Malpedia Library

Click here to download all references as Bib-File.•

2022-05-02 ⋅ Mandiant ⋅ Chris Gardner, Doug Bienstock, Josh Madeley, Melissa Derr, Tyler McLellan
UNC3524: Eye Spy on Your Email
QUIETEXIT UNC3524

2022-04-29 ⋅ Team Cymru ⋅ Joshua Picolet
Sliver Case Study: Assessing Common Offensive Security Tools The Use of the Sliver C2 Framework for Malicious Purposes
Sliver

2022-04-07 ⋅ Team Cymru ⋅ Josh Hopkins
MoqHao Part 2: Continued European Expansion
MoqHao

2022-04-07 ⋅ Twitter (@ChicagoCyber) ⋅ Joshua Miller
Tweet on TA455 (Iranian threat actor) IoCs

2022-03-23 ⋅ Team Cymru ⋅ Andy Kraus, Brian Eckman, Josh Hopkins, Paul Welte
Raccoon Stealer – An Insight into Victim “Gates”
Raccoon

2022-03-16 ⋅ Mandiant ⋅ Joshua Homan, Logeswaran Nadarajan, Martin Co, Mathew Potaczek, Sylvain Hirsch, Takahiro Sugiyama, Yu Nakamura
Have Your Cake and Eat it Too? An Overview of UNC2891
SLAPSTICK STEELCORGI LightBasin

2022-03-16 ⋅ Dragos ⋅ Josh Hanrahan
Suspected Conti Ransomware Activity in the Auto Manufacturing Sector
Conti Emotet

2022-03-10 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Joshua Platt
Diavol the Enigma of Ransomware
Diavol

2022-03-04 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Joshua Platt
SystemBC, PowerShell version
SystemBC

2022-02-23 ⋅ Mandiant ⋅ Joshua Shilko, Shambavi Sadayappan, Tyler McLellan
(Ex)Change of Pace: UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware
Cuba KillAV

2022-02-14 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Joshua Platt
PrivateLoader to Anubis Loader
Anubis Loader PrivateLoader

2022-02-08 ⋅ Proofpoint ⋅ Georgi Mladenov, Joshua Miller, Konstantin Klinger
Ugg Boots 4 Sale: A Tale of Palestinian-Aligned Espionage
BrittleBush NimbleMamba TA402

2022-02-01 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Jonathan Mccay, Joshua Platt
Sugar Ransomware, a new RaaS
Sugar

2022-01-26 ⋅ Team Cymru ⋅ Josh Hopkins
Analysis of a Management IP Address linked to Molerats APT

2022-01-20 ⋅ Palo Alto Networks Unit 42 ⋅ Josh Grunzweig, Mike Harbison, Robert Falcone
Threat Brief: Ongoing Russia and Ukraine Cyber Conflict
WhisperGate

2022-01-11 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Joshua Platt
Signed DLL campaigns as a service
BATLOADER Cobalt Strike ISFB Zloader

2021-12-06 ⋅ Mandiant ⋅ Ashraf Abdalhalim, Ben Read, Doug Bienstock, Gabriella Roncone, Jonathan Leathery, Josh Madeley, Juraj Sucik, Luis Rocha, Luke Jenkins, Manfred Erjak, Marius Fodoreanu, Microsoft Detection and Response Team (DART), Microsoft Threat Intelligence Center (MSTIC), Mitchell Clarke, Parnian Najafi, Sarah Hawley, Wojciech Ledzion
Suspected Russian Activity Targeting Government and Business Entities Around the Globe (UNC2452)
Cobalt Strike CryptBot

2021-11-18 ⋅ Cisco ⋅ Josh Pyorre
BlackMatter, LockBit, and THOR
BlackMatter LockBit PlugX

2021-11-17 ⋅ Mandiant ⋅ Joshua Goddard
ProxyNoShell: A Change in Tactics Exploiting ProxyShell Vulnerabilities

2021-11-10 ⋅ AT&T ⋅ Josh Gomez
Stories from the SOC - Powershell, Proxyshell, Conti TTPs OH MY!
Cobalt Strike Conti