Malpedia Library

Click here to download all references as Bib-File.•

2021-07-06 ⋅ splunk ⋅ Splunk Threat Research Team
REvil Ransomware Threat Research Update and Detections
REvil

2021-07-06 ⋅ Binary Defense ⋅ Binary Defense
Mars-Deimos: SolarMarker/Jupyter Infostealer (Part 1)
solarmarker

2021-07-06 ⋅ ⋅ ID Ransomware ⋅ Andrew Ivanov
AvosLocker Ransomware

2021-07-06 ⋅ TRUESEC ⋅ Alexander Andersson
How the Kaseya VSA Zero Day Exploit Worked
REvil

2021-07-06 ⋅ YouTube ( DuMp-GuY TrIcKsTeR) ⋅ Jiří Vinopal
[1] Lokibot analyzing - defeating GuLoader with Windbg (Kernel debugging) and Live C2
CloudEyE Loki Password Stealer (PWS)

2021-07-06 ⋅ CrowdStrike ⋅ Adam Meyers
The Evolution of PINCHY SPIDER from GandCrab to REvil
Gandcrab REvil

2021-07-06 ⋅ Cybereason ⋅ Tom Fakterman
Cybereason vs. REvil Ransomware: The Kaseya Chronicles
REvil

2021-07-06 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Joshua Platt
TA505 adds GoLang crypter for delivering miners and ServHelper
ServHelper

2021-07-06 ⋅ FPRI ⋅ Josephine Wolff
Understanding Russia’s Cyber Strategy

2021-07-06 ⋅ AT&T ⋅ Fernando Martinez
Lazarus campaign TTPs and evolution

2021-07-06 ⋅ 0ffset Blog ⋅ 0verfl0w_, Daniel Bunce
New TA402/MOLERATS Malware – Decrypting .NET Reactor Strings
SharpStage

2021-07-06 ⋅ The Record ⋅ Catalin Cimpanu
Moroccan hacker Dr HeX arrested for phishing attacks, malware distribution

2021-07-06 ⋅ Group-IB ⋅ Dmitry Volkov, Stephen Kavanagh
Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

2021-07-06 ⋅ Twitter (@MBThreatIntel) ⋅ Malwarebytes Threat Intelligence
Tweet on a malspam campaign that is taking advantage of Kaseya VSA ransomware attack to drop CobaltStrike
Cobalt Strike

2021-07-06 ⋅ paloalto Networks Unit 42 ⋅ John Martineau
Understanding REvil: The Ransomware Gang Behind the Kaseya Attack
Gandcrab REvil

2021-07-05 ⋅ ⋅ Antiy CERT ⋅ Antiy CERT
Analysis of "Bitter Elephant" organization's attack activities against my country in the first half of the year

2021-07-05 ⋅ Twitter (@R3MRUM) ⋅ R3MRUM
Twitter thread with additional context on C2 domains found in REvil configuration
REvil

2021-07-05 ⋅ Twitter (@SophosLabs) ⋅ SophosLabs
Tweet with a REvil ransomware execution demo
REvil

2021-07-05 ⋅ splunk ⋅ Ryan Kovar
Kaseya, Sera. What REvil Shall Encrypt, Shall Encrypt
REvil

2021-07-05 ⋅ Morphisec ⋅ Morphisec
Real-Time Prevention of the Kaseya VSA Supply Chain REvil Ransomware Attack
REvil