Malpedia Library

2023-04-19 ⋅ Medium (@simone.kraus) ⋅ Simone Kraus
Rorschach Ransomware Analysis with Attack Flow
Rorschach Ransomware

2023-04-17 ⋅ Medium (@lcam) ⋅ Luca Mella
Data Insights from Russian Cyber Militants: NoName05716
Dosia

2023-04-13 ⋅ Medium Invictus Incident Response ⋅ Invictus Incident Response
Ransomware in the cloud

2023-04-05 ⋅ Medium Ilandu ⋅ Ilan Duhin
PortDoor - APT Backdoor analysis
ACBackdoor 8.t Dropper PortDoor

2023-03-23 ⋅ Medium s2wlab ⋅ BLKSMTH, S2W TALON
Scarcruft Bolsters Arsenal for targeting individual Android devices
RambleOn RokRAT

2023-03-20 ⋅ ⋅ Medium s2wlab ⋅ HOTSAUCE, S2W TALON
Detailed Analysis of Cryptocurrency Phishing Through Famous YouTube Channel Hacking

2023-03-17 ⋅ Medium s2wlab ⋅ BLKSMTH, S2W TALON
Kimsuky group appears to be exploiting OneNote like the cybercrime group

2023-03-10 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Joshua Platt
From Royal With Love
Cobalt Strike Conti PLAY Royal Ransom Somnia

2023-03-01 ⋅ Medium SarvivaMalwareAnalyst ⋅ sarviya
SecTopRAT: A Dangerous Remote Access Trojan Spreading Through Google Fake Ads
SectopRAT

2023-02-27 ⋅ Medium s2wlab ⋅ Jiho Kim, Lee Sebin
Lumma Stealer targets YouTubers via Spear-phishing Email
Lumma Stealer

2023-02-26 ⋅ Medium Ilandu ⋅ Ilan Duhin, Yossi Poberezsky
Emotet Campaign
Emotet

2023-02-24 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Jonathan Mccay, Joshua Platt, Kirk Sayre
Qbot testing malvertising campaigns?
QakBot

2023-02-19 ⋅ Medium System Weakness ⋅ Lena (LambdaMamba)
Investigating a Fake KDDI Smishing Campaign that abuses Duck DNS
Roaming Mantis

2023-01-23 ⋅ Medium System Weakness ⋅ Lena (LambdaMamba)
A "strange font" Smishing Campaign that changes behaviour based on User-Agent, and abuses Duck DNS
Roaming Mantis

2023-01-16 ⋅ Medium elis531989 ⋅ Eli Salem
Dancing With Shellcodes: Analyzing Rhadamanthys Stealer
Rhadamanthys

2022-12-24 ⋅ Medium (@DCSO_CyTec) ⋅ Denis Szadkowski, Hendrik Baecker, Jiro Minier, Johann Aydinbas
APT41 — The spy who failed to encrypt me
CHINACHOPPER

2022-11-16 ⋅ Medium (@DCSO_CyTec) ⋅ Axel Wauer, Johann Aydinbas
HZ RAT goes China
HZ RAT

2022-10-25 ⋅ Medium walmartglobaltech ⋅ Jason Reaves
Brute Ratel Config Decoding update
Brute Ratel C4

2022-10-24 ⋅ Medium CSIS Techblog ⋅ Benoît Ancel
Chapter 1 — From Gozi to ISFB: The history of a mythical malware family.
Gozi ISFB Snifula

2022-10-24 ⋅ Medium s2wlab ⋅ Lee Sebin, Shin Yeongjae
Unveil the evolution of Kimsuky targeting Android devices with newly discovered mobile malware
FastFire FastSpy