Malpedia Library

Click here to download all references as Bib-File.•

2025-06-18 ⋅ Elastic ⋅ Salim Bitam
A Wretch Client: From ClickFix deception to information stealer deployment
HijackLoader Lumma Stealer SectopRAT

2025-02-13 ⋅ Elastic ⋅ Cyril François, Daniel Stepanic, Jia Yu Chan, Salim Bitam
You've Got Malware: FINALDRAFT Hides in Your Drafts
FINALDRAFT FINALDRAFT PATHLOADER

2024-12-12 ⋅ Elastic ⋅ Daniel Stepanic, Elastic Security Labs, Jia Yu Chan, Salim Bitam, Seth Goodwin
Under the SADBRIDGE with GOSAR: QUASAR Gets a Golang Rewrite
Gosar Quasar RAT SADBRIDGE

2024-10-19 ⋅ Elastic ⋅ Salim Bitam
Tricks and Treats: GHOSTPULSE’s new pixel- level deception
HijackLoader

2024-10-03 ⋅ Virus Bulletin ⋅ Salim Bitam
Sugarcoating KANDYKORN: a sweet dive into a sophisticated MacOS backdoor
HLOADER KANDYKORN SUGARLOADER

2024-05-21 ⋅ Elastic ⋅ Andrew Pease, Salim Bitam, Samir Bousseaden, Terrance DeJesus
Invisible miners: unveiling GHOSTENGINE’s crypto mining operations
win.ghostengine

2024-02-23 ⋅ Elastic ⋅ Daniel Stepanic, Salim Bitam
PIKABOT, I choose you!
Pikabot

2023-10-27 ⋅ Elastic ⋅ Joe Desimone, Salim Bitam
GHOSTPULSE haunts victims using defense evasion bag o' tricks
HijackLoader Lumma Stealer NetSupportManager RAT Rhadamanthys SectopRAT Vidar

2023-10-03 ⋅ Elastic ⋅ Andrew Pease, Cyril François, Daniel Stepanic, Salim Bitam, Seth Goodwin
Introducing the REF5961 intrusion set (RUDEBIRD, DOWNTOWN, and EAGERBEE)
EagerBee SManager REF2924 REF5961

2023-08-24 ⋅ Elastic ⋅ Daniel Stepanic, Salim Bitam
Revisting BLISTER: New development of the BLISTER loader
Blister

2023-06-29 ⋅ Elastic ⋅ Andrew Pease, Colson Wilhoit, Ricardo Ungureanu, Salim Bitam, Seth Goodwin
The DPRK strikes using a new variant of RUSTBUCKET
RustBucket

2023-06-21 ⋅ Elastic ⋅ Andrew Pease, Colson Wilhoit, Ricardo Ungureanu, Salim Bitam, Seth Goodwin
Initial research exposing JOKERSPY
JokerSpy

2023-04-07 ⋅ Elastic ⋅ Salim Bitam
Attack chain leads to XWORM and AGENTTESLA
Agent Tesla XWorm

2023-02-02 ⋅ Elastic ⋅ Andrew Pease, Cyril François, Devon Kerr, Remco Sprooten, Salim Bitam, Seth Goodwin
Update to the REF2924 intrusion set and related campaigns
DoorMe ShadowPad SiestaGraph

2022-12-16 ⋅ Elastic ⋅ Andrew Pease, Daniel Stepanic, Devon Kerr, Salim Bitam, Samir Bousseaden, Seth Goodwin
SiestaGraph: New implant uncovered in ASEAN member foreign ministry
DoorMe SiestaGraph

2022-09-09 ⋅ Elastic ⋅ Salim Bitam
BUGHATCH Malware Analysis
BUGHATCH

2022-06-01 ⋅ Elastic ⋅ Andrew Pease, Daniel Stepanic, Derek Ditch, Salim Bitam, Seth Goodwin
CUBA Ransomware Campaign Analysis
Cobalt Strike Cuba Meterpreter MimiKatz SystemBC

2022-06-01 ⋅ Elastic ⋅ Salim Bitam
CUBA Ransomware Malware Analysis
Cuba

2022-05-05 ⋅ Elastic ⋅ Cyril François, Daniel Stepanic, Salim Bitam
BLISTER Loader
Blister