Malpedia Library

Click here to download all references as Bib-File.•

2025-02-13 ⋅ Symantec ⋅ Threat Hunter Team
China-linked Espionage Tools Used in Ransomware Attacks
PlugX

2025-02-13 ⋅ Volexity ⋅ Charlie Gardner, Steven Adair, Tom Lancaster
Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication

2025-02-12 ⋅ Hunt.io ⋅ Hunt.io
Tracking Pyramid C2: Identifying Post-Exploitation Servers in Hunt
Pyramid

2025-02-12 ⋅ ⋅ Donga ⋅ Shin Gyu-jin
Suspected North Korean hacker hacks a large number of data from a government document system developer

2025-02-12 ⋅ cyber.wtf blog ⋅ Hendrik Eckardt, Leonard Rapp
Unpacking Pyarmor v8+ scripts
AsyncRAT DCRat XWorm

2025-02-12 ⋅ Red Canary ⋅ Phil Hagen, Tony Lambert
Defying tunneling: A Wicked approach to detecting malicious network traffic
AsyncRAT DCRat NjRAT XWorm

2025-02-12 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation
LocalOlive

2025-02-12 ⋅ Bleeping Computer ⋅ Bill Toulas
Surge in attacks exploiting old ThinkPHP and ownCloud flaws

2025-02-12 ⋅ The Hacker News ⋅ Ravie Lakshmanan
North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack

2025-02-11 ⋅ EclecticIQ ⋅ Arda Büyükkaya
Sandworm APT Targets Ukrainian Users with Trojanized Microsoft KMS Activation Tools in Cyber Espionage Campaigns
Kalambur BACKORDER DCRat

2025-02-11 ⋅ Twitter (@MsftSecIntel) ⋅ Microsoft Threat Intelligence
Twitter Thread on a new Kimsuky tactic inciting admins to paste powershell

2025-02-10 ⋅ Cyfirma ⋅ cyfirma
Tracking Ransomware: January 2025
TRIPLESTRENGTH

2025-02-06 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
Code injection attacks using publicly disclosed ASP.NET machine keys

2025-02-05 ⋅ cyble ⋅ Cyble
Stealthy Attack: Dual Injection Undermines Chrome’s App-Bound Encryption

2025-02-04 ⋅ Censys ⋅ Aidan Holland
Unpacking the BADBOX Botnet with Censys
BADBOX

2025-02-04 ⋅ Trend Micro ⋅ Peter Girnus
CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks
SmokeLoader

2025-02-03 ⋅ SentinelOne ⋅ Phil Stokes, Tom Hegel
macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed
FlexibleFerret FriendlyFerret FrostyFerret

2025-02-02 ⋅ Team82 ⋅ Team82
Do the CONTEC CMS8000 Patient Monitors Contain a Chinese Backdoor? The Reality is More Complicated…
CMS8000 Backdoor

2025-01-31 ⋅ ConnectWise ⋅ Blake Eakin
Attackers Leveraging Microsoft Teams Defaults and Quick Assist for Social Engineering Attacks
Black Basta Black Basta ReedBed

2025-01-30 ⋅ eSentire ⋅ eSentire
Ongoing Email Bombing Campaigns leading to Remote Access and Post-Exploitation
Black Basta ReedBed UNC4393