Malpedia Library

2022-02-26 ⋅ Atomic Matryoshka ⋅ z3r0day_504
Infographic: APTs in South America
Imminent Monitor RAT Machete

2022-02-21 ⋅ Atomic Matryoshka ⋅ z3r0day_504
Ousaban MSI Installer Analysis
Ousaban

2022-02-17 ⋅ Twitter (@Honeymoon_IoC) ⋅ Gi7w0rm
Tweets on win.prometei caught via Cowrie
Prometei

2022-01-28 ⋅ Atomic Matryoshka ⋅ z3r0day_504
Malware Headliners: LokiBot
Loki Password Stealer (PWS)

2022-01-24 ⋅ Twitter (@_icebre4ker_) ⋅ _icebre4ker_
Vultur Dropper on Google Play Store
Vultur

2022-01-22 ⋅ Atomic Matryoshka ⋅ z3r0day_504
Malware Headliners: Emotet
Emotet

2022-01-21 ⋅ Twitter (@_CPResearch_) ⋅ Check Point Research
Tweet on WhiteLambert malware
Lambert

2022-01-20 ⋅ Cybleinc ⋅ Cyble
Deep Dive Into Ragnar_locker Ransomware Gang
RagnarLocker

2022-01-15 ⋅ Atomic Matryoshka ⋅ z3r0day_504
Malware Headliners: Qakbot
QakBot

2022-01-13 ⋅ Twitter (@8th_grey_owl) ⋅ 8thGreyOwl
Tweet on SelfMake Loader
SelfMake Loader

2022-01-09 ⋅ Github (xephora) ⋅ @x3ph1
Observed malicious IOCs for the ChromeLoader/CS_installer aka Choziosi Loader Malware
Choziosi Choziosi

2022-01-09 ⋅ Atomic Matryoshka ⋅ z3r0day_504
Malware Headliners: Dridex
Dridex

2022-01-02 ⋅ Atomic Matryoshka ⋅ z3r0day_504
"Cracking Open the Malware Piñata" Series: Intro to Dynamic Analysis with RedLineStealer
RedLine Stealer

2021-11-17 ⋅ Twitter (@Unit42_Intel) ⋅ Unit 42
Tweet on Matanbuchus Loader used to deliver Qakbot (tag obama128b) and follow-up CobaltStrike
Cobalt Strike QakBot

2021-11-16 ⋅ Twitter (@_CPResearch_) ⋅ Check Point Research
Tweet on 32bit version of CVE-2021-1732 exploited by BITTER group

2021-11-16 ⋅ Twitter (@_icebre4ker_) ⋅ Fr4
Tweet about Aberebot source code put up for sale by the developer
Aberebot

2021-11-15 ⋅ The DFIR Report ⋅ 0xtornado, v3t0_
Exchange Exploit Leads to Domain Wide Ransomware

2021-11-12 ⋅ Twitter (@Arkbird_SOLG) ⋅ Arkbird
Tweets on Void Balaur using QuantLoader and ZStealer
QuantLoader ZStealer

2021-11-05 ⋅ Twitter (@Unit42_Intel) ⋅ Unit 42
Tweet on TA551 (Shathak) BazarLoader infection with CobaltStrike and DarkVNC drops
BazarBackdoor Cobalt Strike

2021-11-03 ⋅ Twitter (@Corvid_Cyber) ⋅ CORVID
Tweet on a unique Qbot debugger dropped by an actor after compromise
QakBot