Contact us

If you have any question, please send us an email

IMPORTANT: Onodo will close on June 30th. Please back up your data!

Initial Access & Malware Delivery Landscape

Created by
TropChaud
Node Type Description Visible
Agent Tesla Trojan/Backdoor Visibility
ALPHV/BlackCat Ransomware Visibility
Amadey Trojan/Backdoor Visibility
Anubis Trojan/Backdoor Visibility
AresLoader Loader Visibility
Arkei Infostealer Visibility
AsyncRAT Trojan/Backdoor Visibility
Atera Remote Administration Tool Visibility
Azorult Trojan/Backdoor Visibility
AzoRult Visibility
Batloader Loader Visibility
BitPaymer Ransomware TTP Summary: https://app.tidalcyber.com/software/e7dec940-8701-4c06-9865-5b11c61c046d-BitPaymer Visibility
BitRat Trojan/Backdoor Visibility
Black Basta Ransomware TTP Summary: https://app.tidalcyber.com/share/87b81a1d-4892-4d44-9c20-40b697246472 Visibility
BLISTER Loader Visibility
BlueCrab Ransomware Visibility
Brute Ratel OST/Framework Visibility
Bumblebee Loader TTP Summary: https://app.tidalcyber.com/software/cc155181-fb34-4aaf-b083-b7b57b140b7a-Bumblebee Visibility
CHTHONIC Trojan/Backdoor Visibility
Clop Ransomware TTP Summary: https://app.tidalcyber.com/software/5321aa75-924c-47ae-b97a-b36f023abf2a-Clop Visibility
Cobalt Strike Beacon OST/Framework TTP Summary: https://app.tidalcyber.com/software/9b6bcbba-3ab4-4a4c-a233-cd12254823f6-Cobalt%20Strike Visibility
CoinSurf Cryptominer Visibility
Conti Ransomware TTP Summary: https://app.tidalcyber.com/software/8e995c29-2759-4aeb-9a0f-bb7cd97b06e5-Conti Visibility
DanaBot Trojan/Backdoor Visibility
Dark Cat Trojan/Backdoor Visibility
DarkVNC Trojan/Backdoor Visibility
DBatLoader Loader Visibility
DcRAT Trojan/Backdoor Visibility
Djvu Ransomware Visibility
DONUT Loader Visibility
DoppelPaymer Ransomware Visibility
Dridex Trojan/Backdoor TTP Summary: https://app.tidalcyber.com/software/e3cd4405-b698-41d9-88e4-fff29e7a19e2-Dridex Visibility
Egregor Ransomware TTP Summary: https://app.tidalcyber.com/software/0e36b62f-a6e2-4406-b3d9-e05204e14a66-Egregor Visibility
Emotet Trojan/Backdoor TTP Summary: https://app.tidalcyber.com/software/c987d255-a351-4736-913f-91e2f28d0654-Emotet Visibility
EMPIRE OST/Framework TTP Summary: https://app.tidalcyber.com/software/fea655ac-558f-4dd0-867f-9a5553626207-Empire Visibility
Entropy Ransomware Visibility
Formbook Loader TTP Summary: https://app.tidalcyber.com/share/f56860e5-ea62-4e86-b6ae-8dc0014924c4 Visibility
Gootkit payload Trojan/Backdoor Visibility
Gootloader Loader TTP Summary: https://app.tidalcyber.com/share/796cacb6-3bb1-474b-9747-abcce2c47de2 Visibility
Grace Packer Visibility
GuLoader Loader TTP Summary: https://app.tidalcyber.com/software/03e985d6-870b-4533-af13-08b1e0511444-GuLoader Visibility
Hancitor Trojan/Backdoor TTP Summary: https://app.tidalcyber.com/software/4eee3272-07fa-48ee-a7b9-9dfee3e4550a-Hancitor Visibility
Hidden VNC Trojan/Backdoor Visibility
Hive Ransomware TTP Summary: https://app.tidalcyber.com/share/7d9960ec-8177-4c68-94b3-b2302ff26cbf Visibility
IcedID Trojan/Backdoor TTP Summary: https://app.tidalcyber.com/software/7f59bb7c-5fa9-497d-9d8e-ba9349fd9433-IcedID Visibility
Keyhole Trojan/Backdoor Visibility
KOADIC Trojan/Backdoor TTP Summary: https://app.tidalcyber.com/software/5e981594-d00a-4c7f-8ed0-3d4a60cc3fcd-Koadic Visibility
Kronos Trojan/Backdoor Visibility
LockBit Ransomware TTP Summary: https://app.tidalcyber.com/share/bcc36246-50b7-41c0-9e43-57cb07db59ad Visibility
Lokibot Trojan/Backdoor TTP Summary: https://app.tidalcyber.com/software/4fead65c-499d-4f44-8879-2c35b24dac68-Lokibot Visibility
Macaw Ransomware Visibility
Maze Ransomware TTP Summary: https://app.tidalcyber.com/software/3c206491-45c0-4ff7-9f40-45f9aae4de64-Maze Visibility
Meterpreter OST/Framework Visibility
NanoCore Trojan/Backdoor TTP Summary: https://app.tidalcyber.com/software/db05dbaa-eb3a-4303-b37e-18d67e7e85a1-NanoCore Visibility
NetSupport Trojan/Backdoor Visibility
Netwire Remote Administration Tool TTP Summary: https://app.tidalcyber.com/software/c7d0e881-80a1-49ea-9c1f-b6e53cf399a8-NETWIRE Visibility
NjRAT Trojan/Backdoor TTP Summary: https://app.tidalcyber.com/software/82996f6f-0575-45cd-8f7c-ba1b063d5b9f-njRAT Visibility
Osiris Trojan/Backdoor Visibility
PhoenixLocker Ransomware Visibility
Play Ransomware Visibility
PoshC2 OST/Framework TTP Summary: https://app.tidalcyber.com/software/a3a03835-79bf-4558-8e80-7983aeb842fb-PoshC2 Visibility
PrivateLoader Loader TTP Summary: https://app.tidalcyber.com/share/52937889-78c2-4541-9f51-c6db94a5398f Visibility
PsExec Remote Administration Tool TTP Summary: https://app.tidalcyber.com/software/73eb32af-4bd3-4e21-8048-355edc55a9c6-PsExec Visibility
PureCrypter Loader Visibility
QakBot Trojan/Backdoor TTP Summary: https://app.tidalcyber.com/software/9050b418-5ffd-481a-a30d-f9059b0871ea-QakBot Visibility
Quantum Ransomware Visibility
Raccoon Stealer Infostealer TTP Summary: https://app.tidalcyber.com/share/b883af52-7899-46f8-8cd3-6769639f2add Visibility
Raccoon Stealer v2 Infostealer TTP Summary: https://app.tidalcyber.com/share/8f04a6bd-36aa-4dc5-9bdd-9352bc46eb13 Visibility
RansomExx Ransomware Visibility
Raspberry Robin Botnet/Worm Visibility
RedLine Stealer Infostealer TTP Summary: https://app.tidalcyber.com/techniqueset/a33a8659-1e69-4a4a-9f75-3de662e952c1 Visibility
Remcos Trojan/Backdoor TTP Summary: https://app.tidalcyber.com/software/2eb92fa8-514e-4018-adc4-c9fe4f082567-Remcos Visibility
REvil Ransomware TTP Summary: https://app.tidalcyber.com/software/9314531e-bf46-4cba-9c19-198279ccf9cd-Revil Visibility
ScreenConnect Remote Administration Tool Visibility
Sliver OST/Framework TTP Summary: https://app.tidalcyber.com/software/bbd16b7b-7e35-4a11-86ff-9b19e17bdab3-Sliver Visibility
SmokeLoader Loader Visibility
Snake Keylogger Infostealer Visibility
SNOWCONE Loader Visibility
SocGholish Loader TTP Summary: https://app.tidalcyber.com/share/4b901fc2-d021-4eff-bd53-0c9fa0259ecf Visibility
SunCrypt Ransomware Visibility
SVCReady Loader Visibility
SystemBC Trojan/Backdoor TTP Summary: https://app.tidalcyber.com/share/229e343d-a8a3-4724-8a26-687e685be894 Visibility
TrickBot Trojan/Backdoor TTP Summary: https://app.tidalcyber.com/software/c2bd4213-fc7b-474f-b5a0-28145b07c51d-TrickBot Visibility
Truebot Loader Visibility
Ursnif Trojan/Backdoor TTP Summary: https://app.tidalcyber.com/software/3e501609-87e4-4c47-bd88-5054be0f1037-Ursnif Visibility
Vidar Stealer Infostealer TTP Summary: https://app.tidalcyber.com/share/4aecc9b8-8bce-4fb2-b288-1f8abdf21da0 Visibility
Warzone RAT Trojan/Backdoor TTP Summary: https://app.tidalcyber.com/software/cfebe868-15cb-4be5-b7ed-38b52f2a0722-WarzoneRAT Visibility
WastedLocker Ransomware TTP Summary: https://app.tidalcyber.com/software/0ba6ee8d-2b29-4980-8e55-348ea05f00ad-WastedLocker Visibility
Source Link Target Date
Amadey delivers AresLoader
Batloader delivers Atera
Batloader delivers Bumblebee
Batloader delivers Cobalt Strike Beacon
Batloader delivers RedLine Stealer
Batloader delivers SmokeLoader
Batloader delivers Ursnif
Batloader delivers Vidar Stealer
BLISTER delivers BitRat
BLISTER delivers Cobalt Strike Beacon
BLISTER delivers LockBit
Brute Ratel delivers ALPHV/BlackCat
Bumblebee delivers Cobalt Strike Beacon
Bumblebee delivers IcedID
Bumblebee delivers Meterpreter
Bumblebee delivers RedLine Stealer
Bumblebee delivers Sliver
Cobalt Strike Beacon delivers ALPHV/BlackCat
Cobalt Strike Beacon delivers Black Basta
Cobalt Strike Beacon delivers Clop
Cobalt Strike Beacon delivers Hive
Cobalt Strike Beacon delivers LockBit
Cobalt Strike Beacon delivers WastedLocker
DBatLoader delivers Formbook
DBatLoader delivers Remcos
Dridex delivers Entropy
Dridex delivers ScreenConnect
Emotet delivers ALPHV/BlackCat
Emotet delivers Bumblebee
Emotet delivers Cobalt Strike Beacon
Emotet delivers IcedID
Emotet delivers QakBot
Emotet delivers Quantum
Emotet delivers TrickBot
Gootloader delivers BlueCrab
Gootloader delivers Cobalt Strike Beacon
Gootloader delivers Gootkit payload
Gootloader delivers IcedID
Gootloader delivers Kronos
Gootloader delivers Osiris
Gootloader delivers PsExec
Gootloader delivers REvil
Gootloader delivers SNOWCONE
Gootloader delivers SunCrypt
Gootloader delivers SystemBC
GuLoader delivers Agent Tesla
GuLoader delivers Formbook
GuLoader delivers Netwire
Hancitor delivers Cobalt Strike Beacon
Hancitor delivers IcedID
IcedID delivers Anubis
IcedID delivers Cobalt Strike Beacon
IcedID delivers Conti
IcedID delivers Dark Cat
IcedID delivers DarkVNC
IcedID delivers Egregor
IcedID delivers Keyhole
IcedID delivers Maze
IcedID delivers Quantum
IcedID delivers RansomExx
IcedID delivers REvil
IcedID delivers Ursnif
PrivateLoader delivers Agent Tesla
PrivateLoader delivers DanaBot
PrivateLoader delivers Dridex
PrivateLoader delivers Formbook
PrivateLoader delivers IcedID
PrivateLoader delivers LockBit
PrivateLoader delivers NjRAT
PrivateLoader delivers QakBot
PrivateLoader delivers Raccoon Stealer
PrivateLoader delivers RedLine Stealer
PrivateLoader delivers SmokeLoader
PrivateLoader delivers TrickBot
PrivateLoader delivers Vidar Stealer
PureCrypter delivers Agent Tesla
PureCrypter delivers Arkei
PureCrypter delivers AsyncRAT
PureCrypter delivers Azorult
PureCrypter delivers DcRAT
PureCrypter delivers Lokibot
PureCrypter delivers NanoCore
PureCrypter delivers RedLine Stealer
PureCrypter delivers Remcos
PureCrypter delivers Snake Keylogger
PureCrypter delivers Warzone RAT
QakBot delivers Atera
QakBot delivers Black Basta
QakBot delivers Brute Ratel
QakBot delivers Cobalt Strike Beacon
QakBot delivers DarkVNC
QakBot delivers Hidden VNC
Raspberry Robin delivers Bumblebee
Raspberry Robin delivers Cobalt Strike Beacon
Raspberry Robin delivers Dridex
Raspberry Robin delivers IcedID
Raspberry Robin delivers LockBit
Raspberry Robin delivers SocGholish
Raspberry Robin delivers Truebot
SmokeLoader delivers CoinSurf
SmokeLoader delivers Djvu
SmokeLoader delivers IcedID
SmokeLoader delivers Raccoon Stealer v2
SmokeLoader delivers RedLine Stealer
SNOWCONE delivers IcedID
SocGholish delivers AzoRult
SocGholish delivers BitPaymer
SocGholish delivers BLISTER
SocGholish delivers CHTHONIC
SocGholish delivers Cobalt Strike Beacon
SocGholish delivers DONUT
SocGholish delivers DoppelPaymer
SocGholish delivers Dridex
SocGholish delivers EMPIRE
SocGholish delivers KOADIC
SocGholish delivers LockBit
SocGholish delivers Lokibot
SocGholish delivers Macaw
SocGholish delivers NetSupport
SocGholish delivers PhoenixLocker
SocGholish delivers PoshC2
SocGholish delivers WastedLocker
SVCReady delivers RedLine Stealer
SystemBC delivers AresLoader
SystemBC delivers Cobalt Strike Beacon
SystemBC delivers Play
TrickBot delivers Cobalt Strike Beacon
TrickBot delivers IcedID
Truebot delivers Clop
Truebot delivers Cobalt Strike Beacon
Truebot delivers Grace
Ursnif delivers Cobalt Strike Beacon

Description

This graph covers several major & emerging threats typically used to gain initial access to victim systems, including remote access Trojans (RATs), loaders, and botnets/worms. Adversaries usually use access gained via these malware to ingress other, usually more impactful threats, such as ransomware or cryptominers, either directly or after loading other "malware delivery" threats, such as other loaders or Trojans. A map of the TTPs associated with many of these threats can be found in the matrix hosted in Tidal's free Community Edition app here (click the labels in the ribbon at the top for further details and sourcing): https://app.tidalcyber.com/share/43836024-a194-4ac7-9659-b51e88632e7f

Download the full underlying graph analysis dataset, including sourcing, here