Threat Group: - Trinity Ransomware Threat Type: - Ransomware (Double Extortion) Exploited Vulnerabilities: - Unpatched Software, Phishing, Remote Desktop Protocol (RDP) Malware Used: - Trinity Ransomware (.trinitylock extension) Threat Score: - 8.5/10 – High risk, targeting critical sectors like healthcare, with advanced encryption and data exfiltration tactics. Last Threat

Threat Group: Lynx Threat Type: Ransomware Exploited Vulnerabilities: Targets file encryption vulnerabilities with privilege escalation techniques Malware Used: Modified ransomware code derived from INC ransomware Threat Score: High (8.2/10) — Due to advanced encryption techniques, privilege escalation methods, and cross-sector targeting Last Threat Observation: October 3, 2024, by Rapid7

Threat Group: ELPACO-team Threat Type: Ransomware Exploited Vulnerabilities: Outdated software and phishing emails Malware Used: ELPACO-team Ransomware Threat Score: High (8.2/10) Last Threat Observation: October 2024 Overview The ELPACO-team ransomware is a malicious strain designed to encrypt files and demand ransom payments in cryptocurrency for their release. Known

Threat Group: - Andariel (Subgroup of Lazarus Group, aka Stonefly, Silent Chollima, Onyx Sleet) Threat Type: - Advanced Persistent Threat (APT), Ransomware, Cyber Espionage Exploited Vulnerabilities: - CVE-2023-22515 (Atlassian Confluence), CVE-2023-27350 (PaperCut), CVE-2023-42793 (TeamCity), CVE-2021-44228 (Apache Log4j) Malware Used: - DTrack, Maui, Dora RAT, Nukebot, SHATTEREDGLASS, Sliver, Mimikatz Threat Score:

Threat Group: Storm-0501 Threat Type: Ransomware Exploited Vulnerabilities: Zoho ManageEngine (CVE-2022-47966), Citrix NetScaler (CVE-2023-4966), ColdFusion (CVE-2023-29300) Malware Used: Embargo Ransomware Threat Score: High (8.5/10) — Due to significant lateral movement across hybrid cloud environments, strong persistence mechanisms, and critical data exfiltration. Last Threat Observation: September 2024 by Microsoft Threat

Threat Group: DragonForce Threat Type: Ransomware (Ransomware-as-a-Service - RaaS) Exploited Vulnerabilities: Varies, but primarily through credential theft and unpatched systems Malware Used: Modified LockBit and Conti ransomware variants Threat Score: High (8.2/10) – Due to its use of sophisticated double extortion and advanced encryption techniques. Last Threat Observation: September

Threat Details and Score Threat Group: Vanilla Tempest (also known as Vice Society) Threat Type: Ransomware-as-a-Service (RaaS) Exploited Vulnerabilities: Initial access via Gootloader malware, Remote Desktop Protocol (RDP) abuse, and Windows Management Instrumentation (WMI) for lateral movement Malware Used: INC ransomware, Supper backdoor, AnyDesk, MEGA Threat Score: High (8.7/

Threat Group: Kransom Threat Type: Ransomware Exploited Vulnerabilities: Unpatched software vulnerabilities, phishing Malware Used: Kransom Ransomware Threat Score: High (8/10) — Advanced evasion techniques and use of legitimate digital certificates make detection challenging Last Threat Observation: September 2024, verified through multiple cybersecurity sources Overview Kransom ransomware is a newly identified

Threat Details and Score Threat Group: Meow, also known as MeowCorp and MeowLeaks, a ransomware group derived from NB65 (itself based on Conti v2's leaked source code). Threat Type: Ransomware/Data Extortion. Exploited Vulnerabilities: Weak RDP configurations, phishing campaigns, compromised software (e.g., VMware and Jenkins), deceptive downloads,