What is TA505?

What is TA505?

TA505, aka Hive0065, is a gang of cybercrooks involved in both financial swindles and state-sponsored actions. Proofpoint researchers describe the group as being “one of the more prolific actors” that they track.

What is FlawedGrace?

According to ProofPoint, FlawedGrace is written in C++ and can be categorized as a Remote Access Trojan (RAT). It seems to have been developed in the second half of 2017 mainly.

How does Dridex malware work?

How does Dridex work? Cybercriminals will spread Dridex through spam emails. The emails are presented as official and will prompt the victim to open an attached Microsoft Word or Excel file. A macro embedded within the file will trigger when the file is opened and start a download of Dridex.

Who is FIN11?

FIN11 is a well-established financial crime group that has recently focused its operations on ransomware and extortion. The group has been active since 2017 and has been tracked under UNC902 and later on as TEMP. Warlok.

Who is Ta542?

Ta542 (Official Designation: Mummy Spider)

What is proofpoint tap?

Proofpoint Targeted Attack Protection (TAP) helps you stay ahead of attackers with an innovative approach that detects, analyzes and blocks advanced threats before they reach your inbox. This includes ransomware and other advanced email threats delivered through malicious attachments and URLs.

Who created Dridex?

Necurs Maksim Yakubets

Common name Dridex As Dridex Trojan:Win32/Dridex (Microsoft) Trojan.Dridex (Malwarebytes) Trojan.Win64.DRIDEX.AD (Trend Micro) W32/Dridex.ABA!tr (FortiGuard)
Type Trojan
Subtype Banking trojan
Author(s) Necurs Maksim Yakubets

Who made Dridex?

The US Department of Justice announced charges today against two Russian nationals behind the infamous Dridex malware. The indictment names Maksim Yakubets and Igor Turashev as two of the developers behind the Dridex banking trojan, and specifically names Yakubets as the group’s leader.

Who is mummy spider?

Overview: MUMMY SPIDER is a cybercrime group that creates, distributes, and operates the Emotet botnet. Emotet is advanced, modular malware that originated as a banking trojan (malware designed to steal information from banking systems but that may also be used to drop additional malware and ransomware).

What is TrickBot Trojan?

TrickBot is a banking Trojan that can steal financial details, account credentials, and personally identifiable information (PII), as well as spread within a network and drop ransomware, particularly Ryuk.

What is proofpoint used for?

Proofpoint delivers the most effective unified solution to protect your people and critical data from advanced email threats. Our complete, extensible email security platform blocks malware and non-malware email threats, such as email fraud—also known as business email compromise (BEC)—using our Advanced BEC Defense.

What targeted attacks?

A targeted attack refers to a type of threat in which threat actors actively pursue and compromise a target entity’s infrastructure while maintaining anonymity. These attackers have a certain level of expertise and have sufficient resources to conduct their schemes over a long-term period.

Who is indrik spider?

Indrik Spider is a Russia-based cybercriminal group that as been active since at least 2014. Indrik Spider initially started with the Dridex banking Trojan, and then by 2017 they began running ransomware operations using BitPaymer, WastedLocker, and Hades ransomware.

What is wicked panda?

Wicked Panda is a prolific cyber threat group that carries out Chinese state-sponsored espionage activity. They also carry out financially motivated activity often outside of state control. Wicked Panda typically employs spear-phishing emails with malicious attachments for the initial compromise of an attack.

Is TrickBot a spyware?

Spyware. TrickBot focuses on stealing banking information. TrickBot typically spreads via malicious spam campaigns. It can also spread laterally using the EternalBlue exploit (MS17-010).

What can TrickBot do?

Who uses Proofpoint?

Who uses Proofpoint?

Company Federal Emergency Management Agency
Revenue 200M-1000M
Company Size 1000-5000
Company Lorven Technologies
Website lorventech.com