| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Wizard Spider is reportedly associated with Grim Spider and Lunar Spider. The WIZARD SPIDER threat group is the Russia-based operator of the TrickBot banking malware. This group represents a growing criminal enterprise of which GRIM SPIDER appears to be a subset. The LUNAR SPIDER threat group is the Eastern European-based operator and developer of the commodity banking malware called BokBot (aka IcedID), which was first observed in April 2017. The BokBot malware provides LUNAR SPIDER affiliates with a variety of capabilities to enable credential theft and wire fraud, through the use of webinjects and a malware distribution function. GRIM SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER, a criminal enterprise of which GRIM SPIDER appears to be a cell. The WIZARD SPIDER threat group, known as the Russia-based operator of the TrickBot banking malware, had focused primarily on wire fraud in the past.
| 2024-06-05
⋅
S-RM
⋅
Exmatter malware levels up: S-RM observes new variant with simultaneous remote code execution and data targeting BlackCat BlackMatter Conti ExMatter LockBit REvil Ryuk |
| 2024-05-30
⋅
Europol
⋅
Largest ever operation against botnets hits dropper malware ecosystem BumbleBee IcedID SmokeLoader SystemBC TrickBot |
| 2024-05-01
⋅
Natto Thoughts
⋅
Ransom-War: Russian Extortion Operations as Hybrid Warfare, Part One Clop Conti Maze TrickBot |
| 2024-04-10
⋅
0ffset Blog
⋅
Resolving Stack Strings with Capstone Disassembler & Unicorn in Python Conti |
| 2023-12-01
⋅
The Record
⋅
Russian developer of Trickbot malware pleads guilty, faces 35-year sentence TrickBot |
| 2023-11-26
⋅
Medium shaddy43
⋅
From Infection to Encryption: Tracing the Impact of RYUK Ransomware Ryuk |
| 2023-10-03
⋅
Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more) LockBit LockBit Conti LockBit |
| 2023-09-12
⋅
⋅
ANSSI
⋅
FIN12: A Cybercriminal Group with Multiple Ransomware BlackCat Cobalt Strike Conti Hive MimiKatz Nokoyawa Ransomware PLAY Royal Ransom Ryuk SystemBC |
| 2023-09-07
⋅
Department of Justice
⋅
Multiple Foreign Nationals Charged in Connection with Trickbot Malware and Conti Ransomware Conspiracies Conti Conti TrickBot |
| 2023-08-30
⋅
Nisos
⋅
Trickbot in Light of Trickleaks Data TrickBot |
| 2023-07-27
⋅
Bankinfo Security
⋅
Are Akira Ransomware's Crypto-Locking Malware Days Numbered? Akira Ryuk |
| 2023-07-26
⋅
Arctic Wolf
⋅
Conti and Akira: Chained Together Akira Conti |
| 2023-06-27
⋅
SecurityIntelligence
⋅
The Trickbot/Conti Crypters: Where Are They Now? Black Basta Conti Mount Locker PhotoLoader Royal Ransom SystemBC TrickBot |
| 2023-06-17
⋅
Github (EmissarySpider)
⋅
ransomware-descendants Babuk Conti LockBit |
| 2023-06-08
⋅
VMRay
⋅
Busy Bees - The Transformation of BumbleBee BumbleBee Cobalt Strike Conti Meterpreter Sliver |
| 2023-03-10
⋅
Medium walmartglobaltech
⋅
From Royal With Love Cobalt Strike Conti PLAY Royal Ransom Somnia |
| 2023-02-10
⋅
cocomelonc
⋅
Malware analysis: part 8. Yara rule example for MurmurHash2. MurmurHash2 in Conti ransomware Conti |
| 2023-02-09
⋅
U.S. Department of the Treasury
⋅
United States and United Kingdom Sanction Members of Russia-Based Trickbot Cybercrime Gang TrickBot |
| 2023-02-01
⋅
Security Affairs
⋅
New LockBit Green ransomware variant borrows code from Conti ransomware Conti LockBit |
| 2023-01-30
⋅
Checkpoint
⋅
Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted Malware Agent Tesla Azorult Buer Cerber Cobalt Strike Emotet Formbook HawkEye Keylogger Loki Password Stealer (PWS) Maze NetWire RC Remcos REvil TrickBot |
| 2023-01-04
⋅
Malware development tricks: part 26. Mutex. C++ example. AsyncRAT Conti HelloKitty |
| 2022-12-27
⋅
Palo Alto Networks Unit 42
⋅
Navigating the Vast Ocean of Sandbox Evasions TrickBot Zebrocy |
| 2022-12-06
⋅
EuRepoC
⋅
Conti/Wizard Spider BazarBackdoor Cobalt Strike Conti Emotet IcedID Ryuk TrickBot WIZARD SPIDER |
| 2022-11-21
⋅
Palo Alto Networks Unit 42
⋅
Threat Assessment: Luna Moth Callback Phishing Campaign BazarBackdoor Conti |
| 2022-10-31
⋅
paloalto Netoworks: Unit42
⋅
Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure Dridex Kronos TrickBot Zeus |
| 2022-09-20
⋅
vmware
⋅
Threat Report: Illuminating Volume Shadow Deletion Conti HelloKitty |
| 2022-09-13
⋅
AdvIntel
⋅
AdvIntel's State of Emotet aka "SpmTools" Displays Over Million Compromised Machines Through 2022 Conti Cobalt Strike Emotet Ryuk TrickBot |
| 2022-09-07
⋅
Intel 471
⋅
Conti vs. Monti: A Reinvention or Just a Simple Rebranding? Conti |
| 2022-09-07
⋅
Blackberry
⋅
The Curious Case of “Monti” Ransomware: A Real-World Doppelganger Conti MimiKatz Veeam Dumper |
| 2022-08-31
⋅
Fourcore
⋅
Ryuk Ransomware: History, Timeline, And Adversary Simulation Ryuk |
| 2022-08-22
⋅
Microsoft
⋅
Extortion Economics - Ransomware’s new business model BlackCat Conti Hive REvil AgendaCrypt Black Basta BlackCat Brute Ratel C4 Cobalt Strike Conti Hive Mount Locker Nokoyawa Ransomware REvil Ryuk |
| 2022-08-18
⋅
IBM
⋅
From Ramnit To Bumblebee (via NeverQuest): Similarities and Code Overlap Shed Light On Relationships Between Malware Developers BumbleBee Karius Ramnit TrickBot Vawtrak |
| 2022-08-15
⋅
SentinelOne
⋅
Detecting a Rogue Domain Controller – DCShadow Attack MimiKatz TrickBot |
| 2022-08-10
⋅
Avast Decoded
⋅
Avast Q2/2022 Threat Report: Farewell to Conti, Zloader, and Maldocs; Hello Resurrection of Raccoon Stealer, and more Ransomware Attacks Conti Raccoon RecordBreaker Zloader Caramel Tsunami |
| 2022-08-03
⋅
Palo Alto Networks Unit 42
⋅
Flight of the Bumblebee: Email Lures and File Sharing Services Lead to Malware BazarBackdoor BumbleBee Cobalt Strike Conti |
| 2022-08-02
⋅
Recorded Future
⋅
Initial Access Brokers Are Key to Rise in Ransomware Attacks Azorult BlackMatter Conti Mars Stealer Raccoon RedLine Stealer Taurus Stealer Vidar |
| 2022-07-20
⋅
Kaspersky
⋅
Luna and Black Basta — new ransomware for Windows, Linux and ESXi Black Basta Conti |
| 2022-06-23
⋅
Trellix
⋅
The Sound of Malware Conti VHD Ransomware |
| 2022-06-23
⋅
Kaspersky
⋅
The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs (Download Form) BlackByte BlackCat Clop Conti Hive LockBit Mespinoza RagnarLocker |
| 2022-06-15
⋅
ThreatStop
⋅
First Conti, then Hive: Costa Rica gets hit with ransomware again Conti Hive Conti Hive |
| 2022-06-15
⋅
AttackIQ
⋅
Attack Graph Emulating the Conti Ransomware Team’s Behaviors BazarBackdoor Conti TrickBot |
| 2022-06-02
⋅
Eclypsium
⋅
Conti Targets Critical Firmware Conti HermeticWiper TrickBot WhisperGate |
| 2022-05-24
⋅
The Hacker News
⋅
Malware Analysis: Trickbot Cobalt Strike Conti Ryuk TrickBot |
| 2022-05-23
⋅
Trend Micro
⋅
LockBit, Conti, and BlackCat Lead Pack Amid Rise in Active RaaS and Extortion Groups: Ransomware in Q1 2022 (PDF) BlackCat Conti LockBit |
| 2022-05-23
⋅
Trend Micro
⋅
LockBit, Conti, and BlackCat Lead Pack Amid Rise in Active RaaS and Extortion Groups: Ransomware in Q1 2022 BlackCat Conti LockBit |
| 2022-05-20
⋅
AdvIntel
⋅
DisCONTInued: The End of Conti’s Brand Marks New Chapter For Cybercrime Landscape AvosLocker Black Basta BlackByte BlackCat Conti HelloKitty Hive |
| 2022-05-19
⋅
IBM
⋅
ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups IcedID ISFB Mount Locker WIZARD SPIDER |
| 2022-05-18
⋅
PRODAFT Threat Intelligence
⋅
Wizard Spider In-Depth Analysis Cobalt Strike Conti WIZARD SPIDER |
| 2022-05-17
⋅
Advanced Intelligence
⋅
Hydra with Three Heads: BlackByte & The Future of Ransomware Subsidiary Groups BlackByte Conti |
| 2022-05-17
⋅
Trend Micro
⋅
Ransomware Spotlight: RansomEXX LaZagne Cobalt Strike IcedID MimiKatz PyXie RansomEXX TrickBot |
| 2022-05-09
⋅
Microsoft
⋅
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker BRONZE STARLIGHT |
| 2022-05-09
⋅
cocomelonc
⋅
Malware development: persistence - part 4. Windows services. Simple C++ example. Anchor AppleJeus Attor BBSRAT BlackEnergy Carbanak Cobalt Strike DuQu |
| 2022-05-09
⋅
Microsoft Security
⋅
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself Griffon BazarBackdoor BlackCat BlackMatter Blister Gozi LockBit Pandora Rook SystemBC TrickBot |
| 2022-05-05
⋅
YouTube (The Vertex Project)
⋅
Contileaks: Identifying, Extracting, & Modeling Bitcoin Addresses Conti |
| 2022-05-05
⋅
YouTube (Chris Greer)
⋅
MALWARE Analysis with Wireshark // TRICKBOT Infection TrickBot |
| 2022-05-05
⋅
Intel 471
⋅
Cybercrime loves company: Conti cooperated with other ransomware gangs LockBit Maze RagnarLocker Ryuk |
| 2022-05-03
⋅
Talos Intelligence
⋅
Conti and Hive ransomware operations: What we learned from these groups' victim chats Conti Hive |
| 2022-05-03
⋅
Cisco
⋅
Conti and Hive ransomware operations: Leveraging victim chats for insights Conti Hive |
| 2022-05-02
⋅
Cisco Talos
⋅
Conti and Hive ransomware operations: Leveraging victim chats for insights Cobalt Strike Conti Hive |
| 2022-04-29
⋅
NCC Group
⋅
Adventures in the land of BumbleBee – a new malicious loader BazarBackdoor BumbleBee Conti |
| 2022-04-28
⋅
Symantec
⋅
Ransomware: How Attackers are Breaching Corporate Networks AvosLocker Conti Emotet Hive IcedID PhotoLoader QakBot TrickBot |
| 2022-04-28
⋅
PWC
⋅
Cyber Threats 2021: A Year in Retrospect (Annex) Cobalt Strike Conti PlugX RokRAT Inception Framework Red Menshen |
| 2022-04-27
⋅
Medium elis531989
⋅
The chronicles of Bumblebee: The Hook, the Bee, and the Trickbot connection BumbleBee TrickBot |
| 2022-04-26
⋅
Intel 471
⋅
Conti and Emotet: A constantly destructive duo Cobalt Strike Conti Emotet IcedID QakBot TrickBot |
| 2022-04-21
⋅
Secureworks
⋅
GOLD ULRICK Continues Conti Operations Despite Public Disclosures Conti Conti |
| 2022-04-20
⋅
CISA
⋅
AA22-110A Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader |
| 2022-04-20
⋅
CISA
⋅
Alert (AA22-110A): Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader Killnet |
| 2022-04-20
⋅
Bleeping Computer
⋅
Microsoft Exchange servers hacked to deploy Hive ransomware Babuk BlackByte Conti Hive LockFile |
| 2022-04-18
⋅
Trellix
⋅
Conti Group Targets ESXi Hypervisors With its Linux Variant Conti Conti |
| 2022-04-18
⋅
RiskIQ
⋅
RiskIQ: Trickbot Rickroll TrickBot |
| 2022-04-17
⋅
BushidoToken Blog
⋅
Lessons from the Conti Leaks BazarBackdoor Conti Emotet IcedID Ryuk TrickBot |
| 2022-04-15
⋅
Arctic Wolf
⋅
The Karakurt Web: Threat Intel and Blockchain Analysis Reveals Extension of Conti Business Model Conti Diavol Ryuk TrickBot |
| 2022-04-15
⋅
Bleeping Computer
⋅
Karakurt revealed as data extortion arm of Conti cybercrime syndicate Anchor BazarBackdoor Conti TrickBot |
| 2022-04-13
⋅
Microsoft
⋅
Notorious cybercrime gang’s botnet disrupted Ryuk Zloader |
| 2022-04-13
⋅
Microsoft
⋅
Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware BlackMatter Cobalt Strike DarkSide Ryuk Zloader |
| 2022-04-12
⋅
ConnectWise
⋅
Threat Profile: Conti Conti |
| 2022-04-11
⋅
Conti ransomware source code investigation - part 2 Conti |
| 2022-04-09
⋅
Bleeping Computer
⋅
Hackers use Conti's leaked ransomware to attack Russian companies Conti |
| 2022-04-08
⋅
ReversingLabs
⋅
ConversingLabs Ep. 2: Conti pivots as ransomware as a service struggles Conti Emotet TrickBot |
| 2022-04-06
⋅
TRM Labs
⋅
TRM Analysis Corroborates Suspected Ties Between Conti and Ryuk Ransomware Groups and Wizard Spider Conti Ryuk |
| 2022-04-05
⋅
Intel 471
⋅
Move fast and commit crimes: Conti’s development teams mirror corporate tech BazarBackdoor TrickBot |
| 2022-04-04
⋅
The DFIR Report
⋅
Stolen Images Campaign Ends in Conti Ransomware Conti IcedID |
| 2022-04-02
⋅
Github (cocomelonc)
⋅
Malware development tricks. Find kernel32.dll base: asm style. C++ example. Conti |
| 2022-03-31
⋅
Trellix
⋅
Conti Leaks: Examining the Panama Papers of Ransomware LockBit Amadey Buer Conti IcedID LockBit Mailto Maze PhotoLoader Ryuk TrickBot |
| 2022-03-31
⋅
nccgroup
⋅
Conti-nuation: methods and techniques observed in operations post the leaks Cobalt Strike Conti QakBot |
| 2022-03-27
⋅
Conti ransomware source code investigation - part 1 Conti |
| 2022-03-25
⋅
Zscaler
⋅
Conti Ransomware Attacks Persist With an Updated Version Despite Leaks Conti |
| 2022-03-23
⋅
Secureworks
⋅
GOLD ULRICK Leaks Reveal Organizational Structure and Relationships Conti Emotet IcedID TrickBot |
| 2022-03-23
⋅
splunk
⋅
Gone in 52 Seconds…and 42 Minutes: A Comparative Analysis of Ransomware Encryption Speed Avaddon Babuk BlackMatter Conti DarkSide LockBit Maze Mespinoza REvil Ryuk |
| 2022-03-23
⋅
Intel 471
⋅
Conti puts the ‘organized’ in organized crime Conti |
| 2022-03-23
⋅
Secureworks
⋅
Threat Intelligence Executive Report Volume 2022, Number 2 Conti Emotet IcedID TrickBot |
| 2022-03-22
⋅
ThreatStop
⋅
Conti ransomware leaks - what happens when hackers support Russia Conti |
| 2022-03-21
⋅
Threat Post
⋅
Conti Ransomware V. 3, Including Decryptor, Leaked Cobalt Strike Conti TrickBot |
| 2022-03-21
⋅
eSentire
⋅
Conti Affiliate Exposed: New Domain Names, IP Addresses and Email Addresses Uncovered HelloKitty BazarBackdoor Cobalt Strike Conti FiveHands HelloKitty IcedID |
| 2022-03-18
⋅
Avast
⋅
Mēris and TrickBot standing on the shoulders of giants Glupteba Proxy Glupteba TrickBot |
| 2022-03-18
⋅
eSentire
⋅
Analysis of Leaked Conti Intrusion Procedures by eSentire’s Threat Response Unit (TRU) Conti Conti |
| 2022-03-17
⋅
Google
⋅
Exposing initial access broker with ties to Conti BazarBackdoor BumbleBee Conti EXOTIC LILY |
| 2022-03-17
⋅
Sophos
⋅
The Ransomware Threat Intelligence Center ATOMSILO Avaddon AvosLocker BlackKingdom Ransomware BlackMatter Conti Cring DarkSide dearcry Dharma Egregor Entropy Epsilon Red Gandcrab Karma LockBit LockFile Mailto Maze Nefilim RagnarLocker Ragnarok REvil RobinHood Ryuk SamSam Snatch WannaCryptor WastedLocker |
| 2022-03-17
⋅
Google
⋅
Exposing initial access broker with ties to Conti BazarBackdoor BumbleBee Cobalt Strike Conti |
| 2022-03-16
⋅
Symantec
⋅
The Ransomware Threat Landscape: What to Expect in 2022 AvosLocker BlackCat BlackMatter Conti DarkSide DoppelPaymer Emotet Hive Karma Mespinoza Nemty Squirrelwaffle VegaLocker WastedLocker Yanluowang Zeppelin |
| 2022-03-16
⋅
Dragos
⋅
Suspected Conti Ransomware Activity in the Auto Manufacturing Sector Conti Emotet |
| 2022-03-16
⋅
Microsoft
⋅
Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure TrickBot |
| 2022-03-15
⋅
Prevailion
⋅
What Wicked Webs We Un-weave Cobalt Strike Conti |
| 2022-03-15
⋅
RiskIQ
⋅
RiskIQ: Trickbot Abuse of Compromised MikroTik Routers for Command and Control TrickBot |
| 2022-03-10
⋅
Leaks of Conti Ransomware Group Paint Picture of a Surprisingly Normal Tech Start-Up… Sort Of Conti |
| 2022-03-09
⋅
Bleeping Computer
⋅
CISA updates Conti ransomware alert with nearly 100 domain names BazarBackdoor Cobalt Strike Conti TrickBot |
| 2022-03-09
⋅
BreachQuest
⋅
The Conti Leaks | Insight into a Ransomware Unicorn Cobalt Strike MimiKatz TrickBot |
| 2022-03-08
⋅
⋅
MBSD
⋅
ContiLeaks Conti |
| 2022-03-08
⋅
The Record
⋅
Inside Conti leaks: The Panama Papers of ransomware Conti |
| 2022-03-08
⋅
Github (whichbuffer)
⋅
Conti-Ransomware-IOC Conti |
| 2022-03-08
⋅
Yoroi
⋅
Conti Ransomware source code: a well-designed COTS ransomware Conti |
| 2022-03-07
⋅
CyberScoop
⋅
Ransomware gang Conti has already bounced back from damage caused by chat leaks, experts say Conti |
| 2022-03-04
⋅
Reuters
⋅
Details of another big ransomware group 'Trickbot' leak online, experts say TrickBot |
| 2022-03-03
⋅
Trend Micro
⋅
IOC Resource for Russia-Ukraine Conflict-Related Cyberattacks ClipBanker Conti HermeticWiper PartyTicket WhisperGate |
| 2022-03-03
⋅
Trend Micro
⋅
Cyberattacks are Prominent in the Russia-Ukraine Conflict BazarBackdoor Cobalt Strike Conti Emotet WhisperGate |
| 2022-03-02
⋅
KrebsOnSecurity
⋅
Conti Ransomware Group Diaries, Part II: The Office Conti Emotet Ryuk TrickBot |
| 2022-03-02
⋅
Youtube (OALabs)
⋅
Botleggers Exposed - Analysis of The Conti Leaks Malware Conti |
| 2022-03-02
⋅
Cluster25
⋅
Conti's Source Code: Deep-Dive Into Conti |
| 2022-03-02
⋅
CyberArk
⋅
Conti Group Leaked! TeamTNT Conti TrickBot |
| 2022-03-02
⋅
⋅
elDiario
⋅
Cybercrime bosses warn that they will "fight back" if Russia is hacked Conti Ryuk |
| 2022-03-02
⋅
Threatpost
⋅
Conti Ransomware Decryptor, TrickBot Source Code Leaked Conti TrickBot |
| 2022-03-01
⋅
Arctic Wolf
⋅
Conti Ransomware: An Analysis of Key Findings Conti |
| 2022-03-01
⋅
Bleeping Computer
⋅
Conti Ransomware source code leaked by Ukrainian researcher Conti |
| 2022-03-01
⋅
Medium whickey000
⋅
How I Cracked CONTI Ransomware Group’s Leaked Source Code ZIP File Conti |
| 2022-03-01
⋅
Leaks: Conti / Trickbot Conti TrickBot |
| 2022-03-01
⋅
Twitter (@TheDFIRReport)
⋅
Twitter thread with highlights from conti leaks Conti |
| 2022-02-28
⋅
Medium arnozobec
⋅
Analyzing conti-leaks without speaking russian — only methodology Conti |
| 2022-02-28
⋅
Github (TheParmak)
⋅
conti-leaks-englished Conti |
| 2022-02-28
⋅
Sophos
⋅
Conti and Karma actors attack healthcare provider at same time through ProxyShell exploits Conti Karma |
| 2022-02-27
⋅
The Record
⋅
Conti ransomware gang chats leaked by pro-Ukraine member Conti LockBit |
| 2022-02-27
⋅
Bleeping Computer
⋅
Conti ransomware's internal chats leaked after siding with Russia Conti |
| 2022-02-25
⋅
⋅
Red Hot Cyber
⋅
Il ransomware Conti si schiera a favore della Russia. Conti |
| 2022-02-25
⋅
CyberScoop
⋅
TrickBot malware suddenly got quiet, researchers say, but it's hardly the end for its operators BazarBackdoor Emotet TrickBot |
| 2022-02-24
⋅
The Record
⋅
TrickBot gang shuts down botnet after months of inactivity TrickBot |
| 2022-02-24
⋅
The Hacker News
⋅
TrickBot Gang Likely Shifting Operations to Switch to New Malware BazarBackdoor Emotet QakBot TrickBot |
| 2022-02-24
⋅
The Hacker News
⋅
Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure BazarBackdoor Emotet TrickBot |
| 2022-02-23
⋅
AdvIntel
⋅
24 Hours From Log4Shell to Local Admin: Deep-Dive Into Conti Gang Attack on Fortune 500 (DFIR) Cobalt Strike Conti |
| 2022-02-23
⋅
splunk
⋅
An Empirically Comparative Analysis of Ransomware Binaries Avaddon Babuk BlackMatter Conti DarkSide LockBit Maze Mespinoza REvil Ryuk |
| 2022-02-22
⋅
Sophos
⋅
Cyberthreats during Russian-Ukrainian tensions: what can we learn from history to be prepared? Conti |
| 2022-02-22
⋅
Bankinfo Security
⋅
Cybercrime Moves: Conti Ransomware Absorbs TrickBot Malware Conti TrickBot |
| 2022-02-20
⋅
Security Affairs
⋅
The Conti ransomware group takes over TrickBot malware operation and plans to replace it with BazarBackdoor malware. Conti TrickBot |
| 2022-02-18
⋅
Bleeping Computer
⋅
Conti ransomware gang takes over TrickBot malware operation Conti TrickBot |
| 2022-02-16
⋅
Threat Post
⋅
TrickBot Ravages Customers of Amazon, PayPal and Other Top Brands TrickBot |
| 2022-02-16
⋅
Advanced Intelligence
⋅
The TrickBot Saga’s Finale Has Aired: Spinoff is Already in the Works TrickBot |
| 2022-02-16
⋅
Check Point Research
⋅
A Modern Ninja: Evasive Trickbot Attacks Customers of 60 High-Profile Companies TrickBot |
| 2022-02-14
⋅
Ransomware Becomes Deadlier, Conti Makes the Most Money Conti |
| 2022-02-09
⋅
Dragos
⋅
Dragos ICS/OT Ransomware Analysis: Q4 2021 LockBit Conti LockBit |
| 2022-02-08
⋅
Intel 471
⋅
PrivateLoader: The first step in many malware schemes Dridex Kronos LockBit Nanocore RAT NjRAT PrivateLoader Quasar RAT RedLine Stealer Remcos SmokeLoader STOP Tofsee TrickBot Vidar |
| 2022-02-04
⋅
Bleeping Computer
⋅
HHS: Conti ransomware encrypted 80% of Ireland's HSE IT systems Conti |
| 2022-02-02
⋅
IBM
⋅
TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware BazarBackdoor TrickBot |
| 2022-02-01
⋅
Wired
⋅
Inside Trickbot, Russia’s Notorious Ransomware Gang TrickBot |
| 2022-02-01
⋅
Wired
⋅
Inside Trickbot, Russia’s Notorious Ransomware Gang TrickBot |
| 2022-01-27
⋅
Ransomware as a Service Innovation Curve Conti LockBit |
| 2022-01-27
⋅
BleepingComputer
⋅
Taiwanese Apple and Tesla contractor hit by Conti ransomware Conti |
| 2022-01-24
⋅
CyCraft
⋅
The Road to Ransomware Resilience, Part 2: Behavior Analysis Conti Prometheus WastedLocker |
| 2022-01-24
⋅
IBM
⋅
TrickBot Bolsters Layered Defenses to Prevent Injection Research TrickBot |
| 2022-01-24
⋅
Kryptos Logic
⋅
Deep Dive into Trickbot's Web Injection TrickBot |
| 2022-01-19
⋅
FBI
⋅
CU-000161-MW: Indicators of Compromise Associated with Diavol Ransomware Diavol TrickBot |
| 2022-01-19
⋅
Blackberry
⋅
Kraken the Code on Prometheus Prometheus Backdoor BlackMatter Cerber Cobalt Strike DCRat Ficker Stealer QakBot REvil Ryuk |
| 2022-01-18
⋅
Recorded Future
⋅
2021 Adversary Infrastructure Report BazarBackdoor Cobalt Strike Dridex IcedID QakBot TrickBot |
| 2022-01-01
⋅
Silent Push
⋅
Consequences- The Conti Leaks and future problems Cobalt Strike Conti |
| 2022-01-01
⋅
Symposium on Electronic Crime Research
⋅
Money Over Morals: A Business Analysis of Conti Ransomware Conti Conti |
| 2021-12-23
⋅
Symantec
⋅
Log4j Vulnerabilities: Attack Insights Tsunami Conti Dridex Khonsari Orcus RAT TellYouThePass |
| 2021-12-17
⋅
Advanced Intelligence
⋅
Ransomware Advisory: Log4Shell Exploitation for Initial Access & Lateral Movement Conti |
| 2021-12-13
⋅
The DFIR Report
⋅
Diavol Ransomware BazarBackdoor Conti Diavol |
| 2021-12-08
⋅
Check Point Research
⋅
When old friends meet again: why Emotet chose Trickbot for rebirth Emotet TrickBot |
| 2021-12-08
⋅
Darktrace
⋅
The double extortion business: Conti Ransomware Gang finds new avenues of negotiation Conti |
| 2021-12-03
⋅
GoSecure
⋅
TrickBot Leverages Zoom Work from Home Interview Malspam, Heaven’s Gate and… Spamhaus? TrickBot |
| 2021-12-03
⋅
HSE
⋅
Conti cyber attack on the HSE Conti |
| 2021-12-01
⋅
Trend Micro
⋅
Ransomware Spotlight: Conti Conti |
| 2021-11-29
⋅
The DFIR Report
⋅
CONTInuing the Bazar Ransomware Story BazarBackdoor Cobalt Strike Conti |
| 2021-11-18
⋅
Elliptic
⋅
Conti Ransomware Nets at Least $25.5 Million in Four Months Conti |
| 2021-11-18
⋅
Red Canary
⋅
Intelligence Insights: November 2021 Andromeda Conti LockBit QakBot Squirrelwaffle |
| 2021-11-18
⋅
Medium 0xchina
⋅
Malware reverse engineering (Ryuk Ransomware) Ryuk |
| 2021-11-18
⋅
PRODAFT Threat Intelligence
⋅
Conti Ransomware Group In-Depth Analysis Conti |
| 2021-11-18
⋅
Qualys
⋅
Conti Ransomware Conti |
| 2021-11-16
⋅
Malwarebytes
⋅
TrickBot helps Emotet come back from the dead Emotet TrickBot |
| 2021-11-16
⋅
IronNet
⋅
How IronNet's Behavioral Analytics Detect REvil and Conti Ransomware Cobalt Strike Conti IcedID REvil |
| 2021-11-15
⋅
TRUESEC
⋅
ProxyShell, QBot, and Conti Ransomware Combined in a Series of Cyberattacks Cobalt Strike Conti QakBot |
| 2021-11-12
⋅
Recorded Future
⋅
The Business of Fraud: Botnet Malware Dissemination Mozi Dridex IcedID QakBot TrickBot |
| 2021-11-10
⋅
AT&T
⋅
Stories from the SOC - Powershell, Proxyshell, Conti TTPs OH MY! Cobalt Strike Conti |
| 2021-11-09
⋅
Cybereason
⋅
THREAT ANALYSIS REPORT: From Shatak Emails to the Conti Ransomware Cobalt Strike Conti |
| 2021-11-07
⋅
Marco Ramilli's Blog
⋅
CONTI Ransomware: Cheat Sheet Conti |
| 2021-11-02
⋅
Intel 471
⋅
Cybercrime underground flush with shipping companies’ credentials Cobalt Strike Conti |
| 2021-11-02
⋅
unh4ck
⋅
Detecting CONTI CobaltStrike Lateral Movement Techniques - Part 2 Cobalt Strike Conti |
| 2021-10-29
⋅
Europol
⋅
12 targeted for involvement in ransomware attacks against critical infrastructure Cobalt Strike Dharma LockerGoga MegaCortex TrickBot |
| 2021-10-29
⋅
⋅
Національна поліція України
⋅
Cyberpolice exposes transnational criminal group in causing $ 120 million in damage to foreign companies Cobalt Strike Dharma LockerGoga MegaCortex TrickBot |
| 2021-10-28
⋅
Department of Justice
⋅
Indictment: Russian National (Vladimir Dunaev) Extradited to United States to Face Charges for Alleged Role in Cybercriminal Organization TrickBot |
| 2021-10-28
⋅
Department of Justice
⋅
Russian National (Vladimir Dunaev) Extradited to United States to Face Charges for Alleged Role in Cybercriminal Organization TrickBot |
| 2021-10-27
⋅
VinCSS
⋅
[RE025] TrickBot ... many tricks TrickBot |
| 2021-10-26
⋅
unh4ck
⋅
Detecting CONTI CobaltStrike Lateral Movement Techniques - Part 1 Cobalt Strike Conti |
| 2021-10-25
⋅
KrebsOnSecurity
⋅
Conti Ransom Gang Starts Selling Access to Victims Conti |
| 2021-10-22
⋅
HUNT & HACKETT
⋅
Advanced IP Scanner: the preferred scanner in the A(P)T toolbox Conti DarkSide Dharma Egregor Hades REvil Ryuk |
| 2021-10-19
⋅
Kaspersky
⋅
Trickbot module descriptions TrickBot |
| 2021-10-13
⋅
IBM
⋅
Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds BazarBackdoor TrickBot |
| 2021-10-08
⋅
Zscaler
⋅
New Trickbot and BazarLoader campaigns use multiple delivery vectorsi BazarBackdoor TrickBot |
| 2021-10-07
⋅
Mandiant
⋅
FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets BazarBackdoor GRIMAGENT Ryuk |
| 2021-10-07
⋅
Mandiant
⋅
FIN12 Group Profile: FIN12 Priotizes Speed to Deploy Ransomware Aginst High-Value Targets Cobalt Strike Empire Downloader TrickBot |
| 2021-10-05
⋅
Trend Micro
⋅
Ransomware as a Service: Enabler of Widespread Attacks Cerber Conti DarkSide Gandcrab Locky Nefilim REvil Ryuk |
| 2021-10-04
⋅
Cisco
⋅
Threat hunting in large datasets by clustering security events BazarBackdoor TrickBot |
| 2021-10-04
⋅
The DFIR Report
⋅
BazarLoader and the Conti Leaks BazarBackdoor Cobalt Strike Conti |
| 2021-10-01
⋅
HP
⋅
Threat Insights Report Q3 - 2021 STRRAT CloudEyE NetWire RC Remcos TrickBot Vjw0rm |
| 2021-09-29
⋅
Advanced Intelligence
⋅
Backup “Removal” Solutions - From Conti Ransomware With Love Cobalt Strike Conti |
| 2021-09-22
⋅
CISA
⋅
Alert (AA21-265A) Conti Ransomware Cobalt Strike Conti |
| 2021-09-16
⋅
RiskIQ
⋅
Untangling the Spider Web: The Curious Connection Between WIZARD SPIDER’s Ransomware Infrastructure and a Windows Zero-Day Exploit Cobalt Strike Ryuk |
| 2021-09-14
⋅
CrowdStrike
⋅
Big Game Hunting TTPs Continue to Shift After DarkSide Pipeline Attack BlackMatter DarkSide REvil Avaddon BlackMatter Clop Conti CryptoLocker DarkSide DoppelPaymer Hades REvil |
| 2021-09-13
⋅
The DFIR Report
⋅
BazarLoader to Conti Ransomware in 32 Hours BazarBackdoor Cobalt Strike Conti |
| 2021-09-06
⋅
cocomelonc
⋅
AV engines evasion for C++ simple malware: part 2 Agent Tesla Amadey Anchor AnchorMTea Carbanak Carberp Cardinal RAT Felixroot Konni Loki Password Stealer (PWS) Maze |
| 2021-09-06
⋅
Bleeping Computer
⋅
TrickBot gang developer arrested when trying to leave Korea Diavol TrickBot |
| 2021-09-03
⋅
Sophos
⋅
Conti affiliates use ProxyShell Exchange exploit in ransomware attacks Cobalt Strike Conti |
| 2021-09-03
⋅
Trend Micro
⋅
The State of SSL/TLS Certificate Usage in Malware C&C Communications AdWind ostap AsyncRAT BazarBackdoor BitRAT Buer Chthonic CloudEyE Cobalt Strike DCRat Dridex FindPOS GootKit Gozi IcedID ISFB Nanocore RAT Orcus RAT PandaBanker Qadars QakBot Quasar RAT Rockloader ServHelper Shifu SManager TorrentLocker TrickBot Vawtrak Zeus Zloader |
| 2021-09-02
⋅
Talos
⋅
Translated: Talos' insights from the recently leaked Conti ransomware playbook Conti |
| 2021-08-19
⋅
Sekoia
⋅
An insider insights into Conti operations – Part two Cobalt Strike Conti |
| 2021-08-17
⋅
Advanced Intelligence
⋅
Hunting for Corporate Insurance Policies: Indicators of [Ransom] Exfiltration Cobalt Strike Conti |
| 2021-08-17
⋅
Sekoia
⋅
An insider insights into Conti operations – Part one Cobalt Strike Conti |
| 2021-08-15
⋅
Symantec
⋅
The Ransomware Threat Babuk BlackMatter DarkSide Avaddon Babuk BADHATCH BazarBackdoor BlackMatter Clop Cobalt Strike Conti DarkSide DoppelPaymer Egregor Emotet FiveHands FriedEx Hades IcedID LockBit Maze MegaCortex MimiKatz QakBot RagnarLocker REvil Ryuk TrickBot WastedLocker |
| 2021-08-11
⋅
Advanced Intelligence
⋅
Secret "Backdoor" Behind Conti Ransomware Operation: Introducing Atera Agent Cobalt Strike Conti |
| 2021-08-10
⋅
LIFARS
⋅
A Detailed Analysis of The Last Version of Conti Ransomware Conti |
| 2021-08-10
⋅
Youtube (OALabs)
⋅
Leaked Conti Ransomware Playbook - Red Team Reacts Conti |
| 2021-08-06
⋅
Threat Post
⋅
Angry Affiliate Leaks Conti Ransomware Gang Playbook Conti |
| 2021-08-06
⋅
Sophos Naked Security
⋅
Conti ransomware affiliate goes rogue, leaks “gang data” Conti |
| 2021-08-05
⋅
KrebsOnSecurity
⋅
Ransomware Gangs and the Name Game Distraction DarkSide RansomEXX Babuk Cerber Conti DarkSide DoppelPaymer Egregor FriedEx Gandcrab Hermes Maze RansomEXX REvil Ryuk Sekhmet |
| 2021-08-05
⋅
The Record
⋅
Disgruntled ransomware affiliate leaks the Conti gang’s technical manuals Conti |
| 2021-08-05
⋅
Twitter (@AltShiftPrtScn)
⋅
Tweet on Conti ransomware affiliates using AnyDesk, Atera, Splashtop, Remote Utilities and ScreenConnect to maintain network access Conti |
| 2021-08-05
⋅
Bleeping Computer
⋅
Angry Conti ransomware affiliate leaks gang's attack playbook Conti |
| 2021-08-01
⋅
The DFIR Report
⋅
BazarCall to Conti Ransomware via Trickbot and Cobalt Strike BazarBackdoor Cobalt Strike Conti TrickBot |
| 2021-07-21
⋅
Twitter (@AltShiftPrtScn)
⋅
Tweet on Conti ransomware actor installing AnyDesk for remote access in victim environment Conti |
| 2021-07-21
⋅
splunk
⋅
Detecting Trickbot with Splunk TrickBot |
| 2021-07-15
⋅
Kryptos Logic
⋅
Adjusting the Anchor Anchor |
| 2021-07-12
⋅
Bitdefender
⋅
A Fresh Look at Trickbot’s Ever-Improving VNC Module TrickBot |
| 2021-07-08
⋅
SentinelOne
⋅
Conti Unpacked: Understanding Ransomware Development as a Response to Detection - A Detailed Technical Analysis Conti |
| 2021-07-07
⋅
McAfee
⋅
Ryuk Ransomware Now Targeting Webservers Cobalt Strike Ryuk |
| 2021-07-02
⋅
The Record
⋅
TrickBot: New attacks see the botnet deploy new banking module, new ransomware TrickBot |
| 2021-07-01
⋅
Kryptos Logic
⋅
TrickBot and Zeus TrickBot Zeus |
| 2021-07-01
⋅
DomainTools
⋅
The Most Prolific Ransomware Families: A Defenders Guide REvil Conti Egregor Maze REvil |
| 2021-07-01
⋅
Fortinet
⋅
Diavol - A New Ransomware Used By Wizard Spider? Conti Diavol |
| 2021-06-30
⋅
Cynet
⋅
Shelob Moonlight – Spinning a Larger Web From IcedID to CONTI, a Trojan and Ransomware collaboration Conti IcedID |
| 2021-06-18
⋅
Palo Alto Networks Unit 42
⋅
Conti Ransomware Gang: An Overview Conti |
| 2021-06-16
⋅
Proofpoint
⋅
The First Step: Initial Access Leads to Ransomware BazarBackdoor Egregor IcedID Maze QakBot REvil Ryuk TrickBot WastedLocker TA570 TA575 TA577 |
| 2021-06-15
⋅
Trend Micro
⋅
Ransomware Double Extortion and Beyond: REvil, Clop, and Conti Clop Conti REvil |
| 2021-06-15
⋅
vmware
⋅
Detecting UEFI Bootkits in the Wild (Part 1) LoJax MosaicRegressor TrickBot |
| 2021-06-09
⋅
Twitter (@SecurityJoes)
⋅
Tweet on .NET builder of a Ryuk imposter malware Ryuk |
| 2021-06-07
⋅
Medium walmartglobaltech
⋅
Inside the SystemBC Malware-As-A-Service Ryuk SystemBC TrickBot |
| 2021-06-04
⋅
The Record
⋅
US arrests Latvian woman who worked on Trickbot malware source code TrickBot |
| 2021-06-04
⋅
Department of Justice
⋅
Latvian National Charged for Alleged Role in Transnational Cybercrime Organization TrickBot |
| 2021-06-02
⋅
CrowdStrike
⋅
Under Attack: Protecting Against Conti, DarkSide, REvil and Other Ransomware DarkSide Conti DarkSide REvil |
| 2021-05-22
⋅
Youtube (ACPEnw)
⋅
Lessons Learned from a Cyber Attack System Admin Perspective Ryuk |
| 2021-05-20
⋅
FBI
⋅
Alert Number CP-000147-MW: Conti Ransomware Attacks Impact Healthcare and First Responder Networks Conti |
| 2021-05-19
⋅
Intel 471
⋅
Look how many cybercriminals love Cobalt Strike BazarBackdoor Cobalt Strike Hancitor QakBot SmokeLoader SystemBC TrickBot |
| 2021-05-18
⋅
The Record
⋅
Darkside gang estimated to have made over $90 million from ransomware attacks DarkSide DarkSide Mailto Maze REvil Ryuk |
| 2021-05-18
⋅
Bleeping Computer
⋅
DarkSide ransomware made $90 million in just nine months DarkSide DarkSide Egregor Gandcrab Mailto Maze REvil Ryuk |
| 2021-05-16
⋅
NCSC Ireland
⋅
Ransomware Attack on Health Sector - UPDATE 2021-05-16 Cobalt Strike Conti |
| 2021-05-12
⋅
Conti Ransomware Cobalt Strike Conti IcedID |
| 2021-05-11
⋅
Mal-Eats
⋅
Campo, a New Attack Campaign Targeting Japan AnchorDNS BazarBackdoor campoloader Cobalt Strike Phobos Snifula TrickBot Zloader |
| 2021-05-10
⋅
Mal-Eats
⋅
Overview of Campo, a new attack campaign targeting Japan AnchorDNS BazarBackdoor Cobalt Strike ISFB Phobos TrickBot Zloader |
| 2021-05-10
⋅
DarkTracer
⋅
Intelligence Report on Ransomware Gangs on the DarkWeb: List of victim organizations attacked by ransomware gangs released on the DarkWeb RansomEXX Avaddon Babuk Clop Conti Cuba DarkSide DoppelPaymer Egregor Hades LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker Nefilim Nemty Pay2Key PwndLocker RagnarLocker Ragnarok RansomEXX REvil Sekhmet SunCrypt ThunderX |
| 2021-05-06
⋅
Sophos Labs
⋅
MTR in Real Time: Pirates pave way for Ryuk ransomware Ryuk |
| 2021-05-06
⋅
Cyborg Security
⋅
Ransomware: Hunting for Inhibiting System Backup or Recovery Avaddon Conti DarkSide LockBit Mailto Maze Mespinoza Nemty PwndLocker RagnarLocker RansomEXX REvil Ryuk Snatch ThunderX |
| 2021-05-05
⋅
RiskIQ
⋅
Viruses to Violations - TrickBot's Shift in Tactics During the Pandemic TrickBot |
| 2021-05-02
⋅
The DFIR Report
⋅
Trickbot Brief: Creds and Beacons Cobalt Strike TrickBot |
| 2021-04-29
⋅
The Institute for Security and Technology
⋅
Combating Ransomware A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force Conti EternalPetya |
| 2021-04-26
⋅
CoveWare
⋅
Ransomware Attack Vectors Shift as New Software Vulnerability Exploits Abound Avaddon Clop Conti DarkSide Egregor LockBit Mailto Phobos REvil Ryuk SunCrypt |
| 2021-04-25
⋅
Vulnerability.ch Blog
⋅
Ransomware and Data Leak Site Publication Time Analysis Avaddon Babuk Clop Conti DarkSide DoppelPaymer Mespinoza Nefilim REvil |
| 2021-04-17
⋅
Advanced Intelligence
⋅
Adversary Dossier: Ryuk Ransomware Anatomy of an Attack in 2021 Ryuk |
| 2021-04-15
⋅
Proofpoint
⋅
Threat Actors Pair Tax-Themed Lures With COVID-19, Healthcare Themes Dridex TrickBot |
| 2021-04-14
⋅
InfoSec Handlers Diary Blog
⋅
April 2021 Forensic Quiz: Answers and Analysis Anchor BazarBackdoor Cobalt Strike |
| 2021-04-13
⋅
⋅
MBSD
⋅
Unraveling the internal structure of the Conti Ransomware Conti |
| 2021-04-07
⋅
ANALYST1
⋅
Ransom Mafia - Analysis of the World's First Ransomware Cartel Conti Egregor LockBit Maze RagnarLocker SunCrypt VIKING SPIDER |
| 2021-04-07
⋅
ANALYST1
⋅
Ransom Mafia Analysis of the World's First Ransomware Cartel Conti Egregor LockBit Maze RagnarLocker Ryuk SunCrypt TA2101 VIKING SPIDER |
| 2021-04-06
⋅
Intel 471
⋅
EtterSilent: the underground’s new favorite maldoc builder BazarBackdoor ISFB QakBot TrickBot |
| 2021-04-05
⋅
Medium walmartglobaltech
⋅
TrickBot Crews New CobaltStrike Loader Cobalt Strike TrickBot |
| 2021-03-31
⋅
Kaspersky
⋅
Financial Cyberthreats in 2020 BetaBot DanaBot Emotet Gozi Ramnit RTM SpyEye TrickBot Zeus |
| 2021-03-31
⋅
Red Canary
⋅
2021 Threat Detection Report Shlayer Andromeda Cobalt Strike Dridex Emotet IcedID MimiKatz QakBot TrickBot |
| 2021-03-21
⋅
Blackberry
⋅
2021 Threat Report Bashlite FritzFrog IPStorm Mirai Tsunami elf.wellmess AppleJeus Dacls EvilQuest Manuscrypt Astaroth BazarBackdoor Cerber Cobalt Strike Emotet FinFisher RAT Kwampirs MimiKatz NjRAT Ryuk SmokeLoader TrickBot |
| 2021-03-17
⋅
Palo Alto Networks Unit 42
⋅
Ransomware Threat Report 2021 RansomEXX Dharma DoppelPaymer Gandcrab Mailto Maze Phobos RansomEXX REvil Ryuk WastedLocker |
| 2021-03-17
⋅
CISA
⋅
Alert (AA21-076A): TrickBot Malware TrickBot |
| 2021-03-08
⋅
The DFIR Report
⋅
Bazar Drops the Anchor Anchor BazarBackdoor Cobalt Strike |
| 2021-03-04
⋅
NCC Group
⋅
Deception Engineering: exploring the use of Windows Service Canaries against ransomware Ryuk |
| 2021-03-01
⋅
⋅
CCN-CERT
⋅
Informe Código DañinoCCN-CERT ID-03/21: RyukRansomware Ryuk |
| 2021-03-01
⋅
YouTube ( Malware_Analyzing_&_RE_Tips_Tricks)
⋅
Ryuk Ransomware - Advanced using of Scylla for Imports reconstruction Ryuk |
| 2021-03-01
⋅
Group-IB
⋅
Ransomware Uncovered 2020/2021 RansomEXX BazarBackdoor Buer Clop Conti DoppelPaymer Dridex Egregor IcedID Maze PwndLocker QakBot RansomEXX REvil Ryuk SDBbot TrickBot Zloader |
| 2021-02-28
⋅
PWC UK
⋅
Cyber Threats 2020: A Year in Retrospect elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team |
| 2021-02-27
⋅
4rchibld
⋅
Nice to meet you, too. My name is Ryuk. Ryuk |
| 2021-02-25
⋅
ANSSI
⋅
Ryuk Ransomware BazarBackdoor Buer Conti Emotet Ryuk TrickBot |
| 2021-02-24
⋅
IBM
⋅
X-Force Threat Intelligence Index 2021 Emotet QakBot Ramnit REvil TrickBot |
| 2021-02-23
⋅
CrowdStrike
⋅
2021 Global Threat Report RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER |
| 2021-02-22
⋅
YouTube ( Malware_Analyzing_&_RE_Tips_Tricks)
⋅
Ryuk Ransomware API Resolving in 10 minutes Ryuk |
| 2021-02-16
⋅
SophosLabs Uncut
⋅
Conti ransomware: Evasive by nature Conti |
| 2021-02-16
⋅
Proofpoint
⋅
Q4 2020 Threat Report: A Quarterly Analysis of Cybersecurity Trends, Tactics and Themes Emotet Ryuk NARWHAL SPIDER TA800 |
| 2021-02-16
⋅
SophosLabs Uncut
⋅
A Conti ransomware attack day-by-day Conti |
| 2021-02-16
⋅
SophosLabs Uncut
⋅
What to expect when you’ve been hit with Conti ransomware Conti |
| 2021-02-11
⋅
CTI LEAGUE
⋅
CTIL Darknet Report – 2021 Conti Mailto Maze REvil Ryuk |
| 2021-02-08
⋅
ESET Research
⋅
THREAT REPORT Q4 2020 TrickBot |
| 2021-02-04
⋅
ClearSky
⋅
CONTI Modus Operandi and Bitcoin Tracking Conti Ryuk |
| 2021-02-02
⋅
⋅
CRONUP
⋅
De ataque con Malware a incidente de Ransomware Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DanaBot Dharma Dridex Egregor Emotet Empire Downloader FriedEx GootKit IcedID MegaCortex Nemty Phorpiex PwndLocker PyXie QakBot RansomEXX REvil Ryuk SDBbot SmokeLoader TrickBot Zloader |
| 2021-02-01
⋅
Twitter (@IntelAdvanced)
⋅
Tweet on Active Directory Exploitation by RYUK "one" group Ryuk |
| 2021-02-01
⋅
Microsoft
⋅
What tracking an attacker email infrastructure tells us about persistent cybercriminal operations Dridex Emotet Makop Ransomware SmokeLoader TrickBot |
| 2021-02-01
⋅
Kryptos Logic
⋅
Trickbot masrv Module TrickBot |
| 2021-01-31
⋅
The DFIR Report
⋅
Bazar, No Ryuk? BazarBackdoor Cobalt Strike Ryuk |
| 2021-01-28
⋅
Huntress Labs
⋅
Analyzing Ryuk Another Link in the Cyber Attack Chain BazarBackdoor Ryuk |
| 2021-01-28
⋅
Youtube (Virus Bulletin)
⋅
The Bagsu banker case Azorult DreamBot Emotet Pony TrickBot ZeusAction |
| 2021-01-26
⋅
IBM
⋅
TrickBot’s Survival Instinct Prevails — What’s Different About the TrickBoot Version? TrickBot |
| 2021-01-25
⋅
Twitter (@IntelAdvanced)
⋅
Tweet on Ryuk Ransomware group's post exploitation tactics including usage of Keethief tool Ryuk |
| 2021-01-20
⋅
Medium walmartglobaltech
⋅
Anchor and Lazarus together again? Anchor TrickBot |
| 2021-01-19
⋅
Palo Alto Networks Unit 42
⋅
Wireshark Tutorial: Examining Emotet Infection Traffic Emotet GootKit IcedID QakBot TrickBot |
| 2021-01-17
⋅
Twitter (@AltShiftPrtScn)
⋅
Tweet on Conti Ransomware group exploiting FortiGate VPNs to drop in CobaltStrike loaders Cobalt Strike Conti |
| 2021-01-12
⋅
Cybereason
⋅
Cybereason vs. Conti Ransomware BazarBackdoor Conti |
| 2021-01-11
⋅
The DFIR Report
⋅
Trickbot Still Alive and Well Cobalt Strike TrickBot |
| 2021-01-09
⋅
Marco Ramilli's Blog
⋅
Command and Control Traffic Patterns ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot |
| 2021-01-07
⋅
Advanced Intelligence
⋅
Crime Laundering Primer: Inside Ryuk Crime (Crypto) Ledger & Risky Asian Crypto Traders Ryuk |
| 2021-01-06
⋅
DomainTools
⋅
Holiday Bazar: Tracking a TrickBot-Related Ransomware Incident BazarBackdoor TrickBot |
| 2021-01-04
⋅
SentinelOne
⋅
Building a Custom Malware Analysis Lab Environment TrickBot |
| 2021-01-01
⋅
Secureworks
⋅
Threat Profile: GOLD BLACKBURN Buer Dyre TrickBot WIZARD SPIDER |
| 2020-12-28
⋅
0xC0DECAFE
⋅
Never upload ransomware samples to the Internet Ryuk |
| 2020-12-22
⋅
TRUESEC
⋅
Collaboration between FIN7 and the RYUK group, a Truesec Investigation Carbanak Cobalt Strike Ryuk |
| 2020-12-21
⋅
KEYSIGHT TECHNOLOGIES
⋅
TrickBot: A Closer Look TrickBot |
| 2020-12-21
⋅
IronNet
⋅
Russian cyber attack campaigns and actors WellMail elf.wellmess Agent.BTZ BlackEnergy EternalPetya Havex RAT Industroyer Ryuk Triton WellMess |
| 2020-12-16
⋅
Accenture
⋅
Tracking and combatting an evolving danger: Ransomware extortion DarkSide Egregor Maze Nefilim RagnarLocker REvil Ryuk SunCrypt |
| 2020-12-15
⋅
Chuongdong blog
⋅
Conti Ransomware v2 Conti |
| 2020-12-15
⋅
Medium 0xthreatintel
⋅
Reversing Conti Ransomware Conti |
| 2020-12-12
⋅
Github (cdong1012)
⋅
ContiUnpacker: An automatic unpacker for Conti rasnomware Conti |
| 2020-12-10
⋅
Cybereason
⋅
Cybereason vs. Ryuk Ransomware BazarBackdoor Ryuk TrickBot |
| 2020-12-10
⋅
US-CERT
⋅
Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim REvil Ryuk Zeus |
| 2020-12-10
⋅
CyberInt
⋅
Ryuk Crypto-Ransomware Ryuk TrickBot |
| 2020-12-09
⋅
Cisco
⋅
Quarterly Report: Incident Response trends from Fall 2020 Cobalt Strike IcedID Maze RansomEXX Ryuk |
| 2020-12-03
⋅
Eclypsium
⋅
TrickBot Now Offers ‘TrickBoot’: Persist, Brick, Profit TrickBot |
| 2020-11-23
⋅
Bitdefender
⋅
TrickBot is Dead. Long Live TrickBot! TrickBot |
| 2020-11-22
⋅
malware.love
⋅
Trickbot tricks again [UPDATE] TrickBot |
| 2020-11-20
⋅
ZDNet
⋅
The malware that usually installs ransomware and you need to remove right away Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DoppelPaymer Dridex Egregor Emotet FriedEx MegaCortex Phorpiex PwndLocker QakBot Ryuk SDBbot TrickBot Zloader |
| 2020-11-20
⋅
Bleeping Computer
⋅
LightBot: TrickBot’s new reconnaissance malware for high-value targets LightBot TrickBot |
| 2020-11-19
⋅
Threatpost
⋅
APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies Quasar RAT Ryuk |
| 2020-11-18
⋅
Sophos
⋅
SOPHOS 2021 THREAT REPORT Navigating cybersecurity in an uncertain world Agent Tesla Dridex TrickBot Zloader |
| 2020-11-18
⋅
DomainTools
⋅
Analyzing Network Infrastructure as Composite Objects Ryuk |
| 2020-11-18
⋅
KELA
⋅
Zooming into Darknet Threats Targeting Japanese Organizations Conti DoppelPaymer Egregor LockBit Maze REvil Snake |
| 2020-11-17
⋅
Salesforce Engineering
⋅
Easily Identify Malicious Servers on the Internet with JARM Cobalt Strike TrickBot |
| 2020-11-17
⋅
malware.love
⋅
Trickbot tricks again TrickBot |
| 2020-11-17
⋅
Twitter (@VK_intel)
⋅
Tweet on a new fileless TrickBot loading method using code from MemoryModule TrickBot |
| 2020-11-16
⋅
Intel 471
⋅
Ransomware-as-a-service: The pandemic within a pandemic Avaddon Clop Conti DoppelPaymer Egregor Hakbit Mailto Maze Mespinoza RagnarLocker REvil Ryuk SunCrypt ThunderX |
| 2020-11-14
⋅
Medium 0xastrovax
⋅
Deep Dive Into Ryuk Ransomware Hermes Ryuk |
| 2020-11-12
⋅
Hurricane Labs
⋅
Splunking with Sysmon Part 4: Detecting Trickbot TrickBot |
| 2020-11-10
⋅
Intel 471
⋅
Trickbot down, but is it out? BazarBackdoor TrickBot |
| 2020-11-06
⋅
Advanced Intelligence
⋅
Anatomy of Attack: Inside BazarBackdoor to Ryuk Ransomware "one" Group via Cobalt Strike BazarBackdoor Cobalt Strike Ryuk |
| 2020-11-05
⋅
Github (scythe-io)
⋅
Ryuk Adversary Emulation Plan Ryuk |
| 2020-11-05
⋅
SCYTHE
⋅
#ThreatThursday - Ryuk BazarBackdoor Ryuk |
| 2020-11-05
⋅
Twitter (@ffforward)
⋅
Tweet on Zloader infection leads to Cobaltstrike Installation and deployment of RYUK Cobalt Strike Ryuk Zloader |
| 2020-11-05
⋅
The DFIR Report
⋅
Ryuk Speed Run, 2 Hours to Ransom BazarBackdoor Cobalt Strike Ryuk |
| 2020-11-04
⋅
VMRay
⋅
Trick or Threat: Ryuk ransomware targets the health care industry BazarBackdoor Cobalt Strike Ryuk TrickBot |
| 2020-10-31
⋅
splunk
⋅
Ryuk and Splunk Detections Ryuk |
| 2020-10-30
⋅
Cofense
⋅
The Ryuk Threat: Why BazarBackdoor Matters Most BazarBackdoor Ryuk |
| 2020-10-30
⋅
Github (ThreatConnect-Inc)
⋅
UNC 1878 Indicators from Threatconnect BazarBackdoor Cobalt Strike Ryuk |
| 2020-10-29
⋅
RiskIQ
⋅
Ryuk Ransomware: Extensive Attack Infrastructure Revealed Cobalt Strike Ryuk |
| 2020-10-29
⋅
Red Canary
⋅
A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak Cobalt Strike Ryuk TrickBot |
| 2020-10-29
⋅
Twitter (@anthomsec)
⋅
Tweet on UNC1878 activity BazarBackdoor Ryuk TrickBot UNC1878 |
| 2020-10-29
⋅
Twitter (@SophosLabs)
⋅
Tweet on similarities between BUER in-memory loader & RYUK in-memory loader Buer Ryuk |
| 2020-10-29
⋅
McAfee
⋅
McAfee Labs Threat Advisory Ransom-Ryuk Ryuk |
| 2020-10-29
⋅
CNN
⋅
Several hospitals targeted in new wave of ransomware attacks Ryuk |
| 2020-10-29
⋅
Bleeping Computer
⋅
Hacking group is targeting US hospitals with Ryuk ransomware Ryuk |
| 2020-10-29
⋅
Reuters
⋅
Building wave of ransomware attacks strike U.S. hospitals Ryuk |
| 2020-10-29
⋅
Palo Alto Networks Unit 42
⋅
Threat Assessment: Ryuk Ransomware and Trickbot Targeting U.S. Healthcare and Public Health Sector Anchor BazarBackdoor Ryuk TrickBot |
| 2020-10-28
⋅
Youtube (SANS Digital Forensics and Incident Response)
⋅
STAR Webcast: Spooky RYUKy: The Return of UNC1878 Ryuk |
| 2020-10-28
⋅
KrebsOnSecurity
⋅
FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals Ryuk |
| 2020-10-28
⋅
Youtube (SANS Institute)
⋅
Spooky RYUKy: The Return of UNC1878 | SANS STAR Webcast Ryuk UNC1878 |
| 2020-10-28
⋅
Github (aaronst)
⋅
UNC1878 indicators Ryuk UNC1878 |
| 2020-10-28
⋅
CISA
⋅
AA20-302A: Ransomware Activity Targeting the Healthcare and Public Health Sector AnchorDNS Anchor BazarBackdoor Ryuk |
| 2020-10-28
⋅
SophosLabs Uncut
⋅
Hacks for sale: inside the Buer Loader malware-as-a-service Buer Ryuk Zloader |
| 2020-10-28
⋅
FireEye
⋅
Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser BazarBackdoor Cobalt Strike Ryuk UNC1878 |
| 2020-10-27
⋅
Bleeping Computer
⋅
Steelcase furniture giant hit by Ryuk ransomware attack Ryuk |
| 2020-10-26
⋅
ThreatConnect
⋅
ThreatConnect Research Roundup: Ryuk and Domains Spoofing ESET and Microsoft Ryuk |
| 2020-10-26
⋅
Arbor Networks
⋅
Dropping the Anchor AnchorDNS Anchor TrickBot |
| 2020-10-26
⋅
Checkpoint
⋅
Exploit Developer Spotlight: The Story of PlayBit Dyre Maze PyLocky Ramnit REvil |
| 2020-10-23
⋅
Hornetsecurity
⋅
Leakware-Ransomware-Hybrid Attacks Avaddon Clop Conti DarkSide DoppelPaymer Mailto Maze Mespinoza Nefilim RagnarLocker REvil Sekhmet SunCrypt |
| 2020-10-22
⋅
Sentinel LABS
⋅
An Inside Look at How Ryuk Evolved Its Encryption and Evasion Techniques Ryuk |
| 2020-10-22
⋅
Bleeping Computer
⋅
French IT giant Sopra Steria hit by Ryuk ransomware Ryuk |
| 2020-10-20
⋅
⋅
Bundesamt für Sicherheit in der Informationstechnik
⋅
Die Lage der IT-Sicherheit in Deutschland 2020 Clop Emotet REvil Ryuk TrickBot |
| 2020-10-20
⋅
Microsoft
⋅
An update on disruption of Trickbot TrickBot |
| 2020-10-20
⋅
Intel 471
⋅
Global Trickbot disruption operation shows promise TrickBot |
| 2020-10-18
⋅
The DFIR Report
⋅
Ryuk in 5 Hours BazarBackdoor Cobalt Strike Ryuk |
| 2020-10-16
⋅
CrowdStrike
⋅
WIZARD SPIDER Update: Resilient, Reactive and Resolute BazarBackdoor Conti Ryuk TrickBot |
| 2020-10-16
⋅
ThreatConnect
⋅
ThreatConnect Research Roundup: Possible Ryuk Infrastructure Ryuk |
| 2020-10-16
⋅
Duo
⋅
Trickbot Up to Its Old Tricks TrickBot |
| 2020-10-15
⋅
Intel 471
⋅
That was quick: Trickbot is back after disruption attempts TrickBot |
| 2020-10-15
⋅
Department of Justice
⋅
Officials Announce International Operation Targeting Transnational Criminal Organization QQAAZZ that Provided Money Laundering Services to High-Level Cybercriminals Dridex ISFB TrickBot |
| 2020-10-14
⋅
Sophos
⋅
They’re back: inside a new Ryuk ransomware attack Cobalt Strike Ryuk SystemBC |
| 2020-10-13
⋅
VirusTotal
⋅
Tracing fresh Ryuk campaigns itw Ryuk |
| 2020-10-12
⋅
Microsoft
⋅
New action to combat ransomware ahead of U.S. elections Ryuk TrickBot |
| 2020-10-12
⋅
Symantec
⋅
Trickbot: U.S. Court Order Hits Botnet’s Infrastructure Ryuk TrickBot |
| 2020-10-12
⋅
Advanced Intelligence
⋅
"Front Door" into BazarBackdoor: Stealthy Cybercrime Weapon BazarBackdoor Cobalt Strike Ryuk |
| 2020-10-12
⋅
Lumen
⋅
A Look Inside The TrickBot Botnet TrickBot |
| 2020-10-12
⋅
ESET Research
⋅
ESET takes part in global operation to disrupt Trickbot TrickBot |
| 2020-10-12
⋅
Microsoft
⋅
Trickbot disrupted TrickBot |
| 2020-10-12
⋅
TRICKBOT complaint TrickBot |
| 2020-10-10
⋅
The Washington Post
⋅
Cyber Command has sought to disrupt the world’s largest botnet, hoping to reduce its potential impact on the election TrickBot |
| 2020-10-08
⋅
Bromium
⋅
Droppers, Downloaders and TrickBot: Detecting a Stealthy COVID-19-themed Campaign using Toolmarks TrickBot |
| 2020-10-08
⋅
The DFIR Report
⋅
Ryuk’s Return BazarBackdoor Cobalt Strike Ryuk |
| 2020-10-02
⋅
Health Sector Cybersecurity Coordination Center (HC3)
⋅
Report 202010021600: Recent Bazarloader Use in Ransomware Campaigns BazarBackdoor Cobalt Strike Ryuk TrickBot |
| 2020-10-02
⋅
KrebsOnSecurity
⋅
Attacks Aimed at Disrupting the Trickbot Botnet TrickBot |
| 2020-10-01
⋅
KELA
⋅
To Attack or Not to Attack: Targeting the Healthcare Sector in the Underground Ecosystem Conti DoppelPaymer Mailto Maze REvil Ryuk SunCrypt |
| 2020-09-29
⋅
PWC UK
⋅
What's behind the increase in ransomware attacks this year? DarkSide Avaddon Clop Conti DoppelPaymer Dridex Emotet FriedEx Mailto PwndLocker QakBot REvil Ryuk SMAUG SunCrypt TrickBot WastedLocker |
| 2020-09-29
⋅
Microsoft
⋅
Microsoft Digital Defense Report Emotet IcedID Mailto Maze QakBot REvil RobinHood TrickBot |
| 2020-09-24
⋅
Kaspersky Labs
⋅
Threat landscape for industrial automation systems - H1 2020 Poet RAT Mailto Milum RagnarLocker REvil Ryuk Snake |
| 2020-09-22
⋅
OSINT Fans
⋅
What Service NSW has to do with Russia? TrickBot |
| 2020-09-16
⋅
Intel 471
⋅
Partners in crime: North Koreans and elite Russian-speaking cybercriminals TrickBot |
| 2020-09-01
⋅
Cisco Talos
⋅
Quarterly Report: Incident Response trends in Summer 2020 Cobalt Strike LockBit Mailto Maze Ryuk |
| 2020-08-31
⋅
cyber.wtf blog
⋅
Trickbot rdpscanDll – Transforming Candidate Credentials for Brute-Forcing RDP Servers TrickBot |
| 2020-08-25
⋅
BleepingComputer
⋅
Ryuk successor Conti Ransomware releases data leak site Conti |
| 2020-08-20
⋅
sensecy
⋅
Global Ransomware Attacks in 2020: The Top 4 Vulnerabilities Clop Maze REvil Ryuk |
| 2020-08-20
⋅
CERT-FR
⋅
Development of the Activity of the TA505 Cybercriminal Group AndroMut Bart Clop Dridex FlawedAmmyy FlawedGrace Get2 Locky Marap QuantLoader SDBbot ServHelper tRat TrickBot |
| 2020-08-18
⋅
Arete
⋅
Is Conti the New Ryuk? Conti Ryuk |
| 2020-08-09
⋅
F5 Labs
⋅
Banking Trojans: A Reference Guide to the Malware Family Tree BackSwap Carberp Citadel DanaBot Dridex Dyre Emotet Gozi Kronos PandaBanker Ramnit Shylock SpyEye Tinba TrickBot Vawtrak Zeus |
| 2020-08-01
⋅
Temple University
⋅
Critical Infrastructure Ransomware Attacks CryptoLocker Cryptowall DoppelPaymer FriedEx Mailto Maze REvil Ryuk SamSam WannaCryptor |
| 2020-07-29
⋅
ESET Research
⋅
THREAT REPORT Q2 2020 DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos PlugX Pony REvil Socelars STOP Tinba TrickBot WannaCryptor |
| 2020-07-22
⋅
SentinelOne
⋅
Enter the Maze: Demystifying an Affiliate Involved in Maze (SNOW) ISFB Maze TrickBot Zloader |
| 2020-07-20
⋅
Bleeping Computer
⋅
Emotet-TrickBot malware duo is back infecting Windows machines Emotet TrickBot |
| 2020-07-13
⋅
JoeSecurity
⋅
TrickBot's new API-Hammering explained TrickBot |
| 2020-07-11
⋅
Advanced Intelligence
⋅
TrickBot Group Launches Test Module Alerting on Fraud Activity TrickBot |
| 2020-07-11
⋅
BleepingComputer
⋅
TrickBot malware mistakenly warns victims that they are infected TrickBot |
| 2020-07-08
⋅
VMWare Carbon Black
⋅
TAU Threat Discovery: Conti Ransomware Conti |
| 2020-07-06
⋅
NTT
⋅
TrickBot variant “Anchor_DNS” communicating over DNS AnchorDNS TrickBot |
| 2020-06-23
⋅
Bleeping Computer
⋅
Ryuk ransomware deployed two weeks after Trickbot infection Ryuk |
| 2020-06-22
⋅
Sentinel LABS
⋅
Inside a TrickBot Cobalt Strike Attack Server Cobalt Strike TrickBot |
| 2020-06-22
⋅
⋅
CERT-FR
⋅
Évolution De Lactivité du Groupe Cybercriminel TA505 Amadey AndroMut Bart Clop Dridex FlawedGrace Gandcrab Get2 GlobeImposter Jaff Locky Marap Philadephia Ransom QuantLoader Scarab Ransomware SDBbot ServHelper Silence tRat TrickBot |
| 2020-06-17
⋅
Youtube (Red Canary)
⋅
ATT&CK® Deep Dive: Process Injection ISFB Ramnit TrickBot |
| 2020-06-15
⋅
Fortinet
⋅
Global Malicious Spam Campaign Using Black Lives Matter as a Lure TrickBot |
| 2020-06-15
⋅
Cisco Talos
⋅
Quarterly report: Incident Response trends in Summer 2020 Ryuk |
| 2020-06-12
⋅
Hornetsecurity
⋅
Trickbot Malspam Leveraging Black Lives Matter as Lure TrickBot |
| 2020-06-11
⋅
Cofense
⋅
All You Need Is Text: Second Wave TrickBot |
| 2020-06-02
⋅
Lastline Labs
⋅
Evolution of Excel 4.0 Macro Weaponization Agent Tesla DanaBot ISFB TrickBot Zloader |
| 2020-05-28
⋅
Palo Alto Networks Unit 42
⋅
Goodbye Mworm, Hello Nworm: TrickBot Updates Propagation Module TrickBot |
| 2020-05-21
⋅
Intel 471
⋅
A brief history of TA505 AndroMut Bart Dridex FlawedAmmyy FlawedGrace Gandcrab Get2 GlobeImposter Jaff Kegotip Locky Necurs Philadephia Ransom Pony QuantLoader Rockloader SDBbot ServHelper Shifu Snatch TrickBot |
| 2020-05-19
⋅
AlienLabs
⋅
TrickBot BazarLoader In-Depth Anchor BazarBackdoor TrickBot |
| 2020-05-14
⋅
SentinelOne
⋅
Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant TrickBot |
| 2020-05-05
⋅
N1ght-W0lf Blog
⋅
Deep Analysis of Ryuk Ransomware Ryuk |
| 2020-04-19
⋅
SecurityLiterate
⋅
Reversing Ryuk: A Technical Analysis of Ryuk Ransomware Ryuk |
| 2020-04-14
⋅
Intel 471
⋅
Understanding the relationship between Emotet, Ryuk and TrickBot Emotet Ryuk TrickBot |
| 2020-04-14
⋅
Intrinsec
⋅
Deobfuscating and hunting for OSTAP, Trickbot’s dropper and best friend ostap TrickBot |
| 2020-04-09
⋅
Zscaler
⋅
TrickBot Emerges with a Few New Tricks TrickBot |
| 2020-04-08
⋅
Secureworks
⋅
How Cyber Adversaries are Adapting to Exploit the Global Pandemic GOLD SOUTHFIELD TA2101 TA505 WIZARD SPIDER |
| 2020-04-08
⋅
SentinelOne
⋅
Deep Dive Into TrickBot Executor Module “mexec”: Hidden “Anchor” Bot Nexus Operations Anchor TrickBot |
| 2020-04-07
⋅
SecurityIntelligence
⋅
ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework More_eggs Anchor TrickBot |
| 2020-04-01
⋅
Cisco
⋅
Navigating Cybersecurity During a Pandemic: Latest Malware and Threat Actors Azorult CloudEyE Formbook KPOT Stealer Metamorfo Nanocore RAT NetWire RC TrickBot |
| 2020-03-31
⋅
FireEye
⋅
It’s Your Money and They Want It Now - The Cycle of Adversary Pursuit Ryuk TrickBot UNC1878 |
| 2020-03-31
⋅
Cisco Talos
⋅
Trickbot: A primer TrickBot |
| 2020-03-30
⋅
Intezer
⋅
Fantastic payloads and where we find them Dridex Emotet ISFB TrickBot |
| 2020-03-25
⋅
Wilbur Security
⋅
Trickbot to Ryuk in Two Hours Cobalt Strike Ryuk TrickBot |
| 2020-03-18
⋅
Bitdefender
⋅
New TrickBot Module Bruteforces RDP Connections, Targets Select Telecommunication Services in US and Hong Kong TrickBot |
| 2020-03-09
⋅
Fortinet
⋅
New Variant of TrickBot Being Spread by Word Document TrickBot |
| 2020-03-05
⋅
Microsoft
⋅
Human-operated ransomware attacks: A preventable disaster Dharma DoppelPaymer Dridex EternalPetya Gandcrab Hermes LockerGoga MegaCortex MimiKatz REvil RobinHood Ryuk SamSam TrickBot WannaCryptor PARINACOTA |
| 2020-03-04
⋅
Bleeping Computer
⋅
Ryuk Ransomware Attacked Epiq Global Via TrickBot Infection Ryuk TrickBot |
| 2020-03-04
⋅
CrowdStrike
⋅
2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER |
| 2020-03-03
⋅
PWC UK
⋅
Cyber Threats 2019:A Year in Retrospect KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA Sea Turtle |
| 2020-03-02
⋅
⋅
c't
⋅
Was Emotet anrichtet – und welche Lehren die Opfer daraus ziehen Emotet Ryuk |
| 2020-02-28
⋅
Morphisec
⋅
Trickbot Delivery Method Gets a New Upgrade Focusing on Windows 10 TrickBot |
| 2020-02-26
⋅
SentinelOne
⋅
Revealing the Trick | A Deep Dive into TrickLoader Obfuscation TrickBot |
| 2020-02-25
⋅
RSA Conference
⋅
Feds Fighting Ransomware: How the FBI Investigates and How You Can Help FastCash Cerber Defray Dharma FriedEx Gandcrab GlobeImposter Mamba Phobos Rapid Ransom REvil Ryuk SamSam Zeus |
| 2020-02-19
⋅
FireEye
⋅
M-Trends 2020 Cobalt Strike Grateful POS LockerGoga QakBot TrickBot |
| 2020-02-18
⋅
Sophos Labs
⋅
Nearly a quarter of malware now communicates using TLS Dridex IcedID TrickBot |
| 2020-02-13
⋅
Qianxin
⋅
APT Report 2019 Chrysaor Exodus Dacls VPNFilter DNSRat Griffon KopiLuwak More_eggs SQLRat AppleJeus BONDUPDATER Agent.BTZ Anchor AndroMut AppleJeus BOOSTWRITE Brambul Carbanak Cobalt Strike Dacls DistTrack DNSpionage Dtrack ELECTRICFISH FlawedAmmyy FlawedGrace Get2 Grateful POS HOPLIGHT Imminent Monitor RAT jason Joanap KerrDown KEYMARBLE Lambert LightNeuron LoJax MiniDuke PolyglotDuke PowerRatankba Rising Sun SDBbot ServHelper Snatch Stuxnet TinyMet tRat TrickBot Volgmer X-Agent Zebrocy |
| 2020-02-13
⋅
Quick Heal
⋅
A Deep Dive Into Wakeup On Lan (WoL) Implementation of Ryuk Ryuk |
| 2020-02-12
⋅
VMWare Carbon Black
⋅
Ryuk Ransomware Technical Analysis Ryuk |
| 2020-02-10
⋅
Malwarebytes
⋅
2020 State of Malware Report magecart Emotet QakBot REvil Ryuk TrickBot WannaCryptor |
| 2020-01-30
⋅
Bleeping Computer
⋅
TrickBot Uses a New Windows 10 UAC Bypass to Launch Quietly TrickBot |
| 2020-01-30
⋅
Morphisec
⋅
Trickbot Trojan Leveraging a New Windows 10 UAC Bypass TrickBot |
| 2020-01-29
⋅
ANSSI
⋅
État de la menace rançongiciel Clop Dharma FriedEx Gandcrab LockerGoga Maze MegaCortex REvil RobinHood Ryuk SamSam |
| 2020-01-29
⋅
ZDNet
⋅
DOD contractor suffers ransomware infection Ryuk |
| 2020-01-29
⋅
Bleeping Computer
⋅
Malware Tries to Trump Security Software With POTUS Impeachment TrickBot |
| 2020-01-27
⋅
⋅
T-Systems
⋅
Vorläufiger forensischer Abschlussbericht zur Untersuchung des Incidents beim Berliner Kammergericht Emotet TrickBot |
| 2020-01-24
⋅
Bleeping Computer
⋅
New Ryuk Info Stealer Targets Government and Military Secrets Ryuk |
| 2020-01-24
⋅
ReversingLabs
⋅
Hunting for Ransomware Ryuk |
| 2020-01-23
⋅
Bleeping Computer
⋅
TrickBot Now Steals Windows Active Directory Credentials TrickBot |
| 2020-01-17
⋅
Battle Against Ursnif Malspam Campaign targeting Japan Cutwail ISFB TrickBot UrlZone |
| 2020-01-17
⋅
Secureworks
⋅
Is It Wrong to Try to Find APT Techniques in Ransomware Attack? Defray Dharma FriedEx Gandcrab GlobeImposter Matrix Ransom MedusaLocker Phobos REvil Ryuk SamSam Scarab Ransomware |
| 2020-01-16
⋅
Bleeping Computer
⋅
TrickBot Now Uses a Windows 10 UAC Bypass to Evade Detection TrickBot |
| 2020-01-14
⋅
Bleeping Computer
⋅
Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices Ryuk |
| 2020-01-10
⋅
CSIS
⋅
Threat Matrix H1 2019 Gustuff magecart Emotet Gandcrab Ramnit TrickBot |
| 2020-01-09
⋅
SentinelOne
⋅
Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets TrickBot WIZARD SPIDER |
| 2020-01-01
⋅
Secureworks
⋅
GOLD BLACKBURN Dyre TrickBot |
| 2020-01-01
⋅
Secureworks
⋅
GOLD SWATHMORE GlobeImposter Gozi IcedID TrickBot LUNAR SPIDER |
| 2020-01-01
⋅
Secureworks
⋅
GOLD ULRICK Empire Downloader Ryuk TrickBot WIZARD SPIDER |
| 2020-01-01
⋅
Blackberry
⋅
State of Ransomware Maze MedusaLocker Nefilim Phobos REvil Ryuk STOP |
| 2019-12-26
⋅
Bleeping Computer
⋅
Ryuk Ransomware Stops Encrypting Linux Folders Ryuk |
| 2019-12-21
⋅
Decrypt
⋅
How ransomware exploded in the age of Bitcoin Ryuk |
| 2019-12-19
⋅
Malwarebytes
⋅
Threat spotlight: the curious case of Ryuk ransomware Ryuk |
| 2019-12-15
⋅
Bleeping Computer
⋅
Ryuk Ransomware Likely Behind New Orleans Cyberattack Ryuk |
| 2019-12-12
⋅
FireEye
⋅
Cyber Threat Landscape in Japan – Revealing Threat in the Shadow Cerberus TSCookie Cobalt Strike Dtrack Emotet Formbook IcedID Icefog IRONHALO Loki Password Stealer (PWS) PandaBanker PLEAD POISONPLUG TrickBot BlackTech |
| 2019-12-11
⋅
Cybereason
⋅
Dropping Anchor: From a TrickBot Infection to the Discovery of the Anchor Malware Anchor WIZARD SPIDER |
| 2019-12-10
⋅
Sentinel LABS
⋅
Anchor Project | The Deadly Planeswalker: How The TrickBot Group United High-Tech Crimeware & APT Anchor |
| 2019-12-09
⋅
Emsisoft
⋅
Caution! Ryuk Ransomware decryptor damages larger files, even if you pay Ryuk |
| 2019-12-09
⋅
Palo Alto Networks Unit 42
⋅
TrickBot Campaign Uses Fake Payroll Emails to Conduct Phishing Attacks TrickBot |
| 2019-11-27
⋅
Twitter (@Prosegur)
⋅
Tweet on Incident of Information Security Ryuk |
| 2019-11-22
⋅
Palo Alto Networks Unit 42
⋅
Trickbot Updates Password Grabber Module TrickBot |
| 2019-11-13
⋅
CrowdStrike
⋅
Through the Eyes of the Adversary TrickBot CLOCKWORK SPIDER |
| 2019-11-08
⋅
Palo Alto Networks Unit 42
⋅
Wireshark Tutorial: Examining Trickbot Infections TrickBot |
| 2019-11-06
⋅
⋅
Heise Security
⋅
Emotet, Trickbot, Ryuk – ein explosiver Malware-Cocktail Emotet Ryuk TrickBot |
| 2019-11-05
⋅
Information Age
⋅
Hospital cyberattack could have been avoided Ryuk |
| 2019-11-01
⋅
⋅
CCN-CERT
⋅
Informe Código Dañino CCN-CERT ID-26/19 Ryuk |
| 2019-11-01
⋅
CrowdStrike
⋅
WIZARD SPIDER Adds New Features to Ryuk for Targeting Hosts on LAN Ryuk WIZARD SPIDER |
| 2019-10-29
⋅
SneakyMonkey Blog
⋅
TRICKBOT - Analysis Part II TrickBot |
| 2019-10-24
⋅
Sentinel LABS
⋅
How TrickBot Malware Hooking Engine Targets Windows 10 Browsers TrickBot |
| 2019-10-18
⋅
NTT
⋅
TrickBot variant “Anchor_DNS” communicating over DNS Anchor |
| 2019-09-25
⋅
GovCERT.ch
⋅
Trickbot - An analysis of data collected from the botnet TrickBot |
| 2019-09-09
⋅
McAfee
⋅
Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study Cutwail Dridex Dyre Kovter Locky Phorpiex Simda |
| 2019-08-27
⋅
Secureworks
⋅
TrickBot Modifications Target U.S. Mobile Users TrickBot WIZARD SPIDER |
| 2019-08-26
⋅
InQuest
⋅
Memory Analysis of TrickBot TrickBot |
| 2019-08-05
⋅
Trend Micro
⋅
Latest Trickbot Campaign Delivered via Highly Obfuscated JS File ostap TrickBot |
| 2019-07-12
⋅
DeepInstinct
⋅
TrickBooster – TrickBot’s Email-Based Infection Module TrickBot |
| 2019-07-11
⋅
NTT Security
⋅
Targeted TrickBot activity drops 'PowerBrace' backdoor PowerBrace TrickBot |
| 2019-06-04
⋅
SlideShare
⋅
Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vitali Kremez TrickBot |
| 2019-05-22
⋅
TRICKBOT - Analysis TrickBot |
| 2019-05-09
⋅
GovCERT.ch
⋅
Severe Ransomware Attacks Against Swiss SMEs Emotet LockerGoga Ryuk TrickBot |
| 2019-05-02
⋅
CERT.PL
⋅
Detricking TrickBot Loader TrickBot |
| 2019-04-05
⋅
FireEye
⋅
Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware LockerGoga Ryuk FIN6 |
| 2019-04-05
⋅
Medium vishal_thakur
⋅
Trickbot — a concise treatise TrickBot |
| 2019-04-02
⋅
Cybereason
⋅
Triple Threat: Emotet Deploys Trickbot to Steal Data & Spread Ryuk Ryuk TrickBot |
| 2019-03-26
⋅
⋅
ANSSI
⋅
INFORMATIONS CONCERNANTLES RANÇONGICIELSLOCKERGOGA ET RYUK Ryuk |
| 2019-03-20
⋅
CrowdStrike
⋅
New Evidence Proves Ongoing WIZARD SPIDER / LUNAR SPIDER Collaboration LUNAR SPIDER WIZARD SPIDER |
| 2019-03-05
⋅
PepperMalware Blog
⋅
Quick Analysis of a Trickbot Sample with NSA's Ghidra SRE Framework TrickBot |
| 2019-02-15
⋅
CrowdStrike
⋅
“Sin”-ful SPIDERS: WIZARD SPIDER and LUNAR SPIDER Sharing the Same Web Dyre IcedID TrickBot Vawtrak LUNAR SPIDER WIZARD SPIDER |
| 2019-02-12
⋅
Trend Micro
⋅
Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire TrickBot |
| 2019-01-11
⋅
FireEye
⋅
A Nasty Trick: From Credential Theft Malware to Business Disruption Ryuk TrickBot GRIM SPIDER WIZARD SPIDER |
| 2019-01-10
⋅
CrowdStrike
⋅
Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware Ryuk GRIM SPIDER MUMMY SPIDER STARDUST CHOLLIMA WIZARD SPIDER |
| 2019-01-09
⋅
McAfee
⋅
Ryuk Ransomware Attack: Rush to Attribution Misses the Point Ryuk |
| 2019-01-01
⋅
Virus Bulletin
⋅
Shinigami's Revenge: The Long Tail of Ryuk Malware Ryuk |
| 2018-12-29
⋅
Los Angeles Times
⋅
Malware attack disrupts delivery of L.A. Times and Tribune papers across the U.S. Ryuk |
| 2018-12-12
⋅
SecureData
⋅
The TrickBot and MikroTik connection TrickBot |
| 2018-12-05
⋅
VIPRE
⋅
Trickbot’s Tricks TrickBot |
| 2018-11-12
⋅
Malwarebytes
⋅
What’s new in TrickBot? Deobfuscating elements TrickBot |
| 2018-11-08
⋅
Fortinet
⋅
Deep Analysis of TrickBot New Module pwgrab TrickBot |
| 2018-11-01
⋅
Trend Micro
⋅
Trickbot Shows Off New Trick: Password Grabber Module TrickBot |
| 2018-08-20
⋅
Check Point
⋅
Ryuk Ransomware: A Targeted Campaign Break-Down Ryuk |
| 2018-08-14
⋅
Cyberbit
⋅
Latest Trickbot Variant has New Tricks Up Its Sleeve TrickBot |
| 2018-07-03
⋅
Talos Intelligence
⋅
Smoking Guns - Smoke Loader learned new tricks SmokeLoader TrickBot |
| 2018-06-20
⋅
Unpacking and Extracting TrickBot Malware Configuration With x64dbg and Python TrickBot |
| 2018-06-13
⋅
Github (JR0driguezB)
⋅
TrickBot config files TrickBot |
| 2018-04-16
⋅
Random RE
⋅
TrickBot & UACME TrickBot |
| 2018-04-03
⋅
Vitali Kremez Blog
⋅
Let's Learn: Trickbot Implements Network Collector Module Leveraging CMD, WMI & LDAP TrickBot |
| 2018-03-31
⋅
Youtube (hasherezade)
⋅
Deobfuscating TrickBot's strings with libPeConv TrickBot |
| 2018-03-27
⋅
Trend Micro
⋅
Evolving Trickbot Adds Detection Evasion and Screen-Locking Features TrickBot |
| 2018-03-21
⋅
Webroot
⋅
TrickBot Banking Trojan Adapts with New Module TrickBot |
| 2018-02-15
⋅
SecurityIntelligence
⋅
TrickBot’s Cryptocurrency Hunger: Tricking the Bitcoin Out of Wallets TrickBot |
| 2018-02-01
⋅
Malware Traffic Analysis
⋅
Quick Test Drive of Trickbot (It now has a Monero Module) TrickBot |
| 2017-12-30
⋅
Youtube (hasherezade)
⋅
Unpacking TrickBot with PE-sieve TrickBot |
| 2017-12-19
⋅
Vitali Kremez Blog
⋅
Let's Learn: Introducing New Trickbot LDAP "DomainGrabber" Module TrickBot |
| 2017-11-22
⋅
Flashpoint
⋅
Trickbot Gang Evolves, Incorporates Account Checking Into Hybrid Attack Model TrickBot |
| 2017-11-21
⋅
Let's Learn: Trickbot Socks5 Backconnect Module In Detail TrickBot |
| 2017-10-06
⋅
Blueliv
⋅
TrickBot banking trojan using EFLAGS as an anti-hook technique TrickBot |
| 2017-08-01
⋅
Malwarebytes
⋅
TrickBot comes up with new tricks: attacking Outlook and browsing data TrickBot |
| 2017-07-27
⋅
Flashpoint
⋅
New Version of “Trickbot” Adds Worm Propagation Module TrickBot |
| 2017-07-01
⋅
Ring Zero Labs
⋅
TrickBot Banking Trojan - DOC00039217.doc TrickBot |
| 2017-06-15
⋅
F5
⋅
Trickbot Expands Global Targets Beyond Banks and Payment Processors to CRMs TrickBot |
| 2017-06-12
⋅
⋅
Security Art Work
⋅
Evolución de Trickbot TrickBot |
| 2017-05-26
⋅
PWC
⋅
TrickBot’s bag of tricks TrickBot |
| 2017-05-15
⋅
Secureworks
⋅
Evolution of the GOLD EVERGREEN Threat Group CryptoLocker Dridex Dyre Gameover P2P Murofet TrickBot Zeus GOLD EVERGREEN |
| 2017-05-04
⋅
Forbes
⋅
Behind The Mystery Of Russia's 'Dyre' Hackers Who Stole Millions From American Business Dyre |
| 2017-03-01
⋅
FraudWatch International
⋅
How Does the Trickbot Malware Work? TrickBot |
| 2016-12-07
⋅
Botconf
⋅
The TrickBot Evolution TrickBot |
| 2016-12-06
⋅
Fortinet
⋅
Deep Analysis of the Online Banking Botnet TrickBot TrickBot |
| 2016-11-09
⋅
Tricks of the Trade: A Deeper Look Into TrickBot’s Machinations TrickBot |
| 2016-11-07
⋅
F5 Labs
⋅
Little Trickbot Growing Up: New Campaign TrickBot |
| 2016-10-25
⋅
NetScout
⋅
TrickBot Banker Insights Godzilla Loader TrickBot |
| 2016-10-24
⋅
Malwarebytes
⋅
Introducing TrickBot, Dyreza’s successor TrickBot |
| 2016-10-15
⋅
Fidelis Cybersecurity
⋅
TrickBot: We Missed you, Dyre TrickBot |
| 2015-11-04
⋅
Malwarebytes
⋅
A Technical Look At Dyreza Dyre |
| 2015-10-26
⋅
Blueliv
⋅
Chasing cybercrime: network insights of Dyre and Dridex Trojan bankers Dridex Dyre |
| 2015-07-07
⋅
FireEye
⋅
Dyre Banking Trojan Exploits CVE-2015-0057 Dyre |
| 2014-12-17
⋅
Secureworks
⋅
Dyre Banking Trojan Dyre Vawtrak WIZARD SPIDER |