Malpedia Library

Click here to download all references as Bib-File.•

2021-09-02 ⋅ Twitter (@th3_protoCOL) ⋅ Colin, GaborSzappanos
Tweet on Confluence Server exploitation (CVE-2021-26084) in the wild and cobaltsrike activity (mentioned in replies by GaborSzappanos)
Cobalt Strike

2021-08-30 ⋅ Twitter (@Arkbird_SOLG) ⋅ Arkbird
Tweet on MercurialGrabber
MercurialGrabber

2021-08-05 ⋅ Twitter (@VK_intel) ⋅ Vitali Kremez
Tweet on Linux variant of BlackMatter
BlackMatter

2021-07-30 ⋅ Twitter (@Unit42_Intel) ⋅ Unit 42
Tweet on BazarLoader infection leading to cobaltstrike and Powershell script file for PrintNightmare vulnerability
BazarBackdoor Cobalt Strike

2021-07-26 ⋅ Twitter (@alex_lanstein) ⋅ Alex Lanstein
Tweet on BITTER group widely targeting diplomats in Yangon

2021-07-17 ⋅ Twitter (@_icebre4ker_) ⋅ _icebre4ker_
Tweet: new version of Teabot targeting also Portugal banks
Anatsa

2021-07-16 ⋅ Twitter (@benkow_) ⋅ Benoît Ancel
Tweet on DeepRAT
DeepRAT

2021-07-16 ⋅ Twitter (@alex_lanstein) ⋅ Alex Lanstein
Tweet on attacks from UNC2652/NOBELIUM

2021-07-07 ⋅ Twitter (@resecurity_com) ⋅ Resecurity
Tweet REvil attack chain used against Kaseya
REvil

2021-07-07 ⋅ Twitter (@C0rk1_H) ⋅ hyabcd
Tweet on purplefox exploiting PrintNightmare (CVE-2021-34527) vulnerability in cryptocurrency mining campaign
PurpleFox

2021-07-06 ⋅ Twitter (@_alex_il_) ⋅ Alex Ilgayev
Tweet on REvil ransomware actor using vulnerable defender executable in its infection flow in early may before Kaseya attack
REvil

2021-07-06 ⋅ 0ffset Blog ⋅ 0verfl0w_, Daniel Bunce
New TA402/MOLERATS Malware – Decrypting .NET Reactor Strings
SharpStage

2021-07-02 ⋅ Twitter (@VK_intel) ⋅ Vitali Kremez
Tweet on Revil ransomware analysis used in Kaseya attack
REvil

2021-07-01 ⋅ 360 netlab ⋅ Alex.Turing, Chai Linyuan, houliuyang, Hui Wang, Jinye
Mirai_ptea Botnet is Exploiting Undisclosed KGUARD DVR Vulnerability
Mirai

2021-06-29 ⋅ Twitter (@VK_intel) ⋅ Vitali Kremez
Tweet on Linux version of REvil ransomware
REvil