| ID | Votes | Profile Description |
|---|---|---|
| Gh0st | 5 | Gh0st is a form of malware, or malicious software, that has been used in a variety of cyber attacks to exploit and damage computer systems. Notably, it was used in Operation Diplomatic Specter, where the Gh0st RAT (Remote Access Trojan) sample and Specter malware family were deployed. The malware co |
| Gh0stcringe | 4 | Gh0stCringe is a variant of Gh0st RAT, a notorious malware that has been used in numerous cyber attacks. This malicious software is designed to exploit and damage computers or devices by infiltrating the system through suspicious downloads, emails, or websites, often unbeknownst to the user. Once in |
| Sugargh0st | 3 | SugarGh0st is a malicious software (malware) variant first identified by Cisco Talos in November of the previous year. The malware, believed to be connected to China, has been deployed in cyberespionage campaigns primarily targeting the Ministry of Foreign Affairs in Uzbekistan and users in South Ko |
| win32/farfli.cuo | 2 | Win32/Farfli.CUO is a highly malicious software, also known as malware, that has been specifically designed to exploit and damage computer systems. This particular strain of malware can infiltrate systems through various channels such as suspicious downloads, emails, or websites, often unbeknownst t |
| Sainbox | 2 | Sainbox, also known as FatalRAT, is a variant of the Gh0st RAT trojan malware that has been increasingly deployed in cybercrime activities, particularly those associated with suspected Chinese cybercrime operations. Proofpoint researchers have observed over 30 separate campaigns leveraging this malw |
| Fatalrat | 2 | FatalRAT, also known as Sainbox, is a variant of the Gh0st RAT malware that targets Windows platforms. Initially identified by Proofpoint in 2020, it has become popular with the PurpleFox threat actor group. Once infiltrated into a system, FatalRAT can log keystrokes and download and install additio |
| Sugargh0st Rat | 2 | SugarGh0st RAT is a relatively new variant of the Gh0st RAT malware, first identified by researchers at Cisco Talos in November 2023. This Remote Access Trojan (RAT) has been used to carry out cyberespionage and surveillance campaigns against various targets, including government officials in Uzbeki |
| win.noodlerat | 2 | Win.NOODLERAT is a malware variant that functions as a backdoor into infected systems, allowing unauthorized access and control. It is part of the Noodle RAT family, which has two versions: one for Windows (Win.NOODLERAT) and another for Linux (Linux.NOODLERAT). This malicious software infiltrates s |
| Dinodasrat | 1 | DinodasRAT is a multi-platform backdoor malware written in C++ that has been identified as posing significant threats to users globally. Its Linux variant, in particular, has been singled out for its ability to target Red Hat-based distributions and Ubuntu Linux, making it a potent threat to a wide |
| Quarkbandit | 1 | None |
| Valleyrat | 1 | ValleyRAT, a new malware first identified by Proofpoint in March 2024 and initially reported by Chinese cybersecurity firm Qi An Xin in February 2023, has emerged on the cybercrime scene. The malicious software is written in C++ and carries functionalities typical of remote access trojans, such as f |
| 5e4021ae96d4b28dd27382e3520e8333288d7095 | 1 | None |
| A51a0bcce028966c4fcbb1581303980cf10669e0 | 1 | None |
| Cfd900b77494574a01ea8270194f00e573e80f94 | 1 | None |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Noodle RAT | Unspecified | 2 | Noodle RAT, also known as ANGRYREBEL or Nood RAT, is a new strain of malware that has been active since at least 2018. This malicious software, used by Chinese-speaking groups for espionage or cybercrime, was introduced in a Botconf 2024 presentation by Trend Micro Research. The Windows version of N |
| win32/farfli.bur Gh0st Rat | Unspecified | 2 | None |
| win32/farfli.cuo Gh0st Rat | Unspecified | 2 | The Win32/Farfli.CUO Gh0st RAT is a significant vulnerability that poses a threat to the security of Windows systems. It represents a flaw in software, design, or implementation that allows unauthorized access and control over affected systems. This variant of the Gh0st RAT (Remote Access Trojan) ha |
| Mirai | Unspecified | 2 | Mirai is a type of malware that primarily targets Internet of Things (IoT) devices to form botnets, which are networks of private computers infected with malicious software and controlled as a group without the owners' knowledge. In early 2022, Mirai botnets accounted for over 7 million detections g |
| Xmrig | Unspecified | 1 | XMRig is a type of malware that is particularly harmful to computer systems and devices. It infiltrates the system through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for |
| RotaJakiro | Unspecified | 1 | RotaJakiro is a sophisticated malware that has been active since 2018, with four major versions identified until 2021. It stands out among contemporary malicious software due to its advanced features and encryption techniques. RotaJakiro supports 12 functions, three of which are related to the execu |
| BabyShark | Unspecified | 1 | BabyShark is a malicious software (malware) that has been linked to the North Korean Advanced Persistent Threat (APT) group known as Kimsuky, also referred to as Thallium and Velvet Chollima. This malware, written in Microsoft Visual Basic script, was first identified in November 2018 and was used p |
| Amadey | Unspecified | 1 | Amadey is a malicious software (malware) that has been found to be used in conjunction with other malware such as Remcos, GuLoader, and Formbook. Analysis of the infection chains revealed that the individual behind the sales of Remcos and GuLoader also uses Amadey and Formbook, using GuLoader as a p |
| Emotet | Unspecified | 1 | Emotet is a highly dangerous and insidious malware that has resurfaced with increased activity this summer. Originally distributed via email attachments, it infiltrates systems often without the user's knowledge, forming botnets under the control of criminals for large-scale attacks. Once infected, |
| DarkComet | Unspecified | 1 | DarkComet is a Remote Access Trojan (RAT) that opens a backdoor on infected computers, allowing unauthorized access and data theft. This malware has been classified among the top five Command and Control (C2) families, indicating its widespread usage by cybercriminals. DarkComet, along with other es |
| Meterpreter | Unspecified | 1 | Meterpreter, a type of malware, is an attack payload of Metasploit that serves as an interactive shell, enabling threat actors to control and execute code on a system. Advanced Persistent Threat (APT) actors have created and used a variant of Metasploit (Meterpreter) on the ServiceDesk system, liste |
| Xmrig Coinminer | Unspecified | 1 | XMRig CoinMiner is a type of malware that has been identified as part of a wave of attacks on poorly managed Linux SSH servers. These attacks, often conducted by threat actors installing multiple malware families, have been observed to include other harmful software such as ShellBot, Tsunami, and Ch |
| Ghost | is related to | 1 | Ghost is a type of malware, or malicious software, that infiltrates systems to exploit and cause damage. It is often disseminated through suspicious downloads, emails, or websites, and can steal personal information, disrupt operations, or hold data hostage for ransom. In 2020, there were plans for |
| Poison Ivy | Unspecified | 1 | Poison Ivy is a type of malware, or malicious software, designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold d |
| HDoor | Unspecified | 1 | HDoor is a malicious software (malware) that has been publicly available in Chinese forums since 2008. This malware, equipped with full backdoor capabilities, allows operators to perform a variety of tasks, making it a potent threat to computer systems. It can infect systems through suspicious downl |
| ZLib | Unspecified | 1 | Zlib is a known malware, a harmful program designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can cause significant damage, including stealing personal information, disrupting opera |
| PlugX | Unspecified | 1 | PlugX is a notorious malware, typically associated with Chinese threat actors, that has been used in various cyberattacks. This malicious software infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. It |
| China Chopper | Unspecified | 1 | China Chopper is a notorious malware that has been widely used by various Advanced Persistent Threat (APT) groups, notably BRONZE UNION. This web shell was found embedded in multiple web shells on SharePoint servers, such as stylecs.aspx, test.aspx, and stylecss.aspx. It is believed to be associated |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Iron Tiger | Unspecified | 3 | Iron Tiger, also known as Iron Taurus or APT27, is a threat actor group known for executing malicious actions with the intent of espionage. The group became prominent after its involvement in Operation Iron Tiger, which was reported in 2015. This operation was a series of Chinese cyber-espionage att |
| APT1 | has used | 2 | APT1, also known as Unit 61398 or Comment Crew, is a notorious cyber-espionage group believed to be part of China's People's Liberation Army (PLA) General Staff Department's 3rd Department. This threat actor has been linked with several high-profile Remote Access Trojans (RATs), enabling them to tak |
| APT18 | Unspecified | 1 | APT18, also known as Wekby, is a threat actor suspected to be attributed to China. This group has targeted multiple sectors including Aerospace and Defense, Construction and Engineering, Education, Health and Biotechnology, High Tech, Telecommunications, and Transportation. Despite the significant i |
| GALLIUM | Unspecified | 1 | Gallium, also known as Alloy Taurus, is a China-aligned threat actor known for executing actions with malicious intent in the cyber domain. In recent years, Gallium has been associated with various significant cyber-espionage campaigns. The group targeted telecommunication entities in the Middle Eas |
| Apt43 | Unspecified | 1 | APT43, also known as Kimsuky, is a North Korean state-sponsored advanced persistent threat (APT) group that has been actively involved in cybercrime and espionage. The group has been implicated in a series of attacks exploiting vulnerabilities, which have drawn the attention of various cybersecurity |
| Naikon | Unspecified | 1 | Naikon is a threat actor, or group, known for its execution of actions with malicious intent. It is associated with various Advanced Persistent Threat (APT) groups originating from China, such as Growing Taurus and Parched Taurus, also known as Goblin Panda. Naikon has been linked to PLA Unit 78020/ |
| Winnti | Unspecified | 1 | Winnti is a sophisticated threat actor group, first identified by Kaspersky in 2013, with activities dating back to at least 2007. The group has been associated with the Chinese nation-state and is part of a collective known as APT41, which also includes subgroups like Wicked Panda, Suckfly, and Bar |
| APT41 | Unspecified | 1 | APT41, also known as Winnti, Wicked Panda, and Wicked Spider, is a sophisticated threat actor attributed to China. This group has been active since at least 2012, targeting organizations across 14 countries. The group is known for its extensive use of various code families and tools, with at least 4 |
| Goblin Panda | Unspecified | 1 | Goblin Panda is a recognized threat actor, known for its malicious activities in the cyber world. Various research organizations have indicated that several Chinese Advanced Persistent Threat (APT) groups such as Growing Taurus (aka Naikon) and Parched Taurus (aka Goblin Panda) have leveraged this t |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| A51a0bcce028966c4fcbb1581303980cf10669e0 templatex.txt win32/farfli.cuo Gh0st Rat | Unspecified | 2 | None |
| Source | CreatedAt | Title |
|---|---|---|
| BankInfoSecurity | 15 days ago | Multiple Threat Actors Moving Quickly to Exploit PHP Flaw |
| Securityaffairs | 16 days ago | Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware |
| DARKReading | a month ago | 'SneakyChef' APT Slices Up Foreign Affairs With SugarGh0st |
| InfoSecurity-magazine | a month ago | Chinese Hackers Leveraging 'Noodle RAT' Backdoor |
| Trend Micro | 2 months ago | Noodle RAT Reviewing the New Backdoor Used by Chinese-Speaking Groups |
| Checkpoint | 2 months ago | 27th May – Threat Intelligence Report - Check Point Research |
| BankInfoSecurity | 2 months ago | Active Chinese Cyberespionage Campaign Rifling Email Servers |
| Unit42 | 2 months ago | Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia |
| DARKReading | 2 months ago | China APT Stole Geopolitical Secrets From Middle East, Africa & Asia |
| Securityaffairs | 2 months ago | Chinese actor 'Unfading Sea Haze' remained undetected for five years |
| BankInfoSecurity | 2 months ago | Unfading Sea Haze APT Targeting South China Sea Governments |
| BankInfoSecurity | 2 months ago | Hackers Target US AI Experts With Customized RAT |
| DARKReading | 2 months ago | US AI Experts Targeted in SugarGh0st RAT Campaign |
| Checkpoint | 4 months ago | Malware Spotlight: Linodas aka DinodasRAT for Linux - Check Point Research |
| Malwarebytes | 6 months ago | Malicious ads for restricted messaging applications target Chinese users | Malwarebytes |
| CERT-EU | 8 months ago | Suspected China-based hackers target Uzbekistan gov’t, South Koreans, Cisco says | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting |
| DARKReading | 8 months ago | A New, Spookier Gh0st RAT Malware Haunts Global Cyber Targets |
| CERT-EU | 10 months ago | New Report Uncovers 3 Distinct Clusters of China-Nexus Attacks on Southeast Asian Government |
| Unit42 | 10 months ago | Persistent Attempts at Cyberespionage Against Southeast Asian Government Target Have Links to Alloy Taurus |
| CERT-EU | 10 months ago | Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT | #cybercrime | #infosec | National Cyber Security Consulting |