Malpedia Library

Click here to download all references as Bib-File.•

2022-05-06 ⋅ cyble ⋅ Cyble Research Labs
Rebranded Babuk Ransomware In Action: DarkAngels Ransomware Performs Targeted Attack
Babuk

2022-05-06 ⋅ CrowdStrike ⋅ Paul-Danut Urian
macOS Malware Is More Reality Than Myth: Popular Threats and Challenges in Analysis
EvilQuest FlashBack Shlayer XCSSET

2022-05-06 ⋅ Twitter (@MsftSecIntel) ⋅ Microsoft Security Intelligence
Twitter Thread on initial infeciton of SocGholish/ FAKEUPDATES campaigns lead to BLISTER Loader, CobaltStrike, Lockbit and followed by Hands On Keyboard activity
FAKEUPDATES Blister Cobalt Strike LockBit

2022-05-06 ⋅ The Hacker News ⋅ Ravie Lakshmanan
This New Fileless Malware Hides Shellcode in Windows Event Logs
Cobalt Strike

2022-05-06 ⋅ ⋅ LeMagIT ⋅ Valéry Rieß-Marchive
Ransomware: LockBit 3.0 Starts Using in Cyberattacks
LockBit

2022-05-05 ⋅ Suspicious Actor ⋅ Austin Hudson
Studying “Next Generation Malware” - NightHawk’s Attempt At Obfuscate and Sleep
Nighthawk

2022-05-05 ⋅ YouTube (The Vertex Project) ⋅ Ryan Hallbeck
Contileaks: Identifying, Extracting, & Modeling Bitcoin Addresses
Conti

2022-05-05 ⋅ Github (muha2xmad) ⋅ Muhammad Hasan Ali
Analysis of MS Word to drop Remcos RAT | VBA extraction and analysis | IoCs
Remcos

2022-05-05 ⋅ Blackberry ⋅ The BlackBerry Research & Intelligence Team
Threat Thursday: ZingoStealer – The Cost of “Free”
ZingoStealer

2022-05-05 ⋅ Troopers Conference ⋅ Ben Jackson, Will Bonner
Tinker Telco Soldier Spy (to be given 2022-06-27)
BPFDoor GALLIUM

2022-05-05 ⋅ NCC Group ⋅ Michael Matthews, Nikolaos Pantazopoulos
North Korea’s Lazarus: their initial access trade-craft using social media and social engineering
LCPDot

2022-05-04 ⋅ Cyware ⋅ Cyware
Chinese Naikon Group Back with New Espionage Attack
APT30 Naikon

2022-05-04 ⋅ HP ⋅ Patrick Schläpfer
Tips for Automating IOC Extraction from GootLoader, a Changing JavaScript Malware
GootLoader

2022-05-04 ⋅ CrowdStrike ⋅ Sebastian Walla
Compromised Docker Honeypots Used for Pro-Ukrainian DoS Attack

2022-05-04 ⋅ Twitter (@ESETresearch) ⋅ Twitter (@ESETresearch)
Twitter thread on code similarity analysis, focussing on IsaacWiper and recent Cluster25 publication
IsaacWiper

2022-05-04 ⋅ Sophos ⋅ Andreas Klopsch
Attacking Emotet’s Control Flow Flattening
Emotet

2022-05-03 ⋅ Google ⋅ Billy Leonard
Update on cyber activity in Eastern Europe
Callisto

2022-05-03 ⋅ Fortinet ⋅ Gergely Revay
Unpacking Python Executables on Windows and Linux

2022-05-03 ⋅ ⋅ AhnLab ⋅ ASEC
Backdoors disguised as document editing and messenger programs (*.chm)

2022-05-03 ⋅ Google ⋅ Billy Leonard, Google Threat Analysis Group
Update on cyber activity in Eastern Europe
Curious Gorge