| ID | Votes | Profile Description |
|---|---|---|
| OilRig | 4 | OilRig is a well-known threat actor in the cybersecurity landscape, notorious for its sophisticated attacks on various targets, including Middle Eastern telecommunications organizations and Israel's critical infrastructure sector. This entity has been linked to several high-profile campaigns such as |
| COBALT GYPSY | 2 | Cobalt Gypsy, also known as APT34, Helix Kitten, Hazel Sandstorm, and OilRig, is an Iranian advanced persistent threat operation that has been active since at least 2014. This threat actor has a history of targeting sectors such as telecommunications, government, defense, oil, and financial services |
| Helix Kitten | 2 | Helix Kitten, also known as APT34, OilRig, Cobalt Gypsy, Hazel Sandstorm, and Crambus, is a threat actor believed to originate from Iran. The group has been tracked by various cybersecurity firms including FireEye, Symantec, and CrowdStrike, each using different names to identify the same entity. Th |
| Menorah | 2 | The Menorah malware, a novel and malicious software, was discovered in October 2023 as part of a cyberespionage operation conducted by Iranian advanced persistent threat (APT) group, OilRig. Also known as APT34, Helix Kitten, Hazel Sandstorm, and Cobalt Gypsy, the group has been strengthening its cy |
| Crambus | 2 | The Iranian Crambus espionage group, also known as OilRig, APT34, and other aliases, is a threat actor with extensive expertise in long-term cyber-espionage campaigns. In the most recent attack between February and September 2023, this group infiltrated an unnamed Middle Eastern government's network |
| MuddyWater | 1 | MuddyWater is an advanced persistent threat (APT) group, also known as Earth Vetala, MERCURY, Static Kitten, Seedworm, and TEMP.Zagros. This threat actor has been linked to the Iranian Ministry of Intelligence and Security (MOIS) according to a joint advisory from cybersecurity firms. The group empl |
| Hazel Sandstorm | 1 | None |
| Static Kitten | 1 | Static Kitten, also known as MuddyWater, Mercury, Mango Sandstorm, and TA450, is an Iranian government-sponsored hacking group suspected to be linked to the Iranian Ministry of Intelligence and Security. The group has been active since 2017 and is notorious for its cyber-espionage activities. Static |
| Scarred Manticore | 1 | Scarred Manticore is a threat actor known for its malicious cyber activities, which have been observed in Albania in 2022 and Israel from 2023 to 2024. The group uses sophisticated techniques including a web shell-based version of the LIONTAIL shellcode loader and .NET payloads obfuscated similarly |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| SideTwist | Unspecified | 2 | SideTwist is a malware variant discovered and named by Check Point Research during an investigation into a campaign led by the Iranian threat group APT34 (also known as OilRig). This new backdoor variant was used against what appeared to be a Lebanese target. The SideTwist backdoor, identified via i |
| Forest | Unspecified | 1 | Forest is a potent malware that leverages the Golden Ticket, an authentication ticket (TGT), to gain domain-wide access. It exploits the TGT to acquire service tickets (TGS) used for accessing resources across the entire domain and the Active Directory (AD) forest by leveraging SID History. The malw |
| KONNI | Unspecified | 1 | Konni is a malware, short for malicious software, that poses a significant threat to computer systems and data. It's designed to infiltrate systems surreptitiously through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Konni can wreak havoc by stealin |
| POWRUNER | Unspecified | 1 | Powruner is a malicious software (malware) associated with other malware such as POWBAT and BONDUPDATER, and it's utilized by the Advanced Persistent Threat group APT34. The malware is designed to exploit and damage computer systems, often infiltrating via suspicious downloads, emails, or websites. |
| BONDUPDATER | Unspecified | 1 | BondUpdater is a malware first discovered by FireEye in mid-November 2017, when APT34 targeted a Middle Eastern governmental organization. This PowerShell-based Trojan is associated with other malicious programs such as POWBAT and POWRUNER. BondUpdater contains basic backdoor functionality that allo |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Turla | Unspecified | 2 | Turla, also known as Pensive Ursa, is a sophisticated threat actor linked to Russia that has been active for many years. The group is known for its advanced cyber-espionage capabilities and has been associated with numerous high-profile breaches. According to the MITRE ATT&CK and MITRE Ingenuity dat |
| APT33 | Unspecified | 2 | APT33, an Iran-linked threat actor, has been identified as a significant cyber threat to the Defense Industrial Base sector. The group is known for its sophisticated and malicious activities, which primarily involve executing actions with harmful intent. APT33, like other threat actors, could be a s |
| Kimsuky | Unspecified | 1 | Kimsuky is a North Korea-linked advanced persistent threat (APT) group that conducts global cyber-attacks to gather intelligence for the North Korean government. The group has been identified as a significant threat actor, executing actions with malicious intent, and has recently targeted victims vi |
| Lazarus Group | Unspecified | 1 | The Lazarus Group, a notorious threat actor believed to be linked to North Korea, has been attributed with a series of significant cyber-attacks over the past few years. The group's malicious activities include the exploitation of digital infrastructure, stealing cryptocurrency, and executing large- |
| APT36 | Unspecified | 1 | APT36, also known as Transparent Tribe and Earth Karkaddan, is a notorious threat actor believed to be based in Pakistan. The group has been involved in cyberespionage activities primarily targeting India, with a focus on government, military, defense, aerospace, and education sectors. Their campaig |
| APT29 | Unspecified | 1 | APT29, also known as Cozy Bear, SVR group, BlueBravo, Nobelium, Midnight Blizzard, and The Dukes, is a threat actor linked to Russia. This group is notorious for its malicious activities in the cybersecurity realm, executing actions with harmful intent. It has been associated with several high-profi |
| Sidewinder | Unspecified | 1 | The Sidewinder threat actor group, also known as Rattlesnake, BabyElephant, APT Q4, APT Q39, Hardcore Nationalist, HN2, RAZOR Tiger, and GroupA21, is a significant cybersecurity concern with a history of malicious activities dating back to 2012. This report investigates a recent campaign by Sidewind |
| OceanLotus | Unspecified | 1 | OceanLotus, also known as APT32, is a threat actor suspected to be linked with Vietnam. It primarily targets foreign companies involved in manufacturing, consumer products, consulting, and hospitality sectors that are investing or planning to invest in Vietnam. The group's recent activities indicate |
| Evil Corp | Unspecified | 1 | Evil Corp, a threat actor group based in Russia, has been identified as a significant cybercrime entity responsible for the execution of malicious actions. The alleged leader of this group is Maksim Yakubets, who is notably associated with Dridex malware operations. The U.S. Treasury imposed sanctio |
| FIN12 | Unspecified | 1 | FIN12, also known as DEV-0237 and Pistachio Tempest, is a threat actor group notorious for its malicious cyber activities. Tracked by Microsoft, this group is primarily engaged in the distribution of Hive, Conti, and Ryuk ransomware. The group has been responsible for several high-profile ransomware |
| Elfin | Unspecified | 1 | Elfin, also known by various names including Curious Serpens, Peach Sandstorm, APT33, HOLMIUM, MAGNALIUM, and REFINED KITTEN, is a significant threat actor with a track record of malicious cyber activities dating back to at least 2013. The group has been particularly active from 2016 to 2019, target |
| APT39 | Unspecified | 1 | APT39, attributed to Iran, is a global threat actor with a concentration of activities in the Middle East. The group primarily targets the telecommunications sector, alongside the travel industry, IT firms supporting these sectors, and the high-tech industry. They employ spearphishing attacks with m |
| APT35 | Unspecified | 1 | APT35, also known as the Newscaster Team, Charming Kitten, and Mint Sandstorm, is an Iranian government-sponsored cyber espionage group. The group focuses on long-term, resource-intensive operations to collect strategic intelligence. They primarily target sectors in the U.S., Western Europe, and the |
| APT10 | Unspecified | 1 | APT10, also known as the Menupass Team, is a threat actor believed to operate on behalf of the Chinese Ministry of State Security (MSS). The group has been active since 2009 and is suspected to be based in Tianjin, China, according to research by IntrusionTruth in 2018. APT10 has primarily targeted |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Apt34 Apt34 | Unspecified | 1 | None |
| Oilrig (Apt34 | Unspecified | 1 | None |
| CVE-2017-11882 | Unspecified | 1 | CVE-2017-11882 is a software vulnerability present in Microsoft's Equation Editor, allowing for the execution of malicious code. This vulnerability was exploited by a tool known as Royal Road, which is shared among various Chinese state-sponsored groups. The tool facilitates the creation of harmful |
| CVE-2017-0199 | Unspecified | 1 | CVE-2017-0199 is a notable software vulnerability, specifically a flaw in the design or implementation of Microsoft Office's Object Linking and Embedding (OLE) feature. This vulnerability has been exploited over the years to spread various notorious malware families. In 2017, it was used to dissemin |
| Source | CreatedAt | Title |
|---|---|---|
| CERT-EU | 9 months ago | Iranian Cyber Spies Use 'LionTail' Malware in Latest Attacks |
| Checkpoint | 9 months ago | From Albania to the Middle East: The Scarred Manticore is Listening - Check Point Research |
| CERT-EU | 9 months ago | What is Advanced Persistent Threat? Uncover the Hidden Dangers! |
| CERT-EU | 9 months ago | Iranian Hackers Lurked for 8 Months in Government Network |
| CERT-EU | 9 months ago | New cyber campaign targeted Middle Eastern government, researchers say |
| CERT-EU | 9 months ago | Iranian hackers lurked in Middle Eastern govt network for 8 months |
| BankInfoSecurity | 9 months ago | Iran Traps Middle East Nation in 8-Month Espionage Campaign |
| CERT-EU | 10 months ago | New Menorah malware bolsters OilRig APT's cyberespionage efforts |
| CERT-EU | 10 months ago | Iran-Linked APT34 Spy Campaign Targets Saudis |
| CERT-EU | 10 months ago | APT34 Employs Weaponized Word Documents to Deploy New Malware Strain |
| CERT-EU | 10 months ago | APT34 Employs Weaponized Word Documents to Deploy New Malware Strain |
| CERT-EU | 10 months ago | Iranian APT34 Employs Menorah Malware for Covert Operations |
| CERT-EU | 10 months ago | Iranian APT Group OilRig Using New Menorah Malware for Covert Operations |
| CERT-EU | 10 months ago | How this Israeli Backdoor written in C#/.NET can be used to hack into any company |
| CERT-EU | a year ago | Alert: Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant |
| CERT-EU | a year ago | Hacker Group Disguised as Marketing Company to Attack Enterprise Targets |
| CERT-EU | a year ago | Hacker Group Disguised as Marketing Company to Attack Enterprise Targets | IT Security News |
| CERT-EU | a year ago | Russia’s 'Turla' Group – A Formidable Cyberespionage Adversary |
| CERT-EU | a year ago | Iran's APT34 Hits UAE With Supply Chain Attack |
| CERT-EU | a year ago | Iranian Company Cloudzy Accused of Aiding Cybercriminals and Nation-State Hackers |