Decoder LoopDec 15

🦀 Looking for Rust malware samples to practice analyzing? Our Rust Malware Sample Gallery just received a major update, with 20 new families added! https://github.com/decoderloop/rust-malware-gallery

The Sample Gallery collects links to articles about malware written in Rust, organizes them by malware family, and includes a download link to a publicly available sample for every malware family. This is a resource for any malware analyst who wants to get hands-on with real Rust malware.

The last time the Sample Gallery was updated was almost 2 years ago, in January 2024. Since then, there's been an explosive growth in new Rust malware, including all of the following families that are now in the Sample Gallery:

SPICA, KrustyLoader, RustDoor, SSLoad, Fickle Stealer, Cicada3301 Ransomware, RustyClaw, Embargo Ransomware, RustyAttr, Akira Ransomware (both the Akira_v2 and Megazord variants), Banshee (Rust variant), RALord Ransomware, RustoBot, Tetra Loader, EDDIESTEALER, Myth Stealer, Rustonotto, RustyPages, ChaosBot

This is nearly one new Rust malware family observed in the wild, every month. Rust as a programming language for malware is here to stay!

#rust #rustlang #malware #infosec #ReverseEngineering #MalwareAnalysis #reversing

Show threadDecoder LoopJan 2

The Rust ransomware KCVY OSLOCK has been added to the Rust Malware Sample Gallery: https://github.com/decoderloop/rust-malware-gallery#kcvy-oslock

#rust #rustlang #malware #infosec #ReverseEngineering #MalwareAnalysis #reversing #ransomware

GitHub - decoderloop/rust-malware-gallery: A collection of malware families and malware samples which use the Rust programming language.

A collection of malware families and malware samples which use the Rust programming language. - decoderloop/rust-malware-gallery

GitHub
Show threadDecoder LoopJan 8

A new Rust DDoS Botnet family has been added to the Rust Malware Sample Gallery: https://github.com/decoderloop/rust-malware-gallery#unnamed-rust-ddos-botnet

This malware family is currently unnamed, but was analyzed in this 2025-11-30 article by Beelzebub: https://beelzebub.ai/blog/rust-ddos-botnet-honeypot-c2-decoding/

(h/t to @cydave ; I learned about the Beelzebub article from his link to it, in his article about setting up a honeypot: https://0dave.ch/posts/flying-whales-in-a-pot-of-honey/)

#rust #rustlang #malware #infosec #ReverseEngineering #MalwareAnalysis #reversing #botnet

GitHub - decoderloop/rust-malware-gallery: A collection of malware families and malware samples which use the Rust programming language.

A collection of malware families and malware samples which use the Rust programming language. - decoderloop/rust-malware-gallery

GitHub
Show threadDecoder LoopJan 8

FunkSec Ransomware (aka FunkLocker) has been added to the Rust Malware Sample Gallery: https://github.com/decoderloop/rust-malware-gallery#funksec-ransomware

#rust #rustlang #malware #infosec #ReverseEngineering #MalwareAnalysis #reversing #ransomware #FunkSec #FunkLocker

GitHub - decoderloop/rust-malware-gallery: A collection of malware families and malware samples which use the Rust programming language.

A collection of malware families and malware samples which use the Rust programming language. - decoderloop/rust-malware-gallery

GitHub
Show threadDecoder LoopJan 10

RustyWater (aka RUSTRIC, Archer RAT) has been added to the Rust Malware Sample Gallery: https://github.com/decoderloop/rust-malware-gallery#rustywater

#rust #rustlang #malware #infosec #ReverseEngineering #MalwareAnalysis #reversing #MuddyWater

GitHub - decoderloop/rust-malware-gallery: A collection of malware families and malware samples which use the Rust programming language.

A collection of malware families and malware samples which use the Rust programming language. - decoderloop/rust-malware-gallery

GitHub
Show threadDecoder Loop3d ago

An unnamed Rust-based loader, mimicking a GoToMeeting DLL, has been added to the Rust Malware Sample Gallery: https://github.com/decoderloop/rust-malware-gallery#rust-based-loader-mimicking-gotomeeting-dll

#rust #rustlang #malware #infosec #ReverseEngineering #MalwareAnalysis #reversing

Show threadDecoder Loop3d ago

Marabu Ransomware has been added to the Rust Malware Sample Gallery: https://github.com/decoderloop/rust-malware-gallery#marabu-ransomware

#rust #rustlang #malware #infosec #ReverseEngineering #MalwareAnalysis #reversing #ransomware #Marabu

GitHub - decoderloop/rust-malware-gallery: A collection of malware families and malware samples which use the Rust programming language.

A collection of malware families and malware samples which use the Rust programming language. - decoderloop/rust-malware-gallery

GitHub
Show threadDecoder Loop

An unnamed Rust-based keylogger, used by a threat actor named SloppyLemming, has been added to the Rust Malware Sample Gallery: https://github.com/decoderloop/rust-malware-gallery#rust-based-keylogger-used-by-sloppylemming

#rust #rustlang #malware #infosec #ReverseEngineering #MalwareAnalysis #reversing #SloppyLemming

Mar 17 at 6:39amWeb
Show threadDecoder Loop3d ago

A novel banker RAT, named VENON, has beed added to the Rust Malware Sample Gallery: https://github.com/decoderloop/rust-malware-gallery#venon

#rust #rustlang #malware #infosec #ReverseEngineering #MalwareAnalysis #reversing #VENON