Malpedia Library

2022-06-21 ⋅ McAfee ⋅ Lakshya Mathur
Rise of LNK (Shortcut files) Malware
BazarBackdoor Emotet IcedID QakBot

2022-06-21 ⋅ SonicWall ⋅ SonicWall
HTML Application Files are being used to distribute Smoke Loader Malware
SmokeLoader

2022-06-21 ⋅ BleepingComputer ⋅ Sergiu Gatlan
Microsoft Exchange servers hacked by new ToddyCat APT gang
ToddyCat

2022-06-21 ⋅ Kaspersky ⋅ Giampaolo Dedola
APT ToddyCat: Unveiling an unknown APT actor attacking high-profile entities in Europe and Asia
ToddyCat

2022-06-21 ⋅ Lab52
MuddyWater’s “light” first-stager targetting Middle East
Unidentified VBS 004 (RAT)

2022-06-21 ⋅ Cisco Talos ⋅ Chris Neal, Flavio Costa, Guilherme Venere
Avos ransomware group expands with new attack arsenal
AvosLocker Cobalt Strike DarkComet MimiKatz

2022-06-21 ⋅ Malwarebytes Labs ⋅ Threat Intelligence Team
Russia’s APT28 uses fear of nuclear war to spread Follina docs in Ukraine

2022-06-20 ⋅ Medium (Cryptax) ⋅ Axelle Apvrille
Tracking Android/Joker payloads with Medusa, static analysis (and patience)
Joker

2022-06-20 ⋅ ⋅ Cert-UA ⋅ Cert-UA
APT28 cyberattack using CredoMap malware (CERT-UA#4843)
CredoMap

2022-06-20 ⋅ ⋅ Cert-UA ⋅ Cert-UA
UAC-0098 group cyberattack on critical infrastructure of Ukraine (CERT-UA#4842)
Cobalt Strike

2022-06-20 ⋅ ⋅ Infinitum IT ⋅ infinitum IT
Charming Kitten (APT35)
LaZagne DownPaper MimiKatz pupy

2022-06-19 ⋅ OALabs ⋅ Sergei Frankoff
Matanbuchus Triage Notes
Matanbuchus

2022-06-19 ⋅ CyberInt ⋅ Shmuel Gihon
BlackGuard Stealer Targets the Gaming Community
BlackGuard

2022-06-18 ⋅ R136a1 ⋅ Dominik Reichel
Using dotnetfile to get a Sunburst timeline for intelligence gathering
SUNBURST

2022-06-17 ⋅ Github (0xchrollo) ⋅ Motawkkel Abdulrhman
Unpacking Kovter malware
Kovter

2022-06-17 ⋅ Github (monoxgas) ⋅ Nick Landers
sRDI - Shellcode Reflective DLL Injection
sRDI

2022-06-17 ⋅ Github (NtQuerySystemInformation) ⋅ Twitter (@kasua02)
A reverse engineer primer on Qakbot Dll Stager: From initial execution to multithreading.
QakBot

2022-06-17 ⋅ Zscaler ⋅ Kaivalya Khursale, Sudeep Singh
Resurgence of Voicemail-themed phishing attacks targeting key industry verticals in the US

2022-06-17 ⋅ Cleafy ⋅ Alessandro Strino, Francesco Iubatti
BRATA is evolving into an Advanced Persistent Threat
BRATA

2022-06-17 ⋅ SANS ISC ⋅ Brad Duncan
Malspam pushes Matanbuchus malware, leads to Cobalt Strike
Cobalt Strike Matanbuchus