Malpedia Library

2022-07-14 ⋅ Sophos ⋅ Alexander Giles
Rapid Response: The Ngrok Incident Guide

2022-06-13 ⋅ Sekoia ⋅ Threat & Detection Research Team
BumbleBee: a new trendy loader for Initial Access Brokers
BumbleBee

2022-05-19 ⋅ Trend Micro ⋅ Adolph Christian Silverio, Jeric Miguel Abordo, Khristian Joseph Morales, Maria Emreen Viray
Bruised but Not Broken: The Resurgence of the Emotet Botnet Malware
Emotet QakBot

2022-04-27 ⋅ Trend Micro ⋅ Daniel Lunghi, Jaromír Hořejší
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
HelloBot AsyncRAT Ghost RAT HelloBot PlugX Quasar RAT Earth Berberoka

2022-04-27 ⋅ Trendmicro ⋅ Trendmicro
IOCs for Earth Berberoka - Windows
AsyncRAT Cobalt Strike PlugX Quasar RAT Earth Berberoka

2022-04-27 ⋅ Trendmicro ⋅ Trendmicro
IOCs for Earth Berberoka - Linux
Rekoobe pupy Earth Berberoka

2022-04-27 ⋅ Trendmicro ⋅ Trendmicro
IOCs for Earth Berberoka - MacOS
oRAT Earth Berberoka

2022-04-27 ⋅ Trendmicro ⋅ Trendmicro
IOCs for Earth Berberoka
Earth Berberoka

2022-03-17 ⋅ Google ⋅ Benoit Sevens, Vladislav Stolyarov
Exposing initial access broker with ties to Conti
BazarBackdoor BumbleBee Conti EXOTIC LILY

2022-03-17 ⋅ Google ⋅ Benoit Sevens, Google Threat Analysis Group, Vladislav Stolyarov
Exposing initial access broker with ties to Conti
BazarBackdoor BumbleBee Cobalt Strike Conti

2022-02-23 ⋅ CrowdStrike ⋅ CrowdStrike Intelligence Team
Access Brokers: Who Are the Targets, and What Are They Worth?

2021-12-28 ⋅ NTT ⋅ Hiroki Hada
Flagpro: The new malware used by BlackTech
Flagpro

2021-12-03 ⋅ KrebsOnSecurity ⋅ Brian Krebs
Who Is the Network Access Broker ‘Babam’?

2021-10-21 ⋅ curatedintel ⋅ Trevor Giffen
Initial Access Broker Landscape

2021-10-08 ⋅ ⋅ NTT ⋅ Fumio Ozawa, Hiroki Hada, Rintaro Koike
Malware Flagpro used by targeted attack group BlackTech
Flagpro

2021-08-26 ⋅ Bleeping Computer ⋅ Ionut Ilascu
Ragnarok ransomware releases master decryptor after shutdown
Ragnarok

2021-08-24 ⋅ Vice Motherboard ⋅ Joseph Cox
How Data Brokers Sell Access to the Backbone of the Internet

2021-08-24 ⋅ Volexity ⋅ Damien Cash, Josh Grunzweig, Steven Adair, Thomas Lancaster
North Korean BLUELIGHT Special: InkySquid Deploys RokRAT
RokRAT

2021-08-05 ⋅ Group-IB ⋅ Nikita Rostovcev, Viktor Okorokov
Prometheus TDS The key to success for Campo Loader, Hancitor, IcedID, and QBot
Prometheus Backdoor Buer campoloader Hancitor IcedID QakBot