| ID | Votes | Profile Description |
|---|---|---|
| Dtrack Backdoor | 1 | The DTrack backdoor is a malicious software (malware) primarily used by the Andariel group, a cybercriminal entity known for its sophisticated cyberattacks. The malware infects Windows machines by executing a Log4j exploit, which downloads additional harmful software from a command-and-control (C2) |
| Stonefly | 1 | Stonefly, also known as Andariel or Silent Chollima, is a threat actor group believed to be linked with the North Korean government. Active since at least 2015, Stonefly has been involved in numerous attacks, including several attributed to the North Korean state-sponsored operation Lazarus. The gro |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| AppleSeed | Unspecified | 1 | Appleseed is a sophisticated malware, believed to be affiliated with North Korean nation-state actors, that has been used in various cyber attacks. The malware uses a two-layer command structure to communicate with its command and control server, making it particularly effective at seizing control o |
| WannaCry | Unspecified | 1 | WannaCry is a type of malware, specifically ransomware, that caused significant global disruption in 2017. It exploited Windows SMBv1 Remote Code Execution Vulnerabilities (CVE-2017-0144, CVE-2017-0145, CVE-2017-0143), which allowed it to spread rapidly and infect over 200,000 machines across more t |
| Earlyrat | Unspecified | 1 | EarlyRat is a previously undocumented malware discovered by Kaspersky researchers in June. The North Korea-linked Advanced Persistent Threat (APT) group Andariel used EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year. The malware was first noticed in one of the Log4j cases, |
| Magicrat | Unspecified | 1 | MagicRAT is a type of malware, first observed by Cisco Talos in 2022, that was used by the Lazarus Group to exploit vulnerabilities in publicly exposed VMWare Horizon platforms, primarily targeting energy companies worldwide. This malicious software, which can infiltrate systems through suspicious d |
| Qbot | Unspecified | 1 | Qbot, also known as Qakbot or Pinkslipbot, is a modular information-stealing malware that emerged in 2007 as a banking trojan. Over the years, it has evolved into an advanced malware strain used by multiple cybercriminal groups to compromise networks and prepare them for ransomware attacks. The firs |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Lazarus Group | Unspecified | 3 | The Lazarus Group, a notorious threat actor believed to be linked to North Korea, has been attributed with a series of significant cyber-attacks over the past few years. The group's malicious activities include the exploitation of digital infrastructure, stealing cryptocurrency, and executing large- |
| Silent Chollima | Unspecified | 1 | Silent Chollima, a North Korea-nexus threat actor, is known for its malicious cyber activities. The group, which is part of the 3rd Bureau of the Foreign Intelligence and Reconnaissance General Bureau, North Korea's foreign intelligence agency, has been associated with other groups such as Lazarus, |
| Darkseoul | Unspecified | 1 | DarkSeoul, also known as Onyx Sleet, Plutonium, and Andariel, is a threat actor group believed to be associated with the 110th Research Center. This group has been active since at least 2013, when it launched the DarkSeoul campaign, resulting in significant damage to thousands of systems in the fina |
| Andariel | Unspecified | 1 | Andariel, a notorious threat actor associated with the Lazarus Group and linked to North Korea, is known for its malicious cyber activities. The group has been identified using DTrack malware and Maui ransomware, notably in mid-2022, and has developed a reputation for exploiting ActiveX objects. Res |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
No associations to display |
| Source | CreatedAt | Title |
|---|---|---|
| CERT-EU | 7 months ago | Lazarus Group Exploits Log4j Flaw in New Malware Campaign |
| BankInfoSecurity | 8 months ago | North Korean Hackers Steal South Korean Anti-Aircraft Data |
| CERT-EU | a year ago | IT threat evolution in Q2 2023 – GIXtools |
| CERT-EU | a year ago | IT threat evolution Q2 2023 |
| CERT-EU | a year ago | Lazarus Group Exploits Critical Zoho ManageEngine Flaw to Deploy Stealthy QuiteRAT Malware |
| CERT-EU | a year ago | Andariel’s silly mistakes and a new malware family – Cyber Security Review |
| CERT-EU | a year ago | New Malware Alert: EarlyRAT Linked to North Korean Hacking Group |
| CERT-EU | a year ago | Log4j bug exploited to push novel EarlyRat malware |
| Securityaffairs | a year ago | North Korean Andariel APT used a new malware named EarlyRat |
| BankInfoSecurity | a year ago | New Malware by Lazarus-Backed Andariel Group Exploits Log4j |
| CERT-EU | a year ago | Andariel APT Hackers Drop a New Malware On Windows Via Weaponized MS Word Doc |
| CERT-EU | a year ago | Andariel’s Mistakes Uncover New Malware in Lazarus Group Campaign |
| CERT-EU | a year ago | Andariel’s silly mistakes and a new malware family – GIXtools |
| CERT-EU | a year ago | Kaspersky crimeware report: Andariel’s mistakes and EasyRat malware |
| MITRE | a year ago | Hello! My name is Dtrack |
| MITRE | a year ago | DTrack: previously unknown spy-tool by Lazarus hits financial institutions and research centers |
| CSO Online | a year ago | APT groups use ransomware TTPs as cover for intelligence gathering and sabotage |
| InfoSecurity-magazine | a year ago | Lazarus Group Attack Identified After Operational Security Fail |
| CERT-EU | a year ago | North Korean hackers stole research data in two-month-long breach |
| CERT-EU | a year ago | Des hackers nord-coréens démasqués après une erreur opérationnelle | UnderNews |