Malpedia Library

Click here to download all references as Bib-File.•

2026-02-05 ⋅ Bleeping Computer ⋅ Bill Toulas
Italian university La Sapienza goes offline after cyberattack
Rorschach Ransomware Femwar02

2026-02-05 ⋅ Symantec ⋅ Threat Hunter Team
Black Basta: Defense Evasion Capability Embedded in Ransomware Payload
Black Basta

2026-02-04 ⋅ Trellix ⋅ Alex Lanstein, Pham Duy Phuc
APT28’s Stealthy Multi-Stage Campaign Leveraging CVE‑2026‑21509 and Cloud C2 Infrastructure
GONEPOSTAL GRUNT

2026-02-04 ⋅ StrikeReady ⋅ Alex Lanstein, Pham Duy Phuc
APT28’s Stealthy Multi-Stage Campaign Leveraging CVE‑2026‑21509 and Cloud C2 Infrastructure
GONEPOSTAL GRUNT

2026-02-04 ⋅ Check Point Research ⋅ Check Point Research
Amaranth-Dragon: Targeted Cyber Espionage Campaigns Across Southeast Asia
Amaranth-Dragon

2026-02-04 ⋅ safebreach ⋅ Tomer Bar
Prince of Persia, Part II: Covering Tracks, Striking Back & a Revealing Link to the Iranian Regime Amid the Country’s Internet Blackout
Infy StormKittyRAT

2026-02-03 ⋅ LevelBlue ⋅ Evgeny Ananin, Mark Tsipershtein
The Godfather of Ransomware? Inside DragonForce’s Cartel Ambitions
DragonForce

2026-02-03 ⋅ Kaspersky Labs ⋅ Anton Kargin, Georgy Kucherin
The Notepad++ supply chain attack — unnoticed execution chains and new IoCs
Chrysalis Cobalt Strike

2026-02-02 ⋅ Rapid7 ⋅ Ivan Feigl
The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit
Chrysalis

2026-02-02 ⋅ Netresec ⋅ Erik Hjelmvik
njRAT runs MassLogger
MASS Logger NjRAT

2026-02-01 ⋅ Midnight Blue Labs ⋅ Midnight Blue
Have you tried turning it off and on again? On bricking OT devices (part 2)

2026-02-01 ⋅ Midnight Blue Labs ⋅ Midnight Blue
Have you tried turning it off and on again? On bricking OT devices (part 1)

2026-02-01 ⋅ splintersfury ⋅ Ahmad Abdillah Bin Zaini
KernelSight: Windows Kernel Driver Exploitation Knowledge Base
BlackByte FudModule Nokoyawa Ransomware

2026-02-01 ⋅ ⋅ Cert-UA ⋅ Cert-UA
"Danger Bulletin": UAC-0001 (APT28) carries out cyberattacks against Ukraine and EU countries using the CVE-2026-21509 exploit (CERT-UA#19542)
GRUNT

2026-01-30 ⋅ Google ⋅ Mandiant
Vishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft
UNC6671

2026-01-30 ⋅ ESET Research ⋅ ESET Research
DynoWiper update: Technical analysis and attribution
DynoWiper

2026-01-30 ⋅ LevelBlue ⋅ Evgeny Ananin, Mark Tsipershtein, Nikita Kazymirskyi
19 Shades of LockBit5.0, Inside the Latest Cross-Platform Ransomware: Part 1
LockBit LockBit

2026-01-30 ⋅ abuse.ch ⋅ abuse.ch
X posting from abuse.ch on Xillen Stealer
Xillen Stealer

2026-01-30 ⋅ CERT.PL ⋅ CERT.PL
Energy Sector Incident Report – 29 December
LazyWiper DynoWiper

2026-01-29 ⋅ Cisco Talos ⋅ Joey Chen
Dissecting UAT-8099: New persistence mechanisms and regional focus
UAT-8099