Malpedia Library

Click here to download all references as Bib-File.•

2021-11-19 ⋅ ⋅ 360 Threat Intelligence Center ⋅ advanced threat research institute
It is suspected that the APT-C-55 organization used the commercial software Web Browser Password Viewer to carry out the attack

2021-11-19 ⋅ Twitter (@knight0x07) ⋅ neeraj
Tweet on Exmatter, custom data exfiltration tool, used by Blackmatter ransomware group
ExMatter

2021-11-19 ⋅ insomniacs(Medium) ⋅ Asuna Amawaka
It’s a BEE! It’s a… no, it’s ShadowPad.
ShadowPad

2021-11-19 ⋅ IronNet ⋅ Morgan Demboski
Is a coordinated cyberattack brewing in the escalating Russian-Ukrainian conflict?

2021-11-19 ⋅ Trend Micro ⋅ Abdelrhman Sharshar, Mohamed Fahmy, Sherif Magdy
Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains
Cobalt Strike QakBot Squirrelwaffle

2021-11-19 ⋅ LAC WATCH ⋅ LAC WATCH
Malware Emotet resumes its activities for the first time in 10 months, and Japan is also the target of the attack
Emotet

2021-11-18 ⋅ Cisco ⋅ Josh Pyorre
BlackMatter, LockBit, and THOR
BlackMatter LockBit PlugX

2021-11-18 ⋅ SophosLabs Uncut ⋅ Sean Gallagher
New ransomware actor uses password protected archives to bypass encryption protection

2021-11-18 ⋅ Blackberry ⋅ The BlackBerry Research & Intelligence Team
Threat Thursday: DanaBot’s Evolution from Bank Fraud to DDos Attacks
DanaBot

2021-11-18 ⋅ Venafi ⋅ Venafi
APT41 Perfects Code Signing Abuse to Escalate Supply Chain Attacks

2021-11-18 ⋅ Group-IB ⋅ Ivan Pisarev
The awakening: Group-IB uncovers new corporate espionage attacks by RedCurl

2021-11-18 ⋅ Sophos ⋅ Elida Leite, Ferenc László Nagy, Gabor Szappanos, Harinder Bhathal, Kyle Link, Nirav Parekh, Rahul Dugar, Ratul Ghosh, Robert Weiland, Sean Gallagher, Sergio Bestuilic, Vikas Singh
New ransomware actor uses password-protected archives to bypass encryption protection

2021-11-18 ⋅ U.S. Department of the Treasury ⋅ U.S. Department of the Treasury
Treasury Sanctions Iran Cyber Actors for Attempting to Influence the 2020 U.S. Presidential Election

2021-11-18 ⋅ eSentire ⋅ eSentire
Emotet Activity Identified
Emotet

2021-11-17 ⋅ Black Hills Information Security ⋅ Kyle Avery
DNS Over HTTPS for Cobalt Strike
Cobalt Strike

2021-11-17 ⋅ Infoblox ⋅ Gaetano Pellegrino
Deep Analysis of a Recent Lokibot Attack
Loki Password Stealer (PWS)

2021-11-17 ⋅ CISA ⋅ Australian Cyber Security Centre (ACSC), CISA, FBI, NCSC UK
Alert (AA21-321A): Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities

2021-11-17 ⋅ MalwareTech ⋅ Marcus Hutchins
An in-depth look at hacking back, active defense, and cyber letters of marque

2021-11-17 ⋅ Mandiant ⋅ Joshua Goddard
ProxyNoShell: A Change in Tactics Exploiting ProxyShell Vulnerabilities

2021-11-17 ⋅ RiskIQ ⋅ Jennifer Grob
Aggah Campaign Replaces Crypto Currency Addresses with Their Own