| SYMBOL | COMMON_NAME | aka. SYNONYMS |
win.egregor (Back to overview)
Egregor
According to Heimdal, Egregor ransomware infection happens via a loader, then, in the victim’s firewall, it enables the Remote Desktop Protocol. After this part, the malware is free to move inside the victim’s network, identifying and disabling all the antivirus software it can find. The next step is the encryption of the data and the insertion of a ransom note named “RECOVER-FILES.txt” in all the compromised folders.
References
| 2022-05-01 ⋅ BushidoToken ⋅ Gamer Cheater Hacker Spy Egregor HelloKitty NetfilterRootkit RagnarLocker Winnti |
| 2022-03-17 ⋅ Sophos ⋅ The Ransomware Threat Intelligence Center ATOMSILO Avaddon AvosLocker BlackKingdom Ransomware BlackMatter Conti Cring DarkSide dearcry Dharma Egregor Entropy Epsilon Red Gandcrab Karma LockBit LockFile Mailto Maze Nefilim RagnarLocker Ragnarok REvil RobinHood Ryuk SamSam Snatch WannaCryptor WastedLocker |
| 2022-02-09 ⋅ Bleeping Computer ⋅ Ransomware dev releases Egregor, Maze master decryption keys Egregor Maze Sekhmet |
| 2022-02-09 ⋅ Security Affairs ⋅ Master decryption keys for Maze, Egregor, and Sekhmet ransomware leaked online Egregor m0yv Maze Sekhmet |
| 2021-11-03 ⋅ CERT-FR ⋅ Identification of a new cybercriminal group: Lockean DoppelPaymer Egregor Maze PwndLocker REvil |
| 2021-10-26 ⋅ Identification of a new cyber criminal group: Lockean Cobalt Strike DoppelPaymer Egregor Maze PwndLocker QakBot REvil |
| 2021-10-22 ⋅ HUNT & HACKETT ⋅ Advanced IP Scanner: the preferred scanner in the A(P)T toolbox Conti DarkSide Dharma Egregor Hades REvil Ryuk |
| 2021-08-15 ⋅ Symantec ⋅ The Ransomware Threat Babuk BlackMatter DarkSide Avaddon Babuk BADHATCH BazarBackdoor BlackMatter Clop Cobalt Strike Conti DarkSide DoppelPaymer Egregor Emotet FiveHands FriedEx Hades IcedID LockBit Maze MegaCortex MimiKatz QakBot RagnarLocker REvil Ryuk TrickBot WastedLocker |
| 2021-08-10 ⋅ Bleeping Computer ⋅ Crytek confirms Egregor ransomware attack, customer data theft Egregor Maze |
| 2021-08-05 ⋅ KrebsOnSecurity ⋅ Ransomware Gangs and the Name Game Distraction DarkSide RansomEXX Babuk Cerber Conti DarkSide DoppelPaymer Egregor FriedEx Gandcrab Hermes Maze RansomEXX REvil Ryuk Sekhmet |
| 2021-08-04 ⋅ CrowdStrike ⋅ PROPHET SPIDER Exploits Oracle WebLogic to Facilitate Ransomware Activity Cobalt Strike Egregor Mount Locker |
| 2021-07-27 ⋅ Bleeping Computer ⋅ LockBit ransomware now encrypts Windows domains using group policies Egregor LockBit |
| 2021-07-21 ⋅ IBM ⋅ This Chat is Being Recorded: Egregor Ransomware Negotiations Uncovered Egregor |
| 2021-07-09 ⋅ The Record ⋅ Ransomwhere project wants to create a database of past ransomware payments Egregor Mailto Maze REvil |
| 2021-07-01 ⋅ DomainTools ⋅ The Most Prolific Ransomware Families: A Defenders Guide REvil Conti Egregor Maze REvil |
| 2021-06-16 ⋅ Proofpoint ⋅ The First Step: Initial Access Leads to Ransomware BazarBackdoor Egregor IcedID Maze QakBot REvil Ryuk TrickBot WastedLocker |
| 2021-05-18 ⋅ Bleeping Computer ⋅ DarkSide ransomware made $90 million in just nine months DarkSide DarkSide Egregor Gandcrab Mailto Maze REvil Ryuk |
| 2021-05-10 ⋅ DarkTracer ⋅ Intelligence Report on Ransomware Gangs on the DarkWeb: List of victim organizations attacked by ransomware gangs released on the DarkWeb RansomEXX Avaddon Babuk Clop Conti Cuba DarkSide DoppelPaymer Egregor Hades LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker Nefilim Nemty Pay2Key PwndLocker RagnarLocker Ragnarok RansomEXX REvil Sekhmet SunCrypt ThunderX |
| 2021-04-26 ⋅ CoveWare ⋅ Ransomware Attack Vectors Shift as New Software Vulnerability Exploits Abound Avaddon Clop Conti DarkSide Egregor LockBit Mailto Phobos REvil Ryuk SunCrypt |
| 2021-04-07 ⋅ ANALYST1 ⋅ Ransom Mafia - Analysis of the World's First Ransomware Cartel Conti Egregor LockBit Maze RagnarLocker SunCrypt VIKING SPIDER |
| 2021-04-07 ⋅ ANALYST1 ⋅ Ransom Mafia Analysis of the World's First Ransomware Cartel Conti Egregor LockBit Maze RagnarLocker Ryuk SunCrypt TA2101 VIKING SPIDER |
| 2021-03-26 ⋅ Trend Micro ⋅ Alleged Members of Egregor Ransomware Cartel Arrested Egregor QakBot |
| 2021-03-24 ⋅ Cisco ⋅ Quarterly Report: Incident Response trends from Winter 2020-21 Egregor REvil WastedLocker |
| 2021-03-16 ⋅ The Record ⋅ France’s lead cybercrime investigator on the Egregor arrests, cybercrime Egregor |
| 2021-03-02 ⋅ CERT-FR ⋅ The Egregor Ransomware Egregor Maze Sekhmet |
| 2021-03 ⋅ Group-IB ⋅ Ransomware Uncovered 2020/2021 RansomEXX BazarBackdoor Buer Clop Conti DoppelPaymer Dridex Egregor IcedID Maze PwndLocker QakBot RansomEXX REvil Ryuk SDBbot TrickBot Zloader |
| 2021-02-25 ⋅ FireEye ⋅ So Unchill: Melting UNC2198 ICEDID to Ransomware Operations MOUSEISLAND Cobalt Strike Egregor IcedID Maze SystemBC |
| 2021-02-23 ⋅ CrowdStrike ⋅ 2021 Global Threat Report RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader KNOCKOUT SPIDER OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER |
| 2021-02-17 ⋅ Security Service of Ukraine ⋅ SBU blocks activity of transnational hacking group Egregor |
| 2021-02-17 ⋅ Intel 471 ⋅ Egregor operation takes huge hit after police raids Egregor |
| 2021-02-15 ⋅ Emsisoft ⋅ Ransomware Profile: Egregor Egregor |
| 2021-02-11 ⋅ Morphisec ⋅ An Analysis of the Egregor Ransomware Egregor |
| 2021-02-04 ⋅ Chainanalysis ⋅ Blockchain Analysis Shows Connections Between Four of 2020’s Biggest Ransomware Strains DoppelPaymer Egregor Maze SunCrypt |
| 2021-02-02 ⋅ CRONUP ⋅ De ataque con Malware a incidente de Ransomware Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DanaBot Dharma Dridex Egregor Emotet Empire Downloader FriedEx GootKit IcedID MegaCortex Nemty Phorpiex PwndLocker PyXie QakBot RansomEXX REvil Ryuk SDBbot SmokeLoader TrickBot Zloader |
| 2021-01-18 ⋅ Arete ⋅ Egregor: The Ghost of Soviet Bears Past Haunts On Egregor |
| 2021-01-06 ⋅ FBI ⋅ PIN Number 20210106-001: Egregor Ransomware Targets Businesses Worldwide, Attempting to Extort Businesses by Publicly Releasing Exfiltrated Data Egregor QakBot |
| 2021-01-04 ⋅ Bleeping Computer ⋅ TransLink confirms ransomware data theft, still restoring systems Egregor |
| 2020-12-16 ⋅ Accenture ⋅ Tracking and combatting an evolving danger: Ransomware extortion DarkSide Egregor Maze Nefilim RagnarLocker REvil Ryuk SunCrypt |
| 2020-12-15 ⋅ Hornetsecurity ⋅ QakBot reducing its on disk artifacts Egregor PwndLocker QakBot |
| 2020-12-15 ⋅ Malwarebytes ⋅ Threat profile: Egregor ransomware is making a name for itself Egregor |
| 2020-12-14 ⋅ Trend Micro ⋅ Egregor Ransomware Launches String of High-Profile Attacks to End 2020 Egregor |
| 2020-12-08 ⋅ Palo Alto Networks Unit 42 ⋅ Threat Assessment: Egregor Ransomware Egregor |
| 2020-12-08 ⋅ Sophos ⋅ Egregor ransomware: Maze’s heir apparent Egregor Maze |
| 2020-12-07 ⋅ Minerva Labs ⋅ Egregor Ransomware - An In-Depth Analysis Egregor Maze Sekhmet |
| 2020-12-04 ⋅ Bleeping Computer ⋅ Metro Vancouver's transit system hit by Egregor ransomware Egregor |
| 2020-12-04 ⋅ Bleeping Computer ⋅ Largest global staffing agency Randstad hit by Egregor ransomware Egregor |
| 2020-12-03 ⋅ Bleeping Computer ⋅ Kmart nationwide retailer suffers a ransomware attack Egregor |
| 2020-12-03 ⋅ Recorded Future ⋅ Egregor Ransomware, Used in a String of High-Profile Attacks, Shows Connections to QakBot Egregor QakBot |
| 2020-12-02 ⋅ Red Canary ⋅ Tweet on increased #Qbot activity delivering Cobalt Strike & #Egregor ransomware Cobalt Strike Egregor QakBot |
| 2020-12-01 ⋅ Group-IB ⋅ Egregor ransomware: The legacy of Maze lives on Egregor QakBot |
| 2020-11-26 ⋅ Cybereason ⋅ Cybereason vs. Egregor Ransomware Cobalt Strike Egregor IcedID ISFB QakBot |
| 2020-11-25 ⋅ SentinelOne ⋅ Egregor RaaS Continues the Chaos with Cobalt Strike and Rclone Cobalt Strike Egregor |
| 2020-11-20 ⋅ ZDNet ⋅ The malware that usually installs ransomware and you need to remove right away Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DoppelPaymer Dridex Egregor Emotet FriedEx MegaCortex Phorpiex PwndLocker QakBot Ryuk SDBbot TrickBot Zloader |
| 2020-11-20 ⋅ Group-IB ⋅ The Locking Egregor Egregor QakBot |
| 2020-11-18 ⋅ KELA ⋅ Zooming into Darknet Threats Targeting Japanese Organizations Conti DoppelPaymer Egregor LockBit Maze REvil Snake |
| 2020-11-16 ⋅ Intel 471 ⋅ Ransomware-as-a-service: The pandemic within a pandemic Avaddon Clop Conti DoppelPaymer Egregor Hakbit Mailto Maze Mespinoza RagnarLocker REvil Ryuk SunCrypt ThunderX |
| 2020-11-14 ⋅ Bleeping Computer ⋅ Retail giant Cencosud hit by Egregor Ransomware attack, stores impacted Egregor |
| 2020-11-12 ⋅ Intrinsec ⋅ Egregor – Prolock: Fraternal Twins ? Egregor PwndLocker QakBot |
| 2020-11-11 ⋅ Kaspersky Labs ⋅ Targeted ransomware: it’s not just about encrypting your data! Part 1 - “Old and New Friends” Egregor Maze RagnarLocker |
| 2020-10-29 ⋅ Security Boulevard ⋅ Egregor: Sekhmet’s Cousin Egregor |
| 2020-10-29 ⋅ Bleeping Computer ⋅ Maze ransomware is shutting down its cybercrime operation Egregor Maze |
| 2020-10-20 ⋅ Bleeping Computer ⋅ Barnes & Noble hit by Egregor ransomware, strange data leaked Egregor |
| 2020-10-15 ⋅ ZDNet ⋅ Ubisoft, Crytek data posted on ransomware gang's site Egregor |
| 2020-10-02 ⋅ AppGate ⋅ Appgate Labs Analyzes New Family Of Ransomware - Egregor Egregor |
| 2020-09-18 ⋅ ID Ransomware ⋅ Egregor Ransomware Egregor |
There is no Yara-Signature yet.