-
AlienVault
Confidence 100
[BRICKSTORM](https://attack.mitre.org/software/S9015) is a cross-platform backdoor with variants written in Go and Rust that facilitates command and control, the ingress transfer of other malware, and the exfiltration of data.(Citation:…
First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault
Confidence 100
[DynoWiper](https://attack.mitre.org/software/S9038) is a destructive malware associated with the [2025 Poland Wiper Attacks](https://attack.mitre.org/campaigns/C0063) in December of 2025. [DynoWiper](https://attack.mitre.org/software/S9038) is a native Windows binary that is distributed by a PowerShell…
First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault
Confidence 100
PureCrypter is a fully-featured malware loader, developed by a threat actor called “PureCoder," that has been in use since at least 2021 to distribute a variety of remote…
First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Family
The MITRE Corporation
Confidence 100
[HIUPAN](https://attack.mitre.org/software/S1230) (aka U2DiskWatch) is a is a worm that propagates through removable drives known to be leveraged by [Mustang Panda](https://attack.mitre.org/groups/G0129) and was first observed utilized in 2024. (Citation:…
First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault
Confidence 100
[PHASEJAM](https://attack.mitre.org/software/S9014) is a dropper written as a bash shell script that modifies Ivanti Connect Secure appliance components. [PHASEJAM](https://attack.mitre.org/software/S9014) was first reported in January 2025. [PHASEJAM](https://attack.mitre.org/software/S9014) has previously been…
First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault
Confidence 100
[GlassWorm](https://attack.mitre.org/software/S9010) is a worm that propagated through supply chain attacks by compromising repository credentials from victim environments and having malicious payloads added to those compromised accounts for distribution…
First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault
Confidence 100
[Shai-Hulud](https://attack.mitre.org/software/S9008) is a supply chain worm, first reported in September 2025, that spreads through code repositories, including GitHub and NPM packages. It exploits CI/CD pipeline dependencies to propagate…
First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault
Confidence 100
[AshTag](https://attack.mitre.org/software/S9031) is a modular .NET backdoor with multiple features that has been used by [WIRTE](https://attack.mitre.org/groups/G0090) since at least 2025. [AshTag](https://attack.mitre.org/software/S9031) is designed for persistence and remote command execution…
First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault
Confidence 100
[MuddyViper](https://attack.mitre.org/software/S9032) is custom backdoor written in C and C++ used by [MuddyWater](https://attack.mitre.org/groups/G0069) for command and control (C2) communications and persistence. [MuddyViper](https://attack.mitre.org/software/S9032) is loaded by [Fooder](https://attack.mitre.org/software/S9033) and sends frequent…
First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Family
The MITRE Corporation
Confidence 75
[SPAWNCHIMERA](https://attack.mitre.org/software/S9024) is a backdoor that supports command and control and can inject malicious components into native processes.(Citation: CISA SPAWNCHIMERA RESURGE February 2026)(Citation: Google UNC5221 BRICKSTORM SPAWNCHIMERA April 2024)(Citation:…
First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Family
The MITRE Corporation
Confidence 100
[UPPERCUT](https://attack.mitre.org/software/S0275) is a backdoor that has been used by [menuPass](https://attack.mitre.org/groups/G0045). (Citation: FireEye APT10 Sept 2018)
First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation
Confidence 100
[Qilin](https://attack.mitre.org/software/S1242) ransomware is a Ransomware-as-a-Service (RaaS) that has been active since at least 2022 with versions written in Golang and Rust that are capable of targeting Windows or…
First seen 01/01/1970 · Last seen 16/11/5138 ·