Malpedia Library

2022-10-18 ⋅ Logpoint ⋅ Anish Bogati, Nilaa Maharjan
Hunting Lockbit Variation
LockBit

2022-10-17 ⋅ ASEC ⋅ ASEC
Amadey Bot Disguised as a Famous Korean Messenger Program Being Distributed
Amadey

2022-10-17 ⋅ SPUR ⋅ Sean S.
I Don’t Like Big Gateways (and I Cannot Lie) - How IP Reputation Gets Large Gateways Wrong

2022-10-17 ⋅ Kaspersky ⋅ Georgy Kucherin, Kurt Baumgartner
DiceyF deploys GamePlayerFramework in online casino development studio
GamePlayerFramework DiceyF Earth Berberoka

2022-10-17 ⋅ ⋅ Malverse ⋅ greenplan
Stack String Decryption with Ghidra Emulator (Orchard)
Orchard

2022-10-15 ⋅ vmware ⋅ Dana Behling
LockBit 3.0 Ransomware Unlocked
LockBit

2022-10-14 ⋅ Cloudsek ⋅ Aastha Mittal, Anandeshwar Unnikrishnan
Technical Analysis of BlueSky Ransomware
BlueSky

2022-10-14 ⋅ Microsoft ⋅ Microsoft Security Threat Intelligence
New “Prestige” ransomware impacts organizations in Ukraine and Poland
Prestige

2022-10-13 ⋅ Syrion ⋅ Raffaele Sabato
QAKBOT BB Configuration and C2 IPs List
QakBot

2022-10-13 ⋅ Microsoft ⋅ Microsoft Threat Hunting, MSRC Team
Hunting for Cobalt Strike: Mining and plotting for fun and profit
Cobalt Strike

2022-10-13 ⋅ HP ⋅ Patrick Schläpfer
Magniber Ransomware Adopts JavaScript, Targeting Home Users with Fake Software Updates
Magniber

2022-10-13 ⋅ Booz Allen Hamilton ⋅ Booz Allen Hamilton
Same Cloak, More Dagger: Decoding how the People's Republic of China uses Cyberattacks

2022-10-13 ⋅ Blackberry ⋅ The BlackBerry Research & Intelligence Team
BianLian Ransomware Encrypts Files in the Blink of an Eye
BianLian

2022-10-12 ⋅ AhnLab ⋅ ASEC
Analysis on Attack Techniques and Cases Using RDP
CreateHiddenAccount

2022-10-12 ⋅ ThreatFabric ⋅ ThreatFabric
TOAD attacks: Vishing combined with Android banking malware now targeting Italian banks
BRATA Copybara Joker

2022-10-12 ⋅ Trend Micro ⋅ Ian Kenefick, Lucas Silva, Nicole Hernandez
Black Basta Ransomware Gang Infiltrates Networks via QAKBOT, Brute Ratel, and Cobalt Strike
Black Basta Brute Ratel C4 Cobalt Strike QakBot

2022-10-12 ⋅ Netresec ⋅ Erik Hjelmvik
IcedID BackConnect Protocol
IcedID

2022-10-11 ⋅ Medium (@DCSO_CyTec) ⋅ Axel Wauer, Denis Szadkowski, Johann Aydinbas
Tracking down Maggie
Maggie

2022-10-11 ⋅ DeepInstinct ⋅ Deep Instinct Threat Lab
The Russian SpyAgent – a Decade Later and RAT Tools Remain at Risk
TeamSpy

2022-10-11 ⋅ BleepingComputer ⋅ Bill Toulas
Hacking group POLONIUM uses ‘Creepy’ malware against Israel
DeepCreep MegaCreep Unidentified 097 (Polonium Keylogger)