Malpedia Library

Click here to download all references as Bib-File.•

2025-01-29 ⋅ SecurityScorecard ⋅ SecurityScorecard STRIKE Team
Operation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign
BeaverTail InvisibleFerret

2025-01-29 ⋅ Socket ⋅ Kirill Boychenko, Peter van der Zee
North Korean APT Lazarus Targets Developers with Malicious npm Package
BeaverTail InvisibleFerret

2025-01-29 ⋅ Google ⋅ Conor Quigley, Luke Jenkins, Nino Isakovic
ScatterBrain: Unmasking the Shadow of PoisonPlug's Obfuscator
POISONPLUG ShadowPad SNAPPYBEE

2025-01-28 ⋅ Group-IB ⋅ Nikolay Kichatov, Pietro Albuquerque, Sharmine Low
Cat’s out of the bag: Lynx Ransomware-as-a-Service
Lynx

2025-01-28 ⋅ Hunt.io ⋅ Hunt.io
SparkRAT: Server Detection, macOS Activity, and Malicious Connections
SparkRAT

2025-01-27 ⋅ The DFIR Report ⋅ MittenSec, MyDFIR, r3nzsec
Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware
GhostSocks LockBit SystemBC

2025-01-27 ⋅ SecurityScorecard ⋅ STRIKE Team
Operation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign

2025-01-27 ⋅ Youtube (MalwareAnalysisForHedgehogs) ⋅ Karsten Hahn
Malware Analysis - Binary Refinery URL extraction of Multi-Layered PoshLoader for LummaStealer
Lumma Stealer

2025-01-25 ⋅ Sophos ⋅ Anthony Bradshaw, Colin Cowie, Daniel Souter, Hunter Neal, Mark Parsons, Sean Baird, Sean Gallagher
Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing”
ReedBed STAC5143 UNC4393

2025-01-23 ⋅ Github (PaloAltoNetworks) ⋅ Brad Duncan
Cluster of Infrastructure likely used by Affiliate of Dark Scorpius (Black Basta)
ReedBed

2025-01-23 ⋅ Netskope ⋅ Leandro Froes
Lumma Stealer: Fake CAPTCHAs & New Techniques to Evade Detection
Lumma Stealer

2025-01-23 ⋅ Hunt.io ⋅ Hunt.io
Mapping Suspected KEYPLUG Infrastructure: TLS Certificates, GhostWolf, and RedGolf/APT41 Activity
KEYPLUG

2025-01-23 ⋅ AhnLab ⋅ ASEC
RID Hijacking Technique Utilized by Andariel Attack Group
CreateHiddenAccount JuicyPotato

2025-01-23 ⋅ Lumen ⋅ Black Lotus Labs
The J-Magic Show: Magic Packets and Where to find them
J-Magic SEASPY

2025-01-23 ⋅ ThreatMon ⋅ Aziz Kaplan, ThreatMon, ThreatMon Malware Research Team
Helldown Ransomware Malware Analysis Report
HellDown

2025-01-22 ⋅ ESET Research ⋅ Facundo Muñoz
PlushDaemon compromises supply chain of Korean VPN service
SlowStepper PlushDaemon

2025-01-21 ⋅ Financial Security Institute ⋅ JeongGak Lyu
Follow the Clues - Everyday is lazarus.day

2025-01-21 ⋅ KrCert ⋅ Dongwook Kim, Seulgi Lee
Analysis of Attack Strategies Targeting Centralized Management Solutions

2025-01-21 ⋅ Knownsec ⋅ Knownsec 404 Team
Love and hate under war: The GamaCopy organization, which imitates the Russian Gamaredon, uses military — related bait to launch attacks on Russia
GamaCopy

2025-01-21 ⋅ Seqrite ⋅ Subhajeet Singha
Silent Lynx APT Targets Various Entities Across Kyrgyzstan & Neighbouring Nations
Unidentified PS 005 (Telegram Bot)