Malpedia Library

2025-01-23 ⋅ Github (PaloAltoNetworks) ⋅ Brad Duncan
Cluster of Infrastructure likely used by Affiliate of Dark Scorpius (Black Basta)
ReedBed

2024-03-07 ⋅ Malware Traffic Analysis ⋅ Brad Duncan
2024-03-07 (THURSDAY): LATRODECTUS INFECTION LEADS TO LUMMA STEALER
Latrodectus Lumma Stealer

2024-01-19 ⋅ paloalto Networks Unit 42 ⋅ Ben Zhang, Billy Melicher, Bo Qu, Brad Duncan, Qi Deng, Zhanglin He
Parrot TDS: A Persistent and Evolving Malware Campaign
Parrot TDS Parrot TDS WebShell

2023-10-03 ⋅ Malware Traffic Analysis ⋅ Brad Duncan
2023-10-03 (Tuesday) - PikaBot infection with Cobalt Strike
Cobalt Strike Pikabot

2023-06-05 ⋅ Malware Traffic Analysis ⋅ Brad Duncan
30 DAYS OF FORMBOOK: DAY 1, MONDAY 2023-06-05
Formbook

2023-05-30 ⋅ SANS ISC ⋅ Brad Duncan
Malspam pushes ModiLoader (DBatLoader) infection for Remcos RAT
DBatLoader

2023-05-30 ⋅ Palo Alto Networks Unit 42 ⋅ Brad Duncan
Cold as Ice: Answers to Unit 42 Wireshark Quiz for IcedID
IcedID PhotoLoader

2023-04-12 ⋅ InfoSec Handlers Diary Blog ⋅ Brad Duncan
Recent IcedID (Bokbot) activity
IcedID PhotoLoader

2023-04-12 ⋅ SANS ISC ⋅ Brad Duncan
Recent IcedID (Bokbot) activity
IcedID

2023-01-18 ⋅ SANS ISC ⋅ Brad Duncan
Malicious Google Ad --> Fake Notepad++ Page --> Aurora Stealer malware
Aurora Stealer

2023-01-03 ⋅ Malware Traffic Analysis ⋅ Brad Duncan
2023-01-03 (TUESDAY) - GOOGLE AD --> FAKE NOTPAD++ PAGE --> RHADAMANTHYS STEALER
Rhadamanthys

2022-12-15 ⋅ ISC ⋅ Brad Duncan
Google ads lead to fake software pages pushing IcedID (Bokbot)
IcedID

2022-08-19 ⋅ SANS ISC ⋅ Brad Duncan
Brazil malspam pushes Astaroth (Guildma) malware
Astaroth

2022-08-12 ⋅ SANS ISC ⋅ Brad Duncan
Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike
Cobalt Strike DarkVNC IcedID

2022-08-03 ⋅ Palo Alto Networks Unit 42 ⋅ Brad Duncan
Flight of the Bumblebee: Email Lures and File Sharing Services Lead to Malware
BazarBackdoor BumbleBee Cobalt Strike Conti

2022-07-27 ⋅ SANS ISC ⋅ Brad Duncan
IcedID (Bokbot) with Dark VNC and Cobalt Strike
DarkVNC IcedID

2022-07-07 ⋅ SANS ISC ⋅ Brad Duncan
Emotet infection with Cobalt Strike
Cobalt Strike Emotet

2022-06-17 ⋅ SANS ISC ⋅ Brad Duncan
Malspam pushes Matanbuchus malware, leads to Cobalt Strike
Cobalt Strike Matanbuchus

2022-06-09 ⋅ InfoSec Handlers Diary Blog ⋅ Brad Duncan
TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)
QakBot

2022-05-19 ⋅ InfoSec Handlers Diary Blog ⋅ Brad Duncan
Bumblebee Malware from TransferXL URLs
BumbleBee Cobalt Strike