惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Cyberwarzone
Cyberwarzone
V
Vulnerabilities – Threatpost
T
Tenable Blog
Forbes - Security
Forbes - Security
Simon Willison's Weblog
Simon Willison's Weblog
AWS News Blog
AWS News Blog
G
GRAHAM CLULEY
Know Your Adversary
Know Your Adversary
S
Securelist
C
Cybersecurity and Infrastructure Security Agency CISA
Project Zero
Project Zero
C
CXSECURITY Database RSS Feed - CXSecurity.com
V
Visual Studio Blog
WordPress大学
WordPress大学
Latest news
Latest news
K
Kaspersky official blog
T
Tailwind CSS Blog
T
Threat Research - Cisco Blogs
B
Blog RSS Feed
C
Cisco Blogs
博客园 - 聂微东
Martin Fowler
Martin Fowler
T
The Blog of Author Tim Ferriss
小众软件
小众软件
L
LangChain Blog
阮一峰的网络日志
阮一峰的网络日志
L
LINUX DO - 热门话题
Stack Overflow Blog
Stack Overflow Blog
罗磊的独立博客
P
Proofpoint News Feed
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
P
Privacy International News Feed
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
C
CERT Recently Published Vulnerability Notes
Cisco Talos Blog
Cisco Talos Blog
S
SegmentFault 最新的问题
Security Latest
Security Latest
Y
Y Combinator Blog
爱范儿
爱范儿
aimingoo的专栏
aimingoo的专栏
P
Privacy & Cybersecurity Law Blog
L
LINUX DO - 最新话题
月光博客
月光博客
The GitHub Blog
The GitHub Blog
博客园 - 三生石上(FineUI控件)
S
Security Affairs
P
Proofpoint News Feed
D
DataBreaches.Net
有赞技术团队
有赞技术团队
云风的 BLOG
云风的 BLOG

Malpedia Library (Latest)

Unmasking The 64-bit Variant of the Infamous Lumma Stealer North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack ProxyBox: Socks5Systemz Lives On All thriller, no (malware) filler APT28 exploit routers to enable DNS hijacking operations Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure sysinfo stealer via VirusTotal API. Simple C example Deep Technical Analysis Of Payload Ransomware Targeting ESXi Environment Active Magecart Campaign Targets Spain, Steals Card Data via Hijacked eStores for Bank Fraud A Multi-Vector DDoS Botnet Targeting Organizations Worldwide Detect SnappyClient C&C Traffic Using PacketSmith + Yara-X Detection Module Russian Intelligence Services Target Commercial Messaging Application Accounts Government of Iran Cyber Actors Deploy Telegram C2 to Push Malware to Identified Targets PAM module injection. Simple C example cron jobs. Simple C example Re-opened applications. Simple C example Google Cloud Storage Phishing Deploying Remcos RAT a new Android RAT turning infected devices into potential residential proxy nodes MUSTANG PANDA × PLUGX - From deceptive LNK to multi-transport backdoor caffeinate LOLBin. Simple C example How UNC6692 Employed Social Engineering to Deploy a Custom Malware Suite The Group Theory Inside Bedep's DGA Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories WannaCry Malware Analysis - How YOU Could have Saved the World How 109 Fake GitHub Repositories Delivered SmartLoader and StealC Mobile malware development trick 3. CPU info logger: anti-VM and anti-sandbox. Simple Android (Kotlin) example. We Dumped a Live Kimsuky C2 and Recovered Every Stage of the Kill Chain: CHM Dropper, VBScript Stager, PowerShell Keylogger Quasar Linux (QLNX) – A Silent Foothold in the Supply Chain: Inside a Full-Featured Linux RAT With Rootkit, PAM Backdoor, Credential Harvesting Capabilities [KRYBIT] – Ransomware Victim: Hacked 0APT Pro-Iranian Actor Ababil of Minab Claims Cyberattack on LA Metro (LACMTA) Lazarus Group Uses Git Hooks To Hide Malware Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet Tweet about SpankRat Tweet about HanGhost Tweet about GeckoStealer Tweet about VoltStealer Tweet about LedgerChecker Stealer NotPetya Malware Analysis - Bye, boot partition. I'll miss you North Korea's abuse of Cloudflare Workers and Pages The Server That Was Not Just FTP Weekly Detected Threats - April 21 Where Have All the Complex Windows Malware and Their Analyses Gone? Multi-stage malware delivery campaign using SEO poisoning and serverless infrastructure Analysis on Malware that attacks Israel's Water treatment facilities LATAM Under Siege: Agent Tesla’s 18-Month Credential Theft Campaign Against Chilean Enterprises New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps New Phishing Campaign Targets US with Credential Theft: What CISOs Need to Know osascript LOLBin. Simple C example Zynap’s Next-Gen Sandbox Redefines Automatic Malware Analysis X.com - Gen Threat Labs Tweet about Lalia Ransomware Darcula aka. "Magic Cat" Fake installer ships Rust Infostealer Trojanized MS Teams Installers Deliver Multi-Stage Loader and Backdoor MustangPanda New Backdoor LotusLite Analyzing Void Dokkaebi’s Cython-Compiled InvisibleFerret Malware Fake Microsoft Teams download sites are being used to deliver ValleyRAT via DLL sideloading MUSTANG PANDA x PLUGX - Analysis of the January 2026 sample: a multi-layer execution chain Pivoting on a malspam infrastructure delivering JS malware backed by bulletproof networks Inside Red Lamassu’s JFMBackdoor Fresh mischief and digital shenanigans Anatomy of a nation-state botnet THUS SPOKE…THE GENTLEMEN Industrialized Smishing Infrastructure Targeting the UAE and Singapore Transportation, Government, and Logistics Sectors TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook Detecting Nimbus Manticore and their sideloading infection chains Famous Chollima Targets PHP Developers Through Compromised Packagist Package Malware shellcode delivery via signal Fast and Furious – Nimbus Manticore Operations During the Iranian Conflict Inside the Cross-Platform Propagation of a New Gafgyt Variant C0XMO Believe me I am MustangPanda UNK_DeadDrop Phishing Campaign Targets Developers to Steal Cryptocurrency Graph ML PyPI Packages Deploy Cross-Platform Memory Scrapers, AI Analyst Misdirection, and a Wiper Deterrent Lazarus Group's Latest: Brandjacking Campaign on npm Miasma Worm Campaign Spreads with New PyPI Wave The HazyBeacon Protocol – How Malware Weaponizes Amazon Web Services (AWS) Lambda Function URLs Russian spy agency says foreign spies turned officials' smartphones into surveillance devices Evolutions from 2024 to 2026 DriveSurge Turns Trusted Websites Into ClickFix Malware Traps A Russia-nexus group leveraging AI across state-aligned operations A Russia-nexus group leveraging AI across state-aligned operations Sapphire Sleet Targets macOS in Multi-Stage Intrusion Campaign Billions At Stake At The World’s Largest Football Tournament A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure I Installed a Fake Resident Evil Mod and Got Pwnd SilabRAT, What’s Your Power? ESET APT Activity Report Q4 2025–Q1 2026 Anatomy of a Deno-Based Proxy & RAT How Threat Actors Are Abusing Microsoft Teams and Google Drive to Deploy a Java RAT astro.config.mjs Supply Chain Attack via Blockchain C2 The Suspected Chinese Crime Group is Going Global Bulletproof Hosting: Cutting off the facilitators CVE-2026-34197:Apache ActiveMQ Residential Proxies in the Wild Who Are The Victims of Residential Proxies? International law enforcement initiate hunt on malware group SocGholish When Your Smart TV Stops Being Yours analysis of a new loader distributing CASTLESTEALER MalwareBazaar | SolarisLoader From PostCSS Masquerading to Windows RAT
RegPhantom Backdoor Threat Analysis
Fraunhofer FKIE · 2026-04-12 · via Malpedia Library (Latest)

RegPhantom Backdoor Threat Analysis

Author(s): Pezier Pierre-Henri
Organization: Nextron Systems


Related Articles

2026-06-01Nextron SystemsJonathan Peters
Detecting Nimbus Manticore and their sideloading infection chains
MiniFast
2025-08-29Nextron SystemsPezier Pierre-Henri
Sindoor Dropper: New Phishing Campaign
Sindoor
2025-08-01Nextron SystemsPezier Pierre-Henri
Plague: A Newly Discovered PAM-Based Backdoor for Linux
Plague