Malware Tracker

A long-running .NET-based keylogger and infostealer distributed primarily through phishing emails, with extensive data exfiltration channel options.

Akira is a ransomware family first observed in 2023, known for targeting organizations with double-extortion tactics and data exfiltration.

An open-source .NET remote access trojan widely adopted by threat actors for its extensibility, ease of deployment, and active community development.

Black Basta is a ransomware-as-a-service operation that emerged in early 2022, known for encrypting Windows systems and exfiltrating data to pressure...

Cobalt Strike is a commercial penetration testing and red teaming framework that has been widely adopted by threat actors for post-exploitation activities...

Emotet is a sophisticated malware family that evolved from a banking trojan into a modular loader used to distribute other malicious payloads via email...

A prolific information stealer and form grabber sold as malware-as-a-service, known for its advanced anti-analysis techniques and cross-platform evolution into XLoader.

INC Ransom is a ransomware family known for double-extortion tactics, encrypting files and threatening to leak stolen data from victims.

LockBit is a ransomware-as-a-service family known for its speed, automated deployment, and double-extortion tactics targeting organizations globally.

A Malware-as-a-Service infostealer sold on dark web forums, specializing in cryptocurrency wallet theft and browser credential extraction.

Medusa is a human-operated ransomware family known for double-extortion tactics, targeting organizations globally since 2019 with data theft and encryption.

Mirai is a Linux-based botnet malware that infects Internet of Things devices to launch large-scale distributed denial-of-service attacks.

Qilin is a ransomware-as-a-service operation that emerged in 2022, known for targeting large organizations with double-extortion tactics and data exfiltration.

A lightweight open-source remote administration tool for Windows, widely repurposed by both cybercriminals and nation-state actors for persistent remote access.

A C/C++ infostealer operated as MaaS, known for its user-friendly panel and the arrest of its lead developer by the FBI in 2022.

RansomHub is a ransomware-as-a-service operation that emerged in early 2024, known for encrypting files and exfiltrating data to pressure victims into...

A widely distributed .NET-based infostealer sold on underground forums, known for harvesting browser credentials, cryptocurrency wallets, and system metadata.

A commercial remote access tool frequently abused by threat actors for surveillance, credential theft, and persistent backdoor access.

A .NET-based keylogger and credential stealer sold on underground forums, notable for its multiple data exfiltration channels and aggressive harvesting capabilities.

A C++-based infostealer forked from Arkei, notable for abusing legitimate platforms like Telegram and Steam for dead-drop C2 resolution.