Malpedia Library

Click here to download all references as Bib-File.•

2022-07-28 ⋅ Kaspersky ⋅ Igor Kuznetsov, Leonid Bezvershenko
LofyLife: malicious npm packages steal Discord tokens and bank card data

2022-07-19 ⋅ Google ⋅ Billy Leonard
Continued cyber activity in Eastern Europe observed by TAG
CyberAzov APT28 Callisto Ghostwriter Sandworm Turla

2022-07-19 ⋅ Google ⋅ Billy Leonard
Continued cyber activity in Eastern Europe observed by TAG
CyberAzov

2022-07-08 ⋅ Twitter (@billyleonard) ⋅ Billy Leonard
Twiiter thread about some recent Turla activity spoofing the Azov Regiment ... but targeting Android users.

2022-05-12 ⋅ TEAMT5 ⋅ Leon Chang, Silvia Yeh
The Next Gen PlugX/ShadowPad? A Dive into the Emerging China-Nexus Modular Trojan, Pangolin8RAT (slides)
KEYPLUG Cobalt Strike CROSSWALK FunnySwitch PlugX ShadowPad Winnti SLIME29 TianWu

2022-05-03 ⋅ Google ⋅ Billy Leonard
Update on cyber activity in Eastern Europe
Callisto

2022-05-03 ⋅ Google ⋅ Billy Leonard, Google Threat Analysis Group
Update on cyber activity in Eastern Europe
Curious Gorge

2022-04-25 ⋅ Mandiant ⋅ Chris Sistrunk, Corey Hildebrandt, Daniel Kapellmann Zafra, Keith Lunden, Ken Proska, Nathan Brubaker, Raymond Leong
INDUSTROYER.V2: Old Malware Learns New Tricks
INDUSTROYER2

2022-03-30 ⋅ Google ⋅ Billy Leonard
Tracking cyber activity in Eastern Europe
Callisto Curious Gorge

2022-03-30 ⋅ Google ⋅ Billy Leonard, Google Threat Analysis Group
Tracking cyber activity in Eastern Europe

2022-03-16 ⋅ Trustwave ⋅ Homer Pacag
The Attack of the Chameleon Phishing Page

2022-03-09 ⋅ BreachQuest ⋅ Bernard Silvestrini, Marco Figueroa, Napoleon Bing
The Conti Leaks | Insight into a Ransomware Unicorn
Cobalt Strike MimiKatz TrickBot

2022-01-14 ⋅ Twitter (@billyleonard) ⋅ Billy Leonard, Google Threat Analysis Group
Tweet on APT28 credential phishing campaigns targeting Ukraine

2021-11-10 ⋅ Twitter (@billyleonard) ⋅ Billy Leonard, Google Threat Analysis Group
Tweet on Rekoobe (used by APT31), being a fork of open source tool called Tiny SHell, used by different actor since at least 2012
Rekoobe

2021-10-07 ⋅ Twitter (@billyleonard) ⋅ Billy Leonard, Google Threat Analysis Group
Tweet on IOCs related to APT28

2021-09-27 ⋅ Kaspersky ⋅ Dmitry Galov, Leonid Bezvershenko, Marc Rivero López
BloodyStealer and gaming assets for sale
BloodyStealer

2021-07-21 ⋅ Twitter (@billyleonard) ⋅ Billy Leonard
Tweet on APT31 using a router implant.
SoWaT

2021-05-12 ⋅ Kaspersky ⋅ Dmitry Galov, Ivan Kwiatkowski, Leonid Bezvershenko
Ransomware world in 2021: who, how and why
Babuk REvil

2021-04-29 ⋅ FireEye ⋅ Justin Moore, Raymond Leong, Tyler McLellan
UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat
Cobalt Strike FiveHands HelloKitty

2021-02-05 ⋅ Palo Alto Networks Unit 42 ⋅ Efi Barkayev, Gal De Leon, Nadav Markus
Exploits in the Wild for WordPress File Manager RCE Vulnerability (CVE-2020-25213)
Kinsing