Tzw

Malware updated 5 days ago (2024-11-29T13:36:50.648Z)

Download STIX

Preview STIX

TZW is a new strain of the Adhubllka ransomware family, which was first identified in January 2020 but had already been active since the previous year. This revelation came from researchers at Netenrich, a security and operations analytics firm, in a blog post published this week. TZW's identification as an offshoot of Adhubllka proved challenging due to the relatively small ransom demands typically made by the group, ranging from $800 to $1,600. The attribution of TZW to the Adhubllka family was further supported by an additional sentence found in the ransom note - "the server with your decryptor is in a closed network Tor". This phrase was only observed in two new Adhubllka variants: TZW and U2K. The study conducted by Netenrich delved into the lineage of various ransomware variants, including LOLKEK, BIT, OBZ, U2K, and TZW. Despite its elusive nature, TZW has been detected by multiple engines previously. However, these detections were complicated by the presence of traces of other malware, such as CryptoLocker, within the samples. This complexity underscores the sophisticated techniques employed by the creators of TZW, making it a significant threat to cybersecurity.

Description last updated: 2024-05-04T18:28:57.787Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
U2k is a possible alias for Tzw. U2K is a malicious software (malware) that poses significant threats to computer systems and devices. It infiltrates through suspicious downloads, emails, or websites, often unbeknownst to the user, and can cause substantial damage by stealing personal information, disrupting operations, or holding	3
Adhubllka is a possible alias for Tzw. Adhubllka is a malware that has been active since at least 2019, but it gained more attention in January 2020. It has been used by threat group TA547 in campaigns targeting various sectors of Australia in 2020. Over the years, many samples of Adhubllka have been misclassified or mistagged into other	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Ransom

Tor

Malware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The cryptolocker Malware is associated with Tzw. CryptoLocker is a type of malware known as ransomware that emerged as a significant cybersecurity threat. This malicious software infects systems through suspicious downloads, emails, or websites and then encrypts the user's documents, demanding a ransom for their recovery. It has been described as	Unspecified	2

Source Document References

Information about the Tzw Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
InfoSecurity-magazine	a year ago	New Study Sheds Light on ADHUBLLKA Ransomware Network
CERT-EU	a year ago	Literka I w LLM oznacza Inteligencję :-) Zobaczcie na zgłoszenie bug bounty do curla wygenerowane w AI. Oraz reakcję autora narzędzia.
CERT-EU	2 years ago	Ataki typu web shell po raz pierwszy w historii najpopularniejszym cyberzagrożeniem
CERT-EU	a year ago	Ransomware With an Identity Crisis Targets Small Businesses, Individuals
DARKReading	a year ago	Ransomware With an Identity Crisis Targets Small Businesses, Individuals