wormgpt_4_and_kawaiigpt_operators
Operators using the malicious AI tools WormGPT 4 and KawaiiGPT. According to Palo Alto Networks' Unit 42, these tools are being tracked as enabling threat actors to craft convincing phishing lures and generate ransomware code, lowering the barrier for cybercriminal activity. WormGPT 4 is described as being sold for $220 lifetime or $50 per month, while KawaiiGPT is described as free on GitHub and easy to deploy. The provided content does not attribute these operators to a specific nation state, campaign, or formal intrusion set, and no additional aliases or sub-groups are identified beyond wormgpt_4_and_kawaiigpt_operators.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Recent activity
1 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.