| ID | Votes | Profile Description |
|---|---|---|
| TA505 | 3 | TA505, also known as Cl0p Ransomware Gang and Lace Tempest, is a highly active and sophisticated cybercriminal group. The group has been associated with various high-profile cyber-attacks, demonstrating adaptability through a multi-vector approach to their operations. In June 2023, the U.S. Cybersec |
| Clop | 2 | Clop is a notorious malware, short for malicious software, known for its disruptive and damaging effects on computer systems. It primarily infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Clop can steal personal information, disrupt o |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Get2 | Unspecified | 2 | Get2 is a type of malware, harmful software designed to infiltrate and damage computer systems or devices. It can be unknowingly downloaded through suspicious emails, downloads, or websites, enabling it to steal personal information, disrupt operations, or hold data hostage for ransom. Among the mos |
| FlawedAmmyy | Unspecified | 2 | FlawedAmmyy is a notable malware, specifically a Remote Access Trojan (RAT), that has been leveraged by threat actors for malicious purposes. The malware is designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites unbeknownst to the user. |
| FlawedGrace | Unspecified | 2 | FlawedGrace is a notorious malware, a remote access trojan (RAT), that has been used extensively in cyberattacks. It was first brought to light in June 2023 when The DFIR Report revealed its use in Truebot operations. In these operations, following the successful download of a malicious file, Truebo |
| Lemurloot | Unspecified | 2 | LemurLoot is a malicious software, or malware, specifically a web shell written in C# that targets the MOVEit Transfer platform. It was developed and deployed by the CL0P ransomware group to exploit vulnerabilities in systems and steal data. In May 2023, the group exploited a SQL injection zero-day |
| Hive | Unspecified | 1 | Hive is a malicious software, or malware, that infiltrates systems to exploit and damage them. This malware has been associated with Volt Typhoon, who exfiltrated NTDS.dit and SYSTEM registry hive to crack passwords offline. The Hive operation was primarily involved in port scanning, credential thef |
| REvil | Unspecified | 1 | REvil is a notorious form of malware, specifically ransomware, that infiltrates systems to disrupt operations and steal data. The ransomware operates on a Ransomware as a Service (RaaS) model, which gained traction in 2020. In this model, REvil, like other first-stage malware such as Dridex and Goot |
| SDBbot | Unspecified | 1 | SDBbot is a malicious software (malware) that infiltrates computer systems typically through deceptive downloads, emails, or websites. In the context of cyber threats, it falls under the category of custom malware, used by threat groups such as GOLD TAHOE. Other common offensive security tools and c |
| IcedID | Unspecified | 1 | IcedID is a malicious software (malware) designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Volt Typhoon | Unspecified | 1 | Volt Typhoon, a threat actor linked to China, has been identified as a significant cyber threat with strong operational security. Known for their sophisticated Advanced Persistent Threat (APT) activities, this group has been associated with the KV-Botnet and has remained undetected within U.S. infra |
| Snake | Unspecified | 1 | Snake, also known as EKANS, is a significant threat actor that has been active since at least 2004, with its activities potentially dating back to the late 1990s. This group, which may have ties to Iran, targets diplomatic and government organizations as well as private businesses across various reg |
| Evil Corp | Unspecified | 1 | Evil Corp, a threat actor group based in Russia, has been identified as a significant cybercrime entity responsible for the execution of malicious actions. The alleged leader of this group is Maksim Yakubets, who is notably associated with Dridex malware operations. The U.S. Treasury imposed sanctio |
| Lace Tempest | Unspecified | 1 | Lace Tempest, a threat actor known for executing actions with malicious intent, has been identified as the orchestrator behind a series of cyber attacks exploiting a zero-day vulnerability in SysAid. The exploit was first brought to light by SysAid and further detailed in a blog post on TuxCare. Thi |
| FIN7 | Unspecified | 1 | FIN7, a notorious threat actor group known for its malicious activities, has recently been identified as targeting a large U.S. carmaker with phishing attacks. This group, which has previously operated behind fake cybersecurity companies such as Combi Security and Bastion Secure to recruit security |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| CVE-2023-34362 | Unspecified | 5 | CVE-2023-34362 is a critical SQL injection vulnerability discovered in Progress Software's managed file transfer (MFT) solution known as MOVEit Transfer. This flaw in software design or implementation was first exploited by the CL0P Ransomware Gang, also known as TA505, beginning on May 27, 2023. Th |
| CVE-2023-0669 | Unspecified | 2 | CVE-2023-0669 is a software vulnerability that originated in Fortra's GoAnywhere Managed File Transfer (MFT) tool, which is a secure file transfer solution. This flaw, a remote code execution (RCE) vulnerability, allows unauthorized users to execute arbitrary commands on the affected system. The Clo |
| CVE-2023-3436 | Unspecified | 1 | None |
| CVE-2023-27350 | Unspecified | 1 | CVE-2023-27350 is a significant software vulnerability discovered in PaperCut NG/MF, a popular print management software. This flaw in software design or implementation allows attackers to bypass authentication and execute code with system privileges, posing a serious threat to both server and inter |
| CVE-2023-3462 | Unspecified | 1 | None |
| CVE-2023-27351 | Unspecified | 1 | None |
| CVE-2023-35708 | Unspecified | 1 | CVE-2023-35708 is a critical software vulnerability, specifically an SQL injection flaw, that affected the MOVEit Transfer application. This issue was identified as a privilege escalation vulnerability, meaning it could potentially allow unauthorized users to gain elevated access rights within the s |
| CVE-2023-35036 | Unspecified | 1 | CVE-2023-35036 is a significant vulnerability identified in the MOVEit Transfer software, part of the Progress Software suite. This flaw was first reported on June 16, 2023, following the discovery and exploitation of CVE-2023-34362 by a Clop ransomware affiliate. The CVE-2023-35036 vulnerability pr |
| Source | CreatedAt | Title |
|---|---|---|
| CERT-EU | a year ago | CalPERS Latest Victim of MOVEit Hack with Data of Estimated 700K Members, Retirees Exposed | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting |
| CERT-EU | a year ago | New DoJ Cyber Prosecution Team Will Go After Nation-State Threat Actors |
| CERT-EU | a year ago | Avast, Norton Parent Latest Victim of MOVEit Ransomware Attacks |
| CERT-EU | a year ago | Hackers target DMV to expose data of 9.5 million people | Digital Trends |
| CERT-EU | a year ago | Zero-Day-Lücke: Cl0p nennt weitere Opfer der MOVEit-Transfer-Schwachstellen |
| CERT-EU | a year ago | SQL injection vulnerability in MOVEit Transfer leads to data breaches worldwide |
| CERT-EU | a year ago | Progress Software hit with class action lawsuit over MOVEit hack |
| CERT-EU | a year ago | Zero-Day-Lücke: Cl0p nennt weitere Opfer der MOVEit-Transfer-Schwachstellen |
| CERT-EU | a year ago | MOVEIt Vulnerability: A Painful Reminder That Threat Actors Aren’t the Only Ones Responsible for a Data Breach - Security Boulevard |
| Malwarebytes | a year ago | US dangles $10 million reward for information about Cl0p ransomware gang |
| CERT-EU | a year ago | La empresa de ciberseguridad Norton Lifelock, se convierte en vÃctima de ransomware, ¡ Que dios salve a los clientes! |
| CERT-EU | a year ago | EY and PwC Among the Many Entities Caught Up in the MOVEit Cybersecurity Breach Ransom | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting |
| DARKReading | a year ago | Fresh Ransomware Gangs Emerge As Market Leaders Decline |
| CERT-EU | a year ago | The US government is offering $10 million for tips about Cl0p ransomware |
| CERT-EU | a year ago | attack on BBC and BA offers glimpse into the future of cybercrime | #cybercrime | #infosec | National Cyber Security Consulting |
| CERT-EU | a year ago | Moveit hack: attack on BBC and BA offers glimpse into the future of cybercrime |
| CERT-EU | a year ago | Datenleck: Verivox von MOVEit-Lücke betroffen |
| CERT-EU | a year ago | US authorities offer up to $10M for info on Clop ransomware |
| CERT-EU | a year ago | MOVEit Customers Urged to Patch Third Critical Vulnerability |
| CERT-EU | a year ago | Datenleck: Verivox von MOVEit-Lücke betroffen |