win.egregor (Back to overview)


According to Heimdal, Egregor ransomware infection happens via a loader, then, in the victim’s firewall, it enables the Remote Desktop Protocol. After this part, the malware is free to move inside the victim’s network, identifying and disabling all the antivirus software it can find. The next step is the encryption of the data and the insertion of a ransom note named “RECOVER-FILES.txt” in all the compromised folders.

2024-02-15Bleeping ComputerSergiu Gatlan
Zeus, IcedID malware gangs leader pleads guilty, faces 40 years in prison
Egregor IcedID Maze Zeus
2024-02-15Department of JusticeOffice of Public Affairs
Foreign National Pleads Guilty to Role in Cybercrime Schemes Involving Tens of Millions of Dollars in Losses
Egregor IcedID Maze Zeus
Gamer Cheater Hacker Spy
Egregor HelloKitty NetfilterRootkit RagnarLocker Winnti
2022-03-17SophosTilly Travers
The Ransomware Threat Intelligence Center
ATOMSILO Avaddon AvosLocker BlackKingdom Ransomware BlackMatter Conti Cring DarkSide dearcry Dharma Egregor Entropy Epsilon Red Gandcrab Karma LockBit LockFile Mailto Maze Nefilim RagnarLocker Ragnarok REvil RobinHood Ryuk SamSam Snatch WannaCryptor WastedLocker
2022-02-09Security AffairsPierluigi Paganini
Master decryption keys for Maze, Egregor, and Sekhmet ransomware leaked online
Egregor m0yv Maze Sekhmet
2022-02-09Bleeping ComputerLawrence Abrams
Ransomware dev releases Egregor, Maze master decryption keys
Egregor Maze Sekhmet
Identification of a new cybercriminal group: Lockean
DoppelPaymer Egregor Maze PwndLocker REvil
Identification of a new cyber criminal group: Lockean
Cobalt Strike DoppelPaymer Egregor Maze PwndLocker QakBot REvil
2021-10-22HUNT & HACKETTKrijn de Mik
Advanced IP Scanner: the preferred scanner in the A(P)T toolbox
Conti DarkSide Dharma Egregor Hades REvil Ryuk
2021-08-15SymantecThreat Hunter Team
The Ransomware Threat
Babuk BlackMatter DarkSide Avaddon Babuk BADHATCH BazarBackdoor BlackMatter Clop Cobalt Strike Conti DarkSide DoppelPaymer Egregor Emotet FiveHands FriedEx Hades IcedID LockBit Maze MegaCortex MimiKatz QakBot RagnarLocker REvil Ryuk TrickBot WastedLocker
2021-08-10Bleeping ComputerSergiu Gatlan
Crytek confirms Egregor ransomware attack, customer data theft
Egregor Maze
2021-08-05KrebsOnSecurityBrian Krebs
Ransomware Gangs and the Name Game Distraction
DarkSide RansomEXX Babuk Cerber Conti DarkSide DoppelPaymer Egregor FriedEx Gandcrab Hermes Maze RansomEXX REvil Ryuk Sekhmet
2021-08-04CrowdStrikeCrowdStrike Intelligence Team, CrowdStrike IR, Falcon OverWatch Team
PROPHET SPIDER Exploits Oracle WebLogic to Facilitate Ransomware Activity
Cobalt Strike Egregor Mount Locker Prophet Spider
2021-07-27Bleeping ComputerLawrence Abrams
LockBit ransomware now encrypts Windows domains using group policies
Egregor LockBit
2021-07-21IBMAllison Wikoff, Chris Caridi
This Chat is Being Recorded: Egregor Ransomware Negotiations Uncovered
2021-07-09The RecordCatalin Cimpanu
Ransomwhere project wants to create a database of past ransomware payments
Egregor Mailto Maze REvil
2021-07-01DomainToolsChad Anderson
The Most Prolific Ransomware Families: A Defenders Guide
REvil Conti Egregor Maze REvil
2021-06-16ProofpointDaniel Blackford, Garrett M. Graff, Selena Larson
The First Step: Initial Access Leads to Ransomware
BazarBackdoor Egregor IcedID Maze QakBot REvil Ryuk TrickBot WastedLocker TA570 TA575 TA577
2021-05-18Bleeping ComputerIonut Ilascu
DarkSide ransomware made $90 million in just nine months
DarkSide DarkSide Egregor Gandcrab Mailto Maze REvil Ryuk
Intelligence Report on Ransomware Gangs on the DarkWeb: List of victim organizations attacked by ransomware gangs released on the DarkWeb
RansomEXX Avaddon Babuk Clop Conti Cuba DarkSide DoppelPaymer Egregor Hades LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker Nefilim Nemty Pay2Key PwndLocker RagnarLocker Ragnarok RansomEXX REvil Sekhmet SunCrypt ThunderX
Ransomware Attack Vectors Shift as New Software Vulnerability Exploits Abound
Avaddon Clop Conti DarkSide Egregor LockBit Mailto Phobos REvil Ryuk SunCrypt
2021-04-07ANALYST1Jon DiMaggio
Ransom Mafia - Analysis of the World's First Ransomware Cartel
Conti Egregor LockBit Maze RagnarLocker SunCrypt VIKING SPIDER
2021-04-07ANALYST1Jon DiMaggio
Ransom Mafia Analysis of the World's First Ransomware Cartel
Conti Egregor LockBit Maze RagnarLocker Ryuk SunCrypt TA2101 VIKING SPIDER
2021-03-26Trend MicroTrend Micro
Alleged Members of Egregor Ransomware Cartel Arrested
Egregor QakBot
2021-03-24CiscoCaitlin Huey, David Liebenberg
Quarterly Report: Incident Response trends from Winter 2020-21
Egregor REvil WastedLocker
2021-03-16The RecordCatalin Cimpanu
France’s lead cybercrime investigator on the Egregor arrests, cybercrime
The Egregor Ransomware
Egregor Maze Sekhmet
2021-03-01Group-IBOleg Skulkin, Roman Rezvukhin, Semyon Rogachev
Ransomware Uncovered 2020/2021
RansomEXX BazarBackdoor Buer Clop Conti DoppelPaymer Dridex Egregor IcedID Maze PwndLocker QakBot RansomEXX REvil Ryuk SDBbot TrickBot Zloader
2021-02-25FireEyeBrendan McKeague, Bryce Abdo, Van Ta
So Unchill: Melting UNC2198 ICEDID to Ransomware Operations
MOUSEISLAND Cobalt Strike Egregor IcedID Maze SystemBC
2021 Global Threat Report
RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER
2021-02-17Intel 471Intel 471
Egregor operation takes huge hit after police raids
2021-02-17Security Service of UkraineSecurity Service of Ukraine
SBU blocks activity of transnational hacking group
2021-02-15EmsisoftEmsiSoft Malware Lab
Ransomware Profile: Egregor
An Analysis of the Egregor Ransomware
2021-02-04ChainanalysisChainalysis Team
Blockchain Analysis Shows Connections Between Four of 2020’s Biggest Ransomware Strains
DoppelPaymer Egregor Maze SunCrypt
2021-02-02CRONUPGermán Fernández
De ataque con Malware a incidente de Ransomware
Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DanaBot Dharma Dridex Egregor Emotet Empire Downloader FriedEx GootKit IcedID MegaCortex Nemty Phorpiex PwndLocker PyXie QakBot RansomEXX REvil Ryuk SDBbot SmokeLoader TrickBot Zloader
2021-01-18AreteAdam Brown, Harold Rodriguez
Egregor: The Ghost of Soviet Bears Past Haunts On
PIN Number 20210106-001: Egregor Ransomware Targets Businesses Worldwide, Attempting to Extort Businesses by Publicly Releasing Exfiltrated Data
Egregor QakBot
2021-01-04Bleeping ComputerSergiu Gatlan
TransLink confirms ransomware data theft, still restoring systems
2020-12-16AccenturePaul Mansfield
Tracking and combatting an evolving danger: Ransomware extortion
DarkSide Egregor Maze Nefilim RagnarLocker REvil Ryuk SunCrypt
2020-12-15MalwarebytesPieter Arntz
Threat profile: Egregor ransomware is making a name for itself
2020-12-15HornetsecurityHornetsecurity Security Lab
QakBot reducing its on disk artifacts
Egregor PwndLocker QakBot
2020-12-14Trend MicroTrend Micro Research
Egregor Ransomware Launches String of High-Profile Attacks to End 2020
2020-12-08Palo Alto Networks Unit 42Brittany Barbehenn, Doel Santos, Robert Falcone
Threat Assessment: Egregor Ransomware
2020-12-08SophosAnand Aijan, Bill Kearney, Gabor Szappanos, Mark Loman, Peter Mackenzie, Sean Gallagher, Sergio Bestulic, Syed Shahram
Egregor ransomware: Maze’s heir apparent
Egregor Maze
2020-12-07Minerva LabsTom Roter
Egregor Ransomware - An In-Depth Analysis
Egregor Maze Sekhmet
2020-12-04Bleeping ComputerLawrence Abrams
Metro Vancouver's transit system hit by Egregor ransomware
2020-12-04Bleeping ComputerLawrence Abrams
Largest global staffing agency Randstad hit by Egregor ransomware
2020-12-03Recorded FutureInsikt Group®
Egregor Ransomware, Used in a String of High-Profile Attacks, Shows Connections to QakBot
Egregor QakBot
2020-12-03Bleeping ComputerLawrence Abrams
Kmart nationwide retailer suffers a ransomware attack
2020-12-02Red Canarytwitter (@redcanary)
Tweet on increased #Qbot activity delivering Cobalt Strike & #Egregor ransomware
Cobalt Strike Egregor QakBot
2020-12-01Group-IBGroup-IB, Oleg Skulkin, Roman Rezvukhin, Semyon Rogachev
Egregor ransomware: The legacy of Maze lives on
Egregor QakBot
2020-11-26CybereasonCybereason Nocturnus, Lior Rochberger
Cybereason vs. Egregor Ransomware
Cobalt Strike Egregor IcedID ISFB QakBot
2020-11-25SentinelOneJim Walter
Egregor RaaS Continues the Chaos with Cobalt Strike and Rclone
Cobalt Strike Egregor
2020-11-20Group-IBOleg Skulkin, Roman Rezvukhin, Semyon Rogachev
The Locking Egregor
Egregor QakBot
2020-11-20ZDNetCatalin Cimpanu
The malware that usually installs ransomware and you need to remove right away
Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DoppelPaymer Dridex Egregor Emotet FriedEx MegaCortex Phorpiex PwndLocker QakBot Ryuk SDBbot TrickBot Zloader
2020-11-18KELAVictoria Kivilevich
Zooming into Darknet Threats Targeting Japanese Organizations
Conti DoppelPaymer Egregor LockBit Maze REvil Snake
2020-11-16Intel 471Intel 471
Ransomware-as-a-service: The pandemic within a pandemic
Avaddon Clop Conti DoppelPaymer Egregor Hakbit Mailto Maze Mespinoza RagnarLocker REvil Ryuk SunCrypt ThunderX
2020-11-14Bleeping ComputerLawrence Abrams
Retail giant Cencosud hit by Egregor Ransomware attack, stores impacted
2020-11-12IntrinsecJean Bichet
Egregor – Prolock: Fraternal Twins ?
Egregor PwndLocker QakBot
2020-11-11Kaspersky LabsDmitry Bestuzhev, Fedor Sinitsyn
Targeted ransomware: it’s not just about encrypting your data! Part 1 - “Old and New Friends”
Egregor Maze RagnarLocker
2020-10-29Bleeping ComputerLawrence Abrams
Maze ransomware is shutting down its cybercrime operation
Egregor Maze
2020-10-29Security BoulevardTomas Meskauskas
Egregor: Sekhmet’s Cousin
2020-10-20Bleeping ComputerLawrence Abrams
Barnes & Noble hit by Egregor ransomware, strange data leaked
2020-10-15ZDNetCatalin Cimpanu
Ubisoft, Crytek data posted on ransomware gang's site
2020-10-02AppGateAppGate Labs
Appgate Labs Analyzes New Family Of Ransomware - Egregor
2020-09-18ID RansomwareAndrew Ivanov
Egregor Ransomware

There is no Yara-Signature yet.