Malpedia Library

Click here to download all references as Bib-File.•

2024-08-02 ⋅ Palo Alto Networks Unit 42 ⋅ Unit 42
Fighting Ursa Luring Targets With Car for Sale
Headlace

2024-08-02 ⋅ Quorum Cyber ⋅ Quorum Cyber
SharpRhino – New Hunters International RAT Identified by Quorum Cyber
SharpRhino

2024-08-02 ⋅ Aqua Nautilus ⋅ Assaf Morag
Panamorfi: A New Discord DDoS Campaign
Mineping

2024-08-02 ⋅ Volexity ⋅ Ankur Saini, Paul Rascagnères, Steven Adair, Thomas Lancaster
StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms
CDDS DUSTPAN MgBot

2024-08-01 ⋅ Cisco ⋅ Ashley Shen, Joey Chen, Vitor Ventura
APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike
Cobalt Strike ShadowPad

2024-08-01 ⋅ Elastic ⋅ Daniel Stepanic, Seth Goodwin
BITS and Bytes: Analyzing BITSLOTH, a newly identified backdoor
BITSloth

2024-08-01 ⋅ Krakz ⋅ Pierre Le Bourhis
Latrodectus dropped by BR4
Brute Ratel C4 Latrodectus

2024-08-01 ⋅ Intel 471 ⋅ Intel 471
BlankBot - a new Android banking trojan with screen recording, keylogging and remote control capabilities
BlankBot

2024-07-31 ⋅ Cleafy ⋅ Alessandro Strino, Simone Mattia
BingoMod: The new android RAT that steals money and wipes data
BingoMod

2024-07-31 ⋅ Securonix ⋅ Securonix
Research Update: Threat Actors Behind the DEV#POPPER Campaign Have Retooled and are Continuing to Target Software Developers via Social Engineering
BeaverTail

2024-07-30 ⋅ HackRead ⋅ WAQAS
Hacker Scrapes and Publishes 100,000-Line CrowdStrike IoC List
SAMBASPIDER

2024-07-30 ⋅ Spamhaus ⋅ Spamhaus Team
Too big to care? - Our disappointment with Cloudflare’s anti-abuse posture

2024-07-29 ⋅ cocomelonc ⋅ cocomelonc
Malware and cryptography 31: CAST-128 payload encryption. Simple C example.

2024-07-29 ⋅ loginsoft ⋅ Saharsh Agrawal
Blue Screen Mayhem: When CrowdStrike's Glitch Became Threat Actor's Playground
Daolpu HijackLoader Remcos

2024-07-29 ⋅ Microsoft ⋅ Charles-Edouard Bettan, Danielle Kuznets Nohi, Edan Zwick, Meitar Pinto, Vaibhav Deshmukh
Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption
Black Basta Black Basta Storm-0506

2024-07-29 ⋅ Mandiant ⋅ Ashley Pearson, Jake Nicastro, Joseph Pisano, Josh Murchie, Joshua Shilko, Raymond Leong
UNC4393 Goes Gently into the SILENTNIGHT
Black Basta QakBot sRDI SystemBC Zloader UNC4393

2024-07-28 ⋅ cyber5w ⋅ cyber5w, M4lcode
CyberGate Technical Analysis
CyberGate

2024-07-26 ⋅ Darktrace ⋅ DarkTrace
Disarming the WarmCookie Backdoor: Darktrace’s Oven-Ready Solution
WarmCookie

2024-07-26 ⋅ Trellix ⋅ Mathanraj Thangaraju, Max Kersten, Tomer Shloman
Handala’s Wiper Targets Israel
Handala Hatef Handala

2024-07-26 ⋅ SOC Prime ⋅ Veronika Telychko
UAC-0102 Phishing Attack Detection: Hackers Steal Authentication Data Impersonating the UKR.NET Web Service
UAC-0102