Malpedia Library

2023-10-18 ⋅ Twitter (@embee_research) ⋅ Embee_research
Ghidra Tutorial - Using Entropy To Locate a Cobalt Strike Decryption Function
Cobalt Strike

2023-10-18 ⋅ Google ⋅ Kate Morgan
Government-backed actors exploiting WinRAR vulnerability
APT40

2023-10-18 ⋅ SOCRadar ⋅ SOCRadar
Threat Actor Profile: SiegedSec
SiegedSec

2023-10-18 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability
FeedLoad ForestTiger HazyLoad RollSling Silent Chollima

2023-10-18 ⋅ Kaspersky Labs ⋅ GReAT, Kaspersky Lab ICS CERT
Updated MATA attacks industrial companies in Eastern Europe
Dacls Unidentified 106

2023-10-18 ⋅ Cado Security ⋅ Matt Muir, Nate Bill
Qubitstrike - An Emerging Malware Campaign Targeting Jupyter Notebooks

2023-10-17 ⋅ ⋅ AhnLab ⋅ ASEC Analysis Team
Lazarus Group’s Operation Dream Magic
LazarDoor wAgentTea

2023-10-17 ⋅ Kaspersky Labs ⋅ GReAT
APT trends report Q3 2023
BadRory TetrisPhantom

2023-10-17 ⋅ SOCRadar ⋅ SOCRadar
Dark Peep #2: War and a Piece of Hilarity
UserSec

2023-10-17 ⋅ Intrinsec ⋅ CTI Intrinsec
Lumma Stealer actively deployed in multiple campaigns
Lumma Stealer

2023-10-17 ⋅ Oliver Hough
PROSPERNOT (PROSPERO-AS) The Little AS That Could. Part 1

2023-10-16 ⋅ Sekoia ⋅ Quentin Bourgue, Threat & Detection Research Team
ClearFake: a newcomer to the “fake updates” threats landscape
ClearFake

2023-10-16 ⋅ Twitter (@embee_research) ⋅ Embee_research
Decoding a Simple Visual Basic (.vbs) Script - DarkGate Loader
DarkGate

2023-10-16 ⋅ Kaspersky Labs ⋅ GReAT
A hack in hand is worth two in the bush
StrifeWater RAT Cyber Av3ngers

2023-10-15 ⋅ The Record ⋅ Jonathan Greig
Colonial Pipeline attributes ransomware claims to ‘unrelated’ third-party data breach
RansomVC

2023-10-15 ⋅ CyberCTO ⋅ Ollie Whitehouse
Chinese Cyber: Resources for Western Researchers

2023-10-15 ⋅ ⋅ Cert-UA ⋅ Cert-UA
Peculiarities of destructive cyber attacks against Ukrainian providers (CERT-UA#7627)
Poseidon UAC-0006

2023-10-13 ⋅ Twitter (@MsftSecIntel) ⋅ Microsoft Threat Intelligence
Tweet on Storm-1575 and Dadsec phishing platform
Storm-1575

2023-10-13 ⋅ Rewterz Information Security ⋅ Rewterz Information Security
Rewterz Threat Alert – Power Supplier’s Network Infiltrated for 6 Months by “Redfly” Hackers – Active IOCs
Redfly

2023-10-13 ⋅ SentinelOne ⋅ SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 41
Storm-0062