| ID | Votes | Profile Description |
|---|---|---|
| Lockbit | 7 | LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt |
| Conti | 5 | Conti is a type of malware, specifically ransomware, known for its ability to disrupt operations, steal personal information, and hold data hostage for ransom. The malicious software infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. It has been used in |
| QakBot | 4 | Qakbot is a potent malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information, disrupt operations, or e |
| Clop | 3 | Clop is a notorious malware, short for malicious software, known for its disruptive and damaging effects on computer systems. It primarily infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Clop can steal personal information, disrupt o |
| Pikabot | 2 | PikaBot is a harmful malware that emerged in 2023, designed to exploit and damage computer systems. It infiltrates systems through dubious downloads, emails, or websites, often undetected by the user. Once inside a system, PikaBot can pilfer personal information, disrupt operations, or even ransom d |
| Blacksuit | 2 | BlackSuit is a malicious software (malware) that was introduced in May 2023, believed to be a rebranding of the Royal ransomware operation, which itself was a branch of the now-defunct Conti ransomware operation. Various sources have reported similarities in code between Royal and BlackSuit, further |
| Netsupport | 1 | NetSupport is a malicious software (malware) that has been used in various cyberattacks, including the Royal Ransomware attack and assaults by former ITG23 members. It can infiltrate systems through suspicious downloads, emails, or websites and then steal personal information, disrupt operations, or |
| Zeon | 1 | Zeon, a known threat actor in the cybersecurity landscape, has been linked to several high-profile ransomware attacks. It was instrumental in crypting SVCReady and CargoBay loaders, observed in Quantum and Royal ransomware attacks respectively. Zeon has also employed third-party ransomware such as B |
| Trickbot/conti Syndicate | 1 | The Trickbot/Conti syndicate, also known as ITG23, is a threat actor group associated with various malicious activities. Since late February 2023, this group has been linked to Domino Backdoor campaigns utilizing the Dave Loader, a tool used to load malware onto targeted systems. The IBM Security X- |
| Cobaltstrike | 1 | CobaltStrike is a notorious form of malware that has been used in conjunction with other malicious software including IcedID, Qakbot, BazarLoader, Conti, Gozi, Trickbot, Quantum, Emotet, and Royal Ransomware. This malware is typically delivered through suspicious downloads, emails, or websites, ofte |
| Gozi | 1 | Gozi is a notorious malware that has been linked to numerous cyber attacks. It's typically delivered through sophisticated malvertising techniques, often used in conjunction with other initial access malware such as Pikabot botnet agent and IcedID information stealer. When an individual accesses a c |
| IcedID | 1 | IcedID is a malicious software (malware) designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom |
| Sharpdepositorcrypter | 1 | SharpDepositorCrypter, also known as OMCLoader, is a form of malware that was primarily utilized by the BlackBasta ransomware group during most of 2022. The malware originated as a loader for a .NET infostealer named SharpDepositor, which may explain its name found in PDB strings of early samples. H |
| Quixotic | 1 | Quixotic is a potent malware that has been used to crypt various ransomware samples, including BlackBasta and CobaltStrike. In May 2023, it was utilized to encrypt a BlackBasta ransomware sample, while in October 2022, it played a significant role in a CobaltStrike sample used in a BlackBasta attack |
| Pushdo | 1 | Pushdo is a type of malware that has been associated with various cyber attacks and malicious activities. First recognized in 2013, Pushdo was identified as the most widespread "bad bot," infecting over 4.2 million IPs including those of private companies, government agencies, and military networks. |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Royal Ransomware | Unspecified | 4 | Royal Ransomware is a type of malware that has been causing significant disruptions in various sectors, particularly in the United States. Originating from the now-defunct Conti ransomware operation, Royal Ransomware was notorious for its multi-threaded encryption and ability to kill processes withi |
| Hive | Unspecified | 3 | Hive is a malicious software, or malware, that infiltrates systems to exploit and damage them. This malware has been associated with Volt Typhoon, who exfiltrated NTDS.dit and SYSTEM registry hive to crack passwords offline. The Hive operation was primarily involved in port scanning, credential thef |
| Akira | Unspecified | 3 | Akira is a malicious software, or malware, specifically a type of ransomware known for its disruptive and damaging effects. First surfacing in late 2023, it has continued to wreak havoc on various entities, including corporations and industries. This ransomware infects systems through suspicious dow |
| Ryuk | Unspecified | 3 | Ryuk is a sophisticated malware, specifically a ransomware variant, that has been extensively used by cybercriminal group ITG23. The group has been employing crypting techniques for several years to obfuscate their malware, with Ryuk often seen in tandem with other malicious software such as Trickbo |
| REvil | Unspecified | 2 | REvil is a notorious form of malware, specifically ransomware, that infiltrates systems to disrupt operations and steal data. The ransomware operates on a Ransomware as a Service (RaaS) model, which gained traction in 2020. In this model, REvil, like other first-stage malware such as Dridex and Goot |
| Ghost Clown | Unspecified | 2 | Ghost Clown is a malware entity that has been implicated in the deployment of malicious software, specifically ransomware strains like BlackBasta and Conti. This previously undetected ransomware group, along with another affiliate named Space Kook, were identified by anti-ransomware company Halcyon. |
| Cactus | Unspecified | 2 | Cactus is a type of malware, specifically ransomware, that has been implicated in several high-profile cyber-attacks. This malicious software infiltrates systems through deceptive methods such as suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Cactus c |
| Black Basta | Unspecified | 2 | Black Basta is a notorious malware entity known for its devastating ransomware attacks. First emerging in June 2022, the group has since been associated with a series of high-profile cyber-attacks worldwide. This malware, like others, infiltrates systems through suspicious downloads, emails, or webs |
| Blackbasta Ransomware | Unspecified | 2 | BlackBasta is a ransomware-type malware, designed to infiltrate systems undetected and hold data hostage in exchange for ransom. Originating from Russian-speaking regions, this malicious software has been linked to numerous high-profile cyber attacks. The group behind BlackBasta has demonstrated its |
| Karakurt | Unspecified | 2 | Karakurt is a notorious malware and data extortion group, previously affiliated with ITG23, known for its sophisticated tactics, techniques, and procedures (TTPs). The group's operations involve stealing sensitive data from compromised systems and demanding ransoms ranging from $25,000 to a staggeri |
| SVCReady | Unspecified | 1 | SVCReady is a relatively new malware family first observed in malicious spam campaigns at the end of April 2022. This harmful software, designed to exploit and damage computers or devices, was initially unknown but has since been identified through IDS rules published by Proofpoint. The malware infe |
| Cargobay | Unspecified | 1 | CargoBay is a type of malware that has been associated with various ransomware attacks, including Quantum, Zeon, and Royal. It was used to crypt SVCReady, a loader observed in the Quantum ransomware attacks. CargoBay's usage extends beyond this, as it has also been linked to numerous other malicious |
| Qbot | Unspecified | 1 | Qbot, also known as Qakbot or Pinkslipbot, is a modular information-stealing malware that emerged in 2007 as a banking trojan. Over the years, it has evolved into an advanced malware strain used by multiple cybercriminal groups to compromise networks and prepare them for ransomware attacks. The firs |
| Batloader | Unspecified | 1 | Batloader is a malware downloader posing as installers or updates for legitimate applications such as Microsoft Teams, Zoom, and others. This malicious software can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal |
| Cobalt Strike Beacon | Unspecified | 1 | Cobalt Strike Beacon is a type of malware known for its harmful capabilities, including stealing personal information, disrupting operations, and potentially holding data hostage for ransom. The malware has been loaded by HUI Loader through various files such as mpc.tmp, dlp.ini, vmtools.ini, and an |
| Darkgate | Unspecified | 1 | DarkGate is a malicious software (malware) that poses significant threats to computer systems and data. It infiltrates systems through dubious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold your data hos |
| Nokoyawa | is related to | 1 | Nokoyawa is a notorious malware, particularly known for its ransomware capabilities. It has been associated with various other malicious software including Quantum, Royal, BlackBasta, Emotet, IcedID, CobaltStrike, SVCReady, CargoBay, Pushdo, Minodo, DiceLoader, AresLoader, LummaC2, Vidar, Gozi, Cany |
| Diceloader | Unspecified | 1 | Diceloader is a type of malware, short for malicious software, that is designed to infiltrate and damage computer systems. It can infect systems through various means such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside a system, it can steal personal in |
| Lummac2 | Unspecified | 1 | LummaC2 is a relatively new information-stealing malware, first discovered in 2022. The malicious software has been under active development, with researchers identifying LummaC2 4.0 as a dynamic malware strain in November 2023. It's been used by threat actors for initial access or data theft, often |
| Systembc | Unspecified | 1 | SystemBC is a malicious software (malware) that has been used in various cyber attacks to exploit and damage computer systems. This malware was observed in 2023, being heavily used with BlackBasta and Quicksand. It has been deployed by teams using BlackBasta during their attacks. Play ransomware act |
| Vidar | Unspecified | 1 | Vidar is a Windows-based malware written in C++, derived from the Arkei stealer, which is designed to infiltrate and exploit computer systems. It has been used alongside other malware variants such as Emotet, IcedID, CobaltStrike, SVCReady, CargoBay, Pushdo, Minodo, DiceLoader, AresLoader, LummaC2, |
| Aresloader | Unspecified | 1 | AresLoader is a type of malware that was first advertised for sale on the top-tier Russian-language hacking forum XSS in December 2022 by a threat actor named "DarkBLUP". This malicious software is designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emai |
| Minodo | Unspecified | 1 | Minodo is a type of malware, a harmful program designed to exploit and damage computer systems. It can infiltrate your system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data h |
| HELLOKITTY | Unspecified | 1 | HelloKitty is a malicious software (malware) that has been designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold dat |
| cryptolocker | Unspecified | 1 | CryptoLocker is a type of malware, specifically ransomware, that emerged as a significant threat to cybersecurity worldwide. This malicious software infiltrated systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, CryptoLocker encrypted user |
| MegaCortex | Unspecified | 1 | MegaCortex is a type of malware known for its harmful effects on computer systems and devices. It was identified by Dragos, a cybersecurity firm, as having a relationship with another ransomware called EKANS. Both MegaCortex and EKANS have specific characteristics that pose unique risks to industria |
| Babuk | Unspecified | 1 | Babuk is a type of malware, specifically ransomware, which is designed to infiltrate systems and hold data hostage for ransom. It can be delivered through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside a system, Babuk can disrupt operations and steal perso |
| Forest | Unspecified | 1 | Forest is a potent malware that leverages the Golden Ticket, an authentication ticket (TGT), to gain domain-wide access. It exploits the TGT to acquire service tickets (TGS) used for accessing resources across the entire domain and the Active Directory (AD) forest by leveraging SID History. The malw |
| Emotet | Unspecified | 1 | Emotet is a highly dangerous and insidious malware that has resurfaced with increased activity this summer. Originally distributed via email attachments, it infiltrates systems often without the user's knowledge, forming botnets under the control of criminals for large-scale attacks. Once infected, |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Alphv | Unspecified | 7 | AlphV, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. This group has been involved in numerous high-profile attacks, including stealing 5TB of data from Morrison Community Hospital and compromising Clarion, a global manufacturer of audio and video equipment for car |
| Bianlian | Unspecified | 3 | BianLian is a threat actor that has been increasingly active in cybercrimes. The group is known for its malicious activities, including the execution of actions with harmful intent. In a series of recent events, BianLian has exploited vulnerabilities in JetBrains TeamCity, a continuous integration a |
| FIN7 | Unspecified | 2 | FIN7, a notorious threat actor group known for its malicious activities, has recently been identified as targeting a large U.S. carmaker with phishing attacks. This group, which has previously operated behind fake cybersecurity companies such as Combi Security and Bastion Secure to recruit security |
| Space Kook | Unspecified | 2 | Space Kook is a threat actor, or malicious entity, identified in the cybersecurity industry for its involvement in ransomware operations. Named after a villain from Scooby Doo, Space Kook was first linked to malicious activities by Halcyon's analysis, which showed connections to an initial access br |
| ITG23 | Unspecified | 1 | ITG23, also known as the Trickbot/Conti syndicate, is a significant threat actor that has been active since 2016 in the East European cybercrime arena. This group is renowned for its use of Reflective DLL Injection code in many of its crypters, with the presence of these crypters on a file sample be |
| Qilin | Unspecified | 1 | Qilin, a notable threat actor in the cybersecurity landscape, has been significantly active over the last two years, compromising more than 150 organizations across 25 countries and various industries. Originally evolving from the Agenda ransomware written in Go, Qilin has since transitioned to Rust |
| Bl00dy | Unspecified | 1 | Bl00dy is a threat actor known for its malicious activities in the cyber world. The group, along with another threat actor called Black Basta, have recently been identified as exploiting bugs in ConnectWise ScreenConnect, a popular remote management tool. This exploitation has led to a significant i |
| Medusa | Unspecified | 1 | Medusa, a threat actor group, has been identified as a rising menace in the cybersecurity landscape, with its ransomware activities escalating significantly. In November 2023, Medusa and other groups like LockBit and ALPHV (BlackCat) exploited a zero-day vulnerability known as Citrix Bleed (CVE-2023 |
| ITG14 | Unspecified | 1 | ITG14, a threat actor identified in the cybersecurity industry, has recently been linked to malicious activities involving the Domino Backdoor. X-Force researchers have found substantial evidence connecting the Domino Backdoor to ITG14’s Carbanak Backdoor. The Domino Backdoor not only shares signifi |
| Vice Society | Unspecified | 1 | Vice Society, a threat actor group known for its malicious activities, has been linked to a series of ransomware attacks targeting various sectors, most notably education and healthcare. Throughout 2022 and the first half of 2023, Vice Society, along with Royal Ransomware, were actively executing mu |
| Conti Ransomware Gang | Unspecified | 1 | The Conti ransomware gang, a notorious threat actor in the cybersecurity landscape, has been responsible for extorting at least $180 million globally. The gang is infamous for the HSE cyberattack in 2021 and has been sanctioned by the National Crime Agency (NCA). In late 2021, experts suggested that |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Citrix Bleed | Unspecified | 1 | Citrix Bleed, identified as CVE-2023-4966, is a severe software vulnerability in Citrix Netscaler Gateway and Netscaler ADC products, with a high CVSS score of 9.4 indicating its critical nature. This flaw allows for sensitive information disclosure, bypassing password requirements and multifactor a |
| Lockbit Medusa Vice Society | Unspecified | 1 | None |
| Sharpdepositorcrypter Sdc)/omcloader | Unspecified | 1 | None |
| Source | CreatedAt | Title |
|---|---|---|
| Securityaffairs | 5 days ago | Security Affairs Malware Newsletter - Round 3 |
| Securityaffairs | 6 days ago | Security Affairs Malware Newsletter - Round 3 |
| Securityaffairs | 12 days ago | Security Affairs Malware Newsletter - Round 2 |
| Securityaffairs | 20 days ago | Security Affairs Malware Newsletter - Round 1 |
| Securityaffairs | 23 days ago | Operation Morpheus took down 593 Cobalt Strike servers used by threat actors |
| InfoSecurity-magazine | 24 days ago | Ransomware Attack Demands Reach a Staggering $5.2m in 2024 |
| Securityaffairs | a month ago | Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Securityaffairs | a month ago | Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Securityaffairs | a month ago | Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Securityaffairs | 2 months ago | A ransomware attack on Synnovis impacted several London hospitals |
| Securityaffairs | 2 months ago | Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Securityaffairs | 2 months ago | OmniVision disclosed a data breach after the 2023 Cactus ransomware attack |
| Securityaffairs | 2 months ago | Blackbasta group claims to have hacked Atlas, one of the largest US oil distributors |
| BankInfoSecurity | 2 months ago | Breach Roundup: Kimsuky Serves Linux Trojan |
| Securityaffairs | 3 months ago | Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Securityaffairs | 3 months ago | Blackbasta gang Synlab Italia attack |
| Checkpoint | 3 months ago | 15th April – Threat Intelligence Report - Check Point Research |
| CERT-EU | 4 months ago | Ransomware Groups' Data Leak Blogs Lie: Stop Trusting Them | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting |
| BankInfoSecurity | 4 months ago | Ransomware Groups' Data Leak Blogs Lie: Stop Trusting Them |
| CERT-EU | 4 months ago | Ransomware cybercriminals continue to target manufacturers | #ransomware | #cybercrime | National Cyber Security Consulting |