RO

RUBYCARPRUBYCARP

Also known as: RUBYCARP

Origin
RO
Known aliases
1

Profile

RUBYCARP is a financially-motivated threat actor group likely based in Romania, with a history of at least 10 years of activity. They operate a botnet using public exploits and brute force attacks, communicating via public and private IRC networks. RUBYCARP targets vulnerabilities in frameworks like Laravel and WordPress, as well as conducting phishing operations to steal financial assets. They use a variety of tools, including the Perl Shellbot, for post-exploitation activities and have a diverse set of illicit income streams.

Aliases· 1

RUBYCARP

References

  1. https://sysdig.com/blog/rubycarp-romanian-botnet-group/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Ruthless Rabbit
Actor
DragonRank
Actor
RATPAK SPIDER
Software
Ripprbot
Actor
GOLD CABIN
Actor
Reckless Rabbit
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.