This page documents the malware and threat actors that Cert Central has identified. This page is a work in progress and will be updated as it can be updated. Not all malware we identify is associated with clear threat actors or malware families, but a naming system will be provided for researchers looking for particular malware or relations between malware.
This page is a work in progress. The documentation is not complete and will be updated as it can be updated. If you have any questions or want to contribute to the documention, please email admin at certcentral.org.
A malware sold in the form as "malware as a service". Used by a large range of actors.
Pending discussion of Quakbot.
Pending description of Pikabot
Cluster of seemingly related certificates. Likely issued by the same threat actor.
Threat actor targeted German organizations with vishing. Likely pre-ransomware. The actor was documented here: https://threadreaderapp.com/thread/1890384174671941869.html
The use of NetSupport RAT being loaded into an installer and signed.
Indian tech support scam
MATA is a malware used by DPRK to target Russian speaking users and organizations.
Malware from this actor is not from a known group or known malware family. Malware from this actor targets Spanish speaking countries.