Malpedia Library

Click here to download all references as Bib-File.•

2023-02-03 ⋅ Youtube (Dr Josh Stroschein) ⋅ Josh Stroschein
Unpacking NullMixer - Identifying and Unraveling ASPack (Part 2)
Nullmixer

2023-01-31 ⋅ Josh Stroschein
Investigating NullMixer - Identifying Initial Packing Techniques (Part 1)
Nullmixer

2022-12-12 ⋅ Reuters ⋅ Josh Smith
North Korean cyber spies deploy new tactic: tricking foreign experts into writing research for them

2022-09-13 ⋅ Proofpoint ⋅ Alexander Rausch, Joshua Miller, Kyle Eaton
Look What You Made Me Do: TA453 Uses Multi-Persona Impersonation to Capitalize on FOMO

2022-08-09 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Joshua Platt
Pivoting on a SharpExt to profile Kimusky panels for great good
Kimsuky

2022-08-04 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Joshua Platt
IcedID leverages PrivateLoader
IcedID PrivateLoader

2022-07-14 ⋅ Proofpoint ⋅ Crista Giering, Joshua Miller, Michael Raggi, Proofpoint Threat Research Team
Above the Fold and in Your Inbox: Tracing State-Aligned Activity Targeting Journalists, Media
Chinoxy APT31 Lazarus Group TA482

2022-07-06 ⋅ Trend Micro ⋅ Bren Matthew Ebriega, Ivan Nicole Chavez, Joshua Paul Ignacio, Monte de Jesus, Nathaniel Morales
Brand-New HavanaCrypt Ransomware Poses as Google Software Update App, Uses Microsoft Hosting Service IP Address as C&C Server
HavanaCrypt

2022-05-25 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Joshua Platt
SocGholish Campaigns and Initial Access Kit
FAKEUPDATES Blister Cobalt Strike NetSupportManager RAT

2022-05-02 ⋅ Mandiant ⋅ Chris Gardner, Doug Bienstock, Josh Madeley, Melissa Derr, Tyler McLellan
UNC3524: Eye Spy on Your Email
QUIETEXIT UNC3524

2022-04-29 ⋅ Team Cymru ⋅ Joshua Picolet
Sliver Case Study: Assessing Common Offensive Security Tools The Use of the Sliver C2 Framework for Malicious Purposes
Sliver

2022-04-07 ⋅ Team Cymru ⋅ Josh Hopkins
MoqHao Part 2: Continued European Expansion
MoqHao

2022-04-07 ⋅ Twitter (@ChicagoCyber) ⋅ Joshua Miller
Tweet on TA455 (Iranian threat actor) IoCs

2022-03-23 ⋅ Team Cymru ⋅ Andy Kraus, Brian Eckman, Josh Hopkins, Paul Welte
Raccoon Stealer – An Insight into Victim “Gates”
Raccoon

2022-03-16 ⋅ Mandiant ⋅ Joshua Homan, Logeswaran Nadarajan, Martin Co, Mathew Potaczek, Sylvain Hirsch, Takahiro Sugiyama, Yu Nakamura
Have Your Cake and Eat it Too? An Overview of UNC2891
SLAPSTICK STEELCORGI LightBasin

2022-03-16 ⋅ Dragos ⋅ Josh Hanrahan
Suspected Conti Ransomware Activity in the Auto Manufacturing Sector
Conti Emotet

2022-03-10 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Joshua Platt
Diavol the Enigma of Ransomware
Diavol

2022-03-04 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Joshua Platt
SystemBC, PowerShell version
SystemBC

2022-02-23 ⋅ Mandiant ⋅ Joshua Shilko, Shambavi Sadayappan, Tyler McLellan
(Ex)Change of Pace: UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware
Cuba KillAV

2022-02-14 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Joshua Platt
PrivateLoader to Anubis Loader
Anubis Loader PrivateLoader