MALWARE FAMILY
MISTCLOAK
Internal ID: win.mistcloak
1
campaigns
1
aliases
Last seen:Mar 17, 2026
Intelligence Profile
Mandiant associates this with UNC4191, this malware decrypts and runs DARKDEW.
Threat Analysis
MISTCLOAK is a malware family tracked by threat intelligence researchers and catalogued in the Malpedia dataset. It represents a distinct malicious software lineage with identifiable code characteristics, behaviors, and victimology.
Known Campaigns
Mistcloak — Active Campaign February 2026
Mistcloak is conducting an active ransomware campaign targeting organizations across 1 country. Primary targets: Public Sector. 2 confirmed victims recorded in the last 45 days. Campaign appears to have stalled.
🎯 Public Sector
LOW2026
External References
Quick Facts
TypeMalware Family
Aliases1
Also Known As
win.mistcloak
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.