Malpedia Library

Click here to download all references as Bib-File.•

2020-02-22 ⋅ Comae ⋅ Matt Suiche
Active Email Campaign Identified With Malicious Excel Files

2020-02-10 ⋅ Bit of Hex Blog ⋅ Matt
Suspected Sapphire Mushroom (APT-C-12) malicious LNK files
Unidentified PS 001 APT-C-12

2020-02-02 ⋅ uf0 Blog ⋅ Matteo Malvica
Uncovering Mimikatz ‘msv’ and collecting credentials through PyKD
MimiKatz

2020-01-26 ⋅ Brown Farinholt, Damon McCoy, Kirill Levchenko, Mohammad Rezaeirad
Dark Matter: Uncovering the DarkComet RAT Ecosystem
DarkComet

2020-01-14 ⋅ FireEye ⋅ Matt Bromiley, Nick Carr
Rough Patch: I Promise It'll Be 200 OK (Citrix ADC CVE-2019-19781)
NOTROBIN

2019-12-11 ⋅ Cybereason ⋅ Assaf Dahan, Eli Salem, Lior Rochberger, Mary Zhao, Matt Hart, Niv Yona, Omer Yampel
Dropping Anchor: From a TrickBot Infection to the Discovery of the Anchor Malware
Anchor WIZARD SPIDER

2019-10-17 ⋅ ESET Research ⋅ Mathieu Tartare, Matthieu Faou, Thomas Dupuy
OPERATION GHOST The Dukes aren’t back — they never left
FatDuke

2019-10-16 ⋅ Proofpoint ⋅ Axel F, Dennis Schwarz, Kafeine, Matthew Mesa, Proofpoint Threat Insight Team
TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader
Get2 SDBbot TA505

2019-10-02 ⋅ Certego ⋅ Marco Bompani, Matteo Lodi
Malware Tales: FTCODE
FTCODE

2019-09-02 ⋅ Volexity ⋅ Andrew Case, Matthew Meltzer, Steven Adair
Digital Crackdown: Large-Scale Surveillance and Exploitation of Uyghurs
scanbox POISON CARP

2019-08-19 ⋅ FireEye ⋅ Alex Pennino, Matt Bromiley
GAME OVER: Detecting and Stopping an APT41 Operation
ACEHASH CHINACHOPPER HIGHNOON

2019-07-18 ⋅ FireEye ⋅ Jessica Rocchio, Matt Bromiley, Nick Schroeder, Noah Klapprodt
Hard Pass: Declining APT34’s Invite to Join Their Professional Network
LONGWATCH PICKPOCKET TONEDEAF VALUEVAULT

2019-07-02 ⋅ Proofpoint ⋅ Dennis Schwarz, Matthew Mesa, Proofpoint Threat Insight Team
TA505 begins summer campaigns with a new pet malware downloader, AndroMut, in the UAE, South Korea, Singapore, and the United States
AndroMut FlawedAmmyy

2019-06-14 ⋅ Certego ⋅ Matteo Lodi
Malware Tales: Sodinokibi
REvil

2019-05-29 ⋅ ESET Research ⋅ Matthieu Faou, Romain Dumont
A dive into Turla PowerShell usage
PowerShellRunner TurlaRPC

2019-05-07 ⋅ ESET Research ⋅ Matthieu Faou
Turla LightNeuron: An email too far
LightNeuron

2019-05-01 ⋅ ESET Research ⋅ Matthieu Faou
TURLA LIGHTNEURON: One email away from remote code execution
LightNeuron

2019-04-30 ⋅ Cisco Talos ⋅ Colin Grady, Jaeson Schultz, Matt Valites, Pierre Cadieux
Sodinokibi ransomware exploits WebLogic Server vulnerability
REvil

2019-04-17 ⋅ Cisco Talos ⋅ Danny Adamitis, David Maynor, Matthew Olney, Paul Rascagnères, Warren Mercer
DNS Hijacking Abuses Trust In Core Internet Service
Sea Turtle

2019-02-20 ⋅ Cisco Talos ⋅ Edmund Brumaghin, Matthew Molyett, Nick Biasini
Combing Through Brushaloader Amid Massive Detection Uptick
BrushaLoader