Malpedia Library

Click here to download all references as Bib-File.•

2025-10-16 ⋅ Trendmicro ⋅ Junestherry Dela Cruz
Shifts in the Underground: The Impact of Water Kurita’s (Lumma Stealer) Doxxing
Lumma Stealer Water Kurita

2025-09-26 ⋅ Arctic Wolf ⋅ Arctic Wolf
Smash and Grab: Aggressive Akira Campaign Targets SonicWall VPNs, Deploys Ransomware in an Hour or Less
Akira Akira

2025-09-24 ⋅ TEAMT5 ⋅ Still Hsu, Tim Chen
Google Calendar As C2 Infrastructure: A China-Nexus Campaign With Stealthy Tactics
TOUGHPROGRESS

2025-09-19 ⋅ BlackPoint ⋅ Caden Toellner, Nevan Beal, Sam Decker
KeyZero: A Custom PowerShell RAT

2025-09-19 ⋅ ESET Research ⋅ Matthieu Faou, Zoltán Rusnák
Gamaredon X Turla collab
PteroGraphin

2025-09-11 ⋅ IBM X-Force ⋅ Golo Mühr, Joshua Chung
Hive0154, aka Mustang Panda, drops updated Toneshell backdoor and novel SnakeDisk USB worm
PUBLOAD SnakeDisk TONESHELL Yokai

2025-09-09 ⋅ Trend Micro ⋅ Don Ovid Ladores, Jacob Santos, Junestherry Dela Cruz, Maristel Policarpio
Unmasking The Gentlemen Ransomware: Tactics, Techniques, and Procedures Revealed
Gentlemen The Gentlemen

2025-08-27 ⋅ eSentire ⋅ eSentire Threat Response Unit (TRU)
Threat Actors Deploy Sinobi Ransomware via Compromised SonicWall SSL VPN Credentials
Lynx Sinobi

2025-08-27 ⋅ Group-IB ⋅ Nikita Rostovcev, Sergei Turner
ShadowSilk: A Cross-Border Binary Union for Data Exfiltration
Cobalt Strike YoroTrooper

2025-08-27 ⋅ ⋅ PlainBit ⋅ Heejae Hwang
PureHVNC malware disguised as a copyright infringement notice email
ClipBanker PureRAT

2025-08-18 ⋅ Trellix ⋅ Ryan Weil
A Comprehensive Analysis of HijackLoader and Its Infection Chain
HijackLoader

2025-08-12 ⋅ bluecyber ⋅ Khắc Minh
Analysis of a ClickFix malware attack
Vidar

2025-08-11 ⋅ cocomelonc ⋅ cocomelonc
Malware development trick 49: abusing Azure DevOps REST API for covert data channels. Simple C examples.
AllaKore

2025-07-31 ⋅ Reverse The Malware ⋅ Diyar Saadi
Threat Intelligence visa ccTLD ( country code top-level domain )

2025-07-29 ⋅ Foresiet ⋅ Foresiet
AURA Stealer: A Crude Clone of LummaC2 – Technical Analysis and Threat Breakdown
Aura Stealer

2025-07-22 ⋅ Cryptika cybersecurity ⋅ Cryptika cybersecurity
DeerStealer Malware Delivered Via Weaponized .LNK Using LOLBin Tools
DeerStealer

2025-07-07 ⋅ Github (VenzoV) ⋅ VenzoV
Golang garbled executable from Amatera config
Amatera

2025-06-24 ⋅ Trellix ⋅ Nico Paulo Yturriaga, Pham Duy Phuc
OneClik: A ClickOnce-Based APT Campaign Targeting Energy, Oil and Gas Infrastructure

2025-06-19 ⋅ Government of Canada ⋅ Government of Canada
Cyber threat bulletin: People's Republic of China cyber threat activity: PRC cyber actors target telecommunications companies as part of a global cyberespionage campaign

2025-06-04 ⋅ Google ⋅ Google Threat Intelligence Group
The Cost of a Call: From Voice Phishing to Data Extortion
UNC6040