SYMBOLCOMMON_NAMEaka. SYNONYMS
win.phorpiex (Back to overview)

Phorpiex

aka: Trik
URLhaus      

Proofpoint describes Phorpiex/Trik as a SDBot fork (thus IRC-based) that has been used to distribute GandCrab, Pushdo, Pony, and coinminers. The name Trik is derived from PDB strings.

References
2020-02-18LastlineJason Zhang, Stefano Ortolani
@online{zhang:20200218:nemty:8d6340a, author = {Jason Zhang and Stefano Ortolani}, title = {{Nemty Ransomware Scaling UP: APAC Mailboxes Swarmed by Dual Downloaders}}, date = {2020-02-18}, organization = {Lastline}, url = {https://www.lastline.com/labsblog/nemty-ransomware-scaling-up-apac-mailboxes-swarmed-dual-downloaders/}, language = {English}, urldate = {2020-02-23} } Nemty Ransomware Scaling UP: APAC Mailboxes Swarmed by Dual Downloaders
Nemty Phorpiex
2020-01-23ZDNetCatalin Cimpanu
@online{cimpanu:20200123:someone:fb903da, author = {Catalin Cimpanu}, title = {{Someone is uninstalling the Phorpiex malware from infected PCs and telling users to install an antivirus}}, date = {2020-01-23}, organization = {ZDNet}, url = {https://www.zdnet.com/article/someone-is-uninstalling-the-phorpiex-malware-from-infected-pcs-and-telling-users-to-install-an-antivirus/}, language = {English}, urldate = {2020-01-27} } Someone is uninstalling the Phorpiex malware from infected PCs and telling users to install an antivirus
Phorpiex
2019-11-19Check PointAlexey Bukhteyev
@online{bukhteyev:20191119:phorpiex:50c2cb1, author = {Alexey Bukhteyev}, title = {{Phorpiex Breakdown}}, date = {2019-11-19}, organization = {Check Point}, url = {https://research.checkpoint.com/2019/phorpiex-breakdown/}, language = {English}, urldate = {2020-01-06} } Phorpiex Breakdown
Phorpiex
2019-09-09McAfeeThomas Roccia, Marc Rivero López, Chintan Shah
@online{roccia:20190909:evolution:baf3b6c, author = {Thomas Roccia and Marc Rivero López and Chintan Shah}, title = {{Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study}}, date = {2019-09-09}, organization = {McAfee}, url = {https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/evolution-of-malware-sandbox-evasion-tactics-a-retrospective-study/}, language = {English}, urldate = {2020-01-10} } Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study
Cutwail Dridex Dyre Kovter Locky Phorpiex Simda
2019-03-06CrowdStrikeBrendon Feeley, Bex Hartley, Sergei Frankoff
@online{feeley:20190306:pinchy:f5060bd, author = {Brendon Feeley and Bex Hartley and Sergei Frankoff}, title = {{PINCHY SPIDER Affiliates Adopt “Big Game Hunting” Tactics to Distribute GandCrab Ransomware}}, date = {2019-03-06}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/pinchy-spider-adopts-big-game-hunting/}, language = {English}, urldate = {2019-12-20} } PINCHY SPIDER Affiliates Adopt “Big Game Hunting” Tactics to Distribute GandCrab Ransomware
Gandcrab Phorpiex Pinchy Spider Zombie Spider
2018-06-12Bleeping ComputerCatalin Cimpanu
@online{cimpanu:20180612:trik:137e306, author = {Catalin Cimpanu}, title = {{Trik Spam Botnet Leaks 43 Million Email Addresses}}, date = {2018-06-12}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/trik-spam-botnet-leaks-43-million-email-addresses/}, language = {English}, urldate = {2019-12-20} } Trik Spam Botnet Leaks 43 Million Email Addresses
Phorpiex
2018-05-24ProofpointProofpoint Staff
@online{staff:20180524:phorpiex:81572f0, author = {Proofpoint Staff}, title = {{Phorpiex – A decade of spamming from the shadows}}, date = {2018-05-24}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/phorpiex-decade-spamming-shadows}, language = {English}, urldate = {2019-12-20} } Phorpiex – A decade of spamming from the shadows
Phorpiex
2016-02-21Johannes Bader BlogJohannes Bader
@online{bader:20160221:phorpiex:ab65d87, author = {Johannes Bader}, title = {{Phorpiex - An IRC worm}}, date = {2016-02-21}, organization = {Johannes Bader Blog}, url = {https://www.johannesbader.ch/2016/02/phorpiex/}, language = {English}, urldate = {2020-01-06} } Phorpiex - An IRC worm
Phorpiex
2013-01-21Trend MicroMark Joseph Manahan
@online{manahan:20130121:shylock:981b444, author = {Mark Joseph Manahan}, title = {{Shylock Not the Lone Threat Targeting Skype}}, date = {2013-01-21}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/shylock-not-the-lone-threat-targeting-skype/}, language = {English}, urldate = {2020-01-13} } Shylock Not the Lone Threat Targeting Skype
Phorpiex

There is no Yara-Signature yet.