Phorpiex

Malware Profile Updated 7 days ago
Download STIX
Preview STIX
Phorpiex is a type of malware, or malicious software, designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or hold data hostage for ransom. The Phorpiex botnet has been particularly active in distributing other harmful programs, such as the LockBit Black ransomware, by sending millions of phishing emails. In May 2024, Check Point Research published its Global Threat Index, which highlighted the Phorpiex botnet's activity. According to their report, the botnet was used to distribute the LockBit Black ransomware via a significant malspam campaign involving millions of phishing emails. This marked a considerable surge in the botnet's activity, with the LockBit Black ransomware being one of the most potent threats disseminated through this method. The resurgence of the Phorpiex botnet was first observed by experts at Check Point Research in December 2021. Since then, it has been associated with various campaigns, including those delivering the LockBit Black ransomware payload. The Phorpiex botnet, also known as Trik, has been a persistent threat due to its capability to deliver multiple types of malware, causing widespread disruption and potential data loss.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
IcedID
1
IcedID is a type of malware, or malicious software, designed to exploit and harm computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, IcedID can steal personal information, disrupt operations, or even hold dat
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Botnet
Ransomware
Phishing
Known Exploi...
Apt
Exploit
Zero Day
Malware
Breachforums
Chrome
Acrobat
Bot
Cybercrime
Ransomware P...
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Lockbit BlackUnspecified
2
LockBit Black, also known as LockBit 3.0, is a potent form of malware that emerged in early 2022. It is the latest iteration of the LockBit ransomware family, following the mid-2021 release of LockBit 2.0 (LockBit Red). This malicious software shares similarities with other notorious ransomware type
BumblebeeUnspecified
1
Bumblebee is a type of malware that has been linked to ITG23, a cybercriminal group known for its use of crypters such as Emotet, IcedID, Qakbot, Bumblebee, and Gozi. Distributed via phishing campaigns or compromised websites, Bumblebee enables the delivery and execution of further payloads. The sam
TrickBotUnspecified
1
TrickBot is a form of malware, or malicious software, that infiltrates systems to exploit and damage them. It can enter your system via dubious downloads, emails, or websites, often without the user's knowledge. Once inside, TrickBot can steal personal information, disrupt operations, or even hold d
QakBotUnspecified
1
Qakbot, also known as QBot, is a versatile piece of malware capable of executing several malicious activities such as brute-forcing, web injects, and loading other types of malware. It's often used to steal credentials and gather information, with the cybercriminal group Black Basta being one notabl
LockbitUnspecified
1
LockBit is a type of malware, specifically ransomware, that infiltrates systems to steal data or disrupt operations, often demanding ransom in return for the release of the compromised data. Notable incidents include the LockBit ransomware gang claiming to have stolen and subsequently leaking data f
Black BastaUnspecified
1
Black Basta is a notorious malware group known for its malicious software, specifically ransomware attacks. Since early 2022, the Black Basta Ransomware gang has been actively involved in cybercrimes, amassing at least $107 million in Bitcoin ransom payments. The group's modus operandi involves expl
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
KimsukyUnspecified
1
Kimsuky, a threat actor linked to North Korea, has been identified as the perpetrator behind a series of advanced persistent threat (APT) attacks. The group is known for its malicious activities, which typically involve cyber espionage and targeted attacks on high-profile entities. Recently, Kimsuky
Tornado CashUnspecified
1
Tornado Cash, a threat actor identified in the cybersecurity industry, has been implicated in several serious cybercrimes. The entity gained notoriety for its association with the Lazarus Advanced Persistent Threat (APT) group, which used Tornado Cash to launder stolen funds. This activity was repor
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Phorpiex Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
7 days ago
Security Affairs Malware Newsletter - Round 1
Securityaffairs
14 days ago
Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
21 days ago
Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Checkpoint
a month ago
17th June – Threat Intelligence Report - Check Point Research
Securityaffairs
a month ago
Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
2 months ago
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
2 months ago
Security Affairs newsletter Round 472 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
2 months ago
Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware
Secureworks
a year ago
Phases of a Post-Intrusion Ransomware Attack
CERT-EU
a year ago
Cybersecurity threatscape: year 2021 in review
CERT-EU
a year ago
More sophisticated Rilide stealer version emerges
CERT-EU
a year ago
New Version of Rilide Data Theft Malware Adapts to Chrome Extension Manifest V3
CERT-EU
a year ago
New Version of Rilide Data Theft Malware Adapts to Chrome Extension Manifest V3