Malpedia Library

Click here to download all references as Bib-File.•

2021-07-01 ⋅ CISA, FBI, NCSC UK, NSA
Russian GRU (APT28) Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments
reGeorg

2021-05-12 ⋅ The Record ⋅ Catalin Cimpanu
Agents raid home of Kansas man seeking info on botnet that infected DOD network
PerlBot

2021-05-07 ⋅ GCHQ ⋅ CISA, FBI, NCSC UK, NSA
Further TTPs associated with SVR cyber actors: Use of multiple publicly available exploits and Sliver framework to target organisations globally

2021-04-19 ⋅ Washington Examiner ⋅ Tom Rogan
Inside the CIA and NSA disagreement over Russian bounties story

2021-04-15 ⋅ CISA, FBI, NSA
Russian SVR Targets U.S. and Allied Networks

2021-01-05 ⋅ CISA, FBI, NSA, ODNI
Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA)
SUNBURST

2021-01-01 ⋅ Secureworks ⋅ SecureWorks
Threat Profile: GOLD MANSARD
Nefilim Nemty GOLD MANSARD

2020-12-17 ⋅ NSA ⋅ NSA
Detecting Abuse of Authentication Mechanisms

2020-12-16 ⋅ Twitter (@0xrb) ⋅ R. Bansal
List of domain infrastructure including DGA domain used by UNC2452
SUNBURST

2020-12-07 ⋅ NSA ⋅ NSA
Russian State-Sponsored Actors Exploiting Vulnerability in VMware® Workspace ONE Access Using Compromised Credentials

2020-08-23 ⋅ Github (Insane-Forensics) ⋅ Insane-Forensics
Dispatches from Drovorub: Network Threat Hunting for Russia GRU GTsSS' Malware at Scale

2020-08-14 ⋅ NSA ⋅ NSA
Drovorub Malware: Fact Sheet & FAQs

2020-08-13 ⋅ NSA ⋅ NSA
NSA and FBI Expose Russian Previously Undisclosed Malware “Drovorub” in Cybersecurity Advisory

2020-08-11 ⋅ FireEye ⋅ Alex Pennino, Brendan McKeague, Harris Ansari, Nick Schroeder, Tim Martin
COOKIEJAR: Tracking Adversaries With FireEye Endpoint Security’s Logon Tracker Module

2020-05-28 ⋅ Wired ⋅ Andy Greenberg
NSA: Russia's Sandworm Hackers Have Hijacked Mail Servers

2019-12-24 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Maze Ransomware Releases Files Stolen from City of Pensacola
Maze

2019-12-11 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Maze Ransomware Behind Pensacola Cyberattack, $1M Ransom Demand
Maze

2019-09-04 ⋅ Trend Micro ⋅ Jaromír Hořejší, Joseph C. Chen
Glupteba Campaign Hits Network Routers and Updates C&C Servers with Data from Bitcoin Transactions
Glupteba

2019-03-05 ⋅ PepperMalware Blog ⋅ Pepper Potts
Quick Analysis of a Trickbot Sample with NSA's Ghidra SRE Framework
TrickBot

2018-12-12 ⋅ Kaspersky Labs ⋅ Anton Ivanov, Boris Larin, Vladislav Stolyarov
Zero-day in Windows Kernel Transaction Manager (CVE-2018-8611)
SandCat