Malpedia Library

Click here to download all references as Bib-File.•

2025-01-30 ⋅ Bitdefender ⋅ Alexandru Maximciuc, Gheorghe Adrian Schipor, Martin Zugec, Victor Vrabie
UAC-0063: Cyber Espionage Operation Expanding from Central Asia
HATVIBE

2025-01-30 ⋅ eSentire ⋅ eSentire
Ongoing Email Bombing Campaigns leading to Remote Access and Post-Exploitation
Black Basta ReedBed UNC4393

2025-01-30 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Backdoor found in two healthcare patient monitors, linked to IP in China

2025-01-30 ⋅ CISA ⋅ CISA
Contec CMS8000 Contains a Backdoor
CMS8000 Backdoor

2025-01-30 ⋅ Department of Justice ⋅ U.S. Attorney's Office Southern District of Texas
Cybercrime websites selling hacking tools to transnational organized crime groups seized

2025-01-29 ⋅ Socket ⋅ Kirill Boychenko, Peter van der Zee
North Korean APT Lazarus Targets Developers with Malicious npm Package
BeaverTail InvisibleFerret

2025-01-28 ⋅ Hunt.io ⋅ Hunt.io
SparkRAT: Server Detection, macOS Activity, and Malicious Connections
SparkRAT

2025-01-27 ⋅ Youtube (MalwareAnalysisForHedgehogs) ⋅ Karsten Hahn
Malware Analysis - Binary Refinery URL extraction of Multi-Layered PoshLoader for LummaStealer
Lumma Stealer

2025-01-25 ⋅ Sophos ⋅ Anthony Bradshaw, Colin Cowie, Daniel Souter, Hunter Neal, Mark Parsons, Sean Baird, Sean Gallagher
Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing”
ReedBed STAC5143 UNC4393

2025-01-23 ⋅ Github (PaloAltoNetworks) ⋅ Brad Duncan
Cluster of Infrastructure likely used by Affiliate of Dark Scorpius (Black Basta)
ReedBed

2025-01-23 ⋅ Hunt.io ⋅ Hunt.io
Mapping Suspected KEYPLUG Infrastructure: TLS Certificates, GhostWolf, and RedGolf/APT41 Activity
KEYPLUG

2025-01-23 ⋅ AhnLab ⋅ ASEC
RID Hijacking Technique Utilized by Andariel Attack Group
CreateHiddenAccount JuicyPotato

2025-01-23 ⋅ Lumen ⋅ Black Lotus Labs
The J-Magic Show: Magic Packets and Where to find them
J-Magic SEASPY

2025-01-22 ⋅ ESET Research ⋅ Facundo Muñoz
PlushDaemon compromises supply chain of Korean VPN service
SlowStepper PlushDaemon

2025-01-21 ⋅ KrCert ⋅ Dongwook Kim, Seulgi Lee
Analysis of Attack Strategies Targeting Centralized Management Solutions

2025-01-21 ⋅ Knownsec ⋅ Knownsec 404 Team
Love and hate under war: The GamaCopy organization, which imitates the Russian Gamaredon, uses military — related bait to launch attacks on Russia
GamaCopy

2025-01-21 ⋅ Seqrite ⋅ Subhajeet Singha
Silent Lynx APT Targets Various Entities Across Kyrgyzstan & Neighbouring Nations
Unidentified PS 005 (Telegram Bot)

2025-01-20 ⋅ ⋅ JPCERT/CC ⋅ Hayato Sasaki
APT actor classification “addiction” - Practical issues of attribution seen in Lazarus subgroup classification

2025-01-20 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Jonathan Mccay, Joshua Platt
Qbot is Back.Connect
ReedBed UNC4393

2025-01-16 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
New Star Blizzard spear-phishing campaign targets WhatsApp accounts