Malware Intelligence
Track and analyze known malware families, their variants, and associated indicators across the threat landscape
Malware
3,260
Events
2,847
Attributes
58,599
CS
Cobalt Strike
Rank: 1
Events
78
IoCs
4,433
Cobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named 'Beacon' on the victim machine. Beacon include...
Synonyms
Suspected Victims
HV
Havoc
Rank: 2
Events
2
IoCs
30
First released in October 2022, the Havoc C2 Framework is a flexible post-exploitation framework written in Golang, C++, and Qt, with...
Synonyms
Suspected Victims
VS
Vshell
Rank: 3
Events
18
IoCs
202
Vshell is an OST framework written in Go, enabling availability of implants for multiple platforms (Windows, Linux, macOS).
Synonyms
Suspected Victims
EM
Emotet
Rank: 4
Events
156
IoCs
12,847
Modular banking trojan and botnet known for distributing secondary payloads including TrickBot and Ryuk ransomware through spam campaigns.
Synonyms
Suspected Victims
RY
Ryuk
Rank: 5
Events
89
IoCs
8,234
Targeted ransomware often deployed via TrickBot or Emotet infections, known for encrypting entire networks and demanding large ransoms.
Synonyms
Suspected Victims
TB
TrickBot
Rank: 6
Events
67
IoCs
6,891
Sophisticated modular banking trojan that evolved into a primary delivery mechanism for ransomware including Ryuk and Conti.
Synonyms
Suspected Victims
CO
Conti
Rank: 7
Events
112
IoCs
9,456
Ransomware-as-a-service operation responsible for high-profile attacks against critical infrastructure, hospitals, and government entities.
Synonyms
Suspected Victims
RE
REvil
Rank: 8
Events
45
IoCs
3,678
Ransomware-as-a-service operation known for targeting large enterprises with double-extortion tactics and high ransom demands.
Synonyms
Suspected Victims
DS
DarkSide
Rank: 9
Events
34
IoCs
2,891
Ransomware-as-a-service operation responsible for critical infrastructure attacks including Colonial Pipeline disruption.
Synonyms
Suspected Victims
QK
QakBot
Rank: 10
Events
52
IoCs
4,123
Banking trojan that evolved into a versatile dropper for ransomware, capable of credential theft, data exfiltration, and lateral movement.
Synonyms
Suspected Victims
AT
Agent Tesla
Rank: 11
Events
98
IoCs
7,654
.NET-based information stealer that captures keystrokes, screenshots, and credentials, sold on underground forums since 2014.
Synonyms
Suspected Victims
FB
FormBook
Rank: 12
Events
41
IoCs
3,210
Information stealer available as malware-as-a-service, capable of extracting form data, keystrokes, and browser credentials.
Synonyms
Suspected Victims
MI
Mirai
Rank: 13
Events
234
IoCs
15,678
IoT botnet malware that scans for vulnerable devices, enrolls them in a botnet for DDoS attacks, and spreads via Telnet brute-force.
Synonyms
Suspected Victims
RL
RedLine
Rank: 14
Events
67
IoCs
5,123
Stealer-as-a-service that harvests credentials, session tokens, and cryptocurrency wallets from infected machines.
Synonyms
Suspected Victims
IC
IcedID
Rank: 15
Events
29
IoCs
2,345
Banking trojan turned initial access broker, frequently used to deploy ransomware including Conti and REvil on compromised networks.
Synonyms
Suspected Victims
GM
GuptiMax
Rank: 16
Events
15
IoCs
1,890
Adware and potentially unwanted program that bundles with free software, displaying aggressive advertisements and collecting user data.
Synonyms
Suspected Victims