| ID | Votes | Profile Description |
|---|---|---|
| Meterpreter Stager | 3 | The Meterpreter stager is a type of malware, which is malicious software designed to infiltrate and exploit computer systems. It can enter your system through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it has the potential to steal personal information, di |
| Tinymet | 2 | TinyMet is a type of malware, specifically a tiny, flexible Meterpreter stager, that can infiltrate systems and cause significant damage. It has been used by threat actors like GOLD TAHOE to retrieve the TinyMet Meterpreter stager in Clop ransomware incidents. This harmful program can infect your sy |
| wkhpd.exe | 2 | wkhpd.exe is a malicious software (malware) that was created and used by Advanced Persistent Threat (APT) actors. This malware is a variant of Metasploit's Meterpreter, which was specifically designed to exploit the ServiceDesk system. The creation and use of this malware were first identified on Fe |
| Godzilla | 1 | Godzilla is a potent malware that allows attackers to remotely control compromised servers, execute arbitrary commands, upload and download files, manipulate databases, and perform other malicious activities. The malware was linked to a group known as Ethereal Panda by CrowdStrike due to their simil |
| DarkComet | 1 | DarkComet is a Remote Access Trojan (RAT) that opens a backdoor on infected computers, allowing unauthorized access and data theft. This malware has been classified among the top five Command and Control (C2) families, indicating its widespread usage by cybercriminals. DarkComet, along with other es |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| PlugX | Unspecified | 2 | PlugX is a notorious malware, typically associated with Chinese threat actors, that has been used in various cyberattacks. This malicious software infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. It |
| Clop | Unspecified | 2 | Clop is a notorious malware, short for malicious software, known for its disruptive and damaging effects on computer systems. It primarily infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Clop can steal personal information, disrupt o |
| Cobalt Strike Beacon | Unspecified | 2 | Cobalt Strike Beacon is a type of malware known for its harmful capabilities, including stealing personal information, disrupting operations, and potentially holding data hostage for ransom. The malware has been loaded by HUI Loader through various files such as mpc.tmp, dlp.ini, vmtools.ini, and an |
| Bumblebee | Unspecified | 2 | Bumblebee is a type of malware that has been linked to ITG23, a cybercriminal group known for its use of crypters such as Emotet, IcedID, Qakbot, Bumblebee, and Gozi. Distributed via phishing campaigns or compromised websites, Bumblebee enables the delivery and execution of further payloads. The sam |
| Romcom Rat | Unspecified | 1 | RomCom RAT, a type of malware, has been linked to Cuba ransomware and Industrial Spy ransomware actors since spring 2022. These malicious actors have been observed deploying the RomCom RAT and Meterpreter Reverse Shell HTTP/HTTPS proxy via a Command and Control (C2) server before initiating their ra |
| IcedID | Unspecified | 1 | IcedID is a malicious software (malware) designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom |
| Poison Ivy | Unspecified | 1 | Poison Ivy is a type of malware, or malicious software, designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold d |
| bitmap.exe | Unspecified | 1 | Bitmap.exe is a malicious software, or malware, that was downloaded onto the ServiceDesk system. This harmful program is designed to exploit and damage computer systems by executing an obfuscated, embedded malicious payload from its Command and Control (C2) server. Malware such as bitmap.exe can inf |
| AsyncRAT | Unspecified | 1 | AsyncRAT is a malicious software (malware) designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Once the executable loads http_dll.dll, the DL |
| Sbz | Unspecified | 1 | SBZ is a potent piece of malware, characterized as a file stealer with the SHA-256 hash 80721e6b2d6168cf17b41d2f1ab0f1e6e3bf4db585754109f3b7ff9931ae9e5b. The discovery of this malware was facilitated by its similarity to the signatures associated with the Equation malware family. Its coding style an |
| wsus.exe | Unspecified | 1 | None |
| Matanbuchus | Unspecified | 1 | Matanbuchus is a malicious software (malware) that has been actively used in various cyberattacks since July 16, 2022. Initially identified as part of a malspam campaign by Unit 42 in February 2023, it was believed to be a possible drop from the PikaBot malware. However, subsequent analysis revealed |
| Mosquito | Unspecified | 1 | The "Mosquito" malware is a harmful software designed to exploit and damage computer systems or devices. It operates covertly, infiltrating systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it has the capability to steal personal information, disr |
| KOPILUWAK | Unspecified | 1 | KopiLuwak is a JavaScript-based malware used for command and control (C2) communications and victim profiling. It was initially dropped by Pensive Ursa using an MSIL dropper in a G20-themed attack in 2017, and later as a self-extracting archive (SFX) executable in late 2022. Upon execution, the SFX |
| Tomiris | Unspecified | 1 | Tomiris is a malicious software (malware) group that has been active since before 2019. Known for its use of the QUIETCANARY backdoor, Tomiris has expanded its capabilities and influence within the region, targeting government entities and other high-value targets. The group has shown a particular i |
| RomCom | Unspecified | 1 | RomCom is a type of malware, specifically a Remote Access Trojan (RAT), that has been linked to several cyber-attacks across Europe and North America. It was first identified in spring 2022, when third-party and open-source reports highlighted a potential connection between Cuba ransomware actors, R |
| Telemiris | Unspecified | 1 | Telemiris is a malware identified as a Python backdoor that uses Telegram as a command-and-control (C2) channel. It was originally packed with PyInstaller, but later instances of Nuitka-packaged samples were also identified. Telemiris is primarily used as a first-stage implant by operators to deploy |
| xCaon | Unspecified | 1 | xCaon is a malicious software, or malware, that has been used in cyber-espionage operations for several years, particularly by the Chinese-speaking APT actor "IndigoZebra." The earliest identified samples date back to 2014. This malware family has targeted governmental agencies in Central Asia and f |
| gh0st RAT | Unspecified | 1 | Gh0st RAT is a notorious malware that was originally developed by the C. Rufus Security Team in China and has been widely used for cyber espionage since its code leaked in 2008. This malicious software can infiltrate systems through suspicious downloads, emails, or websites, often without the user's |
| Reflective Loader | Unspecified | 1 | A reflective loader is a type of malware that can load a Dynamic Link Library (DLL) into a process, often without the user's knowledge. This technique allows the malware to execute malicious code directly from memory, making it harder for antivirus software to detect and remove it. The loader operat |
| PS1 | Unspecified | 1 | PS1 is a form of malware, similar to a VBS file, designed to exploit and damage computers or devices. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data ho |
| Axiomaticasymptote | Unspecified | 1 | Axiomaticasymptote is a type of malware, a malicious software designed to infiltrate and damage computer systems without the user's knowledge. It typically operates in conjunction with other malware such as Cobalt Strike, Meterpreter, PlugX, Mythic, Metasploit, XtremeRAT, and CROSSWALK. These harmfu |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Shadowsyndicate | Unspecified | 1 | ShadowSyndicate, a threat actor that emerged in 2019, has been implicated in multiple ransomware operations according to cybersecurity firm Group-IB. The group is known for its affiliations with various ransomware groups and programs, and has been involved in several ransomware projects such as JSWO |
| Crosswalk | Unspecified | 1 | Crosswalk, a threat actor in the cybersecurity industry, has been identified as utilizing FakeTLS in its traffic, presenting significant security concerns. This modular backdoor is implemented in shellcode, with the main payload being the Crosswalk backdoor itself. The malicious files associated wit |
| Regeorg | Unspecified | 1 | Regeorg is a threat actor known for its malicious activities in the cyber landscape. Notably, operators of LuckyMouse initiated an attack by dropping the Nbtscan tool in C:\programdata\, followed by installing a variant of the ReGeorg webshell and issuing a GET request using curl. They then tried to |
| Turla | Unspecified | 1 | Turla, also known as Pensive Ursa, is a sophisticated threat actor linked to Russia that has been active for many years. The group is known for its advanced cyber-espionage capabilities and has been associated with numerous high-profile breaches. According to the MITRE ATT&CK and MITRE Ingenuity dat |
| WhiteBear | Unspecified | 1 | WhiteBear is a threat actor that has been associated with the Turla group, also known as Snake, Venomous Bear, Uroburos, and WhiteBear. This association was established through strong links identified between a Crutch dropper from 2016 and Gazer, a second-stage backdoor used by Turla in 2016-2017. W |
| FIN6 | Unspecified | 1 | FIN6, also known as ITG08, Skelaton Spider, and MageCart, is a notorious threat actor that has been implicated in various cybercrime activities. The group gained notoriety for stealing credit cards through point-of-sale (POS) systems in retail and hospitality establishments, most notably in the Home |
| GCMAN | Unspecified | 1 | GCMAN is a threat actor group that was discovered by Kaspersky Lab, as announced at the Security Analyst Summit (SAS 2016). The group has been involved in Advanced Persistent Threat (APT) style bank robberies, similar to two other groups, Metel and Carbanak. GCMAN uses code compiled on the GCC compi |
| FIN7 | Unspecified | 1 | FIN7, a notorious threat actor group known for its malicious activities, has recently been identified as targeting a large U.S. carmaker with phishing attacks. This group, which has previously operated behind fake cybersecurity companies such as Combi Security and Bastion Secure to recruit security |
| IndigoZebra | Unspecified | 1 | IndigoZebra is a threat actor, or Advanced Persistent Threat (APT) group, suspected of originating from China and known for its cyber-espionage operations. The group first gained attention in August 2017 when Kaspersky detailed a covert operation targeting former Soviet Republics, deploying a wide r |
| Alphv | Unspecified | 1 | AlphV, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. This group has been involved in numerous high-profile attacks, including stealing 5TB of data from Morrison Community Hospital and compromising Clarion, a global manufacturer of audio and video equipment for car |
| Cadet Blizzard | Unspecified | 1 | Cadet Blizzard, a threat actor group associated with Russia's GRU military intelligence unit, has been identified by Microsoft as the perpetrator of destructive cyber attacks in Ukraine using wiper malware. The group has been active since at least 2020 and has recently gained some success, according |
| Bronze Starlight | Unspecified | 1 | Bronze Starlight, a Chinese threat actor group, has been linked to various malicious activities in the cybersecurity landscape. The group is known for deploying different types of ransomware payloads, including traditional ransomware schemes such as LockFile and name-and-shame models. Bronze Starlig |
| Blind Eagle | Unspecified | 1 | Blind Eagle, also known as APT-C-36, is a suspected South American Advanced Persistent Threat (APT) group that has been active since April 2018. The group has continuously targeted Colombian government institutions and important corporations in various sectors including finance, petroleum, and profe |
| Waterbug | Unspecified | 1 | Waterbug, also known as Turla, Venomous Bear, and other aliases, is a cyberespionage group closely affiliated with the FSB Russian intelligence agency. This threat actor has been active since at least 2004, targeting government entities, intelligence agencies, educational institutions, research faci |
| ProjectM | Unspecified | 1 | ProjectM, also known as Transparent Tribe, APT36, Copper Fieldstone, and Mythic Leopard, is a threat actor group originating from Pakistan that has been active since 2013. The group has targeted Indian governmental, military, and research organizations, along with their employees, using a variety of |
| APT36 | Unspecified | 1 | APT36, also known as Transparent Tribe and Earth Karkaddan, is a notorious threat actor believed to be based in Pakistan. The group has been involved in cyberespionage activities primarily targeting India, with a focus on government, military, defense, aerospace, and education sectors. Their campaig |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| CVE-2021-40539 | Unspecified | 1 | None |
| CVE-2023-28771 | Unspecified | 1 | CVE-2023-28771 is a software vulnerability, specifically a command injection flaw, in Zyxel ZyWALL firewalls. The vulnerability was detected by FortiGuard Labs in June 2023 when it was being exploited by several Distributed Denial of Service (DDoS) botnets. It's worth noting that this vulnerability |
| CVE-2021-42847 | Unspecified | 1 | None |
| CVE-2023-7024 | Unspecified | 1 | CVE-2023-7024 is a high-severity zero-day vulnerability identified in the open-source WebRTC framework, which is used extensively by various web browsers like Google Chrome, Mozilla Firefox, Safari, and Microsoft Edge to facilitate Real-Time Communications (RTC) capabilities. These capabilities incl |
| CVE-2023-7121 | Unspecified | 1 | None |
| Source | CreatedAt | Title |
|---|---|---|
| Recorded Future | 18 days ago | 2023 Adversary Infrastructure Report | Recorded Future |
| DARKReading | 3 months ago | Expired Redis Service Abused to Use Metasploit Meterpreter Maliciously |
| CERT-EU | 4 months ago | Cybercrime on Main Street – Sophos News | #cybercrime | #infosec | National Cyber Security Consulting |
| CERT-EU | 5 months ago | Cybercrime on Main Street – Sophos News | #cybercrime | #computerhacker - Am I Hacker Proof |
| CERT-EU | 5 months ago | Cyberattack On Russian Election Systems Amid 2024 Elections | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting |
| DARKReading | 6 months ago | Godzilla Web Shell Attacks Stomp on Critical Apache ActiveMQ Flaw |
| CERT-EU | 6 months ago | Hacking Blackpearl. Machine: Blackpearl | by Rahul Ravishankar | Jan, 2024 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting |
| DARKReading | 7 months ago | Who Is Behind Pro-Ukrainian Cyberattacks on Iran? |
| Recorded Future | 7 months ago | 2023 Adversary Infrastructure Report | Recorded Future |
| MITRE | a year ago | FIN7 Revisited: Inside Astra Panel and SQLRat Malware |
| CERT-EU | 7 months ago | Remote Command Injection Vulnerability For Sale On Dark Web |
| Unit42 | 7 months ago | From DarkGate to AsyncRAT: Malware Detected and Shared As Unit 42 Timely Threat Intelligence |
| CERT-EU | 7 months ago | Top 20 Most Popular Hacking Tools in 2023 |
| Flashpoint | a year ago | No title |
| CERT-EU | 8 months ago | MaccaroniC2 - A PoC Command And Control Framework That Utilizes The Powerful AsyncSSH |
| CERT-EU | 10 months ago | Researchers Uncover RaaS Affiliate Distributing Multiple Ransomware Strains |
| CERT-EU | 10 months ago | ShadowSyndicate hackers linked to multiple ransomware ops, 85 servers |
| CERT-EU | 10 months ago | New Report Uncovers 3 Distinct Clusters of China-Nexus Attacks on Southeast Asian Government |
| CERT-EU | 10 months ago | From GitHub Leak to Pwn: A Hacker’s Kill Chain |
| BankInfoSecurity | a year ago | Feds Urge Immediate Patching of Zoho and Fortinet Products |