Skip to content

Panopticon-Project/panopticon-WizardSpider

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

57 Commits
 
 
 
 

Repository files navigation

panopticon-WizardSpider

https://www.cyjax.com/2022/07/15/who-is-trickbot/

https://www.wired.com/story/trickbot-malware-group-internal-messages/

https://www.bleepingcomputer.com/news/security/taiwanese-apple-and-tesla-contractor-hit-by-conti-ransomware/

https://www.analyst1.com/blog/ransom-mafia-analysis-of-the-worlds-first-ransomware-cartel

https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf

https://www.crowdstrike.com/blog/double-trouble-ransomware-data-leak-extortion-part-2/

https://www.crowdstrike.com/blog/wizard-spider-adversary-update/

https://www.youtube.com/watch?v=a5osvPQhM5U

https://blog.malwarebytes.com/reports/2021/08/analysts-strongly-believe-the-russian-state-colludes-with-ransomware-gangs/

https://www.securityweek.com/new-ransomware-diavol-linked-notorious-cybercrime-gang

https://www.cisecurity.org/blog/trickbot-not-your-average-hat-trick-a-malware-with-multiple-hats/

https://www.fireeye.com/blog/threat-research/2019/01/a-nasty-trick-from-credential-theft-malware-to-business-disruption.html

https://eclypsium.com/2020/12/03/trickbot-now-offers-trickboot-persist-brick-profit/#background

https://assets.sentinelone.com/c/sentinel-one-mexec-r?x=P42eqA

https://community.riskiq.com/article/c88cf7e6

https://argonsys.com/microsoft-cloud/library/analyzing-attacks-that-exploit-the-cve-2021-40444-mshtml-vulnerability/

https://www.mandiant.com/resources/fin12-ransomware-intrusion-actor-pursuing-healthcare-targets

https://www.securityweek.com/russian-man-extradited-us-role-trickbot-malware-development - possible

https://www.securityweek.com/latvian-woman-charged-us-role-cybercrime-group - possible

https://www.securityweek.com/many-ransomware-attacks-ot-organizations-involved-ryuk-ibm

https://www.securityweek.com/emotet-using-trickbot-get-back-game ??

https://www.anomali.com/blog/mummy-spiders-emotet-malware-is-back-after-a-year-hiatus-wizard-spiders-trickbot-observed-in-its-return

https://research.checkpoint.com/2021/when-old-friends-meet-again-why-emotet-chose-trickbot-for-rebirth/

https://www.securityweek.com/conti-ransomware-acquires-trickbot-it-thrives-amid-crackdowns - I had both conti and trickbot as Wizard Spider months before this??

https://therecord.media/russia-or-ukraine-hacking-groups-take-sides/

https://www.wired.com/story/conti-ransomware-russia

https://www.wired.com/story/conti-leaks-ransomware-work-life/

https://www.securityweek.com/ransomware-gang-leaks-files-stolen-industrial-giant-parker-hannifin

https://www.washingtonpost.com/politics/2022/03/18/11-big-takeaways-conti-ransomware-leaks/

https://www.securityweek.com/ukrainian-security-researcher-leaks-newer-conti-ransomware-source-code

https://therecord.media/panasonic-february-ransomware-attack-only-affected-canada-branch/

https://www.akamai.com/blog/security/conti-hacker-manual-reviewed - says the manuals cover nothing on initial access, but there were "internet crawlers". Is that how they are getting initial access, scanning for vulns on the perimeter of orgs?

https://www.securityweek.com/high-end-tools-manufacturer-snap-discloses-data-breach

https://therecord.media/conti-ransomware-attack-was-aimed-at-destabilizing-government-transition-costa-rican-president-says/

https://www.securityweek.com/conti-ransomware-gang-claims-cyberattack-wind-turbine-giant-nordex

https://securityaffairs.co/wordpress/120876/cyber-crime/conti-ransomware-leak-indicators.html

https://www.ehackingnews.com/2021/08/conti-group-exploited-vulnerable.html

https://cybergeeks.tech/dissecting-the-last-version-of-conti-ransomware-using-a-step-by-step-approach/

https://www.securityweek.com/nokia-owned-sac-wireless-discloses-data-breach

https://www.securityweek.com/links-found-between-mshtml-zero-day-attacks-and-ransomware-operations

https://us-cert.cisa.gov/ncas/alerts/aa21-265a

https://www.securityweek.com/researchers-hack-conti-ransomware-infrastructure

https://www.securityweek.com/australian-electricity-provider-cs-energy-hit-ransomware

https://www.hackread.com/conti-ransomware-group-exploit-log4j-vulnerability/

https://www.securityweek.com/conti-ransomware-source-code-leaked

https://threatpost.com/conti-ransomware-decryptor-trickbot-source-code-leaked/178727/

https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-i-evasion/

https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-ii-the-office/

https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-iii-weaponry/

https://therecord.media/conti-leaks-the-panama-papers-of-ransomware/

https://www.securityweek.com/us-warns-conti-ransomware-attacks-gang-deals-leak-fallout

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/09/updated-conti-ransomware

https://therecord.media/conti-ransomware-cripples-systems-of-electricity-manager-in-costa-rican-town/

https://www.securityweek.com/conti-ransomware-activity-surges-despite-exposure-groups-operations

https://www.scmagazine.com/news/ransomware/bumblebee-malware-emerges-as-replacement-to-conti-gangs-bazalloader%EF%BF%BC

https://blog.talosintelligence.com/2022/05/conti-and-hive-ransomware-operations.html?utm_source=feedburner&utm_medium=email


from today's research

  1. Infosecurity Magazine. "Police Reportedly Arrest Egregor Ransomware Members" Accessed February 16,2021 https://www.infosecurity-magazine.com/news/police-arrest-egregor-ransomware/

  2. CrowdStrike. “Ransomware + Data Leak Extortion: Origins and Adversaries, Pt. 1,” September 24, 2020. https://www.crowdstrike.com/blog/double-trouble-ransomware-data-leak-extortion-part-1/.

  3. CrowdStrike. "Double Trouble: Ransomware with Data Leak Extortion, Part 2” Accessed March 3, 2021. https://www.crowdstrike.com/blog/double-trouble-ransomware-data-leak-extortion-part-2/

  4. BleepingComputer. "Ransomware gangs team up to form extortion cartel." https://www.bleepingcomputer.com/news/security/ransomware-gangs-team-up-to-form-extortion-cartel/

  5. BleepingComputer. “Canon Publicly Confirms August Ransomware Attack, Data Theft.” Accessed March 24, 2021. https://www.bleepingcomputer.com/news/security/canon-publicly-confirms-august-ransomware-attack-data-theft/.

  6. BleepingComputer. “SunCrypt Ransomware Sheds Light on the Maze Ransomware Cartel.” Accessed March 24, 2021. https://www.bleepingcomputer.com/news/security/suncrypt-ransomware-sheds-light-on-the-maze-ransomware-cartel/.

  7. SentinelLabs. “Egregor RaaS Continues the Chaos with Cobalt Strike and Rclone,” November 25, 2020. https://labs.sentinelone.com/egregor-raas-continues-the-chaos-with-cobalt-strike-and-rclone/.

  8. “Ragnar Locker Ransomware Deploys Virtual Machine to Dodge Security.” Sophos News (blog), May 21, 2020. https://news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dodge-security/.

  9. “Ransomware Group Turns to Facebook Ads — Krebs on Security.” Accessed March 24, 2021. https://krebsonsecurity.com/2020/11/ransomware-group-turns-to-facebook-ads/.

  10. BleepingComputer. “Ragnar Locker Ransomware Targets MSP Enterprise Support Tools.” Accessed March 24, 2021. https://www.bleepingcomputer.com/news/security/ragnar-locker-ransomware-targets-msp-enterprise-support-tools/.

  11. “2020 Global Threat Report.” Cybersecurity Report. Crowdstrike, 2020. https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf.

  12. BleepingComputer. "Ryuk ransomware now self-spreads to other Windows LAN devices." https://www.bleepingcomputer.com/news/security/ryuk-ransomware-now-self-spreads-to-other-windows-lan-devices/

  13. “LockBit Ransomware Analysis: Rapid Detonation Using a Single Compromised Credential.” Accessed March 26, 2021. https://www.darktrace.com/en/blog/lock-bit-ransomware-analysis-rapid-detonation-using-a-single-compromised-credential.

  14. Gallagher, Sean. “LockBit Uses Automated Attack Tools to Identify Tasty Targets.” Sophos News (blog), October 21, 2020. https://news.sophos.com/en-us/2020/10/21/lockbit-attackers-uses-automated-attack-tools-to-identify-tasty-targets/.

  15. The DFIR Report. “Lockbit Ransomware, Why You No Spread?,” June 10 2020. https://thedfirreport.com/2020/06/10/lockbit-ransomware-why-you-no-spread/.

  16. BleepingComputer. “SunCrypt Ransomware Sheds Light on the Maze Ransomware Cartel.” Accessed March 26, 2021. https://www.bleepingcomputer.com/news/security/suncrypt-ransomware-sheds-light-on-the-maze-ransomware-cartel/.

  17. BleepingComputer. “Maze ransomware shuts down operations, denies creating cartel.” Accessed March 19, 2021. https://www.bleepingcomputer.com/news/security/maze-ransomware-shuts-down-operations-denies-creating-cartel/

https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf

https://www.bleepingcomputer.com/news/security/ryuk-ransomware-now-self-spreads-to-other-windows-lan-devices/

https://www.bleepingcomputer.com/news/security/maze-ransomware-shuts-down-operations-denies-creating-cartel/

https://analyst1.com/file-assets/RANSOM-MAFIA-ANALYSIS-OF-THE-WORLD%E2%80%99S-FIRST-RANSOMWARE-CARTEL.pdf - here

https://www.securityweek.com/cyberattack-causes-chaos-costa-rica-government-systems

https://www.securityweek.com/new-black-basta-ransomware-possibly-linked-conti-group

https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/

https://twitter.com/BrettCallow/status/1524387838531301377

https://www.advintel.io/post/hydra-with-three-heads-blackbyte-the-future-of-ransomware-subsidiary-groups

https://www.bleepingcomputer.com/news/security/conti-ransomware-shuts-down-operation-rebrands-into-smaller-units/

https://www.prodaft.com/resource/detail/ws-wizard-spider-group-depth-analysis

https://securityintelligence.com/posts/itg23-crypters-cooperation-between-cybercriminal-groups/

https://www.advintel.io/post/discontinued-the-end-of-conti-s-brand-marks-new-chapter-for-cybercrime-landscape

https://therecord.media/linn-county-oregon-data-leak-conti-ransomware/

https://eclypsium.com/2022/06/02/conti-targets-critical-firmware/

https://www.wired.com/story/costa-rica-ransomware-conti/

https://www.group-ib.com/media/conti-armada-report/

https://www.securityweek.com/leaks-show-conti-ransomware-group-working-firmware-exploits

https://securityintelligence.com/posts/trickbot-group-systematically-attacking-ukraine/

https://www.advintel.io/post/anatomy-of-attack-truth-behind-the-costa-rica-government-ransomware-5-day-intrusion

https://www.wired.com/story/conti-group-ransomware-members-reward-target/

https://www.justice.gov/opa/pr/alleged-russian-money-launderer-extradited-netherlands-us

https://therecord.media/bitdefender-europol-swiss-police-publish-decryptor-for-lockergoga-ransomware/

https://twitter.com/VK_Intel/status/1557003350541242369 - interesting but I can't verify

https://www.securityweek.com/free-decryptors-released-bianlian-megacortex-ransomware

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published