| ID | Votes | Profile Description |
|---|---|---|
| QakBot | 12 | Qakbot is a type of malware that has been linked to various cybercriminal activities, with its presence first observed as early as 2020. It gained notoriety for its role in the operations of the Black Basta ransomware group, which used Qakbot extensively in sophisticated phishing campaigns. The malw |
| Conti | 9 | Conti is a notorious malware and ransomware operation that has caused significant damage to computer systems worldwide. The Conti group, believed to have around 200 employees, operated like a regular business, with internal communications revealing the organization's structure and operations. It was |
| FIN7 | 7 | FIN7, a prominent threat actor in the cybercrime landscape, has been noted for its malicious activities and innovative tactics. Known for their relentless attacks on large corporations, FIN7 recently targeted a significant U.S. carmaker with phishing attacks, demonstrating their continued evolution |
| Akira | 6 | Akira is a malicious software or malware that has been causing significant damage to various organizations and systems worldwide. The ransomware, known for its persistent and harmful attacks, has successfully infiltrated numerous systems, often without the knowledge of the users, disrupting operatio |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Qbot | Unspecified | 6 | Qbot, also known as Qakbot or Pinkslipbot, is a modular information-stealing malware that emerged in 2007 as a banking trojan. Over the years, it has evolved into an advanced malware strain used by multiple cybercriminal groups to compromise networks and prepare them for ransomware attacks. The firs |
| REvil | Unspecified | 6 | REvil is a type of malware, specifically ransomware, that has been linked to significant cyber attacks. It emerged as part of the Ransomware as a Service (RaaS) model that gained popularity in 2020. This model established relationships between first-stage malware and subsequent ransomware attacks, s |
| Lockbit | Unspecified | 6 | LockBit is a malicious software, or malware, that has been notably active and damaging in the cyber world. Known for its ability to infiltrate systems often without detection, it can steal personal information, disrupt operations, and even hold data hostage for ransom. In the first half of 2024, Loc |
| Brute Ratel | Unspecified | 5 | Brute Ratel is a malicious software (malware) that has been increasingly used by cyber threat actors to exploit and damage computer systems. It is often delivered through suspicious downloads, emails, or websites and can infiltrate systems without the user's knowledge. Once inside, Brute Ratel can s |
| Clop | Unspecified | 4 | Clop, also known as Cl0p, is a notorious ransomware group responsible for several high-profile cyberattacks. The group specializes in exploiting vulnerabilities in software and systems to gain unauthorized access, exfiltrate sensitive data, and then extort victims by threatening to release the stole |
| Hive | is related to | 4 | Hive is a malicious software (malware) that has been used by the cybercriminal group, Hunters International, to launch ransomware attacks since October of last year. The group operates as a ransomware-as-a-service (RaaS) provider, spreading Hive rapidly through collaborations with less sophisticated |
| HELLOKITTY | Unspecified | 4 | HelloKitty is a malicious software (malware) that has been designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold dat |
| AvosLocker | Unspecified | 4 | AvosLocker is a type of malware, specifically ransomware, known for its malicious intent to exploit and damage computer systems. This software often infiltrates systems undetected through suspicious downloads, emails, or websites, subsequently causing disruption in operations, theft of personal info |
| MegaCortex | Unspecified | 3 | MegaCortex is a type of malware known for its harmful effects on computer systems and devices. It was identified by Dragos, a cybersecurity firm, as having a relationship with another ransomware called EKANS. Both MegaCortex and EKANS have specific characteristics that pose unique risks to industria |
| Pikabot | Unspecified | 3 | PikaBot is a malicious software (malware) known for providing initial access to infected computers, enabling ransomware deployments, remote takeovers, and data theft. It's part of an array of malware families such as IcedID, Qakbot, Gozi, DarkGate, AsyncRAT, JinxLoader, among others, which have been |
| PlugX | Unspecified | 3 | PlugX is a notorious malware known for its harmful capabilities and stealthy operations. Often used by the Winnti group, it has been linked to various cyber-attacks, leveraging DLL side-loading to remain undetected. This technique allows it to infiltrate systems without raising alarms, making it an |
| Conti, Lockbit | Unspecified | 2 | None |
| Egregor | Unspecified | 2 | Egregor is a variant of the Sekhmet ransomware and operates as Ransomware-as-a-Service (RaaS). It emerged in 2020, suspected to be from former Maze affiliates. Known for its double extortion tactics, Egregor publicly shames its victims by leaking sensitive data if the ransom isn't paid. In one notab |
| Emotet | Unspecified | 2 | Emotet is a highly dangerous and insidious type of malware that has been active, particularly during recent summers. It is distributed primarily through documents attached to emails, using conversations found in compromised accounts. Once an unsuspecting user clicks either the enable button or an im |
| Cactus | is related to | 2 | Cactus is a malicious software (malware) that infiltrates systems to exploit and damage them. This malware, often delivered through suspicious downloads, emails, or websites, can steal personal information, disrupt operations, or hold data hostage for ransom. Cactus has been used in several high-pro |
| Systembc | Unspecified | 2 | SystemBC is a type of malware, or malicious software, that has been heavily utilized in cyber-attacks and data breaches. Throughout 2023, it was frequently used in conjunction with other malware like Quicksand and BlackBasta by cybercriminals to exploit vulnerabilities in computer systems. Play rans |
| Netsupport Manager | Unspecified | 2 | NetSupport Manager is a malicious software (malware) that poses significant threats to computer systems and networks. It is often disguised as legitimate software or tools, such as the 7-zip compression utility or a fake Chrome browser update, to trick users into downloading and installing it. Once |
| Blackbasta | Unspecified | 2 | BlackBasta is a notorious malware, specifically ransomware, that has been associated with several high-profile cyber-attacks. This malicious software infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, |
| Darkgate | Unspecified | 2 | DarkGate is a malicious software (malware) designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. Once embedded in a system, DarkGate can steal personal information, disrupt operations, or hold data for ransom. Recently, the malware was |
| Karakurt | Unspecified | 2 | Karakurt is a malicious software (malware) utilized by cybercriminals for data theft and extortion. It was revealed as the data extortion arm of the Conti cybercrime syndicate, with links to ITG23 affiliates. Karakurt has been associated with numerous attacks, including those carried out by Quantum, |
| Lockbit Black | Unspecified | 2 | LockBit Black, also known as LockBit 3.0, is a sophisticated malware variant that emerged in early 2022. This malicious software encrypts files and disrupts operations on infected devices, often demanding a ransom for the restoration of data. Developed as an iteration of LockBit 2.0 (LockBit Red) re |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Bl00dy | Unspecified | 5 | Bl00dy is a threat actor known for its malicious activities in the cyber world. The group, along with another threat actor called Black Basta, have recently been identified as exploiting bugs in ConnectWise ScreenConnect, a popular remote management tool. This exploitation has led to a significant i |
| Alphv | Unspecified | 5 | Alphv is a threat actor group known for its malicious activities in the cyber world. They have been particularly active in deploying ransomware attacks, with one of their most significant actions being the theft of 5TB of data from Morrison Community Hospital. This act not only disrupted hospital op |
| Kimsuky | Unspecified | 2 | Kimsuky, also known as Springtail, ARCHIPELAGO, Black Banshee, Thallium, Velvet Chollima, and APT43, is a North Korea-linked threat actor first identified by a Kaspersky researcher in 2013. This cyberespionage group has been associated with various malicious activities, including spear-phishing camp |
| Bianlian | is related to | 2 | BianLian is a significant threat actor within the cybersecurity landscape, known for its malicious activities and cyber-attacks. The group has been particularly active in exploiting bugs in JetBrains TeamCity, a popular continuous integration and deployment system used by software development teams. |
| Blackmatter | Unspecified | 2 | BlackMatter is a recognized threat actor in the cybersecurity industry, notorious for its malicious activities and the execution of ransomware attacks. The group initially operated as DarkSide, responsible for the high-profile Colonial Pipeline attack in May 2021, which led to significant attention |
| Vice Society | Unspecified | 2 | Vice Society, a threat actor group known for its malicious activities, has been linked to a series of ransomware attacks targeting various sectors, most notably education and healthcare. Throughout 2022 and the first half of 2023, Vice Society, along with Royal Ransomware, were actively executing mu |
| Conti Ransomware Gang | Unspecified | 2 | The Conti ransomware gang, a notorious threat actor in the cybersecurity landscape, has been responsible for extorting at least $180 million globally. The gang is infamous for the HSE cyberattack in 2021 and has been sanctioned by the National Crime Agency (NCA). In late 2021, experts suggested that |
| Zeon | Unspecified | 2 | Zeon, a known threat actor in the cybersecurity landscape, has been linked to several high-profile ransomware attacks. It was instrumental in crypting SVCReady and CargoBay loaders, observed in Quantum and Royal ransomware attacks respectively. Zeon has also employed third-party ransomware such as B |
| Qilin | Unspecified | 2 | The Qilin ransomware group, a malicious threat actor in the cybersecurity landscape, has been active since at least 2022 and gained significant attention in June 2024 for attacking Synnovis, a UK governmental service provider for healthcare. The group was later associated with Octo Tempest, which ad |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| CVE-2024-1709 | Unspecified | 4 | CVE-2024-1709 is a critical vulnerability in the ConnectWise ScreenConnect software that allows for an authentication bypass. This flaw can enable a remote non-authenticated attacker to bypass the system's authentication process and gain full access. The issue was identified by Sophos Rapid Response |
| Printnightmare | Unspecified | 2 | PrintNightmare (CVE-2021-34527) is a significant vulnerability in the Windows Print Spooler service that allows an attacker to escalate privileges either locally or remotely by loading a malicious DLL which will be executed as SYSTEM. This flaw, potentially a new zero-day Microsoft vulnerability, en |
| CVE-2024-37085 | Unspecified | 2 | None |
| CVE-2024-1708 | Unspecified | 2 | CVE-2024-1708 is a high-severity software vulnerability found in ConnectWise's ScreenConnect software, specifically targeting versions 23.9.7 and earlier. The flaw was officially disclosed by ConnectWise on February 19, 2024. This vulnerability, alongside another (CVE-2024-1709), presents significan |
| Preview | Source Link | CreatedAt | Title |
|---|---|---|---|
| Securelist | 5 days ago | Statistics on PC malware for Q2 2024 | |
| DARKReading | 10 days ago | BlackByte Targets ESXi Bug With Ransomware to Access Virtual Assets | |
| BankInfoSecurity | 15 days ago | Karakurt Ransomware Group Suspect Appears in US Courtroom | |
| Securityaffairs | 21 days ago | Security Affairs newsletter Round 485 by Pierluigi Paganini – INTERNATIONAL EDITION | |
| Securityaffairs | 23 days ago | Black Basta ransomware gang linked to a malware campaign | |
| Securityaffairs | a month ago | SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6 | |
| InfoSecurity-magazine | a month ago | Threat Actors Favor Rclone, WinSCP and cURL as Data Exfiltration Tools | |
| InfoSecurity-magazine | a month ago | #BHUSA: 17.8m Phishing Emails Detected in First Half of 2024 | |
| Checkpoint | a month ago | 5th August – Threat Intelligence Report - Check Point Research | |
| Securityaffairs | a month ago | Keytronic incurred approximately $17 million of expenses following ransomware attack | |
| Securityaffairs | a month ago | security-affairs-malware-newsletter-round-5 | |
| DARKReading | a month ago | Black Basta Develops Custom Malware in Wake of Qakbot Takedown | |
| Securityaffairs | a month ago | +20,000 internet-exposed VMware ESXi instances vulnerable to CVE-2024-37085 | |
| CERT-EU | 8 months ago | Microsoft Disables App Installer Feature Amid Security Concerns | |
| DARKReading | a month ago | Ransomware Gangs Exploit ESXi Bug for Instant, Mass Encryption of VMs | |
| Securityaffairs | a month ago | Ransomware gangs exploit VMware ESXi bug CVE-2024-37085 | |
| Securityaffairs | a month ago | CISA adds VMware ESXi bug to its Known Exploited Vulnerabilities catalog | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 3 | |
| Securityaffairs | 2 months ago | FIN7 group advertises new EDR bypass tool on hacking forums | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 3 |