Malpedia Library

Click here to download all references as Bib-File.•

2021-03-12 ⋅ Recorded Future ⋅ Insikt Group®
DEWMODE Web Shell Used on Accellion FTA Appliances
DEWMODE

2021-03-12 ⋅ splunk ⋅ Amy Heng, Dave Herrald, Derek King, James Brodsky, John Stoner, Jose Hernandez, Marcus LaFerrera, Michael Haag, Mick Baccio, Ryan Kovar, Shannon Davis
Detecting Microsoft Exchange Vulnerabilities - 0 + 8 Days Later…

2021-03-11 ⋅ Sekoia ⋅ sekoia
QNAP worm: who bene

2021-03-11 ⋅ Qurium ⋅ Qurium
Myanmar – Multi-stage malware attack targets elected lawmakers
Cobalt Strike

2021-03-11 ⋅ Cyborg Security ⋅ Josh Campbell
You Don't Know the HAFNIUM of it...
CHINACHOPPER Cobalt Strike PowerCat

2021-03-11 ⋅ Trustwave ⋅ Diana Lopera
Image File Trickery Part II: Fake Icon Delivers NanoCore
Nanocore RAT

2021-03-11 ⋅ Fortinet ⋅ Rotem Kerner
Whitelist Me, Maybe? “Netbounce” Threat Actor Tries A Bold Approach To Evade Detection

2021-03-11 ⋅ Check Point Research ⋅ Alex Ilgayev
Playing in the (Windows) Sandbox

2021-03-11 ⋅ Check Point ⋅ Adi Ikan, Lotem Finkelsteen, Sagi Tzadik, Yaniv Balmas
Exploits on Organizations Worldwide Tripled after Microsoft’s Revelation of Four Zero-days

2021-03-11 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Ransomware now attacks Microsoft Exchange servers with ProxyLogon exploits

2021-03-11 ⋅ IBM ⋅ Dave McMillen, Limor Kessem
Dridex Campaign Propelled by Cutwail Botnet and Poisonous PowerShell Scripts
Cutwail Dridex

2021-03-11 ⋅ Palo Alto Networks Unit 42 ⋅ Unit 42
Microsoft Exchange Server Attack Timeline
CHINACHOPPER

2021-03-11 ⋅ Cofense ⋅ Elmer Hernandez
AutoHotKey Leveraged by Metamorfo/Mekotio Banking Trojan
Metamorfo

2021-03-11 ⋅ YouTube ( Malware_Analyzing_&_RE_Tips_Tricks) ⋅ Jiří Vinopal
Formbook Reversing - Part1 [Formbook .NET loader/injector analyzing, decrypting, unpacking, patching]
Formbook

2021-03-10 ⋅ Center for Security Studies (CSS) ⋅ Florian J. Egloff, Max Smeets
Publicly attributing cyber attacks: a framework

2021-03-10 ⋅ Twitter (@MSSPete) ⋅ Pete Bryan
Tweet on Sample KQL query for detecting usage of HAFNIUM PoC code floating ITW

2021-03-10 ⋅ DomainTools ⋅ Joe Slowik
Examining Exchange Exploitation and its Lessons for Defenders
CHINACHOPPER

2021-03-10 ⋅ US-CERT ⋅ CISA
Remediating Networks Affected by the SolarWinds and Active Directory/M365 Compromise
SUNBURST

2021-03-10 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Norway parliament data stolen in Microsoft Exchange attack

2021-03-10 ⋅ Bitdefender ⋅ Bogdan Botezatu, Victor Vrabie
FIN8 Returns with Improved BADHATCH Toolkit
BADHATCH