Malpedia Library

2022-12-05 ⋅ Cybereason ⋅ Kotaro Ogino, Ralph Villanueva, Robin Plumer
Threat Analysis: MSI - Masquerading as a Software Installer
Magniber Matanbuchus QakBot

2022-12-03 ⋅ Github (kevoreilly) ⋅ Nikhil Hegde
Nighthawk DLL Payload Configuration Parser
Nighthawk

2022-12-03 ⋅ Microsoft ⋅ Cliff Watts
Preparing for a Russian cyber offensive against Ukraine this winter
CaddyWiper HermeticWiper Prestige

2022-12-02 ⋅ CrowdStrike ⋅ Tim Parisi
Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies

2022-12-02 ⋅ Palo Alto Networks Unit 42 ⋅ Bob Jung, Dominik Reichel, Esmid Idrizovic
Blowing Cobalt Strike Out of the Water With Memory Analysis
Cobalt Strike

2022-12-02 ⋅ K7 Security ⋅ Rahul R
KoiVM Loader Resurfaces With a Bang
KoiVM

2022-12-02 ⋅ Avast Decoded ⋅ Threat Intelligence Team
Hitching a ride with Mustang Panda
PlugX

2022-12-02 ⋅ Github (binref) ⋅ Jesko Hüttenhain
The Refinery Files 0x06: Qakbot Decoder
QakBot

2022-12-01 ⋅ SentinelOne ⋅ Aleksandar Milenkoski
The Mystery of Metador | Unpicking Mafalda’s Anti-Analysis Techniques
Metador

2022-12-01 ⋅ mostwanted002
Malware Analysis and Triage Report : PirateStealer - Discord_beta.exe
PirateStealer

2022-12-01 ⋅ ⋅ Kaspersky ⋅ Fyodor Sinitsyn, Yanis Zinchenko
Новый троянец CryWiper прикидывается шифровальщиком

2022-12-01 ⋅ splunk ⋅ Splunk Threat Research Team
From Macros to No Macros: Continuous Malware Improvements by QakBot
QakBot

2022-12-01 ⋅ Zscaler ⋅ Zscaler
Back in Black... Basta - Technical Analysis of BlackBasta Ransomware 2.0
Black Basta

2022-12-01 ⋅ CISA ⋅ CISA
#StopRansomware: Cuba Ransomware
Cuba

2022-11-30 ⋅ SentinelOne ⋅ SentinelOne
RansomEXX Ransomware: In-Depth Analysis, Detection, and Mitigation
RansomEXX RansomEXX

2022-11-30 ⋅ TampaBayTech ⋅ tampabaytech2
Arechclient2
SectopRAT

2022-11-30 ⋅ CyberFlorida ⋅ CyberFlorida
Malware with Sandbox Evasion Techniques Observed Stealing Browser Cached Credentials
SectopRAT

2022-11-30 ⋅ ⋅ Qianxin Threat Intelligence Center ⋅ Red Raindrop Team
Analysis of APT29's attack activities against Italy
Unidentified 098 (APT29 Slack Downloader)

2022-11-30 ⋅ Sophos ⋅ Andrew Brandt
LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling
LockBit

2022-11-30 ⋅ Tidal Cyber Inc. ⋅ Scott Small
Identifying and Defending Against QakBot's Evolving TTPs
QakBot