Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to threat actors

DEVCORE

Also known asdevcore

DEVCORE is a security research team that participated in the Pwn2Own Ireland 2025 hacking competition and demonstrated multiple critical zero-day vulnerabilities affecting QNAP NAS products. In the referenced material, DEVCORE is listed alongside other research teams (Summoning Team, Team DDOS, and a CyCraft intern) as having demonstrated seven critical vulnerabilities in QNAP QTS and QuTS hero, and QNAP applications including Hyper Data Protector, Malware Remover, and HBS 3 Hybrid Backup Sync. The demonstrated issues included memory-safety and input-validation flaws (e.g., stack-based buffer overflows, use-after-free, path traversal, and command injection) in components such as CGI handlers (including quick.cgi), which could enable unauthenticated remote code execution, privilege escalation to root, and full device takeover. No nation-state affiliation, malicious intent, targeting profile, or operational sub-groups/aliases are stated in the provided content.

Share:
Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial
MITRE ATT&CK

Tradecraft

4 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.

3 of 15 tactics4 techniques×N= number of intelligence reports citing this technique
MITRE ATT&CK
TA0002
Execution
1 technique
T1203
Exploitation for Client Execution
TA0004
Privilege Escalation
2 techniques
T1068×2
Exploitation for Privilege Escalation
T1611
Escape to Host
TA0008
Lateral Movement
1 technique
T1210
Exploitation of Remote Services
ACTIVITY FEED

Recent activity

4 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

4 SOURCESView more in app
socradar blogNews
Nov 10, 2025
Severe QNAP NAS Zero-Day Flaws Patched After Pwn2Own 2025: What You Should Know

Security research team that discovered and demonstrated zero-day vulnerabilities in QNAP NAS devices during Pwn2Own Ireland 2025.

Read more
securityaffairsNews
Nov 10, 2025
QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025

Participated in Pwn2Own 2025, demonstrating zero-day vulnerabilities in QNAP products as part of a white-hat hacking competition.

Read more
bleeping computerNews
Nov 7, 2025
QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own

Participated in Pwn2Own Ireland 2025, demonstrating zero-day vulnerabilities in QNAP NAS devices.

Read more
security weekNews
Dec 3, 2025
QNAP Patches Vulnerabilities Exploited at Pwn2Own Ireland

DEVCORE researchers demonstrated chained injection vulnerabilities and a format string bug in QNAP products at Pwn2Own Ireland 2025, earning a bug bounty for their exploit.

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.
Start free trial
Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping4

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables

Domains, IPs, and hashes tied to this actor, refreshed continuously.

DEVCORE | Mallory