Dyre

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Dyre, also known as Dyreza or Dyzap, is a banking Trojan that was initially designed to monitor online banking transactions with the aim of stealing passwords, money, or both. It first emerged in 2009 and 2010, targeting victim bank accounts held at various U.S.-based financial institutions. These initial attacks were linked to Kovalev, who was later indicted for conspiracy to commit bank fraud and eight counts of bank fraud. The Dyre malware subsequently evolved into a more sophisticated form of malicious software, impacting non-Russian businesses. In 2016, security researchers identified TrickBot, an evolution of the Dyre malware. TrickBot started as a banking trojan but soon expanded its capabilities, providing its operators with a full suite of tools to conduct illegal cyber activities. Over time, it became a vector for Conti and Ryuk ransomware, causing widespread disruption. The same year, authorities connected a raid on Moscow offices to a crackdown on the Dyre malware, leading to significant disruption of a top cybercrime ring. By 2020, the threat posed by TrickBot had grown significantly, prompting U.S. Cyber Command to mount an operation to disrupt the botnet ahead of the American presidential election to prevent potential ransomware attacks on state or local voter registration offices. Despite these efforts, traces of the old Dyre code could still be seen in the TrickBot bot, indicating a correlation between the two. The TrickBot malware has since continued to evolve, using similar but slightly modified versions of the old Dyre command and control decryption routines.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Dyreza
5
Dyreza, also known as Dyre, is a sophisticated banking trojan malware that has garnered significant attention over the past several years. This malicious software is designed to exploit and damage computer systems, often infecting them through suspicious downloads, emails, or websites without user k
Trickloader
1
TrickLoader is a malicious software (malware) that exploits and damages computer systems, often infiltrating through suspicious downloads, emails, or websites. It is designed to steal personal information, disrupt operations, or hold data hostage for ransom. Upon initial inspection of TrickLoader, i
Dyzap
1
None
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Trojan
Malware
Ransomware
Cybercrime
Encryption
Botnet
Dropper
Banking
Proxy
Fraud
Loader
Bot
Payload
Spam
Windows
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
TrickBotUnspecified
7
TrickBot is a notorious form of malware that infiltrates systems to exploit and damage them, often through suspicious downloads, emails, or websites. Once it has breached a system, TrickBot can steal personal information, disrupt operations, and even hold data hostage for ransom. It has been linked
ContiUnspecified
2
Conti is a type of malware, specifically ransomware, known for its ability to disrupt operations, steal personal information, and hold data hostage for ransom. The malicious software infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. It has been used in
RyukUnspecified
2
Ryuk is a sophisticated malware, specifically a ransomware variant, that has been extensively used by cybercriminal group ITG23. The group has been employing crypting techniques for several years to obfuscate their malware, with Ryuk often seen in tandem with other malicious software such as Trickbo
CutwailUnspecified
1
Cutwail is a notorious malware that has been associated with various botnets, including Necurs, Andromeda, and Dridex, at different stages of their lifecycle. It has been implicated in the distribution of malicious payloads such as IcedID, Gozi, and Pushdo, often using crypters like Hexa, Forest, Sn
DridexUnspecified
1
Dridex is a well-known malware, specifically a banking Trojan, that has been utilized by cybercriminals to exploit and damage computer systems. The malware infiltrates systems through dubious downloads, emails, or websites, often unbeknownst to the user, and can steal personal information, disrupt o
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Trickbot GroupUnspecified
2
The Trickbot Group, also known as ITG23, Wizard Spider, and DEV-0193, is a threat actor group notorious for its malicious activities. The group has been consistently analyzed by IBM Security X-Force researchers due to their development and use of several crypters. In the fall of 2020, efforts were m
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Trickbot (TrickloaderUnspecified
1
None
Source Document References
Information about the Dyre Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
8 months ago
TrickBot Developer Pleads Guilty in US Court
CERT-EU
8 months ago
TrickBot Developer Pleads Guilty in US Court | #cybercrime | #infosec | National Cyber Security Consulting
BankInfoSecurity
8 months ago
TrickBot Developer Pleads Guilty in US Court
CERT-EU
10 months ago
Update: Indictment of TrickBot/Conti Ransomware Group Members
CERT-EU
a year ago
UK sanctions members of the Russian cybercrime gang Conti
CERT-EU
a year ago
11 alleged Conti criminals hit with UK and US sanctions | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
a year ago
US, UK sanction more Russians linked to Trickbot crime gang
MITRE
a year ago
Ransomware Activity Targeting the Healthcare and Public Health Sector | CISA
MITRE
a year ago
TrickBot: We Missed you, Dyre
MITRE
a year ago
Tricks of the Trade: A Deeper Look Into TrickBot's Machinations
MITRE
a year ago
Notes from SophosLabs: Dyreza, the malware that discriminates against old computers
MITRE
a year ago
Stopping Serial Killer: Catching the Next Strike - Check Point Research
BAE Systems
a year ago
Peering into Dyre's Traffic
BAE Systems
a year ago
A Bumper Harvest - Cryptolocker Address Book Theft
CERT Polska
a year ago
Detricking TrickBot Loader
Krebs on Security
a year ago
U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group
Securityaffairs
a year ago
US and UK sanctioned seven Russian members of Trickbot gang
Malwarebytes
a year ago
TrickBot gang members sanctioned after pandemic ransomware attacks