Malpedia Library

Click here to download all references as Bib-File.•

2023-04-10 ⋅ Twitter (@embee_research) ⋅ Matthew
Redline Stealer - Static Analysis and C2 Extraction
Amadey RedLine Stealer

2023-04-08 ⋅ Twitter (@embee_research) ⋅ Embee_research
Dcrat - Manual De-obfuscation of .NET Malware
DCRat

2023-04-08 ⋅ Team Cymru ⋅ Scott Fisher
Deriving Insight from Threat Actor Infrastructure
Raccoon

2023-04-08 ⋅ cocomelonc ⋅ cocomelonc
Malware AV/VM evasion - part 15: WinAPI GetModuleHandle implementation. Simple C++ example.

2023-04-07 ⋅ Elastic ⋅ Salim Bitam
Attack chain leads to XWORM and AGENTTESLA
Agent Tesla XWorm

2023-04-07 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
MERCURY and DEV-1084: Destructive attack on hybrid environment
DarkBit Storm-1084

2023-04-06 ⋅ Spamhaus ⋅ Raashid Bhat
Neutralizing Tofsee Spambot – Part 3 | Network-based kill switch
Tofsee

2023-04-06 ⋅ Spamhaus ⋅ Raashid Bhat
Neutralizing Tofsee Spambot – Part 2 | InMemoryConfig store vaccine
Tofsee

2023-04-06 ⋅ Spamhaus ⋅ Raashid Bhat
Neutralizing Tofsee Spambot – Part 1 | Binary file vaccine
Tofsee

2023-04-05 ⋅ Google ⋅ Adam Weidemann, Google Threat Analysis Group
How we’re protecting users from government-backed attacks from North Korea
BabyShark

2023-04-05 ⋅ velociraptor ⋅ Matt Green
Automating Qakbot Decode At Scale
QakBot

2023-04-05 ⋅ Outpost24 ⋅ Alberto Marín
Everything you need to know about the LummaC2 Stealer: Leveraging IDA Python and Unicorn to deobfuscate Windows API Hashing
Lumma Stealer

2023-04-04 ⋅ Symantec ⋅ Threat Hunter Team
Mantis: New Tooling Used in Attacks Against Palestinian Targets
Arid Gopher Micropsia

2023-04-04 ⋅ Cisco Talos ⋅ Edmund Brumaghin
Typhon Reborn V2: Updated stealer features enhanced anti-analysis and evasion capabilities
Typhon Stealer

2023-04-04 ⋅ Check Point Research ⋅ Jiří Vinopal
Rorschach – A New Sophisticated and Fast Ransomware
Rorschach Ransomware

2023-04-03 ⋅ Mandiant ⋅ Eduardo Mattos, JASON DEYALSINGH, Nick Richard, NICK SMITH, Tyler McLellan
ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access
LaZagne BlackCat MimiKatz

2023-04-03 ⋅ Twitter (@kucher1n) ⋅ Georgy Kucherin
Tweet on an alternative Guporam sample
Gopuram

2023-04-03 ⋅ Kaspersky Labs ⋅ Georgy Kucherin
Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack
Gopuram

2023-04-03 ⋅ Youtube (MalwareAnalysisForHedgehogs) ⋅ Karsten Hahn
Malware Analysis - 3CX SmoothOperator ffmpeg.dll with Binary Ninja
3CX Backdoor

2023-04-02 ⋅ OALabs ⋅ Sergei Frankoff
AresLoader Taking a closer look at this new loader
AresLoader