Malpedia Library

2020-02-18 ⋅ Personal Blog of Christophe Tafani-Dereeper ⋅ Christophe Tafani-Dereeper
Hidden in PEB Sight: Hiding Windows API Imports With a Custom Loader

2020-02-18 ⋅ Trend Micro ⋅ Cedric Pernet, Daniel Lunghi, Jamz Yaneza, Kenney Lu
Uncovering DRBControl
Clambling

2020-02-18 ⋅ Sophos Labs ⋅ Luca Nagy
Nearly a quarter of malware now communicates using TLS
Dridex IcedID TrickBot

2020-02-18 ⋅ PWC UK ⋅ Kris McConkey, Sveva Vittoria Scenarelli
Tracking ‘Kimsuky’, the North Korea-based cyber espionage group: Part 1
Kimsuky

2020-02-18 ⋅ Github (DanusMinimus) ⋅ Dan Lisichkin
Analyzing Modern Malware Techniques Part 4: I’m afraid of no packer(Part 1 of 2)
SmokeLoader

2020-02-18 ⋅ Lastline ⋅ Jason Zhang, Stefano Ortolani
Nemty Ransomware Scaling UP: APAC Mailboxes Swarmed by Dual Downloaders
Nemty Phorpiex

2020-02-18 ⋅ Cisco Talos ⋅ Vanja Svajcer
Building a bypass with MSBuild
Cobalt Strike GRUNT MimiKatz

2020-02-18 ⋅ Trend Micro ⋅ Cedric Pernet, Daniel Lunghi, Jamz Yaneza, Kenney Lu
Uncovering DRBControl: Inside the Cyberespionage Campaign Targeting Gambling Operations
Cobalt Strike HyperBro PlugX Trochilus RAT Operation DRBControl

2020-02-18 ⋅ CERT.PL ⋅ Michał Praszmo
What’s up Emotet?
Emotet

2020-02-17 ⋅ Talent-Jump Technologies ⋅ Theo Chen, Zero Chen
CLAMBLING - A New Backdoor Base On Dropbox
HyperBro PlugX

2020-02-17 ⋅ Max Kersten's Blog ⋅ Max Kersten
Following the tracks of MageCart 12
magecart

2020-02-17 ⋅ Yoroi ⋅ Yoroi
Cyberwarfare: A deep dive into the latest Gamaredon Espionage Campaign
Pteranodon

2020-02-16 ⋅ ClearSky ⋅ ClearSky Research Team
Fox Kitten Campaign: Widespread Iranian Espionage-Offensive Campaign
SSHNET Fox Kitten

2020-02-16 ⋅ Check Point Research ⋅ Check Point Research
Hamas Android Malware On IDF Soldiers-This is How it Happened
Unidentified APK 004

2020-02-15 ⋅ Github (nathanlopez) ⋅ Nathan Lopez
Python Remote Administration Tool (RAT)
Stitch

2020-02-14 ⋅ US-CERT ⋅ US-CERT
Malware Analysis Report (AR20–045B): MAR-10265965-2.v1 - North Korean Trojan: SLICKSHOES
SLICKSHOES

2020-02-14 ⋅ US-CERT ⋅ US-CERT
Malware Analysis Report (AR20-045A): MAR-10265965-1.v1 - North Korean Trojan: BISTROMATH
BISTROMATH

2020-02-14 ⋅ US-CERT ⋅ US-CERT
Malware Analysis Report (AR20-045D): MAR-10271944-1.v1 - North Korean Trojan: HOTCROISSANT
HOTCROISSANT

2020-02-14 ⋅ US-CERT ⋅ US-CERT
Malware Analysis Report (AR20-045E): MAR-10271944-2.v1 - North Korean Trojan: ARTFULPIE
ARTFULPIE

2020-02-14 ⋅ US-CERT ⋅ US-CERT
Malware Analysis Report (AR20-045F): MAR-10271944-3.v1 - North Korean Trojan: BUFFETLINE
BUFFETLINE