| ID | Votes | Profile Description |
|---|---|---|
| Lockbit | 12 | LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt |
| Alphv | 12 | AlphV, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. This group has been involved in numerous high-profile attacks, including stealing 5TB of data from Morrison Community Hospital and compromising Clarion, a global manufacturer of audio and video equipment for car |
| Hive Ransomware | 10 | Hive ransomware, a notorious threat actor, emerged as one of the most prolific groups in 2022, executing a series of cyberattacks with malicious intent. This group was responsible for numerous ransomware attacks, causing significant disruptions and damage across various sectors. However, in January |
| Hunters International | 5 | Hunters International, a threat actor group in the cybersecurity realm, has recently gained notoriety for its malicious activities. The group is believed to have taken over Hive Ransomware, a notorious malware used for cyberattacks, after Hive's takedown in 2023. Despite disputes from Hunters Intern |
| AvosLocker | 4 | AvosLocker is a type of malware, specifically a ransomware, that has been causing significant issues across the digital landscape. Ransomware is a form of malicious software designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites without |
| Akira | 3 | Akira is a malicious software, or malware, specifically a type of ransomware known for its disruptive and damaging effects. First surfacing in late 2023, it has continued to wreak havoc on various entities, including corporations and industries. This ransomware infects systems through suspicious dow |
| Volt Typhoon | 2 | Volt Typhoon, a threat actor linked to China, has been identified as a significant cyber threat with strong operational security. Known for their sophisticated Advanced Persistent Threat (APT) activities, this group has been associated with the KV-Botnet and has remained undetected within U.S. infra |
| Royal Ransomware | 2 | Royal Ransomware is a type of malware that has been causing significant disruptions in various sectors, particularly in the United States. Originating from the now-defunct Conti ransomware operation, Royal Ransomware was notorious for its multi-threaded encryption and ability to kill processes withi |
| Zeon | 2 | Zeon, a known threat actor in the cybersecurity landscape, has been linked to several high-profile ransomware attacks. It was instrumental in crypting SVCReady and CargoBay loaders, observed in Quantum and Royal ransomware attacks respectively. Zeon has also employed third-party ransomware such as B |
| DarkTortilla | 1 | DarkTortilla is a highly configurable, .NET-based crypter malware that has possibly been active since at least August 2015. It primarily delivers commodity malware, but Secureworks® Counter Threat Unit™ (CTU) researchers have identified samples delivering targeted payloads such as Cobalt Strike and |
| Firebird | 1 | Firebird is a malicious software (malware) that has been utilized by the threat actor known as DoNot Team. This sophisticated malware, developed with .NET, is designed to exploit and damage computer systems, often infiltrating them through suspicious downloads, emails, or websites. Once inside a sys |
| Firebird Rat | 1 | Firebird RAT is a malicious software (malware) known for its harmful effects on computer systems and devices. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Firebird RAT can steal personal information, disrupt operations |
| NoEscape | 1 | NoEscape is a malicious software that emerged as a rebrand of 'Avaddon,' known for its successful multi-extortion tactics. In October 2023, the French basketball team ASVEL fell victim to a data breach orchestrated by the NoEscape ransomware gang. This incident was part of a broader trend in the las |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Conti | Unspecified | 7 | Conti is a type of malware, specifically ransomware, known for its ability to disrupt operations, steal personal information, and hold data hostage for ransom. The malicious software infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. It has been used in |
| REvil | Unspecified | 5 | REvil is a notorious form of malware, specifically ransomware, that infiltrates systems to disrupt operations and steal data. The ransomware operates on a Ransomware as a Service (RaaS) model, which gained traction in 2020. In this model, REvil, like other first-stage malware such as Dridex and Goot |
| Babuk | Unspecified | 5 | Babuk is a type of malware, specifically ransomware, which is designed to infiltrate systems and hold data hostage for ransom. It can be delivered through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside a system, Babuk can disrupt operations and steal perso |
| Hive Ransomware Gang | Unspecified | 4 | The Hive ransomware gang, a malicious group known for exploiting and damaging computer systems through harmful software, was significantly disrupted by the Federal Bureau of Investigation (FBI) in a series of operations. Six months ago, according to the US Department of Justice (DOJ), the FBI infilt |
| MegaCortex | Unspecified | 4 | MegaCortex is a type of malware known for its harmful effects on computer systems and devices. It was identified by Dragos, a cybersecurity firm, as having a relationship with another ransomware called EKANS. Both MegaCortex and EKANS have specific characteristics that pose unique risks to industria |
| LockerGoga | Unspecified | 4 | LockerGoga is a type of malware, specifically ransomware, known for its disruptive capabilities. It was notably deployed at Norsk Hydro in March 2019, causing significant operational disruption. LockerGoga differentiates itself from other types of ransomware such as EKANS due to its destructive natu |
| Black Basta | is related to | 4 | Black Basta is a notorious malware entity known for its devastating ransomware attacks. First emerging in June 2022, the group has since been associated with a series of high-profile cyber-attacks worldwide. This malware, like others, infiltrates systems through suspicious downloads, emails, or webs |
| Ragnar Locker | Unspecified | 3 | Ragnar Locker is a type of malware, specifically a ransomware, that has been designed to infiltrate computer systems, often without the user's knowledge. It can enter systems through suspicious downloads, emails, or websites and once inside, it has the capability to steal personal information, disru |
| QakBot | Unspecified | 3 | Qakbot is a potent malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information, disrupt operations, or e |
| Clop | Unspecified | 3 | Clop is a notorious malware, short for malicious software, known for its disruptive and damaging effects on computer systems. It primarily infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Clop can steal personal information, disrupt o |
| HELLOKITTY | Unspecified | 3 | HelloKitty is a malicious software (malware) that has been designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold dat |
| Karakurt | Unspecified | 3 | Karakurt is a notorious malware and data extortion group, previously affiliated with ITG23, known for its sophisticated tactics, techniques, and procedures (TTPs). The group's operations involve stealing sensitive data from compromised systems and demanding ransoms ranging from $25,000 to a staggeri |
| TrickBot | Unspecified | 3 | TrickBot is a notorious form of malware that infiltrates systems to exploit and damage them, often through suspicious downloads, emails, or websites. Once it has breached a system, TrickBot can steal personal information, disrupt operations, and even hold data hostage for ransom. It has been linked |
| Blackbasta | Unspecified | 3 | BlackBasta is a malicious software (malware) known for its disruptive and damaging effects on computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even ho |
| Emotet | Unspecified | 2 | Emotet is a highly dangerous and insidious malware that has resurfaced with increased activity this summer. Originally distributed via email attachments, it infiltrates systems often without the user's knowledge, forming botnets under the control of criminals for large-scale attacks. Once infected, |
| Ryuk | Unspecified | 2 | Ryuk is a sophisticated malware, specifically a ransomware variant, that has been extensively used by cybercriminal group ITG23. The group has been employing crypting techniques for several years to obfuscate their malware, with Ryuk often seen in tandem with other malicious software such as Trickbo |
| Avaddon | Unspecified | 2 | Avaddon is a type of malware, specifically ransomware, designed to exploit and damage computer systems. It was notable for its compatibility with older systems such as Windows XP and Windows 2003, distinguishing it from other ransomware like Darkside and Babuk which targeted more modern systems like |
| Nokoyawa | is related to | 2 | Nokoyawa is a notorious malware, particularly known for its ransomware capabilities. It has been associated with various other malicious software including Quantum, Royal, BlackBasta, Emotet, IcedID, CobaltStrike, SVCReady, CargoBay, Pushdo, Minodo, DiceLoader, AresLoader, LummaC2, Vidar, Gozi, Cany |
| Bumblebee | Unspecified | 2 | Bumblebee is a type of malware that has been linked to ITG23, a cybercriminal group known for its use of crypters such as Emotet, IcedID, Qakbot, Bumblebee, and Gozi. Distributed via phishing campaigns or compromised websites, Bumblebee enables the delivery and execution of further payloads. The sam |
| Hunters | Unspecified | 2 | The malware group known as Hunters International has been involved in a series of high-profile cyberattacks, targeting organizations such as AT&T and the Crystal Lake Health Center. In April, an individual named Binns hacked AT&T, leading to a ransom payment by the company to another hacking group, |
| Cactus | Unspecified | 1 | Cactus is a type of malware, specifically ransomware, that has been implicated in several high-profile cyber-attacks. This malicious software infiltrates systems through deceptive methods such as suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Cactus c |
| Abyss Locker | Unspecified | 1 | Abyss Locker is a formidable strain of malware, specifically ransomware, that has been observed targeting both Microsoft Windows and Linux platforms. This malicious software operates by infiltrating systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside |
| SDBbot | Unspecified | 1 | SDBbot is a malicious software (malware) that infiltrates computer systems typically through deceptive downloads, emails, or websites. In the context of cyber threats, it falls under the category of custom malware, used by threat groups such as GOLD TAHOE. Other common offensive security tools and c |
| Spark | Unspecified | 1 | Spark is a type of malware, a harmful program designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage f |
| Solarmarker | Unspecified | 1 | SolarMarker, also known as Yellow Cockatoo, Polazert, and Jupyter Infostealer, is a sophisticated malware designed to steal information. It has been evolving since 2020 and has been active in various campaigns since 2021. The malware relies heavily on web delivery, using search engine optimization ( |
| WastedLocker | Unspecified | 1 | WastedLocker is a type of malware developed by the Evil Corp Group, known for its malicious activities. This malware variant was first identified in 2020 and is part of an evolution of ransomware that began with Dridex, followed by DoppelPaymer developed in 2019, and then WastedLocker. The malware i |
| Socgholish | Unspecified | 1 | SocGholish is a malicious software (malware) known for its ability to exploit and damage computer systems by stealing personal information, disrupting operations, or holding data hostage for ransom. Notably, in 2023, several distinct website malware campaigns were identified to serve SocGholish malw |
| Gootloader | Unspecified | 1 | GootLoader is a potent malware that forms part of the GootKit malware family, which has been active since 2014. The malware operates by exploiting systems through suspicious downloads, emails, or websites, often without the user's knowledge. Its primary targets are professionals working in law firms |
| Nemty | Unspecified | 1 | Nemty is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It was developed by a cybercriminal group known as farnetwork, which has been active since 2019. Farnetwork has been involved in several ransomware projects, including JSWORM, Nefilim, Karma, an |
| Doppelpaymer | Unspecified | 1 | DoppelPaymer is a form of malware, specifically ransomware, known for its high-profile attacks on large organizations and municipalities. Originally based on the BitPaymer ransomware, DoppelPaymer was reworked and renamed by the threat group GOLD HERON, after initially being operated by GOLD DRAKE. |
| Blackcat Ransomware Group | Unspecified | 1 | The BlackCat ransomware group, also known as APLHV, is a malware collective that has been active since November 2021. As a Ransomware-as-a-Service group, they specialize in exploiting computer systems and holding data hostage for ransom. The group has targeted computer networks of more than 1,000 vi |
| Ransomexx2 | Unspecified | 1 | RansomExx2 is a newly discovered variant of the RansomExx malware, designed to target Linux operating systems and exploit vulnerable ESXi servers. This strain has been identified through its distinctive MD5 hash 377C6292E0852AFEB4BD22CA78000685 and is recognized as a Linux executable written in the |
| Jupyter | Unspecified | 1 | Jupyter, also known as SolarMarker, Yellow Cockatoo, and Jupyter Infostealer, is a malware that has been steadily evolving since 2020. This malicious software targets sectors such as education, healthcare, and small to medium-sized enterprises (SMEs). It is designed to exploit and damage computer sy |
| Ziggystartux | Unspecified | 1 | ZiggyStarTux is a malicious software (malware) that has been identified as part of the arsenal of TeamTNT, a cybercriminal group. The malware, an open-source IRC bot based on the Kaiten malware, was first detailed by Lacework earlier this year. It operates as a backdoor, running a secondary payload |
| Ragnarlocker | Unspecified | 1 | RagnarLocker is a type of malware, specifically ransomware, which first emerged in 2021. It is designed to infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or hold data hostag |
| Locker Ransomware | Unspecified | 1 | Locker ransomware, a type of malware, poses significant risks to computer systems and data. Unlike crypto-ransomware which encrypts user data, locker ransomware locks users out of their devices entirely, demanding a ransom payment to restore access without any data encryption. This threat has evolve |
| Qbot | Unspecified | 1 | Qbot, also known as Qakbot or Pinkslipbot, is a modular information-stealing malware that emerged in 2007 as a banking trojan. Over the years, it has evolved into an advanced malware strain used by multiple cybercriminal groups to compromise networks and prepare them for ransomware attacks. The firs |
| Conti, Lockbit | Unspecified | 1 | None |
| Wcry | Unspecified | 1 | WCry, also known as WannaCry or WanaCryptor, is a self-propagating ransomware that was one of the most disruptive cyber attacks in history. This malware was a product of a North Korean cyber operation aimed at financial gain. The ransomware spreads through internal networks and over the public inter |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Blackmatter | Unspecified | 4 | BlackMatter is a recognized threat actor in the cybersecurity industry, notorious for its malicious activities and the execution of ransomware attacks. The group initially operated as DarkSide, responsible for the high-profile Colonial Pipeline attack in May 2021, which led to significant attention |
| DarkSide | Unspecified | 3 | DarkSide is a notable threat actor that emerged in the cybersecurity landscape with its advanced ransomware operations. In 2021, the group gained significant attention for its attack on the United States' largest oil pipeline, Colonial Pipeline, causing a temporary halt to all operations for three d |
| Vice Society | Unspecified | 3 | Vice Society, a threat actor group known for its malicious activities, has been linked to a series of ransomware attacks targeting various sectors, most notably education and healthcare. Throughout 2022 and the first half of 2023, Vice Society, along with Royal Ransomware, were actively executing mu |
| Snake | Unspecified | 2 | Snake, also known as EKANS, is a significant threat actor that has been active since at least 2004, with its activities potentially dating back to the late 1990s. This group, which may have ties to Iran, targets diplomatic and government organizations as well as private businesses across various reg |
| Qilin | Unspecified | 2 | Qilin, a notable threat actor in the cybersecurity landscape, has been significantly active over the last two years, compromising more than 150 organizations across 25 countries and various industries. Originally evolving from the Agenda ransomware written in Go, Qilin has since transitioned to Rust |
| Bl00dy | Unspecified | 2 | Bl00dy is a threat actor known for its malicious activities in the cyber world. The group, along with another threat actor called Black Basta, have recently been identified as exploiting bugs in ConnectWise ScreenConnect, a popular remote management tool. This exploitation has led to a significant i |
| Mikhail Pavlovich Matveev | Unspecified | 2 | Mikhail Pavlovich Matveev, a Russian national also known by the online monikers Wazawaka, m1x, Boriselcin, and Uhodiransomwar, is identified as a significant threat actor in the global cybersecurity landscape. He is one of five Russians charged over Lockbit, considered to be the world's most dangero |
| Wazawaka | Unspecified | 2 | Wazawaka, identified by the FBI as Mikhail Matveev, is a significant threat actor in the cybercrime landscape. Known for his affiliations with multiple ransomware groups, including LockBit, throughout 2020 and 2021, he became a central figure in the Babuk ransomware-as-a-service gang. Matveev's oper |
| Boriselcin | Unspecified | 2 | Mikhail Pavlovich Matveev, also known as Boriselcin, is a threat actor that has been implicated in significant cybercrime activities. Beginning at least as early as 2020, Matveev has been allegedly involved in deploying three ransomware variants: LockBit, Babuk, and Hive. These attacks targeted vari |
| Uhodiransomwar | Unspecified | 2 | Uhodiransomwar, also known as Mikhail Pavlovich Matveev, Wazawaka, m1x, and Boriselcin, is a threat actor who has been identified as a significant cybersecurity concern. A Russian national aged 30, Matveev has allegedly been involved in numerous malicious activities since at least 2020, primarily fo |
| Sodinokibi | Unspecified | 1 | Sodinokibi, also known as REvil, is a significant threat actor first identified in April 2019. This ransomware family operates as a Ransomware-as-a-Service (RaaS) and has been responsible for one in three ransomware incidents responded to by IBM Security X-Force in 2020. The Sodinokibi ransomware st |
| Flax Typhoon | Unspecified | 1 | Flax Typhoon, also known as RedJuliett and Ethereal Panda in different cybersecurity circles, is a threat actor linked to China that has been actively targeting Taiwan. The group's activities have been closely monitored by several cybersecurity firms, including Microsoft and CrowdStrike. The use of |
| Lapsus | Unspecified | 1 | Lapsus is a significant threat actor that has been active since its inception in early 2022. The group gained notoriety for its cyberattacks, including a high-profile breach of Nvidia, an American multinational technology company, in the same year. This attack led to the leak of thousands of passwor |
| cl0p | Unspecified | 1 | Cl0p is a threat actor group that has emerged as the most used ransomware in March 2023, dethroning LockBit. The group has successfully exploited zero-day vulnerabilities in the past, but such attacks are relatively rare. Recent research by Malwarebytes highlights the bias of ransomware gangs for at |
| M1x | Unspecified | 1 | M1x, also known as Wazawaka, Boriselcin, and Uhodiransomwar, is a threat actor identified as Mikhail Pavlovich Matveev. This individual has been allegedly involved in malicious cyber activities since at least 2020. Matveev's primary mode of operation involves the deployment of ransomware, specifical |
| Bianlian | Unspecified | 1 | BianLian is a threat actor that has been increasingly active in cybercrimes. The group is known for its malicious activities, including the execution of actions with harmful intent. In a series of recent events, BianLian has exploited vulnerabilities in JetBrains TeamCity, a continuous integration a |
| FIN12 | Unspecified | 1 | FIN12, also known as DEV-0237 and Pistachio Tempest, is a threat actor group notorious for its malicious cyber activities. Tracked by Microsoft, this group is primarily engaged in the distribution of Hive, Conti, and Ryuk ransomware. The group has been responsible for several high-profile ransomware |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| CVE-2021-34523 | Unspecified | 2 | None |
| CVE-2021-34473 | Unspecified | 2 | CVE-2021-34473 is a significant software vulnerability that was discovered in Microsoft Exchange Server. This flaw, along with two others (CVE-2021-31207 and CVE-2021-34523), forms a chain of vulnerabilities known as ProxyShell. These vulnerabilities can be exploited together by remote attackers to |
| CVE-2021-42321 | Unspecified | 2 | None |
| CVE-2021-31207 | Unspecified | 2 | CVE-2021-31207 is a significant software vulnerability that affects Atlassian Confluence and Microsoft Exchange. It was discovered that Advanced Persistent Threat group APT40 rapidly exploits this flaw, along with other public vulnerabilities in widely used software like Log4J (CVE-2021-44228) and M |
| CVE-2020-12812 | Unspecified | 2 | None |
| CVE-2023-35393 | Unspecified | 1 | None |
| CVE-2023-36881 | Unspecified | 1 | None |
| CVE-2023-35394 | Unspecified | 1 | None |
| CVE-2023-36877 | Unspecified | 1 | None |
| CVE-2023-38188 | Unspecified | 1 | None |
| Hdinsight/jupyter | Unspecified | 1 | None |
| CVE-2021-33558 | Unspecified | 1 | None |
| Source | CreatedAt | Title |
|---|---|---|
| Unit42 | 5 days ago | From RA Group to RA World: Evolution of a Ransomware Group |
| Securityaffairs | 6 days ago | Russian nationals plead guilty to participating in the LockBit ransomware group |
| Securityaffairs | 7 days ago | Russian nationals plead guilty to participating in the LockBit ransomware group |
| BankInfoSecurity | a month ago | Breach Roundup: Phishing Platform ONNX Targets Microsoft 365 |
| InfoSecurity-magazine | a month ago | LockBit Most Prominent Ransomware Actor in May 2024 |
| DARKReading | a month ago | DataBee Launches Innovations for Enhanced Threat Monitoring and Zero Trust Implementation |
| DARKReading | 2 months ago | Critical Netflix Genie Bug Opens Big Data Orchestration to RCE |
| Securelist | 3 months ago | Kaspersky Anti-Ransomware Day report 2024 |
| InfoSecurity-magazine | 3 months ago | LockBit, Black Basta, Play Dominate Ransomware in Q1 2024 |
| BankInfoSecurity | 3 months ago | Live Webinar | From Risk-Based Vulnerability Management to Exposure Management: The Future of Cybersecurity |
| Securityaffairs | 3 months ago | Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION |
| BankInfoSecurity | 3 months ago | Ransomware Victims Who Pay a Ransom Drops to Record Low |
| Securityaffairs | 3 months ago | US and Australian police arrested Firebird RAT author and operator |
| DARKReading | 4 months ago | Frameworks, Guidelines & Bounties Alone Won't Defeat Ransomware |
| DARKReading | 4 months ago | LockBit Ransomware Takedown Strikes Deep Into Brand's Viability |
| CERT-EU | 4 months ago | D#NUT ransomware gang claims Ready or Not dev Void Interactive as a victimD#NUT ransomware gang claims Ready or Not dev Void Interactive as a victim | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting |
| CERT-EU | 5 months ago | Ransomware attacks are hitting critical infrastructure more often, FBI says |
| BankInfoSecurity | 5 months ago | Banning Ransom Payments: Calls Grow to 'Figure Out' Approach |
| CERT-EU | 5 months ago | These states generate the most cybercrime complaints | #cybercrime | #infosec | National Cyber Security Consulting |
| BankInfoSecurity | 5 months ago | Ransomware Attacks on Critical Infrastructure Are Surging |