A One-two Punch of Emotet, TrickBot, & Ryuk Stealing & Ransoming Data
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Direct Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Scheduled Task - T1053.005 Powershell - T1086 Scheduled Task - T1053
Show in Graph
Common Information
Type Value
UUID 9e2fdd82-6cd8-45d7-9064-593158c70fa6
Fingerprint c60008698737810e
Analysis status DONE
Considered CTI value 0
Text language
Published April 2, 2019, midnight
Added to db Feb. 17, 2023, 10:21 p.m.
Last updated Nov. 14, 2024, 7:09 a.m.
Headline A One-two Punch of Emotet, TrickBot, & Ryuk Stealing & Ransoming Data
Title A One-two Punch of Emotet, TrickBot, & Ryuk Stealing & Ransoming Data
Detected Hints/Tags/Attributes 76/2/16
Source URLs
Redirection Url
Details Source https://www.cybereason.com/blog/one-two-punch-emotet-trickbot-and-ryuk-steal-then-ransom-data
Details Source https://www.cybereason.com/blog/research/one-two-punch-emotet-trickbot-and-ryuk-steal-then-ransom-data
URL Provider
Details Provider Source level domain
Details cybereason.com www.cybereason.com
Attributes
Details Type #Events CTI Value
Details File 18 
settings.ini
Details File 2 
module64.dll
Details File 11 
module.dll
Details File 3 
vncsrv.dll
Details File 3 
socks5dll.dll
Details File 5 
systeminfo.dll
Details File 4 
mailsearcher.dll
Details File 21 
loader.dll
Details File 3 
pwgrab.dll
Details File 3 
core-dll.dll
Details File 17 
dll.dll
Details File 2 
screenlocker_x64.dll
Details File 2 
spreader_x64.dll
Details File 3 
ryuk.exe
Details File 14 
ryukreadme.txt
Details File 380 
notepad.exe