Malware:
ABCD ransomware, Agenda, AgendaCrypt, AK47 Ransomware, AKO Doxware, Babuk, BabyLockerKZ, BARADAI, Baxtoy, BEACON, Black Basta, buildx641, CatB, CatB99, Cobalt Strike, Conti, Coroxy, DragonForce, DroxiDat, GentleKiller, Gentlemen, Havoc, HavocKiller, HexKiller, HwAudKiller, Hyflock, LARVA-368, LockBit, LockBit 2.0, LockBit 3.0, LockBit Black, LockBit Red, LOCKBIT.WARLOCK, Lumma, LummaC2, Lumma Stealer, Medusa, MedusaLocker, Medusa Reborn, Mimikatz, Ninthbee, no_name_software, OxideHarvest, Phemedrone, Phemedrone Stealer, PoisonX, Prey, Qilin, RedLine, REvil, Rhysida, Sodinokibi, Storm-2697, SystemBC, The Gentlemen, ThrottleBlood, ThrottleStop.sys, TridentLocker, Vidar, Warlock, X2ANYLOCK
CVEs:
CVE-2020-1472, CVE-2021-36942, CVE-2021-44228, CVE-2022-42045, CVE-2023-27532, CVE-2023-42789, CVE-2023-48788, CVE-2024-37085, CVE-2024-55591, CVE-2025-26125, CVE-2025-32433, CVE-2025-33073, CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, CVE-2025-53771, CVE-2025-55182, CVE-2025-59718, CVE-2025-59719, CVE-2025-7771, CVE-2026-8863
Technologies:
Acer, Acronis Cyber Protect, AMD Processors, ASUS, Baidu Antivirus, Bitdefender, BSD, Cisco, Cisco IOS, Cisco VPN, CrowdStrike, ECS, Erlang/OTP, ESET Endpoint Security, Fortinet FortiClientEMS, Fortinet FortiGate, Fortinet FortiOS, Fortinet FortiProxy, Getac, GIGABYTE, Gladinet CentreStack, Google Chrome, Hikvision IP Camera, Huawei, IObit Malware Fighter, Iperius Backup, Ivanti, Kaspersky, Kaspersky Endpoint Security, Linux, McAfee, Microsoft 365, Microsoft Defender Antivirus, Microsoft Entra ID, Microsoft Exchange Server, Microsoft Hyper-V, Microsoft Internet Information Services, Microsoft Outlook on the web, Microsoft SharePoint, Microsoft SQL Server, Microsoft Windows, Microsoft Windows Active Directory, Microsoft Windows Server, Mozilla Gecko, Okta, Oracle Database, Oracle MySQL, Palo Alto Networks, PostgreSQL, Qihoo 360, SAP ABAP, SentinelOne, SimpleHelp, SmarterTools SmarterMail, SolarWinds Web Help Desk, SonicWall, Sophos, Sophos Intercept X, TeamViewer, ThrottleStop, Trellix, Trend Micro, UEFI, Uniwill, Veeam Backup & Replication, Veritas Backup Exec, VMware, VMware ESXi
Threat Actors:
Agenda, Akira, ArmCorp, Babuk, BlackBasta, CatB, Conti, Devman, DragonForce, Embargo, Gentlemen, GoldRebellion, GOLDSALEM, Hastalamuerte, LockBit, Medusa, MedusaRansomware, Ninthbee, PestilentMantis, PhantomMantis, PrimevalMantis, Qilin, RansomHub, RedLineCyber, REvil, Rhysida, STAC5143, Storm0506, Storm0826, Storm1567, Storm-2603, Storm-2697, Storm2697, Ta2101, TenaciousMantis, Thegentlemen, Unc3973, Unc4393, VenomousMantis, Warlock, WIZARDSPIDER, Zeta88
Attacker Countries:
China, Malaysia, Russia
Attacker IPs:
176[.]120[.]22[.]127, 193[.]228[.]128[.]2, 209[.]15[.]71[.]121, 45[.]155[.]141[.]219, 77[.]246[.]103[.]110, 88[.]130[.]150[.]101, 91[.]92[.]242[.]30
Attacker Emails:
bu4vs@mail[.]ru, hastalamuerte1488@protonmail[.]com
Attacker Domains:
app-distribution[.]net, bestflowers247[.]online, exploit[.]in, mail[.]ru, protonmail[.]com, put[.]io, userstorage[.]mega[.]co[.]nz, velvet-parret[.]com
Attacker URLs:
0x0[.]st, temp[.]sh, vast[.]ai
Attacker Hashes:
078163d5c16f64caa5a14784323fd51451b8c831c73396b967b4e35e6879937b, 12500f6c87ce62712a0ed6652c57468d15c14223, 1fa071303fb846308571e64727501fb98b1c2be6, 22b38dad7da097ea03aa28d0614164cd25fafeb1383dbc15047e34c8050f6f67, 2f86898528c6cab3540c486a9bfaa0c029b73950, 331879f5eec8892bbd896f90bdbb1bad0bf63bd6, 56bee9df5833a637f5c54d5911df98b0812fe643, 5aa3124e5c4921e5edfc60133b5d71da21b07da3, 68fec379f2ae76c3d2ce913f7be650cea1d06990, 711ef221526997039e804a18db9647c91680bbe2, 7131b377e96016dc1911020c9f95b1b4d042d7b4, 7556ae58c215b8245a43f764f0676c7a8f0fdd1a, 82ed942a52cdcf120a8919730e00ba37619661a3, 8ae6bd18b129061f63642531f1b684cf0383c75d, 96f0dbf52aed0afd43e44500116b04b674f7358e, 9ad51ad97c01e97ab59214116740785e0f6320a8, a11ee9cdc59e5caa59aefd27b30d104f3ad68e62, a19117175dbc9ba4d23b5dce8415e299a2e32192, a5cf917ec4a7dfbdfa43621398604805d860c718, b0b912a3fd1c05d72080848ec4c92880004021a1, ba914fe77b177b45799403b16dd14765c510a074, c0979ec20b87084317d1bfa50405f7149c3b5c5f, cf4d74df17a91b4a36a2911b22afec5d8fa93a01, d29670e684e40ddc89b47010c37cbc96737035b6, d4b19141102015d436321e6f26976e98183cfd27, d605994fc72a2bb59b5cfb1624a1b9170eca73a2, da8de7257c6897d2220cdf9d4755b15aeb38715807e3665716d2ee761c266fdb, ec296f9501ad71e430810cb5cdc38d954d4ba536, ef9cd06683159397f099caa244e94e6eaad96eba, f0537cbb773ae12100b36731e7c39f5a9d852b14, f11aebccb9a86a7e2e653f90baec697f233c255f, fe1033335a045c696c900d435119d210361966e2fb5cd1ba3382608cfa2c8e68
Victim Industries:
Aerospace, Agriculture, Business Services, Cloud Infrastructure, Construction, Consumer Services, Education, Energy, Financial, Financials, Financial Services, Government, Healthcare, Health Care Technology, Holding Companies & Conglomerates, Hospitality, Hospitals & Physicians Clinics, Information Security, Information Technology, Insurance, Legal Services, Manufacturing, Media & Publishing, Multimedia, Professional Services, Public Administration, Real Estate, Retail, Semiconductors, Software, Technology Hardware, Telecommunications, Transportation, Utilities
Victim Countries:
Australia, Brazil, China, Colombia, Croatia, Czech Republic, Denmark, Egypt, France, Germany, India, Indonesia, Iraq, Ireland, Italy, Japan, Mauritius, Mexico, New Zealand, Norway, Palau, Peru, Philippines, Poland, Portugal, Romania, Russia, Saudi Arabia, Singapore, Spain, Taiwan, Thailand, Turkey, United Kingdom, United States, Vietnam
Post navigation