Malpedia Library

2022-01-04 ⋅ SYGNIA ⋅ Sygnia Incident Response Team
TG2003: Elephant Beetle - Uncovering an Organized Financial-theft Operation
FIN13

2022-01-04 ⋅ Microsoft ⋅ Microsoft Detection and Response Team (DART)
Leveraging the Power of KQL in Incident Response

2022-01-03 ⋅ AhnLab ⋅ ASEC Analysis Team
Distribution of Redline Stealer Disguised as Software Crack
DanaBot RedLine Stealer Vidar

2022-01-01 ⋅ Silent Push ⋅ Silent Push
The Manipulaters Team Blog Post

2022-01-01 ⋅ Toli Security ⋅ Toli Security
Active crypto-mining operation by TeamTNT
TeamTNT

2021-12-29 ⋅ CrowdStrike ⋅ Benjamin Wiley, Falcon OverWatch Team
OverWatch Exposes AQUATIC PANDA in Possession of Log4Shell Exploit Tools During Hands-on Intrusion Attempt
Earth Lusca

2021-12-29 ⋅ CrowdStrike ⋅ Benjamin Wiley, Falcon OverWatch Team
OverWatch Exposes AQUATIC PANDA in Possession of Log4Shell Exploit Tools During Hands-on Intrusion Attempt
Cobalt Strike

2021-12-28 ⋅ AhnLab ⋅ ASEC Analysis Team
APT Attack Cases of Kimsuky Group (PebbleDash)
PEBBLEDASH

2021-12-28 ⋅ Twitter (MalwareHunterTeam) ⋅ MalwareHunterTeam
Tweet on RagnarLocker Linux variant
RagnarLocker

2021-12-28 ⋅ ⋅ AhnLab ⋅ ASEC Analysis Team
Cases of Lockis ransomware infection
GlobeImposter

2021-12-22 ⋅ Telsy ⋅ Telsy Research Team
Phishing Campaign targeting citizens abroad using COVID-19 theme lures
Cobalt Strike

2021-12-22 ⋅ CISA ⋅ Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), CISA, Computer Emergency Response Team New Zealand (CERT NZ), FBI, New Zealand National Cyber Security Centre (NZ NCSC), NSA, United Kingdom’s National Cyber Security Centre (NCSC-UK)
Alert (AA21-356A) Mitigating Log4Shell and Other Log4j-Related Vulnerabilities

2021-12-20 ⋅ ⋅ Qianxin ⋅ Red Raindrop Team
First time using a dual platform attack weapon? Analysis of the suspected SideCopy organization's attack activities against India

2021-12-20 ⋅ Qianxin ⋅ Red Raindrop Team
India's Chief of Defence Staff Crashes: SideCopy APT takes advantage of the fire

2021-12-17 ⋅ Secureworks ⋅ Counter Threat Unit ResearchTeam, Secureworks Incident Response Team
noPac: A Tale of Two Vulnerabilities That Could End in Ransomware

2021-12-16 ⋅ Avast Decoded ⋅ Threat Intelligence Team
Avast Finds Backdoor on US Government Commission Network
Operation Red Signature

2021-12-16 ⋅ TEAMT5 ⋅ Aragorn Tseng, Charles Li, Peter Syu, Tom Lai
Winnti is Coming - Evolution after Prosecution
Cobalt Strike FishMaster FunnySwitch HIGHNOON ShadowPad Spyder

2021-12-16 ⋅ Symantec ⋅ Threat Hunter Team
Noberus: Technical Analysis Shows Sophistication of New Rust-based Ransomware
BlackCat

2021-12-16 ⋅ Red Canary ⋅ The Red Canary Team
Intelligence Insights: December 2021
Cobalt Strike QakBot Squirrelwaffle

2021-12-16 ⋅ Blackberry ⋅ The BlackBerry Research & Intelligence Team
Threat Thursday: Warzone RAT Breeds a Litter of ScriptKiddies
Ave Maria