Malpedia Library

Click here to download all references as Bib-File.•

2026-02-04 ⋅ safebreach ⋅ Tomer Bar
Prince of Persia, Part II: Covering Tracks, Striking Back & a Revealing Link to the Iranian Regime Amid the Country’s Internet Blackout
Infy StormKittyRAT

2026-02-03 ⋅ LevelBlue ⋅ Evgeny Ananin, Mark Tsipershtein
The Godfather of Ransomware? Inside DragonForce’s Cartel Ambitions
DragonForce

2026-02-03 ⋅ Kaspersky Labs ⋅ Anton Kargin, Georgy Kucherin
The Notepad++ supply chain attack — unnoticed execution chains and new IoCs
Chrysalis Cobalt Strike

2026-02-02 ⋅ Rapid7 ⋅ Ivan Feigl
The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit
Chrysalis

2026-02-02 ⋅ Netresec ⋅ Erik Hjelmvik
njRAT runs MassLogger
MASS Logger NjRAT

2026-02-01 ⋅ Midnight Blue Labs ⋅ Midnight Blue
Have you tried turning it off and on again? On bricking OT devices (part 2)

2026-02-01 ⋅ Midnight Blue Labs ⋅ Midnight Blue
Have you tried turning it off and on again? On bricking OT devices (part 1)

2026-02-01 ⋅ splintersfury ⋅ Ahmad Abdillah Bin Zaini
KernelSight: Windows Kernel Driver Exploitation Knowledge Base
BlackByte FudModule Nokoyawa Ransomware

2026-02-01 ⋅ ⋅ Cert-UA ⋅ Cert-UA
"Danger Bulletin": UAC-0001 (APT28) carries out cyberattacks against Ukraine and EU countries using the CVE-2026-21509 exploit (CERT-UA#19542)
GRUNT

2026-01-31 ⋅ Github (cocomelonc) ⋅ cocomelonc
MacOS malware persistence 2: shell environment hijacking. Simple C example

2026-01-30 ⋅ Google ⋅ Mandiant
Vishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft
UNC6671

2026-01-30 ⋅ LevelBlue ⋅ Evgeny Ananin, Mark Tsipershtein, Nikita Kazymirskyi
19 Shades of LockBit5.0, Inside the Latest Cross-Platform Ransomware: Part 1
LockBit LockBit

2026-01-29 ⋅ Sekoia ⋅ Amaury G., Quentin Bourgue, Sekoia TDR
Meet IClickFix: a widespread WordPress-targeting framework using the ClickFix tactic
IClickFix

2026-01-29 ⋅ Fortninet ⋅ Angelo Deveraturda, Jared Betts, John Simmons, Ken Evans, Mark Robson, Omar Avilez Melo, Xiaopeng Zhang
Interlock Ransomware: New Techniques, Same Old Tricks
Interlock

2026-01-29 ⋅ CrowdStrike ⋅ CrowdStrike Threat Intel Team, Rob Bruner
LABYRINTH CHOLLIMA Evolves into Three Adversaries

2026-01-29 ⋅ HarfangLab ⋅ HarfangLab CTR
RedKitten: AI-accelerated campaign targeting Iranian protests
SloppyMIO RedKitten

2026-01-28 ⋅ Accenture ⋅ Accenture Cyber Threat Intelligence
Analysis of RustyRocket – A Custom WorldLeaks Exfiltration Tool
RustyRocket

2026-01-28 ⋅ Natto Thoughts ⋅ Eugenio Benincasa
Provincial Tasking, Cross-Provincial Execution: A Case-Based Look at How China Scales Cyber Operations

2026-01-28 ⋅ Google ⋅ Google Threat Intelligence Group
No Place Like Home Network: Disrupting the World's Largest Residential Proxy Network

2026-01-28 ⋅ Hunt.io ⋅ Hunt.io
Exposed Open Directory Leaks a Full BYOB Deployment Across Windows, Linux, and macOS