Malpedia Library

Click here to download all references as Bib-File.•

2025-06-18 ⋅ Huntress Labs ⋅ Alden Schmidt, Jonathan Semon, Stuart Ashenbrenner
Feeling Blue(Noroff): Inside a Sophisticated DPRK Web3 Intrusion

2025-06-17 ⋅ Palo Alto Networks Unit 42 ⋅ Dominik Reichel
Exploring a New KimJongRAT Stealer Variant and Its PowerShell Implementation
KimJongRat

2025-06-17 ⋅ DARKReading ⋅ James Shank
Operation Endgame: Do Takedowns and Arrests Matter?
BumbleBee Emotet Pikabot SmokeLoader TrickBot

2025-06-16 ⋅ Proofpoint ⋅ Jeremy Hedges, Proofpoint Threat Research Team, Tommy Madjar
Amatera Stealer: Rebranded ACR Stealer With Improved Evasion, Sophistication
ACR Stealer Amatera

2025-06-16 ⋅ HarfangLab ⋅ HarfangLab CTR
SadFuture: Mapping XDSpy latest evolution
XDSpy

2025-06-16 ⋅ Trend Micro ⋅ Aira Marcelo, Gabriel Nicoleta, Jovit Samaniego, Mohamed Fahmy
Clone, Compile, Compromise: Water Curse’s Open-Source Malware Trap on GitHub

2025-06-14 ⋅ abuse.ch ⋅ abuse.ch
MalwareBazaar | SalatStealer
SalatStealer

2025-06-13 ⋅ Recorded Future ⋅ Recorded Future
GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT
PowerNet

2025-06-13 ⋅ Twitter (@Unit42_Intel) ⋅ Unit 42
Tweet about APT27 SysUpdate activity
HyperSSL HyperSSL

2025-06-13 ⋅ Recorded Future ⋅ Insikt Group
GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT
EugenLoader POWERTRASH NetSupportManager RAT

2025-06-12 ⋅ Check Point Research ⋅ Check Point
From Trust to Threat: Hijacked Discord Invites Used for Multi-Stage Malware Delivery
AsyncRAT Skuld

2025-06-12 ⋅ Infoblox ⋅ Infoblox Threat Intelligence Group
Vexing and Vicious: The Eerie Relationship between WordPress Hackers and an Adtech Cabal
DollyWay

2025-06-12 ⋅ CitizenLab ⋅ Bill Marczak, John Scott-Railton
Graphite Caught: First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted

2025-06-12 ⋅ Symantec ⋅ Carbon Black, Threat Hunter Team
Fog Ransomware: Unusual Toolset Used in Recent Attack
Fog

2025-06-12 ⋅ cocomelonc ⋅ cocomelonc
MacOS hacking part 1: stealing data via legit Telegram API. Simple C example

2025-06-10 ⋅ Twitter (@threatinsight) ⋅ Threat Insight
Tweet regarding Aurotun / MonsterV2
Aurotun Stealer

2025-06-10 ⋅ abuse.ch
MalwareBazaar | SHA256 73fd51d4a0959e5c5a82db9be0d765069d02a2b97f51f55f5d6422a7bec01caa (AmateraStealer)
Amatera

2025-06-09 ⋅ Sentinel LABS ⋅ Aleksandar Milenkoski, Tom Hegel
Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets
GOREshell Nimbo-C2 ShadowPad

2025-06-09 ⋅ Zscaler ⋅ ThreatLabZ research team, Zscaler
DanaBleed: DanaBot C2 Server Memory Leak Bug
DanaBot

2025-06-09 ⋅ Kaspersky ⋅ Kaspersky
Sleep with one eye open: how Librarian Ghouls steal data by night