https://github.com/BushidoUK/Ransomware-Vulnerability-Matrix
A collection of CVEs weaponized by ransomware operators
https://github.com/BushidoUK/Ransomware-Vulnerability-Matrix
Last synced: 7 months ago
JSON representation
A collection of CVEs weaponized by ransomware operators
- Host: GitHub
- URL: https://github.com/BushidoUK/Ransomware-Vulnerability-Matrix
- Owner: BushidoUK
- Created: 2024-10-24T19:11:42.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2025-01-04T11:36:59.000Z (over 1 year ago)
- Last Synced: 2025-01-04T12:36:35.861Z (over 1 year ago)
- Size: 153 KB
- Stars: 99
- Watchers: 3
- Forks: 12
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-ransomware - Ransomware Vulnerability Matrix
README
# Ransomware Vulnerability Matrix
> [!IMPORTANT]
> - This is a collection of OSINT reports of CVEs being weaponized by various ransomware adversaries, which have been broken down below
> - This repository has leveraged [resources](https://www.bleepingcomputer.com/news/security/researchers-compile-list-of-vulnerabilities-abused-by-ransomware-gangs/) of researchers shared in the past
> - This project, however, has provided additional information such as specifying which ransomware gangs have used the vulnerabilities as well as sources for independent verification
> - This Matrix was created as a public knowledge base to be used by CTI analysts researching ransomware groups, TVM teams seeking to prioritise patching, and DFIR teams looking to assess a ransomware victim's exposure
> - This project is similar to another collection I created called the [Ransomware Tool Matrix](https://github.com/BushidoUK/Ransomware-Tool-Matrix)
---
### Categories of Vulnerable Technologies
- [Network Edge](https://github.com/BushidoUK/Ransomware-Vulnerability-Matrix/blob/main/Vulnerabilities/NetworkEdge.md)
- [Microsoft Products](https://github.com/BushidoUK/Ransomware-Vulnerability-Matrix/blob/main/Vulnerabilities/Microsoft.md)
- [Linux Components](https://github.com/BushidoUK/Ransomware-Vulnerability-Matrix/blob/main/Vulnerabilities/Linux.md)
- [Applications](https://github.com/BushidoUK/Ransomware-Vulnerability-Matrix/blob/main/Vulnerabilities/Applications.md)
- [Virtualization](https://github.com/BushidoUK/Ransomware-Vulnerability-Matrix/blob/main/Vulnerabilities/Virtualization.md)
- [File Transfer Servers](https://github.com/BushidoUK/Ransomware-Vulnerability-Matrix/blob/main/Vulnerabilities/FileTransferServers.md)
---
### Additional Resources
- [Threat Group Profiles](https://github.com/BushidoUK/Ransomware-Vulnerability-Matrix/tree/main/GroupProfiles)
---
### Types of Ransomware Adversaries
> [!TIP]
> This repo also contains multiple types of Ransomware adversaries, this includes the ransomware gangs themselves, affiliates, and initial access brokers
> - **Rasnomware Gangs:** In this repo, a vulnerability is associated with a ransomware gang, meaning that the vulnerability was observed exploited in an intrusion which resulted in the deployment of that ransomware family
> - **Affiliates:** A threat group in this repo with an asterisk at the end (e.g. Scattered Spider*), means it is a ransomware affiliate, which has access to one or more ransomware families
> - **Initial Access Brokers:** A threat group in this repo with an asterisk at the start (e.g. *Prophet Spider), means it is an Initial Access Broker (IAB), which sells access to one or more ransomware gangs
> - **State-sponsored:** A threat group in this repo with a plus sign at the end (e.g. DarkBit+), means it is a suspected state-sponosored adversary using ransomware, such as those from Iran, DPRK, Russia, or China
---
- [How To Contribute](https://github.com/BushidoUK/Ransomware-Vulnerability-Matrix/blob/main/HowToContribute.md)
- [Ransomware.live Integration](https://ransomware.live/vulns)