Malpedia Library

Click here to download all references as Bib-File.•

2022-05-04 ⋅ Cybereason ⋅ Akihiro Tomita, Assaf Dahan, Chen Erlich, Daniel Frank, Fusao Tanida, Niv Yona, Ofir Ozer
Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques
PRIVATELOG Spyder STASHLOG Winnti

2022-05-04 ⋅ Twitter (@felixw3000) ⋅ Felix
Twitter Thread with info on infection chain with IcedId, Cobalt Strike, and Hidden VNC.
Cobalt Strike IcedID PhotoLoader

2022-05-04 ⋅ F-Secure ⋅ Riccardo Ancarani
Scheduled Task Tampering

2022-05-04 ⋅ HP ⋅ Patrick Schläpfer
Tips for Automating IOC Extraction from GootLoader, a Changing JavaScript Malware
GootLoader

2022-05-04 ⋅ Cybereason ⋅ Akihiro Tomita, Assaf Dahan, Chen Erlich, Daniel Frank, Fusao Tanida, Niv Yona, Ofir Ozer
Operation CuckooBees: A Winnti Malware Arsenal Deep-Dive
PRIVATELOG Spyder STASHLOG Winnti

2022-05-04 ⋅ CrowdStrike ⋅ Sebastian Walla
Compromised Docker Honeypots Used for Pro-Ukrainian DoS Attack

2022-05-04 ⋅ Mandiant ⋅ Brandan Schondorfer, Jennifer Brito, Nader Zaveri, Tyler McLellan
Old Services, New Tricks: Cloud Metadata Abuse by UNC2903
WSO

2022-05-04 ⋅ Twitter (@ESETresearch) ⋅ Twitter (@ESETresearch)
Twitter thread on code similarity analysis, focussing on IsaacWiper and recent Cluster25 publication
IsaacWiper

2022-05-04 ⋅ Inky ⋅ Roger Kay
Fresh Phish: Britain’s National Health Service Infected by Massive Phishing Campaign

2022-05-04 ⋅ Sophos ⋅ Andreas Klopsch
Attacking Emotet’s Control Flow Flattening
Emotet

2022-05-03 ⋅ Google ⋅ Billy Leonard
Update on cyber activity in Eastern Europe
Callisto

2022-05-03 ⋅ Silent Push ⋅ Silent Push
Subdomain Takeovers and 1.1 million “dangling” risks

2022-05-03 ⋅ Fortinet ⋅ Gergely Revay
Unpacking Python Executables on Windows and Linux

2022-05-03 ⋅ Recorded Future ⋅ Insikt Group
SOLARDEFLECTION C2 Infrastructure Used by NOBELIUM in Company Brand Misuse
Cobalt Strike

2022-05-03 ⋅ ⋅ AhnLab ⋅ ASEC
Backdoors disguised as document editing and messenger programs (*.chm)

2022-05-03 ⋅ Minerva Labs ⋅ Natalie Zargarov
A new BluStealer Loader Uses Direct Syscalls to Evade EDRs
BluStealer

2022-05-03 ⋅ Google ⋅ Billy Leonard, Google Threat Analysis Group
Update on cyber activity in Eastern Europe
Curious Gorge

2022-05-03 ⋅ Recorded Future ⋅ Insikt Group®
SOLARDEFLECTION C2 Infrastructure Used by NOBELIUM in Company Brand Misuse
Cobalt Strike EnvyScout

2022-05-03 ⋅ Trellix ⋅ Christiaan Beek
The Hermit Kingdom’s Ransomware play
VHD Ransomware

2022-05-03 ⋅ Talos Intelligence ⋅ JON MUNSHAW
Conti and Hive ransomware operations: What we learned from these groups' victim chats
Conti Hive