ID | Votes | Profile Description |
---|---|---|
Dcrat | 1 | DcRAT is a malicious software that has been used in various cyberattacks throughout 2023 and into 2024. The malware, distributed through fake OnlyFans content, deceptive Google Meet sites, and spoofed Skype and Zoom websites, downloads a DcRAT payload when users click on certain elements. This Remot |
ID | Type | Votes | Profile Description |
---|---|---|---|
njRAT | Unspecified | 3 | NjRAT is a remote-access Trojan (RAT) that has been commonly used in both criminal and targeted attacks since as early as 2013. It is part of a suite of RATs used by attackers, including Remcos and AsyncRAT, to exploit and damage computer systems. NjRAT can identify remote hosts on connected network |
Targetcompany | Unspecified | 2 | TargetCompany, a well-known malware group, has developed a new Linux variant of its ransomware that specifically targets VMware ESXi environments. This discovery was made by researchers at Trend Micro who track the group under the name Mallox. The novel variant is designed to detect whether a target |
Lockbit | Unspecified | 2 | LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt |
Agenttesla | Unspecified | 2 | AgentTesla is a well-known remote access trojan (RAT) that has been used extensively in cybercrime operations. It infiltrates systems through various methods, including malicious emails and suspicious downloads. Once inside, it can steal personal information, disrupt operations, or hold data hostage |
Xworm | Unspecified | 2 | XWorm is a multi-functional malware that provides threat actors with remote access capabilities, has the potential to spread across networks, exfiltrate sensitive data, and download additional payloads. It was observed exploiting ScreenConnect vulnerabilities, a client software used for remote syste |
NETWIRE | Unspecified | 2 | NetWire is a type of malware, specifically a remote access trojan (RAT), that has been utilized for various malicious activities since at least 2014. Initially promoted as a legitimate tool for managing Windows computers remotely, NetWire was quickly adopted by cybercriminals and used in phishing at |
DarkComet | Unspecified | 2 | DarkComet is a Remote Access Trojan (RAT) that opens a backdoor on infected computers, allowing unauthorized access and data theft. This malware has been classified among the top five Command and Control (C2) families, indicating its widespread usage by cybercriminals. DarkComet, along with other es |
Fakeupdates | Unspecified | 2 | FakeUpdates, also known as SocGholish, is a JavaScript-based loader malware that primarily targets Microsoft Windows-based environments. The malware has been in operation for over five years and uses compromised websites to trick users into running a fake browser update. In addition to its deceptive |
Socgholish | Unspecified | 2 | SocGholish is a malicious software (malware) known for its ability to exploit and damage computer systems by stealing personal information, disrupting operations, or holding data hostage for ransom. Notably, in 2023, several distinct website malware campaigns were identified to serve SocGholish malw |
Raccoon | Unspecified | 1 | Raccoon is a highly potent and cost-effective Malware-as-a-Service (MaaS) primarily sold on dark web forums, used extensively by Scattered Spider threat actors to pilfer sensitive data. As per the "eSentire Threat Intelligence Malware Analysis: Raccoon Stealer v2.0" report published on August 31, 20 |
Vidar | Unspecified | 1 | Vidar is a Windows-based malware written in C++, derived from the Arkei stealer, which is designed to infiltrate and exploit computer systems. It has been used alongside other malware variants such as Emotet, IcedID, CobaltStrike, SVCReady, CargoBay, Pushdo, Minodo, DiceLoader, AresLoader, LummaC2, |
NanoCore | Unspecified | 1 | NanoCore is a notorious Remote Access Trojan (RAT) first discovered in 2013. It targets Windows operating system users and operates by opening a backdoor on an infected computer to steal information. NanoCore has maintained a top five position for six consecutive months, taking the third spot in Dec |
ZxShell | Unspecified | 1 | ZXShell is a malicious software (malware) that has been used by various cyber threat actors to exploit and damage computer systems. It is known to be associated with other malware such as PANDORA, SOGU, GHOST, WIDEBERTH, QUICKPULSE, FLOWERPOT, QIAC, Gh0st, Poison Ivy, BEACON, HOMEUNIX, STEW, among o |
Darkgate | Unspecified | 1 | DarkGate is a malicious software (malware) that poses significant threats to computer systems and data. It infiltrates systems through dubious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold your data hos |
Venomrat | Unspecified | 1 | VenomRAT is a malicious software (malware) that poses significant threats to computer systems and devices. It can infiltrate systems through dubious downloads, emails, or websites, often without the user's knowledge. Once installed, VenomRAT can steal personal information, disrupt operations, or eve |
payload.exe | Unspecified | 1 | Payload.exe is a malicious software, or malware, that exploits and potentially damages your computer system. It is created from payload.c to generate a 64-bit executable file, which is then processed by exe2h to extract the shellcode from the .text segment of the PE file, saving it as a C array to p |
Agent Tesla | Unspecified | 1 | Agent Tesla is a malicious software (malware) that exploits and damages computer systems, often infiltrating the system through suspicious downloads, emails, or websites. This malware can steal personal information, disrupt operations, and potentially hold data for ransom. Agent Tesla has been obser |
Lockbit Black | Unspecified | 1 | LockBit Black, also known as LockBit 3.0, is a malware that emerged in early 2022, following the release of its predecessor, LockBit 2.0 (or LockBit Red) in mid-2021. This malicious software, designed to exploit and damage computer systems, encrypts files and often holds them hostage for ransom. The |
Scrubcrypt | Unspecified | 1 | ScrubCrypt is a sophisticated malware that has been identified as a significant threat in the cybersecurity landscape. It operates as part of an intricate system of harmful software, including VenomRAT and various malicious plugins, designed to exploit and damage computer systems. The malware infilt |
Dark Crystal Rat | Unspecified | 1 | None |
Meterpreter | Unspecified | 1 | Meterpreter, a type of malware, is an attack payload of Metasploit that serves as an interactive shell, enabling threat actors to control and execute code on a system. Advanced Persistent Threat (APT) actors have created and used a variant of Metasploit (Meterpreter) on the ServiceDesk system, liste |
Netsupport Rat | Unspecified | 1 | NetSupport RAT is a type of malware that can significantly compromise an organization's digital security. Originally derived from the legitimate NetSupport Manager, a remote technical support tool, this malware infects systems through suspicious downloads, emails, or websites, often unbeknownst to t |
Hotrat | Unspecified | 1 | HotRat is a potent malware that has been identified by Avast researchers as a .NET reimplementation of AsyncRat. This new strain of Remote Access Trojan (RAT) comes with nearly 20 commands, each capable of executing a .NET module retrieved from a remote server. This allows the threat actors to exten |
Bumblebee | Unspecified | 1 | Bumblebee is a type of malware that has been linked to ITG23, a cybercriminal group known for its use of crypters such as Emotet, IcedID, Qakbot, Bumblebee, and Gozi. Distributed via phishing campaigns or compromised websites, Bumblebee enables the delivery and execution of further payloads. The sam |
Revenge RAT | Unspecified | 1 | Revenge RAT is a malicious software that uses advanced delivery techniques and support infrastructure to exploit and damage computer systems. It utilizes an Office macro within a Microsoft Office Excel Worksheet to infect its targets. The malware is not dropped onto the disk but is loaded directly i |
Amadey | Unspecified | 1 | Amadey is a malicious software (malware) that has been found to be used in conjunction with other malware such as Remcos, GuLoader, and Formbook. Analysis of the infection chains revealed that the individual behind the sales of Remcos and GuLoader also uses Amadey and Formbook, using GuLoader as a p |
Redline Stealer | Unspecified | 1 | RedLine Stealer is a type of malware that has been causing significant disruption in the digital landscape. This malicious software infiltrates computer systems, often without the user's knowledge, via suspicious downloads, emails, or websites, and then proceeds to steal personal information, disrup |
Smokeloader | Unspecified | 1 | SmokeLoader is a malicious software (malware) that has been extensively used by threat actors, particularly those associated with the Phobos ransomware. It functions as a backdoor trojan, often arriving on victims' systems via spoofed email attachments embedded with hidden payloads. Once downloaded, |
Redline | Unspecified | 1 | RedLine is a malware designed to exploit and damage computer systems by stealing personal information, disrupting operations, or even holding data hostage for ransom. It has been identified as a favorite infostealer among threat actors selling logs through the marketplace 2easy, which also sells Rac |
Lokibot | Unspecified | 1 | LokiBot is a malicious software, or malware, that was first reported on October 24, 2020. It is designed to exploit and damage computer systems by infiltrating them through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, LokiBot steals personal information |
Avemaria/warzonerat | Unspecified | 1 | None |
Formbook | Unspecified | 1 | Formbook is a type of malware known for its ability to steal personal information, disrupt operations, and potentially hold data for ransom. The malware is commonly spread through suspicious downloads, emails, or websites, often without the user's knowledge. In June 2023, Formbook was observed being |
ID | Type | Votes | Profile Description |
---|---|---|---|
TA2541 | Unspecified | 1 | TA2541, a cybercriminal threat actor identified by Proofpoint, has been actively executing malicious actions since January 2017. This group demonstrates persistent and ongoing threat activity, targeting sectors related to aviation, transportation, and travel. Unlike many similar entities, TA2541 doe |
ID | Type | Votes | Profile Description |
---|---|---|---|
Asyncrat Remcos | Unspecified | 1 | None |
CVE-2024-1709 | Unspecified | 1 | CVE-2024-1709 is a critical vulnerability in the ConnectWise ScreenConnect software that allows for an authentication bypass. This flaw can enable a remote non-authenticated attacker to bypass the system's authentication process and gain full access. The issue was identified by Sophos Rapid Response |
Source | CreatedAt | Title |
---|---|---|
Securityaffairs | 5 days ago | SocGholish malware used to spread AsyncRAT malware |
Recorded Future | 18 days ago | 2023 Adversary Infrastructure Report | Recorded Future |
Checkpoint | 2 months ago | Inside the Box: Malware’s New Playground - Check Point Research |
DARKReading | 2 months ago | HP Catches Cybercriminals 'Cat-Phishing' Users |
Pulsedive | 4 months ago | Pulsedive Blog | CyberChef 101 Tool Guide |
Malware-traffic-analysis.net | 4 months ago | Malware-Traffic-Analysis.net - 2024-03-14: AsyncRAT and XWorm infection |
CERT-EU | 4 months ago | New Vcurms Malware Targets Popular Browsers for Data Theft |
CERT-EU | 5 months ago | Tax Season Phishing Surge: Cyber Exploits with AsyncRAT |
BankInfoSecurity | 6 months ago | Breach Roundup: FTC Bans Data Broker From Sharing Locations |
InfoSecurity-magazine | 7 months ago | Malware Takedowns Show Progress, But Fight Against Cybercrime Not Over |
Recorded Future | 7 months ago | 2023 Adversary Infrastructure Report | Recorded Future |
CERT-EU | 7 months ago | Beware! YouTube Videos Promoting Cracked Software Distribute Lumma Stealer |
CERT-EU | 7 months ago | US critical infrastructure, others subjected to prolonged AsyncRAT malware attacks |
CERT-EU | 7 months ago | AsyncRAT loader: Obfuscation, DGAs, decoys and Govno |
Checkpoint | 7 months ago | 18th December – Threat Intelligence Report - Check Point Research |
Malwarebytes | 5 months ago | Stopping a targeted attack on a Managed Service Provider (MSP) with ThreatDown MDR | Malwarebytes |
CERT-EU | 5 months ago | Unmasking 2024's Email Security Landscape |
CERT-EU | 5 months ago | New Vulnerabilities in ConnectWise ScreenConnect Massively Exploited by Attackers |
CERT-EU | 5 months ago | Hackers Exploit ConnectWise Bugs to Deploy LockBit Ransomware |
CERT-EU | 5 months ago | ConnectWise ScreenConnect attacks deliver malware – Sophos News | #ransomware | #cybercrime | National Cyber Security Consulting |