Malpedia Library

Click here to download all references as Bib-File.•

2026-04-16 ⋅ Darktrace ⋅ Calum Hall, Ryan Traill
Inside ZionSiphon: Darktrace’s Analysis of OT Malware Targeting Israeli Water Systems
ZionSiphon

2026-04-15 ⋅ Cyberdaily.au ⋅ David Hollingworth
Exclusive: Krybit hackers claim breach of New Zealand IT services provider
Krybit

2026-04-15 ⋅ Orange Cyberdefense ⋅ Alexis Bonnefoi, Marine PICHON, Thomas Brossard
Smoking Out an Affiliate: SmokedHam, Qilin, a few Google Ads and some Bossware
Qilin AgendaCrypt SMOKEDHAM

2026-04-15 ⋅ Orange Cyberdefense ⋅ Alexis Bonnefoi, Marine PICHON, Thomas Brossard
Smoking Out an Affiliate: SmokedHam, Qilin, a few Google ads and some bossware
AgendaCrypt SMOKEDHAM

2026-04-14 ⋅ RedPacket Security ⋅ RedPacket Security
[KRYBIT] – Ransomware Victim: Hacked 0APT
Krybit

2026-04-14 ⋅ ANY.RUN ⋅ ANY.RUN
When Trust Becomes a Weapon: Google Cloud Storage Phishing Deploying Remcos RAT
Remcos

2026-04-13 ⋅ khr0x
Tweet about HanGhost
HanGhost

2026-04-13 ⋅ Twitter (@anyrun_app) ⋅ Achmad Adhikara, khr0x
Tweet about HanGhost

2026-04-13 ⋅ Dataminr ⋅ Tim Miller
Cyber Intel Brief: Pro-Iranian Actor Ababil of Minab Claims Cyberattack on LA Metro (LACMTA)
Ababil of Minab

2026-04-13 ⋅ Cleafy ⋅ Cleafy
Mirax: a new Android RAT turning infected devices into potential residential proxy nodes
Mirax

2026-04-12 ⋅ cocomelonc ⋅ cocomelonc
Mobile malware development trick 3. CPU info logger: anti-VM and anti-sandbox. Simple Android (Kotlin) example.

2026-04-11 ⋅ Breakglass Intelligence ⋅ Breakglass Intelligence
We Dumped a Live Kimsuky C2 and Recovered Every Stage of the Kill Chain: CHM Dropper, VBScript Stager, PowerShell Keylogger
RandomQuery RandomQuery

2026-04-10 ⋅ Infoblox ⋅ Chong Lua Dao, Infoblox Threat Intel
Scams, Slaves and (Malware-as-a) Service: Tracking a Trojan to Cambodia’s Scam Centers

2026-04-08 ⋅ Lookout ⋅ Alemdar Islamoglu, Justin Albrecht
Beyond BITTER: MENA Civil Society Targeted in Hack-For-Hire Operation Linked to BITTER APT
ProSpy

2026-04-08 ⋅ Black Lotus Labs ⋅ Danny Adamitis, Ryan English
FrostArmada: All thriller, no (malware) filler

2026-04-07 ⋅ Talos Intelligence ⋅ Ashley Shen
New Lua-based malware “LucidRook” observed in targeted attacks against Taiwanese organizations
LucidKnight LucidPawn LucidRook UAT-10362

2026-04-07 ⋅ RedPacket Security ⋅ RedPacket Security
[KRYBIT] – Ransomware Victim: fraper[.]com
Krybit

2026-04-07 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks

2026-04-07 ⋅ IC3 ⋅ CISA, CNMF, Department of Energy (DOE), EPA, FBI, NSA
AA26-097A: Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure

2026-04-07 ⋅ NCSC UK ⋅ NCSC UK
APT28 exploit routers to enable DNS hijacking operations