| ID | Votes | Profile Description |
|---|---|---|
| Ta4557 | 2 | TA4557 is a malicious software (malware) that has been uniquely identified by cybersecurity firm Proofpoint due to its distinctive use of tools, campaign targeting, evasion measures, and controlled infrastructure. This malware is particularly notable for its sophisticated spear-phishing strategy, wh |
| ITG08 | 2 | ITG08 is a notable threat actor in the cybersecurity landscape, known for its malicious activities and strategic partnerships with other threat actors. This group has been linked to a series of attacks through Tactics, Techniques, and Procedures (TTPs) consistent with their known modus operandi. Whi |
| NICKEL | 1 | Nickel is a notable threat actor, or malicious entity, that has been involved in significant cyber operations. Notably, Nickel targeted government organizations across Latin America and Europe, alongside other nation-state affiliated threat actors such as FIN6 and Emissary Panda. These groups focuse |
| Skelaton Spider | 1 | None |
| Magecart | 1 | Magecart is a consortium of malicious hacker groups known for their attacks on online shopping cart systems, specifically the Magento system, with the intent to steal customer payment card information. This malware, short for malicious software, can infiltrate systems through suspicious downloads, e |
| Badbullzvenom | 1 | Badbullzvenom, a malware associated with the notorious Golden Chickens operation, has been traced back to its developers. In May 2023, security firm eSentire identified the second developer of the malware as a Romanian individual named Jack, also known by aliases Lucky and badbullzvenom. The Golden |
| Venom Spider | 1 | Venom Spider is a highly capable and stealthy malware suite, known for its destructive potential to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the ability to steal personal informa |
| Golden Chickens | 1 | Golden Chickens, also known as More_eggs, is a sophisticated malware suite that was initially discovered in 2018. It is used by financially motivated cybercrime actors like the Cobalt Group and FIN6 to steal sensitive information such as intellectual property and geopolitical intelligence from compr |
| Lucky | 1 | "Lucky" is a malicious software (malware) that has been compromising systems, causing significant disruptions and potential data loss. This malware infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, it can steal personal inform |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| More_eggs | Unspecified | 1 | More_eggs, also known as Golden Chickens, is a malware suite utilized by financially motivated cybercrime actors such as Cobalt Group and FIN6. This malware-as-a-service (MaaS) offering has been identified as the "cyber weapon of choice" by Russia-based cyber gangs. It was first seen in email campai |
| EVILNUM | Unspecified | 1 | Evilnum is a form of malware, first observed and reported in 2018, that is designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or even ho |
| TrickBot | Unspecified | 1 | TrickBot is a notorious form of malware that infiltrates systems to exploit and damage them, often through suspicious downloads, emails, or websites. Once it has breached a system, TrickBot can steal personal information, disrupt operations, and even hold data hostage for ransom. It has been linked |
| Ryuk | Unspecified | 1 | Ryuk is a sophisticated malware, specifically a ransomware variant, that has been extensively used by cybercriminal group ITG23. The group has been employing crypting techniques for several years to obfuscate their malware, with Ryuk often seen in tandem with other malicious software such as Trickbo |
| Anchor | Unspecified | 1 | Anchor is a type of malware, short for malicious software, that infiltrates systems to exploit and cause damage. It can access systems through various methods such as suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can disrupt operations, steal personal info |
| Trickbot’s | Unspecified | 1 | None |
| Meterpreter | Unspecified | 1 | Meterpreter, a type of malware, is an attack payload of Metasploit that serves as an interactive shell, enabling threat actors to control and execute code on a system. Advanced Persistent Threat (APT) actors have created and used a variant of Metasploit (Meterpreter) on the ServiceDesk system, liste |
| Venomkit | Unspecified | 1 | VenomKit is a malicious software (malware) that was released by badbullzvenom, also known as LUCKY, in 2017. The tool was developed with the intent to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites without the user's knowledge. Once inside a |
| LockerGoga | Unspecified | 1 | LockerGoga is a type of malware, specifically ransomware, known for its disruptive capabilities. It was notably deployed at Norsk Hydro in March 2019, causing significant operational disruption. LockerGoga differentiates itself from other types of ransomware such as EKANS due to its destructive natu |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Skeleton Spider | Unspecified | 1 | Skeleton Spider is a financially motivated threat actor that has been observed targeting POS machines used by retailers in Europe and the U.S. This threat actor was first identified two years ago and goes by other names such as FIN6 or ITG08. It employs the Golden Chickens service to anchor its intr |
| FIN8 | Unspecified | 1 | FIN8, also known as Syssphinx, is a financially motivated cybercrime group that has been active since at least January 2016. This threat actor is notorious for targeting organizations across various sectors including hospitality, retail, entertainment, insurance, technology, chemicals, and finance. |
| FIN7 | Unspecified | 1 | FIN7, a notorious threat actor group known for its malicious activities, has recently been identified as targeting a large U.S. carmaker with phishing attacks. This group, which has previously operated behind fake cybersecurity companies such as Combi Security and Bastion Secure to recruit security |
| Emissary Panda | Unspecified | 1 | Emissary Panda, also known as Iron Tiger, APT27, Budworm, Bronze Union, Lucky Mouse, and Red Phoenix, is a threat actor group associated with malicious cyber activities. The group has been active since at least 2013, targeting various industry verticals across Europe, North and South America, Africa |
| Cobalt Group | Unspecified | 1 | The Cobalt Group is a significant threat actor known for its financially-motivated cybercrime activities. This group, along with the Russian state-sponsored hacking group APT28, was responsible for almost half of all cybersecurity incidents in 2023, according to TechRadar. The Cobalt Group's modus o |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Golden Chickens More_eggs | Unspecified | 1 | None |
| Source | CreatedAt | Title |
|---|---|---|
| InfoSecurity-magazine | 7 months ago | Threat Actor Targets Recruiters With Malware |
| CERT-EU | 7 months ago | Hiring? New scam campaign means ‘resume’ downloads may contain malware |
| CERT-EU | 9 months ago | Domain of Thrones: Part I |
| CERT-EU | 9 months ago | Demystifying the Dark Web and DarkNets, Part V—FINs, APTs, Rogues, Hacktivists, Cyber Warriors, and Accidentals |
| CERT-EU | a year ago | High-severity Chrome vulnerabilities addressed |
| CERT-EU | a year ago | Minnesota VA medical center plagued with IT security gaps |
| CERT-EU | a year ago | Golden Chickens malware developer unmasked |
| MITRE | a year ago | ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework |
| MITRE | a year ago | More_eggs, Anyone? Threat Actor ITG08 Strikes Again |
| MITRE | a year ago | Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware | Mandiant |
| MITRE | a year ago | FIN8 is Back in Business, Targeting the Hospitality Industry |
| MITRE | a year ago | Dropping Anchor: From a TrickBot Infection to the Discovery of the Anchor Malware |
| CERT-EU | a year ago | В киберпространстве появилась новая угроза для финансовых организаций: кампания OCX#HARVESTER |
| CERT-EU | a year ago | Researchers Identify Second Developer of ‘Golden Chickens’ Malware |
| CERT-EU | a year ago | Meet 'Jack' from Romania! Mastermind Behind Golden Chickens Malware |
| CERT-EU | a year ago | Αποκαλύφθηκε ο προμηθευτής malware των πιο επικίνδυνων Ρώσων κυβερνο-εγκληματιών |
| CERT-EU | a year ago | Researchers identify second developer behind Golden Chickens MaaS |