| ID | Votes | Profile Description |
|---|---|---|
| IcedID | 3 | IcedID is a malicious software (malware) designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom |
| Bazarbackdoor | 2 | BazarBackdoor is a type of malware developed by ITG23, first identified in April 2020. It is commonly distributed via contact forms on corporate websites, bypassing regular phishing emails, which makes it harder to detect. The malware is often associated with BazarLoader, both of which were used ext |
| Bazar | 1 | "Bazar" is a form of malware, a malicious software designed to exploit and damage computer systems. This harmful program can infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once it gains access, it can steal personal information, disrupt operations, o |
| Anchor | 1 | Anchor is a type of malware, short for malicious software, that infiltrates systems to exploit and cause damage. It can access systems through various methods such as suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can disrupt operations, steal personal info |
| Team9 | 1 | Team9 is a malware, short for malicious software, that poses significant threats to computer systems and data. The malware's operations start with the Team9 loader, which upon examination shows a XOR key of the infection date in the YYYYMMDD format (ISO 8601). This loader downloads a XOR-encoded pay |
| Gozi | 1 | Gozi is a notorious malware that has been linked to numerous cyber attacks. It's typically delivered through sophisticated malvertising techniques, often used in conjunction with other initial access malware such as Pikabot botnet agent and IcedID information stealer. When an individual accesses a c |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| TrickBot | Unspecified | 4 | TrickBot is a notorious form of malware that infiltrates systems to exploit and damage them, often through suspicious downloads, emails, or websites. Once it has breached a system, TrickBot can steal personal information, disrupt operations, and even hold data hostage for ransom. It has been linked |
| Conti | Unspecified | 4 | Conti is a type of malware, specifically ransomware, known for its ability to disrupt operations, steal personal information, and hold data hostage for ransom. The malicious software infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. It has been used in |
| Emotet | Unspecified | 4 | Emotet is a highly dangerous and insidious malware that has resurfaced with increased activity this summer. Originally distributed via email attachments, it infiltrates systems often without the user's knowledge, forming botnets under the control of criminals for large-scale attacks. Once infected, |
| Diavol | Unspecified | 3 | Diavol is a type of malware, specifically ransomware, that infiltrates systems to exploit and cause damage. It can infect systems through various channels such as suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Diavol can steal personal information, disrupt ope |
| Bumblebee | Unspecified | 3 | Bumblebee is a type of malware that has been linked to ITG23, a cybercriminal group known for its use of crypters such as Emotet, IcedID, Qakbot, Bumblebee, and Gozi. Distributed via phishing campaigns or compromised websites, Bumblebee enables the delivery and execution of further payloads. The sam |
| QakBot | Unspecified | 2 | Qakbot is a potent malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information, disrupt operations, or e |
| Ryuk | Unspecified | 2 | Ryuk is a sophisticated malware, specifically a ransomware variant, that has been extensively used by cybercriminal group ITG23. The group has been employing crypting techniques for several years to obfuscate their malware, with Ryuk often seen in tandem with other malicious software such as Trickbo |
| Karakurt | Unspecified | 1 | Karakurt is a notorious malware and data extortion group, previously affiliated with ITG23, known for its sophisticated tactics, techniques, and procedures (TTPs). The group's operations involve stealing sensitive data from compromised systems and demanding ransoms ranging from $25,000 to a staggeri |
| Valak | Unspecified | 1 | Valak is a type of malware, or malicious software, that infiltrates systems to exploit and damage them. It was distributed by threat actor TA551, which has historically pushed various families of information-stealing malware such as Ursnif and IcedID. Valak, in particular, is known as a malware down |
| Zloader | Unspecified | 1 | ZLoader is a type of malware, malicious software designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it has the capacity to steal personal information, disrupt operations, or even ho |
| Cobaltstrike | Unspecified | 1 | CobaltStrike is a notorious form of malware that has been used in conjunction with other malicious software including IcedID, Qakbot, BazarLoader, Conti, Gozi, Trickbot, Quantum, Emotet, and Royal Ransomware. This malware is typically delivered through suspicious downloads, emails, or websites, ofte |
| Squirrelwaffle | Unspecified | 1 | SquirrelWaffle, a new malware family, emerged in the threat landscape in September 2021. The infection vector is through spam emails containing malicious Office documents, specifically Microsoft Word and Excel files. The first variant mimics a DocuSign document, prompting the victim to enable editin |
| Cobalt Strike Beacon | Unspecified | 1 | Cobalt Strike Beacon is a type of malware known for its harmful capabilities, including stealing personal information, disrupting operations, and potentially holding data hostage for ransom. The malware has been loaded by HUI Loader through various files such as mpc.tmp, dlp.ini, vmtools.ini, and an |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| ITG23 | Unspecified | 2 | ITG23, also known as the Trickbot/Conti syndicate, is a significant threat actor that has been active since 2016 in the East European cybercrime arena. This group is renowned for its use of Reflective DLL Injection code in many of its crypters, with the presence of these crypters on a file sample be |
| EXOTIC LILY | Unspecified | 1 | Exotic Lily, an initial access broker (IAB), has been active since at least September 2021. The entity conducts highly sophisticated phishing campaigns to gain initial access to organizations and then sells this access to other threat actors, including ransomware groups. A notable example of their m |
| Wizard Spider | Unspecified | 1 | Wizard Spider, also known as ITG23, DEV-0193, Trickbot Group, Fin12, and Grimspider, is a significant threat actor in the cybercrime landscape. This group has been continually analyzed by IBM Security X-Force researchers for its use of several crypters and is credited with creating the notorious, ev |
| Hive0106 | Unspecified | 1 | Hive0106, also known as TA551, is a notable threat actor recognized for its association with ITG23, another prominent entity in the cybercrime landscape. This partnership has been observed since mid-2021 by X-Force, a cybersecurity firm. Hive0106's primary role is as a distribution affiliate, delive |
| Zev | Unspecified | 1 | Zev is a threat actor that has been reportedly active since 2016. Initially, this group was known for distributing payloads such as Valak, IcedID, and QakBot. However, in late June 2021, the group started distributing Trickbot with the 'zev' gtag. By mid-to-late July 2021, they had switched to Bazar |
| FIN12 | Unspecified | 1 | FIN12, also known as DEV-0237 and Pistachio Tempest, is a threat actor group notorious for its malicious cyber activities. Tracked by Microsoft, this group is primarily engaged in the distribution of Hive, Conti, and Ryuk ransomware. The group has been responsible for several high-profile ransomware |
| Conti Ransomware Gang | Unspecified | 1 | The Conti ransomware gang, a notorious threat actor in the cybersecurity landscape, has been responsible for extorting at least $180 million globally. The gang is infamous for the HSE cyberattack in 2021 and has been sanctioned by the National Crime Agency (NCA). In late 2021, experts suggested that |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| CVE-2021-34527 | Unspecified | 1 | CVE-2021-34527, also known as PrintNightmare, is a software vulnerability that involves a flaw in software design or implementation. The exploitation process begins when a user clicks on a link which downloads a ZIP archive containing a malicious JScript (JS) downloader titled 'Stolen Images Evidenc |
| CVE-2021-40444 | Unspecified | 1 | None |
| Source | CreatedAt | Title |
|---|---|---|
| CERT-EU | 7 months ago | Microsoft disables MSIX protocol handler abused in malware attacks |
| MITRE | 7 months ago | Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds |
| SecurityIntelligence.com | 8 months ago | ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups |
| CERT-EU | 10 months ago | Bumblebee Malware Abuses WebDAV Protocol to Attack Organizations |
| BankInfoSecurity | a year ago | Cybercrime Tremors: Experts Forecast Qakbot Resurgence |
| Flashpoint | a year ago | Qakbot Takedown: A Brief Victory in the Fight Against Resilient Malware |
| MITRE | a year ago | Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser | Mandiant |
| BankInfoSecurity | a year ago | Stung by Free Decryptor, Ransomware Group Embraces Extortion |
| MITRE | a year ago | Wizard Spider Modifies and Expands Toolset [Adversary Update] |
| MITRE | a year ago | Ransomware Activity Targeting the Healthcare and Public Health Sector | CISA |
| MITRE | a year ago | SquirrelWaffle: New Malware Loader Delivering Cobalt Strike and QakBot |
| CERT-EU | a year ago | Cyber security week in review: April 28, 2023 |
| CERT-EU | a year ago | Analysis of Ransomware Attack Timelines | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware – National Cyber Security Consulting |
| MITRE | a year ago | Bumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem |
| MITRE | a year ago | CONTInuing the Bazar Ransomware Story |
| CERT-EU | a year ago | UK cracks down on ransomware actors | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware - National Cyber Security |
| CERT-EU | a year ago | New strain of JavaScript dropper delivers Bumblebee and IcedID malware |
| SecurityIntelligence.com | a year ago | The Trickbot/Conti Crypters: Where Are They Now? |
| CERT-EU | a year ago | No Ransomware Please, We're British | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware - National Cyber Security |
| MITRE | a year ago | A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak |