Malpedia Library

Click here to download all references as Bib-File.•

2026-02-13 ⋅ kmsec ⋅ Kieran Miyamoto
VMWare artifacts left by a FAMOUS CHOLLIMA operator

2026-02-12 ⋅ Sekoia ⋅ Pierre Le Bourhis
OysterLoader Unmasked: The Multi-Stage Evasion Loader
Broomstick

2026-02-12 ⋅ LevelBlue ⋅ Rodel Mendrez
How ClickFix Opens the Door to Stealthy StealC Information Stealer
IClickFix Stealc

2026-02-11 ⋅ Isovalent ⋅ Jeremy Colvin
Deconstructing Voidlink: Why New AI and Cloud-Native Threats Require a New Class of Defense
VoidLink UAT-9921

2026-02-11 ⋅ Bitdefender ⋅ Bogdan Ionut Lazar, Janos Gergo Szeles, Manuel Dragomir
LummaStealer Is Getting a Second Life Alongside CastleLoader
CASTLELOADER Lumma Stealer

2026-02-10 ⋅ Cisco Talos ⋅ Aaron Boyd, Asheer Malhotra, Nick Biasini, Vitor Ventura
New threat actor, UAT-9921, leverages VoidLink framework in campaigns
VoidLink UAT-9921

2026-02-09 ⋅ Mandiant ⋅ Adrian Hernandez, Ross Inman
UNC1069 Targets Cryptocurrency Sector with New Tooling and AI-Enabled Social Engineering
SUGARLOADER WAVESHAPER

2026-02-09 ⋅ TRUESEC ⋅ Andreas Törnqvist, Mattias Wåhlén, Nicklas Keijser
Detecting Russian Threats to Critical Energy Infrastructure
DynoWiper

2026-02-06 ⋅ t0ast's blog ⋅ t0ast
DynoWiper: From Russia with Love
DynoWiper

2026-02-05 ⋅ Palo Alto Networks Unit 42 ⋅ Unit 42
The Shadow Campaigns: Uncovering Global Espionage
Cobalt Strike UNC6619

2026-02-05 ⋅ Bleeping Computer ⋅ Bill Toulas
Italian university La Sapienza goes offline after cyberattack
Rorschach Ransomware Femwar02

2026-02-05 ⋅ Symantec ⋅ Threat Hunter Team
Black Basta: Defense Evasion Capability Embedded in Ransomware Payload
Black Basta

2026-02-04 ⋅ Check Point Research ⋅ Check Point Research
Amaranth-Dragon: Targeted Cyber Espionage Campaigns Across Southeast Asia
Amaranth-Dragon

2026-02-04 ⋅ safebreach ⋅ Tomer Bar
Prince of Persia, Part II: Covering Tracks, Striking Back & a Revealing Link to the Iranian Regime Amid the Country’s Internet Blackout
Infy StormKittyRAT

2026-02-03 ⋅ LevelBlue ⋅ Evgeny Ananin, Mark Tsipershtein
The Godfather of Ransomware? Inside DragonForce’s Cartel Ambitions
DragonForce

2026-02-03 ⋅ Kaspersky Labs ⋅ Anton Kargin, Georgy Kucherin
The Notepad++ supply chain attack — unnoticed execution chains and new IoCs
Chrysalis Cobalt Strike

2026-02-02 ⋅ Rapid7 ⋅ Ivan Feigl
The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit
Chrysalis

2026-02-02 ⋅ Netresec ⋅ Erik Hjelmvik
njRAT runs MassLogger
MASS Logger NjRAT

2026-02-01 ⋅ ⋅ Cert-UA ⋅ Cert-UA
"Danger Bulletin": UAC-0001 (APT28) carries out cyberattacks against Ukraine and EU countries using the CVE-2026-21509 exploit (CERT-UA#19542)
GRUNT

2026-01-30 ⋅ Google ⋅ Mandiant
Vishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft
UNC6671