Malpedia Library

Click here to download all references as Bib-File.•

2021-07-21 ⋅ Twitter (@billyleonard) ⋅ Billy Leonard
Tweet on APT31 using a router implant.
SoWaT

2021-07-21 ⋅ Twitter (@AltShiftPrtScn) ⋅ Peter Mackenzie
Tweet on Conti ransomware actor installing AnyDesk for remote access in victim environment
Conti

2021-07-20 ⋅ Twitter (@alexanderjaeger) ⋅ alexander jaeger
Tweet on timesketch timeline for Pegasus related activities
Chrysaor

2021-07-18 ⋅ Twitter (@billmarczak) ⋅ Bill Marczak
Twitter thread with a couple of interesting bits from AmnestyTech's new report on Pegasus
Chrysaor

2021-07-17 ⋅ Twitter (@_icebre4ker_) ⋅ _icebre4ker_
Tweet: new version of Teabot targeting also Portugal banks
Anatsa

2021-07-16 ⋅ Twitter (@benkow_) ⋅ Benoît Ancel
Tweet on DeepRAT
DeepRAT

2021-07-16 ⋅ Twitter (@alex_lanstein) ⋅ Alex Lanstein
Tweet on attacks from UNC2652/NOBELIUM

2021-07-16 ⋅ Twitter (@MBThreatIntel) ⋅ Malwarebytes Threat Intelligence
Tweet on Magecart skimmer using steganography
magecart

2021-07-15 ⋅ Twitter (@hypen1117) ⋅ Hypen
Vidar Stealer C&C Server List
Vidar

2021-07-15 ⋅ Twitter (@AffableKraut) ⋅ Eric Brandel
Tweet on another digital skimmer/magecart script from the "q-logger" threat actor
magecart

2021-07-15 ⋅ Twitter (@ESETresearch) ⋅ ESET Research
Tweet on FreeBSD targeted with Golang backdoor

2021-07-09 ⋅ Twitter (@SophosLabs) ⋅ SophosLabs
Tweet on speed at which Kaseya REvil attack was conducted
REvil

2021-07-07 ⋅ Twitter (@resecurity_com) ⋅ Resecurity
Tweet REvil attack chain used against Kaseya
REvil

2021-07-07 ⋅ Twitter (@C0rk1_H) ⋅ hyabcd
Tweet on purplefox exploiting PrintNightmare (CVE-2021-34527) vulnerability in cryptocurrency mining campaign
PurpleFox

2021-07-06 ⋅ Twitter (@_alex_il_) ⋅ Alex Ilgayev
Tweet on REvil ransomware actor using vulnerable defender executable in its infection flow in early may before Kaseya attack
REvil

2021-07-06 ⋅ Twitter (@MBThreatIntel) ⋅ Malwarebytes Threat Intelligence
Tweet on a malspam campaign that is taking advantage of Kaseya VSA ransomware attack to drop CobaltStrike
Cobalt Strike

2021-07-05 ⋅ Twitter (@R3MRUM) ⋅ R3MRUM
Twitter thread with additional context on C2 domains found in REvil configuration
REvil

2021-07-05 ⋅ Twitter (@SophosLabs) ⋅ SophosLabs
Tweet with a REvil ransomware execution demo
REvil

2021-07-04 ⋅ Twitter (@svch0st) ⋅ Zach
Tweet on #Kaseya detection tool for detecting REvil
REvil

2021-07-04 ⋅ Twitter (@PolarToffee) ⋅ Toffee
Tweet on AvosLocker, ransomware advertising for affiliates through Dread