Malpedia Library

Click here to download all references as Bib-File.•

2025-10-22 ⋅ SentinelOne ⋅ Tom Hegel
PhantomCaptcha | Multi-Stage WebSocket RAT Targets Ukraine in Single-Day Spearphishing Operation
Princess

2025-10-13 ⋅ Proofpoint ⋅ Kyle Cucci, Proofpoint Threat Research Team, Selena Larson, Tommy Madjar
When the monster bytes: tracking TA585 and its arsenal
MonsterV2

2025-09-30 ⋅ Palo Alto Networks Unit 42 ⋅ Lior Rochberger
Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite
NET-STAR

2025-09-19 ⋅ BlackPoint ⋅ Caden Toellner, Nevan Beal, Sam Decker
KeyZero: A Custom PowerShell RAT

2025-09-16 ⋅ Sekoia ⋅ Amaury G., Charles M., Sekoia TDR
APT28 Operation Phantom Net Voxel
BEARDSHELL GRUNT SLIMAGENT

2025-08-28 ⋅ Defentive ⋅ Defentive Threat Research
The Phantom Threat: Inside UNC5518’s Invisible Empire of MetaStealer Operations
MetaStealer

2025-08-27 ⋅ Defentive ⋅ Defentive Threat Research
Anatomy of a Real Phishing Attack: How Defentive Detected and Stopped It in Action

2025-07-22 ⋅ Recorded Future ⋅ Insikt Group®
Anatomy of DDoSia: NoName057(16)'s DDoS Infrastructure and Targeting
Dosia

2025-07-22 ⋅ Akamai ⋅ Tomer Peled
Coyote in the Wild: First-Ever Malware That Abuses UI Automation

2025-07-21 ⋅ SentinelOne ⋅ Jim Walter, Simon Kenin, Tom Hegel
SharePoint ToolShell | Zero-Day Exploited in-the-Wild Targets Enterprise Servers

2025-07-16 ⋅ Reverse The Malware ⋅ Diyar Saadi
Analysis CryptoMiner Sample ( Script Based )

2025-06-16 ⋅ Proofpoint ⋅ Jeremy Hedges, Proofpoint Threat Research Team, Tommy Madjar
Amatera Stealer: Rebranded ACR Stealer With Improved Evasion, Sophistication
ACR Stealer Amatera

2025-06-09 ⋅ Sentinel LABS ⋅ Aleksandar Milenkoski, Tom Hegel
Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets
GOREshell Nimbo-C2 ShadowPad

2025-05-28 ⋅ Rapid7 ⋅ Anna Širokova, Ivan Feigl
NSIS Abuse and sRDI Shellcode: Anatomy of the Winos 4.0 Campaign
Winos

2025-05-28 ⋅ Trustwave ⋅ Cris Tomboc, King Orande
PhaaS the Secrets: The Hidden Ties Between Tycoon2FA and Dadsec's Operations

2025-05-27 ⋅ Trend Micro ⋅ Joseph C Chen
Earth Lamia Develops Custom Arsenal to Target Multiple Industries
BypassBoss Cobalt Strike JuicyPotato PULSEPACK STOWAWAY VShell

2025-05-22 ⋅ ESET Research ⋅ Tomáš Procházka
Danabot: Analyzing a fallen empire
DanaBot

2025-05-20 ⋅ Luigi Martire, Pierluigi Paganini
Sarcoma Ransomware Unveiled: Anatomy of a Double Extortion Gang
Sarcoma

2025-04-28 ⋅ SentinelOne ⋅ Aleksandar Milenkoski, Jim Walter, Tom Hegel
Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today’s Adversaries
PurpleHaze

2025-04-22 ⋅ Volexity ⋅ Charlie Gardner, Josh Duke, Matthew Meltzer, Sean Koessel, Steven Adair, Tom Lancaster
Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows
UTA0352 UTA0355