Live malware tracking pulled from the database, organised by super cluster, cluster, and malware family.
Chinese cybercrime actor also known as APT-Q-27. (Though some say that both titles are being applied too broadly.) There seem to be at least two different groups, one using variants of ValleyRAT and one using variants of Zhong Stealer (also a RAT). Both groups take breaks at the same time and resume work at the same time.
| Malware | Submissions | Unique Certs | First Cert | Last Cert |
|---|---|---|---|---|
| ValleyRAT | 34 | 31 | 2024-06-06 | 2026-02-18 |
| Zhong Stealer | 70 | 68 | 2023-03-21 | 2026-04-17 |
| Malware | Submissions | Unique Certs | First Cert | Last Cert |
|---|---|---|---|---|
| Unknown | 1 | 1 | 2025-05-08 | 2025-05-08 |
| Malware | Submissions | Unique Certs | First Cert | Last Cert |
|---|---|---|---|---|
| PDFast | 7 | 7 | 2024-04-09 | 2024-12-20 |
| Malware | Submissions | Unique Certs | First Cert | Last Cert |
|---|---|---|---|---|
| Patchwork | 8 | 8 | 2023-05-10 | 2025-07-31 |
| Malware | Submissions | Unique Certs | First Cert | Last Cert |
|---|---|---|---|---|
| MarkiRAT | 1 | 1 | 2025-07-28 | 2025-07-28 |
Malware in this cluster were reported by Checkpoint in these publications: https://research.checkpoint.com/2025/nimbus-manticore-deploys-new-malware-targeting-europe/ https://research.checkpoint.com/2026/fast-and-furious-nimbus-manticore-operations-during-the-iranian-conflict/
| Malware | Submissions | Unique Certs | First Cert | Last Cert |
|---|---|---|---|---|
| MiniFast | 2 | 2 | 2025-10-21 | 2026-03-26 |
| TA455 | 5 | 5 | 2025-03-14 | 2025-07-09 |
| Malware | Submissions | Unique Certs | First Cert | Last Cert |
|---|---|---|---|---|
| BR-04 | 1 | 1 | 2026-03-12 | 2026-03-12 |
| Latam Banker | 4 | 4 | 2023-11-03 | 2025-02-06 |
| Unknown | 1 | 1 | 2026-04-01 | 2026-04-01 |
| Malware | Submissions | Unique Certs | First Cert | Last Cert |
|---|---|---|---|---|
| Forever Botnet,BR-01 | 17 | 17 | 2026-01-27 | 2026-04-23 |
| Malware | Submissions | Unique Certs | First Cert | Last Cert |
|---|---|---|---|---|
| BR-02 | 2 | 2 | 2026-02-12 | 2026-03-12 |
| Malware | Submissions | Unique Certs | First Cert | Last Cert |
|---|---|---|---|---|
| MeshAgent | 1 | 1 | 2024-01-15 | 2024-01-15 |
| Malware | Submissions | Unique Certs | First Cert | Last Cert |
|---|---|---|---|---|
| BatLoader | 17 | 17 | 2021-12-24 | 2024-09-05 |
| BumbleBee | 16 | 16 | 2022-07-08 | 2026-02-04 |
| CastleLoader | 44 | 44 | 2025-03-14 | 2026-04-23 |
| Crazy Evil Traffer Team | 2 | 1 | 2024-09-23 | 2024-09-23 |
| NetSupport RAT | 54 | 51 | 2019-07-01 | 2024-10-11 |
| ZeroDayTraffer | 1 | 1 | 2025-02-15 | 2025-02-15 |
| Malware | Submissions | Unique Certs | First Cert | Last Cert |
|---|---|---|---|---|
| RUS-51 | 3 | 3 | 2023-12-29 | 2024-11-19 |
Singular developer who sold remote access for on-device fraud. Developer was responsible for a panel that affiliates used to connect to victims.
| Malware | Submissions | Unique Certs | First Cert | Last Cert |
|---|---|---|---|---|
| SolarMarker | 102 | 101 | 2020-08-04 | 2024-05-28 |
| Malware | Submissions | Unique Certs | First Cert | Last Cert |
|---|---|---|---|---|
| .NET Adloader | 1 | 1 | 2023-03-11 | 2023-03-11 |
| APXLoader | 1 | 1 | 2026-05-04 | 2026-05-04 |
| Adware:Win32/Tnega | 1 | 1 | 2024-09-02 | 2024-09-02 |
| AgentTesla | 2 | 2 | 2019-10-17 | 2025-03-11 |
| Agentb | 1 | 1 | 2025-02-13 | 2025-02-13 |
| AirStalk | 1 | 1 | 2024-06-28 | 2024-06-28 |
| Amadey | 5 | 5 | 2020-11-06 | 2024-05-07 |
| Amadey_stage2 | 4 | 4 | 2025-08-11 | 2025-10-22 |
| AntiemuleLoader | 1 | 1 | 2025-11-14 | 2025-11-14 |
| AnyDesk | 1 | 1 | 2024-12-30 | 2024-12-30 |
| AnyDeskLoader | 1 | 1 | 2025-03-24 | 2025-03-24 |
| AnyPDFTrojan | 1 | 1 | 2025-04-16 | 2025-04-16 |
| Arechclient2 | 1 | 1 | 2025-03-06 | 2025-03-06 |
| AsyncRAT | 16 | 16 | 2024-04-24 | 2026-01-27 |
| AsyncRat,PureCrypter | 1 | 1 | 2024-10-21 | 2024-10-21 |
| AureliaLoader | 4 | 4 | 2025-07-25 | 2025-09-10 |
| AutoCAD-Trojan | 1 | 1 | 2025-04-15 | 2025-04-15 |
| AveMariaRAT | 3 | 3 | 2019-06-20 | 2025-04-02 |
| AzoRult | 1 | 1 | 2018-08-15 | 2018-08-15 |
| Babadeda | 1 | 1 | 2020-08-11 | 2020-08-11 |
| BackdoorElectron | 1 | 1 | 2026-03-26 | 2026-03-26 |
| BadNews | 1 | 1 | 2022-03-31 | 2022-03-31 |
| BazaLoader | 3 | 3 | 2020-08-21 | 2020-10-07 |
| Beacon | 1 | 1 | 2025-09-09 | 2025-09-09 |
| BitRAT | 4 | 4 | 2021-02-26 | 2021-04-14 |
| BlackSanta | 1 | 1 | 2022-04-08 | 2022-04-08 |
| BlankGrabber | 1 | 1 | 2024-12-19 | 2024-12-19 |
| BrowserRAT | 1 | 1 | 2025-08-22 | 2025-08-22 |
| BuerLoader | 3 | 3 | 2020-08-05 | 2021-02-16 |
| Byakugan Stealer | 4 | 4 | 2025-05-30 | 2025-10-28 |
| Carbanak | 1 | 1 | 2015-12-25 | 2015-12-25 |
| Casbaneiro | 1 | 1 | 2024-08-14 | 2024-08-14 |
| CastleLoader | 19 | 19 | 2026-03-30 | 2026-05-19 |
| CastleRAT | 1 | 1 | 2025-02-27 | 2025-02-27 |
| Cerber | 1 | 1 | 2017-07-17 | 2017-07-17 |
| Cert Only | 4 | 4 | 2024-01-22 | 2024-10-02 |
| Certificate warming | 8 | 8 | 2026-04-29 | 2026-05-10 |
| ChromeLoader | 9 | 9 | 2022-10-12 | 2024-12-11 |
| ChromeLoader_ext | 2 | 2 | 2023-03-13 | 2023-04-14 |
| Chromeloader | 1 | 1 | 2025-01-02 | 2025-01-02 |
| Cicada RAT | 1 | 1 | 2023-08-07 | 2023-08-07 |
| CleanupLoader | 7 | 6 | 2023-09-13 | 2024-09-13 |
| ClearFake | 8 | 8 | 2024-01-22 | 2024-10-11 |
| CobaltStrike | 35 | 35 | 2018-08-13 | 2025-03-28 |
| CoinLurker | 4 | 4 | 2023-12-07 | 2024-09-14 |
| Coinminer | 1 | 1 | 2024-01-26 | 2024-01-26 |
| ConvertMasterBrowserHijacker | 1 | 1 | 2025-01-20 | 2025-01-20 |
| ConvertMate, FakeFileConverter | 1 | 1 | 2025-01-14 | 2025-01-14 |
| Crazy Evil Traffer Team | 29 | 29 | 2024-12-12 | 2025-12-31 |
| CryptoWalletChromeExtension | 1 | 1 | 2025-08-13 | 2025-08-13 |
| D3F@ckLoader | 23 | 22 | 2024-01-23 | 2024-09-10 |
| DANTEMARKER | 1 | 1 | 2024-05-20 | 2024-05-20 |
| DanaBot | 1 | 1 | 2024-04-15 | 2024-04-15 |
| DarkGate | 24 | 20 | 2023-08-22 | 2025-01-15 |
| DarkHVNC | 2 | 2 | 2025-08-22 | 2025-09-10 |
| DeerStealer | 1 | 1 | 2024-12-16 | 2024-12-16 |
| DeerStealer, Rhadamanthys | 1 | 1 | 2025-04-25 | 2025-04-25 |
| Donot | 1 | 1 | 2024-12-04 | 2024-12-04 |
| Donut | 6 | 6 | 2025-02-20 | 2026-01-20 |
| DragonBreath | 2 | 2 | 2025-03-25 | 2025-12-04 |
| Dridex | 2 | 2 | 2019-07-15 | 2020-12-07 |
| DuckTail | 1 | 1 | 2023-11-06 | 2023-11-06 |
| Easy2Convert_FakePDFEditor | 1 | 1 | 2025-04-01 | 2025-04-01 |
| Eclipse Traffer Team | 2 | 2 | 2025-07-30 | 2025-09-10 |
| ElysiumStealer | 1 | 1 | 2020-12-17 | 2020-12-17 |
| EvilAI | 12 | 12 | 2023-07-26 | 2026-03-04 |
| FEEDFACE | 1 | 1 | 2024-06-11 | 2024-06-11 |
| Fake-F5Updater | 1 | 1 | 2023-12-06 | 2023-12-06 |
| Fake7zip | 1 | 1 | 2023-04-18 | 2023-04-18 |
| FakeAIApp | 1 | 1 | 2025-08-08 | 2025-08-08 |
| FakeAITrading | 2 | 2 | 2025-04-08 | 2025-06-12 |
| FakeAcrobe | 1 | 1 | 2025-07-10 | 2025-07-10 |
| FakeAdvContracts | 2 | 2 | 2025-06-07 | 2025-08-08 |
| FakeAdvancedIPScanner | 1 | 1 | 2025-08-20 | 2025-08-20 |
| FakeBat | 43 | 37 | 2023-02-15 | 2024-11-25 |
| FakeBat_Certificate | 7 | 7 | 2024-05-17 | 2024-05-30 |
| FakeBinance | 1 | 1 | 2025-04-25 | 2025-04-25 |
| FakeCiscoVPN | 1 | 1 | 2026-01-23 | 2026-01-23 |
| FakeComplaint | 1 | 1 | 2025-10-09 | 2025-10-09 |
| FakeCursorAI | 3 | 3 | 2025-09-10 | 2025-12-07 |
| FakeDocument | 19 | 19 | 2024-10-18 | 2026-03-30 |
| FakeDocument, StealC | 1 | 1 | 2026-04-14 | 2026-04-14 |
| FakeDocusign | 4 | 4 | 2025-07-22 | 2025-11-12 |
| FakeDropbox | 1 | 1 | 2026-01-30 | 2026-01-30 |
| FakeDropboxDocSend | 2 | 2 | 2025-08-20 | 2025-08-29 |
| FakeIncident | 1 | 1 | 2025-06-27 | 2025-06-27 |
| FakeInstallers | 6 | 6 | 2025-05-05 | 2025-09-15 |
| FakeIvanti | 1 | 1 | 2025-09-11 | 2025-09-11 |
| FakeKeePass | 5 | 5 | 2025-01-20 | 2026-01-02 |
| FakeKeypass | 2 | 2 | 2024-02-22 | 2024-10-07 |
| FakeMSTeams | 2 | 2 | 2025-06-14 | 2026-03-14 |
| FakeMullvad | 1 | 1 | 2026-01-02 | 2026-01-02 |
| FakeNDASign | 5 | 5 | 2026-03-02 | 2026-03-30 |
| FakeNSFW | 3 | 3 | 2025-06-13 | 2025-08-13 |
| FakeNSFW2 | 6 | 6 | 2026-02-22 | 2026-03-09 |
| FakeNordpass | 5 | 5 | 2025-03-13 | 2025-04-23 |
| FakePDF, Leaflet | 1 | 1 | 2026-03-05 | 2026-03-05 |
| FakePDF, NovaViewer | 2 | 2 | 2026-01-23 | 2026-02-04 |
| FakePDF, PDFLab | 1 | 1 | 2026-03-23 | 2026-03-23 |
| FakePDFBrowserHijacker | 1 | 1 | 2025-07-07 | 2025-07-07 |
| FakePutty | 1 | 1 | 2025-07-22 | 2025-07-22 |
| FakeRVTools | 2 | 2 | 2026-02-06 | 2026-03-09 |
| FakeSAPConcur | 1 | 1 | 2025-07-22 | 2025-07-22 |
| FakeSlack | 1 | 1 | 2026-04-16 | 2026-04-16 |
| FakeStatement | 1 | 1 | 2025-08-04 | 2025-08-04 |
| FakeTelegram | 1 | 1 | 2026-03-19 | 2026-03-19 |
| FakeTrading | 4 | 4 | 2025-08-22 | 2026-03-13 |
| FakeUpdate | 3 | 3 | 2025-05-07 | 2026-02-17 |
| FakeUpwork | 1 | 1 | 2025-11-12 | 2025-11-12 |
| FakeUtility | 2 | 2 | 2025-10-03 | 2026-04-17 |
| FakeVPN | 1 | 1 | 2026-04-01 | 2026-04-01 |
| FakeWallet | 17 | 17 | 2025-03-10 | 2026-01-28 |
| FakeYoutube | 1 | 1 | 2026-03-10 | 2026-03-10 |
| FakeZabbix | 1 | 1 | 2025-12-17 | 2025-12-17 |
| Fakebat_Certificate | 1 | 1 | 2024-05-18 | 2024-05-18 |
| FatalRAT | 1 | 1 | 2024-07-11 | 2024-07-11 |
| FiveModsLoader | 1 | 1 | 2026-03-21 | 2026-03-21 |
| FlawedAmmyy | 1 | 1 | 2023-06-13 | 2023-06-13 |
| Forever Botnet,BR-01 | 4 | 4 | 2026-05-08 | 2026-05-19 |
| Formbook | 1 | 1 | 2020-12-16 | 2020-12-16 |
| FriendsCompany | 27 | 26 | 2024-03-12 | 2025-06-12 |
| GCleaner_stage2 | 1 | 1 | 2025-11-03 | 2025-11-03 |
| GPUGate | 1 | 1 | 2025-12-03 | 2025-12-03 |
| GalacticPDF, Trojan | 2 | 1 | 2026-01-13 | 2026-01-13 |
| GhostSocks | 1 | 1 | 2024-11-21 | 2024-11-21 |
| Github Loader | 1 | 1 | 2025-06-10 | 2025-06-10 |
| GoStealer | 1 | 1 | 2025-06-10 | 2025-06-10 |
| GoblinLoader | 2 | 2 | 2024-12-13 | 2025-02-17 |
| GodRAT | 1 | 1 | 2025-08-13 | 2025-08-13 |
| GoreloRMM | 1 | 1 | 2024-11-12 | 2024-11-12 |
| Gozi | 10 | 10 | 2020-05-27 | 2021-09-02 |
| Grandoreiro | 6 | 4 | 2023-12-05 | 2024-06-24 |
| Hancitor | 1 | 1 | 2021-06-09 | 2021-06-09 |
| Havoc | 3 | 3 | 2023-05-19 | 2025-10-21 |
| HermeticWiper | 1 | 1 | 2021-04-13 | 2021-04-13 |
| HijackLoader | 28 | 28 | 2022-12-16 | 2026-01-29 |
| Hive | 2 | 2 | 2021-10-18 | 2022-03-15 |
| IcedID | 17 | 15 | 2020-08-12 | 2023-05-18 |
| Investigating | 1 | 1 | 2023-07-27 | 2023-07-27 |
| JadeSleet | 1 | 1 | 2022-09-08 | 2022-09-08 |
| JohnWalkerTexasLoader | 1 | 1 | 2024-10-16 | 2024-10-16 |
| JuiceLedger | 1 | 1 | 2021-12-10 | 2021-12-10 |
| JustAskJackyVariant | 1 | 1 | 2025-06-25 | 2025-06-25 |
| KTCrypt Loader | 1 | 1 | 2025-05-13 | 2025-05-13 |
| Karma | 1 | 1 | 2021-08-31 | 2021-08-31 |
| Known Malware | 2 | 2 | 2024-03-28 | 2024-08-09 |
| Koiloader | 1 | 1 | 2024-11-21 | 2024-11-21 |
| KorPlug | 1 | 1 | 2024-04-07 | 2024-04-07 |
| LOBSHOT | 1 | 1 | 2024-07-26 | 2024-07-26 |
| Latrodectus | 28 | 27 | 2024-05-31 | 2025-10-20 |
| Latrodectus_stage2 | 7 | 7 | 2025-07-21 | 2025-09-28 |
| LegionLoader | 2 | 2 | 2020-11-17 | 2024-05-14 |
| Loader | 1 | 1 | 2025-02-10 | 2025-02-10 |
| Loader of Vidar & Lumma | 2 | 2 | 2026-03-11 | 2026-03-13 |
| LockerGoga | 1 | 1 | 2019-02-22 | 2019-02-22 |
| Lumma Stealer | 66 | 60 | 2023-06-13 | 2025-05-06 |
| MacSync | 3 | 3 | 2024-11-01 | 2025-12-18 |
| MacSync Stealer | 2 | 2 | 2025-11-14 | 2026-02-27 |
| Mach-O Man | 1 | 1 | 2025-11-14 | 2025-11-14 |
| Matanbuchus | 4 | 4 | 2021-04-16 | 2022-05-18 |
| Matanbuchus,CastleRAT,NetSupportRAT | 1 | 1 | 2025-07-11 | 2025-07-11 |
| MediaArena | 1 | 1 | 2024-02-21 | 2024-02-21 |
| Meowsterio Traffer Team | 1 | 1 | 2024-09-28 | 2024-09-28 |
| MeshAgent | 5 | 5 | 2024-07-31 | 2025-11-21 |
| Metasploit | 1 | 1 | 2024-12-24 | 2024-12-24 |
| Meterpreter | 1 | 1 | 2023-05-17 | 2023-05-17 |
| ModiLoader | 1 | 1 | 2020-09-16 | 2020-09-16 |
| Mofongoloader | 3 | 3 | 2023-05-15 | 2024-04-07 |
| NW0rm | 1 | 1 | 2016-05-13 | 2016-05-13 |
| Nefilim | 2 | 2 | 2020-03-06 | 2020-07-12 |
| Nemty | 2 | 2 | 2020-11-03 | 2021-03-23 |
| NetSupport RAT | 29 | 27 | 2024-12-19 | 2026-04-14 |
| NetSupportRAT_version2 | 4 | 4 | 2020-07-24 | 2022-03-15 |
| NetWire | 3 | 3 | 2020-05-21 | 2021-09-13 |
| NitrogenLoader | 1 | 1 | 2025-02-17 | 2025-02-17 |
| Numando | 1 | 1 | 2021-03-22 | 2021-03-22 |
| Octowave Loader | 1 | 1 | 2024-12-02 | 2024-12-02 |
| Odyssey Stealer | 6 | 6 | 2025-06-30 | 2026-01-09 |
| OffLoader | 1 | 1 | 2025-12-30 | 2025-12-30 |
| OnionProxy | 1 | 1 | 2025-02-06 | 2025-02-06 |
| Onyx RMM | 3 | 3 | 2025-09-03 | 2025-11-07 |
| OpenMyManual | 1 | 1 | 2025-01-17 | 2025-01-17 |
| Osiris | 1 | 1 | 2020-10-27 | 2020-10-27 |
| Ousaban | 1 | 1 | 2024-12-13 | 2024-12-13 |
| PDFSkills | 3 | 3 | 2024-02-26 | 2025-07-18 |
| PDFSpark | 5 | 5 | 2025-02-24 | 2025-11-30 |
| PDFSupernova | 2 | 2 | 2025-06-02 | 2026-01-27 |
| PDFixers | 1 | 1 | 2023-11-21 | 2023-11-21 |
| PDFusion | 1 | 1 | 2024-09-19 | 2024-09-19 |
| PSBackdoor | 1 | 1 | 2025-11-15 | 2025-11-15 |
| ParallaxRAT | 41 | 39 | 2020-05-27 | 2025-12-12 |
| PayDayLoader | 6 | 6 | 2024-10-15 | 2025-05-01 |
| PureHVNC | 2 | 2 | 2025-08-20 | 2025-12-31 |
| PureLogstealer, Xworm | 1 | 1 | 2025-10-13 | 2025-10-13 |
| QuakBot | 1 | 1 | 2021-12-20 | 2021-12-20 |
| QuasarRAT | 5 | 5 | 2022-08-31 | 2026-03-23 |
| QuirkyLoader | 1 | 1 | 2025-09-30 | 2025-09-30 |
| RDPWrap | 1 | 1 | 2025-04-29 | 2025-04-29 |
| RMMLoader | 2 | 2 | 2025-05-06 | 2025-09-24 |
| RaccoonStealer | 5 | 5 | 2020-10-03 | 2021-08-23 |
| RealPeopleLoader | 4 | 4 | 2025-03-03 | 2025-05-04 |
| RecordBreaker | 1 | 1 | 2023-03-21 | 2023-03-21 |
| RedLine | 1 | 1 | 2024-02-26 | 2024-02-26 |
| RedLineStealer | 18 | 18 | 2020-07-21 | 2024-07-19 |
| Remcos | 1 | 1 | 2025-03-14 | 2025-03-14 |
| Remcos RAT | 5 | 5 | 2025-11-13 | 2026-04-26 |
| RemcosRAT | 10 | 10 | 2020-10-30 | 2025-08-13 |
| RemoteAdminLoader | 1 | 1 | 2026-01-09 | 2026-01-09 |
| RemoteManipulator | 5 | 5 | 2020-10-22 | 2026-02-02 |
| ResidentialProxyInstaller | 3 | 2 | 2023-09-20 | 2024-06-27 |
| ResolverRAT | 1 | 1 | 2026-03-18 | 2026-03-18 |
| Rhadamanthys | 35 | 34 | 2023-07-28 | 2025-09-19 |
| RomCom | 10 | 10 | 2024-11-22 | 2026-02-28 |
| RoningLoader | 1 | 1 | 2025-02-03 | 2025-02-03 |
| RuRAT | 3 | 3 | 2024-08-16 | 2026-01-12 |
| Rusty Stealer | 1 | 1 | 2024-09-30 | 2024-09-30 |
| Rusty Traffer | 6 | 6 | 2024-09-06 | 2025-05-09 |
| RustyStealer | 3 | 3 | 2024-09-03 | 2024-10-09 |
| Ryuk | 2 | 2 | 2019-12-27 | 2021-02-04 |
| SSH_TUNNEL_SEO | 1 | 1 | 2024-06-18 | 2024-06-18 |
| SYSTEMBC | 1 | 1 | 2024-06-15 | 2024-06-15 |
| ScreenConnect Phishing | 3 | 3 | 2025-08-04 | 2026-05-20 |
| ScreenConnectLoader | 71 | 71 | 2024-11-05 | 2026-05-26 |
| SearchLoader | 4 | 4 | 2025-11-13 | 2025-12-21 |
| SecTopRAT,ArechClient2 | 14 | 14 | 2024-03-04 | 2025-02-01 |
| ServHelper | 1 | 1 | 2021-05-04 | 2021-05-04 |
| Servhelper | 1 | 1 | 2019-04-11 | 2019-04-11 |
| Shiotob | 1 | 1 | 2020-09-01 | 2020-09-01 |
| Silence | 1 | 1 | 2022-06-17 | 2022-06-17 |
| SmokeLoader | 1 | 1 | 2026-03-16 | 2026-03-16 |
| SmokedHam | 11 | 11 | 2025-02-07 | 2026-04-12 |
| SnipBot | 8 | 5 | 2023-12-06 | 2024-05-07 |
| Socks5systemz | 1 | 1 | 2024-03-14 | 2024-03-14 |
| Sodinokibi | 1 | 1 | 2021-04-23 | 2021-04-23 |
| SoftwareCloud V2 | 1 | 1 | 2025-07-29 | 2025-07-29 |
| Softwarecloud | 6 | 6 | 2025-03-10 | 2025-06-27 |
| SpectreRAT | 3 | 3 | 2024-01-31 | 2024-05-23 |
| Spyder | 1 | 1 | 2025-02-14 | 2025-02-14 |
| StatusLoader | 10 | 10 | 2024-11-25 | 2026-03-20 |
| StealC | 5 | 5 | 2024-10-29 | 2025-09-26 |
| Stealc, HijackLoader | 1 | 1 | 2025-07-16 | 2025-07-16 |
| Stealer5000 | 1 | 1 | 2025-06-12 | 2025-06-12 |
| StormKitty | 1 | 1 | 2025-05-19 | 2025-05-19 |
| System Utilities Trojan | 2 | 2 | 2022-07-14 | 2025-07-24 |
| SystemBC | 2 | 2 | 2022-05-31 | 2024-09-23 |
| T-21 | 22 | 22 | 2025-10-20 | 2026-04-27 |
| TA505 | 5 | 5 | 2020-07-09 | 2021-05-25 |
| TamperedChef | 2 | 2 | 2020-07-15 | 2021-09-17 |
| Tech Scam malware | 1 | 1 | 2024-11-14 | 2024-11-14 |
| Telegram Clipper | 1 | 1 | 2025-10-28 | 2025-10-28 |
| TerraStealer | 1 | 1 | 2024-12-23 | 2024-12-23 |
| TerraStealerV2 | 1 | 1 | 2024-12-23 | 2024-12-23 |
| Traffer | 48 | 48 | 2025-02-03 | 2026-04-25 |
| Traffer (Mystix) | 3 | 3 | 2025-01-13 | 2025-04-22 |
| TransferLoader | 3 | 3 | 2025-05-27 | 2025-12-11 |
| Transferloader | 1 | 1 | 2025-12-05 | 2025-12-05 |
| TrashAgent | 3 | 3 | 2025-11-24 | 2025-12-15 |
| TrickBot | 2 | 2 | 2019-11-11 | 2021-05-31 |
| Trojan | 4 | 2 | 2022-05-30 | 2023-05-23 |
| Trojan EmEditor | 2 | 2 | 2025-12-20 | 2025-12-21 |
| Trojan EmEditor download link supply chain | 1 | 1 | 2025-12-31 | 2025-12-31 |
| Trojan.Win64.Zapchast.ffs | 1 | 1 | 2025-04-27 | 2025-04-27 |
| TrojanChrome | 1 | 1 | 2026-01-14 | 2026-01-14 |
| TrojanNetExtender | 3 | 3 | 2025-05-21 | 2025-08-06 |
| TrojanPuTTy | 1 | 1 | 2025-06-25 | 2025-06-25 |
| Trojan_Banker | 2 | 2 | 2023-11-03 | 2024-08-19 |
| TrojanizedDiskView | 1 | 1 | 2025-04-02 | 2025-04-02 |
| TrojanizedTrading | 2 | 2 | 2025-06-12 | 2025-10-31 |
| TrueBot | 1 | 1 | 2023-02-13 | 2023-02-13 |
| TurboFixPDF | 1 | 1 | 2024-07-19 | 2024-07-19 |
| UNK-50 | 63 | 62 | 2024-10-12 | 2026-05-22 |
| UNK-51 | 2 | 2 | 2025-10-21 | 2025-11-25 |
| UNK-52,Akira-related following Teams malvertising | 1 | 1 | 2025-12-08 | 2025-12-08 |
| Unknown | 163 | 160 | 2021-06-17 | 2026-03-05 |
| Unknown | 110 | 106 | 2019-10-01 | 2026-03-16 |
| Unknown Banker | 1 | 1 | 2024-07-29 | 2024-07-29 |
| Unknown Malware | 1 | 1 | 2022-07-12 | 2022-07-12 |
| Unknown, Fake Browser update | 3 | 3 | 2025-04-22 | 2025-05-22 |
| Unknown, bootkit? | 1 | 1 | 2023-12-12 | 2023-12-12 |
| Unknown,FakePDF | 1 | 1 | 2026-04-07 | 2026-04-07 |
| UnknownLoader | 1 | 1 | 2025-05-21 | 2025-05-21 |
| Unknown_Fakebat_Cert | 1 | 1 | 2024-06-01 | 2024-06-01 |
| VPNClientPhishing | 1 | 1 | 2025-12-11 | 2025-12-11 |
| ValleyRAT | 2 | 2 | 2026-03-06 | 2026-03-27 |
| VariantLoader | 16 | 16 | 2026-02-05 | 2026-05-04 |
| VenomRat | 1 | 1 | 2025-02-21 | 2025-02-21 |
| Vidar | 11 | 11 | 2024-10-28 | 2026-03-30 |
| VileRAT | 1 | 1 | 2023-08-07 | 2023-08-07 |
| Wagmi Traffer Team | 4 | 4 | 2025-03-31 | 2026-01-10 |
| WarmCookie | 1 | 1 | 2024-11-28 | 2024-11-28 |
| WeEvilProxy | 16 | 15 | 2024-06-11 | 2025-06-30 |
| WebCompanion Adware | 1 | 1 | 2023-04-04 | 2023-04-04 |
| WhatsApp session stealer | 1 | 1 | 2026-03-25 | 2026-03-25 |
| WikiLoader | 1 | 1 | 2024-08-26 | 2024-08-26 |
| Win64/Kryptik.FHR | 1 | 1 | 2025-04-27 | 2025-04-27 |
| WinVnc | 1 | 1 | 2024-09-26 | 2024-09-26 |
| Winos | 2 | 2 | 2024-08-08 | 2024-11-18 |
| XRed | 5 | 5 | 2022-07-01 | 2025-07-23 |
| XWorm | 8 | 8 | 2023-03-29 | 2026-01-16 |
| XenoRAT | 1 | 1 | 2026-02-04 | 2026-02-04 |
| Xtract,trojan productivity tool | 1 | 1 | 2025-05-22 | 2025-05-22 |
| ZLoader | 1 | 1 | 2020-10-09 | 2020-10-09 |
| Zhong Stealer | 2 | 2 | 2026-03-23 | 2026-03-26 |
| donut | 1 | 1 | 2025-04-17 | 2025-04-17 |
| evilai | 1 | 1 | 2025-12-23 | 2025-12-23 |
| gh0stRAT | 1 | 1 | 2024-10-11 | 2024-10-11 |
| mimikatz | 1 | 1 | 2024-06-04 | 2024-06-04 |
| rhadamanthys | 2 | 2 | 2025-02-19 | 2025-03-17 |
| sportjump_autoit | 1 | 1 | 2024-03-28 | 2024-03-28 |
| unknown | 1 | 1 | 2024-03-15 | 2024-03-15 |
| Malware | Submissions | Unique Certs | First Cert | Last Cert |
|---|---|---|---|---|
| APXLoader | 11 | 11 | 2026-04-01 | 2026-04-21 |
| Malware | Submissions | Unique Certs | First Cert | Last Cert |
|---|---|---|---|---|
| CastleLoader | 1 | 1 | 2025-12-03 | 2025-12-03 |
| Malware | Submissions | Unique Certs | First Cert | Last Cert |
|---|---|---|---|---|
| CastleLoader | 1 | 1 | 2026-04-23 | 2026-04-23 |
| Matanbuchus | 1 | 1 | 2025-12-01 | 2025-12-01 |
| Malware | Submissions | Unique Certs | First Cert | Last Cert |
|---|---|---|---|---|
| CrystalPDF, Trojan productivity tool | 1 | 1 | 2024-09-19 | 2024-09-19 |
| Malware | Submissions | Unique Certs | First Cert | Last Cert |
|---|---|---|---|---|
| UNK-50 | 1 | 1 | 2026-03-02 | 2026-03-02 |
| Malware | Submissions | Unique Certs | First Cert | Last Cert |
|---|---|---|---|---|
| Lumma Stealer | 1 | 1 | 2025-02-16 | 2025-02-16 |
| Rhadamanthys | 1 | 1 | 2024-12-18 | 2024-12-18 |
Unidentified group using a unique loader.
| Malware | Submissions | Unique Certs | First Cert | Last Cert |
|---|---|---|---|---|
| RUS-53 | 7 | 7 | 2026-02-04 | 2026-04-27 |
| Malware | Submissions | Unique Certs | First Cert | Last Cert |
|---|---|---|---|---|
| RUS-55 | 3 | 3 | 2025-03-11 | 2025-12-02 |
| Malware | Submissions | Unique Certs | First Cert | Last Cert |
|---|---|---|---|---|
| LoremIpsumLoader | 13 | 12 | 2026-02-19 | 2026-04-21 |
| OysterLoader | 53 | 50 | 2024-12-06 | 2026-01-13 |
| OysterLoader_stage2 | 1 | 1 | 2025-09-29 | 2025-09-29 |
| Oyster_Latrodectus_Stage2 | 1 | 1 | 2025-10-06 | 2025-10-06 |
| Oyster_stage2 | 7 | 7 | 2025-09-23 | 2025-10-21 |
| Malware | Submissions | Unique Certs | First Cert | Last Cert |
|---|---|---|---|---|
| RomCom | 1 | 1 | 2026-02-13 | 2026-02-13 |
| TransferLoader | 1 | 1 | 2026-03-04 | 2026-03-04 |
| Malware | Submissions | Unique Certs | First Cert | Last Cert |
|---|---|---|---|---|
| RecipeLister,TamperedChef | 2 | 2 | 2024-12-06 | 2025-02-25 |
| TamperedChef | 1 | 1 | 2025-01-10 | 2025-01-10 |
| Malware | Submissions | Unique Certs | First Cert | Last Cert |
|---|---|---|---|---|
| ScreenConnectLoader | 1 | 1 | 2026-04-15 | 2026-04-15 |
| Malware | Submissions | Unique Certs | First Cert | Last Cert |
|---|---|---|---|---|
| UNK-53 | 2 | 2 | 2026-04-24 | 2026-05-07 |
| Malware | Submissions | Unique Certs | First Cert | Last Cert |
|---|---|---|---|---|
| FakeRMM | 22 | 21 | 2026-01-27 | 2026-04-15 |
| Malware | Submissions | Unique Certs | First Cert | Last Cert |
|---|---|---|---|---|
| CrystalPDF,Trojan productivity tool | 1 | 1 | 2025-06-26 | 2025-06-26 |
| Malware | Submissions | Unique Certs | First Cert | Last Cert |
|---|---|---|---|---|
| Unknown | 1 | 1 | 2025-01-17 | 2025-01-17 |