1 malware family

Leda Elacoate

Also known asLeda Elacoate

Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial

MITRE ATT&CK

Tradecraft

14 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.

6 of 15 tactics19 techniques×N= number of intelligence reports citing this technique

MITRE ATT&CK

TA0001

Initial Access

1 technique

T1195

Supply Chain Compromise

T1195.002

Compromise Software Supply Chain

TA0002

Execution

2 techniques

T1204

User Execution

T1204.002

Malicious File

T1574

Hijack Execution Flow

T1574.001

DLL

TA0005

Stealth

4 techniques

T1027

Obfuscated Files or Information

T1036

Masquerading

T1036.005

Match Legitimate Resource Name or Location

T1036.008

Masquerade File Type

T1574

Hijack Execution Flow

T1574.001

DLL

T1620

Reflective Code Loading

TA0006

Credential Access

2 techniques

T1539

Steal Web Session Cookie

T1555

Credentials from Password Stores

TA0009

Collection

1 technique

T1115

Clipboard Data

TA0011

Command and Control

3 techniques

T1071

Application Layer Protocol

T1105

Ingress Tool Transfer

T1219

Remote Access Tools

ARSENAL

Associated malware families

1 malware family attributed to this actor across reporting.

FamilyContextEvidenceLast seen

STX RATA malicious CRYPTBASE.dll gets sideloaded alongside the legitimate installer, kicking off what the report calls an identical multi-stage unpack chain that loads STX RAT in memory.1Jun 15, 2026

IOCS

Observables

5 indicators attributed to this actor: domains, IPs, hashes, and other artifacts pulled from reporting. View more in app.

5 IOCsView more in app

IOC values are gated. View more in Mallory for domains, IPs, hashes, and other artifacts, or pipe them straight into your SIEM.

ACTIVITY FEED

Recent activity

1 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

1 SOURCESView more in app

security online infoNews

Jun 15, 2026

X-VPN DLL Sideloading Spreads STX RAT Malware

Conducted a month-long supply chain-style malware distribution campaign using trojanized installers for cryptocurrency trading tools and later X-VPN to deliver STX RAT via DLL sideloading.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.

Start free trial

Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping14

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal1

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables5

Domains, IPs, and hashes tied to this actor, refreshed continuously.