Malpedia Library

Click here to download all references as Bib-File.•

2020-10-14 ⋅ RiskIQ ⋅ Jon Gross, Steve Ginty
A Well-Marked Trail: Journeying through OceanLotus's Infrastructure
Cobalt Strike

2020-09-30 ⋅ RiskIQ ⋅ Jon Gross
Diving Into DONOT's Mobile Rabbit Hole
KnSpy

2020-09-21 ⋅ Cisco Talos ⋅ Joe Marshall, JON MUNSHAW, Nick Mavis
The art and science of detecting Cobalt Strike
Cobalt Strike

2020-09-16 ⋅ RiskIQ ⋅ Jon Gross
RiskIQ: Adventures in Cookie Land - Part 2
8.t Dropper Chinoxy Poison Ivy

2020-08-19 ⋅ RiskIQ ⋅ Cory Kennedy, Jon Gross
RiskIQ Adventures in Cookie Land - Part 1
8.t Dropper Chinoxy

2020-04-22 ⋅ FireEye ⋅ Ben Read, Gabby Roncone, John Hultquist, Sarah Jones, Scott Henderson
Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage
METALJACK

2020-03-25 ⋅ FireEye ⋅ Christopher Glyer, Dan Perez, Sarah Jones, Steve Miller
This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits
Speculoos Cobalt Strike

2020-02-06 ⋅ IronNet ⋅ Jonathan Lepore
DNS Tunneling Series, Part 3: The Siren Song of RogueRobin
RogueRobin

2019-09-18 ⋅ IronNet ⋅ Jonathan Lepore
Chirp of the PoisonFrog
BONDUPDATER

2019-01-10 ⋅ FireEye ⋅ Ben Read, Muks Hirani, Sarah Jones
Global DNS Hijacking Campaign: DNS Record Manipulation at Scale
DNSpionage DNSpionage

2019-01-09 ⋅ Mandiant ⋅ Ben Read, Muks Hirani, Sarah Jones
Global DNS Hijacking Campaign: DNS Record Manipulation at Scale
DNSpionage Sea Turtle

2018-11-19 ⋅ FireEye ⋅ Andrew Thompson, Ben Withnell, Jonathan Leathery, Matthew Dunwoody, Michael Matonis, Nick Carr
Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign
Cobalt Strike

2018-10-03 ⋅ Virus Bulletin ⋅ Michal Poslušný, Peter Kálnai
Lazarus Group A Mahjong Game Played with Different Sets of Tiles
Bankshot BanPolMex RAT FuwuqiDrama HOTWAX KillDisk (Lazarus) NACHOCHEESE REDSHAWL WannaCryptor

2018-07-26 ⋅ IEEE Symposium on Security and Privacy (SP) ⋅ Alex C. Snoeren, Damon McCoy, Danny Yuxing Huang, Elie Bursztein, Jonathan Levin, Kirill Levchenko, Kylie McRoberts, Luca Invernizzi, Maxwell Matthaios Aliapoulios, Vector Guo Li
Tracking Ransomware End-to-end
Cerber Locky WannaCryptor

2018-06-07 ⋅ Gigamon ⋅ Chenming Xu, Dan Caselden, Jason Jones, Justin Warner
Adobe Flash Zero-Day Leveraged for Targeted Attack in Middle East - Gigamon ATR Blog
Chainshot

2017-05-31 ⋅ Symantec ⋅ Jon DiMaggio
Operation Bachosens: A detailed look into a long-running cyber crime campaign
Bachosens

2017-05-03 ⋅ FireEye ⋅ DJ Palombo, Jon Erickson, Matthew McWhirt
To SDB, Or Not To SDB: FIN7 Leveraging Shim Databases for Persistence
FIN7

2017-04-21 ⋅ The Wall Street Journal ⋅ Jonathan Cheng, Josh Chin
China Hacked South Korea Over Missile Defense, U.S. Firm Says
Tonto Team

2017-02-27 ⋅ Cylance ⋅ Jon Gross
The Deception Project: A New Japanese-Centric Threat
Snake Wine