Alias Description | Votes |
---|---|
Babuk is a possible alias for Lockbit. Babuk is a form of malware, specifically ransomware, that infiltrates computer systems and encrypts files, rendering them inaccessible to the user. It typically infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operatio | 8 |
Dragonforce is a possible alias for Lockbit. DragonForce is a malicious software (malware) developed by a hacktivist group of the same name. This malware has been used in a series of attacks targeting various organizations globally. In 2022, DragonForce targeted over 70 government and commercial entities in India, disrupting their web resource | 4 |
Gold Mystic is a possible alias for Lockbit. Gold Mystic, also known as LockBit and Water Selkie, is a notable threat group that began ransomware operations in 2019. They adopted the LockBit name for their file-encrypting malware in 2020 and listed their first victims on the leak site in September of the same year. After a six-month period of | 3 |
Putinkrab is a possible alias for Lockbit. Putinkrab, a threat actor, is known for its involvement in the development and use of highly successful ransomware strains. Emerging onto the scene in 2019, Putinkrab first appeared on Russian cybercrime forums such as XSS, Exploit, and UFOLabs, where they sold ransomware source code written in C. T | 2 |
Cyclops is a possible alias for Lockbit. Cyclops, also known as Knight and later rebranded as RansomHub, is a malware that emerged in the threat landscape in May 2023. This malicious software, designed to exploit and damage computer systems, infects systems through suspicious downloads, emails, or websites and can steal personal informatio | 2 |
Noname is a possible alias for Lockbit. NoName, also known as CosmicBeetle, is a pro-Russia threat actor group that has been active since at least 2020. The group is notorious for exploiting years-old vulnerabilities in systems, particularly those of small and medium-sized businesses, which have often left these flaws unpatched. They have | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Conti Malware is associated with Lockbit. Conti is a type of malware, specifically ransomware, that was designed to infiltrate computer systems, disrupt operations, and potentially hold data hostage for ransom. It has been linked to various ransomware groups such as Quantum, MountLocker, and the notorious Conti ransomware gang. The software | is related to | 16 |
The Clop Malware is associated with Lockbit. Clop, a malicious software (malware), is linked to a Russian-speaking cybercriminal group also known as Cl0p. It is designed to exploit and damage computer systems by stealing personal information, disrupting operations, or holding data hostage for ransom. In May 2023, the Clop group began exploitin | is related to | 16 |
The Lockbit Black Malware is associated with Lockbit. LockBit Black, also known as LockBit 3.0, is a malicious software that emerged in early 2022 following the release of its predecessor, LockBit 2.0 (or LockBit Red) in mid-2021. The malware has been developed to exploit and damage computer systems by encrypting files, often leading to ransom demands | is related to | 12 |
The REvil Malware is associated with Lockbit. REvil, also known as Sodinokibi, is a malicious software (malware) that operates on a Ransomware as a Service (RaaS) model. This model became increasingly popular in 2020, with first-stage malware like Dridex and Gootkit being linked to ransomware attacks such as BitPaymer and REvil respectively. Th | Unspecified | 9 |
The Lockbit Green Malware is associated with Lockbit. LockBit, also known as Gold Mystic and Water Selkie, is a notorious ransomware group that has been active since its inception in September 2019. It has developed several variants of its malware over the years, including LockBit 1.0, LockBit 2.0, LockBit 3.0, and most recently, LockBit Green. The gro | is related to | 9 |
The Rorschach Malware is associated with Lockbit. Rorschach, also known as BabLock, is a malware variant that has been recognized for its speed and sophistication. It is a form of ransomware that encrypts files on infected systems at an unprecedented rate, with Check Point researchers noting it as one of the fastest ransomware variants ever observe | Unspecified | 6 |
The Black Basta Malware is associated with Lockbit. Black Basta is a notorious malware group known for its sophisticated ransomware attacks, which have targeted numerous high-profile entities. The group has demonstrated a remarkable ability to adapt their tactics, techniques, and procedures (TTPs), allowing them to effectively evade security defenses | Unspecified | 6 |
The 3am Malware is associated with Lockbit. 3AM is a new ransomware family that emerged in the cyber threat landscape, as discovered by Symantec's Threat Hunter Team in September 2023. This malicious software, written in Rust, is designed to exploit and damage computer systems, often infiltrating them without the user's knowledge through susp | is related to | 5 |
The Lockbit Red Malware is associated with Lockbit. LockBit, a notorious ransomware, underwent a significant upgrade to LockBit 2.0 (also known as LockBit Red) in mid-2021. This malware version, designed to exploit and damage computer systems, was often propagated through suspicious downloads, emails, or websites. Once infiltrated, it could steal per | Unspecified | 5 |
The Royal Ransomware Malware is associated with Lockbit. The Royal Ransomware, a harmful malware program designed to exploit and damage computer systems, operated from September 2022 through June 2023. It employed multi-threaded encryption to disrupt operations and hold data hostage for ransom. The ransomware was primarily disseminated through suspicious | Unspecified | 5 |
The NoEscape Malware is associated with Lockbit. NoEscape is a malicious software, or malware, known for its ransomware capabilities. It infiltrates systems often undetected via suspicious downloads, emails, or websites, causing significant harm by stealing personal data, disrupting operations, and holding data hostage for ransom. In October 2023, | Unspecified | 4 |
The Rorschach Ransomware Malware is associated with Lockbit. The Rorschach ransomware, also known as BabLock, is a new and unique strain of malware that was first identified by Check Point Research (CPR) and the Check Point Incident Response Team (CPIRT) in April 2023. The ransomware, which was named after the famous psychological test due to its varied appea | Unspecified | 4 |
The Ryuk Malware is associated with Lockbit. Ryuk is a type of malware known as ransomware, which has been utilized by the threat group ITG23 for several years. This group has been notorious for crypting their malware, with crypters seen in use with other malware such as Trickbot, Emotet, Cobalt Strike, and Ryuk. In 2019, most ransomware inves | Unspecified | 4 |
The Cactus Malware is associated with Lockbit. Cactus is a type of malware, specifically ransomware, known for its malicious activities including data theft and system disruption. This malware has been linked to several high-profile attacks, spreading primarily through malvertising campaigns that leverage the DanaBot Trojan. Notably, the Cactus | Unspecified | 4 |
The HELLOKITTY Malware is associated with Lockbit. HelloKitty is a malicious software (malware) that has been designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold dat | Unspecified | 3 |
The Locker Ransomware Malware is associated with Lockbit. Locker ransomware, a type of malware, poses significant risks to computer systems and data. Unlike crypto-ransomware which encrypts user data, locker ransomware locks users out of their devices entirely, demanding a ransom payment to restore access without any data encryption. This threat has evolve | Unspecified | 3 |
The malware Conti, Lockbit is associated with Lockbit. | Unspecified | 3 |
The QakBot Malware is associated with Lockbit. Qakbot is a malicious software (malware) designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user, with the potential to steal personal information, disrupt operations, or hold data for ransom. Built by d | Unspecified | 3 |
The National Hazard Agency Malware is associated with Lockbit. The National Hazard Agency is a newly identified malware group reportedly led by a man in his 20s from Ukraine. This malicious software, or malware, is designed to infiltrate and damage computer systems, often without the user's knowledge. The group uses suspicious downloads, emails, or websites to | Unspecified | 3 |
The Bablock Malware is associated with Lockbit. BabLock, also known as Rorschach, is a type of malware that operates as ransomware. First identified by Check Point Research in April 2023, this harmful software infiltrates computer systems and devices, often without the user's knowledge, with the aim to exploit, damage, and potentially hold data h | is related to | 3 |
The Raspberry Robin Malware is associated with Lockbit. Raspberry Robin is a sophisticated malware that uses advanced techniques to infiltrate and exploit computer systems. The malicious software is designed to stealthily enter a system through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can wreak havoc by st | Unspecified | 3 |
The Ragnar Locker Malware is associated with Lockbit. Ragnar Locker is a type of malware, specifically ransomware, known for its destructive impact on computer systems. It infiltrates systems primarily through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or hold data hostage for rans | Unspecified | 3 |
The Karakurt Malware is associated with Lockbit. Karakurt is a malicious software (malware) that has been linked to significant data extortion activities. The malware is affiliated with the notorious Conti cybercrime syndicate and ITG23, which are known for their disruptive operations, including data theft and ransom demands. In 2023, there was a | Unspecified | 3 |
The Rhysida Ransomware Malware is associated with Lockbit. The Rhysida ransomware, a malicious software known for exploiting and damaging computer systems, has been actively disrupting cybersecurity since May 2023. This malware infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal pe | Unspecified | 3 |
The Lockbit V3 Malware is associated with Lockbit. LockBit v3, also known as LockBit Black, is a potent malware that was initially detected in June 2022. This malicious software is designed to exploit and damage computer systems by encrypting files rapidly, often without the user's knowledge. It infiltrates systems through suspicious downloads, emai | is related to | 3 |
The Ghost Malware is associated with Lockbit. "Ghost" refers to a type of malware that was distributed through a network of GitHub accounts, known as the Stargazers Ghost Network. This malicious software was identified by Check Point Research and was spread via phishing repositories. The malware was designed to exploit and damage computer syste | is related to | 3 |
The Conti Encryptor Malware is associated with Lockbit. Conti Encryptor is a type of malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once it has gained access, Conti Encryptor can cause s | Unspecified | 3 |
The Phobos Malware is associated with Lockbit. Phobos is a type of malware, specifically ransomware, that has been causing significant cybersecurity concerns. Ransomware is a malicious software that infects systems, often without the user's knowledge, via suspicious downloads, emails, or websites. Once inside, it can disrupt operations and hold | Unspecified | 3 |
The Pegasus Malware is associated with Lockbit. Pegasus is a sophisticated malware developed by the Israeli company, NSO Group. It is a zero-click espionage tool that can be deployed without user interaction, making it highly effective and intrusive. The spyware was used to target various individuals, including Russian journalist Galina Timchenko | Unspecified | 2 |
The Darkrace Malware is associated with Lockbit. DarkRace, a variant of malware known as ransomware, first appeared in mid-2023 and was identified as a significant threat by cybersecurity firm Cyble. The malware employs a strategy of double extortion, not only encrypting the victim's files and demanding a ransom for their decryption, but also thre | Unspecified | 2 |
The Gazprom Malware is associated with Lockbit. Gazprom, named after the Russian gas giant, is a malicious software (malware) that has been causing significant disruption in the digital world. The malware uses leaked Conti source code and is often mistaken for LockBit crypto-locker due to its similar operational style. This confusion is further c | Unspecified | 2 |
The Werewolves Malware is associated with Lockbit. The Werewolves group, a new entrant into the malware scene, has been identified as a significant threat due to its use of LockBit3 ransomware and leaked Conti source code. The group, which was first reported by Russian cybersecurity firm F.A.C.C.T. in November 2023, began its operations in June 2023 | Unspecified | 2 |
The Trigona Malware is associated with Lockbit. Trigona was a significant strain of ransomware that emerged in 2022, known for its harmful effects on computer systems. The malware infiltrated systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it could steal personal information, disrupt ope | Unspecified | 2 |
The TrickBot Malware is associated with Lockbit. TrickBot is a notorious malware developed by cybercriminals to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. This malicious software can steal personal information, disrupt operations, or even hold data hostage for ransom. Vladimir Dunaev, | Unspecified | 2 |
The Threeam Malware is associated with Lockbit. ThreeAM, a developing ransomware group, was first tracked by GRIT in September 2023. The threat actor responsible initially attempted to deploy the LockBit ransomware encryptor but resorted to using ThreeAM ransomware after the former failed. This shift in strategy came in light of recent law enforc | Unspecified | 2 |
The Xworm Malware is associated with Lockbit. XWorm is a sophisticated piece of malware designed to infiltrate and exploit computer systems, often without the user's knowledge. It can be delivered through various means such as suspicious downloads, emails, or websites, and once inside a system, it can steal personal information, disrupt operati | Unspecified | 2 |
The WastedLocker Malware is associated with Lockbit. WastedLocker is a sophisticated malware developed by the Evil Corp Group, a notorious cybercriminal organization. This malware is a form of ransomware that targets both Windows and Android devices, encrypting users' data and demanding a ransom for its release. Originating in 2020, WastedLocker utili | Unspecified | 2 |
The Redline Malware is associated with Lockbit. RedLine is a type of malware, a malicious software designed to exploit and damage computer systems. It often infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. RedLine has been favored by threat actor | Unspecified | 2 |
The Monti Malware is associated with Lockbit. Monti is a malicious software, or malware, specifically a member of the Linux ransomware family. Ransomware is designed to infiltrate computer systems, often without the user's knowledge, through suspect downloads, emails, or websites. Once inside, it can cause significant damage by stealing persona | Unspecified | 2 |
The Mallox Malware is associated with Lockbit. Mallox is a potent malware that has been causing significant disruption in the digital world. This ransomware, primarily infiltrating networks via SQL servers, has shown its ability to adapt and evolve over time. PCrisk has identified new variants of Mallox that append extensions such as .ma1x0, .co | Unspecified | 2 |
The Snatch Malware is associated with Lockbit. Snatch is a type of malware, specifically a ransomware, that poses significant threats to digital security. This malicious software infiltrates systems typically via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Snatch can cause extensive damage, inc | Unspecified | 2 |
The Emotet Malware is associated with Lockbit. Emotet is a notorious malware, short for malicious software, that is designed to exploit and damage computers or devices. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user, with the potential to steal personal information, disrupt operations, | Unspecified | 2 |
The Maze Malware is associated with Lockbit. Maze is a form of malicious software, or malware, that pioneered a novel double-extortion tactic in the cyber threat landscape. Its modus operandi involves stealing victims' files before encrypting them, thereby enabling the threat actors to threaten both the disruption of operations and the release | Unspecified | 2 |
The MedusaLocker Malware is associated with Lockbit. MedusaLocker is a potent malware, first observed in 2019, that primarily targets the healthcare sector. It operates as a Ransomware-as-a-Service (RaaS), often using the double extortion method for monetary gain. This ransomware has been particularly effective during periods of disorder and confusion | Unspecified | 2 |
The Raccoon Stealer Malware is associated with Lockbit. Raccoon Stealer, a malware-as-a-service (MaaS) operation, emerged in 2019, designed by Russian-speaking developers to steal victims' sensitive data such as credit card information, email credentials, and cryptocurrency wallets. The malware was initially promoted exclusively on Russian-speaking hacki | Unspecified | 2 |
The Blacksuit Malware is associated with Lockbit. BlackSuit is a malicious software (malware) that has been causing significant harm in the digital world. It infiltrates systems through dubious downloads, emails, or websites, and once inside, it can steal personal data, disrupt operations, or hold data hostage for ransom. BlackSuit malware, which i | Unspecified | 2 |
The Aukill Malware is associated with Lockbit. AuKill, a malicious software (malware) developed by the notorious cybercrime collective FIN7, has been identified as a significant threat to endpoint security. The malware was designed to exploit a vulnerable version of a driver for Microsoft's Process Explorer utility, thereby disabling endpoint pr | Unspecified | 2 |
The AsyncRAT Malware is associated with Lockbit. AsyncRAT is a malicious software (malware) that infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for ransom. It has recently risen to prominence, ra | Unspecified | 2 |
The malware Hive Raas is associated with Lockbit. | Unspecified | 2 |
The Lockbit v3.0 Malware is associated with Lockbit. LockBit v3.0 is a malicious software variant, known for its capability to encrypt up to 25,000 files per minute. This potent ransomware was first encountered almost a year ago, and despite not being the fastest of its kind, it poses a significant threat due to the average time required to detect and | is related to | 2 |
The cryptolocker Malware is associated with Lockbit. CryptoLocker is a type of malware known as ransomware that emerged as a significant cybersecurity threat. This malicious software infects systems through suspicious downloads, emails, or websites and then encrypts the user's documents, demanding a ransom for their recovery. It has been described as | Unspecified | 2 |
The Raccoon Malware is associated with Lockbit. Raccoon is a malicious software (malware) developed by Russian-speaking coders, first spotted in April 2019. It was designed to steal sensitive data such as credit card information, email credentials, cryptocurrency wallets, and more from its victims. The malware is offered as a service (MaaS) for $ | Unspecified | 2 |
The Lockbit v.3 Malware is associated with Lockbit. LockBit v.3 is a type of malware, specifically ransomware, that poses significant threats to computer systems and devices. It infiltrates systems through dubious downloads, emails, or websites, often without the user's awareness. Once inside, it can steal personal information, disrupt operations, or | is related to | 2 |
The WannaCry Malware is associated with Lockbit. WannaCry is a type of malware, specifically ransomware, that made headlines in 2017 as one of the most devastating cyberattacks in recent history. The WannaCry ransomware exploited vulnerabilities in Windows' Server Message Block protocol (SMBv1), specifically CVE-2017-0144, CVE-2017-0145, and CVE-2 | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Alphv Threat Actor is associated with Lockbit. Alphv, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. Originating from Russia, this cybercriminal group has been involved in multiple high-profile ransomware attacks, specifically targeting healthcare providers. They gained significant attention after stealing 5TB | is related to | 19 |
The LockBitSupp Threat Actor is associated with Lockbit. LockBitSupp, a prominent threat actor, has been identified as Russian national Dmitry Yuryevich Khoroshev. The group's activities have been under scrutiny due to its involvement in ransomware attacks and other cybercrimes. Khoroshev, who was operating under the aliases "LockBit" and "LockBitSupp," i | is related to | 11 |
The Blackmatter Threat Actor is associated with Lockbit. BlackMatter, a threat actor in the cybersecurity realm, is known for its malicious activities and has been linked to several ransomware strains. The group emerged as a successor to the DarkSide ransomware, which was responsible for the high-profile attack on the Colonial Pipeline in May 2021. Howeve | is related to | 9 |
The Bassterlord Threat Actor is associated with Lockbit. Bassterlord, a known threat actor and affiliate of the LockBit group, has been associated with multiple malicious cyber activities since August 2021. Operating under the alias "Bassterlord," Ivan Kondratyev allegedly deployed LockBit ransomware against private and municipal entities in New York, Ore | is related to | 8 |
The Evil Corp Threat Actor is associated with Lockbit. Evil Corp, a threat actor based in Russia, has been identified as a significant cybersecurity threat due to its involvement in various malicious activities, including the deployment of Dridex malware. The group is led by Maksim Yakubets and has been sanctioned by the Treasury Department for its cybe | is related to | 7 |
The Vasiliev Threat Actor is associated with Lockbit. Mikhail Vasiliev, a dual Russian-Canadian national known by various online aliases such as "Ghostrider," was a key threat actor involved in the global LockBit ransomware campaign. Alongside fellow members like Ruslan Magomedovich Astamirov, and others including Sungatov, Kondratyev, and Mikhail Pavl | Unspecified | 7 |
The Ransomhub Threat Actor is associated with Lockbit. RansomHub, a threat actor in the realm of cybersecurity, has emerged as a significant player within the ransomware landscape. The group is known for its malicious activities, including data breaches and extortion attempts. It has been observed that RansomHub affiliates actively participate in campai | Unspecified | 6 |
The Medusa Threat Actor is associated with Lockbit. Medusa, a threat actor group known for its malicious activities, has been increasingly involved in multiple high-profile cyber attacks. In November 2023, Medusa and other groups like LockBit and ALPHV (BlackCat) exploited a zero-day vulnerability, the Citrix Bleed (CVE-2023-4966), leading to numerou | Unspecified | 6 |
The DarkSide Threat Actor is associated with Lockbit. DarkSide is a threat actor known for its malicious activities, primarily in the realm of ransomware attacks. One of their most notable exploits occurred on May 7, 2021, when they targeted Colonial Pipeline Co., a major player in the U.S. energy sector. The attack disrupted the gasoline supply across | Unspecified | 6 |
The Artur Sungatov Threat Actor is associated with Lockbit. In February 2024, the U.S. Justice Department unsealed an indictment in the District of New Jersey against Russian nationals Artur Sungatov and Ivan Kondratyev, also known as Bassterlord, for their involvement with the LockBit ransomware group. This notorious cybercriminal organization has been acti | is related to | 6 |
The Wazawaka Threat Actor is associated with Lockbit. Wazawaka, identified by the FBI as Mikhail Matveev, is a significant threat actor in the cybercrime landscape. Known for his affiliations with multiple ransomware groups, including LockBit, throughout 2020 and 2021, he became a central figure in the Babuk ransomware-as-a-service gang. Matveev's oper | Unspecified | 6 |
The Bl00dy Threat Actor is associated with Lockbit. Bl00dy is a threat actor known for its malicious activities in the cyber world. The group, along with another threat actor called Black Basta, have recently been identified as exploiting bugs in ConnectWise ScreenConnect, a popular remote management tool. This exploitation has led to a significant i | Unspecified | 5 |
The Hive Ransomware Threat Actor is associated with Lockbit. Hive ransomware, a prominent threat actor active in 2022, was known for its widespread malicious activities in numerous countries, including the US. The group's modus operandi involved the use of SharpRhino, which upon execution, established persistence and provided remote access to the attackers, e | Unspecified | 5 |
The Mikhail Matveev Threat Actor is associated with Lockbit. Mikhail Matveev, also known by the aliases Wazawaka, m1x, Boriselcin, and Uhodiransomwar, is a prominent threat actor associated with significant cybercrime activities. His involvement in the cybercrime world was traced back to 2020 and 2021 when he was identified as an affiliate of LockBit, a notor | Unspecified | 5 |
The Rhysida Threat Actor is associated with Lockbit. Rhysida is a globally active threat actor known for its ransomware operations, which have impacted a wide range of sectors, particularly the government and public sector. Their use of CleanUpLoader makes their operations highly effective and difficult to detect, as it not only facilitates persistenc | Unspecified | 4 |
The Mikhail Pavlovich Matveev Threat Actor is associated with Lockbit. Mikhail Pavlovich Matveev, a Russian national also known by online monikers Wazawaka, m1x, Boriselcin, and Uhodiransomwar, has been identified as a major threat actor in the world of cybersecurity. Matveev is among five Russians charged in connection with Lockbit, a group widely recognized as one of | Unspecified | 4 |
The Qilin Threat Actor is associated with Lockbit. Qilin, a threat actor known for its malicious activities in the cyberspace, has been on the rise with an increase in victim count by 44% reaching 140 in Q3. This group is part of the Octo Tempest group which recently added RansomHub and Qilin ransomware to its arsenal, enhancing its capabilities to | Unspecified | 4 |
The Dmitry Yuryevich Khoroshev Threat Actor is associated with Lockbit. Dmitry Yuryevich Khoroshev, a Russian national from Voronezh, has been identified as a significant threat actor in the cybersecurity landscape. Known by his alias "LockBitSupp," Khoroshev is allegedly the creator, developer, and administrator of LockBit, a notorious ransomware group. His real identi | Unspecified | 4 |
The Vice Society Threat Actor is associated with Lockbit. Vice Society, a threat actor or hacking team with malicious intent, has been active since 2022 and has made significant waves in the cybersecurity world. The group is known for deploying various forms of ransomware, including BlackCat, Quantum Locker, Zeppelin, and their own branded variant of Zeppe | Unspecified | 4 |
The Ivan Kondratyev Threat Actor is associated with Lockbit. Ivan Kondratyev, also known as Bassterlord, is a recognized threat actor associated with the notorious LockBit ransomware group. The Russian national has been linked to malicious cyber activities targeting numerous businesses and industries across the United States and globally. Operating alongside | is related to | 4 |
The Uhodiransomwar Threat Actor is associated with Lockbit. Uhodiransomwar, also known as Mikhail Pavlovich Matveev, Wazawaka, m1x, and Boriselcin, is a significant threat actor in the cybersecurity landscape. A Russian national aged 30, Matveev has been implicated in a series of malicious cyber activities since at least 2020. He is alleged to have participa | Unspecified | 4 |
The Lapsus Threat Actor is associated with Lockbit. Lapsus is a significant threat actor that has been active since its inception in early 2022. The group gained notoriety for its cyberattacks, including a high-profile breach of Nvidia, an American multinational technology company, in the same year. This attack led to the leak of thousands of passwor | Unspecified | 3 |
The Bianlian Threat Actor is associated with Lockbit. BianLian is a threat actor group known for its malicious activities, primarily involving ransomware attacks. The group has been particularly active in 2024, exploiting bugs in JetBrains TeamCity software to launch its attacks. This method of attack has caused significant disruptions and data breache | Unspecified | 3 |
The Sodinokibi Threat Actor is associated with Lockbit. Sodinokibi, also known as REvil, is a highly active and impactful threat actor first identified in April 2019. Operating as a ransomware-as-a-service (RaaS), this group has been responsible for a significant proportion of global ransomware incidents. In 2020, Sodinokibi ransomware attacks accounted | Unspecified | 3 |
The Boriselcin Threat Actor is associated with Lockbit. Mikhail Pavlovich Matveev, also known as Boriselcin, is a threat actor that has been implicated in significant cybercrime activities. Beginning at least as early as 2020, Matveev has been allegedly involved in deploying three ransomware variants: LockBit, Babuk, and Hive. These attacks targeted vari | Unspecified | 3 |
The Blackbyte Threat Actor is associated with Lockbit. BlackByte, a threat actor believed to be an offshoot of the notorious Conti group, has been observed by cybersecurity experts exploiting a recently disclosed VMware ESXi vulnerability (CVE-2024-37085) to gain control over virtual machines and escalate privileges within compromised environments. This | Unspecified | 3 |
The Ghostrider Threat Actor is associated with Lockbit. Ghostrider, also known as a threat actor, is an online alias used by Vasiliev, who has been associated with multiple cyberattacks between 2021 and 2023. Other aliases utilized by Vasiliev include "Free," "Digitalocean90," "Digitalocean99," "Digitalwaters99," and "Newwave110." The primary tool of dis | Unspecified | 2 |
The threatActor Newwave110 is associated with Lockbit. | Unspecified | 2 |
The Gandcrab Threat Actor is associated with Lockbit. GandCrab, a threat actor, is known for its malicious activities involving ransomware attacks. Originating from Russian origins and evolving from Team Truniger, a former GandCrab affiliate, the group has been linked to numerous ransomware variants including Bad Rabbit, LockBit 2.0, STOP/DJVU, and REv | Unspecified | 2 |
The Black Cat Threat Actor is associated with Lockbit. Black Cat, also known as AlphV, is a threat actor recognized for its malicious cyber activities. The group has been responsible for several high-profile attacks, including one on Change Healthcare, a subsidiary of Optum and UnitedHealth Group (UHG), in late February. Following the attack, Black Cat | Unspecified | 2 |
The 8base Threat Actor is associated with Lockbit. 8base, a significant threat actor in the cybersecurity landscape, has been active between April 2022 and May 2023. This group, while not new, has recently increased its visibility with the activation of a public leak site used to pressure victims into paying ransoms. In the last month alone, 8base o | Unspecified | 2 |
The Gold Blazer Threat Actor is associated with Lockbit. GOLD BLAZER is a threat actor identified as the operator of the BlackCat/ALPV ransomware. This group, along with others such as GOLD MYSTIC (LockBit) and GOLD TAHOE (Cl0p), continues to dominate the ransomware landscape. While these established groups maintain their stronghold, new threat actors are | Unspecified | 2 |
The RansomedVC Threat Actor is associated with Lockbit. RansomedVC, a new threat actor in the cybersecurity landscape, has emerged as a significant concern due to its unorthodox approaches and deceptive tactics. This group is suspected to be an enterprise of a single individual threat actor, who has previously been associated with other cybercrime operat | Unspecified | 2 |
The FIN7 Threat Actor is associated with Lockbit. FIN7, also known as Carbanak, Carbon Spider, Cobalt Group, and Navigator Group, is a notorious cybercrime group that has been active since 2012. The group is recognized for its advanced combination of malware and social engineering tactics, having executed numerous successful attacks against global | Unspecified | 2 |
The Hunters International Threat Actor is associated with Lockbit. Hunters International, an active threat actor group since October of the previous year, has been identified as a significant cybersecurity concern. The group has taken over and rebranded the Hive ransomware, despite their disputes about this association. This development followed the disbandment of | Unspecified | 2 |
The Cosmicbeetle Threat Actor is associated with Lockbit. CosmicBeetle, also known as NoName, is a threat actor that has been active since 2020. ESET researchers have recently published an in-depth analysis of this cybercrime group's activities. Despite the crude and clumsy nature of its operations, CosmicBeetle has managed to compromise various targets wo | Unspecified | 2 |
The M1x Threat Actor is associated with Lockbit. M1x, also known as Wazawaka, Boriselcin, and Uhodiransomwar, is a threat actor identified as Mikhail Pavlovich Matveev. This individual has been allegedly involved in malicious cyber activities since at least 2020. Matveev's primary mode of operation involves the deployment of ransomware, specifical | Unspecified | 2 |
The Kimsuky Threat Actor is associated with Lockbit. Kimsuky, also known as APT43, Springtail, ARCHIPELAGO, Black Banshee, Thallium, and Velvet Chollima, is a North Korea-linked threat actor first spotted in 2013 by Kaspersky researchers. This group has been involved in various cyberespionage activities, primarily targeting government entities and def | Unspecified | 2 |
The Colonel Cassad Threat Actor is associated with Lockbit. Colonel Cassad, a self-proclaimed military journalist based in Sevastopol, Russia, has been identified as a potential threat actor in the cybersecurity landscape. The individual is known for soliciting donations for Russian militia group operations in the sanctioned jurisdictions of Donetsk and Luha | Unspecified | 2 |
The Akira Ransomware Gang Threat Actor is associated with Lockbit. The Akira ransomware gang, a malicious threat actor in the cybersecurity landscape, has been actively involved in several high-profile cyber attacks. They use sophisticated techniques to infiltrate systems and steal sensitive data, posing significant threats to both private companies and government | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Citrix Bleed Vulnerability is associated with Lockbit. Citrix Bleed (CVE-2023-4966) is a severe software vulnerability, with a CVSS score of 9.4, identified in Citrix Netscaler Gateway and Netscaler ADC products. This flaw allows unauthorized disclosure of sensitive information, enabling attackers to gain remote access to organizations that rely on Citr | Targets | 9 |
The CVE-2023-4966 Vulnerability is associated with Lockbit. CVE-2023-4966, also known as Citrix Bleed, is a significant software vulnerability discovered in the Citrix NetScaler ADC and Gateway products. The flaw, characterized as a sensitive information disclosure vulnerability, poses a serious threat due to its high CVSS score of 9.4. This vulnerability wa | Unspecified | 6 |
The CVE-2023-3824 Vulnerability is associated with Lockbit. CVE-2023-3824 is a critical vulnerability that resides in the PHP software. This flaw in software design or implementation was exposed and exploited, leading to significant cybersecurity implications. This vulnerability became notably prominent following its exploitation during the resurgence of the | Unspecified | 5 |
The CVE-2023-20269 Vulnerability is associated with Lockbit. CVE-2023-20269 is a zero-day vulnerability found in Cisco's Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. This flaw in software design or implementation has been actively exploited by ransomware groups to gain initial access to corporate networks. The exploitation of | Unspecified | 5 |
The vulnerability Lockbit's Ghost is associated with Lockbit. | Unspecified | 2 |
The CVE-2023-27350 Vulnerability is associated with Lockbit. CVE-2023-27350 represents a significant software vulnerability in PaperCut MF/NG, identified as an improper access control flaw. This weakness allows attackers to bypass authentication processes, providing them with the ability to execute code with system privileges. The vulnerability was first upda | Unspecified | 2 |
The vulnerability CVE-2023-27351 is associated with Lockbit. | Unspecified | 2 |
The CVE-2024-1708 Vulnerability is associated with Lockbit. CVE-2024-1708 is a high-severity path traversal vulnerability that was discovered in ConnectWise's ScreenConnect software. This flaw, which affects versions 23.9.7 and earlier, allows a remote privileged user to read arbitrary files on the system using a specially crafted HTTP request. ConnectWise d | Unspecified | 2 |
The CVE-2024-1709 Vulnerability is associated with Lockbit. CVE-2024-1709 is a critical vulnerability in the ConnectWise ScreenConnect software that allows for an authentication bypass. This flaw can enable a remote non-authenticated attacker to bypass the system's authentication process and gain full access. The issue was identified by Sophos Rapid Response | Unspecified | 2 |
Preview | Source Link | CreatedAt | Title |
---|---|---|---|
CERT-EU | 8 months ago | ||
InfoSecurity-magazine | 6 days ago | ||
DARKReading | 6 days ago | ||
DARKReading | 6 days ago | ||
CISA | 6 days ago | ||
BankInfoSecurity | 16 days ago | ||
Checkpoint | 17 days ago | ||
BankInfoSecurity | 17 days ago | ||
BankInfoSecurity | 19 days ago | ||
ESET | 23 days ago | ||
ESET | 23 days ago | ||
Securityaffairs | 23 days ago | ||
BankInfoSecurity | a month ago | ||
DARKReading | a month ago | ||
InfoSecurity-magazine | a month ago | ||
Trend Micro | a month ago | ||
BankInfoSecurity | a month ago | ||
Securelist | a month ago | ||
BankInfoSecurity | a month ago | ||
InfoSecurity-magazine | a month ago |