Alias Description | Votes |
---|---|
Conti is a possible alias for Ryuk. Conti is a notorious type of malware, specifically ransomware, that infiltrates computer systems to steal data and disrupt operations. The malicious software often spreads through suspicious downloads, emails, or websites, and once inside, it can hold data hostage for ransom. The Conti ransomware op | 10 |
Alias Description | Association Type | Votes |
---|---|---|
The TrickBot Malware is associated with Ryuk. TrickBot is a notorious malware that has been used extensively by cybercriminals to exploit and damage computer systems. It operates as a crimeware-as-a-service platform, infecting systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can stea | Unspecified | 11 |
The Emotet Malware is associated with Ryuk. Emotet is a particularly dangerous and insidious type of malware that has reemerged as a significant threat. This malicious software, which infects systems through suspicious downloads, emails, or websites, can steal personal information, disrupt operations, or even hold data for ransom. Emotet-infe | Unspecified | 6 |
The WannaCry Malware is associated with Ryuk. WannaCry, a potent malware, emerged as one of the most destructive cyberattacks in recent history when it struck in May 2017. Leveraging Windows SMBv1 Remote Code Execution vulnerabilities (CVE-2017-0144, CVE-2017-0145, and CVE-2017-0143), WannaCry rapidly spread across systems worldwide, encrypting | Unspecified | 4 |
The Lockbit Malware is associated with Ryuk. LockBit is a notorious malware that operates on a ransomware-as-a-service model, which has been responsible for significant cyber attacks across the globe. One of its most high-profile targets was Boeing, from whom the LockBit gang claimed to have stolen data. This incident not only disrupted operat | Unspecified | 4 |
The Maze Malware is associated with Ryuk. Maze is a form of malicious software, or malware, that pioneered a novel double-extortion tactic in the cyber threat landscape. Its modus operandi involves stealing victims' files before encrypting them, thereby enabling the threat actors to threaten both the disruption of operations and the release | Unspecified | 4 |
The Blackbasta Malware is associated with Ryuk. BlackBasta is a notorious malware, particularly known for its ransomware attacks. The group behind it has been linked with other harmful software such as IcedID, NetSupport, Gozi, PikaBot, Pushdo, Quantum, Royal, and Nokoyawa. Artifacts and indicators of compromise (IoCs) suggest a possible relation | Unspecified | 3 |
The REvil Malware is associated with Ryuk. REvil is a notorious malware, specifically a type of ransomware, that gained prominence in the cybercrime world as part of the Ransomware as a Service (RaaS) model. This model became increasingly popular in 2020, establishing relationships between first-stage malwares and subsequent ransomware attac | Unspecified | 3 |
The malware Emotet, Trickbot is associated with Ryuk. | Unspecified | 2 |
The Hive Malware is associated with Ryuk. Hive is a form of malware, specifically ransomware, that infiltrates computer systems to exploit and damage them. It gained notoriety when it was used by the cybercriminal group Volt Typhoon to exfiltrate NTDS.dit and SYSTEM registry hive data, allowing them to crack passwords offline. This malware | Unspecified | 2 |
The Diavol Malware is associated with Ryuk. Diavol is a type of malware, specifically ransomware, that infiltrates systems to exploit and cause damage. It can infect systems through various channels such as suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Diavol can steal personal information, disrupt ope | Unspecified | 2 |
The LockerGoga Malware is associated with Ryuk. LockerGoga is a type of malware, specifically ransomware, that infiltrates computer systems and holds data hostage until a ransom is paid. This malicious software was notably deployed in an attack against Norsk Hydro in March 2019. The malware was distributed by the threat group FIN6, which traditio | Unspecified | 2 |
The Akira Malware is associated with Ryuk. Akira is a prominent form of malware, specifically a ransomware that has been causing significant disruptions since its emergence. It has been reported that Akira ransomware affiliates have compromised SSLVPN accounts on SonicWall devices as an initial access vector for their attacks. This comes aft | Unspecified | 2 |
The Babuk Malware is associated with Ryuk. Babuk is a form of malware, specifically ransomware, that infiltrates computer systems and encrypts files, rendering them inaccessible to the user. It typically infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operatio | Unspecified | 2 |
The Maze Ransomware Malware is associated with Ryuk. Maze ransomware is a type of malware that emerged in 2019, employing a double extortion tactic to wreak havoc on its victims. This malicious software infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for | Unspecified | 2 |
The Bazarloader Malware is associated with Ryuk. BazarLoader is a form of malware that has been utilized extensively by ITG23, a cybercriminal group. This harmful software infiltrates systems via suspicious downloads, emails, or websites, potentially stealing personal information, disrupting operations, or holding data for ransom. ITG23 has used B | Unspecified | 2 |
The Dyre Malware is associated with Ryuk. Dyre, also known as Dyreza or Dyzap, is a banking Trojan that was initially designed to monitor online banking transactions with the aim of stealing passwords, money, or both. It first emerged in 2009 and 2010, targeting victim bank accounts held at various U.S.-based financial institutions. These i | Unspecified | 2 |
The Dyreza Malware is associated with Ryuk. Dyreza, also known as Dyre, is a sophisticated banking trojan malware that has garnered significant attention over the past several years. This malicious software is designed to exploit and damage computer systems, often infecting them through suspicious downloads, emails, or websites without user k | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Sodinokibi Threat Actor is associated with Ryuk. Sodinokibi, also known as REvil, is a significant threat actor first identified in April 2019. This ransomware family operates as a Ransomware-as-a-Service (RaaS) and has been responsible for one in three ransomware incidents responded to by IBM Security X-Force in 2020. The Sodinokibi ransomware st | Unspecified | 3 |
The Alphv Threat Actor is associated with Ryuk. AlphV, also known as BlackCat, is a notorious threat actor that has been active since November 2021. This group pioneered the public leaks business model and has been associated with various ransomware families, including Akira, LockBit, Play, and Basta. AlphV gained significant attention for its la | Unspecified | 3 |
The DarkSide Threat Actor is associated with Ryuk. DarkSide is a threat actor known for its malicious activities, primarily in the realm of ransomware attacks. One of their most notable exploits occurred on May 7, 2021, when they targeted Colonial Pipeline Co., a major player in the U.S. energy sector. The attack disrupted the gasoline supply across | Unspecified | 3 |
The FIN7 Threat Actor is associated with Ryuk. FIN7, also known as Carbanak, Carbon Spider, Cobalt Group, and Navigator Group, is a notorious cybercrime group that has been active since 2012. The group is recognized for its advanced combination of malware and social engineering tactics, having executed numerous successful attacks against global | Unspecified | 3 |
The Wizard Spider Threat Actor is associated with Ryuk. Wizard Spider, also known as ITG23, DEV-0193, Trickbot Group, Fin12, and Grimspider, is a significant threat actor in the cybercrime landscape. This group has been continually analyzed by IBM Security X-Force researchers for its use of several crypters and is credited with creating the notorious, ev | Unspecified | 3 |
The Conti Team Threat Actor is associated with Ryuk. The Conti team, a threat actor group known for its malicious activities in the cyber realm, has seen significant developments and transformations over recent years. In September 2022, a splinter group from Conti Team One resurfaced under the name Royal Ransomware, conducting callback phishing attack | Unspecified | 2 |
The UNC1878 Threat Actor is associated with Ryuk. UNC1878, tracked by Mandiant and identified by MITRE, is a notable threat actor involved in various cybercrime enterprises. This group is financially motivated and primarily monetizes network access via the deployment of Ryuk ransomware. A significant proportion of post-compromise activity linked to | Unspecified | 2 |
The Blackmatter Threat Actor is associated with Ryuk. BlackMatter is a recognized threat actor in the cybersecurity industry, notorious for its malicious activities and the execution of ransomware attacks. The group initially operated as DarkSide, responsible for the high-profile Colonial Pipeline attack in May 2021, which led to significant attention | Unspecified | 2 |
The Zeon Threat Actor is associated with Ryuk. Zeon, a known threat actor in the cybersecurity landscape, has been linked to several high-profile ransomware attacks. It was instrumental in crypting SVCReady and CargoBay loaders, observed in Quantum and Royal ransomware attacks respectively. Zeon has also employed third-party ransomware such as B | Unspecified | 2 |
Preview | Source Link | CreatedAt | Title |
---|---|---|---|
Securityaffairs | 4 months ago | ||
InfoSecurity-magazine | 5 months ago | ||
CERT-EU | 7 months ago | ||
CERT-EU | 7 months ago | ||
BankInfoSecurity | 7 months ago | ||
CERT-EU | 7 months ago | ||
CERT-EU | 8 months ago | ||
CERT-EU | 8 months ago | ||
Securityaffairs | 9 months ago | ||
InfoSecurity-magazine | 9 months ago | ||
CERT-EU | 9 months ago | ||
MITRE | 10 months ago | ||
MITRE | 10 months ago | ||
MITRE | 10 months ago | ||
CERT-EU | 10 months ago | ||
CERT-EU | 10 months ago | ||
CERT-EU | a year ago | ||
InfoSecurity-magazine | a year ago | ||
CERT-EU | a year ago | ||
CERT-EU | a year ago |