| ID | Votes | Profile Description |
|---|---|---|
| Clop | 7 | Clop is a notorious malware, short for malicious software, known for its disruptive and damaging effects on computer systems. It primarily infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Clop can steal personal information, disrupt o |
| TA505 | 5 | TA505, also known as Cl0p Ransomware Gang and Lace Tempest, is a highly active and sophisticated cybercriminal group. The group has been associated with various high-profile cyber-attacks, demonstrating adaptability through a multi-vector approach to their operations. In June 2023, the U.S. Cybersec |
| Lace Tempest | 3 | Lace Tempest, a threat actor known for executing actions with malicious intent, has been identified as the orchestrator behind a series of cyber attacks exploiting a zero-day vulnerability in SysAid. The exploit was first brought to light by SysAid and further detailed in a blog post on TuxCare. Thi |
| CVE-2023-34362 | 2 | CVE-2023-34362 is a critical SQL injection vulnerability discovered in Progress Software's managed file transfer (MFT) solution known as MOVEit Transfer. This flaw in software design or implementation was first exploited by the CL0P Ransomware Gang, also known as TA505, beginning on May 27, 2023. Th |
| Snakefly | 2 | Snakefly, also known as FIN11 and TA505, is a threat actor known for its malicious activities primarily aimed at organizations in North America and Europe. The group is financially motivated and has been active since at least early 2019. Snakefly is particularly associated with the deployment of Cl0 |
| FIN7 | 1 | FIN7, a notorious threat actor group known for its malicious activities, has recently been identified as targeting a large U.S. carmaker with phishing attacks. This group, which has previously operated behind fake cybersecurity companies such as Combi Security and Bastion Secure to recruit security |
| DarkSide | 1 | DarkSide is a notable threat actor that emerged in the cybersecurity landscape with its advanced ransomware operations. In 2021, the group gained significant attention for its attack on the United States' largest oil pipeline, Colonial Pipeline, causing a temporary halt to all operations for three d |
| Dev-0950 | 1 | Lace Tempest, also known as DEV-0950 or TA-505, is a threat actor associated with the deployment of Clop ransomware. This group has been noted for its use of GoAnywhere exploits and Raspberry Robin infection hand-offs in past ransomware campaigns. Microsoft has attributed recent attacks exploiting t |
| Unc4857 | 1 | None |
| Hive0065 | 1 | Hive0065, also known as Graceful Spider, TA505, Gold Evergreen, TEMP.Warlock, Chimborazo, or FIN11, is a financially motivated cybercrime group that has been actively targeting various industries such as finance, retail and restaurants since at least 2014. The group has been notorious for distributi |
| Chimborazo | 1 | None |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Dridex | Unspecified | 2 | Dridex is a well-known malware, specifically a banking Trojan, that has been utilized by cybercriminals to exploit and damage computer systems. The malware infiltrates systems through dubious downloads, emails, or websites, often unbeknownst to the user, and can steal personal information, disrupt o |
| Akira | Unspecified | 1 | Akira is a malicious software, or malware, specifically a type of ransomware known for its disruptive and damaging effects. First surfacing in late 2023, it has continued to wreak havoc on various entities, including corporations and industries. This ransomware infects systems through suspicious dow |
| Lockbit | Unspecified | 1 | LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt |
| truebot malware | Unspecified | 1 | Truebot malware is a malicious software that infiltrates computer systems, often without the user's knowledge, to exploit and damage the device. It was primarily delivered by cyber threat actors via malicious phishing email attachments, but newer versions observed in 2023 also gained initial access |
| Nokoyawa | Unspecified | 1 | Nokoyawa is a notorious malware, particularly known for its ransomware capabilities. It has been associated with various other malicious software including Quantum, Royal, BlackBasta, Emotet, IcedID, CobaltStrike, SVCReady, CargoBay, Pushdo, Minodo, DiceLoader, AresLoader, LummaC2, Vidar, Gozi, Cany |
| Raspberry Robin | Unspecified | 1 | Raspberry Robin is a sophisticated malware that has been designed to exploit and damage computer systems. This malicious software infiltrates the system through suspicious downloads, emails, or websites, often unbeknownst to the user. Once embedded, Raspberry Robin can steal personal information, di |
| Truebot | Unspecified | 1 | Truebot is a highly potent malware used by the threat actor group CL0P, which has been linked to various malicious activities aimed at exploiting and damaging computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once embedded, |
| SDBbot | Unspecified | 1 | SDBbot is a malicious software (malware) that infiltrates computer systems typically through deceptive downloads, emails, or websites. In the context of cyber threats, it falls under the category of custom malware, used by threat groups such as GOLD TAHOE. Other common offensive security tools and c |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Clop Ransomware Group | Unspecified | 1 | The Clop ransomware group, a threat actor in the cybersecurity realm, has been recognized for its malicious activities involving the exploitation of software vulnerabilities. These entities, which can range from individuals to government entities, are responsible for executing actions with harmful i |
| Silence Cybercrime Group | Unspecified | 1 | The Silence cybercrime group, a threat actor predominantly Russian-speaking, has been associated with significant cybersecurity threats. This entity is known for its malicious activities, including the use of TrueBot, a malware downloader. Since December 2022, this malware has been co-opted by anoth |
| Evil Corp | Unspecified | 1 | Evil Corp, a threat actor group based in Russia, has been identified as a significant cybercrime entity responsible for the execution of malicious actions. The alleged leader of this group is Maksim Yakubets, who is notably associated with Dridex malware operations. The U.S. Treasury imposed sanctio |
| Indrik Spider | Unspecified | 1 | Indrik Spider is a notable threat actor known for its cybercriminal activities, particularly in the realm of ransomware. In July 2017, the group entered the targeted ransomware sphere with BitPaymer, using file-sharing platforms to distribute the BitPaymer decryptor. This shift in operations saw Ind |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| CVE-2023-27351 | Unspecified | 2 | None |
| CVE-2023-27350 | Unspecified | 2 | CVE-2023-27350 is a significant software vulnerability discovered in PaperCut NG/MF, a popular print management software. This flaw in software design or implementation allows attackers to bypass authentication and execute code with system privileges, posing a serious threat to both server and inter |
| Graceful Spider Ta505 | Unspecified | 1 | None |
| Source | CreatedAt | Title |
|---|---|---|
| Securityaffairs | 4 months ago | Google: China dominates government exploitation of zero-day vulnerabilities in 2023 |
| BankInfoSecurity | 4 months ago | On the Increase: Zero-Days Being Exploited in the Wild |
| CERT-EU | 6 months ago | The Top 10 Ransomware Groups of 2023 |
| CERT-EU | a year ago | 安全事件周报 2023-05-08 第19周 - 360CERT |
| CERT-EU | 8 months ago | Cyber Security Week In Review: November 17, 2023 |
| CERT-EU | 8 months ago | SysAid Zero-Day Vulnerability Exploited by Threat Actors |
| Checkpoint | 8 months ago | 13th November – Threat Intelligence Report - Check Point Research |
| CERT-EU | 9 months ago | CVE-2023-47246: SysAid Flaw Used in Clop Ransomware Attacks |
| InfoSecurity-magazine | 9 months ago | MOVEit Gang Targets SysAid Customers With Zero-Day Attacks |
| CERT-EU | 10 months ago | #mWISE: Why Zero Days Are Set for Highest Year on Record |
| CERT-EU | 10 months ago | Clop at the top – but for how long? | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting |
| CERT-EU | 10 months ago | Clop at the top – but for how long? |
| CERT-EU | a year ago | Cyber Security Week in Review: September 8, 2023 |
| CERT-EU | a year ago | Les vulnérabilités cyber à suivre cette semaine | 12 juin 2023 |
| CERT-EU | a year ago | Vulnerable PaperCut servers targeted by Iranian hackers |
| CERT-EU | a year ago | SafeBreach Coverage for US-CERT Alert (AA23-187A) – Truebot Malware |
| MITRE | a year ago | Probable Iranian Cyber Actors, Static Kitten, Conducting Cyberespionage Campaign Targeting UAE and Kuwait Government Agencies |
| CERT-EU | a year ago | Cyber Security Today, Week in Review for the week ending Friday, June 9, 2023 | IT World Canada News |
| BankInfoSecurity | a year ago | Nova Scotia Health Says 100,000 Affected by MOVEit Hack |
| CERT-EU | a year ago | Cyber security week in review: April 28, 2023 |