Pysa Ransomware, also know by its former name Mespinoza Ransomware is typically distributed via malspam, malvertising campaign, exploit kits, drive-by downloads, and brute-forcing accounts on servers that have RDP exposed to the Internet. Pysa encrypts data using AES-256 the keys for which are then encrypted with RSA.
PowerPepper is a Windows in-memory PowerShell backdoor that can execute remotely sent shell commands. It is associated with DeathStalker (formerly called Deceptikons), a threat actor know to be active since 2012. The threat actor consistently used what is called "dead-drop resolvers" (DDRs), which is an obfuscated content hosted on major public web services like YouTube, Twitter or Reddit, once decoded by malware this content reveals a command-and-control (C2) server address.
Buer is malware-as-a-service product that provide initial foothold in the victim's machine and deliver whatever payload it's owner what to deliver. It can be a RAT or Stealer. Recently it is know to be delivering ransomware like Ryuk.
Blackrota is a backdoor written in go lang and targets Docker containers. It attempts to exploit an unauthorized-access vulnerability in the Docker Remote API.
A new malware campaign using npm registry as a mode of spreading. This Malware is debut as CursedGrabber. Its designed to steal Discord App Tokens, personal information such payment information and web browser files of the users.