Malpedia Library

Click here to download all references as Bib-File.•

2021-03-18 ⋅ Varonis ⋅ Snir Ben Shimol
Return of the Darkside: Analysis of a Large-Scale Data Theft Campaign
DarkSide

2021-03-18 ⋅ Cybereason ⋅ Daniel Frank
Cybereason Exposes Campaign Targeting US Taxpayers with NetWire and Remcos Malware
NetWire RC Remcos

2021-03-18 ⋅ SentinelOne ⋅ Phil Stokes
New macOS malware XcodeSpy Targets Xcode Developers with EggShell Backdoor

2021-03-18 ⋅ Proofpoint ⋅ Brandon Murphy, Dennis Schwarz, Jack Mott, Proofpoint Threat Research Team
Now You See It, Now You Don’t: CopperStealer Performs Widespread Theft
CopperStealer SmokeLoader

2021-03-17 ⋅ CISA ⋅ US-CERT
SolarWinds and Active Directory/M365 Compromise: Detecting Advanced Persistent Threat Activity from Known Tactics, Techniques, and Procedures (Dead Link)
SUNBURST

2021-03-17 ⋅ Palo Alto Networks Unit 42 ⋅ Haozhe Zhang, Jun Du, Vaibhav Singhal, Zhibin Zhang
Satori: Mirai Botnet Variant Targeting Vantage Velocity Field Unit RCE Vulnerability
Satori

2021-03-17 ⋅ Palo Alto Networks Unit 42 ⋅ Unit42
Ransomware Threat Report 2021
RansomEXX Dharma DoppelPaymer Gandcrab Mailto Maze Phobos RansomEXX REvil Ryuk WastedLocker

2021-03-17 ⋅ GoggleHeadedHacker Blog ⋅ Jacob Pimental
Automatic Gobfuscator Deobfuscation with EKANS Ransomware
Snake

2021-03-17 ⋅ The Record ⋅ Catalin Cimpanu
Missed opportunity: Bug in LockBit ransomware allowed free decryptions
LockBit

2021-03-17 ⋅ CrowdStrike ⋅ Adam Podlosky, Brendon Feeley
INDRIK SPIDER Supersedes WastedLocker with Hades Ransomware to Circumvent OFAC Sanctions
FriedEx WastedLocker

2021-03-17 ⋅ Recorded Future ⋅ Insikt Group®
China-linked TA428 Continues to Target Russia and Mongolia IT Companies
PlugX Poison Ivy TA428

2021-03-17 ⋅ Avast Decoded ⋅ Jakub Kaloč
Hidden menace: Peeling back the secrets of OnionCrypter

2021-03-17 ⋅ CISA ⋅ US-CERT
Alert (AA21-076A): TrickBot Malware
TrickBot

2021-03-16 ⋅ Yoroi ⋅ Luca Mella, Luigi Martire
Threatening within Budget: How WSH-RAT is abused by Cyber-Crooks
Houdini

2021-03-16 ⋅ Morphisec ⋅ Nadav Lorber
Tracking HCrypt: An Active Crypter as a Service
AsyncRAT LimeRAT Remcos

2021-03-16 ⋅ Medium CSIS Techblog ⋅ Aleksejs Kuprins
The Brief Glory of Cabassous/FluBot — a private Android banking botnet
FluBot

2021-03-16 ⋅ Elastic ⋅ Joe Desimone
Detecting Cobalt Strike with memory signatures
Cobalt Strike

2021-03-16 ⋅ Akamai ⋅ Larry Cashdollar
Another Golang Crypto Miner On The Loose

2021-03-16 ⋅ The Record ⋅ Dmitry Smilyanets
‘I scrounged through the trash heaps… now I’m a millionaire:’ An interview with REvil’s Unknown
REvil

2021-03-15 ⋅ Sophos Labs ⋅ Mark Loman
DearCry ransomware attacks exploit Exchange server vulnerabilities
dearcry WannaCryptor