SYMBOLCOMMON_NAMEaka. SYNONYMS

WIZARD SPIDER  (Back to overview)

aka: DEV-0193, DEV-0237, FIN12, GOLD BLACKBURN, Periwinkle Tempest, Pistachio Tempest, Storm-0193, TEMP.MixMaster, Trickbot LLC, UNC2053

Wizard Spider is reportedly associated with Grim Spider and Lunar Spider. The WIZARD SPIDER threat group is the Russia-based operator of the TrickBot banking malware. This group represents a growing criminal enterprise of which GRIM SPIDER appears to be a subset. The LUNAR SPIDER threat group is the Eastern European-based operator and developer of the commodity banking malware called BokBot (aka IcedID), which was first observed in April 2017. The BokBot malware provides LUNAR SPIDER affiliates with a variety of capabilities to enable credential theft and wire fraud, through the use of webinjects and a malware distribution function. GRIM SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER, a criminal enterprise of which GRIM SPIDER appears to be a cell. The WIZARD SPIDER threat group, known as the Russia-based operator of the TrickBot banking malware, had focused primarily on wire fraud in the past.


Associated Families
win.anchor win.conti win.dyre win.ryuk win.trickbot

References
2024-06-05S-RMDavid Broom, Gavin Hull
Exmatter malware levels up: S-RM observes new variant with simultaneous remote code execution and data targeting
BlackCat BlackMatter Conti ExMatter LockBit REvil Ryuk
2024-05-30EuropolEuropol
Largest ever operation against botnets hits dropper malware ecosystem
BumbleBee IcedID SmokeLoader SystemBC TrickBot
2024-05-01Natto ThoughtsNatto Team
Ransom-War: Russian Extortion Operations as Hybrid Warfare, Part One
Clop Conti Maze TrickBot
2024-04-100ffset BlogDaniel Bunce
Resolving Stack Strings with Capstone Disassembler & Unicorn in Python
Conti
2023-12-01The RecordDaryna Antoniuk
Russian developer of Trickbot malware pleads guilty, faces 35-year sentence
TrickBot
2023-11-26Medium shaddy43Shayan Ahmed Khan
From Infection to Encryption: Tracing the Impact of RYUK Ransomware
Ryuk
2023-10-03Luca Mella
Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)
LockBit LockBit Conti LockBit
2023-09-12ANSSIANSSI
FIN12: A Cybercriminal Group with Multiple Ransomware
BlackCat Cobalt Strike Conti Hive MimiKatz Nokoyawa Ransomware PLAY Royal Ransom Ryuk SystemBC
2023-09-07Department of JusticeOffice of Public Affairs
Multiple Foreign Nationals Charged in Connection with Trickbot Malware and Conti Ransomware Conspiracies
Conti Conti TrickBot
2023-08-30NisosVincas Čižiūnas
Trickbot in Light of Trickleaks Data
TrickBot
2023-07-27Bankinfo SecurityMathew J. Schwartz
Are Akira Ransomware's Crypto-Locking Malware Days Numbered?
Akira Ryuk
2023-07-26Arctic WolfAkshay Suthar, Connor Belfiore, Steven Campbell
Conti and Akira: Chained Together
Akira Conti
2023-06-27SecurityIntelligenceCharlotte Hammond, Ole Villadsen
The Trickbot/Conti Crypters: Where Are They Now?
Black Basta Conti Mount Locker PhotoLoader Royal Ransom SystemBC TrickBot
2023-06-17Github (EmissarySpider)EmissarySpider
ransomware-descendants
Babuk Conti LockBit
2023-06-08VMRayPatrick Staubmann
Busy Bees - The Transformation of BumbleBee
BumbleBee Cobalt Strike Conti Meterpreter Sliver
2023-03-10Medium walmartglobaltechJason Reaves, Joshua Platt
From Royal With Love
Cobalt Strike Conti PLAY Royal Ransom Somnia
2023-02-10cocomelonccocomelonc
Malware analysis: part 8. Yara rule example for MurmurHash2. MurmurHash2 in Conti ransomware
Conti
2023-02-09U.S. Department of the TreasuryU.S. Department of the Treasury
United States and United Kingdom Sanction Members of Russia-Based Trickbot Cybercrime Gang
TrickBot
2023-02-01Security AffairsPierluigi Paganini
New LockBit Green ransomware variant borrows code from Conti ransomware
Conti LockBit
2023-01-30CheckpointArie Olshtein
Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted Malware
Agent Tesla Azorult Buer Cerber Cobalt Strike Emotet Formbook HawkEye Keylogger Loki Password Stealer (PWS) Maze NetWire RC Remcos REvil TrickBot
2023-01-04cocomelonc
Malware development tricks: part 26. Mutex. C++ example.
AsyncRAT Conti HelloKitty
2022-12-27Palo Alto Networks Unit 42Bob Jung, Daniel Raygoza, Esmid Idrizovic, Sean Hughes
Navigating the Vast Ocean of Sandbox Evasions
TrickBot Zebrocy
2022-12-06EuRepoCCamille Borrett, Kerstin Zettl-Schabath, Lena Rottinger
Conti/Wizard Spider
BazarBackdoor Cobalt Strike Conti Emotet IcedID Ryuk TrickBot WIZARD SPIDER
2022-11-21Palo Alto Networks Unit 42Kristopher Russo
Threat Assessment: Luna Moth Callback Phishing Campaign
BazarBackdoor Conti
2022-10-31paloalto Netoworks: Unit42Or Chechik
Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure
Dridex Kronos TrickBot Zeus
2022-09-20vmwareDana Behling
Threat Report: Illuminating Volume Shadow Deletion
Conti HelloKitty
2022-09-13AdvIntelAdvanced Intelligence
AdvIntel's State of Emotet aka "SpmTools" Displays Over Million Compromised Machines Through 2022
Conti Cobalt Strike Emotet Ryuk TrickBot
2022-09-07Intel 471Intel 471
Conti vs. Monti: A Reinvention or Just a Simple Rebranding?
Conti
2022-09-07BlackberryAnuj Soni, Ryan Chapman
The Curious Case of “Monti” Ransomware: A Real-World Doppelganger
Conti MimiKatz Veeam Dumper
2022-08-31FourcoreHardik Manocha
Ryuk Ransomware: History, Timeline, And Adversary Simulation
Ryuk
2022-08-22MicrosoftMicrosoft
Extortion Economics - Ransomware’s new business model
BlackCat Conti Hive REvil AgendaCrypt Black Basta BlackCat Brute Ratel C4 Cobalt Strike Conti Hive Mount Locker Nokoyawa Ransomware REvil Ryuk
2022-08-18IBMCharlotte Hammond, Ole Villadsen
From Ramnit To Bumblebee (via NeverQuest): Similarities and Code Overlap Shed Light On Relationships Between Malware Developers
BumbleBee Karius Ramnit TrickBot Vawtrak
2022-08-15SentinelOneVikram Navali
Detecting a Rogue Domain Controller – DCShadow Attack
MimiKatz TrickBot
2022-08-10Avast DecodedThreat Research Team
Avast Q2/2022 Threat Report: Farewell to Conti, Zloader, and Maldocs; Hello Resurrection of Raccoon Stealer, and more Ransomware Attacks
Conti Raccoon RecordBreaker Zloader Caramel Tsunami
2022-08-03Palo Alto Networks Unit 42Brad Duncan
Flight of the Bumblebee: Email Lures and File Sharing Services Lead to Malware
BazarBackdoor BumbleBee Cobalt Strike Conti
2022-08-02Recorded FutureInsikt Group
Initial Access Brokers Are Key to Rise in Ransomware Attacks
Azorult BlackMatter Conti Mars Stealer Raccoon RedLine Stealer Taurus Stealer Vidar
2022-07-20KasperskyDmitry Galov, Jornt van der Wiel, Marc Rivero López, Sergey Lozhkin
Luna and Black Basta — new ransomware for Windows, Linux and ESXi
Black Basta Conti
2022-06-23TrellixChristiaan Beek
The Sound of Malware
Conti VHD Ransomware
2022-06-23KasperskyDanila Nasonov, Natalya Shornikova, Nikita Nazarov, Vasily Davydov, Vladislav Burtsev
The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs (Download Form)
BlackByte BlackCat Clop Conti Hive LockBit Mespinoza RagnarLocker
2022-06-15ThreatStopOfir Ashman
First Conti, then Hive: Costa Rica gets hit with ransomware again
Conti Hive Conti Hive
2022-06-15AttackIQAttackIQ Adversary Research Team, Jackson Wells
Attack Graph Emulating the Conti Ransomware Team’s Behaviors
BazarBackdoor Conti TrickBot
2022-06-02EclypsiumEclypsium
Conti Targets Critical Firmware
Conti HermeticWiper TrickBot WhisperGate
2022-05-24The Hacker NewsFlorian Goutin
Malware Analysis: Trickbot
Cobalt Strike Conti Ryuk TrickBot
2022-05-23Trend MicroTrend Micro Research
LockBit, Conti, and BlackCat Lead Pack Amid Rise in Active RaaS and Extortion Groups: Ransomware in Q1 2022 (PDF)
BlackCat Conti LockBit
2022-05-23Trend MicroMatsugaya Shingo
LockBit, Conti, and BlackCat Lead Pack Amid Rise in Active RaaS and Extortion Groups: Ransomware in Q1 2022
BlackCat Conti LockBit
2022-05-20AdvIntelMarley Smith, Vitali Kremez, Yelisey Boguslavskiy
DisCONTInued: The End of Conti’s Brand Marks New Chapter For Cybercrime Landscape
AvosLocker Black Basta BlackByte BlackCat Conti HelloKitty Hive
2022-05-19IBMCharlotte Hammond, Golo Mühr, Ole Villadsen
ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups
IcedID ISFB Mount Locker WIZARD SPIDER
2022-05-18PRODAFT Threat IntelligencePRODAFT
Wizard Spider In-Depth Analysis
Cobalt Strike Conti WIZARD SPIDER
2022-05-17Advanced IntelligenceVitali Kremez, Yelisey Boguslavskiy
Hydra with Three Heads: BlackByte & The Future of Ransomware Subsidiary Groups
BlackByte Conti
2022-05-17Trend MicroTrend Micro Research
Ransomware Spotlight: RansomEXX
LaZagne Cobalt Strike IcedID MimiKatz PyXie RansomEXX TrickBot
2022-05-09MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker BRONZE STARLIGHT
2022-05-09cocomelonccocomelonc
Malware development: persistence - part 4. Windows services. Simple C++ example.
Anchor AppleJeus Attor BBSRAT BlackEnergy Carbanak Cobalt Strike DuQu
2022-05-09Microsoft SecurityMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
Griffon BazarBackdoor BlackCat BlackMatter Blister Gozi LockBit Pandora Rook SystemBC TrickBot
2022-05-05YouTube (The Vertex Project)Ryan Hallbeck
Contileaks: Identifying, Extracting, & Modeling Bitcoin Addresses
Conti
2022-05-05YouTube (Chris Greer)Chris Greer
MALWARE Analysis with Wireshark // TRICKBOT Infection
TrickBot
2022-05-05Intel 471Intel 471
Cybercrime loves company: Conti cooperated with other ransomware gangs
LockBit Maze RagnarLocker Ryuk
2022-05-03Talos IntelligenceJON MUNSHAW
Conti and Hive ransomware operations: What we learned from these groups' victim chats
Conti Hive
2022-05-03CiscoJAIME FILSON, Kendall McKay, Paul Eubanks.
Conti and Hive ransomware operations: Leveraging victim chats for insights
Conti Hive
2022-05-02Cisco TalosJAIME FILSON, Kendall McKay, Paul Eubanks
Conti and Hive ransomware operations: Leveraging victim chats for insights
Cobalt Strike Conti Hive
2022-04-29NCC GroupMike Stokkel, Nikolaos Pantazopoulos, Nikolaos Totosis
Adventures in the land of BumbleBee – a new malicious loader
BazarBackdoor BumbleBee Conti
2022-04-28SymantecKarthikeyan C Kasiviswanathan, Vishal Kamble
Ransomware: How Attackers are Breaching Corporate Networks
AvosLocker Conti Emotet Hive IcedID PhotoLoader QakBot TrickBot
2022-04-28PWCPWC UK
Cyber Threats 2021: A Year in Retrospect (Annex)
Cobalt Strike Conti PlugX RokRAT Inception Framework Red Menshen
2022-04-27Medium elis531989Eli Salem
The chronicles of Bumblebee: The Hook, the Bee, and the Trickbot connection
BumbleBee TrickBot
2022-04-26Intel 471Intel 471
Conti and Emotet: A constantly destructive duo
Cobalt Strike Conti Emotet IcedID QakBot TrickBot
2022-04-21SecureworksCounter Threat Unit ResearchTeam
GOLD ULRICK Continues Conti Operations Despite Public Disclosures
Conti Conti
2022-04-20CISAAustralian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), CISA, FBI, Government Communications Security Bureau, National Crime Agency (NCA), NCSC UK, NSA
AA22-110A Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader
2022-04-20CISACISA
Alert (AA22-110A): Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader Killnet
2022-04-20Bleeping ComputerBill Toulas
Microsoft Exchange servers hacked to deploy Hive ransomware
Babuk BlackByte Conti Hive LockFile
2022-04-18TrellixAlexandre Mundo, Jambul Tologonov, Marc Elias
Conti Group Targets ESXi Hypervisors With its Linux Variant
Conti Conti
2022-04-18RiskIQJennifer Grob
RiskIQ: Trickbot Rickroll
TrickBot
2022-04-17BushidoToken BlogBushidoToken
Lessons from the Conti Leaks
BazarBackdoor Conti Emotet IcedID Ryuk TrickBot
2022-04-15Arctic WolfArctic Wolf
The Karakurt Web: Threat Intel and Blockchain Analysis Reveals Extension of Conti Business Model
Conti Diavol Ryuk TrickBot
2022-04-15Bleeping ComputerIonut Ilascu
Karakurt revealed as data extortion arm of Conti cybercrime syndicate
Anchor BazarBackdoor Conti TrickBot
2022-04-13MicrosoftAmy Hogan-Burney
Notorious cybercrime gang’s botnet disrupted
Ryuk Zloader
2022-04-13MicrosoftMicrosoft 365 Defender Threat Intelligence Team
Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware
BlackMatter Cobalt Strike DarkSide Ryuk Zloader
2022-04-12ConnectWiseConnectWise CRU
Threat Profile: Conti
Conti
2022-04-11cocomelonc
Conti ransomware source code investigation - part 2
Conti
2022-04-09Bleeping ComputerLawrence Abrams
Hackers use Conti's leaked ransomware to attack Russian companies
Conti
2022-04-08ReversingLabsPaul Roberts
ConversingLabs Ep. 2: Conti pivots as ransomware as a service struggles
Conti Emotet TrickBot
2022-04-06TRM LabsTRM Labs
TRM Analysis Corroborates Suspected Ties Between Conti and Ryuk Ransomware Groups and Wizard Spider
Conti Ryuk
2022-04-05Intel 471Intel 471
Move fast and commit crimes: Conti’s development teams mirror corporate tech
BazarBackdoor TrickBot
2022-04-04The DFIR Report@0xtornado, @MettalicHack, @yatinwad, @_pete_0
Stolen Images Campaign Ends in Conti Ransomware
Conti IcedID
2022-04-02Github (cocomelonc)cocomelonc
Malware development tricks. Find kernel32.dll base: asm style. C++ example.
Conti
2022-03-31TrellixJambul Tologonov, John Fokker
Conti Leaks: Examining the Panama Papers of Ransomware
LockBit Amadey Buer Conti IcedID LockBit Mailto Maze PhotoLoader Ryuk TrickBot
2022-03-31nccgroupAlex Jessop, Nikolaos Pantazopoulos, RIFT: Research and Intelligence Fusion Team, Simon Biggs
Conti-nuation: methods and techniques observed in operations post the leaks
Cobalt Strike Conti QakBot
2022-03-27cocomelonc
Conti ransomware source code investigation - part 1
Conti
2022-03-25ZscalerBrett Stone-Gross
Conti Ransomware Attacks Persist With an Updated Version Despite Leaks
Conti
2022-03-23SecureworksCounter Threat Unit ResearchTeam
GOLD ULRICK Leaks Reveal Organizational Structure and Relationships
Conti Emotet IcedID TrickBot
2022-03-23splunkShannon Davis
Gone in 52 Seconds…and 42 Minutes: A Comparative Analysis of Ransomware Encryption Speed
Avaddon Babuk BlackMatter Conti DarkSide LockBit Maze Mespinoza REvil Ryuk
2022-03-23Intel 471Intel 471
Conti puts the ‘organized’ in organized crime
Conti
2022-03-23SecureworksCounter Threat Unit ResearchTeam
Threat Intelligence Executive Report Volume 2022, Number 2
Conti Emotet IcedID TrickBot
2022-03-22ThreatStopOfir Ashman
Conti ransomware leaks - what happens when hackers support Russia
Conti
2022-03-21Threat PostLisa Vaas
Conti Ransomware V. 3, Including Decryptor, Leaked
Cobalt Strike Conti TrickBot
2022-03-21eSentireeSentire Threat Response Unit (TRU)
Conti Affiliate Exposed: New Domain Names, IP Addresses and Email Addresses Uncovered
HelloKitty BazarBackdoor Cobalt Strike Conti FiveHands HelloKitty IcedID
2022-03-18AvastMartin Hron
Mēris and TrickBot standing on the shoulders of giants
Glupteba Proxy Glupteba TrickBot
2022-03-18eSentireeSentire Threat Response Unit (TRU)
Analysis of Leaked Conti Intrusion Procedures by eSentire’s Threat Response Unit (TRU)
Conti Conti
2022-03-17GoogleBenoit Sevens, Vladislav Stolyarov
Exposing initial access broker with ties to Conti
BazarBackdoor BumbleBee Conti EXOTIC LILY
2022-03-17SophosTilly Travers
The Ransomware Threat Intelligence Center
ATOMSILO Avaddon AvosLocker BlackKingdom Ransomware BlackMatter Conti Cring DarkSide dearcry Dharma Egregor Entropy Epsilon Red Gandcrab Karma LockBit LockFile Mailto Maze Nefilim RagnarLocker Ragnarok REvil RobinHood Ryuk SamSam Snatch WannaCryptor WastedLocker
2022-03-17GoogleBenoit Sevens, Google Threat Analysis Group, Vladislav Stolyarov
Exposing initial access broker with ties to Conti
BazarBackdoor BumbleBee Cobalt Strike Conti
2022-03-16SymantecSymantec Threat Hunter Team
The Ransomware Threat Landscape: What to Expect in 2022
AvosLocker BlackCat BlackMatter Conti DarkSide DoppelPaymer Emotet Hive Karma Mespinoza Nemty Squirrelwaffle VegaLocker WastedLocker Yanluowang Zeppelin
2022-03-16DragosJosh Hanrahan
Suspected Conti Ransomware Activity in the Auto Manufacturing Sector
Conti Emotet
2022-03-16MicrosoftMicrosoft Defender for IoT Research Team, Microsoft Threat Intelligence Center (MSTIC)
Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure
TrickBot
2022-03-15PrevailionMatt Stafford, Sherman Smith
What Wicked Webs We Un-weave
Cobalt Strike Conti
2022-03-15RiskIQRiskIQ
RiskIQ: Trickbot Abuse of Compromised MikroTik Routers for Command and Control
TrickBot
2022-03-10Check Point Research
Leaks of Conti Ransomware Group Paint Picture of a Surprisingly Normal Tech Start-Up… Sort Of
Conti
2022-03-09Bleeping ComputerIonut Ilascu
CISA updates Conti ransomware alert with nearly 100 domain names
BazarBackdoor Cobalt Strike Conti TrickBot
2022-03-09BreachQuestBernard Silvestrini, Marco Figueroa, Napoleon Bing
The Conti Leaks | Insight into a Ransomware Unicorn
Cobalt Strike MimiKatz TrickBot
2022-03-08MBSDMBSD
ContiLeaks
Conti
2022-03-08The RecordDina Temple-Raston
Inside Conti leaks: The Panama Papers of ransomware
Conti
2022-03-08Github (whichbuffer)Arda Büyükkaya
Conti-Ransomware-IOC
Conti
2022-03-08YoroiCarmelo Ragusa, Luca Mella, Luigi Martire
Conti Ransomware source code: a well-designed COTS ransomware
Conti
2022-03-07CyberScoopSuzanne Smalley
Ransomware gang Conti has already bounced back from damage caused by chat leaks, experts say
Conti
2022-03-04ReutersRaphael Satter
Details of another big ransomware group 'Trickbot' leak online, experts say
TrickBot
2022-03-03Trend MicroTrend Micro Research
IOC Resource for Russia-Ukraine Conflict-Related Cyberattacks
ClipBanker Conti HermeticWiper PartyTicket WhisperGate
2022-03-03Trend MicroTrend Micro Research
Cyberattacks are Prominent in the Russia-Ukraine Conflict
BazarBackdoor Cobalt Strike Conti Emotet WhisperGate
2022-03-02KrebsOnSecurityBrian Krebs
Conti Ransomware Group Diaries, Part II: The Office
Conti Emotet Ryuk TrickBot
2022-03-02Youtube (OALabs)Sean Wilson, Sergei Frankoff
Botleggers Exposed - Analysis of The Conti Leaks Malware
Conti
2022-03-02Cluster25Cluster25
Conti's Source Code: Deep-Dive Into
Conti
2022-03-02CyberArkCyberArk Labs
Conti Group Leaked!
TeamTNT Conti TrickBot
2022-03-02elDiarioCarlos del Castillo
Cybercrime bosses warn that they will "fight back" if Russia is hacked
Conti Ryuk
2022-03-02ThreatpostLisa Vaas
Conti Ransomware Decryptor, TrickBot Source Code Leaked
Conti TrickBot
2022-03-01Arctic WolfArctic Wolf
Conti Ransomware: An Analysis of Key Findings
Conti
2022-03-01Bleeping ComputerLawrence Abrams
Conti Ransomware source code leaked by Ukrainian researcher
Conti
2022-03-01Medium whickey000Wade Hickey
How I Cracked CONTI Ransomware Group’s Leaked Source Code ZIP File
Conti
2022-03-01VX-Underground
Leaks: Conti / Trickbot
Conti TrickBot
2022-03-01Twitter (@TheDFIRReport)The DFIR Report
Twitter thread with highlights from conti leaks
Conti
2022-02-28Medium arnozobecArnaud Zobec
Analyzing conti-leaks without speaking russian — only methodology
Conti
2022-02-28Github (TheParmak)TheParmak
conti-leaks-englished
Conti
2022-02-28SophosSean Gallagher
Conti and Karma actors attack healthcare provider at same time through ProxyShell exploits
Conti Karma
2022-02-27The RecordCatalin Cimpanu
Conti ransomware gang chats leaked by pro-Ukraine member
Conti LockBit
2022-02-27Bleeping ComputerLawrence Abrams
Conti ransomware's internal chats leaked after siding with Russia
Conti
2022-02-25Red Hot CyberRed Hot Cyber
Il ransomware Conti si schiera a favore della Russia.
Conti
2022-02-25CyberScoopJoe Warminsky
TrickBot malware suddenly got quiet, researchers say, but it's hardly the end for its operators
BazarBackdoor Emotet TrickBot
2022-02-24The RecordCatalin Cimpanu
TrickBot gang shuts down botnet after months of inactivity
TrickBot
2022-02-24The Hacker NewsRavie Lakshmanan
TrickBot Gang Likely Shifting Operations to Switch to New Malware
BazarBackdoor Emotet QakBot TrickBot
2022-02-24The Hacker NewsRavie Lakshmanan
Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure
BazarBackdoor Emotet TrickBot
2022-02-23AdvIntelVitali Kremez, Yelisey Boguslavskiy
24 Hours From Log4Shell to Local Admin: Deep-Dive Into Conti Gang Attack on Fortune 500 (DFIR)
Cobalt Strike Conti
2022-02-23splunkShannon Davis, SURGe
An Empirically Comparative Analysis of Ransomware Binaries
Avaddon Babuk BlackMatter Conti DarkSide LockBit Maze Mespinoza REvil Ryuk
2022-02-22SophosChester Wisniewski
Cyberthreats during Russian-Ukrainian tensions: what can we learn from history to be prepared?
Conti
2022-02-22Bankinfo SecurityMatthew J. Schwartz
Cybercrime Moves: Conti Ransomware Absorbs TrickBot Malware
Conti TrickBot
2022-02-20Security AffairsPierluigi Paganini
The Conti ransomware group takes over TrickBot malware operation and plans to replace it with BazarBackdoor malware.
Conti TrickBot
2022-02-18Bleeping ComputerIonut Ilascu
Conti ransomware gang takes over TrickBot malware operation
Conti TrickBot
2022-02-16Threat PostTara Seals
TrickBot Ravages Customers of Amazon, PayPal and Other Top Brands
TrickBot
2022-02-16Advanced IntelligenceYelisey Boguslavskiy
The TrickBot Saga’s Finale Has Aired: Spinoff is Already in the Works
TrickBot
2022-02-16Check Point ResearchAliaksandr Trafimchuk, Raman Ladutska
A Modern Ninja: Evasive Trickbot Attacks Customers of 60 High-Profile Companies
TrickBot
2022-02-14Cyware
Ransomware Becomes Deadlier, Conti Makes the Most Money
Conti
2022-02-09DragosAnna Skelton
Dragos ICS/OT Ransomware Analysis: Q4 2021
LockBit Conti LockBit
2022-02-08Intel 471Intel 471
PrivateLoader: The first step in many malware schemes
Dridex Kronos LockBit Nanocore RAT NjRAT PrivateLoader Quasar RAT RedLine Stealer Remcos SmokeLoader STOP Tofsee TrickBot Vidar
2022-02-04Bleeping ComputerSergiu Gatlan
HHS: Conti ransomware encrypted 80% of Ireland's HSE IT systems
Conti
2022-02-02IBMKevin Henson
TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware
BazarBackdoor TrickBot
2022-02-01WiredMatt Burgess
Inside Trickbot, Russia’s Notorious Ransomware Gang
TrickBot
2022-02-01WiredMatt Burgess
Inside Trickbot, Russia’s Notorious Ransomware Gang
TrickBot
2022-01-27CoveWare
Ransomware as a Service Innovation Curve
Conti LockBit
2022-01-27BleepingComputerSergiu Gatlan
Taiwanese Apple and Tesla contractor hit by Conti ransomware
Conti
2022-01-24CyCraftCyCraft AI
The Road to Ransomware Resilience, Part 2: Behavior Analysis
Conti Prometheus WastedLocker
2022-01-24IBMCharlotte Hammond, Itzik Chimino, Limor Kessem, Michael Gal, Segev Fogel
TrickBot Bolsters Layered Defenses to Prevent Injection Research
TrickBot
2022-01-24Kryptos LogicKryptos Logic Vantage Team
Deep Dive into Trickbot's Web Injection
TrickBot
2022-01-19FBIFBI
CU-000161-MW: Indicators of Compromise Associated with Diavol Ransomware
Diavol TrickBot
2022-01-19BlackberryThe BlackBerry Research & Intelligence Team
Kraken the Code on Prometheus
Prometheus Backdoor BlackMatter Cerber Cobalt Strike DCRat Ficker Stealer QakBot REvil Ryuk
2022-01-18Recorded FutureInsikt Group®
2021 Adversary Infrastructure Report
BazarBackdoor Cobalt Strike Dridex IcedID QakBot TrickBot
2022-01-01Silent PushSilent Push
Consequences- The Conti Leaks and future problems
Cobalt Strike Conti
2022-01-01Symposium on Electronic Crime ResearchBenjamin Brown, Damon McCoy, Ian W. Gray, Jack Cable, Vlad Cuiujuclu
Money Over Morals: A Business Analysis of Conti Ransomware
Conti Conti
2021-12-23SymantecSiddhesh Chandrayan
Log4j Vulnerabilities: Attack Insights
Tsunami Conti Dridex Khonsari Orcus RAT TellYouThePass
2021-12-17Advanced IntelligenceVitali Kremez, Yelisey Boguslavskiy
Ransomware Advisory: Log4Shell Exploitation for Initial Access & Lateral Movement
Conti
2021-12-13The DFIR ReportThe DFIR Report
Diavol Ransomware
BazarBackdoor Conti Diavol
2021-12-08Check Point ResearchAliaksandr Trafimchuk, David Driker, Raman Ladutska, Yali Magiel
When old friends meet again: why Emotet chose Trickbot for rebirth
Emotet TrickBot
2021-12-08DarktraceJustin Fier
The double extortion business: Conti Ransomware Gang finds new avenues of negotiation
Conti
2021-12-03GoSecureGoSecure Titan Labs
TrickBot Leverages Zoom Work from Home Interview Malspam, Heaven’s Gate and… Spamhaus?
TrickBot
2021-12-03HSEHSE
Conti cyber attack on the HSE
Conti
2021-12-01Trend MicroTrend Micro
Ransomware Spotlight: Conti
Conti
2021-11-29The DFIR ReportThe DFIR Report
CONTInuing the Bazar Ransomware Story
BazarBackdoor Cobalt Strike Conti
2021-11-18EllipticElliptic Intel
Conti Ransomware Nets at Least $25.5 Million in Four Months
Conti
2021-11-18Red CanaryThe Red Canary Team
Intelligence Insights: November 2021
Andromeda Conti LockBit QakBot Squirrelwaffle
2021-11-18Medium 0xchinaHamad Alnakal
Malware reverse engineering (Ryuk Ransomware)
Ryuk
2021-11-18PRODAFT Threat IntelligencePRODAFT
Conti Ransomware Group In-Depth Analysis
Conti
2021-11-18QualysGhanshyam More
Conti Ransomware
Conti
2021-11-16MalwarebytesMalwarebytes Threat Intelligence Team
TrickBot helps Emotet come back from the dead
Emotet TrickBot
2021-11-16IronNetIronNet Threat Research, Joey Fitzpatrick, Morgan Demboski, Peter Rydzynski
How IronNet's Behavioral Analytics Detect REvil and Conti Ransomware
Cobalt Strike Conti IcedID REvil
2021-11-15TRUESECFabio Viggiani
ProxyShell, QBot, and Conti Ransomware Combined in a Series of Cyberattacks
Cobalt Strike Conti QakBot
2021-11-12Recorded FutureInsikt Group®
The Business of Fraud: Botnet Malware Dissemination
Mozi Dridex IcedID QakBot TrickBot
2021-11-10AT&TJosh Gomez
Stories from the SOC - Powershell, Proxyshell, Conti TTPs OH MY!
Cobalt Strike Conti
2021-11-09CybereasonAleksandar Milenkoski, Eli Salem
THREAT ANALYSIS REPORT: From Shatak Emails to the Conti Ransomware
Cobalt Strike Conti
2021-11-07Marco Ramilli's BlogMarco Ramilli
CONTI Ransomware: Cheat Sheet
Conti
2021-11-02Intel 471Intel 471
Cybercrime underground flush with shipping companies’ credentials
Cobalt Strike Conti
2021-11-02unh4ckCyb3rSn0rlax
Detecting CONTI CobaltStrike Lateral Movement Techniques - Part 2
Cobalt Strike Conti
2021-10-29EuropolEuropol
12 targeted for involvement in ransomware attacks against critical infrastructure
Cobalt Strike Dharma LockerGoga MegaCortex TrickBot
2021-10-29Національна поліція УкраїниНаціональна поліція України
Cyberpolice exposes transnational criminal group in causing $ 120 million in damage to foreign companies
Cobalt Strike Dharma LockerGoga MegaCortex TrickBot
2021-10-28Department of JusticeDepartment of Justice
Indictment: Russian National (Vladimir Dunaev) Extradited to United States to Face Charges for Alleged Role in Cybercriminal Organization
TrickBot
2021-10-28Department of JusticeDepartment of Justice
Russian National (Vladimir Dunaev) Extradited to United States to Face Charges for Alleged Role in Cybercriminal Organization
TrickBot
2021-10-27VinCSSm4n0w4r, Tran Trung Kien
[RE025] TrickBot ... many tricks
TrickBot
2021-10-26unh4ckHamza OUADIA
Detecting CONTI CobaltStrike Lateral Movement Techniques - Part 1
Cobalt Strike Conti
2021-10-25KrebsOnSecurityBrian Krebs
Conti Ransom Gang Starts Selling Access to Victims
Conti
2021-10-22HUNT & HACKETTKrijn de Mik
Advanced IP Scanner: the preferred scanner in the A(P)T toolbox
Conti DarkSide Dharma Egregor Hades REvil Ryuk
2021-10-19KasperskyOleg Kupreev
Trickbot module descriptions
TrickBot
2021-10-13IBMCharlotte Hammond, Ole Villadsen
Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds
BazarBackdoor TrickBot
2021-10-08ZscalerLenart Brave, Tarun Dewan
New Trickbot and BazarLoader campaigns use multiple delivery vectorsi
BazarBackdoor TrickBot
2021-10-07MandiantAdam Brunner, Genevieve Stark, Jennifer Brooks, Jeremy Kennelly, Joshua Shilko, Kimberly Goody, Zach Riddle
FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets
BazarBackdoor GRIMAGENT Ryuk
2021-10-07MandiantMandiant Research Team
FIN12 Group Profile: FIN12 Priotizes Speed to Deploy Ransomware Aginst High-Value Targets
Cobalt Strike Empire Downloader TrickBot
2021-10-05Trend MicroByron Gelera, Fyodor Yarochkin, Janus Agcaoili, Nikko Tamana
Ransomware as a Service: Enabler of Widespread Attacks
Cerber Conti DarkSide Gandcrab Locky Nefilim REvil Ryuk
2021-10-04CiscoTiago Pereira
Threat hunting in large datasets by clustering security events
BazarBackdoor TrickBot
2021-10-04The DFIR ReportThe DFIR Report
BazarLoader and the Conti Leaks
BazarBackdoor Cobalt Strike Conti
2021-10-01HPHP Wolf Security
Threat Insights Report Q3 - 2021
STRRAT CloudEyE NetWire RC Remcos TrickBot Vjw0rm
2021-09-29Advanced IntelligenceVitali Kremez, Yelisey Boguslavskiy
Backup “Removal” Solutions - From Conti Ransomware With Love
Cobalt Strike Conti
2021-09-22CISAUS-CERT
Alert (AA21-265A) Conti Ransomware
Cobalt Strike Conti
2021-09-16RiskIQRiskIQ
Untangling the Spider Web: The Curious Connection Between WIZARD SPIDER’s Ransomware Infrastructure and a Windows Zero-Day Exploit
Cobalt Strike Ryuk
2021-09-14CrowdStrikeCrowdStrike Intelligence Team
Big Game Hunting TTPs Continue to Shift After DarkSide Pipeline Attack
BlackMatter DarkSide REvil Avaddon BlackMatter Clop Conti CryptoLocker DarkSide DoppelPaymer Hades REvil
2021-09-13The DFIR ReportThe DFIR Report
BazarLoader to Conti Ransomware in 32 Hours
BazarBackdoor Cobalt Strike Conti
2021-09-06cocomelonccocomelonc
AV engines evasion for C++ simple malware: part 2
Agent Tesla Amadey Anchor AnchorMTea Carbanak Carberp Cardinal RAT Felixroot Konni Loki Password Stealer (PWS) Maze
2021-09-06Bleeping ComputerLawrence Abrams
TrickBot gang developer arrested when trying to leave Korea
Diavol TrickBot
2021-09-03SophosAnand Ajjan, Andrew Ludgate, Gabor Szappanos, Peter Mackenzie, Sean Gallagher, Sergio Bestulic, Syed Zaidi
Conti affiliates use ProxyShell Exchange exploit in ransomware attacks
Cobalt Strike Conti
2021-09-03Trend MicroMohamad Mokbel
The State of SSL/TLS Certificate Usage in Malware C&C Communications
AdWind ostap AsyncRAT BazarBackdoor BitRAT Buer Chthonic CloudEyE Cobalt Strike DCRat Dridex FindPOS GootKit Gozi IcedID ISFB Nanocore RAT Orcus RAT PandaBanker Qadars QakBot Quasar RAT Rockloader ServHelper Shifu SManager TorrentLocker TrickBot Vawtrak Zeus Zloader
2021-09-02TalosAzim Khodjibaev, Caitlin Huey, David Liebenberg, Dmytro Korzhevin
Translated: Talos' insights from the recently leaked Conti ransomware playbook
Conti
2021-08-19Sekoiasekoia
An insider insights into Conti operations – Part two
Cobalt Strike Conti
2021-08-17Advanced IntelligenceVitali Kremez, Yelisey Boguslavskiy
Hunting for Corporate Insurance Policies: Indicators of [Ransom] Exfiltration
Cobalt Strike Conti
2021-08-17Sekoiasekoia
An insider insights into Conti operations – Part one
Cobalt Strike Conti
2021-08-15SymantecThreat Hunter Team
The Ransomware Threat
Babuk BlackMatter DarkSide Avaddon Babuk BADHATCH BazarBackdoor BlackMatter Clop Cobalt Strike Conti DarkSide DoppelPaymer Egregor Emotet FiveHands FriedEx Hades IcedID LockBit Maze MegaCortex MimiKatz QakBot RagnarLocker REvil Ryuk TrickBot WastedLocker
2021-08-11Advanced IntelligenceVitali Kremez
Secret "Backdoor" Behind Conti Ransomware Operation: Introducing Atera Agent
Cobalt Strike Conti
2021-08-10LIFARSVlad Pasca
A Detailed Analysis of The Last Version of Conti Ransomware
Conti
2021-08-10Youtube (OALabs)OALabs
Leaked Conti Ransomware Playbook - Red Team Reacts
Conti
2021-08-06Threat PostElizabeth Montalbano
Angry Affiliate Leaks Conti Ransomware Gang Playbook
Conti
2021-08-06Sophos Naked SecurityPaul Ducklin
Conti ransomware affiliate goes rogue, leaks “gang data”
Conti
2021-08-05KrebsOnSecurityBrian Krebs
Ransomware Gangs and the Name Game Distraction
DarkSide RansomEXX Babuk Cerber Conti DarkSide DoppelPaymer Egregor FriedEx Gandcrab Hermes Maze RansomEXX REvil Ryuk Sekhmet
2021-08-05The RecordCatalin Cimpanu
Disgruntled ransomware affiliate leaks the Conti gang’s technical manuals
Conti
2021-08-05Twitter (@AltShiftPrtScn)Peter Mackenzie
Tweet on Conti ransomware affiliates using AnyDesk, Atera, Splashtop, Remote Utilities and ScreenConnect to maintain network access
Conti
2021-08-05Bleeping ComputerLawrence Abrams
Angry Conti ransomware affiliate leaks gang's attack playbook
Conti
2021-08-01The DFIR ReportThe DFIR Report
BazarCall to Conti Ransomware via Trickbot and Cobalt Strike
BazarBackdoor Cobalt Strike Conti TrickBot
2021-07-21Twitter (@AltShiftPrtScn)Peter Mackenzie
Tweet on Conti ransomware actor installing AnyDesk for remote access in victim environment
Conti
2021-07-21splunkSplunk Threat Research Team
Detecting Trickbot with Splunk
TrickBot
2021-07-15Kryptos LogicKryptos Logic Vantage Team
Adjusting the Anchor
Anchor
2021-07-12BitdefenderBogdan Botezatu, Radu Tudorica
A Fresh Look at Trickbot’s Ever-Improving VNC Module
TrickBot
2021-07-08SentinelOneAntonio Pirozzi, Idan Weizman
Conti Unpacked: Understanding Ransomware Development as a Response to Detection - A Detailed Technical Analysis
Conti
2021-07-07McAfeeMcAfee Labs
Ryuk Ransomware Now Targeting Webservers
Cobalt Strike Ryuk
2021-07-02The RecordCatalin Cimpanu
TrickBot: New attacks see the botnet deploy new banking module, new ransomware
TrickBot
2021-07-01Kryptos LogicKryptos Logic Vantage Team
TrickBot and Zeus
TrickBot Zeus
2021-07-01DomainToolsChad Anderson
The Most Prolific Ransomware Families: A Defenders Guide
REvil Conti Egregor Maze REvil
2021-07-01FortinetAsaf Rubinfeld, Dor Neemani
Diavol - A New Ransomware Used By Wizard Spider?
Conti Diavol
2021-06-30CynetMax Malyutin
Shelob Moonlight – Spinning a Larger Web From IcedID to CONTI, a Trojan and Ransomware collaboration
Conti IcedID
2021-06-18Palo Alto Networks Unit 42Richard Hickman
Conti Ransomware Gang: An Overview
Conti
2021-06-16ProofpointDaniel Blackford, Garrett M. Graff, Selena Larson
The First Step: Initial Access Leads to Ransomware
BazarBackdoor Egregor IcedID Maze QakBot REvil Ryuk TrickBot WastedLocker TA570 TA575 TA577
2021-06-15Trend MicroByron Gelera, Earle Earnshaw, Janus Agcaoili, Miguel Ang, Nikko Tamana
Ransomware Double Extortion and Beyond: REvil, Clop, and Conti
Clop Conti REvil
2021-06-15vmwareTakahiro Haruyama
Detecting UEFI Bootkits in the Wild (Part 1)
LoJax MosaicRegressor TrickBot
2021-06-09Twitter (@SecurityJoes)SecurityJoes
Tweet on .NET builder of a Ryuk imposter malware
Ryuk
2021-06-07Medium walmartglobaltechJason Reaves, Joshua Platt
Inside the SystemBC Malware-As-A-Service
Ryuk SystemBC TrickBot
2021-06-04The RecordCatalin Cimpanu
US arrests Latvian woman who worked on Trickbot malware source code
TrickBot
2021-06-04Department of JusticeOffice of Public Affairs
Latvian National Charged for Alleged Role in Transnational Cybercrime Organization
TrickBot
2021-06-02CrowdStrikeHeather Smith, Josh Dalman
Under Attack: Protecting Against Conti, DarkSide, REvil and Other Ransomware
DarkSide Conti DarkSide REvil
2021-05-22Youtube (ACPEnw)YouTube (ACPEnw)
Lessons Learned from a Cyber Attack System Admin Perspective
Ryuk
2021-05-20FBIFBI
Alert Number CP-000147-MW: Conti Ransomware Attacks Impact Healthcare and First Responder Networks
Conti
2021-05-19Intel 471Intel 471
Look how many cybercriminals love Cobalt Strike
BazarBackdoor Cobalt Strike Hancitor QakBot SmokeLoader SystemBC TrickBot
2021-05-18The RecordCatalin Cimpanu
Darkside gang estimated to have made over $90 million from ransomware attacks
DarkSide DarkSide Mailto Maze REvil Ryuk
2021-05-18Bleeping ComputerIonut Ilascu
DarkSide ransomware made $90 million in just nine months
DarkSide DarkSide Egregor Gandcrab Mailto Maze REvil Ryuk
2021-05-16NCSC IrelandNCSC Ireland
Ransomware Attack on Health Sector - UPDATE 2021-05-16
Cobalt Strike Conti
2021-05-12The DFIR Report
Conti Ransomware
Cobalt Strike Conti IcedID
2021-05-11Mal-Eatsmal_eats
Campo, a New Attack Campaign Targeting Japan
AnchorDNS BazarBackdoor campoloader Cobalt Strike Phobos Snifula TrickBot Zloader
2021-05-10Mal-Eatsmal_eats
Overview of Campo, a new attack campaign targeting Japan
AnchorDNS BazarBackdoor Cobalt Strike ISFB Phobos TrickBot Zloader
2021-05-10DarkTracerDarkTracer
Intelligence Report on Ransomware Gangs on the DarkWeb: List of victim organizations attacked by ransomware gangs released on the DarkWeb
RansomEXX Avaddon Babuk Clop Conti Cuba DarkSide DoppelPaymer Egregor Hades LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker Nefilim Nemty Pay2Key PwndLocker RagnarLocker Ragnarok RansomEXX REvil Sekhmet SunCrypt ThunderX
2021-05-06Sophos LabsBill Kearney, Kyle Link, Matthew Sharf, Peter Mackenzie, Tilly Travers
MTR in Real Time: Pirates pave way for Ryuk ransomware
Ryuk
2021-05-06Cyborg SecurityBrandon Denker
Ransomware: Hunting for Inhibiting System Backup or Recovery
Avaddon Conti DarkSide LockBit Mailto Maze Mespinoza Nemty PwndLocker RagnarLocker RansomEXX REvil Ryuk Snatch ThunderX
2021-05-05RiskIQKelsey Clapp
Viruses to Violations - TrickBot's Shift in Tactics During the Pandemic
TrickBot
2021-05-02The DFIR ReportThe DFIR Report
Trickbot Brief: Creds and Beacons
Cobalt Strike TrickBot
2021-04-29The Institute for Security and TechnologyThe Institute for Security and Technology
Combating Ransomware A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force
Conti EternalPetya
2021-04-26CoveWareCoveWare
Ransomware Attack Vectors Shift as New Software Vulnerability Exploits Abound
Avaddon Clop Conti DarkSide Egregor LockBit Mailto Phobos REvil Ryuk SunCrypt
2021-04-25Vulnerability.ch BlogCorsin Camichel
Ransomware and Data Leak Site Publication Time Analysis
Avaddon Babuk Clop Conti DarkSide DoppelPaymer Mespinoza Nefilim REvil
2021-04-17Advanced IntelligenceAl Calleo, Vitali Kremez, Yelisey Boguslavskiy
Adversary Dossier: Ryuk Ransomware Anatomy of an Attack in 2021
Ryuk
2021-04-15ProofpointSelena Larson
Threat Actors Pair Tax-Themed Lures With COVID-19, Healthcare Themes
Dridex TrickBot
2021-04-14InfoSec Handlers Diary BlogBrad Duncan
April 2021 Forensic Quiz: Answers and Analysis
Anchor BazarBackdoor Cobalt Strike
2021-04-13MBSDKei Sugawara, Takashi Yoshikawa
Unraveling the internal structure of the Conti Ransomware
Conti
2021-04-07ANALYST1Jon DiMaggio
Ransom Mafia - Analysis of the World's First Ransomware Cartel
Conti Egregor LockBit Maze RagnarLocker SunCrypt VIKING SPIDER
2021-04-07ANALYST1Jon DiMaggio
Ransom Mafia Analysis of the World's First Ransomware Cartel
Conti Egregor LockBit Maze RagnarLocker Ryuk SunCrypt TA2101 VIKING SPIDER
2021-04-06Intel 471Intel 471
EtterSilent: the underground’s new favorite maldoc builder
BazarBackdoor ISFB QakBot TrickBot
2021-04-05Medium walmartglobaltechJason Reaves, Joshua Platt
TrickBot Crews New CobaltStrike Loader
Cobalt Strike TrickBot
2021-03-31KasperskyKaspersky
Financial Cyberthreats in 2020
BetaBot DanaBot Emotet Gozi Ramnit RTM SpyEye TrickBot Zeus
2021-03-31Red CanaryRed Canary
2021 Threat Detection Report
Shlayer Andromeda Cobalt Strike Dridex Emotet IcedID MimiKatz QakBot TrickBot
2021-03-21BlackberryBlackberry Research
2021 Threat Report
Bashlite FritzFrog IPStorm Mirai Tsunami elf.wellmess AppleJeus Dacls EvilQuest Manuscrypt Astaroth BazarBackdoor Cerber Cobalt Strike Emotet FinFisher RAT Kwampirs MimiKatz NjRAT Ryuk SmokeLoader TrickBot
2021-03-17Palo Alto Networks Unit 42Unit42
Ransomware Threat Report 2021
RansomEXX Dharma DoppelPaymer Gandcrab Mailto Maze Phobos RansomEXX REvil Ryuk WastedLocker
2021-03-17CISAUS-CERT
Alert (AA21-076A): TrickBot Malware
TrickBot
2021-03-08The DFIR ReportThe DFIR Report
Bazar Drops the Anchor
Anchor BazarBackdoor Cobalt Strike
2021-03-04NCC GroupOllie Whitehouse
Deception Engineering: exploring the use of Windows Service Canaries against ransomware
Ryuk
2021-03-01CCN-CERTCCN-CERT
Informe Código DañinoCCN-CERT ID-03/21: RyukRansomware
Ryuk
2021-03-01YouTube ( Malware_Analyzing_&_RE_Tips_Tricks)Jiří Vinopal
Ryuk Ransomware - Advanced using of Scylla for Imports reconstruction
Ryuk
2021-03-01Group-IBOleg Skulkin, Roman Rezvukhin, Semyon Rogachev
Ransomware Uncovered 2020/2021
RansomEXX BazarBackdoor Buer Clop Conti DoppelPaymer Dridex Egregor IcedID Maze PwndLocker QakBot RansomEXX REvil Ryuk SDBbot TrickBot Zloader
2021-02-28PWC UKPWC UK
Cyber Threats 2020: A Year in Retrospect
elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team
2021-02-274rchibld4rchibld
Nice to meet you, too. My name is Ryuk.
Ryuk
2021-02-25ANSSICERT-FR
Ryuk Ransomware
BazarBackdoor Buer Conti Emotet Ryuk TrickBot
2021-02-24IBMIBM SECURITY X-FORCE
X-Force Threat Intelligence Index 2021
Emotet QakBot Ramnit REvil TrickBot
2021-02-23CrowdStrikeCrowdStrike
2021 Global Threat Report
RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER
2021-02-22YouTube ( Malware_Analyzing_&_RE_Tips_Tricks)Jiří Vinopal
Ryuk Ransomware API Resolving in 10 minutes
Ryuk
2021-02-16SophosLabs UncutAnand Ajjan, Andrew Brandt
Conti ransomware: Evasive by nature
Conti
2021-02-16ProofpointProofpoint Threat Research Team
Q4 2020 Threat Report: A Quarterly Analysis of Cybersecurity Trends, Tactics and Themes
Emotet Ryuk NARWHAL SPIDER TA800
2021-02-16SophosLabs UncutMichael Heller
A Conti ransomware attack day-by-day
Conti
2021-02-16SophosLabs UncutPeter Mackenzie, Tilly Travers
What to expect when you’ve been hit with Conti ransomware
Conti
2021-02-11CTI LEAGUECTI LEAGUE
CTIL Darknet Report – 2021
Conti Mailto Maze REvil Ryuk
2021-02-08ESET ResearchESET Research
THREAT REPORT Q4 2020
TrickBot
2021-02-04ClearSkyClearSky Research Team
CONTI Modus Operandi and Bitcoin Tracking
Conti Ryuk
2021-02-02CRONUPGermán Fernández
De ataque con Malware a incidente de Ransomware
Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DanaBot Dharma Dridex Egregor Emotet Empire Downloader FriedEx GootKit IcedID MegaCortex Nemty Phorpiex PwndLocker PyXie QakBot RansomEXX REvil Ryuk SDBbot SmokeLoader TrickBot Zloader
2021-02-01Twitter (@IntelAdvanced)Advanced Intelligence
Tweet on Active Directory Exploitation by RYUK "one" group
Ryuk
2021-02-01MicrosoftMicrosoft 365 Defender Threat Intelligence Team
What tracking an attacker email infrastructure tells us about persistent cybercriminal operations
Dridex Emotet Makop Ransomware SmokeLoader TrickBot
2021-02-01Kryptos LogicKryptos Logic Vantage Team
Trickbot masrv Module
TrickBot
2021-01-31The DFIR ReportThe DFIR Report
Bazar, No Ryuk?
BazarBackdoor Cobalt Strike Ryuk
2021-01-28Huntress LabsJohn Hammond
Analyzing Ryuk Another Link in the Cyber Attack Chain
BazarBackdoor Ryuk
2021-01-28Youtube (Virus Bulletin)Benoît Ancel
The Bagsu banker case
Azorult DreamBot Emotet Pony TrickBot ZeusAction
2021-01-26IBMNir Shwarts
TrickBot’s Survival Instinct Prevails — What’s Different About the TrickBoot Version?
TrickBot
2021-01-25Twitter (@IntelAdvanced)Advanced Intelligence
Tweet on Ryuk Ransomware group's post exploitation tactics including usage of Keethief tool
Ryuk
2021-01-20Medium walmartglobaltechJason Reaves, Joshua Platt
Anchor and Lazarus together again?
Anchor TrickBot
2021-01-19Palo Alto Networks Unit 42Brad Duncan
Wireshark Tutorial: Examining Emotet Infection Traffic
Emotet GootKit IcedID QakBot TrickBot
2021-01-17Twitter (@AltShiftPrtScn)Peter Mackenzie
Tweet on Conti Ransomware group exploiting FortiGate VPNs to drop in CobaltStrike loaders
Cobalt Strike Conti
2021-01-12CybereasonLior Rochberger
Cybereason vs. Conti Ransomware
BazarBackdoor Conti
2021-01-11The DFIR ReportThe DFIR Report
Trickbot Still Alive and Well
Cobalt Strike TrickBot
2021-01-09Marco Ramilli's BlogMarco Ramilli
Command and Control Traffic Patterns
ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot
2021-01-07Advanced IntelligenceBrian Carter, HYAS, Vitali Kremez
Crime Laundering Primer: Inside Ryuk Crime (Crypto) Ledger & Risky Asian Crypto Traders
Ryuk
2021-01-06DomainToolsJoe Slowik
Holiday Bazar: Tracking a TrickBot-Related Ransomware Incident
BazarBackdoor TrickBot
2021-01-04SentinelOneMarco Figueroa
Building a Custom Malware Analysis Lab Environment
TrickBot
2021-01-01SecureworksSecureWorks
Threat Profile: GOLD BLACKBURN
Buer Dyre TrickBot WIZARD SPIDER
2020-12-280xC0DECAFEThomas Barabosch
Never upload ransomware samples to the Internet
Ryuk
2020-12-22TRUESECMattias Wåhlén
Collaboration between FIN7 and the RYUK group, a Truesec Investigation
Carbanak Cobalt Strike Ryuk
2020-12-21KEYSIGHT TECHNOLOGIESEdsel Valle
TrickBot: A Closer Look
TrickBot
2020-12-21IronNetAdam Hlavek, Kimberly Ortiz
Russian cyber attack campaigns and actors
WellMail elf.wellmess Agent.BTZ BlackEnergy EternalPetya Havex RAT Industroyer Ryuk Triton WellMess
2020-12-16AccenturePaul Mansfield
Tracking and combatting an evolving danger: Ransomware extortion
DarkSide Egregor Maze Nefilim RagnarLocker REvil Ryuk SunCrypt
2020-12-15Chuongdong blogChuong Dong
Conti Ransomware v2
Conti
2020-12-15Medium 0xthreatintel0xthreatintel
Reversing Conti Ransomware
Conti
2020-12-12Github (cdong1012)Chuong Dong
ContiUnpacker: An automatic unpacker for Conti rasnomware
Conti
2020-12-10CybereasonJoakim Kandefelt
Cybereason vs. Ryuk Ransomware
BazarBackdoor Ryuk TrickBot
2020-12-10US-CERTFBI, MS-ISAC, US-CERT
Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data
PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim REvil Ryuk Zeus
2020-12-10CyberIntCyberInt
Ryuk Crypto-Ransomware
Ryuk TrickBot
2020-12-09CiscoCaitlin Huey, David Liebenberg
Quarterly Report: Incident Response trends from Fall 2020
Cobalt Strike IcedID Maze RansomEXX Ryuk
2020-12-03EclypsiumEclypsium
TrickBot Now Offers ‘TrickBoot’: Persist, Brick, Profit
TrickBot
2020-11-23BitdefenderLiviu Arsene, Radu Tudorica
TrickBot is Dead. Long Live TrickBot!
TrickBot
2020-11-22malware.loveRobert Giczewski
Trickbot tricks again [UPDATE]
TrickBot
2020-11-20ZDNetCatalin Cimpanu
The malware that usually installs ransomware and you need to remove right away
Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DoppelPaymer Dridex Egregor Emotet FriedEx MegaCortex Phorpiex PwndLocker QakBot Ryuk SDBbot TrickBot Zloader
2020-11-20Bleeping ComputerLawrence Abrams
LightBot: TrickBot’s new reconnaissance malware for high-value targets
LightBot TrickBot
2020-11-19ThreatpostElizabeth Montalbano
APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies
Quasar RAT Ryuk
2020-11-18SophosSophos
SOPHOS 2021 THREAT REPORT Navigating cybersecurity in an uncertain world
Agent Tesla Dridex TrickBot Zloader
2020-11-18DomainToolsJoe Slowik
Analyzing Network Infrastructure as Composite Objects
Ryuk
2020-11-18KELAVictoria Kivilevich
Zooming into Darknet Threats Targeting Japanese Organizations
Conti DoppelPaymer Egregor LockBit Maze REvil Snake
2020-11-17Salesforce EngineeringJohn Althouse
Easily Identify Malicious Servers on the Internet with JARM
Cobalt Strike TrickBot
2020-11-17malware.loveRobert Giczewski
Trickbot tricks again
TrickBot
2020-11-17Twitter (@VK_intel)Vitali Kremez
Tweet on a new fileless TrickBot loading method using code from MemoryModule
TrickBot
2020-11-16Intel 471Intel 471
Ransomware-as-a-service: The pandemic within a pandemic
Avaddon Clop Conti DoppelPaymer Egregor Hakbit Mailto Maze Mespinoza RagnarLocker REvil Ryuk SunCrypt ThunderX
2020-11-14Medium 0xastrovaxastrovax
Deep Dive Into Ryuk Ransomware
Hermes Ryuk
2020-11-12Hurricane LabsDusty Miller
Splunking with Sysmon Part 4: Detecting Trickbot
TrickBot
2020-11-10Intel 471Intel 471
Trickbot down, but is it out?
BazarBackdoor TrickBot
2020-11-06Advanced IntelligenceVitali Kremez
Anatomy of Attack: Inside BazarBackdoor to Ryuk Ransomware "one" Group via Cobalt Strike
BazarBackdoor Cobalt Strike Ryuk
2020-11-05Github (scythe-io)SCYTHE
Ryuk Adversary Emulation Plan
Ryuk
2020-11-05SCYTHEJorge Orchilles, Sean Lyngaas
#ThreatThursday - Ryuk
BazarBackdoor Ryuk
2020-11-05Twitter (@ffforward)TheAnalyst
Tweet on Zloader infection leads to Cobaltstrike Installation and deployment of RYUK
Cobalt Strike Ryuk Zloader
2020-11-05The DFIR ReportThe DFIR Report
Ryuk Speed Run, 2 Hours to Ransom
BazarBackdoor Cobalt Strike Ryuk
2020-11-04VMRayGiovanni Vigna
Trick or Threat: Ryuk ransomware targets the health care industry
BazarBackdoor Cobalt Strike Ryuk TrickBot
2020-10-31splunkRyan Kovar
Ryuk and Splunk Detections
Ryuk
2020-10-30CofenseThe Cofense Intelligence Team
The Ryuk Threat: Why BazarBackdoor Matters Most
BazarBackdoor Ryuk
2020-10-30Github (ThreatConnect-Inc)ThreatConnect
UNC 1878 Indicators from Threatconnect
BazarBackdoor Cobalt Strike Ryuk
2020-10-29RiskIQRiskIQ
Ryuk Ransomware: Extensive Attack Infrastructure Revealed
Cobalt Strike Ryuk
2020-10-29Red CanaryThe Red Canary Team
A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak
Cobalt Strike Ryuk TrickBot
2020-10-29Twitter (@anthomsec)Andrew Thompson
Tweet on UNC1878 activity
BazarBackdoor Ryuk TrickBot UNC1878
2020-10-29Twitter (@SophosLabs)SophosLabs
Tweet on similarities between BUER in-memory loader & RYUK in-memory loader
Buer Ryuk
2020-10-29McAfeeMcAfee Labs
McAfee Labs Threat Advisory Ransom-Ryuk
Ryuk
2020-10-29CNNAlex Marquardt, Lauren Mascarenhas, Vivian Salama
Several hospitals targeted in new wave of ransomware attacks
Ryuk
2020-10-29Bleeping ComputerLawrence Abrams
Hacking group is targeting US hospitals with Ryuk ransomware
Ryuk
2020-10-29ReutersChristopher Bing, Joseph Menn
Building wave of ransomware attacks strike U.S. hospitals
Ryuk
2020-10-29Palo Alto Networks Unit 42Brad Duncan, Brittany Barbehenn, Doel Santos
Threat Assessment: Ryuk Ransomware and Trickbot Targeting U.S. Healthcare and Public Health Sector
Anchor BazarBackdoor Ryuk TrickBot
2020-10-28Youtube (SANS Digital Forensics and Incident Response)Aaron Stephens, Katie Nickels, Van Ta
STAR Webcast: Spooky RYUKy: The Return of UNC1878
Ryuk
2020-10-28KrebsOnSecurityBrian Krebs
FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals
Ryuk
2020-10-28Youtube (SANS Institute)Aaron Stephens, Katie Nickels, Van Ta
Spooky RYUKy: The Return of UNC1878 | SANS STAR Webcast
Ryuk UNC1878
2020-10-28Github (aaronst)Aaron Stephens
UNC1878 indicators
Ryuk UNC1878
2020-10-28CISACISA, FBI, HHS
AA20-302A: Ransomware Activity Targeting the Healthcare and Public Health Sector
AnchorDNS Anchor BazarBackdoor Ryuk
2020-10-28SophosLabs UncutAnand Ajjan, Bill Kearny, Brett Cove, Elida Leite, Gabor Szappanos, Peter Mackenzie, Sean Gallagher, Syed Shahram
Hacks for sale: inside the Buer Loader malware-as-a-service
Buer Ryuk Zloader
2020-10-28FireEyeDouglas Bienstock, Jeremy Kennelly, Joshua Shilko, Kimberly Goody, Steve Elovitz
Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser
BazarBackdoor Cobalt Strike Ryuk UNC1878
2020-10-27Bleeping ComputerLawrence Abrams
Steelcase furniture giant hit by Ryuk ransomware attack
Ryuk
2020-10-26ThreatConnectThreatConnect Research Team
ThreatConnect Research Roundup: Ryuk and Domains Spoofing ESET and Microsoft
Ryuk
2020-10-26Arbor NetworksSuweera De Souza
Dropping the Anchor
AnchorDNS Anchor TrickBot
2020-10-26CheckpointEyal Itkin, Itay Cohen
Exploit Developer Spotlight: The Story of PlayBit
Dyre Maze PyLocky Ramnit REvil
2020-10-23HornetsecurityHornetsecurity Security Lab
Leakware-Ransomware-Hybrid Attacks
Avaddon Clop Conti DarkSide DoppelPaymer Mailto Maze Mespinoza Nefilim RagnarLocker REvil Sekhmet SunCrypt
2020-10-22Sentinel LABSMarco Figueroa
An Inside Look at How Ryuk Evolved Its Encryption and Evasion Techniques
Ryuk
2020-10-22Bleeping ComputerLawrence Abrams
French IT giant Sopra Steria hit by Ryuk ransomware
Ryuk
2020-10-20Bundesamt für Sicherheit in der InformationstechnikBSI
Die Lage der IT-Sicherheit in Deutschland 2020
Clop Emotet REvil Ryuk TrickBot
2020-10-20MicrosoftTom Burt
An update on disruption of Trickbot
TrickBot
2020-10-20Intel 471Intel 471
Global Trickbot disruption operation shows promise
TrickBot
2020-10-18The DFIR ReportThe DFIR Report
Ryuk in 5 Hours
BazarBackdoor Cobalt Strike Ryuk
2020-10-16CrowdStrikeThe Crowdstrike Intel Team
WIZARD SPIDER Update: Resilient, Reactive and Resolute
BazarBackdoor Conti Ryuk TrickBot
2020-10-16ThreatConnectThreatConnect Research Team
ThreatConnect Research Roundup: Possible Ryuk Infrastructure
Ryuk
2020-10-16DuoDennis Fisher
Trickbot Up to Its Old Tricks
TrickBot
2020-10-15Intel 471Intel 471
That was quick: Trickbot is back after disruption attempts
TrickBot
2020-10-15Department of JusticeDepartment of Justice
Officials Announce International Operation Targeting Transnational Criminal Organization QQAAZZ that Provided Money Laundering Services to High-Level Cybercriminals
Dridex ISFB TrickBot
2020-10-14SophosSean Gallagher
They’re back: inside a new Ryuk ransomware attack
Cobalt Strike Ryuk SystemBC
2020-10-13VirusTotalGerardo Fernández, Vicente Diaz
Tracing fresh Ryuk campaigns itw
Ryuk
2020-10-12MicrosoftTom Burt
New action to combat ransomware ahead of U.S. elections
Ryuk TrickBot
2020-10-12SymantecThreat Hunter Team
Trickbot: U.S. Court Order Hits Botnet’s Infrastructure
Ryuk TrickBot
2020-10-12Advanced IntelligenceRoman Marshanski, Vitali Kremez
"Front Door" into BazarBackdoor: Stealthy Cybercrime Weapon
BazarBackdoor Cobalt Strike Ryuk
2020-10-12LumenBlack Lotus Labs
A Look Inside The TrickBot Botnet
TrickBot
2020-10-12ESET ResearchJean-Ian Boutin
ESET takes part in global operation to disrupt Trickbot
TrickBot
2020-10-12MicrosoftMicrosoft 365 Defender Threat Intelligence Team
Trickbot disrupted
TrickBot
2020-10-12US District Court for the Eastern District of Virginia
TRICKBOT complaint
TrickBot
2020-10-10The Washington PostEllen Nakashima
Cyber Command has sought to disrupt the world’s largest botnet, hoping to reduce its potential impact on the election
TrickBot
2020-10-08BromiumAlex Holland
Droppers, Downloaders and TrickBot: Detecting a Stealthy COVID-19-themed Campaign using Toolmarks
TrickBot
2020-10-08The DFIR ReportThe DFIR Report
Ryuk’s Return
BazarBackdoor Cobalt Strike Ryuk
2020-10-02Health Sector Cybersecurity Coordination Center (HC3)Health Sector Cybersecurity Coordination Center (HC3)
Report 202010021600: Recent Bazarloader Use in Ransomware Campaigns
BazarBackdoor Cobalt Strike Ryuk TrickBot
2020-10-02KrebsOnSecurityBrian Krebs
Attacks Aimed at Disrupting the Trickbot Botnet
TrickBot
2020-10-01KELAVictoria Kivilevich
To Attack or Not to Attack: Targeting the Healthcare Sector in the Underground Ecosystem
Conti DoppelPaymer Mailto Maze REvil Ryuk SunCrypt
2020-09-29PWC UKAndy Auld
What's behind the increase in ransomware attacks this year?
DarkSide Avaddon Clop Conti DoppelPaymer Dridex Emotet FriedEx Mailto PwndLocker QakBot REvil Ryuk SMAUG SunCrypt TrickBot WastedLocker
2020-09-29MicrosoftMicrosoft
Microsoft Digital Defense Report
Emotet IcedID Mailto Maze QakBot REvil RobinHood TrickBot
2020-09-24Kaspersky LabsKaspersky Lab ICS CERT
Threat landscape for industrial automation systems - H1 2020
Poet RAT Mailto Milum RagnarLocker REvil Ryuk Snake
2020-09-22OSINT FansGabor Szathmari
What Service NSW has to do with Russia?
TrickBot
2020-09-16Intel 471Intel 471
Partners in crime: North Koreans and elite Russian-speaking cybercriminals
TrickBot
2020-09-01Cisco TalosCaitlin Huey, David Liebenberg
Quarterly Report: Incident Response trends in Summer 2020
Cobalt Strike LockBit Mailto Maze Ryuk
2020-08-31cyber.wtf blogLuca Ebach
Trickbot rdpscanDll – Transforming Candidate Credentials for Brute-Forcing RDP Servers
TrickBot
2020-08-25BleepingComputerLawrence Abrams
Ryuk successor Conti Ransomware releases data leak site
Conti
2020-08-20sensecycyberthreatinsider
Global Ransomware Attacks in 2020: The Top 4 Vulnerabilities
Clop Maze REvil Ryuk
2020-08-20CERT-FRCERT-FR
Development of the Activity of the TA505 Cybercriminal Group
AndroMut Bart Clop Dridex FlawedAmmyy FlawedGrace Get2 Locky Marap QuantLoader SDBbot ServHelper tRat TrickBot
2020-08-18AreteArete Incident Response
Is Conti the New Ryuk?
Conti Ryuk
2020-08-09F5 LabsDebbie Walkowski, Remi Cohen
Banking Trojans: A Reference Guide to the Malware Family Tree
BackSwap Carberp Citadel DanaBot Dridex Dyre Emotet Gozi Kronos PandaBanker Ramnit Shylock SpyEye Tinba TrickBot Vawtrak Zeus
2020-08-01Temple UniversityCARE
Critical Infrastructure Ransomware Attacks
CryptoLocker Cryptowall DoppelPaymer FriedEx Mailto Maze REvil Ryuk SamSam WannaCryptor
2020-07-29ESET Researchwelivesecurity
THREAT REPORT Q2 2020
DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos PlugX Pony REvil Socelars STOP Tinba TrickBot WannaCryptor
2020-07-22SentinelOneJason Reaves, Joshua Platt
Enter the Maze: Demystifying an Affiliate Involved in Maze (SNOW)
ISFB Maze TrickBot Zloader
2020-07-20Bleeping ComputerLawrence Abrams
Emotet-TrickBot malware duo is back infecting Windows machines
Emotet TrickBot
2020-07-13JoeSecurityJoe Security
TrickBot's new API-Hammering explained
TrickBot
2020-07-11Advanced IntelligenceVitali Kremez
TrickBot Group Launches Test Module Alerting on Fraud Activity
TrickBot
2020-07-11BleepingComputerLawrence Abrams
TrickBot malware mistakenly warns victims that they are infected
TrickBot
2020-07-08VMWare Carbon BlackBrian Baskin
TAU Threat Discovery: Conti Ransomware
Conti
2020-07-06NTTSecurity division of NTT Ltd.
TrickBot variant “Anchor_DNS” communicating over DNS
AnchorDNS TrickBot
2020-06-23Bleeping ComputerIonut Ilascu
Ryuk ransomware deployed two weeks after Trickbot infection
Ryuk
2020-06-22Sentinel LABSJason Reaves, Joshua Platt
Inside a TrickBot Cobalt Strike Attack Server
Cobalt Strike TrickBot
2020-06-22CERT-FRCERT-FR
Évolution De Lactivité du Groupe Cybercriminel TA505
Amadey AndroMut Bart Clop Dridex FlawedGrace Gandcrab Get2 GlobeImposter Jaff Locky Marap Philadephia Ransom QuantLoader Scarab Ransomware SDBbot ServHelper Silence tRat TrickBot
2020-06-17Youtube (Red Canary)Adam Pennington, David Kaplan, Erika Noerenberg, Matt Graeber
ATT&CK® Deep Dive: Process Injection
ISFB Ramnit TrickBot
2020-06-15FortinetFred Gutierrez, Val Saengphaibul
Global Malicious Spam Campaign Using Black Lives Matter as a Lure
TrickBot
2020-06-15Cisco TalosCaitlin Huey, David Liebenberg
Quarterly report: Incident Response trends in Summer 2020
Ryuk
2020-06-12HornetsecuritySecurity Lab
Trickbot Malspam Leveraging Black Lives Matter as Lure
TrickBot
2020-06-11CofenseJason Meurer
All You Need Is Text: Second Wave
TrickBot
2020-06-02Lastline LabsJames Haughom, Stefano Ortolani
Evolution of Excel 4.0 Macro Weaponization
Agent Tesla DanaBot ISFB TrickBot Zloader
2020-05-28Palo Alto Networks Unit 42Brad Duncan
Goodbye Mworm, Hello Nworm: TrickBot Updates Propagation Module
TrickBot
2020-05-21Intel 471Intel 471
A brief history of TA505
AndroMut Bart Dridex FlawedAmmyy FlawedGrace Gandcrab Get2 GlobeImposter Jaff Kegotip Locky Necurs Philadephia Ransom Pony QuantLoader Rockloader SDBbot ServHelper Shifu Snatch TrickBot
2020-05-19AlienLabsOfer Caspi
TrickBot BazarLoader In-Depth
Anchor BazarBackdoor TrickBot
2020-05-14SentinelOneJason Reaves
Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant
TrickBot
2020-05-05N1ght-W0lf BlogAbdallah Elshinbary
Deep Analysis of Ryuk Ransomware
Ryuk
2020-04-19SecurityLiterateKyle Cucci
Reversing Ryuk: A Technical Analysis of Ryuk Ransomware
Ryuk
2020-04-14Intel 471Intel 471
Understanding the relationship between Emotet, Ryuk and TrickBot
Emotet Ryuk TrickBot
2020-04-14IntrinsecJean Bichet
Deobfuscating and hunting for OSTAP, Trickbot’s dropper and best friend
ostap TrickBot
2020-04-09ZscalerAbhay Yadav, Atinderpal Singh
TrickBot Emerges with a Few New Tricks
TrickBot
2020-04-08SecureworksCounter Threat Unit ResearchTeam
How Cyber Adversaries are Adapting to Exploit the Global Pandemic
GOLD SOUTHFIELD TA2101 TA505 WIZARD SPIDER
2020-04-08SentinelOneJason Reaves
Deep Dive Into TrickBot Executor Module “mexec”: Hidden “Anchor” Bot Nexus Operations
Anchor TrickBot
2020-04-07SecurityIntelligenceOle Villadsen
ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework
More_eggs Anchor TrickBot
2020-04-01CiscoAndrea Kaiser, Shyam Sundar Ramaswami
Navigating Cybersecurity During a Pandemic: Latest Malware and Threat Actors
Azorult CloudEyE Formbook KPOT Stealer Metamorfo Nanocore RAT NetWire RC TrickBot
2020-03-31FireEyeAaron Stephens, Van Ta
It’s Your Money and They Want It Now - The Cycle of Adversary Pursuit
Ryuk TrickBot UNC1878
2020-03-31Cisco TalosChris Neal
Trickbot: A primer
TrickBot
2020-03-30IntezerMichael Kajiloti
Fantastic payloads and where we find them
Dridex Emotet ISFB TrickBot
2020-03-25Wilbur SecurityJW
Trickbot to Ryuk in Two Hours
Cobalt Strike Ryuk TrickBot
2020-03-18BitdefenderAlexandru Maximciuc, Cristina Vatamanu, Liviu Arsene, Radu Tudorica
New TrickBot Module Bruteforces RDP Connections, Targets Select Telecommunication Services in US and Hong Kong
TrickBot
2020-03-09FortinetXiaopeng Zhang
New Variant of TrickBot Being Spread by Word Document
TrickBot
2020-03-05MicrosoftMicrosoft Threat Protection Intelligence Team
Human-operated ransomware attacks: A preventable disaster
Dharma DoppelPaymer Dridex EternalPetya Gandcrab Hermes LockerGoga MegaCortex MimiKatz REvil RobinHood Ryuk SamSam TrickBot WannaCryptor PARINACOTA
2020-03-04Bleeping ComputerLawrence Abrams
Ryuk Ransomware Attacked Epiq Global Via TrickBot Infection
Ryuk TrickBot
2020-03-04CrowdStrikeCrowdStrike
2020 CrowdStrike Global Threat Report
MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER
2020-03-03PWC UKPWC UK
Cyber Threats 2019:A Year in Retrospect
KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA Sea Turtle
2020-03-02c'tChristian Wölbert
Was Emotet anrichtet – und welche Lehren die Opfer daraus ziehen
Emotet Ryuk
2020-02-28MorphisecMichael Gorelik
Trickbot Delivery Method Gets a New Upgrade Focusing on Windows 10
TrickBot
2020-02-26SentinelOneJason Reaves
Revealing the Trick | A Deep Dive into TrickLoader Obfuscation
TrickBot
2020-02-25RSA ConferenceJoel DeCapua
Feds Fighting Ransomware: How the FBI Investigates and How You Can Help
FastCash Cerber Defray Dharma FriedEx Gandcrab GlobeImposter Mamba Phobos Rapid Ransom REvil Ryuk SamSam Zeus
2020-02-19FireEyeFireEye
M-Trends 2020
Cobalt Strike Grateful POS LockerGoga QakBot TrickBot
2020-02-18Sophos LabsLuca Nagy
Nearly a quarter of malware now communicates using TLS
Dridex IcedID TrickBot
2020-02-13QianxinQi Anxin Threat Intelligence Center
APT Report 2019
Chrysaor Exodus Dacls VPNFilter DNSRat Griffon KopiLuwak More_eggs SQLRat AppleJeus BONDUPDATER Agent.BTZ Anchor AndroMut AppleJeus BOOSTWRITE Brambul Carbanak Cobalt Strike Dacls DistTrack DNSpionage Dtrack ELECTRICFISH FlawedAmmyy FlawedGrace Get2 Grateful POS HOPLIGHT Imminent Monitor RAT jason Joanap KerrDown KEYMARBLE Lambert LightNeuron LoJax MiniDuke PolyglotDuke PowerRatankba Rising Sun SDBbot ServHelper Snatch Stuxnet TinyMet tRat TrickBot Volgmer X-Agent Zebrocy
2020-02-13Quick HealGoutam Tripathy
A Deep Dive Into Wakeup On Lan (WoL) Implementation of Ryuk
Ryuk
2020-02-12VMWare Carbon BlackAC, Rachel E. King
Ryuk Ransomware Technical Analysis
Ryuk
2020-02-10MalwarebytesAdam Kujawa, Chris Boyd, David Ruiz, Jérôme Segura, Jovi Umawing, Nathan Collier, Pieter Arntz, Thomas Reed, Wendy Zamora
2020 State of Malware Report
magecart Emotet QakBot REvil Ryuk TrickBot WannaCryptor
2020-01-30Bleeping ComputerLawrence Abrams
TrickBot Uses a New Windows 10 UAC Bypass to Launch Quietly
TrickBot
2020-01-30MorphisecArnold Osipov
Trickbot Trojan Leveraging a New Windows 10 UAC Bypass
TrickBot
2020-01-29ANSSIANSSI
État de la menace rançongiciel
Clop Dharma FriedEx Gandcrab LockerGoga Maze MegaCortex REvil RobinHood Ryuk SamSam
2020-01-29ZDNetCatalin Cimpanu
DOD contractor suffers ransomware infection
Ryuk
2020-01-29Bleeping ComputerLawrence Abrams
Malware Tries to Trump Security Software With POTUS Impeachment
TrickBot
2020-01-27T-SystemsT-Systems
Vorläufiger forensischer Abschlussbericht zur Untersuchung des Incidents beim Berliner Kammergericht
Emotet TrickBot
2020-01-24Bleeping ComputerLawrence Abrams
New Ryuk Info Stealer Targets Government and Military Secrets
Ryuk
2020-01-24ReversingLabsRobert Simmons
Hunting for Ransomware
Ryuk
2020-01-23Bleeping ComputerLawrence Abrams
TrickBot Now Steals Windows Active Directory Credentials
TrickBot
2020-01-17Ken Sajo, Yasuhiro Takeda, Yusuke Niwa
Battle Against Ursnif Malspam Campaign targeting Japan
Cutwail ISFB TrickBot UrlZone
2020-01-17SecureworksKeita Yamazaki, Tamada Kiyotaka, You Nakatsuru
Is It Wrong to Try to Find APT Techniques in Ransomware Attack?
Defray Dharma FriedEx Gandcrab GlobeImposter Matrix Ransom MedusaLocker Phobos REvil Ryuk SamSam Scarab Ransomware
2020-01-16Bleeping ComputerLawrence Abrams
TrickBot Now Uses a Windows 10 UAC Bypass to Evade Detection
TrickBot
2020-01-14Bleeping ComputerLawrence Abrams
Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices
Ryuk
2020-01-10CSISCSIS
Threat Matrix H1 2019
Gustuff magecart Emotet Gandcrab Ramnit TrickBot
2020-01-09SentinelOneJason Reaves, Joshua Platt, Vitali Kremez
Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets
TrickBot WIZARD SPIDER
2020-01-01SecureworksSecureWorks
GOLD BLACKBURN
Dyre TrickBot
2020-01-01SecureworksSecureWorks
GOLD SWATHMORE
GlobeImposter Gozi IcedID TrickBot LUNAR SPIDER
2020-01-01SecureworksSecureWorks
GOLD ULRICK
Empire Downloader Ryuk TrickBot WIZARD SPIDER
2020-01-01BlackberryBlackberry Research
State of Ransomware
Maze MedusaLocker Nefilim Phobos REvil Ryuk STOP
2019-12-26Bleeping ComputerLawrence Abrams
Ryuk Ransomware Stops Encrypting Linux Folders
Ryuk
2019-12-21DecryptAdriana Hamacher
How ransomware exploded in the age of Bitcoin
Ryuk
2019-12-19MalwarebytesJovi Umawing
Threat spotlight: the curious case of Ryuk ransomware
Ryuk
2019-12-15Bleeping ComputerLawrence Abrams
Ryuk Ransomware Likely Behind New Orleans Cyberattack
Ryuk
2019-12-12FireEyeChi-en Shen, Oleg Bondarenko
Cyber Threat Landscape in Japan – Revealing Threat in the Shadow
Cerberus TSCookie Cobalt Strike Dtrack Emotet Formbook IcedID Icefog IRONHALO Loki Password Stealer (PWS) PandaBanker PLEAD poisonplug TrickBot BlackTech
2019-12-11CybereasonAssaf Dahan, Eli Salem, Lior Rochberger, Mary Zhao, Matt Hart, Niv Yona, Omer Yampel
Dropping Anchor: From a TrickBot Infection to the Discovery of the Anchor Malware
Anchor WIZARD SPIDER
2019-12-10Sentinel LABSJason Reaves, Joshua Platt, Vitali Kremez
Anchor Project | The Deadly Planeswalker: How The TrickBot Group United High-Tech Crimeware & APT
Anchor
2019-12-09EmsisoftEmsiSoft Malware Lab
Caution! Ryuk Ransomware decryptor damages larger files, even if you pay
Ryuk
2019-12-09Palo Alto Networks Unit 42Brittany Ash, Bryan Lee, Mike Harbison
TrickBot Campaign Uses Fake Payroll Emails to Conduct Phishing Attacks
TrickBot
2019-11-27Twitter (@Prosegur)Prosegur
Tweet on Incident of Information Security
Ryuk
2019-11-22Palo Alto Networks Unit 42Brad Duncan
Trickbot Updates Password Grabber Module
TrickBot
2019-11-13CrowdStrikeJason Rivera, Jen Ayers
Through the Eyes of the Adversary
TrickBot CLOCKWORK SPIDER
2019-11-08Palo Alto Networks Unit 42Brad Duncan
Wireshark Tutorial: Examining Trickbot Infections
TrickBot
2019-11-06Heise SecurityThomas Hungenberg
Emotet, Trickbot, Ryuk – ein explosiver Malware-Cocktail
Emotet Ryuk TrickBot
2019-11-05Information AgeDavid Braue
Hospital cyberattack could have been avoided
Ryuk
2019-11-01CCN-CERTCCN-CERT
Informe Código Dañino CCN-CERT ID-26/19
Ryuk
2019-11-01CrowdStrikeAlexander Hanel, Brett Stone-Gross
WIZARD SPIDER Adds New Features to Ryuk for Targeting Hosts on LAN
Ryuk WIZARD SPIDER
2019-10-29SneakyMonkey BlogSneakyMonkey
TRICKBOT - Analysis Part II
TrickBot
2019-10-24Sentinel LABSVitali Kremez
How TrickBot Malware Hooking Engine Targets Windows 10 Browsers
TrickBot
2019-10-18NTTNTT Security
TrickBot variant “Anchor_DNS” communicating over DNS
Anchor
2019-09-25GovCERT.chGovCERT.ch
Trickbot - An analysis of data collected from the botnet
TrickBot
2019-09-09McAfeeChintan Shah, Marc Rivero López, Thomas Roccia
Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study
Cutwail Dridex Dyre Kovter Locky Phorpiex Simda
2019-08-27SecureworksCTU Research Team
TrickBot Modifications Target U.S. Mobile Users
TrickBot WIZARD SPIDER
2019-08-26InQuestJosiah Smith
Memory Analysis of TrickBot
TrickBot
2019-08-05Trend MicroMichael Jhon Ofiaza, Noel Anthony Llimos
Latest Trickbot Campaign Delivered via Highly Obfuscated JS File
ostap TrickBot
2019-07-12DeepInstinctShaul Vilkomir-Preisman
TrickBooster – TrickBot’s Email-Based Infection Module
TrickBot
2019-07-11NTT SecurityNTT Security
Targeted TrickBot activity drops 'PowerBrace' backdoor
PowerBrace TrickBot
2019-06-04SlideShareVitali Kremez
Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vitali Kremez
TrickBot
2019-05-22sneakymonk3y (Mark)
TRICKBOT - Analysis
TrickBot
2019-05-09GovCERT.chGovCERT.ch
Severe Ransomware Attacks Against Swiss SMEs
Emotet LockerGoga Ryuk TrickBot
2019-05-02CERT.PLMichał Praszmo
Detricking TrickBot Loader
TrickBot
2019-04-05FireEyeAlex Pennino, Andrew Thompson, Ben Fedore, Brendan McKeague, Douglas Bienstock, Geoff Ackerman, Van Ta
Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware
LockerGoga Ryuk FIN6
2019-04-05Medium vishal_thakurVishal Thakur
Trickbot — a concise treatise
TrickBot
2019-04-02CybereasonLior Rochberger, Matan Zatz, Noa Pinkas
Triple Threat: Emotet Deploys Trickbot to Steal Data & Spread Ryuk
Ryuk TrickBot
2019-03-26ANSSIANSSI
INFORMATIONS CONCERNANTLES RANÇONGICIELSLOCKERGOGA ET RYUK
Ryuk
2019-03-20CrowdStrikeBrendon Feeley, Brett Stone-Gross
New Evidence Proves Ongoing WIZARD SPIDER / LUNAR SPIDER Collaboration
LUNAR SPIDER WIZARD SPIDER
2019-03-05PepperMalware BlogPepper Potts
Quick Analysis of a Trickbot Sample with NSA's Ghidra SRE Framework
TrickBot
2019-02-15CrowdStrikeBex Hartley, Brendon Feeley
“Sin”-ful SPIDERS: WIZARD SPIDER and LUNAR SPIDER Sharing the Same Web
Dyre IcedID TrickBot Vawtrak LUNAR SPIDER WIZARD SPIDER
2019-02-12Trend MicroTrend Micro
Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire
TrickBot
2019-01-11FireEyeChristopher Glyer, Jaideep Natu, Jeremy Kennelly, Kimberly Goody
A Nasty Trick: From Credential Theft Malware to Business Disruption
Ryuk TrickBot GRIM SPIDER WIZARD SPIDER
2019-01-10CrowdStrikeAlexander Hanel
Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware
Ryuk GRIM SPIDER MUMMY SPIDER STARDUST CHOLLIMA WIZARD SPIDER
2019-01-09McAfeeChristiaan Beek, John Fokker
Ryuk Ransomware Attack: Rush to Attribution Misses the Point
Ryuk
2019-01-01Virus BulletinGabriela Nicolao, Luciano Martins
Shinigami's Revenge: The Long Tail of Ryuk Malware
Ryuk
2018-12-29Los Angeles TimesEmily Alpert Reyes, Meg James, Tony Barboza
Malware attack disrupts delivery of L.A. Times and Tribune papers across the U.S.
Ryuk
2018-12-12SecureDataWicus Ross
The TrickBot and MikroTik connection
TrickBot
2018-12-05VIPREVIPRE Labs
Trickbot’s Tricks
TrickBot
2018-11-12Malwarebyteshasherezade
What’s new in TrickBot? Deobfuscating elements
TrickBot
2018-11-08FortinetXiaopeng Zhang
Deep Analysis of TrickBot New Module pwgrab
TrickBot
2018-11-01Trend MicroCarl Maverick Pascual, Noel Anthony Llimos
Trickbot Shows Off New Trick: Password Grabber Module
TrickBot
2018-08-20Check PointBen Herzog, Itay Cohen
Ryuk Ransomware: A Targeted Campaign Break-Down
Ryuk
2018-08-14CyberbitHod Gavriel
Latest Trickbot Variant has New Tricks Up Its Sleeve
TrickBot
2018-07-03Talos IntelligenceBen Baker, Holger Unterbrink
Smoking Guns - Smoke Loader learned new tricks
SmokeLoader TrickBot
2018-06-20OALabs
Unpacking and Extracting TrickBot Malware Configuration With x64dbg and Python
TrickBot
2018-06-13Github (JR0driguezB)Jorge Rodriguez
TrickBot config files
TrickBot
2018-04-16Random REsysopfb
TrickBot & UACME
TrickBot
2018-04-03Vitali Kremez BlogVitali Kremez
Let's Learn: Trickbot Implements Network Collector Module Leveraging CMD, WMI & LDAP
TrickBot
2018-03-31Youtube (hasherezade)hasherezade
Deobfuscating TrickBot's strings with libPeConv
TrickBot
2018-03-27Trend MicroTrendmicro
Evolving Trickbot Adds Detection Evasion and Screen-Locking Features
TrickBot
2018-03-21WebrootJason Davison
TrickBot Banking Trojan Adapts with New Module
TrickBot
2018-02-15SecurityIntelligenceLimor Kessem, Magal Baz, Ophir Harpaz
TrickBot’s Cryptocurrency Hunger: Tricking the Bitcoin Out of Wallets
TrickBot
2018-02-01Malware Traffic AnalysisBrad Duncan
Quick Test Drive of Trickbot (It now has a Monero Module)
TrickBot
2017-12-30Youtube (hasherezade)hasherezade
Unpacking TrickBot with PE-sieve
TrickBot
2017-12-19Vitali Kremez BlogVitali Kremez
Let's Learn: Introducing New Trickbot LDAP "DomainGrabber" Module
TrickBot
2017-11-22FlashpointVitali Kremez
Trickbot Gang Evolves, Incorporates Account Checking Into Hybrid Attack Model
TrickBot
2017-11-21Vitali Kremez
Let's Learn: Trickbot Socks5 Backconnect Module In Detail
TrickBot
2017-10-06BluelivBlueliv
TrickBot banking trojan using EFLAGS as an anti-hook technique
TrickBot
2017-08-01MalwarebytesMalwarebytes Labs
TrickBot comes up with new tricks: attacking Outlook and browsing data
TrickBot
2017-07-27FlashpointFlashpoint
New Version of “Trickbot” Adds Worm Propagation Module
TrickBot
2017-07-01Ring Zero LabsRing Zero Labs
TrickBot Banking Trojan - DOC00039217.doc
TrickBot
2017-06-15F5Doron Voolf, Jesse Smith, Sara Boddy
Trickbot Expands Global Targets Beyond Banks and Payment Processors to CRMs
TrickBot
2017-06-12Security Art WorkJoséMiguel Holguín, Marc Salinas
Evolución de Trickbot
TrickBot
2017-05-26PWCBart Parys
TrickBot’s bag of tricks
TrickBot
2017-05-15SecureworksCounter Threat Unit ResearchTeam
Evolution of the GOLD EVERGREEN Threat Group
CryptoLocker Dridex Dyre Gameover P2P Murofet TrickBot Zeus GOLD EVERGREEN
2017-05-04ForbesThomas Brewster
Behind The Mystery Of Russia's 'Dyre' Hackers Who Stole Millions From American Business
Dyre
2017-03-01FraudWatch InternationalFraudWatch International
How Does the Trickbot Malware Work?
TrickBot
2016-12-07BotconfJoshua Adams
The TrickBot Evolution
TrickBot
2016-12-06FortinetXiaopeng Zhang
Deep Analysis of the Online Banking Botnet TrickBot
TrickBot
2016-11-09Lior Keshet
Tricks of the Trade: A Deeper Look Into TrickBot’s Machinations
TrickBot
2016-11-07F5 LabsAnna Dorfman, Julia Karpin, Shaul Vilkomir-Preisman
Little Trickbot Growing Up: New Campaign
TrickBot
2016-10-25NetScoutASERT Team
TrickBot Banker Insights
Godzilla Loader TrickBot
2016-10-24MalwarebytesMalwarebytes Labs
Introducing TrickBot, Dyreza’s successor
TrickBot
2016-10-15Fidelis CybersecurityThreat Research Team
TrickBot: We Missed you, Dyre
TrickBot
2015-11-04Malwarebyteshasherezade
A Technical Look At Dyreza
Dyre
2015-10-26BluelivBlueliv
Chasing cybercrime: network insights of Dyre and Dridex Trojan bankers
Dridex Dyre
2015-07-07FireEyeSudeep Singh, Yu Wang
Dyre Banking Trojan Exploits CVE-2015-0057
Dyre
2014-12-17SecureworksBrett Stone-Gross, Pallav Khandhar
Dyre Banking Trojan
Dyre Vawtrak WIZARD SPIDER

Credits: MISP Project