| ID | Votes | Profile Description |
|---|---|---|
| Gopuram | 5 | Gopuram is a malicious software or malware that infiltrates systems to exploit and cause damage. It has been known to infect systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold |
| Coingotrade | 2 | CoinGoTrade is a malicious software (malware) disguised as a legitimate cryptocurrency wallet application. It installs itself in the /Applications/CoinGoTrade.app/Contents/MacOS/ folder and presents a fully functional wallet program to its victims. The malware was first brought to public attention o |
| Celas Trade Pro | 2 | Celas Trade Pro is a malicious software application posing as a cryptocurrency trading platform. It was developed by North Korean hackers, referred to as HIDDEN COBRA by the U.S. government, as part of a series of deceptive applications collectively known as the "AppleJeus" family of malware. These |
| Unc4736 | 2 | UNC4736, a threat actor suspected to have North Korean connections, has been implicated in a series of cybersecurity breaches. The group gained initial access to the 3CX environment when an employee downloaded a financial trading package named X_TRADER from Trading Technologies' website. Unbeknownst |
| Bloxholder | 1 | None |
| Poolrat | 1 | PoolRat, a harmful malware previously classified as SimpleSea by threat intelligence firms, is designed to exploit and damage computer systems. This C/C++ macOS implant has the capability of collecting basic system information and executing arbitrary commands, including carrying out file operations. |
| Cryptoneuro Trader | 1 | CryptoNeuro Trader is a malicious software (malware) that has been used to target and exploit hundreds of cryptocurrency companies, leading to the theft of tens of millions of dollars' worth of cryptocurrency. Notable incidents include the theft of $75 million from a Slovenian company in December 20 |
| HIDDEN COBRA | 1 | Hidden Cobra, also known as the Lazarus Group and Sapphire Sleet, is a North Korean cyberespionage group that has been active since at least 2009. The U.S. Government uses the term Hidden Cobra to refer to malicious cyber activities by the North Korean government, with the BeagleBoyz representing a |
| Tradertraitor | 1 | TraderTraitor, also known as Lazarus Group or APT38, is a threat actor attributed to the North Korean government. This group has been linked by the FBI to several recent cyberattacks on cryptocurrency platforms, with hundreds of millions of dollars in cryptocurrency stolen. The attacks share similar |
| Dorusio | 1 | Dorusio is a malware application that is part of the "AppleJeus" family, a group of malicious cryptocurrency applications developed by North Korean hackers, also known as HIDDEN COBRA. The Dorusio program, which mimics an open-source cryptocurrency wallet application, was developed alongside other m |
| Ants2whale | 1 | Ants2Whale is a malicious software (malware) identified as the seventh version of AppleJeus, a notorious family of North Korean malware targeting cryptocurrency operations. First discovered in late 2020, Ants2Whale operates similarly to its predecessors, with its main function being to provide hacke |
| Kupay Wallet | 1 | Kupay Wallet is a malicious software (malware) identified as part of the AppleJeus Version 4 malware family, developed and deployed by North Korean hackers, referred to by the U.S. government as HIDDEN COBRA. The malware was developed between March 2018 and September 2020, alongside other malicious |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Ants2whalehelper | is related to | 1 | Ants2whalehelper is a potent malware that infiltrates systems, causing significant harm and disruption. It operates by installing itself in the /Library/Application Support/Ants2WhaleSupport/ folder of the targeted system, often without the user's knowledge or explicit consent. This malicious softwa |
| BADCALL | Unspecified | 1 | None |
| ThreatNeedle | Unspecified | 1 | ThreatNeedle is a malicious software (malware) that has been identified as a tool used by the notorious North Korean Advanced Persistent Threat (APT) group, Lazarus. This malware, designed to exploit and damage computer systems, can infiltrate systems through suspicious downloads, emails, or website |
| FALLCHILL | Unspecified | 1 | FALLCHILL is a malicious software (malware) typically introduced into a system as a file dropped by other HIDDEN COBRA malware. It has been linked to the North Korea-associated Lazarus APT group, who notably utilized a MacOS variant of the malware for the first time. The cybersecurity company that r |
| Cryptoistic | Unspecified | 1 | Cryptoistic is a malware that was compiled on April 2nd, 2020, and is designed to exploit and damage computer systems. It appears to be part of a trend of trojanizing cryptocurrency-related apps and was circulated at the same time as TinkaOTP and CoinGoTrade. While CoinGoTrade is written primarily i |
| Mars | Unspecified | 1 | Mars is a malicious software (malware) that has been discovered by Trend Micro's Mobile Application Reputation Service (MARS) team. This malware is particularly damaging as it involves two new Android malware families related to cryptocurrency mining and financially-motivated scam campaigns, targeti |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Lazarus Group | Unspecified | 3 | The Lazarus Group, a notorious threat actor believed to be linked to North Korea, has been attributed with a series of significant cyber-attacks over the past few years. The group's malicious activities include the exploitation of digital infrastructure, stealing cryptocurrency, and executing large- |
| Apt43 | Unspecified | 1 | APT43, also known as Kimsuky, is a North Korean state-sponsored advanced persistent threat (APT) group that has been actively involved in cybercrime and espionage. The group has been implicated in a series of attacks exploiting vulnerabilities, which have drawn the attention of various cybersecurity |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| CVE-2022-0609 | Unspecified | 1 | CVE-2022-0609 is a zero-day vulnerability discovered in Google Chrome, originating from a flaw in software design or implementation. This security loophole was exploited by North Korean government-backed threat actors in early 2022 to target various US organizations across the media, high-tech, and |
| Source | CreatedAt | Title |
|---|---|---|
| CERT-EU | 8 months ago | Ransomware Dwell Time Hits Low of 24 Hours | #ransomware | #cybercrime | National Cyber Security Consulting |
| CERT-EU | 8 months ago | Connect the Dots on State-Sponsored Cyber Incidents - Targeting of cryptocurrency exchanges and financial service companies |
| CERT-EU | 8 months ago | Advanced threat predictions for 2024 – GIXtools |
| Securelist | 8 months ago | Kaspersky Security Bulletin: APT predictions 2024 |
| CERT-EU | 9 months ago | Connect the Dots on State-Sponsored Cyber Incidents - Targeting of cryptocurrency exchanges and financial service companies |
| CERT-EU | 10 months ago | North Korean Hackers Continue to Refine Their Arsenal of Tactics & Techniques |
| CERT-EU | a year ago | N.K. Hackers Employ Matryoshka Doll-Style Cascading Supply Chain Attack on 3CX |
| CERT-EU | 10 months ago | Cybercriminals can go from click to compromise in less than a day | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting |
| CERT-EU | 10 months ago | Connect the Dots on State-Sponsored Cyber Incidents - Targeting of users of cryptocurrency applications |
| CERT-EU | a year ago | N.K. Hackers Employ Matryoshka Doll-Style Cascading Supply Chain Attack on 3CX |
| CERT-EU | a year ago | IT threat evolution in Q2 2023 – GIXtools |
| CERT-EU | a year ago | IT threat evolution Q2 2023 |
| Securityaffairs | a year ago | FBI identifies wallets holding cryptocurrency funds stolen by North Korea |
| CERT-EU | a year ago | FBI Finds 1,580 Bitcoin in Crypto Wallets Linked to North Korean Hackers |
| CERT-EU | a year ago | APT trends report Q2 2023 – GIXtools |
| Securelist | a year ago | APT trends report Q2 2023 |
| CERT-EU | a year ago | JumpCloud Intrusion | Attacker Infrastructure Links Compromise to North Korean APT Activity |
| CERT-EU | a year ago | JumpCloud Cyberattack Linked to North Korean Hackers |
| MITRE | a year ago | APT trends report Q1 2020 |
| MITRE | a year ago | Three North Korean Military Hackers Indicted in Wide-Ranging Scheme |