Malpedia Library

Click here to download all references as Bib-File.•

2025-04-03 ⋅ SOC Prime ⋅ Veronika Telychko
UAC-0219 Attack Detection: A New Cyber-Espionage Campaign Using a PowerShell Stealer WRECKSTEEL
WRECKSTEEL

2025-04-03 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
Threat actors leverage tax season to deploy tax-themed phishing campaigns
Brute Ratel C4 CloudEyE Latrodectus Remcos Storm-0249

2025-04-03 ⋅ Mandiant ⋅ Jacob Thompson, John Wolfram, Josh Murchie, Matt Lin, Michael Edie
Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457)
SPAWNSNARE

2025-04-03 ⋅ ThreatMon ⋅ Aziz Kaplan, ThreatMon, ThreatMon Malware Research Team
Ransomhub Group & New Betruger Backdoor Technical Malware Analysis Report

2025-04-02 ⋅ cocomelonc ⋅ cocomelonc
Malware and cryptography 40 - encrypt/decrypt payload via RC5. Simple Nim example.

2025-04-02 ⋅ ASEC ⋅ ASEC
BeaverTail and Tropidoor Malware Distributed via Recruitment Emails
BeaverTail

2025-04-02 ⋅ ANALYST1 ⋅ analyst1
Inside BlackBasta: Actor Profiles, Extortion Tactics & Finances
Black Basta Black Basta

2025-04-02 ⋅ BushidoToken ⋅ BushidoToken
Tracking Adversaries: EvilCorp, the RansomHub affiliate
RansomHub

2025-04-02 ⋅ Intel 471 ⋅ Intel 471
An in-depth look at Black Basta's TTPs
Black Basta Black Basta

2025-04-01 ⋅ Hunt.io ⋅ Hunt.io
Same Russian-Speaking Threat Actor, New Tactics: Abuse of Cloudflare Services for Phishing and Telegram to Filter Victim IPs
Pyramid

2025-04-01 ⋅ ⋅ Cert-UA ⋅ Cert-UA
UAC-0219: Cyber espionage using PowerShell stealer WRECKSTEEL (CERT-UA#14283)
WRECKSTEEL UAC-0219

2025-04-01 ⋅ ANY.RUN ⋅ Adhikara
Salvador Stealer: New Android Malware That Phishes Banking Details & OTPs
Salvador Stealer

2025-04-01 ⋅ ZW01f ⋅ Mohamed Ezat
Auto-color - Linux backdoor
Auto-Color

2025-03-31 ⋅ Seqrite ⋅ Mahua Chakrabarthy, Sanjay Katkar, Subhajeet Singha
Operation HollowQuill: Malware delivered into Russian R&D Networks via Research Decoy PDFs
Cobalt Strike HollowQuill

2025-03-31 ⋅ rexorvc0 ⋅ Aaron Jornet, vc0RExor
DarkCloud Stealer
DarkCloud Stealer

2025-03-31 ⋅ Aikido ⋅ Charlie Eriksen
Malware hiding in plain sight: Spying on North Korean Hackers
BeaverTail

2025-03-31 ⋅ Wiz.io ⋅ Avigayil Mechtinger, Gili Tikochinski, Yaara Shriki
CPU_HU: Fileless cryptominer targeting exposed PostgreSQL with over 1.5K victims
JINX-0126

2025-03-31 ⋅ VirusTotal
48157c03bf9731926f9567fe1fabc807bff166241f8d6c27e6308dde68112669
Supper

2025-03-31 ⋅ Trend Micro ⋅ Lenart Bermejo, Ted Lee, Theo Chen
The Espionage Toolkit of Earth Alux: A Closer Look at its Advanced Techniques
Godzilla Webshell Cobalt Strike RAILSETTER Earth Alux

2025-03-31 ⋅ Zscaler ⋅ Muhammed Irfan V A
Analyzing New HijackLoader Evasion Tactics
HijackLoader