Threat Group: - Unknown Threat Type: - Information Stealer Exploited Vulnerabilities: - Virtual Machine Detection, Browser Data Extraction, Cryptocurrency Wallets Malware Used: - Vilsa Stealer, hvnc.py Threat Score: - High (8.5/10) — Due to its advanced encryption, persistence mechanisms, and broad targeting capabilities. Last Threat Observation: - October

Threat Group: Sparkling Pisces (aka Kimsuky, THALLIUM) Threat Type: Keylogger & Backdoor Malware Exploited Vulnerabilities: User exploitation via spear phishing, DLL hijacking Malware Used: KLogExe (keylogger), FPSpy (backdoor) Threat Score: High (8.0/10) — Due to the combination of data exfiltration and its ability to bypass static detection Last Threat

Threat Group: - Unknown Threat Type: - Cryptomining & Proxyjacking Malware Exploited Vulnerabilities: - Polkit (CVE-2021-4043), Apache RocketMQ (CVE-2023-33246) Malware Used: - Perfctl Threat Score: - High (8/10) Last Threat Observation: - October 3, 2024 Overview: Perfctl is a stealthy and persistent malware targeting Linux servers, leveraging misconfigurations and

Threat Group: RomCom Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Social engineering (phishing emails) and PDF exploits Malware Used: SnipBot (RomCom 5.0 variant) Threat Score: High (8.8/10) – due to its advanced command execution capabilities, obfuscation techniques, and wide target range across industries Last Threat Observation: September

Threat Group: Necro Trojan Operators Threat Type: Android Trojan Downloader Exploited Vulnerabilities: Supply chain attack via SDKs in Android apps Malware Used: Necro Trojan (Trojan-Downloader.AndroidOS.Necro variants) Threat Score: High (8.2/10) — Due to large-scale infiltration and the advanced use of steganography for payload concealment. Last Threat Observation:

Threat Group: Gleaming Pisces (also known as Citrine Sleet, Labyrinth Chollima, Nickel Academy, and UNC4736) Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Supply chain attacks through Python Package Index (PyPI) Malware Used: PondRAT (variant of POOLRAT) Threat Score: High (8.3/10) Last Threat Observation: September 22, 2024 Overview

Threat Group: Suspected Brazilian Portuguese-speaking actors Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: None publicly listed, targets Italian users via phishing Malware Used: SambaSpy (Java-based RAT, obfuscated with Zelix KlassMaster) Threat Score: High (7.5/10) – Focused and highly targeted campaign with the potential for broader exploitation Last Threat

Threat Details and Score Threat Group: Flax Typhoon (Chinese state-sponsored) Threat Type: Botnet (IoT) Exploited Vulnerabilities: IoT device vulnerabilities, including zero-day and n-day vulnerabilities in over 20 device types Malware Used: Nosedive (a variant of Mirai) Threat Score: High (8.9/10) — Due to its scale, complexity, and targeting of

Threat Details and Score Threat Group: UNC2970 (North Korea-linked) Threat Type: Cyber-Espionage Malware (Backdoor) Exploited Vulnerabilities: None exploited, uses modified open-source software Malware Used: MISTPEN, BURNBOOK, TEARPAGE Threat Score: High (8.3/10) Last Observation: September 18, 2024 (Mandiant) Overview: The UNC2970 threat group, associated with North Korea, has been

Threat Group: Amadey Threat Type: Credential theft (Browser lock, Kiosk mode exploitation) Exploited Vulnerabilities: No direct system vulnerability, but uses deceptive phishing techniques to trick users into entering credentials. Malware Used: Amadey malware loader, StealC info stealer, and AutoIt Credential Flusher Threat Score: High (7.8/10) — This campaign is