| ID | Votes | Profile Description |
|---|
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Ramsay | Unspecified | 1 | Ramsay is a sophisticated malware that was discovered by researchers at ESET in 2020. This malicious software is designed to infiltrate and exploit air-gapped networks, which are typically isolated from other networks for security reasons. Once it has infected a system, Ramsay can collect and exfilt |
| ZeroT | Unspecified | 1 | ZeroT is a malicious software (malware) that was first discovered in 2016, designed to exploit and damage computer systems. It primarily infiltrated victims' machines through Trojan-infected Word documents attached to emails. One notable instance involved the CHM file 20160621.chm, which dropped the |
| PlugX | Unspecified | 1 | PlugX is a notorious malware, typically associated with Chinese threat actors, that has been used in various cyberattacks. This malicious software infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. It |
| POWRUNER | Unspecified | 1 | Powruner is a malicious software (malware) associated with other malware such as POWBAT and BONDUPDATER, and it's utilized by the Advanced Persistent Threat group APT34. The malware is designed to exploit and damage computer systems, often infiltrating via suspicious downloads, emails, or websites. |
| BONDUPDATER | Unspecified | 1 | BondUpdater is a malware first discovered by FireEye in mid-November 2017, when APT34 targeted a Middle Eastern governmental organization. This PowerShell-based Trojan is associated with other malicious programs such as POWBAT and POWRUNER. BondUpdater contains basic backdoor functionality that allo |
| Dridex | Unspecified | 1 | Dridex is a well-known malware, specifically a banking Trojan, that has been utilized by cybercriminals to exploit and damage computer systems. The malware infiltrates systems through dubious downloads, emails, or websites, often unbeknownst to the user, and can steal personal information, disrupt o |
| GuLoader | Unspecified | 1 | GuLoader is a type of malware that infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, it can steal personal information, disrupt operations, or even hold data hostage for ransom. GuLoader is encrypted with NSIS Crypter and has |
| Finspy | Unspecified | 1 | FinSpy is a sophisticated malware developed by Gamma Group, also known as FinFisher or Lench IT Solutions. This malicious software has the ability to record audio, turn on the device's camera, and exfiltrate data from smartphones without the owner's awareness. It is typically delivered through explo |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Gorgon Group | Unspecified | 1 | The Gorgon Group is a threat actor known for its cybercriminal activities, with a particular focus on financial fraud and cybercrime. They also engage in targeted attacks against government organizations, including entities in Russia, Spain, the UK, and the US. The group uses Bitly for distribution |
| OilRig | Unspecified | 1 | OilRig is a well-known threat actor in the cybersecurity landscape, notorious for its sophisticated attacks on various targets, including Middle Eastern telecommunications organizations and Israel's critical infrastructure sector. This entity has been linked to several high-profile campaigns such as |
| APT40 | Unspecified | 1 | APT40, a Chinese cyber espionage group suspected to be linked to the People's Republic of China (PRC) Ministry of State Security, has been identified as a significant threat actor. The group typically targets countries strategically important to China's Belt and Road Initiative. Over the years, APT4 |
| MuddyWater | Unspecified | 1 | MuddyWater is an advanced persistent threat (APT) group, also known as Earth Vetala, MERCURY, Static Kitten, Seedworm, and TEMP.Zagros. This threat actor has been linked to the Iranian Ministry of Intelligence and Security (MOIS) according to a joint advisory from cybersecurity firms. The group empl |
| Gamaredon | Unspecified | 1 | Gamaredon, a Russian Advanced Persistent Threat (APT) group, has been actively tracked since 2013 and is recognized as a significant threat actor in the cybersecurity landscape. Its primary target is Ukraine, against which it deploys an array of home-brewed malware through malicious documents. The E |
| APT34 | Unspecified | 1 | APT34, also known as OilRig, EUROPIUM, Hazel Sandstorm, and Crambus among other names, is a threat actor believed to be operating on behalf of the Iranian government. Operational since at least 2014, APT34 has been involved in long-term cyber espionage operations primarily focused on reconnaissance |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| CVE-2017-11882 | Unspecified | 2 | CVE-2017-11882 is a software vulnerability present in Microsoft's Equation Editor, allowing for the execution of malicious code. This vulnerability was exploited by a tool known as Royal Road, which is shared among various Chinese state-sponsored groups. The tool facilitates the creation of harmful |
| Source | CreatedAt | Title |
|---|---|---|
| Fortinet | 2 months ago | New Agent Tesla Campaign Targeting Spanish-Speaking People | Fortinet Blog |
| Securityaffairs | 3 months ago | Targeted operation against Ukraine exploited 7-year-old MS Office bug |
| Checkpoint | 5 months ago | Maldocs of Word and Excel: Vigor of the Ages - Check Point Research |
| Checkpoint | 5 months ago | 12th February – Threat Intelligence Report - Check Point Research |
| MITRE | 7 months ago | Operation (노스 스타) North Star A Job Offer That’s Too Good to be True? | McAfee Blog |
| Securelist | 8 months ago | PC malware statistics, Q3 2023 |
| Securelist | 8 months ago | Kaspersky malware report for Q3 2023 |
| CERT-EU | a year ago | Years-old Microsoft bugs are still hot targets for criminals |
| CERT-EU | a year ago | Qualys Top 20 Exploited Vulnerabilities | Qualys Security Blog |
| CERT-EU | a year ago | IT threat evolution in Q2 2023. Non-mobile statistics – GIXtools |
| CERT-EU | a year ago | PC malware statistics, Q2 2022 |
| CISA | a year ago | 2022 Top Routinely Exploited Vulnerabilities | CISA |
| InfoSecurity-magazine | a year ago | Cyber-Attacks Targeting Government Agencies Increase 40% |
| Securelist | a year ago | Kaspersky crimeware report: Emotet, DarkGate and LokiBot |
| SANS ISC | a year ago | Loader activity for Formbook "QM18" - SANS Internet Storm Center |
| CERT-EU | a year ago | Loader activity for Formbook "QM18", (Wed, Jul 12th) – Cyber Safe NV |
| Securelist | a year ago | Non-mobile malware statistics, Q1 2023 |
| MITRE | a year ago | The Gorgon Group: Slithering Between Nation State and Cybercrime |
| MITRE | a year ago | Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks | CISA |
| MITRE | a year ago | Ukraine links members of Gamaredon hacker group to Russian FSB |