Malpedia Library

Click here to download all references as Bib-File.•

2024-07-26 ⋅ Trellix ⋅ Mathanraj Thangaraju, Max Kersten, Tomer Shloman
Handala’s Wiper Targets Israel
Handala Hatef Handala

2024-04-30 ⋅ Trellix ⋅ Max Kersten
Pouring Acid Rain
AcidPour AcidRain

2024-01-17 ⋅ Trellix ⋅ Max Kersten
Kuiper Ransomware’s Evolution
Kuiper Kuiper Kuiper

2023-11-29 ⋅ Trellix ⋅ Alexandre Mundo, Max Kersten
Akira Ransomware
Akira Akira Storm-1567

2023-11-29 ⋅ Trellix ⋅ Alexandre Mundo, Max Kersten
Akira Ransomware
Akira

2023-04-13 ⋅ Trellix ⋅ Max Kersten
Read The Manual Locker: A Private RaaS Provider
RTM Locker

2023-04-03 ⋅ Trellix ⋅ Alexandre Mundo, Max Kersten
A Royal Analysis of Royal Ransom
Royal Ransom

2022-11-15 ⋅ Trellix ⋅ Max Kersten
Wipermania: An All You Can Wipe Buffet
dnWipe NominatusToxicBattery

2022-04-12 ⋅ Max Kersten's Blog ⋅ Max Kersten
Ghidra script to handle stack strings
CaddyWiper PlugX

2022-03-28 ⋅ Trellix ⋅ Marc Elias, Max Kersten
PlugX: A Talisman to Behold
PlugX

2022-03-02 ⋅ Trellix ⋅ Max Kersten
Digging into HermeticWiper
HermeticWiper

2022-02-01 ⋅ Max Kersten's Blog ⋅ Max Kersten
Dumping WhisperGate’s wiper from an Eazfuscator obfuscated loader
WhisperGate

2022-01-25 ⋅ Trellix ⋅ Alexandre Mundo, Christiaan Beek, Leandro Velasco, Marc Elias, Max Kersten
Prime Minister’s Office Compromised: Details of Recent Espionage Campaign
Graphite

2022-01-20 ⋅ Trellix ⋅ Christiaan Beek, Max Kersten, Raj Samani
Return of Pseudo Ransomware
WhisperGate

2022-01-17 ⋅ Twitter (@Libranalysis) ⋅ Max Kersten
Tweet on short analysis of WHISPERGATE stage 3 malware
WhisperGate

2021-09-08 ⋅ McAfee ⋅ John Fokker, Max Kersten, Thibault Seret
How Groove Gang is Shaking up the Ransomware-as-a-Service Market to Empower Affiliates
Babuk BlackMatter Babuk BlackMatter CTB Locker

2021-08-04 ⋅ McAfee ⋅ Max Kersten
See Ya Sharp: A Loader’s Tale

2021-07-25 ⋅ Max Kersten's Blog ⋅ Max Kersten
Ghidra script to decrypt a string array in XOR DDoS
XOR DDoS

2021-02-09 ⋅ Max Kersten's Blog ⋅ Max Kersten
Ghidra script to decrypt strings in Amadey 1.09
Amadey

2020-09-17 ⋅ Max Kersten's Blog ⋅ Max Kersten
Automatic ReZer0 payload and configuration extraction

2020-08-26 ⋅ Max Kersten's Blog ⋅ Max Kersten
ReZer0v4 loader
MASS Logger

2020-04-14 ⋅ Max Kersten
Emotet JavaScript downloader
Unidentified JS 003 (Emotet Downloader)

2020-03-26 ⋅ Max Kersten's Blog ⋅ Max Kersten
Azorult loader stages
Azorult

2020-02-24 ⋅ Max Kersten's Blog ⋅ Max Kersten
Closing in on MageCart 12
magecart

2020-02-17 ⋅ Max Kersten's Blog ⋅ Max Kersten
Following the tracks of MageCart 12
magecart

2020-01-20 ⋅ Max Kersten's Blog ⋅ Max Kersten
Ticket resellers infected with a credit card skimmer
magecart

2019-10-14 ⋅ Max Kersten's Blog ⋅ Max Kersten
Corona DDoS bot
Bashlite

2019-02-16 ⋅ Max Kersten's Blog ⋅ Max Kersten
Emotet droppers
Emotet