Malpedia Library

Click here to download all references as Bib-File.•

2021-10-15 ⋅ Volatility Labs ⋅ Volatility Labs
Memory Forensics R&D Illustrated: Detecting Mimikatz's Skeleton Key Attack
MimiKatz

2021-10-14 ⋅ Morphisec ⋅ Arnold Osipov
Explosive New MirrorBlast Campaign Targets Financial Companies
MirrorBlast

2021-10-12 ⋅ IronNet ⋅ Brett Fitzpatrick, IronNet Threat Research, Joey Fitzpatrick, Morgan Demboski, Peter Rydzynski
Continued Exploitation of CVE-2021-26084

2021-09-30 ⋅ Medium proferosec-osm ⋅ Brenton Morris
RansomEXX, Fixing Corrupted Ransom
RansomEXX

2021-09-23 ⋅ Talos ⋅ Asheer Malhotra, Justin Thattil, Vanja Svajcer
Operation “Armor Piercer:” Targeted attacks in the Indian subcontinent using commercial RATs
Ave Maria NetWire RC

2021-09-21 ⋅ Morphisec ⋅ Nadav Lorber
New Jupyter Evasive Delivery through MSI Installer
solarmarker

2021-09-15 ⋅ Telsy ⋅ Telsy
REMCOS and Agent Tesla loaded into memory with Rezer0 loader
Agent Tesla Remcos

2021-09-14 ⋅ Fortinet ⋅ John Simmons
More ProxyShell? Web Shells Lead to ZeroLogon and Application Impersonation Attacks

2021-09-01 ⋅ YouTube (Black Hat) ⋅ Aragorn Tseng, Charles Li
Mem2Img: Memory-Resident Malware Detection via Convolution Neural Network
Cobalt Strike PlugX Waterbear

2021-08-27 ⋅ Morphisec ⋅ Morphisec Labs
ProxyShell Exchange Exploitation Now Leads To An Increasing Amount Of Cobaltstrike Backdoors
Cobalt Strike

2021-08-03 ⋅ Sophos ⋅ Sean Gallagher, Yusuf Arslan Polat
Trash Panda as a Service: Raccoon Stealer steals cookies, cryptocoins, and more
Raccoon

2021-07-30 ⋅ Menlo Security ⋅ MENLO Security
ISOMorph Infection: In-Depth Analysis of a New HTML Smuggling Campaign
AsyncRAT NjRAT

2021-07-30 ⋅ RiskIQ ⋅ Team Atlas
Bear Tracks: Infrastructure Patterns Lead to More Than 30 Active APT29 C2 Servers
elf.wellmess WellMess

2021-07-27 ⋅ The Record ⋅ Catalin Cimpanu
BlackMatter ransomware targets companies with revenue of $100 million and more

2021-07-27 ⋅ SYGNIA ⋅ Amitai Ben Shushan Ehrlich, Amnon Kushnir, Arie Zilberstein, Asaf Eitani, Gil Biton, Itay Shohat, Martin Korman, Noam Lifshitz, Sygnia Incident Response Team
TG1021: "Praying Mantis" Dissecting an Advanced Memory-Resident Attack

2021-07-21 ⋅ Quick Heal ⋅ Rumana Siddiqui
FormBook Malware Returns: New Variant Uses Steganography and In-Memory Loading of multiple stages to steal data
Formbook

2021-07-18 ⋅ ⋅ Lemonde ⋅ Damien Leloup
From Rabat to Paris, Morocco does not let go of journalists
Chrysaor

2021-07-17 ⋅ Eyes on Life ⋅ Eyes on Life
Candiru's Spyware: How It Works And Attacking Journalists, Activists And Many More

2021-07-13 ⋅ YouTube (John Hammond) ⋅ John Hammond
JScript Deobfuscation - More WSHRAT (Malware Analysis)
Houdini

2021-07-09 ⋅ Solarwind ⋅ Solarwind
Serv-U Remote Memory Escape Vulnerability CVE-2021-35211 (exploited in the wild)