Malpedia Library

Click here to download all references as Bib-File.•

2021-07-18 ⋅ CitizenLab ⋅ Bill Marczak, John Scott-Railton, Ron Deibert, Siena Anstis
Independent Peer Review of Amnesty International’s Forensic Methods for Identifying Pegasus Spyware
Chrysaor

2021-07-15 ⋅ CitizenLab ⋅ Bahr Abdul Razzak, Bill Marczak, John Scott-Railton, Kristin Berdan, Ron Deibert
Hooking Candiru Another Mercenary Spyware Vendor Comes into Focus
Chainshot

2021-07-14 ⋅ Medium TowardsDataScience ⋅ John “Turbo” Conwell
Domain Blooms: Identifying Domain Name Themes Targeted By Threat Actors

2021-07-13 ⋅ YouTube (John Hammond) ⋅ John Hammond
JScript Deobfuscation - More WSHRAT (Malware Analysis)
Houdini

2021-07-06 ⋅ paloalto Networks Unit 42 ⋅ John Martineau
Understanding REvil: The Ransomware Gang Behind the Kaseya Attack
Gandcrab REvil

2021-06-01 ⋅ SpecterOps ⋅ Jonathan Johnson
Evadere Classifications

2021-05-18 ⋅ Sophos ⋅ Greg Iddon, John Shier, Mat Gangwer, Peter Mackenzie
The Active Adversary Playbook 2021
Cobalt Strike MimiKatz

2021-05-13 ⋅ DomainTools ⋅ John “Turbo” Conwell, Tim Helming
Domain Blooms: Identifying Domain Name Themes Targeted By Threat Actors

2021-04-22 ⋅ splunk ⋅ Dave Herrald, Drew Church, James Brodsky, John Stoner, Katie Brown, Marcus LaFerrera, Michael Natkin, Mick Baccio, Ryan Kovar
SUPERNOVA Redux, with a Generous Portion of Masquerading
SUPERNOVA

2021-04-21 ⋅ splunk ⋅ Bill Wright, Dave Herrald, James Brodsky, John Stoner, Kelly Huang, Marcus LaFerrerra, Michael Natkin, Mick Baccio, Ryan Kovar, Shannon Davis, Tamara Chacon
Monitoring Pulse Connect Secure With Splunk (CISA Emergency Directive 21-03)

2021-04-05 ⋅ Huntress Labs ⋅ John Hammond
From PowerShell to Payload: An Analysis of Weaponized Malware

2021-03-26 ⋅ Imperva ⋅ Daniel Johnston
Imperva Observes Hive of Activity Following Hafnium Microsoft Exchange Disclosures
CHINACHOPPER

2021-03-12 ⋅ splunk ⋅ Amy Heng, Dave Herrald, Derek King, James Brodsky, John Stoner, Jose Hernandez, Marcus LaFerrera, Michael Haag, Mick Baccio, Ryan Kovar, Shannon Davis
Detecting Microsoft Exchange Vulnerabilities - 0 + 8 Days Later…

2021-03-09 ⋅ YouTube (John Hammond) ⋅ John Hammond
HAFNIUM - Post-Exploitation Analysis from Microsoft Exchange
CHINACHOPPER

2021-03-03 ⋅ Huntress Labs ⋅ John Hammond
Rapid Response: Mass Exploitation of On-Prem Exchange Servers
CHINACHOPPER HAFNIUM

2021-03-01 ⋅ YouTube (John Hammond) ⋅ John Hammond
Mozi Malware - Finding Breadcrumbs...
Mozi

2021-02-24 ⋅ McAfee ⋅ Alexandre Mundo, John Fokker, Thibault Seret, Thomas Roccia
Technical Analysis of Babuk Ransomware
Babuk

2021-01-28 ⋅ Huntress Labs ⋅ John Hammond
Analyzing Ryuk Another Link in the Cyber Attack Chain
BazarBackdoor Ryuk

2021-01-12 ⋅ BrightTALK (FireEye) ⋅ Ben Read, John Hultquist
UNC2452: What We Know So Far
Cobalt Strike SUNBURST TEARDROP

2021-01-08 ⋅ splunk ⋅ James Brodsky, John Stoner, Lily Lee, Marcus LaFerrera, Ryan Kovar
A Golden SAML Journey: SolarWinds Continued
SUNBURST