Malpedia Library

Click here to download all references as Bib-File.•

2021-11-18 ⋅ Group-IB ⋅ Ivan Pisarev
The awakening: Group-IB uncovers new corporate espionage attacks by RedCurl

2021-11-18 ⋅ Twitter (@tccontre18) ⋅ Br3akp0int
Tweet on how to decrypt 4 layers of encryption & obfuscation of vjw0rm
Vjw0rm

2021-11-18 ⋅ Sophos ⋅ Elida Leite, Ferenc László Nagy, Gabor Szappanos, Harinder Bhathal, Kyle Link, Nirav Parekh, Rahul Dugar, Ratul Ghosh, Robert Weiland, Sean Gallagher, Sergio Bestuilic, Vikas Singh
New ransomware actor uses password-protected archives to bypass encryption protection

2021-11-18 ⋅ PRODAFT Threat Intelligence ⋅ PRODAFT
Conti Ransomware Group In-Depth Analysis
Conti

2021-11-18 ⋅ 360 netlab ⋅ Alex.Turing, Hui Wang, litao3rd, YANG XU
The Pitfall of Threat Intelligence Whitelisting: Specter Botnet is 'taking over' Top Legit DNS Domains By Using ClouDNS Service
Specter

2021-11-18 ⋅ Sansec ⋅ Sansec Threat Research Team
Linux malware agent hits eCommerce sites

2021-11-18 ⋅ Microsoft ⋅ Microsoft Digital Security Unit (DSU), Microsoft Threat Intelligence Center (MSTIC)
Iranian targeting of IT sector on the rise
MimiKatz ShellClient RAT Cuboid Sandstorm

2021-11-18 ⋅ US Department of Justice ⋅ Department of Justice
Two Iranian Nationals Charged for Cyber-Enabled Disinformation and Threat Campaign Designed to Influence the 2020 U.S. Presidential Election ( Seyyed Mohammad Hosein Musa Kazemi & Sajjad Kashian )

2021-11-18 ⋅ U.S. Department of the Treasury ⋅ U.S. Department of the Treasury
Treasury Sanctions Iran Cyber Actors for Attempting to Influence the 2020 U.S. Presidential Election

2021-11-18 ⋅ Elliptic ⋅ Elliptic Intel
Conti Ransomware Nets at Least $25.5 Million in Four Months
Conti

2021-11-17 ⋅ Black Hills Information Security ⋅ Kyle Avery
DNS Over HTTPS for Cobalt Strike
Cobalt Strike

2021-11-17 ⋅ Infoblox ⋅ Gaetano Pellegrino
Deep Analysis of a Recent Lokibot Attack
Loki Password Stealer (PWS)

2021-11-17 ⋅ Twitter (@Unit42_Intel) ⋅ Unit 42
Tweet on Matanbuchus Loader used to deliver Qakbot (tag obama128b) and follow-up CobaltStrike
Cobalt Strike QakBot

2021-11-17 ⋅ CrowdStrike ⋅ Liviu Arsene, Sarang Sonawane, Thomas Moses
Ransomware (R)evolution Plagues Organizations, But CrowdStrike Protection Never Wavers
LockBit

2021-11-17 ⋅ Microsoft ⋅ Pete Bryan
Creating your first Microsoft Sentinel Notebook

2021-11-17 ⋅ MalwareTech ⋅ Marcus Hutchins
An in-depth look at hacking back, active defense, and cyber letters of marque

2021-11-17 ⋅ Medium ThreatMiner ⋅ ThreatMiner
Android Trojan Targeting Korean Demographic using GitHub for C2
Unidentified APK 006

2021-11-17 ⋅ ⋅ Investigative reporting project Italy ⋅ Lorenzo Bagnoli, Riccardo Coluccini
Sorveglianza: l’azienda italiana che vuole sfidare i colossi NSO e Palantir
Chrysaor

2021-11-17 ⋅ nviso ⋅ Didier Stevens
Cobalt Strike: Decrypting Obfuscated Traffic – Part 4
Cobalt Strike

2021-11-17 ⋅ Trend Micro ⋅ Abdelrhman Sharshar, Mohamed Fahmy, Ryan Maglaque, Sherif Magdy
Analyzing ProxyShell-related Incidents via Trend Micro Managed XDR
Cobalt Strike Cotx RAT