Malpedia Library

Click here to download all references as Bib-File.•

2025-09-10 ⋅ Zscaler ⋅ Muhammed Irfan V A
Technical Analysis of kkRAT
kkRAT

2025-09-10 ⋅ Palo Alto Networks Unit 42 ⋅ Itay Cohen, Ofek Lahiani
AdaptixC2: A New Open-Source Framework Leveraged in Real-World Attacks
AdaptixC2

2025-09-09 ⋅ S2W Inc. ⋅ S2W TALON
Kimsuky’s Use of GitHub for Malware Delivery and Exfiltration
RandomQuery

2025-09-09 ⋅ Huntress Labs ⋅ Jamie Levy, Lindsey O'Donnell-Welch, Michael Tigges
How an Attacker’s Blunder Gave Us a Rare Look Inside Their Day-to-Day Operations

2025-09-09 ⋅ ThreatFabric ⋅ ThreatFabric
The Rise of RatOn: From NFC heists to remote control and ATS
RatOn

2025-09-08 ⋅ Fortinet ⋅ Yurren Wan
MostereRAT Deployed AnyDesk/TightVNC for Covert Full Access
MostereRAT

2025-09-08 ⋅ Silent Push ⋅ Silent Push
Salt Typhoon and UNC4841: Silent Push Discovers New Domains; Urges Defenders to Check Telemetry and Log Data

2025-09-07 ⋅ ⋅ 360 ⋅ 360
APT-C-53 (Gamaredon) Attacks on Ukrainian Government Functions
Pteranodon

2025-09-07 ⋅ Hexastrike Cybersecurity ⋅ Maurice Fielenbach
ValleyRAT Exploiting BYOVD to Kill Endpoint Security
ValleyRAT

2025-09-05 ⋅ Arctic Wolf ⋅ Dmitry Kupin, Dmitry Melikov, Jacob Faires, Jon Grimm, Pavel Usatenko
GPUGate Malware: Malicious GitHub Desktop Implants Use Hardware-Specific Decryption, Abuse Google Ads to Target Western Europe

2025-09-04 ⋅ Recorded Future ⋅ Insikt Group
From CastleLoader to CastleRAT: TAG-150 Advances Operations with Multi-Tiered Infrastructure
NightshadeC2

2025-09-04 ⋅ SentinelOne ⋅ Aleksandar Milenkoski, Kenneth Kinion, Sreekar Madabushi
Contagious Interview | North Korean Threat Actors Reveal Plans and Ops by Abusing Cyber Intel Platforms
ContagiousDrop

2025-09-04 ⋅ The Register ⋅ Iain Thomson
US puts $10M bounty on three Russians accused of attacking critical infrastructure

2025-09-04 ⋅ eSentire ⋅ eSentire Threat Response Unit (TRU)
New Botnet Emerges from the Shadows: NightshadeC2
NightshadeC2 NightshadeC2

2025-09-04 ⋅ Seqrite ⋅ Subhajeet Singha
Operation BarrelFire: NoisyBear targets entities linked to Kazakhstan’s Oil & Gas Sector.
Meterpreter

2025-09-03 ⋅ Darkrym ⋅ Darkrym
PXA Stealers Evolution to PureRAT: Part 6 - Finally, the Final Stage PureRAT (Stage 9)
PureRAT

2025-09-03 ⋅ Reverse The Malware ⋅ Diyar Saadi
Dropper and Downloader : What is the difference ?

2025-09-02 ⋅ At-Bay ⋅ Aaron Smith, Laurie Iacono, MC, Ricardo Vazquez, Rohit Pappali, Will Botto, Yiwei Guo
Rhysida: Evading Detection, One Service at a Time
Rhysida

2025-09-02 ⋅ Hunt.io ⋅ Hunt.io
From Panel to Payload: Inside the TinyLoader Malware Operation
XTinyLoader

2025-09-02 ⋅ Reverse The Malware ⋅ Diyar Saadi
Agent and Malware: What is the difference?