Tzw

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
TZW is a new strain of the Adhubllka ransomware family, which was first identified in January 2020 but had already been active since the previous year. This revelation came from researchers at Netenrich, a security and operations analytics firm, in a blog post published this week. TZW's identification as an offshoot of Adhubllka proved challenging due to the relatively small ransom demands typically made by the group, ranging from $800 to $1,600. The attribution of TZW to the Adhubllka family was further supported by an additional sentence found in the ransom note - "the server with your decryptor is in a closed network Tor". This phrase was only observed in two new Adhubllka variants: TZW and U2K. The study conducted by Netenrich delved into the lineage of various ransomware variants, including LOLKEK, BIT, OBZ, U2K, and TZW. Despite its elusive nature, TZW has been detected by multiple engines previously. However, these detections were complicated by the presence of traces of other malware, such as CryptoLocker, within the samples. This complexity underscores the sophisticated techniques employed by the creators of TZW, making it a significant threat to cybersecurity.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
U2k
3
U2K is a malicious software (malware) that poses significant threats to computer systems and devices. It infiltrates through suspicious downloads, emails, or websites, often unbeknownst to the user, and can cause substantial damage by stealing personal information, disrupting operations, or holding
Adhubllka
2
Adhubllka is a malware that has been active since at least 2019, but it gained more attention in January 2020. It has been used by threat group TA547 in campaigns targeting various sectors of Australia in 2020. Over the years, many samples of Adhubllka have been misclassified or mistagged into other
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Ransom
Tor
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
cryptolockerUnspecified
2
CryptoLocker is a type of malware, specifically ransomware, that emerged as a significant threat to cybersecurity worldwide. This malicious software infiltrated systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, CryptoLocker encrypted user
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Tzw Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
InfoSecurity-magazine
a year ago
New Study Sheds Light on ADHUBLLKA Ransomware Network
CERT-EU
7 months ago
Literka I w LLM oznacza Inteligencję :-) Zobaczcie na zgłoszenie bug bounty do curla wygenerowane w AI. Oraz reakcję autora narzędzia.
CERT-EU
a year ago
Ataki typu web shell po raz pierwszy w historii najpopularniejszym cyberzagrożeniem
CERT-EU
a year ago
Ransomware With an Identity Crisis Targets Small Businesses, Individuals
DARKReading
a year ago
Ransomware With an Identity Crisis Targets Small Businesses, Individuals