socradar.io
Open in
urlscan Pro
2606:4700:3108::ac42:2bbb
Public Scan
Submitted URL: https://d2tykr04.na1.hubspotlinks.com/Ctc/2N+113/d2tykR04/VX8P648ZlfFTW3jDkRZ7H_fLjW67tPB75kPVZ1N2SX23R3m2ndW6N1vHY6lZ3lJW4hkM4b7BYhYb...
Effective URL: https://socradar.io/labs/threat-actor/?utm_medium=email&_hsenc=p2ANqtz-8jcU0rK1yKx6mFJpmO5gBLJU7TAq0N6ANWfnv0NJ53gU_...
Submission: On September 10 via manual from PE — Scanned from DE
Effective URL: https://socradar.io/labs/threat-actor/?utm_medium=email&_hsenc=p2ANqtz-8jcU0rK1yKx6mFJpmO5gBLJU7TAq0N6ANWfnv0NJ53gU_...
Submission: On September 10 via manual from PE — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
-------------------------------------------------------------------------------- * Dark Web Report * IOC Radar * External Threat Assessment Report * Country Threat Landscape Report * Industry Threat Landscape Report * External Attack Surface * Threat Actor * CVE Radar * DarkMirror * Campaigns * SOC Tools * BlueBleed * Free Access * Contact * Partners * Company THREAT ACTOR INTELLIGENCE KNOW YOUR ENEMY * Know their tactics, techniques, and past activities. * Access detailed profiles and track threat actor activities. * Keep up with the latest threats and Tactics, Techniques, and Procedures (TTPs). * Prioritize risks based on active threat actors in your industry or region. Threat Actor of the Month Discover the adversaries targeting your industry Threat Type Threat Actor * Threat Actor * Ransomware Threat Actor Name You can search by country or sector without typing Threat Actor Name Target Country All Country (171/171) * All Countries * Afghanistan * Albania * Algeria * Angola * Argentina * Armenia * Australia * Austria * Azerbaijan * Bahamas * Bangladesh * Belarus * Belgium * Belize * Benin * Bhutan * Bolivia Plurinational State of * Bosnia and Herzegovina * Botswana * Brazil * Brunei Darussalam * Bulgaria * Burkina Faso * Burundi * Cambodia * Cameroon * Canada * Central African Republic * Chad * Chile * China * Colombia * Congo * Costa Rica * Croatia * Cuba * Cyprus * Czech Republic * Côte d'Ivoire * Democratic Republic of the Congo * Denmark * Djibouti * Dominican Republic * Ecuador * Egypt * El Salvador * Equatorial Guinea * Eritrea * Estonia * Ethiopia * Fiji * Finland * France * Gabon * Gambia * Georgia * Germany * Ghana * Greece * Greenland * Guatemala * Guinea * Guinea-Bissau * Guyana * Haiti * Honduras * Hungary * Iceland * India * Indonesia * Iran Islamic Republic of * Iraq * Ireland * Israel * Italy * Jamaica * Japan * Jordan * Kazakhstan * Kenya * Kuwait * Kyrgyzstan * Lao People's Democratic Republic * Latvia * Lebanon * Lesotho * Liberia * Libya * Lithuania * Luxembourg * Madagascar * Malawi * Malaysia * Mali * Mauritania * Mexico * Moldova * Mongolia * Montenegro * Morocco * Mozambique * Myanmar * Namibia * Nepal * Netherlands * New Zealand * Nicaragua * Niger * Nigeria * North Korea * North Macedonia * Norway * Oman * Pakistan * Panama * Papua New Guinea * Paraguay * Peru * Philippines * Poland * Portugal * Puerto Rico * Qatar * Romania * Russian Federation * Rwanda * Saudi Arabia * Senegal * Serbia * Sierra Leone * Singapore * Slovakia * Slovenia * Solomon Islands * Somalia * South Africa * South Korea * South Sudan * Spain * Sri Lanka * State of Palestine * Sudan * Suriname * Swaziland * Sweden * Switzerland * Syria * Taiwan Province of China * Tajikistan * Tanzania * Thailand * Timor-Leste * Togo * Trinidad and Tobago * Tunisia * Turkmenistan * Turkey * Uganda * Ukraine * United Arab Emirates * United Kingdom * United States * Uruguay * Uzbekistan * Vanuatu * Venezuela Bolivarian Republic of * Vietnam * Yemen * Zambia * Zimbabwe Target Sectors All Sector (58/58) * All Sectors * Accommodation * Accommodation/Food Services * Administrative/Support Services * Administrative/Waste Management * Agriculture/Forestry * Air Transportation * Arts/Entertainment * Automotive * Banking * Betting * Beverag/Tobacco Manufacturing * Chemical/Pharmaceutical Manufacturing * Civic/Social Organizations * Clothing Stores * Computer Design/Services * Construction * Construction of Buildings * Credit Unions * CryptoCurrency/NFT * Data Processing Services * Delivery Services * E-Commerce * Educational Services * Electrical Equipment, Appliance, and Component Manufacturing * Electrical/Electronical Manufacturing * Energy/Utilities * Enterprises/Holding * Finance * Food Manufacturing * HealthCare/Social Assistance * Information Services * Insurance * Internet Publishing * Justice/Safety Activities * Manufacturing * Mining * Monetary Authorities-Central Bank * National Security/International Affairs * Oil/Gas * Other * Other Information Services * Professional/Technical Services * Public Administration * Publishing Services * Rail Transportation * Rental/Leasing * Repair/Maintenance * Restaurants * Retail * Sea Transportation * Software Publishers * Space/Defense * Telecommunications * Textile/Fabric Manufacturing * Transportation/Warehousing * Truck/Rail Transportation * Wholesale Trade Clear Search Please select a filter to get Threat Actors! Top Threat Actors COBALT ★ Rank: 1 258k Audience 3 News 6k IOC Target Countries: Malaysia Kazakhstan Taiwan Italy Spain + 26 Target Sectors: Media - High-Tech - Retail - Financial - Associated Malware/Software: win.cobint win.atmspitter SDelete Mimikatz Ursnif + 15 Related CVE's: CVE-2017-0199 CVE-2022-27228 CVE-2018-4878 CVE-2023-36884 CVE-2020-1472 + 27 ATT&CK IDs: T1112 T1195 - Supply Chain Compromise T1016 T1001 T1485 - Data Destruction + 212 See Details APT32 ★ Rank: 2 187k Audience 1 News 4k IOC Target Countries: ASEAN Malaysia Brunei South Korea Myanmar + 19 Target Sectors: Telecommunications - Defense - Financial - Media - High-Tech - Associated Malware/Software: oceanlotus Denis Ursnif apk.phantomlance LNK + 28 Related CVE's: CVE-2021-44515 CVE-2020-14882 CVE-2023-36884 CVE-2020-1472 CVE-2022-41120 + 18 ATT&CK IDs: T1112 T1195 - Supply Chain Compromise T1016 T1204.002 - Malicious File T1029 - Scheduled Transfer + 210 See Details APT28 ★ Rank: 3 49k Audience 1 News 2k IOC Target Countries: Ukraine UAE Switzerland Chile Canada + 47 Target Sectors: Construction - Defense - Education - Intelligence organizations - Healthcare - Associated Malware/Software: osx.komplex Responder win.unidentified_078 ngioweb win.credomap + 62 Related CVE's: CVE-2021-44515 CVE-2021-40444 CVE-2018-0950 CVE-2023-36884 CVE-2020-0688 + 37 ATT&CK IDs: T1195 - Supply Chain Compromise T1016 T1001 T1213.002 T1095 - Non-Application Layer Protocol + 232 See Details DEV-0586 ★ Rank: 4 31k Audience 3 News 0 IOC Target Countries: Ukraine Europe, Central Asia and Latin America Target Sectors: NGOs - IT - Government - Law enforcement - Associated Malware/Software: No Malware available. Related CVE's: CVE-2021-27065 CVE-2021-26855 CVE-2017-0144 ATT&CK IDs: T1486 T1078.003 T1190 T1134 See Details TARGET COUNTRIES FOR COBALT: × * Malaysia * Kazakhstan * Taiwan * Italy * Spain * Romania * Czech * Tajikistan * Russia * China * UK * USA * Netherlands * Thailand * Jordan * Armenia * Argentina * Belarus * Turkey * Bulgaria * Austria * Estonia * Poland * Kuwait * Ukraine * Kyrgyzstan * Azerbaijan * Vietnam * Moldova * Georgia * Canada Close RELATED CVES FOR COBALT: × * CVE-2017-0199 * CVE-2022-27228 * CVE-2018-4878 * CVE-2023-36884 * CVE-2020-1472 * CVE-2018-8174 * CVE-2012-35211 * CVE-2023-3519 * CVE-2021-26855 * CVE-2023-34362 * CVE-2021-44077 * CVE-2023-38831 * CVE-2021-4034 * CVE-2023-23397 * CVE-2021-44228 * CVE-2019-0803 * CVE-2021-22555 * CVE-2021-34527 * CVE-2021-26858 * CVE-2021-27065 * CVE-2021-26857 * CVE-2019-13272 * CVE-2022-2586 * CVE-2021-33764 * CVE-2021-3156 * CVE-2019-12725 * CVE-2022-30190 * CVE-2017-11882 * CVE-2022-47966 * CVE-2022-42475 * CVE-2021-40438 * CVE-2020-27216 Close ATT&CK IDS FOR COBALT: × * T1112 * T1195 - Supply Chain Compromise * T1016 * T1001 * T1485 - Data Destruction * T1095 - Non-Application Layer Protocol * T1049 * T1140 * T1203 * T1543 * T1003.002 * T1020 - Automated Exfiltration * T1558 - Steal or Forge Kerberos Tickets * T1187 * T1046 - Network Service Scanning * T1135 * T1098 * T1090 * T1090.003 * T1564 * T1548 - Abuse Elevation Control Mechanism * T1082 - System Information Discovery * T1132 * T1011 * T1530 * T1114 * T1059 * T1132 - Data Encoding * T1123 - Audio Capture * T1102 * T1482 * T1003 * T1566.001 * T1071.001 * T1566.002 * T1115 * T1070 * T1085 * T1046 * T1003 - OS Credential Dumping * T1055 * T1573.002 * T1204.002 * T1003.001 * T1220 * T1546.012 * T1027 - Obfuscated Files or Information * T1204.001 * T1105 * T1021 - Remote Services * T1071 - Application Layer Protocol * T1195.002 * T1107 * T1518.001 * T1095 * T1562 * T1140 - Deobfuscate/Decode Files or Information * T1518 * T1030 * T1069 * T1008 * T1497 * T1571 * T1503 * T1567 - Exfiltration Over Web Service * T1588.002 * T1007 * T1110 * T1190 * T1133 * T1518 - Software Discovery * T1059.005 * T1486 - Data Encrypted for Impact * T1059.007 * T1497.003 * T1195 * T1583 - Acquire Infrastructure * T1559 * T1059.001 * T1219 * T1570 * T1548.002 * T1204 * T1070.001 * T1550 * T1036.005 * T1081 * T1595 - Active Scanning * T1037.001 * T1539 * T1057 - Process Discovery * T1037 * T1048 * T1124 * T1547 - Boot or Logon Autostart Execution * T1112 - Modify Registry * T1113 * T1569.002 * T1078 * T1060 * T1090 - Proxy * T1574 * T1569 * T1012 * T1018 * T1505 - Server Software Component * T1136 * T1614 - System Location Discovery * T1005 * T1119 * T1106 * T1087 * T1560 - Archive Collected Data * T1505 * T1021 * T1490 * T1572 * T1048 - Exfiltration Over Alternative Protocol * T1588 * T1569 - System Services * T1555 * T1094 * T1587 - Develop Capabilities * T1547 * T1218 * T1490 - Inhibit System Recovery * T1170 * T1489 * T1218.008 * T1033 * T1560 * T1087 - Account Discovery * T1217 * T1482 - Domain Trust Discovery * T1547.001 * T1102 - Web Service * T1559.002 * T1176 * T1592 * T1204 - User Execution * T1003.003 * T1114.001 * T1056 * T1057 * T1041 - Exfiltration Over C2 Channel * T1136 - Create Account * T1218.003 * T1553 - Subvert Trust Controls * T1548 * T1053 * T1566 - Phishing * T1561 * T1070 - Indicator Removal on Host * T1185 * T1583 * T1083 * T1485 * T1127 * T1137 * T1572 - Protocol Tunneling * T1059.003 * T1018 - Remote System Discovery * T1595 * T1068 * T1106 - Native API * T1562.004 * T1069 - Permission Groups Discovery * T1199 - Trusted Relationship * T1068 - Exploitation for Privilege Escalation * T1187 - Forced Authentication * T1071.004 * T1097 * T1573 * T1189 * T1498 * T1027.010 * T1027 * T1553 * T1134 * T1070.004 * T1558 * T1033 - System Owner/User Discovery * T1053 - Scheduled Task/Job * T1029 * T1587 * T1601 - Modify System Image * T1082 * T1071 * T1074 - Data Staged * T1055 - Process Injection * T1021.001 * T1021.002 * T1218.010 * T1120 * T1486 * T1562.001 * T1573 - Encrypted Channel * T1136.001 * T1130 * T1041 * T1543.003 * T1039 * T1531 * T1563 - Remote Service Session Hijacking * T1550 - Use Alternate Authentication Material * T1529 * T1049 - System Network Connections Discovery * T1074 * T1043 * T1552 * T1566 * T1059 - Command and Scripting Interpreter * T1083 - File and Directory Discovery * T1053.005 * T1036 * T1546 * T1047 Close ASSOCIATED MALWARE/SOFTWARE FOR COBALT: × * win.cobint * win.atmspitter * SDelete * Mimikatz * Ursnif * LNK * win.pony * BlackSuit * win.lokipws * More_eggs * Cobalt Strike * win.cobalt_strike * win.formbook * cobalt_strike * terra_loader * PsExec * venom_lnk * more_eggs * js.more_eggs * APT Close TARGET COUNTRIES FOR APT32: × * ASEAN * Malaysia * Brunei * South Korea * Myanmar * Singapore * China * UK * USA * India * Netherlands * Philippines * Thailand * Germany * Nepal * Australia * Denmark * Japan * Cambodia * Indonesia * Laos * Vietnam * Bangladesh * Iran Close RELATED CVES FOR APT32: × * CVE-2021-44515 * CVE-2020-14882 * CVE-2023-36884 * CVE-2020-1472 * CVE-2022-41120 * CVE-2018-8174 * CVE-2021-35211 * CVE-2022-26138 * CVE-2023-38831 * CVE-2021-4034 * CVE-2021-1675 * CVE-2021-22205 * CVE-2021-22986 * CVE-2021-34527 * CVE-2021-33764 * CVE-2021-21551 * CVE-2017-11882 * CVE-2022-42889 * CVE-2022-24527 * CVE-2022-47966 * CVE-2022-42475 * CVE-2021-2307 * CVE-2019-16098 Close ATT&CK IDS FOR APT32: × * T1112 * T1195 - Supply Chain Compromise * T1016 * T1204.002 - Malicious File * T1029 - Scheduled Transfer * T1485 - Data Destruction * T1095 - Non-Application Layer Protocol * T1049 * T1561 - Disk Wipe * T1203 * T1217 - Browser Bookmark Discovery * T1543 * T1552 - Unsecured Credentials * T1005 - Data from Local System * T1001 - Data Obfuscation * T1046 - Network Service Scanning * T1135 * T1016 - System Network Configuration Discovery * T1564 * T1568 - Dynamic Resolution * T1007 - System Service Discovery * T1548 - Abuse Elevation Control Mechanism * T1082 - System Information Discovery * T1060 - Registry Run Keys / Startup Folder * T1564.001 * T1119 - Automated Collection * T1059 * T1132 - Data Encoding * T1574.002 * T1123 - Audio Capture * T1539 - Steal Web Session Cookie * T1102 * T1608.004 * T1003 * T1566.001 * T1071.001 * T1087.001 * T1566.002 * T1070 * T1046 * T1003 - OS Credential Dumping * T1055 * T1081 - Credentials in Files * T1204.002 * T1003.001 * T1027 - Obfuscated Files or Information * T1204.001 * T1105 * T1027.011 * T1564 - Hide Artifacts * T1021 - Remote Services * T1071 - Application Layer Protocol * T1543 - Create or Modify System Process * T1571 - Non-Standard Port * T1176 - Browser Extensions * T1140 - Deobfuscate/Decode Files or Information * T1078 - Valid Accounts * T1588.006 - Vulnerabilities * T1027.001 * T1105 - Ingress Tool Transfer * T1571 * T1588.002 * T1047 - Windows Management Instrumentation * T1072 * T1562 - Impair Defenses * T1216.001 * T1518 - Software Discovery * T1218 - Signed Binary Proxy Execution * T1059.005 * T1486 - Data Encrypted for Impact * T1059.007 * T1222.002 * T1583 - Acquire Infrastructure * T1059.001 * T1570 * T1204 * T1070.001 * T1550 * T1550.003 * T1036.005 * T1012 - Query Registry * T1595 - Active Scanning * T1114 - Email Collection * T1057 - Process Discovery * T1216 * T1574 - Hijack Execution Flow * T1585.001 * T1589.002 * T1048 * T1547 - Boot or Logon Autostart Execution * T1112 - Modify Registry * T1569.002 * T1078 * T1120 - Peripheral Device Discovery * T1090 - Proxy * T1113 - Screen Capture * T1598.003 * T1574 * T1564.004 * T1569 * T1012 * T1056.001 * T1018 * T1529 - System Shutdown/Reboot * T1550.002 * T1497 - Virtualization/Sandbox Evasion * T1583.006 * T1078.003 * T1087 * T1560 - Archive Collected Data * T1505 * T1021 * T1048 - Exfiltration Over Alternative Protocol * T1115 - Clipboard Data * T1588 * T1059.001 - PowerShell * T1587 - Develop Capabilities * T1218.005 * T1547 * T1130 - Install Root Certificate * T1036 - Masquerading * T1027.013 * T1218 * T1490 - Inhibit System Recovery * T1137 - Office Application Startup * T1036.004 * T1033 * T1560 * T1087 - Account Discovery * T1056 - Input Capture * T1583.001 * T1547.001 * T1102 - Web Service * T1218.011 * T1204 - User Execution * T1555 - Credentials from Password Stores * T1056 * T1598 * T1071.003 * T1041 - Exfiltration Over C2 Channel * T1136 - Create Account * T1553 - Subvert Trust Controls * T1011 - Exfiltration Over Other Network Medium * T1566 - Phishing * T1053 * T1595.002 - Vulnerability Scanning * T1070 - Indicator Removal on Host * T1127 - Trusted Developer Utilities Proxy Execution * T1059.003 - Windows Command Shell * T1608 * T1583 * T1083 * T1552.002 * T1137 * T1059.003 * T1562.001 - Disable or Modify Tools * T1114.001 - Local Email Collection * T1222 * T1018 - Remote System Discovery * T1133 - External Remote Services * T1124 - System Time Discovery * T1068 * T1106 - Native API * T1199 - Trusted Relationship * T1069 - Permission Groups Discovery * T1585 * T1525 - Implant Internal Image * T1068 - Exploitation for Privilege Escalation * T1187 - Forced Authentication * T1589 * T1497.003 - Time Based Evasion * T1008 - Fallback Channels * T1189 * T1027.010 * T1027 * T1070.004 * T1134 - Access Token Manipulation * T1033 - System Owner/User Discovery * T1053 - Scheduled Task/Job * T1082 * T1071 * T1505.003 * T1036.003 * T1135 - Network Share Discovery * T1055 - Process Injection * T1185 - Man in the Browser * T1021.002 * T1608.001 * T1085 - Rundll32 * T1496 - Resource Hijacking * T1218.010 * T1190 - Exploit Public-Facing Application * T1564.003 * T1573 - Encrypted Channel * T1070.006 * T1110 - Brute Force * T1041 * T1543.003 * T1550 - Use Alternate Authentication Material * T1170 - Mshta * T1503 - Credentials from Web Browsers * T1049 - System Network Connections Discovery * T1030 - Data Transfer Size Limits * T1048.003 * T1552 * T1566 * T1059 - Command and Scripting Interpreter * T1083 - File and Directory Discovery * T1053.005 * T1489 - Service Stop * T1036 * T1014 - Rootkit * T1531 - Account Access Removal * T1530 - Data from Cloud Storage Object * T1047 Close ASSOCIATED MALWARE/SOFTWARE FOR APT32: × * oceanlotus * Denis * Ursnif * apk.phantomlance * LNK * win.soundbite * js.cactustorch * WINDSHIELD * ipconfig * win.ratsnif * win.kerrdown * elf.caja * win.metaljack * KOMPROGO * Net * Cobalt Strike * win.strikesuit_gift * elf.rotajakiro * SOUNDBITE * PHOREAL * win.komprogo * Arp * win.salgorea * Mimikatz * osx.oceanlotus * netsh * win.cobalt_strike * win.unidentified_068 * js.unidentified_001 * win.mimikatz * OSX_OCEANLOTUS.D * win.phoreal * win.cuegoe Close TARGET COUNTRIES FOR APT28: × * Ukraine * UAE * Switzerland * Chile * Canada * Belarus * NATO * South Africa * APEC and OSCE * Jordan * Germany * Armenia * Latvia * Tajikistan * Sweden * Mexico * Mongolia * Thailand * Kazakhstan * Poland * Cyprus * China * Iran * Afghanistan * USA * Bulgaria * Croatia * South Korea * Turkey * Norway * Romania * Saudi Arabia * Italy * Malaysia * Pakistan * Hungary * Uganda * Slovakia * Brazil * Belgium * Australia * Spain * Azerbaijan * India * Japan * Uzbekistan * Iraq * Netherlands * UK * Montenegro * Georgia * France Close RELATED CVES FOR APT28: × * CVE-2021-44515 * CVE-2021-40444 * CVE-2018-0950 * CVE-2023-36884 * CVE-2020-0688 * CVE-2020-1472 * CVE-2022-41352 * CVE-2022-41120 * CVE-2018-8174 * CVE-2021-42321 * CVE-2021-35211 * CVE-2023-32231 * CVE-2022-26138 * CVE-2021-42292 * CVE-2023-38831 * CVE-2021-4034 * CVE-2017-0263 * CVE-2023-23397 * CVE-2021-1675 * CVE-2021-22205 * CVE-2019-10149 * CVE-2020-10189 * CVE-2021-34527 * CVE-2017-0261 * CVE-2023-22527 * CVE-2023-36025 * CVE-2024-3400 * CVE-2021-33764 * CVE-2021-21551 * CVE-2020-17144 * CVE-2022-30190 * CVE-2021-34473 * CVE-2017-11882 * CVE-2023-27992 * CVE-2022-24527 * CVE-2023-5631 * CVE-2022-47966 * CVE-2022-42475 * CVE-2020-35730 * CVE-2021-2307 * CVE-2017-6742 * CVE-2019-16098 Close ATT&CK IDS FOR APT28: × * T1195 - Supply Chain Compromise * T1016 * T1001 * T1213.002 * T1095 - Non-Application Layer Protocol * T1049 * T1140 * T1203 * T1543 * T1137.002 * T1014 * T1202 - Indirect Command Execution * T1110.001 * T1187 * T1091 * T1219 - Remote Access Software * T1046 - Network Service Scanning * T1024 * TA0004 - Privilege Escalation * T1098 * T1090 * T1090.003 * T1564 * T1568 - Dynamic Resolution * T1082 - System Information Discovery * T1132 * T1564.001 * T1119 - Automated Collection * TA0011 - Command and Control * T1114 * T1059 * T1328 * T1530 * T1539 - Steal Web Session Cookie * T1102 * T1567 * T1143 * T1003 * T1566.001 * T1071.001 * T1211 - Exploitation for Defense Evasion * T1566.002 * T1115 * T1070 * T1085 * T1542 * T1527 * T1573.001 * T1129 - Shared Modules * T1055 * T1204.002 * T1003.001 * T1090.002 * T1189 - Drive-by Compromise * T1027 - Obfuscated Files or Information * T1213 * T1204.001 * T1528 * T1105 * T1158 * T1025 * TA0005 - Defense Evasion * T1071 - Application Layer Protocol * T1543 - Create or Modify System Process * T1107 * T1095 * T1562 * T1002 * T1030 * T1583.003 * T1497 * T1105 - Ingress Tool Transfer * T1556 - Modify Authentication Process * T1571 * T1588.002 * T1567 - Exfiltration Over Web Service * T1562 - Impair Defenses * T1110 * T1550.001 * T1190 * T1133 * T1560.001 * T1518 - Software Discovery * T1586.002 * T1559 * T1592 - Gather Victim Host Information * T1583 - Acquire Infrastructure * T1059.001 * T1221 * T1589.001 * T1204 * T1070.001 * T1550 * T1036.005 * T1040 * T1037.001 * T1086 * T1574 - Hijack Execution Flow * T1584 * T1102.002 * T1037 * T1595.002 * T1048 * T1583.002 - DNS Server * T1124 * T1112 - Modify Registry * T1113 * T1547 - Boot or Logon Autostart Execution * T1074.001 * T1584.008 * T1078 * T1090 - Proxy * TA0006 - Credential Access * T1598.003 * T1574 * T1056.001 * T1550.002 * T1497 - Virtualization/Sandbox Evasion * T1136 * T1005 * G0007 * T1583.006 * T1119 * T1106 * T1087 * T1104 * T1505 * T1021 * T1598 - Phishing for Information * T1490 * T1588 * T1569 - System Services * T1555 * T1565 - Data Manipulation * T1547 * T1036 - Masquerading * T1173 * T1027.013 * T1218 * T1114.002 * T1036.004 * T1033 * T1091 - Replication Through Removable Media * T1560 * T1583.001 * T1547.001 * T1193 * T1559.002 * T1212 * T1218.011 * T1176 * T1204 - User Execution * T1003.003 * T1598 * T1056 * TA0003 - Persistence * T1071.003 * T1553 - Subvert Trust Controls * T1057 * T1210 * T1542.003 * T1053 * T1566 - Phishing * T1561 * T1070 - Indicator Removal on Host * T1098.002 * T1608 * T1078.004 * T1583 * T1083 * T1485 * T1127 * T1075 * T1137 * T1059.003 * T1557 * T1595 * T1099 * T1018 - Remote System Discovery * T1068 * T1593 * T1134.001 * T1199 - Trusted Relationship * T1211 * T1609 - Container Administration Command * T1589 * T1573 * T1189 * T1199 * T1498 * T1027 * T1553 * T1134 * T1070.004 * T1111 * T1096 - NTFS File Attributes * T1587 * T1064 * T1588 - Obtain Capabilities * T1082 * T1071 * T1505.003 * T1055 - Process Injection * T1546.015 * T1021.002 * T1001.001 * T1120 * T1190 - Exploit Public-Facing Application * T1564.003 * T1486 * T1045 - Software Packing * T1070.006 * T1573 - Encrypted Channel * T1586 * T1107 - File Deletion * TA0007 - Discovery * T1192 * T1067 * T1041 * T1039 * T1531 * T1529 * T1074 * T1110.003 * T1092 * T1043 * T1552 * T1566 * T1059 - Command and Scripting Interpreter * TA0002 - Execution * T1083 - File and Directory Discovery * T1036 * T1074.002 * T1546 * T1048.002 * T1122 * T1346 Close ASSOCIATED MALWARE/SOFTWARE FOR APT28: × * osx.komplex * Responder * win.unidentified_078 * ngioweb * win.credomap * win.cannon * elf.sshdoor * certutil * CORESHELL * Komplex * Forfiles * win.arguepatch * mirai * win.xagent * elf.xagent * win.xp_privesc * win.oceanmap * win.mocky_lnk * win.sedreco * Cannon * NIDS * LoJax * PDF * win.zebrocy * win.seduploader * Koadic * XTunnel * Fysbis * Ursnif * Winexe * Mimikatz * win.computrace * HIDEDRV * apk.popr-d30 * win.oldbait * win.downdelph * X-Agent for Android * win.xtunnel * jrat * Headlace * win.unidentified_114 * win.gooseegg * ios.xagent * win.koadic * win.graphite * Zebrocy * Downdelph * py.masepie * win.coreshell * Tofsee.T * win.pocodown * OLDBAIT * win.zebrocy_au3 * JHUHUGIT * win.fusiondrive * win.driveocean * win.xtunnel_net * win.lojax * FG!tr.ransom * APT28 * ADVSTORESHELL * XAgentOSX * DealersChoice * win.caddywiper * CHOPSTICK * USBStealer * osx.xagent Close TARGET COUNTRIES FOR DEV-0586: × * Ukraine * Europe, Central Asia and Latin America Close RELATED CVES FOR DEV-0586: × * CVE-2021-27065 * CVE-2021-26855 * CVE-2017-0144 Close ATT&CK IDS FOR DEV-0586: × * T1486 * T1078.003 * T1190 * T1134 Close ASSOCIATED MALWARE/SOFTWARE FOR DEV-0586: × Close Top Ransomware Groups RANSOMED ★ Rank: 1 599k Audience 18 News 0 IOC Target Countries: Bangladesh United Kingdom Norway Austria France + 16 Target Sectors: Other Information Services - Hospitals - Air Transportation - Manufacturing - Construction - Associated Malware/Software: No Malware available. Related CVE's: CVE-2019-1458 CVE-2021-34527 CVE-2018-8174 CVE-2020-0601 ATT&CK IDs: T1486 T1059 T1078 T1071 See Details HUNTERS ★ Rank: 2 545k Audience 21 News 2 IOC Target Countries: Taiwan, Province of China Germany United Kingdom South Africa Canada + 26 Target Sectors: Food Manufacturing - Real Estate - Hospitals - Accommodation - Air Transportation - Associated Malware/Software: Ransomware Related CVE's: No CVE's available. ATT&CK IDs: No Attack IDs See Details RANSOMHUB ★ Rank: 3 270k Audience 8 News 44 IOC Target Countries: Taiwan, Province of China Germany Luxembourg United Kingdom Malaysia + 44 Target Sectors: Food Manufacturing - Real Estate - Hospitals - Accommodation - Manufacturing - Associated Malware/Software: No Malware available. Related CVE's: CVE-2022-26809 CVE-2021-34527 CVE-2021-44228 ATT&CK IDs: T1566.001 T1078 T1562.001 T1486 T1027 See Details AKIRA ★ Rank: 4 269k Audience 3 News 265 IOC Target Countries: Germany Bangladesh United Kingdom South Africa Norway + 34 Target Sectors: Food Manufacturing - Other Information Services - Rail Transportation - Software Publishers - Real Estate - Associated Malware/Software: Netwalker - S0457 Virus:Win32/Alma APT Backdoor:Win32/Aeon win.crimson + 46 Related CVE's: CVE-2023-20269 CVE-2023-27532 CVE-2017-0147 ATT&CK IDs: T1567 - Exfiltration Over Web Service T1047 - Windows Management Instrumentation T1219 - Remote Access Software T1560 - Archive Collected Data T1133 - External Remote Services + 37 See Details TARGET COUNTRIES FOR RANSOMED: × * Bangladesh * United Kingdom * Norway * Austria * France * Bulgaria * Papua New Guinea * Croatia * Brazil * Mexico * Japan * Australia * Singapore * Global * Denmark * Pakistan * Czech Republic * Turkey * United States * Sweden * Russian Federation Close RELATED CVES FOR RANSOMED: × * CVE-2019-1458 * CVE-2021-34527 * CVE-2018-8174 * CVE-2020-0601 Close ATT&CK IDS FOR RANSOMED: × * T1486 * T1059 * T1078 * T1071 Close ASSOCIATED MALWARE/SOFTWARE FOR RANSOMED: × Close TARGET COUNTRIES FOR HUNTERS: × * Taiwan, Province of China * Germany * United Kingdom * South Africa * Canada * Russian Federation * Dominican Republic * Zimbabwe * Bulgaria * Senegal * Brazil * Mexico * Tunisia * Uganda * Italy * Australia * Hong Kong * Hungary * India * Singapore * Global * Namibia * Ireland * Haiti * China * Belgium * Poland * United States * Indonesia * Spain * Korea, Republic of Close RELATED CVES FOR HUNTERS: × Close ATT&CK IDS FOR HUNTERS: × Close ASSOCIATED MALWARE/SOFTWARE FOR HUNTERS: × * Ransomware Close TARGET COUNTRIES FOR RANSOMHUB: × * Taiwan, Province of China * Germany * Luxembourg * United Kingdom * Malaysia * Norway * Canada * Switzerland * France * Sri Lanka * Dominican Republic * New Zealand * Latvia * Italy * Australia * Japan * India * Hungary * Slovakia * Romania * Denmark * Argentina * Netherlands * Jamaica * China * Panama * Sweden * Spain * Oman * South Africa * Chile * Qatar * Guatemala * Philippines * Kuwait * Brazil * Fiji * Timor-Leste * Global * Thailand * El Salvador * Saudi Arabia * United Arab Emirates * Ireland * Colombia * Egypt * Poland * United States * Indonesia Close RELATED CVES FOR RANSOMHUB: × * CVE-2022-26809 * CVE-2021-34527 * CVE-2021-44228 Close ATT&CK IDS FOR RANSOMHUB: × * T1566.001 * T1078 * T1562.001 * T1486 * T1027 Close ASSOCIATED MALWARE/SOFTWARE FOR RANSOMHUB: × Close TARGET COUNTRIES FOR AKIRA: × * Germany * Bangladesh * United Kingdom * South Africa * Norway * Canada * Switzerland * Russian Federation * None * Slovenia * Martinique * Iceland * Nicaragua * Brazil * Tunisia * Italy * Greece * Australia * Japan * India * Hungary * Singapore * Kenya * Global * Georgia * Thailand * Denmark * Argentina * Saudi Arabia * Netherlands * Finland * Czech Republic * Ireland * Poland * Turkey * [object Object] * United States * Sweden * Spain Close RELATED CVES FOR AKIRA: × * CVE-2023-20269 * CVE-2023-27532 * CVE-2017-0147 Close ATT&CK IDS FOR AKIRA: × * T1567 - Exfiltration Over Web Service * T1047 - Windows Management Instrumentation * T1219 - Remote Access Software * T1560 - Archive Collected Data * T1133 - External Remote Services * T1046 - Network Service Scanning * T1552 - Unsecured Credentials * T1021 - Remote Services * T1136 - Create Account * T1068 - Exploitation for Privilege Escalation * T1069 - Permission Groups Discovery * T1040 - Network Sniffing * T1562 - Impair Defenses * T1027 - Obfuscated Files or Information * T1486 - Data Encrypted for Impact * T1071 - Application Layer Protocol * T1110 - Brute Force * T1190 - Exploit Public-Facing Application * T1041 - Exfiltration Over C2 Channel * T1485 - Data Destruction * T1083 - File and Directory Discovery * T1087 - Account Discovery * T1490 - Inhibit System Recovery * T1070 - Indicator Removal on Host * T1140 - Deobfuscate/Decode Files or Information * T1059 - Command and Scripting Interpreter * T1573 - Encrypted Channel * T1105 - Ingress Tool Transfer * T1018 - Remote System Discovery * T1011 - Exfiltration Over Other Network Medium * T1543 - Create or Modify System Process * T1570 - Lateral Tool Transfer * T1003 - OS Credential Dumping * T1546 - Event Triggered Execution * T1048 - Exfiltration Over Alternative Protocol * T1082 - System Information Discovery * T1569 - System Services * T1547 - Boot or Logon Autostart Execution * T1078 - Valid Accounts * T1112 - Modify Registry * T1471 - Data Encrypted for Impact * T1132.001 - Standard Encoding Close ASSOCIATED MALWARE/SOFTWARE FOR AKIRA: × * Netwalker - S0457 * Virus:Win32/Alma * APT * Backdoor:Win32/Aeon * win.crimson * Alpha Ransomware * win.orcus_rat * jar.jrat * Ransom:Win32/Nemty * win.afrodita * #Hacktool:MSIL/Hawkeyelogger * Ransom:Win32/Phobos * Worm:Win32/Netsky * Dharma Ransomware * win.cobalt_strike * elf.glupteba_proxy * elf.conti * osx.amos * AMOS macOS * Revenge RAT - S0379 * TEL:Trojan:Win32/Emotet * Remcos - S0332 * TEL:TrojanSpy:MSIL/AgentTesla * Azorult - S0344 * win.alina_pos * Embarcadero Delphi * Maze - S0449 * Trojan:Win32/Pitou * Virus:Win32/Aldebaran * Virus:DOS/Abbas * NetSupportManagerRAT * Dridex - S0384 * Virus:DOS/Alabama * FakeSG * win.tofsee * win.formbook * Hancitor - S0499 * win.raccoon * win.pony * Trojan:DOS/ABCD * Virus:DOS/Acid * win.zloader * ALFA Ransomware * Joke:Win32/Amigo * Adonis * ALF:HeraklezEval:HackTool:Win32/PwCrack * Ryuk ransomware * Akira * Trojan:Win32/Aleph * win.vidar * TrickBot - S0266 Close Discover the adversaries targeting your industry Search Your Enemy Trusted by world's leading organizations -------------------------------------------------------------------------------- Copyright © 2023 SOCRadar Cyber Intelligence Inc. All rights reserved. -->