Malpedia Library

2022-07-25 ⋅ Trend Micro ⋅ Byron Gelera, Ieriz Nicolle Gonzalez, Ivan Nicole Chavez, Katherine Casona, Nathaniel Gregory Ragasa, Nathaniel Morales
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
BlackMatter LockBit

2022-07-21 ⋅ Censys ⋅ Matt Lembright
Russian Ransomware C2 Network Discovered in Censys Data
DeimosC2 PoshC2

2022-07-19 ⋅ SUCURI ⋅ Matt Morrow
PrestaShop Skimmer Concealed in One Page Checkout Module

2022-07-06 ⋅ Trend Micro ⋅ Bren Matthew Ebriega, Ivan Nicole Chavez, Joshua Paul Ignacio, Monte de Jesus, Nathaniel Morales
Brand-New HavanaCrypt Ransomware Poses as Google Software Update App, Uses Microsoft Hosting Service IP Address as C&C Server
HavanaCrypt

2022-06-28 ⋅ Accenture ⋅ Accenture
Steal(Bit) or exfil, what does it (Ex)Matter? Comparative Analysis of Custom Exfiltration Tools
ExMatter StealBit

2022-05-30 ⋅ Matthieu Walter
Automatically Unpacking IcedID Stage 1 with Angr
IcedID

2022-05-18 ⋅ Cado Security ⋅ Matt Muir
Linux Attack Techniques: Dynamic Linker Hijacking with LD Preload

2022-05-16 ⋅ Jamf Blog ⋅ Jaron Bradley, Matt Benyo, Stuart Ashenbrenner
UpdateAgent Adapts Again
UpdateAgent

2022-05-05 ⋅ NCC Group ⋅ Michael Matthews, Nikolaos Pantazopoulos
North Korea’s Lazarus: their initial access trade-craft using social media and social engineering
LCPDot

2022-04-28 ⋅ nccgroup ⋅ David Brown, Michael Matthews, Rob Smallridge
LAPSUS$: Recent techniques, tactics and procedures

2022-04-27 ⋅ ESET Research ⋅ Alexandre Côté Cyr, Matthieu Faou
A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity
FlowCloud Lookback Witchetty

2022-04-12 ⋅ Sophos ⋅ Andrew Brandt, Angela Gunn, Ferenc László Nagy, Johnathan Fern, Linda Smith, Matthew Everts, Mauricio Valdivieso, Melissa Kelly, Peter Mackenzie, Sergio Bestulic
Attackers linger on government agency computers before deploying Lockbit ransomware
LockBit

2022-04-11 ⋅ Offensive Security ⋅ Matteo Malvica
IRQLs Close Encounters of the Rootkit Kind

2022-04-08 ⋅ The Hacker News ⋅ Ravie Lakshmanan
Researchers Connect BlackCat Ransomware with Past BlackMatter Malware Activity
BlackCat BlackMatter BlackCat BlackMatter

2022-04-06 ⋅ Cado Security ⋅ Al Carchrie, Chris Doman, Matt Muir, Paul Scott
Cado Discovers Denonia: The First Malware Specifically Targeting Lambda
Denonia

2022-04-03 ⋅ Bleeping Computer ⋅ Bill Toulas
New Borat remote access malware is no laughing matter
Borat RAT

2022-03-22 ⋅ Kroll ⋅ Cole Manaster, Pierson Clair
Analyzing Exmatter: A Ransomware Data Exfiltration Tool
ExMatter

2022-03-17 ⋅ Cisco ⋅ Caitlin Huey, Tiago Pereira
From BlackMatter to BlackCat: Analyzing two attacks from one affiliate
BlackCat BlackMatter BlackCat BlackMatter