Dyre

Malware updated 7 months ago (2024-05-04T18:19:50.827Z)
Download STIX
Preview STIX
Dyre, also known as Dyreza or Dyzap, is a banking Trojan that was initially designed to monitor online banking transactions with the aim of stealing passwords, money, or both. It first emerged in 2009 and 2010, targeting victim bank accounts held at various U.S.-based financial institutions. These initial attacks were linked to Kovalev, who was later indicted for conspiracy to commit bank fraud and eight counts of bank fraud. The Dyre malware subsequently evolved into a more sophisticated form of malicious software, impacting non-Russian businesses. In 2016, security researchers identified TrickBot, an evolution of the Dyre malware. TrickBot started as a banking trojan but soon expanded its capabilities, providing its operators with a full suite of tools to conduct illegal cyber activities. Over time, it became a vector for Conti and Ryuk ransomware, causing widespread disruption. The same year, authorities connected a raid on Moscow offices to a crackdown on the Dyre malware, leading to significant disruption of a top cybercrime ring. By 2020, the threat posed by TrickBot had grown significantly, prompting U.S. Cyber Command to mount an operation to disrupt the botnet ahead of the American presidential election to prevent potential ransomware attacks on state or local voter registration offices. Despite these efforts, traces of the old Dyre code could still be seen in the TrickBot bot, indicating a correlation between the two. The TrickBot malware has since continued to evolve, using similar but slightly modified versions of the old Dyre command and control decryption routines.
Description last updated: 2024-05-04T18:08:11.451Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Dyreza is a possible alias for Dyre. Dyreza, also known as Dyre, is a sophisticated banking trojan malware that has garnered significant attention over the past several years. This malicious software is designed to exploit and damage computer systems, often infecting them through suspicious downloads, emails, or websites without user k
5
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Trojan
Malware
Encryption
Cybercrime
Botnet
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The TrickBot Malware is associated with Dyre. TrickBot is a notorious malware developed by cybercriminals to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. This malicious software can steal personal information, disrupt operations, or even hold data hostage for ransom. Vladimir Dunaev,Unspecified
7
The Conti Malware is associated with Dyre. Conti is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. Often spreading through suspicious downloads, emails, or websites, it can steal personal information, disrupt operations, or hold data hostage for ransom. Notably, Conti was linked to several raUnspecified
2
The Ryuk Malware is associated with Dyre. Ryuk is a type of malware known as ransomware, which has been utilized by the threat group ITG23 for several years. This group has been notorious for crypting their malware, with crypters seen in use with other malware such as Trickbot, Emotet, Cobalt Strike, and Ryuk. In 2019, most ransomware invesUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Trickbot Group Threat Actor is associated with Dyre. The Trickbot Group, also known as ITG23, Wizard Spider, or DEV-0193, is a cybercriminal entity notorious for its malicious activities. This threat actor group has been linked to Russian intelligence services and primarily targets non-Russian entities, including financial institutions and hospitals, Unspecified
2
Source Document References
Information about the Dyre Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
a year ago
CERT-EU
a year ago
BankInfoSecurity
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
BAE Systems
2 years ago
BAE Systems
2 years ago
CERT Polska
2 years ago
Krebs on Security
2 years ago
Securityaffairs
2 years ago
Malwarebytes
2 years ago