Malpedia Library

Click here to download all references as Bib-File.•

2026-05-05 ⋅ Cisco Talos ⋅ Asheer Malhotra, Brandon White, Jungsoo An
UAT-8302 and its box full of malware
SNOWLIGHT DracuLoader FINALDRAFT SNAPPYBEE STOWAWAY VShell UAT-8302

2026-04-07 ⋅ Talos Intelligence ⋅ Ashley Shen
New Lua-based malware “LucidRook” observed in targeted attacks against Taiwanese organizations
LucidKnight LucidPawn LucidRook UAT-10362

2026-04-02 ⋅ Cisco Talos ⋅ Asheer Malhotra, Brandon White
UAT-10608: Inside a large-scale automated credential harvesting operation targeting web applications
UAT-10608

2026-03-05 ⋅ Cisco Talos ⋅ Asheer Malhotra, Brandon White
UAT-9244 targets South American telecommunication providers with three new malware implants
BruteEntry PeerTime TernDoor UAT-9244

2026-03-02 ⋅ Talos ⋅ Cisco Talos
Update, March 13: Talos on the developing situation in the Middle East
Tsundere APTIran

2026-02-26 ⋅ Cisco Talos ⋅ Alex Karkins, Chetan Raghuprasad
New Dohdoor malware campaign targets education and health care
DohDoor

2026-02-25 ⋅ Cisco Talos ⋅ Cisco Talos
Active exploitation of Cisco Catalyst SD-WAN by UAT-8616
UAT-8616

2026-02-10 ⋅ Cisco Talos ⋅ Aaron Boyd, Asheer Malhotra, Nick Biasini, Vitor Ventura
New threat actor, UAT-9921, leverages VoidLink framework in campaigns
VoidLink UAT-9921

2026-01-29 ⋅ Cisco Talos ⋅ Joey Chen
Dissecting UAT-8099: New persistence mechanisms and regional focus
UAT-8099

2026-01-15 ⋅ Cisco Talos ⋅ Asheer Malhotra, Brandon White, Vitor Ventura
UAT-8837 targets critical infrastructure sectors in North America
Earthworm Rubeus SharpHound SharpWMI UAT-8837

2026-01-08 ⋅ Cisco Talos ⋅ Asheer Malhotra, Brandon White, Vitor Ventura
UAT-7290 targets high value telecommunications infrastructure in South Asia
DriveSwitch RushDrop SilentRaid DAGGER PANDA

2025-12-17 ⋅ Cisco Talos ⋅ Cisco Talos
UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager
UAT-9686

2025-10-16 ⋅ Cisco Talos ⋅ Michael Kelley, Vanja Svajcer
BeaverTail and OtterCookie evolve with a new Javascript module
BeaverTail OtterCookie InvisibleFerret

2025-10-02 ⋅ Cisco Talos ⋅ Joey Chen
UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud
Cobalt Strike IISpy UAT-8099

2025-08-15 ⋅ Cisco Talos ⋅ Asheer Malhotra, Brandon White, Vitor Ventura
UAT-7237 targets Taiwanese web hosting infrastructure
SoundBill UAT-7237

2025-08-12 ⋅ Cisco Talos ⋅ Edmund Brumaghin, Jordyn Dunk
Malvertising campaign leads to PS1Bot, a multi-stage malware framework
PS1Bot

2025-06-18 ⋅ Cisco Talos ⋅ Vanja Svajcer
Famous Chollima deploying Python version of GolangGhost RAT
GolangGhost PylangGhost GolangGhost

2025-06-05 ⋅ Cisco Talos ⋅ Asheer Malhotra, Dmytro Korzhevin, Jacob Finn
Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine
PathWiper

2025-05-22 ⋅ Cisco Talos ⋅ Asheer Malhotra, Brandon White
UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware
Tetra Loader UAT-6382

2025-05-13 ⋅ Cisco Talos ⋅ Asheer Malhotra, Ashley Shen, Edmund Brumaghin, Vitor Ventura
Defining a new methodology for modeling and tracking compartmentalized threats