Malpedia Library

Click here to download all references as Bib-File.•

2022-02-09 ⋅ Cisco ⋅ Vanja Svajcer, Vitor Ventura
What’s with the shared VBA code between Transparent Tribe and other threat actors?

2022-02-08 ⋅ GuidePoint Security ⋅ Drew Schmitt
Using Hindsight to Close a Cuba Cold Case
Cuba

2022-01-27 ⋅ BleepingComputer ⋅ Sergiu Gatlan
Taiwanese Apple and Tesla contractor hit by Conti ransomware
Conti

2022-01-25 ⋅ Palo Alto Networks Unit 42 ⋅ Yaron Samuel
Weaponization of Excel Add-Ins Part 1: Malicious XLL Files and Agent Tesla Case Studies
Agent Tesla

2022-01-24 ⋅ Trend Micro ⋅ Junestherry Dela Cruz
Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant
LockBit LockBit

2022-01-24 ⋅ Proofpoint ⋅ Proofpoint
DTPacker – a .NET Packer with a Curious Password
Agent Tesla TA2536

2022-01-18 ⋅ Trend Micro ⋅ Arianne Dela Cruz, Bren Matthew Ebriega, Don Ovid Ladores, Mary Yambao
New Ransomware Spotted: White Rabbit and Its Evasion Tactics

2022-01-17 ⋅ Trend Micro ⋅ Cedric Pernet, Daniel Lunghi, Gloria Chen, Jaromír Hořejší, Joseph Chen, Kenney Lu
Delving Deep: An Analysis of Earth Lusca’s Operations
BIOPASS Cobalt Strike FunnySwitch JuicyPotato ShadowPad Winnti Earth Lusca

2022-01-16 ⋅ forensicitguy ⋅ Tony Lambert
Analyzing a CACTUSTORCH HTA Leading to Cobalt Strike
CACTUSTORCH Cobalt Strike

2022-01-11 ⋅ Twitter (@cglyer) ⋅ Christopher Glyer
Thread on DEV-0401, a china based ransomware operator exploiting VMware Horizon with log4shell and deploying NightSky ransomware
Cobalt Strike NightSky

2022-01-09 ⋅ Github (xephora) ⋅ @x3ph1
Observed malicious IOCs for the ChromeLoader/CS_installer aka Choziosi Loader Malware
Choziosi Choziosi

2021-12-14 ⋅ Kaspersky Labs ⋅ Paul Rascagnères, Pierre Delcher
Owowa: the add-on that turns your OWA into a credential stealer and remote access panel
Owowa

2021-12-09 ⋅ Trend Micro ⋅ Veronica Chierzi
The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs
Dark Nexus QSnatch

2021-12-09 ⋅ Microsoft ⋅ Microsoft 365 Defender Threat Intelligence Team
A closer look at Qakbot’s latest building blocks (and how to knock them down)
QakBot

2021-12-07 ⋅ Mandiant ⋅ Jake Nicastro, Nick Richard, Rufus Brown, Van Ta
FIN13: A Cybercriminal Threat Actor Focused on Mexico
jspRAT win.rekoobe FIN13

2021-12-01 ⋅ Avast ⋅ Jakub Kaloč, Jan Rubín
Toss a Coin to your Helper (Part 2 of 2)

2021-11-23 ⋅ Morphisec ⋅ Arnold Osipov, Hido Cohen
Babadeda Crypter targeting crypto, NFT, and DeFi communities
Babadeda BitRAT LockBit Remcos

2021-11-19 ⋅ IronNet ⋅ Morgan Demboski
Is a coordinated cyberattack brewing in the escalating Russian-Ukrainian conflict?

2021-11-17 ⋅ Mandiant ⋅ Joshua Goddard
ProxyNoShell: A Change in Tactics Exploiting ProxyShell Vulnerabilities

2021-11-17 ⋅ ⋅ Investigative reporting project Italy ⋅ Lorenzo Bagnoli, Riccardo Coluccini
Sorveglianza: l’azienda italiana che vuole sfidare i colossi NSO e Palantir
Chrysaor