com/blog/trickbot-modifications-target-us-mobile-users},
language = {English},
urldate = {2020-01-09}
}
TrickBot Modifications Target U.S. Mobile Users TrickBot |
2019-08-26 ⋅ InQuest ⋅ Josiah Smith @online{smith:20190826:memory:c4cea9b,
author = {Josiah Smith},
title = {{Memory Analysis of TrickBot}},
date = {2019-08-26},
organization = {InQuest},
url = {https://inquest.net/blog/2019/08/26/TrickBot-Memory-Analysis},
language = {English},
urldate = {2020-01-10}
}
Memory Analysis of TrickBot TrickBot |
2019-08-20 ⋅ Github (SherifEldeeb) ⋅ Sherif Eldeeb @online{eldeeb:20190820:source:66124bb,
author = {Sherif Eldeeb},
title = {{Source code: TinyMet}},
date = {2019-08-20},
organization = {Github (SherifEldeeb)},
url = {https://github.com/SherifEldeeb/TinyMet},
language = {English},
urldate = {2020-02-13}
}
Source code: TinyMet TinyMet |
2019-08-13 ⋅ Adalogics ⋅ David Korczynski @online{korczynski:20190813:state:a4ad074,
author = {David Korczynski},
title = {{The state of advanced code injections}},
date = {2019-08-13},
organization = {Adalogics},
url = {https://adalogics.com/blog/the-state-of-advanced-code-injections},
language = {English},
urldate = {2020-01-13}
}
The state of advanced code injections Dridex Emotet Tinba |
2019-08-05 ⋅ Trend Micro ⋅ Noel Anthony Llimos, Michael Jhon Ofiaza @online{llimos:20190805:latest:62ba94b,
author = {Noel Anthony Llimos and Michael Jhon Ofiaza},
title = {{Latest Trickbot Campaign Delivered via Highly Obfuscated JS File}},
date = {2019-08-05},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/latest-trickbot-campaign-delivered-via-highly-obfuscated-js-file/},
language = {English},
urldate = {2020-01-23}
}
Latest Trickbot Campaign Delivered via Highly Obfuscated JS File ostap TrickBot |
2019-08-01 ⋅ McAfee ⋅ Alexandre Mundo, Marc Rivero López @online{mundo:20190801:clop:fa3429f,
author = {Alexandre Mundo and Marc Rivero López},
title = {{Clop Ransomware}},
date = {2019-08-01},
organization = {McAfee},
url = {https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/clop-ransomware/},
language = {English},
urldate = {2020-01-06}
}
Clop Ransomware Clop |
2019-07-30 ⋅ Dissecting Malware ⋅ Marius Genheimer @online{genheimer:20190730:picking:cea78ea,
author = {Marius Genheimer},
title = {{Picking Locky}},
date = {2019-07-30},
organization = {Dissecting Malware},
url = {https://dissectingmalwa.re/picking-locky.html},
language = {English},
urldate = {2020-03-27}
}
Picking Locky Locky |
2019-07-12 ⋅ CrowdStrike ⋅ Brett Stone-Gross, Sergei Frankoff, Bex Hartley @online{stonegross:20190712:bitpaymer:113a037,
author = {Brett Stone-Gross and Sergei Frankoff and Bex Hartley},
title = {{BitPaymer Source Code Fork: Meet DoppelPaymer Ransomware and Dridex 2.0}},
date = {2019-07-12},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/},
language = {English},
urldate = {2020-04-25}
}
BitPaymer Source Code Fork: Meet DoppelPaymer Ransomware and Dridex 2.0 DoppelPaymer Dridex FriedEx |
2019-07-11 ⋅ NTT Security ⋅ NTT Security @online{security:20190711:targeted:a48e692,
author = {NTT Security},
title = {{Targeted TrickBot activity drops 'PowerBrace' backdoor}},
date = {2019-07-11},
organization = {NTT Security},
url = {https://technical.nttsecurity.com/post/102fnog/targeted-trickbot-activity-drops-powerbrace-backdoor},
language = {English},
urldate = {2019-12-18}
}
Targeted TrickBot activity drops 'PowerBrace' backdoor PowerBrace TrickBot |
2019-07-04 ⋅ Trend Micro ⋅ Trend Micro @techreport{micro:20190704:latest:dd6099a,
author = {Trend Micro},
title = {{Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi}},
date = {2019-07-04},
institution = {Trend Micro},
url = {https://documents.trendmicro.com/assets/Tech-Brief-Latest-Spam-Campaigns-from-TA505-Now-Using-New-Malware-Tools-Gelup-and-FlowerPippi.pdf},
language = {English},
urldate = {2020-01-13}
}
Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi AndroMut |
2019-07-02 ⋅ Proofpoint ⋅ Matthew Mesa, Dennis Schwarz, Proofpoint Threat Insight Team @online{mesa:20190702:ta505:7f99961,
author = {Matthew Mesa and Dennis Schwarz and Proofpoint Threat Insight Team},
title = {{TA505 begins summer campaigns with a new pet malware downloader, AndroMut, in the UAE, South Korea, Singapore, and the United States}},
date = {2019-07-02},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/threat-insight/post/ta505-begins-summer-campaigns-new-pet-malware-downloader-andromut-uae-south},
language = {English},
urldate = {2019-11-26}
}
TA505 begins summer campaigns with a new pet malware downloader, AndroMut, in the UAE, South Korea, Singapore, and the United States AndroMut FlawedAmmyy |
2019-06-04 ⋅ SlideShare ⋅ Vitali Kremez @online{kremez:20190604:inside:d633c6f,
author = {Vitali Kremez},
title = {{Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vitali Kremez}},
date = {2019-06-04},
organization = {SlideShare},
url = {https://www.slideshare.net/proidea_conferences/inside-cybercrime-groups-harvesting-active-directory-for-fun-and-profit-vitali-kremez},
language = {English},
urldate = {2020-01-13}
}
Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vitali Kremez TrickBot |
2019-05-31 ⋅ Youtube (0verfl0w_) ⋅ 0verfl0w_ @online{0verfl0w:20190531:defeating:eb0994e,
author = {0verfl0w_},
title = {{Defeating Commercial and Custom Packers like a Pro - VMProtect, ASPack, PECompact, and more}},
date = {2019-05-31},
organization = {Youtube (0verfl0w_)},
url = {https://www.youtube.com/watch?v=N4f2e8Mygag},
language = {English},
urldate = {2020-01-08}
}
Defeating Commercial and Custom Packers like a Pro - VMProtect, ASPack, PECompact, and more FlawedAmmyy Ramnit |
2019-05-29 ⋅ Yoroi ⋅ ZLAB-Yoroi @online{zlabyoroi:20190529:ta505:07b59dd,
author = {ZLAB-Yoroi},
title = {{TA505 is Expanding its Operations}},
date = {2019-05-29},
organization = {Yoroi},
url = {https://blog.yoroi.company/research/ta505-is-expanding-its-operations/},
language = {English},
urldate = {2020-01-13}
}
TA505 is Expanding its Operations RMS |
2019-05-28 ⋅ MITRE ⋅ MITRE @online{mitre:20190528:flawedammyy:c4f6363,
author = {MITRE},
title = {{FlawedAmmyy}},
date = {2019-05-28},
organization = {MITRE},
url = {https://attack.mitre.org/software/S0381/},
language = {English},
urldate = {2020-01-13}
}
FlawedAmmyy FlawedAmmyy |
2019-05-22 ⋅ sneakymonk3y (Mark) @online{mark:20190522:trickbot:277256b,
author = {sneakymonk3y (Mark)},
title = {{TRICKBOT - Analysis}},
date = {2019-05-22},
url = {https://www.sneakymonkey.net/2019/05/22/trickbot-analysis/},
language = {English},
urldate = {2020-01-06}
}
TRICKBOT - Analysis TrickBot |
2019-05-16 ⋅ Yoroi ⋅ Luigi Martire, Davide Testa, Antonio Pirozzi, Luca Mella @online{martire:20190516:stealthy:930aa98,
author = {Luigi Martire and Davide Testa and Antonio Pirozzi and Luca Mella},
title = {{The Stealthy Email Stealer in the TA505 Arsenal}},
date = {2019-05-16},
organization = {Yoroi},
url = {https://blog.yoroi.company/research/the-stealthy-email-stealer-in-the-ta505-arsenal/},
language = {English},
urldate = {2019-10-14}
}
The Stealthy Email Stealer in the TA505 Arsenal TA505 |
2019-05-14 ⋅ GovCERT.ch ⋅ GovCERT.ch @online{govcertch:20190514:rise:8fd8ef4,
author = {GovCERT.ch},
title = {{The Rise of Dridex and the Role of ESPs}},
date = {2019-05-14},
organization = {GovCERT.ch},
url = {https://www.govcert.admin.ch/blog/28/the-rise-of-dridex-and-the-role-of-esps},
language = {English},
urldate = {2020-01-09}
}
The Rise of Dridex and the Role of ESPs Dridex |
2019-05-09 ⋅ GovCERT.ch ⋅ GovCERT.ch @online{govcertch:20190509:severe:2767782,
author = {GovCERT.ch},
title = {{Severe Ransomware Attacks Against Swiss SMEs}},
date = {2019-05-09},
organization = {GovCERT.ch},
url = {https://www.govcert.admin.ch/blog/36/severe-ransomware-attacks-against-swiss-smes},
language = {English},
urldate = {2019-07-11}
}
Severe Ransomware Attacks Against Swiss SMEs Emotet LockerGoga Ryuk TrickBot |
2019-05-02 ⋅ CERT.PL ⋅ Michał Praszmo @online{praszmo:20190502:detricking:43a7dc1,
author = {Michał Praszmo},
title = {{Detricking TrickBot Loader}},
date = {2019-05-02},
organization = {CERT.PL},
url = {https://www.cert.pl/en/news/single/detricking-trickbot-loader/},
language = {English},
urldate = {2020-01-08}
}
Detricking TrickBot Loader TrickBot |
2019-04-25 ⋅ Cybereason ⋅ Cybereason Nocturnus @online{nocturnus:20190425:threat:63e7d51,
author = {Cybereason Nocturnus},
title = {{Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware}},
date = {2019-04-25},
organization = {Cybereason},
url = {https://www.cybereason.com/blog/threat-actor-ta505-targets-financial-enterprises-using-lolbins-and-a-new-backdoor-malware},
language = {English},
urldate = {2020-01-08}
}
Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware ServHelper TA505 |
2019-04-22 ⋅ SANS ⋅ Mike Downey @online{downey:20190422:unpacking:2cb6558,
author = {Mike Downey},
title = {{Unpacking & Decrypting FlawedAmmyy}},
date = {2019-04-22},
organization = {SANS},
url = {https://www.sans.org/reading-room/whitepapers/reverseengineeringmalware/unpacking-decrypting-flawedammyy-38930},
language = {English},
urldate = {2020-01-09}
}
Unpacking & Decrypting FlawedAmmyy FlawedAmmyy |
2019-04-05 ⋅ Medium vishal_thakur ⋅ Vishal Thakur @online{thakur:20190405:trickbot:d1c4891,
author = {Vishal Thakur},
title = {{Trickbot — a concise treatise}},
date = {2019-04-05},
organization = {Medium vishal_thakur},
url = {https://medium.com/@vishal_29486/trickbot-a-concise-treatise-d7e4cc97f737},
language = {English},
urldate = {2020-01-13}
}
Trickbot — a concise treatise TrickBot |
2019-04-02 ⋅ DeepInstinct ⋅ Shaul Vilkomir-Preisman @online{vilkomirpreisman:20190402:new:4dbdc56,
author = {Shaul Vilkomir-Preisman},
title = {{New ServHelper Variant Employs Excel 4.0 Macro to Drop Signed Payload}},
date = {2019-04-02},
organization = {DeepInstinct},
url = {https://www.deepinstinct.com/2019/04/02/new-servhelper-variant-employs-excel-4-0-macro-to-drop-signed-payload/},
language = {English},
urldate = {2019-07-11}
}
New ServHelper Variant Employs Excel 4.0 Macro to Drop Signed Payload ServHelper |
2019-04-02 ⋅ Cybereason ⋅ Noa Pinkas, Lior Rochberger, Matan Zatz @online{pinkas:20190402:triple:10a3e37,
author = {Noa Pinkas and Lior Rochberger and Matan Zatz},
title = {{Triple Threat: Emotet Deploys Trickbot to Steal Data & Spread Ryuk}},
date = {2019-04-02},
organization = {Cybereason},
url = {https://www.cybereason.com/blog/triple-threat-emotet-deploys-trickbot-to-steal-data-spread-ryuk-ransomware},
language = {English},
urldate = {2020-01-09}
}
Triple Threat: Emotet Deploys Trickbot to Steal Data & Spread Ryuk Ryuk TrickBot |
2019-03-20 ⋅ Flashpoint ⋅ Joshua Platt, Jason Reaves @online{platt:20190320:fin7:bac265f,
author = {Joshua Platt and Jason Reaves},
title = {{FIN7 Revisited: Inside Astra Panel and SQLRat Malware}},
date = {2019-03-20},
organization = {Flashpoint},
url = {https://www.flashpoint-intel.com/blog/fin7-revisited:-inside-astra-panel-and-sqlrat-malware/},
language = {English},
urldate = {2019-12-18}
}
FIN7 Revisited: Inside Astra Panel and SQLRat Malware DNSRat TinyMet |
2019-03-05 ⋅ Bleeping Computer ⋅ Lawrence Abrams @online{abrams:20190305:cryptomix:33e7eac,
author = {Lawrence Abrams},
title = {{CryptoMix Clop Ransomware Says It's Targeting Networks, Not Computers}},
date = {2019-03-05},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/cryptomix-clop-ransomware-says-its-targeting-networks-not-computers/},
language = {English},
urldate = {2020-01-13}
}
CryptoMix Clop Ransomware Says It's Targeting Networks, Not Computers Clop |
2019-03-05 ⋅ PepperMalware Blog ⋅ Pepper Potts @online{potts:20190305:quick:773aabc,
author = {Pepper Potts},
title = {{Quick Analysis of a Trickbot Sample with NSA's Ghidra SRE Framework}},
date = {2019-03-05},
organization = {PepperMalware Blog},
url = {http://www.peppermalware.com/2019/03/quick-analysis-of-trickbot-sample-with.html},
language = {English},
urldate = {2019-12-19}
}
Quick Analysis of a Trickbot Sample with NSA's Ghidra SRE Framework TrickBot |
2019-02-15 ⋅ CrowdStrike ⋅ Brendon Feeley, Bex Hartley @online{feeley:20190215:sinful:729f693,
author = {Brendon Feeley and Bex Hartley},
title = {{“Sin”-ful SPIDERS: WIZARD SPIDER and LUNAR SPIDER Sharing the Same Web}},
date = {2019-02-15},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/sin-ful-spiders-wizard-spider-and-lunar-spider-sharing-the-same-web/},
language = {English},
urldate = {2019-12-20}
}
“Sin”-ful SPIDERS: WIZARD SPIDER and LUNAR SPIDER Sharing the Same Web Dyre IcedID TrickBot Vawtrak Lunar Spider WIZARD SPIDER |
2019-02-12 ⋅ Trend Micro ⋅ Trend Micro @online{micro:20190212:trickbot:73576ba,
author = {Trend Micro},
title = {{Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire}},
date = {2019-02-12},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/trickbot-adds-remote-application-credential-grabbing-capabilities-to-its-repertoire/},
language = {English},
urldate = {2020-01-12}
}
Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire TrickBot |
2019-02-02 ⋅ Medium Sebdraven ⋅ Sébastien Larinier @online{larinier:20190202:unpacking:894335d,
author = {Sébastien Larinier},
title = {{Unpacking Clop}},
date = {2019-02-02},
organization = {Medium Sebdraven},
url = {https://medium.com/@Sebdraven/unpacking-clop-416b83718e0f},
language = {English},
urldate = {2020-01-06}
}
Unpacking Clop Clop |
2019-01-24 ⋅ 奇安信威胁情报中心 ⋅ 事件追踪 @online{:20190124:excel:2dd401c,
author = {事件追踪},
title = {{Excel 4.0 Macro Utilized by TA505 to Target Financial Institutions Recently}},
date = {2019-01-24},
organization = {奇安信威胁情报中心},
url = {https://ti.360.net/blog/articles/excel-4.0-macro-utilized-by-ta505-to-target-financial-institutions-recently-en/},
language = {English},
urldate = {2019-12-02}
}
Excel 4.0 Macro Utilized by TA505 to Target Financial Institutions Recently ServHelper |
2019-01-14 ⋅ Möbius Strip Reverse Engineering ⋅ Rolf Rolles @online{rolles:20190114:quick:42a2552,
author = {Rolf Rolles},
title = {{A Quick Solution to an Ugly Reverse Engineering Problem}},
date = {2019-01-14},
organization = {Möbius Strip Reverse Engineering},
url = {https://www.msreverseengineering.com/blog/2019/1/14/a-quick-solution-to-an-ugly-reverse-engineering-problem},
language = {English},
urldate = {2020-01-13}
}
A Quick Solution to an Ugly Reverse Engineering Problem FlawedGrace |
2019-01-11 ⋅ FireEye ⋅ Kimberly Goody, Jeremy Kennelly, Jaideep Natu, Christopher Glyer @online{goody:20190111:nasty:3c872d4,
author = {Kimberly Goody and Jeremy Kennelly and Jaideep Natu and Christopher Glyer},
title = {{A Nasty Trick: From Credential Theft Malware to Business Disruption}},
date = {2019-01-11},
organization = {FireEye},
url = {https://www.fireeye.com/blog/threat-research/2019/01/a-nasty-trick-from-credential-theft-malware-to-business-disruption.html},
language = {English},
urldate = {2019-12-20}
}
A Nasty Trick: From Credential Theft Malware to Business Disruption Ryuk TrickBot GRIM SPIDER WIZARD SPIDER |
2019-01-11 ⋅ Threatpost ⋅ Tara Seals @online{seals:20190111:ta505:48e9745,
author = {Tara Seals},
title = {{TA505 Crime Gang Debuts Brand-New ServHelper Backdoor}},
date = {2019-01-11},
organization = {Threatpost},
url = {https://threatpost.com/ta505-servhelper-malware/140792/},
language = {English},
urldate = {2020-01-08}
}
TA505 Crime Gang Debuts Brand-New ServHelper Backdoor TA505 |
2019-01-10 ⋅ Bleeping Computer ⋅ Ionut Ilascu @online{ilascu:20190110:ta505:12f4881,
author = {Ionut Ilascu},
title = {{TA505 Group Adopts New ServHelper Backdoor and FlawedGrace RAT}},
date = {2019-01-10},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/ta505-group-adopts-new-servhelper-backdoor-and-flawedgrace-rat/},
language = {English},
urldate = {2019-12-20}
}
TA505 Group Adopts New ServHelper Backdoor and FlawedGrace RAT TA505 |
2019-01-09 ⋅ Proofpoint ⋅ Dennis Schwarz, Proofpoint Staff @online{schwarz:20190109:servhelper:e20586c,
author = {Dennis Schwarz and Proofpoint Staff},
title = {{ServHelper and FlawedGrace - New malware introduced by TA505}},
date = {2019-01-09},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/threat-insight/post/servhelper-and-flawedgrace-new-malware-introduced-ta505},
language = {English},
urldate = {2019-12-20}
}
ServHelper and FlawedGrace - New malware introduced by TA505 FlawedGrace ServHelper |
2019 ⋅ CyberInt ⋅ CyberInt @techreport{cyberint:2019:legit:9925ea3,
author = {CyberInt},
title = {{Legit Remote Admin Tools Turn into Threat Actors' Tools}},
date = {2019},
institution = {CyberInt},
url = {https://e.cyberint.com/hubfs/Report%20Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors%20Tools/CyberInt_Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors'%20Tools_Report.pdf},
language = {English},
urldate = {2019-12-19}
}
Legit Remote Admin Tools Turn into Threat Actors' Tools RMS ServHelper TA505 |
2018-12-18 ⋅ Trend Micro ⋅ Trendmicro @online{trendmicro:20181218:ursnif:cc5ce31,
author = {Trendmicro},
title = {{URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader}},
date = {2018-12-18},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/ursnif-emotet-dridex-and-bitpaymer-gangs-linked-by-a-similar-loader/},
language = {English},
urldate = {2020-01-07}
}
URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader Dridex Emotet FriedEx ISFB |
2018-12-12 ⋅ SecureData ⋅ Wicus Ross @online{ross:20181212:trickbot:7a0e2a6,
author = {Wicus Ross},
title = {{The TrickBot and MikroTik connection}},
date = {2018-12-12},
organization = {SecureData},
url = {https://www.infosecurity-magazine.com/blogs/trickbot-mikrotik-connection/},
language = {English},
urldate = {2020-05-18}
}
The TrickBot and MikroTik connection TrickBot |
2018-12-05 ⋅ VIPRE ⋅ VIPRE Labs @online{labs:20181205:trickbots:b45d588,
author = {VIPRE Labs},
title = {{Trickbot’s Tricks}},
date = {2018-12-05},
organization = {VIPRE},
url = {https://labs.vipre.com/trickbots-tricks/},
language = {English},
urldate = {2020-01-09}
}
Trickbot’s Tricks TrickBot |
2018-11-12 ⋅ Malwarebytes ⋅ hasherezade @online{hasherezade:20181112:whats:e44d5f3,
author = {hasherezade},
title = {{What’s new in TrickBot? Deobfuscating elements}},
date = {2018-11-12},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-analysis/malware-threat-analysis/2018/11/whats-new-trickbot-deobfuscating-elements/},
language = {English},
urldate = {2019-12-20}
}
What’s new in TrickBot? Deobfuscating elements TrickBot |
2018-11-08 ⋅ Fortinet ⋅ Xiaopeng Zhang @online{zhang:20181108:deep:fca360c,
author = {Xiaopeng Zhang},
title = {{Deep Analysis of TrickBot New Module pwgrab}},
date = {2018-11-08},
organization = {Fortinet},
url = {https://www.fortinet.com/blog/threat-research/deep-analysis-of-trickbot-new-module-pwgrab.html},
language = {English},
urldate = {2019-11-17}
}
Deep Analysis of TrickBot New Module pwgrab TrickBot |
2018-11-01 ⋅ Trend Micro ⋅ Noel Anthony Llimos, Carl Maverick Pascual @online{llimos:20181101:trickbot:7d0ea94,
author = {Noel Anthony Llimos and Carl Maverick Pascual},
title = {{Trickbot Shows Off New Trick: Password Grabber Module}},
date = {2018-11-01},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/trickbot-shows-off-new-trick-password-grabber-module},
language = {English},
urldate = {2020-01-06}
}
Trickbot Shows Off New Trick: Password Grabber Module TrickBot |
2018-08-14 ⋅ Cyberbit ⋅ Hod Gavriel @online{gavriel:20180814:latest:7df6364,
author = {Hod Gavriel},
title = {{Latest Trickbot Variant has New Tricks Up Its Sleeve}},
date = {2018-08-14},
organization = {Cyberbit},
url = {https://www.cyberbit.com/latest-trickbot-variant-has-new-tricks-up-its-sleeve/},
language = {English},
urldate = {2020-08-21}
}
Latest Trickbot Variant has New Tricks Up Its Sleeve TrickBot |
2018-07-19 ⋅ Proofpoint ⋅ Proofpoint Staff @online{staff:20180719:ta505:3c29d5a,
author = {Proofpoint Staff},
title = {{TA505 Abusing SettingContent-ms within PDF files to Distribute FlawedAmmyy RAT}},
date = {2018-07-19},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/threat-insight/post/ta505-abusing-settingcontent-ms-within-pdf-files-distribute-flawedammyy-rat},
language = {English},
urldate = {2019-12-20}
}
TA505 Abusing SettingContent-ms within PDF files to Distribute FlawedAmmyy RAT FlawedAmmyy |
2018-07-03 ⋅ Talos Intelligence ⋅ Ben Baker, Holger Unterbrink @online{baker:20180703:smoking:067be1f,
author = {Ben Baker and Holger Unterbrink},
title = {{Smoking Guns - Smoke Loader learned new tricks}},
date = {2018-07-03},
organization = {Talos Intelligence},
url = {https://blog.talosintelligence.com/2018/07/smoking-guns-smoke-loader-learned-new.html},
language = {English},
urldate = {2019-10-14}
}
Smoking Guns - Smoke Loader learned new tricks SmokeLoader TrickBot |
2018-06-28 ⋅ Secrary Blog ⋅ Lasha Khasaia @online{khasaia:20180628:brief:d854824,
author = {Lasha Khasaia},
title = {{A Brief Overview of the AMMYY RAT Downloader}},
date = {2018-06-28},
organization = {Secrary Blog},
url = {https://secrary.com/ReversingMalware/AMMY_RAT_Downloader/},
language = {English},
urldate = {2020-01-13}
}
A Brief Overview of the AMMYY RAT Downloader FlawedAmmyy |
2018-06-20 ⋅ OALabs @online{oalabs:20180620:unpacking:e4d59a4,
author = {OALabs},
title = {{Unpacking and Extracting TrickBot Malware Configuration With x64dbg and Python}},
date = {2018-06-20},
url = {https://www.youtube.com/watch?v=EdchPEHnohw},
language = {English},
urldate = {2019-12-24}
}
Unpacking and Extracting TrickBot Malware Configuration With x64dbg and Python TrickBot |
2018-06-13 ⋅ Github (JR0driguezB) ⋅ Jorge Rodriguez @online{rodriguez:20180613:trickbot:e004ae8,
author = {Jorge Rodriguez},
title = {{TrickBot config files}},
date = {2018-06-13},
organization = {Github (JR0driguezB)},
url = {https://github.com/JR0driguezB/malware_configs/tree/master/TrickBot},
language = {English},
urldate = {2019-07-11}
}
TrickBot config files TrickBot |
2018-04-16 ⋅ Random RE ⋅ sysopfb @online{sysopfb:20180416:trickbot:5305f46,
author = {sysopfb},
title = {{TrickBot & UACME}},
date = {2018-04-16},
organization = {Random RE},
url = {https://sysopfb.github.io/malware/2018/04/16/trickbot-uacme.html},
language = {English},
urldate = {2020-01-09}
}
TrickBot & UACME TrickBot |
2018-04-03 ⋅ Vitali Kremez Blog ⋅ Vitali Kremez @online{kremez:20180403:lets:b45dd50,
author = {Vitali Kremez},
title = {{Let's Learn: Trickbot Implements Network Collector Module Leveraging CMD, WMI & LDAP}},
date = {2018-04-03},
organization = {Vitali Kremez Blog},
url = {http://www.vkremez.com/2018/04/lets-learn-trickbot-implements-network.html},
language = {English},
urldate = {2019-07-27}
}
Let's Learn: Trickbot Implements Network Collector Module Leveraging CMD, WMI & LDAP TrickBot |
2018-03-31 ⋅ Youtube (hasherezade) ⋅ hasherezade @online{hasherezade:20180331:deobfuscating:39c1be0,
author = {hasherezade},
title = {{Deobfuscating TrickBot's strings with libPeConv}},
date = {2018-03-31},
organization = {Youtube (hasherezade)},
url = {https://www.youtube.com/watch?v=KMcSAlS9zGE},
language = {English},
urldate = {2020-01-13}
}
Deobfuscating TrickBot's strings with libPeConv TrickBot |
2018-03-27 ⋅ Trend Micro ⋅ Trendmicro @online{trendmicro:20180327:evolving:faa2e54,
author = {Trendmicro},
title = {{Evolving Trickbot Adds Detection Evasion and Screen-Locking Features}},
date = {2018-03-27},
organization = {Trend Micro},
url = {https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/evolving-trickbot-adds-detection-evasion-and-screen-locking-features},
language = {English},
urldate = {2020-01-07}
}
Evolving Trickbot Adds Detection Evasion and Screen-Locking Features TrickBot |
2018-03-21 ⋅ Webroot ⋅ Jason Davison @online{davison:20180321:trickbot:1f0576e,
author = {Jason Davison},
title = {{TrickBot Banking Trojan Adapts with New Module}},
date = {2018-03-21},
organization = {Webroot},
url = {https://www.webroot.com/blog/2018/03/21/trickbot-banking-trojan-adapts-new-module/},
language = {English},
urldate = {2020-01-13}
}
TrickBot Banking Trojan Adapts with New Module TrickBot |
2018-03-20 ⋅ Stormshield ⋅ Mehdi Talbi @online{talbi:20180320:deobfuscating:7ac7605,
author = {Mehdi Talbi},
title = {{De-obfuscating Jump Chains with Binary Ninja}},
date = {2018-03-20},
organization = {Stormshield},
url = {https://thisissecurity.stormshield.com/2018/03/20/de-obfuscating-jump-chains-with-binary-ninja/},
language = {English},
urldate = {2020-03-16}
}
De-obfuscating Jump Chains with Binary Ninja Locky |
2018-03-07 ⋅ Proofpoint ⋅ Proofpoint Staff @online{staff:20180307:leaked:5e33f64,
author = {Proofpoint Staff},
title = {{Leaked Ammyy Admin Source Code Turned into Malware}},
date = {2018-03-07},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/threat-insight/post/leaked-source-code-ammyy-admin-turned-flawedammyy-rat},
language = {English},
urldate = {2019-12-20}
}
Leaked Ammyy Admin Source Code Turned into Malware FlawedAmmyy QuantLoader |
2018-02-15 ⋅ SecurityIntelligence ⋅ Ophir Harpaz, Magal Baz, Limor Kessem @online{harpaz:20180215:trickbots:2cf1b53,
author = {Ophir Harpaz and Magal Baz and Limor Kessem},
title = {{TrickBot’s Cryptocurrency Hunger: Tricking the Bitcoin Out of Wallets}},
date = {2018-02-15},
organization = {SecurityIntelligence},
url = {https://securityintelligence.com/trickbots-cryptocurrency-hunger-tricking-the-bitcoin-out-of-wallets/},
language = {English},
urldate = {2020-01-06}
}
TrickBot’s Cryptocurrency Hunger: Tricking the Bitcoin Out of Wallets TrickBot |
2018-02-01 ⋅ Malware Traffic Analysis ⋅ Brad Duncan @online{duncan:20180201:quick:320f855,
author = {Brad Duncan},
title = {{Quick Test Drive of Trickbot (It now has a Monero Module)}},
date = {2018-02-01},
organization = {Malware Traffic Analysis},
url = {http://www.malware-traffic-analysis.net/2018/02/01/},
language = {English},
urldate = {2019-07-09}
}
Quick Test Drive of Trickbot (It now has a Monero Module) TrickBot |
2018-01-26 ⋅ ESET Research ⋅ Michal Poslušný @online{poslun:20180126:friedex:3c3f46b,
author = {Michal Poslušný},
title = {{FriedEx: BitPaymer ransomware the work of Dridex authors}},
date = {2018-01-26},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2018/01/26/friedex-bitpaymer-ransomware-work-dridex-authors/},
language = {English},
urldate = {2019-11-14}
}
FriedEx: BitPaymer ransomware the work of Dridex authors Dridex FriedEx |
2017-12-30 ⋅ Youtube (hasherezade) ⋅ hasherezade @online{hasherezade:20171230:unpacking:5477bb2,
author = {hasherezade},
title = {{Unpacking TrickBot with PE-sieve}},
date = {2017-12-30},
organization = {Youtube (hasherezade)},
url = {https://www.youtube.com/watch?v=lTywPmZEU1A},
language = {English},
urldate = {2020-01-06}
}
Unpacking TrickBot with PE-sieve TrickBot |
2017-12-19 ⋅ Vitali Kremez Blog ⋅ Vitali Kremez @online{kremez:20171219:lets:030e09a,
author = {Vitali Kremez},
title = {{Let's Learn: Introducing New Trickbot LDAP "DomainGrabber" Module}},
date = {2017-12-19},
organization = {Vitali Kremez Blog},
url = {http://www.vkremez.com/2017/12/lets-learn-introducing-new-trickbot.html},
language = {English},
urldate = {2019-11-23}
}
Let's Learn: Introducing New Trickbot LDAP "DomainGrabber" Module TrickBot |
2017-11-22 ⋅ Flashpoint ⋅ Vitali Kremez @online{kremez:20171122:trickbot:faea11e,
author = {Vitali Kremez},
title = {{Trickbot Gang Evolves, Incorporates Account Checking Into Hybrid Attack Model}},
date = {2017-11-22},
organization = {Flashpoint},
url = {https://www.flashpoint-intel.com/blog/trickbot-account-checking-hybrid-attack-model/},
language = {English},
urldate = {2019-12-10}
}
Trickbot Gang Evolves, Incorporates Account Checking Into Hybrid Attack Model TrickBot |
2017-11-21 ⋅ Vitali Kremez @online{kremez:20171121:lets:5fb17b0,
author = {Vitali Kremez},
title = {{Let's Learn: Trickbot Socks5 Backconnect Module In Detail}},
date = {2017-11-21},
url = {http://www.vkremez.com/2017/11/lets-learn-trickbot-socks5-backconnect.html},
language = {English},
urldate = {2019-11-22}
}
Let's Learn: Trickbot Socks5 Backconnect Module In Detail TrickBot |
2017-11-07 ⋅ ThreatVector ⋅ Cylance Threat Research Team @online{team:20171107:locky:a38e9b5,
author = {Cylance Threat Research Team},
title = {{Locky Ransomware}},
date = {2017-11-07},
organization = {ThreatVector},
url = {https://www.cylance.com/en_us/blog/threat-spotlight-locky-ransomware.html},
language = {English},
urldate = {2020-01-07}
}
Locky Ransomware Locky |
2017-10-06 ⋅ Blueliv ⋅ Blueliv @online{blueliv:20171006:trickbot:a2a9ac8,
author = {Blueliv},
title = {{TrickBot banking trojan using EFLAGS as an anti-hook technique}},
date = {2017-10-06},
organization = {Blueliv},
url = {https://www.blueliv.com/research/trickbot-banking-trojan-using-eflags-as-an-anti-hook-technique/},
language = {English},
urldate = {2020-01-08}
}
TrickBot banking trojan using EFLAGS as an anti-hook technique TrickBot |
2017-09-27 ⋅ Proofpoint ⋅ Proofpoint Staff @online{staff:20170927:threat:272e6ac,
author = {Proofpoint Staff},
title = {{Threat Actor Profile: TA505, From Dridex to GlobeImposter}},
date = {2017-09-27},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta505-dridex-globeimposter},
language = {English},
urldate = {2019-12-20}
}
Threat Actor Profile: TA505, From Dridex to GlobeImposter TA505 |
2017-09-21 ⋅ Malwarebytes ⋅ Jérôme Segura @online{segura:20170921:fake:5f5963f,
author = {Jérôme Segura},
title = {{Fake IRS notice delivers customized spying tool}},
date = {2017-09-21},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-analysis/2017/09/cve-2017-0199-used-to-deliver-modified-rms-agent-rat/},
language = {English},
urldate = {2019-12-20}
}
Fake IRS notice delivers customized spying tool RMS |
2017-08-20 ⋅ MyOnlineSecurity ⋅ MyOnlineSecurity @online{myonlinesecurity:20170820:return:cf54ed9,
author = {MyOnlineSecurity},
title = {{return of fake UPS cannot deliver malspam with an updated nemucod ransomware and Kovter payload}},
date = {2017-08-20},
organization = {MyOnlineSecurity},
url = {http://web.archive.org/web/20181007211751/https://myonlinesecurity.co.uk/return-of-fake-ups-cannot-deliver-malspam-with-an-updated-nemucod-ransomware-and-kovter-payload/},
language = {English},
urldate = {2020-11-26}
}
return of fake UPS cannot deliver malspam with an updated nemucod ransomware and Kovter payload Cold$eal Locky |
2017-08-16 ⋅ Bleeping Computer ⋅ Lawrence Abrams @online{abrams:20170816:locky:7445bd0,
author = {Lawrence Abrams},
title = {{Locky Ransomware switches to the Lukitus extension for Encrypted Files}},
date = {2017-08-16},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/locky-ransomware-switches-to-the-lukitus-extension-for-encrypted-files/},
language = {English},
urldate = {2019-12-20}
}
Locky Ransomware switches to the Lukitus extension for Encrypted Files Locky |
2017-08-10 ⋅ botfrei Blog ⋅ Tom Berchem @online{berchem:20170810:weltweite:5df6bfa,
author = {Tom Berchem},
title = {{Weltweite Spamwelle verbreitet teuflische Variante des Locky}},
date = {2017-08-10},
organization = {botfrei Blog},
url = {https://blog.botfrei.de/2017/08/weltweite-spamwelle-verbreitet-teufliche-variante-des-locky/},
language = {German},
urldate = {2019-12-10}
}
Weltweite Spamwelle verbreitet teuflische Variante des Locky Locky |
2017-08-01 ⋅ Panda Security ⋅ Panda Security @techreport{security:20170801:malware:e92cd36,
author = {Panda Security},
title = {{Malware Report: Dridex Version 4}},
date = {2017-08-01},
institution = {Panda Security},
url = {https://www.pandasecurity.com/mediacenter/src/uploads/2017/10/Informe_Dridex_Revisado_FINAL_EN-2.pdf},
language = {English},
urldate = {2020-04-14}
}
Malware Report: Dridex Version 4 Dridex |
2017-08-01 ⋅ Malwarebytes ⋅ Malwarebytes Labs @online{labs:20170801:trickbot:222d8bc,
author = {Malwarebytes Labs},
title = {{TrickBot comes up with new tricks: attacking Outlook and browsing data}},
date = {2017-08-01},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-analysis/2017/08/trickbot-comes-with-new-tricks-attacking-outlook-and-browsing-data/},
language = {English},
urldate = {2019-12-20}
}
TrickBot comes up with new tricks: attacking Outlook and browsing data TrickBot |
2017-07-27 ⋅ Flashpoint ⋅ Flashpoint @online{flashpoint:20170727:new:bb5c883,
author = {Flashpoint},
title = {{New Version of “Trickbot” Adds Worm Propagation Module}},
date = {2017-07-27},
organization = {Flashpoint},
url = {https://www.flashpoint-intel.com/blog/new-version-trickbot-adds-worm-propagation-module/},
language = {English},
urldate = {2020-01-13}
}
New Version of “Trickbot” Adds Worm Propagation Module TrickBot |
2017-07-25 ⋅ Github (viql) ⋅ Johannes Bader @online{bader:20170725:dridex:44f64d8,
author = {Johannes Bader},
title = {{Dridex Loot}},
date = {2017-07-25},
organization = {Github (viql)},
url = {https://viql.github.io/dridex/},
language = {English},
urldate = {2020-01-07}
}
Dridex Loot Dridex |
2017-07-18 ⋅ Elastic ⋅ Ashkan Hosseini @online{hosseini:20170718:ten:af036b3,
author = {Ashkan Hosseini},
title = {{Ten process injection techniques: A technical survey of common and trending process injection techniques}},
date = {2017-07-18},
organization = {Elastic},
url = {https://www.elastic.co/blog/ten-process-injection-techniques-technical-survey-common-and-trending-process},
language = {English},
urldate = {2020-07-15}
}
Ten process injection techniques: A technical survey of common and trending process injection techniques Cryakl CyberGate Dridex FinFisher RAT Locky |
2017-07 ⋅ Ring Zero Labs ⋅ Ring Zero Labs @online{labs:201707:trickbot:e738eaf,
author = {Ring Zero Labs},
title = {{TrickBot Banking Trojan - DOC00039217.doc}},
date = {2017-07},
organization = {Ring Zero Labs},
url = {https://www.ringzerolabs.com/2017/07/trickbot-banking-trojan-doc00039217doc.html},
language = {English},
urldate = {2020-01-10}
}
TrickBot Banking Trojan - DOC00039217.doc TrickBot |
2017-06-22 ⋅ Bleeping Computer ⋅ Catalin Cimpanu @online{cimpanu:20170622:locky:4a088f0,
author = {Catalin Cimpanu},
title = {{Locky Ransomware Returns, but Targets Only Windows XP & Vista}},
date = {2017-06-22},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/locky-ransomware-returns-but-targets-only-windows-xp-and-vista/},
language = {English},
urldate = {2019-12-20}
}
Locky Ransomware Returns, but Targets Only Windows XP & Vista Locky |
2017-06-21 ⋅ Cisco ⋅ Alex Chiu, Warren Mercer, Jaeson Schultz, Sean Baird, Matthew Molyett @online{chiu:20170621:player:b44064a,
author = {Alex Chiu and Warren Mercer and Jaeson Schultz and Sean Baird and Matthew Molyett},
title = {{Player 1 Limps Back Into the Ring - Hello again, Locky!}},
date = {2017-06-21},
organization = {Cisco},
url = {http://blog.talosintelligence.com/2017/06/necurs-locky-campaign.html},
language = {English},
urldate = {2019-12-17}
}
Player 1 Limps Back Into the Ring - Hello again, Locky! Locky |
2017-06-15 ⋅ F5 ⋅ Sara Boddy, Jesse Smith, Doron Voolf @online{boddy:20170615:trickbot:6eb1db4,
author = {Sara Boddy and Jesse Smith and Doron Voolf},
title = {{Trickbot Expands Global Targets Beyond Banks and Payment Processors to CRMs}},
date = {2017-06-15},
organization = {F5},
url = {https://f5.com/labs/articles/threat-intelligence/malware/trickbot-expands-global-targets-beyond-banks-and-payment-processors-to-crms},
language = {English},
urldate = {2019-12-24}
}
Trickbot Expands Global Targets Beyond Banks and Payment Processors to CRMs TrickBot |
2017-06-12 ⋅ Security Art Work ⋅ Marc Salinas, JoséMiguel Holguín @techreport{salinas:20170612:evolucin:9930231,
author = {Marc Salinas and JoséMiguel Holguín},
title = {{Evolución de Trickbot}},
date = {2017-06-12},
institution = {Security Art Work},
url = {https://www.securityartwork.es/wp-content/uploads/2017/06/Informe_Evoluci%C3%B3n_Trickbot.pdf},
language = {Spanish},
urldate = {2020-01-10}
}
Evolución de Trickbot TrickBot |
2017-05-26 ⋅ PWC ⋅ Bart Parys @online{parys:20170526:trickbots:c1b84e1,
author = {Bart Parys},
title = {{TrickBot’s bag of tricks}},
date = {2017-05-26},
organization = {PWC},
url = {http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/trickbots-bag-of-tricks.html},
language = {English},
urldate = {2020-06-18}
}
TrickBot’s bag of tricks TrickBot |
2017-03-01 ⋅ FraudWatch International ⋅ FraudWatch International @online{international:20170301:how:fb75ef9,
author = {FraudWatch International},
title = {{How Does the Trickbot Malware Work?}},
date = {2017-03-01},
organization = {FraudWatch International},
url = {https://blog.fraudwatchinternational.com/malware/trickbot-malware-works},
language = {English},
urldate = {2020-01-08}
}
How Does the Trickbot Malware Work? TrickBot |
2017-02-28 ⋅ Security Intelligence ⋅ Magal Baz, Or Safran @online{baz:20170228:dridexs:f72a5ec,
author = {Magal Baz and Or Safran},
title = {{Dridex’s Cold War: Enter AtomBombing}},
date = {2017-02-28},
organization = {Security Intelligence},
url = {https://securityintelligence.com/dridexs-cold-war-enter-atombombing/},
language = {English},
urldate = {2019-12-16}
}
Dridex’s Cold War: Enter AtomBombing Dridex |
2017-01-31 ⋅ Malwarebytes ⋅ Malwarebytes Labs @online{labs:20170131:locky:92db484,
author = {Malwarebytes Labs},
title = {{Locky Bart ransomware and backend server analysis}},
date = {2017-01-31},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-analysis/2017/01/locky-bart-ransomware-and-backend-server-analysis/},
language = {English},
urldate = {2019-12-20}
}
Locky Bart ransomware and backend server analysis Locky |
2017-01-26 ⋅ Flashpoint ⋅ Flashpoint @online{flashpoint:20170126:dridex:2ca4920,
author = {Flashpoint},
title = {{Dridex Banking Trojan Returns, Leverages New UAC Bypass Method}},
date = {2017-01-26},
organization = {Flashpoint},
url = {https://www.flashpoint-intel.com/blog-dridex-banking-trojan-returns/},
language = {English},
urldate = {2020-01-08}
}
Dridex Banking Trojan Returns, Leverages New UAC Bypass Method Dridex |
2016-12-07 ⋅ Botconf ⋅ Joshua Adams @techreport{adams:20161207:trickbot:fc3427c,
author = {Joshua Adams},
title = {{The TrickBot Evolution}},
date = {2016-12-07},
institution = {Botconf},
url = {https://www.botconf.eu/wp-content/uploads/2016/11/2016-LT09-TrickBot-Adams.pdf},
language = {English},
urldate = {2020-01-09}
}
The TrickBot Evolution TrickBot |
2016-12-06 ⋅ Fortinet ⋅ Xiaopeng Zhang @online{zhang:20161206:deep:1f1521f,
author = {Xiaopeng Zhang},
title = {{Deep Analysis of the Online Banking Botnet TrickBot}},
date = {2016-12-06},
organization = {Fortinet},
url = {http://blog.fortinet.com/2016/12/06/deep-analysis-of-the-online-banking-botnet-trickbot},
language = {English},
urldate = {2020-01-08}
}
Deep Analysis of the Online Banking Botnet TrickBot TrickBot |
2016-11-09 ⋅ Lior Keshet @online{keshet:20161109:tricks:c3ab510,
author = {Lior Keshet},
title = {{Tricks of the Trade: A Deeper Look Into TrickBot’s Machinations}},
date = {2016-11-09},
url = {https://securityintelligence.com/tricks-of-the-trade-a-deeper-look-into-trickbots-machinations/},
language = {English},
urldate = {2019-10-17}
}
Tricks of the Trade: A Deeper Look Into TrickBot’s Machinations TrickBot |
2016-11-07 ⋅ F5 Labs ⋅ Julia Karpin, Shaul Vilkomir-Preisman, Anna Dorfman @online{karpin:20161107:little:598f939,
author = {Julia Karpin and Shaul Vilkomir-Preisman and Anna Dorfman},
title = {{Little Trickbot Growing Up: New Campaign}},
date = {2016-11-07},
organization = {F5 Labs},
url = {https://f5.com/labs/articles/threat-intelligence/malware/little-trickbot-growing-up-new-campaign-24412},
language = {English},
urldate = {2020-01-06}
}
Little Trickbot Growing Up: New Campaign TrickBot |
2016-10-25 ⋅ NetScout ⋅ ASERT Team @online{team:20161025:trickbot:dd465d9,
author = {ASERT Team},
title = {{TrickBot Banker Insights}},
date = {2016-10-25},
organization = {NetScout},
url = {https://www.arbornetworks.com/blog/asert/trickbot-banker-insights/},
language = {English},
urldate = {2019-07-11}
}
TrickBot Banker Insights TrickBot |
2016-10-24 ⋅ Malwarebytes ⋅ Malwarebytes Labs @online{labs:20161024:introducing:e59ac27,
author = {Malwarebytes Labs},
title = {{Introducing TrickBot, Dyreza’s successor}},
date = {2016-10-24},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/},
language = {English},
urldate = {2019-12-20}
}
Introducing TrickBot, Dyreza’s successor TrickBot |
2016-10-15 ⋅ Fidelis Cybersecurity ⋅ Threat Research Team @online{team:20161015:trickbot:cc9f48f,
author = {Threat Research Team},
title = {{TrickBot: We Missed you, Dyre}},
date = {2016-10-15},
organization = {Fidelis Cybersecurity},
url = {https://www.fidelissecurity.com/threatgeek/2016/10/trickbot-we-missed-you-dyre},
language = {English},
urldate = {2019-11-28}
}
TrickBot: We Missed you, Dyre TrickBot |
2016-10-11 ⋅ Symantec ⋅ Symantec Security Response @online{response:20161011:odinaff:bdd6f10,
author = {Symantec Security Response},
title = {{Odinaff: New Trojan used in high level financial attacks}},
date = {2016-10-11},
organization = {Symantec},
url = {https://web.archive.org/web/20161223002016/https://www.symantec.com/connect/blogs/odinaff-new-trojan-used-high-level-financial-attacks},
language = {English},
urldate = {2020-04-21}
}
Odinaff: New Trojan used in high level financial attacks Batel FlawedAmmyy Odinaff RMS Anunak |
2016-07-07 ⋅ Pierluigi Paganini @online{paganini:20160707:new:7c765a2,
author = {Pierluigi Paganini},
title = {{New threat dubbed Zepto Ransomware is spreading out with a new email spam campaign. It is a variant of the recent Locky Ransomware.}},
date = {2016-07-07},
url = {http://securityaffairs.co/wordpress/49094/malware/zepto-ransomware.html},
language = {English},
urldate = {2019-11-22}
}
New threat dubbed Zepto Ransomware is spreading out with a new email spam campaign. It is a variant of the recent Locky Ransomware. Locky |
2016-03-01 ⋅ Malwarebytes ⋅ hasherezade @online{hasherezade:20160301:look:fe35696,
author = {hasherezade},
title = {{Look Into Locky Ransomware}},
date = {2016-03-01},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-analysis/2016/03/look-into-locky/},
language = {English},
urldate = {2019-12-20}
}
Look Into Locky Ransomware Locky |
2016-02-16 ⋅ Symantec ⋅ Dick O'Brien @techreport{obrien:20160216:dridex:7abdc31,
author = {Dick O'Brien},
title = {{Dridex: Tidal waves of spam pushing dangerous financial Trojan}},
date = {2016-02-16},
institution = {Symantec},
url = {https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/dridex-financial-trojan.pdf},
language = {English},
urldate = {2020-01-08}
}
Dridex: Tidal waves of spam pushing dangerous financial Trojan Dridex |
2015-11-10 ⋅ CERT.PL ⋅ CERT.PL @online{certpl:20151110:talking:d93cf24,
author = {CERT.PL},
title = {{Talking to Dridex (part 0) – inside the dropper}},
date = {2015-11-10},
organization = {CERT.PL},
url = {https://www.cert.pl/en/news/single/talking-dridex-part-0-inside-the-dropper/},
language = {English},
urldate = {2020-01-06}
}
Talking to Dridex (part 0) – inside the dropper Dridex |
2015-10-26 ⋅ Blueliv ⋅ Blueliv @techreport{blueliv:20151026:chasing:975ef1a,
author = {Blueliv},
title = {{Chasing cybercrime: network insights of Dyre and Dridex Trojan bankers}},
date = {2015-10-26},
institution = {Blueliv},
url = {https://www.blueliv.com/downloads/documentation/reports/Network_insights_of_Dyre_and_Dridex_Trojan_bankers.pdf},
language = {English},
urldate = {2020-01-13}
}
Chasing cybercrime: network insights of Dyre and Dridex Trojan bankers Dridex Dyre |
2015-10-15 ⋅ BitSight ⋅ AnubisLabs @techreport{anubislabs:20151015:dridex:4dafca8,
author = {AnubisLabs},
title = {{Dridex: Chasing a botnet from the inside}},
date = {2015-10-15},
institution = {BitSight},
url = {https://cdn2.hubspot.net/hubfs/507516/ANB_MIR_Dridex_PRv7_final.pdf},
language = {English},
urldate = {2020-08-06}
}
Dridex: Chasing a botnet from the inside Dridex |
2015-10-13 ⋅ Secureworks ⋅ Brett Stone-Gross @online{stonegross:20151013:dridex:46d9a58,
author = {Brett Stone-Gross},
title = {{Dridex (Bugat v5) Botnet Takeover Operation}},
date = {2015-10-13},
organization = {Secureworks},
url = {https://www.secureworks.com/research/dridex-bugat-v5-botnet-takeover-operation},
language = {English},
urldate = {2020-01-08}
}
Dridex (Bugat v5) Botnet Takeover Operation Dridex |