Malpedia Library

2021-05-01 ⋅ Marco Ramilli's Blog ⋅ Marco Ramilli
Muddywater: Binder Project

2021-04-23 ⋅ xorl %eax, %eax ⋅ Anastasios Pingios
Analysis of the CardingMafia March 2021 data breach

2021-04-22 ⋅ splunk ⋅ Dave Herrald, Drew Church, James Brodsky, John Stoner, Katie Brown, Marcus LaFerrera, Michael Natkin, Mick Baccio, Ryan Kovar
SUPERNOVA Redux, with a Generous Portion of Masquerading
SUPERNOVA

2021-04-21 ⋅ splunk ⋅ Bill Wright, Dave Herrald, James Brodsky, John Stoner, Kelly Huang, Marcus LaFerrerra, Michael Natkin, Mick Baccio, Ryan Kovar, Shannon Davis, Tamara Chacon
Monitoring Pulse Connect Secure With Splunk (CISA Emergency Directive 21-03)

2021-04-19 ⋅ Sentinel LABS ⋅ Marco Figueroa
A Deep Dive into Zebrocy’s Dropper Docs
Downdelph

2021-04-16 ⋅ Team Cymru ⋅ Joshua Picolet
Transparent Tribe APT Infrastructure Mapping Part 1: A High-Level Study of CrimsonRAT Infrastructure October 2020 – March 2021
Crimson RAT

2021-04-12 ⋅ Trend Micro ⋅ Don Ovid Ladores, Frankylnn Uy, Junestherry Salvador, Lala Manly, Raphael Centeno
A Spike in BazarCall and IcedID Activity Detected in March
BazarBackdoor IcedID

2021-04-06 ⋅ Facebook ⋅ Facebook
March 2021 Coordinated Inauthentic Behavior Report

2021-03-15 ⋅ Microsoft ⋅ Microsoft Security Response Center
One-Click Microsoft Exchange On-Premises Mitigation Tool – March 2021

2021-03-12 ⋅ splunk ⋅ Amy Heng, Dave Herrald, Derek King, James Brodsky, John Stoner, Jose Hernandez, Marcus LaFerrera, Michael Haag, Mick Baccio, Ryan Kovar, Shannon Davis
Detecting Microsoft Exchange Vulnerabilities - 0 + 8 Days Later…

2021-03-09 ⋅ Microsoft ⋅ MSRC Team
Microsoft Exchange Server Vulnerabilities Mitigations – updated March 9, 2021
HAFNIUM

2021-03-02 ⋅ Microsoft ⋅ MSRC Team
Multiple Security Updates Released for Exchange Server – updated March 8, 2021
HAFNIUM

2021-02-02 ⋅ ESET Research ⋅ Ignacio Sanmillan, Marc-Etienne M.Léveillé
Kobalos – A complex Linux threat to high performance computing infrastructure
Kobalos

2021-01-22 ⋅ Trimarc Security ⋅ Scott W Blake
LDAP Channel Binding and Signing

2021-01-19 ⋅ Malwarebytes ⋅ Marcin Kleczynski
Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments

2021-01-09 ⋅ Marco Ramilli's Blog ⋅ Marco Ramilli
Command and Control Traffic Patterns
ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot

2021-01-08 ⋅ splunk ⋅ James Brodsky, John Stoner, Lily Lee, Marcus LaFerrera, Ryan Kovar
A Golden SAML Journey: SolarWinds Continued
SUNBURST

2021-01-06 ⋅ Mimecast ⋅ Matthew Gardiner
How to Slam a Door on the Cutwail Botnet: Enforce DMARC
Cutwail

2021-01-04 ⋅ SentinelOne ⋅ Marco Figueroa
Building a Custom Malware Analysis Lab Environment
TrickBot

2021-01-01 ⋅ Google ⋅ Fabian Kaczmarczyck
Burning the Haystack: Malware Lead Generation at Scale