Malpedia Library

2022-11-29 ⋅ IBM X-Force Exchange ⋅ IBM IRIS
CargoBay BlackHat Backdoor Analysis Report (IRIS-14738)
CargoBay

2022-11-29 ⋅ Recorded Future ⋅ Recorded Future
Suspected Iran-Nexus TAG-56 Uses UAE Forum Lure for Credential Theft Against US Think Tank

2022-11-28 ⋅ Github (reecdeep) ⋅ reecdeep
HiveV5 file decryptor PoC
Hive Hive

2022-11-28 ⋅ Mandiant ⋅ Geoff Ackerman, John Wolfram, Ryan Tomcik, Tommy Dacanay
Always Another Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia
BLUEHAZE DARKDEW MISTCLOAK UNC4191

2022-11-28 ⋅ The DFIR Report ⋅ The DFIR Report
Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware
Emotet Mount Locker

2022-11-27 ⋅ SPUR ⋅ Riley Kilmer
Big Socks to Fill: Tracking the Next 911RE

2022-11-27 ⋅ SecurityScorecard ⋅ Vlad Pasca
A Technical Analysis of Royal Ransomware
Royal Ransom

2022-11-27 ⋅ cocomelonc ⋅ cocomelonc
Malware development tricks: part 24. ListPlanting. Simple C++ example.
InvisiMole

2022-11-26 ⋅ BushidoToken Blog ⋅ BushidoToken
Detecting and Fingerprinting Infostealer Malware-as-a-Service platforms
CollectorGoomba Misha TitanStealer

2022-11-25 ⋅ ThreatBook ⋅ ThreatBook
Analysis of APT-C-60 Attack on South Korea
Unidentified 100 (APT-Q-12)

2022-11-25 ⋅ Twitter (@ESETresearch) ⋅ ESET Research
Twitter thread about RansomBoggs campaign against Ukraine

2022-11-25 ⋅ Resecurity ⋅ Resecurity
"In The Box" - Mobile Malware Webinjects Marketplace
Alien Cerberus Coper ERMAC Hydra

2022-11-25 ⋅ NL Times ⋅ NL Times
Russian hackers targeting Dutch gas terminal

2022-11-25 ⋅ Github (struppigel) ⋅ Karsten Hahn
Python script to decode NightHawk strings
Nighthawk

2022-11-24 ⋅ ExploitReversing ⋅ Alexandre Borges
Malware Analysis Series (MAS): Article 6
Ave Maria

2022-11-24 ⋅ Twitter (@strinsert1Na) ⋅ MigawariIV
Tweet on recent Bifrose activity
Bifrost

2022-11-23 ⋅ Twitter (@RedDrip7) ⋅ RedDrip Team
Tweets about potential Lazarus sample
Unidentified 101 (Lazarus?)

2022-11-23 ⋅ Stranded on Pylos Blog ⋅ Joe Slowik
Detailing Daily Domain Hunting

2022-11-23 ⋅ ESET Research ⋅ Lukáš Štefanko
Bahamut cybermercenary group targets Android users with fake VPN apps
Bahamut

2022-11-23 ⋅ Cybereason ⋅ Cybereason Global SOC Team
THREAT ALERT: Aggressive Qakbot Campaign and the Black Basta Ransomware Group Targeting U.S. Companies
Black Basta QakBot