| ID | Votes | Profile Description |
|---|---|---|
| Transparent Tribe | 4 | Transparent Tribe is a threat actor known for conducting malicious campaigns against organizations in South Asia. The group has been linked to the ObliqueRAT malware and CrimsonRAT through its infrastructure, which includes the domains vebhost[.]com, zainhosting[.]net/com, and others. The group has |
| SideCopy | 3 | SideCopy is a Pakistani threat actor that has been operational since at least 2019, primarily targeting South Asian countries, specifically India and Afghanistan. The Advanced Persistent Threat (APT) group uses lures such as archive files embedded with Lnk, Microsoft Publisher or Trojanized Applicat |
| Sidewinder | 3 | The Sidewinder threat actor group, also known as Rattlesnake, BabyElephant, APT Q4, APT Q39, Hardcore Nationalist, HN2, RAZOR Tiger, and GroupA21, is a significant cybersecurity concern with a history of malicious activities dating back to 2012. This report investigates a recent campaign by Sidewind |
| ProjectM | 2 | ProjectM, also known as Transparent Tribe, APT36, Copper Fieldstone, and Mythic Leopard, is a threat actor group originating from Pakistan that has been active since 2013. The group has targeted Indian governmental, military, and research organizations, along with their employees, using a variety of |
| Mythic Leopard | 2 | Mythic Leopard, also known as Transparent Tribe, APT36, and ProjectM, is a threat actor group likely fulfilling strategic intelligence requirements for the Pakistani state. This highly prolific group's activities date back to at least 2013 and primarily involve the creation of fake domains that mimi |
| Zainhosting | 1 | ZainHosting, a Pakistani web hosting services provider, has been identified as a significant threat actor in the cybersecurity landscape. The company is believed to be involved in operating malicious infrastructure for Transparent Tribe, a notorious cyber-espionage group. Three sets of domains—the m |
| Cosmic Leopard | 1 | "Cosmic Leopard" is a threat actor identified by Cisco Talos, which has been targeting Indian officials with Trojans since 2016. The group began operations using GravityRAT, a type of malware first identified by Talos in 2018. Cosmic Leopard's primary tools include Windows and Android malware called |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Crimson | Unspecified | 4 | Crimson is a type of malware that has been used in various cyber-espionage campaigns, notably by ProjectM. The malware was first observed in 2013 and has been continuously employed in attacks alongside other payloads like Capra RAT and Oblique RAT. ProjectM used multiple domains to control the Crims |
| Crimson Rat | Unspecified | 3 | Crimson RAT is a malicious software, or malware, primarily used by the threat actor known as APT36 or Transparent Tribe. This custom .NET Remote Access Trojan (RAT) has been observed in multiple instances of cyber-attacks, mainly targeting India and Afghanistan. Over time, alongside Crimson RAT, Tra |
| Xploitspy | Unspecified | 1 | XploitSPY is a malicious Remote Access Trojan (RAT) that was first uploaded to GitHub in April 2020 by a user named RaoMK, who was reportedly associated with an Indian cybersecurity solutions company, XploitWizer. The malware is based on L3MON, a defunct open-source Android RAT inspired by AhMyth, a |
| Peppy | Unspecified | 1 | Peppy is a malicious software (malware) that has been identified as part of a broader cyber threat landscape. The malware, which is a Python-based Remote Access Trojan (RAT), was discovered during an analysis of the registration information of several Trojan command and control domains used by Proje |
| ObliqueRAT | Unspecified | 1 | ObliqueRAT is a harmful malware that can infect computer systems through suspicious downloads, emails, or websites, often without the user's knowledge. Attackers leveraging ObliqueRAT have started hosting their malicious payloads on compromised websites to appear more legitimate. The group behind th |
| More_eggs | Unspecified | 1 | More_eggs, also known as Golden Chickens, is a malware suite utilized by financially motivated cybercrime actors such as Cobalt Group and FIN6. This malware-as-a-service (MaaS) offering has been identified as the "cyber weapon of choice" by Russia-based cyber gangs. It was first seen in email campai |
| KONNI | Unspecified | 1 | Konni is a malware, short for malicious software, that poses a significant threat to computer systems and data. It's designed to infiltrate systems surreptitiously through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Konni can wreak havoc by stealin |
| Meterpreter | Unspecified | 1 | Meterpreter, a type of malware, is an attack payload of Metasploit that serves as an interactive shell, enabling threat actors to control and execute code on a system. Advanced Persistent Threat (APT) actors have created and used a variant of Metasploit (Meterpreter) on the ServiceDesk system, liste |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| APT10 | Unspecified | 1 | APT10, also known as the Menupass Team, is a threat actor believed to operate on behalf of the Chinese Ministry of State Security (MSS). The group has been active since 2009 and is suspected to be based in Tianjin, China, according to research by IntrusionTruth in 2018. APT10 has primarily targeted |
| APT34 | Unspecified | 1 | APT34, also known as OilRig, EUROPIUM, Hazel Sandstorm, and Crambus among other names, is a threat actor believed to be operating on behalf of the Iranian government. Operational since at least 2014, APT34 has been involved in long-term cyber espionage operations primarily focused on reconnaissance |
| Lazarus Group | Unspecified | 1 | The Lazarus Group, a notorious threat actor believed to be linked to North Korea, has been attributed with a series of significant cyber-attacks over the past few years. The group's malicious activities include the exploitation of digital infrastructure, stealing cryptocurrency, and executing large- |
| APT33 | Unspecified | 1 | APT33, an Iran-linked threat actor, has been identified as a significant cyber threat to the Defense Industrial Base sector. The group is known for its sophisticated and malicious activities, which primarily involve executing actions with harmful intent. APT33, like other threat actors, could be a s |
| APT29 | Unspecified | 1 | APT29, also known as Cozy Bear, SVR group, BlueBravo, Nobelium, Midnight Blizzard, and The Dukes, is a threat actor linked to Russia. This group is notorious for its malicious activities in the cybersecurity realm, executing actions with harmful intent. It has been associated with several high-profi |
| OceanLotus | Unspecified | 1 | OceanLotus, also known as APT32, is a threat actor suspected to be linked with Vietnam. It primarily targets foreign companies involved in manufacturing, consumer products, consulting, and hospitality sectors that are investing or planning to invest in Vietnam. The group's recent activities indicate |
| Turla | Unspecified | 1 | Turla, also known as Pensive Ursa, is a sophisticated threat actor linked to Russia that has been active for many years. The group is known for its advanced cyber-espionage capabilities and has been associated with numerous high-profile breaches. According to the MITRE ATT&CK and MITRE Ingenuity dat |
| Evil Corp | Unspecified | 1 | Evil Corp, a threat actor group based in Russia, has been identified as a significant cybercrime entity responsible for the execution of malicious actions. The alleged leader of this group is Maksim Yakubets, who is notably associated with Dridex malware operations. The U.S. Treasury imposed sanctio |
| FIN12 | Unspecified | 1 | FIN12, also known as DEV-0237 and Pistachio Tempest, is a threat actor group notorious for its malicious cyber activities. Tracked by Microsoft, this group is primarily engaged in the distribution of Hive, Conti, and Ryuk ransomware. The group has been responsible for several high-profile ransomware |
| Kimsuky | Unspecified | 1 | Kimsuky is a North Korea-linked advanced persistent threat (APT) group that conducts global cyber-attacks to gather intelligence for the North Korean government. The group has been identified as a significant threat actor, executing actions with malicious intent, and has recently targeted victims vi |
| BITTER | Unspecified | 1 | Bitter, also known as T-APT-17, is a suspected South Asian threat actor that has been involved in various cyber campaigns. The group has been active since at least August 2021, with its operations primarily targeting government personnel in Bangladesh through spear-phishing emails. The similarities |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
No associations to display |
| Source | CreatedAt | Title |
|---|---|---|
| Securityaffairs | 20 days ago | Security Affairs newsletter Round 479 by Pierluigi Paganini – INTERNATIONAL EDITION |
| BankInfoSecurity | a month ago | Pakistan's 'Cosmic Leopard' Is Targeting India With RATs |
| DARKReading | a month ago | Pakistani APT 'Celestial Force' Spies on Indian Gov't, Defense Orgs |
| BankInfoSecurity | 2 months ago | Pakistani-Aligned APT36 Targets Indian Defense Organizations |
| ESET | 3 months ago | eXotic Visit campaign: Tracing the footprints of Virtual Invaders |
| CERT-EU | 4 months ago | 12 Months of Fighting Cybercrime & Defending Enterprises | #cybercrime | #infosec | National Cyber Security Consulting |
| CERT-EU | 7 months ago | Operation RusticWeb: Rust-Based Malware Targets Indian Government Entities |
| CERT-EU | 9 months ago | SideCopy’s Multi-platform Onslaught: Leveraging WinRAR Zero-Day and Linux Variant of Ares RAT |
| CERT-EU | 9 months ago | DoNot Team's New Firebird Backdoor Hits Pakistan and Afghanistan |
| CERT-EU | 10 months ago | Cyber Security Week in Review: September 22, 2023 |
| CERT-EU | 10 months ago | Fake YouTube Android Apps Used to Distribute CapraRAT |
| CERT-EU | 10 months ago | Second highest ransomware profits expected this year |
| CERT-EU | 10 months ago | Fake YouTube apps leveraged for CapraRAT malware distribution |
| CERT-EU | 10 months ago | Chinese cyberespionage campaign involves novel Linux backdoor |
| CERT-EU | 10 months ago | Hackers Using Fake YouTube Apps To Infect Android Devices |
| CERT-EU | 10 months ago | CapraTube - Transparent Tribe's CapraRAT mimics YouTube to hijack Android phones – Global Security Mag Online |
| DARKReading | 10 months ago | CapraRAT Impersonates YouTube to Hijack Android Devices |
| CERT-EU | 10 months ago | CapraTube | Transparent Tribe’s CapraRAT Mimics YouTube to Hijack Android Phones |
| CERT-EU | 10 months ago | APT36 state hackers infect Android devices using YouTube app clones |
| CERT-EU | 10 months ago | A peek into APT36’s updated arsenal | Zscaler |