ID | Votes | Profile Description |
---|---|---|
Dragonfly | 2 | Dragonfly is a notable threat actor known for its malicious activities in the cybersecurity landscape. This group has been particularly active in targeting the energy sector across various countries, including the United States, Switzerland, and Turkey. The tactics employed by Dragonfly often involv |
IRON LIBERTY | 1 | Iron Liberty is a threat actor group that has been active since at least 2010, as per the timeline of activity observed by CTU researchers. The group specializes in cyber espionage and has been particularly focused on targeting Industrial Control Systems (ICS) companies within the energy sector. Iro |
Heriplor | 1 | Heriplor, a notable threat actor in the cybersecurity landscape, has been associated with multiple malicious campaigns involving the use of advanced Trojans. The entity is particularly linked to the Dragonfly 2.0 campaign, where it utilized both the Heriplor and Karagany Trojans, which were also emp |
ID | Type | Votes | Profile Description |
---|---|---|---|
Stuxnet | Unspecified | 2 | Stuxnet, a notorious malware discovered in 2010, is one of the most infamous Advanced Persistent Threat (APT) attacks in history. This military-grade cyberweapon was co-developed by the United States and Israel to specifically target Iran's nuclear enrichment facility at Natanz. The Stuxnet worm, a |
Crashoverride | Unspecified | 2 | CrashOverride, also known as Industroyer, is a notorious malware that was leveraged in 2016 to disrupt Ukraine's power grid at the transmission substation level. This malicious software, believed to be state-sponsored by Russia, manipulated Industrial Control Systems (ICS) equipment through the abus |
Industroyer2 | Unspecified | 1 | Industroyer2 is a sophisticated piece of malware designed to target Industrial Control Systems (ICS), developed and deployed by the Russian state-sponsored advanced persistent threat group, Sandworm. The group has been active since 2007 and used Industroyer2 in a significant attack against Ukraine's |
Cobalt Strike Beacon | Unspecified | 1 | Cobalt Strike Beacon is a type of malware known for its harmful capabilities, including stealing personal information, disrupting operations, and potentially holding data hostage for ransom. The malware has been loaded by HUI Loader through various files such as mpc.tmp, dlp.ini, vmtools.ini, and an |
FIVEHANDS | Unspecified | 1 | FiveHands, also known as HelloKitty, is a sophisticated form of malware that primarily targets financial institutions. It was first reported by Mandiant in April 2021 as part of a cyber threat posed by the UNC2447 group. The ransomware is typically delivered through Encryptor.exe, a loader that init |
DEATHRANSOM | Unspecified | 1 | DeathRansom is a form of malware, specifically ransomware, known for its damaging effects on computer systems. It operates by infiltrating systems through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or hold data hostage for ranso |
HELLOKITTY | Unspecified | 1 | HelloKitty is a malicious software (malware) that has been designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold dat |
malware.binary.exe | Unspecified | 1 | None |
SombRAT | Unspecified | 1 | Sombrat is a sophisticated malware that poses a significant financial threat, as reported by Mandiant in April 2021. It operates in conjunction with FIVEHANDS Ransomware under the umbrella of UNC2447, a malicious cyber activity group. The malware infects systems through suspicious downloads, emails, |
EKANS | Unspecified | 1 | EKANS, also known as SNAKE (the word EKANS spelled backwards), is a significant strain of malware that emerged in mid-December 2019. It was one of the more concerning ransomware strains observed in 2020, accounting for 6% of all ransomware attacks monitored by IBM Security X-Force in that year. The |
BlackEnergy | Unspecified | 1 | BlackEnergy is a potent malware toolkit that has been utilized by criminal and Advanced Persistent Threat (APT) actors since 2007. Its destructive capabilities were notably demonstrated in Ukraine where it was used for cyber-espionage, compromising industrial control systems, and launching attacks a |
Pipedream | Unspecified | 1 | Pipedream, a highly sophisticated malware discovered in 2022, has been designed specifically to infiltrate and control Industrial Control Systems (ICS). Unlike previous ICS-specific malware that was limited to particular industrial segments, Pipedream exhibits versatility across various sectors. It |
Ryuk | Unspecified | 1 | Ryuk is a sophisticated malware, specifically a ransomware variant, that has been extensively used by cybercriminal group ITG23. The group has been employing crypting techniques for several years to obfuscate their malware, with Ryuk often seen in tandem with other malicious software such as Trickbo |
Backdoor.Oldrea | Unspecified | 1 | None |
ID | Type | Votes | Profile Description |
---|---|---|---|
APT10 | Unspecified | 1 | APT10, also known as the Menupass Team, is a threat actor believed to operate on behalf of the Chinese Ministry of State Security (MSS). The group has been active since 2009 and is suspected to be based in Tianjin, China, according to research by IntrusionTruth in 2018. APT10 has primarily targeted |
Sandworm | Unspecified | 1 | Sandworm, a threat actor linked to Russia, has been implicated in numerous high-profile cyber attacks. This group's activities have primarily targeted Ukraine, compromising the country's critical infrastructure and telecommunications providers. The Sandworm group is known for its fileless attack met |
Energetic Bear | Unspecified | 1 | Energetic Bear, also known as DragonFly, Crouching Yeti, and Berserk Bear, is a threat actor that has been operational since at least 2011. The group has been linked to various cyber-espionage campaigns targeting the energy sector in Europe and North America, with the primary focus on defense and av |
ID | Type | Votes | Profile Description |
---|---|---|---|
Iron Liberty Havex | Unspecified | 1 | None |
Source | CreatedAt | Title |
---|---|---|
DARKReading | 4 days ago | Novel ICS Malware Sabotaged Water-Heating Services in Ukraine |
DARKReading | a year ago | A Brief History of ICS-Tailored Attacks |
MITRE | a year ago | Endpoint Protection - Symantec Enterprise |
CERT-EU | a year ago | Battling malware in the industrial supply chain - Cybersecurity Insiders |
CERT-EU | a year ago | Cyberattacks on OT, ICS Lay Groundwork for Kinetic Warfare |
MITRE | a year ago | EKANS Ransomware and ICS Operations | Dragos Dragos |
MITRE | a year ago | UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat | Mandiant |
CERT-EU | a year ago | 2022 a breakthrough year for malware targeting critical infrastructure |
MITRE | a year ago | Resurgent Iron Liberty Targeting Energy Sector |
MITRE | a year ago | Four Russian Government Employees Charged in Two Historical Hacking |