Malpedia Library

Click here to download all references as Bib-File.•

2020-09-21 ⋅ Cisco Talos ⋅ Joe Marshall, JON MUNSHAW, Nick Mavis
The art and science of detecting Cobalt Strike
Cobalt Strike

2020-09-21 ⋅ Trend Micro ⋅ Raphael Centeno
Cybercriminals Distribute Backdoor With VPN Installer
NjRAT

2020-09-20 ⋅ Check Point Research ⋅ Check Point Research
Rampant Kitten – An Iranian Espionage Campaign
HookInjEx TelAndExt TelB

2020-09-18 ⋅ KELA ⋅ Raveed Laeb, Victoria Kivilevich
The Initial Access Broker’s Toolbox – Remote Monitoring and Management

2020-09-18 ⋅ ⋅ ID Ransomware ⋅ Andrew Ivanov
Egregor Ransomware
Egregor

2020-09-18 ⋅ Medium cryptax ⋅ Axelle Apvrille
Locating the Trojan inside an infected COVID-19 contact tracing app
Meterpreter

2020-09-18 ⋅ AppGate ⋅ Felipe Duarte, Gustavo Palazolo
Reverse Engineering Dridex and Automating IOC Extraction
Dridex

2020-09-18 ⋅ Symantec ⋅ Threat Hunter Team
APT41: Indictments Put Chinese Espionage Group in the Spotlight
CROSSWALK PlugX POISONPLUG ShadowPad Winnti

2020-09-18 ⋅ Symantec ⋅ Threat Hunter Team
Elfin: Latest U.S. Indictments Appear to Target Iranian Espionage Group
Nanocore RAT

2020-09-18 ⋅ Trend Micro ⋅ Trend Micro
U.S. Justice Department Charges APT41 Hackers over Global Cyberattacks
Cobalt Strike ColdLock

2020-09-18 ⋅ Github (gdbinit) ⋅ Pedro Vilaça
EvilQuest/ThiefQuest strings decrypt/deobfuscator
EvilQuest

2020-09-17 ⋅ Avast Decoded ⋅ Jan Rubín
Complex obfuscation? Meh… (1/2)
DarkGate

2020-09-17 ⋅ Joe Security's Blog ⋅ Joe Security
GuLoader's VM-Exit Instruction Hammering explained
CloudEyE

2020-09-17 ⋅ CRYPSIS ⋅ Drew Schmitt
Ransomware’s New Trend: Exfiltration and Extortion
LockBit

2020-09-17 ⋅ PWC UK ⋅ PWC UK
Analysis of WellMail malware's Command and Control (C2) server
WellMail

2020-09-17 ⋅ FBI ⋅ FBI
FBI FLASH ME-000134-MW: Indicators of Compromise Associated with Rana Intelligence Computing, also known as APT39, Chafer, Cadelspy, Remexi, and ITG07

2020-09-17 ⋅ FBI ⋅ FBI
FBI PIN Number 20200917-001: IRGC-Associated Cyber Operations Against US Company Networks
MimiKatz Nanocore RAT

2020-09-17 ⋅ U.S. Department of the Treasury ⋅ U.S. Department of the Treasury
Counter Terrorism Designations; Iran/Cyber-related Designations

2020-09-17 ⋅ U.S. Department of the Treasury ⋅ U.S. Department of the Treasury
Treasury Sanctions Cyber Actors Backed by Iranian Intelligence Ministry

2020-09-17 ⋅ SophosLabs Uncut ⋅ Andrew Brandt, Peter Mackenzie
Maze attackers adopt Ragnar Locker virtual machine technique
Maze