Malpedia Library

2020-08-14 ⋅ Twitter (@James_inthe_box) ⋅ James_inthe_box
Tweet on Echelon Stealer

2020-06-11 ⋅ Cado Security ⋅ Chris Doman, James Campbell
An Ongoing AWS Phishing Campaign

2020-06-10 ⋅ James_inthe_box, jeFF0Falltrades, _re_fox
FRat Reporting, YARA, and IoCs
FRat Loader FRat

2020-06-02 ⋅ Lastline Labs ⋅ James Haughom, Stefano Ortolani
Evolution of Excel 4.0 Macro Weaponization
Agent Tesla DanaBot ISFB TrickBot Zloader

2020-05-25 ⋅ Twitter (@JAMESWT_MHT) ⋅ JamesWT
Tweet on FuckUnicorn instance of HiddenTear
HiddenTear

2020-05-16 ⋅ Cado Security ⋅ Chris Doman, James Campbell
Recent Attacks Against Supercomputers
Loerbas

2020-05-12 ⋅ Twitter (@James_inthe_box) ⋅ James_inthe_box
Tweet on Himera Loader
Himera Loader

2020-03-10 ⋅ Lastline ⋅ James Haughom
IQY files and Paradise Ransomware
Paradise

2020-03-06 ⋅ Binary Defense ⋅ James Quinn
Emotet Wi-Fi Spreader Upgraded
Emotet

2020-02-07 ⋅ Binary Defense ⋅ James Quinn
Emotet Evolves With New Wi-Fi Spreader
Emotet

2019-12-20 ⋅ Binary Defense ⋅ James Quinn
An Updated ServHelper Tunnel Variant
ServHelper

2019-04-25 ⋅ FireEye ⋅ James T. Bennett, Michael Bailey
CARBANAK Week Part Four: The CARBANAK Desktop Video Player

2019-04-24 ⋅ FireEye ⋅ James T. Bennett, Michael Bailey
CARBANAK Week Part Three: Behind the CARBANAK Backdoor
Carbanak

2019-04-23 ⋅ FireEye ⋅ James T. Bennett, Michael Bailey
CARBANAK Week Part Two: Continuing the CARBANAK Source Code Analysis

2019-04-22 ⋅ FireEye ⋅ James T. Bennett, Michael Bailey
CARBANAK Week Part One: A Rare Occurrence
Carbanak

2019-03-21 ⋅ CrowdStrike ⋅ James Scalise, Shaun Hurley
Interception: Dissecting BokBot’s “Man in the Browser”
IcedID

2019-03-08 ⋅ The Daily Swig ⋅ James Walker
Emotet trojan implicated in Wolverine Solutions ransomware attack
Emotet

2019-01-03 ⋅ CrowdStrike ⋅ James Scalise, Shaun Hurley
Digging into BokBot’s Core Module
IcedID

2018-12-29 ⋅ Los Angeles Times ⋅ Emily Alpert Reyes, Meg James, Tony Barboza
Malware attack disrupts delivery of L.A. Times and Tribune papers across the U.S.
Ryuk

2018-10-01 ⋅ Twitter (@James_inthe_box) ⋅ James_inthe_box
Tweet on DGA using TLD xyz
MakLoader