Malpedia Library

Click here to download all references as Bib-File.•

2021-09-24 ⋅ Twitter (@inversecos) ⋅ inversecos
A thread on TTPs of Prometheus Ransomware attacks
Prometheus

2021-09-20 ⋅ Twitter (@ESETresearch) ⋅ ESET Research
Tweet on Dark.IoT Botnet exploiting critical Azure vulnerability CVE-2021-38647 #OMIGOD
Dark

2021-09-16 ⋅ Twitter (@GossiTheDog) ⋅ Kevin Beaumont
Tweet on some unknown threat actor dropping Mgbot, custom IIS modular backdoor and cobalstrike using exploiting ProxyShell
Cobalt Strike MgBot

2021-09-15 ⋅ Twitter (@ReBensk) ⋅ Re-ind
Original Tweet on this unidentified Android banking malware targeting South Korea
Unidentified APK 006

2021-09-14 ⋅ Twitter (@siri_urz) ⋅ S!Ri
Tweet on ATOMSILO ransomware
ATOMSILO

2021-09-13 ⋅ Twitter (@GoSecure_Inc) ⋅ GoSecure
Tweet on BlueStealer
BluStealer

2021-09-09 ⋅ Twitter(@michalmalik) ⋅ Michal Malík
Tweet on HabitsRAT for Linux
HabitsRAT

2021-09-03 ⋅ Twitter (@ESETresearch) ⋅ ESET Research
Twitter thread on SPARKLOG, a launcher component for PRIVATELOG along with STASHLOG
PRIVATELOG STASHLOG

2021-09-02 ⋅ Twitter (@th3_protoCOL) ⋅ Colin, GaborSzappanos
Tweet on Confluence Server exploitation (CVE-2021-26084) in the wild and cobaltsrike activity (mentioned in replies by GaborSzappanos)
Cobalt Strike

2021-08-30 ⋅ Twitter (@Arkbird_SOLG) ⋅ Arkbird
Tweet on MercurialGrabber
MercurialGrabber

2021-08-26 ⋅ Twitter (@ViriBack) ⋅ Dee
Tweet on Vulturi Stealer and it's c2 panel
Vulturi

2021-08-25 ⋅ Twitter (@malwrhunterteam) ⋅ MalwareHunterTeam
Tweet on Hydra-variant with Dutch ransom note
Nitro

2021-08-22 ⋅ Twitter (@ViriBack) ⋅ ViriBack
Tweet on Colibri Loader and Vertex malware

2021-08-20 ⋅ Twitter (@VirITeXplorer) ⋅ TG Soft
Tweet about LockFile attacks in Italy
LockFile

2021-08-12 ⋅ Twitter (@r3c0nst) ⋅ Frank Boldewin
Tweet on StealBit malware as used by LockBit 2.0
StealBit

2021-08-05 ⋅ Twitter (@VK_intel) ⋅ Vitali Kremez
Tweet on Linux variant of BlackMatter
BlackMatter

2021-08-05 ⋅ Twitter (@AltShiftPrtScn) ⋅ Peter Mackenzie
Tweet on Conti ransomware affiliates using AnyDesk, Atera, Splashtop, Remote Utilities and ScreenConnect to maintain network access
Conti

2021-08-05 ⋅ Twitter (@AltShiftPrtScn) ⋅ Peter Mackenzie
Tweet on Lorenz ransomware tricking user into allowing OAuth permissions to "Thunderbird with ExQuilla" for O365
Lorenz

2021-08-05 ⋅ ⋅ Twitter (@BaoshengbinCumt) ⋅ 2ero
Attacks on NCGSA, MOITT, MOD, NSCP and SCO in Pakistan
NetWire RC

2021-08-03 ⋅ Twitter (@sysopfb) ⋅ Jason Reaves
Tweet on python script to decode the blob from Blackmatter ransomware
DarkSide