Malpedia Library

2021-06-02 ⋅ CrowdStrike ⋅ Heather Smith, Josh Dalman
Under Attack: Protecting Against Conti, DarkSide, REvil and Other Ransomware
DarkSide Conti DarkSide REvil

2021-06-01 ⋅ Cisco ⋅ Josh Pyorre
Backdoors, RATs, Loaders evasion techniques
BazarNimrod GoldMax Oblique RAT

2021-05-27 ⋅ Volexity ⋅ Damien Cash, Josh Grunzweig, Matthew Meltzer, Sean Koessel, Steven Adair, Thomas Lancaster
Suspected APT29 Operation Launches Election Fraud Themed Phishing Campaigns
Cobalt Strike

2021-05-20 ⋅ CrowdStrike ⋅ joshua fraser
Response When Minutes Matter: When Good Tools Are Used for (R)Evil
REvil

2021-05-19 ⋅ Team Cymru ⋅ Andy Kraus, Josh Hopkins, Nick Byers
Tracking BokBot Infrastructure Mapping a Vast and Currently Active BokBot Network
IcedID

2021-05-18 ⋅ Elastic ⋅ Apoorva Joshi, Craig Chamberlain, Disha Dasgupta
ProblemChild: Detecting living-off-the-land attacks using the Elastic Stack

2021-05-03 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Joshua Platt
BuerLoader Updates
Buer

2021-04-27 ⋅ CrowdStrike ⋅ Eben Kaplan, Josh Dalman, Kamil Janton
Ransomware Preparedness: A Call to Action
Dharma GlobeImposter Maze Phobos CIRCUS SPIDER TRAVELING SPIDER

2021-04-20 ⋅ FireEye ⋅ Alex Pennino, Chris DiGiamo, Josh Fleischer
Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise

2021-04-20 ⋅ FireEye ⋅ Dan Perez, Dimiter Andonov, Greg Wood, Jacob Thompson, Jonathan Lepore, Josh Triplett, Joshua Villanueva, Regina Elwell, Sarah Jones, Stephen Eckels, Stroz Friedberg
Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day

2021-04-16 ⋅ Team Cymru ⋅ Joshua Picolet
Transparent Tribe APT Infrastructure Mapping Part 1: A High-Level Study of CrimsonRAT Infrastructure October 2020 – March 2021
Crimson RAT

2021-04-05 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Joshua Platt
TrickBot Crews New CobaltStrike Loader
Cobalt Strike TrickBot

2021-04-01 ⋅ Microsoft ⋅ Cole Sodja, Joshua Neil, Justin Carroll, Melissa Turcotte, Microsoft 365 Defender Research Team
Automating threat actor tracking: Understanding attacker behavior for intelligence and contextual alerting

2021-03-30 ⋅ Proofpoint ⋅ Joshua Miller, Proofpoint Threat Research Team
BadBlood: TA453 Targets US and Israeli Medical Research Personnel in Credential Phishing Campaigns
TA453

2021-03-15 ⋅ Trustwave ⋅ Joshua Deacon
HAFNIUM, China Chopper and ASP.NET Runtime
CHINACHOPPER

2021-03-15 ⋅ Team Cymru ⋅ Josh Hopkins
FIN8: BADHATCH Threat Indicator Enrichmen
BADHATCH

2021-03-11 ⋅ Cyborg Security ⋅ Josh Campbell
You Don't Know the HAFNIUM of it...
CHINACHOPPER Cobalt Strike PowerCat

2021-03-10 ⋅ Lemon's InfoSec Ramblings ⋅ Josh Lemon
Microsoft Exchange & the HAFNIUM Threat Actor
CHINACHOPPER

2021-03-09 ⋅ Attivo NETWORKS ⋅ Anil Gupta, Gorang Joshi, Saravanan Mohan
Hafnium – Active Exploitation of Microsoft Exchange and Lateral Movement

2021-03-02 ⋅ Volexity ⋅ Josh Grunzweig, Matthew Meltzer, Sean Koessel, Steven Adair, Thomas Lancaster
Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities
CHINACHOPPER HAFNIUM