Diving Into Buhtrap Banking Trojan Activity

November 21, 2016 Curt Wilson

Cyphort recently published an article about the Buhtrap banking trojan [https://www.cyphort.com/banking-malware-buhtrap-caught-action/], targeting users of Russian and Ukrainian banks as reported in March of 2016 by Group-IB [http://www.group-ib.com/brochures/gib-buhtrap-report.pdf]. Cyphort’s insightful article analyzes the compromise chain from the website eurolab[.]ua, directing users via an apparently injected HTML script src attribute to rozhlas[.]site which served exploit code for […]


Previous Article
Analysis of CryptFile2 Ransomware Server

Download ASERT Threat Intelligence Report 2016-06 here This report describes several elements of a ransomwa...

Next Article
FlokiBot: A Flock of Bots?

In early October, Flashpoint released an analysis of an underground forum advertisement for a new malware f...