Malpedia Library

Click here to download all references as Bib-File.•

2021-05-14 ⋅ CISA ⋅ US-CERT
Analysis Report (AR21-134A): Eviction Guidance for Networks Affected by the SolarWinds and Active Directory/M365 Compromise
SUNBURST

2021-05-11 ⋅ CISA ⋅ US-CERT
Alert (AA21-131A) DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks
DarkSide

2021-05-07 ⋅ Cisco Talos ⋅ Andrew Windsor, Caitlin Huey, Edmund Brumaghin
Lemon Duck spreads its wings: Actors target Microsoft Exchange servers, incorporate new TTPs
CHINACHOPPER Cobalt Strike Lemon Duck

2021-05-07 ⋅ GCHQ ⋅ CISA, FBI, NCSC UK, NSA
Further TTPs associated with SVR cyber actors: Use of multiple publicly available exploits and Sliver framework to target organisations globally

2021-05-06 ⋅ CISA ⋅ CISA
MAR-10324784-1.v1: FiveHands Ransomware
FiveHands

2021-05-06 ⋅ CISA ⋅ CISA
Analysis Report: FiveHands Ransomware
FiveHands

2021-04-29 ⋅ CISA ⋅ CISA
CISA Identifies SUPERNOVA Malware During Incident Response
SUPERNOVA BRONZE SPIRAL

2021-04-26 ⋅ CISA ⋅ CISA, Department of Homeland Security, FBI
Russian Foreign Intelligence Service (SVR)Cyber Operations: Trends and Best Practices for Network Defenders
elf.wellmess WellMess

2021-04-22 ⋅ Github (@cecio) ⋅ @red5heep
EMOTET: a State-Machine reversing exercise
Emotet

2021-04-22 ⋅ CISA ⋅ US-CERT
AR21-112A: CISA Identifies SUPERNOVA Malware During Incident Response
SUPERNOVA

2021-04-21 ⋅ splunk ⋅ Bill Wright, Dave Herrald, James Brodsky, John Stoner, Kelly Huang, Marcus LaFerrerra, Michael Natkin, Mick Baccio, Ryan Kovar, Shannon Davis, Tamara Chacon
Monitoring Pulse Connect Secure With Splunk (CISA Emergency Directive 21-03)

2021-04-20 ⋅ CISA ⋅ US-CERT
Alert (AA21-110A): Exploitation of Pulse Connect Secure Vulnerabilities

2021-04-15 ⋅ CISA ⋅ US-CERT
Malware Analysis Report (AR21-105A): SUNSHUTTLE
GoldMax

2021-04-15 ⋅ CISA, FBI, NSA
Russian SVR Targets U.S. and Allied Networks

2021-04-12 ⋅ CISA ⋅ US-CERT
Analysis Report (AR21-102B): DearCry Ransomware
dearcry

2021-04-06 ⋅ Github (FrenchCisco) ⋅ FrenchCisco
Github Repository: RATel
RATel

2021-04-06 ⋅ CISA ⋅ US-CERT
Malicious Cyber Activity Targeting Critical SAP Applications

2021-04-02 ⋅ CISA, FBI
Joint CSA AA21-092A: APT Actors Exploit Vulnerabilitiesto Gain Initial Access for Future Attacks

2021-04-01 ⋅ CISA ⋅ US-CERT
Defending Against Software Supply Chain Attacks

2021-03-24 ⋅ Cisco ⋅ Caitlin Huey, David Liebenberg
Quarterly Report: Incident Response trends from Winter 2020-21
Egregor REvil WastedLocker