| ID | Votes | Profile Description |
|---|---|---|
| CVE-2023-34362 | 13 | CVE-2023-34362 is a critical SQL injection vulnerability discovered in Progress Software's managed file transfer (MFT) solution known as MOVEit Transfer. This flaw in software design or implementation was first exploited by the CL0P Ransomware Gang, also known as TA505, beginning on May 27, 2023. Th |
| TA505 | 9 | TA505, also known as Cl0p Ransomware Gang and Lace Tempest, is a highly active and sophisticated cybercriminal group. The group has been associated with various high-profile cyber-attacks, demonstrating adaptability through a multi-vector approach to their operations. In June 2023, the U.S. Cybersec |
| Clop Ransomware Group | 8 | The Clop ransomware group, a threat actor in the cybersecurity realm, has been recognized for its malicious activities involving the exploitation of software vulnerabilities. These entities, which can range from individuals to government entities, are responsible for executing actions with harmful i |
| fin11 | 7 | FIN11, a threat actor group also known as Lace Tempest or TA505, has been linked to the development and deployment of Cl0p ransomware. This malicious software is believed to be a variant of another ransomware, CryptoMix, and is typically used by FIN11 to encrypt files on a victim's network after ste |
| Truebot | 7 | Truebot is a highly potent malware used by the threat actor group CL0P, which has been linked to various malicious activities aimed at exploiting and damaging computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once embedded, |
| Lace Tempest | 6 | Lace Tempest, a threat actor known for executing actions with malicious intent, has been identified as the orchestrator behind a series of cyber attacks exploiting a zero-day vulnerability in SysAid. The exploit was first brought to light by SysAid and further detailed in a blog post on TuxCare. Thi |
| cl0p group | 5 | The Cl0p group, a threat actor in the cybersecurity landscape, has been responsible for a significant surge in ransomware attacks. This group notably exploited a previously unknown SQL injection (SQLi) vulnerability in MOVEit's file-transfer application to steal data from companies. In 2023, they br |
| truebot malware | 4 | Truebot malware is a malicious software that infiltrates computer systems, often without the user's knowledge, to exploit and damage the device. It was primarily delivered by cyber threat actors via malicious phishing email attachments, but newer versions observed in 2023 also gained initial access |
| Blackbasta | 3 | BlackBasta is a malicious software (malware) known for its disruptive and damaging effects on computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even ho |
| Snakefly | 2 | Snakefly, also known as FIN11 and TA505, is a threat actor known for its malicious activities primarily aimed at organizations in North America and Europe. The group is financially motivated and has been active since at least early 2019. Snakefly is particularly associated with the deployment of Cl0 |
| cl0p | 2 | Cl0p is a threat actor group that has emerged as the most used ransomware in March 2023, dethroning LockBit. The group has successfully exploited zero-day vulnerabilities in the past, but such attacks are relatively rare. Recent research by Malwarebytes highlights the bias of ransomware gangs for at |
| Cl0p Ransomware Syndicate | 1 | The Cl0p ransomware syndicate, a Russian hacker group, is known for its malicious software attacks designed to exploit and damage computer systems. The malware infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal inf |
| Truebot Botnet | 1 | None |
| Dev-0950 | 1 | Lace Tempest, also known as DEV-0950 or TA-505, is a threat actor associated with the deployment of Clop ransomware. This group has been noted for its use of GoAnywhere exploits and Raspberry Robin infection hand-offs in past ransomware campaigns. Microsoft has attributed recent attacks exploiting t |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Lockbit | is related to | 16 | LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt |
| Akira | Unspecified | 6 | Akira is a malicious software, or malware, specifically a type of ransomware known for its disruptive and damaging effects. First surfacing in late 2023, it has continued to wreak havoc on various entities, including corporations and industries. This ransomware infects systems through suspicious dow |
| Conti | Unspecified | 5 | Conti is a type of malware, specifically ransomware, known for its ability to disrupt operations, steal personal information, and hold data hostage for ransom. The malicious software infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. It has been used in |
| Lemurloot | Unspecified | 5 | LemurLoot is a malicious software, or malware, specifically a web shell written in C# that targets the MOVEit Transfer platform. It was developed and deployed by the CL0P ransomware group to exploit vulnerabilities in systems and steal data. In May 2023, the group exploited a SQL injection zero-day |
| Nokoyawa | is related to | 4 | Nokoyawa is a notorious malware, particularly known for its ransomware capabilities. It has been associated with various other malicious software including Quantum, Royal, BlackBasta, Emotet, IcedID, CobaltStrike, SVCReady, CargoBay, Pushdo, Minodo, DiceLoader, AresLoader, LummaC2, Vidar, Gozi, Cany |
| Black Basta | Unspecified | 4 | Black Basta is a notorious malware entity known for its devastating ransomware attacks. First emerging in June 2022, the group has since been associated with a series of high-profile cyber-attacks worldwide. This malware, like others, infiltrates systems through suspicious downloads, emails, or webs |
| FlawedAmmyy | Unspecified | 3 | FlawedAmmyy is a notable malware, specifically a Remote Access Trojan (RAT), that has been leveraged by threat actors for malicious purposes. The malware is designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites unbeknownst to the user. |
| REvil | Unspecified | 3 | REvil is a notorious form of malware, specifically ransomware, that infiltrates systems to disrupt operations and steal data. The ransomware operates on a Ransomware as a Service (RaaS) model, which gained traction in 2020. In this model, REvil, like other first-stage malware such as Dridex and Goot |
| Hive | Unspecified | 3 | Hive is a malicious software, or malware, that infiltrates systems to exploit and damage them. This malware has been associated with Volt Typhoon, who exfiltrated NTDS.dit and SYSTEM registry hive to crack passwords offline. The Hive operation was primarily involved in port scanning, credential thef |
| FlawedGrace | Unspecified | 3 | FlawedGrace is a notorious malware, a remote access trojan (RAT), that has been used extensively in cyberattacks. It was first brought to light in June 2023 when The DFIR Report revealed its use in Truebot operations. In these operations, following the successful download of a malicious file, Truebo |
| IceFire | Unspecified | 3 | IceFire is a malicious software (malware) that has been detected as part of the Linux ransomware family. It was initially known for attacking Windows systems, but recent developments have seen it expand its reach to both Linux and Windows systems. The shift by IceFire to target Linux systems worldwi |
| Raspberry Robin | Unspecified | 3 | Raspberry Robin is a sophisticated malware that has been designed to exploit and damage computer systems. This malicious software infiltrates the system through suspicious downloads, emails, or websites, often unbeknownst to the user. Once embedded, Raspberry Robin can steal personal information, di |
| Maze | Unspecified | 3 | Maze is a type of malware, specifically ransomware, that gained notoriety in 2019 for its double extortion tactic. This malicious software infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Maze w |
| Qbot | Unspecified | 2 | Qbot, also known as Qakbot or Pinkslipbot, is a modular information-stealing malware that emerged in 2007 as a banking trojan. Over the years, it has evolved into an advanced malware strain used by multiple cybercriminal groups to compromise networks and prepare them for ransomware attacks. The firs |
| IcedID | Unspecified | 2 | IcedID is a malicious software (malware) designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom |
| Get2 | Unspecified | 2 | Get2 is a type of malware, harmful software designed to infiltrate and damage computer systems or devices. It can be unknowingly downloaded through suspicious emails, downloads, or websites, enabling it to steal personal information, disrupt operations, or hold data hostage for ransom. Among the mos |
| Meterpreter | Unspecified | 2 | Meterpreter, a type of malware, is an attack payload of Metasploit that serves as an interactive shell, enabling threat actors to control and execute code on a system. Advanced Persistent Threat (APT) actors have created and used a variant of Metasploit (Meterpreter) on the ServiceDesk system, liste |
| Ryuk | Unspecified | 2 | Ryuk is a sophisticated malware, specifically a ransomware variant, that has been extensively used by cybercriminal group ITG23. The group has been employing crypting techniques for several years to obfuscate their malware, with Ryuk often seen in tandem with other malicious software such as Trickbo |
| Cactus | Unspecified | 2 | Cactus is a type of malware, specifically ransomware, that has been implicated in several high-profile cyber-attacks. This malicious software infiltrates systems through deceptive methods such as suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Cactus c |
| Royal Ransomware | Unspecified | 2 | Royal Ransomware is a type of malware that has been causing significant disruptions in various sectors, particularly in the United States. Originating from the now-defunct Conti ransomware operation, Royal Ransomware was notorious for its multi-threaded encryption and ability to kill processes withi |
| Karakurt | Unspecified | 2 | Karakurt is a notorious malware and data extortion group, previously affiliated with ITG23, known for its sophisticated tactics, techniques, and procedures (TTPs). The group's operations involve stealing sensitive data from compromised systems and demanding ransoms ranging from $25,000 to a staggeri |
| Sdbot | Unspecified | 2 | SDBot is a malicious software, or malware, that has been leveraged by threat actors known as TA505 and CL0P to exploit vulnerabilities in computer systems. It is used as a backdoor to enable the execution of commands and functions in the compromised computer, often without the user's knowledge. The |
| Tinymet | Unspecified | 2 | TinyMet is a type of malware, specifically a tiny, flexible Meterpreter stager, that can infiltrate systems and cause significant damage. It has been used by threat actors like GOLD TAHOE to retrieve the TinyMet Meterpreter stager in Clop ransomware incidents. This harmful program can infect your sy |
| Dewmode | Unspecified | 2 | DEWMODE is a malicious web shell malware, written in PHP, designed to interact with MySQL databases and specifically target Accellion FTA devices. It operates by infiltrating the compromised network and exfiltrating data. During 2020-2021, threat actor group TA505 exploited several zero-day vulnerab |
| Mallox | Unspecified | 1 | Mallox, also known as Fargo and Tohnichi, is a sophisticated malware that first surfaced in June 2021. This ransomware infiltrates systems primarily via SQL servers and has been observed to be particularly active in Taiwan, India, Thailand, and South Korea. It employs various variants that append di |
| Nemty | Unspecified | 1 | Nemty is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It was developed by a cybercriminal group known as farnetwork, which has been active since 2019. Farnetwork has been involved in several ransomware projects, including JSWORM, Nefilim, Karma, an |
| Silence Downloader | Unspecified | 1 | None |
| Nefilim | Unspecified | 1 | Nefilim is a malware, specifically a ransomware, that has been responsible for significant cyber threats globally. It infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Between 2019 and 2021, |
| Mirai | Unspecified | 1 | Mirai is a type of malware that primarily targets Internet of Things (IoT) devices to form botnets, which are networks of private computers infected with malicious software and controlled as a group without the owners' knowledge. In early 2022, Mirai botnets accounted for over 7 million detections g |
| AvosLocker | Unspecified | 1 | AvosLocker is a type of malware, specifically a ransomware, that has been causing significant issues across the digital landscape. Ransomware is a form of malicious software designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites without |
| Rhysida Ransomware | Unspecified | 1 | Rhysida ransomware is a type of malicious software that has been causing significant disruptions worldwide. The malware, which infiltrates systems via suspicious downloads, emails, or websites, is designed to exploit and damage computers or devices. Once inside, it can steal personal information, di |
| Trigona | Unspecified | 1 | Trigona, a malware identified in 2022, emerged as a significant ransomware threat. This malicious software, designed to exploit and damage computer systems, infected devices through suspicious downloads, emails, or websites. The malware was particularly notorious for targeting Microsoft SQL servers, |
| Threeam | Unspecified | 1 | ThreeAM, a developing ransomware group first identified by GRIT in September 2023, has been steadily increasing its operational tempo. This malicious software is designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites without the user's k |
| Matanbuchus | Unspecified | 1 | Matanbuchus is a malicious software (malware) that has been actively used in various cyberattacks since July 16, 2022. Initially identified as part of a malspam campaign by Unit 42 in February 2023, it was believed to be a possible drop from the PikaBot malware. However, subsequent analysis revealed |
| Lobshot | Unspecified | 1 | Lobshot is a stealthy remote access malware that has been used by cybercriminals, notably Russian threat actors, in various malicious campaigns. It was featured alongside other well-known malware samples like DarkGate infostealer, Ducktail, and Redline in deceptive campaigns where it was embedded in |
| Dridex | Unspecified | 1 | Dridex is a well-known malware, specifically a banking Trojan, that has been utilized by cybercriminals to exploit and damage computer systems. The malware infiltrates systems through dubious downloads, emails, or websites, often unbeknownst to the user, and can steal personal information, disrupt o |
| KillDisk | Unspecified | 1 | KillDisk is a potent malware, initially designed to overwrite targeted files instead of encrypting them. First seen in action during December 2016, it disrupted recovery processes by erasing critical system and workstation files. The TeleBots group notably used KillDisk in the final stages of their |
| Netwalker | Unspecified | 1 | NetWalker is a highly profitable ransomware kit, known for its ability to disable antivirus software on Windows 10 systems and encrypt files, adding a random extension to the encrypted ones. Once executed, it disrupts operations and can even hold data hostage for ransom. It has been observed that Ne |
| Egregor | Unspecified | 1 | Egregor is a variant of the Sekhmet ransomware and operates as Ransomware-as-a-Service (RaaS). It emerged in 2020, suspected to be from former Maze affiliates. Known for its double extortion tactics, Egregor publicly shames its victims by leaking sensitive data if the ransom isn't paid. In one notab |
| BitPaymer | Unspecified | 1 | BitPaymer is a type of malware that operates as ransomware, encrypting files and demanding payment for their release. It was operated by the GOLD DRAKE threat group and was later reworked and renamed DoppelPaymer by the GOLD HERON threat group. As part of the Ransomware as a Service (RaaS) model tha |
| Ragnar Locker | Unspecified | 1 | Ragnar Locker is a type of malware, specifically a ransomware, that has been designed to infiltrate computer systems, often without the user's knowledge. It can enter systems through suspicious downloads, emails, or websites and once inside, it has the capability to steal personal information, disru |
| SDBbot | Unspecified | 1 | SDBbot is a malicious software (malware) that infiltrates computer systems typically through deceptive downloads, emails, or websites. In the context of cyber threats, it falls under the category of custom malware, used by threat groups such as GOLD TAHOE. Other common offensive security tools and c |
| WannaCry | Unspecified | 1 | WannaCry is a type of malware, specifically ransomware, that caused significant global disruption in 2017. It exploited Windows SMBv1 Remote Code Execution Vulnerabilities (CVE-2017-0144, CVE-2017-0145, CVE-2017-0143), which allowed it to spread rapidly and infect over 200,000 machines across more t |
| Babuk | Unspecified | 1 | Babuk is a type of malware, specifically ransomware, which is designed to infiltrate systems and hold data hostage for ransom. It can be delivered through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside a system, Babuk can disrupt operations and steal perso |
| QakBot | Unspecified | 1 | Qakbot is a potent malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information, disrupt operations, or e |
| Revil/sodinokibi | Unspecified | 1 | REvil/Sodinokibi is a type of malware, specifically ransomware, first identified on September 24, 2019. This malicious software is designed to infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, it can steal personal information, |
| Cobalt Strike Beacon | Unspecified | 1 | Cobalt Strike Beacon is a type of malware known for its harmful capabilities, including stealing personal information, disrupting operations, and potentially holding data hostage for ransom. The malware has been loaded by HUI Loader through various files such as mpc.tmp, dlp.ini, vmtools.ini, and an |
| HELLOKITTY | Unspecified | 1 | HelloKitty is a malicious software (malware) that has been designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold dat |
| Doppelpaymer | Unspecified | 1 | DoppelPaymer is a form of malware, specifically ransomware, known for its high-profile attacks on large organizations and municipalities. Originally based on the BitPaymer ransomware, DoppelPaymer was reworked and renamed by the threat group GOLD HERON, after initially being operated by GOLD DRAKE. |
| Gold Mystic | Unspecified | 1 | Gold Mystic, also known as LockBit and Water Selkie, is a notable threat group that began ransomware operations in 2019. They adopted the LockBit name for their file-encrypting malware in 2020 and listed their first victims on the leak site in September of the same year. After a six-month period of |
| Lockbit3 | Unspecified | 1 | LockBit3 is a prominent malware that has been significantly active in the cyber threat landscape. In the first half of 2023, it was reported as the most active among 48 ransomware groups, breaching over 2,200 victims. This represented a 20% increase in victims compared to the same period in 2022. Th |
| Meterpreter Stager | Unspecified | 1 | The Meterpreter stager is a type of malware, which is malicious software designed to infiltrate and exploit computer systems. It can enter your system through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it has the potential to steal personal information, di |
| Unc4857 | Unspecified | 1 | None |
| Medusa Ransomware | Unspecified | 1 | Medusa ransomware is a malicious software designed to infiltrate systems, steal personal information, disrupt operations, and hold data hostage for ransom. It often enters systems through suspicious downloads, emails, or websites unbeknownst to the user. Once inside, it leaves a ransom note, demandi |
| Lizar | Unspecified | 1 | Lizar, also known as Tirion or Diceloader, is a malicious software developed by the threat group ITG14. It's designed to exploit and damage computers or devices, infiltrating systems through suspicious downloads, emails, or websites. Once installed, it can steal personal information, disrupt operati |
| Omg | Unspecified | 1 | OMG is a variant of the Mirai malware, designed to exploit Internet of Things (IoT) devices by turning them into proxy servers for cryptomining. This malicious software operates covertly, typically entering systems through suspicious downloads, emails, or websites, and once inside, it can disrupt op |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Clop Gang | Unspecified | 5 | The Clop Gang, a threat actor with malicious intent, has been responsible for significant cybercrimes. This group, like others in the cybersecurity landscape, is known for its harmful actions against various targets. The Clop Gang's activities underscore the need for robust and effective cybersecuri |
| Vice Society | Unspecified | 4 | Vice Society, a threat actor group known for its malicious activities, has been linked to a series of ransomware attacks targeting various sectors, most notably education and healthcare. Throughout 2022 and the first half of 2023, Vice Society, along with Royal Ransomware, were actively executing mu |
| FIN7 | Unspecified | 4 | FIN7, a notorious threat actor group known for its malicious activities, has recently been identified as targeting a large U.S. carmaker with phishing attacks. This group, which has previously operated behind fake cybersecurity companies such as Combi Security and Bastion Secure to recruit security |
| Sangria Tempest | Unspecified | 3 | Sangria Tempest, also known as FIN7, Carbon Spider, and ELBRUS, is a threat actor that has been active since 2014. This Russian advanced persistent threat (APT) group is known for its malicious activities, including spear-phishing campaigns, malware distribution, and theft of payment card data. In m |
| DarkSide | Unspecified | 3 | DarkSide is a notable threat actor that emerged in the cybersecurity landscape with its advanced ransomware operations. In 2021, the group gained significant attention for its attack on the United States' largest oil pipeline, Colonial Pipeline, causing a temporary halt to all operations for three d |
| Snake | Unspecified | 2 | Snake, also known as EKANS, is a significant threat actor that has been active since at least 2004, with its activities potentially dating back to the late 1990s. This group, which may have ties to Iran, targets diplomatic and government organizations as well as private businesses across various reg |
| Bianlian | Unspecified | 2 | BianLian is a threat actor that has been increasingly active in cybercrimes. The group is known for its malicious activities, including the execution of actions with harmful intent. In a series of recent events, BianLian has exploited vulnerabilities in JetBrains TeamCity, a continuous integration a |
| Rhysida | Unspecified | 2 | Rhysida, a threat actor known for executing malicious cyber activities, has been responsible for numerous ransomware attacks. The group has primarily targeted businesses and healthcare organizations, with notable instances including a disruptive attack on Ann & Robert H. Lurie Children's Hospital of |
| Blackmatter | Unspecified | 2 | BlackMatter is a recognized threat actor in the cybersecurity industry, notorious for its malicious activities and the execution of ransomware attacks. The group initially operated as DarkSide, responsible for the high-profile Colonial Pipeline attack in May 2021, which led to significant attention |
| RansomedVC | Unspecified | 2 | RansomedVC, a new threat actor in the cybersecurity landscape, has emerged as a significant concern due to its unorthodox approaches and deceptive tactics. This group is suspected to be an enterprise of a single individual threat actor, who has previously been associated with other cybercrime operat |
| Medusa | Unspecified | 2 | Medusa, a threat actor group, has been identified as a rising menace in the cybersecurity landscape, with its ransomware activities escalating significantly. In November 2023, Medusa and other groups like LockBit and ALPHV (BlackCat) exploited a zero-day vulnerability known as Citrix Bleed (CVE-2023 |
| LockBitSupp | Unspecified | 2 | LockBitSupp, also known as LockBit and putinkrab, is a notorious threat actor responsible for creating and operating one of the most prolific ransomware variants. The individual behind this persona, Dmitry Yuryevich Khoroshev, has been actively involved in ransomware attacks against organizations fo |
| Aquatic Panda | Unspecified | 1 | Aquatic Panda, also known as Budworm, Charcoal Typhoon, ControlX, RedHotel, and Bronze University, is a significant threat actor suspected of state-backed cyber espionage activities. This group has been particularly active in the recent quarter, ranking amongst the top geopolitical groups targeting |
| Mustang Panda | Unspecified | 1 | Mustang Panda, also known as Bronze President, Nomad Panda, Naikon, Earth Preta, and Stately Taurus, is a Chinese-aligned threat actor that has been associated with widespread attacks against various countries in the Asia-Pacific region. The group's malicious activities were first traced back to Mar |
| Sodin | Unspecified | 1 | Sodin, also known as Sodinokibi or REvil, is a sophisticated threat actor that emerged in the first half of 2019. This entity quickly drew attention due to its unique methods of distribution and attack. It exploited an Oracle Weblogic vulnerability to distribute itself and targeted Managed Service P |
| Star Blizzard | Unspecified | 1 | Star Blizzard, also known as Seaborgium or the Callisto Group, is a threat actor linked to Russia's intelligence service, the FSB. The group has been involved in sophisticated cyber-attacks worldwide, primarily using spear-phishing campaigns to steal account credentials and data. Microsoft, which tr |
| Scattered Spider | Unspecified | 1 | Scattered Spider is a prominent threat actor group involved in cybercrime activities with malicious intent. The group employs various tactics to compromise its targets, including phishing for login credentials, searching SharePoint repositories for sensitive information, and exploiting infrastructur |
| Dharma/phobos | Unspecified | 1 | Dharma/Phobos is a threat actor group that has been actively involved in cybercrime activities, utilizing sophisticated tools and tactics to execute their malicious intentions. This group, along with others, have recently been seen shifting their tactics and tools in response to changes in the cyber |
| Gold Mystic Lockbit | Unspecified | 1 | Gold Mystic LockBit, a well-known threat actor in the cybersecurity landscape, continues to dominate the ransomware scene. This group is responsible for executing actions with malicious intent, which typically involve the use of ransomware to compromise and encrypt data, often followed by demands fo |
| Blackbyte | Unspecified | 1 | BlackByte, a threat actor known for its malicious activities, has been on the radar of cybersecurity agencies since its emergence in July 2021. Notorious for targeting critical infrastructure, BlackByte attracted the attention of the Federal Bureau of Investigation (FBI) and the US Secret Service (U |
| Evil Corp | Unspecified | 1 | Evil Corp, a threat actor group based in Russia, has been identified as a significant cybercrime entity responsible for the execution of malicious actions. The alleged leader of this group is Maksim Yakubets, who is notably associated with Dridex malware operations. The U.S. Treasury imposed sanctio |
| Rocket Kitten | Unspecified | 1 | Rocket Kitten is a recognized threat actor in the cybersecurity world, known for its malicious activities. This group was particularly active in 2016, using domains such as yahoo-drive.signin-useraccount-mail.com and yahoo-reset.signin-useraccount-mail.com to execute their operations. The group's mo |
| Volt Typhoon | Unspecified | 1 | Volt Typhoon, a threat actor linked to China, has been identified as a significant cyber threat with strong operational security. Known for their sophisticated Advanced Persistent Threat (APT) activities, this group has been associated with the KV-Botnet and has remained undetected within U.S. infra |
| Sandworm | Unspecified | 1 | Sandworm, a threat actor linked to Russia, has been implicated in numerous high-profile cyber attacks. This group's activities have primarily targeted Ukraine, compromising the country's critical infrastructure and telecommunications providers. The Sandworm group is known for its fileless attack met |
| Lapsus | Unspecified | 1 | Lapsus is a significant threat actor that has been active since its inception in early 2022. The group gained notoriety for its cyberattacks, including a high-profile breach of Nvidia, an American multinational technology company, in the same year. This attack led to the leak of thousands of passwor |
| Qilin | Unspecified | 1 | Qilin, a notable threat actor in the cybersecurity landscape, has been significantly active over the last two years, compromising more than 150 organizations across 25 countries and various industries. Originally evolving from the Agenda ransomware written in Go, Qilin has since transitioned to Rust |
| Graceful Spider | Unspecified | 1 | Graceful Spider, also known as TA505, is a threat actor recognized for its malicious cyber activities. This entity has been identified by the cybersecurity industry as the driving force behind various targeted campaigns with harmful intent. The group could be a single individual, a private organizat |
| Sodinokibi | Unspecified | 1 | Sodinokibi, also known as REvil, is a significant threat actor first identified in April 2019. This ransomware family operates as a Ransomware-as-a-Service (RaaS) and has been responsible for one in three ransomware incidents responded to by IBM Security X-Force in 2020. The Sodinokibi ransomware st |
| Silence Cybercrime Group | Unspecified | 1 | The Silence cybercrime group, a threat actor predominantly Russian-speaking, has been associated with significant cybersecurity threats. This entity is known for its malicious activities, including the use of TrueBot, a malware downloader. Since December 2022, this malware has been co-opted by anoth |
| Elbrus | Unspecified | 1 | None |
| Black Cat | Unspecified | 1 | Black Cat, also known as AlphV, is a prominent threat actor known for its malicious activities in the cybersecurity landscape. The group gained significant attention when it launched an attack on Change Healthcare, a subsidiary of Optum and UnitedHealth Group (UHG), in late February. This ransomware |
| Shadowsyndicate | Unspecified | 1 | ShadowSyndicate, a threat actor that emerged in 2019, has been implicated in multiple ransomware operations according to cybersecurity firm Group-IB. The group is known for its affiliations with various ransomware groups and programs, and has been involved in several ransomware projects such as JSWO |
| Gold Blazer | Unspecified | 1 | GOLD BLAZER is a threat actor identified as the operator of the BlackCat/ALPV ransomware. This group, along with others such as GOLD MYSTIC (LockBit) and GOLD TAHOE (Cl0p), continues to dominate the ransomware landscape. While these established groups maintain their stronghold, new threat actors are |
| Alphv Ransomware Group | Unspecified | 1 | The ALPHV ransomware group, also known as BlackCat, is a threat actor that has been responsible for a series of high-profile cyberattacks on various sectors. The group, which is believed to be connected to Russian organized crime, first gained notoriety when it claimed responsibility for the MGM Res |
| Sandworm Apt | Unspecified | 1 | The Sandworm Advanced Persistent Threat (APT) group, a threat actor believed to be linked to Russia, has been identified as a significant cybersecurity concern. This entity has displayed malicious intent and demonstrated its capacity to execute sophisticated cyber-attacks. The naming convention "San |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| CVE-2023-0669 | Unspecified | 9 | CVE-2023-0669 is a software vulnerability that originated in Fortra's GoAnywhere Managed File Transfer (MFT) tool, which is a secure file transfer solution. This flaw, a remote code execution (RCE) vulnerability, allows unauthorized users to execute arbitrary commands on the affected system. The Clo |
| Moveit Transfer Vulnerability | Unspecified | 6 | The MOVEit Transfer vulnerability, officially designated as CVE-2023-34362, is a flaw in software design or implementation that has been exploited by the Cl0p ransomware group. Despite initial concerns, there's no evidence that the Cl0p ransomware was deployed when this vulnerability was recently ex |
| CVE-2023-27351 | Unspecified | 3 | None |
| CVE-2023-27350 | Unspecified | 3 | CVE-2023-27350 is a significant software vulnerability discovered in PaperCut NG/MF, a popular print management software. This flaw in software design or implementation allows attackers to bypass authentication and execute code with system privileges, posing a serious threat to both server and inter |
| CVE-2021-27101 | Unspecified | 2 | None |
| CVE-2023-35036 | Unspecified | 2 | CVE-2023-35036 is a significant vulnerability identified in the MOVEit Transfer software, part of the Progress Software suite. This flaw was first reported on June 16, 2023, following the discovery and exploitation of CVE-2023-34362 by a Clop ransomware affiliate. The CVE-2023-35036 vulnerability pr |
| CVE-2023-35708 | Unspecified | 2 | CVE-2023-35708 is a critical software vulnerability, specifically an SQL injection flaw, that affected the MOVEit Transfer application. This issue was identified as a privilege escalation vulnerability, meaning it could potentially allow unauthorized users to gain elevated access rights within the s |
| CVE-2021-27104 | Unspecified | 2 | None |
| CVE-2021-27102 | Unspecified | 2 | None |
| CVE-2023-47246 | has used | 2 | CVE-2023-47246 is a critical zero-day vulnerability discovered in the SysAid IT support and management software solution. The flaw, identified as a path traversal vulnerability, has been exploited by Lace Tempest, a ransomware affiliate known for deploying Cl0p ransomware. This vulnerability allows |
| CVE-2022-47986 | Unspecified | 1 | CVE-2022-47986 is a critical software vulnerability, specifically a deserialization flaw, found in IBM's Aspera Faspex file-sharing application. This vulnerability has been exploited by threat actors to deploy ransomware, significantly compromising the security of systems using this software. The vu |
| Cl0p Ransomware Gang’s Exploitation | Unspecified | 1 | None |
| Lace Tempest Storm0950 | Unspecified | 1 | None |
| Society/rhysida | Unspecified | 1 | None |
| CVE-2024-1709 | Unspecified | 1 | CVE-2024-1709 is a critical vulnerability in the ConnectWise ScreenConnect software that allows for an authentication bypass. This flaw can enable a remote non-authenticated attacker to bypass the system's authentication process and gain full access. The issue was identified by Sophos Rapid Response |
| CVE-2021-27103 | Unspecified | 1 | None |
| CVE-2023-34363 | Unspecified | 1 | None |
| CVE-2023-34364 | Unspecified | 1 | CVE-2023-34364 is a vulnerability that was discovered in a widely-used software application. This vulnerability allows an attacker to execute arbitrary code on the affected system, potentially resulting in data theft or other malicious activity. The vulnerability was caused by a flaw in the way that |
| CVE-2021-207103 | Unspecified | 1 | None |
| CVE-2023-36934 | Unspecified | 1 | CVE-2023-36934 is a critical vulnerability that was identified in MOVEit Transfer's web application. This flaw in software design or implementation was published on July 5th, and it allowed for unauthenticated access to the database by submitting a payload to an application endpoint. This security b |
| Log4Shell | Unspecified | 1 | Log4Shell is a software vulnerability, specifically a flaw in the design or implementation of the popular Java logging library, Log4j. Identified as CVE-2021-44228, this vulnerability allows an attacker to remotely execute arbitrary code, often leading to full system compromise. Advanced Persistent |
| Clop’s Leak Site | Unspecified | 1 | None |
| Cl0p’s Group | Unspecified | 1 | None |
| CVE-2024-5806 | Unspecified | 1 | None |
| CVE-2023-24362 | Unspecified | 1 | None |
| CVE-2021-35211 | Unspecified | 1 | None |
| Source | CreatedAt | Title |
|---|---|---|
| Securityaffairs | 5 days ago | Security Affairs Malware Newsletter - Round 3 |
| Securityaffairs | 6 days ago | Security Affairs Malware Newsletter - Round 3 |
| Securityaffairs | 12 days ago | Security Affairs Malware Newsletter - Round 2 |
| Securityaffairs | 13 days ago | Rite Aid disclosed data breach following RansomHub attack |
| Recorded Future | 18 days ago | Patterns and Targets for Ransomware Exploitation of Vulnerabilities: 2017–2023 |
| Recorded Future | 18 days ago | 2023 Annual Report | Recorded Future |
| BankInfoSecurity | 18 days ago | Reports: Florida Health Department Dealing With Data Heist |
| DARKReading | 18 days ago | Cyber-Insurance Prices Plummet as Market Competition Grows |
| Securityaffairs | 20 days ago | Security Affairs Malware Newsletter - Round 1 |
| Securityaffairs | a month ago | Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION |
| DARKReading | a month ago | MOVEit Transfer Flaws Push Security Defense Into a Race With Attackers |
| BankInfoSecurity | a month ago | Hackers Quick to Exploit MOVEit Authentication Flaw |
| DARKReading | a month ago | Fresh MOVEit Bug Under Attack Mere Hours After Disclosure |
| Securityaffairs | a month ago | Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Securityaffairs | a month ago | Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Securityaffairs | 2 months ago | Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION |
| InfoSecurity-magazine | 2 months ago | Over 60% of Network Security Appliance Flaws Exploited as Zero Days |
| InfoSecurity-magazine | 2 months ago | 53,000 Employees' Social Security Numbers Exposed in Nissan Breach |
| Quick Heal Technologies Ltd. | 2 months ago | Unlocking Unbeatable Cybersecurity: Your Essential Guide to the Ultimate Antivirus Solution! |
| Securelist | 3 months ago | Kaspersky Anti-Ransomware Day report 2024 |