Malpedia Library

Click here to download all references as Bib-File.•

2020-09-18 ⋅ AppGate ⋅ Felipe Duarte, Gustavo Palazolo
Reverse Engineering Dridex and Automating IOC Extraction
Dridex

2020-09-18 ⋅ Symantec ⋅ Threat Hunter Team
APT41: Indictments Put Chinese Espionage Group in the Spotlight
CROSSWALK PlugX POISONPLUG ShadowPad Winnti

2020-09-18 ⋅ Symantec ⋅ Threat Hunter Team
Elfin: Latest U.S. Indictments Appear to Target Iranian Espionage Group
Nanocore RAT

2020-09-18 ⋅ Trend Micro ⋅ Trend Micro
U.S. Justice Department Charges APT41 Hackers over Global Cyberattacks
Cobalt Strike ColdLock

2020-09-18 ⋅ Github (gdbinit) ⋅ Pedro Vilaça
EvilQuest/ThiefQuest strings decrypt/deobfuscator
EvilQuest

2020-09-17 ⋅ Avast Decoded ⋅ Jan Rubín
Complex obfuscation? Meh… (1/2)
DarkGate

2020-09-17 ⋅ Joe Security's Blog ⋅ Joe Security
GuLoader's VM-Exit Instruction Hammering explained
CloudEyE

2020-09-17 ⋅ CRYPSIS ⋅ Drew Schmitt
Ransomware’s New Trend: Exfiltration and Extortion
LockBit

2020-09-17 ⋅ PWC UK ⋅ PWC UK
Analysis of WellMail malware's Command and Control (C2) server
WellMail

2020-09-17 ⋅ FBI ⋅ FBI
FBI FLASH ME-000134-MW: Indicators of Compromise Associated with Rana Intelligence Computing, also known as APT39, Chafer, Cadelspy, Remexi, and ITG07

2020-09-17 ⋅ FBI ⋅ FBI
FBI PIN Number 20200917-001: IRGC-Associated Cyber Operations Against US Company Networks
MimiKatz Nanocore RAT

2020-09-17 ⋅ U.S. Department of the Treasury ⋅ U.S. Department of the Treasury
Counter Terrorism Designations; Iran/Cyber-related Designations

2020-09-17 ⋅ U.S. Department of the Treasury ⋅ U.S. Department of the Treasury
Treasury Sanctions Cyber Actors Backed by Iranian Intelligence Ministry

2020-09-17 ⋅ SophosLabs Uncut ⋅ Andrew Brandt, Peter Mackenzie
Maze attackers adopt Ragnar Locker virtual machine technique
Maze

2020-09-17 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Maze ransomware now encrypts via virtual machines to evade detection
Maze

2020-09-17 ⋅ Max Kersten's Blog ⋅ Max Kersten
Automatic ReZer0 payload and configuration extraction

2020-09-16 ⋅ Qianxin ⋅ Red Raindrop Team
Target defense industry: Lazarus uses recruitment bait combined with continuously updated cyber weapons
CRAT

2020-09-16 ⋅ RiskIQ ⋅ Jon Gross
RiskIQ: Adventures in Cookie Land - Part 2
8.t Dropper Chinoxy Poison Ivy

2020-09-16 ⋅ Zscaler ⋅ Aditya Sharma, Avinash Kumar
Malware Leveraging XML-RPC Vulnerability to Exploit WordPress Sites
WpBruteBot

2020-09-16 ⋅ Intel 471 ⋅ Intel 471
Partners in crime: North Koreans and elite Russian-speaking cybercriminals
TrickBot