Malpedia Library

2022-10-31 ⋅ Elastic ⋅ Andrew Pease, Daniel Stepanic, Derek Ditch, Seth Goodwin
ICEDIDs network infrastructure is alive and well
IcedID

2022-10-28 ⋅ Elastic ⋅ @rsprooten, Elastic Security Intelligence & Analytics Team
EMOTET dynamic config extraction
Emotet

2022-10-25 ⋅ Microsoft ⋅ Microsoft Security Threat Intelligence
DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector
BlackCat Mount Locker PortStarter Zeppelin Vanilla Tempest

2022-10-25 ⋅ U.S. Department of Justice
Newly Unsealed Indictment Charges Ukrainian National with International Cybercrime Operation
Raccoon

2022-10-10 ⋅ RiskIQ ⋅ Microsoft Threat Intelligence Center (MSTIC)
DEV-0832 Leverages Commodity Tools in Opportunistic Ransomware Campaigns
BlackCat Mount Locker SystemBC Zeppelin

2022-09-15 ⋅ DuskRise ⋅ Cluster25 Threat Intel Team
Erbium InfoStealer Enters the Scene: Characteristics and Origins
Erbium Stealer

2022-09-09 ⋅ Elastic ⋅ Salim Bitam
BUGHATCH Malware Analysis
BUGHATCH

2022-08-25 ⋅ Microsoft ⋅ Microsoft 365 Defender Research Team, Microsoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations
MimiKatz

2022-08-24 ⋅ Elastic ⋅ Cyril François
QBOT Malware Analysis
QakBot

2022-08-24 ⋅ Microsoft ⋅ Detection and Response Team (DART), Microsoft 365 Defender Team, Microsoft Threat Intelligence Center (MSTIC)
MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone

2022-08-18 ⋅ DomainTools ⋅ DomainTools Research
A Sticky Situation Part 2

2022-08-15 ⋅ Microsoft ⋅ Digital Threat Analysis Center (DTAC), Microsoft Threat Intelligence Center (MSTIC), Office 365 Threat Research Team
Disrupting SEABORGIUM’s ongoing phishing operations
Callisto

2022-08-15 ⋅ ⋅ Weixin ⋅ Know Chuangyu
Analysis of the characteristics of new activities organized by Patchwork APT in South Asia

2022-08-15 ⋅ Microsoft ⋅ Digital Threat Analysis Center (DTAC), Microsoft Threat Intelligence Center (MSTIC), Office 365 Threat Research Team
Disrupting SEABORGIUM’s ongoing phishing operations

2022-07-27 ⋅ Microsoft ⋅ Microsoft Security Response Center (MSRC), Microsoft Threat Intelligence Center (MSTIC), RiskIQ
Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits
Subzero Denim Tsunami

2022-07-27 ⋅ Elastic ⋅ Andrew Pease, Cyril François, Seth Goodwin
Exploring the QBOT Attack Pattern
QakBot

2022-07-27 ⋅ Elastic ⋅ Cyril François, Derek Ditch
QBOT Configuration Extractor
QakBot

2022-07-25 ⋅ Kaspersky ⋅ GReAT
CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

2022-07-14 ⋅ Microsoft ⋅ Microsoft Digital Security Unit (DSU), Microsoft Threat Intelligence Center (MSTIC)
North Korean threat actor (H0lyGh0st /DEV-0530) targets small and midsize businesses with H0lyGh0st ransomware
SiennaBlue SiennaPurple Storm-0530

2022-07-12 ⋅ Microsoft ⋅ Microsoft 365 Defender Research Team, Microsoft Threat Intelligence Center (MSTIC)
From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud