RECENTLY ADDED

The latest threat actors and tools that your organization should learn about
Facefish
Facefish

Facefish is a Linux rootkit that targets Linux x64 systems to inject malicious code, hijack the s...

keyboard_arrow_right
Ebury
Ebury

Ebury is an SSH backdoor targeting Linux operating systems. Attackers require root-level access, ...

keyboard_arrow_right
Windigo
Windigo

The Windigo group has been operating since at least 2011, compromising thousands of Linux and Uni...

keyboard_arrow_right
UNC1945
UNC1945

UNC1945 is a threat group active since 2018 and is known to target telecommunication companies an...

keyboard_arrow_right
BlackTech
BlackTech

BlackTech is a cyber espionage group operating against targets in East Asia, particularly Taiwan,...

keyboard_arrow_right
Adwind
Adwind

Adwind RAT is a cross-platform, multifunctional malware program written in Java that is distribut...

keyboard_arrow_right
Ratty
Ratty

Ratty is an open source Java RAT, made available on GitHub and promoted heavily on HackForums. ...

keyboard_arrow_right
Machete
Machete

Machete is a cyber espionage toolset used by Machete. It is a Python-based backdoor targeting Win...

keyboard_arrow_right
BADNEWS
BADNEWS

BADNEWS malware has been used by the actors responsible for the Patchwork campaign. Its name was ...

keyboard_arrow_right
Kobalos
Kobalos

Kobalos is a multi-platform backdoor dubbed targeting Linux, FreeBSD, Solaris, AIX and Windows. K...

keyboard_arrow_right
TrickBot
TrickBot

TrickBot is a Trojan spyware program that has mainly been used for targeting banking users in the...

keyboard_arrow_right
Winnti Group
Winnti Group

Winnti Group is a threat group with Chinese origins that has been active since at least 2010. The...

keyboard_arrow_right
ShadowHammer
ShadowHammer

ShadowHammer discovered in January 2019 refers to a Software Supply Chain Compromise of one of AS...

keyboard_arrow_right
Skidmap
Skidmap

Skidmap is a kernel-mode Linux rootkit used for cryptocurrency mining.(Citation: Trend Micro Skid...

keyboard_arrow_right
ShadowPad
ShadowPad

ShadowPad is a modular backdoor that was first identified in a Software Supply Chain Compromise o...

keyboard_arrow_right
APT17
APT17

APT17 is a China-based threat group that has conducted network intrusions against U.S. government...

keyboard_arrow_right
CCBkdr
CCBkdr

CCBkdr refers to the backdoor injected into a signed and valid version of CCleaner and distribute...

keyboard_arrow_right
PLEAD
PLEAD

PLEAD is a remote access tool (RAT) and downloader active since 2012 and used by BlackTech in tar...

keyboard_arrow_right
Cobalt Strike
Cobalt Strike

Cobalt Strike is an exploitation framework developed for security professionals for emulating tar...

keyboard_arrow_right
APT40
APT40

APT40 is a cyber espionage group that has been active since at least 2013. The group generally ta...

keyboard_arrow_right