| ID | Votes | Profile Description |
|---|---|---|
| Black Basta | 7 | Black Basta is a notorious malware group known for its ransomware activities. The group has been active since at least early 2022, during which time it has accumulated an estimated $107 million in Bitcoin ransom payments. It leverages malicious software to infiltrate and exploit computer systems, of |
| Diceloader | 6 | Diceloader is a type of malware, short for malicious software, that is designed to infiltrate and damage computer systems. It can infect systems through various means such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside a system, it can steal personal in |
| Sangria Tempest | 5 | Sangria Tempest, also known as FIN7, Carbon Spider, and ELBRUS, is a threat actor that has been active since 2014. This Russian advanced persistent threat (APT) group is known for its malicious activities, including spear-phishing campaigns, malware distribution, and theft of payment card data. In m |
| Carbanak | 5 | Carbanak is a sophisticated malware known for its involvement in various cyberattacks since it was first identified. This malicious software, created by the Russian criminal group FIN7 (also known as Carbanak, Carbon Spider, Cobalt Group, Navigator Group), has been active since mid-2015. The group p |
| ITG14 | 3 | ITG14, a threat actor identified in the cybersecurity industry, has recently been linked to malicious activities involving the Domino Backdoor. X-Force researchers have found substantial evidence connecting the Domino Backdoor to ITG14’s Carbanak Backdoor. The Domino Backdoor not only shares signifi |
| Tirion | 3 | Tirion, also known as Lizar or DiceLoader, is a type of malware developed by the threat group ITG14, also known as FIN7. First reported in March 2020, Tirion has been observed in numerous ITG14 campaigns up until the end of 2022. This malicious software can infiltrate systems through suspicious down |
| Shadowsyndicate | 2 | ShadowSyndicate, a threat actor that emerged in 2019, has been implicated in multiple ransomware operations according to cybersecurity firm Group-IB. The group is known for its affiliations with various ransomware groups and programs, and has been involved in several ransomware projects such as JSWO |
| Evil Corp | 2 | Evil Corp, a threat actor group based in Russia, has been identified as a significant cybercrime entity responsible for the execution of malicious actions. The alleged leader of this group is Maksim Yakubets, who is notably associated with Dridex malware operations. The U.S. Treasury imposed sanctio |
| Anunak | 2 | Anunak, also known as Carbanak or FIN7, is a prominent threat actor in the cybercrime landscape. The group emerged around 2013 and specializes in financial theft, primarily targeting Eastern European banks, U.S. and European point-of-sale systems, and other entities. The name "Carbanak" was coined b |
| Carbon Spider | 2 | CARBON SPIDER, also known as FIN7 and Sangria Tempest, is a threat actor that has been active in the eCrime space since approximately 2013. This criminally motivated group primarily targets the hospitality and retail sectors with the aim of obtaining payment card data. The group has been linked to s |
| Stark Industries Solutions | 2 | Stark Industries Solutions, a large hosting provider, has emerged as a significant threat actor in the cybersecurity landscape. The company surfaced just two weeks before Russia's invasion of Ukraine and has since been identified as the epicenter of numerous cyberattacks against Russia's adversaries |
| Carbanak Group | 2 | The Carbanak Group, also known as FIN7, is a notorious cybercrime gang responsible for some of the largest banking heists in history. This threat actor specializes in executing actions with malicious intent, often deploying data-stealing backdoors such as the CARBANAK malware. Despite several arrest |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Lizar | Unspecified | 6 | Lizar, also known as Tirion or Diceloader, is a malicious software developed by the threat group ITG14. It's designed to exploit and damage computers or devices, infiltrating systems through suspicious downloads, emails, or websites. Once installed, it can steal personal information, disrupt operati |
| Domino | Unspecified | 5 | The Domino malware, a harmful program designed to exploit and damage computer systems, has been identified as the culprit behind a series of high-profile cyber attacks. The first notable incident occurred when a hacker claimed to have accessed Domino's India's massive 13 TB database on the Dark Web, |
| Conti | Unspecified | 5 | Conti is a notorious malware and ransomware operation that has caused significant damage to computer systems worldwide. The Conti group, believed to have around 200 employees, operated like a regular business, with internal communications revealing the organization's structure and operations. It was |
| Clop | Unspecified | 4 | Clop, also known as Cl0p, is a notorious ransomware group responsible for several high-profile cyberattacks. The group specializes in exploiting vulnerabilities in software and systems to gain unauthorized access, exfiltrate sensitive data, and then extort victims by threatening to release the stole |
| Ryuk | Unspecified | 3 | Ryuk is a type of malware known as ransomware, which has been utilized by the threat group ITG23 for several years. This group has been notorious for crypting their malware, with crypters seen in use with other malware such as Trickbot, Emotet, Cobalt Strike, and Ryuk. In 2019, most ransomware inves |
| REvil | Unspecified | 3 | REvil is a type of malware, specifically ransomware, that has been linked to significant cyber attacks. It emerged as part of the Ransomware as a Service (RaaS) model that gained popularity in 2020. This model established relationships between first-stage malware and subsequent ransomware attacks, s |
| Domino Backdoor | is related to | 3 | The Domino Backdoor is a type of malware that has been linked to multiple threat groups, highlighting the complexity of tracking these actors and their operations. This malicious software, designed to exploit and damage computers or devices, can steal personal information, disrupt operations, or hol |
| Carbanak Backdoor | Unspecified | 3 | The Carbanak Backdoor is a notorious malware, designed to exploit and damage computer systems. It is associated with the FIN7 threat group, also known as the "Carbanak Group", although not all usage of the Carbanak Backdoor can be directly linked to FIN7. This malicious software infiltrates systems |
| TrickBot | Unspecified | 2 | TrickBot is a notorious malware that has been used extensively by cybercriminals to exploit and damage computer systems. It operates as a crimeware-as-a-service platform, infecting systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can stea |
| Maze | Unspecified | 2 | Maze is a type of malware, specifically ransomware, that gained notoriety in 2019 for its double extortion tactic. This malicious software infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Maze w |
| Lockbit | Unspecified | 2 | LockBit is a malicious software, or malware, that has been notably active and damaging in the cyber world. Known for its ability to infiltrate systems often without detection, it can steal personal information, disrupt operations, and even hold data hostage for ransom. In the first half of 2024, Loc |
| Lockbit Black | Unspecified | 2 | LockBit Black, also known as LockBit 3.0, is a sophisticated malware variant that emerged in early 2022. This malicious software encrypts files and disrupts operations on infected devices, often demanding a ransom for the restoration of data. Developed as an iteration of LockBit 2.0 (LockBit Red) re |
| Cobalt Strike Beacon | Unspecified | 2 | Cobalt Strike Beacon is a type of malware that has been linked to various ransomware activities. This malicious software has been loaded by HUI Loader in several instances, with different files such as mpc.tmp, dlp.ini, and vmtools.ini being used. A unique feature of this Cobalt Strike Beacon shellc |
| Aukill | Unspecified | 2 | AuKill, also known as AvNeutralizer, is a malicious software developed by the notorious cybercrime group FIN7 (also known as Carbanak, Carbon Spider, Cobalt Group, Navigator Group). The development of this anti-security tool began in April 2022. AuKill was specifically designed to undermine endpoint |
| Blackbasta | Unspecified | 2 | BlackBasta is a notorious malware, specifically ransomware, that has been associated with several high-profile cyber-attacks. This malicious software infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, |
| Project Nemesis | Unspecified | 2 | Project Nemesis is a malicious software, or malware, that was first advertised on the dark web in December 2021. It is designed to exploit and damage computer systems by infiltrating them through suspicious downloads, emails, or websites. Once inside, Project Nemesis can steal personal information, |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| DarkSide | Unspecified | 4 | DarkSide is a threat actor known for its malicious activities, particularly in the realm of ransomware. This group was notably responsible for the major attack on the U.S. energy sector that targeted Colonial Pipeline Co. on May 7, 2021, using a ransomware-as-a-service operation. The DarkSide ransom |
| Alphv | Unspecified | 4 | Alphv is a threat actor group known for its malicious activities in the cyber world. They have been particularly active in deploying ransomware attacks, with one of their most significant actions being the theft of 5TB of data from Morrison Community Hospital. This act not only disrupted hospital op |
| Blackmatter | Unspecified | 3 | BlackMatter is a recognized threat actor in the cybersecurity industry, notorious for its malicious activities and the execution of ransomware attacks. The group initially operated as DarkSide, responsible for the high-profile Colonial Pipeline attack in May 2021, which led to significant attention |
| Lapsus | Unspecified | 2 | Lapsus is a significant threat actor that has been active since its inception in early 2022. The group gained notoriety for its cyberattacks, including a high-profile breach of Nvidia, an American multinational technology company, in the same year. This attack led to the leak of thousands of passwor |
| APT28 | Unspecified | 2 | APT28, also known as Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM, is a threat actor linked to Russia that has been active since at least 2007. The group has targeted governments, militaries, and security organizations worldwide, including the German Social Democratic Party |
| TA505 | Unspecified | 2 | TA505, also known as Cl0p Ransomware Gang and Lace Tempest, is a highly active and sophisticated cybercriminal group. The group has been associated with various high-profile cyber-attacks, demonstrating adaptability through a multi-vector approach to their operations. In June 2023, the U.S. Cybersec |
| LockBitSupp | Unspecified | 2 | LockBitSupp, also known as Dmitry Yuryevich Khoroshev, is a threat actor who has been identified as the creator and operator of one of the most prolific ransomware variants known as LockBit. Based in Voronezh, Russia, Khoroshev allegedly began developing LockBit as early as September 2019 and contin |
| Preview | Source Link | CreatedAt | Title |
|---|---|---|---|
| Securityaffairs | 19 days ago | Researchers uncovered new infrastructure linked to the cybercrime group FIN7 | |
| Securityaffairs | a month ago | SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6 | |
| Securityaffairs | a month ago | security-affairs-malware-newsletter-round-5 | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 3 | |
| Securityaffairs | 2 months ago | Security Affairs newsletter Round 481 by Pierluigi Paganini – INTERNATIONAL EDITION | |
| Securityaffairs | 2 months ago | FIN7 group advertises new EDR bypass tool on hacking forums | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 3 | |
| Securityaffairs | 2 months ago | Security Affairs newsletter Round 481 by Pierluigi Paganini – INTERNATIONAL EDITION | |
| Securityaffairs | 2 months ago | FIN7 group advertises new EDR bypass tool on hacking forums | |
| DARKReading | 2 months ago | Security End-Run: 'AuKill' Shuts Down Windows-Reliant EDR Processes | |
| Securityaffairs | 2 months ago | Ransomware groups target Veeam Backup & Replication bug | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 2 | |
| Krebs on Security | 2 months ago | The Stark Truth Behind the Resurgence of Russia’s Fin7 | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 1 | |
| Securityaffairs | 2 months ago | Operation Morpheus took down 593 Cobalt Strike servers used by threat actors | |
| Securityaffairs | 2 months ago | Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION | |
| Securityaffairs | 3 months ago | Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION | |
| Securityaffairs | 3 months ago | Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION | |
| Flashpoint | 3 months ago | From Origins to Operations: Understanding Black Basta Ransomware | |
| Securityaffairs | 3 months ago | Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION |