Malpedia Library

2023-08-29 ⋅ Google ⋅ Austin Larsen, John Palmisano, John Wolfram, Mathew Potaczek, Michael Raggi
Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868)
GhostEmperor UNC4841

2023-08-29 ⋅ Aqua Nautilus ⋅ Assaf Morag, Nitzan Yaakov
Kinsing Malware Exploits Novel Openfire Vulnerability
Kinsing

2023-08-29 ⋅ Viuleeenz ⋅ Alessandro Strino
Agent Tesla - Building an effective decryptor
Agent Tesla

2023-08-29 ⋅ Spamhaus ⋅ Spamhaus Team
Qakbot - the takedown and the remediation
QakBot

2023-08-29 ⋅ Aquasec ⋅ Assaf Morag, Nitzan Yaakov
Kinsing Malware Exploits Novel Openfire Vulnerability
Kinsing

2023-08-29 ⋅ KrebsOnSecurity ⋅ Brian Krebs
U.S. Hacks QakBot, Quietly Removes Botnet Infections
QakBot

2023-08-29 ⋅ FBI ⋅ FBI
FBI, Partners Dismantle Qakbot Infrastructure in Multinational Cyber Takedown
QakBot

2023-08-29 ⋅ US Department of Justice ⋅ Department of Justice
Documents and Resources related to the Disruption of the QakBot Malware and Botnet
QakBot

2023-08-29 ⋅ Secureworks ⋅ Counter Threat Unit ResearchTeam
Law Enforcement Takes Down QakBot
QakBot

2023-08-29 ⋅ US Department of Justice ⋅ US Department of Justice
Qakbot Malware Disrupted in International Cyber Takedown
QakBot

2023-08-29 ⋅ The Shadowserver Foundation ⋅ Shadowserver Foundation
Qakbot Botnet Disruption
QakBot

2023-08-28 ⋅ Microsoft ⋅ Kirtar
Defender Experts Chronicles: A Deep Dive into Storm-0867
Storm-0867

2023-08-28 ⋅ Twitter (@MsftSecIntel) ⋅ Microsoft Threat Intelligence
Tweet on AiTM phishing trends
Storm-1295

2023-08-28 ⋅ ⋅ 360 ⋅ 360 Threat Intelligence Center
APT-C-55 (Kimsuky) organization uses Korean domain names for malicious activities

2023-08-28 ⋅ National Coordination Center for Cyber Security
Gamaredon Activity amid Ukraine's Counteroffensive
Pteranodon

2023-08-28 ⋅ Github (cocomelonc) ⋅ cocomelonc
Malware and cryptography 20: encrypt/decrypt payload via Skipjack. Simple C++ example.

2023-08-28 ⋅ Juniper ⋅ Paul Kimayong
DreamBus Botnet Resurfaces, Targets RocketMQ vulnerability
DreamBus

2023-08-28 ⋅ JPCERT/CC ⋅ Kota Kino, Yuma Masubuchi
MalDoc in PDF - Detection bypass by embedding a malicious Word file into a PDF file –

2023-08-28 ⋅ The DFIR Report ⋅ The DFIR Report
HTML Smuggling Leads to Domain Wide Ransomware
Cobalt Strike IcedID Nokoyawa Ransomware

2023-08-26 ⋅ BushidoToken Blog ⋅ BushidoToken
Tracking Adversaries: Scattered Spider, the BlackCat affiliate
BlackLotus POORTRY