Alias Description | Votes |
---|---|
Babuk is a possible alias for Lockbit. Babuk is a form of malware, specifically ransomware, that infiltrates computer systems and encrypts files, rendering them inaccessible to the user. It typically infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operatio | 8 |
Darkrace is a possible alias for Lockbit. DarkRace, a malicious software (malware), emerged in mid-2023 as a ransomware variant using tactics similar to the LockBit lineage. This was after the LockBit source code was leaked by a developer from the ransomware group in September 2022. DarkRace employed a double extortion method, holding stole | 4 |
Dragonforce is a possible alias for Lockbit. DragonForce is a malicious software (malware) developed by a hacktivist group of the same name. This malware has been used in a series of attacks targeting various organizations globally. In 2022, DragonForce targeted over 70 government and commercial entities in India, disrupting their web resource | 4 |
Gold Mystic is a possible alias for Lockbit. Gold Mystic, also known as LockBit and Water Selkie, is a notable threat group that began ransomware operations in 2019. They adopted the LockBit name for their file-encrypting malware in 2020 and listed their first victims on the leak site in September of the same year. After a six-month period of | 3 |
Donex is a possible alias for Lockbit. DoNex is a form of malware, specifically ransomware, known for its harmful effects on computer systems and data. This malicious software infiltrates systems often through suspicious downloads, emails, or websites, subsequently stealing personal information, disrupting operations, or holding data hos | 3 |
Putinkrab is a possible alias for Lockbit. Putinkrab, a threat actor, is known for its involvement in the development and use of highly successful ransomware strains. Emerging onto the scene in 2019, Putinkrab first appeared on Russian cybercrime forums such as XSS, Exploit, and UFOLabs, where they sold ransomware source code written in C. T | 2 |
Cyclops is a possible alias for Lockbit. Cyclops, also known as Knight and later rebranded as RansomHub, is a malware that emerged in the threat landscape in May 2023. This malicious software, designed to exploit and damage computer systems, infects systems through suspicious downloads, emails, or websites and can steal personal informatio | 2 |
Noname is a possible alias for Lockbit. NoName, also known as CosmicBeetle, is a pro-Russia threat actor group that has been active since at least 2020. The group is notorious for exploiting years-old vulnerabilities in systems, particularly those of small and medium-sized businesses, which have often left these flaws unpatched. They have | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Conti Malware is associated with Lockbit. Conti is a type of malware, specifically ransomware, which is designed to infiltrate and damage computer systems. This malicious software can enter systems through various methods such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal persona | is related to | 16 |
The Clop Malware is associated with Lockbit. Clop, a malicious software (malware), is linked to a Russian-speaking cybercriminal group also known as Cl0p. It is designed to exploit and damage computer systems by stealing personal information, disrupting operations, or holding data hostage for ransom. In May 2023, the Clop group began exploitin | is related to | 16 |
The Lockbit Black Malware is associated with Lockbit. LockBit Black, also known as LockBit 3.0, is a malicious software that emerged in early 2022 following the release of its predecessor, LockBit 2.0 (or LockBit Red) in mid-2021. The malware has been developed to exploit and damage computer systems by encrypting files, often leading to ransom demands | is related to | 12 |
The Lockbit Green Malware is associated with Lockbit. LockBit, also known as Gold Mystic and Water Selkie, is a notorious ransomware group that has been active since its inception in September 2019. It has developed several variants of its malware over the years, including LockBit 1.0, LockBit 2.0, LockBit 3.0, and most recently, LockBit Green. The gro | is related to | 9 |
The REvil Malware is associated with Lockbit. REvil, also known as Sodinokibi, is a malicious software (malware) that operates on a Ransomware as a Service (RaaS) model. This model became increasingly popular in 2020, with first-stage malware like Dridex and Gootkit being linked to ransomware attacks such as BitPaymer and REvil respectively. Th | Unspecified | 9 |
The Black Basta Malware is associated with Lockbit. Black Basta is a notorious malware group known for its sophisticated ransomware attacks, which have targeted numerous high-profile entities. The group has demonstrated a remarkable ability to adapt their tactics, techniques, and procedures (TTPs), allowing them to effectively evade security defenses | Unspecified | 6 |
The Rorschach Malware is associated with Lockbit. Rorschach, also known as BabLock, is a malware variant that has been recognized for its speed and sophistication. It is a form of ransomware that encrypts files on infected systems at an unprecedented rate, with Check Point researchers noting it as one of the fastest ransomware variants ever observe | Unspecified | 6 |
The Royal Ransomware Malware is associated with Lockbit. Royal Ransomware is a form of malware that was active from September 2022 through June 2023. This malicious software, designed to exploit and damage computers or devices, would infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it could stea | Unspecified | 5 |
The 3am Malware is associated with Lockbit. 3AM is a new ransomware family that emerged in the cyber threat landscape, as discovered by Symantec's Threat Hunter Team in September 2023. This malicious software, written in Rust, is designed to exploit and damage computer systems, often infiltrating them without the user's knowledge through susp | is related to | 5 |
The Lockbit Red Malware is associated with Lockbit. LockBit, a notorious ransomware, underwent a significant upgrade to LockBit 2.0 (also known as LockBit Red) in mid-2021. This malware version, designed to exploit and damage computer systems, was often propagated through suspicious downloads, emails, or websites. Once infiltrated, it could steal per | Unspecified | 5 |
The NoEscape Malware is associated with Lockbit. NoEscape is a malicious software, or malware, known for its ransomware capabilities. It infiltrates systems often undetected via suspicious downloads, emails, or websites, causing significant harm by stealing personal data, disrupting operations, and holding data hostage for ransom. In October 2023, | Unspecified | 4 |
The Rorschach Ransomware Malware is associated with Lockbit. The Rorschach ransomware, also known as BabLock, is a new and unique strain of malware that was first identified by Check Point Research (CPR) and the Check Point Incident Response Team (CPIRT) in April 2023. The ransomware, which was named after the famous psychological test due to its varied appea | Unspecified | 4 |
The Cactus Malware is associated with Lockbit. Cactus is a type of malware, specifically ransomware, known for its malicious activities including data theft and system disruption. This malware has been linked to several high-profile attacks, spreading primarily through malvertising campaigns that leverage the DanaBot Trojan. Notably, the Cactus | Unspecified | 4 |
The Ryuk Malware is associated with Lockbit. Ryuk is a type of malware known as ransomware, which has been utilized by the threat group ITG23 for several years. This group has been notorious for crypting their malware, with crypters seen in use with other malware such as Trickbot, Emotet, Cobalt Strike, and Ryuk. In 2019, most ransomware inves | Unspecified | 4 |
The Phobos Malware is associated with Lockbit. Phobos is a form of malware, specifically ransomware, that has been active since May 2019. The operation utilizes a ransomware-as-a-service (RaaS) model and is responsible for numerous cyber attacks worldwide. Threat actors behind Phobos gained initial access to vulnerable networks through phishing | Unspecified | 3 |
The QakBot Malware is associated with Lockbit. Qakbot is a type of malware, or malicious software, that infiltrates computer systems to exploit and damage them. This harmful program can infect devices through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt ope | Unspecified | 3 |
The Lockbit V3 Malware is associated with Lockbit. LockBit v3, also known as LockBit Black, is a potent malware that was initially detected in June 2022. This malicious software is designed to exploit and damage computer systems by encrypting files rapidly, often without the user's knowledge. It infiltrates systems through suspicious downloads, emai | is related to | 3 |
The National Hazard Agency Malware is associated with Lockbit. The National Hazard Agency is a newly identified malware group reportedly led by a man in his 20s from Ukraine. This malicious software, or malware, is designed to infiltrate and damage computer systems, often without the user's knowledge. The group uses suspicious downloads, emails, or websites to | Unspecified | 3 |
The Rhysida Ransomware Malware is associated with Lockbit. The Rhysida ransomware, a malicious software known for exploiting and damaging computer systems, has been actively disrupting cybersecurity since May 2023. This malware infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal pe | Unspecified | 3 |
The Locker Ransomware Malware is associated with Lockbit. Locker ransomware, a type of malware, poses significant risks to computer systems and data. Unlike crypto-ransomware which encrypts user data, locker ransomware locks users out of their devices entirely, demanding a ransom payment to restore access without any data encryption. This threat has evolve | Unspecified | 3 |
The Karakurt Malware is associated with Lockbit. Karakurt is a malicious software (malware) that has been linked to significant data extortion activities. The malware is affiliated with the notorious Conti cybercrime syndicate and ITG23, which are known for their disruptive operations, including data theft and ransom demands. In 2023, there was a | Unspecified | 3 |
The Ragnar Locker Malware is associated with Lockbit. Ragnar Locker is a type of malware, specifically ransomware, known for its destructive impact on computer systems. It infiltrates systems primarily through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or hold data hostage for rans | Unspecified | 3 |
The Bablock Malware is associated with Lockbit. BabLock, also known as Rorschach, is a type of malware that operates as ransomware. First identified by Check Point Research in April 2023, this harmful software infiltrates computer systems and devices, often without the user's knowledge, with the aim to exploit, damage, and potentially hold data h | is related to | 3 |
The HELLOKITTY Malware is associated with Lockbit. HelloKitty is a malicious software (malware) that has been designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold dat | Unspecified | 3 |
The Raspberry Robin Malware is associated with Lockbit. Raspberry Robin is a sophisticated malware that uses advanced techniques to infiltrate and exploit computer systems. The malicious software is designed to stealthily enter a system through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can wreak havoc by st | Unspecified | 3 |
The malware Conti, Lockbit is associated with Lockbit. | Unspecified | 3 |
The Ghost Malware is associated with Lockbit. The "Ghost" malware, first discovered in 2020, is a sophisticated and successful malicious software that has been discreetly distributed via a network of GitHub accounts known as the Stargazers Ghost Network. This network utilizes open-source and legitimate software repositories to exploit trust and | is related to | 3 |
The Conti Encryptor Malware is associated with Lockbit. Conti Encryptor is a type of malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once it has gained access, Conti Encryptor can cause s | Unspecified | 3 |
The Helldown Malware is associated with Lockbit. Helldown, a malware intrusion set that first surfaced in August 2024, is causing significant concern in the cybersecurity community. Initially known for targeting Windows systems, the Helldown group has expanded its operations to include VMware ESX servers and Linux environments. According to a repo | Unspecified | 2 |
The Aukill Malware is associated with Lockbit. AuKill, a malicious software (malware) developed by the notorious cybercrime collective FIN7, has been identified as a significant threat to endpoint security. The malware was designed to exploit a vulnerable version of a driver for Microsoft's Process Explorer utility, thereby disabling endpoint pr | Unspecified | 2 |
The Maze Malware is associated with Lockbit. Maze is a form of malicious software, or malware, that pioneered a novel double-extortion tactic in the cyber threat landscape. Its modus operandi involves stealing victims' files before encrypting them, thereby enabling the threat actors to threaten both the disruption of operations and the release | Unspecified | 2 |
The Emotet Malware is associated with Lockbit. Emotet is a notorious malware, short for malicious software, that is designed to exploit and damage computers or devices. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user, with the potential to steal personal information, disrupt operations, | Unspecified | 2 |
The Redline Malware is associated with Lockbit. RedLine is a type of malware, or malicious software, designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for | Unspecified | 2 |
The Trigona Malware is associated with Lockbit. Trigona was a significant strain of ransomware that emerged in 2022, known for its harmful effects on computer systems. The malware infiltrated systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it could steal personal information, disrupt ope | Unspecified | 2 |
The WannaCry Malware is associated with Lockbit. WannaCry is a notorious malware that gained global attention in 2017 when it was responsible for the biggest ransomware attack to date. The malware, designed to exploit and damage computer systems, infects systems through suspicious downloads, emails, or websites. Once inside a system, WannaCry can | Unspecified | 2 |
The malware Hive Raas is associated with Lockbit. | Unspecified | 2 |
The Lockbit v3.0 Malware is associated with Lockbit. LockBit v3.0 is a malicious software variant, known for its capability to encrypt up to 25,000 files per minute. This potent ransomware was first encountered almost a year ago, and despite not being the fastest of its kind, it poses a significant threat due to the average time required to detect and | is related to | 2 |
The cryptolocker Malware is associated with Lockbit. CryptoLocker is a type of malware known as ransomware that emerged as a significant cybersecurity threat. This malicious software infects systems through suspicious downloads, emails, or websites and then encrypts the user's documents, demanding a ransom for their recovery. It has been described as | Unspecified | 2 |
The Raccoon Malware is associated with Lockbit. Raccoon is a malicious software (malware) developed by Russian-speaking coders, first spotted in April 2019. It was designed to steal sensitive data such as credit card information, email credentials, cryptocurrency wallets, and more from its victims. The malware is offered as a service (MaaS) for $ | Unspecified | 2 |
The Lockbit v.3 Malware is associated with Lockbit. LockBit v.3 is a type of malware, specifically ransomware, that poses significant threats to computer systems and devices. It infiltrates systems through dubious downloads, emails, or websites, often without the user's awareness. Once inside, it can steal personal information, disrupt operations, or | is related to | 2 |
The Pegasus Malware is associated with Lockbit. Pegasus is a highly controversial and sophisticated malware, developed by Israel's NSO Group, designed to covertly monitor and extract data from iOS and Android smartphones. Once installed, Pegasus can intercept messages, emails, media, and passwords, and track location data, all while evading detec | Unspecified | 2 |
The Gazprom Malware is associated with Lockbit. Gazprom, named after the Russian gas giant, is a malicious software (malware) that has been causing significant disruption in the digital world. The malware uses leaked Conti source code and is often mistaken for LockBit crypto-locker due to its similar operational style. This confusion is further c | Unspecified | 2 |
The Werewolves Malware is associated with Lockbit. The Werewolves group, a new entrant into the malware scene, has been identified as a significant threat due to its use of LockBit3 ransomware and leaked Conti source code. The group, which was first reported by Russian cybersecurity firm F.A.C.C.T. in November 2023, began its operations in June 2023 | Unspecified | 2 |
The TrickBot Malware is associated with Lockbit. TrickBot is a notorious malware developed by cybercriminals to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. This malicious software can steal personal information, disrupt operations, or even hold data hostage for ransom. Vladimir Dunaev, | Unspecified | 2 |
The Threeam Malware is associated with Lockbit. ThreeAM, a developing ransomware group, was first tracked by GRIT in September 2023. The threat actor responsible initially attempted to deploy the LockBit ransomware encryptor but resorted to using ThreeAM ransomware after the former failed. This shift in strategy came in light of recent law enforc | Unspecified | 2 |
The Xworm Malware is associated with Lockbit. XWorm is a sophisticated piece of malware designed to infiltrate and exploit computer systems, often without the user's knowledge. It can be delivered through various means such as suspicious downloads, emails, or websites, and once inside a system, it can steal personal information, disrupt operati | Unspecified | 2 |
The WastedLocker Malware is associated with Lockbit. WastedLocker is a sophisticated malware developed by the Evil Corp Group, a notorious cybercriminal organization. This malware is a form of ransomware that targets both Windows and Android devices, encrypting users' data and demanding a ransom for its release. Originating in 2020, WastedLocker utili | Unspecified | 2 |
The Monti Malware is associated with Lockbit. Monti is a malicious software, or malware, specifically a member of the Linux ransomware family. Ransomware is designed to infiltrate computer systems, often without the user's knowledge, through suspect downloads, emails, or websites. Once inside, it can cause significant damage by stealing persona | Unspecified | 2 |
The Mallox Malware is associated with Lockbit. Mallox is a potent malware that has been causing significant disruption in the digital world. This ransomware, primarily infiltrating networks via SQL servers, has shown its ability to adapt and evolve over time. PCrisk has identified new variants of Mallox that append extensions such as .ma1x0, .co | Unspecified | 2 |
The Snatch Malware is associated with Lockbit. Snatch is a type of malware, specifically a ransomware, that poses significant threats to digital security. This malicious software infiltrates systems typically via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Snatch can cause extensive damage, inc | Unspecified | 2 |
The MedusaLocker Malware is associated with Lockbit. MedusaLocker is a potent malware, first observed in 2019, that primarily targets the healthcare sector. It operates as a Ransomware-as-a-Service (RaaS), often using the double extortion method for monetary gain. This ransomware has been particularly effective during periods of disorder and confusion | Unspecified | 2 |
The Blacksuit Malware is associated with Lockbit. BlackSuit is a new strain of malware, specifically ransomware, that has been causing significant damage to computer systems. It is believed to be a rebranding of the Royal ransomware gang, as indicated by similarities in code between the two. This suspicion was confirmed by warnings from both the Cy | Unspecified | 2 |
The AsyncRAT Malware is associated with Lockbit. AsyncRAT is a malicious software (malware) that infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for ransom. It has recently risen to prominence, ra | Unspecified | 2 |
The Raccoon Stealer Malware is associated with Lockbit. Raccoon Stealer, a malware-as-a-service (MaaS) operation, emerged in 2019, designed by Russian-speaking developers to steal victims' sensitive data such as credit card information, email credentials, and cryptocurrency wallets. The malware was initially promoted exclusively on Russian-speaking hacki | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Alphv Threat Actor is associated with Lockbit. Alphv, also known as BlackCat, is a threat actor group that has been linked to numerous cyberattacks, particularly targeting the healthcare sector. The group made headlines when it stole 5TB of data from Morrison Community Hospital, causing significant disruption and raising concerns about patient p | is related to | 19 |
The LockBitSupp Threat Actor is associated with Lockbit. LockBitSupp, a prominent threat actor, has been identified as Russian national Dmitry Yuryevich Khoroshev. The group's activities have been under scrutiny due to its involvement in ransomware attacks and other cybercrimes. Khoroshev, who was operating under the aliases "LockBit" and "LockBitSupp," i | is related to | 11 |
The Blackmatter Threat Actor is associated with Lockbit. BlackMatter, a threat actor in the cybersecurity realm, is known for its malicious activities and has been linked to several ransomware strains. The group emerged as a successor to the DarkSide ransomware, which was responsible for the high-profile attack on the Colonial Pipeline in May 2021. Howeve | is related to | 9 |
The Bassterlord Threat Actor is associated with Lockbit. Bassterlord, a known threat actor and affiliate of the LockBit group, has been associated with multiple malicious cyber activities since August 2021. Operating under the alias "Bassterlord," Ivan Kondratyev allegedly deployed LockBit ransomware against private and municipal entities in New York, Ore | is related to | 8 |
The Vasiliev Threat Actor is associated with Lockbit. Mikhail Vasiliev, a dual Russian-Canadian national known by various online aliases such as "Ghostrider," was a key threat actor involved in the global LockBit ransomware campaign. Alongside fellow members like Ruslan Magomedovich Astamirov, and others including Sungatov, Kondratyev, and Mikhail Pavl | Unspecified | 7 |
The Evil Corp Threat Actor is associated with Lockbit. Evil Corp, a threat actor based in Russia, has been identified as a significant cybersecurity threat due to its involvement in various malicious activities, including the deployment of Dridex malware. The group is led by Maksim Yakubets and has been sanctioned by the Treasury Department for its cybe | is related to | 7 |
The DarkSide Threat Actor is associated with Lockbit. DarkSide is a threat actor known for its malicious activities, primarily in the realm of ransomware attacks. One of their most notable exploits occurred on May 7, 2021, when they targeted Colonial Pipeline Co., a major player in the U.S. energy sector. The attack disrupted the gasoline supply across | Unspecified | 6 |
The Medusa Threat Actor is associated with Lockbit. Medusa, a threat actor group known for its malicious activities, has been increasingly involved in multiple high-profile cyber attacks. In November 2023, Medusa and other groups like LockBit and ALPHV (BlackCat) exploited a zero-day vulnerability, the Citrix Bleed (CVE-2023-4966), leading to numerou | Unspecified | 6 |
The Wazawaka Threat Actor is associated with Lockbit. Wazawaka, identified by the FBI as Mikhail Matveev, is a significant threat actor in the cybercrime landscape. Known for his affiliations with multiple ransomware groups, including LockBit, throughout 2020 and 2021, he became a central figure in the Babuk ransomware-as-a-service gang. Matveev's oper | Unspecified | 6 |
The Artur Sungatov Threat Actor is associated with Lockbit. In February 2024, the U.S. Justice Department unsealed an indictment in the District of New Jersey against Russian nationals Artur Sungatov and Ivan Kondratyev, also known as Bassterlord, for their involvement with the LockBit ransomware group. This notorious cybercriminal organization has been acti | is related to | 6 |
The Ransomhub Threat Actor is associated with Lockbit. RansomHub, a threat actor in the realm of cybersecurity, has emerged as a significant player within the ransomware landscape. The group is known for its malicious activities, including data breaches and extortion attempts. It has been observed that RansomHub affiliates actively participate in campai | Unspecified | 6 |
The Hive Ransomware Threat Actor is associated with Lockbit. Hive ransomware, a prominent threat actor active in 2022, was known for its widespread malicious activities in numerous countries, including the US. The group's modus operandi involved the use of SharpRhino, which upon execution, established persistence and provided remote access to the attackers, e | Unspecified | 5 |
The Mikhail Matveev Threat Actor is associated with Lockbit. Mikhail Matveev, also known by the aliases Wazawaka, m1x, Boriselcin, and Uhodiransomwar, is a prominent threat actor associated with significant cybercrime activities. His involvement in the cybercrime world was traced back to 2020 and 2021 when he was identified as an affiliate of LockBit, a notor | Unspecified | 5 |
The Rhysida Threat Actor is associated with Lockbit. Rhysida is a globally active threat actor known for its ransomware operations, which have impacted a wide range of sectors, particularly the government and public sector. Their use of CleanUpLoader makes their operations highly effective and difficult to detect, as it not only facilitates persistenc | Unspecified | 5 |
The Bl00dy Threat Actor is associated with Lockbit. Bl00dy is a threat actor known for its malicious activities in the cyber world. The group, along with another threat actor called Black Basta, have recently been identified as exploiting bugs in ConnectWise ScreenConnect, a popular remote management tool. This exploitation has led to a significant i | Unspecified | 5 |
The Dmitry Yuryevich Khoroshev Threat Actor is associated with Lockbit. Dmitry Yuryevich Khoroshev, a Russian national from Voronezh, has been identified as a significant threat actor in the cybersecurity landscape. Known by his alias "LockBitSupp," Khoroshev is allegedly the creator, developer, and administrator of LockBit, a notorious ransomware group. His real identi | Unspecified | 4 |
The Mikhail Pavlovich Matveev Threat Actor is associated with Lockbit. Mikhail Pavlovich Matveev, a Russian national also known by online monikers Wazawaka, m1x, Boriselcin, and Uhodiransomwar, has been identified as a major threat actor in the world of cybersecurity. Matveev is among five Russians charged in connection with Lockbit, a group widely recognized as one of | Unspecified | 4 |
The Uhodiransomwar Threat Actor is associated with Lockbit. Uhodiransomwar, also known as Mikhail Pavlovich Matveev, Wazawaka, m1x, and Boriselcin, is a significant threat actor in the cybersecurity landscape. A Russian national aged 30, Matveev has been implicated in a series of malicious cyber activities since at least 2020. He is alleged to have participa | Unspecified | 4 |
The Qilin Threat Actor is associated with Lockbit. Qilin, a threat actor known for its malicious activities in the cyberspace, has been on the rise with an increase in victim count by 44% reaching 140 in Q3. This group is part of the Octo Tempest group which recently added RansomHub and Qilin ransomware to its arsenal, enhancing its capabilities to | Unspecified | 4 |
The Ivan Kondratyev Threat Actor is associated with Lockbit. Ivan Kondratyev, also known as Bassterlord, is a recognized threat actor associated with the notorious LockBit ransomware group. The Russian national has been linked to malicious cyber activities targeting numerous businesses and industries across the United States and globally. Operating alongside | is related to | 4 |
The Vice Society Threat Actor is associated with Lockbit. Vice Society, a threat actor or hacking team with malicious intent, has been active since 2022 and has made significant waves in the cybersecurity world. The group is known for deploying various forms of ransomware, including BlackCat, Quantum Locker, Zeppelin, and their own branded variant of Zeppe | Unspecified | 4 |
The BianLian Threat Actor is associated with Lockbit. BianLian is a threat actor that has been active in cybercrime, leveraging various techniques for malicious intent. Prior to January 2024, the group used an encryptor (encryptor.exe) that modified all encrypted files to have the .bianlian extension and created a ransom note in each affected directory | Unspecified | 4 |
The Boriselcin Threat Actor is associated with Lockbit. Mikhail Pavlovich Matveev, also known as Boriselcin, is a threat actor that has been implicated in significant cybercrime activities. Beginning at least as early as 2020, Matveev has been allegedly involved in deploying three ransomware variants: LockBit, Babuk, and Hive. These attacks targeted vari | Unspecified | 3 |
The Sodinokibi Threat Actor is associated with Lockbit. Sodinokibi, also known as REvil, is a highly active and impactful threat actor first identified in April 2019. Operating as a ransomware-as-a-service (RaaS), this group has been responsible for a significant proportion of global ransomware incidents. In 2020, Sodinokibi ransomware attacks accounted | Unspecified | 3 |
The Lapsus Threat Actor is associated with Lockbit. Lapsus is a significant threat actor that has been active since its inception in early 2022. The group gained notoriety for its cyberattacks, including a high-profile breach of Nvidia, an American multinational technology company, in the same year. This attack led to the leak of thousands of passwor | Unspecified | 3 |
The Blackbyte Threat Actor is associated with Lockbit. BlackByte, a threat actor believed to be an offshoot of the notorious Conti group, has been observed by cybersecurity experts exploiting a recently disclosed VMware ESXi vulnerability (CVE-2024-37085) to gain control over virtual machines and escalate privileges within compromised environments. This | Unspecified | 3 |
The FIN7 Threat Actor is associated with Lockbit. FIN7, also known as Carbanak, Carbon Spider, Cobalt Group, and Navigator Group, is a notorious cybercrime group that has been active since 2012. The group is recognized for its advanced combination of malware and social engineering tactics, having executed numerous successful attacks against global | Unspecified | 2 |
The 8base Threat Actor is associated with Lockbit. 8base, a significant threat actor in the cybersecurity landscape, has been active between April 2022 and May 2023. This group, while not new, has recently increased its visibility with the activation of a public leak site used to pressure victims into paying ransoms. In the last month alone, 8base o | Unspecified | 2 |
The Black Cat Threat Actor is associated with Lockbit. Black Cat, also known as AlphV, is a threat actor recognized for its malicious cyber activities. The group has been responsible for several high-profile attacks, including one on Change Healthcare, a subsidiary of Optum and UnitedHealth Group (UHG), in late February. Following the attack, Black Cat | Unspecified | 2 |
The Akira Ransomware Gang Threat Actor is associated with Lockbit. The Akira ransomware gang, a malicious threat actor in the cybersecurity landscape, has been actively involved in several high-profile cyber attacks. They use sophisticated techniques to infiltrate systems and steal sensitive data, posing significant threats to both private companies and government | Unspecified | 2 |
The Gandcrab Threat Actor is associated with Lockbit. GandCrab, a threat actor, is known for its malicious activities involving ransomware attacks. Originating from Russian origins and evolving from Team Truniger, a former GandCrab affiliate, the group has been linked to numerous ransomware variants including Bad Rabbit, LockBit 2.0, STOP/DJVU, and REv | Unspecified | 2 |
The Gold Blazer Threat Actor is associated with Lockbit. GOLD BLAZER is a threat actor identified as the operator of the BlackCat/ALPV ransomware. This group, along with others such as GOLD MYSTIC (LockBit) and GOLD TAHOE (Cl0p), continues to dominate the ransomware landscape. While these established groups maintain their stronghold, new threat actors are | Unspecified | 2 |
The RansomedVC Threat Actor is associated with Lockbit. RansomedVC, a new threat actor in the cybersecurity landscape, has emerged as a significant concern due to its unorthodox approaches and deceptive tactics. This group is suspected to be an enterprise of a single individual threat actor, who has previously been associated with other cybercrime operat | Unspecified | 2 |
The Hunters International Threat Actor is associated with Lockbit. Hunters International, an active threat actor group since October of the previous year, has been identified as a significant cybersecurity concern. The group has taken over and rebranded the Hive ransomware, despite their disputes about this association. This development followed the disbandment of | Unspecified | 2 |
The Cosmicbeetle Threat Actor is associated with Lockbit. CosmicBeetle, also known as NoName, is a threat actor that has been active since 2020. ESET researchers have recently published an in-depth analysis of this cybercrime group's activities. Despite the crude and clumsy nature of its operations, CosmicBeetle has managed to compromise various targets wo | Unspecified | 2 |
The M1x Threat Actor is associated with Lockbit. M1x, also known as Wazawaka, Boriselcin, and Uhodiransomwar, is a threat actor identified as Mikhail Pavlovich Matveev. This individual has been allegedly involved in malicious cyber activities since at least 2020. Matveev's primary mode of operation involves the deployment of ransomware, specifical | Unspecified | 2 |
The Colonel Cassad Threat Actor is associated with Lockbit. Colonel Cassad, a self-proclaimed military journalist based in Sevastopol, Russia, has been identified as a potential threat actor in the cybersecurity landscape. The individual is known for soliciting donations for Russian militia group operations in the sanctioned jurisdictions of Donetsk and Luha | Unspecified | 2 |
The Ghostrider Threat Actor is associated with Lockbit. Ghostrider, also known as a threat actor, is an online alias used by Vasiliev, who has been associated with multiple cyberattacks between 2021 and 2023. Other aliases utilized by Vasiliev include "Free," "Digitalocean90," "Digitalocean99," "Digitalwaters99," and "Newwave110." The primary tool of dis | Unspecified | 2 |
The threatActor Newwave110 is associated with Lockbit. | Unspecified | 2 |
The Kimsuky Threat Actor is associated with Lockbit. Kimsuky is a threat actor group linked to North Korea, known for its malicious cyber activities with a particular focus on espionage. The group has been observed employing a variety of sophisticated tactics and techniques, including the use of malware such as TOGREASE, GREASE, and RandomQuery, which | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Citrix Bleed Vulnerability is associated with Lockbit. Citrix Bleed (CVE-2023-4966) is a severe software vulnerability, with a CVSS score of 9.4, identified in Citrix Netscaler Gateway and Netscaler ADC products. This flaw allows unauthorized disclosure of sensitive information, enabling attackers to gain remote access to organizations that rely on Citr | Targets | 9 |
The CVE-2023-4966 Vulnerability is associated with Lockbit. CVE-2023-4966, also known as Citrix Bleed, is a significant software vulnerability discovered in the Citrix NetScaler ADC and Gateway products. The flaw, characterized as a sensitive information disclosure vulnerability, poses a serious threat due to its high CVSS score of 9.4. This vulnerability wa | Unspecified | 6 |
The CVE-2023-3824 Vulnerability is associated with Lockbit. CVE-2023-3824 is a critical vulnerability that resides in the PHP software. This flaw in software design or implementation was exposed and exploited, leading to significant cybersecurity implications. This vulnerability became notably prominent following its exploitation during the resurgence of the | Unspecified | 5 |
The CVE-2023-20269 Vulnerability is associated with Lockbit. CVE-2023-20269 is a zero-day vulnerability found in Cisco's Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. This flaw in software design or implementation has been actively exploited by ransomware groups to gain initial access to corporate networks. The exploitation of | Unspecified | 5 |
The CVE-2023-27350 Vulnerability is associated with Lockbit. CVE-2023-27350 represents a significant software vulnerability in PaperCut MF/NG, identified as an improper access control flaw. This weakness allows attackers to bypass authentication processes, providing them with the ability to execute code with system privileges. The vulnerability was first upda | Unspecified | 2 |
The vulnerability CVE-2023-27351 is associated with Lockbit. | Unspecified | 2 |
The CVE-2024-1708 Vulnerability is associated with Lockbit. CVE-2024-1708 is a high-severity path traversal vulnerability that was discovered in ConnectWise's ScreenConnect software. This flaw, which affects versions 23.9.7 and earlier, allows a remote privileged user to read arbitrary files on the system using a specially crafted HTTP request. ConnectWise d | Unspecified | 2 |
The CVE-2024-1709 Vulnerability is associated with Lockbit. CVE-2024-1709 is a critical vulnerability in the ConnectWise ScreenConnect software that allows for an authentication bypass. This flaw can enable a remote non-authenticated attacker to bypass the system's authentication process and gain full access. The issue was identified by Sophos Rapid Response | Unspecified | 2 |
The vulnerability Lockbit's Ghost is associated with Lockbit. | Unspecified | 2 |
Preview | Source Link | CreatedAt | Title |
---|---|---|---|
DARKReading | 3 days ago | ||
Securityaffairs | 3 days ago | ||
Securelist | 3 days ago | ||
InfoSecurity-magazine | 8 days ago | ||
BankInfoSecurity | 2 months ago | ||
DARKReading | 13 days ago | ||
InfoSecurity-magazine | 13 days ago | ||
CERT-EU | 9 months ago | ||
InfoSecurity-magazine | 18 days ago | ||
DARKReading | 18 days ago | ||
DARKReading | 18 days ago | ||
CISA | 18 days ago | ||
BankInfoSecurity | a month ago | ||
Checkpoint | a month ago | ||
BankInfoSecurity | a month ago | ||
BankInfoSecurity | a month ago | ||
ESET | a month ago | ||
ESET | a month ago | ||
Securityaffairs | a month ago | ||
BankInfoSecurity | a month ago |