Malpedia Library

2018-09-18 ⋅ The Citizenlab ⋅ Bahr Abdul Razzak, Bill Marczak, John Scott-Railton, Ron Deibert, Sarah McKune
Hide and Seek: Tracking NSO Group’s Pegasus Spyware to Operations in 45 Countries
Chrysaor

2018-05-15 ⋅ Reuters ⋅ Hugh Lawson, Niklas Pollard, Olof Swahnberg, Simon Johnson
Swedish sports body says anti-doping unit hit by hacking attack
APT28

2018-04-08 ⋅ Twitter (@JohnLaTwC) ⋅ John Lambert
Tweet on ConMiner WebAssembly
CryptoNight

2018-04-08 ⋅ Gist (JohnLaTwC) ⋅ John Lambert
Cryptonight currency miner WASM
CryptoNight

2018-03-09 ⋅ Adam Senft, Bill Marczak, Jakub Dalek, John Scott-Railton, Ron Deibert, Sarah McKune
Sandvine’s PacketLogic Devices Used to Deploy Government Spyware in Turkey and Redirect Egyptian Users to Affiliate Ads?
StrongPity

2018-02-20 ⋅ Twitter (@JohnLaTwC) ⋅ John Lambert
Tweet on EvilOSX
EvilOSX

2018-02-06 ⋅ Forcepoint ⋅ John Bergbom
DanderSpritz/PeddleCheap traffic analysis (Part 1 of 2)
PeddleCheap

2017-12-14 ⋅ FireEye ⋅ Blake Johnson, Christopher Glyer, Dan Caban, Dan Scali, Marina Krotofil, Nathan Brubaker
Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure
Triton TEMP.Veles

2017-12-06 ⋅ The Citizen Lab ⋅ Bill Marczak, Geoffrey Alexander, John Scott-Railton, Ron Deibert, Sarah McKune
Champing at the Cyberbit Ethiopian Dissidents Targeted with New Commercial Spyware
PC Surveillance System

2017-10-04 ⋅ Twitter (@JohnLaTwC) ⋅ John Lambert
Tweet on Turla JS backdoor
Maintools.js

2017-09-22 ⋅ Kaspersky Labs ⋅ John Snow
NRansom: Ransomware that demands your nudes
nRansom

2017-08-18 ⋅ Trend Micro ⋅ John Sanchez
KOVTER: An Evolving Malware Gone Fileless
Kovter

2017-04-10 ⋅ Symantec ⋅ A L Johnson
Longhorn: Tools used by cyberespionage group linked to Vault 7
Lambert Longhorn

2017-02-27 ⋅ Symantec ⋅ A L Johnson
Shamoon: Multi-staged destructive attacks limited to specific targets
DistTrack MimiKatz Rocket Kitten

2017-02-12 ⋅ Symantec ⋅ A L Johnson
Attackers target dozens of global banks with new malware
Ratankba Lazarus Group

2017-02-12 ⋅ Symantec ⋅ A L Johnson
Attackers target dozens of global banks with new malware
Joanap Ratankba Sierra(Alfa,Bravo, ...) Lazarus Group

2016-11-30 ⋅ Symantec ⋅ A L Johnson
Shamoon: Back from the dead and destructive as ever
DistTrack OilRig

2016-11-17 ⋅ CitizenLab ⋅ Adam Hulcoop, Etienne Maynier, John Scott-Railton, Masashi Crete-Nishihata, Matt Brooks
It’s Parliamentary - KeyBoy and the targeting of the Tibetan Community
KeyBoy

2016-08-08 ⋅ Symantec ⋅ A L Johnson
Strider: Cyberespionage group turns eye of Sauron on targets
Flame Regin Remsec ProjectSauron

2016-05-29 ⋅ CitizenLab ⋅ Bill Marczak, John Scott-Railton
Keep Calm and (Don’t) Enable Macros: A New Threat Actor Targets UAE Dissidents
Stealth Falcon