About the Malwarebox ID:
The Malwarebox ID classifies a threat actor (cluster) within the Malwarebox Initiative

---

APT28

Country: Russia 🇷🇺
Malwarebox ID: MB-0002
Targets: Ukraine 🇺🇦 (#1), NATO / EU

• APT28: Geofencing as a Targeting Signal (CVE-2026-21509 Campaign)February 3, 2026

---

APT36

Country: Pakistan 🇵🇰
Targets: India 🇮🇳 (#1), Afghanistan 🇦🇫, Bangladesh 🇧🇩, Sri Lanka 🇱🇰

• APT36 – “Abaris” Deobfuscating VB DropperOctober 19, 2025

---

Gamaredon

Country: Russia 🇷🇺
Malwarebox ID: MB-0001
Targets: Ukraine 🇺🇦 (#1)

• Following Gamaredons Infrastructure Rotations using Kraken (1/7)March 23, 2026
• Gamaredon: Now Downloading via Windows Updates Best Friend “BITS”January 13, 2026
• Defending Against Gamaredon: Practical Controls That Actually WorkJanuary 6, 2026
• Gamaredon: Same Goal, Fewer FingerprintsJanuary 5, 2026
• GamaWiper Explained: Gamaredon’s “New” Anti-Analysis WeaponDecember 22, 2025
• Inside Gamaredon 2025: Zero-Click Espionage at ScaleNovember 22, 2025
• How a Russian Threat Actor Uses a Recent WinRAR Vulnerability in Their Ukraine OperationsNovember 13, 2025

---

MuddyWater

Country: Iran 🇮🇷
Malwarebox ID: MB-0004
Targets: Iraq 🇮🇶, Saudi Arabia 🇸🇦, United Arab Emirates 🇦🇪, Jordan 🇯🇴, Turkey 🇹🇷, Israel 🇮🇱, Germany 🇩🇪, United States 🇺🇸

• Observed Telegram Bot Naming Patterns in Recent MuddyWater Malware ActivityMarch 21, 2026
• RustyStealer: Your Compiler Is Snitching on YouJanuary 15, 2026
• MuddyWater: When Your Build System Becomes an IOC – “Jacob”January 10, 2026

---

North Korea

Country: North Korea 🇰🇵

Targets: Democracy

• Why Is a North Korean Mail Server Using a .cc Domain? – Threat Intelligence Beyond MalwareJanuary 27, 2026

---

UAC-0184

Country: UNKNOWN
Malwarebox ID: MB-0005
Targets: Ukraine 🇺🇦 (#1)

• UAC-0184: From HTA to a Signed Network StackMay 18, 2026

---

UAC-0226

Country: UNKNOWN
Malwarebox ID: MB-0004
Targets: Ukraine 🇺🇦 (#1)

• Obfuscation Without Effort: Breaking a UAC-0226 GIFTEDCROOK StealerApril 9, 2026

---

UAC-0244/UAC-0247

Country: UNKNOWN
Malwarebox ID: MB-0006
Targets: Ukraine 🇺🇦 (#1)

• UAC-0244 / UAC-0247: Malware Targeting FPV drone operatorsMay 21, 2026

---

Unknown

Country: UNKNOWN

Targets: UNKNOWN

• 3.000 “Stealer” Samples, One Misconfigured Apache ServerApril 13, 2026

---

All

• UAC-0244 / UAC-0247: Malware Targeting FPV drone operatorsMay 21, 2026
• UAC-0184: From HTA to a Signed Network StackMay 18, 2026
• 3.000 “Stealer” Samples, One Misconfigured Apache ServerApril 13, 2026
• Obfuscation Without Effort: Breaking a UAC-0226 GIFTEDCROOK StealerApril 9, 2026
• Following Gamaredons Infrastructure Rotations using Kraken (1/7)March 23, 2026
• Observed Telegram Bot Naming Patterns in Recent MuddyWater Malware ActivityMarch 21, 2026
• APT28: Geofencing as a Targeting Signal (CVE-2026-21509 Campaign)February 3, 2026
• Why Is a North Korean Mail Server Using a .cc Domain? – Threat Intelligence Beyond MalwareJanuary 27, 2026
• RustyStealer: Your Compiler Is Snitching on YouJanuary 15, 2026
• Gamaredon: Now Downloading via Windows Updates Best Friend “BITS”January 13, 2026
• MuddyWater: When Your Build System Becomes an IOC – “Jacob”January 10, 2026
• Defending Against Gamaredon: Practical Controls That Actually WorkJanuary 6, 2026
• Gamaredon: Same Goal, Fewer FingerprintsJanuary 5, 2026
• GamaWiper Explained: Gamaredon’s “New” Anti-Analysis WeaponDecember 22, 2025
• Inside Gamaredon 2025: Zero-Click Espionage at ScaleNovember 22, 2025
• How a Russian Threat Actor Uses a Recent WinRAR Vulnerability in Their Ukraine OperationsNovember 13, 2025
• APT36 – “Abaris” Deobfuscating VB DropperOctober 19, 2025
• APT44 – Sandworm TeamOctober 18, 2025
• APT1October 3, 2025