SCATTERED SPIDER
Rank: 1
THREAT ACTOR INTELLIGENCE KNOW YOUR ENEMY
- Know their tactics, techniques, and past activities.
- Access detailed profiles and track threat actor activities.
- Keep up with the latest threats and Tactics, Techniques, and Procedures (TTPs).
- Prioritize risks based on active threat actors in your industry or region.
Discover the
adversaries targeting your industry
Clear
Search
Please select a filter to get Threat Actors!
Top Threat Actors
3715200
Audience
110
News
898
IOC
Target Countries:
No target country found.
Target Sectors:
No target sector found.
Associated Malware/Software:
BlackCat
WarzoneRAT
Mimikatz
LaZagne
ngrok
+ 1
Related CVE's:
CVE-2024-37085
CVE-2024-3400
CVE-2023-28252
CVE-2022-41328
CVE-2022-30190
+ 4
ATT&CK IDs:
T1027 - Obfuscated Files or Information
T1049
T1087
T1021
T1115
+ 141
See Details
APT37
★
Rank: 2
805221
Audience
4
News
5696
IOC
Target Countries:
Russia
UK
China
Hong Kong
Cambodia
+ 12
Target Sectors:
Government -
Transportation -
Chemical -
Aerospace -
Financial -
Associated Malware/Software:
win.bluelight
Ursnif
ROKRAT - S0240
APT37
rokrat
+ 36
Related CVE's:
CVE-2024-38178
CVE-2023-38831
CVE-2023-36884
CVE-2023-34362
CVE-2022-47966
+ 14
ATT&CK IDs:
T1027 - Obfuscated Files or Information
T1559 - Inter-Process Communication
T1049
T1087
T1021
+ 229
See Details
TA406
★
Rank: 3
661260
Audience
6
News
0
IOC
Target Countries:
Russia
Germany
China
United Kingdom
Japan
+ 5
Target Sectors:
NGOs -
Government -
Financial -
Research institutions -
Journalists -
Associated Malware/Software:
No Malware available.
Related CVE's:
CVE-2021-26855
CVE-2020-0796
CVE-2017-0199
ATT&CK IDs:
T1071.001
T1059
T1566
See Details
Lazarus Group
★
Rank: 4
535000
Audience
3
News
26518
IOC
Target Countries:
Belgium
Chile
Worldwide (WannaCry)
India
UK
+ 23
Target Sectors:
Government -
Financial -
Energy -
Healthcare -
Aerospace -
Associated Malware/Software:
win.volgmer
win.tsunami
win.3cx_backdoor
osx.rustbucket
win.unidentified_090
+ 158
Related CVE's:
CVE-2024-7971
CVE-2024-6327
CVE-2024-5274
CVE-2024-4947
CVE-2024-47575
+ 169
ATT&CK IDs:
T1569.002
T1588.002
T1530
T1001.003
T1204
+ 426
See Details
Target Countries for SCATTERED SPIDER:
Related CVEs for SCATTERED SPIDER:
- CVE-2024-37085
- CVE-2024-3400
- CVE-2023-28252
- CVE-2022-41328
- CVE-2022-30190
- CVE-2021-44228
- CVE-2021-35464
- CVE-2020-1472
- CVE-2015-2291
ATT&CK IDs for SCATTERED SPIDER:
- T1027 - Obfuscated Files or Information
- T1049
- T1087
- T1021
- T1115
- T1078
- T1588.002
- T1087.004
- T1562
- T1556
- T1087.003
- T1530
- T1204
- T1566 - Phishing
- T1591 - Gather Victim Org Information
- T1589
- T1056
- T1068
- T1486
- T1219 - Remote Access Software
- T1583
- T1584 - Compromise Infrastructure
- T1098.003
- T1190 - Exploit Public-Facing Application
- T1053 - Scheduled Task/Job
- T1621
- T1588
- T1583 - Acquire Infrastructure
- T1078.004
- T1584.001 - Domains
- T1556.006
- T1518 - Software Discovery
- T1176
- T1484
- T1598.004
- T1538
- T1021.007
- T1589.001
- T1114
- T1106
- T1104 - Multi-Stage Channels
- T1059.001
- T1539
- T1496 - Resource Hijacking
- T1553 - Subvert Trust Controls
- T1199
- T1598
- T1195 - Supply Chain Compromise
- T1105 - Ingress Tool Transfer
- T1213.002
- T1213.005
- T1134 - Access Token Manipulation
- T1484.002
- T1003.003
- T1657
- T1105
- T1119
- T1656
- T1217
- T1606 - Forge Web Credentials
- T1071.001
- T1589.002 - Email Addresses
- T1195
- T1213.003
- T1090
- T1553
- T1053
- T1566.004
- T1589 - Gather Victim Identity Information
- T1562 - Impair Defenses
- T1562.004
- T1531
- T1564
- T1564.008
- T1608 - Stage Capabilities
- T1578.002
- T1110 - Brute Force
- T1087 - Account Discovery
- T1098
- T1567 - Exfiltration Over Web Service
- T1070 - Indicator Removal on Host
- T1068 - Exploitation for Privilege Escalation
- T1006
- T1553.002
- T1213
- T1098.001
- T1011
- T1098.005
- T1567.002
- T1572
- T1074
- T1059
- T1078 - Valid Accounts
- T1566
- T1530 - Data from Cloud Storage Object
- T1003
- T1102
- T1498 - Network Denial of Service
- T1047
- T1133
- T1027
- T1586 - Compromise Accounts
- T1059 - Command and Scripting Interpreter
- T1029 - Scheduled Transfer
- T1190
- T1090 - Proxy
- T1496
- T1136
- T1046
- T1136 - Create Account
- T1580
- T1106 - Native API
- T1552.004
- T1056 - Input Capture
- T1562.004 - Disable or Modify System Firewall
- T1583.001 - Domains
- T1069
- T1212 - Exploitation for Credential Access
- T1021 - Remote Services
- T1036 - Masquerading
- T1018
- T1087.002
- T1556.009
- T1552
- T1585 - Establish Accounts
- T1003 - OS Credential Dumping
- T1552 - Unsecured Credentials
- T1586.002 - Email Accounts
- T1578
- T1199 - Trusted Relationship
- T1089
- T1606
- T1552.001
- T1219
- T1543 - Create or Modify System Process
- T1083
- T1585
- T1102 - Web Service
- T1562.001 - Disable or Modify Tools
- T1567
- T1133 - External Remote Services
- T1140
- T1598.001
- T1069.003
- T1003.006
- T1547 - Boot or Logon Autostart Execution
Associated Malware/Software for SCATTERED SPIDER:
-
BlackCat
-
WarzoneRAT
-
Mimikatz
-
LaZagne
-
ngrok
-
Impacket
Target Countries for APT37:
- Russia
- UK
- China
- Hong Kong
- Cambodia
- Japan
- Thailand
- USA
- Poland
- Laos
- Czech
- India
- Nepal
- Vietnam
- South Korea
- Kuwait
- Romania
Related CVEs for APT37:
- CVE-2024-38178
- CVE-2023-38831
- CVE-2023-36884
- CVE-2023-34362
- CVE-2022-47966
- CVE-2022-42475
- CVE-2022-41352
- CVE-2022-41128
- CVE-2022-0609
- CVE-2021-34480
- CVE-2021-33764
- CVE-2020-1472
- CVE-2020-1380
- CVE-2018-8373
- CVE-2018-8174
- CVE-2018-4878
- CVE-2017-8291
- CVE-2017-11882
- CVE-2017-0199
ATT&CK IDs for APT37:
- T1027 - Obfuscated Files or Information
- T1559 - Inter-Process Communication
- T1049
- T1087
- T1021
- T1078
- T1115
- T1548.002
- TA0037
- TA0028
- T1562
- T1426
- T1505
- T1530
- T1104
- T1204
- T1566 - Phishing
- T1559.002
- T1021.006 - Windows Remote Management
- T1068
- T1056
- T1486
- T1135
- T1583
- T1444
- T1573
- T1560 - Archive Collected Data
- T1123
- T1071
- T1190 - Exploit Public-Facing Application
- T1432 - Access Contact List
- T1497.003
- T1071 - Application Layer Protocol
- T1429 - Capture Audio
- T1016
- T1059.006
- T1114.001
- T1430
- T1074 - Data Staged
- T1528
- T1518 - Software Discovery
- T1176
- T1135 - Network Share Discovery
- T1107
- T1569
- T1497
- T1113
- T1485 - Data Destruction
- T1041
- T1106
- T1114
- T1059.001 - PowerShell
- T1043
- T1546 - Event Triggered Execution
- T1114 - Email Collection
- T1059.001
- T1123 - Audio Capture
- T1539
- T1412 - Capture SMS Messages
- T1049 - System Network Connections Discovery
- TA0002
- T1025
- T1553 - Subvert Trust Controls
- T1598
- T1082 - System Information Discovery
- T1550
- T1571
- T1105 - Ingress Tool Transfer
- T1176 - Browser Extensions
- T1608
- T1574
- T1495
- T1012 - Query Registry
- T1132
- T1048
- T1204 - User Execution
- T1018 - Remote System Discovery
- T1532
- T1602 - Data from Configuration Repository
- T1566.001
- T1113 - Screen Capture
- TA0009
- T1105
- T1057
- T1119
- T1082
- T1420
- T1217
- T1170
- T1071.001
- T1005
- T1498
- T1055
- TA0005
- T1033 - System Owner/User Discovery
- T1418
- T1071.001 - Web Protocols
- T1095
- T1571 - Non-Standard Port
- T1036.001
- T1203 - Exploitation for Client Execution
- T1102.002
- T1090
- T1553
- T1053
- T1012
- T1518
- T1137
- T1562 - Impair Defenses
- T1112
- T1548
- T1531
- T1197
- T1124 - System Time Discovery
- T1587
- T1429
- T1134
- T1005 - Data from Local System
- T1404 - Exploit OS Vulnerability
- T1059.003
- T1490
- T1010
- T1570
- T1098
- T1561
- T1567 - Exfiltration Over Web Service
- T1070 - Indicator Removal on Host
- T1555.003
- T1127
- T1068 - Exploitation for Privilege Escalation
- T1064
- T1514 - Elevated Execution with Prompt
- T1059.007 - JavaScript
- T1125 - Video Capture
- T1555
- T1588.001 - Malware
- T1011
- T1481
- T1584
- T1055 - Process Injection
- TA0004
- T1074
- T1193
- T1059.003 - Windows Command Shell
- T1485
- T1008
- T1595
- T1059
- T1033
- T1078 - Valid Accounts
- T1070
- T1566
- T1003
- T1036
- T1102
- T1057 - Process Discovery
- T1498 - Network Denial of Service
- T1547
- T1001
- TA0011
- T1189 - Drive-by Compromise
- T1047
- T1133
- T1203
- TA0040
- T1027
- T1561.002
- T1056.001
- TA0034
- T1130
- T1059 - Command and Scripting Interpreter
- T1189
- T1060
- T1110
- T1080
- T1529
- T1190
- T1041 - Exfiltration Over C2 Channel
- T1146
- T1046
- T1136
- T1496
- T1120
- T1072
- TA0003
- T1218 - Signed Binary Proxy Execution
- T1106 - Native API
- T1056 - Input Capture
- T1490 - Inhibit System Recovery
- T1489
- T1132 - Data Encoding
- T1007
- T1512 - Capture Camera
- T1543
- T1059.005
- T1573 - Encrypted Channel
- T1085
- T1036 - Masquerading
- T1573.001 - Symmetric Cryptography
- T1124
- TA0006
- TA0007
- T1020 - Automated Exfiltration
- T1018
- T1053.005
- T1218
- T1497 - Virtualization/Sandbox Evasion
- T1140 - Deobfuscate/Decode Files or Information
- T1552
- T1546
- T1547.001
- T1003 - OS Credential Dumping
- T1020
- T1112 - Modify Registry
- T1547.001 - Registry Run Keys / Startup Folder
- T1606
- T1218.005
- T1537
- T1083 - File and Directory Discovery
- T1083
- T1562.001
- T1585
- T1102 - Web Service
- T1212
- T1567
- T1503
- T1140
- T1559
- T1560
- T1204.002
- T1081
- T1027.003
- T1094
- T1547 - Boot or Logon Autostart Execution
Associated Malware/Software for APT37:
-
win.bluelight
-
Ursnif
-
ROKRAT - S0240
-
APT37
-
rokrat
-
KARAE
-
win.poohmilk
-
win.goldbackdoor
-
Final1stspy
-
SLOWDRIFT
-
amadey
-
win.nokki
-
kimsuky
-
HAPPYWORK
-
win.starcruft
-
Windows
-
SHUTTERSPEED
-
AnDROid
-
win.freenki
-
win.chinotto
-
ScarCruft
-
CORALDECK
-
win.final1stspy
-
NavRAT
-
APK
-
apk.chinotto
-
WINERACK
-
win.poorweb
-
apk.kevdroid
-
BLUELIGHT
-
Cobalt Strike
-
konni
-
DOGCALL
-
win.unidentified_067
-
win.open_carrot
-
apk.kospy
-
Remote Access
-
POORAIM
-
win.rokrat
-
win.konni
-
ROKRAT
Target Countries for TA406:
- Russia
- Germany
- China
- United Kingdom
- Japan
- France
- India
- North America
- South Korea
- South Africa
Related CVEs for TA406:
- CVE-2021-26855
- CVE-2020-0796
- CVE-2017-0199
ATT&CK IDs for TA406:
- T1071.001
- T1059
- T1566
Associated Malware/Software for TA406:
Target Countries for Lazarus Group:
- Belgium
- Chile
- Worldwide (WannaCry)
- India
- UK
- South Africa
- Israel
- Ecuador
- Poland
- Canada
- Guatemala
- France
- Netherlands
- Germany
- Australia
- Hong Kong
- Japan
- Taiwan
- Thailand
- Mexico
- Bangladesh
- South Korea
- Russia
- China
- USA
- Brazil
- Philippines
- Vietnam
Related CVEs for Lazarus Group:
- CVE-2024-7971
- CVE-2024-6327
- CVE-2024-5274
- CVE-2024-4947
- CVE-2024-47575
- CVE-2024-4577
- CVE-2024-45519
- CVE-2024-43461
- CVE-2024-43093
- CVE-2024-40766
- CVE-2024-40711
- CVE-2024-4058
- CVE-2024-4040
- CVE-2024-38814
- CVE-2024-38812
- CVE-2024-38193
- CVE-2024-38178
- CVE-2024-38112
- CVE-2024-38106
- CVE-2024-37085
- CVE-2024-36401
- CVE-2024-3094
- CVE-2024-30051
- CVE-2024-29849
- CVE-2024-28995
- CVE-2024-28991
- CVE-2024-24691
- CVE-2024-23897
- CVE-2024-23222
- CVE-2024-21894
- CVE-2024-21762
- CVE-2024-21412
- CVE-2024-21410
- CVE-2024-21338
- CVE-2024-20272
- CVE-2024-0769
- CVE-2024-0204
- CVE-2023-51467
- CVE-2023-5129
- CVE-2023-50164
- CVE-2023-5009
- CVE-2023-4966
- CVE-2023-49606
- CVE-2023-49103
- CVE-2023-46748
- CVE-2023-46747
- CVE-2023-46604
- CVE-2023-42793
- CVE-2023-40044
- CVE-2023-38831
- CVE-2023-38035
- CVE-2023-36884
- CVE-2023-3519
- CVE-2023-35082
- CVE-2023-35078
- CVE-2023-34362
- CVE-2023-34039
- CVE-2023-33246
- CVE-2023-33010
- CVE-2023-32784
- CVE-2023-32315
- CVE-2023-3079
- CVE-2023-29059
- CVE-2023-28771
- CVE-2023-2868
- CVE-2023-27997
- CVE-2023-27350
- CVE-2023-25690
- CVE-2023-23397
- CVE-2023-23376
- CVE-2023-22518
- CVE-2023-22515
- CVE-2023-21932
- CVE-2023-20198
- CVE-2023-20109
- CVE-2023-0669
- CVE-2022-47966
- CVE-2022-42475
- CVE-2022-41974
- CVE-2022-41973
- CVE-2022-41352
- CVE-2022-41128
- CVE-2022-41082
- CVE-2022-41040
- CVE-2022-40259
- CVE-2022-40242
- CVE-2022-38028
- CVE-2022-37042
- CVE-2022-3328
- CVE-2022-32917
- CVE-2022-3236
- CVE-2022-30190
- CVE-2022-2827
- CVE-2022-27925
- CVE-2022-25064
- CVE-2022-24990
- CVE-2022-24785
- CVE-2022-24665
- CVE-2022-24664
- CVE-2022-24663
- CVE-2022-23093
- CVE-2022-22965
- CVE-2022-22947
- CVE-2022-22005
- CVE-2022-21882
- CVE-2022-0609
- CVE-2021-45837
- CVE-2021-45105
- CVE-2021-45046
- CVE-2021-44731
- CVE-2021-44228
- CVE-2021-44142
- CVE-2021-43226
- CVE-2021-41773
- CVE-2021-40684
- CVE-2021-4034
- CVE-2021-36955
- CVE-2021-34527
- CVE-2021-34523
- CVE-2021-34473
- CVE-2021-34470
- CVE-2021-33768
- CVE-2021-33766
- CVE-2021-33764
- CVE-2021-31207
- CVE-2021-31206
- CVE-2021-31196
- CVE-2021-30657
- CVE-2021-3018
- CVE-2021-26855
- CVE-2021-25325
- CVE-2021-25324
- CVE-2021-25323
- CVE-2021-24284
- CVE-2021-21551
- CVE-2021-20038
- CVE-2021-20028
- CVE-2020-3259
- CVE-2020-25213
- CVE-2020-1472
- CVE-2020-1380
- CVE-2020-12812
- CVE-2020-0688
- CVE-2019-7609
- CVE-2019-5591
- CVE-2019-16098
- CVE-2019-15637
- CVE-2019-11510
- CVE-2019-0708
- CVE-2018-8174
- CVE-2018-4878
- CVE-2018-20250
- CVE-2018-19320
- CVE-2018-13379
- CVE-2018-10562
- CVE-2018-0798
- CVE-2017-4946
- CVE-2017-17215
- CVE-2017-16238
- CVE-2017-11882
- CVE-2017-10271
- CVE-2017-0199
- CVE-2015-7248
- CVE-2015-6585
- CVE-2015-2051
- CVE-2015-0554
- CVE-2014-9583
- CVE-2014-8361
- CVE-2014-4019
- CVE-2014-2962
- CVE-2014-1225
- CVE-2013-7389
- CVE-2013-5947
- CVE-2012-5687
ATT&CK IDs for Lazarus Group:
- T1569.002
- T1588.002
- T1530
- T1001.003
- T1204
- T1566 - Phishing
- T1187
- T1591 - Gather Victim Org Information
- T1056
- T1071
- T1155 - AppleScript
- T1139 - Bash History
- T1195.002 - Compromise Software Supply Chain
- T1071 - Application Layer Protocol
- T1442
- T1570 - Lateral Tool Transfer
- T1036.004
- T1542.003
- T1022
- T1550.002 - Pass the Hash
- T1204.002 - Malicious File
- T1041
- T1106
- T1555 - Credentials from Password Stores
- T1129 - Shared Modules
- T1063
- T1014
- T1025
- T1564.001
- T1550
- T1204 - User Execution
- T1018 - Remote System Discovery
- T1113 - Screen Capture
- T1119
- T1070.006
- T1217
- T1548 - Abuse Elevation Control Mechanism
- TA0005
- T1071.001 - Web Protocols
- T1095
- T1566.003 - Spearphishing via Service
- T1203 - Exploitation for Client Execution
- T1102.002
- T1588.003
- T1072 - Software Deployment Tools
- T1040
- T1587
- T1490
- T1031 - Modify Existing Service
- T1087 - Account Discovery
- T1070.001
- T1202 - Indirect Command Execution
- T1098
- T1553.002
- T1567.002
- T1011
- T1491.001
- T1055 - Process Injection
- T1059.003 - Windows Command Shell
- T1192
- T1027.007
- T1195.002
- T1078 - Valid Accounts
- T1036.006
- T1036
- T1053.005 - Scheduled Task
- T1480.002
- TA0011
- T1047
- T1193 - Spearphishing Attachment
- TA0040
- T1586 - Compromise Accounts
- T1060
- T1189
- T1036.003
- T1036.005 - Match Legitimate Name or Location
- T1041 - Exfiltration Over C2 Channel
- TA0003
- T1136
- T1218 - Signed Binary Proxy Execution
- T1489
- T1039 - Data from Network Shared Drive
- T1561 - Disk Wipe
- T1055.002
- T1021 - Remote Services
- T1218.011
- TA0007
- T1218.011 - Rundll32
- T1053.005
- T1218
- T1552
- T1585 - Establish Accounts
- T1112 - Modify Registry
- T1552 - Unsecured Credentials
- T1547.001 - Registry Run Keys / Startup Folder
- T1587.004
- T1543 - Create or Modify System Process
- T1560.001
- T1564 - Hide Artifacts
- T1445 - Abuse of iOS Enterprise App Signing Key
- T1053.003
- T1559
- T1547 - Boot or Logon Autostart Execution
- T1553.005
- T1095 - Non-Application Layer Protocol
- T1027 - Obfuscated Files or Information
- T1115
- T1078
- T1491
- T1002
- T1104
- T1143 - Hidden Window
- T1138 - Application Shimming
- T1219 - Remote Access Software
- T1135
- T1574.001
- T1584 - Compromise Infrastructure
- T1444
- T1583
- T1190 - Exploit Public-Facing Application
- T1053 - Scheduled Task/Job
- T1588
- T1070.006 - Timestomp
- T1036.005
- T1587.002
- T1583.006
- T1176
- T1107
- T1497
- T1021.001
- T1485 - Data Destruction
- T1217 - Browser Bookmark Discovery
- T1055.001
- T1104 - Multi-Stage Channels
- T1063 - Security Software Discovery
- TA0002
- T1082 - System Information Discovery
- T1195 - Supply Chain Compromise
- T1571
- T1534
- T1021.004 - SSH
- T1590 - Gather Victim Network Information
- T1012 - Query Registry
- T1132
- T1573.001
- T1566.001
- TA0009
- T1057
- T1016.001 - Internet Connection Discovery
- T1071.004 - DNS
- T1037
- T1033 - System Owner/User Discovery
- T1195
- T1059.006 - Python
- T1614
- T1454
- T1027.013
- T1441
- T1005 - Data from Local System
- T1564
- T1110 - Brute Force
- T1010
- T1218.007
- T1567 - Exfiltration Over Web Service
- T1542
- T1110.003
- T1591
- T1127
- T1620
- T1017 - Application Deployment Software
- T1587.001 - Malware
- T1584
- T1584.001
- T1572 - Protocol Tunneling
- T1059
- T1033
- T1003
- T1459 - Device Unlock Code Guessing or Brute Force
- T1056.001 - Keylogging
- T1608.001
- T1031
- T1498 - Network Denial of Service
- T1189 - Drive-by Compromise
- T1565.001
- T1203
- T1027
- T1561.002
- T1583.001
- T1059 - Command and Scripting Interpreter
- T1106 - Native API
- T1056 - Input Capture
- T1007
- T1218.010
- TA0006
- T1546
- T1547.001
- T1574.002
- T1003 - OS Credential Dumping
- T1218.001
- T1219
- T1562.003
- T1102 - Web Service
- T1221
- T1567
- T1592
- T1213 - Data from Information Repositories
- T1497.001
- T1014 - Rootkit
- T1552.001 - Credentials In Files
- T1049
- T1568 - Dynamic Resolution
- T1220
- T1192 - Spearphishing Link
- T1556
- T1505
- T1555.001 - Keychain
- T1589
- T1560 - Archive Collected Data
- T1091
- T1195.001
- T1497.003
- T1583.004
- T1547.008
- T1614.001
- T1583 - Acquire Infrastructure
- T1078.003 - Local Accounts
- T1204.001
- T1016
- T1547.006
- T1074 - Data Staged
- T1518 - Software Discovery
- T1566.003
- T1589.002
- T1021.002 - SMB/Windows Admin Shares
- T1210
- T1505 - Server Software Component
- T1113
- T1584.004
- T1210 - Exploitation of Remote Services
- T1114
- T1059.001 - PowerShell
- T1587 - Develop Capabilities
- T1036.008
- T1565 - Data Manipulation
- T1553 - Subvert Trust Controls
- T1176 - Browser Extensions
- T1608
- T1048.003
- T1134 - Access Token Manipulation
- T1132.001 - Standard Encoding
- T1543.001 - Launch Agent
- T1557
- T1105
- T1071.001
- T1449 - Exploit SS7 to Redirect Phone Calls/SMS
- T1593.001
- T1001.003 - Protocol Impersonation
- T1070.004
- T1090
- T1553
- T1518
- T1585.001
- T1480
- T1562.004
- T1555.003 - Credentials from Web Browsers
- T1023 - Shortcut Modification
- T1497.001 - System Checks
- T1497.002 - User Activity Based Checks
- T1505.003 - Web Shell
- T1561
- T1027.002
- T1574.002 - DLL Side-Loading
- T1090.002
- T1064
- T1048 - Exfiltration Over Alternative Protocol
- TA0004
- T1485
- T1119 - Automated Collection
- T1070.003
- T1566
- T1132.001
- T1115 - Clipboard Data
- T1057 - Process Discovery
- T1133
- T1565
- T1529
- T1090 - Proxy
- T1046
- T1568
- T1129
- T1074.001
- T1552.004 - Private Keys
- T1543
- T1573 - Encrypted Channel
- T1027.009
- T1566.002
- T1018
- T1140 - Deobfuscate/Decode Files or Information
- T1016 - System Network Configuration Discovery
- T1486 - Data Encrypted for Impact
- T1565.002
- T1071.004
- T1608.001 - Upload Malware
- T1562.001
- T1562.001 - Disable or Modify Tools
- T1585
- T1574 - Hijack Execution Flow
- T1553.002 - Code Signing
- T1204.002
- T1560
- T1081
- T1087
- T1021
- T1548.002
- T1562
- T1505.003
- T1588.004
- T1021.004
- T1595 - Active Scanning
- T1068
- T1518.001
- T1486
- T1134.001
- T1573
- T1056.004 - Credential API Hooking
- T1040 - Network Sniffing
- T1003.001
- T1560.003
- T1135 - Network Share Discovery
- T1505.004
- T1569
- T1546 - Event Triggered Execution
- T1081 - Credentials in Files
- T1059.001
- T1563
- T1566.002 - Spearphishing Link
- T1021.001 - Remote Desktop Protocol
- T1496 - Resource Hijacking
- T1059.004 - Unix Shell
- T1045 - Software Packing
- T1557.001
- T1105 - Ingress Tool Transfer
- T1574
- T1495
- T1574.013
- T1048
- T1555.005 - Password Managers
- T1021.002
- T1543.003
- T1082
- T1656
- T1047 - Windows Management Instrumentation
- T1111 - Two-Factor Authentication Interception
- T1596 - Search Open Technical Databases
- T1005
- T1055
- T1449
- T1587.004 - Exploits
- T1571 - Non-Standard Port
- T1053
- T1568.002
- T1012
- T1137
- T1589 - Gather Victim Identity Information
- T1112
- T1548
- T1531
- T1587.001
- T1134
- T1590
- T1608 - Stage Capabilities
- T1059.003
- T1060 - Registry Run Keys / Startup Folder
- T1045
- T1070 - Indicator Removal on Host
- T1068 - Exploitation for Privilege Escalation
- T1592 - Gather Victim Host Information
- T1027.002 - Software Packing
- T1078.002 - Domain Accounts
- T1059.007 - JavaScript
- T1561.001
- T1555
- T1608.002
- T1074
- T1008
- T1595
- T1070
- T1499 - Endpoint Denial of Service
- T1560.002
- T1202
- T1102
- T1547
- T1591.004
- T1001
- T1428 - Exploit Enterprise Resources
- T1089 - Disabling Security Tools
- T1056.001
- TA0034
- T1110
- T1190
- T1565.003
- T1547.009
- T1496
- T1136 - Create Account
- T1090.001
- T1593
- T1583.001 - Domains
- T1490 - Inhibit System Recovery
- T1132 - Data Encoding
- T1134.002
- T1588 - Obtain Capabilities
- T1137 - Office Application Startup
- T1585.002
- T1059.005
- T1036 - Masquerading
- T1573.001 - Symmetric Cryptography
- T1124
- T1024 - Custom Cryptographic Protocol
- T1087.002
- T1497 - Virtualization/Sandbox Evasion
- T1583.005
- TA0005 - Defense Evasion
- T1199 - Trusted Relationship
- T1568.002 - Domain Generation Algorithms
- T1218.005
- T1083 - File and Directory Discovery
- T1083
- T1622
- T1125
- T1133 - External Remote Services
- T1140
Associated Malware/Software for Lazarus Group:
-
win.volgmer
-
win.tsunami
-
win.3cx_backdoor
-
osx.rustbucket
-
win.unidentified_090
-
win.wagenttea
-
win.dacls
-
php.redhat_hacker
-
win.magic_rat
-
win.lambload
-
win.pslogger
-
win.wormhole
-
osx.casso
-
win.bravonc
-
WannaCry
-
MagicRAT
-
win.sierras
-
win.typeframe
-
osx.hloader
-
DarkComet
-
elf.badcall
-
osx.kandykorn
-
osx.yort
-
ThreatNeedle
-
win.vsingle
-
apk.hardrain
-
win.nachocheese
-
win.dyepack
-
win.power_ratankba
-
win.postnaptea
-
win.joanap
-
Net
-
win.fudmodule
-
Torisma
-
osx.dacls
-
win.alphanc
-
osx.sugarloader
-
Volgmer
-
Mimikatz
-
win.dratzarus
-
route
-
win.imprudentcook
-
win.applejeus
-
win.duuzer
-
win.ratankbapos
-
win.bitsran
-
win.lazarloader
-
Cryptoistic
-
win.unidentified_042
-
win.roll_sling
-
win.hardrain
-
win.banpolmex
-
win.dtrack
-
win.anchormtea
-
win.feed_load
-
win.miniblindingcan
-
osx.interception
-
apk.badcall
-
win.bistromath
-
win.ghost_secret
-
win.forest_tiger
-
win.phandoor
-
win.cleantoad
-
win.scout
-
win.coredn
-
win.nestegg
-
netsh
-
TAINTEDSCRIBE
-
HOPLIGHT
-
win.httpsuploader
-
win.ghost_rat
-
BADCALL
-
win.cloudburst
-
win.unidentified_077
-
win.brambul
-
AppleJeus
-
RawDisk
-
win.contopee
-
win.bootwreck
-
win.lazarus_killdisk
-
Dtrack
-
win.badcall
-
win.blindtoad
-
win.bluenoroff
-
Dacls
-
FALLCHILL
-
win.neddnloader
-
win.comebacker
-
win.lazardoor
-
js.quickcafe
-
osx.manuscrypt
-
elf.spectral_blur
-
win.rustbucket
-
ps1.powerbrace
-
win.slickshoes
-
osx.3cx_backdoor
-
KEYMARBLE
-
win.deltas
-
win.cur1_downloader
-
win.redshawl
-
win.minitypeframe
-
win.vyveva
-
win.keymarble
-
win.hotwax
-
win.electricfish
-
win.klackring
-
ps1.powerspritz
-
win.crat
-
win.lpeclient
-
win.lightlesscan
-
win.touchmove
-
win.gopuram
-
win.torisma
-
win.darkcomet
-
osx.spectral_blur
-
win.alreay
-
win.bookcodesrat
-
win.hoplight
-
win.lcpdot
-
win.hotcroissant
-
BLINDINGCAN
-
win.interception
-
win.romeos
-
RATANKBA
-
win.srdi
-
win.bankshot
-
win.wannacryptor
-
DRATzarus
-
win.webbytea
-
win.ratankba
-
win.veiledsignal
-
AuditCred
-
ECCENTRICBANDWAGON
-
aix.fastcash
-
osx.unidentified_001
-
win.iconic_stealer
-
HotCroissant
-
win.snatchcrypto
-
win.racket
-
elf.simpletea
-
HARDRAIN
-
osx.applejeus
-
win.artfulpie
-
osx.simpletea
-
KillDisk
-
win.jessiecontea
-
win.op_blockbuster
-
win.mistpen
-
Proxysvc
-
win.winordll64
-
win.blindingcan
-
osx.poolrat
-
win.wininetloader
-
win.rifdoor
-
win.fuwuqidrama
-
Bankshot
-
Responder
-
win.buffetline
-
win.unidentified_101
-
TYPEFRAME
-
win.hermes
-
osx.watchcat
-
win.cheesetray
Top Ransomware Groups
DragonForce
★
Rank: 1
2838333
Audience
49
News
0
IOC
Target Countries:
Canada
Singapore
France
Sweden
New Zealand
+ 29
Target Sectors:
Food Manufacturing -
Real Estate -
Air Transportation -
Manufacturing -
Construction -
Associated Malware/Software:
No Malware available.
Related CVE's:
CVE-2019-19781
CVE-2017-5638
ATT&CK IDs:
T1071.001
T1499
T1569.002
See Details
doppelpaymer
★
Rank: 2
1525000
Audience
8
News
0
IOC
Target Countries:
Canada
France
Portugal
South Africa
United Kingdom
+ 10
Target Sectors:
Manufacturing -
Public Administration -
Oil & Gas -
Educational Services -
Restaurants -
Associated Malware/Software:
No Malware available.
Related CVE's:
CVE-2020-0601
CVE-2019-1458
CVE-2017-11882
ATT&CK IDs:
T1566.001
T1059
T1071.001
T1486
T1047
See Details
lockbit
★
Rank: 3
430000
Audience
9
News
27796
IOC
Target Countries:
New Zealand
Belgium
None
China
Virgin Islands, U.S.
+ 81
Target Sectors:
Food Manufacturing -
Software Publishers -
Real Estate -
Hospitals -
Enterprises & Holding -
Associated Malware/Software:
Remsec
VB.PwShell.2
FonePaw
VB:Trojan.Valyria
Inmortal
+ 324
Related CVE's:
CVE-2024-21412
CVE-2024-1709
CVE-2024-1708
CVE-2023-5129
CVE-2023-5009
+ 50
ATT&CK IDs:
T1038
T1064
TA0003
T1021.001
T1022
+ 157
See Details
ransomed
★
Rank: 4
314122
Audience
5
News
0
IOC
Target Countries:
Singapore
Bulgaria
France
Papua New Guinea
Sweden
+ 17
Target Sectors:
Other Information Services -
Hospitals -
Air Transportation -
Manufacturing -
Construction -
Associated Malware/Software:
No Malware available.
Related CVE's:
CVE-2021-34527
CVE-2020-0601
CVE-2019-1458
CVE-2018-8174
ATT&CK IDs:
T1486
T1059
T1078
T1071
See Details
Target Countries for DragonForce:
- Canada
- Singapore
- France
- Sweden
- New Zealand
- Belgium
- Mongolia
- United States
- Czech Republic
- Hong Kong
- China
- Palau
- Denmark
- Colombia
- India
- Luxembourg
- Ireland
- Brazil
- Egypt
- Norway
- Chile
- South Africa
- Iraq
- Saudi Arabia
- Australia
- United Kingdom
- Vietnam
- Spain
- Italy
- Germany
- Russian Federation
- Global
- Indonesia
- Nigeria
Related CVEs for DragonForce:
- CVE-2019-19781
- CVE-2017-5638
ATT&CK IDs for DragonForce:
- T1071.001
- T1499
- T1569.002
Associated Malware/Software for DragonForce:
Target Countries for doppelpaymer:
- Canada
- France
- Portugal
- South Africa
- United Kingdom
- Netherlands
- Mexico
- China
- Brazil
- Germany
- Taiwan, Province of China
- India
- Ireland
- Global
- United States
Related CVEs for doppelpaymer:
- CVE-2020-0601
- CVE-2019-1458
- CVE-2017-11882
ATT&CK IDs for doppelpaymer:
- T1566.001
- T1059
- T1071.001
- T1486
- T1047
Associated Malware/Software for doppelpaymer:
Target Countries for lockbit:
- New Zealand
- Belgium
- None
- China
- Virgin Islands, U.S.
- Colombia
- Oman
- Ireland
- Brazil
- Norway
- Hungary
- Angola
- Samoa
- Saudi Arabia
- United Kingdom
- Slovakia
- Cyprus
- Dominican Republic
- Germany
- Nicaragua
- Tanzania, United Republic of
- Croatia
- Indonesia
- Switzerland
- Nigeria
- Finland
- Canada
- Philippines
- Bulgaria
- Portugal
- Iceland
- Georgia
- Czech Republic
- Bahamas
- Peru
- Venezuela, Bolivarian Republic of
- Cuba
- Austria
- Bangladesh
- Taiwan, Province of China
- Haiti
- Egypt
- Israel
- Chile
- Lebanon
- South Africa
- Australia
- Spain
- Saint Vincent and the Grenadines
- Kenya
- Bolivia, Plurinational State of
- Costa Rica
- Global
- Iran, Islamic Republic of
- United States
- Singapore
- Korea, Republic of
- Senegal
- Poland
- United Arab Emirates
- Netherlands
- Afghanistan
- Thailand
- Uruguay
- India
- Mozambique
- Trinidad and Tobago
- Ethiopia
- Mexico
- Greece
- Kuwait
- Russian Federation
- Romania
- Malaysia
- France
- Sweden
- Turkey
- Hong Kong
- Japan
- Luxembourg
- Panama
- Italy
- Jordan
- Martinique
- Ukraine
- Argentina
Related CVEs for lockbit:
- CVE-2024-21412
- CVE-2024-1709
- CVE-2024-1708
- CVE-2023-5129
- CVE-2023-5009
- CVE-2023-4966
- CVE-2023-46748
- CVE-2023-46747
- CVE-2023-46604
- CVE-2023-40044
- CVE-2023-38831
- CVE-2023-38035
- CVE-2023-36884
- CVE-2023-36025
- CVE-2023-3519
- CVE-2023-34039
- CVE-2023-3284
- CVE-2023-29324
- CVE-2023-27350
- CVE-2023-23397
- CVE-2023-22518
- CVE-2023-22515
- CVE-2023-20269
- CVE-2023-20198
- CVE-2023-20109
- CVE-2022-47966
- CVE-2022-42475
- CVE-2022-36537
- CVE-2022-3236
- CVE-2022-30190
- CVE-2022-26134
- CVE-2021-44228
- CVE-2021-36942
- CVE-2021-34523
- CVE-2021-34473
- CVE-2021-31207
- CVE-2021-27065
- CVE-2021-26857
- CVE-2021-22986
- CVE-2021-20028
- CVE-2020-0796
- CVE-2020-0787
- CVE-2019-19781
- CVE-2019-11510
- CVE-2018-8453
- CVE-2018-13379
- CVE-2018-0798
- CVE-2017-8464
- CVE-2017-17215
- CVE-2017-11882
- CVE-2017-0199
- CVE-2017-0147
- CVE-2017-0143
- CVE-2015-1650
- CVE-2014-3153
ATT&CK IDs for lockbit:
- T1038
- T1064
- TA0003
- T1021.001
- T1022
- T1110
- T1176
- T1012
- T1445
- T1562.004
- T1482
- T1410
- T1057
- T1018
- T1596
- T1569
- T1210
- T1056
- T1029
- T1530
- T1567
- T1027.002
- T1199
- T1106
- T1207
- T1137
- T1036
- T1008
- T1041
- TA0040
- T1053
- T1189
- T1133
- TA0005
- T1587
- T1518
- T1193
- T1078
- T1574
- T1059.007
- T1127
- T1056.001
- T1021
- T1048
- T1539
- TA0004
- T1491
- T1450
- T1412
- T1454
- TA0011
- T1556
- T1055
- T1559.001
- T1059.002
- T1583.002
- T1088
- T1553
- T1563
- T1129
- TA0009
- T1031
- T1219
- T1156
- T1591
- T1187
- T1136
- T1059.003
- T1518.001
- T1614
- T1070.004
- T1100
- T1566
- T1564
- T1560
- T1059
- T1574.002
- T1082
- T1087
- T1113
- T1552
- T1102
- T1489
- T1134
- T1147
- T1083
- T1060
- T1486
- T1105
- T1221
- TA0006
- T1071.002
- T1068
- T1564.001
- T1496
- T1480
- T1046
- T1072
- T1490
- T1498
- T1204.002
- T1132
- T1053.005
- TA0034
- T1585
- T1003.008
- T1204
- TA0029
- T1112
- T1005
- T1218
- T1570
- T1095
- T1485
- T1140
- T1588
- TA0007
- T1449
- T1074
- T1104
- T1011
- T1543
- T1070
- T1063
- T1497
- T1049
- T1583
- T1071
- T1562.001
- T1584.005
- T1090
- T1562
- T1555
- T1211
- T1531
- T1571
- TA0002
- T1003
- T1114
- T1546
- T1190
- T1583.005
- T1027
- T1183
- T1548
- T1071.004
- T1110.002
- T1195
- T1001.002
- T1584
- T1505
- T1573
- T1016
- T1572
- T1547
- T1040
- T1071.003
- T1122
- T1001
- T1010
- T1071.001
- T1047
Associated Malware/Software for lockbit:
-
Remsec
-
VB.PwShell.2
-
FonePaw
-
VB:Trojan.Valyria
-
Inmortal
-
Bitmap.exe
-
Hall Render
-
Win32/SocStealer!rfn
-
Gen:Heur.NoobyProtect
-
FileRepMalware
-
Loki Bot
-
Lumma Stealer
-
SpyAgent
-
win.bloodalchemy
-
ALF:Ransom:Win32/LockBit
-
Backdoor.Oldrea
-
VB.EmoDldr.4
-
win.lookback
-
win.netfilter
-
TA505
-
win.agent_tesla
-
FG!tr.ransom
-
GlobalNet
-
WannaCry Kill Switch
-
AgentTesla
-
VB.Chronos.7
-
Script.INF
-
win.chaos
-
AGEN.1045227
-
GetLucky
-
Win.Worm.Mydoom-5
-
win.pwndlocker
-
GLOOXMAIL
-
Maltiverse
-
KANDYKORN macOS
-
Mastadon
-
Unsafe
-
RedlineStealer
-
Lokbit
-
win.cobalt_strike
-
Gen:NN.ZemsilF.34128
-
Presenoker
-
ScrInject.B
-
RedLine Stealer
-
Indiloadz.BB
-
TrojanSpy
-
States
-
BScope.Riskware
-
Exploit CVE-2017-11882
-
jar.jrat
-
HallGrand
-
win.darkgate
-
HopToDesk
-
Marina Botnet
-
Tor - S0183
-
Wiper
-
Quasar RAT
-
HEUR:Trojan.BAT
-
Kraddare
-
Zpevdo
-
Patcher
-
$WebWatson
-
W32.AIDetectVM
-
PUA.Reg1staid
-
AutoIT
-
index.php
-
win.azorult
-
apk.alien
-
Magic
-
Ghandi
-
fake ,promethiumm ,strongpity
-
win.formbook
-
win.lumma
-
IL:Trojan.MSILZilla
-
elf.lockbit
-
Ursu
-
js.gootloader
-
PWS.p
-
win.amadey
-
Win32:RansomX-gen\ [Ransom]
-
Makop
-
3AM
-
Dark Power
-
win.nokoyawa
-
elf.ransomexx
-
SdBot.CAOC
-
Systweak
-
WininiCrypt
-
Daisy Coleman
-
BEC
-
Ulise.345018
-
Fusioncore
-
elf.dark
-
win.quasar_rat
-
win.asyncrat
-
PWSX
-
DroxiDat
-
CIL.HeapOverride
-
Deuterbear
-
PWS:Win32/QQpass.CI
-
win.nymaim
-
MalwareX
-
BlackNET
-
js.evilnum
-
Lazarus
-
ALF:HeraklezEval:Trojan:Win32/Ymacco.AA47
-
win.rhadamanthys
-
Stopransomware.gov
-
win.icefog
-
Pegasus for iOS - S0289
-
Gen:Variant.Bulz
-
Zbot
-
HTML_REDIR.SMR
-
Remcos RAT
-
Gen:Trojan.Heur
-
ALPHV
-
ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger
-
Win.Packer.Crypter-6539596-1
-
Trojan:Win32/WannaCry.350
-
Crypt3.BLXP
-
Virus.Botgor!1.D115 (CLASSIC)
-
elf.blackmatter
-
win.lokipws
-
Win32.HsIdir
-
SocGholish
-
JS:Iframe
-
Evo
-
NoName057
-
win.blacknet_rat
-
Tsara Brashears
-
BlackCat - S1068
-
Hidden Form
-
LNK
-
WannaCry
-
staticrr.paleokits.net
-
ELF
-
Ransom:Win32/CVE-2017-0147
-
Worm:Win32/Benjamin
-
win.cuba
-
Black
-
Strictor
-
Arid.Viper_CnC
-
ETERNALBLUE
-
elf.babuk
-
Win.Malware.Botgor-9853222-0
-
Brontok
-
win.kuluoz
-
CVE-2015-1650
-
win.remcos
-
BehavBehavesLike.PUPXBI
-
win.parallax
-
Phish.AB
-
DoNex
-
win.dridex
-
win.maze
-
Malvertizing
-
W32.AIDetect.malware2
-
Ransomware
-
W32.eHeur
-
win.ramnit
-
ALF:TrojanSpy:Win32/Keylogger
-
Swisyn
-
LNK.Powershell
-
win.stealbit
-
JHUHUGIT
-
Faceliker.A
-
PWS-FCZZ
-
win.virut
-
Trojan:Win32/Wacatac
-
Trojan:VBA/Downldr
-
win.feodo
-
TROJ_FRS.VSN1EJ18
-
Python
-
darkrace
-
Trojan:Python/Downldr
-
Threat
-
win.suppobox
-
Cyberespionage
-
SGeneric
-
Exploit.CVE
-
Suspicious.Save
-
TROJ_GEN.R002C0OG518
-
LolKek
-
Packed-GV
-
CVE JAR
-
Zbd Zeus
-
Twitter Malware
-
win.wannacryptor
-
Keylogger
-
NBAE
-
APT Notes
-
Trojan:Linux/Downldr
-
WebToolbar
-
Relic
-
Kryptik.FPH.gen
-
HTML:Script
-
Detects UPATRE
-
Raas
-
Delf.NBX
-
Tulach Malware
-
elf.mikey
-
win.lockfile
-
Bl00dy
-
Bleed
-
win.trickbot
-
Adload.AD81
-
Cyclops Blink - S0687
-
TrickBot - S0266
-
ETPRO
-
py.networm
-
TrueSightKiller
-
Tulach
-
Agent Tesla
-
PSW.Stealer
-
Trojan:MSIL/Burkina
-
Arkei
-
IOCs
-
win.njrat
-
Sabey
-
Noberus
-
win.karagany
-
win.graftor
-
PossibleThreat.PALLAS
-
win.raccoon
-
win.redcap
-
Worm:VBS/Dapato
-
OpenSubtitles.A
-
SNH:Script [Dropper]
-
Crack
-
Agent Tesla - S0331
-
Xegumumune.8596c22f
-
win.redline_stealer
-
win.webmonitor
-
win.locky
-
susp.lnk
-
Cybersecurity News
-
win.blueshell
-
JavaScript
-
win.agent_btz
-
VB.EmoooDldr.10
-
HEUR:AdWare.StartSurf
-
Phishing
-
Qbot
-
Application.SQLCrack
-
Pegasus
-
Win32:RATX-gen [Trj]
-
elf.mirai
-
Wacatac
-
Beacons
-
Adware
-
MSIL.C515258
-
QakBot
-
Downldr.gen
-
Win64.Payload.Limepad
-
Dropper.DR/AutoIt.Gen
-
win.vidar
-
Dapato
-
GhostDriver
-
Bazaar Loader
-
Ursnif
-
OriginLoader
-
win.emotet
-
Bit RAT
-
win.immortal_stealer
-
Artemis
-
malicious.2a7bf4
-
generic.ml
-
JS:Trojan.HideLink
-
win.smokeloader
-
win.doublepulsar
-
Trojan:Win32/Detplock
-
Cobalt Strike
-
GameHack.DR
-
Witchetty
-
Pua.Gen
-
DangerousObject.Multi
-
Ryuk ransomware
-
RevengeRAT
-
Swort
-
TrojanDownloader:Linux/Downldr
-
win.bobik
-
Nemucod
-
win.nanocore
-
Ransom_WCRY.SMALYM
-
Injector.IS.gen
-
HallRender
-
Amazon AES
-
Suspicious_GEN.F47V0520
-
win.dnspionage
-
Domains
-
W32/Hupigon.NCU
-
CHOPSTICK
-
Strike Beacon
-
PS1
-
win.shadowpad
-
Detplock
-
win.waterbear
-
win.xworm
-
win.hupigon
-
Death Bitches
-
Apple Malware
-
elf.blackcat
-
RiskTool.Phpw
-
AzoruIt
-
VBS
-
Facebook HT
-
Virus:DOS/Burma
-
Rhysida
-
Win.Packed.Zenpak-7101989-0
-
Skynet
-
Discord
-
Wacapew.C
-
RedLine
-
TSGeneric
-
Win.Downloader.76944-1
-
Maui ransomware
-
Program.Unwanted
-
S-b748adc5
-
Auslogics
-
elf.conti
-
CIL.StupidCryptor
-
Download
-
NetSupport
-
njRAT - S0385
-
WisdomEyes.16070401.9500
-
Ransom:Win32/GandCrab.AE
-
Racoon Stealer
-
Silk Road
-
win.zeus
Target Countries for ransomed:
- Singapore
- Bulgaria
- France
- Papua New Guinea
- Sweden
- Turkey
- Czech Republic
- China
- Denmark
- Japan
- Austria
- Bangladesh
- Brazil
- Norway
- Australia
- United Kingdom
- Mexico
- Russian Federation
- Croatia
- Pakistan
- Global
- United States
Related CVEs for ransomed:
- CVE-2021-34527
- CVE-2020-0601
- CVE-2019-1458
- CVE-2018-8174
ATT&CK IDs for ransomed:
- T1486
- T1059
- T1078
- T1071
Associated Malware/Software for ransomed:
Discover the adversaries targeting your industry
Search Your Enemy
Copyright © 2025 SOCRadar Cyber Intelligence Inc.
All rights
reserved.
