Alias Description | Votes |
---|---|
Cobaltstrike is a possible alias for Nokoyawa. CobaltStrike is a type of malware, or malicious software, that infiltrates systems to exploit and damage them. It can gain access via suspicious downloads, emails, or websites and then steal personal information, disrupt operations, or hold data for ransom. CobaltStrike has been observed in conjunct | 3 |
Jsworm is a possible alias for Nokoyawa. JSWorm is a type of malware, specifically ransomware, that was active from 2019 to 2021. This malicious software was developed and operated by a threat actor known as 'farnetwork', who has used various aliases including farnetworkl, jingo, jsworm, razvrat, piparkuka, and farnetworkit. Farnetwork gai | 3 |
IcedID is a possible alias for Nokoyawa. IcedID is a prominent malware that has been utilized in various cyber-attacks. It functions as a malicious software designed to infiltrate and damage computer systems, often through suspicious downloads, emails, or websites. Once inside a system, IcedID can steal personal information, disrupt operat | 2 |
Cactus is a possible alias for Nokoyawa. Cactus is a malicious software (malware) known for its destructive capabilities, particularly in the form of ransomware attacks. It primarily infiltrates systems through suspicious downloads, emails, or websites and can cause severe damage by stealing personal information, disrupting operations, or | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Farnetwork Malware is associated with Nokoyawa. Farnetwork, a notorious malware operator identified by cybersecurity researchers from Group-IB, has been active in the cybercrime scene since 2019. Known for deploying five different strains of ransomware, including its proprietary strain Nokoyawa, Farnetwork has collaborated with other cybercrimina | is related to | 5 |
The Droxidat Malware is associated with Nokoyawa. DroxiDat, a new variant of the SystemBC malware, was deployed in a series of attacks on critical infrastructure targets in Africa during the third and fourth weeks of March. The malware, which acts as a system profiler and simple SOCKS5-capable bot, was specifically detected at an electric utility c | is related to | 3 |
The Conti Malware is associated with Nokoyawa. Conti is a notorious type of malware, specifically ransomware, that infiltrates computer systems to steal data and disrupt operations. The malicious software often spreads through suspicious downloads, emails, or websites, and once inside, it can hold data hostage for ransom. The Conti ransomware op | is related to | 3 |
The Hive Malware is associated with Nokoyawa. Hive is a form of malware, specifically ransomware, that infiltrates computer systems to exploit and damage them. It gained notoriety when it was used by the cybercriminal group Volt Typhoon to exfiltrate NTDS.dit and SYSTEM registry hive data, allowing them to crack passwords offline. This malware | is related to | 2 |
The Snatch Malware is associated with Nokoyawa. Snatch is a type of malware, specifically a ransomware, that poses significant threats to digital security. This malicious software infiltrates systems typically via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Snatch can cause extensive damage, inc | is related to | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Alphv Threat Actor is associated with Nokoyawa. AlphV, also known as BlackCat, is a notorious threat actor that has been active since November 2021. This group pioneered the public leaks business model and has been associated with various ransomware families, including Akira, LockBit, Play, and Basta. AlphV gained significant attention for its la | Unspecified | 3 |
The Hive Ransomware Threat Actor is associated with Nokoyawa. Hive ransomware, a prominent threat actor active in 2022, was known for its widespread malicious activities in numerous countries, including the US. The group's modus operandi involved the use of SharpRhino, which upon execution, established persistence and provided remote access to the attackers, e | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The CVE-2023-28252 Vulnerability is associated with Nokoyawa. CVE-2023-28252 is a critical Elevation of Privilege vulnerability, affecting the Windows Common Log File System (CLFS) driver. This flaw was discovered by Kaspersky researchers while investigating zero-day vulnerabilities in Windows aimed at preventing user attacks. The vulnerability presents a sign | has used | 3 |
Preview | Source Link | CreatedAt | Title |
---|---|---|---|
Unit42 | a month ago | ||
BankInfoSecurity | 7 months ago | ||
CERT-EU | a year ago | ||
CERT-EU | 9 months ago | ||
CERT-EU | 10 months ago | ||
CERT-EU | 10 months ago | ||
CERT-EU | 10 months ago | ||
DARKReading | 10 months ago | ||
BankInfoSecurity | 10 months ago | ||
Securelist | 10 months ago | ||
CERT-EU | 10 months ago | ||
Securelist | a year ago | ||
CERT-EU | a year ago | ||
CERT-EU | a year ago | ||
CERT-EU | a year ago | ||
CERT-EU | a year ago | ||
CERT-EU | a year ago | ||
BankInfoSecurity | a year ago | ||
CERT-EU | a year ago | ||
CERT-EU | a year ago |