ID | Votes | Profile Description |
---|---|---|
Dcrat | 2 | DcRAT is a malicious software that has been used in various cyberattacks throughout 2023 and into 2024. The malware, distributed through fake OnlyFans content, deceptive Google Meet sites, and spoofed Skype and Zoom websites, downloads a DcRAT payload when users click on certain elements. This Remot |
ID | Type | Votes | Profile Description |
---|---|---|---|
Lokibot | Unspecified | 6 | LokiBot is a malicious software, or malware, that was first reported on October 24, 2020. It is designed to exploit and damage computer systems by infiltrating them through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, LokiBot steals personal information |
Redline | Unspecified | 5 | RedLine is a malware designed to exploit and damage computer systems by stealing personal information, disrupting operations, or even holding data hostage for ransom. It has been identified as a favorite infostealer among threat actors selling logs through the marketplace 2easy, which also sells Rac |
njRAT | Unspecified | 5 | NjRAT is a remote-access Trojan (RAT) that has been commonly used in both criminal and targeted attacks since as early as 2013. It is part of a suite of RATs used by attackers, including Remcos and AsyncRAT, to exploit and damage computer systems. NjRAT can identify remote hosts on connected network |
Xworm | Unspecified | 4 | XWorm is a multi-functional malware that provides threat actors with remote access capabilities, has the potential to spread across networks, exfiltrate sensitive data, and download additional payloads. It was observed exploiting ScreenConnect vulnerabilities, a client software used for remote syste |
Formbook | Unspecified | 3 | Formbook is a type of malware known for its ability to steal personal information, disrupt operations, and potentially hold data for ransom. The malware is commonly spread through suspicious downloads, emails, or websites, often without the user's knowledge. In June 2023, Formbook was observed being |
Raccoon | Unspecified | 2 | Raccoon is a highly potent and cost-effective Malware-as-a-Service (MaaS) primarily sold on dark web forums, used extensively by Scattered Spider threat actors to pilfer sensitive data. As per the "eSentire Threat Intelligence Malware Analysis: Raccoon Stealer v2.0" report published on August 31, 20 |
DarkComet | Unspecified | 2 | DarkComet is a Remote Access Trojan (RAT) that opens a backdoor on infected computers, allowing unauthorized access and data theft. This malware has been classified among the top five Command and Control (C2) families, indicating its widespread usage by cybercriminals. DarkComet, along with other es |
NanoCore | Unspecified | 2 | NanoCore is a notorious Remote Access Trojan (RAT) first discovered in 2013. It targets Windows operating system users and operates by opening a backdoor on an infected computer to steal information. NanoCore has maintained a top five position for six consecutive months, taking the third spot in Dec |
NETWIRE | Unspecified | 2 | NetWire is a type of malware, specifically a remote access trojan (RAT), that has been utilized for various malicious activities since at least 2014. Initially promoted as a legitimate tool for managing Windows computers remotely, NetWire was quickly adopted by cybercriminals and used in phishing at |
AsyncRAT | Unspecified | 2 | AsyncRAT is a malicious software (malware) designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Once the executable loads http_dll.dll, the DL |
TrickBot | Unspecified | 1 | TrickBot is a notorious form of malware that infiltrates systems to exploit and damage them, often through suspicious downloads, emails, or websites. Once it has breached a system, TrickBot can steal personal information, disrupt operations, and even hold data hostage for ransom. It has been linked |
Emotet | Unspecified | 1 | Emotet is a highly dangerous and insidious malware that has resurfaced with increased activity this summer. Originally distributed via email attachments, it infiltrates systems often without the user's knowledge, forming botnets under the control of criminals for large-scale attacks. Once infected, |
Avemaria/warzonerat | Unspecified | 1 | None |
Vidar | Unspecified | 1 | Vidar is a Windows-based malware written in C++, derived from the Arkei stealer, which is designed to infiltrate and exploit computer systems. It has been used alongside other malware variants such as Emotet, IcedID, CobaltStrike, SVCReady, CargoBay, Pushdo, Minodo, DiceLoader, AresLoader, LummaC2, |
Lockbit | Unspecified | 1 | LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt |
ZxShell | Unspecified | 1 | ZXShell is a malicious software (malware) that has been used by various cyber threat actors to exploit and damage computer systems. It is known to be associated with other malware such as PANDORA, SOGU, GHOST, WIDEBERTH, QUICKPULSE, FLOWERPOT, QIAC, Gh0st, Poison Ivy, BEACON, HOMEUNIX, STEW, among o |
QakBot | Unspecified | 1 | Qakbot is a potent malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information, disrupt operations, or e |
Privateloader | Unspecified | 1 | PrivateLoader is a notable malware that has been active since at least December 19, 2022. It acts as the first step in many malware schemes, often initiating an infection chain that leads to other malicious software. The malware can infiltrate systems through suspicious downloads, emails, or website |
Darkgate | Unspecified | 1 | DarkGate is a malicious software (malware) that poses significant threats to computer systems and data. It infiltrates systems through dubious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold your data hos |
Raccoon Stealer | Unspecified | 1 | Raccoon Stealer is a form of malware that was first identified in 2019. Developed by Russian-speaking coders and initially promoted on Russian-language hacking forums, the malicious software was designed to steal sensitive data from victims, including credit card information, email credentials, and |
Qbot | Unspecified | 1 | Qbot, also known as Qakbot or Pinkslipbot, is a modular information-stealing malware that emerged in 2007 as a banking trojan. Over the years, it has evolved into an advanced malware strain used by multiple cybercriminal groups to compromise networks and prepare them for ransomware attacks. The firs |
GuLoader | Unspecified | 1 | GuLoader is a type of malware that infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, it can steal personal information, disrupt operations, or even hold data hostage for ransom. GuLoader is encrypted with NSIS Crypter and has |
Redline Stealer | Unspecified | 1 | RedLine Stealer is a type of malware that has been causing significant disruption in the digital landscape. This malicious software infiltrates computer systems, often without the user's knowledge, via suspicious downloads, emails, or websites, and then proceeds to steal personal information, disrup |
Dotrunpex | Unspecified | 1 | DotRunpeX is a rapidly evolving and highly stealthy .NET injector malware that has gained significant attention from both security analysts and threat actors. It employs the "Process Hollowing" method to distribute a wide variety of other malware strains, including AgentTesla, ArrowRAT, AsyncRat, Av |
REvil | Unspecified | 1 | REvil is a notorious form of malware, specifically ransomware, that infiltrates systems to disrupt operations and steal data. The ransomware operates on a Ransomware as a Service (RaaS) model, which gained traction in 2020. In this model, REvil, like other first-stage malware such as Dridex and Goot |
Azorult | Unspecified | 1 | Azorult is a type of malware, or malicious software, that infiltrates systems to exploit and damage them, often without the user's knowledge. It has historically been one of the favored infostealers sold on the marketplace 2easy, alongside RedLine, Raccoon, Vidar, and Taurus. However, as of late Feb |
Maze | Unspecified | 1 | Maze is a type of malware, specifically ransomware, that gained notoriety in 2019 for its double extortion tactic. This malicious software infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Maze w |
ID | Type | Votes | Profile Description |
---|---|---|---|
TA2541 | Unspecified | 1 | TA2541, a cybercriminal threat actor identified by Proofpoint, has been actively executing malicious actions since January 2017. This group demonstrates persistent and ongoing threat activity, targeting sectors related to aviation, transportation, and travel. Unlike many similar entities, TA2541 doe |
Snake | Unspecified | 1 | Snake, also known as EKANS, is a significant threat actor that has been active since at least 2004, with its activities potentially dating back to the late 1990s. This group, which may have ties to Iran, targets diplomatic and government organizations as well as private businesses across various reg |
ID | Type | Votes | Profile Description |
---|---|---|---|
CVE-2021-40444 | Unspecified | 1 | None |
Netwire Privateloader | Unspecified | 1 | None |
Vidar Xworm | Unspecified | 1 | None |
Redline Remcos | Unspecified | 1 | None |
Asyncrat Avemaria/warzonerat | Unspecified | 1 | None |
Source | CreatedAt | Title |
---|---|---|
Checkpoint | 2 months ago | Inside the Box: Malware’s New Playground - Check Point Research |
SANS ISC | 3 months ago | Malicious PDF File Used As Delivery Mechanism - SANS Internet Storm Center |
BankInfoSecurity | 3 months ago | Steganography Campaign Targets Global Enterprises |
CERT-EU | 4 months ago | Cybercrime on Main Street – Sophos News | #cybercrime | #infosec | National Cyber Security Consulting |
CERT-EU | 4 months ago | Cybercrime on Main Street – Sophos News | #cybercrime | #computerhacker - Am I Hacker Proof |
CERT-EU | 5 months ago | Rise in Deceptive PDF: The Gateway to Malicious Payloads | McAfee Blog |
CERT-EU | 5 months ago | Unmasking 2024's Email Security Landscape |
CERT-EU | 5 months ago | Watch out! There are hidden dangers lurking your PDFs |
InfoSecurity-magazine | 5 months ago | “TicTacToe Dropper” Malware Distribution Tactics Revealed |
Fortinet | 5 months ago | TicTacToe Dropper | FortiGuard Labs |
CERT-EU | 6 months ago | Windows Computer Hit with AgentTesla Malware to Steal Data |
Secureworks | a year ago | DarkTortilla Malware Analysis |
CERT-EU | a year ago | Microsoft OneNote Announces Enhanced Security After Phishing Attacks |
CERT-EU | 7 months ago | 8220 gang exploits old Oracle WebLogic vulnerability to deliver infostealers, cryptominers - Help Net Security |
MITRE | 7 months ago | TA2541: Threats to Aviation, Aerospace, & Travel | Proofpoint US |
CERT-EU | 9 months ago | Threat Roundup for October 13 to October 20 |
CERT-EU | 8 months ago | Malware-Traffic-Analysis.net - 2023-11-22 - AgentTesla infection with FTP data exfil |
Checkpoint | 8 months ago | 13th November – Threat Intelligence Report - Check Point Research |
CERT-EU | 9 months ago | Discord still a hotbed of malware activity — Now APTs join the fun |
CERT-EU | 9 months ago | AgentTesla Stealer Delivered Via Weaponized PDF and CHM Files |