ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool URLZone

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: URLZone

NamesURLZone
Bebloh
Shiotob
CategoryMalware
TypeBanking trojan, Info stealer, Credential stealer
Description(FireEye) URLZone is a banking trojan. It downloads a configuration file that contains information on targeted financial institutions, and uses web injection techniques to steal a user’s banking credentials.
Information<https://www.fireeye.com/blog/threat-research/2016/01/urlzone_zones_inon.html>
<https://www.gdatasoftware.com/blog/2013/12/23978-bebloh-a-well-known-banking-trojan-with-noteworthy-innovations>
<https://www.johannesbader.ch/2015/01/the-dga-of-shiotob/>
<https://www.proofpoint.com/us/threat-insight/post/Vawtrak-UrlZone-Banking-Trojans-Target-Japan>
<https://www.arbornetworks.com/blog/asert/an-update-on-the-urlzone-banker/>
<https://www.cybereason.com/blog/new-ursnif-variant-targets-japan-packed-with-new-features>
<https://www.crowdstrike.com/blog/cutwail-spam-campaign-uses-steganography-to-distribute-urlzone/>
<https://www.virusbulletin.com/virusbulletin/2012/09/urlzone-reloaded-new-evolution/>
<http://blog.inquest.net/blog/2019/03/09/Analyzing-Sophisticated-PowerShell-Targeting-Japan/>
<https://krebsonsecurity.com/2011/07/trojan-tricks-victims-into-transfering-funds/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.urlzone>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:urlzone>

Last change to this tool card: 13 May 2020

Download this tool card in JSON format

All groups using tool URLZone

ChangedNameCountryObserved

Other groups

 Bamboo Spider, TA544[Unknown]2016-May 2020X

1 group listed (0 APT, 1 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key