Malware-and-Threats

Extortion-driven malware or activity that blocks access to systems or data to force payment or compliance.

A trojan is malicious software that disguises itself as something legitimate or useful in order to trick a user or system into allowing it.

Malware that can spread between systems on its own without user action each time.

Network of compromised devices coordinated remotely to carry out malicious activity at scale.

Communication channels and infrastructure that let attackers direct compromised systems remotely.

Social-engineering attacks that trick people into revealing data, granting access, or taking unsafe actions.

Targeted phishing that uses personal or business context to trick a specific person or team.

The person, group, or organization behind malicious activity, defined by intent and capability.

Fraud that abuses trusted business communication to trigger payments, data disclosure, or risky approvals.

Risk that a trusted insider misuses access or exposes the organization to harm.

Attack pattern that reuses stolen login pairs at scale, creating account takeover risk on other services.

Attack that aims to make a system or service unavailable or unreliable for legitimate users.

A brute force attack is an attempt to gain access by trying many possible passwords or keys until one works.

Attack that compromises a trusted supplier or dependency so downstream targets are affected indirectly.

Password spraying is an attack that tries a small set of common passwords across many accounts instead of trying many passwords against one account.

Lateral movement is the spread of unauthorized access from one compromised system, identity, or foothold to other parts of the environment.

Persistence is the ability of unauthorized access or malicious code to remain active or regain access over time instead of disappearing after the first interruption.

Credential theft is the unauthorized capture or misuse of passwords, tokens, keys, or other authentication material.

Malvertising is the use of malicious or deceptive online advertising to deliver harmful content, redirect users, or support fraud.

Attack strategy that compromises a trusted site or service to reach a specific target group indirectly.

Data exfiltration is the unauthorized movement of data out of a system, environment, or organization to a destination not approved for that information.

Criminal service model where ransomware tooling and infrastructure are provided to affiliates who carry out attacks.

Sandbox evasion is behavior intended to avoid, confuse, or outlast analysis environments so suspicious code or activity is less likely to be understood or flagged during automated inspection.

Fileless malware is malicious activity that relies heavily on in-memory execution, built-in tools, or transient artifacts rather than depending only on obvious malicious files written to disk.