| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Vice Society is a ransomware group that has been active since at least June 2021. They primarily target the education and healthcare sectors, but have also been observed targeting the manufacturing industry. The group has used multiple ransomware families and has been known to utilize PowerShell scripts for their attacks. There are similarities between Vice Society and the Rhysida ransomware group, suggesting a potential connection or rebranding.
| 2025-05-06
⋅
Mandiant
⋅
Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines BlackCat DragonForce RansomHub |
| 2025-05-06
⋅
Mandiant
⋅
Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines BlackCat DragonForce RansomHub |
| 2025-04-24
⋅
Mandiant
⋅
M-Trends 2025 Report Akira Black Basta LockBit SystemBC GootLoader LockBit WIREFIRE Akira Black Basta Cobalt Strike LockBit RansomHub SystemBC Pink Sandstorm |
| 2025-04-16
⋅
Sekoia
⋅
Interlock ransomware evolving under the radar Interlock Berserk Stealer Interlock Lumma Stealer Supper |
| 2025-04-15
⋅
Beazley Security Labs
⋅
Hunting Mice In Tunnels II - Fake CAPTCHAs and Ransomware Interlock Supper |
| 2025-03-31
⋅
48157c03bf9731926f9567fe1fabc807bff166241f8d6c27e6308dde68112669 Supper |
| 2025-01-30
⋅
Recorded Future
⋅
TAG-124’s Multi-Layered TDS Infrastructure and Extensive User Base Rhysida KongTuke MintsLoader Broomstick Remcos Rhysida WarmCookie |
| 2025-01-27
⋅
The DFIR Report
⋅
Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware GhostSocks LockBit SystemBC |
| 2024-12-04
⋅
Rapid7
⋅
Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware Black Basta Cobalt Strike DarkGate SystemBC Zloader |
| 2024-11-29
⋅
Fortinet
⋅
Ransomware Roundup - Interlock Interlock Interlock Supper |
| 2024-11-07
⋅
Cisco Talos
⋅
Unwrapping the emerging Interlock ransomware attack Interlock Rhysida |
| 2024-10-30
⋅
EclecticIQ
⋅
Inside Intelligence Center: LUNAR SPIDER Enabling Ransomware Attacks on Financial Sector with Brute Ratel C4 and Latrodectus BlackCat Brute Ratel C4 Latrodectus |
| 2024-10-10
⋅
paloalto Netoworks: Unit42
⋅
Lynx Ransomware: A Rebranding of INC Ransomware INC Lynx |
| 2024-10-09
⋅
Recorded Future
⋅
Outmaneuvering Rhysida: How Advanced Threat Intelligence Shields Critical Infrastructure from Ransomware Broomstick Rhysida |
| 2024-09-30
⋅
The DFIR Report
⋅
Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware BlackCat Nitrogen Loader Sliver |
| 2024-09-20
⋅
CISO Series
⋅
Cybersecurity News: INC targets healthcare, Providence schools cyberattack, Apple iPads bricked INC Storm-0494 |
| 2024-09-18
⋅
Twitter (@MsftSecIntel)
⋅
Tweet about threat actor Vanilla Tempest INC GootLoader Storm-0494 |
| 2024-08-26
⋅
The DFIR Report
⋅
BlackSuit Ransomware BlackSuit Cobalt Strike SystemBC |
| 2024-08-12
⋅
Rapid7
⋅
Ongoing Social Engineering Campaign Refreshes Payloads Black Basta Cobalt Strike GhostSocks Lumma Stealer SystemBC |
| 2024-07-29
⋅
Mandiant
⋅
UNC4393 Goes Gently into the SILENTNIGHT Black Basta QakBot sRDI SystemBC Zloader UNC3973 UNC4393 |
| 2024-07-24
⋅
ThreatDown
⋅
Rhysida using Oyster Backdoor to deliver ransomware Broomstick Rhysida |
| 2024-07-02
⋅
Sekoia
⋅
Exposing FakeBat loader: distribution methods and adversary infrastructure BlackCat Royal Ransom EugenLoader Carbanak Cobalt Strike DICELOADER Gozi IcedID Lumma Stealer NetSupportManager RAT Pikabot RedLine Stealer SectopRAT Sliver SmokeLoader Vidar |
| 2024-06-05
⋅
S-RM
⋅
Exmatter malware levels up: S-RM observes new variant with simultaneous remote code execution and data targeting BlackCat BlackMatter Conti ExMatter LockBit REvil Ryuk |
| 2024-05-30
⋅
Europol
⋅
Largest ever operation against botnets hits dropper malware ecosystem BumbleBee IcedID SmokeLoader SystemBC TrickBot |
| 2024-05-15
⋅
Microsoft
⋅
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware Black Basta Cobalt Strike QakBot SystemBC |
| 2024-04-29
⋅
The DFIR Report
⋅
From IcedID to Dagon Locker Ransomware in 29 Days IcedID Mount Locker |
| 2024-04-24
⋅
SentinelOne
⋅
Ransomware Evolution | How Cheated Affiliates Are Recycling Victim Data for Profit BlackCat RansomHub RansomHub |
| 2024-02-29
⋅
CrowdStrike
⋅
The Anatomy of an ALPHA SPIDER Ransomware Attack BlackCat Alpha Spider |
| 2024-02-22
⋅
Sekoia
⋅
Scattered Spider laying new eggs BlackCat |
| 2024-02-12
⋅
HelpNetSecurity
⋅
Decryptor for Rhysida ransomware is available! Rhysida |
| 2024-01-19
⋅
Kroll
⋅
Inside the SYSTEMBC Command-and-Control Server SystemBC |
| 2024-01-07
⋅
nikhilh-20
⋅
INC Linux Ransomware - Sandboxing with ELFEN and Analysis INC |
| 2023-12-13
⋅
ShadowStackRE
⋅
Rhysida Ransomware Rhysida Rhysida |
| 2023-12-13
⋅
cocomelonc
⋅
Malware in the wild book AsyncRAT Babuk BlackCat BlackLotus Carbanak HelloKitty Paradise Stealc WinDealer |
| 2023-12-12
⋅
Fourcore
⋅
Rhysida Ransomware: History, TTPs And Adversary Emulation Plans Rhysida Rhysida Vanilla Tempest |
| 2023-12-10
⋅
Detect FYI
⋅
Rhysida Ransomware and the Detection Opportunities PolyVice Rhysida Vanilla Tempest |
| 2023-12-03
⋅
Twitter (@vxunderground)
⋅
Tweet about ALPHV group compromising Tipalti to pressure its clients. BlackCat BlackCat |
| 2023-11-16
⋅
The Register
⋅
BlackCat plays with malvertising traps to lure corporate victims BlackCat |
| 2023-11-16
⋅
CISA
⋅
Scattered Spider BlackCat Ave Maria Raccoon Vidar |
| 2023-11-16
⋅
CISA
⋅
Scattered Spider Ave Maria BlackCat Raccoon Vidar |
| 2023-11-15
⋅
Fortinet
⋅
Investigating the New Rhysida Ransomware Rhysida |
| 2023-11-13
⋅
Twitter (@malwrhunterteam)
⋅
Tweet on Linux version of Rhysida Rhysida |
| 2023-11-12
⋅
Github (vc0RExor)
⋅
The Swiss Knife: SystemBC | Coroxy SystemBC |
| 2023-10-30
⋅
eSentire
⋅
Nitrogen Campaign 2.0: Reloads with Enhanced Capabilities Leading to ALPHV/BlackCat Ransomware BlackCat Nitrogen Loader |
| 2023-10-26
⋅
Avast Decoded
⋅
Rhysida Ransomware Technical Analysis Rhysida |
| 2023-10-12
⋅
YouTube (FIRST)
⋅
"Compromising the Keys to the Kingdom" - Exfiltrating Data to Own and Operate the Exploited Systems Loki RAT SystemBC |
| 2023-09-12
⋅
FIRSTCON
⋅
Compromising the Keys to the Kingdom: Exfiltrating Data to Own and Operate the Exploited Systems (Slides) Loki RAT SystemBC |
| 2023-09-12
⋅
⋅
ANSSI
⋅
FIN12: A Cybercriminal Group with Multiple Ransomware BlackCat Cobalt Strike Conti Hive MimiKatz Nokoyawa Ransomware PLAY Royal Ransom Ryuk SystemBC |
| 2023-08-23
⋅
Logpoint
⋅
Defending Against 8base: Uncovering Their Arsenal and Crafting Responses 8Base Phobos SmokeLoader SystemBC |
| 2023-08-17
⋅
Trellix
⋅
Scattered Spider: The Modus Operandi BlackCat POORTRY |
| 2023-08-10
⋅
Kaspersky
⋅
Focus on DroxiDat/SystemBC SystemBC |
| 2023-08-09
⋅
BleepingComputer
⋅
Rhysida ransomware behind recent attacks on healthcare Rhysida |
| 2023-08-09
⋅
Trend Micro
⋅
An Overview of the New Rhysida Ransomware Targeting the Healthcare Sector Rhysida |
| 2023-08-08
⋅
Cisco Talos
⋅
What Cisco Talos knows about the Rhysida ransomware Rhysida |
| 2023-08-08
⋅
Twitter (@malwrhunterteam)
⋅
Tweet about INC ransomware INC |
| 2023-08-08
⋅
Checkpoint
⋅
THE RHYSIDA RANSOMWARE: ACTIVITY ANALYSIS AND TIES TO VICE SOCIETY Rhysida Vanilla Tempest |
| 2023-08-01
⋅
LinkedIn (PRODAFT)
⋅
An organic relationship between the #Rhysida and #ViceSociety ransomware teams Rhysida |
| 2023-07-18
⋅
Symantec
⋅
FIN8 Uses Revamped Sardonic Backdoor to Deliver Noberus Ransomware BlackCat Unidentified 103 (FIN8) |
| 2023-07-13
⋅
MSSP Lab
⋅
Malware analysis report: BlackCat ransomware BlackCat BlackCat |
| 2023-06-29
⋅
SentinelOne
⋅
Rhysida Ransomware | RaaS Crawls Out of Crimeware Undergrowth to Attack Chilean Army Rhysida |
| 2023-06-28
⋅
vmware
⋅
8Base Ransomware: A Heavy Hitting Player 8Base Phobos SmokeLoader SystemBC |
| 2023-06-27
⋅
SecurityIntelligence
⋅
The Trickbot/Conti Crypters: Where Are They Now? Black Basta Conti Mount Locker PhotoLoader Royal Ransom SystemBC TrickBot |
| 2023-06-22
⋅
Reliaquest
⋅
Goot to Loot - How a Gootloader Infection Led to Credential Access GootLoader SystemBC |
| 2023-06-10
⋅
The DFIR Report
⋅
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment BlackCat Cobalt Strike IcedID |
| 2023-06-01
⋅
Infinitum IT
⋅
BlackCat Ransomware Analysis Report (Paywall) BlackCat |
| 2023-05-30
⋅
IBM Security
⋅
BlackCat (ALPHV) ransomware levels up for stealth, speed and exfiltration BlackCat BlackCat |
| 2023-05-23
⋅
Secplicity
⋅
Scratching the Surface of Rhysida Ransomware Rhysida |
| 2023-05-22
⋅
Trend Micro
⋅
BlackCat Ransomware Deploys New Signed Kernel Driver BlackCat |
| 2023-05-15
⋅
CrowdStrike
⋅
Hypervisor Jackpotting, Part 3: Lack of Antivirus Support Opens the Door to Adversary Attacks BlackCat SystemBC |
| 2023-04-19
⋅
Symantec
⋅
Play Ransomware Group Using New Custom Data-Gathering Tools PLAY SystemBC |
| 2023-04-19
⋅
Bleeping Computer
⋅
March 2023 broke ransomware attack records with 459 incidents Clop WhiteRabbit BianLian Black Basta BlackCat LockBit MedusaLocker PLAY Royal Ransom |
| 2023-04-18
⋅
Mandiant
⋅
M-Trends 2023 QUIETEXIT AppleJeus Black Basta BlackCat CaddyWiper Cobalt Strike Dharma HermeticWiper Hive INDUSTROYER2 Ladon LockBit Meterpreter PartyTicket PlugX QakBot REvil Royal Ransom SystemBC WhisperGate |
| 2023-04-03
⋅
Mandiant
⋅
ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access LaZagne BlackCat MimiKatz |
| 2023-04-03
⋅
The DFIR Report
⋅
Malicious ISO File Leads to Domain Wide Ransomware Cobalt Strike IcedID Mount Locker |
| 2023-03-30
⋅
United States District Court (Eastern District of New York)
⋅
Cracked Cobalt Strike (1:23-cv-02447) Black Basta BlackCat LockBit RagnarLocker LockBit Black Basta BlackCat Cobalt Strike Cuba Emotet LockBit Mount Locker PLAY QakBot RagnarLocker Royal Ransom Zloader |
| 2023-03-30
⋅
eSentire
⋅
eSentire Threat Intelligence Malware Analysis: BatLoader BATLOADER Cobalt Strike ISFB SystemBC Vidar |
| 2023-03-21
⋅
Github (rivitna)
⋅
BlackCat v3 Decryptor Scripts BlackCat BlackCat |
| 2023-02-14
⋅
Intrinsec
⋅
Vice-Society spreads its own ransomware HelloKitty PolyVice Zeppelin |
| 2023-02-14
⋅
Cybereason
⋅
GootLoader - SEO Poisoning and Large Payloads Leading to Compromise GootLoader Cobalt Strike SystemBC |
| 2023-02-09
⋅
cyber.wtf blog
⋅
Defeating VMProtect’s Latest Tricks SystemBC |
| 2023-01-23
⋅
Kroll
⋅
Black Basta – Technical Analysis Black Basta Cobalt Strike MimiKatz QakBot SystemBC |
| 2023-01-16
⋅
Intrinsec
⋅
ProxyNotShell – OWASSRF – Merry Xchange Cobalt Strike SystemBC |
| 2022-11-28
⋅
The DFIR Report
⋅
Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware Emotet Mount Locker |
| 2022-11-10
⋅
Intezer
⋅
How LNK Files Are Abused by Threat Actors BumbleBee Emotet Mount Locker QakBot |
| 2022-11-09
⋅
Netskope
⋅
BlackCat Ransomware: Tactics and Techniques From a Targeted Attack BlackCat ExMatter |
| 2022-10-28
⋅
velociraptor
⋅
Windows.Carving.SystemBC - SystemBC RAT configuration Purser for Velociraptor SystemBC |
| 2022-10-25
⋅
Microsoft
⋅
DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector BlackCat Mount Locker PortStarter Zeppelin Vanilla Tempest |
| 2022-10-10
⋅
RiskIQ
⋅
DEV-0832 Leverages Commodity Tools in Opportunistic Ransomware Campaigns BlackCat Mount Locker SystemBC Zeppelin |
| 2022-09-28
⋅
vmware
⋅
ESXi-Targeting Ransomware: The Threats That Are After Your Virtual Machines (Part 1) Avoslocker Babuk Black Basta BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit Luna RansomEXX RedAlert Ransomware REvil |
| 2022-09-22
⋅
ComputerWeekly
⋅
ALPHV/BlackCat ransomware family becoming more dangerous BlackCat BlackCat FIN7 |
| 2022-09-22
⋅
Broadcom
⋅
Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics BlackCat BlackMatter DarkSide |
| 2022-09-21
⋅
BitSight
⋅
SystemBC: The Multipurpose Proxy Bot Still Breathes SystemBC |
| 2022-09-14
⋅
SecurityScorecard
⋅
A Detailed Analysis of the Quantum Ransomware Mount Locker |
| 2022-09-08
⋅
Sentinel LABS
⋅
Crimeware Trends | Ransomware Developers Turn to Intermittent Encryption to Evade Detection AgendaCrypt Black Basta BlackCat PLAY |
| 2022-09-06
⋅
CISA
⋅
Alert (AA22-249A) #StopRansomware: Vice Society Cobalt Strike Empire Downloader FiveHands HelloKitty SystemBC Zeppelin |
| 2022-09-06
⋅
SecurityScorecard
⋅
TTPs Associated With a New Version of the BlackCat Ransomware BlackCat |
| 2022-08-30
⋅
Cisco
⋅
ModernLoader delivers multiple stealers, cryptominers and RATs Coinminer DCRat ModernLoader RedLine Stealer SapphireMiner SystemBC |
| 2022-08-22
⋅
Microsoft
⋅
Extortion Economics - Ransomware’s new business model BlackCat Conti Hive REvil AgendaCrypt Black Basta BlackCat Brute Ratel C4 Cobalt Strike Conti Hive Mount Locker Nokoyawa Ransomware REvil Ryuk |
| 2022-08-11
⋅
SecurityScorecard
⋅
The Increase in Ransomware Attacks on Local Governments BlackCat BlackCat Cobalt Strike LockBit |
| 2022-08-11
⋅
CISA
⋅
#StopRansomware: Zeppelin Ransomware (PDF) Zeppelin |
| 2022-08-11
⋅
CISA
⋅
Alert (AA22-223A) #StopRansomware: Zeppelin Ransomware Zeppelin |
| 2022-07-18
⋅
SecurityScorecard
⋅
A Deep Dive Into ALPHV/BlackCat Ransomware BlackCat |
| 2022-07-14
⋅
Sophos
⋅
BlackCat ransomware attacks not merely a byproduct of bad luck BlackCat BlackCat |
| 2022-07-08
⋅
Sekoia
⋅
Vice Society: a discreet but steady double extortion ransomware group HelloKitty Zeppelin |
| 2022-06-29
⋅
Group-IB
⋅
Fat Cats - An analysis of the BlackCat ransomware affiliate program BlackCat BlackCat |
| 2022-06-23
⋅
Kaspersky
⋅
The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs (Download Form) BlackByte BlackCat Clop Conti Hive LockBit Mespinoza RagnarLocker |
| 2022-06-23
⋅
Kaspersky
⋅
The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs Conti Hive BlackByte BlackCat Clop LockBit Mespinoza Ragnarok |
| 2022-06-13
⋅
Microsoft
⋅
The many lives of BlackCat ransomware BlackCat Velvet Tempest |
| 2022-06-13
⋅
Microsoft
⋅
The many lives of BlackCat ransomware BlackCat |
| 2022-06-07
⋅
AdvIntel
⋅
BlackCat — In a Shifting Threat Landscape, It Helps to Land on Your Feet: Tech Dive BlackCat BlackCat Cobalt Strike |
| 2022-06-01
⋅
Jorge Testa
⋅
Killing The Bear - Alphv BlackCat BlackCat |
| 2022-06-01
⋅
Elastic
⋅
CUBA Ransomware Campaign Analysis Cobalt Strike Cuba Meterpreter MimiKatz SystemBC |
| 2022-05-24
⋅
BitSight
⋅
Emotet Botnet Rises Again Cobalt Strike Emotet QakBot SystemBC |
| 2022-05-23
⋅
Trend Micro
⋅
LockBit, Conti, and BlackCat Lead Pack Amid Rise in Active RaaS and Extortion Groups: Ransomware in Q1 2022 (PDF) BlackCat Conti LockBit |
| 2022-05-23
⋅
Trend Micro
⋅
LockBit, Conti, and BlackCat Lead Pack Amid Rise in Active RaaS and Extortion Groups: Ransomware in Q1 2022 BlackCat Conti LockBit |
| 2022-05-20
⋅
AdvIntel
⋅
DisCONTInued: The End of Conti’s Brand Marks New Chapter For Cybercrime Landscape AvosLocker Black Basta BlackByte BlackCat Conti HelloKitty Hive |
| 2022-05-19
⋅
IBM
⋅
ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups IcedID ISFB Mount Locker WIZARD SPIDER |
| 2022-05-11
⋅
Kaspersky
⋅
New ransomware trends in 2022 BlackCat Conti DEADBOLT DoubleZero LockBit PartyTicket StealBit |
| 2022-05-09
⋅
Microsoft
⋅
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker BRONZE STARLIGHT |
| 2022-05-09
⋅
Microsoft Security
⋅
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself Griffon BazarBackdoor BlackCat BlackMatter Blister Gozi LockBit Pandora Rook SystemBC TrickBot |
| 2022-05-09
⋅
Cybereason
⋅
Cybereason vs. Quantum Locker Ransomware IcedID Mount Locker |
| 2022-04-29
⋅
The Record
⋅
German wind farm operator confirms cybersecurity incident Black Basta BlackCat |
| 2022-04-27
⋅
⋅
ANSSI
⋅
LE GROUPE CYBERCRIMINEL FIN7 Bateleur BELLHOP Griffon SQLRat POWERSOURCE Andromeda BABYMETAL BlackCat BlackMatter BOOSTWRITE Carbanak Cobalt Strike DNSMessenger Dridex DRIFTPIN Gameover P2P MimiKatz Murofet Qadars Ranbyus SocksBot |
| 2022-04-21
⋅
Forescout
⋅
Analysis of an ALPHV incident BlackCat |
| 2022-04-19
⋅
FBI
⋅
FBI Flash CU-000167-MW: BlackCat/ALPHV Ransomware Indicators of Compromise BlackCat |
| 2022-04-18
⋅
AdvIntel
⋅
Enter KaraKurt: Data Extortion Arm of Prolific Ransomware Group AvosLocker BazarBackdoor BlackByte BlackCat Cobalt Strike HelloKitty Hive Karakurt |
| 2022-04-18
⋅
Trend Micro
⋅
An Investigation of the BlackCat Ransomware via Trend Micro Vision One BlackCat |
| 2022-04-12
⋅
AhnLab
⋅
SystemBC Being Used by Various Attackers Emotet SmokeLoader SystemBC |
| 2022-04-08
⋅
The Hacker News
⋅
Researchers Connect BlackCat Ransomware with Past BlackMatter Malware Activity BlackCat BlackMatter BlackCat BlackMatter |
| 2022-04-07
⋅
Kaspersky
⋅
A Bad Luck BlackCat BlackCat BlackCat |
| 2022-04-07
⋅
Kaspersky
⋅
A Bad Luck BlackCat BlackCat |
| 2022-03-27
⋅
Bleeping Computer
⋅
Hive ransomware ports its Linux VMware ESXi encryptor to Rust BlackCat Hive Hive |
| 2022-03-23
⋅
CrowdStrike
⋅
Falcon OverWatch Threat Hunting Contributes to Seamless Protection Against Novel BlackCat Attack BlackCat |
| 2022-03-22
⋅
The Register
⋅
This is a BlackCat you don't want crossing your path BlackCat BlackMatter |
| 2022-03-17
⋅
Cisco
⋅
From BlackMatter to BlackCat: Analyzing two attacks from one affiliate BlackCat BlackMatter BlackCat BlackMatter |
| 2022-03-16
⋅
Symantec
⋅
The Ransomware Threat Landscape: What to Expect in 2022 AvosLocker BlackCat BlackMatter Conti DarkSide DoppelPaymer Emotet Hive Karma Mespinoza Nemty Squirrelwaffle VegaLocker WastedLocker Yanluowang Zeppelin |
| 2022-03-04
⋅
Medium walmartglobaltech
⋅
SystemBC, PowerShell version SystemBC |
| 2022-03-01
⋅
Cybereason
⋅
Cybereason vs. BlackCat Ransomware BlackCat |
| 2022-02-23
⋅
Emsisoft
⋅
Ransomware Profile: ALPHV BlackCat |
| 2022-02-08
⋅
Trellix
⋅
BlackCat Ransomware as a Service - The Cat is certainly out of the bag! BlackCat BlackCat |
| 2022-02-02
⋅
ZDNet
⋅
BlackCat ransomware implicated in attack on German oil companies BlackCat BlackCat |
| 2022-01-28
⋅
KrebsOnSecurity
⋅
Who Wrote the ALPHV/BlackCat Ransomware Strain? BlackCat BlackCat |
| 2022-01-27
⋅
Palo Alto Networks Unit 42
⋅
Threat Assessment: BlackCat Ransomware BlackCat |
| 2022-01-26
⋅
Intrinsec
⋅
ALPHV ransomware gang analysis BlackCat BlackCat |
| 2022-01-26
⋅
Intrinsec
⋅
ALPHV ransomware gang analysis BlackCat LockBit |
| 2022-01-26
⋅
Varonis
⋅
ALPHV (BlackCat) Ransomware BlackCat |
| 2022-01-19
⋅
Mandiant
⋅
One Source to Rule Them All: Chasing AVADDON Ransomware BlackMatter Avaddon BlackMatter MedusaLocker SystemBC ThunderX |
| 2022-01-18
⋅
SentinelOne
⋅
BlackCat Ransomware | Highly-Configurable, Rust-Driven RaaS On The Prowl For Victims BlackCat |
| 2021-12-21
⋅
Twitter (@sisoma2)
⋅
BlackCat Ransomware Linux variant BlackCat |
| 2021-12-16
⋅
Symantec
⋅
Noberus: Technical Analysis Shows Sophistication of New Rust-based Ransomware BlackCat |
| 2021-12-10
⋅
Dissecting Malware
⋅
BlackCatConf - Static Configuration Extractor for BlackCat Ransomware BlackCat |
| 2021-12-10
⋅
Medium s2wlab
⋅
BlackCat: New Rust based ransomware borrowing BlackMatter’s configuration BlackCat BlackMatter |
| 2021-12-01
⋅
⋅
ID Ransomware
⋅
BlackCat Ransomware BlackCat |
| 2021-11-05
⋅
Blackberry
⋅
Hunter Becomes Hunted: Zebra2104 Hides a Herd of Malware Cobalt Strike DoppelDridex Mount Locker Phobos StrongPity |
| 2021-10-18
⋅
The DFIR Report
⋅
IcedID to XingLocker Ransomware in 24 hours Cobalt Strike IcedID Mount Locker |
| 2021-10-15
⋅
Trend Micro
⋅
Ransomware Operators Found Using New "Franchise" Business Model Glupteba IcedID Mount Locker |
| 2021-08-04
⋅
kienmanowar Blog
⋅
[QuickNote] MountLocker – Some pseudo-code snippets Mount Locker |
| 2021-08-04
⋅
CrowdStrike
⋅
PROPHET SPIDER Exploits Oracle WebLogic to Facilitate Ransomware Activity Cobalt Strike Egregor Mount Locker Prophet Spider |
| 2021-07-14
⋅
Intel 471
⋅
How cybercriminals create turbulence for the transportation industry Mount Locker Nefilim |
| 2021-06-23
⋅
Symantec
⋅
Ransomware: Growing Number of Attackers Using Virtual Machines Mount Locker |
| 2021-06-07
⋅
Medium walmartglobaltech
⋅
Inside the SystemBC Malware-As-A-Service Ryuk SystemBC TrickBot |
| 2021-05-23
⋅
Chuongdong blog
⋅
MountLocker Ransomware Mount Locker |
| 2021-05-19
⋅
Intel 471
⋅
Look how many cybercriminals love Cobalt Strike BazarBackdoor Cobalt Strike Hancitor QakBot SmokeLoader SystemBC TrickBot |
| 2021-05-18
⋅
Github (Finch4)
⋅
Analysis of MountLocker Mount Locker |
| 2021-05-10
⋅
F-Secure
⋅
Prelude to Ransomware: SystemBC SystemBC |
| 2021-05-10
⋅
DarkTracer
⋅
Intelligence Report on Ransomware Gangs on the DarkWeb: List of victim organizations attacked by ransomware gangs released on the DarkWeb RansomEXX Avaddon Babuk Clop Conti Cuba DarkSide DoppelPaymer Egregor Hades LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker Nefilim Nemty Pay2Key PwndLocker RagnarLocker Ragnarok RansomEXX REvil Sekhmet SunCrypt ThunderX |
| 2021-04-23
⋅
GuidePoint Security
⋅
Mount Locker Ransomware Steps up Counter-IR Capabilities, Hindering Efforts for Detection, Response and Investigation Mount Locker |
| 2021-04-21
⋅
SophosLabs Uncut
⋅
Nearly half of malware now use TLS to conceal communications Agent Tesla Cobalt Strike Dridex SystemBC |
| 2021-04-01
⋅
Reversing Labs
⋅
Code Reuse Across Packers and DLL Loaders IcedID SystemBC |
| 2021-03-31
⋅
Sophos
⋅
Sophos MTR in Real Time: What is Astro Locker Team? Mount Locker |
| 2021-02-25
⋅
FireEye
⋅
So Unchill: Melting UNC2198 ICEDID to Ransomware Operations MOUSEISLAND Cobalt Strike Egregor IcedID Maze SystemBC |
| 2021-02-23
⋅
CrowdStrike
⋅
2021 Global Threat Report RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER |
| 2021-02-03
⋅
InfoSec Handlers Diary Blog
⋅
Excel spreadsheets push SystemBC malware Cobalt Strike SystemBC |
| 2020-12-23
⋅
Dissecting Malware
⋅
Between a rock and a hard place - Exploring Mount Locker Ransomware Mount Locker |
| 2020-12-16
⋅
SophosLabs Uncut
⋅
Ransomware operators use SystemBC RAT as off-the-shelf Tor backdoor SystemBC |
| 2020-12-11
⋅
Blackberry
⋅
MountLocker Ransomware-as-a-Service Offers Double Extortion Capabilities to Affiliates Cobalt Strike Mount Locker |
| 2020-11-19
⋅
Bleeping Computer
⋅
Mount Locker ransomware now targets your TurboTax tax returns Mount Locker |
| 2020-11-13
⋅
Bleeping Computer
⋅
Biotech research firm Miltenyi Biotec hit by ransomware, data leaked Mount Locker |
| 2020-10-14
⋅
Sophos
⋅
They’re back: inside a new Ryuk ransomware attack Cobalt Strike Ryuk SystemBC |
| 2020-09-24
⋅
Bleeping Computer
⋅
Mount Locker ransomware joins the multi-million dollar ransom game Mount Locker |
| 2019-07-31
⋅
Proofpoint
⋅
SystemBC is like Christmas in July for SOCKS5 Malware and Exploit Kits SystemBC |