| ID | Votes | Profile Description |
|---|---|---|
| Snake | 10 | Snake, also known as EKANS, is a threat actor first identified by Dragos on January 6, 2020. This malicious entity is notorious for its deployment of ransomware and keyloggers, primarily targeting business networks. The Snake ransomware variant has been linked to Iran and exhibits an industrial focu |
| Kazuar | 8 | Kazuar is a sophisticated multiplatform trojan horse malware, linked to the Russian-based threat group Turla (also known as Pensive Ursa, Uroburos, Snake), which has been operating since at least 2004. This group, believed to be connected to the Russian Federal Security Service (FSB), utilizes an ar |
| Uroburos | 8 | Uroburos, also known as Snake, Turla, Pensive Ursa, and Venomous Bear, is a sophisticated malware linked to the Russian Federal Security Service (FSB). The development of this malicious software began in late 2003, with its operations traced back to at least 2004. Uroburos is part of a broader arsen |
| Waterbug | 6 | Waterbug, also known as Turla, Venomous Bear, and other aliases, is a cyberespionage group closely affiliated with the FSB Russian intelligence agency. This threat actor has been active since at least 2004, targeting government entities, intelligence agencies, educational institutions, research faci |
| Venomous Bear | 6 | Venomous Bear, also known as Turla, Urobouros, Snake, and other names, is a threat actor group attributed to Center 16 of the Federal Security Service (FSB) of the Russian Federation. The group has been active since at least 2004, targeting diplomatic and government organizations, as well as private |
| Pensive Ursa | 5 | Pensive Ursa, also known as Turla, Uroburos, Venomous Bear, and Waterbug, is a Russian-based advanced persistent threat (APT) group that has been operating since at least 2004. The group, linked to the Russian Federal Security Service (FSB), is renowned for its sophisticated cyber-espionage activiti |
| Snake Malware | 5 | The infamous Snake malware, a complex and destructive tool utilized by Pensive Ursa, became the target of a significant cybersecurity operation in May 2023. Detailed in a CISA report, the Snake malware was known to infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst t |
| Sandworm | 4 | Sandworm, a Russia-linked threat actor group, has been implicated in a series of significant cyber-attacks targeting Ukraine's infrastructure. The group successfully compromised 11 Ukrainian telecommunication providers, demonstrating their extensive capabilities and the broad reach of their operatio |
| Krypton | 3 | Krypton, also known as Secret Blizzard or UAC-0003, is a significant threat actor that has been associated with Russia's Federal Security Service (FSB). This Advanced Persistent Threat (APT) group has been active since at least 2004, targeting diplomatic and government organizations as well as priva |
| LightNeuron | 3 | LightNeuron is a sophisticated malware developed by the Turla group, known for its complex and custom cyber threats. It shares operational similarities with LunarMail, another Turla backdoor, in that it uses email messages for command and control (C&C) purposes. The malware infects systems through s |
| StrongPity | 2 | StrongPity is a malicious software (malware) that infiltrates computer systems, typically through suspicious downloads, emails, or websites. The malware has been active for over a decade and is possibly linked to the Turkish government. It's designed to exploit and damage systems, steal personal inf |
| OceanLotus | 2 | OceanLotus, also known as APT32, is a threat actor suspected to be linked with Vietnam. It primarily targets foreign companies involved in manufacturing, consumer products, consulting, and hospitality sectors that are investing or planning to invest in Vietnam. The group's recent activities indicate |
| Wildneutron | 2 | None |
| Epic Turla | 2 | Epic Turla, also known as Snake or Uroburos, is a sophisticated multi-stage malware attack that was extensively researched and documented in 2014. The campaign, dubbed "Epic Turla," was orchestrated by a group of attackers who utilized the Epic malware family, known for its dynamic and adaptive natu |
| Secret Blizzard | 2 | Secret Blizzard, also known as Turla, KRYPTON, and UAC-0003, is a threat actor group linked to Russia's Federal Security Service (FSB). This Advanced Persistent Threat (APT) group has been active since the early 2000s, primarily targeting government organizations worldwide. The group's activities we |
| Pensive | 2 | Pensive Ursa, also known as Turla or Uroburos, is a Russian-based threat group that has been active since at least 2004 and is linked to the Russian Federal Security Service (FSB). The group employs advanced and stealthy tools like Kazuar, a .NET backdoor used as a second stage payload. In 2023, Pen |
| Lunarmail | 2 | LunarMail, identified as a threat actor by ESET Research, has been implicated in the compromise of a European Ministry of Foreign Affairs (MFA) and its diplomatic missions. This cyber threat employs two previously unknown backdoors, LunarWeb and LunarMail, to infiltrate and exploit systems. LunarWeb |
| Energetic Bear | 2 | Energetic Bear, also known as DragonFly, Crouching Yeti, and Berserk Bear, is a threat actor that has been operational since at least 2011. The group has been linked to various cyber-espionage campaigns targeting the energy sector in Europe and North America, with the primary focus on defense and av |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| TinyTurla | Unspecified | 6 | TinyTurla is a form of malware, malicious software designed to infiltrate and damage computer systems without the user's knowledge. It can enter systems via suspicious downloads, emails, or websites, and once inside, it has the potential to steal personal information, disrupt operations, or hold dat |
| ComRAT | Unspecified | 5 | ComRAT, also known as Agent.BTZ, is a potent malware that has evolved over the years to become a significant threat in the cybersecurity landscape. Developed using C++ and employing a virtual FAT16 file system, ComRAT is often used to exfiltrate sensitive documents. The malware is a remote access tr |
| Agent.btz | Unspecified | 5 | Agent.btz, also known as ComRAT v4, is a remote access trojan (RAT) developed using C++ and employing a virtual FAT16 file system. This malicious software was one of the earliest backdoors used by Pensive Ursa, a cyber-espionage group. Notably, the malware is frequently used to exfiltrate sensitive |
| Tomiris | Unspecified | 5 | Tomiris is a malicious software (malware) group that has been active since before 2019. Known for its use of the QUIETCANARY backdoor, Tomiris has expanded its capabilities and influence within the region, targeting government entities and other high-value targets. The group has shown a particular i |
| Crutch | Unspecified | 4 | Crutch is a sophisticated malware attributed to the Turla group, first discovered by ESET researchers in December 2020. It's considered a second-stage backdoor, achieving persistence through DLL hijacking. One notable feature of Crutch v4 is its ability to automatically upload files found on local a |
| ANDROMEDA | Unspecified | 4 | Andromeda is a type of malware, or malicious software, designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or hold data ho |
| KOPILUWAK | Unspecified | 4 | KopiLuwak is a JavaScript-based malware used for command and control (C2) communications and victim profiling. It was initially dropped by Pensive Ursa using an MSIL dropper in a G20-themed attack in 2017, and later as a self-extracting archive (SFX) executable in late 2022. Upon execution, the SFX |
| Gazer | Unspecified | 3 | Gazer is a second-stage backdoor malware written in C++ that was unveiled by Turla in August. It was discovered to have been deployed through watering-hole attacks and spear-phishing campaigns, enabling more precise targeting of victims. The malware is attributed to Pensive Ursa due to strong simila |
| Unc4210 | Unspecified | 3 | UNC4210 is a malicious software (malware) discovered by Mandiant in September 2022, suspected to be an operation of the Turla Team. This malware was identified as it re-registered three expired ANDROMEDA command and control (C2) domains and began selectively deploying KOPILUWAK and QUIETCANARY to vi |
| Capibar | Unspecified | 3 | Capibar, a new malware identified as part of the arsenal of the Russian-based threat group Turla (also known as Pensive Ursa, Uroburos, or Snake), has been used in recent cyberattacks. This group, linked to the Russian Federal Security Service (FSB) and active since at least 2004, has deployed Capib |
| Maze | Unspecified | 3 | Maze is a type of malware, specifically ransomware, that gained notoriety in 2019 for its double extortion tactic. This malicious software infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Maze w |
| SUNBURST | Unspecified | 2 | Sunburst is a sophisticated malware that has been linked to the Kazuar code, indicating its complexity. It was used in several well-known cyber attack campaigns such as SUNBURST, OilRig, xHunt, DarkHydrus, and Decoy Dog, which employed DNS tunneling techniques for command and control (C2) communicat |
| Tunnussched | Unspecified | 2 | TunnusSched is a malicious software (malware) that has been used by the Advanced Persistent Threat (APT) group known as Tomiris. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is capable of stealing personal information, disrupting operations, and even h |
| Penquin | Unspecified | 2 | Penquin is a type of malware, a malicious software designed to exploit and damage computer systems. It infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Penquin can cause various types of harm, such as stealing personal information, disrup |
| Mosquito | Unspecified | 2 | The "Mosquito" malware is a harmful software designed to exploit and damage computer systems or devices. It operates covertly, infiltrating systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it has the capability to steal personal information, disr |
| QUIETCANARY | Unspecified | 2 | Quietcanary is a malicious software (malware) that has been exploited by threat groups such as Pensive Ursa and Tomiris. The malware, known for its backdoor capabilities, has been in use since at least 2019, with Pensive Ursa deploying it against targets in Ukraine in September 2022, often in conjun |
| Moonlight Maze | Unspecified | 2 | Moonlight Maze is a notorious malware that emerged in the 1990s, primarily targeting government, military, and defense sector entities. This malicious software was designed to exploit and damage computer systems, often infiltrating them through suspicious downloads, emails, or websites without the u |
| HyperStack | Unspecified | 2 | HyperStack, also known as SilentMoo or BigBoss, is a Remote Procedure Call (RPC) backdoor malware that was first observed in 2018. It has been utilized in operations targeting European government entities and is linked to the Russian-based threat group Pensive Ursa, which has been operational since |
| Deliverycheck | Unspecified | 2 | DeliveryCheck is a novel .NET-based malware that has been identified by Microsoft's Threat Intelligence as being used in targeted attacks against the defense sector in Ukraine and Eastern Europe. The threat actor behind these attacks is known as Secret Blizzard (also referred to as KRYPTON or UAC-00 |
| Makersmark | Unspecified | 2 | None |
| Ursa | Unspecified | 2 | Ursa is a highly active and motivated malware threat actor, also known as APT28, Fancy Bear, and Sofacy, which has been linked to various high-profile cyberattacks, including the US election interference in 2016 and the NotPetya attacks. The group is known for its use of the HeadLace backdoor malwar |
| Topinambour | Unspecified | 2 | Topinambour is a malicious software (malware) that has been linked to the hacking group Turla, as reported by Kaspersky and Securelist. This malware, identified by SHA-256 29314f3cd73b81eda7bd90c66f659235e6bb900e499c9cc7057d10a9083a0b94, is known for its ability to exploit and damage computers or de |
| Ttng | Unspecified | 2 | TinyTurla-NG (TTNG) is a potent malware identified by Cisco Talos in partnership with CERT.NGO. TTNG is part of the arsenal used by the Turla APT, a notorious group of Russian state-sponsored actors known for their cyber espionage activities. This malicious software is designed to infiltrate systems |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Turla Group | Unspecified | 6 | The Turla group, also known as Pensive Ursa, Krypton, Secret Blizzard, Venomous Bear, or Uroburos, is a notable threat actor that has been linked to the Russian Federal Security Service (FSB). With a history dating back to 2004, this group operates in painstaking stages, first conducting reconnaissa |
| Medusa | Unspecified | 5 | Medusa, a malicious threat actor known for its ransomware attacks, has been increasingly active and dangerous. This group was responsible for a significant rise in data leaks and multi-extortion activities throughout 2023. Medusa, along with other ransomware groups like LockBit and ALPHV (BlackCat), |
| Gamaredon | Unspecified | 4 | Gamaredon, a Russian Advanced Persistent Threat (APT) group, has been identified as a significant threat actor in the cybersecurity landscape. Notably, it has employed the USB worm LitterDrifter in a series of cyberattacks against Ukraine, demonstrating its capacity for sophisticated and disruptive |
| OilRig | Unspecified | 3 | OilRig is a well-known threat actor in the cybersecurity landscape, notorious for its sophisticated attacks on various targets, including Middle Eastern telecommunications organizations and Israel's critical infrastructure sector. This entity has been linked to several high-profile campaigns such as |
| APT34 | Unspecified | 2 | APT34, also known as OilRig, EUROPIUM, Hazel Sandstorm, and Crambus among other names, is a threat actor believed to be operating on behalf of the Iranian government. Operational since at least 2014, APT34 has been involved in long-term cyber espionage operations primarily focused on reconnaissance |
| APT29 | Unspecified | 2 | APT29, also known as Cozy Bear, Nobelium, The Dukes, Midnight Blizzard, BlueBravo, and the SVR group, is a Russia-linked threat actor notorious for its malicious cyber activities. In November 2023, this entity exploited a zero-day vulnerability in WinRAR software to launch attacks against various em |
| APT28 | Unspecified | 2 | APT28, also known as Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM, is a threat actor linked to Russia that has been active since at least 2007. The group has targeted governments, militaries, and security organizations worldwide, including the German Social Democratic Party |
| Preview | Source Link | CreatedAt | Title |
|---|---|---|---|
| Securityaffairs | a month ago | SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6 | |
| Securityaffairs | a month ago | security-affairs-malware-newsletter-round-5 | |
| CERT-EU | 10 months ago | Tom "Hollywood" Hegel - ProtectWise 401TRG | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 3 | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 3 | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 2 | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 1 | |
| Securityaffairs | 2 months ago | Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION | |
| Securityaffairs | 3 months ago | Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION | |
| Securityaffairs | 3 months ago | Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION | |
| BankInfoSecurity | 3 months ago | Russian Cyberthreat Looms Over Paris Olympics | |
| Securityaffairs | 3 months ago | Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION | |
| Flashpoint | 3 months ago | Evolving Tactics: How Russian APT Groups Are Shaping Cyber Threats in 2024 | |
| DARKReading | 4 months ago | Russia's Turla APT Abuses MSBuild to Deliver TinyTurla Backdoor | |
| Securityaffairs | 4 months ago | Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs | |
| ESET | 4 months ago | To the Moon and back(doors): Lunar landing in diplomatic missions | |
| BankInfoSecurity | 4 months ago | Breach Roundup: Kimsuky Serves Linux Trojan | |
| CERT-EU | 6 months ago | Windows tool helps RedCurl obscure cyberespionage attacks | |
| CERT-EU | 6 months ago | Be careful if you use Linux in your company: It is not immune - Panda Security Mediacenter | |
| CERT-EU | 6 months ago | Why Apple added protection against quantum computing when quantum computing doesn’t even exist yet |