Malpedia Library

2025-06-18 ⋅ Huntress Labs ⋅ Alden Schmidt, Jonathan Semon, Stuart Ashenbrenner
Feeling Blue(Noroff): Inside a Sophisticated DPRK Web3 Intrusion

2024-11-14 ⋅ Huntress Labs ⋅ Team Huntress
It’s Not Safe to Pay SafePay
SafePay

2024-08-08 ⋅ Huntress Labs ⋅ Jai Minton
X
Octowave Loader

2024-07-17 ⋅ Huntress Labs ⋅ Alden Schmidt, Greg Linares, Matt Anderson
Fake Browser Updates Lead to BOINC Volunteer Computing Software
FAKEUPDATES MintsLoader AsyncRAT

2023-09-07 ⋅ Huntress Labs ⋅ Harlan Carvey
Evolution of USB-Borne Malware, Raspberry Robin
Raspberry Robin

2023-08-23 ⋅ Twitter (@embee_research) ⋅ Embee_research, Huntress Labs
Extracting Xworm from Bloated Golang Executable
XWorm

2023-05-09 ⋅ Huntress Labs ⋅ Matthew Brennan
Advanced Cyberchef Tips - AsyncRAT Loader
AsyncRAT

2023-03-30 ⋅ Huntress Labs ⋅ John Hammond
3CX VoIP Software Compromise & Supply Chain Threats
3CX Backdoor

2023-02-08 ⋅ Huntress Labs ⋅ Joe Slowik, Matt Anderson
Investigating Intrusions From Intriguing Exploits
Silence

2023-02-08 ⋅ Huntress Labs ⋅ Michael Elford
AsyncRAT: Analysing the Three Stages of Execution
AsyncRAT

2023-02-03 ⋅ Huntress Labs ⋅ Chad Hudson
Ave Maria and the Chambers of Warzone RAT
Ave Maria

2022-10-12 ⋅ Twitter (@embee_research) ⋅ Embee_research, Huntress Labs
Tweets on detection of Brute Ratel via API Hashes
Brute Ratel C4

2022-10-11 ⋅ Twitter (@embee_research) ⋅ Embee_research, Huntress Labs
Tweet on Havoc C2 - Static Detection Via Ntdll API Hashes
Havoc

2022-08-16 ⋅ Huntress Labs ⋅ Dray Agha
Cleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPY

2022-03-01 ⋅ Huntress Labs ⋅ John Hammond
Targeted APT Activity: BABYSHARK Is Out for Blood
BabyShark

2022-02-18 ⋅ Huntress Labs ⋅ Matthew Brennan
Hackers No Hashing: Randomizing API Hashes to Evade Cobalt Strike Shellcode Detection
Cobalt Strike

2022-01-15 ⋅ Huntress Labs ⋅ Team Huntress
Threat Advisory: VMware Horizon Servers Actively Being Hit With Cobalt Strike (by DEV-0401)
Cobalt Strike

2021-10-22 ⋅ Huntress Labs ⋅ Caleb Stewart
Threat Advisory: Hackers Are Exploiting a Vulnerability in Popular Billing Software to Deploy Ransomware

2021-08-19 ⋅ Huntress Labs ⋅ John Hammond
Microsoft Exchange Servers Still Vulnerable to ProxyShell Exploit

2021-08-17 ⋅ Huntress Labs ⋅ Matthew Brennan
Snakes on a Domain: An Analysis of a Python Malware Loader

2021-07-20 ⋅ Huntress Labs ⋅ John Hammond
Security Researchers’ Hunt to Discover Origins of the Kaseya VSA Mass Ransomware Incident
REvil

2021-07-02 ⋅ Huntress Labs ⋅ Huntress Labs
Crticial Ransomware Incident in Progress
REvil

2021-05-25 ⋅ Huntress Labs ⋅ Matthew Brennan
Cobalt Strikes Again: An Analysis of Obfuscated Malware
Cobalt Strike

2021-04-05 ⋅ Huntress Labs ⋅ John Hammond
From PowerShell to Payload: An Analysis of Weaponized Malware

2021-03-05 ⋅ Huntress Labs ⋅ Huntress Labs
Operation Exchange Marauder
CHINACHOPPER

2021-03-04 ⋅ Huntress Labs ⋅ Huntress Labs
Operation Exchange Marauder
CHINACHOPPER

2021-03-03 ⋅ Huntress Labs ⋅ John Hammond
Rapid Response: Mass Exploitation of On-Prem Exchange Servers
CHINACHOPPER HAFNIUM

2021-03-03 ⋅ Huntress Labs ⋅ Huntress Labs
Mass exploitation of on-prem Exchange servers :(
CHINACHOPPER HAFNIUM

2021-01-28 ⋅ Huntress Labs ⋅ John Hammond
Analyzing Ryuk Another Link in the Cyber Attack Chain
BazarBackdoor Ryuk

2020-06-18 ⋅ Medium Huntress Labs ⋅ John Ferrell
Hiding In Plain Sight