OilRig a threat actor actively know from 2016, now uses a new threat vector BONDUPDATER malware. It target middle eastern oil producing countries. It uses spear phishing email campaigns to propagate itself.
CHAINSHOT Malware use multiple steps to exploit a a Adobe Flash 0-day vulnerability CVE-2018-5002. Malware is multi stager and downloads additional DLLs to create Backdoor in the victim machine.
PyLocky ransomware is written in Python and ships with PyInstaller. It spread via emails. The emails usually have very convincing invoice attachments.
CobInt Malware by Cobalt Group is modular malware system written in C. CobInt mainly has three modules which it downloads on demand. First the initial downloader which usually comes in form word document via spear phishing email campaign.
PowerPool malware exploits a 0-day vulnerability in Microsoft Windows 7 to 10. This 0-day vulnerability targets the Advanced Local Procedure Call (ALPC) allows non-admin user to gain administrative privileges.