Lazarus Group
Rank: 1
THREAT ACTOR INTELLIGENCE KNOW YOUR ENEMY
- Know their tactics, techniques, and past activities.
- Access detailed profiles and track threat actor activities.
- Keep up with the latest threats and Tactics, Techniques, and Procedures (TTPs).
- Prioritize risks based on active threat actors in your industry or region.
Discover the
adversaries targeting your industry
Clear
Search
Please select a filter to get Threat Actors!
Top Threat Actors
3381300
Audience
74
News
26042
IOC
Target Countries:
France
Japan
Poland
Taiwan
USA
+ 23
Target Sectors:
Defense -
BitCoin exchanges -
Engineering -
Shipping and Logistics -
Energy -
Associated Malware/Software:
osx.manuscrypt
TrojanSpy
RustDoor
Windows
osx.casso
+ 204
Related CVE's:
CVE-2021-33766
CVE-2020-1380
CVE-2017-11882
CVE-2022-41040
CVE-2021-34527
+ 169
ATT&CK IDs:
T1068 - Exploitation for Privilege Escalation
T1543.003
T1590
T1583.001
T1204.002 - Malicious File
+ 408
See Details
Ghostwriter
★
Rank: 2
594596
Audience
3
News
724
IOC
Target Countries:
Ukraine
Serbia
France
Poland
Belarus
+ 10
Target Sectors:
Military -
Transportation -
Trade -
Finance -
Banks -
Associated Malware/Software:
win.sunseed
BEC
Cobalt Strike
GhostWriter
cobalt_strike
+ 15
Related CVE's:
CVE-2023-38831
CVE-2020-0688
CVE-2018-20250
CVE-2022-30190
CVE-2017-11774
+ 1
ATT&CK IDs:
T1140 - Deobfuscate/Decode Files or Information
T1471
T1137 - Office Application Startup
T1573.002 - Asymmetric Cryptography
T1113
+ 65
See Details
NoName057
★
Rank: 3
530000
Audience
8
News
0
IOC
Target Countries:
Korea, Republic of
Netherlands
Bangladesh
Poland
France
+ 24
Target Sectors:
NAICS:31 -
NAICS:92 -
NAICS:61 -
NAICS:722 -
NAICS:22 -
Associated Malware/Software:
Obfuscator.ADB
Python
W32.AIDetectVM
win.kuluoz
win.vidar
+ 362
Related CVE's:
CVE-2020-0601
CVE-2009-3672
CVE-2005-1790
CVE-2017-11882
CVE-2018-4893
+ 26
ATT&CK IDs:
T1059
T1129
T1071.002
T1583.005
T1598 - Phishing for Information
+ 157
See Details
Volt Typhoon
★
Rank: 4
500000
Audience
2
News
196
IOC
Target Countries:
Singapore
UK
Canada
USA
India
+ 1
Target Sectors:
Manufacturing -
Government -
IT -
Telecommunications -
Education -
Associated Malware/Software:
sh.kv
KV
HiatusRAT
kv
win.scanline
+ 3
Related CVE's:
CVE-2022-27997
CVE-2021-26855
CVE-2023-27350
CVE-2021-40539
CVE-2021-26857
+ 3
ATT&CK IDs:
T1573
T1090.003
T1078
T1082
T1569
+ 50
See Details
Target Countries for Lazarus Group:
- France
- Japan
- Poland
- Taiwan
- USA
- Russia
- Hong Kong
- Thailand
- Australia
- Ecuador
- Canada
- Philippines
- Bangladesh
- Vietnam
- Germany
- Israel
- Netherlands
- South Korea
- UK
- Brazil
- China
- Guatemala
- South Africa
- Worldwide (WannaCry)
- Mexico
- Chile
- India
- Belgium
Related CVEs for Lazarus Group:
- CVE-2021-33766
- CVE-2020-1380
- CVE-2017-11882
- CVE-2022-41040
- CVE-2021-34527
- CVE-2024-4947
- CVE-2022-41082
- CVE-2021-24284
- CVE-2024-23222
- CVE-2015-6585
- CVE-2023-40044
- CVE-2023-51467
- CVE-2021-20038
- CVE-2021-20028
- CVE-2022-22005
- CVE-2019-16098
- CVE-2024-28991
- CVE-2020-3259
- CVE-2021-40684
- CVE-2024-0204
- CVE-2023-50164
- CVE-2022-47966
- CVE-2022-40259
- CVE-2017-16238
- CVE-2022-41352
- CVE-2024-7971
- CVE-2023-49103
- CVE-2021-31207
- CVE-2024-38193
- CVE-2017-17215
- CVE-2021-31196
- CVE-2024-21762
- CVE-2022-24665
- CVE-2012-5687
- CVE-2024-37085
- CVE-2019-0708
- CVE-2021-34473
- CVE-2021-33768
- CVE-2021-33764
- CVE-2024-4577
- CVE-2024-30051
- CVE-2019-7609
- CVE-2021-34470
- CVE-2024-6327
- CVE-2022-22965
- CVE-2023-5009
- CVE-2023-38035
- CVE-2024-40711
- CVE-2023-3519
- CVE-2021-45837
- CVE-2022-3236
- CVE-2022-21882
- CVE-2019-11510
- CVE-2013-5947
- CVE-2022-41973
- CVE-2024-5274
- CVE-2024-21412
- CVE-2023-22515
- CVE-2024-21894
- CVE-2021-41773
- CVE-2024-29849
- CVE-2022-3328
- CVE-2014-9583
- CVE-2018-0798
- CVE-2023-23397
- CVE-2024-21410
- CVE-2024-20272
- CVE-2024-40766
- CVE-2020-1472
- CVE-2021-44228
- CVE-2023-27350
- CVE-2014-8361
- CVE-2024-4040
- CVE-2023-33246
- CVE-2021-25324
- CVE-2023-5129
- CVE-2024-38812
- CVE-2024-4058
- CVE-2014-2962
- CVE-2024-45519
- CVE-2024-36401
- CVE-2019-5591
- CVE-2018-19320
- CVE-2022-24990
- CVE-2023-27997
- CVE-2020-25213
- CVE-2024-24691
- CVE-2021-25325
- CVE-2022-38028
- CVE-2021-21551
- CVE-2022-40242
- CVE-2023-34362
- CVE-2024-43093
- CVE-2023-36884
- CVE-2021-3018
- CVE-2019-15637
- CVE-2023-38831
- CVE-2023-29059
- CVE-2021-44142
- CVE-2022-23093
- CVE-2022-0609
- CVE-2023-2868
- CVE-2023-34039
- CVE-2023-46747
- CVE-2021-43226
- CVE-2021-4034
- CVE-2018-10562
- CVE-2021-31206
- CVE-2023-35082
- CVE-2022-2827
- CVE-2014-4019
- CVE-2022-37042
- CVE-2022-41128
- CVE-2017-0199
- CVE-2022-24663
- CVE-2023-23376
- CVE-2024-3094
- CVE-2017-10271
- CVE-2015-7248
- CVE-2023-22518
- CVE-2024-0769
- CVE-2023-42793
- CVE-2023-32784
- CVE-2022-25064
- CVE-2023-21932
- CVE-2021-26855
- CVE-2021-25323
- CVE-2023-35078
- CVE-2024-21338
- CVE-2021-45046
- CVE-2022-22947
- CVE-2023-32315
- CVE-2024-38112
- CVE-2021-30657
- CVE-2021-34523
- CVE-2023-20198
- CVE-2024-38814
- CVE-2018-20250
- CVE-2022-30190
- CVE-2024-38178
- CVE-2020-12812
- CVE-2014-1225
- CVE-2022-42475
- CVE-2023-3079
- CVE-2023-46748
- CVE-2024-23897
- CVE-2022-32917
- CVE-2024-28995
- CVE-2024-43461
- CVE-2021-44731
- CVE-2018-13379
- CVE-2018-4878
- CVE-2024-38106
- CVE-2022-24664
- CVE-2023-46604
- CVE-2023-33010
- CVE-2021-45105
- CVE-2020-0688
- CVE-2023-49606
- CVE-2015-2051
- CVE-2018-8174
- CVE-2024-47575
- CVE-2023-4966
- CVE-2015-0554
- CVE-2023-28771
- CVE-2013-7389
- CVE-2022-41974
- CVE-2022-24785
- CVE-2023-0669
- CVE-2023-20109
- CVE-2023-25690
- CVE-2022-27925
- CVE-2021-36955
- CVE-2017-4946
ATT&CK IDs for Lazarus Group:
- T1068 - Exploitation for Privilege Escalation
- T1543.003
- T1590
- T1583.001
- T1204.002 - Malicious File
- T1560.003
- T1083 - File and Directory Discovery
- T1036.003
- T1071.001
- T1055 - Process Injection
- T1571
- T1021
- T1021.004
- T1560
- T1547.009
- T1592
- T1087.002
- T1587.001
- T1489
- T1049
- T1505 - Server Software Component
- T1547
- T1072 - Software Deployment Tools
- T1106
- T1591
- TA0005 - Defense Evasion
- TA0007
- T1057 - Process Discovery
- T1204 - User Execution
- T1563
- T1547.001 - Registry Run Keys / Startup Folder
- T1060
- T1070 - Indicator Removal on Host
- T1543.001 - Launch Agent
- T1132 - Data Encoding
- T1053.005 - Scheduled Task
- T1529
- T1119 - Automated Collection
- T1569
- T1566
- T1143 - Hidden Window
- T1095 - Non-Application Layer Protocol
- T1039 - Data from Network Shared Drive
- T1089 - Disabling Security Tools
- T1007
- T1105 - Ingress Tool Transfer
- T1107
- T1202
- T1132.001 - Standard Encoding
- T1011
- T1213 - Data from Information Repositories
- T1106 - Native API
- T1114
- T1583.001 - Domains
- T1071.001 - Web Protocols
- T1620
- T1176 - Browser Extensions
- T1593
- T1547.001
- T1218.010
- T1048 - Exfiltration Over Alternative Protocol
- T1449
- T1591 - Gather Victim Org Information
- T1132
- T1082
- T1588.004
- T1566.002 - Spearphishing Link
- T1136
- T1115
- T1187
- T1562.001
- T1561.001
- T1036
- T1133 - External Remote Services
- T1059.005
- T1584 - Compromise Infrastructure
- T1070.001
- T1003.001
- T1081
- T1590 - Gather Victim Network Information
- T1561
- T1574 - Hijack Execution Flow
- T1518
- T1053.003
- T1113 - Screen Capture
- T1444
- T1031
- T1070.004
- TA0011
- T1588.003
- T1564
- T1014 - Rootkit
- T1104
- T1574.002
- T1078.002 - Domain Accounts
- T1442
- T1592 - Gather Victim Host Information
- T1055
- T1593.001
- T1090 - Proxy
- T1505.003
- T1573.001 - Symmetric Cryptography
- TA0005
- T1138 - Application Shimming
- T1195 - Supply Chain Compromise
- T1113
- T1570 - Lateral Tool Transfer
- T1560.002
- T1056.001 - Keylogging
- T1595
- T1496 - Resource Hijacking
- T1002
- T1490
- T1008
- T1045
- T1036 - Masquerading
- T1059.001
- T1543
- T1569.002
- T1140
- T1218.011
- T1016.001 - Internet Connection Discovery
- T1024 - Custom Cryptographic Protocol
- T1497
- T1491
- T1553.002
- T1005
- T1190 - Exploit Public-Facing Application
- T1596 - Search Open Technical Databases
- T1584.001
- T1608.001
- T1078.003 - Local Accounts
- T1095
- T1048
- T1048.003
- T1176
- T1063
- T1555.001 - Keychain
- T1021.002 - SMB/Windows Admin Shares
- T1486
- T1496
- T1556
- T1071.004 - DNS
- T1614.001
- T1022
- T1189 - Drive-by Compromise
- T1102.002
- T1572 - Protocol Tunneling
- T1195.001
- T1547.006
- T1568 - Dynamic Resolution
- T1074
- T1561.002
- T1218.011 - Rundll32
- T1074.001
- T1560.001
- T1102
- T1218
- T1083
- T1614
- T1497.003
- T1586 - Compromise Accounts
- T1135 - Network Share Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1204.002
- T1608
- T1068
- T1550.002 - Pass the Hash
- T1583 - Acquire Infrastructure
- T1090.002
- T1087
- T1071
- T1071.004
- T1567.002
- T1056
- T1112 - Modify Registry
- T1656
- T1040 - Network Sniffing
- T1001.003
- T1218.001
- T1584
- T1204
- T1059 - Command and Scripting Interpreter
- T1498 - Network Denial of Service
- T1589 - Gather Victim Identity Information
- T1102 - Web Service
- T1137 - Office Application Startup
- T1552 - Unsecured Credentials
- T1562.003
- T1110
- T1574.013
- T1005 - Data from Local System
- T1027.002 - Software Packing
- T1060 - Registry Run Keys / Startup Folder
- T1595 - Active Scanning
- T1110 - Brute Force
- T1112
- T1531
- T1587.004 - Exploits
- T1583.006
- T1115 - Clipboard Data
- T1552.001 - Credentials In Files
- T1218 - Signed Binary Proxy Execution
- T1125
- T1124
- T1110.003
- T1565.001
- T1591.004
- T1012
- T1555.003 - Credentials from Web Browsers
- T1001
- T1562
- T1608 - Stage Capabilities
- T1553.005
- T1064
- TA0009
- T1564.001
- T1608.002
- T1449 - Exploit SS7 to Redirect Phone Calls/SMS
- T1078 - Valid Accounts
- T1134
- T1082 - System Information Discovery
- T1553
- T1555.005 - Password Managers
- T1027.013
- T1218.007
- T1045 - Software Packing
- T1566.002
- T1056.001
- T1021.001
- T1534
- T1059.003 - Windows Command Shell
- T1021.004 - SSH
- T1127
- T1016
- T1550
- T1059.001 - PowerShell
- T1081 - Credentials in Files
- T1055.001
- T1497.001 - System Checks
- T1459 - Device Unlock Code Guessing or Brute Force
- T1027
- T1486 - Data Encrypted for Impact
- T1059.003
- T1571 - Non-Standard Port
- T1220
- T1204.001
- T1485
- T1021 - Remote Services
- T1548
- T1557
- T1129 - Shared Modules
- T1053 - Scheduled Task/Job
- T1587.004
- T1588.002
- T1505.004
- T1190
- T1497.002 - User Activity Based Checks
- T1137
- T1036.005
- T1530
- T1542
- T1547 - Boot or Logon Autostart Execution
- T1585
- T1055.002
- T1003 - OS Credential Dumping
- T1622
- T1059
- T1585.002
- T1573 - Encrypted Channel
- T1036.005 - Match Legitimate Name or Location
- T1218.005
- T1036.008
- T1070
- T1046
- T1053.005
- T1445 - Abuse of iOS Enterprise App Signing Key
- T1560 - Archive Collected Data
- T1219
- T1021.001 - Remote Desktop Protocol
- T1003
- T1203
- T1033
- T1111 - Two-Factor Authentication Interception
- T1505
- T1027 - Obfuscated Files or Information
- T1016 - System Network Configuration Discovery
- T1562.004
- T1119
- T1010
- T1565
- T1021.002
- T1210
- T1547.008
- T1454
- T1203 - Exploitation for Client Execution
- T1518 - Software Discovery
- T1553.002 - Code Signing
- T1105
- T1139 - Bash History
- T1047
- T1585 - Establish Accounts
- T1588 - Obtain Capabilities
- T1589.002
- T1014
- T1485 - Data Destruction
- TA0002
- T1495
- T1017 - Application Deployment Software
- T1583.004
- T1023 - Shortcut Modification
- T1583.005
- T1047 - Windows Management Instrumentation
- T1059.004 - Unix Shell
- T1557.001
- T1589
- T1001.003 - Protocol Impersonation
- T1189
- T1155 - AppleScript
- T1555
- T1441
- T1573.001
- T1036.004
- T1543 - Create or Modify System Process
- T1568
- T1574.002 - DLL Side-Loading
- T1564 - Hide Artifacts
- T1491.001
- T1134.001
- T1587
- T1071 - Application Layer Protocol
- T1057
- T1195
- T1608.001 - Upload Malware
- T1428 - Exploit Enterprise Resources
- T1033 - System Owner/User Discovery
- T1210 - Exploitation of Remote Services
- T1090.001
- T1104 - Multi-Stage Channels
- T1078
- T1063 - Security Software Discovery
- T1565.003
- T1566.003 - Spearphishing via Service
- T1199 - Trusted Relationship
- T1091
- T1568.002 - Domain Generation Algorithms
- T1136 - Create Account
- T1221
- T1056 - Input Capture
- TA0006
- T1025
- T1555 - Credentials from Password Stores
- T1070.006
- T1559
- T1566 - Phishing
- T1059.007 - JavaScript
- T1542.003
- T1553 - Subvert Trust Controls
- T1585.001
- T1027.002
- T1129
- T1567 - Exfiltration Over Web Service
- T1070.003
- T1497.001
- T1583
- T1059.006 - Python
- T1584.004
- T1132.001
- T1588
- T1027.007
- T1567
- T1568.002
- T1573
- T1562.001 - Disable or Modify Tools
- TA0003
- T1056.004 - Credential API Hooking
- TA0034
- T1565.002
- TA0004
- T1565 - Data Manipulation
- T1134.002
- T1012 - Query Registry
- T1031 - Modify Existing Service
- T1195.002
- T1041
- T1518.001
- TA0040
- T1053
- T1546
- T1587.001 - Malware
- T1587 - Develop Capabilities
- T1574
- T1192
- T1133
- T1098
- T1217
- T1018
- T1135
- T1018 - Remote System Discovery
- T1552
- T1480
- T1040
- T1037
- T1561 - Disk Wipe
- T1587.002
- T1497 - Virtualization/Sandbox Evasion
- T1499 - Endpoint Denial of Service
- T1087 - Account Discovery
- T1090
- T1202 - Indirect Command Execution
- T1566.001
- T1566.003
- T1134 - Access Token Manipulation
Associated Malware/Software for Lazarus Group:
-
osx.manuscrypt
-
TrojanSpy
-
RustDoor
-
Windows
-
osx.casso
-
win.wininetloader
-
win.alphanc
-
win.deltas
-
osx.3cx_backdoor
-
Cutwail
-
win.badcall
-
win.buffetline
-
osx.interception
-
win.vyveva
-
win.scout
-
apk.hardrain
-
win.bankshot
-
osx.applejeus
-
win.ratankbapos
-
osx.unidentified_001
-
win.ghost_rat
-
win.winordll64
-
osx.simpletea
-
win.comebacker
-
Tofsee.T
-
GoldPickaxe
-
jsoutprox
-
win.forest_tiger
-
win.phandoor
-
redline_stealer
-
Linux
-
win.romeos
-
win.hoplight
-
win.roll_sling
-
GbdInf_305B1C9A.J!ibt
-
win.brambul
-
win.lambload
-
m1
-
RawDisk
-
win.lazardoor
-
osx.dacls
-
Lazarus
-
ETERNALBLUE
-
DDoS-Y
-
APNIC
-
AuditCred
-
Trojan:Win32/SmokeLoader
-
win.banpolmex
-
sliver
-
Korean
-
win.sierras
-
win.artfulpie
-
elf.simpletea
-
win.torisma
-
PWS:Win32/AgentTesla
-
win.dacls
-
DarkComet
-
osx.poolrat
-
win.lpeclient
-
win.interception
-
Formbook
-
osx.hloader
-
win.unidentified_042
-
win.lazarloader
-
jrat
-
win.typeframe
-
win.alreay
-
win.veiledsignal
-
win.power_ratankba
-
Bankshot
-
Net
-
osx.kandykorn
-
win.keymarble
-
win.snatchcrypto
-
win.hotcroissant
-
PLAY
-
POOLRAT
-
win.dtrack
-
TEL:MSIL/AgentTesla
-
netsh
-
elf.badcall
-
Unix
-
Ransom:Win32/WannaCrypt
-
DPRK
-
win.contopee
-
TYPEFRAME
-
win.fudmodule
-
win.unidentified_101
-
win.rifdoor
-
win.slickshoes
-
win.imprudentcook
-
Zombie.A
-
win.postnaptea
-
fullhouse
-
win.unidentified_077
-
Andariel
-
apk.badcall
-
win.bitsran
-
js.quickcafe
-
WannaCry
-
win.rustbucket
-
win.wannacryptor
-
VMConnect
-
win.bookcodesrat
-
win.hardrain
-
tsunami
-
win.jessiecontea
-
BlueNoroff
-
win.neddnloader
-
osx.sugarloader
-
mimikatz
-
HARDRAIN
-
AgentTesla.KM
-
win.gopuram
-
win.blindtoad
-
PWSX-gen
-
cobalt_strike
-
aix.fastcash
-
RATANKBA
-
win.cur1_downloader
-
php.redhat_hacker
-
MagicRAT
-
elf.spectral_blur
-
win.cleantoad
-
osx.yort
-
win.iconic_stealer
-
ps1.powerspritz
-
win.bluenoroff
-
FG!tr.ransom
-
win.applejeus
-
win.minitypeframe
-
win.httpsuploader
-
amadey
-
win.volgmer
-
ET
-
osx.spectral_blur
-
hermeticwiper
-
QUASAR
-
win.vsingle
-
win.dyepack
-
Threat
-
Mofksys.B
-
win.nestegg
-
win.hermes
-
win.fuwuqidrama
-
hellokitty
-
win.lazarus_killdisk
-
Exploit:Win32/CVE-2017-0147
-
win.bravonc
-
win.unidentified_090
-
win.redshawl
-
Mimikatz
-
win.hotwax
-
win.blindingcan
-
invisibleferret
-
win.ransomhub
-
win.klackring
-
win.cheesetray
-
mirai
-
win.miniblindingcan
-
win.pslogger
-
HOPLIGHT
-
win.webbytea
-
osaminer
-
CatB
-
BADCALL
-
osx.rustbucket
-
Proxysvc
-
win.wormhole
-
win.magic_rat
-
win.joanap
-
FALLCHILL
-
win.bistromath
-
win.touchmove
-
HTTP
-
win.crat
-
DDoS:Linux/Gafgyt
-
win.racket
-
win.ghost_secret
-
win.bootwreck
-
win.nachocheese
-
win.3cx_backdoor
-
win.wagenttea
-
Win.Malware.Botgor-9853222-0
-
win.anchormtea
-
win.duuzer
-
NIDS
-
osx.watchcat
-
win.electricfish
-
win.coredn
-
Volgmer
-
GoldDigger
-
win.ratankba
-
Gheg
-
ps1.powerbrace
-
win.darkcomet
-
win.feed_load
-
comebacker
-
KEYMARBLE
-
Trojan:Win32/ClipBanker
-
win.cloudburst
-
win.dratzarus
-
win.lcpdot
-
win.op_blockbuster
-
win.srdi
-
RustBucket
-
beavertail
-
win.lightlesscan
-
Neurevt
Target Countries for Ghostwriter:
- Ukraine
- Serbia
- France
- Poland
- Belarus
- New Zealand
- Korea, Democratic People's Republic of
- Lithuania
- Korea, Republic of
- Germany
- Russian Federation
- China
- Latvia
- Malaysia
- Portugal
Related CVEs for Ghostwriter:
- CVE-2023-38831
- CVE-2020-0688
- CVE-2018-20250
- CVE-2022-30190
- CVE-2017-11774
- CVE-2019-11510
ATT&CK IDs for Ghostwriter:
- T1140 - Deobfuscate/Decode Files or Information
- T1471
- T1137 - Office Application Startup
- T1573.002 - Asymmetric Cryptography
- T1113
- T1219
- T1176
- T1176 - Browser Extensions
- T1203
- T1204.002 - Malicious File
- T1059.003 - Windows Command Shell
- T1547.001 - Registry Run Keys / Startup Folder
- T1078
- T1583
- T1574
- T1016
- T1137
- T1087
- T1071
- T1064
- T1027 - Obfuscated Files or Information
- T1102.002 - Bidirectional Communication
- T1574 - Hijack Execution Flow
- T1518
- T1486
- T1056
- T1002
- T1071.001
- T1100
- T1059.005 - Visual Basic
- T1055 - Process Injection
- T1010
- T1127 - Trusted Developer Utilities Proxy Execution
- T1189
- T1566
- T1059.001
- T1036 - Masquerading
- T1027
- T1543
- T1221
- T1082
- T1560
- T1564
- T1105
- T1059
- T1140
- T1204
- T1555
- T1104
- T1497
- T1208
- T1218.011 - Rundll32
- T1059 - Command and Scripting Interpreter
- T1105 - Ingress Tool Transfer
- T1041
- T1115
- T1587
- T1055
- T1057
- T1083
- T1036
- T1547
- T1566 - Phishing
- T1218
- T1482
- T1102
- T1193
- T1566.001
- T1046
- T1071.001 - Web Protocols
Associated Malware/Software for Ghostwriter:
-
win.sunseed
-
BEC
-
Cobalt Strike
-
GhostWriter
-
cobalt_strike
-
njrat
-
win.cobalt_strike
-
win.microbackdoor
-
win.smokeloader
-
win.picasso_loader
-
Beacon
-
Vietnam
-
microbackdoor
-
win.konni
-
win.grimplant
-
Cobalt Strike - S0154
-
SunSeed Lua
-
Asylum Ambuscade
-
win.graphsteel
-
Lua Based
Target Countries for NoName057:
- Korea, Republic of
- Netherlands
- Bangladesh
- Poland
- France
- China
- Switzerland
- Slovakia
- Spain
- Singapore
- Latvia
- Estonia
- Lithuania
- Ukraine
- Argentina
- United Kingdom
- Canada
- Czech Republic
- Germany
- Japan
- Norway
- Italy
- Sweden
- Ireland
- Austria
- Russian Federation
- Denmark
- Finland
- Malaysia
Related CVEs for NoName057:
- CVE-2020-0601
- CVE-2009-3672
- CVE-2005-1790
- CVE-2017-11882
- CVE-2018-4893
- CVE-2019-1367
- CVE-2021-40444
- CVE-2017-8570
- CVE-2017-0143
- CVE-2016-0099
- CVE-2015-1650
- CVE-2021-27065
- CVE-2017-0199
- CVE-2012-3993
- CVE-2014-6332
- CVE-2014-6352
- CVE-2018-8453
- CVE-2017-8464
- CVE-2016-0189
- CVE-2014-3153
- CVE-2018-8174
- CVE-2017-0147
- CVE-2024-21378
- CVE-2022-26134
- No specific CVEs are widely attributed to NoName057(16) due to their focus on DDoS attacks rather than exploiting vulnerabilities.
- CVE-2022-47633
- CVE-2010-3962
- CVE-2022-45359
- CVE-2020-0674
- CVE-2012-0158
- CVE-2023-36884
ATT&CK IDs for NoName057:
- T1059
- T1129
- T1071.002
- T1583.005
- T1598 - Phishing for Information
- T1027 - Obfuscated Files or Information
- T1031 - Modify Existing Service
- TA0007
- T1001
- T1449
- T1546
- T1082 - System Information Discovery
- T1491
- T1110
- T1412
- T1070
- T1046 - Network Service Scanning
- T1459
- T1046
- T1588
- T1571
- T1518
- TA0040
- T1031
- T1016
- T1071.001 - Web Protocols
- T1445
- T1210
- T1453
- T1567 - Exfiltration Over Web Service
- T1583.002
- T1094
- T1068
- TA0006
- T1045 - Software Packing
- T1566 - Phishing
- T1123
- TA0005
- T1140
- T1176
- T1041
- T1027
- T1583.005 - Botnet
- T1573
- T1464 - Jamming or Denial of Service
- T1518.001
- T1584.005
- T1083
- T1123 - Audio Capture
- T1450 - Exploit SS7 to Track Device Location
- T1583
- TA0009
- T1547
- T1134.001
- TA0034
- T1132.001
- T1071.004
- T1071.003
- T1567
- T1598
- T1059.007 - JavaScript
- T1505
- T1081
- T1450
- T1119 - Automated Collection
- TA0011
- T1560
- T1088
- TA0004
- T1088 - Bypass User Account Control
- T1071.001
- T1190
- T1588.004
- T1056.001
- T1563
- T1179
- T1003
- T1071.004 - DNS
- T1100
- T1493 - Transmitted Data Manipulation
- T1112 - Modify Registry
- T1071
- T1548
- T1147
- T1583.002 - DNS Server
- T1499
- T1129 - Shared Modules
- T1001.003
- TA0002 - Execution
- T1023 - Shortcut Modification
- T1105 - Ingress Tool Transfer
- T1204 - User Execution
- T1070.003
- T1005
- T1113
- T1546.015
- T1059.007
- T1459 - Device Unlock Code Guessing or Brute Force
- T1114.002 - Remote Email Collection
- T1053 - Scheduled Task/Job
- TA0011 - Command and Control
- T1410
- T1176 - Browser Extensions
- T1143 - Hidden Window
- T1140 - Deobfuscate/Decode Files or Information
- T1119
- T1056
- TA0002
- T1498.001
- T1059 - Command and Scripting Interpreter
- T1504
- T1071 - Application Layer Protocol
- T1566
- T1493
- T1496
- T1114
- T1454
- T1036
- T1523
- T1114 - Email Collection
- T1060
- T1415
- T1110.002
- T1449 - Exploit SS7 to Redirect Phone Calls/SMS
- T1114.002
- T1497 - Virtualization/Sandbox Evasion
- T1135
- T1497.002
- T1498
- T1110.002 - Password Cracking
- T1060 - Registry Run Keys / Startup Folder
- TA0001
- T1218 - Signed Binary Proxy Execution
- T1134
- T1132
- T1503
- T1082
- T1568
- T1498 - Network Denial of Service
- T1112
- TA0003
- T1562.001
- T1043
- TA0029
- T1105
- T1106
- T1491 - Defacement
- T1035
- T1049
- T1184
- T1056.001 - Keylogging
- T1497
- T1211
- T1218
- TA0006 - Credential Access
- T1057
- T1445 - Abuse of iOS Enterprise App Signing Key
- TA0004 - Privilege Escalation
- T1055 - Process Injection
- T1012
- TA0037
- T1055
Associated Malware/Software for NoName057:
-
Obfuscator.ADB
-
Python
-
W32.AIDetectVM
-
win.kuluoz
-
win.vidar
-
Swort
-
elf.mirai
-
Crack
-
win.suppobox
-
Cl0p
-
WannaCry Kill Switch
-
PWS.p
-
ketogenic switch
-
JS:Trojan.HideLink
-
win.njrat
-
Adware
-
win.colibri
-
Anonymizer
-
Lumma Stealer
-
redline_stealer
-
Discord
-
win.coinminer
-
HEUR:Trojan.BAT
-
Agent Tesla
-
SdBot.CAOC
-
Ghandi
-
SLFPER:InstallCore
-
Swrort
-
ALF:HeraklezEval:TrojanDownloader:Win32/Unruy.F
-
HTML
-
Inmortal
-
ALF:PUA:Win32/IObit
-
LaplasClipper
-
Steam
-
NBAE
-
njRAT - S0385
-
TrickBot - S0266
-
China Telecom
-
OpenCandy
-
Virus.Botgor!1.D115 (CLASSIC)
-
Exploit CVE-2017-11882
-
T
-
Win:ZGRAT
-
emotet
-
Win.Malware.Botgor-9853222-0
-
win.emotet
-
ALF:Program:OpenCandy:Remnant
-
Adload.AD81
-
Win.Worm.Mydoom-5
-
Magic
-
win.babar
-
Strictor
-
SNH:Script [Dropper]
-
Gen:Variant.Bulz
-
Detplock
-
Tulach Malware
-
TEL:Trojan:Win32/Emotet
-
win.netfilter
-
Netsky
-
Program.Unwanted
-
HTML:Script
-
PWS:MSIL/Steam
-
FileRepMalware
-
Worm:Win32/Netsky
-
jar.jrat
-
win.graftor
-
win.tinba
-
Union
-
win.smokeloader
-
TROJ_FRS.VSN1EJ18
-
Qbot
-
Xegumumune.8596c22f
-
py.networm
-
GameHack.DR
-
NoName057
-
elf.ransomexx
-
ALF:HeraklezEval:Trojan:Win32/AgentTesla!rfn
-
Ransomware
-
win.bobik
-
win.nircmd
-
Malvertizing
-
win.gandcrab
-
#HSTR:HackTool:Win32/Mimikatz
-
win.sality
-
W32.eHeur
-
Gregory
-
Wacapew.C
-
win.xtunnel
-
Raccoon Stealer
-
QakBot - S0650
-
win.cobalt_strike
-
Patcher
-
Script.INF
-
Wacatac
-
Trojan:Linux/Downldr
-
Systweak
-
ELF:Mirai-GH\ [Trj]
-
xtunnel
-
Cobalt Strike - S0154
-
Win64.Payload.Limepad
-
win.webmonitor
-
Trojan:Win32/Wacatac
-
Vitzo
-
DDoSia Projects
-
Chinese
-
Cobalt Strike
-
Trojan:Win32/InstallCore
-
win.daxin
-
Win32.HsIdir
-
SHOTPUT
-
PUA.Reg1staid
-
VB.EmoDldr.4
-
Yixun
-
hiddentear
-
ALF:PUA:Win32/Catalina
-
Delf.NBX
-
win.agent_btz
-
CVE-2015-1650
-
VirTool
-
VB.Chronos.7
-
Hall Render
-
win.feodo
-
TEL:Delphi/Obfuscator
-
GoldMax - S0588
-
Zbd Zeus
-
Slimware
-
DriverReviver
-
Sonbokli
-
Gen:Trojan.Heur
-
win.dosia
-
ALF:PUA:Win32/FusionCore
-
win.immortal_stealer
-
Unix
-
WebToolbar
-
Trojan:MSIL/Burkina
-
VB:Trojan.Valyria
-
win.hiddentear
-
win.azorult
-
WannaCry
-
OpenSubtitles.A
-
win.plugx
-
ScrInject.B
-
Ubot
-
DangerousObject.Multi
-
bloodalchemy
-
Colbalt Strike
-
ramnit
-
apk.xrat
-
Nemucod
-
Artemis
-
LNK.Powershell
-
PWS-FCZZ
-
Bambernek
-
Backdoor:PHP/Artemis
-
Behav
-
Suspicious.Save
-
win.nanocore
-
Ireland Netsky
-
O.gen
-
Virus:WM/Look
-
Virus:DOS/Nanjing
-
Mimikatz
-
Racoon Stealer
-
JS:Iframe
-
RansomX-gen\ [Ransom]
-
Tiggre
-
PUP.Bundler
-
Worm:Win32/Pykspa
-
ET
-
IObit
-
Network RAT
-
ALF:HSTR:HackTool:ExtremeInjector.S01
-
win.mimikatz
-
FireHOL
-
VB.PwShell.2
-
Pony - S0453
-
JHUHUGIT
-
Trojan:Win32/Tiggre
-
susp.lnk
-
staticrr.paleokits.net
-
malicious.2a7bf4
-
Evo
-
Indiloadz.BB
-
Application.SQLCrack
-
fake ,promethiumm ,strongpity
-
index.php
-
RedLine
-
Ulise.345018
-
Worm:Win32/AutoRun!atmn
-
Azorult - S0344
-
Trojan:Win32/Raccoonstealer
-
Ransom:Win32/CVE-2017-0147
-
BScope.Riskware
-
Presenoker
-
win.locky
-
Bambernek Pony
-
win.agent_tesla
-
CIL.HeapOverride
-
Looquer
-
Auslogics
-
Ransom_WCRY.SMALYM
-
win.redline_stealer
-
States
-
Wannaren.A
-
$WebWatson
-
win.ducktail
-
malware_download suspicious.low.ml 2 malicious.moderate.ml 1 Unsafe.AI_Score_98% 1 Mobigame 1 banker,evasive,retefe 1 Program.Unwanted 1 malicious.high.ml 1 Kryptik.dawvk 1 Unsafe.AI_Score_91% 1 Adwar
-
BUBBLEWRAP
-
ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger
-
#Lowfi:SIGA:TrojanSpy:MSIL/Keylogger
-
Gen:NN.ZemsilF.34128
-
Banker
-
Softcnapp
-
MSIL.C515258
-
trojanx
-
PossibleThreat.PALLAS
-
APNIC
-
Kryptik.FPH.gen
-
Trojan:Win32/Qbot
-
undefined 1 ms 1 xyz 1 gl 1 net TLD aggregation com ms xyz gl net 20% 20% 20% 20% 20% TLD Count com 1 undefined NaN ms 1 xyz 1 gl 1 net 1 Combined blacklist timeline Hybrid-Analysis Maltiverse Resea
-
IL:Trojan.MSILZilla
-
Exploit.CVE
-
Trojan:VBA/Downldr
-
Black
-
DDoSia
-
QuasarRAT
-
win.zeus
-
SLFPER:BrowserModifier:Win32/MediaMagnet
-
win.hupigon
-
Radar Ineractive
-
Spammer:Win32/Noname
-
win.remcos
-
GLOOXMAIL
-
win.rms
-
Win.Downloader.76944-1
-
VNC
-
QUASAR
-
Uztuby
-
RedLine Stealer
-
Tor - S0183
-
win.wannacryptor
-
TSGeneric
-
Skynet
-
win.chaos
-
elf.darkside
-
CIL.StupidCryptor
-
Fusioncore
-
Sibot
-
Worm:VBS/Dapato
-
win.trickbot
-
win.redcap
-
Emotet - S0367
-
Keylogger
-
Trojan:Win32/Dapato
-
SGeneric
-
AutoIT
-
Tulach
-
Phish.AB
-
Zpevdo
-
BlackNET
-
TinyZBot - S0004
-
Silk Road
-
StopCrypt.AK!MTB
-
win.formbook
-
elf.mikey
-
Phishing
-
Win32/Ispen BADNEWS Fake User-Agent
-
win.tofsee
-
Pua.Gen
-
Unsafe
-
TrojanDownloader:Linux/Downldr
-
win.bloodalchemy
-
Zbot
-
AgentTesla
-
Sodin Ransomware
-
Suspicious_GEN.F47V0520
-
Packed-GV
-
osx.mokes
-
Backdoor.Oldrea
-
win.ramnit
-
TrojanDownloader:Win32/Kraddare
-
win.razy
-
Zusy.375932
-
Loki Bot
-
AGEN.1045227
-
Freemake
-
TrojanSpy
-
Laplas
-
HEUR:AdWare.StartSurf
-
Downldr.gen
-
apk.alien
-
!#HSTR:Win32/Spectorsoft
-
Ursnif - S0386
-
Invoke-Mimikatz
-
Ransom:Win32/Nymaim
-
win.cutwail
-
win.virut
-
Proxy.exe Autoit
-
MBT
-
BitcoinAussie
-
win.nokoyawa
-
BlackShades Crypter
-
Keyloggers
-
ALF:Base64EncodeFunctionMonitorW
-
Trojan:Win32/Emotet
-
Redirector
-
ALF:Trojan:Win32/FormBook.F!MTB
-
HTML_REDIR.SMR
-
Verified
-
Domains
-
RiskTool.Phpw
-
RevengeRAT
-
win.blacknet_rat
-
Faceliker.A
-
win.icefog
-
Relic
-
WisdomEyes.16070401.9500
-
Injector.IS.gen
-
Remnant
-
TrojanSpy:Win32/Kronos
-
W32.AIDetect.malware2
-
ELF
-
win.dridex
-
Win.Packed.Zenpak-7101989-0
-
185.199.108.133.Malware_Host
-
dosia
-
BR
-
VirTool:MSIL/Obfuscator.BV
-
HSBC
-
S-b748adc5
-
TROJ_GEN.R002C0OG518
-
Nidiran
-
Neurovt
-
PSW.Stealer
-
Trojan:Python/Downldr
-
PWSX
-
FG!tr.ransom
-
win.lokipws
-
OSX_OCEANLOTUS.D
-
Dropper.DR/AutoIt.Gen
-
Backdoor:Win32/Simda
-
GoldFinder - S0597
-
BehavBehavesLike.PUPXBI
-
MalwareX
-
VB.EmoooDldr.10
-
Trojan:MSIL/Razy
-
Gen:Heur.NoobyProtect
-
win.nymaim
-
win.hermeticwiper
-
GoldFinder
-
win.quasar_rat
-
Feodo Tracker
-
Babulya/CollectorStealer User-Agent
-
Ursu
-
ALF:JASYP:PUAWin32/Systweak
-
Variant.Bulz
-
Maltiverse
-
Remsec
-
Occamy
-
generic.ml
-
SpyAgent
-
Beach Research
-
Bazaar Loader
-
APT Notes
-
Marina Botnet
-
GenericKD.37827502
-
Kraddare
Target Countries for Volt Typhoon:
- Singapore
- UK
- Canada
- USA
- India
- Australia
Related CVEs for Volt Typhoon:
- CVE-2022-27997
- CVE-2021-26855
- CVE-2023-27350
- CVE-2021-40539
- CVE-2021-26857
- CVE-2021-27065
- CVE-2021-27860
- CVE-2021-26858
ATT&CK IDs for Volt Typhoon:
- T1573
- T1090.003
- T1078
- T1082
- T1569
- T1057
- T1190
- T1584 - Compromise Infrastructure
- T1595.002
- T1102 - Web Service
- T1105
- T1011 - Exfiltration Over Other Network Medium
- T1055
- T1040
- T1007
- T1490
- T1036
- T1048
- T1059
- T1566.001
- T1071
- T1071 - Application Layer Protocol
- T1210
- T1106
- T1587.004
- T1033
- T1531
- T1133 - External Remote Services
- T1133
- T1069
- T1003
- T1555
- T1112
- T1199
- T1583.005
- T1020 - Automated Exfiltration
- T1546
- T1530
- T1016
- T1595
- T1090
- T1593
- T1021
- T1553
- T1068
- T1592
- T1547
- T1087
- T1505
- T1110
- T1070
- T1589
- T1047
- T1195
- T1070.001
Associated Malware/Software for Volt Typhoon:
-
sh.kv
-
KV
-
HiatusRAT
-
kv
-
win.scanline
-
MIPS
-
scanline
-
Volt Typhoon
Top Ransomware Groups
termite
★
Rank: 1
1815077
Audience
14
News
12
IOC
Target Countries:
United Kingdom
Australia
Germany
France
Canada
+ 4
Target Sectors:
Real Estate -
Hospitals -
Accommodation -
Manufacturing -
Public Administration -
Associated Malware/Software:
No Malware available.
Related CVE's:
No CVE's available.
ATT&CK IDs:
T1070.004-Indicator Removal
T1083-File and Directory Discovery
T1486-Data Encrypted for Impact
T1204.002-User Execution
T1135-Network Share Discovery
+ 1
See Details
lockbit
★
Rank: 2
1619270
Audience
20
News
27796
IOC
Target Countries:
Afghanistan
Bahamas
Indonesia
United States
Poland
+ 79
Target Sectors:
Food Manufacturing -
Software Publishers -
Real Estate -
Hospitals -
Enterprises & Holding -
Associated Malware/Software:
Remsec
VB.PwShell.2
FonePaw
VB:Trojan.Valyria
Inmortal
+ 324
Related CVE's:
CVE-2021-44228
CVE-2017-11882
CVE-2023-29324
CVE-2023-23397
CVE-2014-3153
+ 50
ATT&CK IDs:
T1038
T1064
TA0003
T1021.001
T1022
+ 157
See Details
hunters
★
Rank: 3
1263649
Audience
19
News
2
IOC
Target Countries:
Indonesia
Tunisia
United States
Poland
Hong Kong
+ 47
Target Sectors:
Food Manufacturing -
Real Estate -
Hospitals -
Accommodation -
Air Transportation -
Associated Malware/Software:
Ransomware
Related CVE's:
No CVE's available.
ATT&CK IDs:
No Attack IDs
See Details
qilin
★
Rank: 4
1093266
Audience
7
News
2
IOC
Target Countries:
Timor-Leste
Indonesia
United States
Hong Kong
Venezuela, Bolivarian Republic of
+ 47
Target Sectors:
Construction of Buildings -
Food Manufacturing -
Real Estate -
Hospitals -
Accommodation -
Associated Malware/Software:
Ransomware
Qilin
Related CVE's:
CVE-2021-26855
CVE-2021-44228
CVE-2021-34527
CVE-2019-19781
ATT&CK IDs:
T1486
T1078
T1059.001
T1490
T1071.001
See Details
Target Countries for termite:
- United Kingdom
- Australia
- Germany
- France
- Canada
- Madagascar
- United States
- Oman
- Cyprus
Related CVEs for termite:
ATT&CK IDs for termite:
- T1070.004-Indicator Removal
- T1083-File and Directory Discovery
- T1486-Data Encrypted for Impact
- T1204.002-User Execution
- T1135-Network Share Discovery
- T1490-Inhibit System Recovery
Associated Malware/Software for termite:
Target Countries for lockbit:
- Afghanistan
- Bahamas
- Indonesia
- United States
- Poland
- Hong Kong
- Ethiopia
- Cyprus
- Trinidad and Tobago
- Sweden
- Iceland
- China
- Kenya
- Singapore
- Lebanon
- New Zealand
- Netherlands
- Chile
- Bulgaria
- Romania
- Taiwan, Province of China
- Uruguay
- Global
- Peru
- Switzerland
- Colombia
- Czech Republic
- Nigeria
- Ireland
- India
- Portugal
- Australia
- Thailand
- Slovakia
- Turkey
- France
- Korea, Republic of
- Belgium
- United Kingdom
- Mexico
- South Africa
- Egypt
- Brazil
- Saint Vincent and the Grenadines
- Luxembourg
- Austria
- Italy
- Jordan
- Finland
- Israel
- Mozambique
- Venezuela, Bolivarian Republic of
- Malaysia
- Russian Federation
- Canada
- Panama
- Hungary
- Dominican Republic
- Haiti
- Ukraine
- Virgin Islands, U.S.
- Angola
- Iran, Islamic Republic of
- Greece
- Nicaragua
- Croatia
- United Arab Emirates
- Spain
- Senegal
- Germany
- Martinique
- Samoa
- Cuba
- Kuwait
- Norway
- Georgia
- Bangladesh
- Philippines
- Saudi Arabia
- Argentina
- Japan
- Costa Rica
- Bolivia, Plurinational State of
- Oman
Related CVEs for lockbit:
- CVE-2021-44228
- CVE-2017-11882
- CVE-2023-29324
- CVE-2023-23397
- CVE-2014-3153
- CVE-2023-20269
- CVE-2023-40044
- CVE-2021-27065
- CVE-2023-3519
- CVE-2023-36025
- CVE-2017-0143
- CVE-2021-34523
- CVE-2021-20028
- CVE-2021-36942
- CVE-2021-34473
- CVE-2024-1709
- CVE-2024-21412
- CVE-2023-46748
- CVE-2023-3284
- CVE-2023-34039
- CVE-2021-22986
- CVE-2022-42475
- CVE-2017-17215
- CVE-2023-5009
- CVE-2023-38831
- CVE-2018-0798
- CVE-2024-1708
- CVE-2017-8464
- CVE-2023-46747
- CVE-2019-19781
- CVE-2023-38035
- CVE-2021-26857
- CVE-2017-0147
- CVE-2021-31207
- CVE-2018-13379
- CVE-2023-20198
- CVE-2023-22518
- CVE-2020-0787
- CVE-2022-3236
- CVE-2015-1650
- CVE-2020-0796
- CVE-2023-4966
- CVE-2017-0199
- CVE-2019-11510
- CVE-2023-20109
- CVE-2023-36884
- CVE-2023-46604
- CVE-2023-27350
- CVE-2023-5129
- CVE-2023-22515
- CVE-2018-8453
- CVE-2022-26134
- CVE-2022-47966
- CVE-2022-30190
- CVE-2022-36537
ATT&CK IDs for lockbit:
- T1038
- T1064
- TA0003
- T1021.001
- T1022
- T1110
- T1176
- T1012
- T1445
- T1562.004
- T1482
- T1410
- T1057
- T1018
- T1596
- T1569
- T1210
- T1056
- T1029
- T1530
- T1567
- T1027.002
- T1199
- T1106
- T1207
- T1137
- T1036
- T1008
- T1041
- TA0040
- T1053
- T1189
- T1133
- TA0005
- T1587
- T1518
- T1193
- T1078
- T1574
- T1059.007
- T1127
- T1056.001
- T1021
- T1048
- T1539
- TA0004
- T1491
- T1450
- T1412
- T1454
- TA0011
- T1556
- T1055
- T1559.001
- T1059.002
- T1583.002
- T1088
- T1553
- T1563
- T1129
- TA0009
- T1031
- T1219
- T1156
- T1591
- T1187
- T1136
- T1059.003
- T1518.001
- T1614
- T1070.004
- T1100
- T1566
- T1564
- T1560
- T1059
- T1574.002
- T1082
- T1087
- T1113
- T1552
- T1102
- T1489
- T1134
- T1147
- T1083
- T1060
- T1486
- T1105
- T1221
- TA0006
- T1071.002
- T1068
- T1564.001
- T1496
- T1480
- T1046
- T1072
- T1490
- T1498
- T1204.002
- T1132
- T1053.005
- TA0034
- T1585
- T1003.008
- T1204
- TA0029
- T1112
- T1005
- T1218
- T1570
- T1095
- T1485
- T1140
- T1588
- TA0007
- T1449
- T1074
- T1104
- T1011
- T1543
- T1070
- T1063
- T1497
- T1049
- T1583
- T1071
- T1562.001
- T1584.005
- T1090
- T1562
- T1555
- T1211
- T1531
- T1571
- TA0002
- T1003
- T1114
- T1546
- T1190
- T1583.005
- T1027
- T1183
- T1548
- T1071.004
- T1110.002
- T1195
- T1001.002
- T1584
- T1505
- T1573
- T1016
- T1572
- T1547
- T1040
- T1071.003
- T1122
- T1001
- T1010
- T1071.001
- T1047
Associated Malware/Software for lockbit:
-
Remsec
-
VB.PwShell.2
-
FonePaw
-
VB:Trojan.Valyria
-
Inmortal
-
Bitmap.exe
-
Hall Render
-
Win32/SocStealer!rfn
-
Gen:Heur.NoobyProtect
-
FileRepMalware
-
Loki Bot
-
Lumma Stealer
-
SpyAgent
-
win.bloodalchemy
-
ALF:Ransom:Win32/LockBit
-
Backdoor.Oldrea
-
VB.EmoDldr.4
-
win.lookback
-
win.netfilter
-
TA505
-
win.agent_tesla
-
FG!tr.ransom
-
GlobalNet
-
WannaCry Kill Switch
-
AgentTesla
-
VB.Chronos.7
-
Script.INF
-
win.chaos
-
AGEN.1045227
-
GetLucky
-
Win.Worm.Mydoom-5
-
win.pwndlocker
-
GLOOXMAIL
-
Maltiverse
-
KANDYKORN macOS
-
Mastadon
-
Unsafe
-
RedlineStealer
-
Lokbit
-
win.cobalt_strike
-
Gen:NN.ZemsilF.34128
-
Presenoker
-
ScrInject.B
-
RedLine Stealer
-
Indiloadz.BB
-
TrojanSpy
-
States
-
BScope.Riskware
-
Exploit CVE-2017-11882
-
jar.jrat
-
HallGrand
-
win.darkgate
-
HopToDesk
-
Marina Botnet
-
Tor - S0183
-
Wiper
-
Quasar RAT
-
HEUR:Trojan.BAT
-
Kraddare
-
Zpevdo
-
Patcher
-
$WebWatson
-
W32.AIDetectVM
-
PUA.Reg1staid
-
AutoIT
-
index.php
-
win.azorult
-
apk.alien
-
Magic
-
Ghandi
-
fake ,promethiumm ,strongpity
-
win.formbook
-
win.lumma
-
IL:Trojan.MSILZilla
-
elf.lockbit
-
Ursu
-
js.gootloader
-
PWS.p
-
win.amadey
-
Win32:RansomX-gen\ [Ransom]
-
Makop
-
3AM
-
Dark Power
-
win.nokoyawa
-
elf.ransomexx
-
SdBot.CAOC
-
Systweak
-
WininiCrypt
-
Daisy Coleman
-
BEC
-
Ulise.345018
-
Fusioncore
-
elf.dark
-
win.quasar_rat
-
win.asyncrat
-
PWSX
-
DroxiDat
-
CIL.HeapOverride
-
Deuterbear
-
PWS:Win32/QQpass.CI
-
win.nymaim
-
MalwareX
-
BlackNET
-
js.evilnum
-
Lazarus
-
ALF:HeraklezEval:Trojan:Win32/Ymacco.AA47
-
win.rhadamanthys
-
Stopransomware.gov
-
win.icefog
-
Pegasus for iOS - S0289
-
Gen:Variant.Bulz
-
Zbot
-
HTML_REDIR.SMR
-
Remcos RAT
-
Gen:Trojan.Heur
-
ALPHV
-
ALF:HeraklezEval:PUA:Win32/SpyrixKeylogger
-
Win.Packer.Crypter-6539596-1
-
Trojan:Win32/WannaCry.350
-
Crypt3.BLXP
-
Virus.Botgor!1.D115 (CLASSIC)
-
elf.blackmatter
-
win.lokipws
-
Win32.HsIdir
-
SocGholish
-
JS:Iframe
-
Evo
-
NoName057
-
win.blacknet_rat
-
Tsara Brashears
-
BlackCat - S1068
-
Hidden Form
-
LNK
-
WannaCry
-
staticrr.paleokits.net
-
ELF
-
Ransom:Win32/CVE-2017-0147
-
Worm:Win32/Benjamin
-
win.cuba
-
Black
-
Strictor
-
Arid.Viper_CnC
-
ETERNALBLUE
-
elf.babuk
-
Win.Malware.Botgor-9853222-0
-
Brontok
-
win.kuluoz
-
CVE-2015-1650
-
win.remcos
-
BehavBehavesLike.PUPXBI
-
win.parallax
-
Phish.AB
-
DoNex
-
win.dridex
-
win.maze
-
Malvertizing
-
W32.AIDetect.malware2
-
Ransomware
-
W32.eHeur
-
win.ramnit
-
ALF:TrojanSpy:Win32/Keylogger
-
Swisyn
-
LNK.Powershell
-
win.stealbit
-
JHUHUGIT
-
Faceliker.A
-
PWS-FCZZ
-
win.virut
-
Trojan:Win32/Wacatac
-
Trojan:VBA/Downldr
-
win.feodo
-
TROJ_FRS.VSN1EJ18
-
Python
-
darkrace
-
Trojan:Python/Downldr
-
Threat
-
win.suppobox
-
Cyberespionage
-
SGeneric
-
Exploit.CVE
-
Suspicious.Save
-
TROJ_GEN.R002C0OG518
-
LolKek
-
Packed-GV
-
CVE JAR
-
Zbd Zeus
-
Twitter Malware
-
win.wannacryptor
-
Keylogger
-
NBAE
-
APT Notes
-
Trojan:Linux/Downldr
-
WebToolbar
-
Relic
-
Kryptik.FPH.gen
-
HTML:Script
-
Detects UPATRE
-
Raas
-
Delf.NBX
-
Tulach Malware
-
elf.mikey
-
win.lockfile
-
Bl00dy
-
Bleed
-
win.trickbot
-
Adload.AD81
-
Cyclops Blink - S0687
-
TrickBot - S0266
-
ETPRO
-
py.networm
-
TrueSightKiller
-
Tulach
-
Agent Tesla
-
PSW.Stealer
-
Trojan:MSIL/Burkina
-
Arkei
-
IOCs
-
win.njrat
-
Sabey
-
Noberus
-
win.karagany
-
win.graftor
-
PossibleThreat.PALLAS
-
win.raccoon
-
win.redcap
-
Worm:VBS/Dapato
-
OpenSubtitles.A
-
SNH:Script [Dropper]
-
Crack
-
Agent Tesla - S0331
-
Xegumumune.8596c22f
-
win.redline_stealer
-
win.webmonitor
-
win.locky
-
susp.lnk
-
Cybersecurity News
-
win.blueshell
-
JavaScript
-
win.agent_btz
-
VB.EmoooDldr.10
-
HEUR:AdWare.StartSurf
-
Phishing
-
Qbot
-
Application.SQLCrack
-
Pegasus
-
Win32:RATX-gen [Trj]
-
elf.mirai
-
Wacatac
-
Beacons
-
Adware
-
MSIL.C515258
-
QakBot
-
Downldr.gen
-
Win64.Payload.Limepad
-
Dropper.DR/AutoIt.Gen
-
win.vidar
-
Dapato
-
GhostDriver
-
Bazaar Loader
-
Ursnif
-
OriginLoader
-
win.emotet
-
Bit RAT
-
win.immortal_stealer
-
Artemis
-
malicious.2a7bf4
-
generic.ml
-
JS:Trojan.HideLink
-
win.smokeloader
-
win.doublepulsar
-
Trojan:Win32/Detplock
-
Cobalt Strike
-
GameHack.DR
-
Witchetty
-
Pua.Gen
-
DangerousObject.Multi
-
Ryuk ransomware
-
RevengeRAT
-
Swort
-
TrojanDownloader:Linux/Downldr
-
win.bobik
-
Nemucod
-
win.nanocore
-
Ransom_WCRY.SMALYM
-
Injector.IS.gen
-
HallRender
-
Amazon AES
-
Suspicious_GEN.F47V0520
-
win.dnspionage
-
Domains
-
W32/Hupigon.NCU
-
CHOPSTICK
-
Strike Beacon
-
PS1
-
win.shadowpad
-
Detplock
-
win.waterbear
-
win.xworm
-
win.hupigon
-
Death Bitches
-
Apple Malware
-
elf.blackcat
-
RiskTool.Phpw
-
AzoruIt
-
VBS
-
Facebook HT
-
Virus:DOS/Burma
-
Rhysida
-
Win.Packed.Zenpak-7101989-0
-
Skynet
-
Discord
-
Wacapew.C
-
RedLine
-
TSGeneric
-
Win.Downloader.76944-1
-
Maui ransomware
-
Program.Unwanted
-
S-b748adc5
-
Auslogics
-
elf.conti
-
CIL.StupidCryptor
-
Download
-
NetSupport
-
njRAT - S0385
-
WisdomEyes.16070401.9500
-
Ransom:Win32/GandCrab.AE
-
Racoon Stealer
-
Silk Road
-
win.zeus
Target Countries for hunters:
- Indonesia
- Tunisia
- United States
- Poland
- Hong Kong
- Malaysia
- Sweden
- Russian Federation
- Canada
- Hungary
- El Salvador
- Dominican Republic
- Haiti
- China
- Singapore
- New Zealand
- Netherlands
- Bulgaria
- Romania
- Taiwan, Province of China
- Global
- Switzerland
- Lithuania
- United Arab Emirates
- Spain
- Czech Republic
- Ireland
- India
- Senegal
- Côte d'Ivoire
- Uganda
- Germany
- Australia
- Vietnam
- Thailand
- Turkey
- France
- Zimbabwe
- Belgium
- Korea, Republic of
- United Kingdom
- Dominica
- Mexico
- Latvia
- South Africa
- Japan
- Argentina
- Jamaica
- Namibia
- Egypt
- Brazil
- Italy
Related CVEs for hunters:
ATT&CK IDs for hunters:
Associated Malware/Software for hunters:
-
Ransomware
Target Countries for qilin:
- Timor-Leste
- Indonesia
- United States
- Hong Kong
- Venezuela, Bolivarian Republic of
- Malaysia
- Sweden
- Russian Federation
- Ecuador
- Canada
- Hungary
- Pakistan
- Mauritius
- China
- Ukraine
- Singapore
- New Zealand
- Netherlands
- Chile
- Angola
- Romania
- Taiwan, Province of China
- Greece
- Global
- Peru
- Switzerland
- Colombia
- United Arab Emirates
- India
- Senegal
- Palau
- Portugal
- Germany
- Australia
- Denmark
- Thailand
- Norway
- France
- Belgium
- Korea, Republic of
- Swaziland
- United Kingdom
- Philippines
- Mexico
- Saudi Arabia
- South Africa
- Japan
- Argentina
- Brazil
- Luxembourg
- Austria
- Italy
Related CVEs for qilin:
- CVE-2021-26855
- CVE-2021-44228
- CVE-2021-34527
- CVE-2019-19781
ATT&CK IDs for qilin:
- T1486
- T1078
- T1059.001
- T1490
- T1071.001
Associated Malware/Software for qilin:
-
Ransomware
-
Qilin
Discover the adversaries targeting your industry
Search Your Enemy
Copyright © 2025 SOCRadar Cyber Intelligence Inc.
All rights
reserved.
