Lurk is a Russian cybercrime group associated with the Lurk banking trojan and linked in the provided content to the Angler exploit kit. The group is described as one of the early actors conducting targeted attacks on Russian banks beginning in 2013, alongside Anunak, Corkow, and Buhtrap. The content also states that payloads delivered by early Angler-related activity in 2013 and by the Angler "indexm" variant in 2015 were most probably Lurk malware, and that British authorities believed associates of Zain Qaiser were members of the Lurk gang, which they described as responsible for creating the Lurk banking trojan and the Angler exploit kit. The group is further described as having stolen more than $45 million from local banks, and the content references the arrest of 50 suspects in an investigation into the Lurk gang in 2016. Known alias in the provided content: lurk.
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.
Geographies tied to known operations.
3 malware families attributed to this actor across reporting.
4 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Named as one of the early groups conducting attacks on Russian banks and financial institutions.
A Russian cybercrime group associated with Zain Qaiser's Reveton distribution scheme and described as responsible for creating the Lurk banking trojan and operating the Angler exploit kit.
Cybercriminal group involved in large-scale theft from banks and other organizations; associated with infected computer networks and suspected trojanized distribution via a compromised legitimate remote admin software site.
Referenced as the likely payload delivered by early Angler EK instances, including campaigns against Ukrainian targets.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.