Malpedia Library

Click here to download all references as Bib-File.•

2025-03-25 ⋅ SpyCloud ⋅ James
On the Hunt for Ghost(Socks)
GhostSocks

2024-12-19 ⋅ SpyCloud ⋅ James
LummaC2 Revisited: What’s Making this Stealer Stealthier and More Lethal
GhostSocks Lumma Stealer

2024-09-06 ⋅ SpyCloud ⋅ James
The Curious Case of an Open Source Stealer: Phemedrone
Phemedrone Stealer

2024-08-28 ⋅ Talos Intelligence ⋅ Craig Jackson, James Nutland, Terryn Valikodath
BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks
BlackByte

2024-06-03 ⋅ SpyCloud ⋅ James
Reversing Atomic macOS Stealer: Binaries, Backdoors & Browser Theft
AMOS

2024-03-29 ⋅ Github (thesamsam) ⋅ Sam James
Gist with XZ Backdoor analysis
xzbot

2023-11-21 ⋅ Reliaquest ⋅ James Xiang
Scattered Spider Attack Analysis

2023-10-13 ⋅ Twitter (@JAMESWT_MHT) ⋅ JamesWT
Tweets on Wikiloader delivering ISFB
ISFB WikiLoader

2023-07-21 ⋅ Mandiant ⋅ Doug Bienstock, Foti Castelan, James Nugent, Josh Murchie, Justin Moore
Exploitation of Citrix Zero-Day by Possible Espionage Actors (CVE-2023-3519)

2023-03-20 ⋅ Mandiant ⋅ CASEY CHARRIER, James Sadowski
Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace

2022-12-22 ⋅ Fortinet ⋅ James Slaughter, Shunichi Imano
Ransomware Roundup – Play Ransomware
PLAY

2022-11-10 ⋅ Fortinet ⋅ James Slaughter, Shunichi Imano
Ransomware Roundup: New Inlock and Xorist Variants
Inlock Xorist

2022-10-13 ⋅ Fortinet ⋅ James Slaughter, Shunichi Imano
Ransomware Roundup: Royal Ransomware
Royal Ransom

2022-09-14 ⋅ Mandiant ⋅ James Maclachlan, Mathew Potaczek, Matt Williams, Nino Isakovic, Yash Gupta
It's Time to PuTTY! DPRK Job Opportunity Phishing via WhatsApp
BLINDINGCAN miniBlindingCan sRDI

2022-08-29 ⋅ Securonix ⋅ Den Iyzvyk, Oleg Kolesnikov, Tim Peck
Securonix Threat Labs Security Advisory: New Golang Attack Campaign GO#WEBBFUSCATOR Leverages Office Macros and James Webb Images to Infect Systems

2022-08-18 ⋅ Fortinet ⋅ James Slaughter, Shunichi Imano
Ransomware Roundup: Gwisin, Kriptor, Cuba, and More
Cuba

2022-08-08 ⋅ Fortinet ⋅ James Slaughter
Life After Death - SmokeLoader Continues to Haunt Using Old Vulnerabilities
SmokeLoader zgRAT

2022-08-04 ⋅ Fortinet ⋅ James Slaughter, Shunichi Imano
Ransomware Roundup: Redeemer, Beamed, and More

2022-07-28 ⋅ SentinelOne ⋅ James Haughom, Julien Reisdorffer, Júlio Dantas
Living Off Windows Defender | LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool
Cobalt Strike LockBit

2022-07-12 ⋅ Fortinet ⋅ James Slaughter
Spoofed Saudi Purchase Order Drops GuLoader – Part 2
CloudEyE