Malpedia Library

Click here to download all references as Bib-File.•

2021-12-14 ⋅ Zscaler ⋅ Nagraj Seshadri
Neutralizing Apache Log4j Exploits with Identity-Based Segmentation

2021-12-14 ⋅ Mandiant ⋅ Adrien Bataille, Anders Vejlby, Jared Scott Wilson, Nader Zaveri
Azure Run Command for Dummies

2021-12-14 ⋅ Symantec ⋅ Threat Hunter Team
Espionage Campaign Targets Telecoms Organizations across Middle East and Asia
MimiKatz

2021-12-14 ⋅ Prevailion ⋅ Matt Stafford, Sherman Smith
DarkWatchman: A new evolution in fileless techniques
DarkWatchman

2021-12-14 ⋅ Kaspersky Labs ⋅ Paul Rascagnères, Pierre Delcher
Owowa: the add-on that turns your OWA into a credential stealer and remote access panel
Owowa

2021-12-13 ⋅ RiskIQ ⋅ Jordan Herman
RiskIQ: Connections between Nanocore, Netwire, and AsyncRAT and Vjw0rm dynamic DNS C2 infrastructure
AsyncRAT Nanocore RAT NetWire RC Vjw0rm

2021-12-13 ⋅ Cado Security ⋅ Cado Security
Analysis of Initial In The Wild Attacks Exploiting Log4Shell/Log4J/CVE-2021-44228
Kinsing Mirai Tsunami

2021-12-13 ⋅ Mandiant ⋅ Alyssa Rahman
Now You Serial, Now You Don’t — Systematically Hunting for Deserialization Exploits

2021-12-12 ⋅ NCC Group ⋅ RIFT: Research and Intelligence Fusion Team
Log4Shell: Reconnaissance and post exploitation network detection

2021-12-12 ⋅ Sophos ⋅ Sean Gallagher
Log4Shell Hell: anatomy of an exploit outbreak

2021-12-11 ⋅ Microsoft ⋅ Microsoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability
Khonsari NightSky BRONZE STARLIGHT

2021-12-11 ⋅ Symantec ⋅ Threat Hunter Team
Apache Log4j Zero-Day Being Exploited in the Wild
Kaiten

2021-12-10 ⋅ Dissecting Malware ⋅ Marius Genheimer
BlackCatConf - Static Configuration Extractor for BlackCat Ransomware
BlackCat

2021-12-10 ⋅ Medium s2wlab ⋅ S2W TALON
BlackCat: New Rust based ransomware borrowing BlackMatter’s configuration
BlackCat BlackMatter

2021-12-10 ⋅ Trend Micro ⋅ Don Ovid Ladores
New Yanluowang Ransomware Found to be Code-Signed, Terminates Database-Related Processes

2021-12-10 ⋅ Mississippi State University ⋅ DeMarcus M. Thomas Sr.
Detecting malware in memory with memory object relationships

2021-12-09 ⋅ Group-IB ⋅ Andrey Zhdanov, Dmitry Shestakov
Inside the Hive: Deep dive into Hive RaaS, analysis of latest samples
Hive Hive

2021-12-09 ⋅ HP ⋅ Patrick Schläpfer
Emotet’s Return: What’s Different?
Emotet

2021-12-09 ⋅ Trend Micro ⋅ Veronica Chierzi
The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs
Dark Nexus QSnatch

2021-12-09 ⋅ Minerva Labs ⋅ Natalie Zargarov
A new StrongPity variant hides behind Notepad++ installation
StrongPity