Trends

Chokepoints stay stable. The techniques layered around them shift constantly. These analyses track what adversaries are actually doing: which payloads and cradle families dominate, which evasion techniques are rising or dying, and what infrastructure they keep coming back to. Data-driven signal for prioritizing detection work.

Payload Prevalence

Which command lines, scripts, and file types are most common vs. rare across real-world campaigns

Technique Shifts

When adversaries pivot. New evasion methods emerging, old ones dying as defenders catch up.

Malicious Infrastructure

Staging domains, CDN abuse, C2 hosting patterns, and reused infrastructure clusters

Time-Series Intel

Monthly aggregations showing acceleration, plateau, or decline, not just point-in-time snapshots

Analyses

ClickFix Delivery Chain

Live Data

10 months of MHaggis ClickGrab crawl data mapped through the Detection Chokepoint Framework. Tracks cradle family evolution (IWR→Curl pivot), evasion technique acceleration (Base64 18×), self-delete emergence, and CDN staging infrastructure across 20K+ malicious sites.

21507 sites crawled 20505 malicious 493 daily reports 2025-04-17 to 2026-04-03

Updated 2026-04-04 View analysis

Edge Device Exploit Trends

Live Data

Defused Cyber honeypot telemetry across 25 edge device decoy types mapped through the Detection Chokepoint Framework. Tracks CitrixBleed 2 toolkit proliferation (54% of traffic), the CVE-2022-22536 SAP burst, CVE-2026-20127 (Cisco SD-WAN) full kill chain, and self-replicating worm campaigns.

15,001 exploit attempts 25 decoy types 40+ CVEs Mar 14 – Apr 13, 2026

Updated 2026-04-13 View analysis

Software Impersonation Infrastructure

Under Construction

                ==-----=++***+-=-**#%%%%%%%%%#*
            =+****#--#**++=##*#%%%%%%%%%%%%%%%%%%+
         =+*########+-*##--=#%%%%%%%%%%%%%%%%%%%%%%
       =**############-=#*#%%%%%%%%%%%%%%%%%%%%%%%%%
     =+*############%%%#*%%%%%%%@@%%%%%%%%%%%%%%%%#
    +**###########%%%#+#%@@@%%%%%%@@@@@@@%%%%%%%%#
   +**########%%%%##**%@%%%%%%%%##%%%%%%%%%%%%%%*
  +***######%%%#%***%%%%##**++++++++***##%%%%%#
 +**######%%%#%**#%##**+++=====--===++*#%++%#
+**######%%%%*##*+++++==---::::::-+++-=+#%*-
+***######%%#%%#*+===-------==::::*+=+++-=%*-                      -
+**######%%%%%#*+==----+*##*++::::::::::::%=                    -+*+*:
+*######%%#####*+===-+*=-------::::---::::*=                    ==*---:
**#####%%######+====------------::--=--:::*                =-::+*=+++==+
**####%%######*+===------==+++=-:-=:-#--::-              *:-----=+-=+=-
+*###%######%#+====-----=:...=+=-:++..:-::             .:------=+-
=*##%%######%#=====----=-:***.:=-=%@*..-:::           .:-----=+=*
 *#%##########======---=-+*@*::=-:**-:::::::          -===-=+-++-::
 *+++++++++###=====--:::----:::::------::::::        =+=       ++:++
=++++++++++***===-----:::::::-=====-----------       +-         ++-+=:=  :--
++++++++++=++=====---------:-=++====---------=-     +-           -==--==+====-
+==+++++++==========--------=++++++====------==                  -+++***++===:
=+==++++=++====++++==+++++===+++***++++-::--==                  -+=***++++++==-:
 +===++++=+====++++++++#+++=========-::::---=-                 =++**++++++++++=-:
  +====++++=+==++++==-=*@#+=-----------=-----                  +***+++++++++++===:
   =+++++++++==++++=--==+@@@@@@@@@@@@@#-:---                   ****++++++++++++===-
             +==++++======+##%%%%%@%%#-:---                  :=*#***+++++++++++++==
                =+++++=======-=+++=---:--                 +**+++**#****++++++++*--
                  =+++++===========----                    +***+++*#**********=:--=
                    **#*++++++++=+==                         =**+++*###****+=+++=:
                    +****#######*+==-                      -==+*****+*+++    -=
                ====+********++=========----            -======+***+++
         -=====++++++*****++++++================-=    :------===++***+
  ----==+++++++***+*******+++++++++++===========-:::::----:---===
 -======**********+*******+++++++++++++++++++=+--::::---------==
-=======******************++++++++++****+++++++=--------------
-======++******************++*+++*************++++======----:
-===++++++****###*********++*+*****###*********%+===++=====
-==++++++  **#************++++++++***####*  =**+
-==+++++=        -*******++++++++++++*****-
:===+++++          ******++++++++=++++++***#
  *#=+++++**#=        ******++++++=====+++++++*
 +********###*+       ******+++++=========++++
  +*##**#####*        *****+++++==========++++
  =#########*         *****++++++==========+++
 +**########*-        +***++++++============+=
-+*******###*+-       *****+++++==============
=++*********#*+       +****++++++===========-=
-****#*****#**+       +****+++++++=========++=
***************=      *****+++++++====+=+++=+++
=*************+++    =++++++=======+==+=====+:+=
-*************+=     +*###*******++++*#====-=+*=
    =*********=      =****###+*+*+++*#*======**#
                     =**%###%##+**+*##%=+====#**++++++++******+++
                     +***###*+=#+*+*###%*+++%################****+
                  -==++#%%%#-*%%%%%%%%%%%%###%##############******
                 +*+===++*#%%%%%%%%%%%%####%###%#%%##%#%%%####****
                 =*++==*#%%#%###############%%%%%%%%%%%%%#%####***
                      ###%%#%##########*###%%#%%%%%%%%%%%######***+
                      *##%%##########***#%%%%%%%%%%%%%#%%%#####***+
    ===++-            #%#%%######******#%#%           #%%%######**+
   +=++=*#*=          #%#########***#**                #%%######**#
  +++++*******+-      #%###########+***                *#%######*#+-
 ++++*******++*#%%*   #%########******                 *%%%###+======
 =+=*****+*++*######*=%%########*****                  ****+**+++====
=+++*****#*+*+%######%%%#########****#                 *##******+*=*#+=**#-::----:
=+=******#****+%#######%%%*######******                +#*####*++++===++=+++++====-
+++*******#####*%%%%%###%%%######******                =****++++++++++++**+++++++-:
++++******+######*%%%%%%%%%%%%%####*****               =#**+**********#####*+-----::
+++**+++##*##%%***###%%%%%%%%%%%####***+                **+=-------=====++++==+*#
+++#*++***%%%%*          ##%%%%%%%####**               =**++====**********++
*+##**++****+                 +#%#####                  +*+++++++
*+##******#*
 +*###***##
    ++*+*

Under construction

Have data worth analyzing? Trends analyses are sourced from crawled infrastructure, public incident reports, and open datasets. If you have a dataset that maps well to detection chokepoints, see CONTRIBUTING.md or open an issue to discuss.