Malpedia Library

Click here to download all references as Bib-File.•

2021-11-19 ⋅ Twitter (@knight0x07) ⋅ neeraj
Tweet on Exmatter, custom data exfiltration tool, used by Blackmatter ransomware group
ExMatter

2021-11-18 ⋅ Twitter (@tccontre18) ⋅ Br3akp0int
Tweet on how to decrypt 4 layers of encryption & obfuscation of vjw0rm
Vjw0rm

2021-11-17 ⋅ Twitter (@Unit42_Intel) ⋅ Unit 42
Tweet on Matanbuchus Loader used to deliver Qakbot (tag obama128b) and follow-up CobaltStrike
Cobalt Strike QakBot

2021-11-16 ⋅ Twitter (@_CPResearch_) ⋅ Check Point Research
Tweet on 32bit version of CVE-2021-1732 exploited by BITTER group

2021-11-16 ⋅ Twitter (@_icebre4ker_) ⋅ Fr4
Tweet about Aberebot source code put up for sale by the developer
Aberebot

2021-11-16 ⋅ Twitter (@kienbigmummy) ⋅ m4n0w4r
Tweet on short analysis of QakBot
QakBot

2021-11-14 ⋅ Twitter (@f0wlsec) ⋅ Marius Genheimer
A static config extractor for the main component of DanaBot
DanaBot

2021-11-12 ⋅ Twitter (@3xp0rtblog) ⋅ 3xp0rt
Tweets on DarkLoader
DarkLoader

2021-11-12 ⋅ Twitter (@Arkbird_SOLG) ⋅ Arkbird
Tweets on Void Balaur using QuantLoader and ZStealer
QuantLoader ZStealer

2021-11-11 ⋅ Twitter (@aRtAGGI) ⋅ Michael Raggi
Tweet on APT31 using compromised PakEdge Rk1&RE2 router IPs as exit nodes in reconnaissance phishing campaigns

2021-11-10 ⋅ Twitter (@ESETresearch) ⋅ ESET Research
Tweet on a discovery of a trojanized IDA Pro installer, distributed by the LABYRINTH CHOLLIMA group.

2021-11-10 ⋅ Twitter (@billyleonard) ⋅ Billy Leonard, Google Threat Analysis Group
Tweet on Rekoobe (used by APT31), being a fork of open source tool called Tiny SHell, used by different actor since at least 2012
Rekoobe

2021-11-09 ⋅ Twitter (@AvastThreatLabs)
Tweet by Avast on a new Android Banker they call MasterFred
MasterFred

2021-11-05 ⋅ Twitter (@Unit42_Intel) ⋅ Unit 42
Tweet on TA551 (Shathak) BazarLoader infection with CobaltStrike and DarkVNC drops
BazarBackdoor Cobalt Strike

2021-11-05 ⋅ Twitter (@inversecos) ⋅ inversecos
TTPs used by Pysa Ransonmware group
Mespinoza MimiKatz

2021-11-03 ⋅ Twitter (@Corvid_Cyber) ⋅ CORVID
Tweet on a unique Qbot debugger dropped by an actor after compromise
QakBot

2021-11-02 ⋅ Twitter (@malwrhunterteam) ⋅ malwrhunterteam
Tweet on linux version of Hive Ransomware group's command to shut down ESXI VMs
Hive

2021-10-29 ⋅ Twitter (@ESETresearch) ⋅ ESET Research
Tweet on FreeBSD and LInux version of Hive ransomware
Hive

2021-10-28 ⋅ Twitter (@BrettCallow) ⋅ Brett Callow
Tweet on suspected actor behind Payorgrief ransomware
DoppelDridex DoppelPaymer

2021-10-27 ⋅ Twitter (@darienhuss) ⋅ Darien Huss
Tweet on FinickyFrogfish/Wslink malware used by TA444
Wslink