Common Information
| Type | Value |
|---|---|
| Value |
BuhTrap |
| Category | Actor |
| Type | Threat-Actor |
| Misp Type | Cluster |
| Description | Buhtrap has been active since 2014, however their first attacks against financial institutions were only detected in August 2015. Earlier, the group had only focused on targeting banking clients. At the moment, the group is known to target Russian and Ukrainian banks. From August 2015 to February 2016 Buhtrap managed to conduct 13 successful attacks against Russian banks for a total amount of 1.8 billion rubles ($25.7 mln). The number of successful attacks against Ukrainian banks has not been identified. Buhtrap is the first hacker group using a network worm to infect the overall bank infrastructure that significantly increases the difficulty of removing all malicious functions from the network. As a result, banks have to shut down the whole infrastructure which provokes delay in servicing customers and additional losses. Malicious programs intentionally scan for machines with an automated Bank-Customer system of the Central Bank of Russia (further referred to as BCS CBR). We have not identified incidents of attacks involving online money transfer systems, ATM machines or payment gates which are known to be of interest for other criminal groups. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-10-10 | 13 | Buhtrap RAT IOCs - SEC-1275-1 | ||
| Details | Website | 2022-05-12 | 24 | SCYTHE Library: #ThreatThursday - Buhtrap | ||
| Details | Website | 2021-10-20 | 1 | Russian-speaking cybercrime evolution: What changed from 2016 to 2021 | ||
| Details | Website | 2020-10-02 | 39 | Graphology of an Exploit - Hunting for exploits by looking for the author's fingerprints - Check Point Research | ||
| Details | Website | 2019-11-18 | 27 | Group-IB unveils its graph | ||
| Details | Website | 2019-08-16 | 32 | Meet Buran: The New Delphi Ransomware Delivered via RIG Exploit Kit | ||
| Details | Website | 2019-08-14 | 252 | In the Balkans, businesses are under fire from a double‑barreled weapon | WeLiveSecurity | ||
| Details | Website | 2019-07-11 | 17 | Threat Source newsletter (July 11, 2019) | ||
| Details | Website | 2019-04-30 | 281 | Buhtrap backdoor and Buran ransomware distributed via major advertising platform | WeLiveSecurity | ||
| Details | Website | 2019-03-07 | 4 | Financial Cyberthreats in 2018 | ||
| Details | Website | 2019-02-20 | 0 | Cybercrime is focusing on accountants | ||
| Details | Website | 2018-09-05 | 7 | New Silence hacking group suspected of having ties to cyber-security industry | ||
| Details | Website | 2018-06-13 | 0 | Banco de Chile Wiper Attack Just a Cover for $10M SWIFT Heist | ||
| Details | Website | 2018-06-12 | 2 | Banco de Chile ‘MBR Killer’ Reveals Hidden Nexus to Buhtrap Malware Kit Used to Target Financial Institutions, Payment Networks | ||
| Details | Website | 2018-05-29 | 48 | Cobalt Renaissance: new attacks and joint operations | ||
| Details | Website | 2018-05-09 | 1 | Silence: Moving into the Darkside | ||
| Details | Website | 2017-11-14 | 3 | APT Trends report Q3 2017 | Securelist | ||
| Details | Website | 2017-08-15 | 4 | Secrets of Cobalt | ||
| Details | Website | 2017-07-24 | 1 | Targeted attacks on banks | ||
| Details | Website | 2017-03-30 | 7 | Hi-Tech Crime Trends 2016 | ||
| Details | Website | 2016-09-28 | 25 | Highly Evasive Code Injection Awaits User Interaction Before Delivering Malware | ||
| Details | Website | 2016-06-08 | 0 | Crimeware: Malware and massive campaigns around the world | WeLiveSecurity | ||
| Details | Website | 2016-02-22 | 38 | Endpoint Protection - Symantec Enterprise | ||
| Details | Website | 2015-11-11 | 14 | Operation Buhtrap malware distributed via ammyy.com | WeLiveSecurity | ||
| Details | Website | 2015-10-13 | 0 | Beware banking trojans and their nasty helpers | WeLiveSecurity |