{
	"id": "8a720a05-3dab-4365-a284-e168cdb8312f",
	"created_at": "2026-04-06T01:32:10.547743Z",
	"updated_at": "2026-04-10T03:34:18.730747Z",
	"deleted_at": null,
	"sha1_hash": "b60285931cfbc3275806454055a6a4a8762d4393",
	"title": "Vice Society spreads its own ransomware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 645780,
	"plain_text": "Vice Society spreads its own ransomware\r\nBy Intrinsec\r\nPublished: 2023-02-14 · Archived: 2026-04-06 01:17:05 UTC\r\nCERT Intrinsec Incidents Report 2025\r\nfévrier 24, 2026 Aucun commentaire\r\nCERT Intrinsec is a French Incident Response team providing incident response and crisis management services\r\nto organizations across multiple sectors. Certified PRIS (Prestataire de Réponse aux Incidents de Sécurité) by\r\nANSSI since 2022, the team has been operating since 2013 and has handled hundreds of engagements, gaining\r\nfirsthand insight into the evolution of threat actor tradecraft.\r\nIn 2025, CERT Intrinsec was engaged in approximately sixty significant incidents involving ransomware\r\noperators, Initial Access Brokers (IABs), insider threats, and suspected state-sponsored actors conducting\r\nintelligence operations. These incidents spanned a wide range of environments, from legacy on-premise\r\ninfrastructure to cloud-native Microsoft 365 tenants.\r\nThis report synthesizes our observations from these engagements with a focus on actionable findings. Rather than\r\npresenting descriptive statistics alone, we examine intrusion mechanisms, attacker dwell time, targeted assets, and\r\ndefensive gaps — with the explicit goal of informing detection strategies and hardening priorities for security\r\npractitioners.\r\nLire\r\nhttps://www.intrinsec.com/vice-society-spreads-its-own-ransomware/\r\nPage 1 of 5\n\nhttps://www.intrinsec.com/vice-society-spreads-its-own-ransomware/\r\nPage 2 of 5\n\nCERT Intrinsec Incidents Report 2025\r\nfévrier 24, 2026 Aucun commentaire\r\nCERT Intrinsec is a French Incident Response team providing incident response and crisis management services\r\nto organizations across multiple sectors. Certified PRIS (Prestataire de Réponse aux Incidents de Sécurité) by\r\nANSSI since 2022, the team has been operating since 2013 and has handled hundreds of engagements, gaining\r\nfirsthand insight into the evolution of threat actor tradecraft.\r\nIn 2025, CERT Intrinsec was engaged in approximately sixty significant incidents involving ransomware\r\noperators, Initial Access Brokers (IABs), insider threats, and suspected state-sponsored actors conducting\r\nintelligence operations. These incidents spanned a wide range of environments, from legacy on-premise\r\ninfrastructure to cloud-native Microsoft 365 tenants.\r\nhttps://www.intrinsec.com/vice-society-spreads-its-own-ransomware/\r\nPage 3 of 5\n\nThis report synthesizes our observations from these engagements with a focus on actionable findings. Rather than\r\npresenting descriptive statistics alone, we examine intrusion mechanisms, attacker dwell time, targeted assets, and\r\ndefensive gaps — with the explicit goal of informing detection strategies and hardening priorities for security\r\npractitioners.\r\nLire\r\nhttps://www.intrinsec.com/vice-society-spreads-its-own-ransomware/\r\nPage 4 of 5\n\nSource: https://www.intrinsec.com/vice-society-spreads-its-own-ransomware/\r\nhttps://www.intrinsec.com/vice-society-spreads-its-own-ransomware/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.intrinsec.com/vice-society-spreads-its-own-ransomware/"
	],
	"report_names": [
		"vice-society-spreads-its-own-ransomware"
	],
	"threat_actors": [
		{
			"id": "a6814184-2133-4520-b7b3-63e6b7be2f64",
			"created_at": "2025-08-07T02:03:25.019385Z",
			"updated_at": "2026-04-10T02:00:03.859468Z",
			"deleted_at": null,
			"main_name": "GOLD VICTOR",
			"aliases": [
				"DEV-0832 ",
				"STAC5279 ",
				"Vanilla Tempest ",
				"Vice Society",
				"Vice Spider "
			],
			"source_name": "Secureworks:GOLD VICTOR",
			"tools": [
				"Advanced IP Scanner",
				"Advanced Port Scanner",
				"HelloKitty ransomware",
				"INC ransomware",
				"MEGAsync",
				"Neshta",
				"PAExec",
				"PolyVice ransomware",
				"PortStarter",
				"PsExec",
				"QuantumLocker ransomware",
				"Rhysida ransomware",
				"Supper",
				"SystemBC",
				"Zeppelin ransomware"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "84aa9dbe-e992-4dce-9d80-af3b2de058c0",
			"created_at": "2024-02-02T02:00:04.041676Z",
			"updated_at": "2026-04-10T02:00:03.537352Z",
			"deleted_at": null,
			"main_name": "Vanilla Tempest",
			"aliases": [
				"DEV-0832",
				"Vice Society"
			],
			"source_name": "MISPGALAXY:Vanilla Tempest",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775439130,
	"ts_updated_at": 1775792058,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b60285931cfbc3275806454055a6a4a8762d4393.pdf",
		"text": "https://archive.orkl.eu/b60285931cfbc3275806454055a6a4a8762d4393.txt",
		"img": "https://archive.orkl.eu/b60285931cfbc3275806454055a6a4a8762d4393.jpg"
	}
}