Operation Tetrade

The Tetrade Campaign consisted of four banking trojan families which attacked users located across the world. The malware is attributed to criminals located in Brazil and have been on the threat landscape since at least 2015. The malicious software, labeled as Guildma, Javali, Melcoz, and Grandoreiro, used a range of techniques for defense evasion including anti-debugging, anti-virtualization, obfuscation, DLL side-loading, DGA's, and BITS jobs. The malware was distributed through phishing emails with either malicious links or attachments and also hosted on websites either compromised or controlled by the threat actor.