Malpedia Library

Click here to download all references as Bib-File.•

2023-04-11 ⋅ Microsoft ⋅ Microsoft Incident Response
Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign
BlackLotus

2023-04-11 ⋅ Twitter (@Unit42_Intel) ⋅ Unit42
Tweet on change of IcedID backconnect traffic port from 8080 to 443
IcedID

2023-04-10 ⋅ Twitter (@embee_research) ⋅ Matthew
Redline Stealer - Static Analysis and C2 Extraction
Amadey RedLine Stealer

2023-04-09 ⋅ @0xToxin
LummaC2 BreakDown
Lumma Stealer

2023-04-08 ⋅ Team Cymru ⋅ Scott Fisher
Deriving Insight from Threat Actor Infrastructure
Raccoon

2023-04-07 ⋅ Elastic ⋅ Salim Bitam
Attack chain leads to XWORM and AGENTTESLA
Agent Tesla XWorm

2023-04-07 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
MERCURY and DEV-1084: Destructive attack on hybrid environment
DarkBit Storm-1084

2023-04-06 ⋅ Spamhaus ⋅ Raashid Bhat
Neutralizing Tofsee Spambot – Part 2 | InMemoryConfig store vaccine
Tofsee

2023-04-06 ⋅ Spamhaus ⋅ Raashid Bhat
Neutralizing Tofsee Spambot – Part 1 | Binary file vaccine
Tofsee

2023-04-05 ⋅ Google ⋅ Adam Weidemann, Google Threat Analysis Group
How we’re protecting users from government-backed attacks from North Korea
BabyShark

2023-04-05 ⋅ Outpost24 ⋅ Alberto Marín
Everything you need to know about the LummaC2 Stealer: Leveraging IDA Python and Unicorn to deobfuscate Windows API Hashing
Lumma Stealer

2023-04-05 ⋅ Medium Ilandu ⋅ Ilan Duhin
PortDoor - APT Backdoor analysis
ACBackdoor 8.t Dropper PortDoor

2023-04-04 ⋅ Symantec ⋅ Threat Hunter Team
Mantis: New Tooling Used in Attacks Against Palestinian Targets
Arid Gopher Micropsia

2023-04-04 ⋅ Check Point Research ⋅ Jiří Vinopal
Rorschach – A New Sophisticated and Fast Ransomware
Rorschach Ransomware

2023-04-03 ⋅ Mandiant ⋅ Eduardo Mattos, JASON DEYALSINGH, Nick Richard, NICK SMITH, Tyler McLellan
ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access
LaZagne BlackCat MimiKatz

2023-04-03 ⋅ Kaspersky Labs ⋅ Georgy Kucherin
Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack
Gopuram

2023-04-01 ⋅ Objective-See ⋅ Patrick Wardle
Ironing out (the macOS) details of a Smooth Operator (Part II)
3CX Backdoor

2023-03-31 ⋅ Group-IB ⋅ Group-IB
36gate: supply chain attack
3CX Backdoor

2023-03-31 ⋅ vmware ⋅ Threat Analysis Unit
Investigating 3CX Desktop Application Attacks: What You Need to Know
3CX Backdoor

2023-03-31 ⋅ Blackberry ⋅ The BlackBerry Research & Intelligence Team
Initial Implants and Network Analysis Suggest the 3CX Supply Chain Operation Goes Back to Fall 2022
3CX Backdoor