Malpedia Library

Click here to download all references as Bib-File.•

2025-01-26 ⋅ ⋅ Youtube (greenplan) ⋅ greenplan
[BINARY REFINERY] (Emmenhtal) - Deobfuscation stage JavaScript and PowerShell
Emmenhtal

2025-01-25 ⋅ Sophos ⋅ Anthony Bradshaw, Colin Cowie, Daniel Souter, Hunter Neal, Mark Parsons, Sean Baird, Sean Gallagher
Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing”
ReedBed STAC5143 UNC4393

2025-01-24 ⋅ Intrinsec ⋅ CTI Intrinsec
"Premium panel": phishing tool used in longstanding campaigns worldwide

2025-01-23 ⋅ Github (PaloAltoNetworks) ⋅ Brad Duncan
Cluster of Infrastructure likely used by Affiliate of Dark Scorpius (Black Basta)
ReedBed

2025-01-23 ⋅ Netskope ⋅ Leandro Froes
Lumma Stealer: Fake CAPTCHAs & New Techniques to Evade Detection
Lumma Stealer

2025-01-23 ⋅ Hunt.io ⋅ Hunt.io
Mapping Suspected KEYPLUG Infrastructure: TLS Certificates, GhostWolf, and RedGolf/APT41 Activity
KEYPLUG

2025-01-23 ⋅ AhnLab ⋅ ASEC
RID Hijacking Technique Utilized by Andariel Attack Group
CreateHiddenAccount JuicyPotato

2025-01-23 ⋅ Lumen ⋅ Black Lotus Labs
The J-Magic Show: Magic Packets and Where to find them
J-Magic SEASPY

2025-01-23 ⋅ ThreatMon ⋅ Aziz Kaplan, ThreatMon, ThreatMon Malware Research Team
Helldown Ransomware Malware Analysis Report
HellDown

2025-01-22 ⋅ Vertex ⋅ Savage
Categorizing Software with Code Families
WarmCookie

2025-01-22 ⋅ ESET Research ⋅ Facundo Muñoz
PlushDaemon compromises supply chain of Korean VPN service
SlowStepper PlushDaemon

2025-01-21 ⋅ Financial Security Institute ⋅ JeongGak Lyu
Follow the Clues - Everyday is lazarus.day

2025-01-21 ⋅ KrCert ⋅ Dongwook Kim, Seulgi Lee
Analysis of Attack Strategies Targeting Centralized Management Solutions

2025-01-21 ⋅ Knownsec ⋅ Knownsec 404 Team
Love and hate under war: The GamaCopy organization, which imitates the Russian Gamaredon, uses military — related bait to launch attacks on Russia
GamaCopy

2025-01-21 ⋅ Twitter (@MsftSecIntel) ⋅ Microsoft Threat Intelligence
Twitter Thread describing spotting of ReedBed in a Storm-1811 campaign
ReedBed UNC4393

2025-01-21 ⋅ Seqrite ⋅ Subhajeet Singha
Silent Lynx APT Targets Various Entities Across Kyrgyzstan & Neighbouring Nations
Unidentified PS 005 (Telegram Bot)

2025-01-21 ⋅ Trend Micro ⋅ Leon Chang, Theo Chen
Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions
Cobalt Strike HemiGate ShadowPad SNAPPYBEE SparrowDoor UNC4841

2025-01-20 ⋅ ⋅ JPCERT/CC ⋅ Hayato Sasaki
APT actor classification “addiction” - Practical issues of attribution seen in Lazarus subgroup classification

2025-01-20 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Jonathan Mccay, Joshua Platt
Qbot is Back.Connect
ReedBed UNC4393

2025-01-19 ⋅ cocomelonc ⋅ cocomelonc
Malware development trick 44: Stealing data via legit GitHub API. Simple C example.
OceanLotus BitRAT RecordBreaker