URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader

As ransomware and banking trojans captured the interest – and profits – of the world with their destructive routines, cybersecurity practitioners have repeatedly published online and offline how cybercriminals have compartmentalized their schemes through exchange of information and banded professional organizations.

As a more concrete proof of the way these symbiotic relationships and work flows intersect, we discovered a connection between EMOTETURSNIFDRIDEX and BitPaymer from open source information and the loaders of the samples we had, functioning as if tasks were divided among different developers and operators.

Read more…
Source: Trend Micro