ID | Votes | Profile Description |
---|---|---|
TrailBlazer | 2 | Trailblazer is a sophisticated malware that was identified by CrowdStrike during StellarParticle-related investigations. The harmful program, designed to exploit and damage computers or devices, infiltrated victim systems around mid-2019. Two significant malware families were discovered: a Linux var |
ID | Type | Votes | Profile Description |
---|---|---|---|
SUNBURST | Unspecified | 2 | Sunburst is a sophisticated malware that has been linked to the Kazuar code, indicating its complexity. It was used in several well-known cyber attack campaigns such as SUNBURST, OilRig, xHunt, DarkHydrus, and Decoy Dog, which employed DNS tunneling techniques for command and control (C2) communicat |
TEARDROP | Unspecified | 2 | Teardrop is a sophisticated malware used in cyber attacks, often associated with APT29/Cozy Bear, a group known for deploying advanced tactics and techniques. It has been linked to the Solorigate (SUNBURST) backdoor and is part of a suite of tools including Raindrop, GoldMax, and others used by the |
Linux Variant of Goldmax | Unspecified | 1 | The Linux variant of GoldMax is a malicious software (malware) that poses significant threats to computer systems. This malware, designed to exploit and damage your device, can infiltrate your system through suspicious downloads, emails, or websites, often without the user's knowledge. Once it gains |
Adobe Utility | Unspecified | 1 | None |
Sunshuttle | Unspecified | 1 | Sunshuttle is a malicious software (malware) that has been linked to various cyber threats. Initial reports identified connections between Sunshuttle, a Tomiris Golang implant, NOBELIUM (also known as APT29 or TheDukes), and Kazuar, which is associated with Turla. However, interpreting these connect |
svchost.exe | Unspecified | 1 | Svchost.exe is a malware that exploits and damages computer systems by injecting malicious code into various processes. This harmful program can infiltrate your system through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, di |
GoldFinder | Unspecified | 1 | GoldFinder is a malware, a harmful software designed to exploit and damage computer systems. It was compiled using Go 1.14.2 in April 2020 from a Go file named finder.go with the path: /tmp/finder.go. This malicious program can infect your system through suspicious downloads, emails, or websites, of |
ID | Type | Votes | Profile Description |
---|---|---|---|
NOBELIUM | Unspecified | 1 | Nobelium, a threat actor linked to Russia's SVR, has been actively targeting French diplomatic entities as part of its cyber-espionage activities. The Advanced Persistent Threat (APT) group has utilized sophisticated techniques such as phishing and attempts to install Cobalt Strike, an advanced malw |
StellarParticle | Unspecified | 1 | StellarParticle, a threat actor associated with the COZY BEAR adversary group, has been identified as a significant cybersecurity risk by CrowdStrike. StellarParticle is known for its extensive knowledge of Windows and Linux operating systems, Microsoft Azure, O365, and Active Directory, and it has |
ID | Type | Votes | Profile Description |
---|---|---|---|
No associations to display |
Source | CreatedAt | Title |
---|---|---|
Malwarebytes | a year ago | Microsoft Teams used in phishing campaign to bypass multi-factor authentication |
CERT-EU | a year ago | Microsoft Teams Users Targeted by Russian Threat Group |
MITRE | a year ago | StellarParticle Campaign: Novel Tactics and Techniques | CrowdStrike |
MITRE | a year ago | New sophisticated email-based attack from NOBELIUM - Microsoft Security Blog |
MITRE | a year ago | GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence - Microsoft Security Blog |
MITRE | a year ago | Tomiris backdoor and its connection to Sunshuttle and Kazuar |