Malpedia Library

Click here to download all references as Bib-File.•

2021-03-30 ⋅ Proofpoint ⋅ Joshua Miller, Proofpoint Threat Research Team
BadBlood: TA453 Targets US and Israeli Medical Research Personnel in Credential Phishing Campaigns
TA453

2021-03-15 ⋅ Trustwave ⋅ Joshua Deacon
HAFNIUM, China Chopper and ASP.NET Runtime
CHINACHOPPER

2021-03-15 ⋅ Team Cymru ⋅ Josh Hopkins
FIN8: BADHATCH Threat Indicator Enrichmen
BADHATCH

2021-03-11 ⋅ Cyborg Security ⋅ Josh Campbell
You Don't Know the HAFNIUM of it...
CHINACHOPPER Cobalt Strike PowerCat

2021-03-10 ⋅ Lemon's InfoSec Ramblings ⋅ Josh Lemon
Microsoft Exchange & the HAFNIUM Threat Actor
CHINACHOPPER

2021-03-09 ⋅ Attivo NETWORKS ⋅ Anil Gupta, Gorang Joshi, Saravanan Mohan
Hafnium – Active Exploitation of Microsoft Exchange and Lateral Movement

2021-03-02 ⋅ Volexity ⋅ Josh Grunzweig, Matthew Meltzer, Sean Koessel, Steven Adair, Thomas Lancaster
Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities
CHINACHOPPER HAFNIUM

2021-03-01 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Joshua Platt
Investigation into the state of Nim malware
BazarNimrod Cobalt Strike

2021-03-01 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Joshua Platt
Nimar Loader
BazarBackdoor BazarNimrod Cobalt Strike

2021-01-26 ⋅ Team Cymru ⋅ CERT-BR, Josh Hopkins, Manabu Niseki
GhostDNSbusters (Part 3) Illuminating GhostDNS Infrastructure

2021-01-20 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Joshua Platt
Anchor and Lazarus together again?
Anchor TrickBot

2020-12-16 ⋅ Cyborg Security ⋅ Josh Meltzer
SUNBURST: SolarWinds Supply-Chain Attack
SUNBURST

2020-12-09 ⋅ CrowdStrike ⋅ Jason Rivera, Josh Burgess
From Zero to SixtyThe Story of North Korea’s Rapid Ascent to Becoming a Global Cyber Superpower
FastCash Hermes WannaCryptor

2020-10-28 ⋅ FireEye ⋅ Douglas Bienstock, Jeremy Kennelly, Joshua Shilko, Kimberly Goody, Steve Elovitz
Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser
BazarBackdoor Cobalt Strike Ryuk UNC1878

2020-08-21 ⋅ Vimeo (RiskIQ) ⋅ Josh Burgess, Steve Ginty
The Evolution of Ransomware & Pinchy Spider's Shot at the Title
Gandcrab REvil

2020-07-30 ⋅ FireEye ⋅ Joseph Hladik, Josh Fleischer
Obscured by Clouds: Insights into Office 365 Attacks and How Mandiant Managed Defense Investigates

2020-07-22 ⋅ SentinelOne ⋅ Jason Reaves, Joshua Platt
Enter the Maze: Demystifying an Affiliate Involved in Maze (SNOW)
ISFB Maze TrickBot Zloader

2020-06-30 ⋅ CrowdStrike ⋅ Chad Hemenway, Chris Cwalina, Josh Burgess, Scot Lippenholz
Playing Chess Against Nation-State and Ransomware Threat Actors

2020-06-22 ⋅ Sentinel LABS ⋅ Jason Reaves, Joshua Platt
Inside a TrickBot Cobalt Strike Attack Server
Cobalt Strike TrickBot

2020-05-31 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Joshua Platt
WastedLoader or DridexLoader?
Dridex WastedLocker