| ID | Votes | Profile Description |
|---|---|---|
| Conti | 10 | Conti is a notorious malware and ransomware operation that has caused significant damage to computer systems worldwide. The Conti group, believed to have around 200 employees, operated like a regular business, with internal communications revealing the organization's structure and operations. It was |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| TrickBot | Unspecified | 11 | TrickBot is a notorious malware that has been used extensively by cybercriminals to exploit and damage computer systems. It operates as a crimeware-as-a-service platform, infecting systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can stea |
| Emotet | Unspecified | 6 | Emotet is a highly dangerous and insidious type of malware that has been active, particularly during recent summers. It is distributed primarily through documents attached to emails, using conversations found in compromised accounts. Once an unsuspecting user clicks either the enable button or an im |
| WannaCry | Unspecified | 4 | WannaCry is a type of malware, specifically ransomware, that gained notoriety in 2017 as one of the largest and most damaging cyber-attacks to date. The malicious software exploits vulnerabilities in computer systems to encrypt data, effectively holding it hostage until a ransom is paid. It primaril |
| Lockbit | Unspecified | 4 | LockBit is a malicious software, or malware, that has been notably active and damaging in the cyber world. Known for its ability to infiltrate systems often without detection, it can steal personal information, disrupt operations, and even hold data hostage for ransom. In the first half of 2024, Loc |
| Maze | Unspecified | 4 | Maze is a type of malware, specifically ransomware, that gained notoriety in 2019 for its double extortion tactic. This malicious software infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Maze w |
| Blackbasta | Unspecified | 3 | BlackBasta is a notorious malware, specifically ransomware, that has been associated with several high-profile cyber-attacks. This malicious software infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, |
| REvil | Unspecified | 3 | REvil is a type of malware, specifically ransomware, that has been linked to significant cyber attacks. It emerged as part of the Ransomware as a Service (RaaS) model that gained popularity in 2020. This model established relationships between first-stage malware and subsequent ransomware attacks, s |
| Emotet, Trickbot | Unspecified | 2 | None |
| Hive | Unspecified | 2 | Hive is a malicious software (malware) that has been used by the cybercriminal group, Hunters International, to launch ransomware attacks since October of last year. The group operates as a ransomware-as-a-service (RaaS) provider, spreading Hive rapidly through collaborations with less sophisticated |
| Diavol | Unspecified | 2 | Diavol is a type of malware, specifically ransomware, that infiltrates systems to exploit and cause damage. It can infect systems through various channels such as suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Diavol can steal personal information, disrupt ope |
| LockerGoga | Unspecified | 2 | LockerGoga is a type of malware, specifically ransomware, known for its disruptive capabilities. It was notably deployed at Norsk Hydro in March 2019, causing significant operational disruption. LockerGoga differentiates itself from other types of ransomware such as EKANS due to its destructive natu |
| Akira | Unspecified | 2 | Akira is a malicious software or malware that has been causing significant damage to various organizations and systems worldwide. The ransomware, known for its persistent and harmful attacks, has successfully infiltrated numerous systems, often without the knowledge of the users, disrupting operatio |
| Babuk | Unspecified | 2 | Babuk is a type of malware, specifically ransomware, that infiltrates systems to encrypt files and hold them for ransom. This malicious software can infect your system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operations by enc |
| Maze Ransomware | Unspecified | 2 | Maze ransomware is a type of malware that emerged in 2019, employing a double extortion tactic to wreak havoc on its victims. This malicious software infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for |
| Bazarloader | Unspecified | 2 | BazarLoader is a form of malware that has been utilized extensively by ITG23, a cybercriminal group. This harmful software infiltrates systems via suspicious downloads, emails, or websites, potentially stealing personal information, disrupting operations, or holding data for ransom. ITG23 has used B |
| Clop | Unspecified | 2 | Clop, also known as Cl0p, is a notorious ransomware group responsible for several high-profile cyberattacks. The group specializes in exploiting vulnerabilities in software and systems to gain unauthorized access, exfiltrate sensitive data, and then extort victims by threatening to release the stole |
| Dyre | Unspecified | 2 | Dyre, also known as Dyreza or Dyzap, is a banking Trojan that was initially designed to monitor online banking transactions with the aim of stealing passwords, money, or both. It first emerged in 2009 and 2010, targeting victim bank accounts held at various U.S.-based financial institutions. These i |
| Dyreza | Unspecified | 2 | Dyreza, also known as Dyre, is a sophisticated banking trojan malware that has garnered significant attention over the past several years. This malicious software is designed to exploit and damage computer systems, often infecting them through suspicious downloads, emails, or websites without user k |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Sodinokibi | Unspecified | 3 | Sodinokibi, also known as REvil, is a significant threat actor first identified in April 2019. This ransomware family operates as a Ransomware-as-a-Service (RaaS) and has been responsible for one in three ransomware incidents responded to by IBM Security X-Force in 2020. The Sodinokibi ransomware st |
| Alphv | Unspecified | 3 | Alphv is a threat actor group known for its malicious activities in the cyber world. They have been particularly active in deploying ransomware attacks, with one of their most significant actions being the theft of 5TB of data from Morrison Community Hospital. This act not only disrupted hospital op |
| DarkSide | Unspecified | 3 | DarkSide is a threat actor known for its malicious activities, particularly in the realm of ransomware. This group was notably responsible for the major attack on the U.S. energy sector that targeted Colonial Pipeline Co. on May 7, 2021, using a ransomware-as-a-service operation. The DarkSide ransom |
| FIN7 | Unspecified | 3 | FIN7, a prominent threat actor in the cybercrime landscape, has been noted for its malicious activities and innovative tactics. Known for their relentless attacks on large corporations, FIN7 recently targeted a significant U.S. carmaker with phishing attacks, demonstrating their continued evolution |
| Wizard Spider | Unspecified | 3 | Wizard Spider, also known as ITG23, DEV-0193, Trickbot Group, Fin12, and Grimspider, is a significant threat actor in the cybercrime landscape. This group has been continually analyzed by IBM Security X-Force researchers for its use of several crypters and is credited with creating the notorious, ev |
| Conti Team | Unspecified | 2 | The Conti team, a threat actor group known for its malicious activities in the cyber realm, has seen significant developments and transformations over recent years. In September 2022, a splinter group from Conti Team One resurfaced under the name Royal Ransomware, conducting callback phishing attack |
| UNC1878 | Unspecified | 2 | UNC1878, tracked by Mandiant and identified by MITRE, is a notable threat actor involved in various cybercrime enterprises. This group is financially motivated and primarily monetizes network access via the deployment of Ryuk ransomware. A significant proportion of post-compromise activity linked to |
| Blackmatter | Unspecified | 2 | BlackMatter is a recognized threat actor in the cybersecurity industry, notorious for its malicious activities and the execution of ransomware attacks. The group initially operated as DarkSide, responsible for the high-profile Colonial Pipeline attack in May 2021, which led to significant attention |
| Zeon | Unspecified | 2 | Zeon, a known threat actor in the cybersecurity landscape, has been linked to several high-profile ransomware attacks. It was instrumental in crypting SVCReady and CargoBay loaders, observed in Quantum and Royal ransomware attacks respectively. Zeon has also employed third-party ransomware such as B |
| Preview | Source Link | CreatedAt | Title |
|---|---|---|---|
| Securityaffairs | 2 months ago | Operation Morpheus took down 593 Cobalt Strike servers used by threat actors | |
| InfoSecurity-magazine | 3 months ago | #Infosec2024: Decoding SentinelOne’s AI Threat Hunting Assistant | |
| CERT-EU | 6 months ago | Ransomware Talent Surges to Akira After LockBit's Demise | |
| CERT-EU | 6 months ago | LockBit takedown surges Akira Ransomware Attacks - Cybersecurity Insiders | |
| BankInfoSecurity | 6 months ago | Ransomware Talent Surges to Akira After LockBit's Demise | |
| CERT-EU | 6 months ago | British authorities have never detected a breach of ransomware sanctions — but is that good or bad news? | #ransomware | #cybercrime | National Cyber Security Consulting | |
| CERT-EU | 6 months ago | American Fortune 500 Company Hit by Ransomware Cyberattack | |
| CERT-EU | 6 months ago | Operation Cronos: Who Are the LockBit Admins | |
| Securityaffairs | 7 months ago | A TrickBot malware developer sentenced to 64 months in prison | |
| InfoSecurity-magazine | 7 months ago | Ukraine Arrests Hacker for Assisting Russian Missile Strikes | |
| CERT-EU | 8 months ago | Examples of Past and Current Attacks | #ransomware | #cybercrime | National Cyber Security Consulting | |
| MITRE | 9 months ago | FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7 | |
| MITRE | 9 months ago | Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds | |
| MITRE | 9 months ago | The many lives of BlackCat ransomware | Microsoft Security Blog | |
| CERT-EU | 9 months ago | The end of ransomware payments: how businesses fit into the fight | #ransomware | #cybercrime | National Cyber Security Consulting | |
| CERT-EU | 9 months ago | Akira Ransomware Attack: Two Alleged Victim In Cyber Breach | |
| CERT-EU | 9 months ago | Industry-leading protection against remote ransomware attacks – Sophos News | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting | |
| InfoSecurity-magazine | 9 months ago | Russian Programmer Pleads Guilty to Trickbot Conspiracy | |
| CERT-EU | 9 months ago | TrickBot malware dev pleads guilty, faces 35 years in prison | |
| CERT-EU | 9 months ago | TrickBot Developer Pleads Guilty in US Court |