Malpedia Library

Click here to download all references as Bib-File.•

2022-08-05 ⋅ 0xIvan ⋅ Twitter (@viljoenivan)
LokiBot Analysis
Loki Password Stealer (PWS)

2022-08-01 ⋅ Twitter (@sekoia_io) ⋅ sekoia
Tweet on Turla's CyberAzov activity
CyberAzov

2022-07-11 ⋅ Twitter (@cglyer) ⋅ Christopher Glyer
Tweet on LAPSUS$/DEV-0537
Storm-0829

2022-07-08 ⋅ Twitter (@billyleonard) ⋅ Billy Leonard
Twiiter thread about some recent Turla activity spoofing the Azov Regiment ... but targeting Android users.

2022-06-28 ⋅ Twitter (@_CPResearch_) ⋅ Check Point Research
Tweet on malware used against Steel Industry in Iran
Meteor Predatory Sparrow

2022-06-28 ⋅ Twitter (@_icebre4ker_) ⋅ Fr4
Revive and Coper are using similar phishing template and app
Coper

2022-06-17 ⋅ Github (NtQuerySystemInformation) ⋅ Twitter (@kasua02)
A reverse engineer primer on Qakbot Dll Stager: From initial execution to multithreading.
QakBot

2022-06-14 ⋅ Twitter (@3xp0rtblog) ⋅ 3xp0rt
Tweet on Keona Clipper
Keona

2022-06-11 ⋅ Twitter (@MsftSecIntel) ⋅ Microsoft Threat Intelligence
Tweet on DEV-0401, DEV-0234 exploiting Confluence RCE CVE-2022-26134
Kinsing Mirai Cobalt Strike Lilac Typhoon

2022-06-02 ⋅ Twitter (@sysopfb) ⋅ Jason Reaves
Tweets on UpdateAgent - GolangVersion
UpdateAgent

2022-05-08 ⋅ Twitter (@malmoeb) ⋅ Stephan Berger
Twitter Thread on popularity and detection of r77
r77

2022-05-08 ⋅ Twitter (@CraigHRowland) ⋅ Craig Rowland
Twitter Thread with description of functionality for BPFDoor
BPFDoor

2022-05-08 ⋅ Twitter (@cyb3rops) ⋅ Florian Roth
Tweet on source code for BPFDoor found on VT
BPFDoor

2022-05-06 ⋅ Twitter (@MsftSecIntel) ⋅ Microsoft Security Intelligence
Twitter Thread on initial infeciton of SocGholish/ FAKEUPDATES campaigns lead to BLISTER Loader, CobaltStrike, Lockbit and followed by Hands On Keyboard activity
FAKEUPDATES Blister Cobalt Strike LockBit

2022-05-04 ⋅ Twitter (@felixw3000) ⋅ Felix
Twitter Thread with info on infection chain with IcedId, Cobalt Strike, and Hidden VNC.
Cobalt Strike IcedID PhotoLoader

2022-05-04 ⋅ Twitter (@ESETresearch) ⋅ Twitter (@ESETresearch)
Twitter thread on code similarity analysis, focussing on IsaacWiper and recent Cluster25 publication
IsaacWiper

2022-04-28 ⋅ Twitter (@vinopaljiri) ⋅ Jiří Vinopal
#ONYX Ransomware is based on #Chaos Ransomware Builderv4
Chaos

2022-04-28 ⋅ vx-underground ⋅ Twitter (@vxunderground)
Tweet on leaked Prynt Stealer source code and similarity to AyncRAT
AsyncRAT Prynt Stealer

2022-04-19 ⋅ Twitter (@Cryptolaemus1) ⋅ Cryptolaemus
#Emotet Update: 64 bit upgrade of Epoch 5
Emotet

2022-04-14 ⋅ Twitter (@silascutler) ⋅ Silas Cutler
Tweet on sample discovery for potential INCONTROLLER
INCONTROLLER