1. Home
  2. Software
  3. Moneybird

Moneybird

Moneybird is a ransomware variant written in C++ associated with Agrius operations. The name "Moneybird" is contained in the malware's ransom note and as strings in the executable.[1]

ID: S1137
Type: MALWARE
Platforms: Windows
Version: 1.0
Created: 22 May 2024
Last Modified: 29 August 2024
Version Permalink
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1486 Data Encrypted for Impact

Moneybird targets a common set of file types such as documents, certificates, and database files for encryption while avoiding executable, dynamic linked libraries, and similar items.[1]
Enterprise T1027 .009 Obfuscated Files or Information: Embedded Payloads

Moneybird contains a configuration blob embedded in the malware itself.[1]

Groups That Use This Software

ID Name References
G1030 Agrius

Moneybird is associated with ransomware operations launched by Agrius.[1]

References

  1. Marc Salinas Fernandez & Jiri Vinopal. (2023, May 23). AGRIUS DEPLOYS MONEYBIRD IN TARGETED ATTACKS AGAINST ISRAELI ORGANIZATIONS. Retrieved May 21, 2024.