Malpedia Library

Click here to download all references as Bib-File.•

2025-12-02 ⋅ ⋅ Positive Technologies ⋅ Igor Shiryaev, Kirill Navoshchik, Maxim Shamanov, Stanislav Pyzhov, Vladislav Lunin
(Ex)Cobalt. A review of the group's tools in attacks for 2024-2025
PUMAKIT

2025-12-01 ⋅ NetAskari Substack ⋅ NetAskari
Critical strike: China's hacking training grounds (PART 2)

2025-11-26 ⋅ Intrinsec ⋅ CTI Intrinsec, David Sardinha
Trouble in the air: A spree of campaigns targeting the aerospace industry in Russia
DarkWatchman CloudEyE Formbook PhantomCore Remcos

2025-11-25 ⋅ Arctic Wolf ⋅ Arctic Wolf Labs Team, Jacob Faires
Russian RomCom Utilizing SocGholish to Deliver Mythic Agent to U.S. Companies Supporting Ukraine
FAKEUPDATES

2025-11-22 ⋅ LinkedIn (Idan Tarab) ⋅ Idan Tarab
India‑Aligned "Dropping Elephant" Pushes a New Stealth Marshalled‑Python Backdoor via MSBuild Dropper in Observed Activity Targeting Pakistan’s Defense Sector

2025-11-20 ⋅ Google ⋅ Dan Perez, Harsh Parashar, Tierra Duncan
Beyond the Watering Hole: APT24's Pivot to Multi-Vector Attacks
BADAUDIO Cobalt Strike

2025-11-19 ⋅ NetAskari Substack ⋅ NetAskari
Critical strike: China's hacking training grounds (PART 1)

2025-11-19 ⋅ Natto Thoughts ⋅ Eugenio Benincasa, Natto Team
China’s Cybersecurity Companies Advancing Offensive Cyber Capabilities Through Attack-Defense Labs

2025-11-19 ⋅ Amazon ⋅ CJ Moses
New Amazon Threat Intelligence findings: Nation-state actors bridging cyber and kinetic warfare

2025-11-19 ⋅ SecurityScorecard ⋅ Gilad Friedenreich Maizles, Marty Kareem
Thousands of ASUS Routers Hijacked in Global Operation “WrtHug” in a Suspected China-Backed Campaign

2025-11-19 ⋅ ESET Research ⋅ Dávid Gábriš, Facundo Muñoz
PlushDaemon compromises network devices for adversary-in-the-middle attacks
EdgeStepper LittleDaemon

2025-11-18 ⋅ DataBreaches.net ⋅ Dissent
From bad to worse: Doctor Alliance hacked again by same threat actor (2)
Kazu

2025-11-18 ⋅ ⋅ Cert-UA ⋅ Cert-UA
Cyberattack against an educational institution in eastern Ukraine using the GAMYBEAR software tool (CERT-UA#18329)
GAMYBEAR UAC-0241

2025-11-17 ⋅ 0x0d4y ⋅ 0x0d4y
Nation-State Actor’s Arsenal: An In-Depth Look at Lazarus’ ScoringMathTea
ScoringMathTea

2025-11-13 ⋅ Ransom-ISAC ⋅ Yashraj Solanki
Cross-Chain TxDataHiding Crypto Heist: A Very Chainful Process (Part 3)
JADESNOW

2025-11-13 ⋅ NVISO Labs ⋅ Bart Parys, Efstratios Lontzetidis, Stef Collart
Contagious Interview Actors Now Utilize JSON Storage Services for Malware Delivery
BeaverTail OtterCookie InvisibleFerret Beavertail TsunamiKit

2025-11-11 ⋅ Botcrawl ⋅ Sean Doyle
National Civil Service Commission of Colombia Data Breach Exposes 2.9 TB of Government Files
Kazu

2025-11-10 ⋅ Mandiant ⋅ Bill Glynn, Kevin O'Flynn, Praveeth DSouza, Stallone D'Souza, Yash Gupta
No Place Like Localhost: Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480
UNC6485

2025-11-10 ⋅ Genians ⋅ Genians
State-Sponsored Remote Wipe Tactics Targeting Android Devices
Quasar RAT Remcos

2025-11-07 ⋅ ENKI ⋅ ENKI
Lazarus Group targets Aerospace and Defense with new Comebacker variant
ComeBacker