| ID | Votes | Profile Description |
|---|---|---|
| FIN7 | 5 | FIN7, a notorious threat actor group known for its malicious activities, has recently been identified as targeting a large U.S. carmaker with phishing attacks. This group, which has previously operated behind fake cybersecurity companies such as Combi Security and Bastion Secure to recruit security |
| Carbanak Backdoor | 4 | The Carbanak Backdoor is a notorious malware, designed to exploit and damage computer systems. It is associated with the FIN7 threat group, also known as the "Carbanak Group", although not all usage of the Carbanak Backdoor can be directly linked to FIN7. This malicious software infiltrates systems |
| Diceloader | 4 | Diceloader is a type of malware, short for malicious software, that is designed to infiltrate and damage computer systems. It can infect systems through various means such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside a system, it can steal personal in |
| Anunak | 3 | Anunak, also known as Carbanak or FIN7, is a prominent threat actor in the cybercrime landscape. The group emerged around 2013 and specializes in financial theft, primarily targeting Eastern European banks, U.S. and European point-of-sale systems, and other entities. The name "Carbanak" was coined b |
| Newworldorder Loader | 2 | NewWorldOrder Loader is a potent malware that was identified in December 2022. It operates as a loader for other malicious software, effectively helping them infiltrate systems undetected. This harmful program is particularly notable for its association with the Domino Backdoor and Carbanak Backdoor |
| Carbon Spider | 2 | CARBON SPIDER, also known as FIN7 and Sangria Tempest, is a threat actor that has been active in the eCrime space since approximately 2013. This criminally motivated group primarily targets the hospitality and retail sectors with the aim of obtaining payment card data. The group has been linked to s |
| Carbanak Group | 2 | The Carbanak Group, also known as FIN7, is a notorious cybercrime gang responsible for some of the largest banking heists in history. This threat actor specializes in executing actions with malicious intent, often deploying data-stealing backdoors such as the CARBANAK malware. Despite several arrest |
| Sangria Tempest | 2 | Sangria Tempest, also known as FIN7, Carbon Spider, and ELBRUS, is a threat actor that has been active since 2014. This Russian advanced persistent threat (APT) group is known for its malicious activities, including spear-phishing campaigns, malware distribution, and theft of payment card data. In m |
| Eugenloader | 1 | EugenLoader, also known as FakeBat, is a form of malware that was detected by Microsoft in mid-November 2023. It was distributed by an initial access broker known as Storm-1113 through search advertisements mimicking the Zoom app, with the malware delivered via bogus MSIX installers masquerading as |
| Cobalt Group | 1 | The Cobalt Group is a significant threat actor known for its financially-motivated cybercrime activities. This group, along with the Russian state-sponsored hacking group APT28, was responsible for almost half of all cybersecurity incidents in 2023, according to TechRadar. The Cobalt Group's modus o |
| Domino Backdoor | 1 | The Domino Backdoor is a type of malware that has been linked to multiple threat groups, highlighting the complexity of tracking these actors and their operations. This malicious software, designed to exploit and damage computers or devices, can steal personal information, disrupt operations, or hol |
| Aukill | 1 | AuKill is a malicious software (malware) developed by the notorious cybercrime group FIN7, also known as Carbanak, Carbon Spider, Cobalt Group, and Navigator Group. This malware has been in development since April 2022 and is specifically designed to undermine endpoint security, targeting the protec |
| Blackmatter | 1 | BlackMatter is a recognized threat actor in the cybersecurity industry, notorious for its malicious activities and the execution of ransomware attacks. The group initially operated as DarkSide, responsible for the high-profile Colonial Pipeline attack in May 2021, which led to significant attention |
| REvil | 1 | REvil is a notorious form of malware, specifically ransomware, that infiltrates systems to disrupt operations and steal data. The ransomware operates on a Ransomware as a Service (RaaS) model, which gained traction in 2020. In this model, REvil, like other first-stage malware such as Dridex and Goot |
| Dark Side | 1 | Dark Side is a malicious software (malware) that poses significant threats to computer systems and devices. It infiltrates systems often through suspicious downloads, emails, or websites, with the potential to steal personal information, disrupt operations, or even hold data for ransom. This malware |
| Carbanak C2 | 1 | None |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Lizar | Unspecified | 3 | Lizar, also known as Tirion or Diceloader, is a malicious software developed by the threat group ITG14. It's designed to exploit and damage computers or devices, infiltrating systems through suspicious downloads, emails, or websites. Once installed, it can steal personal information, disrupt operati |
| Cobalt Strike Beacon | Unspecified | 2 | Cobalt Strike Beacon is a type of malware known for its harmful capabilities, including stealing personal information, disrupting operations, and potentially holding data hostage for ransom. The malware has been loaded by HUI Loader through various files such as mpc.tmp, dlp.ini, vmtools.ini, and an |
| Gracewire | Unspecified | 2 | Gracewire is a potent malware that has been deployed by threat actors to exploit and damage computer systems. It is typically delivered through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside a system, it can steal personal information, disrupt operations, |
| Domino | Unspecified | 2 | The Domino malware, a harmful program designed to exploit and damage computer systems, has been identified as the culprit behind a series of high-profile cyber attacks. The first notable incident occurred when a hacker claimed to have accessed Domino's India's massive 13 TB database on the Dark Web, |
| Netsupport | Unspecified | 1 | NetSupport is a malicious software (malware) that has been used in various cyberattacks, including the Royal Ransomware attack and assaults by former ITG23 members. It can infiltrate systems through suspicious downloads, emails, or websites and then steal personal information, disrupt operations, or |
| Darkgate | Unspecified | 1 | DarkGate is a malicious software (malware) that poses significant threats to computer systems and data. It infiltrates systems through dubious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold your data hos |
| Batloader | Unspecified | 1 | Batloader is a malware downloader posing as installers or updates for legitimate applications such as Microsoft Teams, Zoom, and others. This malicious software can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal |
| Netsupport Rat | Unspecified | 1 | NetSupport RAT is a type of malware that can significantly compromise an organization's digital security. Originally derived from the legitimate NetSupport Manager, a remote technical support tool, this malware infects systems through suspicious downloads, emails, or websites, often unbeknownst to t |
| Mars | Unspecified | 1 | Mars is a malicious software (malware) that has been discovered by Trend Micro's Mobile Application Reputation Service (MARS) team. This malware is particularly damaging as it involves two new Android malware families related to cryptocurrency mining and financially-motivated scam campaigns, targeti |
| Dridex | Unspecified | 1 | Dridex is a well-known malware, specifically a banking Trojan, that has been utilized by cybercriminals to exploit and damage computer systems. The malware infiltrates systems through dubious downloads, emails, or websites, often unbeknownst to the user, and can steal personal information, disrupt o |
| Carberp | Unspecified | 1 | Carberp is a notable malware that has been widely used and modified by various threat actors. Its source code, which was leaked in 2013, has become the basis for a multitude of other malicious software due to its sophisticated design and capabilities. The malware can infiltrate systems through dubio |
| BOOSTWRITE | Unspecified | 1 | Boostwrite is a sophisticated malware tool developed by the cybercriminal group FIN7. It operates as an in-memory-only dropper, decrypting embedded payloads using an encryption key retrieved from a remote server during runtime. The malware has been observed to contain two main payloads: CARBANAK and |
| RDFSNIFFER | Unspecified | 1 | RDFSNIFFER is a newly identified malware payload of the BOOSTWRITE variant, discovered by Mandiant investigators. Developed to tamper with NCR Corporation's “Aloha Command Center” client, it has been used maliciously by several financial attackers including FIN7. When loaded by BOOSTWRITE, RDFSNIFFE |
| Black Basta | Unspecified | 1 | Black Basta is a notorious malware entity known for its devastating ransomware attacks. First emerging in June 2022, the group has since been associated with a series of high-profile cyber-attacks worldwide. This malware, like others, infiltrates systems through suspicious downloads, emails, or webs |
| GRIFFON | Unspecified | 1 | Griffon is a type of malware, malicious software designed to infiltrate and damage computers or devices without the user's knowledge. It can be spread through dubious downloads, emails, or websites, and once inside a system, it can steal personal information, disrupt operations, or even hold data fo |
| Pillowmint | Unspecified | 1 | None |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| ITG14 | Unspecified | 2 | ITG14, a threat actor identified in the cybersecurity industry, has recently been linked to malicious activities involving the Domino Backdoor. X-Force researchers have found substantial evidence connecting the Domino Backdoor to ITG14’s Carbanak Backdoor. The Domino Backdoor not only shares signifi |
| Lazarus Group | Unspecified | 1 | The Lazarus Group, a notorious threat actor believed to be linked to North Korea, has been attributed with a series of significant cyber-attacks over the past few years. The group's malicious activities include the exploitation of digital infrastructure, stealing cryptocurrency, and executing large- |
| GCMAN | Unspecified | 1 | GCMAN is a threat actor group that was discovered by Kaspersky Lab, as announced at the Security Analyst Summit (SAS 2016). The group has been involved in Advanced Persistent Threat (APT) style bank robberies, similar to two other groups, Metel and Carbanak. GCMAN uses code compiled on the GCC compi |
| Sodinokibi | Unspecified | 1 | Sodinokibi, also known as REvil, is a significant threat actor first identified in April 2019. This ransomware family operates as a Ransomware-as-a-Service (RaaS) and has been responsible for one in three ransomware incidents responded to by IBM Security X-Force in 2020. The Sodinokibi ransomware st |
| Alphv | Unspecified | 1 | AlphV, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. This group has been involved in numerous high-profile attacks, including stealing 5TB of data from Morrison Community Hospital and compromising Clarion, a global manufacturer of audio and video equipment for car |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Birdwatch/jssloader | Unspecified | 1 | None |
| Source | CreatedAt | Title |
|---|---|---|
| Securityaffairs | 5 days ago | Security Affairs Malware Newsletter - Round 3 |
| Securityaffairs | 6 days ago | Security Affairs Malware Newsletter - Round 3 |
| DARKReading | 10 days ago | Security End-Run: 'AuKill' Shuts Down Windows-Reliant EDR Processes |
| Securityaffairs | 12 days ago | Security Affairs Malware Newsletter - Round 2 |
| Securityaffairs | 20 days ago | Security Affairs Malware Newsletter - Round 1 |
| Securityaffairs | a month ago | Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Securityaffairs | a month ago | Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Securityaffairs | a month ago | Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Securityaffairs | 2 months ago | Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Securityaffairs | 3 months ago | Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Securityaffairs | 3 months ago | Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION |
| BankInfoSecurity | 3 months ago | FIN7 Targeted US Automotive Giant In Failed Attack |
| Securityaffairs | 3 months ago | FIN7 targeted a large U.S. carmaker with phishing attacks |
| Securityaffairs | 3 months ago | Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Securityaffairs | 4 months ago | Security Affairs newsletter Round 466 by Pierluigi Paganini |
| Securityaffairs | 4 months ago | Security Affairs newsletter Round 465 by Pierluigi Paganini |
| Securityaffairs | 4 months ago | Security Affairs newsletter Round 464 by Pierluigi Paganini |
| Securityaffairs | 4 months ago | Security Affairs newsletter Round 463 by Pierluigi Paganini |
| Securityaffairs | 5 months ago | Security Affairs newsletter Round 462 by Pierluigi Paganini |
| Securityaffairs | 5 months ago | Security Affairs newsletter Round 461 by Pierluigi Paganini |