Dyre

Malware Profile Updated 13 days ago
Download STIX
Preview STIX
Dyre, also known as Dyreza or Dyzap, is a banking Trojan that was initially designed to monitor online banking transactions with the aim of stealing passwords, money, or both. It first emerged in 2009 and 2010, targeting victim bank accounts held at various U.S.-based financial institutions. These initial attacks were linked to Kovalev, who was later indicted for conspiracy to commit bank fraud and eight counts of bank fraud. The Dyre malware subsequently evolved into a more sophisticated form of malicious software, impacting non-Russian businesses. In 2016, security researchers identified TrickBot, an evolution of the Dyre malware. TrickBot started as a banking trojan but soon expanded its capabilities, providing its operators with a full suite of tools to conduct illegal cyber activities. Over time, it became a vector for Conti and Ryuk ransomware, causing widespread disruption. The same year, authorities connected a raid on Moscow offices to a crackdown on the Dyre malware, leading to significant disruption of a top cybercrime ring. By 2020, the threat posed by TrickBot had grown significantly, prompting U.S. Cyber Command to mount an operation to disrupt the botnet ahead of the American presidential election to prevent potential ransomware attacks on state or local voter registration offices. Despite these efforts, traces of the old Dyre code could still be seen in the TrickBot bot, indicating a correlation between the two. The TrickBot malware has since continued to evolve, using similar but slightly modified versions of the old Dyre command and control decryption routines.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Dyreza
5
Dyreza, also known as Dyre, is a sophisticated banking trojan malware that has garnered significant attention over the past several years. This malicious software is designed to exploit and damage computer systems, often infecting them through suspicious downloads, emails, or websites without user k
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Trojan
Malware
Encryption
Cybercrime
Botnet
Ransomware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
TrickBotUnspecified
7
TrickBot is a notorious malware that has been linked to numerous cybercrimes. This malicious software, designed to exploit and damage computers or devices, can infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal informat
ContiUnspecified
2
Conti is a malware program known for its disruptive capabilities, including stealing personal information and holding data hostage for ransom. It gained notoriety as part of the arsenal of ITG23, a cybercrime group that used it in conjunction with other malicious software like Trickbot, BazarLoader,
RyukUnspecified
2
Ryuk is a type of malware, specifically ransomware, that has been used extensively by the group ITG23. The group has been encrypting their malware for several years, using crypters with malware such as Trickbot, Emotet, Cobalt Strike, and Ryuk. In 2019, most ransomware investigations were linked to
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Trickbot GroupUnspecified
2
The Trickbot Group, also known as ITG23, Wizard Spider, and DEV-0193, is a threat actor group notorious for its malicious activities. The group has been consistently analyzed by IBM Security X-Force researchers due to their development and use of several crypters. In the fall of 2020, efforts were m
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Dyre Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
TrickBot: We Missed you, Dyre
MITRE
a year ago
Tricks of the Trade: A Deeper Look Into TrickBot's Machinations
BAE Systems
a year ago
Peering into Dyre's Traffic
Krebs on Security
a year ago
U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group
MITRE
a year ago
Stopping Serial Killer: Catching the Next Strike - Check Point Research
Malwarebytes
a year ago
TrickBot gang members sanctioned after pandemic ransomware attacks
MITRE
a year ago
Ransomware Activity Targeting the Healthcare and Public Health Sector | CISA
CERT Polska
a year ago
Detricking TrickBot Loader
BAE Systems
a year ago
A Bumper Harvest - Cryptolocker Address Book Theft
Securityaffairs
a year ago
US and UK sanctioned seven Russian members of Trickbot gang
MITRE
a year ago
Notes from SophosLabs: Dyreza, the malware that discriminates against old computers
CERT-EU
6 months ago
TrickBot Developer Pleads Guilty in US Court | #cybercrime | #infosec | National Cyber Security Consulting
CERT-EU
5 months ago
TrickBot Developer Pleads Guilty in US Court
CERT-EU
8 months ago
UK sanctions members of the Russian cybercrime gang Conti
CERT-EU
8 months ago
US, UK sanction more Russians linked to Trickbot crime gang
CERT-EU
8 months ago
11 alleged Conti criminals hit with UK and US sanctions | #ransomware | #cybercrime | National Cyber Security Consulting
BankInfoSecurity
6 months ago
TrickBot Developer Pleads Guilty in US Court
CERT-EU
8 months ago
Update: Indictment of TrickBot/Conti Ransomware Group Members