| ID | Votes | Profile Description |
|---|---|---|
| POTASSIUM | 3 | Potassium, also known as APT10, CVNX, Stone Panda, MenuPass, and POTASSIUM, is a threat actor that has been linked to multiple cyberattacks. This entity is believed to be operating out of China, with Zhu Hua and Zhang Shilong identified as key players within the group. They are reportedly associated |
| Cloud Hopper | 2 | Cloud Hopper is a threat actor, also known as APT10, that has been involved in significant cyber espionage activities. This group executed a campaign named Operation Cloud Hopper, where they targeted managed IT service providers with the intention of gaining unauthorized access to their clients' net |
| menuPass | 2 | MenuPass, also known as APT10, Stone Panda, and ALPHV BlackCat, is a threat actor suspected to be linked to the Chinese government. This cyber espionage group has been active since at least 2009, according to Mandiant, and has targeted a wide range of sectors including construction, engineering, aer |
| Stone Panda | 2 | Stone Panda, also known as APT10 and MenuPass, is a threat actor that has been linked to the Chinese government by researchers from NHS Digital in the UK. The group has developed Trochilus, an advanced persistent threat tool, and is believed to be behind recent espionage efforts against US companies |
| Bronze Riverside | 2 | BRONZE RIVERSIDE, also known as APT10 and Earth Tengshe, is a threat actor associated with the Chinese Ministry of State Security (MSS). This group has been primarily involved in cyber espionage activities, focusing on the theft of intellectual property from Japanese organizations. The group's activ |
| Menupass Team | 1 | None |
| Bronze Starlight | 1 | Bronze Starlight, a Chinese threat actor group, has been linked to various malicious activities in the cybersecurity landscape. The group is known for deploying different types of ransomware payloads, including traditional ransomware schemes such as LockFile and name-and-shame models. Bronze Starlig |
| Cicada | 1 | Cicada, also known as APT10, Stone Panda, or Cloud Hopper, is a threat actor believed to be linked with the Chinese government. The group has been active since 2009, engaging in espionage operations against various organizations, particularly those associated with Japan. Cicada's activities involve |
| Circuit Panda | 1 | Circuit Panda, also known as BlackTech, HUAPI, Manga Taurus, Palmerworm, Red Djinn, and Temp.Overboard, is a significant threat actor with a history of operating against targets in East Asia, particularly Taiwan, Japan, and Hong Kong since at least 2007. This group is part of a constellation of adva |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| RedLeaves | Unspecified | 3 | RedLeaves is a malicious software (malware) that has been utilized in cyber espionage campaigns for over five years, as reported by Trend Micro. This malware, which is known to infect Windows machines, operates as a remote access trojan (RAT), enabling unauthorized access and control over infected s |
| PlugX | Unspecified | 2 | PlugX is a notorious malware, typically associated with Chinese threat actors, that has been used in various cyberattacks. This malicious software infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. It |
| FYAnti | Unspecified | 1 | Fyanti is a highly sophisticated multi-layer malware loader module, used to deliver various malicious payloads such as SodaMaster (also known as DelfsCake, dfls, and DARKTOWN), P8RAT (also known as GreetCake and HEAVYPOT), and FYAnti (also known as DILLJUICE stage2). These payloads eventually load Q |
| P8RAT | Unspecified | 1 | P8RAT, also known as GreetCake and HEAVYPOT, is a highly sophisticated fileless malware introduced in a campaign by the threat actor Ecipekac. It is part of a multi-layer loader module designed to deliver various payloads including SodaMaster (also referred to as DelfsCake, dfls, and DARKTOWN), P8RA |
| SodaMaster | Unspecified | 1 | SodaMaster, also known as DelfsCake, is a new fileless malware discovered to be another payload of the Ecipekac loader. This sophisticated multi-layer loader module is used to deliver various payloads including SodaMaster, P8RAT (also known as GreetCake and HEAVYPOT), and FYAnti (also known as DILLJ |
| FIVEHANDS | Unspecified | 1 | FiveHands, also known as HelloKitty, is a sophisticated form of malware that primarily targets financial institutions. It was first reported by Mandiant in April 2021 as part of a cyber threat posed by the UNC2447 group. The ransomware is typically delivered through Encryptor.exe, a loader that init |
| HELLOKITTY | Unspecified | 1 | HelloKitty is a malicious software (malware) that has been designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold dat |
| DEATHRANSOM | Unspecified | 1 | DeathRansom is a form of malware, specifically ransomware, known for its damaging effects on computer systems. It operates by infiltrating systems through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or hold data hostage for ranso |
| SombRAT | Unspecified | 1 | Sombrat is a sophisticated malware that poses a significant financial threat, as reported by Mandiant in April 2021. It operates in conjunction with FIVEHANDS Ransomware under the umbrella of UNC2447, a malicious cyber activity group. The malware infects systems through suspicious downloads, emails, |
| SNUGRIDE | Unspecified | 1 | Snugride is a type of malware that was used in recent APT10 activity. Malware, or malicious software, is a harmful program designed to exploit and damage computers or devices. Snugride works as a backdoor that communicates with its C2 server through HTTP requests. It is often installed via tradition |
| UPPERCUT | Unspecified | 1 | Uppercut is a sophisticated malware utilized by APT10, a Chinese cyber espionage group tracked by FireEye since 2009. This group has a history of targeting Japanese entities and has been implicated in a recent campaign that involved sending spear-phishing emails containing malicious documents. These |
| KONNI | Unspecified | 1 | Konni is a malware, short for malicious software, that poses a significant threat to computer systems and data. It's designed to infiltrate systems surreptitiously through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Konni can wreak havoc by stealin |
| Lucky Mouse | Unspecified | 1 | Lucky Mouse, also known as Emissary Panda, APT27, Threat Group 3390, Bronze Union, and several other names, is a malicious software (malware) attributed to a China-linked Advanced Persistent Threat (APT) group. This malware has been active since at least 2013, targeting various industry verticals fo |
| malware.binary.exe | Unspecified | 1 | None |
| Ecipekac | Unspecified | 1 | Ecipekac is a sophisticated multi-layered malware, first observed by cybersecurity experts in an advanced cyber campaign. This malicious software, also known as DESLoader, SigLoader, and HEAVYHAND, employs a unique and complex loading schema that involves the use of four files to load and decrypt fo |
| Sogu | Unspecified | 1 | SOGU is a malicious software (malware) attributed to TEMP.Hex, a threat actor linked to China. The malware is designed to exploit and damage computer systems, often infiltrating them through suspicious downloads, emails, or websites. Once inside, it can steal personal information, disrupt operations |
| ChChes | Unspecified | 1 | ChChes is a malware family that has been linked to the Advanced Persistent Threat (APT) group known as "menuPass." The malware was first identified in 2016 when it was used to target Japanese academics, pharmaceutical companies, and a US-based subsidiary of a Japanese manufacturing organization. ChC |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Lazarus Group | Unspecified | 1 | The Lazarus Group, a notorious threat actor believed to be linked to North Korea, has been attributed with a series of significant cyber-attacks over the past few years. The group's malicious activities include the exploitation of digital infrastructure, stealing cryptocurrency, and executing large- |
| GALLIUM | Unspecified | 1 | Gallium, also known as Alloy Taurus, is a China-aligned threat actor known for executing actions with malicious intent in the cyber domain. In recent years, Gallium has been associated with various significant cyber-espionage campaigns. The group targeted telecommunication entities in the Middle Eas |
| APT41 | Unspecified | 1 | APT41, also known as Winnti, Wicked Panda, and Wicked Spider, is a sophisticated threat actor attributed to China. This group has been active since at least 2012, targeting organizations across 14 countries. The group is known for its extensive use of various code families and tools, with at least 4 |
| Wicked Panda | Unspecified | 1 | Wicked Panda, also known as APT41, Double Dragon, and Bronze Atlas, is a state-sponsored threat actor originating from China. Recognized as one of the top cyber threats by the Department of Health and Human Services' Health Sector Cybersecurity Coordination Center, this group has been associated wit |
| DragonOK | Unspecified | 1 | DragonOK, a threat actor group reportedly linked to China, has been associated with various malicious activities, including the deployment of the infamous Remote Access Trojan (RAT) known as FormerFirstRAT. This multi-featured RAT allows threat actors to gain complete control over a targeted machine |
| APT1 | Unspecified | 1 | APT1, also known as Unit 61398 or Comment Crew, is a notorious cyber-espionage group believed to be part of China's People's Liberation Army (PLA) General Staff Department's 3rd Department. This threat actor has been linked with several high-profile Remote Access Trojans (RATs), enabling them to tak |
| CVNX | Unspecified | 1 | None |
| Sidewinder | Unspecified | 1 | The Sidewinder threat actor group, also known as Rattlesnake, BabyElephant, APT Q4, APT Q39, Hardcore Nationalist, HN2, RAZOR Tiger, and GroupA21, is a significant cybersecurity concern with a history of malicious activities dating back to 2012. This report investigates a recent campaign by Sidewind |
| APT34 | Unspecified | 1 | APT34, also known as OilRig, EUROPIUM, Hazel Sandstorm, and Crambus among other names, is a threat actor believed to be operating on behalf of the Iranian government. Operational since at least 2014, APT34 has been involved in long-term cyber espionage operations primarily focused on reconnaissance |
| Kimsuky | Unspecified | 1 | Kimsuky is a North Korea-linked advanced persistent threat (APT) group that conducts global cyber-attacks to gather intelligence for the North Korean government. The group has been identified as a significant threat actor, executing actions with malicious intent, and has recently targeted victims vi |
| APT36 | Unspecified | 1 | APT36, also known as Transparent Tribe and Earth Karkaddan, is a notorious threat actor believed to be based in Pakistan. The group has been involved in cyberespionage activities primarily targeting India, with a focus on government, military, defense, aerospace, and education sectors. Their campaig |
| APT33 | Unspecified | 1 | APT33, an Iran-linked threat actor, has been identified as a significant cyber threat to the Defense Industrial Base sector. The group is known for its sophisticated and malicious activities, which primarily involve executing actions with harmful intent. APT33, like other threat actors, could be a s |
| OceanLotus | Unspecified | 1 | OceanLotus, also known as APT32, is a threat actor suspected to be linked with Vietnam. It primarily targets foreign companies involved in manufacturing, consumer products, consulting, and hospitality sectors that are investing or planning to invest in Vietnam. The group's recent activities indicate |
| Evil Corp | Unspecified | 1 | Evil Corp, a threat actor group based in Russia, has been identified as a significant cybercrime entity responsible for the execution of malicious actions. The alleged leader of this group is Maksim Yakubets, who is notably associated with Dridex malware operations. The U.S. Treasury imposed sanctio |
| APT29 | Unspecified | 1 | APT29, also known as Cozy Bear, SVR group, BlueBravo, Nobelium, Midnight Blizzard, and The Dukes, is a threat actor linked to Russia. This group is notorious for its malicious activities in the cybersecurity realm, executing actions with harmful intent. It has been associated with several high-profi |
| Turla | Unspecified | 1 | Turla, also known as Pensive Ursa, is a sophisticated threat actor linked to Russia that has been active for many years. The group is known for its advanced cyber-espionage capabilities and has been associated with numerous high-profile breaches. According to the MITRE ATT&CK and MITRE Ingenuity dat |
| NOBELIUM | Unspecified | 1 | Nobelium, a threat actor linked to Russia's SVR, has been actively targeting French diplomatic entities as part of its cyber-espionage activities. The Advanced Persistent Threat (APT) group has utilized sophisticated techniques such as phishing and attempts to install Cobalt Strike, an advanced malw |
| Elfin | Unspecified | 1 | Elfin, also known by various names including Curious Serpens, Peach Sandstorm, APT33, HOLMIUM, MAGNALIUM, and REFINED KITTEN, is a significant threat actor with a track record of malicious cyber activities dating back to at least 2013. The group has been particularly active from 2016 to 2019, target |
| Bluenoroff | Unspecified | 1 | BlueNoroff, a threat actor closely associated with the notorious Lazarus Group, has been actively involved in malicious cyber activities primarily targeting financial institutions and cryptocurrency businesses. Known for its sophisticated attacks on banks, casinos, fintech companies, POST software, |
| BRONZE UNION | Unspecified | 1 | Bronze Union, also known as APT27, Emissary Panda, Lucky Mouse, Iron Tiger, and Red Phoenix, is a threat actor with alleged connections to the Chinese government. The group has been observed targeting organizations across Europe, North and South America, Africa, the Middle East, and the Asia-Pacific |
| Emissary Panda | Unspecified | 1 | Emissary Panda, also known as Iron Tiger, APT27, Budworm, Bronze Union, Lucky Mouse, and Red Phoenix, is a threat actor group associated with malicious cyber activities. The group has been active since at least 2013, targeting various industry verticals across Europe, North and South America, Africa |
| FIN12 | Unspecified | 1 | FIN12, also known as DEV-0237 and Pistachio Tempest, is a threat actor group notorious for its malicious cyber activities. Tracked by Microsoft, this group is primarily engaged in the distribution of Hive, Conti, and Ryuk ransomware. The group has been responsible for several high-profile ransomware |
| Emperor Dragonfly | Unspecified | 1 | Emperor Dragonfly, also known as Bronze Starlight or Storm-0401, is a threat actor group linked to China that has been identified as deploying various ransomware payloads. This group targets sectors such as gambling within Southeast Asia. The cybersecurity industry uses different names for the same |
| Havex | Unspecified | 1 | Havex, also known as Dragonfly or the Energetic Bear RAT, is a prominent threat actor in the cybersecurity landscape. First spotted in 2013, Havex was part of a broad industrial espionage campaign that specifically targeted Supervisory Control and Data Acquisition (SCADA) and Industrial Control Syst |
| Alloy Taurus | Unspecified | 1 | Alloy Taurus, a threat actor group, has been identified as a significant cybersecurity concern due to its persistent attempts at cyberespionage, primarily targeting the government sector in Southeast Asia. The activity of this group was first observed in early 2022 and continued throughout 2023, dur |
| Mustang Panda | Unspecified | 1 | Mustang Panda, also known as Bronze President, Nomad Panda, Naikon, Earth Preta, and Stately Taurus, is a Chinese-aligned threat actor that has been associated with widespread attacks against various countries in the Asia-Pacific region. The group's malicious activities were first traced back to Mar |
| Daggerfly | Unspecified | 1 | DaggerFly, also known as Evasive Panda and Bronze Highland, is a Chinese-speaking Advanced Persistent Threat (APT) group that has been active since 2012. The group is known for its cyberespionage activities targeting individuals in mainland China, Hong Kong, Macao, and Nigeria. In addition to these |
| Earth Tengshe | Unspecified | 1 | None |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
No associations to display |
| Source | CreatedAt | Title |
|---|---|---|
| CERT-EU | 5 months ago | Surge in ransomware, leaks and info stealers targeting Middle East and Africa – Intelligent CIO Middle East | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting |
| CERT-EU | 10 months ago | Techrights — Slanderous Media Campaigns Trying to Link Linux to 'Backdoors' |
| CERT-EU | 10 months ago | My Tea's not cold : an overview of China's cyber threat – Global Security Mag Online |
| CERT-EU | 10 months ago | Chinese Hackers Have Unleashed a Never-Before-Seen Linux Backdoor - Slashdot |
| CERT-EU | 10 months ago | Chinese hackers have unleashed a never-before-seen Linux backdoor – Ars Technica | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting |
| CERT-EU | a year ago | Chinese hackers accused of targeting Southeast Asian gambling sector |
| Securityaffairs | a year ago | Bronze Starlight targets the Southeast Asian gambling sector - Security Affairs |
| CERT-EU | a year ago | Cloud Providers Becoming Key Players in Ransomware, Halcyon Warns |
| CERT-EU | a year ago | Russia, Serbia targeted by Space Pirates threat group |
| CERT-EU | a year ago | Cloudzy delivers cloud services to multiple APT groups, researchers say |
| CERT-EU | a year ago | Iranian Company Cloudzy Accused of Aiding Cybercriminals and Nation-State Hackers |
| CERT-EU | a year ago | Connect the Dots on State-Sponsored Cyber Incidents - Targeting of Visma |
| CERT-EU | a year ago | Connect the Dots on State-Sponsored Cyber Incidents - Targeting of Visma |
| CERT-EU | a year ago | Japan in the Crosshairs of Many State-Sponsored Threat Actors New Report Finds |
| CERT-EU | a year ago | Intellectual Property Security: Defending Valuable Business Assets - Security Boulevard |
| MITRE | a year ago | Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers |
| MITRE | a year ago | menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations |
| MITRE | a year ago | Two Chinese Hackers Associated With the Ministry of State Security |
| MITRE | a year ago | APT10 MenuPass Group | Global Targeting Using New Tools |
| MITRE | a year ago | Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign |