Malpedia Library

Click here to download all references as Bib-File.•

2023-07-12 ⋅ Lab52 ⋅ Lab52
New invitation from APT29 to use CCleaner
Unidentified 107 (APT29)

2023-07-12 ⋅ Mandiant ⋅ Dan Black, Gabby Roncone
The GRU's Disruptive Playbook
CaddyWiper INDUSTROYER2 XakNet

2023-07-12 ⋅ Dragos ⋅ Dragos
Mitigating CVE-2023-3595 and CVE-2023-3596 Impacting Rockwell Automation ControlLogix Firmware

2023-07-11 ⋅ sysdig ⋅ Alessandro Brucato
SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto
SCARLETEEL

2023-07-11 ⋅ AhnLab ⋅ ASEC
Analysis of the Rekoobe Backdoor Being Used In Attacks Against Linux Systems in Korea
Rekoobe

2023-07-11 ⋅ Cloudsek ⋅ Bablu Kumar
Breaking into the Bandit Stealer Malware Infrastructure
Bandit Stealer

2023-07-11 ⋅ Mandiant ⋅ Ng Choon Kiat, Rommel Joven
The Spies Who Loved You: Infected USB Drives to Steal Secrets
PlugX

2023-07-11 ⋅ Spamhaus ⋅ Spamhaus Malware Labs
Spamhaus Botnet Threat Update Q2 2023
Hydra AsyncRAT Aurora Stealer Ave Maria BumbleBee Cobalt Strike DCRat Havoc IcedID ISFB NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee

2023-07-11 ⋅ Twitter (@embee_research) ⋅ Embee_research
Tweets on Ransomware Infrastructure Analysis With Censys and GrabbrApp
DarkSide

2023-07-11 ⋅ Microsoft ⋅ Microsoft
Storm-0978 attacks reveal financial and espionage motives
ROMCOM RAT

2023-07-10 ⋅ Mandiant ⋅ Jennifer Guzzetta, Matthew McWhirt, Phil Pearce, Thirumalai Natarajan Muthiah
Defend Against the Latest Active Directory Certificate Services Threats

2023-07-08 ⋅ Blackberry ⋅ BlackBerry Research & Intelligence Team
RomCom Threat Actor Suspected of Targeting Ukraine's NATO Membership Talks at the NATO Summit
ROMCOM RAT

2023-07-08 ⋅ Gi7w0rm
CloudEyE — From .lnk to Shellcode
CloudEyE Remcos

2023-07-07 ⋅ Cert-UA ⋅ Cert-UA
UAC-0057 Targeted Cyber Attack Against Government Agencies Using PicassoLoader/njRAT (CERT-UA#6948)
PicassoLoader Ghostwriter

2023-07-07 ⋅ Medium cryptax ⋅ Axelle Apvrille
Eyes on Android/S.O.V.A botnet sample
S.O.V.A.

2023-07-07 ⋅ Rapid7 Labs ⋅ Caitlin Condon
Exploitation of Mitel MiVoice Connect SA CVE-2022-29499

2023-07-07 ⋅ Zscaler ⋅ Niraj Shivtarkar, Preet Kamal
The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region

2023-07-07 ⋅ Lab52 ⋅ Lab52
Beyond appearances: unknown actor using APT29’s TTP against Chinese users
Cobalt Strike

2023-07-07 ⋅ Github (cocomelonc) ⋅ cocomelonc
Malware development trick - part 34: Find PID via WTSEnumerateProcesses. Simple C++ example.

2023-07-06 ⋅ Microsoft ⋅ Microsoft Incident Response
The five-day job: A BlackByte ransomware intrusion case study
BlackByte ExByte