Malpedia Library

Click here to download all references as Bib-File.•

2022-03-11 ⋅ propublica ⋅ Craig Silverman, Jeff Kao
Infamous Russian Troll Farm Appears to Be Source of Anti-Ukraine Propaganda

2022-02-18 ⋅ 0x00sec ⋅ jeff
Dynamically extracting the encryption key from a simple ransomware

2021-12-29 ⋅ Github (jeFF0Falltrades) ⋅ Jeff Archer
AsyncRAT Configuration Parser
AsyncRAT

2021-11-07 ⋅ Palo Alto Networks Unit 42 ⋅ Jeff White, Peter Renals, Robert Falcone
Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer
Godzilla Webshell NGLite

2021-11-02 ⋅ CyberScoop ⋅ Jeff Stone
US seeks extradition of alleged Ukrainian scammer arrested at Polish border stop

2021-11-01 ⋅ Software Engineering Institute ⋅ Jeffrey Gennari
Two Tools for Malware Analysis and Reverse Engineering in Ghidra

2021-06-16 ⋅ Palo Alto Networks Unit 42 ⋅ Jeff White, Kyle Wilhoit
Matanbuchus: Malware-as-a-Service with Demonic Intentions
Matanbuchus BelialDemon

2021-03-26 ⋅ Accenture ⋅ Eric Welling, Jeff Beley, Ryan Leininger
It's getting hot in here! Unknown threat group using Hades ransomware to turn up the heat on their victims
Hades

2021-03-08 ⋅ Palo Alto Networks Unit 42 ⋅ Jeff White
Analyzing Attacks Against Microsoft Exchange Server With China Chopper Webshells
CHINACHOPPER

2020-11-17 ⋅ CyberScoop ⋅ Jeff Stone
FIN7 recruiter Andrii Kolpakov pleads guilty to role in global hacking scheme

2020-11-04 ⋅ FireEye ⋅ Jacob Thompson, Jeffrey Martin, Rapid7
In Wild Critical Buffer Overflow Vulnerability in Solaris Can Allow Remote Takeover — CVE-2020-14871

2020-06-10 ⋅ James_inthe_box, jeFF0Falltrades, _re_fox
FRat Reporting, YARA, and IoCs
FRat Loader FRat

2020-05-07 ⋅ The Citizenlab ⋅ Christopher Parsons, Jedidiah Crandall, Jeffrey Knockel, Lotus Ruan, Ron Deibert, Ruohan Xiong
We Chat, They Watch: How International Users Unwittingly Build up WeChat’s Chinese Censorship Apparatus

2020-02-11 ⋅ Github (jeFF0Falltrades) ⋅ Jeff Archer
Metamorfo (aka Casbaneiro)
Metamorfo Unidentified 072 (Metamorfo Loader)

2019-12-05 ⋅ Github (jeFF0Falltrades) ⋅ Jeff Archer
PoshC2 (specifically as used by APT33)
PoshC2

2019-11-03 ⋅ Github (jeFF0Falltrades) ⋅ Jeff Archer
DTrack
Dtrack

2019-09-14 ⋅ Github (jeFF0Falltrades) ⋅ Jeff Archer
WSH RAT (A variant of H-Worm/Houdini)
Houdini

2019-08-15 ⋅ Github (jeFF0Falltrades) ⋅ Jeff Archer
MICROPSIA (APT-C-23)
Micropsia

2019-06-25 ⋅ Avast ⋅ Jeff Elder
Ransomware strain Troldesh spikes again – Avast tracks new attacks
Troldesh

2019-05-31 ⋅ Github (jeFF0Falltrades) ⋅ Jeff Archer
Qealler Unloaded
Qealler

2018-02-27 ⋅ Palo Alto Networks Unit 42 ⋅ Jeff White
Dissecting Hancitor’s Latest 2018 Packer
Hancitor

2017-09-25 ⋅ Palo Alto Networks Unit 42 ⋅ Jeff White
Analyzing the Various Layers of AgentTesla’s Packing
Agent Tesla

2017-05-31 ⋅ ropgadget.com ⋅ Jeff White
Writing PCRE's for applied passive network defense [Emotet]
Emotet

2016-08-30 ⋅ Palo Alto Networks Unit 42 ⋅ Jeff White
Pythons and Unicorns and Hancitor…Oh My! Decoding Binaries Through Emulation

2016-08-22 ⋅ Palo Alto Networks Unit 42 ⋅ Jeff White
VB Dropper and Shellcode for Hancitor Reveal New Techniques Behind Uptick
Hancitor

2016-02-25 ⋅ Palo Alto Networks Unit 42 ⋅ Jeff White
KeyBase Threat Grows Despite Public Takedown: A Picture is Worth a Thousand Words
KeyBase

2013-02-22 ⋅ Microsoft ⋅ Jeffrey Meisner
Bamital Botnet Takedown Is Successful; Cleanup Underway
Bamital

2011-01-01 ⋅ Virus Bulletin ⋅ Jeff Edwards, Jose Nazario
A Survey of Contemporary Chinese DDoS Malware
Rincux