White Rabbit

Threat Actor updated 3 months ago (2024-06-05T20:17:42.689Z)
Download STIX
Preview STIX
White Rabbit is a notable threat actor in the cybersecurity landscape, known for its malicious activities and association with other prominent hacking groups. The group's name, derived from the character in Alice's Adventures in Quantum Wonderland, signifies its unique approach to cyber attacks. In January 2022, White Rabbit was linked to Syssphinx, another notorious hacking group, when it was discovered that they were using a variant of the Sardonic backdoor, a tool commonly associated with Syssphinx. Furthermore, the group has been observed using various ransomware families such as Ragnar Locker, White Rabbit, and BlackCat, with particular attention given to their use of the White Rabbit ransomware, which itself is based on Sardonic. The White Rabbit ransomware is reportedly used by "club members" of the RansomHouse platform, as per Emisoft’s threat analyst Brett Callow. This platform is known for hosting attacks carried out using their own tools, including the White Rabbit ransomware. In addition, White Rabbit has been connected to malicious URLs and is known to exploit AI tools like FraudGPT, WormGPT, DarkBARD, and others to write malicious code, generate phishing pages and messages, identify leaks and vulnerabilities, and create hacking tools. Furthermore, a significant link was identified between White Rabbit and two other ransomware groups, BianLian and Mario, by cybersecurity company Resecurity in December. This collaboration was particularly focused on targeting financial services organizations, highlighting a new level of threat posed by these groups. The security firm Bleeping Computer has suggested moderate confidence in linking these attacks to the financially driven FIN8 hacking group, also known as Syssphinx and White Rabbit. Over the past few years, this group has been observed using a number of ransomware threats, further emphasizing the pervasive and evolving nature of the White Rabbit threat actor.
Description last updated: 2024-06-05T20:16:06.437Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
FIN8
2
FIN8, also known as Syssphinx, is a financially motivated cybercrime group that has been active since at least January 2016. This threat actor is notorious for targeting organizations across various sectors including hospitality, retail, entertainment, insurance, technology, chemicals, and finance.
Syssphinx
2
Syssphinx, also known as FIN8, is a threat actor that has been active since 2016. This group is known for taking extended breaks between attack campaigns to refine its tactics, techniques, and procedures (TTPs). For instance, Syssphinx had used backdoor malware called Badhatch in attacks since 2019,
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
Ragnar LockerUnspecified
2
Ragnar Locker is a type of malware, specifically ransomware, known for its destructive impact on computer systems. It infiltrates systems primarily through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or hold data hostage for rans
SardonicUnspecified
2
Sardonic is a sophisticated piece of malware, or malicious software, first identified in 2021. It was designed to exploit and damage computer systems, often infiltrating without the user's knowledge through suspicious downloads, emails, or websites. The malware could disrupt operations, steal person
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
IDTypeVotesProfile Description
BianlianUnspecified
2
BianLian is a significant threat actor within the cybersecurity landscape, known for its malicious activities and cyber-attacks. The group has been particularly active in exploiting bugs in JetBrains TeamCity, a popular continuous integration and deployment system used by software development teams.
Source Document References
Information about the White Rabbit Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
BankInfoSecurity
3 months ago
Australian Mining Giant Confirms BianLian Ransomware Attack
CERT-EU
6 months ago
Immediate AI risks and tomorrow's dangers - Help Net Security
DARKReading
7 months ago
ICS Ransomware Danger Rages Despite Fewer Attacks
MITRE
9 months ago
FIN8 Uses Revamped Sardonic Backdoor to Deliver Noberus Ransomware
CERT-EU
a year ago
FIN8 Group Using Modified Sardonic Backdoor for BlackCat Ransomware Attacks
CERT-EU
a year ago
FIN8 uses updated backdoor to deploy BlackCat ransomware
Recorded Future
2 years ago
Semiconductor Companies Targeted by Ransomware | Recorded Future
BankInfoSecurity
a year ago
Ransomware Attack Specialist Tied to Citrix NetScaler Hacks
Securityaffairs
a year ago
FIN8-linked actor targets Citrix NetScaler systems
Recorded Future
2 years ago
Semiconductor Companies Targeted by Ransomware | Recorded Future
Securityaffairs
a year ago
FIN8 Group spotted delivering the BlackCat Ransomware
CERT-EU
a year ago
Cyber Security Today, July 19, 2023 – The Sturmous ransomware group is back, a ransomware gang adds a new backdoor, and more | IT World Canada News
CERT-EU
a year ago
FIN8 Revamped Hacking Toolkit with New Stealthy Attack Features
CERT-EU
a year ago
Financial cybercrime syndicate deploys reworked backdoor malware
CERT-EU
a year ago
The new Sydney offices designed to make workers happy
CERT-EU
a year ago
Quantum Computing: A New Competitive Factor With China – Analysis