Malpedia Library

Click here to download all references as Bib-File.•

2021-08-02 ⋅ The Record ⋅ Dmitry Smilyanets
An interview with BlackMatter: A new ransomware group that’s learning from the mistakes of DarkSide and REvil
DarkSide LockBit REvil

2021-08-02 ⋅ ⋅ 360 Threat Intelligence Center ⋅ Advanced Threat Institute
Operation Hunting - The latest attack by the CNC (APT-C-48) has been revealed

2021-08-02 ⋅ KELA ⋅ Victoria Kivilevich
All Access Pass: Five Trends with Initial Access Brokers

2021-08-02 ⋅ AT&T ⋅ Javier Ruiz, Ofer Caspi
New sophisticated RAT in town: FatalRat analysis
FatalRat

2021-08-01 ⋅ The Record ⋅ Catalin Cimpanu
Decryptor released for Prometheus ransomware victims
Prometheus

2021-08-01 ⋅ The DFIR Report ⋅ The DFIR Report
BazarCall to Conti Ransomware via Trickbot and Cobalt Strike
BazarBackdoor Cobalt Strike Conti TrickBot

2021-08-01 ⋅ ⋅ ID Ransomware ⋅ Andrew Ivanov
BlackMatter Ransomware
DarkSide

2021-07-31 ⋅ Bleeping Computer ⋅ Lawrence Abrams
DarkSide ransomware gang returns as new BlackMatter operation
DarkSide

2021-07-31 ⋅ Youtube (OALabs) ⋅ Sergei Frankoff
Python3 Tips For Reverse Engineers

2021-07-31 ⋅ Bleeping Computer ⋅ Lawrence Abrams
BlackMatter ransomware gang rises from the ashes of DarkSide, REvil
DarkSide REvil

2021-07-30 ⋅ Threatpost ⋅ Elizabeth Montalbano
Novel Meteor Wiper Used in Attack that Crippled Iranian Train System
Meteor

2021-07-30 ⋅ cyble ⋅ cybleinc
Aberebot on the Rise: New Banking Trojan Targeting Users Through Phishing
Aberebot

2021-07-30 ⋅ Menlo Security ⋅ MENLO Security
ISOMorph Infection: In-Depth Analysis of a New HTML Smuggling Campaign
AsyncRAT NjRAT

2021-07-30 ⋅ HP ⋅ Patrick Schläpfer
Detecting TA551 domains
Valak Dridex IcedID ISFB QakBot

2021-07-30 ⋅ Medium walmartglobaltech ⋅ Jason Reaves
Decrypting BazarLoader strings with a Unicorn
BazarBackdoor

2021-07-30 ⋅ Twitter (@Unit42_Intel) ⋅ Unit 42
Tweet on BazarLoader infection leading to cobaltstrike and Powershell script file for PrintNightmare vulnerability
BazarBackdoor Cobalt Strike

2021-07-30 ⋅ Bleeping Computer ⋅ Sergiu Gatlan
DOJ: SolarWinds hackers breached emails from 27 US Attorneys’ offices

2021-07-30 ⋅ RiskIQ ⋅ Team Atlas
Bear Tracks: Infrastructure Patterns Lead to More Than 30 Active APT29 C2 Servers
elf.wellmess WellMess

2021-07-29 ⋅ Microsoft ⋅ Microsoft Defender Threat Intelligence
BazaCall: Phony call centers lead to exfiltration and ransomware
BazarBackdoor BazarCall

2021-07-29 ⋅ Silent Push ⋅ Silent Push
Using the Silent Push app and API to find punycode domains