Top 10 Malware Q2 2025

CIS/MS-ISAC’s Q2 2025 Top 10 Malware report notes an 18% decrease in detections but continued dominance of SocGholish (31%), with notable activity from ZPHP, Agent Tesla, VenomRAT, CoinMiner, Mirai, NanoCore, ArechClient2, ClearFake, and LandUpdate808. Malvertisement led initial access vectors (driven by SocGholish, ZPHP, ClearFake, LandUpdate808), alongside malspam and dropped payloads. The report provides extensive IOCs (domains, IPs, SHA256 hashes) to support detection and hunting, and outlines malware capabilities including RAT functions, credential theft, data exfiltration, and botnet/DDoS operations.