Malpedia Library

Click here to download all references as Bib-File.•

2025-02-18 ⋅ K7 Security ⋅ Harihara Sudhan
Exposing the Deceit: Phishing Sites Impersonating Government Entities

2025-02-18 ⋅ Varist ⋅ Kervin Alintanahin
Malvertisements, Fake Captchas and Infostealers
Lumma Stealer

2025-02-18 ⋅ Orange Cyberdefense ⋅ Alexis Bonnefoi, Marine PICHON
IOCs Green Nailao campaign (NailaoLocker, ShadowPad)
NailaoLocker PlugX ShadowPad

2025-02-18 ⋅ inversecos ⋅ Lina Lau
An inside look at NSA (Equation Group) TTPs from China’s lense
SECONDDATE

2025-02-18 ⋅ Proofpoint ⋅ Proofpoint Threat Research Team
An Update on Fake Updates: Two New Actors, and New Mac Malware
Marcher FAKEUPDATES FrigidStealer Lumma Stealer

2025-02-15 ⋅ Medium TRAC Labs ⋅ TRAC Labs
Don’t Ghost the SocGholish: GhostWeaver Backdoor
FAKEUPDATES

2025-02-15 ⋅ c-b.io ⋅ cyb3rjerry
Dissecting a fresh BlankGrabber sample
BlankGrabber

2025-02-14 ⋅ Twitter (@DTCERT) ⋅ Deutsche Telekom CERT
Twitter Thread on a password-protected loader observed in a vishing campaign
Unidentified 120

2025-02-13 ⋅ Securonix ⋅ Den Iyzvyk, Tim Peck
Analyzing DEEP#DRIVE: North Korean Threat Actors Observed Exploiting Trusted Platforms for Targeted Attacks
RandomQuery

2025-02-13 ⋅ Symantec ⋅ Threat Hunter Team
China-linked Espionage Tools Used in Ransomware Attacks
PlugX

2025-02-13 ⋅ Recorded Future ⋅ Recorded Future
Inside the Scam: North Korea’s IT Worker Threat
BeaverTail OtterCookie InvisibleFerret

2025-02-13 ⋅ Recorded Future ⋅ Insikt Group
RedMike (Salt Typhoon) Exploits Vulnerable Cisco Devices of Global Telecommunications Providers
GhostEmperor

2025-02-12 ⋅ Hunt.io ⋅ Hunt.io
Tracking Pyramid C2: Identifying Post-Exploitation Servers in Hunt
Pyramid

2025-02-12 ⋅ ⋅ Donga ⋅ Shin Gyu-jin
Suspected North Korean hacker hacks a large number of data from a government document system developer

2025-02-12 ⋅ cyber.wtf blog ⋅ Hendrik Eckardt, Leonard Rapp
Unpacking Pyarmor v8+ scripts
AsyncRAT DCRat XWorm

2025-02-12 ⋅ Red Canary ⋅ Phil Hagen, Tony Lambert
Defying tunneling: A Wicked approach to detecting malicious network traffic
AsyncRAT DCRat NjRAT XWorm

2025-02-12 ⋅ Bleeping Computer ⋅ Bill Toulas
Surge in attacks exploiting old ThinkPHP and ownCloud flaws

2025-02-12 ⋅ The Hacker News ⋅ Ravie Lakshmanan
North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack

2025-02-11 ⋅ Sekoia ⋅ Pierre Le Bourhis
RATatouille: Cooking Up Chaos in the I2P Kitchen
Unidentified 118

2025-02-11 ⋅ EclecticIQ ⋅ Arda Büyükkaya
Sandworm APT Targets Ukrainian Users with Trojanized Microsoft KMS Activation Tools in Cyber Espionage Campaigns
Kalambur BACKORDER DCRat