| ID | Votes | Profile Description |
|---|
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| KOPILUWAK | Unspecified | 2 | KopiLuwak is a JavaScript-based malware used for command and control (C2) communications and victim profiling. It was initially dropped by Pensive Ursa using an MSIL dropper in a G20-themed attack in 2017, and later as a self-extracting archive (SFX) executable in late 2022. Upon execution, the SFX |
| Unc4210 | Unspecified | 1 | UNC4210 is a malicious software (malware) discovered by Mandiant in September 2022, suspected to be an operation of the Turla Team. This malware was identified as it re-registered three expired ANDROMEDA command and control (C2) domains and began selectively deploying KOPILUWAK and QUIETCANARY to vi |
| Tomiris | Unspecified | 1 | Tomiris is a malicious software (malware) group that has been active since before 2019. Known for its use of the QUIETCANARY backdoor, Tomiris has expanded its capabilities and influence within the region, targeting government entities and other high-value targets. The group has shown a particular i |
| Tunnussched | Unspecified | 1 | TunnusSched is a malicious software (malware) that has been used by the Advanced Persistent Threat (APT) group known as Tomiris. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is capable of stealing personal information, disrupting operations, and even h |
| Peppy | Unspecified | 1 | Peppy is a malicious software (malware) that has been identified as part of a broader cyber threat landscape. The malware, which is a Python-based Remote Access Trojan (RAT), was discovered during an analysis of the registration information of several Trojan command and control domains used by Proje |
| Peppy Trojan | Unspecified | 1 | None |
| Dridex | Unspecified | 1 | Dridex is a well-known malware, specifically a banking Trojan, that has been utilized by cybercriminals to exploit and damage computer systems. The malware infiltrates systems through dubious downloads, emails, or websites, often unbeknownst to the user, and can steal personal information, disrupt o |
| Cutwail | Unspecified | 1 | Cutwail is a notorious malware that has been associated with various botnets, including Necurs, Andromeda, and Dridex, at different stages of their lifecycle. It has been implicated in the distribution of malicious payloads such as IcedID, Gozi, and Pushdo, often using crypters like Hexa, Forest, Sn |
| Uroburos | Unspecified | 1 | Uroburos, also known as Snake, Turla, Pensive Ursa, and Venomous Bear, is a sophisticated malware linked to the Russian Federal Security Service (FSB). The development of this malicious software began in late 2003, with its operations traced back to at least 2004. Uroburos is part of a broader arsen |
| Agent.btz | Unspecified | 1 | Agent.btz, also known as ComRAT v4, is a remote access trojan (RAT) developed using C++ and employing a virtual FAT16 file system. This malicious software was one of the earliest backdoors used by Pensive Ursa, a cyber-espionage group. Notably, the malware is frequently used to exfiltrate sensitive |
| Maze | Unspecified | 1 | Maze is a type of malware, specifically ransomware, that gained notoriety in 2019 for its double extortion tactic. This malicious software infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Maze w |
| Moonlight Maze | Unspecified | 1 | Moonlight Maze is a notorious malware that emerged in the 1990s, primarily targeting government, military, and defense sector entities. This malicious software was designed to exploit and damage computer systems, often infiltrating them through suspicious downloads, emails, or websites without the u |
| QUIETCANARY | Unspecified | 1 | Quietcanary is a malicious software (malware) that has been exploited by threat groups such as Pensive Ursa and Tomiris. The malware, known for its backdoor capabilities, has been in use since at least 2019, with Pensive Ursa deploying it against targets in Ukraine in September 2022, often in conjun |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Turla | Unspecified | 4 | Turla, also known as Pensive Ursa, is a sophisticated threat actor linked to Russia that has been active for many years. The group is known for its advanced cyber-espionage capabilities and has been associated with numerous high-profile breaches. According to the MITRE ATT&CK and MITRE Ingenuity dat |
| ProjectM | Unspecified | 1 | ProjectM, also known as Transparent Tribe, APT36, Copper Fieldstone, and Mythic Leopard, is a threat actor group originating from Pakistan that has been active since 2013. The group has targeted Indian governmental, military, and research organizations, along with their employees, using a variety of |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Unc4210 Kopiluwak | Unspecified | 1 | None |
| Unc4210 Andromeda | Unspecified | 1 | None |
| Kopiluwak Md5 | Unspecified | 1 | None |
| Source | CreatedAt | Title |
|---|---|---|
| CERT-EU | 6 months ago | A guide to the most important characters in Sarah J. Maas' 'Crescent City' series |
| CERT Polska | a year ago | Honeynet Project Workshop CrackMe Solution |
| CERT-EU | 8 months ago | Search | arXiv e-print repository |
| CERT Polska | a year ago | Slave, Banatrix and ransomware |
| DARKReading | a year ago | FBI Disarms Russian FSB 'Snake' Malware Network |
| Checkpoint | a year ago | 9th January – Threat Intelligence Report - Check Point Research |
| CERT-EU | a year ago | Kaspersky Analyzes Links Between Russian State-Sponsored APTs |
| CERT Polska | a year ago | E-mail trojan attack on Booking.com and online auction website Allegro.pl clients |
| CERT-EU | a year ago | Tomiris called, they want their Turla malware back |
| CERT-EU | a year ago | Russia’s 'Turla' Group – A Formidable Cyberespionage Adversary |
| MITRE | a year ago | Stopping Serial Killer: Catching the Next Strike - Check Point Research |
| MITRE | a year ago | ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe |
| CERT-EU | a year ago | Turla Disrupted: What Does That Mean for Russian Cyber Operations? |
| CERT-EU | a year ago | Tomiris called, they want their Turla malware back - GIXtools |
| CERT-EU | a year ago | Nuspire Q4 2022 and Year in Review Threat Report: Cyber Threat Numbers Make History |
| MITRE | 7 months ago | Turla: A Galaxy of Opportunity |