WIZARD SPIDER (Threat Actor)

SYMBOL	COMMON_NAME	aka. SYNONYMS

WIZARD SPIDER (Back to overview)

aka: TEMP.MixMaster

Wizard Spider is reportedly associated with Grim Spider and Lunar Spider. The WIZARD SPIDER threat group is the Russia-based operator of the TrickBot banking malware. This group represents a growing criminal enterprise of which GRIM SPIDER appears to be a subset. The LUNAR SPIDER threat group is the Eastern European-based operator and developer of the commodity banking malware called BokBot (aka IcedID), which was first observed in April 2017. The BokBot malware provides LUNAR SPIDER affiliates with a variety of capabilities to enable credential theft and wire fraud, through the use of webinjects and a malware distribution function. GRIM SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER, a criminal enterprise of which GRIM SPIDER appears to be a cell. The WIZARD SPIDER threat group, known as the Russia-based operator of the TrickBot banking malware, had focused primarily on wire fraud in the past.

Associated Families

win.dyre win.trickbot win.anchor win.ryuk

References

2021-02-23 ⋅ CrowdStrike ⋅ CrowdStrike
2021 Global Threat Report
RansomEXX Amadey Anchor Avaddon Ransomware BazarBackdoor Clop Cobalt Strike Conti Ransomware Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet Ransomware ShadowPad SmokeLoader Snake Ransomware SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader

2021-02-22 ⋅ YouTube ( Malware_Analyzing_&_RE_Tips_Tricks) ⋅ Jiří Vinopal
Ryuk Ransomware API Resolving in 10 minutes
Ryuk

2021-02-11 ⋅ CTI LEAGUE ⋅ CTI LEAGUE
CTIL Darknet Report – 2021
Conti Ransomware Mailto Maze REvil Ryuk

2021-02-08 ⋅ ESET Research ⋅ ESET Research
THREAT REPORT Q4 2020
TrickBot

2021-02-04 ⋅ ClearSky ⋅ ClearSky Research Team
CONTI Modus Operandi and Bitcoin Tracking
Conti Ransomware Ryuk

2021-02-02 ⋅ CRONUP ⋅ CRONUP
De ataque con Malware a incidente de Ransomware
Avaddon Ransomware BazarBackdoor Buer Clop Cobalt Strike Conti Ransomware DanaBot Dharma Dridex Egregor Emotet Empire Downloader FriedEx GootKit IcedID MegaCortex Nemty Phorpiex PwndLocker PyXie QakBot RansomEXX REvil Ryuk SDBbot SmokeLoader TrickBot Zloader

2021-02-01 ⋅ Microsoft ⋅ Microsoft 365 Defender Threat Intelligence Team
What tracking an attacker email infrastructure tells us about persistent cybercriminal operations
Dridex Emotet Makop Ransomware SmokeLoader TrickBot

2021-02-01 ⋅ Twitter (@IntelAdvanced) ⋅ Advanced Intelligence
Tweet on Active Directory Exploitation by RYUK "one" group
Ryuk

2021-02-01 ⋅ Kryptos Logic ⋅ Kryptos Logic Vantage Team
Trickbot masrv Module
TrickBot

2021-01-31 ⋅ The DFIR Report ⋅ The DFIR Report
Bazar, No Ryuk?
BazarBackdoor Cobalt Strike Ryuk

2021-01-28 ⋅ Youtube (Virus Bulletin) ⋅ Benoît Ancel
The Bagsu banker case
Azorult DreamBot Emotet Pony TrickBot ZeusAction

2021-01-28 ⋅ Huntress Labs ⋅ John Hammond
Analyzing Ryuk Another Link in the Cyber Attack Chain
BazarBackdoor Ryuk

2021-01-26 ⋅ IBM ⋅ Nir Shwarts
TrickBot’s Survival Instinct Prevails — What’s Different About the TrickBoot Version?
TrickBot

2021-01-25 ⋅ Twitter (@IntelAdvanced) ⋅ Advanced Intelligence
Tweet on Ryuk Ransomware group's post exploitation tactics including usage of Keethief tool
Ryuk

2021-01-20 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Joshua Platt
Anchor and Lazarus together again?
Anchor TrickBot

2021-01-19 ⋅ Palo Alto Networks Unit 42 ⋅ Brad Duncan
Wireshark Tutorial: Examining Emotet Infection Traffic
Emotet GootKit IcedID QakBot TrickBot

2021-01-11 ⋅ The DFIR Report ⋅ The DFIR Report
Trickbot Still Alive and Well
Cobalt Strike TrickBot

2021-01-07 ⋅ Advanced Intelligence ⋅ Vitali Kremez, Brian Carter, HYAS
Crime Laundering Primer: Inside Ryuk Crime (Crypto) Ledger & Risky Asian Crypto Traders
Ryuk

2021-01-06 ⋅ DomainTools ⋅ Joe Slowik
Holiday Bazar: Tracking a TrickBot-Related Ransomware Incident
BazarBackdoor TrickBot

2021-01-04 ⋅ SentinelOne ⋅ Marco Figueroa
Building a Custom Malware Analysis Lab Environment
TrickBot

2020-12-28 ⋅ 0xC0DECAFE ⋅ Thomas Barabosch
Never upload ransomware samples to the Internet
Ryuk

2020-12-22 ⋅ TRUESEC ⋅ Mattias Wåhlén
Collaboration between FIN7 and the RYUK group, a Truesec Investigation
Carbanak Cobalt Strike Ryuk

2020-12-21 ⋅ KEYSIGHT TECHNOLOGIES ⋅ Edsel Valle
TrickBot: A Closer Look
TrickBot

2020-12-21 ⋅ IronNet ⋅ Adam Hlavek, Kimberly Ortiz
Russian cyber attack campaigns and actors
WellMail elf.wellmess Agent.BTZ BlackEnergy EternalPetya Havex RAT Industroyer Ryuk Triton WellMess

2020-12-16 ⋅ Accenture ⋅ Paul Mansfield
Tracking and combatting an evolving danger: Ransomware extortion
DarkSide Egregor Maze Nefilim Ransomware RagnarLocker REvil Ryuk SunCrypt

2020-12-10 ⋅ US-CERT ⋅ US-CERT, FBI, MS-ISAC
Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data
PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim Ransomware REvil Ryuk Zeus

2020-12-10 ⋅ Cybereason ⋅ Joakim Kandefelt
Cybereason vs. Ryuk Ransomware
BazarBackdoor Ryuk TrickBot

2020-12-10 ⋅ CyberInt ⋅ CyberInt
Ryuk Crypto-Ransomware
Ryuk TrickBot

2020-12-09 ⋅ Cisco ⋅ David Liebenberg, Caitlin Huey
Quarterly Report: Incident Response trends from Fall 2020
Cobalt Strike IcedID Maze RansomEXX Ryuk

2020-12-03 ⋅ Eclypsium ⋅ Eclypsium
TrickBot Now Offers ‘TrickBoot’: Persist, Brick, Profit
TrickBot

2020-11-23 ⋅ Bitdefender ⋅ Liviu Arsene, Radu Tudorica
TrickBot is Dead. Long Live TrickBot!
TrickBot

2020-11-22 ⋅ malware.love ⋅ Robert Giczewski
Trickbot tricks again [UPDATE]
TrickBot

2020-11-20 ⋅ ZDNet ⋅ Catalin Cimpanu
The malware that usually installs ransomware and you need to remove right away
Avaddon Ransomware BazarBackdoor Buer Clop Cobalt Strike Conti Ransomware DoppelPaymer Dridex Egregor Emotet FriedEx MegaCortex Phorpiex PwndLocker QakBot Ryuk SDBbot TrickBot Zloader

2020-11-20 ⋅ Bleeping Computer ⋅ Lawrence Abrams
LightBot: TrickBot’s new reconnaissance malware for high-value targets
LightBot TrickBot

2020-11-19 ⋅ Threatpost ⋅ Elizabeth Montalbano
APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies
Quasar RAT Ryuk

2020-11-18 ⋅ DomainTools ⋅ Joe Slowik
Analyzing Network Infrastructure as Composite Objects
Ryuk

2020-11-18 ⋅ Sophos ⋅ Sophos
SOPHOS 2021 THREAT REPORT Navigating cybersecurity in an uncertain world
Agent Tesla Dridex TrickBot Zloader

2020-11-17 ⋅ malware.love ⋅ Robert Giczewski
Trickbot tricks again
TrickBot

2020-11-17 ⋅ Twitter (@VK_intel) ⋅ Vitali Kremez
Tweet on a new fileless TrickBot loading method using code from MemoryModule
TrickBot

2020-11-17 ⋅ Salesforce Engineering ⋅ John Althouse
Easily Identify Malicious Servers on the Internet with JARM
Cobalt Strike TrickBot

2020-11-16 ⋅ Intel 471 ⋅ Intel 471
Ransomware-as-a-service: The pandemic within a pandemic
Avaddon Ransomware Clop Conti Ransomware DoppelPaymer Egregor Hakbit Mailto Maze Mespinoza RagnarLocker REvil Ryuk SunCrypt ThunderX Ransomware

2020-11-14 ⋅ Medium 0xastrovax ⋅ astrovax
Deep Dive Into Ryuk Ransomware
Hermes Ryuk

2020-11-12 ⋅ Hurricane Labs ⋅ Dusty Miller
Splunking with Sysmon Part 4: Detecting Trickbot
TrickBot

2020-11-10 ⋅ Intel 471 ⋅ Intel 471
Trickbot down, but is it out?
BazarBackdoor TrickBot

2020-11-06 ⋅ Advanced Intelligence ⋅ Vitali Kremez
Anatomy of Attack: Inside BazarBackdoor to Ryuk Ransomware "one" Group via Cobalt Strike
BazarBackdoor Cobalt Strike Ryuk

2020-11-05 ⋅ The DFIR Report ⋅ The DFIR Report
Ryuk Speed Run, 2 Hours to Ransom
BazarBackdoor Cobalt Strike Ryuk

2020-11-05 ⋅ Github (scythe-io) ⋅ SCYTHE
Ryuk Adversary Emulation Plan
Ryuk

2020-11-05 ⋅ Twitter (@ffforward) ⋅ TheAnalyst
Tweet on Zloader infection leads to Cobaltstrike Installation and deployment of RYUK
Cobalt Strike Ryuk Zloader

2020-11-05 ⋅ SCYTHE ⋅ Jorge Orchilles, Sean Lyngaas
#ThreatThursday - Ryuk
BazarBackdoor Ryuk

2020-11-04 ⋅ VMRay ⋅ Giovanni Vigna
Trick or Threat: Ryuk ransomware targets the health care industry
BazarBackdoor Cobalt Strike Ryuk TrickBot

2020-10-31 ⋅ splunk ⋅ Ryan Kovar
Ryuk and Splunk Detections
Ryuk

2020-10-30 ⋅ Github (ThreatConnect-Inc) ⋅ ThreatConnect
UNC 1878 Indicators from Threatconnect
BazarBackdoor Cobalt Strike Ryuk

2020-10-30 ⋅ Cofense ⋅ The Cofense Intelligence Team
The Ryuk Threat: Why BazarBackdoor Matters Most
BazarBackdoor Ryuk

2020-10-29 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Hacking group is targeting US hospitals with Ryuk ransomware
Ryuk

2020-10-29 ⋅ Reuters ⋅ Christopher Bing, Joseph Menn
Building wave of ransomware attacks strike U.S. hospitals
Ryuk

2020-10-29 ⋅ CNN ⋅ Vivian Salama, Alex Marquardt, Lauren Mascarenhas
Several hospitals targeted in new wave of ransomware attacks
Ryuk

2020-10-29 ⋅ Twitter (@SophosLabs) ⋅ SophosLabs
Tweet on similarities between BUER in-memory loader & RYUK in-memory loader
Buer Ryuk

2020-10-29 ⋅ Red Canary ⋅ The Red Canary Team
A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak
Cobalt Strike Ryuk TrickBot

2020-10-29 ⋅ RiskIQ ⋅ RiskIQ
Ryuk Ransomware: Extensive Attack Infrastructure Revealed
Cobalt Strike Ryuk

2020-10-29 ⋅ Palo Alto Networks Unit 42 ⋅ Brittany Barbehenn, Doel Santos, Brad Duncan
Threat Assessment: Ryuk Ransomware and Trickbot Targeting U.S. Healthcare and Public Health Sector
Anchor BazarBackdoor Ryuk TrickBot

2020-10-29 ⋅ Twitter (@anthomsec) ⋅ Andrew Thompson
Tweet on UNC1878 activity
BazarBackdoor Ryuk TrickBot UNC1878

2020-10-29 ⋅ McAfee ⋅ McAfee Labs
McAfee Labs Threat Advisory Ransom-Ryuk
Ryuk

2020-10-28 ⋅ Youtube (SANS Institute) ⋅ Katie Nickels, Van Ta, Aaron Stephens
Spooky RYUKy: The Return of UNC1878 | SANS STAR Webcast
Ryuk UNC1878

2020-10-28 ⋅ Github (aaronst) ⋅ Aaron Stephens
UNC1878 indicators
Ryuk UNC1878

2020-10-28 ⋅ Youtube (SANS Digital Forensics and Incident Response) ⋅ Van Ta, Aaron Stephens, Katie Nickels
STAR Webcast: Spooky RYUKy: The Return of UNC1878
Ryuk

2020-10-28 ⋅ CISA ⋅ CISA, FBI, HHS
AA20-302A: Ransomware Activity Targeting the Healthcare and Public Health Sector
Anchor_DNS Anchor BazarBackdoor Ryuk

2020-10-28 ⋅ FireEye ⋅ Kimberly Goody, Jeremy Kennelly, Joshua Shilko, Steve Elovitz, Douglas Bienstock
Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser
BazarBackdoor Cobalt Strike Ryuk UNC1878

2020-10-28 ⋅ KrebsOnSecurity ⋅ Brian Krebs
FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals
Ryuk

2020-10-28 ⋅ SophosLabs Uncut ⋅ Sean Gallagher, Peter Mackenzie, Elida Leite, Syed Shahram, Bill Kearny, Anand Ajjan, Brett Cove, Gabor Szappanos
Hacks for sale: inside the Buer Loader malware-as-a-service
Buer Ryuk Zloader

2020-10-27 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Steelcase furniture giant hit by Ryuk ransomware attack
Ryuk

2020-10-26 ⋅ Arbor Networks ⋅ Suweera De Souza
Dropping the Anchor
Anchor_DNS Anchor TrickBot

2020-10-26 ⋅ ThreatConnect ⋅ ThreatConnect Research Team
ThreatConnect Research Roundup: Ryuk and Domains Spoofing ESET and Microsoft
Ryuk

2020-10-26 ⋅ Checkpoint ⋅ Itay Cohen, Eyal Itkin
Exploit Developer Spotlight: The Story of PlayBit
Dyre Maze PyLocky Ramnit REvil

2020-10-22 ⋅ Bleeping Computer ⋅ Lawrence Abrams
French IT giant Sopra Steria hit by Ryuk ransomware
Ryuk

2020-10-22 ⋅ Sentinel LABS ⋅ Marco Figueroa
An Inside Look at How Ryuk Evolved Its Encryption and Evasion Techniques
Ryuk

2020-10-20 ⋅ Intel 471 ⋅ Intel 471
Global Trickbot disruption operation shows promise
TrickBot

2020-10-20 ⋅ Bundesamt für Sicherheit in der Informationstechnik ⋅ BSI
Die Lage der IT-Sicherheit in Deutschland 2020
Clop Emotet REvil Ryuk TrickBot

2020-10-20 ⋅ Microsoft ⋅ Tom Burt
An update on disruption of Trickbot
TrickBot

2020-10-18 ⋅ The DFIR Report ⋅ The DFIR Report
Ryuk in 5 Hours
BazarBackdoor Cobalt Strike Ryuk

2020-10-16 ⋅ CrowdStrike ⋅ The Crowdstrike Intel Team
WIZARD SPIDER Update: Resilient, Reactive and Resolute
BazarBackdoor Conti Ransomware Ryuk TrickBot

2020-10-16 ⋅ Duo ⋅ Dennis Fisher
Trickbot Up to Its Old Tricks
TrickBot

2020-10-16 ⋅ ThreatConnect ⋅ ThreatConnect Research Team
ThreatConnect Research Roundup: Possible Ryuk Infrastructure
Ryuk

2020-10-15 ⋅ Intel 471 ⋅ Intel 471
That was quick: Trickbot is back after disruption attempts
TrickBot

2020-10-15 ⋅ Department of Justice ⋅ Department of Justice
Officials Announce International Operation Targeting Transnational Criminal Organization QQAAZZ that Provided Money Laundering Services to High-Level Cybercriminals
Dridex ISFB TrickBot

2020-10-14 ⋅ Sophos ⋅ Sean Gallagher
They’re back: inside a new Ryuk ransomware attack
Cobalt Strike Ryuk SystemBC

2020-10-13 ⋅ VirusTotal ⋅ Gerardo Fernández, Vicente Diaz
Tracing fresh Ryuk campaigns itw
Ryuk

2020-10-12 ⋅ Lumen ⋅ Black Lotus Labs
A Look Inside The TrickBot Botnet
TrickBot

2020-10-12 ⋅ ESET Research ⋅ Jean-Ian Boutin
ESET takes part in global operation to disrupt Trickbot
TrickBot

2020-10-12 ⋅ Microsoft ⋅ Microsoft 365 Defender Threat Intelligence Team
Trickbot disrupted
TrickBot

2020-10-12 ⋅ US District Court for the Eastern District of Virginia
TRICKBOT complaint
TrickBot

2020-10-12 ⋅ Symantec ⋅ Threat Hunter Team
Trickbot: U.S. Court Order Hits Botnet’s Infrastructure
Ryuk TrickBot

2020-10-12 ⋅ Microsoft ⋅ Tom Burt
New action to combat ransomware ahead of U.S. elections
Ryuk TrickBot

2020-10-12 ⋅ Advanced Intelligence ⋅ Roman Marshanski, Vitali Kremez
"Front Door" into BazarBackdoor: Stealthy Cybercrime Weapon
BazarBackdoor Cobalt Strike Ryuk

2020-10-10 ⋅ The Washington Post ⋅ Ellen Nakashima
Cyber Command has sought to disrupt the world’s largest botnet, hoping to reduce its potential impact on the election
TrickBot

2020-10-08 ⋅ The DFIR Report ⋅ The DFIR Report
Ryuk’s Return
BazarBackdoor Cobalt Strike Ryuk

2020-10-08 ⋅ Bromium ⋅ Alex Holland
Droppers, Downloaders and TrickBot: Detecting a Stealthy COVID-19-themed Campaign using Toolmarks
TrickBot

2020-10-02 ⋅ KrebsOnSecurity ⋅ Brian Krebs
Attacks Aimed at Disrupting the Trickbot Botnet
TrickBot

2020-10-02 ⋅ Health Sector Cybersecurity Coordination Center (HC3) ⋅ Health Sector Cybersecurity Coordination Center (HC3)
Report 202010021600: Recent Bazarloader Use in Ransomware Campaigns
BazarBackdoor Cobalt Strike Ryuk TrickBot

2020-09-29 ⋅ Microsoft ⋅ Microsoft
Microsoft Digital Defense Report
Emotet IcedID Mailto Maze QakBot REvil RobinHood TrickBot

2020-09-24 ⋅ Kaspersky Labs ⋅ Kaspersky Lab ICS CERT
Threat landscape for industrial automation systems - H1 2020
Poet RAT Mailto Milum RagnarLocker REvil Ryuk Snake Ransomware

2020-09-22 ⋅ OSINT Fans ⋅ Gabor Szathmari
What Service NSW has to do with Russia?
TrickBot

2020-09-16 ⋅ Intel 471 ⋅ Intel 471
Partners in crime: North Koreans and elite Russian-speaking cybercriminals
TrickBot

2020-09-01 ⋅ Cisco Talos ⋅ David Liebenberg, Caitlin Huey
Quarterly Report: Incident Response trends in Summer 2020
Cobalt Strike LockBit Mailto Maze Ryuk

2020-08-31 ⋅ cyber.wtf blog ⋅ Luca Ebach
Trickbot rdpscanDll – Transforming Candidate Credentials for Brute-Forcing RDP Servers
TrickBot

2020-08-20 ⋅ sensecy ⋅ cyberthreatinsider
Global Ransomware Attacks in 2020: The Top 4 Vulnerabilities
Clop Maze REvil Ryuk

2020-08-20 ⋅ CERT-FR ⋅ CERT-FR
Development of the Activity of the TA505 Cybercriminal Group
AndroMut Bart Clop Dridex FlawedAmmyy FlawedGrace Get2 Locky Marap QuantLoader SDBbot ServHelper tRat TrickBot

2020-08-18 ⋅ Arete ⋅ Arete Incident Response
Is Conti the New Ryuk?
Conti Ransomware Ryuk

2020-08 ⋅ Temple University ⋅ CARE
Critical Infrastructure Ransomware Attacks
CryptoLocker Cryptowall DoppelPaymer FriedEx Mailto Maze REvil Ryuk SamSam WannaCryptor

2020-07-29 ⋅ ESET Research ⋅ welivesecurity
THREAT REPORT Q2 2020
DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos Ransomware PlugX Pony REvil Socelars STOP Ransomware Tinba TrickBot WannaCryptor

2020-07-22 ⋅ SentinelOne ⋅ Jason Reaves, Joshua Platt
Enter the Maze: Demystifying an Affiliate Involved in Maze (SNOW)
ISFB Maze TrickBot Zloader

2020-07-20 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Emotet-TrickBot malware duo is back infecting Windows machines
Emotet TrickBot

2020-07-13 ⋅ JoeSecurity ⋅ Joe Security
TrickBot's new API-Hammering explained
TrickBot

2020-07-11 ⋅ BleepingComputer ⋅ Lawrence Abrams
TrickBot malware mistakenly warns victims that they are infected
TrickBot

2020-07-11 ⋅ Advanced Intelligence ⋅ Vitali Kremez
TrickBot Group Launches Test Module Alerting on Fraud Activity
TrickBot

2020-07-06 ⋅ NTT ⋅ Security division of NTT Ltd.
TrickBot variant “Anchor_DNS” communicating over DNS
Anchor_DNS TrickBot

2020-06-23 ⋅ Bleeping Computer ⋅ Ionut Ilascu
Ryuk ransomware deployed two weeks after Trickbot infection
Ryuk

2020-06-22 ⋅ CERT-FR ⋅ CERT-FR
Évolution De Lactivité du Groupe Cybercriminel TA505
Amadey AndroMut Bart Clop Dridex FlawedGrace Gandcrab Get2 GlobeImposter Jaff Locky Marap Philadephia Ransom QuantLoader Scarab Ransomware SDBbot ServHelper Silence tRat TrickBot

2020-06-22 ⋅ Sentinel LABS ⋅ Joshua Platt, Jason Reaves
Inside a TrickBot Cobalt Strike Attack Server
Cobalt Strike TrickBot

2020-06-17 ⋅ Youtube (Red Canary) ⋅ Erika Noerenberg, Matt Graeber, Adam Pennington, David Kaplan
ATT&CK® Deep Dive: Process Injection
ISFB Ramnit TrickBot

2020-06-15 ⋅ Cisco Talos ⋅ David Liebenberg, Caitlin Huey
Quarterly report: Incident Response trends in Summer 2020
Ryuk

2020-06-15 ⋅ Fortinet ⋅ Val Saengphaibul, Fred Gutierrez
Global Malicious Spam Campaign Using Black Lives Matter as a Lure
TrickBot

2020-06-12 ⋅ Hornetsecurity ⋅ Security Lab
Trickbot Malspam Leveraging Black Lives Matter as Lure
TrickBot

2020-06-11 ⋅ Cofense ⋅ Jason Meurer
All You Need Is Text: Second Wave
TrickBot

2020-06-02 ⋅ Lastline Labs ⋅ James Haughom, Stefano Ortolani
Evolution of Excel 4.0 Macro Weaponization
Agent Tesla DanaBot ISFB TrickBot Zloader

2020-05-28 ⋅ Palo Alto Networks Unit 42 ⋅ Brad Duncan
Goodbye Mworm, Hello Nworm: TrickBot Updates Propagation Module
TrickBot

2020-05-21 ⋅ Intel 471 ⋅ Intel 471
A brief history of TA505
AndroMut Bart Dridex FlawedAmmyy FlawedGrace Gandcrab Get2 GlobeImposter Jaff Kegotip Locky Necurs Philadephia Ransom Pony QuantLoader Rockloader SDBbot ServHelper Shifu Snatch TrickBot

2020-05-19 ⋅ AlienLabs ⋅ Ofer Caspi
TrickBot BazarLoader In-Depth
Anchor BazarBackdoor TrickBot

2020-05-14 ⋅ SentinelOne ⋅ Jason Reaves
Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant
TrickBot

2020-05-05 ⋅ N1ght-W0lf Blog ⋅ Abdallah Elshinbary
Deep Analysis of Ryuk Ransomware
Ryuk

2020-04-19 ⋅ SecurityLiterate ⋅ Kyle Cucci
Reversing Ryuk: A Technical Analysis of Ryuk Ransomware
Ryuk

2020-04-14 ⋅ Intel 471 ⋅ Intel 471
Understanding the relationship between Emotet, Ryuk and TrickBot
Emotet Ryuk TrickBot

2020-04-14 ⋅ Intrinsec ⋅ Jean Bichet
Deobfuscating and hunting for OSTAP, Trickbot’s dropper and best friend
ostap TrickBot

2020-04-09 ⋅ Zscaler ⋅ Atinderpal Singh, Abhay Yadav
TrickBot Emerges with a Few New Tricks
TrickBot

2020-04-08 ⋅ SentinelOne ⋅ Jason Reaves
Deep Dive Into TrickBot Executor Module “mexec”: Hidden “Anchor” Bot Nexus Operations
Anchor TrickBot

2020-04-07 ⋅ SecurityIntelligence ⋅ Ole Villadsen
ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework
More_eggs Anchor TrickBot

2020-04-01 ⋅ Cisco ⋅ Shyam Sundar Ramaswami, Andrea Kaiser
Navigating Cybersecurity During a Pandemic: Latest Malware and Threat Actors
Azorult CloudEyE Formbook KPOT Stealer Metamorfo Nanocore RAT NetWire RC TrickBot

2020-03-31 ⋅ FireEye ⋅ Van Ta, Aaron Stephens
It’s Your Money and They Want It Now - The Cycle of Adversary Pursuit
Ryuk TrickBot UNC1878

2020-03-31 ⋅ Cisco Talos ⋅ Chris Neal
Trickbot: A primer
TrickBot

2020-03-30 ⋅ Intezer ⋅ Michael Kajiloti
Fantastic payloads and where we find them
Dridex Emotet ISFB TrickBot

2020-03-25 ⋅ Wilbur Security ⋅ JW
Trickbot to Ryuk in Two Hours
Cobalt Strike Ryuk TrickBot

2020-03-18 ⋅ Bitdefender ⋅ Liviu Arsene, Radu Tudorica, Alexandru Maximciuc, Cristina Vatamanu
New TrickBot Module Bruteforces RDP Connections, Targets Select Telecommunication Services in US and Hong Kong
TrickBot

2020-03-09 ⋅ Fortinet ⋅ Xiaopeng Zhang
New Variant of TrickBot Being Spread by Word Document
TrickBot

2020-03-05 ⋅ Microsoft ⋅ Microsoft Threat Protection Intelligence Team
Human-operated ransomware attacks: A preventable disaster
Dharma DoppelPaymer Dridex EternalPetya Gandcrab Hermes LockerGoga MegaCortex MimiKatz REvil RobinHood Ryuk SamSam TrickBot WannaCryptor

2020-03-04 ⋅ CrowdStrike ⋅ CrowdStrike
2020 CrowdStrike Global Threat Report
MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Ransomware Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot vidar Winnti ANTHROPOID SPIDER Anunak APT31 APT39 BlackTech BuhTrap Charming Kitten CLOCKWORD SPIDER DOPPEL SPIDER Gamaredon Group Leviathan MONTY SPIDER Mustang Panda NARWHAL SPIDER NOCTURNAL SPIDER Pinchy Spider Pirate Panda Salty Spider SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER

2020-03-04 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Ryuk Ransomware Attacked Epiq Global Via TrickBot Infection
Ryuk TrickBot

2020-03-03 ⋅ PWC UK ⋅ PWC UK
Cyber Threats 2019:A Year in Retrospect
KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare Axiom

2020-03-02 ⋅ c't ⋅ Christian Wölbert
Was Emotet anrichtet – und welche Lehren die Opfer daraus ziehen
Emotet Ryuk

2020-02-28 ⋅ Morphisec ⋅ Michael Gorelik
Trickbot Delivery Method Gets a New Upgrade Focusing on Windows 10
TrickBot

2020-02-26 ⋅ SentinelOne ⋅ Jason Reaves
Revealing the Trick | A Deep Dive into TrickLoader Obfuscation
TrickBot

2020-02-25 ⋅ RSA Conference ⋅ Joel DeCapua
Feds Fighting Ransomware: How the FBI Investigates and How You Can Help
FastCash Cerber Defray Dharma FriedEx Gandcrab GlobeImposter Mamba Phobos Ransomware Rapid Ransom REvil Ryuk SamSam Zeus

2020-02-19 ⋅ FireEye ⋅ FireEye
M-Trends 2020
Cobalt Strike Grateful POS LockerGoga QakBot TrickBot

2020-02-18 ⋅ Sophos Labs ⋅ Luca Nagy
Nearly a quarter of malware now communicates using TLS
Dridex IcedID TrickBot

2020-02-13 ⋅ Qianxin ⋅ Qi Anxin Threat Intelligence Center
APT Report 2019
Chrysaor Exodus Dacls elf.vpnfilter DNSRat Griffon KopiLuwak More_eggs SQLRat AppleJeus BONDUPDATER Agent.BTZ Anchor AndroMut AppleJeus BOOSTWRITE Brambul Carbanak Cobalt Strike Dacls DistTrack DNSpionage Dtrack ELECTRICFISH FlawedAmmyy FlawedGrace Get2 Grateful POS HOPLIGHT Imminent Monitor RAT jason Joanap KerrDown KEYMARBLE Lambert LightNeuron LoJax MiniDuke PolyglotDuke PowerRatankba Rising Sun SDBbot ServHelper Snatch Stuxnet TinyMet tRat TrickBot Volgmer X-Agent Zebrocy

2020-02-13 ⋅ Quick Heal ⋅ Goutam Tripathy
A Deep Dive Into Wakeup On Lan (WoL) Implementation of Ryuk
Ryuk

2020-02-12 ⋅ VMWare Carbon Black ⋅ Rachel E. King, AC
Ryuk Ransomware Technical Analysis
Ryuk

2020-02-10 ⋅ Malwarebytes ⋅ Adam Kujawa, Wendy Zamora, Jérôme Segura, Thomas Reed, Nathan Collier, Jovi Umawing, Chris Boyd, Pieter Arntz, David Ruiz
2020 State of Malware Report
magecart Emotet QakBot REvil Ryuk TrickBot WannaCryptor

2020-01-30 ⋅ Morphisec ⋅ Arnold Osipov
Trickbot Trojan Leveraging a New Windows 10 UAC Bypass
TrickBot

2020-01-30 ⋅ Bleeping Computer ⋅ Lawrence Abrams
TrickBot Uses a New Windows 10 UAC Bypass to Launch Quietly
TrickBot

2020-01-29 ⋅ ZDNet ⋅ Catalin Cimpanu
DOD contractor suffers ransomware infection
Ryuk

2020-01-29 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Malware Tries to Trump Security Software With POTUS Impeachment
TrickBot

2020-01-29 ⋅ ANSSI ⋅ ANSSI
État de la menace rançongiciel
Clop Dharma FriedEx Gandcrab LockerGoga Maze MegaCortex REvil RobinHood Ryuk SamSam

2020-01-27 ⋅ T-Systems ⋅ T-Systems
Vorläufiger forensischer Abschlussbericht zur Untersuchung des Incidents beim Berliner Kammergericht
Emotet TrickBot

2020-01-24 ⋅ ReversingLabs ⋅ Robert Simmons
Hunting for Ransomware
Ryuk

2020-01-24 ⋅ Bleeping Computer ⋅ Lawrence Abrams
New Ryuk Info Stealer Targets Government and Military Secrets
Ryuk

2020-01-23 ⋅ Bleeping Computer ⋅ Lawrence Abrams
TrickBot Now Steals Windows Active Directory Credentials
TrickBot

2020-01-17 ⋅ Secureworks ⋅ Tamada Kiyotaka, Keita Yamazaki, You Nakatsuru
Is It Wrong to Try to Find APT Techniques in Ransomware Attack?
Defray Dharma FriedEx Gandcrab GlobeImposter Matrix Ransom MedusaLocker Phobos Ransomware REvil Ryuk SamSam Scarab Ransomware

2020-01-17 ⋅ Ken Sajo, Yasuhiro Takeda, Yusuke Niwa
Battle Against Ursnif Malspam Campaign targeting Japan
Cutwail ISFB TrickBot UrlZone

2020-01-16 ⋅ Bleeping Computer ⋅ Lawrence Abrams
TrickBot Now Uses a Windows 10 UAC Bypass to Evade Detection
TrickBot

2020-01-14 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices
Ryuk

2020-01-10 ⋅ CSIS ⋅ CSIS
Threat Matrix H1 2019
Gustuff magecart Emotet Gandcrab Ramnit TrickBot

2020-01-09 ⋅ SentinelOne ⋅ Vitali Kremez, Joshua Platt, Jason Reaves
Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets
TrickBot WIZARD SPIDER

2020 ⋅ Secureworks ⋅ SecureWorks
GOLD ULRICK
Empire Downloader Ryuk TrickBot WIZARD SPIDER

2020 ⋅ Blackberry ⋅ Blackberry Research
State of Ransomware
Maze MedusaLocker Nefilim Ransomware Phobos Ransomware REvil Ryuk STOP Ransomware Zeppelin Ransomware

2020 ⋅ Secureworks ⋅ SecureWorks
GOLD SWATHMORE
GlobeImposter Gozi IcedID TrickBot Lunar Spider

2020 ⋅ Secureworks ⋅ SecureWorks
GOLD BLACKBURN
Dyre TrickBot

2019-12-26 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Ryuk Ransomware Stops Encrypting Linux Folders
Ryuk

2019-12-21 ⋅ Decrypt ⋅ Adriana Hamacher
How ransomware exploded in the age of Bitcoin
Ryuk

2019-12-19 ⋅ Malwarebytes ⋅ Jovi Umawing
Threat spotlight: the curious case of Ryuk ransomware
Ryuk

2019-12-15 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Ryuk Ransomware Likely Behind New Orleans Cyberattack
Ryuk

2019-12-12 ⋅ FireEye ⋅ Chi-en Shen, Oleg Bondarenko
Cyber Threat Landscape in Japan – Revealing Threat in the Shadow
Cerberus TSCookie Cobalt Strike Dtrack Emotet Formbook IcedID Icefog IRONHALO Loki Password Stealer (PWS) PandaBanker PLEAD poisonplug TrickBot BlackTech

2019-12-11 ⋅ Cybereason ⋅ Assaf Dahan, Lior Rochberger, Eli Salem, Mary Zhao, Niv Yona, Omer Yampel, Matt Hart
Dropping Anchor: From a TrickBot Infection to the Discovery of the Anchor Malware
Anchor WIZARD SPIDER

2019-12-10 ⋅ Sentinel LABS ⋅ Vitali Kremez, Joshua Platt, Jason Reaves
MORPHISEC DISCOVERS CCLEANER BACKDOOR SAVING MILLIONS OF AVAST USERS
Anchor

2019-12-09 ⋅ Palo Alto Networks Unit 42 ⋅ Bryan Lee, Brittany Ash, Mike Harbison
TrickBot Campaign Uses Fake Payroll Emails to Conduct Phishing Attacks
TrickBot

2019-12-09 ⋅ Emsisoft ⋅ EmsiSoft Malware Lab
Caution! Ryuk Ransomware decryptor damages larger files, even if you pay
Ryuk

2019-11-27 ⋅ Twitter (@Prosegur) ⋅ Prosegur
Tweet on Incident of Information Security
Ryuk

2019-11-22 ⋅ Palo Alto Networks Unit 42 ⋅ Brad Duncan
Trickbot Updates Password Grabber Module
TrickBot

2019-11-13 ⋅ CrowdStrike ⋅ Jen Ayers, Jason Rivera
Through the Eyes of the Adversary
TrickBot CLOCKWORD SPIDER

2019-11-08 ⋅ Palo Alto Networks Unit 42 ⋅ Brad Duncan
Wireshark Tutorial: Examining Trickbot Infections
TrickBot

2019-11-06 ⋅ Heise Security ⋅ Thomas Hungenberg
Emotet, Trickbot, Ryuk – ein explosiver Malware-Cocktail
Emotet Ryuk TrickBot

2019-11-01 ⋅ CrowdStrike ⋅ Alexander Hanel, Brett Stone-Gross
WIZARD SPIDER Adds New Features to Ryuk for Targeting Hosts on LAN
Ryuk WIZARD SPIDER

2019-11 ⋅ CCN-CERT ⋅ CCN-CERT
Informe Código Dañino CCN-CERT ID-26/19
Ryuk

2019-10-29 ⋅ SneakyMonkey Blog ⋅ SneakyMonkey
TRICKBOT - Analysis Part II
TrickBot

2019-10-24 ⋅ Sentinel LABS ⋅ Vitali Kremez
How TrickBot Malware Hooking Engine Targets Windows 10 Browsers
TrickBot

2019-10-18 ⋅ NTT ⋅ NTT Security
TrickBot variant “Anchor_DNS” communicating over DNS
Anchor

2019-09-25 ⋅ GovCERT.ch ⋅ GovCERT.ch
Trickbot - An analysis of data collected from the botnet
TrickBot

2019-09-09 ⋅ McAfee ⋅ Thomas Roccia, Marc Rivero López, Chintan Shah
Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study
Cutwail Dridex Dyre Kovter Locky Phorpiex Simda

2019-08-27 ⋅ Secureworks ⋅ CTU Research Team
TrickBot Modifications Target U.S. Mobile Users
TrickBot

2019-08-26 ⋅ InQuest ⋅ Josiah Smith
Memory Analysis of TrickBot
TrickBot

2019-08-05 ⋅ Trend Micro ⋅ Noel Anthony Llimos, Michael Jhon Ofiaza
Latest Trickbot Campaign Delivered via Highly Obfuscated JS File
ostap TrickBot

2019-07-11 ⋅ NTT Security ⋅ NTT Security
Targeted TrickBot activity drops 'PowerBrace' backdoor
PowerBrace TrickBot

2019-06-04 ⋅ SlideShare ⋅ Vitali Kremez
Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vitali Kremez
TrickBot

2019-05-22 ⋅ sneakymonk3y (Mark)
TRICKBOT - Analysis
TrickBot

2019-05-09 ⋅ GovCERT.ch ⋅ GovCERT.ch
Severe Ransomware Attacks Against Swiss SMEs
Emotet LockerGoga Ryuk TrickBot

2019-05-02 ⋅ CERT.PL ⋅ Michał Praszmo
Detricking TrickBot Loader
TrickBot

2019-04-05 ⋅ Medium vishal_thakur ⋅ Vishal Thakur
Trickbot — a concise treatise
TrickBot

2019-04-05 ⋅ FireEye ⋅ Brendan McKeague, Van Ta, Ben Fedore, Geoff Ackerman, Alex Pennino, Andrew Thompson, Douglas Bienstock
Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware
LockerGoga Ryuk FIN6

2019-04-02 ⋅ Cybereason ⋅ Noa Pinkas, Lior Rochberger, Matan Zatz
Triple Threat: Emotet Deploys Trickbot to Steal Data & Spread Ryuk
Ryuk TrickBot

2019-03-26 ⋅ ANSSI ⋅ ANSSI
INFORMATIONS CONCERNANTLES RANÇONGICIELSLOCKERGOGA ET RYUK
Ryuk

2019-03-20 ⋅ CrowdStrike ⋅ Brendon Feeley, Brett Stone-Gross
New Evidence Proves Ongoing WIZARD SPIDER / LUNAR SPIDER Collaboration
Lunar Spider WIZARD SPIDER

2019-03-05 ⋅ PepperMalware Blog ⋅ Pepper Potts
Quick Analysis of a Trickbot Sample with NSA's Ghidra SRE Framework
TrickBot

2019-02-15 ⋅ CrowdStrike ⋅ Brendon Feeley, Bex Hartley
“Sin”-ful SPIDERS: WIZARD SPIDER and LUNAR SPIDER Sharing the Same Web
Dyre IcedID TrickBot Vawtrak Lunar Spider WIZARD SPIDER

2019-02-12 ⋅ Trend Micro ⋅ Trend Micro
Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire
TrickBot

2019-01-11 ⋅ FireEye ⋅ Kimberly Goody, Jeremy Kennelly, Jaideep Natu, Christopher Glyer
A Nasty Trick: From Credential Theft Malware to Business Disruption
Ryuk TrickBot GRIM SPIDER WIZARD SPIDER

2019-01-10 ⋅ CrowdStrike ⋅ Alexander Hanel
Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware
Ryuk GRIM SPIDER MUMMY SPIDER STARDUST CHOLLIMA WIZARD SPIDER

2019-01-09 ⋅ McAfee ⋅ John Fokker, Christiaan Beek
Ryuk Ransomware Attack: Rush to Attribution Misses the Point
Ryuk

2019 ⋅ Virus Bulletin ⋅ Gabriela Nicolao, Luciano Martins
Shinigami's Revenge: The Long Tail of Ryuk Malware
Ryuk

2018-12-29 ⋅ Los Angeles Times ⋅ Tony Barboza, Meg James, Emily Alpert Reyes
Malware attack disrupts delivery of L.A. Times and Tribune papers across the U.S.
Ryuk

2018-12-12 ⋅ SecureData ⋅ Wicus Ross
The TrickBot and MikroTik connection
TrickBot

2018-12-05 ⋅ VIPRE ⋅ VIPRE Labs
Trickbot’s Tricks
TrickBot

2018-11-12 ⋅ Malwarebytes ⋅ hasherezade
What’s new in TrickBot? Deobfuscating elements
TrickBot

2018-11-08 ⋅ Fortinet ⋅ Xiaopeng Zhang
Deep Analysis of TrickBot New Module pwgrab
TrickBot

2018-11-01 ⋅ Trend Micro ⋅ Noel Anthony Llimos, Carl Maverick Pascual
Trickbot Shows Off New Trick: Password Grabber Module
TrickBot

2018-08-20 ⋅ Check Point ⋅ Itay Cohen, Ben Herzog
Ryuk Ransomware: A Targeted Campaign Break-Down
Ryuk

2018-08-14 ⋅ Cyberbit ⋅ Hod Gavriel
Latest Trickbot Variant has New Tricks Up Its Sleeve
TrickBot

2018-07-03 ⋅ Talos Intelligence ⋅ Ben Baker, Holger Unterbrink
Smoking Guns - Smoke Loader learned new tricks
SmokeLoader TrickBot

2018-06-20 ⋅ OALabs
Unpacking and Extracting TrickBot Malware Configuration With x64dbg and Python
TrickBot

2018-06-13 ⋅ Github (JR0driguezB) ⋅ Jorge Rodriguez
TrickBot config files
TrickBot

2018-04-16 ⋅ Random RE ⋅ sysopfb
TrickBot & UACME
TrickBot

2018-04-03 ⋅ Vitali Kremez Blog ⋅ Vitali Kremez
Let's Learn: Trickbot Implements Network Collector Module Leveraging CMD, WMI & LDAP
TrickBot

2018-03-31 ⋅ Youtube (hasherezade) ⋅ hasherezade
Deobfuscating TrickBot's strings with libPeConv
TrickBot

2018-03-27 ⋅ Trend Micro ⋅ Trendmicro
Evolving Trickbot Adds Detection Evasion and Screen-Locking Features
TrickBot

2018-03-21 ⋅ Webroot ⋅ Jason Davison
TrickBot Banking Trojan Adapts with New Module
TrickBot

2018-02-15 ⋅ SecurityIntelligence ⋅ Ophir Harpaz, Magal Baz, Limor Kessem
TrickBot’s Cryptocurrency Hunger: Tricking the Bitcoin Out of Wallets
TrickBot

2018-02-01 ⋅ Malware Traffic Analysis ⋅ Brad Duncan
Quick Test Drive of Trickbot (It now has a Monero Module)
TrickBot

2017-12-30 ⋅ Youtube (hasherezade) ⋅ hasherezade
Unpacking TrickBot with PE-sieve
TrickBot

2017-12-19 ⋅ Vitali Kremez Blog ⋅ Vitali Kremez
Let's Learn: Introducing New Trickbot LDAP "DomainGrabber" Module
TrickBot

2017-11-22 ⋅ Flashpoint ⋅ Vitali Kremez
Trickbot Gang Evolves, Incorporates Account Checking Into Hybrid Attack Model
TrickBot

2017-11-21 ⋅ Vitali Kremez
Let's Learn: Trickbot Socks5 Backconnect Module In Detail
TrickBot

2017-10-06 ⋅ Blueliv ⋅ Blueliv
TrickBot banking trojan using EFLAGS as an anti-hook technique
TrickBot

2017-08-01 ⋅ Malwarebytes ⋅ Malwarebytes Labs
TrickBot comes up with new tricks: attacking Outlook and browsing data
TrickBot

2017-07-27 ⋅ Flashpoint ⋅ Flashpoint
New Version of “Trickbot” Adds Worm Propagation Module
TrickBot

2017-07 ⋅ Ring Zero Labs ⋅ Ring Zero Labs
TrickBot Banking Trojan - DOC00039217.doc
TrickBot

2017-06-15 ⋅ F5 ⋅ Sara Boddy, Jesse Smith, Doron Voolf
Trickbot Expands Global Targets Beyond Banks and Payment Processors to CRMs
TrickBot

2017-06-12 ⋅ Security Art Work ⋅ Marc Salinas, JoséMiguel Holguín
Evolución de Trickbot
TrickBot

2017-05-26 ⋅ PWC ⋅ Bart Parys
TrickBot’s bag of tricks
TrickBot

2017-05-04 ⋅ Forbes ⋅ Thomas Brewster
Behind The Mystery Of Russia's 'Dyre' Hackers Who Stole Millions From American Business
Dyre

2017-03-01 ⋅ FraudWatch International ⋅ FraudWatch International
How Does the Trickbot Malware Work?
TrickBot

2016-12-07 ⋅ Botconf ⋅ Joshua Adams
The TrickBot Evolution
TrickBot

2016-12-06 ⋅ Fortinet ⋅ Xiaopeng Zhang
Deep Analysis of the Online Banking Botnet TrickBot
TrickBot

2016-11-09 ⋅ Lior Keshet
Tricks of the Trade: A Deeper Look Into TrickBot’s Machinations
TrickBot

2016-11-07 ⋅ F5 Labs ⋅ Julia Karpin, Shaul Vilkomir-Preisman, Anna Dorfman
Little Trickbot Growing Up: New Campaign
TrickBot

2016-10-25 ⋅ NetScout ⋅ ASERT Team
TrickBot Banker Insights
TrickBot

2016-10-24 ⋅ Malwarebytes ⋅ Malwarebytes Labs
Introducing TrickBot, Dyreza’s successor
TrickBot

2016-10-15 ⋅ Fidelis Cybersecurity ⋅ Threat Research Team
TrickBot: We Missed you, Dyre
TrickBot

2015-11-04 ⋅ Malwarebytes ⋅ hasherezade
A Technical Look At Dyreza
Dyre

2015-10-26 ⋅ Blueliv ⋅ Blueliv
Chasing cybercrime: network insights of Dyre and Dridex Trojan bankers
Dridex Dyre

2015-07-07 ⋅ FireEye ⋅ Sudeep Singh, Yu Wang
Dyre Banking Trojan Exploits CVE-2015-0057
Dyre

Credits: MISP Project