Downloader
| 14.12.2023 | OilRig | OilRig’s persistent attacks using cloud service-powered downloaders | MALWARE | Downaloader |
| 14.12.2023 | VaporRage | According to Mandiant, VaporRage or BOOMMIC, is a shellcode downloader written in C that communicates over HTTPS. | MALWARE | Downaloader |
| 14.12.2023 | GraphicalProton | PANW Unit 42 describes this malware as capable of up and downloading files as well as loading additional shellcode payloads into selected target processes. It uses the Microsoft Graph API and Dropbox API as C&C channel. | MALWARE | Downaloader |
| 29.12.2023 | DarkGate | First documented in 2018, DarkGate is a commodity loader with features that include the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation. DarkGate makes use of legitimate AutoIt files and typically runs multiple AutoIt scripts. New versions of DarkGate have been advertised on a Russian language eCrime forum since May 2023. | MALWARE | Download |
| 15.02.2026 | HYPERCALL | Golang-based downloader that reads an RC4-encrypted configuration file, connects to C2 over WebSockets on TCP 443, downloads malicious dynamic libraries, and reflectively loads them into memory. | MALWARE | DOWNLOADER |
| 02.07.2025 | DAMASCENED PEACOCK | A lightweight, staged downloader targeting Windows, delivered via spear-phishing. | MALWARE | DOWNLOADER |
| 14.11.2024 | RustyAttr | Stealthy Attributes of Lazarus APT Group: Evading Detection with Extended Attributes | MALWARE | DOWNLOADER |
| 24.08.2024 | PEAKLIGHT | PEAKLIGHT: Decoding the Stealthy Memory-Only Malware | MALWARE | Downloader |
| 08.04.2024 | Latrodectus | Latrodectus: This Spider Bytes Like Ice | MALWARE | Downloader |
| 09.12.2023 | GULOADER | Getting gooey with GULOADER: deobfuscating the downloader | MALWARE | Downloader |
| 21.11.2023 | Pikabot | Introducing Pikabot, an emerging malware family that comprises a downloader/installer, a loader, and a core backdoor component. Despite being in the early stages of development, it already demonstrates advanced techniques in evasion, injection, and anti-analysis. | MALWARE | Downloader |
| 21.11.2023 | DarkGate | First documented in 2018, DarkGate is a commodity loader with features that include the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation. | MALWARE | Downloader |
| 14.11.2023 | IronWind | TA402 Uses Complex IronWind Infection Chains to Target Middle East-Based Government Entities | MALWARE | Downloader |
| 20.10.2023 | Scout | A downloader that uses Windows messages to control its execution flow. | MALWARE | Downloader |
| 20.10.2023 | LPEClient | LPEClient is an HTTP(S) downloader that expects two command line parameters: an encrypted string containing two URLs (a primary and a secondary C&C server), and the path on the victim's file system to store the downloaded payload. | MALWARE | Downloader |
| 08.08.2023 | LOLBAS | To that end, the Israeli cybersecurity company said it uncovered nine LOLBAS downloaders and three executors that could enable adversaries to download and execute "more robust malware" on infected hosts. | MALWARE | Downloader |
| 31.07.2023 | Fruity | Fruity trojan downloader performs multi-stage infection of Windows computers | MALWARE | Downloader |
| 03.07.2023 | Pikabot | Introducing Pikabot, an emerging malware family that comprises a downloader/installer, a loader, and a core backdoor component. | MALWARE | Downloader |
| 03.07.2023 | AresLoader | AresLoader is a new malware "downloader" that has been advertised on some Russian language Dark Web forums “RAMP and "XSS" by a threat actor called "DarkBLUP" | MALWARE | Downloader |
| 06.05.2023 | sLoad | sLoad is a PowerShell downloader that most frequently delivers Ramnit banker and includes noteworthy reconnaissance features. | MALWARE | Downloader |