Malpedia Library

2022-04-14 ⋅ NSHC RedAlert Labs ⋅ NSHC Threatrecon Team
Hacking activity of SectorB Group in 2021 Chinese government supported hacking group SectorB
PlugX

2022-04-13 ⋅ Mandiant ⋅ Corey Hildebrandt, Daniel Kapellmann Zafra, Keith Lunden, Ken Proska, Muhammad Umair, Nathan Brubaker, Rob Caldwell
INCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems
INCONTROLLER

2022-04-13 ⋅ SecurityScorecard ⋅ Ryan Slaney
Zhadnost strikes again… this time in Finland.

2022-04-13 ⋅ Malwarology ⋅ Gaetano Pellegrino
Qakbot Series: Configuration Extraction
QakBot

2022-04-13 ⋅ UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF GEORGIA ⋅ UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF GEORGIA
Court order for taking down Zloader Infrastructure
Zloader

2022-04-13 ⋅ Kaspersky ⋅ AMR
Emotet modules and recent attacks
Emotet

2022-04-13 ⋅ Akamai ⋅ Ben Barnea, Ophir Harpaz
Critical Remote Code Execution Vulnerabilities in Windows RPC Runtime (CVE-2022-26809)

2022-04-13 ⋅ Universit ́e Catholique de Louvain ⋅ Axel Legay, Charles-Henry Bertrand Van Ouytsel
Malware Analysis with Symbolic Execution and Graph Kernel

2022-04-13 ⋅ ESET Research ⋅ Jean-Ian Boutin, Tomáš Procházka
ESET takes part in global operation to disrupt Zloader botnets
Cobalt Strike Zloader

2022-04-12 ⋅ ⋅ Cert-UA ⋅ Cert-UA
Cyberattack of Sandworm Group (UAC-0082) on energy facilities of Ukraine using malicious programs INDUSTROYER2 and CADDYWIPER (CERT-UA # 4435)
CaddyWiper Industroyer INDUSTROYER2

2022-04-12 ⋅ Microsoft Security ⋅ Detection and Response Team (DART)
Tarrask malware uses scheduled tasks for defense evasion
Godzilla Webshell

2022-04-12 ⋅ Kaspersky ⋅ Kaspersky
The State of Stalkerware in 2021
Cerberus

2022-04-12 ⋅ vmware ⋅ Sudhir Devkar
RuRansom – A Retaliatory Wiper
RURansom

2022-04-12 ⋅ Fortinet ⋅ Joie Salvio, Roy Tay
Enemybot: A Look into Keksec's Latest DDoS Botnet
EnemyBot Keksec

2022-04-12 ⋅ Max Kersten's Blog ⋅ Max Kersten
Ghidra script to handle stack strings
CaddyWiper PlugX

2022-04-12 ⋅ Check Point ⋅ Check Point Research
March 2022’s Most Wanted Malware: Easter Phishing Scams Help Emotet Assert its Dominance
Alien FluBot Agent Tesla Emotet

2022-04-12 ⋅ Twitter (@apt773) ⋅ Section 773
Tween on Lapsus$ (UNC3661) Attack chain of compromise via Sitel (Okta subprocessor)'s systems

2022-04-12 ⋅ ⋅ 360 Threat Intelligence Center ⋅ 360 Beacon Lab
Recent attacks by Bahamut group revealed
Bahamut

2022-04-12 ⋅ Sophos ⋅ Andrew Brandt, Angela Gunn, Ferenc László Nagy, Johnathan Fern, Linda Smith, Matthew Everts, Mauricio Valdivieso, Melissa Kelly, Peter Mackenzie, Sergio Bestulic
Attackers linger on government agency computers before deploying Lockbit ransomware
LockBit

2022-04-12 ⋅ AhnLab ⋅ ASEC Analysis Team
SystemBC Being Used by Various Attackers
Emotet SmokeLoader SystemBC