Malpedia Library

Click here to download all references as Bib-File.•

2022-05-04 ⋅ Cyware ⋅ Cyware
Chinese Naikon Group Back with New Espionage Attack
APT30 Naikon

2022-05-04 ⋅ Kaspersky ⋅ Denis Legezo
A new secret stash for “fileless” malware
Cobalt Strike

2022-05-04 ⋅ Cybereason ⋅ Akihiro Tomita, Assaf Dahan, Chen Erlich, Daniel Frank, Fusao Tanida, Niv Yona, Ofir Ozer
Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques
PRIVATELOG Spyder STASHLOG Winnti

2022-05-04 ⋅ Twitter (@felixw3000) ⋅ Felix
Twitter Thread with info on infection chain with IcedId, Cobalt Strike, and Hidden VNC.
Cobalt Strike IcedID PhotoLoader

2022-05-04 ⋅ F-Secure ⋅ Riccardo Ancarani
Scheduled Task Tampering

2022-05-04 ⋅ HP ⋅ Patrick Schläpfer
Tips for Automating IOC Extraction from GootLoader, a Changing JavaScript Malware
GootLoader

2022-05-04 ⋅ Cybereason ⋅ Akihiro Tomita, Assaf Dahan, Chen Erlich, Daniel Frank, Fusao Tanida, Niv Yona, Ofir Ozer
Operation CuckooBees: A Winnti Malware Arsenal Deep-Dive
PRIVATELOG Spyder STASHLOG Winnti

2022-05-04 ⋅ CrowdStrike ⋅ Sebastian Walla
Compromised Docker Honeypots Used for Pro-Ukrainian DoS Attack

2022-05-04 ⋅ Mandiant ⋅ Brandan Schondorfer, Jennifer Brito, Nader Zaveri, Tyler McLellan
Old Services, New Tricks: Cloud Metadata Abuse by UNC2903
WSO

2022-05-04 ⋅ Inky ⋅ Roger Kay
Fresh Phish: Britain’s National Health Service Infected by Massive Phishing Campaign

2022-05-04 ⋅ Sophos ⋅ Andreas Klopsch
Attacking Emotet’s Control Flow Flattening
Emotet

2022-05-03 ⋅ Silent Push ⋅ Silent Push
Subdomain Takeovers and 1.1 million “dangling” risks

2022-05-03 ⋅ Fortinet ⋅ Gergely Revay
Unpacking Python Executables on Windows and Linux

2022-05-03 ⋅ Recorded Future ⋅ Insikt Group
SOLARDEFLECTION C2 Infrastructure Used by NOBELIUM in Company Brand Misuse
Cobalt Strike

2022-05-03 ⋅ ⋅ AhnLab ⋅ ASEC
Backdoors disguised as document editing and messenger programs (*.chm)

2022-05-03 ⋅ Recorded Future ⋅ Insikt Group®
SOLARDEFLECTION C2 Infrastructure Used by NOBELIUM in Company Brand Misuse
Cobalt Strike EnvyScout

2022-05-03 ⋅ Trellix ⋅ Christiaan Beek
The Hermit Kingdom’s Ransomware play
VHD Ransomware

2022-05-03 ⋅ Cisco ⋅ JAIME FILSON, Kendall McKay, Paul Eubanks.
Conti and Hive ransomware operations: Leveraging victim chats for insights
Conti Hive

2022-05-03 ⋅ Zscaler ⋅ Brett Stone-Gross, Javier Vicente
Analysis of BlackByte Ransomware's Go-Based Variants
BlackByte

2022-05-03 ⋅ Cluster25 ⋅ Cluster25
The Strange Link Between A Destructive Malware And A Ransomware-Gang Linked Custom Loader: IsaacWiper Vs Vatet
Cobalt Strike IsaacWiper PyXie