Malpedia Library

2025-01-30 ⋅ ⋅ Intrinsec ⋅ CTI Intrinsec
Telegram Stories: voice spoofers, tools and operating modes

2025-01-29 ⋅ SecurityScorecard ⋅ SecurityScorecard STRIKE Team
Operation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign
BeaverTail InvisibleFerret

2025-01-29 ⋅ Socket ⋅ Kirill Boychenko, Peter van der Zee
North Korean APT Lazarus Targets Developers with Malicious npm Package
BeaverTail InvisibleFerret

2025-01-29 ⋅ Google ⋅ Conor Quigley, Luke Jenkins, Nino Isakovic
ScatterBrain: Unmasking the Shadow of PoisonPlug's Obfuscator
POISONPLUG ShadowPad SNAPPYBEE

2025-01-28 ⋅ Group-IB ⋅ Nikolay Kichatov, Pietro Albuquerque, Sharmine Low
Cat’s out of the bag: Lynx Ransomware-as-a-Service
Lynx

2025-01-28 ⋅ Twitter (@anyrun_app) ⋅ ANY.RUN
Tweet on Linux version of SystemBC
SystemBC

2025-01-28 ⋅ Hunt.io ⋅ Hunt.io
SparkRAT: Server Detection, macOS Activity, and Malicious Connections
SparkRAT

2025-01-27 ⋅ The DFIR Report ⋅ MittenSec, MyDFIR, r3nzsec
Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware
GhostSocks LockBit SystemBC

2025-01-27 ⋅ SecurityScorecard ⋅ STRIKE Team
Operation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign

2025-01-27 ⋅ Youtube (MalwareAnalysisForHedgehogs) ⋅ Karsten Hahn
Malware Analysis - Binary Refinery URL extraction of Multi-Layered PoshLoader for LummaStealer
Lumma Stealer

2025-01-26 ⋅ ⋅ Youtube (greenplan) ⋅ greenplan
[BINARY REFINERY] (Emmenhtal) - Deobfuscation stage JavaScript and PowerShell
Emmenhtal

2025-01-25 ⋅ Sophos ⋅ Anthony Bradshaw, Colin Cowie, Daniel Souter, Hunter Neal, Mark Parsons, Sean Baird, Sean Gallagher
Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing”
ReedBed STAC5143 UNC4393

2025-01-24 ⋅ Intrinsec ⋅ CTI Intrinsec
"Premium panel": phishing tool used in longstanding campaigns worldwide

2025-01-23 ⋅ Github (PaloAltoNetworks) ⋅ Brad Duncan
Cluster of Infrastructure likely used by Affiliate of Dark Scorpius (Black Basta)
ReedBed

2025-01-23 ⋅ Netskope ⋅ Leandro Froes
Lumma Stealer: Fake CAPTCHAs & New Techniques to Evade Detection
Lumma Stealer

2025-01-23 ⋅ Hunt.io ⋅ Hunt.io
Mapping Suspected KEYPLUG Infrastructure: TLS Certificates, GhostWolf, and RedGolf/APT41 Activity
KEYPLUG

2025-01-23 ⋅ AhnLab ⋅ ASEC
RID Hijacking Technique Utilized by Andariel Attack Group
CreateHiddenAccount JuicyPotato

2025-01-23 ⋅ Lumen ⋅ Black Lotus Labs
The J-Magic Show: Magic Packets and Where to find them
J-Magic SEASPY

2025-01-23 ⋅ ThreatMon ⋅ Aziz Kaplan, ThreatMon, ThreatMon Malware Research Team
Helldown Ransomware Malware Analysis Report
HellDown

2025-01-22 ⋅ Vertex ⋅ Savage
Categorizing Software with Code Families
WarmCookie