Malpedia Library

Click here to download all references as Bib-File.•

2021-08-30 ⋅ CrowdStrike ⋅ Eric Loui, Josh Reynolds
CARBON SPIDER Embraces Big Game Hunting, Part 1
Bateleur Griffon Carbanak DarkSide JSSLoader PILLOWMINT REvil

2021-08-24 ⋅ Volexity ⋅ Damien Cash, Josh Grunzweig, Steven Adair, Thomas Lancaster
North Korean BLUELIGHT Special: InkySquid Deploys RokRAT
RokRAT

2021-08-17 ⋅ Volatility Labs ⋅ Damien Cash, Josh Grunzweig, Matthew Meltzer, Steven Adair, Thomas Lancaster
North Korean APT37 / InkySquid Infects Victims Using Browser Exploits
BLUELIGHT APT37

2021-08-11 ⋅ Team Cymru ⋅ Josh Hopkins
MoqHao Part 1.5: High-Level Trends of Recent Campaigns Targeting Japan
MoqHao

2021-08-04 ⋅ FireEye ⋅ Doug Bienstock, Josh Madeley
Cloudy with a Chance of APTNovel Microsoft 365 Attacks in the Wild

2021-08-03 ⋅ CrowdStrike ⋅ Eric Loui, Josh Reynolds, Michael DeCristofaro
Squashing SPIDERS: Threat Intelligence, Threat Hunting and Rapid Response Stops SQL Injection Campaign

2021-07-28 ⋅ Proofpoint ⋅ Crista Giering, Joshua Miller, Michael Raggi
I Knew You Were Trouble: TA456 Targets Defense Contractor with Alluring Social Media Persona
Liderc SysKit

2021-07-12 ⋅ Proofpoint ⋅ Crista Giering, Joshua Miller, Threat Research Team
Operation SpoofedScholars: A Conversation with TA453

2021-07-06 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Joshua Platt
TA505 adds GoLang crypter for delivering miners and ServHelper
ServHelper

2021-07-02 ⋅ Team Cymru ⋅ Joshua Picolet
Transparent Tribe APT Infrastructure Mapping Part 2: A Deeper Dive into the Identification of CrimsonRAT Infrastructure
Crimson RAT

2021-06-18 ⋅ CrowdStrike ⋅ Heather Smith, Josh Dalman
Ransomware Actors Evolved Their Operations in 2020

2021-06-10 ⋅ Twitter (@passthehashbrwn) ⋅ Josh
Hiding your syscalls

2021-06-07 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Joshua Platt
Inside the SystemBC Malware-As-A-Service
Ryuk SystemBC TrickBot

2021-06-02 ⋅ CrowdStrike ⋅ Heather Smith, Josh Dalman
Under Attack: Protecting Against Conti, DarkSide, REvil and Other Ransomware
DarkSide Conti DarkSide REvil

2021-06-01 ⋅ Cisco ⋅ Josh Pyorre
Backdoors, RATs, Loaders evasion techniques
BazarNimrod GoldMax Oblique RAT

2021-05-27 ⋅ Volexity ⋅ Damien Cash, Josh Grunzweig, Matthew Meltzer, Sean Koessel, Steven Adair, Thomas Lancaster
Suspected APT29 Operation Launches Election Fraud Themed Phishing Campaigns
Cobalt Strike

2021-05-20 ⋅ CrowdStrike ⋅ joshua fraser
Response When Minutes Matter: When Good Tools Are Used for (R)Evil
REvil

2021-05-19 ⋅ Team Cymru ⋅ Andy Kraus, Josh Hopkins, Nick Byers
Tracking BokBot Infrastructure Mapping a Vast and Currently Active BokBot Network
IcedID

2021-05-18 ⋅ Elastic ⋅ Apoorva Joshi, Craig Chamberlain, Disha Dasgupta
ProblemChild: Detecting living-off-the-land attacks using the Elastic Stack

2021-05-03 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Joshua Platt
BuerLoader Updates
Buer