ID | Votes | Profile Description |
---|---|---|
Nokoyawa | 3 | Nokoyawa is a notorious malware, particularly known for its ransomware capabilities. It has been associated with various other malicious software including Quantum, Royal, BlackBasta, Emotet, IcedID, CobaltStrike, SVCReady, CargoBay, Pushdo, Minodo, DiceLoader, AresLoader, LummaC2, Vidar, Gozi, Cany |
IcedID | 2 | IcedID is a malicious software (malware) designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom |
Gozi | 1 | Gozi is a notorious malware that has been linked to numerous cyber attacks. It's typically delivered through sophisticated malvertising techniques, often used in conjunction with other initial access malware such as Pikabot botnet agent and IcedID information stealer. When an individual accesses a c |
Blackbasta | 1 | BlackBasta is a malicious software (malware) known for its disruptive and damaging effects on computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even ho |
ID | Type | Votes | Profile Description |
---|---|---|---|
Gootloader | Unspecified | 3 | GootLoader is a potent malware that forms part of the GootKit malware family, which has been active since 2014. The malware operates by exploiting systems through suspicious downloads, emails, or websites, often without the user's knowledge. Its primary targets are professionals working in law firms |
TrickBot | Unspecified | 2 | TrickBot is a notorious form of malware that infiltrates systems to exploit and damage them, often through suspicious downloads, emails, or websites. Once it has breached a system, TrickBot can steal personal information, disrupt operations, and even hold data hostage for ransom. It has been linked |
Droxidat | Unspecified | 2 | DroxiDat, a new variant of the SystemBC malware, was deployed in a series of attacks on critical infrastructure targets in Africa during the third and fourth weeks of March. The malware, which acts as a system profiler and simple SOCKS5-capable bot, was specifically detected at an electric utility c |
Emotet | Unspecified | 2 | Emotet is a highly dangerous and insidious malware that has resurfaced with increased activity this summer. Originally distributed via email attachments, it infiltrates systems often without the user's knowledge, forming botnets under the control of criminals for large-scale attacks. Once infected, |
QakBot | Unspecified | 2 | Qakbot is a potent malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information, disrupt operations, or e |
Forest | Unspecified | 1 | Forest is a potent malware that leverages the Golden Ticket, an authentication ticket (TGT), to gain domain-wide access. It exploits the TGT to acquire service tickets (TGS) used for accessing resources across the entire domain and the Active Directory (AD) forest by leveraging SID History. The malw |
Quixotic | Unspecified | 1 | Quixotic is a potent malware that has been used to crypt various ransomware samples, including BlackBasta and CobaltStrike. In May 2023, it was utilized to encrypt a BlackBasta ransomware sample, while in October 2022, it played a significant role in a CobaltStrike sample used in a BlackBasta attack |
Anubis | Unspecified | 1 | Anubis, also known as IcedID or Bokbot, is a sophisticated piece of malware primarily functioning as a banking trojan. It was first discovered by X-Force in September 2017 and has since evolved to target a wide range of financial applications. Notably, Anubis has consistently ranked among the top fi |
Egregor | Unspecified | 1 | Egregor is a variant of the Sekhmet ransomware and operates as Ransomware-as-a-Service (RaaS). It emerged in 2020, suspected to be from former Maze affiliates. Known for its double extortion tactics, Egregor publicly shames its victims by leaking sensitive data if the ransom isn't paid. In one notab |
Ryuk | Unspecified | 1 | Ryuk is a sophisticated malware, specifically a ransomware variant, that has been extensively used by cybercriminal group ITG23. The group has been employing crypting techniques for several years to obfuscate their malware, with Ryuk often seen in tandem with other malicious software such as Trickbo |
Empire Powershell | Unspecified | 1 | Empire PowerShell is a type of malware, harmful software designed to exploit and damage computer systems. It can infiltrate a system through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold data |
Dridex | Unspecified | 1 | Dridex is a well-known malware, specifically a banking Trojan, that has been utilized by cybercriminals to exploit and damage computer systems. The malware infiltrates systems through dubious downloads, emails, or websites, often unbeknownst to the user, and can steal personal information, disrupt o |
Bazarloader | Unspecified | 1 | BazarLoader is a form of malware that has been utilized extensively by ITG23, a cybercriminal group. This harmful software infiltrates systems via suspicious downloads, emails, or websites, potentially stealing personal information, disrupting operations, or holding data for ransom. ITG23 has used B |
Conti | Unspecified | 1 | Conti is a type of malware, specifically ransomware, known for its ability to disrupt operations, steal personal information, and hold data hostage for ransom. The malicious software infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. It has been used in |
Pikabot | Unspecified | 1 | PikaBot is a harmful malware that emerged in 2023, designed to exploit and damage computer systems. It infiltrates systems through dubious downloads, emails, or websites, often undetected by the user. Once inside a system, PikaBot can pilfer personal information, disrupt operations, or even ransom d |
Squirrelwaffle | Unspecified | 1 | SquirrelWaffle, a new malware family, emerged in the threat landscape in September 2021. The infection vector is through spam emails containing malicious Office documents, specifically Microsoft Word and Excel files. The first variant mimics a DocuSign document, prompting the victim to enable editin |
Diceloader | Unspecified | 1 | Diceloader is a type of malware, short for malicious software, that is designed to infiltrate and damage computer systems. It can infect systems through various means such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside a system, it can steal personal in |
Cutwail | Unspecified | 1 | Cutwail is a notorious malware that has been associated with various botnets, including Necurs, Andromeda, and Dridex, at different stages of their lifecycle. It has been implicated in the distribution of malicious payloads such as IcedID, Gozi, and Pushdo, often using crypters like Hexa, Forest, Sn |
Pushdo | Unspecified | 1 | Pushdo is a type of malware that has been associated with various cyber attacks and malicious activities. First recognized in 2013, Pushdo was identified as the most widespread "bad bot," infecting over 4.2 million IPs including those of private companies, government agencies, and military networks. |
ID | Type | Votes | Profile Description |
---|---|---|---|
ITG23 | Unspecified | 1 | ITG23, also known as the Trickbot/Conti syndicate, is a significant threat actor that has been active since 2016 in the East European cybercrime arena. This group is renowned for its use of Reflective DLL Injection code in many of its crypters, with the presence of these crypters on a file sample be |
APT19 | Unspecified | 1 | APT19, also known as the Codoso Team, is a threat actor suspected to be sponsored by the Chinese government to some degree. This group, potentially composed of freelancers, primarily targets the legal and investment sectors. They are known for their use of sophisticated malware like BEACON and COBAL |
Wizard Spider | Unspecified | 1 | Wizard Spider, also known as ITG23, DEV-0193, Trickbot Group, Fin12, and Grimspider, is a significant threat actor in the cybercrime landscape. This group has been continually analyzed by IBM Security X-Force researchers for its use of several crypters and is credited with creating the notorious, ev |
Toddycat | has used | 1 | ToddyCat is a sophisticated Advanced Persistent Threat (APT) actor, likely Chinese-speaking, that has been active since at least December 2020. It primarily operates in Asia, targeting government entities in Malaysia, Thailand, and Pakistan. In 2022, Kaspersky reported finding ToddyCat actors using |
Toddycat Apt | Unspecified | 1 | The ToddyCat APT (Advanced Persistent Threat) is a threat actor group that conducts espionage by infiltrating networks with loaders and Trojans. This group utilizes a variety of tools, including standard loaders, tailored loader, Ninja LoFiSe, DropBox uploader, Pcexter, Passive UDP backdoor, and Cob |
APT29 | Unspecified | 1 | APT29, also known as Cozy Bear, SVR group, BlueBravo, Nobelium, Midnight Blizzard, and The Dukes, is a threat actor linked to Russia. This group is notorious for its malicious activities in the cybersecurity realm, executing actions with harmful intent. It has been associated with several high-profi |
ID | Type | Votes | Profile Description |
---|---|---|---|
CVE-2020-1472 | Unspecified | 1 | CVE-2020-1472, also known as the ZeroLogon vulnerability, is a critical-severity privilege escalation flaw in Microsoft's Netlogon Remote Protocol. It was patched by Microsoft on August 11, 2020. This vulnerability allows attackers to gain administrative access to a Windows domain controller without |
Zerologon | Unspecified | 1 | Zerologon is a critical vulnerability (CVE-2020-1472) found within Microsoft's Netlogon Remote Protocol, impacting all versions of Windows Server OS from 2008 onwards. This flaw in software design or implementation allows attackers to bypass authentication mechanisms and change computer passwords wi |
Source | CreatedAt | Title |
---|---|---|
SANS ISC | 2 months ago | Malicious Python Script with a "Best Before" Date - SANS Internet Storm Center |
Securelist | 2 months ago | Non-mobile malware statistics, Q1 2024 |
CERT-EU | 4 months ago | 18th March – Threat Intelligence Report | #ransomware | #cybercrime | National Cyber Security Consulting |
CERT-EU | 4 months ago | 18th March – Threat Intelligence Report - Check Point Research |
Securelist | 4 months ago | Infected text editors load backdoor into macOS |
Unit42 | 7 months ago | From DarkGate to AsyncRAT: Malware Detected and Shared As Unit 42 Timely Threat Intelligence |
CERT-EU | 7 months ago | New Rhysida Ransomware Attacking Government and IT Industries | #ransomware | #cybercrime | National Cyber Security Consulting |
MITRE | 7 months ago | LuminousMoth – PlugX, File Exfiltration and Persistence Revisited |
BankInfoSecurity | 9 months ago | MOVEit Hackers Turn to SysAid Zero-Day Bug |
Checkpoint | 8 months ago | The Platform Matters: A Comparative Study on Linux and Windows Ransomware Attacks - Check Point Research |
CERT-EU | 8 months ago | Coverage Advisory for CVE-2023-47246 SysAid Zero-Day Vulnerability | Zscaler |
CERT-EU | 9 months ago | The New APT Group DarkCasino and the Global Surge in WinRAR 0-Day Exploits |
CERT-EU | 9 months ago | New Gootloader Malware Abuses RDP to Spread Rapidly |
Yori | 9 months ago | Vulnerabilità su SysAid attivamente sfruttata in-the-wild - Yoroi |
CERT-EU | 9 months ago | SysAid Zero-Day Vulnerability Exploited By Lace Tempest | Rapid7 Blog |
CERT-EU | 9 months ago | IBM: New Gootloader Variant Moves Laterally and Is Harder to Detect |
InfoSecurity-magazine | 9 months ago | GootBot Implant Heightens Risk of Post-Infection Ransomware |
CERT-EU | 9 months ago | IBM X-Force Discovers Gootloader Malware Variant- GootBot |
CERT-EU | 9 months ago | Ransomware actor exploits unsupported ColdFusion servers — but comes away empty-handed |
CERT-EU | 9 months ago | ToddyCat APT Hackers Exploiting Vulnerable Microsoft Exchange Servers |