| Alias Description | Votes |
|---|---|
| Lockbit is a possible alias for Babuk. LockBit is a malicious software, or malware, known for its damaging and exploitative functions. It infiltrates systems via dubious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or hold data hostage for ransom. The LockBit | 8 |
| Rorschach is a possible alias for Babuk. Rorschach, also known as BabLock, is a malware variant that has been recognized for its speed and sophistication. It is a form of ransomware that encrypts files on infected systems at an unprecedented rate, with Check Point researchers noting it as one of the fastest ransomware variants ever observe | 4 |
| RTM Locker is a possible alias for Babuk. RTM Locker is a recently emerged ransomware that targets enterprise systems, specifically Linux virtual machines on VMware ESXi servers. This malicious software was developed from the leaked source code of the now-defunct Babuk ransomware, which was made public by an alleged member of the Babuk grou | 4 |
| Tortilla is a possible alias for Babuk. Tortilla is a variant of the Babuk ransomware, a malicious software that encrypts victims' files and demands a ransom for their release. This malware, like others of its kind, can infiltrate systems through dubious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can di | 4 |
| Dark Angels is a possible alias for Babuk. Dark Angels, a threat actor group with malicious intent, has emerged as a significant cybersecurity concern since its first appearance in May 2022. Known for their ransomware attacks, the group has been involved in several high-profile cybercrimes, targeting large corporations and stealing vast amou | 2 |
| Dunghill Leak is a possible alias for Babuk. The Dunghill Leak is a relatively new ransomware and extortion group that emerged from the Dark Angels ransomware, which itself originated from the Babuk ransomware. It first came to light in April 2023 when the Dark Angels launched their victim shaming site called Dunghill Leak. This platform, alth | 2 |
| Rapture is a possible alias for Babuk. Rapture is a prominent malware that has emerged as a significant threat in the cybersecurity landscape. It appears to have adapted and evolved from the Paradise crypto-locker source code, which leaked in mid-2021. Further enhancements were made using the Babuk source code that was leaked later the s | 2 |
| Alias Description | Association Type | Votes |
|---|---|---|
| The REvil Malware is associated with Babuk. REvil, also known as Sodinokibi, is a malicious software (malware) that operates on a Ransomware as a Service (RaaS) model. This model became increasingly popular in 2020, with first-stage malware like Dridex and Gootkit being linked to ransomware attacks such as BitPaymer and REvil respectively. Th | Unspecified | 6 |
| The Hive Malware is associated with Babuk. Hive is a form of malware, specifically ransomware, designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Hive can steal personal information, disrupt operations, or hold data hostag | Unspecified | 5 |
| The Conti Malware is associated with Babuk. Conti is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. Often spreading through suspicious downloads, emails, or websites, it can steal personal information, disrupt operations, or hold data hostage for ransom. Notably, Conti was linked to several ra | Unspecified | 5 |
| The RTM Malware is associated with Babuk. RTM is a malicious software, first reported as the RTM banking Trojan, that was initially detected by vendors such as Symantec and Microsoft in 2017. This malware operates on Windows 7 RTM (7600) and was later updated to a variant known as Redaman. The leaked source code of RTM has been utilized to | Unspecified | 4 |
| The Rook Malware is associated with Babuk. Rook is a malicious software (malware) linked to several ransomware activities, including LockFile, AtomSilo, Night Sky, and Pandora. These activities are associated with the deployment of HUI Loader, which has been used in loading Cobalt Strike Beacon. A CTU analysis revealed that these five ransom | Unspecified | 4 |
| The Ragnar Locker Malware is associated with Babuk. Ragnar Locker is a type of malware, specifically ransomware, known for its destructive impact on computer systems. It infiltrates systems primarily through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or hold data hostage for rans | Unspecified | 2 |
| The Babuk Tortilla Malware is associated with Babuk. Babuk Tortilla is a variant of malware, specifically ransomware, that was first discovered by Cisco Talos researchers in October 2021. This malicious software infiltrates computer systems, often unbeknownst to the user, through suspicious downloads, emails, or websites, and can cause significant har | Unspecified | 2 |
| The Locker Ransomware Malware is associated with Babuk. Locker ransomware, a type of malware, poses significant risks to computer systems and data. Unlike crypto-ransomware which encrypts user data, locker ransomware locks users out of their devices entirely, demanding a ransom payment to restore access without any data encryption. This threat has evolve | Unspecified | 2 |
| The Ryuk Malware is associated with Babuk. Ryuk is a type of malware known as ransomware, which has been utilized by the threat group ITG23 for several years. This group has been notorious for crypting their malware, with crypters seen in use with other malware such as Trickbot, Emotet, Cobalt Strike, and Ryuk. In 2019, most ransomware inves | Unspecified | 2 |
| Alias Description | Association Type | Votes |
|---|---|---|
| The DarkSide Threat Actor is associated with Babuk. DarkSide is a threat actor known for its malicious activities, primarily in the realm of ransomware attacks. One of their most notable exploits occurred on May 7, 2021, when they targeted Colonial Pipeline Co., a major player in the U.S. energy sector. The attack disrupted the gasoline supply across | Unspecified | 4 |
| The Wazawaka Threat Actor is associated with Babuk. Wazawaka, identified by the FBI as Mikhail Matveev, is a significant threat actor in the cybercrime landscape. Known for his affiliations with multiple ransomware groups, including LockBit, throughout 2020 and 2021, he became a central figure in the Babuk ransomware-as-a-service gang. Matveev's oper | Unspecified | 3 |
| The Boriselcin Threat Actor is associated with Babuk. Mikhail Pavlovich Matveev, also known as Boriselcin, is a threat actor that has been implicated in significant cybercrime activities. Beginning at least as early as 2020, Matveev has been allegedly involved in deploying three ransomware variants: LockBit, Babuk, and Hive. These attacks targeted vari | Unspecified | 3 |
| The Mikhail Matveev Threat Actor is associated with Babuk. Mikhail Matveev, also known by the aliases Wazawaka, m1x, Boriselcin, and Uhodiransomwar, is a prominent threat actor associated with significant cybercrime activities. His involvement in the cybercrime world was traced back to 2020 and 2021 when he was identified as an affiliate of LockBit, a notor | Unspecified | 2 |
| The Hive Ransomware Threat Actor is associated with Babuk. Hive ransomware, a prominent threat actor active in 2022, was known for its widespread malicious activities in numerous countries, including the US. The group's modus operandi involved the use of SharpRhino, which upon execution, established persistence and provided remote access to the attackers, e | Unspecified | 2 |
| The Mikhail Pavlovich Matveev Threat Actor is associated with Babuk. Mikhail Pavlovich Matveev, a Russian national also known by online monikers Wazawaka, m1x, Boriselcin, and Uhodiransomwar, has been identified as a major threat actor in the world of cybersecurity. Matveev is among five Russians charged in connection with Lockbit, a group widely recognized as one of | Unspecified | 2 |
| The Alphv Threat Actor is associated with Babuk. Alphv, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. Originating from Russia, this cybercriminal group has been involved in multiple high-profile ransomware attacks, specifically targeting healthcare providers. They gained significant attention after stealing 5TB | Unspecified | 2 |
| Alias Description | Association Type | Votes |
|---|---|---|
| The Proxyshell Vulnerability is associated with Babuk. ProxyShell is a vulnerability that affects Microsoft Exchange email servers, posing a significant risk to organizations worldwide. This flaw in software design or implementation allows attackers to exploit the system and gain unauthorized access. Since early 2021, Iranian government-sponsored APT ac | Unspecified | 2 |
| Preview | Source Link | CreatedAt | Title |
|---|---|---|---|
| Securelist | a month ago | ||
| Securityaffairs | 3 months ago | ||
| Securelist | 3 months ago | ||
| Securityaffairs | 3 months ago | ||
| Securityaffairs | 4 months ago | ||
| DARKReading | 4 months ago | ||
| CERT-EU | 10 months ago | ||
| Securelist | 4 months ago | ||
| Unit42 | 4 months ago | ||
| Securityaffairs | 4 months ago | ||
| Securityaffairs | 4 months ago | ||
| Securityaffairs | 4 months ago | ||
| Securityaffairs | 4 months ago | ||
| DARKReading | 4 months ago | ||
| Securityaffairs | 4 months ago | ||
| Securityaffairs | 5 months ago | ||
| Securityaffairs | 5 months ago | ||
| Securityaffairs | 5 months ago | ||
| Securityaffairs | 5 months ago | ||
| RIA - Information System Authority | 6 months ago |