Malpedia Library

Click here to download all references as Bib-File.•

2021-04-21 ⋅ Twitter (@alberto__segura) ⋅ Alberto Segura
Tweet on FluBot Version 4.0
FluBot

2021-04-19 ⋅ Twitter (@_alex_il_) ⋅ Alex Ilgayev
Tweet on QakBot's additional decryption mechanism
QakBot

2021-04-16 ⋅ Medium (Bank Security) ⋅ Bank_Security
Are the hackers all Russian? Results of a 1 year espionage operation in the Top-tier Russian underground communities

2021-04-15 ⋅ nao_sec blog ⋅ nao_sec
Exploit Kit still sharpens a sword
PurpleFox

2021-03-27 ⋅ Github (StrangerealIntel) ⋅ Twitter (@Arkbird_SOLG)
Terraloader: Congrats, you have a new fake job!
TerraLoader

2021-03-24 ⋅ Twitter (@VK_intel) ⋅ Vitali Kremez
Tweet on REvil ransomware
REvil

2021-03-11 ⋅ YouTube ( Malware_Analyzing_&_RE_Tips_Tricks) ⋅ Jiří Vinopal
Formbook Reversing - Part1 [Formbook .NET loader/injector analyzing, decrypting, unpacking, patching]
Formbook

2021-03-04 ⋅ 360 netlab ⋅ Jinye
Gafgtyt_tor and Necro are on the move again
Bashlite N3Cr0m0rPh Keksec

2021-03-01 ⋅ YouTube ( Malware_Analyzing_&_RE_Tips_Tricks) ⋅ Jiří Vinopal
Ryuk Ransomware - Advanced using of Scylla for Imports reconstruction
Ryuk

2021-02-26 ⋅ YouTube (Black Hat) ⋅ Kevin Perlow
FASTCash and INJX_Pure: How Threat Actors Use Public Standards for Financial Fraud
FastCash

2021-02-22 ⋅ YouTube ( Malware_Analyzing_&_RE_Tips_Tricks) ⋅ Jiří Vinopal
Ryuk Ransomware API Resolving in 10 minutes
Ryuk

2021-02-17 ⋅ cyber00011011.github.io ⋅ Cyber_00011011
Understand Shellcode with CyberChef

2021-02-05 ⋅ Twitter (@8th_grey_owl) ⋅ 8thGreyOwl
Tweet on CALMTHORN, used by Tonto Team
CALMTHORN

2021-02-03 ⋅ Twitter (@James_inthe_box) ⋅ James_inthe_box
Tiwtter thread on Nim rewrite of Bazarloader
BazarNimrod

2021-01-29 ⋅ Twitter (@VK_intel) ⋅ Vitali Kremez
Tweet on analysis of Vovalex ransomware written in DLang
Vovalex

2021-01-26 ⋅ Twitter (@swisscom_csirt) ⋅ Swisscom CSIRT
Tweet on Cring Ransomware groups using customized Mimikatz sample followed by CobaltStrike and dropping Cring rasomware
Cobalt Strike Cring MimiKatz

2021-01-19 ⋅ ⋅ Twitter (@jpcert_ac) ⋅ JPCERT/CC
Tweet on LODEINFO ver 0.47 spotted ITW targeting Japan
LODEINFO

2021-01-11 ⋅ Twitter (@dk_samper) ⋅ Dávid Kosť
Tweet on Initial access of Avaddon Ransomware group from an IR engagement
Avaddon

2021-01-09 ⋅ Github (f0wl) ⋅ Marius Genheimer
ezuri_unpack

2021-01-06 ⋅ Github (SentinelLabs) ⋅ SentinelLabs
SolarWinds_Countermeasures
SUNBURST