Malpedia Library

Click here to download all references as Bib-File.•

2024-04-29 ⋅ Twitter (@sekoia_io) ⋅ sekoia
@sekoia_io's tweet about the (not so) new infostealer, named ACR Stealer
ACR Stealer

2024-04-29 ⋅ Zscaler ⋅ Santiago Vicente
Zloader Learns Old Tricks
Zloader

2024-04-29 ⋅ The DFIR Report ⋅ The DFIR Report
From IcedID to Dagon Locker Ransomware in 29 Days
IcedID Mount Locker

2024-04-27 ⋅ CySecurity News ⋅ CySecurity News
Cryptocurrency Chaos: El Salvador's Bitcoin Wallet Code Leaked, Privacy at Risk
CiberInteligenciaSV

2024-04-27 ⋅ Google ⋅ Rommel-J
Finding Malware: Detecting SOGU with Google Security Operations.
PlugX

2024-04-25 ⋅ Mandiant ⋅ Jamie Collier, Kelli Vanderlee
Poll Vaulting: Cyber Threats to Global Elections
Callisto

2024-04-25 ⋅ Microsoft ⋅ Microsoft Incident Response Team
Guidance for Incident Responders

2024-04-24 ⋅ SentinelOne ⋅ Jim Walter
Ransomware Evolution | How Cheated Affiliates Are Recycling Victim Data for Profit
BlackCat RansomHub RansomHub

2024-04-24 ⋅ Securonix ⋅ Den Iyzvyk, Oleg Kolesnikov, Tim Peck
Analysis of Ongoing FROZEN#SHADOW Attack Campaign Leveraging SSLoad Malware and RMM Software for Domain Takeover
Cobalt Strike Latrodectus

2024-04-24 ⋅ Seqrite ⋅ Sathwik Ram Prakki
Pakistani APTs Escalate Attacks on Indian Gov. Seqrite Labs Unveils Threats and Connections
AllaKore Crimson RAT

2024-04-24 ⋅ Elastic ⋅ Cyril François, Samir Bousseaden
Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware, Part One
Remcos

2024-04-24 ⋅ kienmanowar Blog ⋅ m4n0w4r, Tran Trung Kien
[QuickNote] Qakbot 5.0 – Decrypt strings and configuration
QakBot

2024-04-24 ⋅ Cisco ⋅ Cisco Talos
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices
ArcaneDoor Storm-1849

2024-04-24 ⋅ NCSC UK ⋅ NCSC UK
Line Dancer - In-memory shellcode loader targeting Cisco Adaptive Security Appliance (ASA) devices.

2024-04-24 ⋅ NCSC UK ⋅ NCSC UK
Line Runner: Persistent webshell targeting Cisco Adaptive Security Appliance (ASA) devices.

2024-04-23 ⋅ Infoblox ⋅ Renée Burton
Muddling Meerkat: The Great Firewall Manipulator

2024-04-22 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
GooseEgg

2024-04-22 ⋅ Wired ⋅ Matt Burgess
North Koreans Secretly Animated Amazon and Max Shows, Researchers Say

2024-04-22 ⋅ HarfangLab ⋅ HarfangLab CTR
MuddyWater campaign abusing Atera Agents

2024-04-20 ⋅ Axel's IT Security Research ⋅ Axel Mahr
New Robust Technique for Reliably Identifying AsyncRAT/DcRAT/VenomRAT Servers
AsyncRAT DCRat Venom RAT