Malpedia Library

2021-07-28 ⋅ Proofpoint ⋅ Crista Giering, Joshua Miller, Michael Raggi
I Knew You Were Trouble: TA456 Targets Defense Contractor with Alluring Social Media Persona
Liderc SysKit

2021-07-12 ⋅ Proofpoint ⋅ Crista Giering, Joshua Miller, Threat Research Team
Operation SpoofedScholars: A Conversation with TA453

2021-07-06 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Joshua Platt
TA505 adds GoLang crypter for delivering miners and ServHelper
ServHelper

2021-07-02 ⋅ Team Cymru ⋅ Joshua Picolet
Transparent Tribe APT Infrastructure Mapping Part 2: A Deeper Dive into the Identification of CrimsonRAT Infrastructure
Crimson RAT

2021-06-18 ⋅ CrowdStrike ⋅ Heather Smith, Josh Dalman
Ransomware Actors Evolved Their Operations in 2020

2021-06-10 ⋅ Twitter (@passthehashbrwn) ⋅ Josh
Hiding your syscalls

2021-06-07 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Joshua Platt
Inside the SystemBC Malware-As-A-Service
Ryuk SystemBC TrickBot

2021-06-02 ⋅ CrowdStrike ⋅ Heather Smith, Josh Dalman
Under Attack: Protecting Against Conti, DarkSide, REvil and Other Ransomware
DarkSide Conti DarkSide REvil

2021-06-01 ⋅ Cisco ⋅ Josh Pyorre
Backdoors, RATs, Loaders evasion techniques
BazarNimrod GoldMax Oblique RAT

2021-05-27 ⋅ Volexity ⋅ Damien Cash, Josh Grunzweig, Matthew Meltzer, Sean Koessel, Steven Adair, Thomas Lancaster
Suspected APT29 Operation Launches Election Fraud Themed Phishing Campaigns
Cobalt Strike

2021-05-20 ⋅ CrowdStrike ⋅ joshua fraser
Response When Minutes Matter: When Good Tools Are Used for (R)Evil
REvil

2021-05-19 ⋅ Team Cymru ⋅ Andy Kraus, Josh Hopkins, Nick Byers
Tracking BokBot Infrastructure Mapping a Vast and Currently Active BokBot Network
IcedID

2021-05-18 ⋅ Elastic ⋅ Apoorva Joshi, Craig Chamberlain, Disha Dasgupta
ProblemChild: Detecting living-off-the-land attacks using the Elastic Stack

2021-05-03 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Joshua Platt
BuerLoader Updates
Buer

2021-04-27 ⋅ CrowdStrike ⋅ Eben Kaplan, Josh Dalman, Kamil Janton
Ransomware Preparedness: A Call to Action
Dharma GlobeImposter Maze Phobos CIRCUS SPIDER TRAVELING SPIDER

2021-04-20 ⋅ FireEye ⋅ Alex Pennino, Chris DiGiamo, Josh Fleischer
Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise

2021-04-20 ⋅ FireEye ⋅ Dan Perez, Dimiter Andonov, Greg Wood, Jacob Thompson, Jonathan Lepore, Josh Triplett, Joshua Villanueva, Regina Elwell, Sarah Jones, Stephen Eckels, Stroz Friedberg
Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day

2021-04-16 ⋅ Team Cymru ⋅ Joshua Picolet
Transparent Tribe APT Infrastructure Mapping Part 1: A High-Level Study of CrimsonRAT Infrastructure October 2020 – March 2021
Crimson RAT

2021-04-05 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Joshua Platt
TrickBot Crews New CobaltStrike Loader
Cobalt Strike TrickBot

2021-04-01 ⋅ Microsoft ⋅ Cole Sodja, Joshua Neil, Justin Carroll, Melissa Turcotte, Microsoft 365 Defender Research Team
Automating threat actor tracking: Understanding attacker behavior for intelligence and contextual alerting