Malpedia Library

2021-01-21 ⋅ ⋅ 360 Threat Intelligence Center ⋅ Advanced Threat Institute
Disclosure of Manling Flower Organization (APT-C-08) using Warzone RAT attack
Ave Maria

2021-01-20 ⋅ Microsoft ⋅ Microsoft 365 Defender Research Team, Microsoft Cyber Defense Operations Center (CDOC), Microsoft Threat Intelligence Center (MSTIC)
Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop
Cobalt Strike SUNBURST TEARDROP

2021-01-18 ⋅ Symantec ⋅ Threat Hunter Team
Raindrop: New Malware Discovered in SolarWinds Investigation
Cobalt Strike Raindrop SUNBURST TEARDROP

2021-01-15 ⋅ Symantec ⋅ Threat Hunter Team
SolarWinds: Insights into Attacker Command and Control Process
SUNBURST

2021-01-14 ⋅ PTSecurity ⋅ PT ESC Threat Intelligence
Higaisa or Winnti? APT41 backdoors, old and new
Cobalt Strike CROSSWALK FunnySwitch PlugX ShadowPad

2021-01-08 ⋅ Reaqta ⋅ ReaQta Threat Intelligence Team
Leonardo S.p.A. Data Breach Analysis

2021-01-08 ⋅ US-CERT ⋅ US-CERT
Alert (AA21-008A): Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments
SUNBURST SUPERNOVA

2021-01-07 ⋅ Symantec ⋅ Threat Hunter Team
SolarWinds: How a Rare DGA Helped Attacker Communications Fly Under the Radar
SUNBURST

2021-01-05 ⋅ AhnLab ⋅ AhnLab ASEC Analysis Team
[Threat Analysis] CLOP Ransomware that Attacked Korean Distribution Giant
Clop

2021-01-04 ⋅ KELA ⋅ Almog Zoosman, Victoria Kivilevich
Darknet Threat Actors Are Not Playing Games with the Gaming Industry
REvil

2021-01-04 ⋅ Morphisec ⋅ Arnold Osipov
Threat Profile the Evolution of the FIN7 JSSLoader
JSSLoader

2021-01-01 ⋅ Symantec ⋅ Symantec Threat Hunter Team
Supply Chain Attacks:Cyber Criminals Target the Weakest Link
Cobalt Strike Raindrop SUNBURST TEARDROP

2021-01-01 ⋅ DomainTools ⋅ Joe Slowik
Conceptualizing a Continuum of Cyber Threat Attribution
CHINACHOPPER SUNBURST

2021-01-01 ⋅ Secureworks ⋅ SecureWorks
Threat Profile: GOLD GALLEON
Agent Tesla HawkEye Keylogger Pony GOLD GALLEON

2021-01-01 ⋅ Secureworks ⋅ SecureWorks
Threat Profile: GOLD NORTHFIELD
GOLD NORTHFIELD

2021-01-01 ⋅ Secureworks ⋅ SecureWorks
Threat Profile: GOLD VILLAGE
Maze TA2101

2021-01-01 ⋅ Secureworks ⋅ SecureWorks
Threat Profile: GOLD FAIRFAX
Ramnit GOLD FAIRFAX

2021-01-01 ⋅ Secureworks ⋅ SecureWorks
Threat Profile: GOLD HERON
DoppelPaymer Dridex Empire Downloader DOPPEL SPIDER

2021-01-01 ⋅ Secureworks ⋅ SecureWorks
Threat Profile: GOLD FLANDERS
GOLD FLANDERS

2021-01-01 ⋅ Secureworks ⋅ SecureWorks
Threat Profile: GOLD WATERFALL
Cobalt Strike DarkSide GOLD WATERFALL