Malpedia Library

Click here to download all references as Bib-File.•

2021-09-03 ⋅ IBM ⋅ Andrew Gorecki, Camille Singleton, John Dwyer
Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight
Valak QakBot REvil

2021-09-03 ⋅ FireEye ⋅ Adrian Sanchez Hernandez, Alex Pennino, Andrew Rector, Brendan McKeague, Govand Sinjari, Harris Ansari, John Wolfram, Joshua Goddard, Yash Gupta
PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers
CHINACHOPPER HTran

2021-08-24 ⋅ CitizenLab ⋅ Ali Abdulemam, Bill Marczak, John Scott-Railton, Kristin Berdan, Noura Al-Jizawi, Ron Deibert, Siena Anstis
From Pearl to Pegasus Bahraini Government Hacks Activists with NSO Group Zero-Click iPhone Exploits
Chrysaor

2021-08-19 ⋅ Huntress Labs ⋅ John Hammond
Microsoft Exchange Servers Still Vulnerable to ProxyShell Exploit

2021-07-27 ⋅ Youtube (SANS Institute) ⋅ John Hammond, Katie Nickels
SANS Threat Analysis Rundown - Kaseya VSA attack
REvil

2021-07-20 ⋅ Huntress Labs ⋅ John Hammond
Security Researchers’ Hunt to Discover Origins of the Kaseya VSA Mass Ransomware Incident
REvil

2021-07-19 ⋅ Washington Post ⋅ Ellen Nakashima, John Hudson
U.S., allies accuse China of hacking Microsoft and condoning other cyberattacks (APT40)

2021-07-18 ⋅ CitizenLab ⋅ Bill Marczak, John Scott-Railton, Ron Deibert, Siena Anstis
Independent Peer Review of Amnesty International’s Forensic Methods for Identifying Pegasus Spyware
Chrysaor

2021-07-15 ⋅ CitizenLab ⋅ Bahr Abdul Razzak, Bill Marczak, John Scott-Railton, Kristin Berdan, Ron Deibert
Hooking Candiru Another Mercenary Spyware Vendor Comes into Focus
Chainshot

2021-07-14 ⋅ Medium TowardsDataScience ⋅ John “Turbo” Conwell
Domain Blooms: Identifying Domain Name Themes Targeted By Threat Actors

2021-07-13 ⋅ YouTube (John Hammond) ⋅ John Hammond
JScript Deobfuscation - More WSHRAT (Malware Analysis)
Houdini

2021-07-06 ⋅ paloalto Networks Unit 42 ⋅ John Martineau
Understanding REvil: The Ransomware Gang Behind the Kaseya Attack
Gandcrab REvil

2021-06-01 ⋅ SpecterOps ⋅ Jonathan Johnson
Evadere Classifications

2021-05-18 ⋅ Sophos ⋅ Greg Iddon, John Shier, Mat Gangwer, Peter Mackenzie
The Active Adversary Playbook 2021
Cobalt Strike MimiKatz

2021-05-13 ⋅ DomainTools ⋅ John “Turbo” Conwell, Tim Helming
Domain Blooms: Identifying Domain Name Themes Targeted By Threat Actors

2021-04-22 ⋅ splunk ⋅ Dave Herrald, Drew Church, James Brodsky, John Stoner, Katie Brown, Marcus LaFerrera, Michael Natkin, Mick Baccio, Ryan Kovar
SUPERNOVA Redux, with a Generous Portion of Masquerading
SUPERNOVA

2021-04-21 ⋅ splunk ⋅ Bill Wright, Dave Herrald, James Brodsky, John Stoner, Kelly Huang, Marcus LaFerrerra, Michael Natkin, Mick Baccio, Ryan Kovar, Shannon Davis, Tamara Chacon
Monitoring Pulse Connect Secure With Splunk (CISA Emergency Directive 21-03)

2021-04-05 ⋅ Huntress Labs ⋅ John Hammond
From PowerShell to Payload: An Analysis of Weaponized Malware

2021-03-26 ⋅ Imperva ⋅ Daniel Johnston
Imperva Observes Hive of Activity Following Hafnium Microsoft Exchange Disclosures
CHINACHOPPER

2021-03-12 ⋅ splunk ⋅ Amy Heng, Dave Herrald, Derek King, James Brodsky, John Stoner, Jose Hernandez, Marcus LaFerrera, Michael Haag, Mick Baccio, Ryan Kovar, Shannon Davis
Detecting Microsoft Exchange Vulnerabilities - 0 + 8 Days Later…