Malpedia Library

Click here to download all references as Bib-File.•

2020-07-29 ⋅ FireEye ⋅ David Mainor, Gabby Roncone, Lee Foster, Sam Riddell
'Ghostwriter' Influence Campaign: Unknown Actors Leverage Website Compromises and Fabricated Content to Push Narratives Aligned With Russian Security Interests
Ghostwriter

2020-07-13 ⋅ FireEye ⋅ Aaron Stephens, Andrew Thompson
SCANdalous! (External Detection Using Network Scan Data and Automation)
POWERTON QUADAGENT PoshC2

2020-07-07 ⋅ FireEye ⋅ Matthew Haigh, Trevor Haskell
Configuring a Windows Domain to Dynamically Analyze an Obfuscated Lateral Movement Tool

2020-05-21 ⋅ BrightTALK (FireEye) ⋅ Jeremy Kennelly, Kimberly Goody
Navigating MAZE: Analysis of a Rising Ransomware Threat
Maze

2020-05-12 ⋅ FireEye ⋅ Jacob Thompson
Analyzing Dark Crystal RAT, a C# backdoor
DCRat

2020-05-07 ⋅ FireEye Inc ⋅ Jeremy Kennelly, Joshua Shilko, Kimberly Goody
Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents
Maze

2020-04-22 ⋅ FireEye ⋅ Ben Read, Gabby Roncone, John Hultquist, Sarah Jones, Scott Henderson
Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage
METALJACK

2020-04-07 ⋅ FireEye ⋅ Michael Bailey
Thinking Outside the Bochs: Code Grafting to Unpack Malware in Emulation
Elise

2020-03-31 ⋅ FireEye ⋅ Aaron Stephens, Van Ta
It’s Your Money and They Want It Now - The Cycle of Adversary Pursuit
Ryuk TrickBot UNC1878

2020-03-25 ⋅ FireEye ⋅ Christopher Glyer, Dan Perez, Sarah Jones, Steve Miller
This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits
Speculoos Cobalt Strike

2020-02-19 ⋅ FireEye ⋅ FireEye
M-Trends 2020
Cobalt Strike Grateful POS LockerGoga QakBot TrickBot

2020-02-08 ⋅ FireEye ⋅ Michael Bailey
Reversing the Gophe SPambot: Confronting COM Code and Surmounting STL Snags
Gophe

2020-02-05 ⋅ FireEye ⋅ Andrew Moore, Blaine Stancill, Genevieve Stark, Rick Cole
STOMP 2 DIS: Brilliance in the (Visual) Basics
MINEBRIDGE

2020-01-17 ⋅ FireEye ⋅ FireEye
State of the Hack: Spotlight Iran - from Cain & Abel to full SANDSPY
QUADAGENT Fox Kitten

2020-01-17 ⋅ FireEye ⋅ Josh Madeley, William Ballenthin
404 Exploit Not Found: Vigilante Deploying Mitigation for Citrix NetScaler Vulnerability While Maintaining Backdoor
NOTROBIN NOTROBIN

2020-01-14 ⋅ FireEye ⋅ Matt Bromiley, Nick Carr
Rough Patch: I Promise It'll Be 200 OK (Citrix ADC CVE-2019-19781)
NOTROBIN

2020-01-09 ⋅ FireEye ⋅ Sandor Nemes, Zander Work
SAIGON, the Mysterious Ursnif Fork
SaiGon

2020-01-01 ⋅ FireEye ⋅ Mandiant, Mitchell Clarke, Tom Hall
Mandiant IR Grab Bag of Attacker Activity
TwoFace CHINACHOPPER HyperBro HyperSSL

2019-12-12 ⋅ FireEye ⋅ Chi-en Shen, Oleg Bondarenko
Cyber Threat Landscape in Japan – Revealing Threat in the Shadow
Cerberus TSCookie Cobalt Strike Dtrack Emotet Formbook IcedID Icefog IRONHALO Loki Password Stealer (PWS) PandaBanker PLEAD poisonplug TrickBot BlackTech

2019-11-19 ⋅ FireEye ⋅ Kelli Vanderlee, Nalani Fraser
Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions
APT1 APT10 APT2 APT26 APT3 APT30 APT41 Naikon Tonto Team