Malpedia Library

2021-07-04 ⋅ Twitter (@svch0st) ⋅ Zach
Tweet on #Kaseya detection tool for detecting REvil
REvil

2021-07-04 ⋅ Twitter (@PolarToffee) ⋅ Toffee
Tweet on AvosLocker, ransomware advertising for affiliates through Dread

2021-07-03 ⋅ Twitter (@fwosar) ⋅ Fabian Wosar
Twitter thread on REvil's cryptographic scheme
REvil

2021-07-03 ⋅ Twitter (@LloydLabs) ⋅ Lloyd
Twitter Thread on Revil sideloading DLL used in Kaseya attack
REvil

2021-07-02 ⋅ Twitter (@VK_intel) ⋅ Vitali Kremez
Tweet on Revil ransomware analysis used in Kaseya attack
REvil

2021-07-02 ⋅ Twitter (@SyscallE) ⋅ SeAccessCheck
Tweet on Revil dropper used in Kaseya attack
REvil

2021-06-29 ⋅ Twitter (@IntezerLabs) ⋅ Intezer
Tweet on unknown elf backdoor based on an open source remote shell named "amcsh"
BioSet

2021-06-29 ⋅ Twitter (@sisoma2) ⋅ sisoma2
Tweet on vidar stealer using Tumblr to obtain dynamic config
Vidar

2021-06-29 ⋅ Twitter (@VK_intel) ⋅ Vitali Kremez
Tweet on Linux version of REvil ransomware
REvil

2021-06-28 ⋅ Twitter (@AdamTheAnalyst) ⋅ AdamTheAnalyst
Tweet on suspected REvil exfiltration (over RClone FTP) server
REvil REvil

2021-06-28 ⋅ Twitter (@VK_intel) ⋅ Vitali Kremez
Tweet on ELF version of REvil
REvil

2021-06-27 ⋅ Twitter (@GossiTheDog) ⋅ Kevin Beaumont
Tweet on babuk ransomware builder
Babuk

2021-06-23 ⋅ Twitter (@IntezerLabs) ⋅ Intezer
Tweet on linux version of Derusbi
Derusbi

2021-06-22 ⋅ Twitter (@Cryptolaemus1) ⋅ Cryptolaemus, dao ming si, Kirk Sayre
Tweet on TA575, a Dridex affiliate delivering cobaltstrike (packed withe Cryptone) directly via the macro docs
Cobalt Strike Dridex

2021-06-18 ⋅ ⋅ YouTube (jnpc) ⋅ Twitter (@yarai1978), Yuu Arai
"Cyber Security" Yu Arai, NTT DATA Executive Security Analyst

2021-06-16 ⋅ Twitter (@ChouchWard) ⋅ ch0uch ward
Tweet on Qbot operators left their web server's access.log file unsecured
QakBot

2021-06-16 ⋅ nur.pub ⋅ Twitter (@1umos_)
Cerberus Analysis - Android Banking Trojan
Cerberus

2021-06-13 ⋅ Twitter (@alberto__segura) ⋅ Alberto Segura
Tweet on Flubot version 4.6
FluBot

2021-06-12 ⋅ Twitter (@AltShiftPrtScn) ⋅ Peter Mackenzie
A thread on RagnarLocker ransomware group's TTP seen in an Incident Response
Cobalt Strike RagnarLocker

2021-06-11 ⋅ Twitter (@MsftSecIntel) ⋅ Microsoft Security Intelligence
Tweet on solarmarker/Jupyter malware
solarmarker