Threat Specimen Archive
The encyclopedia of malware.
Families, history, timelines, capabilities and indicators — cross-linked with the breaches they caused and the teardowns that explain them.
- Families
- 1697
- Types
- 10
- Active
- 10
Recently catalogued
Read more →Agent Tesla
ActiveInfostealer / RAT
A long-running .NET infostealer and RAT sold as malware-as-a-service, specialising in credential theft, keylogging and exfiltration over SMTP/FTP/Telegram.
Andromeda
DeadBotnet / Loader
A modular botnet and loader sold on underground forums for years, used to distribute dozens of other malware families until its 2017 takedown.
BazarLoader
DisruptedLoader
A stealthy backdoor-loader from the TrickBot/Conti gang used to gain initial access and deploy Ryuk and Conti ransomware.
BlackCat (ALPHV)
DisruptedRansomware
One of the first major ransomware families written in Rust, a sophisticated RaaS behind the Change Healthcare attack before its 2024 exit scam.
Bumblebee
ActiveLoader
A modular loader linked to the Conti/TrickBot ecosystem that became a major ransomware delivery vehicle before the Operation Endgame disruption.
Cerber
DormantRansomware
A 2016-era ransomware-as-a-service known for its 'talking' ransom note, offline encryption and one of the first major affiliate models.
Browse by type