| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Proofpoint researchers detected campaigns from a relatively new actor, tracked internally as TA2101, targeting German companies and organizations to deliver and install backdoor malware. The actor initiated their campaigns impersonating the Bundeszentralamt fur Steuern, the German Federal Ministry of Finance, with lookalike domains, verbiage, and stolen branding in the emails. For their campaigns in Germany, the actor chose Cobalt Strike, a commercially licensed software tool that is generally used for penetration testing and emulates the type of backdoor framework used by Metasploit, a similar penetration testing tool. Proofpoint researchers have also observed this actor distributing Maze ransomware, employing similar social engineering techniques to those it uses for Cobalt Strike, while also targeting organizations in Italy and impersonating the Agenzia Delle Entrate, the Italian Revenue Agency. We have also recently observed the actor targeting organizations in the United States using the IcedID banking Trojan while impersonating the United States Postal Service (USPS).
| 2025-04-08
⋅
Trustwave
⋅
A deep Dive into the Leaked Black Basta Chat Logs Black Basta Black Basta |
| 2025-04-02
⋅
Intel 471
⋅
An in-depth look at Black Basta's TTPs Black Basta Black Basta |
| 2025-04-02
⋅
ANALYST1
⋅
Inside BlackBasta: Actor Profiles, Extortion Tactics & Finances Black Basta Black Basta |
| 2025-03-18
⋅
Trellix
⋅
Analysis of Black Basta Ransomware Chat Leaks Black Basta Black Basta |
| 2025-03-18
⋅
Expel
⋅
Code-signing certificate abuse in the Black Basta chat leaks (and how to fight back) Black Basta Black Basta |
| 2025-03-17
⋅
Cloudflare
⋅
Black Basta’s blunder: exploiting the gang’s leaked chats Black Basta Black Basta |
| 2025-03-13
⋅
EclecticIQ
⋅
Inside BRUTED: Black Basta (RaaS) Members Used Automated Brute Forcing Framework to Target Edge Network Devices Black Basta |
| 2025-03-12
⋅
Youtube (AhmedS Kasmani)
⋅
Initial Analysis of Black Basta Chat Leaks Black Basta Black Basta |
| 2025-03-12
⋅
YouTube (John Hammond)
⋅
LEAKED Russian Hackers Internal Chats Black Basta Black Basta |
| 2025-03-10
⋅
LevelBlue
⋅
Prevent, Detect, Contain: LevelBlue MDR’s Guide Against Black Basta Affiliates’ Attacks Black Basta Black Basta ReedBed |
| 2025-03-06
⋅
flare
⋅
Deciphering Black Basta’s Infrastructure from the Chat Leak Black Basta Black Basta |
| 2025-03-05
⋅
eSentire
⋅
Initial Takeaways from the Black Basta Chat Leaks Black Basta Black Basta |
| 2025-03-04
⋅
Medium (A-poc)
⋅
Black Basta Leak Analysis Black Basta Black Basta |
| 2025-03-03
⋅
Trend Micro
⋅
Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal Black Basta Black Basta Cactus ReedBed |
| 2025-03-02
⋅
ropgadget.com
⋅
Pivoting on Black Basta's (leaked) Infrastructure Black Basta Black Basta |
| 2025-03-01
⋅
⋅
LeMagIT
⋅
Ransomware : de REvil à Black Basta, que sait-on de Tramp ? Black Basta Black Basta |
| 2025-02-28
⋅
Intel 471
⋅
Black Basta exposed: A look at a cybercrime data leak Black Basta Black Basta |
| 2025-02-28
⋅
Medium walmartglobaltech
⋅
Agent AI, Basta Parser Extraordinaire Black Basta Black Basta |
| 2025-02-27
⋅
BushidoToken
⋅
BlackBasta Leaks: Lessons from the Ascension Health attack Black Basta |
| 2025-02-26
⋅
Ontinue
⋅
Inside BlackBasta: What Leaked Conversations Reveal About Their Ransomware Operations Black Basta Black Basta |
| 2025-02-22
⋅
CrowdStrike
⋅
Wandering Spider Black Basta Black Basta GOLD REBELLION |
| 2025-01-31
⋅
ConnectWise
⋅
Attackers Leveraging Microsoft Teams Defaults and Quick Assist for Social Engineering Attacks Black Basta Black Basta ReedBed |
| 2025-01-30
⋅
eSentire
⋅
Ongoing Email Bombing Campaigns leading to Remote Access and Post-Exploitation Black Basta ReedBed UNC4393 |
| 2024-12-04
⋅
Rapid7
⋅
Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware Black Basta Cobalt Strike DarkGate SystemBC Zloader |
| 2024-11-09
⋅
Youtube (Microsoft Security Response Center (MSRC))
⋅
BlueHat 2024: S17: MSTIC - A Threat Intelligence Year in Review Storm-0506 TA2101 |
| 2024-10-25
⋅
Reliaquest
⋅
ReliaQuest Uncovers New Black Basta Social Engineering Technique Black Basta |
| 2024-08-12
⋅
Rapid7
⋅
Ongoing Social Engineering Campaign Refreshes Payloads Black Basta Cobalt Strike GhostSocks Lumma Stealer SystemBC |
| 2024-07-29
⋅
Microsoft
⋅
Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption Black Basta Black Basta Storm-0506 |
| 2024-07-29
⋅
Mandiant
⋅
UNC4393 Goes Gently into the SILENTNIGHT Black Basta QakBot sRDI SystemBC Zloader UNC3973 UNC4393 |
| 2024-06-12
⋅
Symantec
⋅
Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day Black Basta |
| 2024-06-12
⋅
Symantec
⋅
Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day Black Basta UNC4393 |
| 2024-05-15
⋅
Stairwell
⋅
Stairwell threat report: Black Basta overview and detection rules Black Basta Black Basta |
| 2024-05-15
⋅
Microsoft
⋅
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware Black Basta Cobalt Strike QakBot UNC4393 |
| 2024-05-15
⋅
Microsoft
⋅
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware Black Basta Cobalt Strike QakBot SystemBC |
| 2024-05-10
⋅
CISA
⋅
AA24-131A: #StopRansomware: Black Basta Black Basta Black Basta |
| 2024-05-10
⋅
Rapid7 Labs
⋅
Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators Black Basta Black Basta Cobalt Strike NetSupportManager RAT |
| 2024-05-01
⋅
Natto Thoughts
⋅
Ransom-War: Russian Extortion Operations as Hybrid Warfare, Part One Clop Conti Maze TrickBot |
| 2024-02-28
⋅
Security Intelligence
⋅
X-Force data reveals top spam trends, campaigns and senior superlatives in 2023 404 Keylogger Agent Tesla Black Basta DarkGate Formbook IcedID Loki Password Stealer (PWS) Pikabot QakBot Remcos |
| 2024-02-15
⋅
Bleeping Computer
⋅
Zeus, IcedID malware gangs leader pleads guilty, faces 40 years in prison Egregor IcedID Maze Zeus |
| 2024-02-15
⋅
Department of Justice
⋅
Foreign National Pleads Guilty to Role in Cybercrime Schemes Involving Tens of Millions of Dollars in Losses Egregor IcedID Maze Zeus |
| 2023-12-01
⋅
Twitter (@MsftSecIntel)
⋅
Tweet about Storm-1044 and Storm-0216, Danabot leading to Cactus ransomware Cactus DanaBot TA2101 |
| 2023-11-16
⋅
YouTube (Swiss Cyber Storm)
⋅
Resilience Rising: Countering the Threat Actors Behind Black Basta Ransomware Black Basta |
| 2023-06-27
⋅
SecurityIntelligence
⋅
The Trickbot/Conti Crypters: Where Are They Now? Black Basta Conti Mount Locker PhotoLoader Royal Ransom SystemBC TrickBot |
| 2023-04-19
⋅
Bleeping Computer
⋅
March 2023 broke ransomware attack records with 459 incidents Clop WhiteRabbit BianLian Black Basta BlackCat LockBit MedusaLocker PLAY Royal Ransom |
| 2023-04-18
⋅
Mandiant
⋅
M-Trends 2023 QUIETEXIT AppleJeus Black Basta BlackCat CaddyWiper Cobalt Strike Dharma HermeticWiper Hive INDUSTROYER2 Ladon LockBit Meterpreter PartyTicket PlugX QakBot REvil Royal Ransom SystemBC WhisperGate |
| 2023-03-30
⋅
United States District Court (Eastern District of New York)
⋅
Cracked Cobalt Strike (1:23-cv-02447) Black Basta BlackCat LockBit RagnarLocker LockBit Black Basta BlackCat Cobalt Strike Cuba Emotet LockBit Mount Locker PLAY QakBot RagnarLocker Royal Ransom Zloader |
| 2023-03-20
⋅
PWC
⋅
Cyber Threats 2022: A Year in Retrospect Black Basta Black Basta Earth Lusca GOLD REBELLION |
| 2023-03-15
⋅
Reliaquest
⋅
QBot: Laying the Foundations for Black Basta Ransomware Activity Black Basta QakBot |
| 2023-01-30
⋅
Checkpoint
⋅
Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted Malware Agent Tesla Azorult Buer Cerber Cobalt Strike Emotet Formbook HawkEye Keylogger Loki Password Stealer (PWS) Maze NetWire RC Remcos REvil TrickBot |
| 2023-01-25
⋅
Quadrant Information Security
⋅
Technical Analysis: Black Basta Malware Overview Black Basta Black Basta |
| 2023-01-23
⋅
Kroll
⋅
Black Basta – Technical Analysis Black Basta Cobalt Strike MimiKatz QakBot SystemBC |
| 2022-12-01
⋅
Zscaler
⋅
Back in Black... Basta - Technical Analysis of BlackBasta Ransomware 2.0 Black Basta |
| 2022-11-23
⋅
Cybereason
⋅
THREAT ALERT: Aggressive Qakbot Campaign and the Black Basta Ransomware Group Targeting U.S. Companies Black Basta QakBot |
| 2022-11-03
⋅
SentinelOne
⋅
Black Basta Ransomware | Attacks deploy Custom EDR Evasion Tools tied to FIN7 Threat Actor Black Basta QakBot SocksBot |
| 2022-11-03
⋅
Sentinel LABS
⋅
Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor Black Basta |
| 2022-10-12
⋅
Trend Micro
⋅
Black Basta Ransomware Gang Infiltrates Networks via QAKBOT, Brute Ratel, and Cobalt Strike Black Basta Brute Ratel C4 Cobalt Strike QakBot |
| 2022-09-08
⋅
Sentinel LABS
⋅
Crimeware Trends | Ransomware Developers Turn to Intermittent Encryption to Evade Detection AgendaCrypt Black Basta BlackCat PLAY |
| 2022-09-01
⋅
Trend Micro
⋅
Ransomware Spotlight Black Basta Black Basta Cobalt Strike MimiKatz QakBot |
| 2022-08-25
⋅
Palo Alto Networks Unit 42
⋅
Threat Assessment: Black Basta Ransomware Black Basta |
| 2022-08-25
⋅
Palo Alto Networks Unit 42
⋅
Threat Assessment: Black Basta Ransomware Black Basta QakBot |
| 2022-08-22
⋅
Microsoft
⋅
Extortion Economics - Ransomware’s new business model BlackCat Conti Hive REvil AgendaCrypt Black Basta BlackCat Brute Ratel C4 Cobalt Strike Conti Hive Mount Locker Nokoyawa Ransomware REvil Ryuk |
| 2022-08-15
⋅
SecurityScorecard
⋅
A Deep Dive Into Black Basta Ransomware Black Basta |
| 2022-08-15
⋅
SecurityScorecard
⋅
A Deep Dive Into Black Basta Ransomware Black Basta |
| 2022-07-20
⋅
Kaspersky
⋅
Luna and Black Basta — new ransomware for Windows, Linux and ESXi Black Basta Conti |
| 2022-06-30
⋅
Trend Micro
⋅
Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit Black Basta Cobalt Strike QakBot |
| 2022-06-28
⋅
GBHackers on Security
⋅
Black Basta Ransomware Emerging From Underground to Attack Corporate Networks Black Basta |
| 2022-06-06
⋅
NCC Group
⋅
Shining the Light on Black Basta Black Basta |
| 2022-06-01
⋅
Avertium
⋅
An In-Depth Look At Black Basta Ransomware Black Basta |
| 2022-05-26
⋅
IBM
⋅
Black Basta Besting Your Network? Black Basta |
| 2022-05-20
⋅
AdvIntel
⋅
DisCONTInued: The End of Conti’s Brand Marks New Chapter For Cybercrime Landscape AvosLocker Black Basta BlackByte BlackCat Conti HelloKitty Hive |
| 2022-05-09
⋅
Microsoft
⋅
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker BRONZE STARLIGHT |
| 2022-05-09
⋅
Trend Micro
⋅
Examining the Black Basta Ransomware’s Infection Routine Black Basta |
| 2022-05-05
⋅
Intel 471
⋅
Cybercrime loves company: Conti cooperated with other ransomware gangs LockBit Maze RagnarLocker Ryuk |
| 2022-04-29
⋅
The Record
⋅
German wind farm operator confirms cybersecurity incident Black Basta BlackCat |
| 2022-04-27
⋅
BleepingComputer
⋅
New Black Basta ransomware springs into action with a dozen breaches Black Basta |
| 2022-04-26
⋅
Bleeping Computer
⋅
American Dental Association hit by new Black Basta ransomware Black Basta |
| 2022-03-31
⋅
Trellix
⋅
Conti Leaks: Examining the Panama Papers of Ransomware LockBit Amadey Buer Conti IcedID LockBit Mailto Maze PhotoLoader Ryuk TrickBot |
| 2022-03-23
⋅
splunk
⋅
Gone in 52 Seconds…and 42 Minutes: A Comparative Analysis of Ransomware Encryption Speed Avaddon Babuk BlackMatter Conti DarkSide LockBit Maze Mespinoza REvil Ryuk |
| 2022-03-17
⋅
Sophos
⋅
The Ransomware Threat Intelligence Center ATOMSILO Avaddon AvosLocker BlackKingdom Ransomware BlackMatter Conti Cring DarkSide dearcry Dharma Egregor Entropy Epsilon Red Gandcrab Karma LockBit LockFile Mailto Maze Nefilim RagnarLocker Ragnarok REvil RobinHood Ryuk SamSam Snatch WannaCryptor WastedLocker |
| 2022-02-23
⋅
splunk
⋅
An Empirically Comparative Analysis of Ransomware Binaries Avaddon Babuk BlackMatter Conti DarkSide LockBit Maze Mespinoza REvil Ryuk |
| 2022-02-09
⋅
Security Affairs
⋅
Master decryption keys for Maze, Egregor, and Sekhmet ransomware leaked online Egregor m0yv Maze Sekhmet |
| 2022-02-09
⋅
Bleeping Computer
⋅
Ransomware dev releases Egregor, Maze master decryption keys Egregor Maze Sekhmet |
| 2021-11-03
⋅
CERT-FR
⋅
Identification of a new cybercriminal group: Lockean DoppelPaymer Egregor Maze PwndLocker REvil |
| 2021-10-26
⋅
Identification of a new cyber criminal group: Lockean Cobalt Strike DoppelPaymer Egregor Maze PwndLocker QakBot REvil |
| 2021-09-06
⋅
cocomelonc
⋅
AV engines evasion for C++ simple malware: part 2 Agent Tesla Amadey Anchor AnchorMTea Carbanak Carberp Cardinal RAT Felixroot Konni Loki Password Stealer (PWS) Maze |
| 2021-08-15
⋅
Symantec
⋅
The Ransomware Threat Babuk BlackMatter DarkSide Avaddon Babuk BADHATCH BazarBackdoor BlackMatter Clop Cobalt Strike Conti DarkSide DoppelPaymer Egregor Emotet FiveHands FriedEx Hades IcedID LockBit Maze MegaCortex MimiKatz QakBot RagnarLocker REvil Ryuk TrickBot WastedLocker |
| 2021-08-10
⋅
Bleeping Computer
⋅
Crytek confirms Egregor ransomware attack, customer data theft Egregor Maze |
| 2021-08-05
⋅
KrebsOnSecurity
⋅
Ransomware Gangs and the Name Game Distraction DarkSide RansomEXX Babuk Cerber Conti DarkSide DoppelPaymer Egregor FriedEx Gandcrab Hermes Maze RansomEXX REvil Ryuk Sekhmet |
| 2021-07-09
⋅
The Record
⋅
Ransomwhere project wants to create a database of past ransomware payments Egregor Mailto Maze REvil |
| 2021-07-01
⋅
DomainTools
⋅
The Most Prolific Ransomware Families: A Defenders Guide REvil Conti Egregor Maze REvil |
| 2021-06-16
⋅
Proofpoint
⋅
The First Step: Initial Access Leads to Ransomware BazarBackdoor Egregor IcedID Maze QakBot REvil Ryuk TrickBot WastedLocker TA570 TA575 TA577 |
| 2021-05-18
⋅
The Record
⋅
Darkside gang estimated to have made over $90 million from ransomware attacks DarkSide DarkSide Mailto Maze REvil Ryuk |
| 2021-05-18
⋅
Bleeping Computer
⋅
DarkSide ransomware made $90 million in just nine months DarkSide DarkSide Egregor Gandcrab Mailto Maze REvil Ryuk |
| 2021-05-10
⋅
DarkTracer
⋅
Intelligence Report on Ransomware Gangs on the DarkWeb: List of victim organizations attacked by ransomware gangs released on the DarkWeb RansomEXX Avaddon Babuk Clop Conti Cuba DarkSide DoppelPaymer Egregor Hades LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker Nefilim Nemty Pay2Key PwndLocker RagnarLocker Ragnarok RansomEXX REvil Sekhmet SunCrypt ThunderX |
| 2021-05-07
⋅
Bleeping Computer
⋅
Data leak marketplaces aim to take over the extortion economy Babuk Maze |
| 2021-05-06
⋅
Cyborg Security
⋅
Ransomware: Hunting for Inhibiting System Backup or Recovery Avaddon Conti DarkSide LockBit Mailto Maze Mespinoza Nemty PwndLocker RagnarLocker RansomEXX REvil Ryuk Snatch ThunderX |
| 2021-04-27
⋅
CrowdStrike
⋅
Ransomware Preparedness: A Call to Action Dharma GlobeImposter Maze Phobos CIRCUS SPIDER TRAVELING SPIDER |
| 2021-04-07
⋅
ANALYST1
⋅
Ransom Mafia - Analysis of the World's First Ransomware Cartel Conti Egregor LockBit Maze RagnarLocker SunCrypt VIKING SPIDER |
| 2021-04-07
⋅
ANALYST1
⋅
Ransom Mafia Analysis of the World's First Ransomware Cartel Conti Egregor LockBit Maze RagnarLocker Ryuk SunCrypt TA2101 VIKING SPIDER |
| 2021-03-17
⋅
Palo Alto Networks Unit 42
⋅
Ransomware Threat Report 2021 RansomEXX Dharma DoppelPaymer Gandcrab Mailto Maze Phobos RansomEXX REvil Ryuk WastedLocker |
| 2021-03-02
⋅
CERT-FR
⋅
The Egregor Ransomware Egregor Maze Sekhmet |
| 2021-03-01
⋅
Group-IB
⋅
Ransomware Uncovered 2020/2021 RansomEXX BazarBackdoor Buer Clop Conti DoppelPaymer Dridex Egregor IcedID Maze PwndLocker QakBot RansomEXX REvil Ryuk SDBbot TrickBot Zloader |
| 2021-02-28
⋅
PWC UK
⋅
Cyber Threats 2020: A Year in Retrospect elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team |
| 2021-02-25
⋅
Mandiant
⋅
So Unchill: Melting UNC2198 ICEDID to Ransomware Operations IcedID TA2101 |
| 2021-02-25
⋅
FireEye
⋅
So Unchill: Melting UNC2198 ICEDID to Ransomware Operations MOUSEISLAND Cobalt Strike Egregor IcedID Maze SystemBC |
| 2021-02-23
⋅
CrowdStrike
⋅
2021 Global Threat Report RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER |
| 2021-02-11
⋅
CTI LEAGUE
⋅
CTIL Darknet Report – 2021 Conti Mailto Maze REvil Ryuk |
| 2021-02-04
⋅
Chainanalysis
⋅
Blockchain Analysis Shows Connections Between Four of 2020’s Biggest Ransomware Strains DoppelPaymer Egregor Maze SunCrypt |
| 2021-01-01
⋅
Secureworks
⋅
Threat Profile: GOLD VILLAGE Maze TA2101 |
| 2021-01-01
⋅
Talos
⋅
Evicting Maze Cobalt Strike Maze |
| 2020-12-16
⋅
Accenture
⋅
Tracking and combatting an evolving danger: Ransomware extortion DarkSide Egregor Maze Nefilim RagnarLocker REvil Ryuk SunCrypt |
| 2020-12-14
⋅
Medium Killbit
⋅
Applying the Diamond Model to Cognizant (MSP) vs. Maze Ransomware Maze |
| 2020-12-10
⋅
US-CERT
⋅
Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim REvil Ryuk Zeus |
| 2020-12-09
⋅
Cisco
⋅
Quarterly Report: Incident Response trends from Fall 2020 Cobalt Strike IcedID Maze RansomEXX Ryuk |
| 2020-12-08
⋅
Sophos
⋅
Egregor ransomware: Maze’s heir apparent Egregor Maze |
| 2020-12-07
⋅
Minerva Labs
⋅
Egregor Ransomware - An In-Depth Analysis Egregor Maze Sekhmet |
| 2020-12-01
⋅
Trend Micro
⋅
The Impact of Modern Ransomware on Manufacturing Networks Maze Petya REvil |
| 2020-11-18
⋅
KELA
⋅
Zooming into Darknet Threats Targeting Japanese Organizations Conti DoppelPaymer Egregor LockBit Maze REvil Snake |
| 2020-11-16
⋅
Intel 471
⋅
Ransomware-as-a-service: The pandemic within a pandemic Avaddon Clop Conti DoppelPaymer Egregor Hakbit Mailto Maze Mespinoza RagnarLocker REvil Ryuk SunCrypt ThunderX |
| 2020-11-11
⋅
Kaspersky Labs
⋅
Targeted ransomware: it’s not just about encrypting your data! Part 1 - “Old and New Friends” Egregor Maze RagnarLocker |
| 2020-11-06
⋅
Telsy
⋅
Malware Analysis Report: Trying not to walk in the dark woods. A way out of the Maze Maze |
| 2020-10-29
⋅
Bleeping Computer
⋅
Maze ransomware is shutting down its cybercrime operation Egregor Maze |
| 2020-10-28
⋅
Bitdefender
⋅
A Decade of WMI Abuse – an Overview of Techniques in Modern Malware sLoad Emotet Maze |
| 2020-10-26
⋅
Checkpoint
⋅
Exploit Developer Spotlight: The Story of PlayBit Dyre Maze PyLocky Ramnit REvil |
| 2020-10-23
⋅
Hornetsecurity
⋅
Leakware-Ransomware-Hybrid Attacks Avaddon Clop Conti DarkSide DoppelPaymer Mailto Maze Mespinoza Nefilim RagnarLocker REvil Sekhmet SunCrypt |
| 2020-10-21
⋅
Kaspersky Labs
⋅
Life of Maze ransomware Maze |
| 2020-10-06
⋅
CrowdStrike
⋅
Double Trouble: Ransomware with Data Leak Extortion, Part 2 Maze MedusaLocker REvil VIKING SPIDER |
| 2020-10-01
⋅
KELA
⋅
To Attack or Not to Attack: Targeting the Healthcare Sector in the Underground Ecosystem Conti DoppelPaymer Mailto Maze REvil Ryuk SunCrypt |
| 2020-09-29
⋅
Microsoft
⋅
Microsoft Digital Defense Report Emotet IcedID Mailto Maze QakBot REvil RobinHood TrickBot |
| 2020-09-25
⋅
StateScoop
⋅
Baltimore ransomware attack was early attempt at data extortion, new report shows Maze RobinHood OUTLAW SPIDER |
| 2020-09-25
⋅
CrowdStrike
⋅
Double Trouble: Ransomware with Data Leak Extortion, Part 1 DoppelPaymer FriedEx LockBit Maze MedusaLocker RagnarLocker REvil RobinHood SamSam WastedLocker MIMIC SPIDER PIZZO SPIDER TA2101 VIKING SPIDER |
| 2020-09-24
⋅
CrowdStrike
⋅
Double Trouble: Ransomware with Data Leak Extortion, Part 1 DoppelPaymer Gandcrab LockBit Maze MedusaLocker RagnarLocker SamSam OUTLAW SPIDER OVERLORD SPIDER |
| 2020-09-22
⋅
Sophos SecOps
⋅
MTR Casebook: Blocking a $15 million Maze ransomware attack Maze |
| 2020-09-17
⋅
SophosLabs Uncut
⋅
Maze attackers adopt Ragnar Locker virtual machine technique Maze |
| 2020-09-17
⋅
Bleeping Computer
⋅
Maze ransomware now encrypts via virtual machines to evade detection Maze |
| 2020-09-01
⋅
Cisco Talos
⋅
Quarterly Report: Incident Response trends in Summer 2020 Cobalt Strike LockBit Mailto Maze Ryuk |
| 2020-08-25
⋅
KELA
⋅
How Ransomware Gangs Find New Monetization Schemes and Evolve in Marketing Avaddon Clop DarkSide DoppelPaymer Mailto Maze MedusaLocker Mespinoza Nefilim RagnarLocker REvil Sekhmet |
| 2020-08-20
⋅
sensecy
⋅
Global Ransomware Attacks in 2020: The Top 4 Vulnerabilities Clop Maze REvil Ryuk |
| 2020-08-13
⋅
SentinelOne
⋅
Case Study: Catching a Human-Operated Maze Ransomware Attack In Action Maze |
| 2020-08-04
⋅
ZDNet
⋅
Ransomware gang publishes tens of GBs of internal data from LG and Xerox Maze |
| 2020-08-01
⋅
Temple University
⋅
Critical Infrastructure Ransomware Attacks CryptoLocker Cryptowall DoppelPaymer FriedEx Mailto Maze REvil Ryuk SamSam WannaCryptor |
| 2020-07-29
⋅
ESET Research
⋅
THREAT REPORT Q2 2020 DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos PlugX Pony REvil Socelars STOP Tinba TrickBot WannaCryptor |
| 2020-07-22
⋅
SentinelOne
⋅
Enter the Maze: Demystifying an Affiliate Involved in Maze (SNOW) ISFB Maze TrickBot Zloader |
| 2020-07-15
⋅
Mandiant
⋅
Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families Clop DoppelPaymer LockerGoga Maze MegaCortex Nefilim Snake |
| 2020-06-18
⋅
Quick Heal
⋅
Maze ransomware continues to be a threat to the consumers Maze |
| 2020-06-17
⋅
Cognizant
⋅
Notice of Data Breach Maze |
| 2020-06-16
⋅
BleepingComputer
⋅
Chipmaker MaxLinear reports data breach after Maze Ransomware attack Maze |
| 2020-06-04
⋅
Sophos Naked Security
⋅
Nuclear missile contractor hacked in Maze ransomware attack Maze |
| 2020-05-21
⋅
BrightTALK (FireEye)
⋅
Navigating MAZE: Analysis of a Rising Ransomware Threat Maze |
| 2020-05-12
⋅
SophosLabs Uncut
⋅
Maze ransomware: extorting victims for 1 year and counting Maze |
| 2020-05-07
⋅
FireEye Inc
⋅
Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents Maze |
| 2020-05-07
⋅
REDTEAM.PL
⋅
Sodinokibi / REvil ransomware Maze MimiKatz REvil |
| 2020-05-04
⋅
Blueliv
⋅
Escape from the Maze Maze |
| 2020-05-01
⋅
CrowdStrike
⋅
The Many Paths Through Maze Maze |
| 2020-04-28
⋅
Microsoft
⋅
Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk LockBit Mailto Maze MedusaLocker Paradise RagnarLocker REvil RobinHood |
| 2020-04-18
⋅
Cognizant
⋅
Cognizant Security Incident Update Maze |
| 2020-04-18
⋅
Bleeping Computer
⋅
IT services giant Cognizant suffers Maze Ransomware cyber attack Maze |
| 2020-04-08
⋅
Secureworks
⋅
How Cyber Adversaries are Adapting to Exploit the Global Pandemic GOLD SOUTHFIELD TA2101 TA505 WIZARD SPIDER |
| 2020-03-26
⋅
McAfee
⋅
Ransomware Maze Maze |
| 2020-03-26
⋅
TechCrunch
⋅
Cyber insurer Chubb had data stolen in Maze ransomware attack Maze |
| 2020-03-25
⋅
Bitdefender
⋅
A Technical Look into Maze Ransomware Maze |
| 2020-03-24
⋅
Bleeping Computer
⋅
Three More Ransomware Families Create Sites to Leak Stolen Data Clop DoppelPaymer Maze Nefilim Nemty REvil |
| 2020-03-12
⋅
Cyberbit
⋅
Lost in the Maze Maze |
| 2020-03-04
⋅
CrowdStrike
⋅
2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER |
| 2020-03-03
⋅
Bleeping Computer
⋅
Ransomware Attackers Use Your Cloud Backups Against You DoppelPaymer Maze |
| 2020-02-20
⋅
McAfee
⋅
CSI: Evidence Indicators for Targeted Ransomware Attacks – Part II Cobalt Strike LockerGoga Maze MegaCortex |
| 2020-01-30
⋅
⋅
ZATAZ
⋅
Cyber attaque à l’encontre des serveurs de Bouygues Construction Maze |
| 2020-01-29
⋅
ANSSI
⋅
État de la menace rançongiciel Clop Dharma FriedEx Gandcrab LockerGoga Maze MegaCortex REvil RobinHood Ryuk SamSam |
| 2020-01-22
⋅
Deloitte
⋅
Project Lurus Maze |
| 2020-01-01
⋅
Secureworks
⋅
GOLD VILLAGE Maze |
| 2020-01-01
⋅
Blackberry
⋅
State of Ransomware Maze MedusaLocker Nefilim Phobos REvil Ryuk STOP |
| 2019-12-24
⋅
Bleeping Computer
⋅
Maze Ransomware Releases Files Stolen from City of Pensacola Maze |
| 2019-12-18
⋅
Github (albertzsigovits)
⋅
Maze ransomware Maze |
| 2019-12-17
⋅
Cisco
⋅
Incident Response lessons from recent Maze ransomware attacks Maze |
| 2019-12-16
⋅
KrebsOnSecurity
⋅
Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up Maze |
| 2019-12-11
⋅
Bleeping Computer
⋅
Maze Ransomware Behind Pensacola Cyberattack, $1M Ransom Demand Maze |
| 2019-11-21
⋅
Bleeping Computer
⋅
Allied Universal Breached by Maze Ransomware, Stolen Data Leaked Maze |
| 2019-11-14
⋅
Proofpoint
⋅
TA2101 plays government imposter to distribute malware to German, Italian, and US organizations Maze TA2101 |
| 2019-11-08
⋅
Twitter (@certbund)
⋅
Tweet on Spam Mails containing MAZE Maze |
| 2019-10-18
⋅
Bleeping Computer
⋅
Maze Ransomware Now Delivered by Spelevo Exploit Kit Maze |
| 2019-05-13
⋅
⋅
ChaCha Ransomware Maze |
| 2019-01-01
⋅
CrowdStrike
⋅
Twisted Spider Maze TA2101 |