ID | Votes | Profile Description |
---|---|---|
Gandcrab | 2 | GandCrab, a threat actor, is known for its malicious activities involving ransomware attacks. Originating from Russian origins and evolving from Team Truniger, a former GandCrab affiliate, the group has been linked to numerous ransomware variants including Bad Rabbit, LockBit 2.0, STOP/DJVU, and REv |
Gozi Isfb | 1 | Gozi ISFB, also known as Ursnif and Dreambot, is a malicious software (malware) that has been actively developed and distributed worldwide. This malware is designed to exploit computer systems, primarily targeting the banking and financial sectors by stealing passwords and credentials from victims. |
ID | Type | Votes | Profile Description |
---|---|---|---|
Emotet | Unspecified | 6 | Emotet is a highly dangerous and insidious malware that has resurfaced with increased activity this summer. Originally distributed via email attachments, it infiltrates systems often without the user's knowledge, forming botnets under the control of criminals for large-scale attacks. Once infected, |
IcedID | Unspecified | 4 | IcedID is a malicious software (malware) designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom |
BitPaymer | Unspecified | 3 | BitPaymer is a type of malware that operates as ransomware, encrypting files and demanding payment for their release. It was operated by the GOLD DRAKE threat group and was later reworked and renamed DoppelPaymer by the GOLD HERON threat group. As part of the Ransomware as a Service (RaaS) model tha |
TrickBot | Unspecified | 3 | TrickBot is a notorious form of malware that infiltrates systems to exploit and damage them, often through suspicious downloads, emails, or websites. Once it has breached a system, TrickBot can steal personal information, disrupt operations, and even hold data hostage for ransom. It has been linked |
Doppelpaymer | Unspecified | 3 | DoppelPaymer is a form of malware, specifically ransomware, known for its high-profile attacks on large organizations and municipalities. Originally based on the BitPaymer ransomware, DoppelPaymer was reworked and renamed by the threat group GOLD HERON, after initially being operated by GOLD DRAKE. |
QakBot | Unspecified | 3 | Qakbot is a potent malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information, disrupt operations, or e |
Ursnif | Unspecified | 2 | Ursnif, also known as Gozi or ISFB, is a type of malware that poses significant threats to computer systems and user data. It's often distributed through suspicious downloads, emails, or websites, infiltrating systems without the user's knowledge. Once installed, Ursnif can steal personal informatio |
Gameover Zeus | Unspecified | 2 | Gameover ZeuS, also known as P2P ZeuS, is a notorious piece of malware designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even |
Raccoon | Unspecified | 2 | Raccoon is a highly potent and cost-effective Malware-as-a-Service (MaaS) primarily sold on dark web forums, used extensively by Scattered Spider threat actors to pilfer sensitive data. As per the "eSentire Threat Intelligence Malware Analysis: Raccoon Stealer v2.0" report published on August 31, 20 |
Zeus | Unspecified | 2 | Zeus is a type of malware, short for malicious software, designed to exploit and damage computers or devices. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Zeus can steal personal information, disrupt operations, or even hold da |
Gozi | Unspecified | 2 | Gozi is a notorious malware that has been linked to numerous cyber attacks. It's typically delivered through sophisticated malvertising techniques, often used in conjunction with other initial access malware such as Pikabot botnet agent and IcedID information stealer. When an individual accesses a c |
Conti | Unspecified | 1 | Conti is a type of malware, specifically ransomware, known for its ability to disrupt operations, steal personal information, and hold data hostage for ransom. The malicious software infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. It has been used in |
Formbook | Unspecified | 1 | Formbook is a type of malware known for its ability to steal personal information, disrupt operations, and potentially hold data for ransom. The malware is commonly spread through suspicious downloads, emails, or websites, often without the user's knowledge. In June 2023, Formbook was observed being |
Agent Tesla | Unspecified | 1 | Agent Tesla is a malicious software (malware) that exploits and damages computer systems, often infiltrating the system through suspicious downloads, emails, or websites. This malware can steal personal information, disrupt operations, and potentially hold data for ransom. Agent Tesla has been obser |
ANDROMEDA | Unspecified | 1 | Andromeda is a type of malware, or malicious software, designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or hold data ho |
GuLoader | Unspecified | 1 | GuLoader is a type of malware that infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, it can steal personal information, disrupt operations, or even hold data hostage for ransom. GuLoader is encrypted with NSIS Crypter and has |
WannaCry | Unspecified | 1 | WannaCry is a type of malware, specifically ransomware, that caused significant global disruption in 2017. It exploited Windows SMBv1 Remote Code Execution Vulnerabilities (CVE-2017-0144, CVE-2017-0145, CVE-2017-0143), which allowed it to spread rapidly and infect over 200,000 machines across more t |
Carbanak | Unspecified | 1 | Carbanak is a sophisticated type of malware, short for malicious software, that is designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt |
Lobshot | Unspecified | 1 | Lobshot is a stealthy remote access malware that has been used by cybercriminals, notably Russian threat actors, in various malicious campaigns. It was featured alongside other well-known malware samples like DarkGate infostealer, Ducktail, and Redline in deceptive campaigns where it was embedded in |
Clop | Unspecified | 1 | Clop is a notorious malware, short for malicious software, known for its disruptive and damaging effects on computer systems. It primarily infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Clop can steal personal information, disrupt o |
REvil | Unspecified | 1 | REvil is a notorious form of malware, specifically ransomware, that infiltrates systems to disrupt operations and steal data. The ransomware operates on a Ransomware as a Service (RaaS) model, which gained traction in 2020. In this model, REvil, like other first-stage malware such as Dridex and Goot |
Bazar | Unspecified | 1 | "Bazar" is a form of malware, a malicious software designed to exploit and damage computer systems. This harmful program can infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once it gains access, it can steal personal information, disrupt operations, o |
Dyre | Unspecified | 1 | Dyre, also known as Dyreza or Dyzap, is a banking Trojan that was initially designed to monitor online banking transactions with the aim of stealing passwords, money, or both. It first emerged in 2009 and 2010, targeting victim bank accounts held at various U.S.-based financial institutions. These i |
Raccoon Stealer | Unspecified | 1 | Raccoon Stealer is a form of malware that was first identified in 2019. Developed by Russian-speaking coders and initially promoted on Russian-language hacking forums, the malicious software was designed to steal sensitive data from victims, including credit card information, email credentials, and |
Cobaltstrike | Unspecified | 1 | CobaltStrike is a notorious form of malware that has been used in conjunction with other malicious software including IcedID, Qakbot, BazarLoader, Conti, Gozi, Trickbot, Quantum, Emotet, and Royal Ransomware. This malware is typically delivered through suspicious downloads, emails, or websites, ofte |
Get2 | Unspecified | 1 | Get2 is a type of malware, harmful software designed to infiltrate and damage computer systems or devices. It can be unknowingly downloaded through suspicious emails, downloads, or websites, enabling it to steal personal information, disrupt operations, or hold data hostage for ransom. Among the mos |
Socgholish | Unspecified | 1 | SocGholish is a malicious software (malware) known for its ability to exploit and damage computer systems by stealing personal information, disrupting operations, or holding data hostage for ransom. Notably, in 2023, several distinct website malware campaigns were identified to serve SocGholish malw |
Azorult | Unspecified | 1 | Azorult is a type of malware, or malicious software, that infiltrates systems to exploit and damage them, often without the user's knowledge. It has historically been one of the favored infostealers sold on the marketplace 2easy, alongside RedLine, Raccoon, Vidar, and Taurus. However, as of late Feb |
Fakeupdates | Unspecified | 1 | FakeUpdates, also known as SocGholish, is a JavaScript-based loader malware that primarily targets Microsoft Windows-based environments. The malware has been in operation for over five years and uses compromised websites to trick users into running a fake browser update. In addition to its deceptive |
Goznym | Unspecified | 1 | Goznym is a malicious software, or malware, that gained significant attention in February 2016 after incorporating leaked ISFB code. This potent combination led to its resurgence in the cybercrime market, where it was employed by threat actors to exploit and damage computer systems. The malware coul |
Cutwail | Unspecified | 1 | Cutwail is a notorious malware that has been associated with various botnets, including Necurs, Andromeda, and Dridex, at different stages of their lifecycle. It has been implicated in the distribution of malicious payloads such as IcedID, Gozi, and Pushdo, often using crypters like Hexa, Forest, Sn |
Jssloader | Unspecified | 1 | JssLoader is a malware often used by the ransomware gang FIN7, also known as Sangria Tempest, Elbrus, Carbon Spider, and others. This malicious software is typically delivered through deceptive tactics such as email lures, including invoice- and payment-themed decoy messages that trick users into do |
ID | Type | Votes | Profile Description |
---|---|---|---|
TA505 | Unspecified | 4 | TA505, also known as Cl0p Ransomware Gang and Lace Tempest, is a highly active and sophisticated cybercriminal group. The group has been associated with various high-profile cyber-attacks, demonstrating adaptability through a multi-vector approach to their operations. In June 2023, the U.S. Cybersec |
Indrik Spider | Unspecified | 2 | Indrik Spider is a notable threat actor known for its cybercriminal activities, particularly in the realm of ransomware. In July 2017, the group entered the targeted ransomware sphere with BitPaymer, using file-sharing platforms to distribute the BitPaymer decryptor. This shift in operations saw Ind |
Evil Corp | Unspecified | 2 | Evil Corp, a threat actor group based in Russia, has been identified as a significant cybercrime entity responsible for the execution of malicious actions. The alleged leader of this group is Maksim Yakubets, who is notably associated with Dridex malware operations. The U.S. Treasury imposed sanctio |
fin11 | Unspecified | 2 | FIN11, a threat actor group also known as Lace Tempest or TA505, has been linked to the development and deployment of Cl0p ransomware. This malicious software is believed to be a variant of another ransomware, CryptoMix, and is typically used by FIN11 to encrypt files on a victim's network after ste |
Hive0065 | Unspecified | 1 | Hive0065, also known as Graceful Spider, TA505, Gold Evergreen, TEMP.Warlock, Chimborazo, or FIN11, is a financially motivated cybercrime group that has been actively targeting various industries such as finance, retail and restaurants since at least 2014. The group has been notorious for distributi |
EXOTIC LILY | Unspecified | 1 | Exotic Lily, an initial access broker (IAB), has been active since at least September 2021. The entity conducts highly sophisticated phishing campaigns to gain initial access to organizations and then sells this access to other threat actors, including ransomware groups. A notable example of their m |
Quant Loader | Unspecified | 1 | Quant Loader is a significant threat actor in the realm of cybersecurity, known for executing actions with malicious intent. It has been linked to various malware campaigns, distributing harmful software such as GandCrab ransomware, DreamSmasher, Dridex, and itself - Quant Loader. The threat actor o |
Unc2165 | Unspecified | 1 | UNC2165 is a financially motivated threat actor group that has been linked to multiple LockBit ransomware intrusions, as per research conducted by Mandiant. This group shares numerous overlaps with Evil Corp, another notorious cybercrime organization. The activity of UNC2165 has been tracked since t |
Dreamsmasher | Unspecified | 1 | None |
ID | Type | Votes | Profile Description |
---|---|---|---|
Gozi Neverquest | Unspecified | 1 | None |
Log4Shell | Unspecified | 1 | Log4Shell is a software vulnerability, specifically a flaw in the design or implementation of the popular Java logging library, Log4j. Identified as CVE-2021-44228, this vulnerability allows an attacker to remotely execute arbitrary code, often leading to full system compromise. Advanced Persistent |
CVE-2017-11882 | Unspecified | 1 | CVE-2017-11882 is a software vulnerability present in Microsoft's Equation Editor, allowing for the execution of malicious code. This vulnerability was exploited by a tool known as Royal Road, which is shared among various Chinese state-sponsored groups. The tool facilitates the creation of harmful |
CVE-2017-0199 | Unspecified | 1 | CVE-2017-0199 is a notable software vulnerability, specifically a flaw in the design or implementation of Microsoft Office's Object Linking and Embedding (OLE) feature. This vulnerability has been exploited over the years to spread various notorious malware families. In 2017, it was used to dissemin |
Source | CreatedAt | Title |
---|---|---|
Unit42 | 5 months ago | Intruders in the Library: Exploring DLL Hijacking |
Checkpoint | 5 months ago | Maldocs Âof Word and Excel: Vigor of the Ages - Check Point Research |
CERT-EU | 7 months ago | One paid out, one did not • The Register | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting |
CERT-EU | 8 months ago | Log4Shell: A Persistent Threat to Cybersecurity - Two Years On - Cybersecurity Insiders |
CERT-EU | 8 months ago | Are DarkGate and PikaBot the new QakBot? |
CERT-EU | 9 months ago | Latest RAT attack surge bypasses Microsoft's XLL block |
CERT-EU | 9 months ago | DG NCA Graeme Biggar delivers RUSI's 4th Annual Security Lecture |
MITRE | a year ago | Tricks of the Trade: A Deeper Look Into TrickBot's Machinations |
CERT-EU | 10 months ago | Update: The 2023 Malware League Table |
CERT-EU | 10 months ago | Insider Threat Awareness Month: Protecting Your Business from Within |
CERT-EU | 10 months ago | Storm-0324 Exploits MS Teams Chats to Facilitate Ransomware Attacks |
CERT-EU | 10 months ago | Microsoft Warns of New Phishing Campaign Targeting Corporations via Teams Messages | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting |
CERT-EU | 10 months ago | August 2023's Most Wanted Malware : New ChromeLoader Campaign Spreads Malicious Browser Extensions while QBot is Shut Down by FBI – Global Security Mag Online |
CERT-EU | a year ago | Three malware loaders behind 80% of intrusions, researchers find |
CERT-EU | a year ago | Cybersecurity Companies Report Surge in Ransomware Attacks |
CERT-EU | a year ago | Eight ways to guard against botnet attacks on enterprise networks |
CERT-EU | a year ago | Patch Against Exploit Kits. Understanding How Threat Actors Target Your Defenses |
CERT-EU | a year ago | Locky Ransomware 101: Everything You Need to Know |
BankInfoSecurity | a year ago | Moscow Court Convicts Former Group-IB Chief for Treason |
CERT-EU | a year ago | Jailed On Treason Charges, A Russian Cybersecurity Exec Goes On The Offensive | #cybercrime | #infosec | National Cyber Security Consulting |