ID | Votes | Profile Description |
---|---|---|
Tropical Scorpius | 2 | Tropical Scorpius is a notorious malware, first identified in late 2020, associated with the Cuba ransomware gang. This malicious software has been linked to multiple cybercriminal activities, including disrupting operations, stealing personal information, and holding data hostage for ransom. The ma |
Colddraw | 1 | Colddraw, also known as Cuba and Fidel ransomware, first emerged on the cybersecurity threat landscape in 2019. This malicious software has been strategically targeting a moderate pool of victims over the years, marking encrypted files for the ransomware's and its decryptor's identification. The mal |
Void Rabisu | 1 | Void Rabisu, also known as Storm-0978, UNC2596, and Tropical Scorpius, is a malicious software (malware) notable for its use of the ROMCOM backdoor. This malware has been involved in numerous attacks, including those targeting attendees of the Women Political Leaders Summit (WPL Summit) in 2023. In |
Unc2596 | 1 | UNC2596, also known as Void Rabisu, Tropical Scorpius, and Storm-0978, is a hybrid threat actor involved in both financially motivated and espionage attacks. This group has been refining its tactics and techniques, utilizing backdoor attacks that have targeted various high-profile events, including |
ID | Type | Votes | Profile Description |
---|---|---|---|
Cuba Ransomware | Unspecified | 4 | The Cuba ransomware is a malicious software that first appeared on cybersecurity radars in late 2020 under the name "Tropical Scorpius." It is designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites without the user's knowledge. Once insi |
Romcom Remote Access Trojan | Unspecified | 2 | The RomCom Remote Access Trojan (RAT) is a type of malware that has gained significant attention in the cybersecurity landscape this year. This malicious software, designed to exploit and damage computer systems, can infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst |
Cobalt Strike Beacon | Unspecified | 2 | Cobalt Strike Beacon is a type of malware known for its harmful capabilities, including stealing personal information, disrupting operations, and potentially holding data hostage for ransom. The malware has been loaded by HUI Loader through various files such as mpc.tmp, dlp.ini, vmtools.ini, and an |
RomCom | Unspecified | 2 | RomCom is a type of malware, specifically a Remote Access Trojan (RAT), that has been linked to several cyber-attacks across Europe and North America. It was first identified in spring 2022, when third-party and open-source reports highlighted a potential connection between Cuba ransomware actors, R |
Romcom Rat | Unspecified | 2 | RomCom RAT, a type of malware, has been linked to Cuba ransomware and Industrial Spy ransomware actors since spring 2022. These malicious actors have been observed deploying the RomCom RAT and Meterpreter Reverse Shell HTTP/HTTPS proxy via a Command and Control (C2) server before initiating their ra |
Fidel | Unspecified | 1 | Fidel is a form of malware, also known as Fidel ransomware or Colddraw, which is designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operation |
Peapod | Unspecified | 1 | PEAPOD, a novel variant of the RomCom RAT malware, was discovered to have been used in targeted attacks against female political leaders who participated in the Women Political Leaders Summit in June. The threat operation responsible for these attacks is known as Void Rabisu, also referred to as Sto |
Hancitor | Unspecified | 1 | Hancitor is a malicious software (malware) known for its ability to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once it gains access, Hancitor can steal personal information, disrupt operations, or e |
Babuk | Unspecified | 1 | Babuk is a type of malware, specifically ransomware, which is designed to infiltrate systems and hold data hostage for ransom. It can be delivered through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside a system, Babuk can disrupt operations and steal perso |
ID | Type | Votes | Profile Description |
---|---|---|---|
Is Vendetta | Unspecified | 1 | V is Vendetta is a recently discovered vulnerability that appears to be associated with the notorious ransomware group known as Cuba (also referred to as COLDDRAW and Tropical Scorpius). The link between the two entities became apparent when it was found that V is Vendetta's website is hosted on the |
V Is Vendetta | Unspecified | 1 | "V is Vendetta" has emerged as a new threat actor, identified in February of this year. This group appears to have connections with the notorious ransomware group known as Cuba (also referred to as COLDDRAW and Tropical Scorpius). The link between these two entities is evident from the fact that V i |
FIN7 | Unspecified | 1 | FIN7, a notorious threat actor group known for its malicious activities, has recently been identified as targeting a large U.S. carmaker with phishing attacks. This group, which has previously operated behind fake cybersecurity companies such as Combi Security and Bastion Secure to recruit security |
ID | Type | Votes | Profile Description |
---|---|---|---|
CVE-2023-27532 | Unspecified | 2 | CVE-2023-27532 is a high-severity vulnerability discovered in Veeam's Backup & Replication software. This flaw, disclosed in March 2023, can be exploited to breach backup infrastructure hosts. Despite its serious implications, it was not added to the Known Exploited Vulnerabilities (KEV) list until |
Zerologon | Unspecified | 2 | Zerologon is a critical vulnerability (CVE-2020-1472) found within Microsoft's Netlogon Remote Protocol, impacting all versions of Windows Server OS from 2008 onwards. This flaw in software design or implementation allows attackers to bypass authentication mechanisms and change computer passwords wi |
CVE-2020-1472 | Unspecified | 2 | CVE-2020-1472, also known as the ZeroLogon vulnerability, is a critical-severity privilege escalation flaw in Microsoft's Netlogon Remote Protocol. It was patched by Microsoft on August 11, 2020. This vulnerability allows attackers to gain administrative access to a Windows domain controller without |
Source | CreatedAt | Title |
---|---|---|
CERT-EU | 5 months ago | Cuba Cuts Internet, Surveils Calls of Journalists, Report Finds |
CERT-EU | 8 months ago | The Too-Weird-to-Be-Fiction Story of Cuba’s Spying Ambassador |
CERT-EU | 9 months ago | Google trending Ransomware news headlines for the day - Cybersecurity Insiders |
CERT-EU | 10 months ago | Kaspersky provides update on Cuba ransomware gang | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting |
CERT-EU | 10 months ago | Cuba Ransomware Gang Continues to Evolve With Dangerous Backdoor |
CERT-EU | 10 months ago | Cuba Ransomware Group Deploys New Malware | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting |
InfoSecurity-magazine | 10 months ago | Cuba Ransomware Group Unleashes Undetectable Malware |
CERT-EU | 10 months ago | Cuba Ransomware Group Unleashes Undetectable Malware | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting |
CERT-EU | 10 months ago | From Caribbean shores to your devices: analyzing Cuba ransomware – GIXtools |
CERT-EU | a year ago | Analyzing Cuba ransomware - Cyber Security Review |
CERT-EU | a year ago | Decoding Cuba Ransomware: An opportunity for next-gen data governance |
BankInfoSecurity | a year ago | Cuba Ransomware Exploits Veeam Vulnerability |
CERT-EU | a year ago | 'Cuba' Ransomware Group Uses Every Trick in the Book |
CERT-EU | a year ago | Cuba ransomware group observed exploiting high-severity Veeam bug |
CERT-EU | a year ago | Cuba Ransomware Group Exploiting Veeam Flaw in Latest Campaign |
CERT-EU | a year ago | Cuba ransomware using Veeam exploit in attacks against critical infrastructure, IT firms |
CERT-EU | a year ago | Cuba Ransomware Exploits Veeam Flaw, Targets U.S. and Latin American Entities |
InfoSecurity-magazine | a year ago | Cuba Ransomware Group Steals Credentials Via Veeam Exploit |
CERT-EU | a year ago | Cuba ransomware uses Veeam exploit against critical U.S. organizations |
CERT-EU | a year ago | Cuba Ransomware Deploys New Tools: Targets Critical Infrastructure Sector in the U.S. and IT Integrator in Latin America |