Malpedia Library

Click here to download all references as Bib-File.•

2023-06-29 ⋅ DeepInstinct ⋅ Deep Instinct Threat Lab, Simon Kenin
PhonyC2: Revealing a New Malicious Command & Control Framework by MuddyWater
PhonyC2 POWERSTATS

2023-06-28 ⋅ BI. ZONE Cyber Threats Research Team ⋅ Oleg Skulkin
Red Wolf is back to spy on commercial firms Red Wolf is back to spy on commercial firms
RedCurl

2023-06-28 ⋅ vmware ⋅ Bria Beathley, Dana Behling, Deborah Snyder, Fae Carlisle
8Base Ransomware: A Heavy Hitting Player
8Base Phobos SmokeLoader SystemBC

2023-06-28 ⋅ Mandiant ⋅ Alexander Marvi, Greg Blaum, Ron Craft
Detection, Containment, and Hardening Opportunities for Privileged Guest Operations, Anomalous Behavior, and VMCI Backdoors on Compromised VMware Hosts
UNC3886

2023-06-28 ⋅ ⋅ AhnLab ⋅ Sanseo
Kimsuky Attack Group Abusing Chrome Remote Desktop
Appleseed

2023-06-28 ⋅ Kaspersky Labs ⋅ GReAT
Andariel’s silly mistakes and a new malware family
Jupiter

2023-06-28 ⋅ Volexity ⋅ Ankur Saini, Charlie Gardner
Charming Kitten Updates POWERSTAR with an InterPlanetary Twist
POWERSTAR

2023-06-27 ⋅ Viuleeenz ⋅ Alessandro Strino
IDA-Python - Locate a function independently from its offset

2023-06-26 ⋅ Github (cocomelonc) ⋅ cocomelonc
Malware AV/VM evasion - part 18: encrypt/decrypt payload via modular multiplication-based block cipher. Simple C++ example.

2023-06-26 ⋅ ThreatFabric ⋅ ThreatFabric
Anatsa banking Trojan hits UK, US and DACH with new campaign
Anatsa

2023-06-23 ⋅ Securonix ⋅ Den Iyzvyk, Oleg Kolesnikov, Tim Peck
Detecting New MULTI#STORM Attack Campaign Involving Python-based Loader Masquerading as OneDrive Utilities to Drop Multiple RAT Payloads With Security Analytics
Ave Maria

2023-06-23 ⋅ Fourcore ⋅ Jones Martin
Clop Ransomware: History, Timeline, And Adversary Simulation
Clop

2023-06-23 ⋅ Phylum ⋅ Phylum Research Team
Phylum Discovers Sophisticated Ongoing Attack on NPM

2023-06-23 ⋅ Trendmicro ⋅ Arianne Dela Cruz, Ieriz Nicolle Gonzalez, Ivan Nicole Chavez, Nathaniel Morales, Paul Pajares
An Overview of the Different Versions of the Trigona Ransomware
Trigona

2023-06-23 ⋅ MSSP Lab ⋅ cocomelonc
Malware source code investigation: Paradise Ransomware
Paradise

2023-06-23 ⋅ Medium (Cryptax) ⋅ Axelle Apvrille
Inside KangaPack: the Kangaroo packer with native decryption
FluHorse

2023-06-22 ⋅ DeepInstinct ⋅ Deep Instinct Threat Lab, Mark Vaitzman, Shaul Vilkomir-Preisman
PindOS: New JavaScript Dropper Delivering Bumblebee and IcedID
PindOS BumbleBee PhotoLoader

2023-06-22 ⋅ ANY.RUN ⋅ ANY.RUN
Malware Analysis Gh0stBins, Chinese RAT: Malware Analysis, Protocol Description, RDP Stream Recovery
Gh0stBins

2023-06-22 ⋅ Kaspersky Labs ⋅ GReAT
LockBit Green and phishing that targets organizations
LockBit LockBit

2023-06-21 ⋅ eSentire ⋅ eSentire Threat Response Unit (TRU)
Persistent Connection Established: Nitrogen Campaign Leverages DLL Side-Loading Technique for C2 Communication
Nitrogen Loader