| ID | Votes | Profile Description |
|---|---|---|
| Emperor Dragonfly | 3 | Emperor Dragonfly, also known as Bronze Starlight or Storm-0401, is a threat actor group linked to China that has been identified as deploying various ransomware payloads. This group targets sectors such as gambling within Southeast Asia. The cybersecurity industry uses different names for the same |
| Dragonfly | 1 | Dragonfly is a notable threat actor known for its malicious activities in the cybersecurity landscape. This group has been particularly active in targeting the energy sector across various countries, including the United States, Switzerland, and Turkey. The tactics employed by Dragonfly often involv |
| APT10 | 1 | APT10, also known as the Menupass Team, is a threat actor believed to operate on behalf of the Chinese Ministry of State Security (MSS). The group has been active since 2009 and is suspected to be based in Tianjin, China, according to research by IntrusionTruth in 2018. APT10 has primarily targeted |
| Bronze University | 1 | Bronze University, also known as Aquatic Panda, ControlX, RedHotel, and Earth Lusca, is a threat actor group believed to be a Chinese state-sponsored hacking operation. The group has been active since 2021, targeting government, aerospace, education, telecommunications, media, and research organizat |
| Bronze Riverside | 1 | BRONZE RIVERSIDE, also known as APT10 and Earth Tengshe, is a threat actor associated with the Chinese Ministry of State Security (MSS). This group has been primarily involved in cyber espionage activities, focusing on the theft of intellectual property from Japanese organizations. The group's activ |
| Lockfile | 1 | LockFile is a type of malicious software, or malware, that has been linked to ransomware activity. This harmful program can infiltrate your system via suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold your data for ransom. Analysis of the PlugX |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| PlugX | Unspecified | 2 | PlugX is a notorious malware, typically associated with Chinese threat actors, that has been used in various cyberattacks. This malicious software infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. It |
| Atomsilo | Unspecified | 1 | AtomSilo is a type of malware that has been linked to several other ransomware families including LockFile, Rook, Night Sky, and Pandora. This connection was revealed through the analysis of Cobalt Strike Beacon samples loaded by HUI Loader. CTU analysis suggests that these five ransomware families |
| Monti | Unspecified | 1 | The Monti group, a malicious cyber entity, has been active since June 2022, shortly after the Conti ransomware gang shut down its operations. The group is known for its malware, Monti, which is a particularly harmful program designed to exploit and damage computer systems. It infiltrates systems thr |
| Pandora Ransomware | Unspecified | 1 | Pandora ransomware is a type of malware that has been connected to several other malicious software strains, including AtomSilo, Night Sky, and Rook. Researchers from CTU identified code overlap between the updated HUI Loader samples and Pandora ransomware, suggesting a common origin or shared devel |
| Qwixxrat | Unspecified | 1 | QwixxRAT is a new form of malware that emerged in August 2023, as reported by SC Magazine and The Hacker News. This information-stealing software has been actively promoted on platforms like Discord and Telegram by threat actors. It's part of an ongoing malicious campaign alongside the deployment of |
| Cobalt Strike Beacon | Unspecified | 1 | Cobalt Strike Beacon is a type of malware known for its harmful capabilities, including stealing personal information, disrupting operations, and potentially holding data hostage for ransom. The malware has been loaded by HUI Loader through various files such as mpc.tmp, dlp.ini, vmtools.ini, and an |
| Rook | Unspecified | 1 | Rook is a malicious software (malware) linked to several ransomware activities, including LockFile, AtomSilo, Night Sky, and Pandora. These activities are associated with the deployment of HUI Loader, which has been used in loading Cobalt Strike Beacon. A CTU analysis revealed that these five ransom |
| Night Sky | Unspecified | 1 | Night Sky is a potent form of malware that has been linked to several significant ransomware activities, including LockFile, AtomSilo, Rook, and Pandora. Analysis of the Cobalt Strike Beacon samples loaded by HUI Loader has revealed a connection between AtomSilo, Night Sky, and Pandora ransomware, s |
| Meterpreter | Unspecified | 1 | Meterpreter, a type of malware, is an attack payload of Metasploit that serves as an interactive shell, enabling threat actors to control and execute code on a system. Advanced Persistent Threat (APT) actors have created and used a variant of Metasploit (Meterpreter) on the ServiceDesk system, liste |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| APT29 | Unspecified | 1 | APT29, also known as Cozy Bear, SVR group, BlueBravo, Nobelium, Midnight Blizzard, and The Dukes, is a threat actor linked to Russia. This group is notorious for its malicious activities in the cybersecurity realm, executing actions with harmful intent. It has been associated with several high-profi |
| APT41 | Unspecified | 1 | APT41, also known as Winnti, Wicked Panda, and Wicked Spider, is a sophisticated threat actor attributed to China. This group has been active since at least 2012, targeting organizations across 14 countries. The group is known for its extensive use of various code families and tools, with at least 4 |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
No associations to display |
| Source | CreatedAt | Title |
|---|---|---|
| Unit42 | 5 days ago | From RA Group to RA World: Evolution of a Ransomware Group |
| DARKReading | a month ago | 'ChamelGang' APT Disguises Espionage Activities With Ransomware |
| CERT-EU | 4 months ago | 12 Months of Fighting Cybercrime & Defending Enterprises | #cybercrime | #infosec | National Cyber Security Consulting |
| CERT-EU | 8 months ago | Chinese Scammers Exploit Cloned Websites in Vast Gambling Network |
| CERT-EU | 8 months ago | Sekoia: Latest in the Financial Sector Cyber Threat Landscape |
| Recorded Future | a year ago | Semiconductor Companies Targeted by Ransomware | Recorded Future |
| CERT-EU | a year ago | Novel CatB ransomware analyzed |
| Recorded Future | a year ago | Semiconductor Companies Targeted by Ransomware | Recorded Future |
| Secureworks | a year ago | BRONZE STARLIGHT Ransomware Operations Use HUI Loader |
| CERT-EU | a year ago | Chinese entanglement - DLL hijacking in the Asian gambling sector – Global Security Mag Online |
| CERT-EU | a year ago | Cybersecurity Firm Group-IB Repeatedly Targeted by Chinese APT |
| InfoSecurity-magazine | a year ago | New Chinese APT Group Launches Supply Chain Attacks |
| Checkpoint | a year ago | 21st August – Threat Intelligence Report - Check Point Research |
| Securityaffairs | a year ago | Security Affairs newsletter Round 433 by Pierluigi Paganini |
| CERT-EU | a year ago | Southeast Asian gambling industry targeted by Chinese hacking operation |
| InfoSecurity-magazine | a year ago | Chinese Hackers Use DLL Hijacking to Target Asian Gamblers |
| CERT-EU | a year ago | Chinese hackers accused of targeting Southeast Asian gambling sector |
| Securityaffairs | a year ago | Bronze Starlight targets the Southeast Asian gambling sector - Security Affairs |
| CERT-EU | a year ago | China-Linked Bronze Starlight Group Targeting Gambling Sector with Cobalt Strike Beacons – GIXtools |