Malpedia Library

Click here to download all references as Bib-File.•

2024-11-07 ⋅ ESET Research ⋅ ESET Research
APT Activity Report: Abusing Cloud Services and VPN Platforms in the Pursuit of New Prey
FrostyNeighbor

2024-10-28 ⋅ ESET Research ⋅ Anh ho
CloudScout: Evasive Panda scouting cloud services
CloudScout MgBot Nightdoor

2024-10-24 ⋅ ⋅ Cert-UA ⋅ Cert-UA
Accounts in service UAC-0218: file theft using HOMESTEEL (CERT-UA#11717)
HOMESTEEL UAC-0215

2024-09-18 ⋅ ASD, CNMF, CSE Canada, FBI, GCSB, NCSC UK, NSA
People’s Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations
Nosedive

2024-09-10 ⋅ Talos Intelligence ⋅ Joey Chen
DragonRank, a Chinese-speaking SEO manipulator service provider
IISpy PlugX DragonRank

2024-08-07 ⋅ Symantec ⋅ Threat Hunter Team
Cloud Cover: How Malicious Actors Are Leveraging Cloud Services
GoGra Grager MOONTAG Ondritols TONERJAM

2024-07-26 ⋅ SOC Prime ⋅ Veronika Telychko
UAC-0102 Phishing Attack Detection: Hackers Steal Authentication Data Impersonating the UKR.NET Web Service
UAC-0102

2024-06-04 ⋅ Aquasec ⋅ Nitzan Yaakov
Muhstik Malware Targets Message Queuing Services Applications
Tsunami

2024-04-29 ⋅ Zscaler ⋅ Santiago Vicente
Zloader Learns Old Tricks
Zloader

2024-04-24 ⋅ Cisco ⋅ Cisco Talos
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices
ArcaneDoor Storm-1849

2024-04-24 ⋅ NCSC UK ⋅ NCSC UK
Line Dancer - In-memory shellcode loader targeting Cisco Adaptive Security Appliance (ASA) devices.

2024-04-24 ⋅ NCSC UK ⋅ NCSC UK
Line Runner: Persistent webshell targeting Cisco Adaptive Security Appliance (ASA) devices.

2024-04-02 ⋅ Forescout ⋅ Forescout Vedere Labs
“All your base are belong to us” – A probe into Chinese-connected devices in US networks

2024-03-05 ⋅ CIP ⋅ paloalto Networks: Unit42, State Service of Special Communication and Information Protection of Ukraine (CIP)
Semi-Annual Chronicles of UAC-0006 Operations
SmokeLoader

2024-03-04 ⋅ Cleafy ⋅ Federico Valentini, Francesco Iubatti
On-Device Fraud on the rise: exposing a recent Copybara fraud campaign
Copybara

2024-02-29 ⋅ SANS ISC ⋅ John Moutos
Dissecting DarkGate: Modular Malware Delivery and Persistence as a Service
DarkGate

2024-02-27 ⋅ BitSight ⋅ André Tavares
Hunting PrivateLoader: The malware behind InstallsKey PPI service
PrivateLoader RisePro

2024-02-12 ⋅ Europol ⋅ Europol
International cybercrime malware service targeting thousands of unsuspecting consumers dismantled
Ave Maria

2024-02-09 ⋅ Department of Justice ⋅ Office of Public Affairs
International Cybercrime Malware Service Dismantled by Federal Authorities: Key Malware Sales and Support Actors in Malta and Nigeria Charged in Federal Indictments
Ave Maria

2024-02-05 ⋅ @g0njxa
Tweet Highlighting the Integration of GhostSocks Service into Lumma Stealer
GhostSocks