VERY IMPORTANT

As a mature and exclusive Ransomware-as-a-Service (RaaS) platform, Egregor poses a serious threat to both public and private organizations. Not only is it supported by seasoned cybercriminal software developers, but it also caters to experienced affiliates who effectively target and compromise organizations, executing enterprise-wide deployment to maximize the monetization of their efforts. Egregor operators are known to exploit vulnerable and internet-accessible RDP gateways and phish victims with targeted, convincing lures. They also commonly deploy Egregor through Qakbot (Qbot), Ursnif (Gozi/ISFB), IcedID (Bakbot) infostealer/loader hybrid Trojan malware. Cobalt Strike has also been used to deliver Egregor in select instances.