Dyre

Malware updated 5 months ago (2024-05-04T18:19:50.827Z)
Download STIX
Preview STIX
Dyre, also known as Dyreza or Dyzap, is a banking Trojan that was initially designed to monitor online banking transactions with the aim of stealing passwords, money, or both. It first emerged in 2009 and 2010, targeting victim bank accounts held at various U.S.-based financial institutions. These initial attacks were linked to Kovalev, who was later indicted for conspiracy to commit bank fraud and eight counts of bank fraud. The Dyre malware subsequently evolved into a more sophisticated form of malicious software, impacting non-Russian businesses. In 2016, security researchers identified TrickBot, an evolution of the Dyre malware. TrickBot started as a banking trojan but soon expanded its capabilities, providing its operators with a full suite of tools to conduct illegal cyber activities. Over time, it became a vector for Conti and Ryuk ransomware, causing widespread disruption. The same year, authorities connected a raid on Moscow offices to a crackdown on the Dyre malware, leading to significant disruption of a top cybercrime ring. By 2020, the threat posed by TrickBot had grown significantly, prompting U.S. Cyber Command to mount an operation to disrupt the botnet ahead of the American presidential election to prevent potential ransomware attacks on state or local voter registration offices. Despite these efforts, traces of the old Dyre code could still be seen in the TrickBot bot, indicating a correlation between the two. The TrickBot malware has since continued to evolve, using similar but slightly modified versions of the old Dyre command and control decryption routines.
Description last updated: 2024-05-04T18:08:11.451Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Dyreza is a possible alias for Dyre. Dyreza, also known as Dyre, is a sophisticated banking trojan malware that has garnered significant attention over the past several years. This malicious software is designed to exploit and damage computer systems, often infecting them through suspicious downloads, emails, or websites without user k
5
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Trojan
Malware
Encryption
Cybercrime
Botnet
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The TrickBot Malware is associated with Dyre. TrickBot is a notorious malware that has been used extensively by cybercriminals to exploit and damage computer systems. It operates as a crimeware-as-a-service platform, infecting systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steaUnspecified
7
The Conti Malware is associated with Dyre. Conti is a notorious type of malware, specifically ransomware, that infiltrates computer systems to steal data and disrupt operations. The malicious software often spreads through suspicious downloads, emails, or websites, and once inside, it can hold data hostage for ransom. The Conti ransomware opUnspecified
2
The Ryuk Malware is associated with Dyre. Ryuk is a type of malware known as ransomware, which has been utilized by the threat group ITG23 for several years. This group has been notorious for crypting their malware, with crypters seen in use with other malware such as Trickbot, Emotet, Cobalt Strike, and Ryuk. In 2019, most ransomware invesUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Trickbot Group Threat Actor is associated with Dyre. The Trickbot Group, also known as ITG23, Wizard Spider, and DEV-0193, is a threat actor group notorious for its malicious activities. The group has been consistently analyzed by IBM Security X-Force researchers due to their development and use of several crypters. In the fall of 2020, efforts were mUnspecified
2
Source Document References
Information about the Dyre Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
10 months ago
CERT-EU
a year ago
BankInfoSecurity
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
BAE Systems
2 years ago
BAE Systems
2 years ago
CERT Polska
2 years ago
Krebs on Security
2 years ago
Securityaffairs
2 years ago
Malwarebytes
2 years ago