Dyreza

Malware updated 4 months ago (2024-05-04T22:18:56.323Z)

Download STIX

Preview STIX

Dyreza, also known as Dyre, is a sophisticated banking trojan malware that has garnered significant attention over the past several years. This malicious software is designed to exploit and damage computer systems, often infecting them through suspicious downloads, emails, or websites without user knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. The malware's core functionality involves randomly selecting an address from a hard-coded pool stored in one of its resources (an AES encrypted DLL), which serves as a command and control (C&C) center. Additionally, Dyreza creates files in a TEMP folder to serve as a small database where it stores information before sending it to the C&C. The evolution of Dyreza has been closely monitored by security researchers since its initial identification. In 2016, a variant of this banking trojan, known as TrickBot, was first identified. Over time, TrickBot evolved into a vector for Conti and Ryuk ransomware, two potent strains of malware that encrypt victims' files and demand a ransom for their release. This Moscow-based cybercriminal operation has demonstrated professional-level development skills, creating an eclectic mix of harmful software that poses serious threats to digital security. In response to the growing threat posed by these malware variants, U.S. Cyber Command launched an operation in 2020 to disrupt the TrickBot botnet ahead of the American presidential election. This preemptive measure was taken to prevent potential ransomware attacks on state or local voter registration offices. Despite these efforts, the Dyreza and TrickBot malware continue to pose significant cybersecurity challenges, necessitating ongoing vigilance and robust defensive measures.

Description last updated: 2024-05-04T21:45:01.161Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Dyre	5	Dyre, also known as Dyreza or Dyzap, is a banking Trojan that was initially designed to monitor online banking transactions with the aim of stealing passwords, money, or both. It first emerged in 2009 and 2010, targeting victim bank accounts held at various U.S.-based financial institutions. These i
TrickBot	3	TrickBot is a notorious malware that has been used extensively by cybercriminals to exploit and damage computer systems. It operates as a crimeware-as-a-service platform, infecting systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can stea

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Trojan

Botnet

Ransomware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Conti	Unspecified	2	Conti is a notorious malware and ransomware operation that has caused significant damage to computer systems worldwide. The Conti group, believed to have around 200 employees, operated like a regular business, with internal communications revealing the organization's structure and operations. It was
Ryuk	Unspecified	2	Ryuk is a type of malware known as ransomware, which has been utilized by the threat group ITG23 for several years. This group has been notorious for crypting their malware, with crypters seen in use with other malware such as Trickbot, Emotet, Cobalt Strike, and Ryuk. In 2019, most ransomware inves

Source Document References

Information about the Dyreza Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	9 months ago	TrickBot Developer Pleads Guilty in US Court
CERT-EU	9 months ago	TrickBot Developer Pleads Guilty in US Court \| #cybercrime \| #infosec \| National Cyber Security Consulting
BankInfoSecurity	9 months ago	TrickBot Developer Pleads Guilty in US Court
BAE Systems	2 years ago	Peering into Dyre's Traffic
Malwarebytes	2 years ago	TrickBot gang members sanctioned after pandemic ransomware attacks
MITRE	2 years ago	A Technical Look At Dyreza \| Malwarebytes Labs