Malpedia Library

2020-07-21 ⋅ Checkpoint ⋅ Checkpoint
How scammers are hiding their phishing trips in public clouds

2020-07-21 ⋅ Malwarebytes ⋅ Hossein Jazi, Jérôme Segura
Chinese APT group targets India and Hong Kong using new variant of MgBot malware
KSREMOTE Cobalt Strike MgBot Evasive Panda

2020-07-20 ⋅ or10nlabs ⋅ oR10n
Reverse Engineering the New Mustang Panda PlugX Downloader
PlugX

2020-07-20 ⋅ Twitter (@InQuest) ⋅ InQuest
Tweets on PowerPepper decryption
PowerPepper

2020-07-20 ⋅ Dr.Web ⋅ Dr.Web
Study of the APT attacks on state institutions in Kazakhstan and Kyrgyzstan
Microcin Mirage PlugX WhiteBird

2020-07-20 ⋅ Risky.biz ⋅ Daniel Gordon
What even is Winnti?
CCleaner Backdoor Ghost RAT PlugX ZXShell

2020-07-20 ⋅ Hornetsecurity ⋅ Hornetsecurity Security Lab
Emotet is back
Emotet

2020-07-20 ⋅ NTT ⋅ Security division of NTT Ltd.
Shellbot victim overlap with Emotet network infrastructure
Emotet

2020-07-20 ⋅ ThreatFabric ⋅ Twitter (@ThreatFabric)
Tweet on Medusa - A new Android banking Trojan
Medusa

2020-07-20 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Emotet-TrickBot malware duo is back infecting Windows machines
Emotet TrickBot

2020-07-18 ⋅ Hornetsecurity ⋅ Hornetsecurity Security Lab
Firefox Send sends Ursnif malware
ISFB

2020-07-17 ⋅ Zscaler ⋅ Kaivalya Khursale, Sudeep Singh
New Voicemail-Themed Phishing Attacks Use Evasion Techniques and Steal Credentials

2020-07-17 ⋅ Proofpoint ⋅ Sherrod DeGrippo
TA547 Pivots from Ursnif Banking Trojan to Ransomware in Australian Campaign
Adhubllka

2020-07-16 ⋅ Cybereason ⋅ Assaf Dahan, Daniel Frank, Mary Zhao
A Bazar of Tricks: Following Team9’s Development Cycles (IOCs)
BazarBackdoor

2020-07-16 ⋅ NCSC UK ⋅ NCSC UK
Advisory: APT29 targets COVID-19 vaccine development
WellMail elf.wellmess SoreFang WellMess

2020-07-16 ⋅ ⋅ ID Ransomware ⋅ Andrew Ivanov
FastWind Ransomware

2020-07-16 ⋅ CISA ⋅ US-CERT
Malware Analysis Report (AR20-198C)
WellMail

2020-07-16 ⋅ CISA ⋅ US-CERT
Malware Analysis Report (AR20-198A)
SoreFang