Malpedia Library

Click here to download all references as Bib-File.•

2020-09-18 ⋅ Trend Micro ⋅ Trend Micro
U.S. Justice Department Charges APT41 Hackers over Global Cyberattacks
Cobalt Strike ColdLock SharPyShell

2020-09-18 ⋅ KELA ⋅ Raveed Laeb, Victoria Kivilevich
The Initial Access Broker’s Toolbox – Remote Monitoring and Management

2020-09-18 ⋅ ⋅ ID Ransomware ⋅ Andrew Ivanov
Egregor Ransomware
Egregor

2020-09-18 ⋅ Medium cryptax ⋅ Axelle Apvrille
Locating the Trojan inside an infected COVID-19 contact tracing app
Meterpreter

2020-09-18 ⋅ AppGate ⋅ Felipe Duarte, Gustavo Palazolo
Reverse Engineering Dridex and Automating IOC Extraction
Dridex

2020-09-18 ⋅ Symantec ⋅ Threat Hunter Team
APT41: Indictments Put Chinese Espionage Group in the Spotlight
CROSSWALK PlugX POISONPLUG ShadowPad Winnti

2020-09-18 ⋅ Symantec ⋅ Threat Hunter Team
Elfin: Latest U.S. Indictments Appear to Target Iranian Espionage Group
Nanocore RAT

2020-09-18 ⋅ Github (gdbinit) ⋅ Pedro Vilaça
EvilQuest/ThiefQuest strings decrypt/deobfuscator
EvilQuest

2020-09-17 ⋅ Avast Decoded ⋅ Jan Rubín
Complex obfuscation? Meh… (1/2)
DarkGate

2020-09-17 ⋅ Joe Security's Blog ⋅ Joe Security
GuLoader's VM-Exit Instruction Hammering explained
CloudEyE

2020-09-17 ⋅ CRYPSIS ⋅ Drew Schmitt
Ransomware’s New Trend: Exfiltration and Extortion
LockBit

2020-09-17 ⋅ PWC UK ⋅ PWC UK
Analysis of WellMail malware's Command and Control (C2) server
WellMail

2020-09-17 ⋅ FBI ⋅ FBI
FBI FLASH ME-000134-MW: Indicators of Compromise Associated with Rana Intelligence Computing, also known as APT39, Chafer, Cadelspy, Remexi, and ITG07

2020-09-17 ⋅ FBI ⋅ FBI
FBI PIN Number 20200917-001: IRGC-Associated Cyber Operations Against US Company Networks
MimiKatz Nanocore RAT

2020-09-17 ⋅ U.S. Department of the Treasury ⋅ U.S. Department of the Treasury
Counter Terrorism Designations; Iran/Cyber-related Designations

2020-09-17 ⋅ U.S. Department of the Treasury ⋅ U.S. Department of the Treasury
Treasury Sanctions Cyber Actors Backed by Iranian Intelligence Ministry

2020-09-17 ⋅ SophosLabs Uncut ⋅ Andrew Brandt, Peter Mackenzie
Maze attackers adopt Ragnar Locker virtual machine technique
Maze

2020-09-17 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Maze ransomware now encrypts via virtual machines to evade detection
Maze

2020-09-17 ⋅ Max Kersten's Blog ⋅ Max Kersten
Automatic ReZer0 payload and configuration extraction

2020-09-16 ⋅ Qianxin ⋅ Red Raindrop Team
Target defense industry: Lazarus uses recruitment bait combined with continuously updated cyber weapons
CRAT