Malpedia Library

Click here to download all references as Bib-File.•

2026-04-22 ⋅ Secure Blink ⋅ Secure Blink
Mustang Panda Strikes India and South Korea with Updated LOTUSLITE Backdoor in Espionage Campaign
LOTUSLITE

2026-04-22 ⋅ Ransom-ISAC ⋅ Alex Necula, Ellis Stannard
DragonBreath: Dragon in the Kernel
DragonBreath

2026-04-22 ⋅ Expel ⋅ Marcus Hutchins
Inside Lazarus: How North Korea uses AI to industrialize attacks on developers
BeaverTail OtterCookie InvisibleFerret HexagonalRodent

2026-04-16 ⋅ zimperium ⋅ Fernando Ortega, Vishnu Pratapagiri
Android Bankers: 4 Campaigns In A Row
Mirax

2026-04-16 ⋅ YouTube (botconf eu) ⋅ Alexey Bukhteyev, Souhail Hammou
Chasing XLoader: Tracking a Notoriously Complex Malware Family at Scale
Xloader Formbook

2026-04-16 ⋅ Twitter (@anyrun_app) ⋅ Achmad Adhikara, GridGuardGhoul
Tweet about SpankRat
SpankRAT

2026-04-16 ⋅ Darktrace ⋅ Calum Hall, Ryan Traill
Inside ZionSiphon: Darktrace’s Analysis of OT Malware Targeting Israeli Water Systems
ZionSiphon

2026-04-15 ⋅ Orange Cyberdefense ⋅ Alexis Bonnefoi, Marine PICHON, Thomas Brossard
Smoking Out an Affiliate: SmokedHam, Qilin, a few Google Ads and some Bossware
Qilin AgendaCrypt SMOKEDHAM

2026-04-15 ⋅ Orange Cyberdefense ⋅ Alexis Bonnefoi, Marine PICHON, Thomas Brossard
Smoking Out an Affiliate: SmokedHam, Qilin, a few Google ads and some bossware
AgendaCrypt SMOKEDHAM

2026-04-14 ⋅ ANY.RUN ⋅ ANY.RUN
When Trust Becomes a Weapon: Google Cloud Storage Phishing Deploying Remcos RAT
Remcos

2026-04-13 ⋅ Dark Web Informer ⋅ Dark Web Informer
Polish Eco-Friendly Retailer VegeHome Suffers Data Breach Exposing 100K+ Customers
LulzIntel

2026-04-13 ⋅ Dataminr ⋅ Tim Miller
Cyber Intel Brief: Pro-Iranian Actor Ababil of Minab Claims Cyberattack on LA Metro (LACMTA)
Ababil of Minab

2026-04-13 ⋅ Cleafy ⋅ Cleafy
Mirax: a new Android RAT turning infected devices into potential residential proxy nodes
Mirax

2026-04-10 ⋅ Infoblox ⋅ Chong Lua Dao, Infoblox Threat Intel
Scams, Slaves and (Malware-as-a) Service: Tracking a Trojan to Cambodia’s Scam Centers

2026-04-09 ⋅ ⋅ F6 ⋅ F6
Eastern Signature: Investigating a Cyberattack by an Asian Threat Group
ShadowPad

2026-04-08 ⋅ Lookout ⋅ Alemdar Islamoglu, Justin Albrecht
Beyond BITTER: MENA Civil Society Targeted in Hack-For-Hire Operation Linked to BITTER APT
ProSpy

2026-04-07 ⋅ Talos Intelligence ⋅ Ashley Shen
New Lua-based malware “LucidRook” observed in targeted attacks against Taiwanese organizations
LucidKnight LucidPawn LucidRook UAT-10362

2026-04-07 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks

2026-04-07 ⋅ IC3 ⋅ CISA, CNMF, Department of Energy (DOE), EPA, FBI, NSA
AA26-097A: Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure

2026-04-07 ⋅ NCSC UK ⋅ NCSC UK
APT28 exploit routers to enable DNS hijacking operations