ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Kelihos

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Kelihos

NamesKelihos
Waledac
Hlux
CategoryMalware
TypeBotnet, Downloader
Description(CrowdStrike) For several years, pump-and-dump stock scams, dating ruses, credential phishing, money mule recruitment and rogue online pharmacy advertisements were the most common spam themes. In 2017, however, Kelihos was frequently used to spread other malware such as Luminosity RAT, Zyklon HTTP, Neutrino, Nymaim, Gozi ISFB, Zeus Panda, Kronos, and TrickBot. It was also observed spreading ransomware families including Shade, Cerber, and FileCrypt2.
Information<https://www.crowdstrike.com/blog/farewell-to-kelihos-and-zombie-spider/>
<https://www.crowdstrike.com/blog/inside-the-takedown-of-zombie-spider-and-the-kelihos-botnet/>
<https://www.wired.com/2017/04/fbi-took-russias-spam-king-massive-botnet/>
<https://www.cyberscoop.com/doj-kelihos-botnet-peter-levashov-severa/>
<https://en.wikipedia.org/wiki/Kelihos_botnet>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.kelihos>
<https://malpedia.caad.fkie.fraunhofer.de/details/win.hlux>

Last change to this tool card: 16 May 2020

Download this tool card in JSON format

Previous: Kegotip
Next: Kerberoast

All groups using tool Kelihos

ChangedNameCountryObserved

Other groups

 Zombie SpiderRussia2010-Apr 2017X

1 group listed (0 APT, 1 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key