Malpedia Library

Click here to download all references as Bib-File.•

2022-01-19 ⋅ Kaspersky ⋅ Kirill Kruglov
Campaigns abusing corporate trusted infrastructure hunt for corporate credentials on ICS networks

2022-01-13 ⋅ Kaspersky Labs ⋅ Seongsu Park, Vitaly Kamluk
The BlueNoroff cryptocurrency hunt is still on
CageyChameleon SnatchCrypto WebbyTea

2021-12-16 ⋅ Kaspersky ICS CERT ⋅ Kaspersky
PseudoManuscrypt: a mass-scale spyware attack campaign
Fabookie

2021-12-16 ⋅ Kaspersky Lab ICS CERT
PseudoManuscrypt: a mass-scale spyware attack campaign
PseudoManuscrypt

2021-12-16 ⋅ Kaspersky ⋅ Kaspersky Lab ICS CERT
PseudoManuscrypt: a mass-scale spyware attack campaign

2021-12-14 ⋅ Kaspersky Labs ⋅ Paul Rascagnères, Pierre Delcher
Owowa: the add-on that turns your OWA into a credential stealer and remote access panel
Owowa

2021-11-29 ⋅ Kaspersky ⋅ GReAT
ScarCruft surveilling North Korean defectors and human rights activists
Chinotto Chinotto PoorWeb

2021-11-29 ⋅ Kaspersky ⋅ Maher Yamout
WIRTE’s campaign in the Middle East ‘living off the land’ since at least 2019
WIRTE

2021-10-27 ⋅ Kaspersky ⋅ Ivan Kwiatkowski
Extracting type information from Go binaries
GoldMax

2021-10-26 ⋅ Kaspersky Labs ⋅ GReAT
APT trends report Q3 2021
Vicious Panda

2021-10-26 ⋅ Kaspersky ⋅ Kaspersky Lab ICS CERT
APT attacks on industrial organizations in H1 2021
8.t Dropper AllaKore AsyncRAT GoldMax LimeRAT NjRAT NoxPlayer Raindrop ReverseRAT ShadowPad Zebrocy

2021-10-26 ⋅ Kaspersky ⋅ GReAT
APT trends report Q3 2021

2021-10-20 ⋅ Kaspersky ⋅ Ruslan Sabitov
Russian-speaking cybercrime evolution: What changed from 2016 to 2021

2021-10-19 ⋅ Kaspersky ⋅ Oleg Kupreev
Trickbot module descriptions
TrickBot

2021-10-07 ⋅ Kaspersky ⋅ Aseel Kayal, Mark Lechtik, Paul Rascagnères
LYCEUM Reborn: Counterintelligence in the Middle East
danbot LYCEUM

2021-10-07 ⋅ Kaspersky ⋅ Fedor Sinitsyn, Yanis Zinchenko
Ransomware in the CIS
Cryakl Dharma Hakbit Phobos Void

2021-09-30 ⋅ Kaspersky Labs ⋅ Kaspersky Labs
GhostEmperor’s infection chain and post-exploitation toolset: technical detail
GhostEmperor GhostEmperor

2021-09-30 ⋅ Kaspersky ⋅ Aseel Kayal, Mark Lechtik, Paul Rascagnères, Vasily Berdnikov
GhostEmperor: From ProxyLogon to kernel mode
GhostEmperor GhostEmperor

2021-09-29 ⋅ Kaspersky Labs ⋅ Ivan Kwiatkowski, Pierre Delcher
DarkHalo after SolarWinds: the Tomiris connection (UNC2849)
tomiris Storm-0473

2021-09-28 ⋅ Kaspersky Labs ⋅ GReAT
FinSpy: unseen findings
FinFisher FinFisher FinFisher FinFisher RAT