Malpedia Library

Click here to download all references as Bib-File.•

2025-07-23 ⋅ Catalyst ⋅ Catalyst
Understanding Current CastleLoader Campaigns
CASTLELOADER

2025-07-23 ⋅ OPFOR Journal ⋅ OPFOR Journal
Singapore Takes Unprecedented Military Action Against Chinese State-Sponsored Hackers

2025-07-23 ⋅ Mandiant ⋅ Mandiant Incident Response
From Help Desk to Hypervisor: Defending Your VMware vSphere Estate from UNC3944

2025-07-23 ⋅ Natto Thoughts ⋅ Natto Team
HAFNIUM-Linked Hacker Xu Zewei: Riding the Tides of China’s Cyber Ecosystem

2025-07-22 ⋅ Recorded Future ⋅ Insikt Group®
Anatomy of DDoSia: NoName057(16)'s DDoS Infrastructure and Targeting
Dosia

2025-07-22 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
Disrupting active exploitation of on-premises SharePoint vulnerabilities
Storm-2603

2025-07-22 ⋅ Akamai ⋅ Tomer Peled
Coyote in the Wild: First-Ever Malware That Abuses UI Automation

2025-07-21 ⋅ Lookout ⋅ Alemdar Islamoglu, Justin Albrecht
Lookout Discovers Iranian APT MuddyWater Leveraging DCHSpy During Israel-Iran Conflict
DCHSpy

2025-07-21 ⋅ AhnLab ⋅ ASEC
RokRAT Malware Using Malicious Hangul (.HWP) Documents
RokRAT

2025-07-19 ⋅ The Register ⋅ Jessica Lyons
Ex-IDF cyber chief on Iran, Scattered Spider, and why social engineering worries him more than 0-days

2025-07-18 ⋅ Arctic Wolf ⋅ Arctic Wolf Labs Team
Greedy Sponge Targets Mexico with AllaKore RAT and SystemBC
AllaKore SystemBC

2025-07-18 ⋅ Wired ⋅ Kim Zetter
How China’s Patriotic ‘Honkers’ Became the Nation’s Elite Cyberspies

2025-07-18 ⋅ GOV.UK ⋅ Foreign Commonwealth & Development Office
UK sanctions Russian spies at the heart of Putin’s malicious regime

2025-07-18 ⋅ Kyiv Independent ⋅ Andrea Januta, Anna Fratsyvir
Ukrainian hackers wipe databases at Russia's Gazprom in major cyberattack, intelligence source says

2025-07-18 ⋅ The Record ⋅ Alexander Martin
UK sanctions Russian cyber spies accused of facilitating murders
WhisperGate

2025-07-17 ⋅ Medium Ireneusz Tarnowski ⋅ Ireneusz Tarnowski
Dissecting the ClickFix User-Execution Attack and Its Sophisticated Persistence via ADS
Cobalt Strike

2025-07-17 ⋅ NJCCIC ⋅ New Jersey Cybersecurity & Communications Integration Cell
ClickFix Leading to MonsterV2 Infostealer
MonsterV2

2025-07-17 ⋅ ⋅ Cert-UA ⋅ Cert-UA
UAC-0001 cyberattacks on the security and defense sector using the LAMEHUG software using LLM (large language model) (CERT-UA#16039)
LAMEHUG

2025-07-17 ⋅ National Police Agency (Japan) ⋅ National Police Agency (Japan)
Phobos/8Base Decryption Tool
8Base Phobos

2025-07-16 ⋅ Mandiant ⋅ Dimiter Andonov, Josh Goddard, Zander Work
Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor
UNC6148