| ID | Votes | Profile Description |
|---|---|---|
| Kimsuky | 3 | Kimsuky is a North Korea-linked advanced persistent threat (APT) group that conducts global cyber-attacks to gather intelligence for the North Korean government. The group has been identified as a significant threat actor, executing actions with malicious intent, and has recently targeted victims vi |
| Ta406 | 2 | TA406, also known as the Konni Group or Kimsuky, is a state-sponsored cybercrime organization based in North Korea. This threat actor has been implicated in numerous cyber espionage activities, targeting entities such as news media organizations, academic institutions, and think tanks. The group gai |
| DOGCALL | 1 | Dogcall, also known as ROKRAT, is a remote access Trojan (RAT) malware first reported by Talos in April 2017. It has consistently been attributed to the Advanced Persistent Threat (APT37) group, also known as Reaper. The malware uses third-party hosting services for data upload and command acceptanc |
| Konnirat | 1 | None |
| Apt43 | 1 | APT43, also known as Kimsuky, is a North Korean state-sponsored advanced persistent threat (APT) group that has been actively involved in cybercrime and espionage. The group has been implicated in a series of attacks exploiting vulnerabilities, which have drawn the attention of various cybersecurity |
| Updog | 1 | None |
| HIDDEN COBRA | 1 | Hidden Cobra, also known as the Lazarus Group and Sapphire Sleet, is a North Korean cyberespionage group that has been active since at least 2009. The U.S. Government uses the term Hidden Cobra to refer to malicious cyber activities by the North Korean government, with the BeagleBoyz representing a |
| CARROTBAT | 1 | Carrotbat is a malicious software, or malware, first discovered in December 2017 during an attack. The discovery was made by Unit 42, which dubbed the malware family "Carrotbat". It was found to be related to another attack on a British government agency due to overlaps within the attack infrastruct |
| NOKKI | 1 | NOKKI is a malicious software (malware) that was first identified in January 2018, with activities traced throughout the year. It originated from an investigation into a new malware family named NOKKI, which showed significant code overlap and other ties to KONNI, a previously identified malware. Th |
| SYSCON | 1 | In January 2023, the McAfee Advanced Threat Research team discovered a new variant of the SYSCON backdoor malware being used in an operation. This variant appeared in a malicious Word document containing a Visual Basic macro that dropped and executed an upgraded version of the implant. The malware w |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Amadey | Unspecified | 2 | Amadey is a malicious software (malware) that has been found to be used in conjunction with other malware such as Remcos, GuLoader, and Formbook. Analysis of the infection chains revealed that the individual behind the sales of Remcos and GuLoader also uses Amadey and Formbook, using GuLoader as a p |
| Fracturedstatue | Unspecified | 1 | None |
| ROKRAT | Unspecified | 1 | RokRAT is a sophisticated malware that has been used by the cyber-espionage group ScarCruft, primarily to target South Korean media and research organizations. The malware is typically delivered via phishing emails with ZIP file attachments containing LNK files disguised as Word documents. However, |
| OceanSalt | Unspecified | 1 | None |
| Final1stspy | Unspecified | 1 | Final1stspy is a previously unreported malware family that has been discovered and named based on a pdb string found in the malware. This harmful software, designed to exploit and damage computer systems, is closely related to the NOKKI and DOGCALL malware families, used as a deployment mechanism fo |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| APT37 | Unspecified | 4 | APT37, also known as ScarCruft, Reaper, or Group123, is a threat actor suspected to be linked to North Korea. It primarily targets South Korea but has also extended its activities to Japan, Vietnam, and the Middle East, focusing on various industry verticals such as chemicals, electronics, manufactu |
| Sandworm | Unspecified | 3 | Sandworm, a threat actor linked to Russia, has been implicated in numerous high-profile cyber attacks. This group's activities have primarily targeted Ukraine, compromising the country's critical infrastructure and telecommunications providers. The Sandworm group is known for its fileless attack met |
| APT29 | Unspecified | 2 | APT29, also known as Cozy Bear, SVR group, BlueBravo, Nobelium, Midnight Blizzard, and The Dukes, is a threat actor linked to Russia. This group is notorious for its malicious activities in the cybersecurity realm, executing actions with harmful intent. It has been associated with several high-profi |
| Konni Group | Unspecified | 2 | The Konni Group, also known as TA406, is a threat actor believed to be associated with North Korean cyberespionage activities. According to cybersecurity firm DuskRise, the group has been involved in sophisticated cyberattacks, including one where they compromised a foreign ministry email account to |
| APT34 | Unspecified | 1 | APT34, also known as OilRig, EUROPIUM, Hazel Sandstorm, and Crambus among other names, is a threat actor believed to be operating on behalf of the Iranian government. Operational since at least 2014, APT34 has been involved in long-term cyber espionage operations primarily focused on reconnaissance |
| Lazarus Group | Unspecified | 1 | The Lazarus Group, a notorious threat actor believed to be linked to North Korea, has been attributed with a series of significant cyber-attacks over the past few years. The group's malicious activities include the exploitation of digital infrastructure, stealing cryptocurrency, and executing large- |
| APT36 | Unspecified | 1 | APT36, also known as Transparent Tribe and Earth Karkaddan, is a notorious threat actor believed to be based in Pakistan. The group has been involved in cyberespionage activities primarily targeting India, with a focus on government, military, defense, aerospace, and education sectors. Their campaig |
| Turla | Unspecified | 1 | Turla, also known as Pensive Ursa, is a sophisticated threat actor linked to Russia that has been active for many years. The group is known for its advanced cyber-espionage capabilities and has been associated with numerous high-profile breaches. According to the MITRE ATT&CK and MITRE Ingenuity dat |
| OceanLotus | Unspecified | 1 | OceanLotus, also known as APT32, is a threat actor suspected to be linked with Vietnam. It primarily targets foreign companies involved in manufacturing, consumer products, consulting, and hospitality sectors that are investing or planning to invest in Vietnam. The group's recent activities indicate |
| Evil Corp | Unspecified | 1 | Evil Corp, a threat actor group based in Russia, has been identified as a significant cybercrime entity responsible for the execution of malicious actions. The alleged leader of this group is Maksim Yakubets, who is notably associated with Dridex malware operations. The U.S. Treasury imposed sanctio |
| BITTER | Unspecified | 1 | Bitter, also known as T-APT-17, is a suspected South Asian threat actor that has been involved in various cyber campaigns. The group has been active since at least August 2021, with its operations primarily targeting government personnel in Bangladesh through spear-phishing emails. The similarities |
| Winnti | Unspecified | 1 | Winnti is a sophisticated threat actor group, first identified by Kaspersky in 2013, with activities dating back to at least 2007. The group has been associated with the Chinese nation-state and is part of a collective known as APT41, which also includes subgroups like Wicked Panda, Suckfly, and Bar |
| FIN12 | Unspecified | 1 | FIN12, also known as DEV-0237 and Pistachio Tempest, is a threat actor group notorious for its malicious cyber activities. Tracked by Microsoft, this group is primarily engaged in the distribution of Hive, Conti, and Ryuk ransomware. The group has been responsible for several high-profile ransomware |
| Sednit | Unspecified | 1 | Sednit, also known as APT28, Fancy Bear, Strontium/Forest Blizzard, Pawn Storm, Sofacy, and BlueDelta, is a threat actor associated with Russia's military intelligence. Active since at least 2007, the group has targeted governments, militaries, and security organizations worldwide. ESET has shed lig |
| Winter Vivern | Unspecified | 1 | Winter Vivern is a threat actor group that has recently been active in the cybersecurity landscape. This group, which is believed to align with the interests of Belarus, has been involved in a series of malicious activities targeting different entities. They have notably exploited a zero-day vulnera |
| Darkcasino | Unspecified | 1 | DarkCasino, a threat actor known for its malicious activities, has recently been identified as one of the Advanced Persistent Threat (APT) groups exploiting a zero-day vulnerability in WinRAR. APT groups are typically state-sponsored or criminal organizations that conduct long-term cyber-espionage o |
| Dark Pink | Unspecified | 1 | Dark Pink, also known as Saaiwc Group, is a Chinese-aligned cyberespionage entity that has been particularly active since mid-2022. The threat actor has conducted spearphishing campaigns against government, military, and non-profit organizations in Southeast Asia and parts of Europe, using sophistic |
| APT28 | Unspecified | 1 | APT28, also known as Fancy Bear, is a threat actor linked to Russia and has been involved in numerous cyber espionage campaigns. The group is notorious for its sophisticated tactics, techniques, and procedures (TTPs). Recently, NATO and the EU formally condemned APT28's activities, acknowledging the |
| APT40 | Unspecified | 1 | APT40, a Chinese cyber espionage group suspected to be linked to the People's Republic of China (PRC) Ministry of State Security, has been identified as a significant threat actor. The group typically targets countries strategically important to China's Belt and Road Initiative. Over the years, APT4 |
| Passcv | Unspecified | 1 | PassCV is a threat actor, or hacking team, that has been identified as part of the Chinese intelligence apparatus. This group has operated under various names including Winnti, APT17, Axiom, LEAD, BARIUM, Wicked Panda, and GREF, indicating a broad and complex network of cyber operations. The group i |
| Tonto Team | Unspecified | 1 | Tonto Team is a Chinese government-aligned Advanced Persistent Threat (APT) group, recognized for its malicious cyber activities. The team has been active for over a decade, utilizing various types of malware, notably the Bisonal and ShadowPad backdoors, in campaigns against entities in Japan, Russi |
| ScarCruft | Unspecified | 1 | ScarCruft, also known as APT37, Inky Squid, RedEyes, Reaper, or Group123, is a North Korean threat actor group associated with malicious cyber activities. Their actions have been linked to the execution of targeted attacks against individual Android devices, as outlined in a VB2023 paper titled "Int |
| Osmium | Unspecified | 1 | None |
| Reaper | Unspecified | 1 | Reaper, also known as APT37, Inky Squid, RedEyes, or ScarCruft, is a threat actor group attributed to North Korea. It deploys ROKRAT, a malicious tool that has been used in cyber exploitation since the 1970s. This group is also tied to the NOKKI malware family, which originated from research surroun |
| Gamaredon | Unspecified | 1 | Gamaredon, a Russian Advanced Persistent Threat (APT) group, has been actively tracked since 2013 and is recognized as a significant threat actor in the cybersecurity landscape. Its primary target is Ukraine, against which it deploys an array of home-brewed malware through malicious documents. The E |
| TA505 | Unspecified | 1 | TA505, also known as Cl0p Ransomware Gang and Lace Tempest, is a highly active and sophisticated cybercriminal group. The group has been associated with various high-profile cyber-attacks, demonstrating adaptability through a multi-vector approach to their operations. In June 2023, the U.S. Cybersec |
| APT10 | Unspecified | 1 | APT10, also known as the Menupass Team, is a threat actor believed to operate on behalf of the Chinese Ministry of State Security (MSS). The group has been active since 2009 and is suspected to be based in Tianjin, China, according to research by IntrusionTruth in 2018. APT10 has primarily targeted |
| Bluenoroff | Unspecified | 1 | BlueNoroff, a threat actor closely associated with the notorious Lazarus Group, has been actively involved in malicious cyber activities primarily targeting financial institutions and cryptocurrency businesses. Known for its sophisticated attacks on banks, casinos, fintech companies, POST software, |
| Sidewinder | Unspecified | 1 | The Sidewinder threat actor group, also known as Rattlesnake, BabyElephant, APT Q4, APT Q39, Hardcore Nationalist, HN2, RAZOR Tiger, and GroupA21, is a significant cybersecurity concern with a history of malicious activities dating back to 2012. This report investigates a recent campaign by Sidewind |
| APT33 | has used | 1 | APT33, an Iran-linked threat actor, has been identified as a significant cyber threat to the Defense Industrial Base sector. The group is known for its sophisticated and malicious activities, which primarily involve executing actions with harmful intent. APT33, like other threat actors, could be a s |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| CVE-2023-38831 | Unspecified | 3 | CVE-2023-38831 is a critical vulnerability identified in the WinRAR software, with a CVSS score of 7.8, indicating high severity. This flaw in software design or implementation has been exploited to disseminate the LONEPAGE malware through ZIP files using an exploit known as UAC-0099. The vulnerabil |
| Apt28 Frozenlake | Unspecified | 1 | None |
| Source | CreatedAt | Title |
|---|---|---|
| Securityaffairs | 6 days ago | Security Affairs Malware Newsletter - Round 3 |
| Securityaffairs | 6 days ago | Security Affairs Malware Newsletter - Round 3 |
| Securityaffairs | 12 days ago | Security Affairs Malware Newsletter - Round 2 |
| Securityaffairs | 20 days ago | Security Affairs Malware Newsletter - Round 1 |
| Securityaffairs | a month ago | Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Securityaffairs | a month ago | Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Securityaffairs | a month ago | Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Securityaffairs | 2 months ago | Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Securityaffairs | 3 months ago | Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Securityaffairs | 3 months ago | Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Securityaffairs | 3 months ago | Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Securityaffairs | 4 months ago | Security Affairs newsletter Round 466 by Pierluigi Paganini |
| Securityaffairs | 4 months ago | Security Affairs newsletter Round 465 by Pierluigi Paganini |
| Securityaffairs | 4 months ago | Security Affairs newsletter Round 464 by Pierluigi Paganini |
| Securityaffairs | 4 months ago | Security Affairs newsletter Round 463 by Pierluigi Paganini |
| Securityaffairs | 5 months ago | Security Affairs newsletter Round 462 by Pierluigi Paganini |
| InfoSecurity-magazine | 5 months ago | RATs Spread Via Fake Skype, Zoom, Google Meet Sites |
| Securityaffairs | 5 months ago | Security Affairs newsletter Round 461 by Pierluigi Paganini |
| BankInfoSecurity | 5 months ago | North Korean Group Seen Snooping on Russian Foreign Ministry |
| Securityaffairs | 5 months ago | Security Affairs newsletter Round 460 by Pierluigi Paganini |