2026-05-05 (Back to Inventory) UAT-8302 and its box full of malware Author(s): Asheer Malhotra , Brandon White , Jungsoo An Organization: Cisco Talos elf.snowlight win.dracu_loader win.finaldraft win.snappybee win.stowaway win.vshell Open article directly Open article on Archive.org Related Articles 2026-04-02 ⋅ Cisco Talos ⋅ Asheer Malhotra , Brandon White UAT-10608: Inside a large-scale automated credential harvesting operation targeting web applications UAT-10608 2026-02-10 ⋅ Cisco Talos ⋅ Aaron Boyd , Asheer Malhotra , Nick Biasini , Vitor Ventura New threat actor, UAT-9921, leverages VoidLink framework in campaigns VoidLink UAT-9921 2026-01-29 ⋅ Cisco Talos ⋅ Joey Chen Dissecting UAT-8099: New persistence mechanisms and regional focus UAT-8099