Malpedia Library

Click here to download all references as Bib-File.•

2021-01-25 ⋅ Twitter (@IntelAdvanced) ⋅ Advanced Intelligence
Tweet on Ryuk Ransomware group's post exploitation tactics including usage of Keethief tool
Ryuk

2021-01-24 ⋅ Medium nasbench ⋅ Nasreddine Bencherchali
Common Tools & Techniques Used By Threat Actors and Malware — Part I

2021-01-24 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Another ransomware (Avaddon) now uses DDoS attacks to force victims to pay
Avaddon

2021-01-23 ⋅ Youtube (MalwareAnalysisForHedgehogs) ⋅ Karsten Hahn
Malware Analysis - Fileless GooLoad static analysis and unpacking

2021-01-22 ⋅ Symantec ⋅ Threat Hunter Team
SolarWinds: How Sunburst Sends Data Back to the Attackers
SUNBURST

2021-01-21 ⋅ NetbyteSEC ⋅ Fareed Fauzi
Solarwinds Attack: Sunburst's DLL Technical Analysis
SUNBURST

2021-01-21 ⋅ ⋅ 360 Threat Intelligence Center ⋅ Advanced Threat Institute
Disclosure of Manling Flower Organization (APT-C-08) using Warzone RAT attack
Ave Maria

2021-01-21 ⋅ Sophos Labs ⋅ Andrew Brandt, Gabor Szappanos
MrbMiner: Cryptojacking to bypass international sanctions

2021-01-20 ⋅ Trend Micro ⋅ Abraham Camba, Gilbert Sison, Ryan Maglaque
XDR investigation uncovers PlugX, unique technique in APT attack
PlugX

2021-01-20 ⋅ Microsoft ⋅ Microsoft 365 Defender Research Team, Microsoft Cyber Defense Operations Center (CDOC), Microsoft Threat Intelligence Center (MSTIC)
Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop
Cobalt Strike SUNBURST TEARDROP

2021-01-19 ⋅ Twitter (@ConfiantIntel) ⋅ ConfiantIntel
Tweet on WizardUpdate macOS backdoor
Vigram

2021-01-19 ⋅ HP ⋅ Patrick Schläpfer
Dridex Malicious Document Analysis: Automating the Extraction of Payload URLs
Dridex

2021-01-19 ⋅ Malwarebytes ⋅ Marcin Kleczynski
Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments

2021-01-19 ⋅ ⋅ Twitter (@jpcert_ac) ⋅ JPCERT/CC
Tweet on LODEINFO ver 0.47 spotted ITW targeting Japan
LODEINFO

2021-01-19 ⋅ Medium elis531989 ⋅ Eli Salem
Funtastic Packers And Where To Find Them
Get2 IcedID QakBot

2021-01-19 ⋅ ⋅ JPCERT/CC ⋅ Shusei Tomonaga
Tools used within the network invaded by attack group Lazarus

2021-01-18 ⋅ tccontre Blog ⋅ tcontre
Extracting Shellcode in ICEID .PNG Steganography
IcedID

2021-01-18 ⋅ Bleeping Computer ⋅ Lawrence Abrams
IObit forums hacked to spread ransomware to its members
DeroHE

2021-01-18 ⋅ Bleeping Computer ⋅ Lawrence Abrams
IObit forums hacked in widespread DeroHE ransomware attack

2021-01-18 ⋅ Cado Security ⋅ cadolabs
Botnet Deploys Cloud and Container Attack Techniques