ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Necurs

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Necurs

NamesNecurs
nucurs
CategoryMalware
TypeBotnet, Downloader
Description(Blueliv) It affects mainly Asian and European countries, but with more than 1.5 million infected computers, it also has active bots across almost every continent. The current number of related bots online is about 1,350,000, but each day more users are infected.
Necurs is modular malware with a lot of features, but it is mainly known for sending large spam campaigns via email. This large botnet is actually formed by 7 smaller botnets put together using the same malware.
Blueliv’s Threat Intelligence Lab team has performed a deep and detailed malware-reversal analysis on Necurs.
Information<https://www.blueliv.com/necurs-one-of-the-worlds-biggest-botnets-today/>
<https://blog.avast.com/botception-with-necurs-botnet-distributes-script-with-bot-capabilities-avast-threat-labs>
<https://www.bitsighttech.com/blog/necurs-proxy-module-with-ddos-features>
<http://blog.talosintelligence.com/2017/03/necurs-diversifies.html>
<https://www.blueliv.com/wp-content/uploads/2018/07/Blueliv-Necurs-report-2017.pdf>
<https://blog.trendmicro.com/trendlabs-security-intelligence/necurs-evolves-to-evade-spam-detection-via-internet-shortcut-file/>
<https://www.trustwave.com/Resources/SpiderLabs-Blog/Necurs-Recurs/>
<https://blog.trendmicro.com/trendlabs-security-intelligence/the-new-face-of-necurs-noteworthy-changes-to-necurs-behaviors>
<https://cofense.com/necurs-targeting-banks-pub-file-drops-flawedammyy/>
<https://www.cert.pl/en/news/single/necurs-hybrid-spam-botnet/>
<https://en.wikipedia.org/wiki/Necurs_botnet>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.necurs>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:Necurs>

Last change to this tool card: 14 May 2020

Download this tool card in JSON format

All groups using tool Necurs

ChangedNameCountryObserved

Other groups

 Monty SpiderRussia2012-Mar 2020X

1 group listed (0 APT, 1 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key