Malpedia Library

Click here to download all references as Bib-File.•

2022-12-02 ⋅ CrowdStrike ⋅ Tim Parisi
Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies

2022-12-02 ⋅ Palo Alto Networks Unit 42 ⋅ Bob Jung, Dominik Reichel, Esmid Idrizovic
Blowing Cobalt Strike Out of the Water With Memory Analysis
Cobalt Strike

2022-12-02 ⋅ K7 Security ⋅ Rahul R
KoiVM Loader Resurfaces With a Bang
KoiVM

2022-12-02 ⋅ Github (binref) ⋅ Jesko Hüttenhain
The Refinery Files 0x06: Qakbot Decoder
QakBot

2022-12-01 ⋅ SentinelOne ⋅ Aleksandar Milenkoski
The Mystery of Metador | Unpicking Mafalda’s Anti-Analysis Techniques
Metador

2022-12-01 ⋅ ⋅ Kaspersky ⋅ Fyodor Sinitsyn, Yanis Zinchenko
Новый троянец CryWiper прикидывается шифровальщиком

2022-12-01 ⋅ splunk ⋅ Splunk Threat Research Team
From Macros to No Macros: Continuous Malware Improvements by QakBot
QakBot

2022-12-01 ⋅ Zscaler ⋅ Zscaler
Back in Black... Basta - Technical Analysis of BlackBasta Ransomware 2.0
Black Basta

2022-11-30 ⋅ ⋅ Qianxin Threat Intelligence Center ⋅ Red Raindrop Team
Analysis of APT29's attack activities against Italy
Unidentified 098 (APT29 Slack Downloader)

2022-11-30 ⋅ Sophos ⋅ Andrew Brandt
LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling
LockBit

2022-11-30 ⋅ Tidal Cyber Inc. ⋅ Scott Small
Identifying and Defending Against QakBot's Evolving TTPs
QakBot

2022-11-30 ⋅ BitSight ⋅ André Tavares
Unpacking Colibri Loader: A Russian APT linked Campaign
Colibri Loader PrivateLoader

2022-11-30 ⋅ ESET Research ⋅ Filip Jurčacko
Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin

2022-11-29 ⋅ Mandiant ⋅ Doug Bienstock, Luke Jenkins, Parnian Najafi, Sarah Hawley
Suspected Russian Activity Targeting Government and Business Entities Around the Globe
CEELOADER CryptBot

2022-11-29 ⋅ Recorded Future ⋅ Insikt Group
Suspected Iran-Nexus TAG-56 Uses UAE Forum Lure for Credential Theft Against US Think Tank
TAG-56

2022-11-29 ⋅ ⋅ Qianxin ⋅ Red Raindrop Team
Job hunting trap: Analysis of Lazarus attack activities using recruitment information such as Mizuho Bank of Japan as bait
CageyChameleon Cur1Downloader

2022-11-29 ⋅ IBM X-Force Exchange ⋅ IBM IRIS
CargoBay BlackHat Backdoor Analysis Report (IRIS-14738)
CargoBay

2022-11-29 ⋅ Recorded Future ⋅ Recorded Future
Suspected Iran-Nexus TAG-56 Uses UAE Forum Lure for Credential Theft Against US Think Tank

2022-11-28 ⋅ Mandiant ⋅ Geoff Ackerman, John Wolfram, Ryan Tomcik, Tommy Dacanay
Always Another Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia
BLUEHAZE DARKDEW MISTCLOAK UNC4191

2022-11-28 ⋅ The DFIR Report ⋅ The DFIR Report
Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware
Emotet Mount Locker