1 malware family

Red Dev 10

Also known asred_dev_10

Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial

MITRE ATT&CK

Tradecraft

58 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.

13 of 15 tactics108 techniques×N= number of intelligence reports citing this technique

MITRE ATT&CK

TA0043

Reconnaissance

2 techniques

T1590

Gather Victim Network Information

T1590.005

IP Addresses

T1592

Gather Victim Host Information

T1592.004

Client Configurations

TA0042

Resource Development

2 techniques

T1583

Acquire Infrastructure

T1583.001

Domains

T1583.004

Server

T1587

Develop Capabilities

T1587.001

Malware

TA0002

Execution

6 techniques

T1053

Scheduled Task/Job

T1053.005

Scheduled Task

T1059

Command and Scripting Interpreter

T1059.001

PowerShell

T1059.003×2

Windows Command Shell

T1072

Software Deployment Tools

T1106

Native API

T1569

System Services

T1569.002

Service Execution

T1574

Hijack Execution Flow

TA0003

Persistence

6 techniques

T1053

Scheduled Task/Job

T1053.005

Scheduled Task

T1205

Traffic Signaling

T1205.002

Socket Filters

T1543

Create or Modify System Process

T1543.003

Windows Service

T1546

Event Triggered Execution

T1546.012×2

Image File Execution Options Injection

T1547

Boot or Logon Autostart Execution

T1547.012×2

Print Processors

T1556

Modify Authentication Process

T1556.002

Password Filter DLL

TA0004

Privilege Escalation

6 techniques

T1053

Scheduled Task/Job

T1053.005

Scheduled Task

T1055

Process Injection

T1055.013

Process Doppelgänging

T1134

Access Token Manipulation

T1134.002

Create Process with Token

T1543

Create or Modify System Process

T1543.003

Windows Service

T1546

Event Triggered Execution

T1546.012×2

Image File Execution Options Injection

T1547

Boot or Logon Autostart Execution

T1547.012×2

Print Processors

TA0005

Stealth

10 techniques

T1014×2

Rootkit

T1027

Obfuscated Files or Information

T1027.007

Dynamic API Resolution

T1027.013

Encrypted/Encoded File

T1055

Process Injection

T1055.013

Process Doppelgänging

T1070

Indicator Removal

T1070.004

File Deletion

T1070.009

Clear Persistence

T1134

Access Token Manipulation

T1134.002

Create Process with Token

T1140×2

Deobfuscate/Decode Files or Information

T1205

Traffic Signaling

T1205.002

Socket Filters

T1497

Virtualization/Sandbox Evasion

T1574

Hijack Execution Flow

T1622

Debugger Evasion

TA0112

Defense Impairment

2 techniques

T1553

Subvert Trust Controls

T1556

Modify Authentication Process

T1556.002

Password Filter DLL

TA0006

Credential Access

4 techniques

T1003

OS Credential Dumping

T1003.001

LSASS Memory

T1003.002

Security Account Manager

T1056

Input Capture

T1056.001×2

Keylogging

T1555

Credentials from Password Stores

T1555.003

Credentials from Web Browsers

T1556

Modify Authentication Process

T1556.002

Password Filter DLL

TA0007

Discovery

12 techniques

T1007×3

System Service Discovery

T1010

Application Window Discovery

T1016

System Network Configuration Discovery

T1057×2

Process Discovery

T1082×2

System Information Discovery

T1083

File and Directory Discovery

T1087

Account Discovery

T1087.001

Local Account

T1124

System Time Discovery

T1497

Virtualization/Sandbox Evasion

T1518

Software Discovery

T1518.001

Security Software Discovery

T1614

System Location Discovery

T1614.001

System Language Discovery

T1622

Debugger Evasion

TA0008

Lateral Movement

2 techniques

T1021

Remote Services

T1021.002

SMB/Windows Admin Shares

T1072

Software Deployment Tools

TA0009

Collection

2 techniques

T1056

Input Capture

T1056.001×2

Keylogging

T1115×2

Clipboard Data

TA0011

Command and Control

10 techniques

T1008

Fallback Channels

T1071

Application Layer Protocol

T1071.001

Web Protocols

T1090

Proxy

T1095×3

Non-Application Layer Protocol

T1105

Ingress Tool Transfer

T1132

Data Encoding

T1132.001

Standard Encoding

T1205

Traffic Signaling

T1205.002

Socket Filters

T1571

Non-Standard Port

T1573

Encrypted Channel

T1573.001

Symmetric Cryptography

T1665

Hide Infrastructure

TA0010

Exfiltration

1 technique

T1041

Exfiltration Over C2 Channel

ARSENAL

Associated malware families

1 malware family attributed to this actor across reporting.

FamilyContextEvidenceLast seen

SprySOCKSESET researchers have discovered two as-yet undocumented Windows variants of SprySOCKS, a previously Linux-only backdoor reportedly used by FishMonger... The Windows variants discovered are internally marked as WIN_DRV and WIN_PLUS.2Jun 16, 2026

ACTIVITY FEED

Recent activity

No public activity tracked yet. Mallory keeps watching.

0 SOURCESView more in app

No public activity observed for this threat actor.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.

Start free trial

Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping58

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal1

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables

Domains, IPs, and hashes tied to this actor, refreshed continuously.