Investigations
477 total, 229 published| Investigation | Type | Severity | Files | Status | Investigated |
|---|---|---|---|---|---|
Vidar-as-a-Service: Stolen Certificates, Telegram Dead Drops, and the 185.56.45.235 C2 Infrastructure vidar-vaas-stolen-certs-telegram-dead-drop-c2 | Stealer | high | 0 files | Published | 4/19/2026 |
GriftClient: Minecraft RAT Using the Ethereum Blockchain as a C2 Resolver griftclient-minecraft-rat-ethereum-blockchain-c2 | RAT | high | 0 files | Published | 4/19/2026 |
NetScan/WPMagic CaaS: Mass WordPress Exploitation Panel Unmasked (wpmagic.net + xssnew.com) netscan-wpmagic-caas-xssnew-unmasked | Malware | high | 0 files | Published | 4/17/2026 |
REFUNDEE: Inside a Shadow Panel Phishing-as-a-Service Operation refundonex-shadow-panel-phaas | Phishing | high | 0 files | Published | 4/12/2026 |
AllSyDevs C2 Infrastructure -- Breakglass Intelligence Report allsydevs-c2-dump | Phishing | high | 1 file | Published | 4/10/2026 |
CPUID.com Supply Chain Compromise -- Breakglass Intelligence Report cpuid-com-supply-chain-compromise | RAT | high | 1 file | Published | 4/10/2026 |
CastleLoader / maybedontbanplease[.]com castleloader-maybedontbanplease | Stealer | medium | 0 files | Published | 4/9/2026 |
Calipology / SystemAutoUpdater — Trojanized RustDesk via Signed MSTeams Installer systemautoupdater-23-27-141-44 | RAT | high | 1 file | Published | 4/9/2026 |
SideWinder APT Credential Harvesting Campaign — PaaS Platform Abuse at Scale sidewinder-mhil-zeabur | APT | critical | 1 file | Published | 4/5/2026 |
Operation FiyatTeklifi -- CVE-2025-8088 WinRAR Exploit Delivering Turkish Telegram RAT fiyat-teklifi-cve-2025-8088 | Phishing | high | 1 file | Published | 4/5/2026 |
Operation Charger Van — Breakglass Intelligence Report trycloudflare-charger-van | Phishing | high | 1 file | Published | 4/5/2026 |
HYFLOCK RaaS — Breakglass Intelligence Report onion-e5hdifgit6 | Ransomware | high | 1 file | Published | 4/4/2026 |
Operation HEXSTRIKE -- npm Supply Chain Attack Targeting Guardarian Cryptocurrency Exchange strapi-plugin-events-c2 | Backdoor | high | 1 file | Published | 4/4/2026 |
TwizAdmin -- Multi-Stage Crypto Clipper, Infostealer & Ransomware Operation twizadmin-103-241-66 | Phishing | high | 1 file | Published | 4/4/2026 |
FEZBOX Supply Chain Attack C2 Panel -- Breakglass Intelligence Report darknet-c2-1-94-210 | Phishing | high | 1 file | Published | 4/3/2026 |
ELF Modified UPX — Breakglass Intelligence Report elf-modified-upx | Botnet | high | 1 file | Published | 4/3/2026 |
CRPX0 / DataBreachPlus — Multi-Platform Crypto Clipper + Ransomware MaaS Panel fanonlyatn-panel | Phishing | high | 1 file | Published | 4/3/2026 |
LOTUSLITE and MSC File Attack Vector -- Breakglass Intelligence Report lotuslite-msc | Phishing | high | 1 file | Published | 4/3/2026 |
Operation PHANTOM CENTRE -- Breakglass Intelligence Report salmanvsf-domains | Phishing | high | 1 file | Published | 4/3/2026 |
Smile Admin Panel -- Breakglass Intelligence Report smile-panels | Stealer | high | 1 file | Published | 4/3/2026 |
SuperShell C2 Panel at 8[.]216[.]26[.]169:8888 -- Breakglass Intelligence Report supershell-c2-8-216-26 | APT | critical | 1 file | Published | 4/3/2026 |
OPERATION CREST SNAKE — Breakglass Intelligence Report trycloudflare-crest-ind | Phishing | high | 1 file | Published | 4/3/2026 |
OPERATION KLEIN CHANGES — Breakglass Intelligence Report trycloudflare-klein-changes | Phishing | high | 1 file | Published | 4/3/2026 |
OPERATION NUTTEN TUNNEL — Breakglass Intelligence Report trycloudflare-wsgidev | Phishing | high | 1 file | Published | 4/3/2026 |
Operation VOICETRAP — FUD Batch File Campaign Targeting Israel via TryCloudflare Tunnels voicemessage-bat-israel | Phishing | high | 1 file | Published | 4/3/2026 |
XWorm V6.0 Multi-Stage Campaign — "backupallfresh2030" — Breakglass Intelligence Report xworm-backupallfresh | Phishing | high | 1 file | Published | 4/3/2026 |
CVE-2026-21509 South Asian Espionage Campaign (WarMachine/MALDEV01) — Breakglass Intelligence Report agenda-doc-cve-2026-21509 | APT | critical | 1 file | Published | 4/3/2026 |
Operation MIRZBOW — LNK Dropper Campaign Targeting Arabic-Speaking Users amz-zip-syria | APT | critical | 1 file | Published | 4/3/2026 |
Android TV Botnet Landscape: Bigpanzi, Kimwolf, and the Misattribution of Kimsuky bigpanzi-kimsuky-androidtv | APT | critical | 1 file | Published | 4/3/2026 |
ChanMirai Botnet C2 — Breakglass Intelligence Report bot-x86-duckdns | Botnet | high | 1 file | Published | 4/3/2026 |
HOSTING///SEO Credential Phishing & Payment Fraud Platform -- Breakglass Intelligence Report credential-phishing-salmanvsf | Phishing | high | 1 file | Published | 4/3/2026 |
Operation CLICKSMOKE -- Deno-Based ClickFix MaaS Platform dakatawebstick | Loader | high | 1 file | Published | 4/3/2026 |
GlassWorm Wave 3: The Supply Chain Worm Goes Cross-Platform -- A macOS Chrome RAT, a Windows ABE Bypass, and a Blockchain Dead-Drop glassworm-wave3-cross-platform | Ransomware | medium | 0 files | Published | 3/17/2026 |
GlassWorm: 9 Infected VS Code Extensions Are Still Live -- Inside the Rust-Powered Supply Chain Attack Targeting Developers glassworm-vscode-supply-chain | Stealer | medium | 0 files | Published | 3/16/2026 |
KORTEX Stealer Defeats Chrome's App-Bound Encryption -- What Defenders Need to Know Now kortex-chrome-bypass-stealer | Stealer | medium | 0 files | Published | 3/16/2026 |
SilverFox Deploys VM-Obfuscated RAT with ChaCha20 Encryption and RPC-Based C2 Disguised as Trend Micro silverfox-chacha20-vm-rat | Phishing | medium | 0 files | Published | 3/16/2026 |
HackForums Actor "gigajew" Caught Red-Handed: AsyncRAT Campaign Uses Cloudinary CDN Steganography and 7-Month-Old Bulletproof Infrastructure asyncrat-hackforums-gigajew | Phishing | medium | 0 files | Published | 3/16/2026 |
Unmasked: A 5-Stage DonutLoader Campaign Hiding Behind a Fake Adobe Storefront donutloader-adobevault-campaign | Botnet | medium | 0 files | Published | 3/16/2026 |
BlackSanta: How a Legitimately Signed Windows Driver Became a 192-Process EDR Killer blacksanta-byovd-edr-killer | Phishing | medium | 0 files | Published | 3/16/2026 |
Lazarus Group is Using the Solana Blockchain as a Dead-Drop C2 Channel -- and Nobody Noticed for 4 Months lazarus-tradertraitor-solana | Stealer | medium | 0 files | Published | 3/16/2026 |
That Password Manager You Downloaded Is Actually a $3,000/Month Infostealer deerstealer-rugmi-password-manager | Stealer | medium | 0 files | Published | 3/16/2026 |
Astaroth Returns: 1,680 Fake Brazilian Hosting Accounts, Reflective .NET Loading, and a Compromised Spanish Web Server Still Serving Malware astaroth-guildma-banking-trojan | RAT | medium | 0 files | Published | 3/16/2026 |
Fancy Bear's Weather Report: APT28 Harvests NTLMv2 Credentials from Ukraine's Meteorologists Using Weaponized RTF Documents apt28-ntlmv2-credential-harvester | Phishing | medium | 0 files | Published | 3/16/2026 |
SEAL RAT: A Czech-Language Job Phishing Dropper With a Proof-of-Work Twist and a Microsoft-Signed Certificate seal-rat-czech-job-phishing | Phishing | medium | 0 files | Published | 3/16/2026 |
StarDev's ACE-Tray Rootkit: A Chinese Cheat-as-a-Service Operation Running Dual Kernel Drivers Since 2016 staser-ace-tray-rootkit | Stealer | medium | 0 files | Published | 3/16/2026 |
The FreePBX Turf War: How VoIP Threat Actors Are Fighting Over Your Phone System victampbx-freepbx-turf-war | RAT | medium | 0 files | Published | 3/15/2026 |
SalatStealer's New Trick: Using TON Blockchain DNS to Make C2 Takedowns Impossible salatstealer-ton-blockchain | Ransomware | medium | 0 files | Published | 3/15/2026 |
Signed, Sealed, Delivered: How a Legitimately-Signed NetSupport Binary Became a Weapon Across 333+ ClickFix Infections netsupport-clickfix-campaign | Phishing | medium | 0 files | Published | 3/15/2026 |
Formbook Hides in Plain Sight: Three-Stage Dropper Chain Abuses Legitimate Paste Sites to Bypass Domain Blocking formbook-paste-site-delivery | Stealer | medium | 0 files | Published | 3/15/2026 |
Competent Malware, Incompetent Infrastructure: A SnakeKeylogger Operator Builds a Steganographic Kill Chain Then Leaves XAMPP Dashboard Open to the Internet snakekeylogger-telegram-opsec | Phishing | medium | 0 files | Published | 3/15/2026 |
XWorm via IPFS: Actor "jerrymac2008" Runs a One-Person Cybercrime Supermarket on Censorship-Resistant Infrastructure xworm-ipfs-jerrymac | Phishing | medium | 0 files | Published | 3/15/2026 |
EssentialAcquisition: A Custom Go Financial Trojan Running Raft Consensus C2 on Kubernetes essentialacquisition-raft-c2 | Stealer | medium | 0 files | Published | 3/15/2026 |
XWorm V5.6 Meets Carding Shop: Inside a Brazilian Operator's Vertically Integrated Cybercrime Pipeline xworm-iluminat-carding | Ransomware | medium | 0 files | Published | 3/15/2026 |
FlashTest Stealer: A $5,000 EV Certificate, a Shell Company, and a Speed Test That Steals Your Browser flashtest-ev-signed-stealer | Stealer | medium | 0 files | Published | 3/15/2026 |
WallStealer: A Full-Featured Infostealer Whose Operator Put Their C2 Domain as Their Steam Display Name wallstealer-steam-opsec | Phishing | medium | 0 files | Published | 3/15/2026 |
Twelve Samples, One Operation: Inside the HTA Crypto Stealer MaaS Platform hta-crypto-stealer-maas-cluster | Phishing | medium | 0 files | Published | 3/14/2026 |
VictamPbx: Inside a Brazilian VoIP Toll Fraud Operation Targeting FreePBX and Asterisk victampbx-voip-fraud-campaign | RAT | medium | 0 files | Published | 3/14/2026 |
The SilverFox Den: Inside a Chinese-Targeting Malware Campaign Built on Winos4.0 valleyrat-silverfox-march14-cluster | Phishing | medium | 0 files | Published | 3/14/2026 |
PS.Maloader.w: Tracking a Five-Domain PowerShell Dropper Campaign Across Rotating Cloudflare-Shielded Infrastructure ps-maloader-campaign | Phishing | medium | 0 files | Published | 3/14/2026 |
KongTuke Stage 2 Dissected: From CLR Memory Patching to XWorm RAT Delivery kongtuke-xworm-stage2 | Ransomware | medium | 0 files | Published | 3/14/2026 |
BGI Weekly Intelligence Roundup: March 8-14, 2026 weekly-march8-14-2026 | Botnet | medium | 0 files | Published | 3/14/2026 |
Pulsar RAT v2.4.5 — MSI Dropper with GUID-Encoded Shellcode & Cloudflare Workers C2 haunt-e4bd27de | Phishing | medium | 0 files | Published | 3/14/2026 |
IcedID / Latrodectus — Signed WiX MSI Dropper Campaign info_ir-99661418-17014299 | Ransomware | medium | 0 files | Published | 3/14/2026 |
SakuraCraft Infostealer — Multi-Stage Discord Token & Browser Credential Stealer payload-69d9013d | Phishing | medium | 0 files | Published | 3/14/2026 |
Linux.IRCBot/RaspiWorm — Raspberry Pi SSH Worm with IRC C2 0c889251c703623c3397893515aae9624f45c609-0c889251 | Botnet | high | 0 files | Published | 3/14/2026 |
DollRAT / "Lilly's RAT V8" — QuasarRAT Custom Variant with ngrok C2 Tunneling dollrat-58a901e3 | Phishing | medium | 0 files | Published | 3/14/2026 |
Gh0stRAT / Farfli — "WisemanSupport" Campaign wininet-58802bf2 | RAT | medium | 0 files | Published | 3/14/2026 |
RUGMI/IDAT Loader + Aurora Stealer — Multi-Stage DLL Sideloading Campaign stage_4_decrypted_payload-c89f9960 | Phishing | high | 0 files | Published | 3/14/2026 |
Python Infostealer / SKRX Dropper — Multi-Platform Credential Harvester main-6ea5c0b8 | Stealer | medium | 0 files | Published | 3/14/2026 |
ACRStealer Infrastructure Report — March 8, 2026 acrstealer | Stealer | high | 2 files | Published | 3/8/2026 |
AsyncRAT "Spotify.exe" Campaign Investigation asyncrat-spotify | Phishing | high | 1 file | Published | 3/8/2026 |
TernDoor WSPrint.dll Decryption Analysis terndoor-uat9244 | APT | critical | 4 files | Published | 3/8/2026 |
Go Loader Framework Deep Dive Report vidar-go-loader | Botnet | high | 2 files | Published | 3/8/2026 |
CountLoader C2 Panel — Full Investigation Report countloader | Stealer | high | 2 files | Published | 3/8/2026 |
Abuse Notifications — March 8, 2026 fresh-hunt-march8 | Malware | critical | 15 files | Unpublished | 3/8/2026 |
Untitled Investigation adaptix-c2-dump | APT | critical | 20 files | Published | 3/7/2026 |
Bashlite/Mirai-Variant IoT Botnet — Full Source Code Recovery bashlite-dump | Botnet | high | 1 file | Published | 3/7/2026 |
https://www.robotstxt.org/robotstxt.html hook-panel | Stealer | high | 2 files | Published | 3/7/2026 |
InstallFix Campaign: Fake Claude Code Installers Delivering Amatera Stealer installfix-amatera-report | Stealer | high | 1 file | Published | 3/7/2026 |
Port 7070 Cluster Investigation — ThinkHuge /21 Infrastructure port7070-anydesk-cluster-report | RAT | high | 1 file | Published | 3/7/2026 |
QuasarRAT v1.4.1 Fake Client - Technical Report quasar-fakeclient-report | RAT | high | 1 file | Published | 3/7/2026 |
Untitled Investigation sliver-c2-dump | Botnet | high | 1 file | Published | 3/7/2026 |
WaterHydra/DarkCasino APT Nexus: evilgrou-tech Attribution Report waterhydra-nexus-report | Phishing | high | 1 file | Published | 3/7/2026 |
How a Threat Actor's Own RAT Gave Up His Secrets: Dismantling Khan Islam's XWorm MaaS Operation xworm-panel | Phishing | high | 6 files | Published | 3/7/2026 |
Bucklog Panel — Full JavaScript Bundle Reverse Engineering env-harvester-cluster | Botnet | high | 4 files | Published | 3/7/2026 |
Fresh Hunt Report - March 7, 2026 fresh-hunt-march7 | Malware | high | 14 files | Unpublished | 3/7/2026 |
MalwareBazaar Fresh Hunt Report — March 7, 2026 (Evening Session) fresh-hunt-march7-evening | Malware | high | 9 files | Published | 3/7/2026 |
Consolidated Honeypot Threat Intelligence Report honeypot-intel | APT | critical | 27 files | Published | 3/7/2026 |
NEKOBYTE Redis Crontab Injection - clu-e.eu Cryptominer Botnet nekobyte-redis-miner | Botnet | high | 1 file | Published | 3/7/2026 |
Blake C2 Infrastructure Dump blake-c2 | Stealer | high | 1 file | Published | 3/6/2026 |
BrowserWare ClickFix Campaign Investigation browserware-clickfix | RAT | high | 1 file | Published | 3/6/2026 |
WsgiDAV Open Directory / Cloudflare Tunnel Malware Distribution Campaign cloudflare-multirat | RAT | high | 1 file | Published | 3/6/2026 |
Open Directory Investigation: 193.111.117[.]17:8080 netsupport-rat | Phishing | high | 2 files | Published | 3/6/2026 |
SERPENTINE#CLOUD - Active Campaign Analysis serpentine-cloud | Phishing | high | 2 files | Published | 3/6/2026 |
Kuwait Air Force Lure — Data Exfiltration via Rclone + MEGA kuwait-spearphish | Phishing | critical | 2 files | Published | 3/6/2026 |
58,000 Baby Monitors Left Wide Open: How Default Credentials Expose Children Worldwide meari-iot-vuln | IoT | high | 3 files | Published | 3/6/2026 |
Untitled Investigation fuery-stealer | Stealer | high | 3 files | Published | 3/5/2026 |
Untitled Investigation lumma-stealer | Stealer | high | 1 file | Published | 3/5/2026 |
Untitled Investigation phorpiex-worm | Phishing | high | 3 files | Published | 3/5/2026 |
Untitled Investigation qimmaedu-phishing | Phishing | high | 1 file | Published | 3/5/2026 |
Ju salat-stealer | Stealer | high | 4 files | Published | 3/5/2026 |
Untitled Investigation smokeloader-c2 | APT | critical | 6 files | Published | 3/5/2026 |
Untitled Investigation stealc-analysis | Stealer | high | 1 file | Published | 3/5/2026 |
Untitled Investigation ukraine-lnk-campaign | Phishing | high | 2 files | Published | 3/5/2026 |
Untitled Investigation valleyrat-c2 | Botnet | high | 2 files | Published | 3/5/2026 |
C2 Investigation: 178.22.24.175 — Multi-RAT/Stealer Cluster on GALEON-AS c2-178-22-24-175 | Botnet | high | 1 file | Published | 3/5/2026 |
Threat Actor Profile: angela / angelalk21 / 王从天降 krakennet-botnet | Botnet | high | 12 files | Published | 3/5/2026 |
MalwareBazaar Fresh Sample Hunt — 2026-03-05 bazaar-fresh-hunt | Malware | critical | 2 files | Unpublished | 3/5/2026 |
Threat Investigation Report: Fake CVS Recruiter Malware Campaign cvs-recruiter-scam | Phishing | high | 1 file | Published | 3/5/2026 |
Threat Investigation: "Download ZIP" Campaign — Oman Origin oman-zip-dga | Botnet | high | 2 files | Published | 3/5/2026 |
Phishing Kit Hunting Report — 2026-03-04 phishing-kit | Phishing | high | 2 files | Published | 3/4/2026 |
AMOS Stealer Campaign Investigation Report amos-stealer-v3 | Stealer | critical | 1 file | Published | 3/4/2026 |
Orçamento2026.msi — GoToResolve Unattended Access Abuse msi-loader | Phishing | high | 2 files | Published | 3/4/2026 |
Remcos RAT — "Mhunter" Campaign remcos-rat | Phishing | high | 2 files | Published | 3/4/2026 |
Steaelite RAT C2 Infrastructure Dump steaelite-c2 | Stealer | high | 1 file | Published | 3/4/2026 |
Fake "OpenClaw Skill" macOS Stealer - Full Analysis Report amos-stealer-v1 | Stealer | high | 4 files | Published | 3/3/2026 |
MuddyWater Infrastructure Exposé: Full Offensive Toolkit Recovered from Open Directory muddywater-apt | APT | critical | 132 files | Published | 3/3/2026 |
NFe-RAT Full Investigation Report nfe-rat | Phishing | high | 2 files | Published | 3/3/2026 |
Kent-Loader / CS2 Cloud Radar - Malware Analysis Report kent-loader | Stealer | high | 4 files | Published | 3/2/2026 |
Smishing Triad C2 Infrastructure Dump smishing-triad | Phishing | high | 6 files | Published | 3/2/2026 |
Forensic Intelligence Report: 186.169.75.221 early-ip-recon | IoT | high | 4 files | Published | 2/26/2026 |
Forensic Intelligence Report: "SILENT" RAT/Stealer Infrastructure silent-rat | Stealer | high | 1 file | Published | 2/26/2026 |
Vidar Stealer (Go Variant) — Threat Intelligence Report file-d62f2456 | Phishing | high | 1 file | Unpublished | 4/30/2026 |
Threat Intelligence Report: setup-edea1565 setup-edea1565 | Phishing | high | 1 file | Unpublished | 4/30/2026 |
Threat Intelligence Report: ELF/Wraith SSH Backdoor + Tux Mirai Botnet 0029c449ebfb124513326af650dad34a38140de6-0029c449 | IoT | high | 1 file | Unpublished | 4/30/2026 |
GHOST Intelligence Report sejunctively-d448f063 | Phishing | high | 1 file | Unpublished | 4/29/2026 |
GHOST OSINT Investigation Report smica83-20260429-256a6daaa5a21df3-1156dd43 | Phishing | high | 1 file | Unpublished | 4/29/2026 |
GHOST Intelligence Report: Crypto Investment Scam — zolviqhub[.]live 104-21-65-107-shadowopcode-20260429-c773-d9205747 | Phishing | high | 1 file | Unpublished | 4/29/2026 |
GHOST Intelligence Report: 139.162.162[.]66 139-162-162-66-malwrhunterteam-20260429-10cb5ff9 | Phishing | high | 1 file | Unpublished | 4/29/2026 |
GHOST Intelligence Report: chatcamic[.]com DNS-Based PowerShell C2 chatcamic-com-malwrhunterteam-20260429-5-959b59ba | Phishing | high | 1 file | Unpublished | 4/29/2026 |
Threat Intelligence Report: Phorpiex Dropper + Needle C2 + XMR Mining Botnet file-859299c6 | Botnet | high | 1 file | Unpublished | 4/29/2026 |
GHOST Intelligence Report — all.sh (Mirai/Titan Botnet Dropper) all-a0bc3b9f | IoT | high | 1 file | Unpublished | 4/29/2026 |
GHOST Intelligence Report — QS48890 AgentTesla JScript Dropper qs48890-2b506395 | Phishing | high | 1 file | Unpublished | 4/29/2026 |
GHOST Intelligence Report: VTUPRESS Bot Panel 95-111-244-90-factfinder03-20260429-2235-f14a593b | Phishing | high | 1 file | Unpublished | 4/29/2026 |
GHOST Intelligence Report: Nebula Stealer 9a25d0d4a647-suyog41-20260429-6f929147e7-50bd4c2f | Phishing | high | 1 file | Unpublished | 4/29/2026 |
GHOST OSINT Report: Odyssey Stealer — cloud-verificate[.]com cloud-verificate-com-suyog41-20260429-9e-c8255303 | Phishing | high | 1 file | Unpublished | 4/29/2026 |
GHOST OSINT Report: dashwake[.]info — Malware Distribution Domain dashwake-info-smica83-20260429-53a02e32b-cf591d2d | Phishing | high | 1 file | Unpublished | 4/29/2026 |
GHOST Intelligence Report: heliosdue[.]info — Remcos RAT Distribution heliosdue-info-smica83-20260429-567795b3-3fbfd47b | Phishing | high | 1 file | Unpublished | 4/29/2026 |
GHOST Intelligence Report: Intesa Sanpaolo Phishing Campaign intesasanpaolo-proteggi-la-mia-carta-net-39b49775 | Phishing | high | 1 file | Unpublished | 4/29/2026 |
GHOST Intelligence Report: MacSync Stealer C2 Infrastructure qusetagent-com-suyog41-20260429-5cc55183-dabb7065 | Stealer | high | 1 file | Unpublished | 4/29/2026 |
Threat Intelligence Report: SecuriteInfo.com.Heur.MSIL.Benin.5 securiteinfo-com-heur-msil-benin-5-bbcde509 | Phishing | high | 1 file | Unpublished | 4/29/2026 |
GHOST Intelligence Report: Fake Stake Casino Stealer Campaign stake-casino-stream-suyog41-20260429-fb3-0f983fc0 | Phishing | high | 1 file | Unpublished | 4/29/2026 |
GHOST Intelligence Report: xeniominb[.]info xeniominb-info-smica83-20260429-fc64fb59-7b9f16ee | Phishing | high | 1 file | Unpublished | 4/29/2026 |
GHOST Intelligence Report: 115.175.16[.]26 115-175-16-26-malwrhunterteam-20260429-a-e0d16b09 | RAT | high | 1 file | Unpublished | 4/29/2026 |
KB C2 Panel — Threat Intelligence Report 185-102-115-84-malwrhunterteam-20260429-76682c28 | Phishing | high | 1 file | Unpublished | 4/29/2026 |
GHOST Investigation: HollyShit JAVA Stealer 229a945794ad-suyog41-20260429-b421fe2f18-05c771fc | Phishing | high | 1 file | Unpublished | 4/29/2026 |
GHOST Intelligence Report: SPARROW C2 Panel — 79.7.152[.]162 79-7-152-162-factfinder03-20260429-a5790-83a3e2e5 | APT | critical | 1 file | Unpublished | 4/29/2026 |
GHOST Intelligence — Threat Investigation Report u-1f34e1c4 | Botnet | high | 1 file | Unpublished | 4/29/2026 |
Threat Intelligence Report: 64.exe (c30be980) 64-c30be980 | Stealer | high | 1 file | Unpublished | 4/29/2026 |
GHOST Intelligence Report — SilverFox/ValleyRAT Campaign 2026-04-28-2-0c8de947 | Phishing | high | 1 file | Unpublished | 4/29/2026 |
THERMITE C2-Lite — Infrastructure Intelligence Report 209-99-191-194-justwanttoq1-20260429-ba1-acdea3c7 | Phishing | high | 1 file | Unpublished | 4/29/2026 |
GHOST Intelligence Report — XWorm Multi-Stage Dropper Campaign kkfbmw-c87d531e | RAT | high | 1 file | Unpublished | 4/29/2026 |
GHOST Intelligence Report — ValleyRAT/SilverFox/RustyStealer 2026-pdf-2e3d9243 | Phishing | high | 1 file | Unpublished | 4/29/2026 |
GHOST Intelligence Report — SilverFox/ValleyRAT Campaign 2026-pdf-3d363a20 | Phishing | high | 1 file | Unpublished | 4/29/2026 |
GHOST Intelligence Report: DRAZY V3 Info Stealer Panel drazyland-us-smica83-20260428-6f3c174b89-2f9aff81 | Phishing | high | 1 file | Unpublished | 4/29/2026 |
GHOST Intelligence Report: scp749[.]com scp749-com-malwrhunterteam-20260428-ddd9-ffb854a1 | Phishing | high | 1 file | Unpublished | 4/29/2026 |
GHOST Intelligence Report: SPIDY C2 Panel — vayusena[.]online vayusena-online-malwrhunterteam-20260428-f9b61143 | RAT | high | 1 file | Unpublished | 4/29/2026 |
GHOST Intelligence Report: SPIDY C2 — vayusena[.]online vayusena-online-smica83-20260428-71fb828-fdef2e7b | RAT | high | 1 file | Unpublished | 4/29/2026 |
GHOST Intelligence Report: Kimsuky DDNS C2 Infrastructure 123-58-200-69-skocherhan-20260428-6e1d25-e2a05c61 | APT | critical | 1 file | Unpublished | 4/29/2026 |
GHOST Intelligence Report: SPIDY C2 Panel — 176.125.240[.]169 176-125-240-169-malwrhunterteam-20260428-2f547478 | RAT | high | 1 file | Unpublished | 4/29/2026 |
GHOST Investigation: SPM Cloud Worm (TeamPCP Rival) 193-187-129-143-malwrhunterteam-20260428-4a960cb8 | Phishing | high | 1 file | Unpublished | 4/29/2026 |
GHOST Intelligence Report: 35.196.105[.]113 35-196-105-113-malwrhunterteam-20260428-5ca1bc13 | Botnet | high | 1 file | Unpublished | 4/29/2026 |
GHOST Investigation: 43.139.81[.]96 43-139-81-96-malwrhunterteam-20260428-28-ee0d7ea0 | Loader | high | 1 file | Unpublished | 4/29/2026 |
GHOST Intelligence Report: React2Shell Worm — "SPM" Campaign amazonaws-com-malwrhunterteam-20260428-d-08016d37 | Phishing | high | 1 file | Unpublished | 4/29/2026 |
Threat Intelligence Report: cat.sh / Iran Botnet Dropper cat-200de10e | IoT | high | 1 file | Unpublished | 4/29/2026 |
GHOST Intelligence Report: centralcoretech[.]com centralcoretech-com-malwrhunterteam-2026-bd61e45e | Phishing | high | 1 file | Unpublished | 4/29/2026 |
GHOST Intelligence Report: HeriosBot Campaign deploy-f57c4ce4 | Botnet | high | 1 file | Unpublished | 4/29/2026 |
Threat Intelligence Report: invite_card.vbs invite-card-3b474677 | Phishing | high | 1 file | Unpublished | 4/28/2026 |
GHOST Intelligence Report — Statement-03-2026.vbs statement-03-2026-9b3296db | Phishing | high | 1 file | Unpublished | 4/28/2026 |
GHOST Intelligence Report — njRAT/Bladabindi server-c0b0ead0 | Phishing | high | 1 file | Unpublished | 4/28/2026 |
GHOST Intelligence — Vidar Stealer Infrastructure Report file-cd263e14 | Phishing | high | 1 file | Unpublished | 4/28/2026 |
GHOST Investigation: MacSync Stealer C2 — glowmedaesthetics[.]com glowmedaesthetics-com-suyog41-20260428-3-7d9931c1 | Phishing | high | 1 file | Unpublished | 4/28/2026 |
DCRat Investigation — 06fdb48d415ce4d6bb0905b9a01e47c2 06fdb48d415ce4d6bb0905b9a01e47c2-d215719d | RAT | high | 1 file | Unpublished | 4/28/2026 |
ValleyRAT / HijackLoader Campaign Investigation 6847e6a295e8312a990752c9a0662f5757e096d3-6847e6a2 | Phishing | high | 1 file | Unpublished | 4/28/2026 |
GHOST Intelligence Report — DarkCloud Stealer (a310Logger) Campaign ps-u6v3yhpiyzof-1773218024276-54a527c1 | Stealer | high | 1 file | Unpublished | 4/28/2026 |
GHOST Intelligence Report: lotuscare[.]com[.]my Malware Distribution lotuscare-com-smica83-20260428-32684e33c-18039bb8 | Phishing | high | 1 file | Unpublished | 4/28/2026 |
GHOST Intelligence Report: Trojanized LetsVPN Installer — vpntop[.]com / vpntop[.]com[.]cn vpntop-com-smica83-20260428-6c7486e62718-aeb1958d | Loader | high | 1 file | Unpublished | 4/28/2026 |
GHOST Investigation: xtrafftrck[.]net / "Chopi" C2 Panel xtrafftrck-net-malwrhunterteam-20260428-fb4b1195 | Phishing | high | 1 file | Unpublished | 4/28/2026 |
GHOST Intelligence Report: Android RAT C2 Panel — 144[.]31[.]221[.]172 144-31-221-172-factfinder03-20260428-d93-9b3b51f5 | RAT | high | 1 file | Unpublished | 4/28/2026 |
GHOST Intelligence Report: ZETA C2 Panel — 160[.]179[.]52[.]9 160-179-52-9-factfinder03-20260428-9f091-242e6922 | IoT | high | 1 file | Unpublished | 4/28/2026 |
GHOST Intelligence Report: 192.151.146.82 — "CC Panel" C2 Infrastructure 192-151-146-82-factfinder03-20260428-2af-38be8bef | RAT | high | 1 file | Unpublished | 4/28/2026 |
GHOST Intelligence Report: ScreenConnect VBS Loader Campaign 4f500333f102-suyog41-20260428-528ed24ac5-d7055bc3 | Phishing | high | 1 file | Unpublished | 4/28/2026 |
GHOST Intelligence Report: Chopi C2 Infrastructure on 70.34.205[.]43 70-34-205-43-malwrhunterteam-20260428-cd-d8cc7d5b | Phishing | high | 1 file | Unpublished | 4/28/2026 |
GHOST Intelligence Report: hx1.bounceme[.]net — Remcos RAT C2 bounceme-net-smica83-20260428-cdd29bf98a-3a58fde1 | APT | critical | 1 file | Unpublished | 4/28/2026 |
GHOST Intelligence Report: razortiger.docx — Remote Template Injection dd307599773b-suyog41-20260428-2b5ed455db-146dfe34 | APT | critical | 1 file | Unpublished | 4/28/2026 |
Threat Intelligence Report: 20260428-00326 20260428-00326-6e40a294 | Phishing | high | 1 file | Unpublished | 4/28/2026 |
Threat Intelligence Report: inet-mark.com / terazosine.fit Infrastructure inet-mark-com-skocherhan-20260427-7e6171-a47ffd26 | Stealer | high | 1 file | Unpublished | 4/28/2026 |
Threat Intelligence Report: INTXCP0Y — AgentTesla v3 Multi-Stage Dropper intxcp0y-650a4596 | Phishing | high | 1 file | Unpublished | 4/28/2026 |
Viper Platform15 — Threat Intelligence Report viper-platform15-906694b2 | Phishing | high | 1 file | Unpublished | 4/28/2026 |
GHOST Investigation: 152[.]32[.]243[.]224 — Panda Shop / Smishing Triad Korea Campaign 152-32-243-224-skocherhan-20260427-bd1b5-62f3d529 | APT | critical | 1 file | Unpublished | 4/28/2026 |
GHOST Intelligence Report — PHPUnit Webshell Dropper & Healthcare SaaS Infrastructure 164-90-195-107-1777321927337964-vendor-p-3cbcb567 | RAT | high | 1 file | Unpublished | 4/28/2026 |
GHOST Intelligence — Threat Investigation Report 164-90-195-107-1777321927924959-vendor-p-d1581a03 | Botnet | high | 1 file | Unpublished | 4/28/2026 |
GHOST Intelligence Report — CVE-2017-9841 Webshell Dropper 164-90-195-107-1777321928494543-vendor-p-4f193490 | RAT | high | 1 file | Unpublished | 4/28/2026 |
GHOST Intelligence Report — 164[.]90[.]195[.]107 / CVE-2017-9841 PHPUnit RCE Dropper 164-90-195-107-1777321928892238-vendor-p-a334fe46 | RAT | high | 1 file | Unpublished | 4/28/2026 |
DCRat Campaign — Infrastructure Report 018569d1fa9f3f0598cf2e53c9b8f049-4d848fea | Phishing | high | 1 file | Unpublished | 4/27/2026 |
Threat Intelligence Report: DCRat / MSIL.Crysan Campaign 27384be5e8e5158d562e71a0bc38dc51-1b85830a | Phishing | high | 1 file | Unpublished | 4/27/2026 |
Threat Intelligence Report: 104.164.55[.]223 104-164-55-223-malwrhunterteam-20260427-f7571ab9 | RAT | high | 1 file | Unpublished | 4/27/2026 |
GHOST Intelligence Report: Lazarus-Linked Stealer C2 Infrastructure 195-201-104-53-500mk500-20260427-7555e0d-95874669 | APT | critical | 1 file | Unpublished | 4/27/2026 |
AgentTesla Campaign Analysis — ps_pal5rj5H4bCo_1776177017870 ps-pal5rj5h4bco-1776177017870-848bc608 | Phishing | high | 1 file | Unpublished | 4/27/2026 |
GHOST Intelligence Report — AgentTesla Multi-Stage Loader ps-r3cnqky6lkqb-1776149278654-0252a5d1 | Phishing | high | 1 file | Unpublished | 4/27/2026 |
ValleyRAT / SilverFox Campaign — Threat Intelligence Report 2026-pdf-f5d06037 | Phishing | high | 1 file | Unpublished | 4/27/2026 |
SilverFox / ValleyRAT Malware Analysis sample-80210f7f | Phishing | high | 1 file | Unpublished | 4/27/2026 |
Threat Intelligence Report: Themida-Packed Stealc (Dropped by Amadey) file-2cd35079 | Phishing | high | 1 file | Unpublished | 4/27/2026 |
GHOST Intelligence — Threat Report update-f4c87a1d | RAT | high | 1 file | Unpublished | 4/27/2026 |
GHOST Intelligence Report: India Tax Phishing → DLL Side-Loading RAT Campaign zyisykm-shop-malwrhunterteam-20260427-02-d8cc35bd | APT | critical | 1 file | Unpublished | 4/27/2026 |
GHOST OSINT Report: 38.76.199.112 — Infostealer Distribution via Open Directory 38-76-199-112-smica83-20260427-e4454fa1b-8c27d76a | Phishing | high | 1 file | Unpublished | 4/27/2026 |
GHOST Intelligence Report: Odyssey Stealer (macOS) 573dc21ae52d-suyog41-20260427-978da00777-c01ed4c1 | Phishing | high | 1 file | Unpublished | 4/27/2026 |
GHOST Investigation: AsyncRAT C2 — lapoire*.hopto.org hopto-org-smica83-20260427-cfc4869fae95c-0e575d2a | Phishing | high | 1 file | Unpublished | 4/27/2026 |
GHOST Intelligence Report: Turkish-Targeted Multi-Stage VBS Downloader Campaign imgresim-net-smica83-20260427-d74ad25e55-bfbe0a66 | Phishing | high | 1 file | Unpublished | 4/27/2026 |
GHOST Intelligence Report — invoice-1645080830.pdf (34).js invoice-1645080830-pdf-34-30ce1ac0 | Phishing | high | 1 file | Unpublished | 4/27/2026 |
GHOST Intelligence Report invoice-1645080830-pdf-35-85cc7918 | Phishing | high | 1 file | Unpublished | 4/27/2026 |
GHOST Intelligence Report: lesoulkir[.]info lesoulkir-info-smica83-20260427-fae98de9-50e37f14 | Phishing | high | 1 file | Unpublished | 4/27/2026 |
GHOST Intelligence Report recibos-abril160415042026000458-000459-b-7851bafd | Phishing | high | 1 file | Unpublished | 4/27/2026 |
GHOST Intelligence Report — package.ps1 / Nigerian BEC Infostealer Campaign package-b588caa5 | Phishing | high | 1 file | Unpublished | 4/27/2026 |
GHOST Intelligence Report — IMMORTAL DROPPER Campaign file-c892a74e | Botnet | high | 1 file | Unpublished | 4/27/2026 |
GHOST Intelligence Report — XWorm Multi-Stage Dropper zxftw-926ba0cd | Phishing | high | 1 file | Unpublished | 4/27/2026 |
GHOST OSINT Report: WordPress Domain Renewal Phishing Campaign soyfix-com-skocherhan-20260426-d08ee72c2-682c976d | Phishing | high | 1 file | Unpublished | 4/27/2026 |
GHOST Investigation: 31.58.220.250 — SpiceRAT C2 Infrastructure 31-58-220-250-skocherhan-20260426-183c2f-134687d3 | Phishing | high | 1 file | Unpublished | 4/27/2026 |
GHOST Intelligence Report — Smoke Loader / GCleaner Campaign file-710c7947 | Phishing | high | 1 file | Unpublished | 4/27/2026 |
JOMANGYRUNNER — FreePBX/VoIP Toll Fraud Campaign k-6c3504d3 | Backdoor | high | 1 file | Unpublished | 4/27/2026 |
GHOST Intelligence Report — 023782pler.x86_64 (Ladvix Campaign) 023782pler-31b837f8 | Botnet | high | 1 file | Unpublished | 4/27/2026 |
RatonRAT Investigation — ivyvbs-45680610 ivyvbs-45680610 | RAT | high | 1 file | Unpublished | 4/27/2026 |
GHOST Intelligence — Threat Actor Infrastructure Report file-213b55b1 | Phishing | high | 1 file | Unpublished | 4/26/2026 |
Threat Intelligence Report: Medusa Botnet — "fuckjewishpeople" Campaign fuckjewishpeople-0d8728e1 | Phishing | high | 1 file | Unpublished | 4/26/2026 |
GHOST Intelligence Report — cat.sh / Mirai Botnet cat-da21fc59 | IoT | medium | 1 file | Unpublished | 4/26/2026 |
GHOST Intelligence Report: SideWinder APT — Nayatel Zimbra Credential Harvester on Railway location-se-volrant136-20260426-cea436b5-3d1539bc | APT | critical | 1 file | Unpublished | 4/26/2026 |
GHOST Intelligence Report xx-dc6db551 | Phishing | high | 1 file | Unpublished | 4/26/2026 |
GHOST Intelligence — Investigation Report init-83fe8ae7 | IoT | high | 1 file | Unpublished | 4/26/2026 |
GHOST Intelligence Report — TVT IoT Botnet / "Alyssa" Campaign tvt-8ffec314 | IoT | high | 1 file | Unpublished | 4/26/2026 |
GHOST Investigation: greenwoodsinvestmentsltd[.]pro greenwoodsinvestmentsltd-pro-skocherhan-83b20d4c | Phishing | high | 1 file | Unpublished | 4/26/2026 |
Threat Intelligence Report: rattnano-0c747417 rattnano-0c747417 | Phishing | high | 1 file | Unpublished | 4/26/2026 |
GHOST Intelligence — Threat Report c72d83574f944be80ec569963810a29fee4feff2-c72d8357 | Phishing | high | 1 file | Unpublished | 4/26/2026 |
Threat Intelligence Report: Aotera Trojanized libpsl-5.dll libpsl-5-ac6c003b | Phishing | high | 1 file | Unpublished | 4/26/2026 |
JOMANGY VoIP Webshell — Threat Intelligence Report k-9e4f0953 | Loader | high | 1 file | Unpublished | 4/26/2026 |
Threat Intelligence Report: JOMANGY RUNNER — VoIP Toll Fraud Campaign x-69121989 | Loader | high | 1 file | Unpublished | 4/26/2026 |
FlyStudio/FlyAgent RAT — VBS Watchdog Investigation vbs3-1-0f3f78a6 | RAT | high | 1 file | Unpublished | 4/26/2026 |
GHOST Intelligence Report — VBS3.vbs / FlyAgent Backdoor Campaign vbs3-38707038 | Phishing | high | 1 file | Unpublished | 4/26/2026 |
GHOST Intelligence Report — LummaStealer C2 Infrastructure build-4-e5094316 | Phishing | high | 1 file | Unpublished | 4/26/2026 |
GHOST Intelligence Report — GCleaner PPI Distribution Node file-e9aa0a12 | Phishing | high | 1 file | Unpublished | 4/26/2026 |
GHOST Intelligence Report: DCRat C2 Infrastructure on tw1[.]ru tw1-ru-skocherhan-20260425-878328e466de2-aed399ba | Stealer | high | 1 file | Unpublished | 4/26/2026 |
GHOST Intelligence — SilverFox/ValleyRAT WPS Lure Investigation 2026-04-24-wps-60090a70 | Phishing | high | 1 file | Unpublished | 4/26/2026 |
GHOST Intelligence — Threat Investigation Report mixnew22-7f626bf4 | Phishing | high | 1 file | Unpublished | 4/26/2026 |
Threat Intelligence Report: sxjbv.ps1 sxjbv-b18c9f23 | Phishing | high | 1 file | Unpublished | 4/25/2026 |
Salat Stealer — Dior fix.exe dior-fix-5fcc6ae1 | Stealer | high | 1 file | Unpublished | 4/25/2026 |
GHOST Intelligence Report — GoRAT C2 Infrastructure bins-c96e4771 | IoT | high | 1 file | Unpublished | 4/25/2026 |
GHOST Intelligence Report — Mirai Botnet Dropper v.sh v-c03ce30c | Phishing | high | 1 file | Unpublished | 4/25/2026 |
GHOST Intelligence Report: Booking.com ClickFix Campaign Delivering NetSupport RAT 185-107-74-215-jameswtwt-20260425-f48940-340867d3 | Phishing | high | 1 file | Unpublished | 4/25/2026 |
GHOST Intelligence Report: youtude-dl[.]pro / 185[.]107[.]74[.]215 185-107-74-215-skocherhan-20260425-53164-50712e81 | Phishing | high | 1 file | Unpublished | 4/25/2026 |
GHOST Investigation: Kimsuky DDNS Infrastructure (216.158.235.97) 216-158-235-97-skocherhan-20260425-16055-73b3ebac | APT | critical | 1 file | Unpublished | 4/25/2026 |
GHOST Investigation: 45.227.254[.]10 — Grandoreiro Banking Trojan C2 Infrastructure 45-227-254-10-skocherhan-20260425-0013de-d382e832 | Phishing | high | 1 file | Unpublished | 4/25/2026 |
GHOST Intelligence Report — NetSupport Manager RAT Campaign altera-a481da0c | Phishing | high | 1 file | Unpublished | 4/25/2026 |
NetSupport RAT Campaign — installer.msi installer-969fa1cc | APT | critical | 1 file | Unpublished | 4/25/2026 |
GHOST Investigation: cksredi[.]pages[.]dev — SharePoint Phishing Redirector pages-de-skocherhan-20260425-12944191975-935afa3b | Phishing | high | 1 file | Unpublished | 4/25/2026 |
GHOST Investigation: SharePoint Phishing via Cloudflare Pages + IPFS pages-de-skocherhan-20260425-33d33aa7310-15129124 | Phishing | high | 1 file | Unpublished | 4/25/2026 |
GHOST Investigation: Microsoft OAuth Device Code Phishing via Compromised WordPress Site premiumauto-com-skocherhan-20260425-f41e-d7c01f40 | Phishing | high | 1 file | Unpublished | 4/25/2026 |
EXECUTIVE SUMMARY cmutil-fe4cdb7e | Stealer | high | 1 file | Unpublished | 4/25/2026 |
Threat Intelligence Report: Hydra Installer / Galaxy Swapper v2 hydra-installer-d8c8215f | Stealer | high | 1 file | Unpublished | 4/25/2026 |
GHOST Intelligence Report ix9gt6hs-4c9d48e9 | Phishing | high | 1 file | Unpublished | 4/25/2026 |
Agent Tesla Infostealer — Threat Intelligence Report ps-plqlabnxbwpg-1776759819620-254f7eb1 | Phishing | high | 1 file | Unpublished | 4/25/2026 |
GHOST Intelligence Report — SnakeKeylogger Campaign Analysis ps-5guhlnblv7ja-1776699154658-132fbaa3 | Phishing | high | 1 file | Unpublished | 4/25/2026 |
AgentTesla Campaign — Threat Intelligence Report ps-nzsiqwfwwt8b-1776697587450-a4e6ca7e | Stealer | high | 1 file | Unpublished | 4/25/2026 |
XLLiveUpdateAgent.dll — ValleyRAT/Winos Campaign Investigation xlliveupdateagent-588aa05b | Phishing | high | 1 file | Unpublished | 4/25/2026 |
GHOST OSINT Investigation: Go-Based Infostealer/Ransomware Abusing gofile.io gofile-io-salmanvsf-20260424-45bd385ba9d-06c0ece9 | Phishing | high | 1 file | Unpublished | 4/25/2026 |
LummaStealer Campaign — Setup.exe.exe setup-exe-b7a4969b | Phishing | high | 1 file | Unpublished | 4/25/2026 |
Threat Intelligence Report — JS.Stealer / Bundled Node.js Info Stealer 40-6yg-win32-dec-1debe2d0 | Stealer | high | 1 file | Unpublished | 4/25/2026 |
GHOST Intelligence Report: 149.28.141[.]17 149-28-141-17-malwrhunterteam-20260424-7-846aaa4a | Botnet | high | 1 file | Unpublished | 4/24/2026 |
GHOST Intelligence Report: DarkCloud Stealer C2 Infrastructure 31-57-184-57-shadowopcode-20260424-d5373-5a741a88 | Phishing | high | 1 file | Unpublished | 4/24/2026 |
GHOST Intelligence Report: Braodo Stealer — New Campaign Infrastructure 8eeadec70143-suyog41-20260424-e0818c8628-5c5afd60 | Phishing | high | 1 file | Unpublished | 4/24/2026 |
GHOST Intelligence Report: fast16 Cyber Sabotage Framework 96a47a2e7322-turingalex-20260424-e6e784e-24b31037 | Botnet | high | 1 file | Unpublished | 4/24/2026 |
Threat Intelligence Report: BOOKING.vbs / GuLoader → AgentTesla Campaign booking-e4851182 | Phishing | high | 1 file | Unpublished | 4/24/2026 |
GHOST Intelligence — Threat Investigation Report z59fedexshippingdocument-7705a9dc | Phishing | high | 1 file | Unpublished | 4/24/2026 |
GHOST Intelligence Report — Formbook/JS Dropper license-2ac97d2b | Phishing | high | 1 file | Unpublished | 4/24/2026 |
DCRat Campaign — Investigation Report 01150b1e4a39eb4d7f4e4d1f2decb6f8-e31f76e7 | Phishing | high | 1 file | Unpublished | 4/24/2026 |
PhantomStealer Investigation: Online.bat online-f9a47e24 | Phishing | high | 1 file | Unpublished | 4/24/2026 |
PhantomStealer — Rose.ps1 Intelligence Report rose-c319bb21 | Stealer | high | 1 file | Unpublished | 4/24/2026 |
GHOST Intelligence Report: htp.win / CVE-2025-48700 htp-win-shadowserver-20260424-9ae18dbec3-231629dc | APT | critical | 1 file | Unpublished | 4/24/2026 |
GHOST Investigation Report: htp-win-shadowserver-20260424 htp-win-shadowserver-20260424-d19847795a-a494d393 | Phishing | high | 1 file | Unpublished | 4/24/2026 |
GHOST Intelligence Report — Mirai Botnet "Ciabins" / "BotnetV2" mipsel-ff7474ff | IoT | high | 1 file | Unpublished | 4/24/2026 |
GHOST OSINT Investigation Report 195-239-51-38-salmanvsf-20260424-cd7cff3-80f6dcd7 | Botnet | high | 1 file | Unpublished | 4/24/2026 |
GHOST Investigation: dust.exe (MD5: 5b347a6a5104d72a6592568a33778eb2) 5b347a6a5104-salmanvsf-20260424-c9ca6d93-ca049f36 | APT | critical | 1 file | Unpublished | 4/24/2026 |
GHOST Intelligence Report: Anarchy RAT Panel — 77[.]92[.]36[.]10 77-92-36-10-factfinder03-20260424-3c4f86-7878c044 | Botnet | high | 1 file | Unpublished | 4/24/2026 |
GHOST Intelligence Report: DeskRAT Campaign Targeting Indian Defense Sector bossmaya-xyz-smica83-20260424-9b3642d88c-528966f7 | Phishing | high | 1 file | Unpublished | 4/24/2026 |
GHOST Intelligence Report — Ciabins Mirai/Gafgyt IoT Botnet ciabins-28d9b4fb | Botnet | high | 1 file | Unpublished | 4/24/2026 |
GHOST Intelligence Report — bot.ppc (Mirai PPC32 Variant) bot-f2f0c181 | Botnet | high | 1 file | Unpublished | 4/24/2026 |
PhantomStealer Campaign — String.ps1 string-743c07de | Phishing | high | 1 file | Unpublished | 4/24/2026 |
THANKS.ps1 — PhantomStealer Campaign Analysis thanks-6916eee5 | Phishing | high | 1 file | Unpublished | 4/24/2026 |
ValleyRAT / Winos4.0 DLL Module — Investigation Report 27623783271c5081889fffd34a35ef89-3d3baf5c | RAT | high | 1 file | Unpublished | 4/24/2026 |
GHOST Intelligence Report: Multi-Stage RAT Campaign via Blogspot/Wix Abuse 52-222-136-3-jameswtwt-20260423-cbc1c073-47fd1afd | Phishing | high | 1 file | Unpublished | 4/24/2026 |
GHOST Intelligence Report: Tech Support Scam Network on AWS EC2 54-177-189-169-skocherhan-20260419-56028-389f9102 | Phishing | high | 1 file | Unpublished | 4/24/2026 |
GHOST Investigation: Voltstealer (Discord Token Stealer) a36ed0753204-suyog41-20260421-cef880dc0c-4627a90c | Stealer | high | 1 file | Unpublished | 4/24/2026 |
GHOST OSINT Investigation: Bloated Signed Malware (>650MB) — Probable SolarMarker Variant bug-co-squiblydooblog-20260419-5d20c7e11-3a72776a | Stealer | high | 1 file | Unpublished | 4/24/2026 |
GHOST OSINT Investigation: SolarMarker Signed Malware — Bloated Installer with Revoked Certificate bug-co-squiblydooblog-20260423-5d20c7e11-abfb3fb1 | Stealer | high | 1 file | Unpublished | 4/24/2026 |
GHOST Investigation: docshub-secure[.]com — Booking.com Phishing → Remcos RAT / Weedhack docshub-secure-com-smica83-20260421-8a05-038bb65d | Phishing | high | 1 file | Unpublished | 4/24/2026 |
Threat Intelligence Report: Percentage.vbs — GT:VB.Laburrak.11 percentage-2735113c | Phishing | high | 1 file | Unpublished | 4/24/2026 |
GHOST OSINT Report: 104.18.27.173 — "Smile AiTM" REDUMP Investigation redump-104-18-27-173-smile-aitm-b077605c | Malware | medium | 1 file | Unpublished | 4/24/2026 |
Kimsuky Credential Phishing Infrastructure — Re-Investigation Report redump-165-154-52-8-kimsuky-a42b09f7 | APT | critical | 1 file | Unpublished | 4/24/2026 |
Go Relay RAT v1.0 — REDUMP Investigation Report redump-47-113-114-47-gorelayrat-c6c7a042 | RAT | high | 1 file | Unpublished | 4/24/2026 |
GHOST Intelligence Report: REFUNDEE / Shadow Panel PhaaS+RaaS Operation redump-refundonex-com-c2-202e68ef | Phishing | high | 1 file | Unpublished | 4/24/2026 |
GHOST Intelligence Report — your-c2[.]com (MorsWorm C2 REDUMP) redump-your-c2-com-morsworm-d2ef646a | RAT | high | 1 file | Unpublished | 4/24/2026 |
GHOST Intelligence Report: tpmspoof-fc094a9c tpmspoof-fc094a9c | Stealer | high | 1 file | Unpublished | 4/24/2026 |
GHOST OSINT — Threat Intelligence Report 212-23-206-230-justwanttoq1-20260422-a0d-cd5925dc | Phishing | high | 1 file | Unpublished | 4/24/2026 |
SOMEONE.vbs — Threat Intelligence Report someone-7b6bda86 | Stealer | high | 1 file | Unpublished | 4/24/2026 |
GHOST Investigation: ARMV4L Gafgyt/BotnetV2 — b515b4eb armv4l-b515b4eb | Botnet | high | 1 file | Unpublished | 4/24/2026 |
GHOST Intelligence Report — c56e7b25000.vbs c56e7b25000-e37c391c | Phishing | high | 1 file | Unpublished | 4/24/2026 |
GHOST Intelligence — Threat Actor Infrastructure Report less-c3c265d5 | Loader | high | 1 file | Unpublished | 4/24/2026 |
GHOST Intelligence — Threat Investigation Report tmp7120-tmp-154e3276 | Botnet | high | 1 file | Unpublished | 4/24/2026 |
GHOST Investigation: win.node / Glassworm win-4ebfe8f6 | Phishing | high | 1 file | Unpublished | 4/24/2026 |
GHOST Intelligence Report — GCleaner PPI Loader (MIX8 Variant) file-aacc8e2b | Phishing | high | 1 file | Unpublished | 4/24/2026 |
Threat Intelligence Report — Gafgyt ELF Sample (I586) i586-15cbd2d8 | IoT | high | 1 file | Unpublished | 4/24/2026 |
Threat Intelligence Report: njRAT / Bladabindi Sample 03bc37c41f16d9d57995345f18a4aa4e-ee000adc | Phishing | high | 1 file | Unpublished | 4/23/2026 |
GHOST Intelligence Report: Tech Support Scam Network on 54[.]177[.]189[.]169 54-177-189-169-skocherhan-20260423-56028-8d2f7f09 | Phishing | high | 1 file | Unpublished | 4/23/2026 |
Threat Intelligence Report: SilverFox / ValleyRAT — Taiwan Escort Scam + RAT Campaign protected-06ad5c66 | Phishing | high | 1 file | Unpublished | 4/23/2026 |
ValleyRAT Campaign — Infrastructure Analysis sample-a0123008 | Phishing | high | 1 file | Unpublished | 4/23/2026 |
GHOST Intelligence Report — Factory-v3 Stealer Campaign set-up-74a894f4 | Stealer | high | 1 file | Unpublished | 4/23/2026 |
GHOST Threat Intelligence Report set-up-46c8b1e5 | Stealer | high | 1 file | Unpublished | 4/23/2026 |
GHOST Intelligence Report: paksecurity[.]org paksecurity-org-malwrhunterteam-20260423-782e098d | APT | critical | 1 file | Unpublished | 4/23/2026 |
GHOST OSINT Investigation Report png-in-smica83-20260423-29bb57b8868c303c-e08cec28 | Phishing | high | 1 file | Unpublished | 4/23/2026 |
GHOST OSINT Report: techoption[.]org techoption-org-malwrhunterteam-20260423-7042858b | RAT | high | 1 file | Unpublished | 4/23/2026 |
GHOST Intelligence Report: travelmarkbd[.]com Phishing Infrastructure travelmarkbd-com-skocherhan-20260423-40e-cc8ea688 | Phishing | high | 1 file | Unpublished | 4/23/2026 |
GHOST Intelligence Report: travelmarkbd[.]com Microsoft Credential Phishing Infrastructure travelmarkbd-com-skocherhan-20260423-c84-e2c01b51 | Phishing | high | 1 file | Unpublished | 4/23/2026 |
GHOST Intelligence Report: Dust RAT 310650c781a1-suyog41-20260423-4e371f836a-77cbb98d | Botnet | high | 1 file | Unpublished | 4/23/2026 |
ShadowRAT Investigation Report 7500a83a4356-suyog41-20260423-a88790ee0e-37fa8d93 | APT | critical | 1 file | Unpublished | 4/23/2026 |
GHOST Intelligence Report: AgentTesla & PhantomStealer FTP C2 Infrastructure 86-107-32-157-jameswtwt-20260423-b5de7d6-00a8841a | Phishing | high | 1 file | Unpublished | 4/23/2026 |
GHOST Intelligence Report: Agent Tesla Campaign via Blogspot/Wix Redirectors b00king-org-jameswtwt-20260423-a13f0a5a9-e3b80654 | Phishing | high | 1 file | Unpublished | 4/23/2026 |
Threat Intelligence Report: Amadey + Browser Hijacker Combo b649944f79f7f0e8a1c550f92190015ce473b884-b649944f | Botnet | high | 1 file | Unpublished | 4/23/2026 |
GHOST Intelligence Report: Fake Booking.com Invoice Campaign blogspot-com-jameswtwt-20260423-a67d73c0-83bc6138 | Phishing | high | 1 file | Unpublished | 4/23/2026 |
GHOST Intelligence Report: corella[.]ro — Compromised SMTP Credentials in Malware corella-ro-shadowopcode-20260423-affe5d5-6541ebeb | Phishing | high | 1 file | Unpublished | 4/23/2026 |
GHOST OSINT Investigation: corella[.]ro corella-ro-shadowopcode-20260423-c1d3d1e-6199e621 | Phishing | high | 1 file | Unpublished | 4/23/2026 |
GHOST OSINT Report: crioralo[.]ru — QR Code Phishing Redirector crioralo-ru-shadowopcode-20260423-212ca7-5c1249b6 | Phishing | high | 1 file | Unpublished | 4/23/2026 |
Threat Intelligence Report: dat.bat — Multi-RAT Dropper Campaign dat-1aefae37 | Phishing | high | 1 file | Unpublished | 4/23/2026 |
GHOST Intelligence — Threat Investigation Report sea-depander-order-po-4633-b71287ca | Phishing | high | 1 file | Unpublished | 4/23/2026 |
Threat Intelligence Report: SilverFox/ValleyRAT — WetypeInstaller Trojan 2025-11-11-2739c9cd | Phishing | high | 1 file | Unpublished | 4/23/2026 |
Threat Intelligence Report: Indeed.bat / DonutLoader → Cobalt Strike indeed-6c403ed3 | Phishing | high | 1 file | Unpublished | 4/23/2026 |
GHOST Intelligence Report: sport.ps1 / PowerShell Infostealer Campaign sport-0671be8c | Phishing | high | 1 file | Unpublished | 4/23/2026 |
GHOST Investigation: endpointdlp.dll — Havoc C2 Beacon endpointdlp-d2705499 | RAT | high | 1 file | Unpublished | 4/23/2026 |
THREAT INTELLIGENCE REPORT k-46cd7521 | Loader | high | 1 file | Unpublished | 4/23/2026 |
ChromeSetup.exe — DarkComet RAT v5.3.0 Investigation chromesetup-7e9a4368 | Phishing | high | 1 file | Unpublished | 4/23/2026 |
GHOST Intelligence Report — ZcaLoader C2 Botnet file-71d7f390 | Phishing | high | 1 file | Unpublished | 4/23/2026 |
CDO.EXE — njrat/Bladabindi C2 Infrastructure Investigation cdo-0e7aac46 | Phishing | high | 1 file | Unpublished | 4/23/2026 |
GHOST Intelligence Report — quantium.exe / Vidar Stealer quantium-95cd4813 | Phishing | high | 1 file | Unpublished | 4/23/2026 |
GHOST Intelligence Report — DS4C1_577888-c01cd8c2 ds4c1-577888-c01cd8c2 | Phishing | high | 1 file | Unpublished | 4/22/2026 |
GHOST Investigation: 212.50.233[.]30 212-50-233-30-malwrhunterteam-20260422-e-49feb5ce | Phishing | high | 1 file | Unpublished | 4/22/2026 |
GHOST Intelligence Report — 23.94.252[.]145 23-94-252-145-smica83-20260422-d10d0eb86-5183b917 | Stealer | high | 1 file | Unpublished | 4/22/2026 |
GHOST Intelligence Report: Trojanized GitHubDesktopSetup with Rust Backdoor 4db0c13dbd77-suyog41-20260422-8bc47768b1-7b73f7ad | Phishing | high | 1 file | Unpublished | 4/22/2026 |
GHOST Intelligence Report: lkgkdsjd[.]com — Malware Distribution Infrastructure lkgkdsjd-com-jameswtwt-20260422-fe56ccaf-9aac2baa | Phishing | high | 1 file | Unpublished | 4/22/2026 |
185.177.72.0/24 Deep Dive -- Breakglass Intelligence Report 185-177-72-0-24-deep-dive | RAT | high | 1 file | Unpublished | 4/20/2026 |
APT41/Winnti ELF Backdoor (0fca9dae) — Breakglass Intelligence Report apt41-winnti-elf | APT | critical | 1 file | Unpublished | 4/20/2026 |
Booking.com ClickFix Campaign Delivering NetSupport RAT — Breakglass Intelligence Report booking-clickfix-netsupport | Phishing | high | 1 file | Unpublished | 4/20/2026 |
C2 Infrastructure at 116.202.208.125 -- Breakglass Intelligence Report c2-116-202-208 | Phishing | high | 1 file | Unpublished | 4/20/2026 |
GELD-PAYPAL / MHost SMS Fraud Operation — Breakglass Intelligence Report c2-45-151-106-88 | Phishing | high | 1 file | Unpublished | 4/20/2026 |
REFIRE: Amadey Botnet C2 on OMEGATECH Bulletproof Hosting -- Breakglass Intelligence Report c2-panel-158-94-210 | Botnet | high | 1 file | Unpublished | 4/20/2026 |
Operation InterviewBait -- Fake Job/Recruitment AiTM Phishing Campaign fake-job-phishing | Phishing | high | 1 file | Unpublished | 4/20/2026 |
FEZBOX npm Supply Chain Attack -- Operator Attribution Report fezbox-operator-attribution | RAT | high | 1 file | Unpublished | 4/20/2026 |
Operation REFIRE — Italian Banking Phishing Campaign (Multi-Kit) italian-phishing-batch | Phishing | high | 1 file | Unpublished | 4/20/2026 |
Kimsuky Webmail/Zoom/Naver/SharePoint Phishing Infrastructure -- Breakglass Intelligence Report kimsuky-webmail-zoom | APT | critical | 1 file | Unpublished | 4/20/2026 |
MacSync Stealer C2 Panel at 172.94.9.250 — Breakglass Intelligence Report macsync-c2-172-94-9 | Phishing | high | 1 file | Unpublished | 4/20/2026 |
Malware Analysis Report — `manual-final-app-exe` manual-final-app-exe | Stealer | high | 1 file | Unpublished | 4/20/2026 |
Operation BLOG HARVEST -- Kimsuky Mass Phishing Nexus at 158.247.219.150 mass-c2-158-247-219 | APT | critical | 1 file | Unpublished | 4/20/2026 |
MefStealer C2 Panel / NOMADS Group -- Breakglass Intelligence Report mefstealer-193-181-211 | Stealer | high | 1 file | Unpublished | 4/20/2026 |
nas.doc CVE-2026-21509 Exploit Targeting Pakistani Aerospace/Military -- Breakglass Intelligence Report nas-doc-cve-2026-21509 | APT | critical | 1 file | Unpublished | 4/20/2026 |
NEXUS-PHISH -- Multi-Campaign Phishing & RAT Infrastructure on DigitalOcean nexus-c2-159-203 | Phishing | high | 1 file | Unpublished | 4/20/2026 |
PlugX Mongolia (TA416/Mustang Panda) -- Breakglass Intelligence Report plugx-mongolia | APT | critical | 1 file | Unpublished | 4/20/2026 |
RodexRMM GoLang RAT -- Breakglass Intelligence Report rodexrmm-italy | Phishing | high | 1 file | Unpublished | 4/20/2026 |
SideWinder APT — Azerbaijan-Russia Diplomatic Crisis Lure Campaign sidewinder-azerbaijan | APT | critical | 1 file | Unpublished | 4/20/2026 |
TEAM24 Korean Credential Phishing Syndicate -- Breakglass Intelligence Report vercel-phishing-curly-spoon | Phishing | high | 1 file | Unpublished | 4/20/2026 |
ValleyRAT Win64/Valley.E — Multi-Stage BYOVD RAT 1144433760a0683413a85da271bc37ff9f296ac2-11444337 | Malware | medium | 0 files | Published | 3/13/2026 |
ValleyRAT / SilverFox — WinRAR SFX Dropper with WeChat Disguise sample-43b3eb69 | Malware | medium | 0 files | Published | 3/13/2026 |
Multi-RAT C2 Operator: XWorm, Hook, DCRat, AsyncRAT, njRAT — Breakglass Intelligence Report xworm-march9-v2 | Phishing | high | 1 file | Published | 3/13/2026 |
AgentTesla JScript Dropper — RFQ Spear-Phishing Loader rfq-no-600002389875-rg724-67218913 | Phishing | high | 1 file | Published | 3/13/2026 |
CountLoader HTML Smuggling Campaign — Breakglass Intelligence Report summer-data-rar-march11 | Phishing | high | 1 file | Published | 3/13/2026 |
NetSupport RAT v14.10 — ClickFix Dropper Campaign via applicationhost17.com upd-48c5a1c5-ddd4-465e-9c66-27efc1d5a846-36ad12ff | Phishing | high | 1 file | Published | 3/13/2026 |
KongTuke Investigation Report kongtuke | Phishing | high | 1 file | Published | 3/13/2026 |
LOKI Ransomware/Extortion Operation — Full Infrastructure & Panel Analysis loki-195-24-237-4a5e66e1 | Phishing | high | 2 files | Published | 3/13/2026 |
GlassWorm HTML Infostealer/RAT — Obfuscated JavaScript Dropper with Crypto-Targeting C2 moscow-snapshot-final-169-4bda09e2 | Phishing | high | 1 file | Unpublished | 3/13/2026 |
AgentTesla - Multi-Stage JScript Dropper with Process Hollowing 3db3441ad26bdcc182b5cbc75c435e34-fd1099c9 | Phishing | high | 1 file | Published | 3/13/2026 |
PhantomStealer - Multi-Stage .NET Credential & Data Stealer 440924160cd002f96143ab33e2f67a76-129ad6e2 | Stealer | high | 1 file | Published | 3/13/2026 |
AgentTesla JScript Dropper - Firebase-Staged PowerShell Downloader 66fe9a16f2c5f0fc526e524b42757b0f-54486b9a | Phishing | high | 1 file | Published | 3/13/2026 |
PhantomStealer v3.5.0 — Multi-Stage WSH Dropper / .NET Infostealer (MaaS) af24b03f9afd4f18488362cd959e5606-0191ba81 | Phishing | high | 1 file | Published | 3/13/2026 |
AgentTesla v3 — Five-Stage JavaScript Dropper with SMTP Exfiltration b78e6df5cd46adfe6472ccd1edc3bff0-99ef1d72 | Phishing | high | 1 file | Published | 3/13/2026 |
DataSurge Botnet — Mirai Variant IoT Dropper with DNS-Based Dynamic C2 bbc-c308e276 | IoT | high | 1 file | Published | 3/13/2026 |
BlinkzSec — Russian Tech-Support Scam / Reverse SSH-RDP Backdoor blinkzsec-march13 | Phishing | high | 2 files | Published | 3/13/2026 |
AgentTesla/SnakeKeylogger — Multi-Layer VBScript Dropper (PO_20981.vbe) c1aa056379f7b130413716aff900e70d-337e2b2a | Phishing | high | 1 file | Published | 3/13/2026 |
njRAT v0.7d (Bladabindi) — Active C2 Campaign via No-IP DDNS client-2000c551 | Phishing | high | 1 file | Published | 3/13/2026 |
Formbook - VBScript Dropper with IPFS-Hosted Steganographic Loader d107b3bf4609b4c1bc3ecc06d518d2df-95f69328 | Phishing | high | 1 file | Published | 3/13/2026 |
LummaStealer — HTML Smuggling Dropper with Multi-Stage Cryptocurrency & Browser Credential Theft devops-y-snapshot-305-f835a5b2 | Phishing | high | 1 file | Unpublished | 3/13/2026 |
Malware Intelligence Report f49c10a3bd04f2f0312773be0cd9ea53-eba6c85e | Phishing | high | 1 file | Published | 3/13/2026 |
Threat Intelligence Report: PhantomStealer v3.5.0 fa457a24c1170f9f39f3c07b624d31dc-600436ca | Phishing | high | 1 file | Published | 3/13/2026 |
Honeypot Counter-Intelligence Hunt — March 13, 2026 honeypot-march13 | IoT | high | 5 files | Published | 3/13/2026 |
Sora/Mirai Botnet Dropper (ohshit.sh) -- Breakglass Intelligence Report ohshit-shell-march11 | Botnet | high | 2 files | Published | 3/12/2026 |
GHOST Investigation: Parasitic Training Insect — Signed MSI Campaign parasitic-msi-march11 | Phishing | high | 1 file | Published | 3/12/2026 |
GoDrive.vhdx -- APT-C-60 SpyGlace Campaign Analysis godrive-vhdx-march12 | APT | critical | 1 file | Published | 3/12/2026 |
Leveros Club SpyAgent -- Brazilian Banking Trojan with Chinese-Origin Signing Certificate leveros-spyagent-march12 | Phishing | high | 1 file | Published | 3/12/2026 |
libcef.dll Brazilian Banking Trojan -- SEFAZ Impersonation Campaign libcef-banker-march11 | Phishing | high | 1 file | Published | 3/12/2026 |
CountLoader HTML Smuggling Campaign (March 12, 2026) -- Breakglass Intelligence Report meeting-images-march12 | Phishing | high | 1 file | Published | 3/12/2026 |
Operation MAYNA HARVEST -- Ukrainian MoD Phishing Campaign Delivering Remcos RAT nakaz-ukraine-march12 | APT | critical | 1 file | Published | 3/12/2026 |
SWIFT COPY.JS AgentTesla Dropper -- Breakglass Intelligence Report swift-js-march12 | Phishing | high | 1 file | Published | 3/12/2026 |
ValleyRAT DLL Loader (March 12, 2026) -- Breakglass Intelligence Report valleyrat-march12 | APT | critical | 1 file | Published | 3/12/2026 |
ConnectWise ScreenConnect Abuse: Spanish "Factura" Lure Campaign -- Breakglass Intelligence Report connectwise-factura-march11 | Phishing | high | 1 file | Published | 3/11/2026 |
ACRStealer with Telegraph Dead Drop Resolver — Breakglass Intelligence Report acrstealer-march11 | Stealer | high | 1 file | Published | 3/11/2026 |
BadPaw .NET Trojan Downloader -- Breakglass Intelligence Report badpaw-march11 | Loader | high | 1 file | Published | 3/11/2026 |
Joker/Bread Android Trojan: Rust+ChaCha20 Variant in "Cute Emoji Wallpaper" -- Breakglass Intelligence Report joker-emoji-march11 | Loader | high | 1 file | Published | 3/11/2026 |
PhantomStealer JavaScript Dropper Campaign -- Breakglass Intelligence Report phantomstealer-march11 | Stealer | high | 1 file | Published | 3/11/2026 |
Operation Fake Carbanak: Multi-Malware Campaign Targeting Security Researchers via Vidar Stealer vidar-carbanak-march11 | Phishing | high | 3 files | Published | 3/11/2026 |
Breakglass Intelligence Report: Gh0stRAT Campaign (March 2026) gh0strat-march11 | Phishing | high | 1 file | Published | 3/11/2026 |
Breakglass Intelligence Report: MSC-Loader (Kimsuky) msc-loader-march11 | APT | critical | 1 file | Published | 3/11/2026 |
Breakglass Intelligence Report: UKR-Lure BES Campaign ukr-lure-march11 | Phishing | high | 1 file | Published | 3/11/2026 |
Vjw0rm RAT Dropper Chain -- Breakglass Intelligence Report vjw0rm-march11 | Phishing | high | 1 file | Published | 3/11/2026 |
Breakglass Intelligence Report: TrojanizedAutoCAD Campaign autocad-trojan-march11 | Loader | high | 1 file | Published | 3/11/2026 |
Breakglass Intelligence Report: CVE-2026-21509 Exploit Analysis cve2026-21509-march11 | APT | critical | 1 file | Published | 3/11/2026 |
ClickFix / FakeCaptcha Booking.com Campaign — Breakglass Intelligence Report clickfix-booking-march10 | Phishing | high | 1 file | Published | 3/11/2026 |
GoldFX — Breakglass Intelligence Report goldfx-march10 | Phishing | high | 1 file | Published | 3/11/2026 |
OffLoader Loader/Dropper -- Breakglass Intelligence Report offloader-march10 | Phishing | high | 1 file | Published | 3/11/2026 |
QuasarRAT Multi-RAT C2 Infrastructure -- Breakglass Intelligence Report quasarrat-march10 | APT | critical | 1 file | Published | 3/11/2026 |
RedTail Cryptominer (Multiverze Variant) -- Breakglass Intelligence Report redtail-march10 | Phishing | high | 1 file | Published | 3/11/2026 |
verification.google / lets74.dll -- Breakglass Intelligence Report verification-google-march10 | Stealer | high | 1 file | Published | 3/11/2026 |
SilverFox Trojanized Arma 3 Campaign -- Breakglass Intelligence Report emotet-march10 | Phishing | high | 1 file | Published | 3/10/2026 |
Evil Stealer — @solostalking Pivot Findings evil-stealer | Stealer | high | 1 file | Published | 3/10/2026 |
Evil Stealer — Breakglass Intelligence Report evilstealer-march10 | Stealer | high | 3 files | Published | 3/10/2026 |
MacSync Stealer / BarkBlitz — Breakglass Intelligence Report macsync-march10 | Phishing | high | 1 file | Published | 3/10/2026 |
RESOKER RAT -- Breakglass Intelligence Report resoker-march10 | RAT | high | 1 file | Published | 3/10/2026 |
Shadow RAT Panel v2.0 -- Breakglass Intelligence Report shadowrat-march10 | Phishing | high | 1 file | Published | 3/10/2026 |
SmokeLoader Remus Plugin Campaign (March 2026) — Breakglass Intelligence Report smokeloader-march10 | Botnet | high | 1 file | Published | 3/10/2026 |
DarkCloud Stealer via AutoIt Multi-Payload Crypter — Breakglass Intelligence Report a310logger-march10 | Phishing | high | 1 file | Published | 3/10/2026 |
AgentTesla JS Dropper (DonutLoader Chain) -- Breakglass Intelligence Report agenttesla-march10 | Phishing | high | 1 file | Published | 3/10/2026 |
Amadey Botnet (fbf543 Campaign) -- Breakglass Intelligence Report amadey-march10 | Botnet | high | 1 file | Published | 3/10/2026 |
PhishingRAT AsyncRAT Campaign -- Breakglass Intelligence Report asyncrat-march10 | Phishing | high | 1 file | Published | 3/10/2026 |
DarkGate Campaign 4479023 -- Breakglass Intelligence Report darkgate-march10 | Stealer | high | 1 file | Published | 3/10/2026 |
DCRat (DarkCrystal RAT) -- Russian Shared Hosting Campaign -- Breakglass Intelligence Report dcrat-march10 | Stealer | high | 1 file | Published | 3/10/2026 |
DeerStealer via GhostPulse/IDAT Loader -- Breakglass Intelligence Report deerstealer-march10 | Stealer | high | 1 file | Published | 3/10/2026 |
Formbook/XLoader JavaScript Dropper -- Breakglass Intelligence Report formbook-march10 | Phishing | high | 1 file | Published | 3/10/2026 |
GhostPulse/IDAT Loader via ShadowLadder Campaign -- Breakglass Intelligence Report ghostpulse-march10 | Phishing | high | 1 file | Published | 3/10/2026 |
GoToResolve RMM Abuse Campaign -- Breakglass Intelligence Report gotoresolve-march10 | APT | critical | 1 file | Published | 3/10/2026 |
GuLoader NSIS Campaign -- Breakglass Intelligence Report guloader-march10 | Phishing | high | 1 file | Published | 3/10/2026 |
LummaStealer Go Loader / fbf543 Amadey Campaign -- Breakglass Intelligence Report lummastealer-march10 | Stealer | high | 1 file | Published | 3/10/2026 |
MeshAgent RMM Abuse Campaign ("traffic-rc") -- Breakglass Intelligence Report meshagent-march10 | Phishing | high | 1 file | Published | 3/10/2026 |
A0Backdoor / Storm-1811 Signed Malware Cluster -- Breakglass Intelligence Report multimedios-march10 | Phishing | high | 1 file | Published | 3/10/2026 |
NetSupport RAT via ClickFix Social Engineering Campaign -- Breakglass Intelligence Report netsupport-march10 | Phishing | high | 1 file | Published | 3/10/2026 |
XWorm RAT "Token GrabberV2" -- Breakglass Intelligence Report njrat-march10 | Phishing | high | 1 file | Published | 3/10/2026 |
PhantomStealer Campaign Analysis -- Breakglass Intelligence Report phantomstealer-march10 | Stealer | high | 2 files | Published | 3/10/2026 |
QakBot tchk08 MSI Dropper -- Breakglass Intelligence Report qakbot-march10 | Phishing | high | 1 file | Published | 3/10/2026 |
ClearFake + HijackLoader + Raccoon Stealer v2 -- MSIX Package Campaign raccoon-march10 | Stealer | high | 1 file | Published | 3/10/2026 |
RedLine Stealer: CETA Supply Chain Attack -- Breakglass Intelligence Report redline-march10 | Stealer | high | 1 file | Published | 3/10/2026 |
RemcosRAT "SkyLNK" HTA Campaign -- Breakglass Intelligence Report remcosrat-hta-march10 | Phishing | high | 1 file | Published | 3/10/2026 |
RemcosRAT Multi-Stage JavaScript Dropper Campaign -- Breakglass Intelligence Report remcosrat-js-march10 | Phishing | high | 1 file | Published | 3/10/2026 |
ResolverRAT Multi-Tool Campaign -- Breakglass Intelligence Report resolverrat-march10 | Stealer | high | 1 file | Published | 3/10/2026 |
SectopRAT/Arechclient2 -- ACRStealer Delivery Campaign sectoprat-march10 | Stealer | high | 1 file | Published | 3/10/2026 |
SnakeKeylogger Multi-Vector Campaign -- Breakglass Intelligence Report snakekeylogger-march10 | Stealer | high | 1 file | Published | 3/10/2026 |
StealC Infostealer (Botnet 3 / joscramp.top) -- Breakglass Intelligence Report stealc-march10 | Stealer | high | 2 files | Published | 3/10/2026 |
ValleyRAT "Codemark" Campaign -- Breakglass Intelligence Report valleyrat-march10 | RAT | high | 1 file | Published | 3/10/2026 |
Vidar Stealer March 2026 Campaign -- Breakglass Intelligence Report vidar-march10 | Phishing | high | 1 file | Published | 3/10/2026 |
XWorm v6.4 Go Loader with ScrubCrypt Dropper -- Breakglass Intelligence Report xworm-march10 | Stealer | high | 1 file | Published | 3/10/2026 |
zgRAT Booking.com ClickFix Campaign -- Breakglass Intelligence Report zgrat-march10 | Phishing | high | 1 file | Published | 3/10/2026 |
CryptoVista Trojanized Installer -- Breakglass Intelligence Report cryptovista-march9 | Phishing | high | 1 file | Published | 3/10/2026 |
EY Invoice VBS Dropper / XWorm 7.4 RAT -- Breakglass Intelligence Report ey-invoice-march9 | Phishing | high | 1 file | Published | 3/10/2026 |
Gunra Ransomware Linux ELF Variant -- Breakglass Intelligence Report gunra-march9 | Ransomware | high | 1 file | Published | 3/10/2026 |
Lazarus Group Dual-Tool Campaign: Medusa Ransomware + IME Sideloading Loader — Breakglass Intelligence Report lazarus-march9 | APT | critical | 1 file | Published | 3/10/2026 |
MuddyWater Python Dropper: mazafakaerindahouse Campaign -- Breakglass Intelligence Report muddywater-march9 | APT | critical | 1 file | Published | 3/10/2026 |
ACRStealer / AmateraStealer — Breakglass Intelligence Report acrstealer-march9 | Stealer | high | 1 file | Published | 3/10/2026 |
AgentTesla NSIS Dropper -- Breakglass Intelligence Report agenttesla-march9 | Phishing | high | 1 file | Published | 3/10/2026 |
AsyncRAT "PhishingRAT" Variant -- Breakglass Intelligence Report asyncrat-march9 | Phishing | high | 1 file | Published | 3/10/2026 |
Weaponized NQVM/NetSupport Manager RAT — Misclassified as BruteRatel C4 bruteratel-march9 | RAT | high | 1 file | Published | 3/10/2026 |
BumbleBee Loader "Shanya" Campaign -- Breakglass Intelligence Report bumblebee-march9 | Botnet | high | 1 file | Published | 3/10/2026 |
ClickFix EternalRocks Dropper (bruce.php) -- Breakglass Intelligence Report clickfix-march9 | Phishing | high | 1 file | Published | 3/10/2026 |
CobaltStrike Stager + Shellcode Beacon -- Breakglass Intelligence Report cobaltstrike-march9 | Phishing | high | 1 file | Published | 3/10/2026 |
DCRat "Trillex" Campaign — Breakglass Intelligence Report dcrat-march9 | Phishing | high | 1 file | Published | 3/10/2026 |
Emotet/SilverFox March 2026 Campaign Analysis — Breakglass Intelligence Report emotet-march9 | Loader | high | 1 file | Published | 3/10/2026 |
Formbook/XLoader Infostealer — Breakglass Intelligence Report formbook-march9 | Phishing | high | 1 file | Published | 3/10/2026 |
CountLoader HTML Smuggling Campaign -- Breakglass Intelligence Report polyglot-march9 | Phishing | high | 1 file | Published | 3/10/2026 |
ResolverRAT + LummaStealer Multi-Payload .NET Loader -- Breakglass Intelligence Report resolverrat-march9 | Stealer | high | 1 file | Published | 3/10/2026 |
Rhadamanthys Stealer JS Dropper ("Hotel-SEP" Campaign) -- Breakglass Intelligence Report rhadamanthys-march9 | Phishing | high | 1 file | Published | 3/10/2026 |
RMM Tool Abuse Campaign -- Amadey/fbf543 rmm-abuse-march9 | Botnet | high | 1 file | Published | 3/10/2026 |
ScreenConnect RMM Abuse Campaign (March 2026) -- Breakglass Intelligence Report screenconnect-march9 | Phishing | high | 1 file | Published | 3/10/2026 |
SocGholish (FakeUpdates) March 2026 Campaign Wave -- Breakglass Intelligence Report socgholish-march9 | Phishing | high | 1 file | Published | 3/10/2026 |
StealC Infostealer (joscramp[.]top Campaign) -- Breakglass Intelligence Report stealc-march9 | Stealer | high | 1 file | Published | 3/10/2026 |
Vidar Stealer Campaign Investigation -- March 9, 2026 vidar-march9 | Botnet | high | 1 file | Published | 3/10/2026 |
"Mich0 Shell" (fonts.php) -- Breakglass Intelligence Report webshell-march9 | Phishing | high | 1 file | Published | 3/10/2026 |
XWorm RAT Campaign Analysis — March 9, 2026 xworm-march9 | Stealer | high | 1 file | Published | 3/10/2026 |