TA505, the name given by Proofpoint, has been in the cybercrime business for at least four years. This is the group behind the infamous Dridex banking trojan and Locky ransomware, delivered through malicious email campaigns via Necurs botnet. Other malware associated with TA505 include Philadelphia and GlobeImposter ransomware families.
2020-01-07 ⋅ Github (albertzsigovits) ⋅ Albert Zsigovits
@online{zsigovits:20200107:clop:07d2a90,
author = {Albert Zsigovits},
title = {{Clop ransomware Notes}},
date = {2020-01-07},
organization = {Github (albertzsigovits)},
url = {https://github.com/albertzsigovits/malware-notes/blob/master/Clop.md},
language = {English},
urldate = {2020-01-09}
}
Clop ransomware Notes
Clop |
2019-12-20 ⋅ Binary Defense ⋅ James Quinn
@online{quinn:20191220:updated:2408ee7,
author = {James Quinn},
title = {{An Updated ServHelper Tunnel Variant}},
date = {2019-12-20},
organization = {Binary Defense},
url = {https://www.binarydefense.com/an-updated-servhelper-tunnel-variant/},
language = {English},
urldate = {2020-01-13}
}
An Updated ServHelper Tunnel Variant
ServHelper |
2019-12-17 ⋅ Blueliv ⋅ Adrián Ruiz, Jose Miguel Esparza, Blueliv Labs Team
@online{ruiz:20191217:ta505:1c1204e,
author = {Adrián Ruiz and Jose Miguel Esparza and Blueliv Labs Team},
title = {{TA505 evolves ServHelper, uses Predator The Thief and Team Viewer Hijacking}},
date = {2019-12-17},
organization = {Blueliv},
url = {https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/research/servhelper-evolution-and-new-ta505-campaigns/},
language = {English},
urldate = {2020-01-09}
}
TA505 evolves ServHelper, uses Predator The Thief and Team Viewer Hijacking
ServHelper |
2019-11-24 ⋅ Jacob Pimental
@online{pimental:20191124:ta505:fb32d29,
author = {Jacob Pimental},
title = {{TA505 Get2 Analysis}},
date = {2019-11-24},
url = {https://www.goggleheadedhacker.com/blog/post/13},
language = {English},
urldate = {2019-12-17}
}
TA505 Get2 Analysis
Get2 |
2019-11-22 ⋅ CERT-FR ⋅ CERT-FR
@online{certfr:20191122:rapport:c457ee8,
author = {CERT-FR},
title = {{RAPPORT MENACES ET INCIDENTS DU CERT-FR}},
date = {2019-11-22},
organization = {CERT-FR},
url = {https://www.cert.ssi.gouv.fr/cti/CERTFR-2019-CTI-009/},
language = {French},
urldate = {2020-01-07}
}
RAPPORT MENACES ET INCIDENTS DU CERT-FR
Clop |
2019-11-19 ⋅ ACTU ⋅ Rédaction Normandie
@online{normandie:20191119:une:d09ec98,
author = {Rédaction Normandie},
title = {{Une rançon après la cyberattaque au CHU de Rouen ? Ce que réclament les pirates}},
date = {2019-11-19},
organization = {ACTU},
url = {https://actu.fr/normandie/rouen_76540/une-rancon-apres-cyberattaque-chu-rouen-ce-reclament-pirates_29475649.html},
language = {French},
urldate = {2019-12-05}
}
Une rançon après la cyberattaque au CHU de Rouen ? Ce que réclament les pirates
Clop |
2019-10-16 ⋅ Proofpoint ⋅ Proofpoint
@online{proofpoint:20191016:ta505:9bca8d0,
author = {Proofpoint},
title = {{TA505 Timeline}},
date = {2019-10-16},
organization = {Proofpoint},
url = {https://www.proofpoint.com/sites/default/files/ta505_timeline_final4_0.png},
language = {English},
urldate = {2020-01-08}
}
TA505 Timeline
TA505 |
2019-10-16 ⋅ Proofpoint ⋅ Dennis Schwarz, Kafeine, Matthew Mesa, Axel F, Proofpoint Threat Insight Team
@online{schwarz:20191016:ta505:9d7155a,
author = {Dennis Schwarz and Kafeine and Matthew Mesa and Axel F and Proofpoint Threat Insight Team},
title = {{TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader}},
date = {2019-10-16},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/threat-insight/post/ta505-distributes-new-sdbbot-remote-access-trojan-get2-downloader},
language = {English},
urldate = {2020-01-10}
}
TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader
Get2 SDBbot |
2019-10-10 ⋅ AhnLab ⋅ ASEC
@techreport{asec:20191010:asec:6452cd4,
author = {ASEC},
title = {{ASEC Report Vol. 96}},
date = {2019-10-10},
institution = {AhnLab},
url = {https://global.ahnlab.com/global/upload/download/asecreport/ASEC%20REPORT_vol.96_ENG.pdf},
language = {English},
urldate = {2020-01-13}
}
ASEC Report Vol. 96
SDBbot |
2019-10-10 ⋅ Github (StrangerealIntel) ⋅ StrangerealIntel
@online{strangerealintel:20191010:analysis:45d6c09,
author = {StrangerealIntel},
title = {{Analysis of the new TA505 campaign}},
date = {2019-10-10},
organization = {Github (StrangerealIntel)},
url = {https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/cybercriminal%20groups/TA505/04-10-2019/Malware%20Analysis%2004-10-2019.md},
language = {English},
urldate = {2020-01-13}
}
Analysis of the new TA505 campaign
Get2 |
2019-09-09 ⋅ McAfee ⋅ Thomas Roccia, Marc Rivero López, Chintan Shah
@online{roccia:20190909:evolution:baf3b6c,
author = {Thomas Roccia and Marc Rivero López and Chintan Shah},
title = {{Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study}},
date = {2019-09-09},
organization = {McAfee},
url = {https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/evolution-of-malware-sandbox-evasion-tactics-a-retrospective-study/},
language = {English},
urldate = {2020-01-10}
}
Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study
Cutwail Dridex Dyre Kovter Locky Phorpiex Simda |
2019-08-29 ⋅ ThreatRecon ⋅ ThreatRecon Team
@online{team:20190829:sectorj04:ce6cc4b,
author = {ThreatRecon Team},
title = {{SectorJ04 Group’s Increased Activity in 2019}},
date = {2019-08-29},
organization = {ThreatRecon},
url = {https://threatrecon.nshc.net/2019/08/29/sectorj04-groups-increased-activity-in-2019/},
language = {English},
urldate = {2019-10-13}
}
SectorJ04 Group’s Increased Activity in 2019
FlawedAmmyy ServHelper TA505 |
2019-08-27 ⋅ Trend Micro ⋅ Hara Hiroaki, Jaromír Hořejší, Loseway Lu
@online{hiroaki:20190827:ta505:9bcbff1,
author = {Hara Hiroaki and Jaromír Hořejší and Loseway Lu},
title = {{TA505 At It Again: Variety is the Spice of ServHelper and FlawedAmmyy}},
date = {2019-08-27},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/ta505-at-it-again-variety-is-the-spice-of-servhelper-and-flawedammyy/},
language = {English},
urldate = {2019-11-27}
}
TA505 At It Again: Variety is the Spice of ServHelper and FlawedAmmyy
FlawedAmmyy ServHelper |
2019-08-13 ⋅ Adalogics ⋅ David Korczynski
@online{korczynski:20190813:state:a4ad074,
author = {David Korczynski},
title = {{The state of advanced code injections}},
date = {2019-08-13},
organization = {Adalogics},
url = {https://adalogics.com/blog/the-state-of-advanced-code-injections},
language = {English},
urldate = {2020-01-13}
}
The state of advanced code injections
Dridex Emotet Tinba |
2019-08-01 ⋅ McAfee ⋅ Alexandre Mundo, Marc Rivero López
@online{mundo:20190801:clop:fa3429f,
author = {Alexandre Mundo and Marc Rivero López},
title = {{Clop Ransomware}},
date = {2019-08-01},
organization = {McAfee},
url = {https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/clop-ransomware/},
language = {English},
urldate = {2020-01-06}
}
Clop Ransomware
Clop |
2019-07-12 ⋅ CrowdStrike ⋅ Brett Stone-Gross, Sergei Frankoff, Bex Hartley
@online{stonegross:20190712:bitpaymer:113a037,
author = {Brett Stone-Gross and Sergei Frankoff and Bex Hartley},
title = {{BitPaymer Source Code Fork: Meet DoppelPaymer Ransomware and Dridex 2.0}},
date = {2019-07-12},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/},
language = {English},
urldate = {2019-12-20}
}
BitPaymer Source Code Fork: Meet DoppelPaymer Ransomware and Dridex 2.0
DoppelPaymer Dridex FriedEx |
2019-07-04 ⋅ Trend Micro ⋅ Trend Micro
@techreport{micro:20190704:latest:dd6099a,
author = {Trend Micro},
title = {{Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi}},
date = {2019-07-04},
institution = {Trend Micro},
url = {https://documents.trendmicro.com/assets/Tech-Brief-Latest-Spam-Campaigns-from-TA505-Now-Using-New-Malware-Tools-Gelup-and-FlowerPippi.pdf},
language = {English},
urldate = {2020-01-13}
}
Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi
AndroMut |
2019-07-02 ⋅ Proofpoint ⋅ Matthew Mesa, Dennis Schwarz, Proofpoint Threat Insight Team
@online{mesa:20190702:ta505:7f99961,
author = {Matthew Mesa and Dennis Schwarz and Proofpoint Threat Insight Team},
title = {{TA505 begins summer campaigns with a new pet malware downloader, AndroMut, in the UAE, South Korea, Singapore, and the United States}},
date = {2019-07-02},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/threat-insight/post/ta505-begins-summer-campaigns-new-pet-malware-downloader-andromut-uae-south},
language = {English},
urldate = {2019-11-26}
}
TA505 begins summer campaigns with a new pet malware downloader, AndroMut, in the UAE, South Korea, Singapore, and the United States
AndroMut FlawedAmmyy |
2019-05-31 ⋅ Youtube (0verfl0w_) ⋅ 0verfl0w_
@online{0verfl0w:20190531:defeating:eb0994e,
author = {0verfl0w_},
title = {{Defeating Commercial and Custom Packers like a Pro - VMProtect, ASPack, PECompact, and more}},
date = {2019-05-31},
organization = {Youtube (0verfl0w_)},
url = {https://www.youtube.com/watch?v=N4f2e8Mygag},
language = {English},
urldate = {2020-01-08}
}
Defeating Commercial and Custom Packers like a Pro - VMProtect, ASPack, PECompact, and more
FlawedAmmyy Ramnit |
2019-05-29 ⋅ Yoroi ⋅ ZLAB-Yoroi
@online{zlabyoroi:20190529:ta505:07b59dd,
author = {ZLAB-Yoroi},
title = {{TA505 is Expanding its Operations}},
date = {2019-05-29},
organization = {Yoroi},
url = {https://blog.yoroi.company/research/ta505-is-expanding-its-operations/},
language = {English},
urldate = {2020-01-13}
}
TA505 is Expanding its Operations
RMS |
2019-05-28 ⋅ MITRE ⋅ MITRE
@online{mitre:20190528:flawedammyy:c4f6363,
author = {MITRE},
title = {{FlawedAmmyy}},
date = {2019-05-28},
organization = {MITRE},
url = {https://attack.mitre.org/software/S0381/},
language = {English},
urldate = {2020-01-13}
}
FlawedAmmyy
FlawedAmmyy |
2019-05-16 ⋅ Yoroi ⋅ Luigi Martire, Davide Testa, Antonio Pirozzi, Luca Mella
@online{martire:20190516:stealthy:930aa98,
author = {Luigi Martire and Davide Testa and Antonio Pirozzi and Luca Mella},
title = {{The Stealthy Email Stealer in the TA505 Arsenal}},
date = {2019-05-16},
organization = {Yoroi},
url = {https://blog.yoroi.company/research/the-stealthy-email-stealer-in-the-ta505-arsenal/},
language = {English},
urldate = {2019-10-14}
}
The Stealthy Email Stealer in the TA505 Arsenal
TA505 |
2019-05-14 ⋅ GovCERT.ch ⋅ GovCERT.ch
@online{govcertch:20190514:rise:8fd8ef4,
author = {GovCERT.ch},
title = {{The Rise of Dridex and the Role of ESPs}},
date = {2019-05-14},
organization = {GovCERT.ch},
url = {https://www.govcert.admin.ch/blog/28/the-rise-of-dridex-and-the-role-of-esps},
language = {English},
urldate = {2020-01-09}
}
The Rise of Dridex and the Role of ESPs
Dridex |
2019-04-25 ⋅ Cybereason ⋅ Cybereason Nocturnus
@online{nocturnus:20190425:threat:63e7d51,
author = {Cybereason Nocturnus},
title = {{Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware}},
date = {2019-04-25},
organization = {Cybereason},
url = {https://www.cybereason.com/blog/threat-actor-ta505-targets-financial-enterprises-using-lolbins-and-a-new-backdoor-malware},
language = {English},
urldate = {2020-01-08}
}
Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware
ServHelper TA505 |
2019-04-22 ⋅ SANS ⋅ Mike Downey
@online{downey:20190422:unpacking:2cb6558,
author = {Mike Downey},
title = {{Unpacking & Decrypting FlawedAmmyy}},
date = {2019-04-22},
organization = {SANS},
url = {https://www.sans.org/reading-room/whitepapers/reverseengineeringmalware/unpacking-decrypting-flawedammyy-38930},
language = {English},
urldate = {2020-01-09}
}
Unpacking & Decrypting FlawedAmmyy
FlawedAmmyy |
2019-04-02 ⋅ DeepInstinct ⋅ Shaul Vilkomir-Preisman
@online{vilkomirpreisman:20190402:new:4dbdc56,
author = {Shaul Vilkomir-Preisman},
title = {{New ServHelper Variant Employs Excel 4.0 Macro to Drop Signed Payload}},
date = {2019-04-02},
organization = {DeepInstinct},
url = {https://www.deepinstinct.com/2019/04/02/new-servhelper-variant-employs-excel-4-0-macro-to-drop-signed-payload/},
language = {English},
urldate = {2019-07-11}
}
New ServHelper Variant Employs Excel 4.0 Macro to Drop Signed Payload
ServHelper |
2019-03-05 ⋅ Bleeping Computer ⋅ Lawrence Abrams
@online{abrams:20190305:cryptomix:33e7eac,
author = {Lawrence Abrams},
title = {{CryptoMix Clop Ransomware Says It's Targeting Networks, Not Computers}},
date = {2019-03-05},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/cryptomix-clop-ransomware-says-its-targeting-networks-not-computers/},
language = {English},
urldate = {2020-01-13}
}
CryptoMix Clop Ransomware Says It's Targeting Networks, Not Computers
Clop |
2019-02-02 ⋅ Medium Sebdraven ⋅ Sébastien Larinier
@online{larinier:20190202:unpacking:894335d,
author = {Sébastien Larinier},
title = {{Unpacking Clop}},
date = {2019-02-02},
organization = {Medium Sebdraven},
url = {https://medium.com/@Sebdraven/unpacking-clop-416b83718e0f},
language = {English},
urldate = {2020-01-06}
}
Unpacking Clop
Clop |
2019-01-24 ⋅ 奇安信威胁情报中心 ⋅ 事件追踪
@online{:20190124:excel:2dd401c,
author = {事件追踪},
title = {{Excel 4.0 Macro Utilized by TA505 to Target Financial Institutions Recently}},
date = {2019-01-24},
organization = {奇安信威胁情报中心},
url = {https://ti.360.net/blog/articles/excel-4.0-macro-utilized-by-ta505-to-target-financial-institutions-recently-en/},
language = {English},
urldate = {2019-12-02}
}
Excel 4.0 Macro Utilized by TA505 to Target Financial Institutions Recently
ServHelper |
2019-01-14 ⋅ Möbius Strip Reverse Engineering ⋅ Rolf Rolles
@online{rolles:20190114:quick:42a2552,
author = {Rolf Rolles},
title = {{A Quick Solution to an Ugly Reverse Engineering Problem}},
date = {2019-01-14},
organization = {Möbius Strip Reverse Engineering},
url = {https://www.msreverseengineering.com/blog/2019/1/14/a-quick-solution-to-an-ugly-reverse-engineering-problem},
language = {English},
urldate = {2020-01-13}
}
A Quick Solution to an Ugly Reverse Engineering Problem
FlawedGrace |
2019-01-11 ⋅ Threatpost ⋅ Tara Seals
@online{seals:20190111:ta505:48e9745,
author = {Tara Seals},
title = {{TA505 Crime Gang Debuts Brand-New ServHelper Backdoor}},
date = {2019-01-11},
organization = {Threatpost},
url = {https://threatpost.com/ta505-servhelper-malware/140792/},
language = {English},
urldate = {2020-01-08}
}
TA505 Crime Gang Debuts Brand-New ServHelper Backdoor
TA505 |
2019-01-10 ⋅ Bleeping Computer ⋅ Ionut Ilascu
@online{ilascu:20190110:ta505:12f4881,
author = {Ionut Ilascu},
title = {{TA505 Group Adopts New ServHelper Backdoor and FlawedGrace RAT}},
date = {2019-01-10},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/ta505-group-adopts-new-servhelper-backdoor-and-flawedgrace-rat/},
language = {English},
urldate = {2019-12-20}
}
TA505 Group Adopts New ServHelper Backdoor and FlawedGrace RAT
TA505 |
2019-01-09 ⋅ Proofpoint ⋅ Dennis Schwarz, Proofpoint Staff
@online{schwarz:20190109:servhelper:e20586c,
author = {Dennis Schwarz and Proofpoint Staff},
title = {{ServHelper and FlawedGrace - New malware introduced by TA505}},
date = {2019-01-09},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/threat-insight/post/servhelper-and-flawedgrace-new-malware-introduced-ta505},
language = {English},
urldate = {2019-12-20}
}
ServHelper and FlawedGrace - New malware introduced by TA505
FlawedGrace ServHelper |
2019 ⋅ CyberInt ⋅ CyberInt
@techreport{cyberint:2019:legit:9925ea3,
author = {CyberInt},
title = {{Legit Remote Admin Tools Turn into Threat Actors' Tools}},
date = {2019},
institution = {CyberInt},
url = {https://e.cyberint.com/hubfs/Report%20Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors%20Tools/CyberInt_Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors'%20Tools_Report.pdf},
language = {English},
urldate = {2019-12-19}
}
Legit Remote Admin Tools Turn into Threat Actors' Tools
RMS ServHelper TA505 |
2018-12-18 ⋅ Trend Micro ⋅ Trendmicro
@online{trendmicro:20181218:ursnif:cc5ce31,
author = {Trendmicro},
title = {{URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader}},
date = {2018-12-18},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/ursnif-emotet-dridex-and-bitpaymer-gangs-linked-by-a-similar-loader/},
language = {English},
urldate = {2020-01-07}
}
URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader
Dridex Emotet FriedEx ISFB |
2018-07-19 ⋅ Proofpoint ⋅ Proofpoint Staff
@online{staff:20180719:ta505:3c29d5a,
author = {Proofpoint Staff},
title = {{TA505 Abusing SettingContent-ms within PDF files to Distribute FlawedAmmyy RAT}},
date = {2018-07-19},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/threat-insight/post/ta505-abusing-settingcontent-ms-within-pdf-files-distribute-flawedammyy-rat},
language = {English},
urldate = {2019-12-20}
}
TA505 Abusing SettingContent-ms within PDF files to Distribute FlawedAmmyy RAT
FlawedAmmyy |
2018-06-28 ⋅ Secrary Blog ⋅ Lasha Khasaia
@online{khasaia:20180628:brief:d854824,
author = {Lasha Khasaia},
title = {{A Brief Overview of the AMMYY RAT Downloader}},
date = {2018-06-28},
organization = {Secrary Blog},
url = {https://secrary.com/ReversingMalware/AMMY_RAT_Downloader/},
language = {English},
urldate = {2020-01-13}
}
A Brief Overview of the AMMYY RAT Downloader
FlawedAmmyy |
2018-03-07 ⋅ Proofpoint ⋅ Proofpoint Staff
@online{staff:20180307:leaked:5e33f64,
author = {Proofpoint Staff},
title = {{Leaked Ammyy Admin Source Code Turned into Malware}},
date = {2018-03-07},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/threat-insight/post/leaked-source-code-ammyy-admin-turned-flawedammyy-rat},
language = {English},
urldate = {2019-12-20}
}
Leaked Ammyy Admin Source Code Turned into Malware
FlawedAmmyy QuantLoader |
2018-01-26 ⋅ ESET Research ⋅ Michal Poslušný
@online{poslun:20180126:friedex:3c3f46b,
author = {Michal Poslušný},
title = {{FriedEx: BitPaymer ransomware the work of Dridex authors}},
date = {2018-01-26},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2018/01/26/friedex-bitpaymer-ransomware-work-dridex-authors/},
language = {English},
urldate = {2019-11-14}
}
FriedEx: BitPaymer ransomware the work of Dridex authors
Dridex FriedEx |
2017-11-07 ⋅ ThreatVector ⋅ Cylance Threat Research Team
@online{team:20171107:locky:a38e9b5,
author = {Cylance Threat Research Team},
title = {{Locky Ransomware}},
date = {2017-11-07},
organization = {ThreatVector},
url = {https://www.cylance.com/en_us/blog/threat-spotlight-locky-ransomware.html},
language = {English},
urldate = {2020-01-07}
}
Locky Ransomware
Locky |
2017-09-27 ⋅ Proofpoint ⋅ Proofpoint Staff
@online{staff:20170927:threat:272e6ac,
author = {Proofpoint Staff},
title = {{Threat Actor Profile: TA505, From Dridex to GlobeImposter}},
date = {2017-09-27},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta505-dridex-globeimposter},
language = {English},
urldate = {2019-12-20}
}
Threat Actor Profile: TA505, From Dridex to GlobeImposter
TA505 |
2017-09-21 ⋅ Malwarebytes ⋅ Jérôme Segura
@online{segura:20170921:fake:5f5963f,
author = {Jérôme Segura},
title = {{Fake IRS notice delivers customized spying tool}},
date = {2017-09-21},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-analysis/2017/09/cve-2017-0199-used-to-deliver-modified-rms-agent-rat/},
language = {English},
urldate = {2019-12-20}
}
Fake IRS notice delivers customized spying tool
RMS |
2017-08-16 ⋅ Bleeping Computer ⋅ Lawrence Abrams
@online{abrams:20170816:locky:7445bd0,
author = {Lawrence Abrams},
title = {{Locky Ransomware switches to the Lukitus extension for Encrypted Files}},
date = {2017-08-16},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/locky-ransomware-switches-to-the-lukitus-extension-for-encrypted-files/},
language = {English},
urldate = {2019-12-20}
}
Locky Ransomware switches to the Lukitus extension for Encrypted Files
Locky |
2017-08-10 ⋅ botfrei Blog ⋅ Tom Berchem
@online{berchem:20170810:weltweite:5df6bfa,
author = {Tom Berchem},
title = {{Weltweite Spamwelle verbreitet teuflische Variante des Locky}},
date = {2017-08-10},
organization = {botfrei Blog},
url = {https://blog.botfrei.de/2017/08/weltweite-spamwelle-verbreitet-teufliche-variante-des-locky/},
language = {German},
urldate = {2019-12-10}
}
Weltweite Spamwelle verbreitet teuflische Variante des Locky
Locky |
2017-07-25 ⋅ Github (viql) ⋅ Johannes Bader
@online{bader:20170725:dridex:44f64d8,
author = {Johannes Bader},
title = {{Dridex Loot}},
date = {2017-07-25},
organization = {Github (viql)},
url = {https://viql.github.io/dridex/},
language = {English},
urldate = {2020-01-07}
}
Dridex Loot
Dridex |
2017-06-22 ⋅ Bleeping Computer ⋅ Catalin Cimpanu
@online{cimpanu:20170622:locky:4a088f0,
author = {Catalin Cimpanu},
title = {{Locky Ransomware Returns, but Targets Only Windows XP & Vista}},
date = {2017-06-22},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/locky-ransomware-returns-but-targets-only-windows-xp-and-vista/},
language = {English},
urldate = {2019-12-20}
}
Locky Ransomware Returns, but Targets Only Windows XP & Vista
Locky |
2017-06-21 ⋅ Cisco ⋅ Alex Chiu, Warren Mercer, Jaeson Schultz, Sean Baird, Matthew Molyett
@online{chiu:20170621:player:b44064a,
author = {Alex Chiu and Warren Mercer and Jaeson Schultz and Sean Baird and Matthew Molyett},
title = {{Player 1 Limps Back Into the Ring - Hello again, Locky!}},
date = {2017-06-21},
organization = {Cisco},
url = {http://blog.talosintelligence.com/2017/06/necurs-locky-campaign.html},
language = {English},
urldate = {2019-12-17}
}
Player 1 Limps Back Into the Ring - Hello again, Locky!
Locky |
2017-02-28 ⋅ Security Intelligence ⋅ Magal Baz, Or Safran
@online{baz:20170228:dridexs:f72a5ec,
author = {Magal Baz and Or Safran},
title = {{Dridex’s Cold War: Enter AtomBombing}},
date = {2017-02-28},
organization = {Security Intelligence},
url = {https://securityintelligence.com/dridexs-cold-war-enter-atombombing/},
language = {English},
urldate = {2019-12-16}
}
Dridex’s Cold War: Enter AtomBombing
Dridex |
2017-01-31 ⋅ Malwarebytes ⋅ Malwarebytes Labs
@online{labs:20170131:locky:92db484,
author = {Malwarebytes Labs},
title = {{Locky Bart ransomware and backend server analysis}},
date = {2017-01-31},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-analysis/2017/01/locky-bart-ransomware-and-backend-server-analysis/},
language = {English},
urldate = {2019-12-20}
}
Locky Bart ransomware and backend server analysis
Locky |
2017-01-26 ⋅ Flashpoint ⋅ Flashpoint
@online{flashpoint:20170126:dridex:2ca4920,
author = {Flashpoint},
title = {{Dridex Banking Trojan Returns, Leverages New UAC Bypass Method}},
date = {2017-01-26},
organization = {Flashpoint},
url = {https://www.flashpoint-intel.com/blog-dridex-banking-trojan-returns/},
language = {English},
urldate = {2020-01-08}
}
Dridex Banking Trojan Returns, Leverages New UAC Bypass Method
Dridex |
2016-07-07 ⋅ Pierluigi Paganini
@online{paganini:20160707:new:7c765a2,
author = {Pierluigi Paganini},
title = {{New threat dubbed Zepto Ransomware is spreading out with a new email spam campaign. It is a variant of the recent Locky Ransomware.}},
date = {2016-07-07},
url = {http://securityaffairs.co/wordpress/49094/malware/zepto-ransomware.html},
language = {English},
urldate = {2019-11-22}
}
New threat dubbed Zepto Ransomware is spreading out with a new email spam campaign. It is a variant of the recent Locky Ransomware.
Locky |
2016-03-01 ⋅ Malwarebytes ⋅ hasherezade
@online{hasherezade:20160301:look:fe35696,
author = {hasherezade},
title = {{Look Into Locky Ransomware}},
date = {2016-03-01},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-analysis/2016/03/look-into-locky/},
language = {English},
urldate = {2019-12-20}
}
Look Into Locky Ransomware
Locky |
2016-02-16 ⋅ Symantec ⋅ Dick O'Brien
@techreport{obrien:20160216:dridex:7abdc31,
author = {Dick O'Brien},
title = {{Dridex: Tidal waves of spam pushing dangerous financial Trojan}},
date = {2016-02-16},
institution = {Symantec},
url = {https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/dridex-financial-trojan.pdf},
language = {English},
urldate = {2020-01-08}
}
Dridex: Tidal waves of spam pushing dangerous financial Trojan
Dridex |
2015-11-10 ⋅ CERT.PL ⋅ CERT.PL
@online{certpl:20151110:talking:d93cf24,
author = {CERT.PL},
title = {{Talking to Dridex (part 0) – inside the dropper}},
date = {2015-11-10},
organization = {CERT.PL},
url = {https://www.cert.pl/en/news/single/talking-dridex-part-0-inside-the-dropper/},
language = {English},
urldate = {2020-01-06}
}
Talking to Dridex (part 0) – inside the dropper
Dridex |
2015-10-26 ⋅ Blueliv ⋅ Blueliv
@techreport{blueliv:20151026:chasing:975ef1a,
author = {Blueliv},
title = {{Chasing cybercrime: network insights of Dyre and Dridex Trojan bankers}},
date = {2015-10-26},
institution = {Blueliv},
url = {https://www.blueliv.com/downloads/documentation/reports/Network_insights_of_Dyre_and_Dridex_Trojan_bankers.pdf},
language = {English},
urldate = {2020-01-13}
}
Chasing cybercrime: network insights of Dyre and Dridex Trojan bankers
Dridex Dyre |
2015-10-13 ⋅ Secureworks ⋅ Brett Stone-Gross
@online{stonegross:20151013:dridex:46d9a58,
author = {Brett Stone-Gross},
title = {{Dridex (Bugat v5) Botnet Takeover Operation}},
date = {2015-10-13},
organization = {Secureworks},
url = {https://www.secureworks.com/research/dridex-bugat-v5-botnet-takeover-operation},
language = {English},
urldate = {2020-01-08}
}
Dridex (Bugat v5) Botnet Takeover Operation
Dridex |