| ID | Votes | Profile Description |
|---|---|---|
| Splm | 1 | SPLM, also known as XAgent or CHOPSTICK, is a sophisticated malware variant deployed by the Sofacy group. The group, notorious for its cyber espionage campaigns, expanded its arsenal in 2013, adding SPLM among other backdoors and tools such as CORESHELL, JHUHUGIT, AZZY, and more. These campaigns hav |
| CORESHELL | 1 | Coreshell is a variant of Sofacy malware used by threat actors to compromise systems and steal sensitive information. Malware, like Coreshell, can infect computer systems through suspicious downloads, emails, or websites. Once inside, it can disrupt operations, steal personal information, or hold da |
| ADVSTORESHELL | 1 | None |
| JHUHUGIT | 1 | Jhuhugit is a type of malware that was used in Sofacy attacks as a first-stage implant. It became relatively popular and was also used with a Java zero-day in July 2015. The Sofacy group, which utilized jhuhugit, expanded their arsenal in 2013 by adding more backdoors and tools, including CORESHELL, |
| Azzy | 1 | Azzy is a malware implant developed by the Sofacy group, known for its malicious activities aimed at exploiting and damaging computer systems. Earlier this year, we identified a new release of the Azzy implant that was largely undetected by anti-malware products at the time. This version first appea |
| Downdelph | 1 | None |
| TrickBot | 1 | TrickBot is a notorious form of malware that infiltrates systems to exploit and damage them, often through suspicious downloads, emails, or websites. Once it has breached a system, TrickBot can steal personal information, disrupt operations, and even hold data hostage for ransom. It has been linked |
| Xagent | 1 | XAgent is a sophisticated malware developed by the Sofacy group, also known as APT28 or Fancy Bear. This malicious software was added to the group's arsenal in 2013, alongside other backdoors and tools such as CORESHELL, SPLM (also known as Xagent or CHOPSTICK), JHUHUGIT, AZZY, and others. XAgent is |
| Kbot | 1 | KBot, a malware identified and analyzed by Kaspersky in February 2020, is one of the most recent viruses to spread in the wild. This malicious software, designed to exploit and damage computers or devices, typically infiltrates systems through suspicious downloads, emails, or websites, often unbekno |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Komplex | Unspecified | 1 | Komplex is a form of malware believed to be used by the Sofacy group, a cyber espionage group. This backdoor Trojan targets macOS systems and shares similarities with XAgentOSX, another tool supposedly developed by the same actor. The authors of this malware have named it Komplex, which was discover |
| Carbanak | Unspecified | 1 | Carbanak is a sophisticated type of malware, short for malicious software, that is designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt |
| Trickbot’s | Unspecified | 1 | None |
| Ramsay | Unspecified | 1 | Ramsay is a sophisticated malware that was discovered by researchers at ESET in 2020. This malicious software is designed to infiltrate and exploit air-gapped networks, which are typically isolated from other networks for security reasons. Once it has infected a system, Ramsay can collect and exfilt |
| Isfb | Unspecified | 1 | ISFB, also known as Gozi or Ursnif, is a form of malware that has been a significant part of the cyberthreat landscape for several years. This malicious software is designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites without the user' |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Sofacy | Unspecified | 1 | Sofacy is a threat actor group that has been observed using multiple languages to create variants of the Zebrocy Trojan and Cannon. In one campaign, they relied heavily on filenames to lure victims into launching weaponized documents. The group packed only Delphi variants in an attempt to increase e |
| APT28 | Unspecified | 1 | APT28, also known as Fancy Bear, is a threat actor linked to Russia and has been involved in numerous cyber espionage campaigns. The group is notorious for its sophisticated tactics, techniques, and procedures (TTPs). Recently, NATO and the EU formally condemned APT28's activities, acknowledging the |
| Sofacy Group | Unspecified | 1 | The Sofacy Group, also known as APT28, Fancy Bear, Pawn Storm, Sednit, BlueDelta, and STRONTIUM, is a significant threat actor in the global cybersecurity landscape. Active since at least 2007, this group has targeted governments, militaries, and security organizations worldwide. The group's activit |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
No associations to display |
| Source | CreatedAt | Title |
|---|---|---|
| MITRE | a year ago | Sofacy APT hits high profile targets with updated toolset |
| MITRE | a year ago | IRON TWILIGHT Supports Active Measures |
| MITRE | a year ago | A Slice of 2017 Sofacy Activity |
| MITRE | a year ago | Tricks of the Trade: A Deeper Look Into TrickBot's Machinations |
| MITRE | a year ago | Trickbot Adds Credential-Grabbing Capabilities |
| MITRE | a year ago | PowerLoader Injection – Something truly amazing – MalwareTech |
| MITRE | a year ago | XAgentOSX: Sofacy’s XAgent macOS Tool |
| MITRE | a year ago | Sofacy Attacks Multiple Government Entities |
| MITRE | a year ago | Ramsay: A cyber‑espionage toolkit tailored for air‑gapped networks | WeLiveSecurity |
| MITRE | a year ago | The Great Bank Robbery: the Carbanak APT |
| MITRE | a year ago | CARBERP - Threat Encyclopedia |
| MITRE | a year ago | Sofacy’s ‘Komplex’ OS X Trojan |
| CERT Polska | a year ago | Newest addition to a happy family: KBOT |