ID | Votes | Profile Description |
---|---|---|
Ursnif | 6 | Ursnif, also known as Gozi or ISFB, is a type of malware that poses significant threats to computer systems and user data. It's often distributed through suspicious downloads, emails, or websites, infiltrating systems without the user's knowledge. Once installed, Ursnif can steal personal informatio |
IcedID | 3 | IcedID is a malicious software (malware) designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom |
Wikiloader | 2 | WikiLoader is a sophisticated malware, first documented by Proofpoint in August 2023, primarily targeting organizations through email campaigns. The malware often exploits themes like overdue deliveries or shipping invoices to trick users into interacting with infected content. A notable campaign wa |
Ta544 | 2 | TA544 is a financially motivated, advanced persistent threat (APT) actor that has been tracked by cybersecurity firm Proofpoint and others since at least 2017. This malicious actor typically uses Ursnif malware to target organizations, predominantly in Italy and Japan. The Ursnif banking trojan, als |
Isfb | 2 | ISFB, also known as Gozi or Ursnif, is a form of malware that has been a significant part of the cyberthreat landscape for several years. This malicious software is designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites without the user' |
Pikabot | 2 | PikaBot is a harmful malware that emerged in 2023, designed to exploit and damage computer systems. It infiltrates systems through dubious downloads, emails, or websites, often undetected by the user. Once inside a system, PikaBot can pilfer personal information, disrupt operations, or even ransom d |
QakBot | 1 | Qakbot is a potent malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information, disrupt operations, or e |
Cobaltstrike | 1 | CobaltStrike is a notorious form of malware that has been used in conjunction with other malicious software including IcedID, Qakbot, BazarLoader, Conti, Gozi, Trickbot, Quantum, Emotet, and Royal Ransomware. This malware is typically delivered through suspicious downloads, emails, or websites, ofte |
Snifula | 1 | None |
Nokoyawa | 1 | Nokoyawa is a notorious malware, particularly known for its ransomware capabilities. It has been associated with various other malicious software including Quantum, Royal, BlackBasta, Emotet, IcedID, CobaltStrike, SVCReady, CargoBay, Pushdo, Minodo, DiceLoader, AresLoader, LummaC2, Vidar, Gozi, Cany |
Papras | 1 | Papras, also known as Gozi or Gozi CRM, is a malicious software (malware) that first emerged in 2006. This harmful program is designed to exploit and damage computers or devices, often infiltrating systems through suspicious downloads, emails, or websites without the user's knowledge. Its primary fu |
Blackbasta | 1 | BlackBasta is a malicious software (malware) known for its disruptive and damaging effects on computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even ho |
Bazarloader | 1 | BazarLoader is a form of malware that has been utilized extensively by ITG23, a cybercriminal group. This harmful software infiltrates systems via suspicious downloads, emails, or websites, potentially stealing personal information, disrupting operations, or holding data for ransom. ITG23 has used B |
Wailingcrab | 1 | The WailingCrab malware, first observed in December 2022, has been used extensively in email campaigns to deliver the Gozi backdoor, primarily targeting Italian entities. The malware's attack chains start with emails containing PDF attachments with URLs that download a JavaScript file when clicked. |
SVCReady | 1 | SVCReady is a relatively new malware family first observed in malicious spam campaigns at the end of April 2022. This harmful software, designed to exploit and damage computers or devices, was initially unknown but has since been identified through IDS rules published by Proofpoint. The malware infe |
Vidar Stealer | 1 | Vidar Stealer is a prolific infostealer malware that operates on a malware-as-a-service model, sold through ads and forums on the dark web and Telegram groups. It's designed to exploit and damage computer systems by stealing personal information, disrupting operations, or holding data for ransom. Th |
Redline Stealer | 1 | RedLine Stealer is a type of malware that has been causing significant disruption in the digital landscape. This malicious software infiltrates computer systems, often without the user's knowledge, via suspicious downloads, emails, or websites, and then proceeds to steal personal information, disrup |
Smoke Loader | 1 | Smoke Loader is a prominent type of malware identified by the SCPC SSSCIP, used in recent attacks primarily targeting Ukrainian organizations. This malicious software is often delivered via IPFS links by malware families such as Smoke Loader, XLoader, XMRig, and OriginLogger, disrupting operations a |
Lumma Stealer | 1 | Lumma Stealer is a malicious software (malware) that infiltrates systems primarily to steal personal information, disrupt operations, and exploit vulnerabilities. According to the ESET Threat Report H2 2023, Lumma Stealer gained significant traction in the second half of 2023, with its capabilities |
Netsupport Manager | 1 | NetSupport Manager is a malicious software (malware) that poses significant threats to computer systems and networks. It is often disguised as legitimate software or tools, such as the 7-zip compression utility or a fake Chrome browser update, to trick users into downloading and installing it. Once |
Sectop Rat | 1 | None |
Dreambot | 1 | Dreambot, also known as Ursnif and Gozi ISFB, is a malicious software (malware) designed to steal passwords and credentials, primarily targeting the banking and financial sectors. It has been described by threat researchers as "frighteningly lucrative," compared to the already profitable cybercrime |
ID | Type | Votes | Profile Description |
---|---|---|---|
Gozi Isfb | Unspecified | 3 | Gozi ISFB, also known as Ursnif and Dreambot, is a malicious software (malware) that has been actively developed and distributed worldwide. This malware is designed to exploit computer systems, primarily targeting the banking and financial sectors by stealing passwords and credentials from victims. |
BlackEnergy | Unspecified | 2 | BlackEnergy is a potent malware toolkit that has been utilized by criminal and Advanced Persistent Threat (APT) actors since 2007. Its destructive capabilities were notably demonstrated in Ukraine where it was used for cyber-espionage, compromising industrial control systems, and launching attacks a |
WastedLocker | Unspecified | 2 | WastedLocker is a type of malware developed by the Evil Corp Group, known for its malicious activities. This malware variant was first identified in 2020 and is part of an evolution of ransomware that began with Dridex, followed by DoppelPaymer developed in 2019, and then WastedLocker. The malware i |
Dridex | Unspecified | 2 | Dridex is a well-known malware, specifically a banking Trojan, that has been utilized by cybercriminals to exploit and damage computer systems. The malware infiltrates systems through dubious downloads, emails, or websites, often unbeknownst to the user, and can steal personal information, disrupt o |
Zeus | Unspecified | 2 | Zeus is a type of malware, short for malicious software, designed to exploit and damage computers or devices. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Zeus can steal personal information, disrupt operations, or even hold da |
Bumblebee | Unspecified | 1 | Bumblebee is a type of malware that has been linked to ITG23, a cybercriminal group known for its use of crypters such as Emotet, IcedID, Qakbot, Bumblebee, and Gozi. Distributed via phishing campaigns or compromised websites, Bumblebee enables the delivery and execution of further payloads. The sam |
Smokeloader | Unspecified | 1 | SmokeLoader is a malicious software (malware) that has been extensively used by threat actors, particularly those associated with the Phobos ransomware. It functions as a backdoor trojan, often arriving on victims' systems via spoofed email attachments embedded with hidden payloads. Once downloaded, |
Emotet | Unspecified | 1 | Emotet is a highly dangerous and insidious malware that has resurfaced with increased activity this summer. Originally distributed via email attachments, it infiltrates systems often without the user's knowledge, forming botnets under the control of criminals for large-scale attacks. Once infected, |
Netwalker | Unspecified | 1 | NetWalker is a highly profitable ransomware kit, known for its ability to disable antivirus software on Windows 10 systems and encrypt files, adding a random extension to the encrypted ones. Once executed, it disrupts operations and can even hold data hostage for ransom. It has been observed that Ne |
Zloader | Unspecified | 1 | ZLoader is a type of malware, malicious software designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it has the capacity to steal personal information, disrupt operations, or even ho |
Diceloader | Unspecified | 1 | Diceloader is a type of malware, short for malicious software, that is designed to infiltrate and damage computer systems. It can infect systems through various means such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside a system, it can steal personal in |
Ifsb | Unspecified | 1 | None |
Vawtrak/neverquest | Unspecified | 1 | Vawtrak/Neverquest is a type of malware, malicious software designed to exploit and harm your computer or device. Malware can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once installed, it can steal personal information, disrupt operation |
Royal Ransomware | Unspecified | 1 | Royal Ransomware is a type of malware that has been causing significant disruptions in various sectors, particularly in the United States. Originating from the now-defunct Conti ransomware operation, Royal Ransomware was notorious for its multi-threaded encryption and ability to kill processes withi |
Pushdo | Unspecified | 1 | Pushdo is a type of malware that has been associated with various cyber attacks and malicious activities. First recognized in 2013, Pushdo was identified as the most widespread "bad bot," infecting over 4.2 million IPs including those of private companies, government agencies, and military networks. |
Cutwail | Unspecified | 1 | Cutwail is a notorious malware that has been associated with various botnets, including Necurs, Andromeda, and Dridex, at different stages of their lifecycle. It has been implicated in the distribution of malicious payloads such as IcedID, Gozi, and Pushdo, often using crypters like Hexa, Forest, Sn |
Cryptone | Unspecified | 1 | CryptOne is a Delphi-based crypter malware, dating back to 2015, that has been frequently used by various malicious software families such as Gozi, Dridex, NetWalker, and WastedLocker. This crypter is reportedly offered as a Crypter-As-A-Service and it's capable of detecting and disabling a list of |
Forest | Unspecified | 1 | Forest is a potent malware that leverages the Golden Ticket, an authentication ticket (TGT), to gain domain-wide access. It exploits the TGT to acquire service tickets (TGS) used for accessing resources across the entire domain and the Active Directory (AD) forest by leveraging SID History. The malw |
TrickBot | Unspecified | 1 | TrickBot is a notorious form of malware that infiltrates systems to exploit and damage them, often through suspicious downloads, emails, or websites. Once it has breached a system, TrickBot can steal personal information, disrupt operations, and even hold data hostage for ransom. It has been linked |
Netsupport | Unspecified | 1 | NetSupport is a malicious software (malware) that has been used in various cyberattacks, including the Royal Ransomware attack and assaults by former ITG23 members. It can infiltrate systems through suspicious downloads, emails, or websites and then steal personal information, disrupt operations, or |
Valak | Unspecified | 1 | Valak is a type of malware, or malicious software, that infiltrates systems to exploit and damage them. It was distributed by threat actor TA551, which has historically pushed various families of information-stealing malware such as Ursnif and IcedID. Valak, in particular, is known as a malware down |
BitPaymer | Unspecified | 1 | BitPaymer is a type of malware that operates as ransomware, encrypting files and demanding payment for their release. It was operated by the GOLD DRAKE threat group and was later reworked and renamed DoppelPaymer by the GOLD HERON threat group. As part of the Ransomware as a Service (RaaS) model tha |
ID | Type | Votes | Profile Description |
---|---|---|---|
TA551 | Unspecified | 1 | TA551, also known as Hive0106, Shathak, and UNC2420, is a financially motivated threat group that has been active in the cybercrime landscape. This threat actor has been linked to various malware distribution activities, including those involving QakBot, IcedID, Emotet, Bumblebee, Gozi, and other ma |
ITG23 | Unspecified | 1 | ITG23, also known as the Trickbot/Conti syndicate, is a significant threat actor that has been active since 2016 in the East European cybercrime arena. This group is renowned for its use of Reflective DLL Injection code in many of its crypters, with the presence of these crypters on a file sample be |
Hive0106 | Unspecified | 1 | Hive0106, also known as TA551, is a notable threat actor recognized for its association with ITG23, another prominent entity in the cybercrime landscape. This partnership has been observed since mid-2021 by X-Force, a cybersecurity firm. Hive0106's primary role is as a distribution affiliate, delive |
Indrik Spider | Unspecified | 1 | Indrik Spider is a notable threat actor known for its cybercriminal activities, particularly in the realm of ransomware. In July 2017, the group entered the targeted ransomware sphere with BitPaymer, using file-sharing platforms to distribute the BitPaymer decryptor. This shift in operations saw Ind |
ID | Type | Votes | Profile Description |
---|---|---|---|
CVE-2023-36025 | Unspecified | 1 | CVE-2023-36025 is a significant vulnerability, representing a flaw in the design or implementation of Microsoft's Windows SmartScreen security feature. This vulnerability was discovered as one of three zero-days affecting Microsoft Windows and Server. The exploit begins with the execution of a malic |
Ursnif/snifula | Unspecified | 1 | None |
Hive0106 Ta551 | Unspecified | 1 | None |
Source | CreatedAt | Title |
---|---|---|
CERT-EU | 4 months ago | Cybercrime on Main Street – Sophos News | #cybercrime | #infosec | National Cyber Security Consulting |
CERT-EU | 5 months ago | Cybercrime on Main Street – Sophos News | #cybercrime | #computerhacker - Am I Hacker Proof |
CERT-EU | 7 months ago | Microsoft Disables App Installer After Feature is Abused for Malware |
MITRE | 7 months ago | DEV-0569 finds new ways to deliver Royal ransomware, various payloads | Microsoft Security Blog |
DARKReading | 8 months ago | Exploit for Critical Windows Defender Bypass Goes Public |
CERT-EU | 8 months ago | Security Week In Review: November 24, 2023 |
CERT-EU | 8 months ago | Alert: New WailingCrab Malware Loader Spreading via Shipping-Themed Emails |
DARKReading | 8 months ago | Proof of Concept Exploit Publicly Available for Critical Windows SmartScreen Flaw |
DARKReading | 8 months ago | Exploit for Critical Windows Defender Bypass Goes Public |
SecurityIntelligence.com | 8 months ago | ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups |
CERT-EU | 10 months ago | Storm-0324 Exploits MS Teams Chats to Facilitate Ransomware Attacks |
Unit42 | a year ago | RedLine Stealer: Answers to Unit Wireshark Quiz |
CERT-EU | a year ago | Cost of a data breach 2023: Financial industry impacts |
CERT-EU | a year ago | Remote access detection in 2023: Unmasking invisible fraud |
Unit42 | a year ago | Crossing the Line: Unit 42 Wireshark Quiz for RedLine Stealer |
CERT-EU | a year ago | Gozi strikes again, targeting banks, cryptocurrency and more |
CERT-EU | a year ago | How the US Government is Fighting Back Against Ransomware | #ransomware | #cybercrime – National Cyber Security Consulting |
CERT-EU | a year ago | Cybercriminals Renting WikiLoader to Target Italian Organizations with Banking Trojan | IT Security News |
BankInfoSecurity | a year ago | New Malware WikiLoader Targeting Italian Organizations |
CERT-EU | a year ago | Habemus Data Act, the game of musical chairs for DG COMP |