Malpedia Library

Click here to download all references as Bib-File.•

2025-06-23 ⋅ Gdata ⋅ Karsten Hahn, Lance Go
ConnectUnwise: Threat actors abuse ConnectWise as builder for signed malware
EvilConwi

2025-06-23 ⋅ PolySwarm Tech Team ⋅ The Hivemind
Famous Chollima’s PylangGhost
GolangGhost PylangGhost GolangGhost

2025-06-23 ⋅ cocomelonc ⋅ cocomelonc
Linux hacking part 6: Linux kernel module with params. Simple C example

2025-06-23 ⋅ Rushter ⋅ Artem Golubin
Threat Hunting Introduction: Cobalt Strike
Cobalt Strike

2025-06-23 ⋅ Darkatlas ⋅ Darkatlas Squad
Bluenoroff (APT38) Live Infrastructure Hunting

2025-06-21 ⋅ ⋅ Cert-UA ⋅ Cert-UA
Cyberattacks UAC-0001 (APT28) in relation to public authorities using BEARDSHELL and COVENANT
BEARDSHELL GRUNT SLIMAGENT

2025-06-20 ⋅ K7 Security ⋅ Baran S
SpyMax
SpyMax

2025-06-20 ⋅ Field Effect ⋅ Daniel Albrecht, Elena Lapina, Field Effect, Sean Alexander
Zoom & doom: BlueNoroff call opens the door

2025-06-20 ⋅ Validin ⋅ Kenneth Kinion
Zooming through BlueNoroff Indicators with Validin

2025-06-20 ⋅ Twitter (@threatintel) ⋅ Threat Intelligence
Tweet about wiper deployed against Albania by Druidfly

2025-06-20 ⋅ Github (VenzoV) ⋅ VenzoV
Analysis of Amatera Stealer v1 (Test build)
Amatera

2025-06-19 ⋅ Recorded Future ⋅ Insikt Group
DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal
DRAT TAG-140

2025-06-19 ⋅ Hunt.io ⋅ Hunt.io
Cobalt Strike Operators Leverage PowerShell Loaders Across Chinese, Russian, and Global Infrastructure
Cobalt Strike

2025-06-19 ⋅ Government of Canada ⋅ Government of Canada
Cyber threat bulletin: People's Republic of China cyber threat activity: PRC cyber actors target telecommunications companies as part of a global cyberespionage campaign

2025-06-19 ⋅ cocomelonc ⋅ cocomelonc
MacOS hacking part 2: classic injection trick into macOS applications. Simple C example

2025-06-18 ⋅ Red Canary ⋅ Red Canary
Mocha Manakin delivers custom NodeJS backdoor via paste and run
Mocha Manakin

2025-06-18 ⋅ Google ⋅ Gabby Roncone, Wesley Shields
What’s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia
UNC6293

2025-06-18 ⋅ Securonix ⋅ Tim Peck
Analyzing SERPENTINE#CLOUD: Threat Actors Abuse Cloudflare Tunnels to Infect Systems with Stealthy Python-Based Malware

2025-06-18 ⋅ Seqrite ⋅ Prashil Moon
Masslogger Fileless Variant – Spreads via .VBE, Hides in Registry
MASS Logger

2025-06-18 ⋅ Cisco Talos ⋅ Vanja Svajcer
Famous Chollima deploying Python version of GolangGhost RAT
GolangGhost PylangGhost GolangGhost