Malpedia Library

2024-10-17 ⋅ Sekoia ⋅ Quentin Bourgue, Sekoia TDR
ClickFix tactic: The Phantom Meet
Rhadamanthys Stealc

2024-10-17 ⋅ Cisco Talos ⋅ Asheer Malhotra, Dmytro Korzhevin, Vanja Svajcer, Vitor Ventura
UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants
MeltingClaw ROMCOM RAT ShadyHammock RomCom

2024-10-17 ⋅ Loader Insight Agency ⋅ LIA
Correlating Vidar Stealer Build IDs Based on Loader Tasks
Lumma Stealer SmokeLoader Vidar

2024-10-17 ⋅ Hunt.io ⋅ Hunt.io
From Warm to Burned: Shedding Light on Updated WarmCookie Infrastructure
WarmCookie

2024-10-16 ⋅ nao_sec ⋅ nao_sec
IcePeony with the '996' work culture
IceCache IceEvent IcePeony

2024-10-16 ⋅ BitSight ⋅ André Tavares
Exfiltration over Telegram Bots: Skidding Infostealer Logs
404 Keylogger Agent Tesla

2024-10-16 ⋅ Trend Micro ⋅ Jaromír Hořejší, Nitesh Surana
Fake LockBit, Real Damage: Ransomware Samples Abuse AWS S3 to Steal Data
BockLit

2024-10-16 ⋅ ThreatMon ⋅ Aziz Kaplan, ThreatMon, ThreatMon Malware Research Team
X-ZIGZAG Technical Malware Analysis Report
AsyncRAT X-ZIGZAG

2024-10-15 ⋅ Microsoft ⋅ Akash Chaudhuri, Gourav Khandelwal, Krithika Ramakrishnan, Matthew Mesa, Sagar Patil, Uri Oren
Phish, Click, Breach: Hunting for a Sophisticated Cyber Attack
UNC4393

2024-10-15 ⋅ ⋅ Weixin ⋅ 360 Threat Intelligence Center
Analysis of the attack activities of APT-C-35 (belly brain worm) against a manufacturing company in South Asia
Unidentified 117 (Donot Loader)

2024-10-14 ⋅ Trend Micro ⋅ Adremel Redondo, Adriel Isidro, Andre Filipe Codod, Charles Adrian Marty, Christian Alpuerto, Kim Benedict Victorio, Lorenzo Laureano, Mark Jason Co
Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware
Astaroth Water Makara

2024-10-13 ⋅ Elastic ⋅ Remco Sprooten, Ruben Groenewoud
Declawing PUMAKIT
PUMAKIT

2024-10-11 ⋅ HarfangLab ⋅ Alice Climent-Pommeret
HijackLoader evolution: abusing genuine signing certificates
HijackLoader

2024-10-11 ⋅ Trend Micro ⋅ Ahmed Kamal, Bahaa Yamany, Mohamed Fahmy, Nick Dai
Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against Middle East
STEALHOOK OilRig

2024-10-11 ⋅ zimperium ⋅ Aazim Yaswant
Expanding the Investigation: Deep Dive into Latest TrickMo Samples
TrickMo

2024-10-11 ⋅ Trend Micro ⋅ Ahmed Kamal, Bahaa Yamany, Mohamed Fahmy, Nick Dai
Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against UAE and Gulf Regions
STEALHOOK

2024-10-10 ⋅ Hunt.io ⋅ Hunt.io
Unmasking Adversary Infrastructure: How Certificates and Redirects Exposed Earth Baxia and PlugX Activity
Cobalt Strike PlugX

2024-10-10 ⋅ paloalto Netoworks: Unit42 ⋅ Benjamin Chang, Micah Yates, Pranay Kumar Chhaparwal
Lynx Ransomware: A Rebranding of INC Ransomware
INC Lynx

2024-10-10 ⋅ NCSC UK ⋅ NCSC UK
Russian foreign intelligence poses global threat with cyber campaign exploiting established vulnerabilities

2024-10-10 ⋅ US Department of Defense ⋅ CNMF, NCSC UK, NSA, US Department of Justice
Update on SVR Cyber Operations and Vulnerability Exploitation