Malpedia Library

Click here to download all references as Bib-File.•

2020-12-02 ⋅ Red Canary ⋅ twitter (@redcanary)
Tweet on increased #Qbot activity delivering Cobalt Strike & #Egregor ransomware
Cobalt Strike Egregor QakBot

2020-11-26 ⋅ Twitter (@3xp0rtblog) ⋅ 3xp0rt
Tweet on Xenon Stealer
Xenon Stealer

2020-11-22 ⋅ Twitter (@Nocturnus) ⋅ Cybereason Nocturnus
Tweet on new modular stealer that steals passwords, credit cards data, cryptocurrency wallets and downloads further plugins.

2020-11-21 ⋅ Medium Intel-Honey ⋅ Twitter (@intel_honey)
Reversing Anubis Malware
Anubis

2020-11-19 ⋅ Twitter (@VK_intel) ⋅ Vitali Kremez
Tweet on Trickbot Group pushing LIGHTBOT powershell script to gather information about AD Server
LightBot

2020-11-17 ⋅ Twitter (@VK_intel) ⋅ Vitali Kremez
Tweet on a new fileless TrickBot loading method using code from MemoryModule
TrickBot

2020-11-12 ⋅ Twitter (@ddash_ct) ⋅ ddash
Tweet on Lootwodniw
Lootwodniw

2020-11-12 ⋅ Twitter (@IntezerLabs) ⋅ Intezer
Tweet on Agelocker
AgeLocker

2020-11-06 ⋅ Twitter (@3xp0rtblog) ⋅ 3xp0rt
Tweet on Hunter Stealer
Hunter Stealer

2020-11-05 ⋅ Twitter (@ffforward) ⋅ TheAnalyst
Tweet on Zloader infection leads to Cobaltstrike Installation and deployment of RYUK
Cobalt Strike Ryuk Zloader

2020-11-05 ⋅ Intezer ⋅ Twitter (IntezerLabs)
Tweet on Ngioweb botnet
Ngioweb

2020-10-29 ⋅ Twitter (@anthomsec) ⋅ Andrew Thompson
Tweet on UNC1878 activity
BazarBackdoor Ryuk TrickBot UNC1878

2020-10-29 ⋅ Twitter (@SophosLabs) ⋅ SophosLabs
Tweet on similarities between BUER in-memory loader & RYUK in-memory loader
Buer Ryuk

2020-10-28 ⋅ Twitter (@BitsOfBinary) ⋅ John
Tweet on macOS version of Manuscrypt
Manuscrypt

2020-10-27 ⋅ Twitter (@3xp0rtblog) ⋅ 3xp0rt
Tweet on Ficker Stealer
Ficker Stealer

2020-10-06 ⋅ Twitter (@MsftSecIntel) ⋅ Microsoft Security Intelligence
Tweet on TA505 threat actor exploiting Zerologon (CVE-2020-1472) Vulnerability

2020-10-02 ⋅ Twitter (@craiu) ⋅ Costin Raiu
Tweet about IAmTheKing / PowerPool actor naming
PowerPool

2020-09-23 ⋅ Twitter (@IntezerLabs) ⋅ Intezer
Tweet about PWNLNX
PWNLNX

2020-09-23 ⋅ Twitter (@demonslay335) ⋅ Michael Gillespie
Tweet on Ironcat (Sodinokibi imposter)
Ironcat

2020-09-22 ⋅ Twitter (@Nocturnus) ⋅ Cybereason Nocturnus
Tweet on Outlaw Group using IRCBot, SSH bruteforce tool, port Scanner, and an XMRIG crypto miner for their hacking operation
PerlBot