2025 State of the Internet: Malware Investigations

This Censys State of the Internet report details two investigations: Wainscot, a variant used by or against Storm-0156 that exfiltrated data from a suspected Indian Territorial Army host and was sinkholed, and BeaverTail, a Python-based infostealer/backdoor linked to DPRK-associated operators targeting developers; the report contains infrastructure indicators (domains, ports, hosting providers), observed behaviors, maps of control servers, and notes on remediation and ongoing operational use.