Malpedia Library

2022-10-04 ⋅ Twitter (@sekoia_io) ⋅ sekoia
Tweets detailing operation of Erbium stealer
Erbium Stealer

2022-10-04 ⋅ Medium (@DCSO_CyTec) ⋅ Axel Wauer, Johann Aydinbas
MSSQL, meet Maggie
Maggie

2022-09-22 ⋅ Twitter (@sekoia_io) ⋅ sekoia
Tweets on Lumma stealer
Lumma Stealer

2022-09-16 ⋅ Group-IB ⋅ Twitter (@GroupIB_GIB)
Tweet on Uber Employees potentially infected with Raccoon and Vidar stealer
Raccoon Vidar

2022-08-30 ⋅ Medium the_abjuri5t ⋅ John F
NanoCore RAT Hunting Guide
Nanocore RAT

2022-08-25 ⋅ Expel ⋅ Andrew Jerry, Kyle Pellett
MORE_EGGS and Some LinkedIn Resumé Spearphishing
More_eggs

2022-08-16 ⋅ Twitter (@fumik0_) ⋅ fumik0
Tweet on Lumma Stealer based on Mars Stealer
Lumma Stealer

2022-08-01 ⋅ Twitter (@sekoia_io) ⋅ sekoia
Tweet on Turla's CyberAzov activity
CyberAzov

2022-07-26 ⋅ ⋅ Cert-UA ⋅ Cert-UA
UAC-0010 (Armageddon) cyberattacks using the GammaLoad.PS1_v2 malware (CERT-UA#5003,5013,5069,5071)
Gamaredon Group

2022-06-28 ⋅ Twitter (@_CPResearch_) ⋅ Check Point Research
Tweet on malware used against Steel Industry in Iran
Meteor Predatory Sparrow

2022-06-28 ⋅ Twitter (@_icebre4ker_) ⋅ Fr4
Revive and Coper are using similar phishing template and app
Coper

2022-05-12 ⋅ ⋅ Cert-UA ⋅ Cert-UA
Uac-0010 (Armageddon) cyberattacks using GammaLoad.PS1_v2 malware (CERT-UA#4634,4648)
Gamaredon Group

2022-04-27 ⋅ Binary Defense ⋅ shade_vx
Detecting Ransomware’s Stealthy Boot Configuration Edits

2022-04-21 ⋅ eSentire ⋅ eSentire Threat Response Unit (TRU)
Hackers Spearphish Corporate Hiring Managers with Poisoned Resumes, Infecting Them with the More_Eggs Malware, Warns eSentire
More_eggs TerraLoader VenomLNK

2022-04-14 ⋅ Medium (@DCSO_CyTec) ⋅ Axel Wauer, DCSO CyTec
404 — File still found
SideWinder

2022-04-04 ⋅ The DFIR Report ⋅ @0xtornado, @MettalicHack, @yatinwad, @_pete_0
Stolen Images Campaign Ends in Conti Ransomware
Conti IcedID

2022-03-12 ⋅ Twitter (@ET_Labs) ⋅ ET Labs
A quick thread examining the network artifacts of the HermeticWizard spreading
HermeticWizard

2022-03-10 ⋅ Twitter (@teamcymru_S2) ⋅ Team Cymru
Tweet on Crimson RAT infrastructure used by APT36
Crimson RAT

2022-02-28 ⋅ Twitter (@M_haggis) ⋅ The Haag
Tweet on parsing Daxin driver metadata using powershell
Daxin

2022-02-26 ⋅ Atomic Matryoshka ⋅ z3r0day_504
Infographic: APTs in South America
Imminent Monitor RAT Machete