Malpedia Library

Click here to download all references as Bib-File.•

2025-04-02 ⋅ BushidoToken ⋅ BushidoToken
Tracking Adversaries: EvilCorp, the RansomHub affiliate
RansomHub

2025-04-02 ⋅ Intel 471 ⋅ Intel 471
An in-depth look at Black Basta's TTPs
Black Basta Black Basta

2025-04-01 ⋅ Reversing Stories ⋅ Hema Loganathan
URSA/MISPADU InfoStealer
Mispadu

2025-04-01 ⋅ Reversing Stories ⋅ Hema Loganathan
Latrodectus Malware Delivered via Telegram Bot/Chat API
Latrodectus

2025-04-01 ⋅ Hunt.io ⋅ Hunt.io
Same Russian-Speaking Threat Actor, New Tactics: Abuse of Cloudflare Services for Phishing and Telegram to Filter Victim IPs
Pyramid

2025-04-01 ⋅ ANY.RUN ⋅ Adhikara
Salvador Stealer: New Android Malware That Phishes Banking Details & OTPs
Salvador Stealer

2025-04-01 ⋅ ZW01f ⋅ Mohamed Ezat
Auto-color - Linux backdoor
Auto-Color

2025-03-31 ⋅ Seqrite ⋅ Mahua Chakrabarthy, Sanjay Katkar, Subhajeet Singha
Operation HollowQuill: Malware delivered into Russian R&D Networks via Research Decoy PDFs
Cobalt Strike HollowQuill

2025-03-31 ⋅ Trend Micro ⋅ Lenart Bermejo, Ted Lee, Theo Chen
The Espionage Toolkit of Earth Alux: A Closer Look at its Advanced Techniques
Godzilla Webshell Cobalt Strike RAILSETTER Earth Alux

2025-03-28 ⋅ Trend Micro ⋅ Ahmed Mohamed Ibrahim, Aliakbar Zahravi
A Deep Dive into Water Gamayun’s Arsenal and Infrastructure
DarkWisp SilentPrism Kematian Stealer Rhadamanthys Stealc Water Gamayun

2025-03-28 ⋅ cyble ⋅ Cyble
TsarBot: A New Android Banking Trojan Targeting Over 750 Banking, Finance, and Cryptocurrency Applications
TsarBot

2025-03-28 ⋅ ThreatFabric ⋅ ThreatFabric
Exposing Crocodilus: New Device Takeover Malware Targeting Android Devices
Crocodilus

2025-03-28 ⋅ SUCURI ⋅ Puja Srivastava
Hidden Malware Strikes Again: Mu-Plugins Under Attack

2025-03-28 ⋅ Intrinsec ⋅ David Sardinha
From espionage to PsyOps: Tracking operations and bulletproof providers of UACs in 2025
sLoad NetSupportManager RAT Remcos SmokeLoader

2025-03-27 ⋅ Infoblox ⋅ Infoblox Threat Intelligence Group
A Phishing Tale of DoH and DNS MX Abuse

2025-03-26 ⋅ eSentire ⋅ eSentire Threat Response Unit (TRU)
The Long and Short(cut) of It: KoiLoader Analysis
Koi Loader

2025-03-26 ⋅ ⋅ Youtube (greenplan) ⋅ greenplan
[BINARY REFINERY] (StegoCampaign) - Deobfuscation of a VBScript stage (PART 1)

2025-03-26 ⋅ ThreatMon ⋅ Aziz Kaplan, ThreatMon, ThreatMon Malware Research Team
Raton / Silly - Remote Access Trojan | Technical Malware Analysis Report
AsyncRAT

2025-03-25 ⋅ Suresh Reddy
Inside Kimsuky’s Latest Cyberattack: Analyzing Malicious Scripts and Payloads

2025-03-25 ⋅ JPCERT/CC ⋅ Hayato Sasaki
Tempted to Classifying APT Actors: Practical Challenges of Attribution in the Case of Lazarus’s Subgroup