Malpedia Library

Click here to download all references as Bib-File.•

2023-04-11 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia
Carmine Tsunami

2023-04-11 ⋅ Microsoft ⋅ Microsoft Incident Response
Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign
BlackLotus

2023-04-11 ⋅ Twitter (@Unit42_Intel) ⋅ Unit42
Tweet on change of IcedID backconnect traffic port from 8080 to 443
IcedID

2023-04-11 ⋅ SEC Consult ⋅ Angelo Violetti
BumbleBee hunting with a Velociraptor
BumbleBee

2023-04-10 ⋅ Twitter (@embee_research) ⋅ Matthew
Redline Stealer - Static Analysis and C2 Extraction
Amadey RedLine Stealer

2023-04-10 ⋅ Sequretek ⋅ Sequretek
Kutaki Stealer - Analysis
Kutaki

2023-04-10 ⋅ Check Point ⋅ Check Point
March 2023’s Most Wanted Malware: New Emotet Campaign Bypasses Microsoft Blocks to Distribute Malicious OneNote Files
Agent Tesla CloudEyE Emotet Formbook Nanocore RAT NjRAT QakBot Remcos Tofsee

2023-04-09 ⋅ LianSecurity ⋅ LianSecurity
Nexus Android Trojan Analysis Report
Nexus S.O.V.A.

2023-04-09 ⋅ @0xToxin
LummaC2 BreakDown
Lumma Stealer

2023-04-08 ⋅ Twitter (@embee_research) ⋅ Embee_research
Dcrat - Manual De-obfuscation of .NET Malware
DCRat

2023-04-08 ⋅ Team Cymru ⋅ Scott Fisher
Deriving Insight from Threat Actor Infrastructure
Raccoon

2023-04-08 ⋅ cocomelonc ⋅ cocomelonc
Malware AV/VM evasion - part 15: WinAPI GetModuleHandle implementation. Simple C++ example.

2023-04-08 ⋅ kienmanowar Blog ⋅ m4n0w4r, Tran Trung Kien
[QuickNote] Uncovering Suspected Malware Distributed By Individuals from Vietnam
AsyncRAT DCRat WorldWind

2023-04-07 ⋅ Elastic ⋅ Salim Bitam
Attack chain leads to XWORM and AGENTTESLA
Agent Tesla XWorm

2023-04-07 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
MERCURY and DEV-1084: Destructive attack on hybrid environment
DarkBit Storm-1084

2023-04-06 ⋅ OALabs ⋅ Sergei Frankoff
PhotoLoader ICEDID
PhotoLoader

2023-04-06 ⋅ Spamhaus ⋅ Raashid Bhat
Neutralizing Tofsee Spambot – Part 3 | Network-based kill switch
Tofsee

2023-04-06 ⋅ Spamhaus ⋅ Raashid Bhat
Neutralizing Tofsee Spambot – Part 2 | InMemoryConfig store vaccine
Tofsee

2023-04-06 ⋅ Spamhaus ⋅ Raashid Bhat
Neutralizing Tofsee Spambot – Part 1 | Binary file vaccine
Tofsee

2023-04-05 ⋅ Google ⋅ Adam Weidemann, Google Threat Analysis Group
How we’re protecting users from government-backed attacks from North Korea
BabyShark