| | | Bahamut | [] | apk.bahamut | ['Bahamut', 'Dropping Elephant'] | 2024-02-08 | | | |
| | | Confucius | [] | win.confucius | [] | 2024-02-08 | | | |
| | | ScanLine | [] | win.scanline | ['Volt Typhoon'] | 2024-02-08 | | | |
| | | BOLDMOVE | [] | elf.boldmove | [] | 2024-02-07 | | | |
| | | CruLoader | [] | win.cruloader | [] | 2024-02-06 | | | |
| | | Unidentified 074 (Downloader) | [] | win.unidentified_074 | [] | 2024-02-06 | | | |
| | | 5.t Downloader | [] | win.5t_downloader | [] | 2024-02-06 | | | |
| | | Socks5 Systemz | [] | win.socks5_systemz | [] | 2024-02-05 | | | |
| | | SUBTLE-PAWS | [] | ps1.subtle_paws | [] | 2024-02-05 | | | |
| | | Mortis | [] | win.mortis | [] | 2024-02-05 | | | |
| | | HemiGate | [] | win.hemigate | ['Earth Estries'] | 2024-02-02 | | | |
| | | Chaes | [] | win.chaes | [] | 2024-02-02 | | | |
| | | Unidentified 114 (APT28 InfoStealer) | [] | win.unidentified_114 | ['APT28'] | 2024-02-02 | | | |
| | | Mocky LNK | [] | win.mocky_lnk | ['APT28'] | 2024-02-02 | | | |
| | | ProjectWood | [] | win.project_wood | [] | 2024-02-02 | | | |
| | | Cohhoc | [] | win.cohhoc | [] | 2024-02-02 | | | |
| | | GroundPeony | [] | win.ground_peony | [] | 2024-02-02 | | | |
| | | DracuLoader | [] | win.dracu_loader | [] | 2024-02-02 | | | |
| | | CherryLoader | [] | win.cherryloader | [] | 2024-02-02 | | | |
| | | Kasseika | [] | win.kasseika | [] | 2024-02-02 | | | |
| | | PurpleFox | [] | win.purplefox | [] | 2024-02-02 | | | |
| | | Nevada | [] | win.nevada | [] | 2024-02-02 | | | |
| | | EnvyScout | ['ROOTSAW'] | win.envyscout | [] | 2024-02-02 | | | |
| | | BEATDROP | [] | win.beatdrop | ['APT29'] | 2024-02-02 | | | |
| | | Unidentified 099 (APT29 Dropbox Loader) | [] | win.unidentified_099 | ['APT29'] | 2024-02-02 | | | |
| | | VaporRage | ['BOOMMIC'] | win.vapor_rage | ['APT29'] | 2024-02-02 | | | |
| | | BOOMBOX | [] | win.boombox | ['APT29'] | 2024-02-02 | | | |
| | | T34loader | [] | win.t34loader | [] | 2024-02-02 | | | |
| | | VileRAT | [] | py.vilerat | [] | 2024-02-02 | | | |
| | | EVILNUM | [] | win.evilnum | [] | 2024-02-02 | | | |
| | | Magniber | [] | win.magniber | [] | 2024-01-31 | | | |
| | | Gandcrab | ['GrandCrab'] | win.gandcrab | ['Pinchy Spider'] | 2024-01-31 | | | |
| | | Parrot TDS WebShell | [] | php.parrot_tds_shell | [] | 2024-01-31 | | | |
| | | Parrot TDS | [] | js.parrot_tds | [] | 2024-01-31 | | | |
| | | PoshC2 | [] | win.poshc2 | ['APT33'] | 2024-01-31 | | | |
| | | Koadic | [] | win.koadic | ['APT28', 'Stone Panda'] | 2024-01-31 | | | |
| | | GRUNT | [] | win.grunt | [] | 2024-01-31 | | | |
| | | Empire Downloader | [] | win.empire_downloader | [] | 2024-01-31 | | | |
| | | Merlin | [] | win.merlin | [] | 2024-01-31 | | | |
| | | JinxLoader | [] | win.jinxloader | [] | 2024-01-31 | | | |
| | | Vetta Loader | ['BrokerLoader', 'EMPTYSPACE'] | win.vetta_loader | [] | 2024-01-31 | | | |
| | | QUIETBOARD | [] | py.quietboard | [] | 2024-01-31 | | | |
| | | AhMyth | [] | apk.ahmyth | [] | 2024-01-31 | | | |
| | | AndroRAT | [] | apk.androrat | [] | 2024-01-31 | | | |
| | | SpyMax | [] | apk.spymax | [] | 2024-01-31 | | | |
| | | Arkei Stealer | ['ArkeiStealer'] | win.arkei_stealer | [] | 2024-01-30 | | | |
| | | MetaStealer | [] | win.metastealer | [] | 2024-01-03 | | | |
| | | DarkPink | [] | win.darkpink | [] | 2023-03-24 | | | |
| | | Remexi | ['CACHEMONEY'] | win.remexi | ['APT39', 'Chafer'] | 2023-05-25 | | | |
| | | GraphDrop | ['GraphicalProton', 'SPICYBEAT'] | win.graphdrop | ['APT29'] | 2024-01-24 | | | |
| | | P2Pinfect | [] | elf.p2pinfect | [] | 2024-01-23 | | | |
| | | Unidentified 113 (RAT) | [] | win.unidentified_113 | [] | 2024-01-22 | | | |
| | | SPICA | [] | win.spica | [] | 2024-01-22 | | | |
| | | RCS | ['Remote Control System', 'Crisis'] | win.rcs | ['Hacking Team', 'APT-C-34'] | 2024-01-22 | | | |
| | | NoaBot | [] | elf.noabot | [] | 2024-01-19 | | | |
| | | DUCKTAIL | [] | win.ducktail | [] | 2024-01-18 | | | |
| | | FAKEUPDATES | ['FakeUpdate', 'SocGholish'] | js.fakeupdates | ['GOLD PRELUDE'] | 2024-01-18 | | | |
| | | Kuiper | [] | win.kuiper | [] | 2024-01-17 | | | |
| | | Kuiper | [] | elf.kuiper | [] | 2024-01-17 | | | |
| | | Kuiper | [] | osx.kuiper | [] | 2024-01-17 | | | |
| | | Keyhole | [] | win.keyhole | [] | 2024-01-17 | | | |
| | | DarkWatchman | [] | js.darkwatchman | [] | 2024-01-17 | | | |
| | | Meterpreter | [] | win.meterpreter | [] | 2024-01-15 | | | |
| | | N3Cr0m0rPh | ['FreakOut', 'Necro'] | py.n3cr0m0rph | [] | 2024-01-12 | | | |
| | | LoupeLoader | [] | win.loupeloader | [] | 2024-01-11 | | | |
| | | Mimic Ransomware | [] | win.mimic | [] | 2024-01-11 | | | |
| | | Babuk | ['Babyk', 'Vasa Locker'] | win.babuk | [] | 2024-01-10 | | | |
| | | OriginLogger | [] | win.originlogger | [] | 2024-01-10 | | | |
| | | STONEBOAT | [] | win.stoneboat | [] | 2023-12-12 | | | |
| | | RansomExx2 | [] | elf.ransomexx2 | [] | 2024-01-08 | | | |
| | | Roaming Mantis | [] | apk.roaming_mantis | [] | 2024-01-08 | | | |
| | | RansomEXX | ['Defray777'] | elf.ransomexx | ['GOLD DUPONT'] | 2024-01-08 | | | |
| | | INC | [] | elf.inc | [] | 2024-01-08 | | | |
| | | Bandook | ['Bandok'] | win.bandook | ['Dark Caracal'] | 2024-01-05 | | | |
| | | SysJoker | [] | win.sysjoker | [] | 2024-01-05 | | | |
| | | Royal Ransom | [] | win.royal_ransom | [] | 2024-01-05 | | | |
| | | csharp-streamer RAT | [] | win.csharpstreamer | [] | 2024-01-03 | | | |
| | | Serpent Stealer | [] | win.serpent | [] | 2024-01-02 | | | |
| | | FiveHands | ['Thieflock'] | win.fivehands | ['[Unnamed group]'] | 2023-12-28 | | | |
| | | SombRAT | [] | win.sombrat | ['[Unnamed group]'] | 2023-12-28 | | | |
| | | Chameleon | [] | apk.chameleon | [] | 2023-12-28 | | | |
| | | Gwisin | [] | elf.gwisin | [] | 2023-12-27 | | | |
| | | Unidentified 112 (Rust-based Stealer) | [] | win.unidentified_112 | [] | 2023-12-27 | | | |
| | | RustBucket | [] | osx.rustbucket | ['Lazarus Group'] | 2023-12-27 | | | |
| | | BATLOADER | [] | win.bat_loader | [] | 2023-12-27 | | | |
| | | ERMAC | [] | apk.ermac | [] | 2023-12-27 | | | |
| | | wAgentTea | ['wAgent'] | win.wagenttea | ['Lazarus Group'] | 2023-12-27 | | | |
| | | LazarDoor | [] | win.lazardoor | ['Lazarus Group'] | 2023-12-27 | | | |
| | | CLOUDBURST | ['NickelLoader'] | win.cloudburst | ['Lazarus Group'] | 2023-12-27 | | | |
| | | HelloKitty | ['KittyCrypt'] | win.hellokitty | [] | 2023-12-27 | | | |
| | | BlackLotus | [] | win.blacklotus | [] | 2023-12-27 | | | |
| | | WinDealer | [] | win.windealer | [] | 2023-12-27 | | | |
| | | Paradise | [] | win.paradise | [] | 2023-12-27 | | | |
| | | FriedEx | ['BitPaymer', 'DoppelPaymer', 'IEncrypt'] | win.friedex | ['INDRIK SPIDER'] | 2023-12-27 | | | |
| | | DoppelPaymer | ['Pay OR Grief'] | win.doppelpaymer | ['DOPPEL SPIDER'] | 2023-12-27 | | | |
| | | DoppelDridex | [] | win.doppeldridex | ['DOPPEL SPIDER'] | 2023-12-27 | | | |
| | | Ares | [] | py.ares | [] | 2023-12-27 | | | |
| | | Hive | [] | win.hive | [] | 2023-12-27 | | | |
| | | Conti | ['Conti Locker'] | elf.conti | [] | 2023-12-27 | | | |
| | | Monti | [] | elf.monti | [] | 2023-12-27 | | | |