| ID | Votes | Profile Description |
|---|---|---|
| Lockbit | 11 | LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt |
| Conti | 6 | Conti is a type of malware, specifically ransomware, known for its ability to disrupt operations, steal personal information, and hold data hostage for ransom. The malicious software infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. It has been used in |
| Megazord | 4 | Megazord is a new variant of the Akira ransomware, first observed in deployment by Akira threat actors around August 2023. Initially focusing on Windows systems, the malware evolved to target Linux VMware ESXi virtual machines. Early versions of Akira were written in C++, encrypting files with an .a |
| Powerranges | 3 | None |
| Hive | 3 | Hive is a malicious software, or malware, that infiltrates systems to exploit and damage them. This malware has been associated with Volt Typhoon, who exfiltrated NTDS.dit and SYSTEM registry hive to crack passwords offline. The Hive operation was primarily involved in port scanning, credential thef |
| Akira Ransomware Gang | 2 | The Akira ransomware gang, a malicious threat actor in the cybersecurity landscape, has been actively involved in several high-profile cyber attacks. They use sophisticated techniques to infiltrate systems and steal sensitive data, posing significant threats to both private companies and government |
| REvil | 2 | REvil is a notorious form of malware, specifically ransomware, that infiltrates systems to disrupt operations and steal data. The ransomware operates on a Ransomware as a Service (RaaS) model, which gained traction in 2020. In this model, REvil, like other first-stage malware such as Dridex and Goot |
| Akira_v2 | 2 | Akira_v2 is a variant of the Akira malware, identified and confirmed by trusted third-party investigations. The Akira threat actors were initially observed deploying the Windows-specific "Megazord" ransomware, with further analysis revealing that a second payload, later identified as Akira_v2, was c |
| Zeon | 2 | Zeon, a known threat actor in the cybersecurity landscape, has been linked to several high-profile ransomware attacks. It was instrumental in crypting SVCReady and CargoBay loaders, observed in Quantum and Royal ransomware attacks respectively. Zeon has also employed third-party ransomware such as B |
| Trigona | 2 | Trigona, a malware identified in 2022, emerged as a significant ransomware threat. This malicious software, designed to exploit and damage computer systems, infected devices through suspicious downloads, emails, or websites. The malware was particularly notorious for targeting Microsoft SQL servers, |
| Royal Ransomware | 1 | Royal Ransomware is a type of malware that has been causing significant disruptions in various sectors, particularly in the United States. Originating from the now-defunct Conti ransomware operation, Royal Ransomware was notorious for its multi-threaded encryption and ability to kill processes withi |
| Nokoyawa | 1 | Nokoyawa is a notorious malware, particularly known for its ransomware capabilities. It has been associated with various other malicious software including Quantum, Royal, BlackBasta, Emotet, IcedID, CobaltStrike, SVCReady, CargoBay, Pushdo, Minodo, DiceLoader, AresLoader, LummaC2, Vidar, Gozi, Cany |
| Gold Sahara | 1 | None |
| Punk Spider | 1 | None |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Black Basta | Unspecified | 6 | Black Basta is a notorious malware entity known for its devastating ransomware attacks. First emerging in June 2022, the group has since been associated with a series of high-profile cyber-attacks worldwide. This malware, like others, infiltrates systems through suspicious downloads, emails, or webs |
| Clop | Unspecified | 6 | Clop is a notorious malware, short for malicious software, known for its disruptive and damaging effects on computer systems. It primarily infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Clop can steal personal information, disrupt o |
| Blackbasta | Unspecified | 3 | BlackBasta is a malicious software (malware) known for its disruptive and damaging effects on computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even ho |
| Ryuk | Unspecified | 2 | Ryuk is a sophisticated malware, specifically a ransomware variant, that has been extensively used by cybercriminal group ITG23. The group has been employing crypting techniques for several years to obfuscate their malware, with Ryuk often seen in tandem with other malicious software such as Trickbo |
| Blacksuit | Unspecified | 2 | BlackSuit is a malicious software (malware) that was introduced in May 2023, believed to be a rebranding of the Royal ransomware operation, which itself was a branch of the now-defunct Conti ransomware operation. Various sources have reported similarities in code between Royal and BlackSuit, further |
| TrickBot | Unspecified | 2 | TrickBot is a notorious form of malware that infiltrates systems to exploit and damage them, often through suspicious downloads, emails, or websites. Once it has breached a system, TrickBot can steal personal information, disrupt operations, and even hold data hostage for ransom. It has been linked |
| Ghost | is related to | 2 | Ghost is a type of malware, or malicious software, that infiltrates systems to exploit and cause damage. It is often disseminated through suspicious downloads, emails, or websites, and can steal personal information, disrupt operations, or hold data hostage for ransom. In 2020, there were plans for |
| Werewolves | Unspecified | 2 | The Werewolves ransomware group has recently emerged as a significant threat in the cybercrime landscape. The group, known for its unusual targeting of Russian entities, employs a variant of the LockBit3 ransomware in its attacks. Since its inception, Werewolves has targeted 26 victims across variou |
| IceFire | Unspecified | 2 | IceFire is a malicious software (malware) that has been detected as part of the Linux ransomware family. It was initially known for attacking Windows systems, but recent developments have seen it expand its reach to both Linux and Windows systems. The shift by IceFire to target Linux systems worldwi |
| Cactus | Unspecified | 2 | Cactus is a type of malware, specifically ransomware, that has been implicated in several high-profile cyber-attacks. This malicious software infiltrates systems through deceptive methods such as suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Cactus c |
| Karakurt | Unspecified | 1 | Karakurt is a notorious malware and data extortion group, previously affiliated with ITG23, known for its sophisticated tactics, techniques, and procedures (TTPs). The group's operations involve stealing sensitive data from compromised systems and demanding ransoms ranging from $25,000 to a staggeri |
| Ziggy | Unspecified | 1 | Ziggy is a malicious software (malware) known for its damaging and exploitative capabilities. This malware, along with xmrig, can be downloaded and executed via specific scripts. It is associated with various hosted files including TDGG, api.key, tmate, tt.sh, sGAU.sh, t.sh, x86_64.so, xmr.sh, xmrig |
| Mirai | Unspecified | 1 | Mirai is a type of malware that primarily targets Internet of Things (IoT) devices to form botnets, which are networks of private computers infected with malicious software and controlled as a group without the owners' knowledge. In early 2022, Mirai botnets accounted for over 7 million detections g |
| Amos | Unspecified | 1 | AMOS is a malicious software (malware) that targets Mac systems, with the ability to steal passwords, personal files, and cryptocurrency wallet information. It was first identified as part of the ClearFake campaign, which aimed to spread the macOS AMOS information stealer. The malware can infect bot |
| Darkgate | Unspecified | 1 | DarkGate is a malicious software (malware) that poses significant threats to computer systems and data. It infiltrates systems through dubious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold your data hos |
| cryptolocker | Unspecified | 1 | CryptoLocker is a type of malware, specifically ransomware, that emerged as a significant threat to cybersecurity worldwide. This malicious software infiltrated systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, CryptoLocker encrypted user |
| Fakesg | Unspecified | 1 | FakeSG is a recently identified malware that uses sophisticated obfuscation and delivery techniques, making it a serious threat. The malware mimics the notorious SocGholish distribution campaign, hence its name - "FakeSG". It has different browser templates, altering its appearance based on the vict |
| 3am | Unspecified | 1 | 3AM is a new and sophisticated ransomware family that has recently emerged in the cyber threat landscape. The malware, known for its malicious intent to exploit and damage computer systems, operates by infiltrating the target infrastructure through suspicious downloads, emails, or websites. Once ins |
| RTM Locker | Unspecified | 1 | RTM Locker is a recently emerged ransomware that targets enterprise systems, specifically Linux virtual machines on VMware ESXi servers. This malicious software was developed from the leaked source code of the now-defunct Babuk ransomware, which was made public by an alleged member of the Babuk grou |
| Monti | Unspecified | 1 | The Monti group, a malicious cyber entity, has been active since June 2022, shortly after the Conti ransomware gang shut down its operations. The group is known for its malware, Monti, which is a particularly harmful program designed to exploit and damage computer systems. It infiltrates systems thr |
| AvosLocker | Unspecified | 1 | AvosLocker is a type of malware, specifically a ransomware, that has been causing significant issues across the digital landscape. Ransomware is a form of malicious software designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites without |
| Threeam | Unspecified | 1 | ThreeAM, a developing ransomware group first identified by GRIT in September 2023, has been steadily increasing its operational tempo. This malicious software is designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites without the user's k |
| Black Suit | Unspecified | 1 | Black Suit is a notable piece of malware that emerged as a rebranding of the Royal ransomware. The connection between the two was established through matching binaries. This malicious software, designed to exploit and damage computer systems, has been linked to several cyberattacks. Notably, Black S |
| Amos Stealer | Unspecified | 1 | AMOS Stealer is a type of malware that has been causing significant concern due to its adaptability and ability to leverage legitimate services for malicious purposes. This new variant of the AMOS Stealer bears a high degree of similarity to the 2nd variant of RustDoor, particularly in its use of Ap |
| NoEscape | Unspecified | 1 | NoEscape is a malicious software that emerged as a rebrand of 'Avaddon,' known for its successful multi-extortion tactics. In October 2023, the French basketball team ASVEL fell victim to a data breach orchestrated by the NoEscape ransomware gang. This incident was part of a broader trend in the las |
| Diavol | Unspecified | 1 | Diavol is a type of malware, specifically ransomware, that infiltrates systems to exploit and cause damage. It can infect systems through various channels such as suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Diavol can steal personal information, disrupt ope |
| HELLOKITTY | Unspecified | 1 | HelloKitty is a malicious software (malware) that has been designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold dat |
| Locker Ransomware | Unspecified | 1 | Locker ransomware, a type of malware, poses significant risks to computer systems and data. Unlike crypto-ransomware which encrypts user data, locker ransomware locks users out of their devices entirely, demanding a ransom payment to restore access without any data encryption. This threat has evolve |
| Bablock | Unspecified | 1 | BabLock, also known as Rorschach, is a type of malware that operates as ransomware. First identified by Check Point Research in April 2023, this harmful software infiltrates computer systems and devices, often without the user's knowledge, with the aim to exploit, damage, and potentially hold data h |
| Lockbit3 | Unspecified | 1 | LockBit3 is a prominent malware that has been significantly active in the cyber threat landscape. In the first half of 2023, it was reported as the most active among 48 ransomware groups, breaching over 2,200 victims. This represented a 20% increase in victims compared to the same period in 2022. Th |
| Bumblebee | Unspecified | 1 | Bumblebee is a type of malware that has been linked to ITG23, a cybercriminal group known for its use of crypters such as Emotet, IcedID, Qakbot, Bumblebee, and Gozi. Distributed via phishing campaigns or compromised websites, Bumblebee enables the delivery and execution of further payloads. The sam |
| Forest | Unspecified | 1 | Forest is a potent malware that leverages the Golden Ticket, an authentication ticket (TGT), to gain domain-wide access. It exploits the TGT to acquire service tickets (TGS) used for accessing resources across the entire domain and the Active Directory (AD) forest by leveraging SID History. The malw |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Alphv | Unspecified | 8 | AlphV, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. This group has been involved in numerous high-profile attacks, including stealing 5TB of data from Morrison Community Hospital and compromising Clarion, a global manufacturer of audio and video equipment for car |
| Medusa | Unspecified | 4 | Medusa, a threat actor group, has been identified as a rising menace in the cybersecurity landscape, with its ransomware activities escalating significantly. In November 2023, Medusa and other groups like LockBit and ALPHV (BlackCat) exploited a zero-day vulnerability known as Citrix Bleed (CVE-2023 |
| Blackbyte | Unspecified | 3 | BlackByte, a threat actor known for its malicious activities, has been on the radar of cybersecurity agencies since its emergence in July 2021. Notorious for targeting critical infrastructure, BlackByte attracted the attention of the Federal Bureau of Investigation (FBI) and the US Secret Service (U |
| Conti Team | Unspecified | 2 | The Conti team, a threat actor group known for its malicious activities in the cyber realm, has seen significant developments and transformations over recent years. In September 2022, a splinter group from Conti Team One resurfaced under the name Royal Ransomware, conducting callback phishing attack |
| Vice Society | Unspecified | 2 | Vice Society, a threat actor group known for its malicious activities, has been linked to a series of ransomware attacks targeting various sectors, most notably education and healthcare. Throughout 2022 and the first half of 2023, Vice Society, along with Royal Ransomware, were actively executing mu |
| FIN8 | Unspecified | 1 | FIN8, also known as Syssphinx, is a financially motivated cybercrime group that has been active since at least January 2016. This threat actor is notorious for targeting organizations across various sectors including hospitality, retail, entertainment, insurance, technology, chemicals, and finance. |
| Black Cat | Unspecified | 1 | Black Cat, also known as AlphV, is a prominent threat actor known for its malicious activities in the cybersecurity landscape. The group gained significant attention when it launched an attack on Change Healthcare, a subsidiary of Optum and UnitedHealth Group (UHG), in late February. This ransomware |
| Scattered Spider | Unspecified | 1 | Scattered Spider is a prominent threat actor group involved in cybercrime activities with malicious intent. The group employs various tactics to compromise its targets, including phishing for login credentials, searching SharePoint repositories for sensitive information, and exploiting infrastructur |
| Rhysida | Unspecified | 1 | Rhysida, a threat actor known for executing malicious cyber activities, has been responsible for numerous ransomware attacks. The group has primarily targeted businesses and healthcare organizations, with notable instances including a disruptive attack on Ann & Robert H. Lurie Children's Hospital of |
| Hunters International | Unspecified | 1 | Hunters International, a threat actor group in the cybersecurity realm, has recently gained notoriety for its malicious activities. The group is believed to have taken over Hive Ransomware, a notorious malware used for cyberattacks, after Hive's takedown in 2023. Despite disputes from Hunters Intern |
| Bianlian | Unspecified | 1 | BianLian is a threat actor that has been increasingly active in cybercrimes. The group is known for its malicious activities, including the execution of actions with harmful intent. In a series of recent events, BianLian has exploited vulnerabilities in JetBrains TeamCity, a continuous integration a |
| Qilin | Unspecified | 1 | Qilin, a notable threat actor in the cybersecurity landscape, has been significantly active over the last two years, compromising more than 150 organizations across 25 countries and various industries. Originally evolving from the Agenda ransomware written in Go, Qilin has since transitioned to Rust |
| fin11 | Unspecified | 1 | FIN11, a threat actor group also known as Lace Tempest or TA505, has been linked to the development and deployment of Cl0p ransomware. This malicious software is believed to be a variant of another ransomware, CryptoMix, and is typically used by FIN11 to encrypt files on a victim's network after ste |
| 8base | Unspecified | 1 | 8base, a significant threat actor in the cybersecurity landscape, has been active between April 2022 and May 2023. This group, while not new, has recently increased its visibility with the activation of a public leak site used to pressure victims into paying ransoms. In the last month alone, 8base o |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| CVE-2023-20269 | Unspecified | 6 | CVE-2023-20269 is a zero-day vulnerability found in Cisco's Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. This flaw in software design or implementation has been actively exploited by ransomware groups to gain initial access to corporate networks. The exploitation of |
| CVE-2020-3259 | Unspecified | 2 | None |
| Bhi | Unspecified | 2 | None |
| Akira's Megazord | Unspecified | 1 | None |
| Citrix Bleed | Unspecified | 1 | Citrix Bleed, identified as CVE-2023-4966, is a severe software vulnerability in Citrix Netscaler Gateway and Netscaler ADC products, with a high CVSS score of 9.4 indicating its critical nature. This flaw allows for sensitive information disclosure, bypassing password requirements and multifactor a |
| Society/rhysida | Unspecified | 1 | None |
| Zeon/ryuk | Unspecified | 1 | None |
| CVE-2023-20243 | Unspecified | 1 | None |
| Alphavm/blackcat | Unspecified | 1 | None |
| Source | CreatedAt | Title |
|---|---|---|
| Securityaffairs | 6 days ago | Security Affairs Malware Newsletter - Round 3 |
| Securityaffairs | 6 days ago | Security Affairs Malware Newsletter - Round 3 |
| DARKReading | 11 days ago | Vulnerabilities & Threats recent news | Dark Reading |
| Securityaffairs | 11 days ago | Ransomware groups target Veeam Backup & Replication bug |
| Securityaffairs | 12 days ago | Security Affairs Malware Newsletter - Round 2 |
| DARKReading | 15 days ago | Akira Ransomware: Lightning-Fast Data Exfiltration in 2-Ish Hours |
| InfoSecurity-magazine | 16 days ago | Ransomware Surges Annually Despite Law Enforcement Takedowns |
| Securityaffairs | 20 days ago | Security Affairs Malware Newsletter - Round 1 |
| InfoSecurity-magazine | 25 days ago | Ransomware Attack Demands Reach a Staggering $5.2m in 2024 |
| Securityaffairs | a month ago | Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Securityaffairs | a month ago | Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Securityaffairs | a month ago | Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Securityaffairs | 2 months ago | Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Securelist | 3 months ago | Kaspersky Anti-Ransomware Day report 2024 |
| Securityaffairs | 3 months ago | Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION |
| DARKReading | 6 months ago | Black Kite Unveils Monthly Ransomware Dashboards |
| Securityaffairs | 3 months ago | Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Checkpoint | 3 months ago | 22nd April – Threat Intelligence Report - Check Point Research |
| Securityaffairs | 3 months ago | Akira ransomware received $42M in ransom payments from over 250 victims |
| InfoSecurity-magazine | 3 months ago | Akira Ransomware Group Rakes in $42m, 250 Organizations Impacted |