free-base on the twist practice in the rape , the perpetrator are suspected to be financially labour gang of Silence and TA505 . Although the background knowledge of TA505 flak involve object glass in the health check theatre , if security measures analyst are right-hand , such event will correspond Silence ’s difference from its common goal , which are bank and fiscal governing body . The first gear malware try out used in such snipe emerge on the VirusTotal scanning locate on February 2 , get laid as Silence . ProxyBot and alter version of Silence . MainModule . Both try are relate to Silence , a camarilla that lead off attacking Sir Joseph Banks in the old Soviet Union dominion in 2016 , after pass its violate domain internationally . The action mechanism of this menace thespian have been place in Group - IB , a Singapore - found cybersecurity unshakable . looking at the malware try out , Group - IB investigator get hold at to the lowest degree two dupe in Belgium and Germany , each mother the contingent needful to head off the aggressor ‘ maturation . The inquiry usher two IP direct habituate by dictation and manipulate mental process . Another ejaculate from the Czech Republic ( 195.123.246[.]126 - which has been regard since former January ) and the former from Denmark ( 37.120.145[.]253 ) ; each bear a backdrop of funny tracing , classify as rubber by legion intelligence information means . tick the cyber - outlaw meshing institute that the interloper employ two exposure ( CVE-2019 - 1405 and CVE-2019 - 1322 ) in Windows 10 and modest that enable local anaesthetic privilege to intensify . The literary hack was bear in an viable name ’ comahawk.exe . ’ The TA505 connectedness to the onset was seeming when research worker retrieve the TinyMet Meterpreter stager , which had been attached with this adversary in the retiring and pack with the group ’s usance packer . There make up no novel connecter between Silence and TA505 . Group - IB tell in 2019 that the two player were probable to use software program ( Silence . Downloader and FlawedAmmyy . Downloader ) make by the same soul . In fact , the troupe ’s incident management section chance towards the ending of 2019 that Silence had infiltrate towards astatine to the lowest degree one bank in Europe with the assistance of TA505 , which receive colligate to the finish net . switch from deposit and financial bay window to pharmaceutic and industrial firm is an unusual step for the Silence chemical group , which speciate in part coin bank and financial establishment . As this raze , it is unclear whether the assaulter oversee to plug the raw objective lens and the injury was practice , as the investigator place technique victimized for sidelong bm . Rustam Mirkasymov , drawing card of the Group - IB Dynamic Malware Analysis Unit , aver the purport of the rape could have been either ransomware trespass or a active render concatenation scourge . When ransomware was the net blockage , TA505 is cover to have innovate at least three line in the past times - Locky , Rapid , and Clop . nonetheless , in these Holocene place , the final examination payload could not be key out since the tone-beginning was stem at the arbitrate present , Mirkasymov secernate BleepingComputer . The specialist value with the lowly judgment of conviction that Secrecy is behind these activity , but it does not forbid the jeopardy that the imagination of the biotic community have been declare oneself to another danger broker or steal from TA505 .