| ID | Votes | Profile Description |
|---|---|---|
| QakBot | 9 | Qakbot is a type of malware that has been linked to various cybercriminal activities, with its presence first observed as early as 2020. It gained notoriety for its role in the operations of the Black Basta ransomware group, which used Qakbot extensively in sophisticated phishing campaigns. The malw |
| Emotet | 8 | Emotet is a highly dangerous and insidious type of malware that has been active, particularly during recent summers. It is distributed primarily through documents attached to emails, using conversations found in compromised accounts. Once an unsuspecting user clicks either the enable button or an im |
| TrickBot | 8 | TrickBot is a notorious malware that has been used extensively by cybercriminals to exploit and damage computer systems. It operates as a crimeware-as-a-service platform, infecting systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can stea |
| Bokbot | 7 | BokBot, also known as IcedID or Anubis, is a type of malware first discovered by X-Force in September 2017. It's a banking trojan that has been widely used in cybercrime operations to steal sensitive information such as banking credentials from infected computers. The malware infects systems through |
| Pikabot | 4 | PikaBot is a malicious software (malware) known for providing initial access to infected computers, enabling ransomware deployments, remote takeovers, and data theft. It's part of an array of malware families such as IcedID, Qakbot, Gozi, DarkGate, AsyncRAT, JinxLoader, among others, which have been |
| Anubis | 4 | Anubis, also known as IcedID or Bokbot, is a sophisticated piece of malware primarily functioning as a banking trojan. It was first discovered by X-Force in September 2017 and has since evolved to target a wide range of financial applications. Notably, Anubis has consistently ranked among the top fi |
| Latrodectus | 4 | Latrodectus, a new type of malware discovered in late 2023, is being used by Initial Access Brokers (IABs) in email threat campaigns. Initially mistaken for a variant of the well-known IcedID malware due to similar characteristics, researchers at Proofpoint and Team Cymru S2 Threat Research Team hav |
| Gozi | 3 | Gozi is a notorious malware that has been linked to numerous cyber attacks. It's typically delivered through sophisticated malvertising techniques, often used in conjunction with other initial access malware such as Pikabot botnet agent and IcedID information stealer. When an individual accesses a c |
| Bazarloader | 3 | BazarLoader is a form of malware that has been utilized extensively by ITG23, a cybercriminal group. This harmful software infiltrates systems via suspicious downloads, emails, or websites, potentially stealing personal information, disrupting operations, or holding data for ransom. ITG23 has used B |
| Nokoyawa | 2 | Nokoyawa is a notorious malware, particularly known for its ransomware capabilities. It has been associated with various other malicious software including Quantum, Royal, BlackBasta, Emotet, IcedID, CobaltStrike, SVCReady, CargoBay, Pushdo, Minodo, DiceLoader, AresLoader, LummaC2, Vidar, Gozi, Cany |
| Smokeloader | 2 | Smokeloader is a malicious software (malware) that has been utilized by threat actors, specifically Phobos actors, to embed ransomware as a hidden payload. This malware, acting as a loader for other malware, infects systems through suspicious downloads, emails, or websites, often without the victim' |
| Ta544 | 2 | TA544 is a financially motivated, advanced persistent threat (APT) actor that has been tracked by cybersecurity firm Proofpoint and others since at least 2017. This malicious actor typically uses Ursnif malware to target organizations, predominantly in Italy and Japan. The Ursnif banking trojan, als |
| Cobaltstrike | 2 | CobaltStrike is a type of malware, or malicious software, that infiltrates systems to exploit and damage them. It can gain access via suspicious downloads, emails, or websites and then steal personal information, disrupt operations, or hold data for ransom. CobaltStrike has been observed in conjunct |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Bumblebee | Unspecified | 7 | Bumblebee is a type of malware that has been linked to ITG23, a cybercriminal group known for its use of crypters such as Emotet, IcedID, Qakbot, Bumblebee, and Gozi. Distributed via phishing campaigns or compromised websites, Bumblebee enables the delivery and execution of further payloads. The sam |
| Dridex | Unspecified | 4 | Dridex is a well-known malware, specifically a banking Trojan, that has been utilized by cybercriminals to exploit and damage computer systems. The malware infiltrates systems through dubious downloads, emails, or websites, often unbeknownst to the user, and can steal personal information, disrupt o |
| Qbot | Unspecified | 4 | Qbot, also known as Qakbot or Pinkslipbot, is a modular information-stealing malware that emerged in 2007 as a banking trojan. Over the years, it has evolved into an advanced malware strain used by multiple cybercriminal groups to compromise networks and prepare them for ransomware attacks. The firs |
| Zeus | is related to | 4 | Zeus is a notorious form of malware, or malicious software, designed to exploit and damage computer systems. It infiltrates devices often without the user's knowledge via suspicious downloads, emails, or websites. Once embedded within a system, Zeus can steal personal information, disrupt operations |
| Conti | Unspecified | 3 | Conti is a notorious malware and ransomware operation that has caused significant damage to computer systems worldwide. The Conti group, believed to have around 200 employees, operated like a regular business, with internal communications revealing the organization's structure and operations. It was |
| Darkgate | Unspecified | 3 | DarkGate is a malicious software (malware) designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. Once embedded in a system, DarkGate can steal personal information, disrupt operations, or hold data for ransom. Recently, the malware was |
| Emotet, Trickbot | Unspecified | 3 | None |
| Clop | Unspecified | 2 | Clop, also known as Cl0p, is a notorious ransomware group responsible for several high-profile cyberattacks. The group specializes in exploiting vulnerabilities in software and systems to gain unauthorized access, exfiltrate sensitive data, and then extort victims by threatening to release the stole |
| Bazaloader | Unspecified | 2 | BazaLoader is a type of malware, malicious software designed to infiltrate and damage computer systems, often without the user's knowledge. It is typically distributed through suspicious downloads, emails, or websites, and once inside a system, it can steal personal information, disrupt operations, |
| Royal Ransomware | Unspecified | 2 | The Royal Ransomware, a harmful malware program designed to exploit and damage computer systems, operated from September 2022 through June 2023. It employed multi-threaded encryption to disrupt operations and hold data hostage for ransom. The ransomware was primarily disseminated through suspicious |
| Systembc | Unspecified | 2 | SystemBC is a type of malware, or malicious software, that has been heavily utilized in cyber-attacks and data breaches. Throughout 2023, it was frequently used in conjunction with other malware like Quicksand and BlackBasta by cybercriminals to exploit vulnerabilities in computer systems. Play rans |
| Dave Loader | Unspecified | 2 | Dave Loader, also known as Domino Backdoor, is a potent malware that has been utilized in various cybercrime operations. This malicious software is designed to infiltrate computer systems and compromise user data, often without the victim's knowledge. It can be delivered through dubious downloads, e |
| SVCReady | Unspecified | 2 | SVCReady is a relatively new malware family first observed in malicious spam campaigns at the end of April 2022. This harmful software, designed to exploit and damage computers or devices, was initially unknown but has since been identified through IDS rules published by Proofpoint. The malware infe |
| Netsupport | Unspecified | 2 | NetSupport is a malicious software (malware) that has been used in various cyberattacks, including the Royal Ransomware attack and assaults by former ITG23 members. It can infiltrate systems through suspicious downloads, emails, or websites and then steal personal information, disrupt operations, or |
| Redline Stealer | Unspecified | 2 | RedLine Stealer is a malicious software (malware) that infiltrates computer systems and devices, often unbeknownst to users. The malware can infect systems through suspicious downloads, emails, or websites, causing significant damage by stealing personal information, disrupting operations, or even h |
| Netsupport Manager | Unspecified | 2 | NetSupport Manager is a malicious software (malware) that poses significant threats to computer systems and networks. It is often disguised as legitimate software or tools, such as the 7-zip compression utility or a fake Chrome browser update, to trick users into downloading and installing it. Once |
| Xworm | Unspecified | 2 | XWorm is a multifaceted malware that has been observed to exploit vulnerabilities in ScreenConnect, a remote access software. This malware provides threat actors with remote access capabilities and the potential to spread across networks, exfiltrate sensitive data, and download additional payloads. |
| Batloader | Unspecified | 2 | Batloader is a malware downloader posing as installers or updates for legitimate applications such as Microsoft Teams, Zoom, and others. This malicious software can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal |
| Ursnif | Unspecified | 2 | Ursnif, also known as Gozi or ISFB, is a type of malware that poses significant threats to computer systems and user data. It's often distributed through suspicious downloads, emails, or websites, infiltrating systems without the user's knowledge. Once installed, Ursnif can steal personal informatio |
| Truebot | Unspecified | 2 | Truebot is a highly potent malware used by the threat actor group CL0P, which has been linked to various malicious activities aimed at exploiting and damaging computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once embedded, |
| Raspberry Robin | Unspecified | 2 | Raspberry Robin is a sophisticated piece of malware that uses a variety of tactics to infiltrate and exploit computer systems. It employs the CPUID instruction to conduct several checks, enabling it to assess the system's characteristics and vulnerabilities. Furthermore, Raspberry Robin has been obs |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| TA551 | Unspecified | 3 | TA551, also known as Hive0106, Shathak, and UNC2420, is a financially motivated threat group that has been active in the cybercrime landscape. This threat actor has been linked to various malware distribution activities, including those involving QakBot, IcedID, Emotet, Bumblebee, Gozi, and other ma |
| Ta542 | Unspecified | 2 | TA542, also known as Mealybug or Mummy Spider, is a notable threat actor in the cybersecurity landscape that operates the Emotet malware family. Active since 2014, this group has evolved the initial banking Trojan into a sophisticated and profitable malware delivery vehicle. The group's operations a |
| Shadowsyndicate | Unspecified | 2 | ShadowSyndicate, a threat actor that emerged in 2019, has been implicated in multiple ransomware operations according to cybersecurity firm Group-IB. The group is known for its affiliations with various ransomware groups and programs, and has been involved in several ransomware projects such as JSWO |
| TA577 | Unspecified | 2 | TA577 is a threat actor, or malicious entity, known for its extensive use of QBot, a banking Trojan. In November 2023, Proofpoint's Threat Research Team identified TA577 as an initial access broker that began using Latrodectus, a new malware, in three separate intrusion campaigns. The group typicall |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| CVE-2022-41073 | Unspecified | 2 | None |
| Preview | Source Link | CreatedAt | Title |
|---|---|---|---|
| Securityaffairs | a month ago | SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6 | |
| Securityaffairs | a month ago | security-affairs-malware-newsletter-round-5 | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 3 | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 3 | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 2 | |
| Securityaffairs | 2 months ago | Security Affairs newsletter Round 480 by Pierluigi Paganini – INTERNATIONAL EDITION | |
| Securityaffairs | 2 months ago | Vyacheslav Igorevich Penchukov was sentenced to prison for his role in Zeus and IcedID operations | |
| Pulsedive | 3 months ago | Pulsedive Blog | Latrodectus Threat Research | |
| Krebs on Security | 3 months ago | ‘Operation Endgame’ Hits Malware Delivery Platforms | |
| BankInfoSecurity | 3 months ago | European Police Take Down Botnet Servers, Make Arrests | |
| Securityaffairs | 3 months ago | Operation Endgame, the largest law enforcement operation ever against botnets | |
| Securelist | 4 months ago | Financial threat report 2023: phishing, PC and mobile malware | |
| InfoSecurity-magazine | 5 months ago | New Malware “Latrodectus” Linked to IcedID | |
| BankInfoSecurity | 5 months ago | Sophisticated Latrodectus Malware Linked to 2017 Strain | |
| DARKReading | 5 months ago | Latrodectus Downloader Picks Up Where QBot Left Off | |
| Securityaffairs | 5 months ago | TheMoon bot infected 40,000 devices in January and February | |
| DARKReading | 6 months ago | Hackers Posing as Law Firms Phish Global Orgs | |
| CERT-EU | 6 months ago | Cybercrime on Main Street – Sophos News | #cybercrime | #infosec | National Cyber Security Consulting | |
| CERT-EU | 6 months ago | Cybercrime on Main Street – Sophos News | #cybercrime | #computerhacker - Am I Hacker Proof | |
| Securityaffairs | 6 months ago | Security Affairs newsletter Round 461 by Pierluigi Paganini |