Malpedia Library

Click here to download all references as Bib-File.•

2025-06-04 ⋅ Threatray ⋅ Abdallah Elshinbary, Jonas Wagner, Konstantin Klinger, Nick Attfield
The Bitter End: Unraveling Eight Years of Espionage Antics – Part Two
AlmondRAT AlmondRAT Artra Downloader BDarkRAT Havoc KiwiStealer KugelBlitz MiyaRAT ORPCBackdoor WmRAT ZxxZ

2025-06-04 ⋅ Proofpoint ⋅ Abdallah Elshinbary, Jonas Wagner, Konstantin Klinger, Nick Attfield
The Bitter End: Unraveling Eight Years of Espionage Antics—Part One
Artra Downloader Havoc

2025-04-25 ⋅ Trend Micro ⋅ Nick Dai, Sunny Lu
Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors
KRNRAT Moriya Earth Kurma

2025-03-12 ⋅ Mandiant ⋅ Frank Tse, Jakub Jozwiak, Logeswaran Nadarajan, Lukasz Lamparski, Mathew Potaczek, Mustafa Nasser, Nick Harbour, Punsaen Boonyakarn, Shawn Chew
Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers
tsh

2025-01-06 ⋅ North Korean Internet ⋅ Nick
Hangro: Investigating North Korean VPN Infrastructure Part 1

2024-12-17 ⋅ Proofpoint ⋅ David Galazin, Konstantin Klinger, Nick Attfield, Pim Trouerbach
Hidden in Plain Sight: TA397’s New Attack Chain Delivers Espionage RATs
MiyaRAT WmRAT HAZY TIGER

2024-10-11 ⋅ Trend Micro ⋅ Ahmed Kamal, Bahaa Yamany, Mohamed Fahmy, Nick Dai
Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against Middle East
STEALHOOK OilRig

2024-10-11 ⋅ Trend Micro ⋅ Ahmed Kamal, Bahaa Yamany, Mohamed Fahmy, Nick Dai
Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against UAE and Gulf Regions
STEALHOOK

2024-08-30 ⋅ TRUESEC ⋅ Mattias Wåhlén, Nicklas Keijser
Dissecting the Cicada
Cicada3301

2024-04-17 ⋅ Mandiant ⋅ Alden Wahlstrom, Anton Prokopenkov, Dan Black, Dan Perez, Gabby Roncone, John Wolfram, Lexie Aytes, Luke Jenkins, Nick Simonian, Ryan Hall, Tyler McLellan
Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm
Sandworm

2024-04-16 ⋅ Mandiant ⋅ Alden Wahlstrom, Anton Prokopenkov, Dan Black, Dan Perez, Gabby Roncone, John Wolfram, Lexie Aytes, Nick Simonian, Ryan Hall, Tyler McLellan
APT44: Unearthing Sandworm
VPNFilter BlackEnergy CaddyWiper EternalPetya HermeticWiper Industroyer INDUSTROYER2 Olympic Destroyer PartyTicket RoarBAT Sandworm

2024-01-26 ⋅ Trendmicro ⋅ Hara Hiroaki, Masaoki Shoji, Nick Dai, Vickie Su, Yuka Higashi
Spot the Difference: An Analysis of the New LODEINFO Campaign by Earth Kasha
Anel Cobalt Strike LODEINFO NOOPDOOR

2023-04-03 ⋅ Mandiant ⋅ Eduardo Mattos, JASON DEYALSINGH, Nick Richard, NICK SMITH, Tyler McLellan
ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access
LaZagne BlackCat MimiKatz

2023-01-26 ⋅ Trendmicro ⋅ Don Ovid Ladores, Earle Maui Earnshaw, Nathaniel Gregory Ragasa, Nathaniel Morales, Nick Dai
New Mimic Ransomware Abuses Everything APIs for its Encryption Process
Mimic Ransomware

2022-11-18 ⋅ Trend Micro ⋅ Nick Dai, Sunny Lu, Vickie Su
Earth Preta Spear-Phishing Governments Worldwide
PUBLOAD TONESHELL MUSTANG PANDA

2022-09-02 ⋅ Trend Micro ⋅ Nick Dai, Ted Lee, Vickie Su
Buzzing in the Background: BumbleBee, a New Modular Backdoor Evolved From BookWorm

2022-08-22 ⋅ Medium (Katie’s Five Cents) ⋅ Katie Nickels
A Cyber Threat Intelligence Self-Study Plan: Part 2

2022-08-10 ⋅ Cisco ⋅ Nick Biasini
Cisco Talos shares insights related to recent cyber attack on Cisco
Yanluowang UNC2447

2022-07-13 ⋅ Cisco ⋅ Nick Biasini
Transparent Tribe begins targeting education sector in latest campaign
Crimson RAT Oblique RAT

2022-06-17 ⋅ Github (monoxgas) ⋅ Nick Landers
sRDI - Shellcode Reflective DLL Injection
sRDI