Malpedia Library

Click here to download all references as Bib-File.•

2024-04-17 ⋅ McAfee ⋅ Mohansundaram M, Neil Tyagi
Redline Stealer: A Novel Approach
RedLine Stealer SmartLoader

2024-04-16 ⋅ Mandiant ⋅ Alden Wahlstrom, Anton Prokopenkov, Dan Black, Dan Perez, Gabby Roncone, John Wolfram, Lexie Aytes, Nick Simonian, Ryan Hall, Tyler McLellan
APT44: Unearthing Sandworm
VPNFilter BlackEnergy CaddyWiper EternalPetya HermeticWiper Industroyer INDUSTROYER2 Olympic Destroyer PartyTicket RoarBAT Sandworm

2024-04-04 ⋅ Mandiant ⋅ Ashley Pearson, Austin Larsen, Billy Wong, John Wolfram, Joseph Pisano, Josh Murchie, Lukasz Lamparski, Matt Lin, Ron Craft, Ryan Hall, Shawn Chew, Tyler McLellan
Cutting Edge, Part 4: Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies
UNC3569 UNC5266 UNC5291 UNC5330 UNC5337 UTA0178

2024-03-26 ⋅ K7 Security ⋅ Vigneshwaran P
Unknown TTPs of Remcos RAT
Remcos

2024-02-21 ⋅ YouTube (SentinelOne) ⋅ Kris McConkey
LABSCon23 Replay | Chasing Shadows | The rise of a prolific espionage actor
9002 RAT PlugX ShadowPad Spyder Earth Lusca

2024-02-21 ⋅ Medium b.magnezi ⋅ 0xMrMagnezi
Malware Analysis — Remcos RAT
Remcos

2024-01-16 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Jonathan Mccay, Joshua Platt
Keyhole Analysis
IcedID Keyhole

2024-01-12 ⋅ Mandiant ⋅ Dimiter Andonov, Gabby Roncone, John Wolfram, Matt Lin, Robert Wallace, Tyler McLellan
Cutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation
UTA0178

2024-01-03 ⋅ Uptycs ⋅ Karthickkumar Kathiresan, Shilpesh Trivedi
Ukraine Targeted by UAC-0050 Using Remcos RAT Pipe Method for Evasion
Remcos

2023-12-14 ⋅ Mandiant ⋅ Adrian McCabe, Geoff Ackerman, Rufus Brown, Ryan Tomcik
Opening a Can of Whoop Ads: Detecting and Disrupting a Malvertising Campaign Distributing Backdoors
DanaBot DarkGate UNC4393

2023-12-13 ⋅ Fortinet ⋅ Amey Gat, Angelo Cris Deveraturda, Hongkei Chan, Jared Betts, Jayesh Zala, John Simmons, Ken Evans, Mark Robson
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793
GraphDrop

2023-12-13 ⋅ CISA ⋅ CISA
Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally
GraphDrop

2023-12-07 ⋅ ⋅ Cert-UA ⋅ Cert-UA
UAC-0050 mass cyberattack using RemcosRAT/MeduzaStealer against Ukraine and Poland (CERT-UA#8218)
Meduza Stealer Remcos

2023-11-23 ⋅ Infosec Writeups ⋅ Osama Ellahi
Malware analysis Remcos RAT- 4.9.2 Pro
Remcos

2023-11-14 ⋅ SOC Prime ⋅ Veronika Telychko
Remcos RAT Detection: UAC-0050 Hackers Launch Phishing Attacks Impersonating the Security Service of Ukraine
Remcos UAC-0050

2023-11-09 ⋅ Mandiant ⋅ Chris Sistrunk, Daniel Kapellmann Zafra, Jared Wilson, John Wolfram, Keith Lunden, Ken Proska, Nathan Brubaker, Tyler McLellan
Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology
CaddyWiper

2023-10-27 ⋅ Twitter (@embee_research) ⋅ Embee_research
Remcos Downloader Analysis - Manual Deobfuscation of Visual Basic and Powershell
Remcos

2023-10-26 ⋅ Medium walmartglobaltech ⋅ Jonathan Mccay
SmartApeSG
NetSupportManager RAT