Malpedia Library

Click here to download all references as Bib-File.•

2021-02-22 ⋅ YouTube ( Malware_Analyzing_&_RE_Tips_Tricks) ⋅ Jiří Vinopal
Ryuk Ransomware API Resolving in 10 minutes
Ryuk

2021-02-17 ⋅ cyber00011011.github.io ⋅ Cyber_00011011
Understand Shellcode with CyberChef

2021-02-05 ⋅ Twitter (@8th_grey_owl) ⋅ 8thGreyOwl
Tweet on CALMTHORN, used by Tonto Team
CALMTHORN

2021-02-03 ⋅ Twitter (@James_inthe_box) ⋅ James_inthe_box
Tiwtter thread on Nim rewrite of Bazarloader
BazarNimrod

2021-01-29 ⋅ Twitter (@VK_intel) ⋅ Vitali Kremez
Tweet on analysis of Vovalex ransomware written in DLang
Vovalex

2021-01-26 ⋅ Twitter (@swisscom_csirt) ⋅ Swisscom CSIRT
Tweet on Cring Ransomware groups using customized Mimikatz sample followed by CobaltStrike and dropping Cring rasomware
Cobalt Strike Cring MimiKatz

2021-01-19 ⋅ ⋅ Twitter (@jpcert_ac) ⋅ JPCERT/CC
Tweet on LODEINFO ver 0.47 spotted ITW targeting Japan
LODEINFO

2021-01-11 ⋅ Twitter (@dk_samper) ⋅ Dávid Kosť
Tweet on Initial access of Avaddon Ransomware group from an IR engagement
Avaddon

2021-01-09 ⋅ Github (f0wl) ⋅ Marius Genheimer
ezuri_unpack

2021-01-06 ⋅ Github (SentinelLabs) ⋅ SentinelLabs
SolarWinds_Countermeasures
SUNBURST

2021-01-04 ⋅ nao_sec blog ⋅ nao_sec
Royal Road! Re:Dive
8.t Dropper Chinoxy FlowCloud FunnyDream Lookback

2020-12-17 ⋅ Twitter (@megabeets_) ⋅ Itay Cohen
Tweet on SUNBURST malware discussing some of its evasion techniques
SUNBURST

2020-12-10 ⋅ Guardicore ⋅ Omri Marom, Ophir Harpaz
PLEASE_READ_ME: The Opportunistic Ransomware Devastating MySQL Servers

2020-12-09 ⋅ ESET Research ⋅ ESET Research
apt_Windows_TA410_Tendyron_dropper
Tendyron

2020-11-28 ⋅ pat_h/to/file ⋅ pat_h/to/file
Hunting Koadic Pt. 2 - JARM Fingerprinting
Koadic

2020-11-21 ⋅ Medium Intel-Honey ⋅ Twitter (@intel_honey)
Reversing Anubis Malware
Anubis

2020-11-19 ⋅ Twitter (@VK_intel) ⋅ Vitali Kremez
Tweet on Trickbot Group pushing LIGHTBOT powershell script to gather information about AD Server
LightBot

2020-11-17 ⋅ Twitter (@VK_intel) ⋅ Vitali Kremez
Tweet on a new fileless TrickBot loading method using code from MemoryModule
TrickBot

2020-11-16 ⋅ JPCERT/CC ⋅ Shusei Tomonaga
ELF_PLEAD - Linux Malware Used by BlackTech
PLEAD

2020-11-13 ⋅ Youtube (The Standoff) ⋅ Alexey Zakharov, Positive Technologies
FF_202_Eng - From old Higaisa samples to new Winnti backdoors: The story of one research
CROSSWALK Unidentified 076 (Higaisa LNK to Shellcode)