Malpedia Library

Click here to download all references as Bib-File.•

2025-06-20 ⋅ K7 Security ⋅ Baran S
SpyMax
SpyMax

2025-06-18 ⋅ Elastic ⋅ Salim Bitam
A Wretch Client: From ClickFix deception to information stealer deployment
HijackLoader Lumma Stealer SectopRAT

2025-06-12 ⋅ Symantec ⋅ Carbon Black, Threat Hunter Team
Fog Ransomware: Unusual Toolset Used in Recent Attack
Fog

2025-05-02 ⋅ Arctic Wolf ⋅ Arctic Wolf Labs Team
Venom Spider Uses Server-Side Polymorphism to Weave a Web Around Victims
More_eggs

2025-04-25 ⋅ Twitter (@teamcymru_S2) ⋅ TEAM CYMRU S2 THREAT RESEARCH
Tweet on North Korean Cyber Ops Leveraging Russian Infrastructure

2025-04-23 ⋅ Cisco Talos ⋅ Asheer Malhotra, Ashley Shen, Brandon White, Joey Chen, Vitor Ventura
Introducing ToyMaker, an initial access broker working in cahoots with double extortion gangs
HOLERUN

2025-04-10 ⋅ Symantec ⋅ Threat Hunter Team
Shuckworm Targets Foreign Military Mission Based in Ukraine

2025-04-08 ⋅ Team Cymru ⋅ S2 Research Team
Inside DanaBot’s Infrastructure: In Support of Operation Endgame II
DanaBot

2025-04-08 ⋅ Trustwave ⋅ Nikita Kazymirskyi, Serhii Melnyk
A deep Dive into the Leaked Black Basta Chat Logs
Black Basta Black Basta

2025-02-21 ⋅ cyjax ⋅ Cymon
How’s that for a malicious Linkc, new group launches DLS
LinkC Pub

2025-02-20 ⋅ Trend Micro ⋅ Daniel Lunghi
Updated Shadowpad Malware Leads to Ransomware Deployment
EvilExtractor PlugX ShadowPad Teleboyi

2025-02-20 ⋅ Trend Micro ⋅ Daniel Lunghi
Updated Shadowpad Malware Leads to Ransomware Deployment
EvilExtractor NailaoLocker PlugX ShadowPad

2025-02-13 ⋅ Symantec ⋅ Threat Hunter Team
China-linked Espionage Tools Used in Ransomware Attacks
PlugX

2024-12-20 ⋅ Team Cymru ⋅ Lewis Henderson
Jingle Shells: How Virtual Offices Enable a Facade of Legitimacy

2024-12-16 ⋅ Gdata ⋅ Banu Ramakrishnan
New I2PRAT communicates via anonymous peer-to-peer network
Unidentified 118

2024-11-11 ⋅ Kaspersky ⋅ Ashley Muñoz, Cristian Souza, Eduardo Ovalle
Ymir: new stealthy ransomware in the wild
Ymir

2024-10-14 ⋅ cyble ⋅ Cyble
Hidden in Plain Sight: ErrorFather’s Deadly Deployment of Cerberus
ErrorFather

2024-09-27 ⋅ Virus Bulletin ⋅ Lena Yu
CrackedCantil: A Malware Symphony Delivered By Cracked Software; Performed By Loaders, Infostealers, Ransomware, Et Al.
CrackedCantil

2024-09-17 ⋅ Mandiant ⋅ Mandiant
An Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader
MISTPEN

2024-09-09 ⋅ Github (itaymigdal) ⋅ Itay Migdal
Poshito - New Telegram C2