Malpedia Library

2021-07-14 ⋅ Medium s2wlab ⋅ Jaeki Kim
Matryoshka : Variant of ROKRAT, APT37 (Scarcruft)
RokRAT

2021-07-13 ⋅ Medium CyCraft ⋅ CyCraft Technology Corp
Prometheus Ransomware Decryptor
Prometheus

2021-07-08 ⋅ Medium s2wlab ⋅ Sojun Ryu
Analysis of Lazarus malware abusing Non-ActiveX Module in South Korea
Racket Downloader

2021-07-08 ⋅ Medium walmartglobaltech ⋅ Harold Ogden, Jason Reaves
Amadey stealer plugin adds Mikrotik and Outlook harvesting
Amadey

2021-07-07 ⋅ Medium s2wlab ⋅ Seunghoe Kim
Deep analysis of KPOT Stealer
KPOT Stealer

2021-07-06 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Joshua Platt
TA505 adds GoLang crypter for delivering miners and ServHelper
ServHelper

2021-07-03 ⋅ Medium AK1001 ⋅ AK1001
Analyzing Cobalt Strike PowerShell Payload
Cobalt Strike

2021-07-03 ⋅ Medium Doublepulsar ⋅ Kevin Beaumont
Kaseya supply chain attack delivers mass ransomware event to US companies
REvil

2021-06-29 ⋅ Medium hidocohen ⋅ Hido Cohen
GuLoader’s Anti-Analysis Techniques
CloudEyE

2021-06-29 ⋅ Medium MITRE-Engenuity ⋅ Jon Baker, Nicholas Amon
Security Control Mappings: A Starting Point for Threat-Informed Defense

2021-06-23 ⋅ ⋅ Medium s2wlab ⋅ Sojun Ryu
Deep analysis of REvil Ransomware
REvil

2021-06-21 ⋅ Medium gabrielcurrie ⋅ Gabriel Currie
Ready for (nearly) anything: Five things to prepare for a cyber security incident

2021-06-21 ⋅ Medium elis531989 ⋅ Eli Salem
Dissecting and automating Hancitor’s config extraction
Hancitor

2021-06-16 ⋅ Medium BI.ZONE ⋅ Anton Medvedev, Vadim Khrykov
Hunting Down MS Exchange Attacks. Part 2 (CVE-2020–0688, CVE-2020–16875, CVE-2021–24085)

2021-06-08 ⋅ Medium BI.ZONE ⋅ Maxim Suhanov
Measured Boot and Malware Signatures: exploring two vulnerabilities found in the Windows loader

2021-06-07 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Joshua Platt
Inside the SystemBC Malware-As-A-Service
Ryuk SystemBC TrickBot

2021-06-03 ⋅ Medium s2wlab ⋅ Denise Dasom Kim, Hyunmin Suh, Jungyeon Lim, YH Jeong
W1 Jun | EN | Story of the week: Ransomware on the Darkweb
DarkSide Babuk DarkSide

2021-06-02 ⋅ Medium CyCraft ⋅ CyCraft Technology Corp
China-Linked Threat Group Targets Taiwan Critical Infrastructure, Smokescreen Ransomware
Cobalt Strike ColdLock

2021-06-01 ⋅ Medium mergene ⋅ Mehmet Ergene
Detecting Initial Access: HTML Smuggling and ISO Images — Part 2

2021-06-01 ⋅ Medium mergene ⋅ Mehmet Ergene
Detecting Initial Access: HTML Smuggling and ISO Images — Part 1