Malpedia Library

Click here to download all references as Bib-File.•

2020-12-17 ⋅ NSA ⋅ NSA
Detecting Abuse of Authentication Mechanisms

2020-12-17 ⋅ Microsoft ⋅ Brad Smith
A moment of reckoning: the need for a strong and global cybersecurity response
SUNBURST

2020-12-17 ⋅ US-CERT ⋅ US-CERT
Alert (AA20-352A): Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations
SUNBURST

2020-12-17 ⋅ ESET Research ⋅ Ignacio Sanmillan, Matthieu Faou
Operation SignSight: Supply‑chain attack against a certification authority in Southeast Asia
SManager

2020-12-17 ⋅ ClearSky ⋅ ClearSky Research Team
Pay2Kitten: Pay2Key Ransomware - A New Campaign by Fox Kitten
Pay2Key

2020-12-16 ⋅ Fortinet ⋅ Fred Gutierrez, Val Saengphaibul
Adversary Playbook: JavaScript RAT Looking for that Government Cheese
JSOutProx

2020-12-16 ⋅ Pastebin ⋅ Anonymous
Paste of subdomain & DGA domain names used in SolarWinds attack
SUNBURST UNC2452

2020-12-16 ⋅ CrowdStrike ⋅ David Rojas, Mark Robinson
Hiding in Plain Sight: Remediating “Hidden” Malware with Real Time Response
Andromeda

2020-12-16 ⋅ ⋅ 360 Threat Intelligence Center ⋅ Advanced Threat Institute
旺刺组织（APT-C-47）使用ClickOnce技术的攻击活动披露

2020-12-16 ⋅ Cyborg Security ⋅ Josh Meltzer
SUNBURST: SolarWinds Supply-Chain Attack
SUNBURST

2020-12-16 ⋅ Twitter @cybercdh) ⋅ Colin Hardy
Tweet on 3 key actions SUNBURST performs as soon as it's invoked
SUNBURST

2020-12-16 ⋅ Click All the Things! Blog ⋅ Jamie
Snake/404 Keylogger, BIFF, and Covering Tracks?: An unusual maldoc

2020-12-16 ⋅ Cloudflare ⋅ Jesse Kipp, Malavika Balachandran Tadeusz
Trend data on the SolarWinds Orion compromise
SUNBURST

2020-12-16 ⋅ Bleeping Computer ⋅ Lawrence Abrams
FireEye, Microsoft create kill switch for SolarWinds backdoor
SUNBURST

2020-12-16 ⋅ Microsoft ⋅ Shain Wray
SolarWinds Post-Compromise Hunting with Azure Sentinel
SUNBURST

2020-12-16 ⋅ ⋅ Qianxin ⋅ Red Raindrop Team
中招目标首次披露：SolarWinds供应链攻击相关域名生成算法可破解！
SUNBURST

2020-12-16 ⋅ Twitter (@FireEye) ⋅ FireEye
Tweet on SUNBURST from FireEye detailing some additional information
SUNBURST

2020-12-16 ⋅ GuidePoint Security ⋅ Wes Riley
SUPERNOVA SolarWinds .NET Webshell Analysis
SUPERNOVA

2020-12-16 ⋅ Twitter (@0xrb) ⋅ R. Bansal
List of domain infrastructure including DGA domain used by UNC2452
SUNBURST

2020-12-16 ⋅ Intel 471 ⋅ Intel 471
Intel471's full statement on their knowledge of SolarWinds and the cybercriminal underground
SUNBURST