Malpedia Library

2022-04-05 ⋅ Trend Micro ⋅ Abdelrhman Sharshar, Earle Maui Earnshaw, Ian Kenefick, Lucas Silva, Mohamed Fahmy, Ryan Maglaque
Thwarting Loaders: From SocGholish to BLISTER’s LockBit Payload (IoCs)
FAKEUPDATES Blister LockBit

2022-04-04 ⋅ Intezer ⋅ Joakim Kennedy, Nicole Fishbein
Elephant Framework Delivered in Phishing Attacks Against Ukrainian Organizations
GraphSteel GrimPlant SaintBear

2022-03-31 ⋅ Palo Alto Networks Unit 42 ⋅ Haozhe Zhang, Ken Hsu, Qi Deng, Tao Yan
CVE-2022-22965: Spring Core Remote Code Execution Vulnerability Exploited In the Wild (SpringShell)

2022-03-29 ⋅ Cisco Talos ⋅ Asheer Malhotra, Justin Thattil, Kendall McKay
Transparent Tribe campaign uses new bespoke malware to target Indian government officials
Crimson RAT

2022-03-28 ⋅ Intezer ⋅ Joakim Kennedy, Ryan Robinson
New Conversation Hijacking Campaign Delivering IcedID
IcedID PhotoLoader

2022-03-21 ⋅ DeepInstinct ⋅ Asaf Gilboa, Simon Kenin
What is Arid Gopher? An Analysis of a New, Never-Before-Seen Malware Variant
Arid Gopher AridHelper

2022-03-11 ⋅ Varonis ⋅ Eric Saraga
Is this SID taken? Varonis Threat Labs Discovers Synthetic SID Injection Attack

2022-02-24 ⋅ ⋅ t3n ⋅ Elisabeth Urban
Cyber-Attacken auf die Ukraine: Wiper-Malware befällt „Hunderte Computer“
HermeticWiper

2022-02-22 ⋅ ZeroFox ⋅ Stephan Simon
Quick Update: Kraken Completes Its Rebrand to Anubis
Anubis Loader

2022-02-21 ⋅ Windows Report ⋅ Alexandru Poloboc
Watch out, the Kraken botnet can easily bypass Defender and steal your crypto
Anubis Loader

2022-02-16 ⋅ ZeroFox ⋅ Stephan Simon
Meet Kraken: A New Golang Botnet in Development
Anubis Loader

2022-02-14 ⋅ ⋅ DR.DK ⋅ Allan Nisgaard, Ingeborg Munk Toft, Kenrik Moltke, Marcel Mirzaei-Fard
Var tæt på at slukke tusindvis af vindmøller: Nu fortæller Vestas om cyberangreb
LockBit

2022-01-24 ⋅ Check Point Research ⋅ Dikla Barda, Oded Vanunu, Romain Zaikin
Scammers are creating new fraudulent Crypto Tokens and misconfiguring smart contract’s to steal funds

2022-01-21 ⋅ Trend Micro ⋅ Ian Kenefick
Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware
Emotet

2022-01-19 ⋅ Blackberry ⋅ The BlackBerry Research & Intelligence Team
Kraken the Code on Prometheus
Prometheus Backdoor BlackMatter Cerber Cobalt Strike DCRat Ficker Stealer QakBot REvil Ryuk

2022-01-19 ⋅ Recorded Future ⋅ Insikt Group®, Kenneth Allen, Morgan Clemens, Roderick Lee, Zachary Haver
The People's Liberation Army in the South China Sea: An Organizational Guide

2022-01-17 ⋅ Trend Micro ⋅ Cedric Pernet, Daniel Lunghi, Gloria Chen, Jaromír Hořejší, Joseph Chen, Kenney Lu
Delving Deep: An Analysis of Earth Lusca’s Operations
BIOPASS Cobalt Strike FunnySwitch JuicyPotato ShadowPad Winnti Earth Lusca

2021-12-22 ⋅ Sophos ⋅ Anand Ajjan, Andrew Brandt, Ferenc László Nagy, Fraser Howard, Peter Mackenzie, Sergio Bestulic, Timothy Easton
Avos Locker remotely accesses boxes, even running in Safe Mode
AvosLocker

2021-11-23 ⋅ Trend Micro ⋅ Ian Kenefick
BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors
BazarBackdoor

2021-11-18 ⋅ Group-IB ⋅ Ivan Pisarev
The awakening: Group-IB uncovers new corporate espionage attacks by RedCurl