Malpedia Library

Click here to download all references as Bib-File.•

2025-03-31 ⋅ Sekoia ⋅ Amaury G., Coline Chavane, Félix Aime, Sekoia TDR
From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic
FrostyFerret GolangGhost GolangGhost

2025-01-25 ⋅ Sophos ⋅ Anthony Bradshaw, Colin Cowie, Daniel Souter, Hunter Neal, Mark Parsons, Sean Baird, Sean Gallagher
Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing”
ReedBed STAC5143 UNC4393

2024-11-13 ⋅ Sekoia ⋅ Coline Chavane, Sekoia TDR
A three-beat waltz: The ecosystem behind Chinese state-sponsored cyber threats

2024-05-21 ⋅ Sekoia ⋅ Amaury G., Coline Chavane, Kilian Seznec, Sekoia TDR
Master of Puppets: Uncovering the DoppelGänger pro-Russian influence campaign

2023-04-21 ⋅ Sophos ⋅ Colin Cowie, Paul Jaramillo
IcedID: Defrosting a Recent Campaign Illustrating evolving tactics and shared infrastructure
IcedID PhotoLoader

2022-07-20 ⋅ Sophos ⋅ Colin Cowie, Gabor Szappanos
OODA: X-Ops Takes On Burgeoning SQL Server Attacks
Maoloa Remcos TargetCompany

2022-05-23 ⋅ DCSO ⋅ Colin Murphy, Johann Aydinbas
A deal with the devil: Analysis of a recent Matanbuchus sample
Matanbuchus

2022-04-25 ⋅ th3protocol blog ⋅ Colin Cowie
Choziosi Loader: Multi-platform campaign delivering browser extension malware
Choziosi

2022-02-23 ⋅ Sophos ⋅ Abhijit Gupta, Anand Ajjan, Andrew Brandt, Colin Cowie, Felix Weyne, Rahil Shah, Steven Lott, Syed Zaidi, Vikas Singh, Xiaochuan Zhang
Dridex bots deliver Entropy ransomware in recent attacks
Entropy

2022-01-19 ⋅ Sophos ⋅ Colin Cowie, Mat Gangwer, Sophos MTR Team, Stan Andic
Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike
Cobalt Strike Zloader

2021-09-02 ⋅ Twitter (@th3_protoCOL) ⋅ Colin, GaborSzappanos
Tweet on Confluence Server exploitation (CVE-2021-26084) in the wild and cobaltsrike activity (mentioned in replies by GaborSzappanos)
Cobalt Strike

2020-12-31 ⋅ Youtube (Colin Hardy) ⋅ Colin Hardy
SUPERNOVA - Everything you need to know to Reverse Engineer an APT WebShell
SUPERNOVA

2020-12-22 ⋅ Youtube (Colin Hardy) ⋅ Colin Hardy
SUNBURST SolarWinds RECON - Malware Reverse Engineering, OSINT and Identifying Victims
SUNBURST

2020-12-17 ⋅ Youtube (Colin Hardy) ⋅ Colin Hardy
SUNBURST SolarWinds Malware - Tools, Tactics and Methods to get you started with Reverse Engineering
SUNBURST

2020-12-16 ⋅ Twitter @cybercdh) ⋅ Colin Hardy
Tweet on 3 key actions SUNBURST performs as soon as it's invoked
SUNBURST

2020-12-15 ⋅ Twitter @cybercdh) ⋅ Colin Hardy
Tweet on some more capabilties of SUNBURST backdoor
SUNBURST

2020-12-15 ⋅ Twitter @cybercdh) ⋅ Colin Hardy
Tweet on CyberChef recipe to extract and decode strings from #SolarWinds malware binaries.
SUNBURST

2020-09-30 ⋅ Team Cymru ⋅ Jacomo Piccolini, James Shank
Pandamic: Emissary Pandas in the Middle East
HyperBro HyperSSL

2019-04-30 ⋅ Cisco Talos ⋅ Colin Grady, Jaeson Schultz, Matt Valites, Pierre Cadieux
Sodinokibi ransomware exploits WebLogic Server vulnerability
REvil

2017-10-11 ⋅ Cisco Talos ⋅ @Simpo13, Colin Grady, Dave Maynor, Edmund Brumaghin
Spoofed SEC Emails Distribute Evolved DNSMessenger
DNSMessenger

2017-04-27 ⋅ ColinGuru ⋅ Colin Hardy
Advanced Banload Analysis
Banload

2017-03-02 ⋅ Cisco ⋅ Colin Grady, Edmund Brumaghin
Covert Channels and Poor Decisions: The Tale of DNSMessenger
DNSMessenger