| ID | Votes | Profile Description |
|---|---|---|
| IcedID | 3 | IcedID is a malicious software (malware) that has been linked to various cybercrime operations. The malware can infiltrate systems via suspicious downloads, emails, or websites and proceed to steal personal information, disrupt operations, or hold data for ransom. IcedID has been associated with oth |
| Bazarbackdoor | 2 | BazarBackdoor is a type of malware developed by ITG23, first identified in April 2020. It is commonly distributed via contact forms on corporate websites, bypassing regular phishing emails, which makes it harder to detect. The malware is often associated with BazarLoader, both of which were used ext |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| TrickBot | Unspecified | 4 | TrickBot is a notorious malware that has been used extensively by cybercriminals to exploit and damage computer systems. It operates as a crimeware-as-a-service platform, infecting systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can stea |
| Conti | Unspecified | 4 | Conti is a notorious malware and ransomware operation that has caused significant damage to computer systems worldwide. The Conti group, believed to have around 200 employees, operated like a regular business, with internal communications revealing the organization's structure and operations. It was |
| Emotet | Unspecified | 4 | Emotet is a highly dangerous and insidious type of malware that has been active, particularly during recent summers. It is distributed primarily through documents attached to emails, using conversations found in compromised accounts. Once an unsuspecting user clicks either the enable button or an im |
| Bumblebee | Unspecified | 3 | Bumblebee is a type of malware that has been linked to ITG23, a cybercriminal group known for its use of crypters such as Emotet, IcedID, Qakbot, Bumblebee, and Gozi. Distributed via phishing campaigns or compromised websites, Bumblebee enables the delivery and execution of further payloads. The sam |
| Diavol | Unspecified | 3 | Diavol is a type of malware, specifically ransomware, that infiltrates systems to exploit and cause damage. It can infect systems through various channels such as suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Diavol can steal personal information, disrupt ope |
| Ryuk | Unspecified | 2 | Ryuk is a type of malware known as ransomware, which has been utilized by the threat group ITG23 for several years. This group has been notorious for crypting their malware, with crypters seen in use with other malware such as Trickbot, Emotet, Cobalt Strike, and Ryuk. In 2019, most ransomware inves |
| QakBot | Unspecified | 2 | Qakbot is a type of malware that has been linked to various cybercriminal activities, with its presence first observed as early as 2020. It gained notoriety for its role in the operations of the Black Basta ransomware group, which used Qakbot extensively in sophisticated phishing campaigns. The malw |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| ITG23 | Unspecified | 2 | ITG23, also known as the Trickbot/Conti syndicate, is a significant threat actor that has been active since 2016 in the East European cybercrime arena. This group is renowned for its use of Reflective DLL Injection code in many of its crypters, with the presence of these crypters on a file sample be |
| Preview | Source Link | CreatedAt | Title |
|---|---|---|---|
| CERT-EU | 8 months ago | Microsoft disables MSIX protocol handler abused in malware attacks | |
| MITRE | 9 months ago | Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds | |
| SecurityIntelligence.com | 10 months ago | ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups | |
| CERT-EU | a year ago | Bumblebee Malware Abuses WebDAV Protocol to Attack Organizations | |
| BankInfoSecurity | a year ago | Cybercrime Tremors: Experts Forecast Qakbot Resurgence | |
| Flashpoint | a year ago | Qakbot Takedown: A Brief Victory in the Fight Against Resilient Malware | |
| MITRE | 2 years ago | Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser | Mandiant | |
| BankInfoSecurity | a year ago | Stung by Free Decryptor, Ransomware Group Embraces Extortion | |
| MITRE | 2 years ago | Wizard Spider Modifies and Expands Toolset [Adversary Update] | |
| MITRE | 2 years ago | Ransomware Activity Targeting the Healthcare and Public Health Sector | CISA | |
| MITRE | 2 years ago | SquirrelWaffle: New Malware Loader Delivering Cobalt Strike and QakBot | |
| CERT-EU | a year ago | Cyber security week in review: April 28, 2023 | |
| CERT-EU | a year ago | Analysis of Ransomware Attack Timelines | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware – National Cyber Security Consulting | |
| MITRE | 2 years ago | Bumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem | |
| MITRE | 2 years ago | CONTInuing the Bazar Ransomware Story | |
| CERT-EU | 2 years ago | UK cracks down on ransomware actors | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware - National Cyber Security | |
| CERT-EU | a year ago | New strain of JavaScript dropper delivers Bumblebee and IcedID malware | |
| SecurityIntelligence.com | a year ago | The Trickbot/Conti Crypters: Where Are They Now? | |
| CERT-EU | 2 years ago | No Ransomware Please, We're British | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware - National Cyber Security | |
| MITRE | 2 years ago | A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak |