Malpedia Library

Click here to download all references as Bib-File.•

2021-11-10 ⋅ CrowdStrike ⋅ Antonio Parata
Ploutus ATM Malware Case Study: Automated Deobfuscation of a Strongly Obfuscated .NET Binary
Ploutus ATM

2021-11-10 ⋅ open source dfir ⋅ Alexander Jäger
Use EVTX files on VirusTotal with Timesketch and Sigma (Part 2)

2021-11-10 ⋅ Blackberry ⋅ Codi Starks, Ryan Chapman
REvil Under the Microscope
GootKit REvil

2021-11-10 ⋅ Microsoft ⋅ John Lambert
The hunt for NOBELIUM, the most sophisticated nation-state attack in history

2021-11-10 ⋅ Cisco Talos ⋅ Asheer Malhotra, Jungsoo An, Kendall McKay
North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets
GoldDragon

2021-11-10 ⋅ Randori ⋅ Randori Attack Team
Zero-Day Disclosure: Palo Alto Networks GlobalProtect VPN CVE-2021-3064

2021-11-10 ⋅ Twitter (@billyleonard) ⋅ Billy Leonard, Google Threat Analysis Group
Tweet on Rekoobe (used by APT31), being a fork of open source tool called Tiny SHell, used by different actor since at least 2012
Rekoobe

2021-11-10 ⋅ AT&T ⋅ Josh Gomez
Stories from the SOC - Powershell, Proxyshell, Conti TTPs OH MY!
Cobalt Strike Conti

2021-11-10 ⋅ McAfee ⋅ Kiran Raj
The Newest Malicious Actor: “Squirrelwaffle” Malicious Doc.
Squirrelwaffle

2021-11-10 ⋅ Sekoia ⋅ Cyber Threat Intelligence team
Walking on APT31 infrastructure footprints
Rekoobe Unidentified ELF 004 Cobalt Strike

2021-11-10 ⋅ ⋅ mai1zhi2
mai1zhi2 / SharpBeacon - CobaltStrike Beacon written in .Net 4
SharpBeacon

2021-11-09 ⋅ Cybereason ⋅ Aleksandar Milenkoski, Eli Salem
THREAT ANALYSIS REPORT: From Shatak Emails to the Conti Ransomware
Cobalt Strike Conti

2021-11-09 ⋅ Certitude ⋅ Wolfgang Ettlinger
The Invisible JavaScript Backdoor

2021-11-09 ⋅ Trend Micro ⋅ Trend Micro Research
Compromised Docker Hub Accounts Abused for Cryptomining Linked to TeamTNT

2021-11-09 ⋅ Cloudflare ⋅ Omer Yoachimik, Vivek Ganti
A Brief History of the Meris Botnet

2021-11-09 ⋅ CrowdStrike ⋅ Lukas Kupczyk, Max Julian Hofmann
Scheming with URLs: One-Click Attack Surface in Linux Desktop Environments

2021-11-09 ⋅ 360 netlab ⋅ Alex.Turing, Hui Wang
Abcbot, an evolving botnet
Abcbot

2021-11-09 ⋅ MinervaLabs ⋅ Minerva Labs
A New DatopLoader Delivers QakBot Trojan
QakBot Squirrelwaffle

2021-11-09 ⋅ SpecterOps ⋅ Michael Barclay
Capability Abstraction Case Study: Detecting Malicious Boot Configuration Modifications

2021-11-09 ⋅ VinCSS ⋅ VinCSS
[EX008] The exploit chain allows to take control of Zalo user accounts