Malpedia Library

Click here to download all references as Bib-File.•

2025-10-09 ⋅ Red Canary ⋅ Chris Brook, Tony Lambert
A taxonomy of Mac stealers: Distinguishing Atomic, Odyssey, and Poseidon
AMOS Odyssey Stealer Poseidon Stealer

2025-09-30 ⋅ Palo Alto Networks Unit 42 ⋅ Lior Rochberger
Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite
NET-STAR

2025-09-23 ⋅ ⋅ F6 ⋅ F6
Bearlyfy: the evolution of the new group of ransomware and its connection with PhantomCore
LockBit LockBit PhantomCore Bearlyfy

2025-09-19 ⋅ BlackPoint ⋅ Caden Toellner, Nevan Beal, Sam Decker
KeyZero: A Custom PowerShell RAT

2025-09-16 ⋅ Sekoia ⋅ Amaury G., Charles M., Sekoia TDR
APT28 Operation Phantom Net Voxel
BEARDSHELL GRUNT SLIMAGENT

2025-09-09 ⋅ Positive Technologies ⋅ Viktor Kazakov
Phantom pains: a large-scale cyberespionage campaign and a possible split within the PhantomCore APT group
PhantomCore

2025-09-03 ⋅ Proofpoint ⋅ Kyle Cucci, Proofpoint Threat Research Team, Rob Kinner
Not Safe for Work: Tracking and Investigating Stealerium and Phantom Infostealers
Phantom Stealer Stealerium

2025-08-28 ⋅ Defentive ⋅ Defentive Threat Research
The Phantom Threat: Inside UNC5518’s Invisible Empire of MetaStealer Operations
MetaStealer

2025-08-27 ⋅ Defentive ⋅ Defentive Threat Research
Anatomy of a Real Phishing Attack: How Defentive Detected and Stopped It in Action

2025-07-22 ⋅ Recorded Future ⋅ Insikt Group®
Anatomy of DDoSia: NoName057(16)'s DDoS Infrastructure and Targeting
Dosia

2025-07-22 ⋅ Akamai ⋅ Tomer Peled
Coyote in the Wild: First-Ever Malware That Abuses UI Automation

2025-07-21 ⋅ SentinelOne ⋅ Jim Walter, Simon Kenin, Tom Hegel
SharePoint ToolShell | Zero-Day Exploited in-the-Wild Targets Enterprise Servers

2025-07-16 ⋅ Reverse The Malware ⋅ Diyar Saadi
Analysis CryptoMiner Sample ( Script Based )

2025-06-18 ⋅ Red Canary ⋅ Red Canary
Mocha Manakin delivers custom NodeJS backdoor via paste and run
Mocha Manakin

2025-06-16 ⋅ Proofpoint ⋅ Jeremy Hedges, Proofpoint Threat Research Team, Tommy Madjar
Amatera Stealer: Rebranded ACR Stealer With Improved Evasion, Sophistication
ACR Stealer Amatera

2025-06-09 ⋅ Sentinel LABS ⋅ Aleksandar Milenkoski, Tom Hegel
Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets
GOREshell Nimbo-C2 ShadowPad

2025-05-28 ⋅ Rapid7 ⋅ Anna Širokova, Ivan Feigl
NSIS Abuse and sRDI Shellcode: Anatomy of the Winos 4.0 Campaign
Winos

2025-05-28 ⋅ Trustwave ⋅ Cris Tomboc, King Orande
PhaaS the Secrets: The Hidden Ties Between Tycoon2FA and Dadsec's Operations

2025-05-27 ⋅ Trend Micro ⋅ Joseph C Chen
Earth Lamia Develops Custom Arsenal to Target Multiple Industries
BypassBoss Cobalt Strike JuicyPotato PULSEPACK STOWAWAY VShell Earth Lamia

2025-05-22 ⋅ ESET Research ⋅ Tomáš Procházka
Danabot: Analyzing a fallen empire
DanaBot