HIGH · Jun 2026

Multi-Actor AI-Agent Framework Abuse (8 Operators) — STIX Bundle

AI Abuse Multi-Family Threat Open Dir

MED · Jun 2026

Flask C2 & MSSQL CLR Backdoor on a Windows Post-Exploitation Staging Host — STIX Bundle

Post-Ex Priv Esc C2 Open Dir

MED · May 2026

Korean Claude Code + OpenClaw Operator (221.150.15.104) — STIX Bundle

AI Abuse Persistence Open Dir

HIGH · May 2026

Rovodev AI-Co-Authored Mirai Variant + Matrix C2 (87.106.143.220) — STIX Bundle

AI Abuse C2 Botnet Open Dir

HIGH · May 2026

GHOST Cryptojacker Kit — Vova75Rus Supply Chain (77.110.96.200) — STIX Bundle

Cryptominer Rootkit Toolkit Open Dir

CRITICAL · May 2026

Turkish ARPA AI-Augmented Observability Compromise (209.38.205.158) — STIX Bundle

AI Abuse Exfil Cred Theft Open Dir

CRITICAL · May 2026

Russian Gemini CLI Credential Mill (213.165.51.115) — STIX Bundle

AI Abuse Cred Theft C2 Open Dir

HIGH · May 2026

CVE-2026-41940 cPanel Harvester Toolkit (216.126.227.49) — STIX Bundle

CVE Exploit Cred Theft Phishing Open Dir

HIGH · May 2026

Inkognito Russian VPN/Phishing Operator (INK VPN / INK Lens) — STIX Bundle

Phishing Fraud VPN Abuse Cred Theft

HIGH · May 2026

BellaMain Turkish PhaaS Panel (79.137.192.3) — STIX Bundle

PhaaS Phishing Cred Theft Open Dir

CRITICAL · May 2026

Rhadamanthys MaaS Customer Deep-Dive (79.137.192.3) — STIX Bundle

MaaS Stealer Loader Open Dir

HIGH · May 2026

HijackLoader / Penguish / Rugmi to AsyncRAT Multi-Vector Phishing Campaign — STIX Bundle

Loader RAT MaaS Open Dir

HIGH · Apr 2026

AdaptixC2 Open Directory Exposure (45.130.148.125) — STIX Bundle

C2 Toolkit Open Dir Multi-Family

HIGH · Apr 2026

Chaos Ransomware (TorBrowserTor) Multi-Stage Loader (94.103.1.13) — STIX Bundle

Ransomware Loader Evasion Open Dir

HIGH · Apr 2026

ShinyHunters Data Leak Site (91.215.85.22) — STIX Bundle

Exfil Cred Theft Open Dir Threat

HIGH · Apr 2026

OpenStrike Expanded Toolkit — 106 New Files (2026-04-08) — STIX Bundle

Toolkit C2 Injection Open Dir

HIGH · Apr 2026

OpenStrike Beacon Toolkit (172.105.0.126) — STIX Bundle

Toolkit C2 Open Dir Evasion

HIGH · Apr 2026

Shadow RAT & XWorm Open Directory Campaign — STIX Bundle

RAT MaaS C2 Multi-Family

HIGH · Apr 2026

Open Directory at 193.56.255.154 — XiebroC2 v3.1 & Covenant C2 — STIX Bundle

C2 Multi-Family Open Dir Injection

HIGH · Mar 2026

ZeroTrace Multi-Family MaaS Operation (74.0.42.25) — STIX Bundle

MaaS C2 Open Dir Multi-Family

MED · Mar 2026

Sliver C2 Toolchain with ScareCrow Loader (45.94.31.220) — STIX Bundle

C2 Loader Go Evasion

HIGH · Feb 2026

Webserver Compromise Kit (91.236.230.250) — STIX Bundle

Toolkit Priv Esc RCE .NET

CRITICAL · Feb 2026

Remcos RAT OpenDirectory Campaign — STIX Bundle

RAT Cred Theft Persistence Evasion

HIGH · Feb 2026

NsMiner: Multi-Stage Cryptojacking Operation — STIX Bundle

Cryptominer Dropper Persistence Evasion

CRITICAL · Jan 2026

Arsenal-237 New Files: Advanced Toolkit Analysis — STIX Bundle

Ransomware BYOVD Rootkit Rust

CRITICAL · Jan 2026

Arsenal-237: Threat Actor R&D Repository Exposed — STIX Bundle

Toolkit Ransomware RAT Rust Go

HIGH · Dec 2025

Dual-RAT Analysis: Pulsar RAT vs. NjRAT/XWorm — STIX Bundle

RAT Injection .NET Cred Theft

CRITICAL · Dec 2025

PULSAR RAT (server.exe) — Technical Analysis & Business Risk Assessment — STIX Bundle

RAT Cred Theft Evasion .NET

MED · Nov 2025

Hybrid Loader/Stealer Ecosystem Masquerading as Sogou — STIX Bundle

Loader Stealer Cred Theft Evasion

MED · Nov 2025

Houselet.exe — The Go-Based Loader Masquerading as PlayStation Remote Play — STIX Bundle

Loader Stealer Go Injection

MED · Oct 2025

AdvancedRouterScanner — STIX Bundle

Scanner Python Exploitation

HIGH · Oct 2025

From Webshells to The Cloud — STIX Bundle

Webshell PHP Exfil C2

MED · Oct 2025

Quasar + XWorm + PowerShell — STIX Bundle

RAT Loader PowerShell Evasion