rose87168
Rank: 1
THREAT ACTOR INTELLIGENCE KNOW YOUR ENEMY
- Know their tactics, techniques, and past activities.
- Access detailed profiles and track threat actor activities.
- Keep up with the latest threats and Tactics, Techniques, and Procedures (TTPs).
- Prioritize risks based on active threat actors in your industry or region.
Discover the
adversaries targeting your industry
Clear
Search
Please select a filter to get Threat Actors!
Top Threat Actors
1818309
Audience
11
News
0
IOC
Target Countries:
United States
Target Sectors:
NAICS:51 -
NAICS:81 -
NAICS:5112 -
Associated Malware/Software:
No Malware available.
Related CVE's:
CVE-2021-35587
ATT&CK IDs:
No Attack IDs
See Details
Lazarus Group
★
Rank: 2
1060000
Audience
9
News
26202
IOC
Target Countries:
Chile
Thailand
Vietnam
China
Mexico
+ 23
Target Sectors:
BitCoin exchanges -
Technology -
Energy -
Shipping and Logistics -
Defense -
Associated Malware/Software:
Lazarus
Linux
win.alphanc
DDoS:Linux/Gafgyt
win.magic_rat
+ 206
Related CVE's:
CVE-2021-3018
CVE-2022-0609
CVE-2024-38106
CVE-2023-20198
CVE-2021-24284
+ 169
ATT&CK IDs:
T1564
T1584 - Compromise Infrastructure
T1057 - Process Discovery
T1565
T1498 - Network Denial of Service
+ 412
See Details
FamousSparrow
★
Rank: 3
640687
Audience
12
News
104
IOC
Target Countries:
Thailand
Vietnam
Indonesia
Lithuania
Mexico
+ 24
Target Sectors:
Technology -
NGOs -
Transportation -
Education -
Hospitality -
Associated Malware/Software:
Cobalt Strike
sparrow_door
Linux
ShadowPad - S0596
INC
+ 4
Related CVE's:
CVE-2020-1472
CVE-2021-27065
CVE-2023-48788
CVE-2021-26855
CVE-2024-21887
+ 5
ATT&CK IDs:
T1543.003 - Windows Service
T1548.002
T1082 - System Information Discovery
T1071.001 - Web Protocols
T1588.001 - Malware
+ 42
See Details
DNSpionage
★
Rank: 4
177500
Audience
0
News
39053
IOC
Target Countries:
Lebanon
Cyprus
Iraq
Egypt
Sweden
+ 5
Target Sectors:
Aviation -
Telecommunications -
Civil -
Law enforcement -
Healthcare -
Associated Malware/Software:
SHOTPUT
Keyloggers
Remnant
GenericKD.37827502
malicious.2a7bf4
+ 55
Related CVE's:
CVE-2017-11882
CVE-2016-7262
CVE-2012-3993
CVE-2012-0158
CVE-2018-8453
+ 42
ATT&CK IDs:
T1496
T1033
T1486
T1043 - Commonly Used Port
T1056.001 - Keylogging
+ 193
See Details
Target Countries for rose87168:
- United States
Related CVEs for rose87168:
- CVE-2021-35587
ATT&CK IDs for rose87168:
Associated Malware/Software for rose87168:
Target Countries for Lazarus Group:
- Chile
- Thailand
- Vietnam
- China
- Mexico
- Hong Kong
- Japan
- South Korea
- USA
- Ecuador
- Russia
- Australia
- Taiwan
- UK
- Worldwide (WannaCry)
- Brazil
- France
- Canada
- Bangladesh
- Guatemala
- Philippines
- India
- Belgium
- Netherlands
- Israel
- Poland
- South Africa
- Germany
Related CVEs for Lazarus Group:
- CVE-2021-3018
- CVE-2022-0609
- CVE-2024-38106
- CVE-2023-20198
- CVE-2021-24284
- CVE-2018-20250
- CVE-2022-38028
- CVE-2019-15637
- CVE-2022-24665
- CVE-2020-1472
- CVE-2014-9583
- CVE-2024-43093
- CVE-2022-40259
- CVE-2024-23222
- CVE-2023-49606
- CVE-2017-4946
- CVE-2013-5947
- CVE-2021-30657
- CVE-2021-20038
- CVE-2022-22947
- CVE-2021-34473
- CVE-2023-46748
- CVE-2021-34523
- CVE-2015-6585
- CVE-2024-21762
- CVE-2021-45046
- CVE-2024-45519
- CVE-2024-24691
- CVE-2015-0554
- CVE-2020-1380
- CVE-2024-3094
- CVE-2014-1225
- CVE-2019-0708
- CVE-2021-40684
- CVE-2021-31207
- CVE-2023-29059
- CVE-2024-5274
- CVE-2021-43226
- CVE-2023-27997
- CVE-2022-21882
- CVE-2017-11882
- CVE-2019-16098
- CVE-2024-38112
- CVE-2021-33768
- CVE-2024-21894
- CVE-2022-32917
- CVE-2022-41974
- CVE-2022-41082
- CVE-2024-4947
- CVE-2021-33764
- CVE-2023-32784
- CVE-2021-21551
- CVE-2014-4019
- CVE-2023-42793
- CVE-2017-16238
- CVE-2021-44731
- CVE-2014-2962
- CVE-2021-34527
- CVE-2021-31196
- CVE-2023-38831
- CVE-2021-31206
- CVE-2023-23376
- CVE-2024-0769
- CVE-2022-42475
- CVE-2018-8174
- CVE-2020-25213
- CVE-2021-25325
- CVE-2024-30051
- CVE-2024-21338
- CVE-2022-40242
- CVE-2024-28995
- CVE-2022-24663
- CVE-2018-13379
- CVE-2017-10271
- CVE-2022-30190
- CVE-2023-38035
- CVE-2023-5009
- CVE-2024-20272
- CVE-2024-38814
- CVE-2022-47966
- CVE-2015-7248
- CVE-2023-51467
- CVE-2023-22518
- CVE-2023-2868
- CVE-2023-40044
- CVE-2018-19320
- CVE-2022-41128
- CVE-2023-25690
- CVE-2021-34470
- CVE-2018-10562
- CVE-2023-46747
- CVE-2012-5687
- CVE-2024-28991
- CVE-2021-45837
- CVE-2022-25064
- CVE-2020-12812
- CVE-2024-4058
- CVE-2022-2827
- CVE-2024-21412
- CVE-2024-6327
- CVE-2015-2051
- CVE-2022-3236
- CVE-2021-33766
- CVE-2022-37042
- CVE-2023-3519
- CVE-2023-35078
- CVE-2022-3328
- CVE-2021-44142
- CVE-2024-38178
- CVE-2023-4966
- CVE-2024-0204
- CVE-2013-7389
- CVE-2017-0199
- CVE-2022-23093
- CVE-2024-23897
- CVE-2021-44228
- CVE-2023-34362
- CVE-2020-3259
- CVE-2023-32315
- CVE-2023-35082
- CVE-2024-40766
- CVE-2021-20028
- CVE-2023-3079
- CVE-2024-7971
- CVE-2018-0798
- CVE-2023-21932
- CVE-2024-40711
- CVE-2024-4577
- CVE-2023-34039
- CVE-2024-47575
- CVE-2022-22005
- CVE-2019-5591
- CVE-2024-38812
- CVE-2019-7609
- CVE-2023-33010
- CVE-2022-41973
- CVE-2022-22965
- CVE-2024-43461
- CVE-2021-41773
- CVE-2022-41040
- CVE-2023-20109
- CVE-2023-5129
- CVE-2021-25324
- CVE-2020-0688
- CVE-2023-28771
- CVE-2023-33246
- CVE-2021-26855
- CVE-2024-38193
- CVE-2023-0669
- CVE-2023-50164
- CVE-2023-27350
- CVE-2022-24664
- CVE-2024-36401
- CVE-2023-22515
- CVE-2022-24785
- CVE-2021-25323
- CVE-2022-41352
- CVE-2022-24990
- CVE-2024-21410
- CVE-2023-23397
- CVE-2018-4878
- CVE-2024-37085
- CVE-2023-36884
- CVE-2019-11510
- CVE-2021-36955
- CVE-2024-29849
- CVE-2021-4034
- CVE-2023-46604
- CVE-2014-8361
- CVE-2023-49103
- CVE-2022-27925
- CVE-2024-4040
- CVE-2021-45105
- CVE-2017-17215
ATT&CK IDs for Lazarus Group:
- T1564
- T1584 - Compromise Infrastructure
- T1057 - Process Discovery
- T1565
- T1498 - Network Denial of Service
- T1564.001
- T1195 - Supply Chain Compromise
- T1550.002 - Pass the Hash
- T1021.001
- T1608.001
- T1078.002 - Domain Accounts
- T1608
- T1590
- T1036 - Masquerading
- T1543.001 - Launch Agent
- T1027.013
- T1555
- T1592 - Gather Victim Host Information
- T1557.001
- T1585 - Establish Accounts
- T1132 - Data Encoding
- T1055.001
- T1589.002
- T1087.002
- T1059.006 - Python
- T1063 - Security Software Discovery
- T1102
- T1573.001 - Symmetric Cryptography
- T1505
- TA0006
- T1593
- T1014 - Rootkit
- T1060 - Registry Run Keys / Startup Folder
- T1557
- T1087
- T1143 - Hidden Window
- T1071.001
- T1560.001
- T1591
- T1565.003
- TA0003
- T1083
- T1588.002
- T1561 - Disk Wipe
- T1587.004 - Exploits
- T1566.002 - Spearphishing Link
- T1111 - Two-Factor Authentication Interception
- T1078.003 - Local Accounts
- T1132.001
- T1113 - Screen Capture
- T1129
- T1007
- T1559
- T1136
- T1595 - Active Scanning
- T1090.002
- T1001.003 - Protocol Impersonation
- T1059.007 - JavaScript
- T1203
- T1584
- T1027 - Obfuscated Files or Information
- T1059 - Command and Scripting Interpreter
- T1082 - System Information Discovery
- T1063
- T1134 - Access Token Manipulation
- T1059.004 - Unix Shell
- T1136 - Create Account
- T1566 - Phishing
- T1036.008
- T1567.002
- T1574
- T1585.002
- T1213 - Data from Information Repositories
- T1070.004
- T1587.001
- T1070 - Indicator Removal on Host
- T1112
- T1021.004 - SSH
- T1505.003
- T1505 - Server Software Component
- T1547.001
- T1036.003
- T1053 - Scheduled Task/Job
- T1543
- T1021
- T1565 - Data Manipulation
- T1105
- T1656
- T1585.001
- T1036
- T1055
- T1589 - Gather Victim Identity Information
- T1048
- T1608.002
- T1590 - Gather Victim Network Information
- T1189 - Drive-by Compromise
- T1033 - System Owner/User Discovery
- T1176 - Browser Extensions
- T1574.002 - DLL Side-Loading
- T1110
- T1102 - Web Service
- T1012
- T1119 - Automated Collection
- T1596 - Search Open Technical Databases
- T1531
- T1518 - Software Discovery
- T1140
- T1059.005
- T1552
- T1106 - Native API
- T1553
- T1138 - Application Shimming
- TA0040
- T1583.001
- T1505.004
- T1204.002
- T1124
- T1047 - Windows Management Instrumentation
- T1056 - Input Capture
- T1584.001
- T1056
- T1489
- T1119
- T1561.001
- T1031 - Modify Existing Service
- T1566
- TA0005 - Defense Evasion
- T1049
- T1491
- T1070.006
- T1497.002 - User Activity Based Checks
- T1068
- TA0011
- T1620
- T1176
- T1059.003 - Windows Command Shell
- T1102.002
- T1566.002
- T1568 - Dynamic Resolution
- T1553.002
- T1595
- T1566.001
- T1556
- T1095 - Non-Application Layer Protocol
- T1571
- T1546
- T1552 - Unsecured Credentials
- T1021.002 - SMB/Windows Admin Shares
- T1548
- T1449
- TA0007
- T1560
- T1017 - Application Deployment Software
- T1083 - File and Directory Discovery
- T1115 - Clipboard Data
- T1560.003
- T1027
- T1023 - Shortcut Modification
- T1496 - Resource Hijacking
- T1089 - Disabling Security Tools
- T1529
- T1192
- T1552.001 - Credentials In Files
- T1565.002
- T1041
- T1095
- T1016.001 - Internet Connection Discovery
- T1072 - Software Deployment Tools
- T1155 - AppleScript
- T1530
- T1001
- T1129 - Shared Modules
- T1190
- T1592
- T1218 - Signed Binary Proxy Execution
- T1585
- T1132.001 - Standard Encoding
- T1480
- T1071.004
- T1547.006
- TA0005
- T1008
- T1491.001
- T1040 - Network Sniffing
- T1555.005 - Password Managers
- T1071.004 - DNS
- T1139 - Bash History
- T1550
- T1547
- T1204 - User Execution
- T1566.003 - Spearphishing via Service
- T1219 - Remote Access Software
- T1573
- T1018 - Remote System Discovery
- T1056.001 - Keylogging
- T1497.003
- T1561
- T1485
- T1098
- T1195.002 - Compromise Software Supply Chain
- T1039 - Data from Network Shared Drive
- T1195.002
- T1204.002 - Malicious File
- T1081
- T1217
- T1014
- T1002
- T1454
- T1496
- T1033
- T1218.001
- T1003 - OS Credential Dumping
- T1543 - Create or Modify System Process
- T1587.002
- T1132
- T1485 - Data Destruction
- T1016
- T1219
- T1107
- T1608.001 - Upload Malware
- T1087 - Account Discovery
- T1505.003 - Web Shell
- T1542
- T1570 - Lateral Tool Transfer
- T1495
- TA0002
- T1078
- T1140 - Deobfuscate/Decode Files or Information
- T1444
- T1497 - Virtualization/Sandbox Evasion
- T1547.008
- T1195
- T1137 - Office Application Startup
- TA0009
- T1588
- T1127
- T1053.005 - Scheduled Task
- T1203 - Exploitation for Client Execution
- T1542.003
- T1031
- T1134.001
- T1562.001
- T1187
- T1441
- T1202 - Indirect Command Execution
- T1074
- T1018
- T1036.005 - Match Legitimate Name or Location
- T1090
- T1070
- T1112 - Modify Registry
- T1562.001 - Disable or Modify Tools
- T1497.001
- T1115
- T1560.002
- T1113
- T1199 - Trusted Relationship
- T1048 - Exfiltration Over Alternative Protocol
- T1055 - Process Injection
- T1449 - Exploit SS7 to Redirect Phone Calls/SMS
- T1553 - Subvert Trust Controls
- T1591 - Gather Victim Org Information
- T1565.001
- T1614.001
- T1518
- T1189
- T1040
- T1204
- T1547.009
- T1135
- T1574.002
- T1137
- T1428 - Exploit Enterprise Resources
- T1218.011 - Rundll32
- T1561.002
- T1547.001 - Registry Run Keys / Startup Folder
- T1053.003
- T1567 - Exfiltration Over Web Service
- T1586 - Compromise Accounts
- T1027.002
- T1078 - Valid Accounts
- T1459 - Device Unlock Code Guessing or Brute Force
- T1105 - Ingress Tool Transfer
- T1210 - Exploitation of Remote Services
- T1574 - Hijack Execution Flow
- T1569.002
- T1005
- T1110.003
- T1135 - Network Share Discovery
- T1090.001
- T1036.004
- T1059.003
- T1583.001 - Domains
- T1012 - Query Registry
- T1057
- T1587
- T1110 - Brute Force
- T1011
- T1001.003
- T1588 - Obtain Capabilities
- T1134.002
- T1572 - Protocol Tunneling
- T1571 - Non-Standard Port
- T1021 - Remote Services
- T1133 - External Remote Services
- T1608 - Stage Capabilities
- T1060
- T1218.010
- T1195.001
- T1056.001
- T1025
- T1036.005
- T1047
- T1583.006
- T1045
- T1445 - Abuse of iOS Enterprise App Signing Key
- T1059.001 - PowerShell
- T1125
- T1588.003
- T1221
- T1587.004
- T1010
- T1566.003
- T1562
- T1081 - Credentials in Files
- T1583.005
- T1568.002
- T1589
- T1591.004
- T1104 - Multi-Stage Channels
- T1574.013
- T1583 - Acquire Infrastructure
- T1486 - Data Encrypted for Impact
- T1562.004
- T1106
- T1134
- T1059.001
- T1573.001
- T1190 - Exploit Public-Facing Application
- T1218.011
- T1584.004
- T1027.002 - Software Packing
- T1059
- T1218.005
- T1547 - Boot or Logon Autostart Execution
- T1204.001
- T1614
- T1220
- T1071
- T1104
- TA0034
- T1202
- T1071 - Application Layer Protocol
- T1133
- T1560 - Archive Collected Data
- T1587 - Develop Capabilities
- T1583
- TA0004
- T1021.004
- T1553.002 - Code Signing
- T1003
- T1053
- T1486
- T1497.001 - System Checks
- T1053.005
- T1563
- T1071.001 - Web Protocols
- T1021.001 - Remote Desktop Protocol
- T1564 - Hide Artifacts
- T1046
- T1022
- T1568.002 - Domain Generation Algorithms
- T1555.003 - Credentials from Web Browsers
- T1037
- T1518.001
- T1074.001
- T1499 - Endpoint Denial of Service
- T1082
- T1534
- T1587.001 - Malware
- T1555 - Credentials from Password Stores
- T1588.004
- T1622
- T1070.003
- T1553.005
- T1003.001
- T1569
- T1583.004
- T1562.003
- T1218.007
- T1068 - Exploitation for Privilege Escalation
- T1210
- T1005 - Data from Local System
- T1055.002
- T1045 - Software Packing
- T1091
- T1114
- T1573 - Encrypted Channel
- T1021.002
- T1555.001 - Keychain
- T1567
- T1070.001
- T1048.003
- T1490
- T1027.007
- T1024 - Custom Cryptographic Protocol
- T1090 - Proxy
- T1218
- T1442
- T1064
- T1593.001
- T1056.004 - Credential API Hooking
- T1548 - Abuse Elevation Control Mechanism
- T1543.003
- T1568
- T1497
- T1016 - System Network Configuration Discovery
Associated Malware/Software for Lazarus Group:
-
Lazarus
-
Linux
-
win.alphanc
-
DDoS:Linux/Gafgyt
-
win.magic_rat
-
VMConnect
-
win.racket
-
Threat
-
osx.3cx_backdoor
-
osx.rustbucket
-
elf.spectral_blur
-
win.duuzer
-
Volgmer
-
Net
-
win.ratankba
-
CatB
-
invisibleferret
-
win.badcall
-
win.dratzarus
-
win.hermes
-
win.nachocheese
-
win.ghost_secret
-
netsh
-
Ransom:Win32/WannaCrypt
-
osx.yort
-
win.wannacryptor
-
osx.kandykorn
-
php.redhat_hacker
-
win.bitsran
-
win.electricfish
-
win.scout
-
win.ransomhub
-
win.cleantoad
-
Exploit:Win32/CVE-2017-0147
-
win.bistromath
-
HTTP
-
elf.badcall
-
BlueNoroff
-
osx.hloader
-
win.keymarble
-
Andariel
-
win.lazarus_killdisk
-
Tofsee.T
-
win.hotcroissant
-
win.bravonc
-
win.lcpdot
-
win.sierras
-
DDoS-Y
-
redline_stealer
-
win.rifdoor
-
Unix
-
win.pslogger
-
Win.Malware.Botgor-9853222-0
-
osx.simpletea
-
HARDRAIN
-
win.lazarloader
-
win.dtrack
-
POOLRAT
-
win.bankshot
-
win.roll_sling
-
elf.simpletea
-
NIDS
-
win.3cx_backdoor
-
win.wininetloader
-
win.brambul
-
GoldPickaxe
-
osx.applejeus
-
win.cur1_downloader
-
win.jessiecontea
-
Cutwail
-
win.iconic_stealer
-
win.winordll64
-
Gheg
-
mimikatz
-
cobalt_strike
-
win.srdi
-
hellokitty
-
osx.watchcat
-
win.lazardoor
-
win.rustbucket
-
KEYMARBLE
-
TrojanSpy
-
lazarloader
-
APNIC
-
tsunami
-
win.darkcomet
-
win.gopuram
-
ETERNALBLUE
-
win.bluenoroff
-
win.volgmer
-
win.comebacker
-
win.hoplight
-
RATANKBA
-
osx.spectral_blur
-
ps1.powerbrace
-
win.bootwreck
-
win.crat
-
amadey
-
DarkComet
-
win.romeos
-
win.fuwuqidrama
-
fullhouse
-
win.applejeus
-
apk.badcall
-
osx.interception
-
m1
-
aix.fastcash
-
Bankshot
-
MagicRAT
-
win.unidentified_042
-
win.artfulpie
-
osx.casso
-
win.vsingle
-
win.contopee
-
sliver
-
GoldDigger
-
DPRK
-
Formbook
-
win.snatchcrypto
-
PLAY
-
mirai
-
Mimikatz
-
win.neddnloader
-
win.blindingcan
-
win.unidentified_077
-
win.lambload
-
win.imprudentcook
-
win.typeframe
-
win.unidentified_101
-
jsoutprox
-
osx.dacls
-
win.banpolmex
-
win.postnaptea
-
FALLCHILL
-
win.power_ratankba
-
win.alreay
-
BADCALL
-
win.feed_load
-
win.anchormtea
-
RustDoor
-
Proxysvc
-
apk.hardrain
-
RustBucket
-
win.slickshoes
-
win.buffetline
-
win.miniblindingcan
-
win.httpsuploader
-
win.dacls
-
vidar
-
win.minitypeframe
-
win.webbytea
-
win.fudmodule
-
comebacker
-
Korean
-
AuditCred
-
win.ratankbapos
-
win.op_blockbuster
-
PWSX-gen
-
ps1.powerspritz
-
win.cloudburst
-
win.blindtoad
-
PWS:Win32/AgentTesla
-
Trojan:Win32/SmokeLoader
-
QUASAR
-
win.vyveva
-
win.touchmove
-
win.klackring
-
win.redshawl
-
win.lpeclient
-
win.nestegg
-
win.phandoor
-
win.cheesetray
-
js.quickcafe
-
GbdInf_305B1C9A.J!ibt
-
win.interception
-
FG!tr.ransom
-
Neurevt
-
Zombie.A
-
win.coredn
-
win.veiledsignal
-
win.wagenttea
-
win.bookcodesrat
-
Trojan:Win32/ClipBanker
-
win.ghost_rat
-
TYPEFRAME
-
osx.poolrat
-
RawDisk
-
AgentTesla.KM
-
TEL:MSIL/AgentTesla
-
win.joanap
-
win.hotwax
-
win.lightlesscan
-
win.hardrain
-
osaminer
-
osx.unidentified_001
-
win.unidentified_090
-
win.torisma
-
win.deltas
-
ET
-
jrat
-
Windows
-
win.wormhole
-
Mofksys.B
-
hermeticwiper
-
WannaCry
-
HOPLIGHT
-
osx.sugarloader
-
win.dyepack
-
win.forest_tiger
-
osx.manuscrypt
-
beavertail
Target Countries for FamousSparrow:
- Thailand
- Vietnam
- Indonesia
- Lithuania
- Mexico
- USA
- Ethiopia
- Taiwan
- UK
- Saudi Arabia
- Brazil
- France
- Canada
- Bangladesh
- Malaysia
- Guatemala
- Egypt
- Philippines
- India
- Netherlands
- Argentina
- Afghanistan
- Singapore
- Pakistan
- Israel
- South Africa
- Swaziland
- Germany
- Burkina Faso
Related CVEs for FamousSparrow:
- CVE-2020-1472
- CVE-2021-27065
- CVE-2023-48788
- CVE-2021-26855
- CVE-2024-21887
- CVE-2021-26858
- CVE-2021-26857
- CVE-2023-46805
- CVE-2022-3236
- CVE-2020-0688
ATT&CK IDs for FamousSparrow:
- T1543.003 - Windows Service
- T1548.002
- T1082 - System Information Discovery
- T1071.001 - Web Protocols
- T1588.001 - Malware
- T1102 - Web Service
- T1016 - System Network Configuration Discovery
- T1059.003 - Windows Command Shell
- T1112 - Modify Registry
- T1584 - Compromise Infrastructure
- T1047 - Windows Management Instrumentation
- T1027
- T1078
- T1573.002 - Asymmetric Cryptography
- T1588.005 - Exploits
- T1014 - Rootkit
- T1003 - OS Credential Dumping
- T1583.004 - Server
- T1068 - Exploitation for Privilege Escalation
- T1588.002 - Tool
- T1078 - Valid Accounts
- T1055.001 - Dynamic-link Library Injection
- T1133 - External Remote Services
- T1199 - Trusted Relationship
- T1078.002 - Domain Accounts
- T1587.001 - Malware
- T1059
- T1608.002 - Upload Tool
- T1132.001 - Standard Encoding
- T1021.002 - SMB/Windows Admin Shares
- T1083 - File and Directory Discovery
- T1574 - Hijack Execution Flow
- T1140 - Deobfuscate/Decode Files or Information
- T1530 - Data from Cloud Storage Object
- T1059 - Command and Scripting Interpreter
- T1102.002 - Bidirectional Communication
- T1547.001 - Registry Run Keys / Startup Folder
- T1059.001 - PowerShell
- T1106 - Native API
- T1608.001 - Upload Malware
- T1055 - Process Injection
- T1027 - Obfuscated Files or Information
- T1505.003 - Web Shell
- T1190 - Exploit Public-Facing Application
- T1574.002 - DLL Side-Loading
- T1053 - Scheduled Task/Job
- T1071.001
Associated Malware/Software for FamousSparrow:
-
Cobalt Strike
-
sparrow_door
-
Linux
-
ShadowPad - S0596
-
INC
-
GHOSTSPIDER
-
shadowpad
-
hemigate
-
Windows
Target Countries for DNSpionage:
- Lebanon
- Cyprus
- Iraq
- Egypt
- Sweden
- Albania
- Jordan
- Spain
- Libya
- Kuwait
Related CVEs for DNSpionage:
- CVE-2017-11882
- CVE-2016-7262
- CVE-2012-3993
- CVE-2012-0158
- CVE-2018-8453
- CVE-2014-3153
- CVE-2010-2568
- CVE-2011-2110
- CVE-2017-1188
- CVE-2002-0013
- CVE-2022-26134
- CVE-2017-0147
- CVE-2021-33764
- CVE-2020-0601
- CVE-2020-1472
- CVE-2019-12263
- CVE-2021-27065
- CVE-2017-0199
- CVE-2023-38831
- CVE-2015-1641
- CVE-2022-42475
- CVE-2018-8174
- CVE-2018-7600
- CVE-2012-1856
- CVE-2017-8759
- CVE-2015-1650
- CVE-2014-6352
- CVE-2023-36884
- CVE-2018-0798
- CVE-2017-8570
- CVE-2018-0802
- CVE-2010-3962
- CVE-2020-0674
- CVE-2016-0189
- CVE-2011-0589
- CVE-2022-47966
- CVE-2017-8464
- CVE-2021-40444
- CVE-2014-4114
- CVE-2014-6332
- CVE-2009-3672
- CVE-2013-2465
- CVE-2018-4893
- CVE-2005-1790
- CVE-2017-8291
- CVE-2017-0143
- CVE-2017-17215
ATT&CK IDs for DNSpionage:
- T1496
- T1033
- T1486
- T1043 - Commonly Used Port
- T1056.001 - Keylogging
- T1003.004 - LSA Secrets
- TA0029
- T1059
- T1584
- T1119
- T1056.001
- T1550
- T1120
- T1571
- T1068
- T1090
- T1056
- T1085
- T1071
- T1071.001
- T1204.002
- T1036
- T1499.001
- T1203 - Exploitation for Client Execution
- T1445
- T1562.001
- T1071.001 - Web Protocols
- T1140
- TA0004 - Privilege Escalation
- T1071.003
- T1563 - Remote Service Session Hijacking
- T1008
- T1060
- T1529
- T1179
- T1011
- T1046
- T1210 - Exploitation of Remote Services
- T1078
- T1130
- TA0002
- T1497.003
- T1410
- T1048.003 - Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
- T1070
- TA0009
- T1076 - Remote Desktop Protocol
- T1485
- T1449 - Exploit SS7 to Redirect Phone Calls/SMS
- T1027
- T1179 - Hooking
- T1573
- T1497 - Virtualization/Sandbox Evasion
- T1081
- T1133
- T1132
- T1423 - Network Service Scanning
- T1045
- T1568.001 - Fast Flux DNS
- T1546.015
- T1204
- T1543
- T1566.002
- T1056 - Input Capture
- T1453 - Abuse Accessibility Features
- T1105 - Ingress Tool Transfer
- T1071.004 - DNS
- T1082
- T1217
- T1041
- T1137
- T1445 - Abuse of iOS Enterprise App Signing Key
- T1489
- T1531
- T1127
- TA0011 - Command and Control
- T1071 - Application Layer Protocol
- T1450 - Exploit SS7 to Track Device Location
- T1059 - Command and Scripting Interpreter
- T1003
- T1087
- T1018 - Remote System Discovery
- TA0011
- T1125
- T1047
- T1031
- T1106
- T1566 - Phishing
- T1110
- T1090 - Proxy
- T1043
- T1563
- T1557 - Man-in-the-Middle
- T1450
- T1059.003
- T1048
- T1027 - Obfuscated Files or Information
- T1083
- T1562.004 - Disable or Modify System Firewall
- TA0003
- T1427 - Attack PC via USB Connection
- T1071.004
- T1012
- T1423
- T1596.001 - DNS/Passive DNS
- T1427
- T1136
- T1035
- T1055
- T1573 - Encrypted Channel
- T1561
- T1454
- T1498
- T1503
- T1007
- T1552
- T1038 - DLL Search Order Hijacking
- T1122
- T1100
- T1110.002 - Password Cracking
- T1472
- T1114
- T1595
- T1016
- T1497
- T1588.004
- T1049
- T1415
- T1057
- T1059.001 - PowerShell
- T1035 - Service Execution
- T1173
- T1211
- T1110.002
- T1505
- T1176
- T1173 - Dynamic Data Exchange
- T1547
- T1218
- T1211 - Exploitation for Defense Evasion
- T1140 - Deobfuscate/Decode Files or Information
- T1555
- T1583.002
- T1185 - Man in the Browser
- T1068 - Exploitation for Privilege Escalation
- T1530
- T1102
- T1596.004 - CDNs
- T1114.001
- T1055.003 - Thread Execution Hijacking
- T1590.002 - DNS
- T1129
- T1210
- T1560
- T1518
- T1005
- T1114 - Email Collection
- T1218 - Signed Binary Proxy Execution
- T1472 - Generate Fraudulent Advertising Revenue
- T1190
- T1404 - Exploit OS Vulnerability
- T1001
- T1040
- T1021.006 - Windows Remote Management
- T1583
- T1059.001
- T1059.007
- T1553
- T1105
- T1095
- T1562
- T1030
- T1059.007 - JavaScript
- T1176 - Browser Extensions
- TA0004
- T1053
- T1566
- T1453
- T1021
- T1003 - OS Credential Dumping
- T1539
- T1069.001 - Local Groups
- T1115
- T1036.004
- TA0007
- T1112
- T1608
- T1412
- T1184 - SSH Hijacking
- T1055 - Process Injection
- TA0005
- T1587
- T1170
- T1490
- T1449
- T1204 - User Execution
- T1124
- T1410 - Network Traffic Capture or Redirection
Associated Malware/Software for DNSpionage:
-
SHOTPUT
-
Keyloggers
-
Remnant
-
GenericKD.37827502
-
malicious.2a7bf4
-
Pegasus for Android - MOB-S0032
-
Mimikatz
-
LaplasClipper
-
RedLine Stealer
-
xtunnel
-
Cobalt Strike - S0154
-
SLFPER:InstallCore
-
Ursnif
-
HTML
-
Dropper.DR/AutoIt.Gen
-
Zusy.375932
-
undefined 1 ms 1 xyz 1 gl 1 net TLD aggregation com ms xyz gl net 20% 20% 20% 20% 20% TLD Count com 1 undefined NaN ms 1 xyz 1 gl 1 net 1 Combined blacklist timeline Hybrid-Analysis Maltiverse Resea
-
#Lowfi:SIGA:TrojanSpy:MSIL/Keylogger
-
Maltiverse
-
SdBot.CAOC
-
DDoS:Linux/Mirai
-
Tsara Brashears
-
Beach Research
-
Zbot
-
Pegasus for Android - S0316
-
Berbew.AA!MTB
-
TrojanSpy
-
Netsky
-
Sodin Ransomware
-
Proxy.exe Autoit
-
Variant.Bulz
-
ramnit
-
FG!tr.ransom
-
Skynet
-
malware_download suspicious.low.ml 2 malicious.moderate.ml 1 Unsafe.AI_Score_98% 1 Mobigame 1 banker,evasive,retefe 1 Program.Unwanted 1 malicious.high.ml 1 Kryptik.dawvk 1 Unsafe.AI_Score_91% 1 Adwar
-
Adware
-
Steam
-
GameHack.DR
-
Phish.AB
-
Win.Malware.Botgor-9853222-0
-
Anonymizer
-
generic.ml
-
redline_stealer
-
ET
-
Mitre Attack
-
Backdoor:Linux/Mirai
-
WebToolbar
-
Mirai
-
Relic
-
win.karkoff
-
Radar Ineractive
-
TEL:Trojan:Win32/Emotet
-
Behav
-
TEL:Delphi/Obfuscator
-
dnspionage
-
Laplas
-
Artemis
-
win.dnspionage
-
BUBBLEWRAP
-
bloodalchemy
Top Ransomware Groups
hunters
★
Rank: 1
1184093
Audience
15
News
2
IOC
Target Countries:
Korea, Republic of
Singapore
Namibia
United Arab Emirates
Thailand
+ 48
Target Sectors:
Food Manufacturing -
Real Estate -
Hospitals -
Accommodation -
Air Transportation -
Associated Malware/Software:
Ransomware
Related CVE's:
No CVE's available.
ATT&CK IDs:
No Attack IDs
See Details
lockbit
★
Rank: 2
1150000
Audience
12
News
27796
IOC
Target Countries:
Finland
Costa Rica
Cyprus
United Arab Emirates
Thailand
+ 80
Target Sectors:
Food Manufacturing -
Software Publishers -
Real Estate -
Hospitals -
Enterprises & Holding -
Associated Malware/Software:
Remsec
VB.PwShell.2
FonePaw
VB:Trojan.Valyria
Inmortal
+ 324
Related CVE's:
CVE-2021-36942
CVE-2023-5009
CVE-2020-0787
CVE-2018-0798
CVE-2023-22515
+ 50
ATT&CK IDs:
T1038
T1064
TA0003
T1021.001
T1022
+ 157
See Details
ransomhub
★
Rank: 3
771478
Audience
15
News
107
IOC
Target Countries:
Qatar
Costa Rica
Cyprus
Guatemala
United Arab Emirates
+ 80
Target Sectors:
Food Manufacturing -
Real Estate -
Hospitals -
Accommodation -
Air Transportation -
Associated Malware/Software:
No Malware available.
Related CVE's:
CVE-2022-26809
CVE-2021-44228
CVE-2021-34527
ATT&CK IDs:
T1566.001
T1078
T1562.001
T1486
T1027
See Details
clop
★
Rank: 4
540000
Audience
9
News
70
IOC
Target Countries:
Finland
Singapore
United Arab Emirates
Mauritius
Canada
+ 40
Target Sectors:
Food Manufacturing -
Rail Transportation -
Hospitals -
Manufacturing -
Construction -
Associated Malware/Software:
HopToDesk
win.darkgate
win.stealbit
elf.lockbit
Cyclops Blink - S0687
+ 10
Related CVE's:
CVE-2024-0204
CVE-2021-34527
CVE-2023-3284
CVE-2022-47966
CVE-2018-8453
+ 8
ATT&CK IDs:
T1573
T1132
T1566
T1574
T1129
+ 34
See Details
Target Countries for hunters:
- Korea, Republic of
- Singapore
- Namibia
- United Arab Emirates
- Thailand
- Bulgaria
- Zimbabwe
- Jamaica
- Lithuania
- None
- Canada
- Malaysia
- Japan
- Brazil
- Ireland
- Poland
- United Kingdom
- Australia
- Romania
- Taiwan, Province of China
- New Zealand
- Global
- Uganda
- India
- South Africa
- Hungary
- France
- Côte d'Ivoire
- China
- Mexico
- Belgium
- Sweden
- Dominican Republic
- Italy
- United States
- Czech Republic
- Dominica
- Turkey
- Haiti
- Senegal
- El Salvador
- Latvia
- Russian Federation
- Spain
- Argentina
- Germany
- Switzerland
- Vietnam
- Indonesia
- Egypt
- Netherlands
- Tunisia
- Hong Kong
Related CVEs for hunters:
ATT&CK IDs for hunters:
Associated Malware/Software for hunters:
-
Ransomware
Target Countries for lockbit:
- Finland
- Costa Rica
- Cyprus
- United Arab Emirates
- Thailand
- None
- Canada
- Malaysia
- Greece
- Ireland
- Poland
- Global
- Iceland
- India
- Luxembourg
- Bahamas
- Bolivia, Plurinational State of
- France
- Nigeria
- Panama
- Georgia
- China
- Virgin Islands, U.S.
- Cuba
- Belgium
- Israel
- Dominican Republic
- Bangladesh
- Italy
- Czech Republic
- Afghanistan
- Haiti
- Angola
- Philippines
- Indonesia
- Ethiopia
- Egypt
- Mozambique
- Chile
- Slovakia
- Netherlands
- Korea, Republic of
- Singapore
- Bulgaria
- Portugal
- Trinidad and Tobago
- Iran, Islamic Republic of
- Japan
- Croatia
- Brazil
- United Kingdom
- Norway
- Australia
- Romania
- Taiwan, Province of China
- Samoa
- New Zealand
- Lebanon
- South Africa
- Hungary
- Uruguay
- Saint Vincent and the Grenadines
- Mexico
- Kenya
- Sweden
- Martinique
- United States
- Oman
- Jordan
- Peru
- Turkey
- Senegal
- Russian Federation
- Austria
- Spain
- Argentina
- Germany
- Switzerland
- Saudi Arabia
- Venezuela, Bolivarian Republic of
- Nicaragua
- Kuwait
- Colombia
- Hong Kong
- Ukraine
Related CVEs for lockbit:
- CVE-2021-36942
- CVE-2023-5009
- CVE-2020-0787
- CVE-2018-0798
- CVE-2023-22515
- CVE-2023-40044
- CVE-2017-11882
- CVE-2023-29324
- CVE-2020-0796
- CVE-2023-46747
- CVE-2023-20109
- CVE-2018-8453
- CVE-2023-36884
- CVE-2023-3519
- CVE-2017-0147
- CVE-2017-0143
- CVE-2014-3153
- CVE-2019-19781
- CVE-2023-5129
- CVE-2018-13379
- CVE-2022-3236
- CVE-2023-38035
- CVE-2023-20198
- CVE-2023-3284
- CVE-2022-36537
- CVE-2023-34039
- CVE-2024-1709
- CVE-2021-34473
- CVE-2021-34523
- CVE-2021-20028
- CVE-2022-26134
- CVE-2015-1650
- CVE-2017-8464
- CVE-2021-44228
- CVE-2023-4966
- CVE-2024-21412
- CVE-2017-0199
- CVE-2023-20269
- CVE-2021-31207
- CVE-2021-26857
- CVE-2019-11510
- CVE-2023-38831
- CVE-2023-36025
- CVE-2017-17215
- CVE-2023-27350
- CVE-2023-46604
- CVE-2022-30190
- CVE-2022-47966
- CVE-2021-22986
- CVE-2022-42475
- CVE-2024-1708
- CVE-2023-22518
- CVE-2023-46748
- CVE-2023-23397
- CVE-2021-27065
ATT&CK IDs for lockbit:
- T1038
- T1064
- TA0003
- T1021.001
- T1022
- T1110
- T1176
- T1012
- T1445
- T1562.004
- T1482
- T1410
- T1057
- T1018
- T1596
- T1569
- T1210
- T1056
- T1029
- T1530
- T1567
- T1027.002
- T1199
- T1106
- T1207
- T1137
- T1036
- T1008
- T1041
- TA0040
- T1053
- T1189
- T1133
- TA0005
- T1587
- T1518
- T1193
- T1078
- T1574
- T1059.007
- T1127
- T1056.001
- T1021
- T1048
- T1539
- TA0004
- T1491
- T1450
- T1412
- T1454
- TA0011
- T1556
- T1055
- T1559.001
- T1059.002
- T1583.002
- T1088
- T1553
- T1563
- T1129
- TA0009
- T1031
- T1219
- T1156
- T1591
- T1187
- T1136
- T1059.003
- T1518.001
- T1614
- T1070.004
- T1100
- T1566
- T1564
- T1560
- T1059
- T1574.002
- T1082
- T1087
- T1113
- T1552
- T1102
- T1489
- T1134
- T1147
- T1083
- T1060
- T1486
- T1105
- T1221
- TA0006
- T1071.002
- T1068
- T1564.001
- T1496
- T1480
- T1046
- T1072
- T1490
- T1498
- T1204.002
- T1132
- T1053.005
- TA0034
- T1585
- T1003.008
- T1204
- TA0029
- T1112
- T1005
- T1218
- T1570
- T1095
- T1485
- T1140
- T1588
- TA0007
- T1449
- T1074
- T1104
- T1011
- T1543
- T1070
- T1063
- T1497
- T1049
- T1583
- T1071
- T1562.001
- T1584.005
- T1090
- T1562
- T1555
- T1211
- T1531
- T1571
- TA0002
- T1003
- T1114
- T1546
- T1190
- T1583.005
- T1027
- T1183
- T1548
- T1071.004
- T1110.002
- T1195
- T1001.002
- T1584
- T1505
- T1573
- T1016
- T1572
- T1547
- T1040
- T1071.003
- T1122
- T1001
- T1010
- T1071.001
- T1047
Associated Malware/Software for lockbit:
-
Remsec
-
VB.PwShell.2
-
FonePaw
-
VB:Trojan.Valyria
-
Inmortal
-
Bitmap.exe
-
Hall Render
-
Win32/SocStealer!rfn
-
Gen:Heur.NoobyProtect
-
FileRepMalware
-
Loki Bot
-
Lumma Stealer
-
SpyAgent
-
win.bloodalchemy
-
ALF:Ransom:Win32/LockBit
-
Backdoor.Oldrea
-
VB.EmoDldr.4
-
win.lookback
-
win.netfilter
-
TA505
-
win.agent_tesla
-
FG!tr.ransom
-
GlobalNet
-
WannaCry Kill Switch
-
AgentTesla
-
VB.Chronos.7
-
Script.INF
-
win.chaos
-
AGEN.1045227
-
GetLucky
-
Win.Worm.Mydoom-5
-
win.pwndlocker
-
GLOOXMAIL
-
Maltiverse
-
KANDYKORN macOS
-
Mastadon
-
Unsafe
-
RedlineStealer
-
Lokbit
-
win.cobalt_strike
-
Gen:NN.ZemsilF.34128
-
Presenoker
-
ScrInject.B
-
RedLine Stealer
-
Indiloadz.BB
-
TrojanSpy
-
States
-
BScope.Riskware
-
Exploit CVE-2017-11882
-
jar.jrat
-
HallGrand
-
win.darkgate
-
HopToDesk
-
Marina Botnet
-
Tor - S0183
-
Wiper
-
Quasar RAT
-
HEUR:Trojan.BAT
-
Kraddare
-
Zpevdo
-
Patcher
-
$WebWatson
-
W32.AIDetectVM
-
PUA.Reg1staid
-
AutoIT
-
index.php
-
win.azorult
-
apk.alien
-
Magic
-
Ghandi
-
fake ,promethiumm ,strongpity
-
win.formbook
-
win.lumma
-
IL:Trojan.MSILZilla
-
elf.lockbit
-
Ursu
-
js.gootloader
-
PWS.p
-
win.amadey
-
Win32:RansomX-gen\ [Ransom]
-
Makop
-
3AM
-
Dark Power
-
win.nokoyawa
-
elf.ransomexx
-
SdBot.CAOC
-
Systweak
-
WininiCrypt
-
Daisy Coleman
-
BEC
-
Ulise.345018
-
Fusioncore
-
elf.dark
-
win.quasar_rat
-
win.asyncrat
-
PWSX
-
DroxiDat
-
CIL.HeapOverride
-
Deuterbear
-
PWS:Win32/QQpass.CI
-
win.nymaim
-
MalwareX
-
BlackNET
-
js.evilnum
-
Lazarus
-
ALF:HeraklezEval:Trojan:Win32/Ymacco.AA47
-
win.rhadamanthys
-
Stopransomware.gov
-
win.icefog
-
Pegasus for iOS - S0289
-
Gen:Variant.Bulz
-
Zbot
-
HTML_REDIR.SMR
-
Remcos RAT
-
Gen:Trojan.Heur
-
ALPHV
-
ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger
-
Win.Packer.Crypter-6539596-1
-
Trojan:Win32/WannaCry.350
-
Crypt3.BLXP
-
Virus.Botgor!1.D115 (CLASSIC)
-
elf.blackmatter
-
win.lokipws
-
Win32.HsIdir
-
SocGholish
-
JS:Iframe
-
Evo
-
NoName057
-
win.blacknet_rat
-
Tsara Brashears
-
BlackCat - S1068
-
Hidden Form
-
LNK
-
WannaCry
-
staticrr.paleokits.net
-
ELF
-
Ransom:Win32/CVE-2017-0147
-
Worm:Win32/Benjamin
-
win.cuba
-
Black
-
Strictor
-
Arid.Viper_CnC
-
ETERNALBLUE
-
elf.babuk
-
Win.Malware.Botgor-9853222-0
-
Brontok
-
win.kuluoz
-
CVE-2015-1650
-
win.remcos
-
BehavBehavesLike.PUPXBI
-
win.parallax
-
Phish.AB
-
DoNex
-
win.dridex
-
win.maze
-
Malvertizing
-
W32.AIDetect.malware2
-
Ransomware
-
W32.eHeur
-
win.ramnit
-
ALF:TrojanSpy:Win32/Keylogger
-
Swisyn
-
LNK.Powershell
-
win.stealbit
-
JHUHUGIT
-
Faceliker.A
-
PWS-FCZZ
-
win.virut
-
Trojan:Win32/Wacatac
-
Trojan:VBA/Downldr
-
win.feodo
-
TROJ_FRS.VSN1EJ18
-
Python
-
darkrace
-
Trojan:Python/Downldr
-
Threat
-
win.suppobox
-
Cyberespionage
-
SGeneric
-
Exploit.CVE
-
Suspicious.Save
-
TROJ_GEN.R002C0OG518
-
LolKek
-
Packed-GV
-
CVE JAR
-
Zbd Zeus
-
Twitter Malware
-
win.wannacryptor
-
Keylogger
-
NBAE
-
APT Notes
-
Trojan:Linux/Downldr
-
WebToolbar
-
Relic
-
Kryptik.FPH.gen
-
HTML:Script
-
Detects UPATRE
-
Raas
-
Delf.NBX
-
Tulach Malware
-
elf.mikey
-
win.lockfile
-
Bl00dy
-
Bleed
-
win.trickbot
-
Adload.AD81
-
Cyclops Blink - S0687
-
TrickBot - S0266
-
ETPRO
-
py.networm
-
TrueSightKiller
-
Tulach
-
Agent Tesla
-
PSW.Stealer
-
Trojan:MSIL/Burkina
-
Arkei
-
IOCs
-
win.njrat
-
Sabey
-
Noberus
-
win.karagany
-
win.graftor
-
PossibleThreat.PALLAS
-
win.raccoon
-
win.redcap
-
Worm:VBS/Dapato
-
OpenSubtitles.A
-
SNH:Script [Dropper]
-
Crack
-
Agent Tesla - S0331
-
Xegumumune.8596c22f
-
win.redline_stealer
-
win.webmonitor
-
win.locky
-
susp.lnk
-
Cybersecurity News
-
win.blueshell
-
JavaScript
-
win.agent_btz
-
VB.EmoooDldr.10
-
HEUR:AdWare.StartSurf
-
Phishing
-
Qbot
-
Application.SQLCrack
-
Pegasus
-
Win32:RATX-gen [Trj]
-
elf.mirai
-
Wacatac
-
Beacons
-
Adware
-
MSIL.C515258
-
QakBot
-
Downldr.gen
-
Win64.Payload.Limepad
-
Dropper.DR/AutoIt.Gen
-
win.vidar
-
Dapato
-
GhostDriver
-
Bazaar Loader
-
Ursnif
-
OriginLoader
-
win.emotet
-
Bit RAT
-
win.immortal_stealer
-
Artemis
-
malicious.2a7bf4
-
generic.ml
-
JS:Trojan.HideLink
-
win.smokeloader
-
win.doublepulsar
-
Trojan:Win32/Detplock
-
Cobalt Strike
-
GameHack.DR
-
Witchetty
-
Pua.Gen
-
DangerousObject.Multi
-
Ryuk ransomware
-
RevengeRAT
-
Swort
-
TrojanDownloader:Linux/Downldr
-
win.bobik
-
Nemucod
-
win.nanocore
-
Ransom_WCRY.SMALYM
-
Injector.IS.gen
-
HallRender
-
Amazon AES
-
Suspicious_GEN.F47V0520
-
win.dnspionage
-
Domains
-
W32/Hupigon.NCU
-
CHOPSTICK
-
Strike Beacon
-
PS1
-
win.shadowpad
-
Detplock
-
win.waterbear
-
win.xworm
-
win.hupigon
-
Death Bitches
-
Apple Malware
-
elf.blackcat
-
RiskTool.Phpw
-
AzoruIt
-
VBS
-
Facebook HT
-
Virus:DOS/Burma
-
Rhysida
-
Win.Packed.Zenpak-7101989-0
-
Skynet
-
Discord
-
Wacapew.C
-
RedLine
-
TSGeneric
-
Win.Downloader.76944-1
-
Maui ransomware
-
Program.Unwanted
-
S-b748adc5
-
Auslogics
-
elf.conti
-
CIL.StupidCryptor
-
Download
-
NetSupport
-
njRAT - S0385
-
WisdomEyes.16070401.9500
-
Ransom:Win32/GandCrab.AE
-
Racoon Stealer
-
Silk Road
-
win.zeus
Target Countries for ransomhub:
- Qatar
- Costa Rica
- Cyprus
- Guatemala
- United Arab Emirates
- Guernsey
- Thailand
- Lithuania
- None
- Canada
- Malaysia
- Greece
- Myanmar
- Ireland
- Poland
- Global
- Serbia
- India
- Luxembourg
- France
- Panama
- China
- Ecuador
- Belgium
- Morocco
- Israel
- Dominican Republic
- Bangladesh
- Italy
- Pakistan
- Guadeloupe
- El Salvador
- Philippines
- Vietnam
- Indonesia
- Egypt
- Fiji
- Chile
- Slovakia
- Netherlands
- Tunisia
- Korea, Republic of
- Singapore
- Jamaica
- Iran, Islamic Republic of
- Malta
- Japan
- Brazil
- United Kingdom
- Norway
- Australia
- Romania
- Taiwan, Province of China
- New Zealand
- Lebanon
- South Africa
- Hungary
- Sri Lanka
- Iraq
- Denmark
- Mexico
- Kenya
- Timor-Leste
- Sweden
- United States
- Paraguay
- Oman
- Peru
- Turkey
- Senegal
- Latvia
- Russian Federation
- Austria
- Spain
- Argentina
- Germany
- Switzerland
- Saudi Arabia
- Venezuela, Bolivarian Republic of
- Sudan
- Kuwait
- Colombia
- Hong Kong
- Tuvalu
- Ukraine
Related CVEs for ransomhub:
- CVE-2022-26809
- CVE-2021-44228
- CVE-2021-34527
ATT&CK IDs for ransomhub:
- T1566.001
- T1078
- T1562.001
- T1486
- T1027
Associated Malware/Software for ransomhub:
Target Countries for clop:
- Finland
- Singapore
- United Arab Emirates
- Mauritius
- Canada
- Malaysia
- Japan
- Croatia
- Greece
- Brazil
- Ireland
- Poland
- Congo, the Democratic Republic of the
- United Kingdom
- Australia
- Global
- Madagascar
- India
- Luxembourg
- Hungary
- Bahamas
- France
- Nigeria
- Panama
- China
- Mexico
- Ecuador
- Kenya
- Israel
- Dominican Republic
- Italy
- United States
- Peru
- Turkey
- Russian Federation
- Austria
- Spain
- Argentina
- Germany
- Philippines
- Switzerland
- Syrian Arab Republic
- Netherlands
- Colombia
- Hong Kong
Related CVEs for clop:
- CVE-2024-0204
- CVE-2021-34527
- CVE-2023-3284
- CVE-2022-47966
- CVE-2018-8453
- CVE-2023-4966
- CVE-2024-21412
- CVE-2023-22527
- CVE-2023-20269
- CVE-2023-36025
- CVE-2023-49103
- CVE-2024-21762
- CVE-2019-19781
ATT&CK IDs for clop:
- T1573
- T1132
- T1566
- T1574
- T1129
- T1012
- T1005
- T1560
- T1204
- T1016
- T1112
- T1036
- T1083
- T1105
- T1176
- T1059
- T1057
- T1071
- T1498
- T1010
- T1055
- T1106
- T1056
- T1003
- T1027
- T1104
- T1486
- T1041
- T1547
- T1497
- T1480
- T1140
- T1552
- T1049
- T1082
- T1078
- T1566.001
- T1071.001
- T1133
Associated Malware/Software for clop:
-
HopToDesk
-
win.darkgate
-
win.stealbit
-
elf.lockbit
-
Cyclops Blink - S0687
-
GoAnywhere MFT
-
TrueSightKiller
-
GhostDriver
-
ALPHV
-
Download
-
Noberus
-
Deuterbear
-
win.waterbear
-
BlackCat - S1068
-
Cyberespionage
Discover the adversaries targeting your industry
Search Your Enemy
Copyright © 2025 SOCRadar Cyber Intelligence Inc.
All rights
reserved.
