Malware Analysis 2014
2014-01-14 - The Icefog APT Hits US Targets With Java Backdoor
2014-01-19 - Vietnamese Malware Gets Very Personal
2014-01-21 - Digitally signed data-stealing malware targets Mac users in “undelivered courier item” attack
2014-01-22 - Iran and Russia blamed for state-sponsored espionage
2014-02-02 - U.S. Leads Multi-National Action Against “Gameover Zeus” Botnet and “Cryptolocker” Ransomware, Charges Botnet Administrator
2014-02-03 - Needle in a haystack
2014-02-06 - Исследуем Linux Botnet «BillGates»
2014-02-10 - The Careto-Mask APT- Frequently Asked Questions
2014-02-14 - Analysis of DHS NCCIC Indicators
2014-02-15 - Examining Your Very Own Sefnit Trojan
2014-02-16 - Analysis of CoinThief-A -dropper-
2014-02-17 - Hiding in plain sight- a story about a sneaky banking Trojan
2014-02-19 - XtremeRAT- Nuisance or Threat-
2014-02-21 - An In‑depth Analysis of Linux-Ebury
2014-02-21 - CVE 2014-0322 Malware - Sakurel (Feb 21, 2014)
2014-02-24 - The Art of Attribution Identifying and Pursuing your Cyber Adversaries
2014-02-28 - Uroburos - highly complex espionage software with Russian roots
2014-03-05 - Android RATs Branch out with Dendroid
2014-03-06 - Dexter, Project Hook POS Malware Campaigns Persist
2014-03-06 - The Siesta Campaign- A New Targeted Attack Awakens
2014-03-07 - Uroburos – Deeper travel into kernel protection mitigation
2014-03-12 - A Detailed Examination of the Siesta Campaign
2014-03-12 - Agent.btz- a Source of Inspiration-
2014-03-12 - Uroburos the Snake Rootkit
2014-03-18 - Operation Windigo – the vivisection of a large Linux server‑side credential‑stealing malware campaign
2014-03-18 - Windigo Linux Analysis – Ebury and Cdorked
2014-03-25 - Spear Phishing the News Cycle- APT Actors Leverage Interest in the Disappearance of Malaysian Flight MH 370
2014-04-02 - Tofsee botnet
2014-04-09 - BackDoor.Gootkit.112—a new multi-purpose backdoor
2014-04-15 - Trojan banking
2014-04-17 - A quick analysis of the latest Shadow Brokers dump
2014-04-18 - TROJ64_WOWLIK.VT
2014-04-21 - Hacking Team
2014-04-27 - Analysis of the Predator Pain Keylogger
2014-05-06 - Rovnix new “evolution”
2014-05-13 - Cat Scratch Fever- CrowdStrike Tracks Newly Reported Iranian Actor as FLYING KITTEN
2014-05-13 - Uroburos rootkit- Belgian Foreign Ministry stricken
2014-05-15 - DDoS Trojans attack Linux
2014-05-16 - APT Campaign Leverages the Cueisfry Trojan and Microsoft Word Vulnerability CVE-2014-1761
2014-05-19 - 5 in China Army Face U.S. Charges of Cyberattacks
2014-05-22 - Meet the Zberp Trojan
2014-05-29 - Iranian hackers sucker punch U.S. defense officials with creative social-media scam
2014-05-30 - Taking off the Blackshades
2014-06-02 - Analysis of Uroburos, using WinDbg
2014-06-02 - Molerats, Here for Spring!
2014-06-02 - Sinowal banking trojan
2014-06-04 - Introducing Antak - A webshell which utilizes powershell
2014-06-09 - ZeuS.Maple Variant Targets Canadian Online Banking Customers
2014-06-10 - Clandestine Fox, Part Deux
2014-06-18 - Neutrino Bot (aka MS-Win32-Kasidet)
2014-06-23 - Havex Hunts For ICS-SCADA Systems
2014-07-02 - KIVARS With Venom- Targeted Attacks Upgrade with 64-bit “Support”
2014-07-07 - Deep in Thought- Chinese Targeting of National Security Think Tanks
2014-07-07 - Disect Android APKs like a Pro - Static code analysis
2014-07-08 - Security Matters - Cyberespionage Campaign Hits Energy Companies
2014-07-09 - BrutPOS- RDP Bruteforcing Botnet Targeting POS Systems
2014-07-10 - Versatile DDoS Trojan for Linux
2014-07-11 - The Father of Zeus- Kronos Malware Discovered
2014-07-15 - Targeted Attacks on French Company Exploit Multiple Word Vulnerabilities
2014-07-15 - Unit 42 Technical Analysis- Seaduke
2014-07-16 - Mini Analysis of the TinyBanker Tinba
2014-07-18 - Bird's nest
2014-07-31 - Poweliks- the persistent malware without a file
2014-07-31 - Spy of the Tiger
2014-08-04 - New Release- Decrypting NetWire C2 Traffic
2014-08-07 - Innaput Actors Utilize Remote Access Trojan Since 2016, Presumably Targeting Victim Files
2014-08-07 - Malware Analysis of the Lurk Downloader
2014-08-07 - Sophisticated 'Turla' hackers spying on European governments, say researchers
2014-08-07 - The Epic Turla Operation
2014-08-11 - mht, MS12-27 and malware .info
2014-08-14 - Hunting the Mutex
2014-08-19 - APT Gang Branches Out to Medical Espionage in Community Health Breach
2014-08-20 - “El Machete”
2014-08-24 - Another country-sponsored #malware- Vietnam APT Campaign
2014-08-27 - NetTraveler Gets a Makeover for 10th Anniversary
2014-08-28 - BIFROSE Now More Evasive Through Tor, Used for Targeted Attack
2014-08-28 - Scanbox- A Reconnaissance Framework Used with Watering Hole Attacks
2014-08-29 - Connecting the Dots- Syrian Malware Team Uses BlackWorm for Attacks
2014-08-29 - New BlackPOS Malware Emerges in the Wild, Targets Retail Accounts
2014-08-29 - Sinkholing the Backoff POS Trojan
2014-08-31 - Introduction to the ZeroLocker ransomware
2014-09-03 - ALDIBOT
2014-09-03 - Darwin’s Favorite APT Group
2014-09-04 - PITOU- The -silent- resurrection of the notorious Srizbi kernel spambot
2014-09-11 - TorrentLocker Ransomware Cracked and Decrypter has been made
2014-09-19 - Malware microevolution
2014-09-19 - Recent Watering Hole Attacks Attributed to APT Group “th3bug” Using Poison Ivy
2014-09-21 - Reversing Tinba- World's smallest trojan-banker DGA Code
2014-09-22 - Tinba Malware Reloaded and Attacking Banks Around the World
2014-09-23 - Android malware based on SMS encryption and with KitKat support
2014-09-23 - MALWARE-CNC Win.Trojan.Aytoke variant outbound connection
2014-09-29 - MMD-0028-2014 - Linux-XOR.DDoS- Fuzzy reversing a new China ELF
2014-10-02 - Occupy Central- The Umbrella Revolution and Chinese Intelligence
2014-10-03 - New Indicators of Compromise for APT Group Nitro Uncovered
2014-10-05 - Dissecting SmokeLoader (or Yulia's sweet ass proposition)
2014-10-06 - Data Theft in Aisle 9- A FireEye Look at Threats to Retailers
2014-10-14 - CVE‑2014‑4114- Details on August BlackEnergy PowerPoint Campaigns
2014-10-14 - CrowdStrike Discovers Use of 64-bit Zero-Day Privilege Escalation Exploit (CVE-2014-4113) by Hurricane Panda
2014-10-14 - Sandworm Windows zero-day vulnerability being actively exploited in targeted attacks
2014-10-14 - Security vendors take action against Hidden Lynx malware
2014-10-15 - Operation Windigo- “Good job, ESET!” says malware author
2014-10-20 - OrcaRAT - A whale of a tale
2014-10-27 - Full Disclosure of Havex Trojans
2014-10-27 - ScanBox framework – who’s affected, and who’s using it-
2014-10-30 - COM Object hijacking- the discreet way of persistence
2014-11-03 - BE2 custom plugins, router abuse, and target profiles
2014-11-10 - The Darkhotel APT
2014-11-10 - Thoughts on Absolute Computrace
2014-11-10 - Timeline of Sandworm Attacks
2014-11-11 - The Uroburos case- new sophisticated RAT identified
2014-11-12 - Korplug military targeted attacks- Afghanistan & Tajikistan
2014-11-13 - BASHLITE Affects Devices Running on BusyBox
2014-11-13 - Chinese hackers 'breach Australian media organisations' ahead of G20
2014-11-14 - OnionDuke- APT Attacks Via the Tor Network
2014-11-15 - OnionDuke samples
2014-11-19 - ROVNIX Infects Systems with Password-Protected Macros
2014-11-21 - Operation Double Tap
2014-11-24 - I am Ironman- DEEP PANDA Uses Sakula Malware to Target Organizations in Multiple Sectors
2014-11-24 - Regin- nation-state ownage of GSM networks
2014-11-25 - Curious Korlia
2014-11-25 - Regin APT Attacks Among the Most Sophisticated Ever Analyzed
2014-11-26 - Getmypass Point of Sale Malware
2014-11-26 - TR-23 Analysis - NetWiredRC malware
2014-11-27 - New PoS Malware Kicks off Holiday Shopping Weekend
2014-11-30 - W32-HiAsm.A!tr
2014-12-08 - The Hack of Sony Pictures- What We Know and What You Need to Know
2014-12-08 - The ‘Penquin’ Turla
2014-12-09 - Blue Coat Exposes “The Inception Framework”; Very Sophisticated, Layered Malware Attack Targeted at Military, Diplomats, and Bus
2014-12-09 - Blue Coat Exposes “The Inception Framework”; Very Sophisticated, Layered Malware Attack Targeted at Military, Diplomats, and Business Execs
2014-12-09 - Linux Modules Connected to Turla APT Discovered
2014-12-10 - Cloud Atlas- RedOctober APT is back in style
2014-12-11 - The Evolution of Point-of-Sale (PoS) Malware
2014-12-15 - Banatrix – an indepth look
2014-12-16 - EvilBunny- Malware Instrumented By Lua
2014-12-17 - Dyre Banking Trojan
2014-12-18 - Alina POS malware 'sparks' off a new variant
2014-12-18 - Chthonic- a new modification of ZeuS
2014-12-19 - Alert (TA14-353A)- Targeted Destructive Malware
2014-12-19 - The unrelenting evolution of Vawtrak
2014-12-22 - Virlock- First Self‑Reproducing Ransomware is also a Shape Shifter
Malware Analysis 2015
2015-01-06 - Linux DDoS Trojan hiding itself with an embedded rootkit
2015-01-08 - Getmypass Point of Sale Malware Update
2015-01-08 - Major malvertising campaign spreads Kovter Ad Fraud malware
2015-01-09 - Chanitor Downloader Actively Installing Vawtrak
2015-01-11 - The Mozart RAM Scraper
2015-01-13 - New Carberp variant heads down under
2015-01-14 - Catching the “Inception Framework” Phishing Attack
2015-01-15 - Weiterentwicklung anspruchsvoller Spyware- von Agent.BTZ zu ComRAT
2015-01-20 - Analysis of Project Cobra
2015-01-22 - New RATs Emerge from Leaked Njw0rm Source Code
2015-01-22 - Scarab attackers took aim at select Russian targets since 2012
2015-01-26 - Storm Chasing- Hunting Hurricane Panda
2015-02-04 - Pawn Storm Update- iOS Espionage App Found
2015-02-05 - Anatomy of a Brute Force Campaign- The Story of Hee Thai Limited
2015-02-09 - Anthem Breach May Have Started in April 2014
2015-02-12 - Mobile Malware Gang Steals Millions from South Korean Users
2015-02-15 - Carbanak
2015-02-16 - Equation- The Death Star of Malware Galaxy
2015-02-16 - How “omnipotent” hackers tied to NSA hid for 14 years—and were found at last
2015-02-17 - Ali Baba, the APT group from the Middle East
2015-02-17 - Angry Android hacker hides Xbot malware in popular application icons
2015-02-17 - BE2 extraordinary plugins, Siemens targeting, dev fails
2015-02-17 - The Desert Falcons targeted attacks
2015-02-18 - Babar- Suspected Nation State Spyware In The Spotlight
2015-02-18 - Babar- espionage software finally found and put under the microscope
2015-02-18 - Meet Babar, a New Malware Almost Certainly Created by France
2015-02-18 - Sexually Explicit Material Used as Lures in Recent Cyber Attacks
2015-02-18 - Shooting Elephants
2015-02-19 - Arid Viper – Israel entities targeted by malware packaged with sex video
2015-02-20 - The DGAs of Necurs
2015-02-23 - Cyber Kung-Fu- The Great Firewall Art of DNS Poisoning
2015-02-25 - KINS Banking Trojan Source Code
2015-02-25 - Pony Sourcecode
2015-02-27 - ScanBox Framework
2015-02-27 - The Anthem Hack- All Roads Lead to China
2015-02-27 - VB2014 paper- The pluginer - Caphaw
2015-03-03 - C99Shell not dead
2015-03-03 - PwnPOS- Old Undetected PoS Malware Still Causing Havoc
2015-03-04 - And you get a POS malware name...and you get a POS malware name....and you get a POS malware name....
2015-03-04 - New crypto ransomware in town - CryptoFortress
2015-03-04 - Who’s Really Spreading through the Bright Star-
2015-03-05 - Casper Malware- After Babar and Bunny, Another Espionage Cartoon
2015-03-06 - Animals in the APT Farm
2015-03-07 - Slave, Banatrix and ransomware
2015-03-09 - CryptoFortress mimics TorrentLocker but is a different ransomware
2015-03-10 - The DGA of Pykspa
2015-03-11 - Inside the EquationDrug Espionage Platform
2015-03-11 - Malvertising Targeting European Transit Users
2015-03-19 - Analyzing a Backdoor-Bot forthe MIPS Platform
2015-03-19 - FindPOS- New POS Malware Family Discovered
2015-03-19 - Rocket Kitten Showing Its Claws- Operation Woolen-GoldFish and the GHOLE campaign
2015-03-20 - Threat Spotlight- PoSeidon, A Deep Dive Into Point of Sale Malware
2015-03-28 - UACME
2015-03-30 - Fake Judicial Spam Leads to Backdoor with Fake Certificate Authority
2015-03-30 - New reconnaissance threat Trojan.Laziok targets the energy sector
2015-03-31 - Sinkholing Volatile Cedar DGA Infrastructure
2015-03-31 - Volatile Cedar - Analysis of a Global Cyber Espionage Campaign
2015-04-01 - NewPosThings Has New PoS Things
2015-04-09 - Beebone Botnet Takedown- Trend Micro Solutions
2015-04-09 - Operation Buhtrap, the trap for Russian accountants
2015-04-09 - The Banking Trojan Emotet- Detailed Analysis
2015-04-12 - SIMDA- A Botnet Takedown
2015-04-13 - Analyzing Gootkit's persistence mechanism (new ASEP inside!)
2015-04-13 - Cyber Deterrence in Action- A story of one long HURRICANE PANDA campaign
2015-04-13 - sqlconnt1.exe
2015-04-14 - Unit 42 Identifies New DragonOK Backdoor Malware Deployed Against Japanese Targets
2015-04-15 - Betabot retrospective
2015-04-15 - Elite cyber crime group strikes back after attack by rival APT gang
2015-04-15 - Knowledge Fragment- Bruteforcing Andromeda Configuration Buffers
2015-04-15 - New POS Malware Emerges - Punkey
2015-04-15 - The Chronicles of the Hellsing APT- the Empire Strikes Back
2015-04-15 - The Chronicles of the Hellsing APT_the Empire Strikes Back
2015-04-17 - Andromeda-Gamarue bot loves JSON too (new versions details)
2015-04-18 - Operation RussianDoll- Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia’s APT28 in Highly-Targeted Attack
2015-04-21 - Bedep’s DGA- Trading Foreign Exchange for Malware Domains
2015-04-27 - Attacks against Israeli & Palestinian interests
2015-04-27 - Threat Spotlight- TeslaCrypt – Decrypt It Yourself
2015-04-29 - Unboxing Linux-Mumblehard- Muttering spam from your servers
2015-05-04 - Threat Spotlight- Rombertik – Gazing Past the Smoke, Mirrors, and Trapdoors
2015-05-07 - Dissecting the “Kraken”
2015-05-10 - Third-Party Software Was Entry Point for Background-Check System Hack
2015-05-14 - The Naikon APT
2015-05-15 - Carefirst Blue Cross Breach Hits 1.1M
2015-05-17 - Newest addition to a happy family- KBOT
2015-05-18 - Cmstar Downloader- Lurid and Enfal’s New Cousin
2015-05-18 - TT Malware Log
2015-05-20 - Bedep Ad-Fraud Botnet Analysis – Exposing the Mechanics Behind 153.6M Defrauded Ad Impressions A Day
2015-05-22 - The DGA of Ranbyus
2015-05-23 - NitlovePOS- Another New POS Malware
2015-05-26 - Moose – the router worm with an appetite for social networks
2015-05-29 -The MsnMM Campaigns - The Earliest Naikon APT Campaigns
2015-06-01 - Rhetoric Foreshadows Cyber Activity in the South China Sea
2015-06-01 - “Troldesh” – New Ransomware from Russia
2015-06-03 - Thamar Reservoir – An Iranian cyber-attack campaign against targets in the Middle East
2015-06-04 - KeyBase Keylogger Malware Family Exposed
2015-06-09 - New Data- Volatile Cedar Malware Campaign
2015-06-10 - The Mystery of Duqu 2.0- a sophisticated cyberespionage actor returns
2015-06-15 - Catching Up on the OPM Breach
2015-06-15 - Stegoloader- A Stealthy Information Stealer
2015-06-16 - Operation Lotus Blossom- A New Nation-State Cyberthreat-
2015-06-17 - The Spring Dragon APT
2015-06-18 - So Long, and Thanks for All the Domains
2015-06-19 - Digital Attack on German Parliament- Investigative Report on the Hack of the Left Party Infrastructure in Bundestag
2015-06-22 - Games are over- Winnti is now targeting pharmaceutical companies
2015-06-23 - Operation Clandestine Wolf – Adobe Flash Zero-Day in APT3 Phishing Campaign
2015-06-24 - Elusive HanJuan EK Drops New Tinba Version (updated)
2015-06-24 - Stealthy Cyberespionage Campaign Attacks With Social Engineering
2015-06-24 - UnFIN4ished Business
2015-06-25 - Sundown EK Spreads LuminosityLink RAT- Light After Dark
2015-07-02 - Win32-Lethic Botnet Analysis
2015-07-05 - Spy Tech Company 'Hacking Team' Gets Hacked
2015-07-07 - Dyre Banking Trojan Exploits CVE-2015-0057
2015-07-08 - Animal Farm APT and the Shadow of French Intelligence
2015-07-08 - Butterfly- Profiting from high-level corporate attacks
2015-07-08 - Wild Neutron – Economic espionage threat actor returns with new tricks
2015-07-10 - Sednit APT Group Meets Hacking Team
2015-07-13 - Revisiting The Bunitu Trojan
2015-07-13 - “Forkmeiamfamous”- Seaduke, latest weapon in the Duke armory
2015-07-14 - BernhardPOS
2015-07-14 - TeslaCrypt 2.0 disguised as CryptoWall
2015-07-19 - The Faulty Precursor of Pykspa's DGA
2015-07-20 - Watering Hole Attack on Aerospace Firm Exploits CVE-2015-5122 to Install IsSpace Backdoor
2015-07-22 - Duke APT group's latest tools- cloud services and Linux support
2015-07-23 - An Analysis of the Qadars Banking Trojan
2015-07-27 - UPS- Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload
2015-07-30 - Operation Potao Express- Analysis of a cyber‑espionage toolkit
2015-07-30 - Sakula Malware Family
2015-07-31 - OTX Pulse on PlugX
2015-07-31 - OTX- FBI Flash #68 (PlugX)
2015-08 - Uncovering the Seven Pointed Dagger
2015-08-05 - Newly discovered Chinese hacking group hacked 100+ websites to use as “watering holes”
2015-08-05 - Threat Group 3390 Cyberespionage
2015-08-05 - Who’s Behind Your Proxy- Uncovering Bunitu’s Secrets
2015-08-10 - Darkhotel’s attacks in 2015
2015-08-10 - What’s Next in Malware After Kuluoz-
2015-08-12 - Islamic State Hacking Division
2015-08-12 - Tinba Trojan Sets Its Sights on Romania
2015-08-18 - Knowledge Fragment- Unwrapping Fobber
2015-08-18 - ransomware open-sources
2015-08-19 - Antak WebShell
2015-08-19 - Inside Neutrino botnet builder
2015-08-20 - Retefe Banking Trojan Targets Sweden, Switzerland and Japan
2015-08-24 - Sphinx- New Zeus Variant for Sale on the Black Market
2015-08-26 - Sphinx, a new variant of Zeus available for sale in the underground
2015-08-27 - London Calling- Two-Factor Authentication Phishing From Iran
2015-08-27 - New Spear Phishing Campaign Pretends to be EFF
2015-08-31 - Shifu- ‘Masterful’ New Banking Trojan Is Attacking 14 Japanese Banks
2015-09-01 - Attackers Target Organizations in Japan; Transform Local Sites into C&C Servers for EMDIVI Backdoor
2015-09-01 - Fancy Bear
2015-09-08 - Carbanak gang is back and packing new guns
2015-09-09 - Pony Stealer Malware
2015-09-09 - Satellite Turla- APT Command and Control in the Sky
2015-09-11 - CSI MacMark- Janicab
2015-09-11 - SUCEFUL- Next Generation ATM Malware
2015-09-12 - Stuxnet code
2015-09-14 - The Shade Encryptor- a Double Threat
2015-09-16 - Operation Iron Tiger- Attackers Shift from East Asia to the United States
2015-09-17 - The Dukes- 7 Years Of Russian Cyber-Espionage
2015-09-18 - Operation Arid Viper Slithers Back into View
2015-09-23 - Chinese Actors Use ‘3102’ Malware in Attacks on US Government and EU Media
2015-09-23 - Quaverse RAT- Remote-Access-as-a-Service
2015-09-24 - Credit Card-Scraping Kasidet Builder Leads to Spike in Detections
2015-09-24 - Kovter malware learns from Poweliks with persistent fileless registry update
2015-09-25 - Notes on Linux-Xor.DDoS
2015-09-28 - Gaza cybergang, where’s your IR team-
2015-09-28 - Hammertoss- What, Me Worry-
2015-09-28 - Two New PoS Malware Affecting US SMBs
2015-09-29 - Andromeda Bot Analysis part 1
2015-09-29 - Andromeda Bot Analysis part 2
2015-10-01 - Linux.Rekoobe.1
2015-10-06 - I am HDRoot! Part 1
2015-10-06 - MOKER- A NEW APT DISCOVERED WITHIN A SENSITIVE NETWORK
2015-10-06 - Targeted Attack Exposes OWA Weakness
2015-10-06 - Ticked Off- Upatre Malware’s Simple Anti-analysis Trick to Defeat Sandboxes
2015-10-07 - Hacker Group Creates Network of Fake LinkedIn Profiles
2015-10-08 - Dyre Malware Campaigners Innovate with Distribution Techniques
2015-10-09 - Beta Bot Analysis- Part 1
2015-10-09 - Latest TeslaCrypt Ransomware Borrows Code From Carberp Trojan
2015-10-12 - Keybase Logger-Clipboard-CredsStealer campaign
2015-10-13 - Dridex (Bugat v5) Botnet Takeover Operation
2015-10-13 - I am HDRoot! Part 2
2015-10-13 - New Adobe Flash Zero-Day Used in Pawn Storm Campaign Targeting Foreign Affairs Ministries
2015-10-13 - Prolific Cybercrime Gang Favors Legit Login Credentials
2015-10-15 - Archivist
2015-10-16 - Surveillance Malware Trends- Tracking Predator Pain and HawkEye
2015-10-17 - How to Write Simple but Sound Yara Rules – Part 2
2015-10-19 - Github Repository for AllaKore
2015-10-22 - Pawn Storm Targets MH17 Investigation Team
2015-10-26 - Duuzer back door Trojan targets South Korea to take over computers
2015-10-28 - Reversing the C2C HTTP Emmental communication
2015-11-02 - Modular trojan for hidden access to a computer
2015-11-02 - Shifu – the rise of a self-destructive banking trojan
2015-11-02 - Troj-Cryakl-B
2015-11-03 - Reversing the SMS C&C protocol of Emmental (1st part - understanding the code)
2015-11-04 - A Technical Look At Dyreza
2015-11-04 - DroidJack isn’t the only spying software out there- Avast discovers OmniRat
2015-11-04 - “Offline” Ransomware Encrypts Your Data without C&C Communication
2015-11-05 - Sphinx Moth- Expanding our knowledge of the “Wild Neutron” - “Morpho” APT
2015-11-06 - OmniRAT Takes Over Android Devices Through Social Engineering Tricks
2015-11-10 - Bookworm Trojan- A Model of Modular Architecture
2015-11-10 - Talking to Dridex (part 0) – inside the dropper
2015-11-11 - AbaddonPOS- A new point of sale threat linked to Vawtrak
2015-11-11 - Operation Buhtrap malware distributed via ammyy.com
2015-11-16 - Introducing LogPOS
2015-11-16 - Shining the Spotlight on Cherry Picker PoS Malware
2015-11-17 - New Memory Scraping Technique in Cherry Picker PoS Malware
2015-11-20 - A king's ransom- an analysis of the CTB-locker ransomware
2015-11-25 - Detecting GlassRAT using Security Analytics and ECAT
2015-11-30 - Inside Braviax-FakeRean- An analysis and history of a FakeAV family
2015-12-01 - China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets
2015-12-01 - Operation Black Atlas Endangers In-Store Card Payments and SMBs Worldwide; Switches between BlackPOS and Other Tools
2015-12-03 - Colombians major target of email campaigns delivering Xtreme RAT
2015-12-04 - Sofacy APT hits high profile targets with updated toolset
2015-12-07 - Iran-based attackers use back door threats to spy on Middle Eastern targets
2015-12-08 - Packrat- Seven Years of a South American Threat Actor
2015-12-08 - VT Report for SmartEyes
2015-12-11 - LATENTBOT- Trace Me If You Can
2015-12-15 - Newcomers in the Derusbi family
2015-12-16 - Nemucod malware spreads ransomware Teslacrypt around the world
2015-12-17 - SlemBunk- An Evolving Android Trojan Family Targeting Users of Worldwide Banking Apps
2015-12-18 - Attack on French Diplomat Linked to Operation Lotus Blossom
2015-12-22 - BBSRAT Attacks Targeting Russian Organizations Linked to Roaming Tiger
2015-12-22 - Kraken's two Domain Generation Algorithms
2015-12-26 - Backdoor- Win32-Hesetox.A- vSkimmer POS Malware Analysis
2015-12-31 - Overseas -Dark Inn- organization launched an APT attack on executives of domestic enterprises
Malware Analysis 2016
2016-01-01 - Die erste Ransomware in JavaScript- Ransom32
2016-01-09 - Confirmation of a Coordinated Attack on the Ukrainian Power Grid
2016-01-12 - The Magnificent FIN7- Revealing a Cybercriminal Threat Group
2016-01-12 - Trochilus RAT Evades Antivirus Detection, Used for Cyber-Espionage in South-East Asia
2016-01-13 - Russian group behind 2013 Foreign Ministry hack
2016-01-18 - Updated Blackmoon banking Trojan stays focused on South Korean banking customers
2016-01-21 - NetTraveler Spear-Phishing Email Targets Diplomat of Uzbekistan
2016-01-22 - New Attacks Linked to C0d0so0 Group
2016-01-22 - PlugX APT Malware
2016-01-22 - Sykipot APT Malware
2016-01-22 - The Impact of Dragonfly Malware on Industrial Control Systems
2016-01-23 - Imminent Monitor 4 RAT Analysis – A Glance
2016-01-24 - Scarlet Mimic- Years-Long Espionage Campaign Targets Minority Activists
2016-01-26 - URLZone Zones in on Japan
2016-01-27 - Introducing Hi-Zor RAT
2016-01-28 - BlackEnergy APT Attacks in Ukraine employ spearphishing with Word documents
2016-01-28 - CenterPOS- An Evolving POS Threat
2016-01-28 - Keybase
2016-01-29 - From Linux to Windows – New Family of Cross-Platform Desktop Backdoors Discovered
2016-01-29 - Malicious Office Files Dropping Kasidet And Dridex
2016-01-29 - VB2015 paper- It's A File Infector... It’s Ransomware... It's Virlock
2016-02-02 - DMA Locker- New Ransomware, But No Reason To Panic
2016-02-02 - Vipasana ransomware new ransom on the block
2016-02-03 - Emissary Trojan Changelog- Did Operation Lotus Blossom Cause It to Evolve-
2016-02-05 - Vawtrak and UrlZone Banking Trojans Target Japan
2016-02-08 - APT-style bank robberies increase with Metel, GCMAN and Carbanak 2.0 attacks
2016-02-09 - Bedep Lurking in Angler's Shadows
2016-02-09 - Chinese Cyberspies Pivot To Russia In Wake Of Obama-Xi Pact
2016-02-09 - DMA Locker Strikes Back
2016-02-09 - Poseidon Group- a Targeted Attack Boutique specializing in global cyber-espionage
2016-02-12 - A Look Into Fysbis- Sofacy’s Linux Backdoor
2016-02-12 - Security Alert- Mazar BOT – the Android Malware That Can Erase Your Phone
2016-02-14 - PadCrypt The first ransomware with Live Support Chat and an Uninstaller
2016-02-17 - OceanLotus for OS X – an Application Bundle Pretending to be an Adobe Flash Update
2016-02-17 - Russian Police Prevented Massive Banking Sector Cyber Attack
2016-02-18 - New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom
2016-02-19 - Citadel 0.0.1.1 (Atmos)
2016-02-21 - Phorpiex - An IRC worm
2016-02-21 - Source code for powerful Android banking malware is leaked
2016-02-22 - Russian bank employees received fake job offers in targeted email attack
2016-02-24 - Operation Blockbuster Coalition Ties Destructive Attacks to Lazarus Group
2016-02-24 - The DGA of Qakbot.T
2016-02-25 - KeyBase Threat Grows Despite Public Takedown- A Picture is Worth a Thousand Words
2016-02-26 - Nymaim Moves Past Its Ransomware Roots - What Is Old Is New Again
2016-02-29 - New Malware ‘Rover’ Targets Indian Ambassador to Afghanistan
2016-02-29 - The “HawkEye” attack- how cybercrooks target small businesses for big money
2016-03-01 - Look Into Locky Ransomware
2016-03-01 - Shrouded Crossbow Creators Behind BIFROSE for UNIX
2016-03-01 - Taiwan Presidential Election- A Case Study on Thematic Targeting
2016-03-03 - Attack on Zygote- a new twist in the evolution of mobile threats
2016-03-04 - Tracing the Lineage of DarkSeoul
2016-03-06 - Network detector for Winnti malware
2016-03-06 - New OS X Ransomware KeRanger Infected Transmission BitTorrent Client Installer
2016-03-07 - RedHat Hacker.asp
2016-03-09 - Korean Energy and Transportation Targets Attacked by OnionDog APT
2016-03-10 - Death Comes Calling- Thanatos-Alphabot Trojan Hits the Market
2016-03-11 - Cerber ransomware- new, but mature
2016-03-11 - Gaudox - HTTP Bot (1.1.0.1) - C++-ASM - Ring3 Rootkit - Watchdog - Antis
2016-03-11 - PowerSniff Malware Used in Macro-based Attacks
2016-03-14 - Digital Quartermaster Scenario Demonstrated in Attacks Against the Mongolian Government
2016-03-15 - Suckfly- Revealing the secret life of your code signing certificates
2016-03-18 - Teslacrypt Spam Campaign- “Unpaid Issue…”
2016-03-18 - Xor DDoS
2016-03-20 - Hidden Tear Project- Forbidden Fruit Is the Sweetest
2016-03-21 - OS X Malware Samples Analyzed
2016-03-23 - Gozi ISFB Sourceccode
2016-03-23 - New self‑protecting USB trojan able to avoid detection
2016-03-23 - SamSam- The Doctor Will See You, After He Pays The Ransom
2016-03-24 - Maktub Locker – Beautiful And Dangerous
2016-03-25 - ProjectM- Link Found Between Pakistani Actor and Operation Transparent Tribe
2016-03-29 - Taiwan targeted with new cyberespionage back doorTrojan
2016-03-30 - Ransomware Deployed by Adversary with Established Foothold
2016-03-31 - The evolution of Brazilian Malware
2016-04-01 - Petya – Taking Ransomware To The Low Level
2016-04-06 - Andromeda under the microscope
2016-04-06 - Bootkit's development overview and trend (X)
2016-04-06 - Locky Ransomware Is Becoming More Sophisticated - Cybercriminals Continue Email Campaign Innovation
2016-04-07 - FBI Quietly Admits to Multi-Year APT Attack, Sensitive Data Stolen
2016-04-08 - CryptoHost Decrypted Locks files in a password protected RAR File
2016-04-11 - Manamecrypt – a ransomware that takes a different route
2016-04-13 - Ghosts in the Endpoint
2016-04-14 - Bedep has raised its game vs Bot Zombies
2016-04-14 - Meet GozNym- The Banking Malware Offspring of Gozi ISFB and Nymaim
2016-04-14 - Targeted Ransomware Activity
2016-04-16 - Ever Present Persistence - Established Footholds Seen in the Wild
2016-04-19 - MULTIGRAIN – Point of Sale Attackers Make an Unhealthy Addition to the Pantry
2016-04-19 - Your Package Has Been Successfully Encrypted- TeslaCrypt 4.1A and the Malware Attack Chain
2016-04-21 - PoS Attacks Net Crooks 20 Million Stolen Bank Cards
2016-04-21 - When entropy meets Shannon
2016-04-22 - New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy Activists
2016-04-22 - Tater- A PowerShell implementation of the Hot Potato Windows Privilege Escalation exploit.
2016-04-25 - Attackers Behind GozNym Trojan Set Sights on Europe
2016-04-26 - Digging deep for PLATINUM
2016-04-27 - Freezer Paper around Free Meat (Repackaging Open Source BeEF for Tracking and More)
2016-04-27 - Freezer Paper around Free Meat
2016-04-28 - Research Spotlight- The Resurgence of Qbot
2016-04-28 - Tick cyberespionage group zeros in on Japan
2016-05-02 - Prince of Persia Hashes
2016-05-02 - Prince of Persia- Infy Malware Active In Decade of Targeted Attacks
2016-05-03 - A Universal Windows Bootkit
2016-05-03 - The Continuing Evolution of Samas Ransomware
2016-05-05 - Sophisticated New Packer Identified in CryptXXX Ransomware Sample
2016-05-06 - 7ev3n ransomware turning ‘HONE$T’
2016-05-09 - KRBanker Targets South Korea Through Adware and Exploit Kits
2016-05-09 - PSEUDO-DARKLEECH ANGLER EK FROM 185.118.66.154 SENDS BEDEP-CRYPTXXX
2016-05-09 - PseudoDarkLeech Angler EK from 185.118.66.154 sends Bedep-CryptXXX
2016-05-10 - Setting Sights On Retail- AbaddonPOS Now Targeting Specific POS Software
2016-05-11 - Threat Actor Leverages Windows Zero-day Exploit in Payment Card Data Attacks
2016-05-12 - Chinese-language Ransomware ‘SHUJIN’ Makes An Appearance
2016-05-12 - Hancitor and Ruckguv Reappear, Updated and With Vawtrak On Deck
2016-05-12 - LatentBot – modularny i silnie zaciemniony bot
2016-05-13 - CYBER HEIST ATTRIBUTION
2016-05-15 - What We Can Learn From the Bangladesh Central Bank Cyber Heist
2016-05-16 - Vietnamese Bank Blocks $1 Million SWIFT Heist
2016-05-17 - ATM infector
2016-05-17 - Indian organizations targeted in Suckfly attacks
2016-05-18 - Operation Groundbait- Espionage in Ukrainian war zones
2016-05-19 - Petya and Mischa – Ransomware Duet (Part 1)
2016-05-20 - Special Report- Cyber thieves exploit banks' faith in SWIFT transfer network
2016-05-22 - Cron has fallen
2016-05-22 - Operation Ke3chang Resurfaces With New TidePool Malware
2016-05-23 - DMA Locker 4.0- Known ransomware preparing for a massive distribution
2016-05-23 - Technical Report about the Malware used in the Cyberespionage against RUAG
2016-05-24 - New Wekby Attacks Use DNS Requests As Command and Control Mechanism
2016-05-25 - CVE-2015-2545- overview of current threats
2016-05-26 - SWIFT attackers’ malware linked to more financial attacks
2016-05-26 - The OilRig Campaign- Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor
2016-05-29 - Keep Calm and (Don’t) Enable Macros- A New Threat Actor Targets UAE Dissidents
2016-06 - Form Grabber 2016 [Crome,FF,Opera,Thunderbird, Outlook IE Safari] Hack the world
2016-06-02 - FastPOS- Quick and Easy Credit Card Theft
2016-06-03 - Cooking Up Autumn (Herbst) Ransomware
2016-06-06 - Everyone sees not what they want to see
2016-06-07 - The Story of yet another ransom-fail-ware
2016-06-08 - Spear Phishing Attacks- Why They are Successful and How to Stop Them
2016-06-09 - Reverse-engineering DUBNIUM
2016-06-11 - The Chinese Hackers in the Back Office
2016-06-14 - CVE-2016-4171 – Adobe Flash Zero-day used in targeted attacks
2016-06-14 - New Sofacy Attacks Against US Government Agency
2016-06-15 - Bears in the Midst- Intrusion into the Democratic National Committee
2016-06-15 - Mofang- A politically motivated information stealing adversary
2016-06-15 - Unsupported TeamViewer Versions Exploited For Backdoors, Keylogging
2016-06-17 - In The Wild- Mobile Malware Implements New Features
2016-06-17 - Operation Daybreak
2016-06-17 - ScarCruft APT Group Used Latest Flash Zero Day in Two Dozen Attacks
2016-06-21 - The Curious Case of an Unknown Trojan Targeting German-Speaking Users
2016-06-22 - After Angler- Shift in Exploit Kit Landscape and New Crypto-Ransomware Activity
2016-06-23 - POS and Credit Cards- In the Line of Fire with “PunkeyPOS”
2016-06-24 - Ani-Shell
2016-06-25 - Rokku Ransomware shows possible link with Chimera
2016-06-25 - SectorC08- Multi-Layered SFX in Recent Campaigns Target Ukraine
2016-06-28 - Prince of Persia – Game Over
2016-06-29 - Apocalypse- Ransomware which targets companies through insecure RDP
2016-07-01 - How I Cracked a Keylogger and Ended Up in Someone's Inbox
2016-07-01 - KeyBase - A New Keylogger on the Block
2016-07-03 - Android Triada modular trojan
2016-07-05 - New Backdoor Allows Full Access to Mac Systems, Bitdefender Warns
2016-07-06 - New OSX-Keydnap malware is hungry for credentials
2016-07-07 - NetTraveler APT Targets Russian, European Interests
2016-07-07 - New threat dubbed Zepto Ransomware is spreading out with a new email spam campaign. It is a variant of the recent Locky Ransomware.
2016-07-08 - GootKit- Bobbing and Weaving to Avoid Prying Eyes
2016-07-08 - Investigating the LuminosityLink Remote Access Trojan Configuration
2016-07-08 - The Dropping Elephant – aggressive cyber-espionage in the Asian region
2016-07-11 - When Paying Out Doesn't Pay Off
2016-07-12 - Malware Discovered – SFG- Furtim Malware Analysis
2016-07-12 - Me and Mr. Robot- Tracking the Actor Behind the MAN1 Crypter
2016-07-13 - Troldesh ransomware influenced by (the) Da Vinci code
2016-07-14 - Technical Notes on Sakula
2016-07-18 - Third time (un)lucky – improved Petya is out
2016-07-20 - CrypMIC Ransomware Wants to Follow CryptXXX’s Footsteps
2016-07-21 - Canadian Man Behind Popular ‘Orcus RAT’
2016-07-21 - Phishing Attacks Employ Old but Effective Password Stealer
2016-07-22 - Stampado Ransomware campaign decrypted before it Started
2016-07-25 - Patchwork cyberespionage group expands targets from governments to wide range of industries
2016-07-26 - Attack Delivers ‘9002’ Trojan Through Google Drive
2016-07-26 - OTX Pulse on R980 ransomware
2016-07-26 - Threat Actors Using Legitimate PayPal Accounts To Distribute Chthonic Banking Trojan
2016-07-30 - Luminosity RAT - Re-purposed
2016-08 - Analysis of a packed Pony downloader
2016-08-01 - CrowdStrike’s New Methodology for Tracking eCrime
2016-08-02 - Orcus – Birth of an unusual plugin builder RAT
2016-08-04 - Iran Threats Webpage
2016-08-04 - Iranian Actor -Group5- Targeting Syrian Opposition
2016-08-04 - What is Multigrain- Learn what makes this PoS malware different
2016-08-05 - Smoke Loader – downloader with a smokescreen still alive
2016-08-07 - Strider- Cyberespionage group turns eye of Sauron on targets
2016-08-08 - Doctor Web detected Linux Trojan written in Go
2016-08-08 - MONSOON - Analysis Of An APT Campaign
2016-08-08 - Possibly Italy-Born Android RAT Reported in China, Find Bitdefender Researchers
2016-08-08 - ProjectSauron- top level cyber-espionage platform covertly extracts encrypted government comms
2016-08-08 - Strider- Cyberespionage group turns eye of Sauron on targets
2016-08-10 - Android Marcher- Continuously Evolving Mobile Malware
2016-08-10 - CryptXXX - CrypMIC – intensywnie dystrybuowany ransomware w ramach exploit-kitów
2016-08-11 - Smrss32 (.encrypted) Ransomware Help & Support - _HOW_TO_Decrypt.bmp
2016-08-15 - Shakti Trojan- Document Thief
2016-08-16 - Aveo Malware Family Targets Japanese Speaking Users
2016-08-16 - Brazil Can’t Catch a Break- After Panda Comes the Sphinx
2016-08-17 - Operation Ghoul- targeted attacks on industrial and engineering organizations
2016-08-18 - The Shadow Brokers
2016-08-19 - New Hancitor Malware- Pimp my Downloaded
2016-08-22 - BLATSTING FUNKSPIEL
2016-08-22 - Trojan.Mutabaha.1
2016-08-22 - VB Dropper and Shellcode for Hancitor Reveal New Techniques Behind Uptick
2016-08-23 - GozNym Banking Trojan Targeting German Banks
2016-08-23 - Russian hackers 'Fancy Bear' likely breached Olympic drug-testing agency and DNC, experts say
2016-08-25 - Shakti Trojan - Technical Analysis
2016-08-25 - Unpacking the spyware disguised as antivirus
2016-08-28 - FEINTCLOUD
2016-08-29 - Fantom ransomware impersonates Windows update
2016-08-29 - German Speakers Targeted by SPAM Leading to Ozone RAT
2016-08-29 - Nightmare on Tor Street- Ursnif variant Dreambot adds Tor functionality
2016-08-30 - OSX-Keydnap spreads via signed Transmission application
2016-08-30 - Pythons and Unicorns and Hancitor…Oh My! Decoding Binaries Through Emulation
2016-09-01 - TADAQUEOUS moments
2016-09-02 - Necurs – hybrid spam botnet
2016-09-04 - BLATSTING Command-and-Control protocol
2016-09-05 - Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems
2016-09-06 - Blatsting C&C Transcript
2016-09-06 - Buckeye cyberespionage group shifts gaze from US to Hong Kong
2016-09-07 - The Missing Piece – Sophisticated OS X Backdoor Discovered
2016-09-08 - Doctor Web discovers Linux Trojan written in Rust
2016-09-08 - The Philadelphia Ransomware offers a Mercy Button for Compassionate Criminals
2016-09-09 - GOVRAT V2.0 - Attacking US military and government
2016-09-11 - BUZZDIRECTION- BLATSTING reloaded
2016-09-11 - Free Darktrack RAT Has the Potential of Being the Best RAT on the Market Search
2016-09-13 - DualToy- New Windows Trojan Sideloads Risky Apps to Android and iOS Devices
2016-09-13 - H1N1- Technical analysis reveals new capabilities
2016-09-13 - The curious case of BLATSTING's RSA implementation
2016-09-14 - BkSoD by Ransomware- HDDCryptor Uses Commercial Tools to Encrypt Network Shares and Lock HDDs
2016-09-15 - MILE TEA- Cyber Espionage Campaign Targets Asia Pacific Businesses and Government Agencies
2016-09-16 - Tofsee – modular spambot
2016-09-16 - iSpy Keylogger
2016-09-17 - A few notes on SECONDDATE's C&C protocol
2016-09-19 - Untangling the Ripper ATM Malware
2016-09-20 - Hackers lurking, parliamentarians told _ News _ DW _ 20.09.2016
2016-09-20 - Hackers lurking, parliamentarians told
2016-09-20 - Meanwhile in Britain, Qadars v3 Hardens Evasion, Targets 18 UK Banks
2016-09-21 - KrebsOnSecurity Hit With Record DDoS
2016-09-21 - Reversing GO binaries like a pro
2016-09-22 - Book of Eli- African targeted attacks
2016-09-22 - Zeus Delivered by DELoader to Defraud Customers of Canadian Banks
2016-09-23 - Dissecting a Hacktivist’s DDoS Tool- Saphyra Revealed
2016-09-23 - Hancitor (AKA Chanitor) observed using multiple attack approaches
2016-09-23 - SECONDDATE in action
2016-09-26 - Sofacy’s ‘Komplex’ OS X Trojan
2016-09-27 - Komplex Mac backdoor answers old questions
2016-09-27 - New Voldemort-Nagini Ransomware Virus Infection
2016-09-27 - Threat Spotlight- GozNym
2016-09-28 - Belling the BEAR
2016-09-28 - Confucius Says…Malware Families Get Further By Abusing Legitimate Websites
2016-09-28 - Highly Evasive Code Injection Awaits User Interaction Before Delivering Malware
2016-09-28 - Introducing Her Royal Highness the Princess Locker Ransomware
2016-09-29 - TeamXRat- Brazilian cybercrime meets ransomware
2016-09-29 - Want Tofsee My Pictures- A Botnet Gets Aggressive
2016-09-30 - Hacked Steam accounts spreading Remote Access Trojan
2016-10-01 - Source Code for IoT Botnet ‘Mirai’ Released
2016-10-01 - ‘Shadow Brokers’ Whine That Nobody Is Buying Their Hacked NSA Files
2016-10-03 - On the StrongPity Waterhole Attacks Targeting Italian and Belgian Encryption Users
2016-10-03 - Polyglot – the fake CTB-locker
2016-10-03 - Remsec driver analysis
2016-10-04 - OilRig Malware Campaign Updates Toolset and Expands Targets
2016-10-05 - FastPOS Updates in Time for the Retail Sale Season
2016-10-09 - SiteIntel- Cyber Caliphate Army
2016-10-10 - How France's TV5 was almost destroyed by 'Russian hackers'
2016-10-10 - Remsec driver analysis - Part 2
2016-10-11 - Odinaff- New Trojan used in high level financial attacks
2016-10-11 - Remsec driver analysis - Part 3
2016-10-15 - TrickBot- We Missed you, Dyre
2016-10-17 - A Tale of Two Targets
2016-10-17 - New-looking Sundown EK drops Smoke Loader, Kronos banker
2016-10-17 - RotorCrypt (RotoCrypt) Ransomware Support Topic - .tar, .c400, .c300, .GRANIT
2016-10-17 - ‘DealersChoice’ is Sofacy’s Flash Player Exploit Platform
2016-10-18 - Digitally Signed Malware Targeting Gaming Companies
2016-10-20 - RotorCrypt (RotoCrypt) Ransomware Tar Ransomware
2016-10-20 - TheMoon - A P2P botnet targeting Home Routers
2016-10-21 - BITTER- a targeted attack against Pakistan
2016-10-24 - Evasive Malware Detects and Defeats Virtual Machine Analysis
2016-10-24 - Introducing TrickBot, Dyreza’s successor
2016-10-25 - Houdini’s Magic Reappearance
2016-10-25 - TrickBot Banker Insights
2016-10-26 - Moonlight – Targeted attacks in the Middle East
2016-10-27 - BLACKGEAR Espionage Campaign Evolves, Adds Japan To Target List
2016-10-27 - In-Dev Ransomware forces you do to Survey before unlocking Computer
2016-10-27 - Inside the Gootkit C&C server
2016-10-27 - Mirai DDoS Botnet- Source Code & Binary Analysis
2016-10-28 - zxshell repository
2016-10-31 - Second Shadow Brokers dump released
2016-11-01 - Ursnif Malware- Deep Technical Dive
2016-11-02 - Exposing the EGO MARKET- the cybercrime performed by the Linux-Moose botnet
2016-11-02 - Linux-Moose- Still breathing
2016-11-02 - Nymaim Malware- Deep Technical Dive – Adventures in Evasive Malware
2016-11-07 - Little Trickbot Growing Up- New Campaign
2016-11-08 - Analysis of IOS.GUIINJECT Adware Library
2016-11-08 - Analysis of iOSGuiInject Adware Library
2016-11-08 - SPAMTORTE VERSION 2- DISCOVERY OF AN ADVANCED, MULTILAYERED SPAMBOT CAMPAIGN THAT IS BACK WITH A VENGEANCE
2016-11-09 - Down the H-W0rm Hole with Houdini’s RAT
2016-11-09 - Tricks of the Trade- A Deeper Look Into TrickBot’s Machinations
2016-11-10 - Floki Bot and the stealthy dropper
2016-11-14 - Doctor Web discovers a botnet that attacks Russian banks
2016-11-14 - Ransoc Desktop Locking Ransomware Ransacks Local Files and Social Media Profiles
2016-11-15 - CryptoLuck Ransomware being Malvertised via RIG-E Exploit Kits
2016-11-15 - Kronos Banking Trojan Used to Deliver New Point-of-Sale Malware
2016-11-15 - ScanPOS, new POS malware being distributed by Kronos
2016-11-17 - It’s Parliamentary - KeyBoy and the targeting of the Tibetan Community
2016-11-17 - Princess Locker decryptor
2016-11-21 - Android malware analysis with Radare- Dissecting the Triada Trojan
2016-11-21 - PrincessLocker – ransomware with not so royal encryption
2016-11-22 - Cobalt hackers executed massive, synchronized ATM heists across Europe, Russia
2016-11-22 - Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy
2016-11-23 - Analysis- Ursnif - spying on your data since 2007
2016-11-23 - InPage zero-day exploit used to attack financial institutions in Asia
2016-11-28 - A New All-in-One Botnet- Proteus
2016-11-28 - NetWire RAT Steals Payment Card Data
2016-11-30 - Bladabindi Remains A Constant Threat By Using Dynamic DNS Services
2016-11-30 - Shamoon 2- Return of the Disttrack Wiper
2016-11-30 - Shamoon- Back from the dead and destructive as ever
2016-12-01 - Alert (TA16-336A)- Avalanche (crimeware-as-a-service infrastructure)
2016-12-01 - CNACOM - Open Source Exploitation via Strategic Web Compromise
2016-12-06 - August in November- New Information Stealer Hits the Scene
2016-12-06 - Deep Analysis of the Online Banking Botnet TrickBot
2016-12-07 - August in November- New Information Stealer Hits the Scene
2016-12-07 - Floki Bot Strikes, Talos and Flashpoint Respond
2016-12-07 - The TrickBot Evolution
2016-12-08 - Thyssenkrupp victim of cyber attack
2016-12-09 - -Proof of Concept- CryptoWire Ransomware Spawns Lomix and UltraLocker Families
2016-12-09 - New Exo Android Trojan Sold on Hacking Forums, Dark Web
2016-12-09 - Windows 10- protection, detection, and response against recent Depriz malware attacks
2016-12-13 - The rise of TeleBots- Analyzing disruptive KillDisk attacks
2016-12-14 - MiKey - A Linux keylogger
2016-12-14 - Twin zero-day attacks- PROMETHIUM and NEODYMIUM target individuals in Europe
2016-12-15 - Goldeneye Ransomware – the Petya-Mischa combo rebranded
2016-12-15 - Let It Ride- The Sofacy Group’s DealersChoice Attacks Continue
2016-12-16 - Bayrob- Three suspects extradited to face charges in US
2016-12-19 - Dismantling a Nuclear Bot
2016-12-20 - Alice- A Lightweight, Compact, No-Nonsense ATM Malware
2016-12-20 - New Linux-Rakos threat- devices and servers under SSH scan (again)
2016-12-22 - Tofsee Spambot features .ch DGA - Reversal and Countermesaures
2016-12-23 - Emsisoft Decryptor for GlobeImposter
2016-12-26 - Rocket Kitten
2016-12-27 - ANALYSIS OF AUGUST STEALER MALWARE
2016-12-27 - Pegasus internals- Technical Teardown of the Pegasus malware and Trident exploit chain
2016-12-28 - Switcher- Android joins the ‘attack-the-router’ club
2016-12-29 - GRIZZLY STEPPE – Russian Malicious Cyber Activity
2016-12-29 - Some notes on IoCs
Malware Analysis 2017
2017-01-01 - Mac Malware of 2016
2017-01-03 - Technical details on the Fancy Bear Android malware (poprd30.apk)
2017-01-04 - Exposing an AV-Disabling Driver Just in Time for Lunch
2017-01-04 - FireCrypt Ransomware Comes With a DDoS Component
2017-01-04 - Technical analysis of CryptoMix-CryptFile2 ransomware
2017-01-05 - DragonOK Updates Toolset and Targets Multiple Geographic Regions
2017-01-05 - KillDisk now targeting Linux- Demands $250K ransom, but can’t decrypt
2017-01-05 - Taiwan ATM heist linked to European hacking spree- security firm
2017-01-06 - 2016 Updates to Shifu Banking Trojan
2017-01-09 - Second Wave of Shamoon 2 Attacks Identified
2017-01-10 - Client Maximus- New Remote Overlay Malware Highlights Rising Malcode Sophistication in Brazil
2017-01-10 - Ransomware Recap- Dec. 19 - Dec. 31, 2016
2017-01-11 - Post-holiday spam campaign delivers Neutrino Bot
2017-01-12 - New Variant of Ploutus ATM Malware Observed in the Wild in Latin America
2017-01-12 - The “EyePyramid” attacks
2017-01-13 - Finfisher rootkit analysis
2017-01-17 - Carbanak Group uses Google for malware command-and-control
2017-01-17 - EITEST RIG-V FROM 92.53.127.86 SENDS SPORA RANSOMWARE
2017-01-17 - New GhostAdmin Malware Used for Data Theft and Exfiltration
2017-01-18 - Finding the RAT’s Nest
2017-01-18 - Flashback Wednesday- Pakistani Brain
2017-01-18 - New Mac backdoor using antiquated code
2017-01-18 - Newly discovered Mac malware found in the wild also works well on Linux
2017-01-18 - Spora - the Shortcut Worm that is also a Ransomware
2017-01-18 - Ukraine's power outage was a cyber attack- Ukrenergo
2017-01-19 - New Satan Ransomware available through a Ransomware as a Service
2017-01-20 - Doctor Web anticipates increase in number of banking Trojan attacks on Android users
2017-01-21 - Sage 2.0 Ransomware
2017-01-22 - OurMine
2017-01-22 - Russian Hacker behind 'NeverQuest' Malware, Wanted by FBI, Is Arrested in Spain
2017-01-23 - Greenbug cyberespionage group targeting Middle East, possible links to Shamoon
2017-01-24 - Charger Malware Calls and Raises the Risk on Google Play
2017-01-25 - Detecting threat actors in recent German industrial attacks with Windows Defender ATP
2017-01-26 - Around the World With Zeus Sphinx- From Canada to Australia and Back
2017-01-26 - Deep Analysis of Android Rootnik Malware Using Advanced Anti-Debug and Anti-Hook, Part I- Debugging in The Scope of Native Layer
2017-01-26 - Deep Analysis of Android Rootnik Malware Using Advanced Anti-Debug and Anti-Hook, Part II- Analysis of The Scope of Java
2017-01-26 - Malware ChChes interacts with C & C server using Cookie header
2017-01-26 - Zbot with legitimate applications on board
2017-01-30 - Downeks and Quasar RAT Used in Recent Targeted Attacks Against Governments
2017-01-30 - EyePyramid- An Archaeological Journey
2017-01-30 - Nymaim revisited
2017-01-30 - Sage 2.0 comes with IP Generation Algorithm (IPGA)
2017-01-31 - Locky Bart ransomware and backend server analysis
2017-01-31 - Malicious Office files using fileless UAC bypass to drop KEYBASE malware
2017-02-02 - KopiLuwak- A New JavaScript Payload from Turla
2017-02-02 - Oops, they did it again- APT Targets Russia and Belarus with ZeroT and PlugX
2017-02-02 - Ransomware Recap- January 14 - 29, 2017
2017-02-03 - Zeus Panda Webinjects- a case study
2017-02-04 - Russen faalden bij hackpogingen ambtenaren op Nederlandse ministeries
2017-02-05 - Detailed threat analysis of Shamoon 2.0 Malware
2017-02-06 - Polish Banks Infected with Malware Hosted on Their Own Government's Site
2017-02-06 - Threat Spotlight- Satan
2017-02-06 - iKittens- Iranian Actor Resurfaces with Malware for Mac (MacDownloader)
2017-02-07 - Erebus Ransomware Utilizes a UAC Bypass and Request a 90 Ransom Payment
2017-02-09 - Shell Crew Variants Continue to Fly Under Big AV’s Radar
2017-02-10 - PowerSploit
2017-02-12 - Attackers target dozens of global banks with new malware
2017-02-12 - Attackers target dozens of global banks with new
2017-02-12 - Lazarus & Watering-hole attacks
2017-02-14 - New Android trojan mimics user clicks to download dangerous malware
2017-02-14 - REMCOS- A New RAT In The Wild
2017-02-14 - Sage 2.0 analysis
2017-02-14 - XAgentOSX- Sofacy’s XAgent macOS Tool
2017-02-15 - Banking Trojans- Ursnif Global Distribution Networks Identified
2017-02-15 - Inside OilRig -- Tracking Iran's Busiest Hacker Crew On Its Global Rampage
2017-02-15 - Iranian PupyRAT Bites Middle Eastern Organizations
2017-02-15 - Magic Hound Campaign Attacks Saudi Targets
2017-02-15 - The Rambo Backdoor
2017-02-16 - Breaking The Weakest Link Of The Strongest Chain
2017-02-16 - Demystifying targeted malware used against Polish banks
2017-02-16 - Iranian hackers behind the Magic Hound campaign linked to Shamoon
2017-02-16 - Nefarious Macro Malware drops “Loki Bot” to steal sensitive information across GCC countries!
2017-02-16 - menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations
2017-02-16 - reGeorg
2017-02-18 - Hackers Selling Undetectable Proton Malware for macOS in 40 BTC
2017-02-20 - Lazarus’ False Flag Malware
2017-02-20 - Part I. Russian APT - APT28 collection of samples including OSX XAgent
2017-02-21 - New(ish) Mirai Spreader Poses New Risks
2017-02-22 - Bella- A pure python, post-exploitation, data mining tool and remote administration tool for macOS.
2017-02-22 - Dissecting the Qadars Banking Trojan
2017-02-22 - New crypto‑ransomware hits macOS
2017-02-23 - Korean MalDoc Drops Evil New Years Presents
2017-02-23 - Released Android malware source code used to run a banking botnet
2017-02-24 - Hunting Retefe with Splunk - some interesting points
2017-02-24 - Necurs Proxy Module With DDOS Features
2017-02-25 - Silent RIFLE Response Against Advanced Threat
2017-02-26 - TreasureHunter - A POS Malware Case Study
2017-02-27 - New Neutrino Bot comes in a protective loader
2017-02-27 - Shamoon- Multi-staged destructive attacks limited to specific targets
2017-02-27 - Spambot safari #2 - Online Mail System
2017-02-27 - The Deception Project- A New Japanese-Centric Threat
2017-02-27 - The Gamaredon Group Toolset Evolution
2017-02-28 - Dridex’s Cold War- Enter AtomBombing
2017-03-01 - GootKit Developers Dress It Up With Web Traffic Proxy
2017-03-01 - How Does the Trickbot Malware Work-
2017-03-01 - Poorly coded Lamdelin Lockscreen Ransomware lets you in using Alt+F4
2017-03-01 - Ransomware for Dummies- Anyone Can Do It
2017-03-01 - Threat Spotlight- Flokibot PoS Malware
2017-03-02 - Update on the Fancy Bear Android malware (poprd30.apk)
2017-03-06 - 0-Day- Dahua backdoor Generation 2 and 3
2017-03-07 - Vault 7- CIA Hacking Tools Revealed
2017-03-08 - RawPOS Malware Rides Again
2017-03-09 - Spora Ransomware- Understanding the HTA Infection Vector
2017-03-10 - Explained- Spora ransomware
2017-03-10 - Preinstalled Malware Targeting Mobile Users
2017-03-11 - Wikileaks Vault7 JQJSNICKER code leak
2017-03-13 - Detecting and eliminating Chamois, a fraud botnet on Android
2017-03-13 - Moving Target Defense Blog
2017-03-13 - Zeus Panda Webinjects- Don’t trust your eyes
2017-03-14 - Analyzing and Deobfuscating FlokiBot Banking Trojan
2017-03-14 - PetrWrap- the new Petya-based ransomware used in targeted attacks
2017-03-15 - MajikPOS Combines PoS Malware and RATs to Pull Off its Malicious Tricks
2017-03-15 - NexusLogger- A New Cloud-based Keylogger Enters the Market
2017-03-15 - Revenge Ransomware a CryptoMix Variant Being Distributed by RIG Exploit Kit
2017-03-15 - Teardown of Android-Ztorg (Part 2)
2017-03-15 - Teardown of a Recent Variant of Android-Ztorg (Part 1)
2017-03-15 - Vaccinating against Spora ransomware- a proof-of-concept tool by Minerva
2017-03-16 - Fileless Malware Campaigns Tied to Same Attacker
2017-03-17 - Diamond Fox – part 1- introduction and unpacking
2017-03-17 - Grabbot is Back to Nab Your Data
2017-03-20 - Necurs Diversifies Its Portfolio
2017-03-21 - Hunt Case Study- Hunting Campaign Indicators on Privacy Protected Attack Infrastructure
2017-03-21 - Inside the Hunt for Russia’s Most Notorious Hacker
2017-03-22 - El Machete's Malware Attacks Cut Through LATAM
2017-03-22 - Winnti Abuses GitHub for C&C Communications
2017-03-23 - Tales from the Trenches- Loki Bot Malware
2017-03-24 - Terror EK via Malvertising delivers Tofsee Spambot
2017-03-26 - Shamoon 2- Delivering Disttrack
2017-03-27 - Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005
2017-03-28 - Cerber Starts Evading Machine Learning
2017-03-28 - Dimnie- Hiding in Plain Sight
2017-03-28 - Russian Citizen Pleads Guilty for Involvement in Global Botnet Conspiracy
2017-03-28 - The NukeBot Trojan, a Bruised Ego and a Surprising Source Code Leak
2017-03-28 - Threat Spotlight- GhostAdmin Malware
2017-03-29 - Explained- Sage ransomware
2017-03-29 - New Mirai Variant Launches 54 Hour DDoS Attack against US College
2017-03-29 - Trojanized Adobe installer used to install DragonOK’s new custom backdoor
2017-03-30 - Carbon Paper- Peering into Turla’s second stage backdoor
2017-03-30 - EquationDrug rootkit analysis (mstcp32.sys)
2017-03-30 - Hi-Tech Crime Trends 2016
2017-03-30 - Trochilus and New MoonWind RATs Used In Attack Against Thai Organizations
2017-03-31 - Threat Round-up for Mar 24 - Mar 31
2017-04-03 - DHL Invoice Malspam-Photo Malspam
2017-04-03 - Dissecting One of APT29’s Fileless WMI and PowerShell Backdoors (POSHSPY)
2017-04-03 - IAAF Says It Has Been Hacked, Athlete Medical Info Accessed
2017-04-03 - Introducing ROKRAT
2017-04-03 - Lazarus APT Spinoff Linked to Banking Hacks
2017-04-03 - Lazarus under the Hood
2017-04-03 - Moonlight Maze- Lessons from history
2017-04-03 - RedLeaves - Malware Based on Open Source RAT
2017-04-03 - Shadow Server Domains Leading to RIG Exploit Kit Dropping Smoke Loader. Downloaded Neutrino Bot (AKA Kasidet).
2017-04-03 - Shadow Server Domains Leading to RIG Exploit Kit Dropping Smoke Loader
2017-04-03 - オープンソースのRATを改良したマルウエアRedLeaves
2017-04-04 - ATMitch- remote administration of ATMs
2017-04-04 - Chasing Lazarus- A Hunt for the Infamous Hackers to Prevent Large Bank Robberies
2017-04-04 - POSHSPY backdoor code
2017-04-05 - In-Depth Look at New Variant of MONSOON APT Backdoor, Part 1
2017-04-05 - In-Depth Look at New Variant of MONSOON APT Backdoor, Part 2
2017-04-05 - Targeted Attacks in the Middle East Using KASPERAGENT and MICROPSIA
2017-04-05 - ”BrickerBot” Results In PDoS Attack
2017-04-06 - APT10 (MenuPass Group)- New Tools, Global Campaign Latest Manifestation of Longstanding Threat
2017-04-06 - Chinese Nation-State Hackers Target U.S in Operation TradeSecret
2017-04-06 - Diamond Fox – part 2- let’s dive in the code
2017-04-06 - New IoT-Linux Malware Targets DVRs, Forms Botnet
2017-04-06 - Sathurbot- Distributed WordPress password attack
2017-04-06 - Self-Proclaimed ‘Nuclear Bot’ Author Weighs U.S. Job Offer
2017-04-07 - The Blockbuster Sequel
2017-04-10 - DOJ moves to topple Kelihos, one of the world's largest botnets
2017-04-10 - Justice Department Announces Actions to Dismantle Kelihos Botnet
2017-04-10 - Longhorn Cyber-Espionage Group Is Actually the CIA
2017-04-10 - Longhorn- Tools used by cyberespionage group linked to Vault 7
2017-04-10 - ShadowBrokers Dump More Equation Group Hacks, Auction File Password
2017-04-11 - Unraveling the Lamberts Toolkit
2017-04-12 - ICS Alert (ICS-ALERT-17-102-01A)
2017-04-13 - A deeper look into malware abusing TeamViewer
2017-04-13 - Decrypting Bankbot communications.
2017-04-13 - Inside the Takedown of ZOMBIE SPIDER and the Kelihos Botnet
2017-04-13 - Stuxnet drivers- detailed analysis
2017-04-15 - Hajime - A Decentralized Modular Worm - Followup
2017-04-17 - Azazel
2017-04-17 - New NSA leak may expose its bank spying, Windows exploits
2017-04-17 - Python script for decoding DOUBLEPULSAR
2017-04-17 - Remove Search.searchetan.com Chrome New Tab Page
2017-04-18 - Coming Soon…
2017-04-18 - Github repository for trochilus RAT
2017-04-18 - Hajime worm battles Mirai for control of the Internet of Things
2017-04-18 - Shadow Brokers leaks show U.S. spies successfully hacked Russian, Iranian targets
2017-04-19 - Of Pigs and Malware- Examining a Possible Member of the Winnti Group
2017-04-19 - RawPOS- New Behavior Risks Identity Theft
2017-04-20 - Binary Options malvertising campaign drops ISFB banking Trojan
2017-04-20 - Cardinal RAT Active for Over Two Years
2017-04-21 - BrickerBot Author Claims He Bricked Two Million Devices
2017-04-21 - China Hacked South Korea Over Missile Defense, U.S. Firm Says
2017-04-21 - Elusive Moker Trojan is back
2017-04-21 - Researchers claim China trying to hack South Korea missile defense efforts
2017-04-23 - Let's Talk About FlexiSpy
2017-04-24 - FIN7 Evolution and the Phishing LNK
2017-04-24 - XPan, I am your father
2017-04-25 - 2017-04-25 - -GOOD MAN- CAMPAIGN RIG EK SENDS LATENTBOT
2017-04-25 - Linux Shishiga malware using LUA scripts
2017-04-25 - Philadelphia Ransomware Brings Customization to Commodity Malware
2017-04-25 - ShadowWali- New variant of the xxmm family of backdoors
2017-04-26 - BankBot, the Prequel
2017-04-26 - Hajime – Friend or Foe-
2017-04-26 - Who is behind this Chinese espionage group stealing our intellectual property-
2017-04-27 - APT Targets Financial Analysts with CVE-2017-0199
2017-04-27 - Alert (TA17-117A)- Intrusions Affecting Multiple Victims Across Multiple Sectors
2017-04-27 - Iranian Fileless Attack Infiltrates Israeli Organizations
2017-04-27 - OilRig Actors Provide a Glimpse into Development and Testing Efforts
2017-04-28 - KeyPlexer
2017-04-28 - Use of DNS Tunneling for C&C Communications
2017-05-01 - Another OSX.Dok dropper found installing new backdoor
2017-05-01 - Crouching Yeti (Energetic Bear) Malware
2017-05-02 - Covert Channels and Poor Decisions- The Tale of DNSMessenger
2017-05-02 - HackSpy-Trojan-Exploit
2017-05-02 - Philadelphia Ransomware
2017-05-02 - Shamoon Collaborator Greenbug Adopts New Communication Tool
2017-05-02 - Targeted attack against the Ukrainian military
2017-05-02 - Who is Mr Wu-
2017-05-03 - Deep Analysis of New Emotet Variant - Part 1
2017-05-03 - Hunting pack use case- RedLeaves malware
2017-05-03 - KONNI- A Malware Under The Radar For Years
2017-05-03 - Kazuar- Multiplatform Espionage Backdoor with API Access
2017-05-03 - Snake- Coming soon in Mac OS X flavour
2017-05-03 - To SDB, Or Not To SDB- FIN7 Leveraging Shim Databases for Persistence
2017-05-04 - Behind The Mystery Of Russia's 'Dyre' Hackers Who Stole Millions From American Business
2017-05-04 - Blackmoon Rising- Banking Trojan Back with New Framework
2017-05-04 - OSX Malware is Catching Up, and it wants to Read Your HTTPS Traffic
2017-05-05 - Inside Netrepser – a JavaScript-based Targeted Attack
2017-05-05 - Snake malware ported from Windows to Mac
2017-05-05 - Who is Mr Dong-
2017-05-05 - loki-parse
2017-05-07 - Loki-Bot- Come out, come out, wherever you are!
2017-05-08 - HandBrake for Mac Compromised with Proton Spyware
2017-05-09 - APT3 is Boyusec, a Chinese Intelligence Contractor
2017-05-09 - Deep Analysis of New Emotet Variant – Part 2
2017-05-09 - Persirai- New Internet of Things (IoT) Botnet Targets IP Cameras
2017-05-09 - RIG EK SENDS BUNITU TROJAN
2017-05-09 - Sednit adds two zero‑day exploits using ‘Trump’s attack on Syria’ as a decoy
2017-05-09 - Tracking Android BankBot
2017-05-10 - DiamondFox modular malware – a one-stop shop
2017-05-10 - Introducing Loda Malware
2017-05-10 - OSX-Proton.B
2017-05-10 - Proton.B- What this Mac malware actually does
2017-05-11 - Cyber Attack Impersonating Identity of Indian Think Tank to Target Central Bureau of Investigation CBI and Possibly Indian Army Officials
2017-05-11 - Jaff - New Ransomware From the Actors Behind the Distribution of Dridex, Locky, and Bart
2017-05-11 - Mac.BackDoor.Systemd.1
2017-05-12 - Global WannaCry ransomware outbreak uses known NSA exploits
2017-05-12 - U.K. Hospitals Hit in Widespread Ransomware Attack
2017-05-12 - WannaCry ransomware that infected Telefonica and NHS hospitals is spreading aggressively, with over 50,000 attacks so far today
2017-05-12 - WannaCry ransomware used in widespread attacks all over the world
2017-05-12 - WannaCrypt ransomware worm targets out-of-date systems
2017-05-12 - Warning- Massive -WannaCry- Ransomware campaign launched
2017-05-12 - ‘WCry’ Virus Reportedly Infects Russian Interior Ministry's Computer Network
2017-05-13 - How to Accidentally Stop a Global Cyber Attacks
2017-05-14 - Cyber Espionage is Alive and Well- APT32 and the Threat to Global Corporations
2017-05-15 - Adylkuzz Cryptocurrency Mining Malware Spreading for Weeks Via EternalBlue-DoublePulsar
2017-05-15 - Evolution of the GOLD EVERGREEN Threat Group
2017-05-16 - 2017-05-16 - MORE EXAMPLES OF MALSPAM PUSHING JAFF RANSOMWARE
2017-05-16 - DocuSign Phishing Campaign Includes Hancitor Downloader
2017-05-16 - WannaCry - WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm
2017-05-16 - Wannacryptor Ransomworm
2017-05-17 - New Loki Variant Being Spread via PDF File
2017-05-18 - UIWIX – Evasive Ransomware Exploiting ETERNALBLUE
2017-05-19 - How did the WannaCry ransomworm spread-
2017-05-22 - WannaCry- Ransomware attacks show strong links to Lazarus group
2017-05-23 - Modified Zyklon and plugins from India
2017-05-23 - Ocean Lotus Group-APT 32 identified as Vietnamese APT group
2017-05-23 - Quakbot
2017-05-23 - XData ransomware making rounds amid global WannaCryptor scare
2017-05-24 - APT32- New Cyber Espionage Group
2017-05-24 - Analysis of Emotet v4
2017-05-24 - Operation Cobalt Kitty- A large-scale APT in Asia carried out by the OceanLotus Group
2017-05-25 - Dridex- A History of Evolution
2017-05-25 - EternalRocks (a.k.a. MicroBotMassiveNet)
2017-05-25 - Lazarus- History of mysterious group behind infamous cyber attacks
2017-05-25 - Linguistic Analysis of WannaCry Ransomware Messages Suggests Chinese-Speaking Authors
2017-05-26 - TrickBot’s bag of tricks
2017-05-27 - From PDNS- Another fix length of 7, a-z. tlds- [ru, com]
2017-05-29 - Gozi Tree
2017-05-30 - Bankbot on Google Play
2017-05-30 - Mole ransomware- analysis and decryptor
2017-05-31 - APT16
2017-05-31 - APT17
2017-05-31 - APT18
2017-05-31 - APT29
2017-05-31 - Necurs Recurs
2017-05-31 - Operation Bachosens- A detailed look into a long-running cyber crime campaign
2017-05-31 - Writing PCRE's for applied passive network defense [Emotet]
2017-06-01 - FIREBALL – The Chinese Malware of 250 Million Computers Infected
2017-06-01 - Microsoft Word Intruder Integrates CVE-2017-0199, Utilized by Cobalt Group to Target Financial Institutions
2017-06-02 - QakBot Banking Trojan Causes Massive Active Directory Lockouts
2017-06-05 - A JavaScript and VBScript Based Empire Launcher - by Cn33liz 2017
2017-06-05 - HandBrake Hacked! - osx-proton (re)appears
2017-06-05 - Set up your own malware analysis lab with VirtualBox, INetSim and Burp
2017-06-06 - Privileges and Credentials- Phished at the Request of Counsel
2017-06-06 - Turla’s watering hole campaign- An updated Firefox extension abusing Instagram
2017-06-07 - PLATINUM continues to evolve, find ways to maintain invisibility
2017-06-07 - Rig EK via Fake EVE Online website drops Bunitu
2017-06-07 - Russian malware link hid in a comment on Britney Spears' Instagram
2017-06-08 - Dvmap- the first Android malware with code injection
2017-06-08 - LatentBot piece by piece
2017-06-08 - THE SEVEN YEAR ITCH
2017-06-09 - Another Banker Enters the Matrix
2017-06-09 - FIN7 Takes Another Bite at the Restaurant Industry
2017-06-09 - MacRansom- Offered as Ransomware as a Service
2017-06-09 - MacSpy- OS X Mac RAT as a Service
2017-06-12 - 2017-06-12 - LOKI BOT MALSPAM - SUBJECT- RE- PURCHASE ORDER 457211
2017-06-12 - Alert (TA17-163A)
2017-06-12 - Bahamut, Pursuing a Cyber Espionage Actor in the Middle East
2017-06-12 - Behind the CARBANAK Backdoor
2017-06-12 - Industroyer- Biggest threat to industrial control systems since Stuxnet
2017-06-12 - OSX-MacRansom
2017-06-12 - Open Source Malware - Sharing is caring-
2017-06-13 - HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure
2017-06-13 - Threat Spotlight- Breaking Down FF-Rat Malware
2017-06-14 - Phantom of the Opaera- New KASPERAGENT Malware Campaign
2017-06-15 - DUBrute
2017-06-15 - Trickbot Expands Global Targets Beyond Banks and Payment Processors to CRMs
2017-06-15 - Zeus Sphinx Pushes Empty Configuration Files — What Has the Sphinx Got Cooking-
2017-06-19 - Delphi Used To Score Against Palestine
2017-06-19 - Erebus Resurfaces as Linux Ransomware
2017-06-20 - AdGholas Malvertising Campaign Using Astrum EK to Deliver Mole Ransomware
2017-06-20 - Ztorg- from rooting to SMS
2017-06-21 - Player 1 Limps Back Into the Ring - Hello again, Locky!
2017-06-22 - Following the Trail of BlackTech’s Cyber Espionage Campaigns
2017-06-22 - Locky Ransomware Returns, but Targets Only Windows XP & Vista
2017-06-22 - Loki-Bot- InformationStealer, Keylogger, &More!
2017-06-22 - The New and Improved macOS Backdoor from OceanLotus
2017-06-22 - The Trail of BlackTech’s Cyber Espionage Campaigns
2017-06-26 - How Spora ransomware tries to fool antivirus
2017-06-27 - BRONZE UNION Cyberespionage Persists Despite Disclosures
2017-06-27 - Checking out the new Petya variant
2017-06-27 - Neutrino modification for POS-terminals
2017-06-27 - New Ransomware Variant -Nyetya- Compromises Systems Worldwide
2017-06-27 - New WannaCryptor‑like ransomware attack hits globally- All you need to know
2017-06-27 - New ransomware, old techniques- Petya adds worm capabilities
2017-06-27 - Paranoid PlugX
2017-06-27 - Schroedinger’s Pet(ya)
2017-06-28 - CrowdStrike Protects Against NotPetya Attack
2017-06-28 - ExPetr-Petya-NotPetya is a Wiper, Not Ransomware
2017-06-28 - In-Depth Analysis of A New Variant of .NET Malware AgentTesla
2017-06-28 - Why NotPetya Kept Me Awake (& You Should Worry Too)
2017-06-28 - 日本企業を狙う高度なサイバー攻撃の全貌 – BRONZE BUTLER
2017-06-29 - EternalPetya and the lost Salsa20 key
2017-06-29 - Information Stealer Found Hitting Israeli Hospitals
2017-06-29 - NonPetya- no evidence it was a -smokescreen-
2017-06-29 - Ransomware Attacks Continue in Ukraine with Mysterious WannaCry Clone
2017-06-29 - Windows 10 platform resilience against the Petya ransomware attack
2017-06-30 - EternalPetya – yet another stolen piece in the package-
2017-06-30 - From BlackEnergy to ExPetr
2017-06-30 - TeleBots are back- Supply‑chain attacks against Ukraine
2017-07-01 - TrickBot Banking Trojan - DOC00039217.doc
2017-07-02 - ISFB- Still Live and Kicking
2017-07-03 - 'NotPetya' malware attacks could warrant retaliation, says Nato affiliated-researcher
2017-07-03 - NotPetya Technical Analysis Part II- Further Findings and Potential for MBR Recovery
2017-07-03 - Who is behind Petna-
2017-07-04 - Analysis of TeleBots’ cunning backdoor
2017-07-04 - Important information about Night Dragon
2017-07-04 - Industroyer
2017-07-04 - MALSPAM WITH JAVA-BASED RAT
2017-07-05 - New Azer CryptoMix Ransomware Variant Released
2017-07-05 - SLocker Mobile Ransomware Starts Mimicking WannaCry
2017-07-05 - Security 101- The Impact of Cryptocurrency-Mining Malware
2017-07-05 - The MeDoc Connection
2017-07-05 - Trump Zombies- New IoT Zombies Attacking 'In Trump's Name'
2017-07-06 - New KONNI Campaign References North Korean Missile Capabilities
2017-07-07 - 94 .ch & .li domain names hijacked and used for drive-by
2017-07-08 - A VBScript with Obfuscated Base64 Data
2017-07-08 - Analysis of A New Variant of Konni RAT
2017-07-10 - Upatre - Trojan Downloader
2017-07-11 - Ordinypt hat es auf Benutzer aus Deutschland abgesehen
2017-07-11 - Spam Campaign Delivers Cross-platform Remote Access Trojan Adwind
2017-07-12 - A .NET malware abusing legitimate ffmpeg
2017-07-12 - Iranian Hackers Have Been Infiltrating Critical Infrastructure Companies
2017-07-12 - LockPoS Joins the Flock
2017-07-12 - The Magala Trojan Clicker- A Hidden Advertising Threat
2017-07-13 - Meet Ovidiy Stealer- Bringing credential theft to the masses
2017-07-13 - OSX-Dok Refuses to Go Away and It’s After Your Money
2017-07-14 - Keeping up with the Petyas- Demystifying the malware family
2017-07-15 - Mirai BotNet Source Code
2017-07-17 - Android Backdoor GhostCtrl can Silently Record Your Audio, Video, and More
2017-07-17 - It’s baaaack- Public cyber enemy Emotet has returned
2017-07-17 - WMIGhost - Wimmie - WMI malware
2017-07-18 - Linux Users Urged to Update as a New Threat Exploits SambaCry
2017-07-18 - Ten process injection techniques- A technical survey of common and trending process injection techniques
2017-07-19 - 'DarkHotel' APT Uses New Methods to Target Politicians
2017-07-19 - The NukeBot banking Trojan- from rough drafts to real threats
2017-07-20 - Rurktar - Spyware under Construction
2017-07-20 - Stantinko- A massive adware campaign operating covertly since 2012
2017-07-24 - Bye, bye Petya! Decryptor for old versions released.
2017-07-24 - Let's Learn- Reversing Credential and Payment Card Information Stealer 'AZORult V2'
2017-07-24 - Real News, Fake Flash- Mac OS X Users Targeted
2017-07-24 - Spring Dragon – Updated Activity
2017-07-24 - The Seamless Campaign Drops Ramnit. Follow-up Malware- AZORult Stealer, Smoke Loader, etc.
2017-07-25 - Dridex Loot
2017-07-25 - HawkEye Credential Theft Malware Distributed in Recent Phishing Campaign
2017-07-25 - “Perverse” malware infecting hundreds of Macs remained undetected for years
2017-07-25 - “Tick” Group Continues Attacks
2017-07-27 - After Big Takedown Efforts, 20 More BankBot Mobile Malware Apps Make It Into Google Play
2017-07-27 - ChessMaster Makes its Move- A Look into the Campaign’s Cyberespionage Arsenal
2017-07-27 - New Version of “Trickbot” Adds Worm Propagation Module
2017-07-27 - OilRig Uses ISMDoor Variant; Possibly Linked to Greenbug Threat Group
2017-07-27 - The Curious Case of Mia Ash- Fake Persona Lures Middle Eastern Targets
2017-07-27 - With Fake News And Femmes Fatales, Iran's Spies Learn To Love Facebook
2017-07-31 - A new era in mobile banking Trojans
2017-07-31 - FIN7-Carbanak threat actor unleashes Bateleur JScript backdoor
2017-07-31 - TwoFace Webshell- Persistent Access Point for Lateral Movement
2017-08-01 - Prince of Persia – Ride the Lightning- Infy returns as “Foudre”
2017-08-01 - TrickBot comes up with new tricks- attacking Outlook and browsing data
2017-08-02 - A Look at JS_POWMET, a Completely Fileless Malware
2017-08-02 - Malspam delivers Xtreme RAT 8-1-2017
2017-08-03 - Taking the FIRST look at Crypt0l0cker
2017-08-04 - Smoke Loader Adds Additional Obfuscation Methods to Mitigate Analysis
2017-08-05 - Analysis of New GlobeImposter Ransomware Variant
2017-08-07 - Backdoor-carrying Emails Set Sights on Russian-speaking Businesses
2017-08-07 - New Variants of Agent.BTZ-ComRAT Found- The Threat That Hit The Pentagon In 2008 Still Evolving; Part 1-2
2017-08-08 - HBO breach accomplished with hard work by hacker, poor security practices by victim
2017-08-08 - WTF is Mughthesec!-
2017-08-09 - The return of Mamba ransomware
2017-08-10 - Globe Imposter Ransomware Makes a New Run
2017-08-10 - Weltweite Spamwelle verbreitet teuflische Variante des Locky
2017-08-11 - Ukrainian Man Arrested, Charged in NotPetya Distribution
2017-08-13 - Analysis of APT28 hospitality malware (Part 2)
2017-08-14 - The Blockbuster Saga Continues
2017-08-15 - A Quick Look at a New KONNI RAT Variant
2017-08-15 - Secrets of Cobalt
2017-08-15 - ShadowPad in corporate networks
2017-08-16 - Locky Ransomware switches to the Lukitus extension for Encrypted Files
2017-08-16 - Quick look at another Alina fork- XBOT-POS
2017-08-16 - SyncCrypt Ransomware Hides Inside JPG Files Appends KK Extension
2017-08-17 - HBO Twitter and Facebook Accounts Hacked by OurMine
2017-08-17 - Turla APT actor refreshes KopiLuwak JavaScript backdoor for use in G20-themed attack
2017-08-18 - Inside the Kronos malware – part 1
2017-08-18 - KOVTER- An Evolving Malware Gone Fileless
2017-08-20 - return of fake UPS cannot deliver malspam with an updated nemucod ransomware and Kovter payload
2017-08-21 - Cyberespionage Group Turla Deploys Backdoor Ahead of G20 Task Force Summit
2017-08-22 - Gamescom 2017- It’s all fun and games until black hats step in
2017-08-22 - Phishing attack at Raiffeisen Bank by MazarBot
2017-08-23 - CSGO Hacks for Mac That You Shouldnt Trust
2017-08-23 - Deep Analysis of New Poison Ivy Variant
2017-08-23 - The Seamless Campaign Isn’t Losing Any Steam
2017-08-24 - Bad Rabbit- Not‑Petya is back with improved ransomware
2017-08-24 - Crystal Finance Millennium used to spread malware
2017-08-24 - Defray - New Ransomware Targeting Education and Healthcare Verticals
2017-08-24 - Malicious Chrome Extensions Stealing Roblox In-Game Currency, Sending Cookies via Discord
2017-08-24 - Naikon Targeted Attacks
2017-08-24 - New Defray Ransomware Targets Education and Healthcare Verticals
2017-08-25 - New Arena Crysis Ransomware Variant Released
2017-08-25 - Operation RAT Cook- Chinese APT actors use fake Game of Thrones leaks as lures
2017-08-25 - Schtasks-Backdoor
2017-08-25 - The WireX Botnet- How Industry Collaboration Disrupted a DDoS Attack
2017-08-26 - US Arrests Chinese Man Involved With Sakula Malware Used in OPM and Anthem Hacks
2017-08-28 - New Nuclear BTCWare Ransomware Released Updated
2017-08-28 - Tech Firms Team Up to Take Down ‘WireX’ Android DDoS Botnet
2017-08-29 - From Onliner Spambot to millions of email's lists and credentials
2017-08-29 - Inside the Kronos malware – part 2
2017-08-29 - Jimmy Nukebot- from Neutrino with love
2017-08-29 - Second Google Chrome Extension Banker Malware in Two Weeks
2017-08-30 - Introducing WhiteBear
2017-08-30 - New ESET research uncovers Gazer, the stealthy backdoor that spies on embassies
2017-08-31 - Cobian RAT - A backdoored RAT
2017-08-31 - Lookout discovers sophisticated xRAT malware tied to 2014 “Xsser - mRAT” surveillance campaign against Hong Kong protesters
2017-08-31 - Updated KHRAT Malware Used in Cambodia Attacks
2017-09-01 - EHDevel – The story of a continuously improving advanced threat creation toolkit
2017-09-01 - EITest- HoeflerText Popups Targeting Google Chrome Users Now Push RAT Malware
2017-09-01 - New Android Trojan - Red Alert 2.0 - Targeting Banks and Social Apps
2017-09-01 - Vxer is offering Cobian RAT in the underground, but it is backdoored
2017-09-04 - Despite appearances, WikiLeaks wasn’t hacked
2017-09-05 - Graftor - But I Never Asked for This…
2017-09-05 - Kingdom targeted by new malware
2017-09-05 - Rehashed RAT Used in APT Campaign Against Vietnamese Organizations
2017-09-05 - The Mirai Botnet- A Look Back and Ahead At What's Next
2017-09-06 - Analysing a 10-Year-Old SNOWBALL
2017-09-06 - ShadowBrokers are back demanding nearly $4m and offering 2 dumps per month
2017-09-07 - EMOTET Returns, Starts Spreading via Spam Botnet
2017-09-07 - New NSA Data Dump- ShadowBrokers Release UNITEDRAKE Malware
2017-09-09 - Vault 8- Hive
2017-09-11 - “Re- Details” Malspam Downloads CoreBot Banking Trojan
2017-09-12 - FireEye Uncovers CVE-2017-8759- Zero-Day Used in the Wild to Distribute FINSPY,FireEye Uncovers CVE-2017-8759- Zero-Day Used in the Wild to Distribute FINSPY
2017-09-12 - ThunderShell
2017-09-13 - New Variants of Agent.BTZ-ComRAT Found- The Threat That Hit The Pentagon In 2008 Still Evolving; Part 2-2
2017-09-15 - Deep Analysis of New Poison Ivy-PlugX Variant - Part II
2017-09-15 - Trojan-Win32-Enviserv.A
2017-09-15 - Trojan-Win32-Spyeye
2017-09-15 - TrojanSpy-Win32-Usteal
2017-09-15 - Welp, Vevo Just Got Hacked
2017-09-18 - An (un)documented Word feature abused by attackers
2017-09-18 - CCleanup- A Vast Number of Machines at Risk
2017-09-18 - Casting a Light on BlackEnergy
2017-09-18 - Morphisec Discovers CCleaner Backdoor Saving Millions of Avast Users
2017-09-19 - A Look Into The New Strain Of BankBot
2017-09-19 - A Modern Hypervisor as a Basis for a Sandbox
2017-09-20 - CCleaner Command and Control Causes Concern
2017-09-20 - Evidence Aurora Operation Still Active- Supply Chain Attack Through CCleaner
2017-09-20 - Insights into Iranian Cyber Espionage- APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware
2017-09-20 - Is Hajime botnet dead-
2017-09-20 - Progress on CCleaner Investigation
2017-09-20 - Red Alert 2.0 Android Trojan Spreads Via Third Party App Stores
2017-09-20 - The CCleaner Malware Fiasco Targeted at Least 18 Specific Tech Firms
2017-09-20 - The Formidable FormBook Form Grabber
2017-09-21 - APT33- New Insights into Iranian Cyber Espionage Group
2017-09-21 - Avast Threat Labs analysis of CCleaner incident
2017-09-21 - Fake IRS notice delivers customized spying tool
2017-09-21 - New FinFisher surveillance campaigns- Internet providers involved-
2017-09-21 - Rig EK via Rulan drops an Infostealer
2017-09-21 - This Ransomware Demands Nudes Instead of Bitcoin
2017-09-22 - EternalBlue Exploit Used in Retefe Banking Trojan Campaign
2017-09-22 - NRansom- Ransomware that demands your nudes
2017-09-25 - A simple example of a complex cyberattack
2017-09-25 - Additional information regarding the recent CCleaner APT security incident
2017-09-25 - Analyzing the Various Layers of AgentTesla’s Packing
2017-09-26 - Defray Ransomware Hits Healthcare and Education
2017-09-26 - Elaborate scripting-fu used in espionage attack against Saudi Arabia Government entity
2017-09-26 - Striking Oil- A Closer Look at Adversary Infrastructure
2017-09-26 - XPCTRA Malware Steals Banking and Digital Wallet User's Credentials
2017-09-27 - Threat Actor Profile- TA505, From Dridex to GlobeImposter
2017-09-28 - Money‑making machine- Monero‑mining malware
2017-09-28 - Threat Actors Target Government of Belarus Using CMSTAR Trojan
2017-09-29 - Ramnit – in-depth analysis
2017-10-02 - Evidence Aurora Operation Still Active Part 2- More Ties Uncovered Between CCleaner Hack & Chinese Hackers
2017-10-03 - The Flusihoc Dynasty, A Long Standing DDoS Botnet
2017-10-04 - Protecting the Software Supply Chain- Deep Insights into the CCleaner Backdoor
2017-10-05 - Analysis of a malicious DOC used by Turla APT group; hunting persistence via PowerShell
2017-10-05 - FreeMilk- A Highly Targeted Spear Phishing Campaign
2017-10-05 - Industroyer- Biggest threat to industrial control systems since Stuxnet
2017-10-05 - SYSCON Backdoor Uses FTP as a C&C Channel
2017-10-05 - Significant FormBook Distribution Campaigns Impacting the U.S. and South Korea
2017-10-09 - OilRig Group Steps Up Attacks with New Delivery Documents and New Injector Trojan
2017-10-10 - ATMii- a small but effective ATM robber
2017-10-10 - LokiBot - The first hybrid Android malware
2017-10-10 - Malvertising Campaign Uses RIG EK to Drop Quant Loader which Downloads FormBook.
2017-10-11 - More info on 'Evolved DNSMessenger'
2017-10-11 - Spoofed SEC Emails Distribute Evolved DNSMessenger
2017-10-11 - TrickBot Takes to Latin America, Continues to Expand Its Global Reach
2017-10-12 - BRONZE BUTLER Targets Japanese Enterprises
2017-10-12 - Emotet beutet Outlook aus
2017-10-12 - The Beer Drinker’s Guide to SAML
2017-10-13 - Blank Slate Malspam Stops Pushing Locky, Starts Pushing Sage 2.2 Randsomware
2017-10-13 - DoubleLocker- Innovative Android Ransomware
2017-10-13 - FIN7 Dissected- Hackers Accelerate Pace of Innovation
2017-10-13 - Rig EK via Malvertising drops a Smoke Loader leading to a Miner and AZORult
2017-10-16 - BlackOasis APT and new targeted attacks leveraging zero-day exploit
2017-10-16 - CoalaBot- http Ddos Bot
2017-10-16 - Leviathan- Espionage actor spearphishes maritime and defense targets
2017-10-16 - Taiwan Heist- Lazarus Tools and Ransomware
2017-10-17 - WaterMiner – a New Evasive Crypto-Miner
2017-10-18 - Magniber ransomware- exclusively for South Koreans
2017-10-19 - A New IoT Botnet Storm is Coming
2017-10-19 - A deeper look at Tofsee modules
2017-10-19 - APT28 racing to exploit CVE-2017-11292 Flash vulnerability before patches are deployed
2017-10-20 - Dragonfly- Western energy sector targeted by sophisticated attack group
2017-10-20 - IoT_reaper- A Rappid Spreading New IoT Botnet
2017-10-20 - JadeRAT mobile surveillanceware spikes in espionage activity
2017-10-20 - OSX-Proton spreading again through supply‑chain attack
2017-10-22 - “Cyber Conflict” Decoy Document Used In Real Cyber Conflict
2017-10-23 - Reaper- Calm Before the IoT Security Storm-
2017-10-24 - Bad Rabbit ransomware
2017-10-24 - Bad Rabbit- Not‑Petya is back with improved ransomware
2017-10-24 - New Ransomware Linked to NotPetya Sweeps Russia and Ukraine
2017-10-24 - NotPetya Returns as Bad Rabbit
2017-10-24 - Threat Spotlight- Follow the Bad Rabbit
2017-10-25 - Down the Rabbit Hole- Tracking the BadRabbit Ransomware to a Long Ongoing Campaign of Target Selection
2017-10-25 - SnatchLoader Reloaded
2017-10-26 - BACKSWING - Pulling a BADRABBIT Out of a Hat
2017-10-26 - Keranger- the first “in-the-wild” ransomware for Macs. But certainly not the last
2017-10-26 - New htpRAT Gives Complete Remote Control Capabilities to Chinese Cyber Threat Actors
2017-10-26 - ReversingLabs' YARA rule detects BadRabbit encryption routine specifics
2017-10-27 - Bahamut Revisited, More Cyber Espionage in the Middle East and South Asia
2017-10-27 - British security minister says North Korea was behind WannaCry hack on NHS
2017-10-27 - The big difference with Bad Rabbit
2017-10-27 - Threat Round Up for Oct 20 - Oct 27
2017-10-27 - Tracking Subaat Targeted Phishing Attack Leads to Threat Actors Repository
2017-10-27 - Tracking Subaat- Targeted Phishing Attack Leads to Threat Actor’s Repository
2017-10-27 - XiaoBa Ransomware
2017-10-29 - Sality Configuration Extractor (sality_extractor.py)
2017-10-30 - Coin Miner Mobile Malware Returns, Hits Google Play
2017-10-30 - Gaza Cybergang – updated activity in 2017-
2017-10-30 - Windigo Still not Windigone- An Ebury Update
2017-10-31 - Analyzing malware by API calls
2017-10-31 - Expiro Malware Is Back and Even Harder to Remove
2017-10-31 - ONI Ransomware Used in Month-Long Attacks Against Japanese Companies
2017-11-01 - CryptoShuffler Stole $150,000 by Replacing Bitcoin Wallet IDs in PC Clipboards
2017-11-01 - Everybody Gets One- QtBot Used to Distribute Trickbot and Locky
2017-11-01 - Silence of the Moles
2017-11-01 - Silence – a new Trojan attacking financial organizations
2017-11-01 - VB2017 - Offensive Malware Analysis - Dissecting OSX-FruitFly.B Via a Custom C&C Server
2017-11-02 - ADVENTURES WITH SMOKE LOADER
2017-11-02 - New Insights into Energetic Bear’s Watering Hole Cyber Attacks on Turkish Critical Infrastructure
2017-11-02 - Poisoning the Well- Banking Trojan Targets Google Search Results
2017-11-02 - Recent InPage Exploits Lead to Multiple Malware Families
2017-11-02 - The KeyBoys are back in town
2017-11-04 - How the FBI Took Down Russia's Spam King—And His Massive Botnet
2017-11-05 - Let's Learn- Lethic Spambot & Survey of Anti-Analysis Techniques
2017-11-06 - Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks
2017-11-07 - Locky Ransomware
2017-11-07 - REDBALDKNIGHT-BRONZE BUTLER’s Daserf Backdoor Now Using Steganography
2017-11-07 - Sowbug- Cyber espionage group targets South American and Southeast Asian governments
2017-11-08 - A short journey into DarkVNC attack chain
2017-11-08 - Analysis of an active USB flash drive virus
2017-11-08 - OilRig Deploys “ALMA Communicator” – DNS Tunneling Trojan
2017-11-08 - Overlay RAT Malware Uses AutoIt Scripting to Bypass Antivirus Detection
2017-11-09 - He Perfected a Password-Hacking Tool—Then the Russians Came Calling
2017-11-09 - Ordinypt Ransomware Intentionally Destroys Files, Currently Targeting Germany
2017-11-10 - CCleaner Stage 2- In-Depth Analysis of the Payload
2017-11-10 - New Malware with Ties to SunOrcal Discovered
2017-11-12 - Let's Learn- Dissecting Golroted Trojan's Process Hollowing Technique & UAC Bypass in HKCU-Environment
2017-11-12 - Seamless Campaign Delivers Ramnit via RIG EK at 188.225.82.158. Follow-up Malware is AZORult Stealer.
2017-11-13 - IcedID Banking Trojan Shares Code with Pony 2.0 Trojan
2017-11-13 - New Banking Trojan IcedID Discovered by IBM X-Force Research
2017-11-14 - Alert (TA17-318B)- HIDDEN COBRA – North Korean Trojan- Volgmer
2017-11-14 - HIDDEN COBRA – North Korean Remote Administration Tool- FALLCHILL
2017-11-14 - IceID Banking Trojan Targeting Banks, Payment Card Providers, E-Commerce Sites
2017-11-14 - Muddying the Water- Targeted Attacks in the Middle East
2017-11-15 - New EMOTET Hijacks a Windows API, Evades Sandbox and Analysis
2017-11-16 - CACTUSTORCH- Payload Generation for Adversary Simulations
2017-11-16 - Tropic Trooper goes mobile with Titan surveillanceware
2017-11-17 - [Part 1] - Analysing the New Linux-AES.DDoS IoT Malware
2017-11-19 - Iranian agents blackmailed BBC reporter with ‘naked photo’ threats
2017-11-20 - Android Malware Appears Linked to Lazarus Cybercrime Group
2017-11-20 - Cobalt Strikes Again- Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks
2017-11-20 - OSX.Proton spreading through fake Symantec blog
2017-11-20 - Operation Blockbuster Goes Mobile
2017-11-21 - Let's Learn- Trickbot Socks5 Backconnect Module In Detail
2017-11-21 - New campaigns spread banking malware through Google Play
2017-11-22 - A dive into MuddyWater APT targeting Middle-East
2017-11-22 - Trickbot Gang Evolves, Incorporates Account Checking Into Hybrid Attack Model
2017-11-23 - NECURS BOTNET MALSPAM PUSHES -SCARAB- RANSOMWARE
2017-11-24 - Mirai Activity Picks up Once More After Publication of PoC Exploit Code
2017-11-26 - Source Code of HIVE
2017-11-28 - Gaffe Reveals Full List of Targets in Spear Phishing Attack Using Cobalt Strike Against Financial Institutions
2017-11-28 - Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection
2017-11-28 - OSX.CPUMEANER New Cryptocurrency Mining Trojan Targets MacOS
2017-11-28 - ROKRAT Reloaded
2017-12 - Nine circles of Cerber
2017-12 - TRISIS- Analyzing Safety System Targeting Malware
2017-12-01 - Advanced Persistent Threat Groups
2017-12-02 - Scarabey Ransomware
2017-12-03 - Notes on Linux-BillGates
2017-12-04 - Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda)
2017-12-04 - New method of macro malware disguised as defense-related files
2017-12-05 - Warning- Satori, a Mirai Branch Is Spreading in Worm Style on Port 37215 and 52869
2017-12-06 - Champing at the Cyberbit Ethiopian Dissidents Targeted with New Commercial Spyware
2017-12-06 - Recam Redux - DeConfusing ConfuserEx
2017-12-07 - A Peculiar Case of Orcus RAT Targeting Bitcoin Investors
2017-12-07 - New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit
2017-12-08 - GratefulPOS credit card stealing malware - just in time for the shopping season
2017-12-08 - Interesting disguise employed by new Mac malware HiddenLotus
2017-12-08 - StrongPity2 spyware replaces FinFisher in MitM campaign – ISP involved-
2017-12-09 - 10 Years of Targeted Credential Phishing
2017-12-11 - Banking malware on Google Play targets Polish banks
2017-12-11 - BrickerBot Author Retires Claiming to Have Bricked over 10 Million IoT Devices
2017-12-11 - Malware – Snatch Loader- Reloaded
2017-12-11 - MoneyTaker- in pursuit of the invisible
2017-12-11 - OilRig Performs Tests on the TwoFace Webshell
2017-12-12 - MoneyTaker Hacker Group Steals Millions from US and Russian Banks
2017-12-13 - Maker of sneaky Mac adware sends security researcher cease-and-desist letters
2017-12-13 - Mirai IoT Botnet Co-Authors Plead Guilty
2017-12-13 - Tyupkin ATM Malware- Take The Money Now Or Never!
2017-12-13 - Update- Let's Learn- Reversing FIN6 -GratefulPOS- aka -FrameworkPOS- Point-of-Sale Malware in-Depth
2017-12-13 - WORK Cryptomix Ransomware Variant Released
2017-12-14 - APT32
2017-12-14 - Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure
2017-12-14 - Zeus Panda Banking Trojan Targets Online Holiday Shoppers
2017-12-15 - In depth analysis of malware exploiting CVE-2017-11826
2017-12-15 - Introducing the Adversary Playbook- First up, OilRig
2017-12-17 - r77 Rootkit
2017-12-18 - Collaborative Takedown Kills IoT Worm 'Satori'
2017-12-18 - Jack of all trades
2017-12-18 - MedusaHTTP DDoS Slithers Back into the Spotlight
2017-12-18 - New GnatSpy Mobile Malware Family Discovered
2017-12-19 - BrickerBot mod_plaintext Analysis
2017-12-19 - Cyberespionage Campaign Sphinx Goes Mobile With AnubisSpy
2017-12-19 - Let's Learn- Introducing New Trickbot LDAP -DomainGrabber- Module
2017-12-19 - North Korea Bitten by Bitcoin Bug- Financially motivated campaigns reveal new dimension of the Lazarus Group
2017-12-19 - Novel Excel Spreadsheet Attack Launches Password Stealing Malware Loki Bot
2017-12-20 - An End to “Smash-and-Grab” and a Move to More Targeted Approaches
2017-12-20 - Mining Insights- Infrastructure Analysis of Lazarus Group Cyber Attacks on the Cryptocurrency Industry
2017-12-20 - New version of mobile malware Catelites possibly linked to Cron cyber gang
2017-12-21 - Sednit update- How Fancy Bear Spent the Year
2017-12-22 - MALSPAM USES CVE-2017-0199 TO DISTRIBUTE REMCOS RAT
2017-12-22 - New DOC GlobeImposter Ransomware Variant Malspam Campaign Underway
2017-12-27 - Let's Learn- Cutlet ATM Malware Internals
2017-12-28 - PandaZeuS’s Christmas Gift- Change in the Encryption scheme
2017-12-30 - Analysis DarkSky Botnet
Malware Analysis 2018
2018-01-01 - Analyzing Ramnit used in Seamless campaign
2018-01-04 - Iran’s Cyber Ecosystem- Who Are the Threat Actors-
2018-01-04 - MALSPAM PUSHING PCRAT-GH0ST
2018-01-06 - Ostap malware analysis (Backswap dropper)
2018-01-08 - SkyRAT Powershell RAT
2018-01-09 - BestKorea
2018-01-10 - Analysis of BlackTech's latest APT attack
2018-01-10 - Hack Brief- Russian Hackers Release Apparent IOC Emails in Wake of Olympic Ban
2018-01-10 - Taiwanese cops give malware-laden USB sticks as prizes for security quiz
2018-01-11 - Ay MaMi
2018-01-11 - Malspam Entitled “Invoice attched for your reference” Delivers Agent Tesla Keylogger
2018-01-12 - Fake Spectre and Meltdown patch pushes Smoke Loader malware
2018-01-12 - Holiday lull- Not so much
2018-01-12 - Malware Displaying Porn Ads Discovered in Game Apps on Google Play
2018-01-12 - Sonja Analysis
2018-01-15 - Bootkits are not dead. Pitou is back!
2018-01-15 - GlobeImposter ransomware- A holiday gift from the Necurs botnet
2018-01-15 - New KillDisk Variant Hits Financial Organizations in Latin America
2018-01-16 - Analyzing the TRITON industrial malware
2018-01-16 - Anatomy of the thread suspension mechanism in Windows (Windows Internals)
2018-01-16 - First Activities of Cobalt Group in 2018- Spear Phishing Russian Banks
2018-01-16 - GlobeImposter Ransomware
2018-01-16 - Korea In The Crosshairs
2018-01-16 - Skygofree- Following in the footsteps of HackingTeam
2018-01-16 - Threat Spotlight- LockPOS Point of Sale Malware
2018-01-17 - A coin miner with a “Heaven’s Gate”
2018-01-17 - Art of Steal- Satori Variant is Robbing ETH BitCoin by Replacing Wallet Address
2018-01-17 - Exobot Author Calls It Quits and Sells Off Banking Trojan Source Code
2018-01-17 - Microsoft Office Vulnerabilities Used to Distribute Zyklon Malware in Recent Campaign
2018-01-17 - Reviewing the spam filters- Malspam pushing Gozi-ISFB
2018-01-17 - Turla group malware
2018-01-17 - Zumanek- novo malware tenta roubar credenciais de serviços das vítimas
2018-01-18 - The ARC of Satori
2018-01-21 - Evrial Trojan Switches Bitcoin Addresses Copied to Windows Clipboard
2018-01-22 - Op EvilTraffic CSE CybSec ZLAB Malware Analysis Report – Exclusive, tens of thousands of compromised sites involved in a new massive malvertising campaign
2018-01-22 - Paradise Ransomware strikes again
2018-01-22 - SamSam - The Evolution Continues Netting Over $325,000 in 4 Weeks
2018-01-22 - This hacking gang just updated the malware it uses against UK targets
2018-01-23 - A Walk-Through Tutorial, with Code, on Statically Unpacking the FinSpy VM- Part One, x86 Deobfuscation
2018-01-23 - Espionage Campaign Leverages Spear Phishing, RATs Against Turkish Defense Contractors
2018-01-23 - Maldoc (RTF) drops Loda Logger
2018-01-23 - Satori Author Linked to New Mirai Variant Masuta
2018-01-23 - Uncovering 2017’s Largest Malvertising Operation
2018-01-24 - A Look into the Lazarus Group’s Operations
2018-01-24 - Analyzing CrossRAT- A cross-platform implant, utilized in a global cyber-espionage campaign
2018-01-24 - Lazarus Campaign Targeting Cryptocurrencies Reveals Remote Controller Tool, an Evolved RATANKBA, and More
2018-01-24 - New HNS IoT Botnet Has Already Amassed 14K Bots
2018-01-24 - New Hide ‘N Seek IoT Botnet using custom-built Peer-to-Peer communication spotted in the wild
2018-01-25 - OilRig uses RGDoor IIS Backdoor on Targets in the Middle East
2018-01-25 - WannaMine Cryptomining- Harmless Nuisance or Disruptive Threat-
2018-01-26 - FriedEx- BitPaymer ransomware the work of Dridex authors
2018-01-26 - The TopHat Campaign- Attacks Within The Middle East Region Using Popular Third-Party Services
2018-01-26 - The Velso Ransomware Being Manually Installed by Attackers
2018-01-29 - GandCrab Ransomware Distributed by Exploit Kits Appends GDCB Extension
2018-01-29 - Let's Learn- Dissecting FormBook Infostealer Malware- Crypter & -RunLib.dll-
2018-01-29 - VERMIN- Quasar RAT and Custom Malware Used In Ukraine
2018-01-29 - Weekly TrickBot Analysis - End of w-c 22-Jan-2018 to 1000119
2018-01-30 - GandCrab ransomware distributed by RIG and GrandSoft exploit kits (updated)
2018-01-31 - Smominru Monero mining botnet making millions for operators
2018-01-31 - What are “WannaMine” attacks, and how do I avoid them-
2018-02-01 - JenX – Los Calvos de San Calvicie
2018-02-01 - Operation PZChao- a possible return of the Iron Tiger APT
2018-02-01 - Quick Test Drive of Trickbot (It now has a Monero Module)
2018-02-02 - Break Out Of The Tinynuke Malware
2018-02-02 - Gold Dragon Widens Olympics Malware Attacks, Gains Permanent Presence on Victims’ Systems
2018-02-02 - New Mac cryptominer distributed via a MacUpdate hack
2018-02-03 - Attacks Leveraging Adobe Zero-Day (CVE-2018-4878) – Threat Attribution, Attack Scenario and Recommendations
2018-02-04 - DorkBot- An Investigation
2018-02-04 - MALWARE ANALYSIS – PLUGX
2018-02-05 - Analyzing OSX-CreativeUpdater
2018-02-07 - Compromised Servers & Fraud Accounts- Recent Hancitor Attacks
2018-02-07 - RAT Trapped- LuminosityLink Falls Foul of Vermin Eradication Efforts
2018-02-07 - Targeted Attacks In The Middle East
2018-02-07 - Threat Spotlight- URSNIF Infostealer Malware
2018-02-08 - A review of the evolution of Andromeda over the years before we say goodbye
2018-02-08 - DarkSky Botnet
2018-02-08 - GandCrab Ransomware Being Distributed Via Malspam Disguised as Receipts
2018-02-08 - How not to use a driver to execute code with kernel privileges
2018-02-08 - MBRlock Ransomware
2018-02-08 - Meet CrowdStrike’s Adversary of the Month for February- MUMMY SPIDER
2018-02-08 - Merlin for Red Teams
2018-02-08 - ShurL0ckr Ransomware as a Service Peddled on Dark Web, can Reportedly Bypass Cloud Applications
2018-02-08 - UDPoS - exfiltrating credit card data via DNS
2018-02-09 - Black Ruby Ransomware Skips Victims in Iran and Adds a Miner for Good Measure
2018-02-09 - DexCrypt MBRLocker Demands 30 Yuan To Gain Access to Computer
2018-02-12 - Lazarus Resurfaces, Targets Global Banks and Bitcoin Users
2018-02-12 - New Satori Botnet Variant Enslaves Thousands of Dasan WiFi Routers
2018-02-12 - Olympic Destroyer Takes Aim At Winter Olympics
2018-02-13 - Lotus Blossom Continues ASEAN Targeting
2018-02-13 - Stopping Olympic Destroyer- New Process Injection Insights
2018-02-14 - Reversing Py2Exe binaries
2018-02-15 - Malspam delivers Keybase keylogger
2018-02-15 - Olympic Destroyer
2018-02-15 - SamSam Ransomware Campaigns
2018-02-15 - SamSam- Converting Opportunity into Profit
2018-02-15 - TrickBot’s Cryptocurrency Hunger- Tricking the Bitcoin Out of Wallets
2018-02-16 - New jRAT-Adwind Variant Being Spread With Package Delivery Scam
2018-02-17 - Tearing Apart the Undetected (OSX)Coldroot RAT
2018-02-20 - A Slice of 2017 Sofacy Activity
2018-02-20 - APT37 (Reaper)- The Overlooked North Korean Actor
2018-02-20 - Latest Elise APT comes packed with Sandbox Evasions
2018-02-21 - Avast tracks down Tempting Cedar Spyware
2018-02-21 - FinSpy VM Unpacking Tutorial Part 3- Devirtualization. Phase #1- Deobfuscating FinSpy VM Bytecode Programs
2018-02-21 - FinSpy VM Unpacking Tutorial Part 3- Devirtualization. Phase #2- First Attempt At Devirtualization
2018-02-21 - FinSpy VM Unpacking Tutorial Part 3- Devirtualization. Phase #3- Fixing The Function-Related Issues
2018-02-21 - FinSpy VM Unpacking Tutorial Part 3- Devirtualization. Phase #4- Second Attempt At Devirtualization
2018-02-21 - FinSpy VM Unpacking Tutorial Part 3- Devirtualization
2018-02-21 - FinSpyVM (Static Unpacker for FinSpyVM)
2018-02-21 - Olympic Destroyer- A new Candidate in South Korea
2018-02-22 - Let's Learn- Deeper Dive into Ramnit Banker -VNC IFSB- Remote Control Module
2018-02-23 - Avzhan DDoS bot dropped by Chinese drive-by attack
2018-02-23 - OopsIE! OilRig Uses ThreeDollars to Deliver New Trojan
2018-02-26 - Analyzing the nasty .NET protection of the Ploutus.D malware
2018-02-26 - Anatomy of the Process Environment Block (PEB) (Windows Internals)
2018-02-26 - Nanocore RAT Author Gets 33 Months in Prison
2018-02-26 - Thanatos Ransomware Is First to Use Bitcoin Cash Messes Up Encryption
2018-02-26 - Who Wasn’t Responsible for Olympic Destroyer-
2018-02-27 - Dissecting Hancitor’s Latest 2018 Packer
2018-02-28 - Black Ruby- Combining Ransomware and Coin Miner Malware
2018-02-28 - CannibalRAT targets Brazil
2018-02-28 - Chafer- Latest Attacks Reveal Heightened Ambitions
2018-02-28 - Sofacy Attacks Multiple Government Entities
2018-03-01 - Blast from the past- stowaway Virut delivered with Chinese DDoS bot
2018-03-01 - FinFisher exposed- A researcher’s tale of defeating traps, tricks, and complex virtual machines
2018-03-02 - Analysing Remcos RAT’s executable
2018-03-02 - McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups
2018-03-02 - Spear-phishing campaign leveraging on MSXSL
2018-03-02 - Tales of a Threat Hunter 2 Following the trace of WMI Backdoors & other nastiness
2018-03-05 - Sure, I’ll take that! New ComboJack Malware Alters Clipboards to Steal Cryptocurrency
2018-03-05 - Suricata rules to detect Winnti communication
2018-03-06 - Gozi ISFB Remains Active in 2018, Leverages -Dark Cloud- Botnet For Distribution
2018-03-07 - Leaked Ammyy Admin Source Code Turned into Malware
2018-03-07 - Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent
2018-03-07 - Ransomware news- GlobeImposter gets a facelift, GandCrab is still out there
2018-03-08 - Donot Team Leverages New Modular Malware Framework in South Asia
2018-03-08 - Hidden Cobra Targets Turkish Financial Sector With New Bankshot Implant
2018-03-08 - New investigations into the CCleaner incident point to a possible third stage that had keylogger capacities
2018-03-08 - OlympicDestroyer is here to trick the industry
2018-03-08 - The devil’s in the Rich header
2018-03-09 - Cloning chip-and-PIN cards- Brazilian job
2018-03-09 - From Russia(-) with Code
2018-03-09 - Masha and these Bears - 2018 Sofacy Activity
2018-03-09 - New traces of Hacking Team in the wild
2018-03-09 - Sandvine’s PacketLogic Devices Used to Deploy Government Spyware in Turkey and Redirect Egyptian Users to Affiliate Ads-
2018-03-09 - The Slingshot APT FAQ
2018-03-10 - APT15 is alive and strong- An analysis of RoyalCli and RoyalDNS
2018-03-12 - A Study of RATs- Third Timeline Iteration
2018-03-12 - Campaign Possibly Connected to “MuddyWater” Surfaces in the Middle East and Central Asia
2018-03-12 - Python decryptor for newer AdWind config file
2018-03-13 - HenBox- The Chickens Come Home to Roost
2018-03-13 - Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign
2018-03-13 - New Variant of BankBot Banking Trojan Ups Ante, Cashes Out on Android Users
2018-03-13 - Time of death- A therapeutic postmortem of connected medicine
2018-03-14 - Inception Framework- Alive and Well, and Hiding Behind Proxies
2018-03-14 - New POS Malware PinkKite Takes Flight
2018-03-14 - Tropic Trooper’s New Strategy
2018-03-16 - Royal APT - APT15 Repository
2018-03-16 - Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries
2018-03-20 - Kaspersky's 'Slingshot' report burned an ISIS-focused intelligence operation
2018-03-20 - Rootkit Umbreon - Umreon - x86, ARM samples
2018-03-20 - TeleRAT- Another Android Trojan Leveraging Telegram’s Bot API to Target Iranian Users
2018-03-20 - Tweet on Unlock92 Ransomware
2018-03-21 - Fobos Malvertising Campaign Delivers Bunitu Proxy Trojan via RIG EK
2018-03-21 - GrayBird-Colony
2018-03-21 - TrickBot Banking Trojan Adapts with New Module
2018-03-22 - GhostMiner- Cryptomining Malware Goes Fileless
2018-03-22 - Glupteba is no longer part of Windigo
2018-03-23 - Nine Iranians Charged With Conducting Massive Cyber Theft Campaign on Behalf of the Islamic Revolutionary Guard Corps
2018-03-23 - Sanny malware delivery method updated in recently observed attacks.
2018-03-23 - The AVCrypt Ransomware Tries To Uninstall Your AV Software
2018-03-25 - Let's Learn- Internals of Iranian-Based Threat Group -Chafer- Malware- Autoit and PowerShell Persistence
2018-03-26 - Silent Librarian- More to the Story of the Iranian Mabna Institute Indictment
2018-03-27 - Evolving Trickbot Adds Detection Evasion and Screen-Locking Features
2018-03-27 - Panda Banker Zeros in on Japanese Targets
2018-03-28 - An in-depth malware analysis of QuantLoader
2018-03-28 - Dissecting Olympic Destroyer – a walk-through
2018-03-28 - Multi-stage Powershell script (Brownies)
2018-03-28 - Quick summary about the Port 8291 scan
2018-03-29 - ChessMaster Adds Updated Tools to Its Arsenal
2018-03-30 - BADFLICK is not so bad!
2018-03-30 - Reflow JavaScript Backdoor
2018-03-30 - hajime_hashes
2018-04-02 - Fake AV Investigation Unearths KevDroid, New Android Malware
2018-04-03 - Lazarus KillDisks Central American casino
2018-04-03 - Let's Learn- Trickbot Implements Network Collector Module Leveraging CMD, WMI & LDAP
2018-04-04 - Hostile state actors compromising UK organisations with focus on engineering and industrial control companies
2018-04-04 - Hunting down Dofoil with Windows Defender ATP
2018-04-04 - New MacOS Backdoor Linked to OceanLotus Found
2018-04-04 - Smoking Out the Rarog Cryptocurrency Mining Trojan
2018-04-05 - Analysis of New Agent Tesla Spyware Variant
2018-04-05 - Reaper Group’s Updated Mobile Arsenal
2018-04-05 - Silent Librarian University Attacks Continue Unabated in Days Following Indictment
2018-04-10 - IcedID Banking Trojan Teams up with Ursnif-Dreambot for Distribution
2018-04-10 - Maktub ransomware- possibly rebranded as Iron
2018-04-10 - schneiken
2018-04-10 - ‘FakeUpdates’ campaign leverages multiple website platforms
2018-04-12 - APT Trends report Q1 2018
2018-04-12 - Operation Parliament, who is doing what-
2018-04-13 - Let's Learn- In-Depth Dive into Gootkit Banker Version 4 Malware Analysis
2018-04-13 - RadRAT- An all-in-one toolkit for complex espionage ops
2018-04-13 - Say “Cheese”- WebMonitor RAT Comes with C2-as-a-Service (C2aaS)
2018-04-15 - This is Spartacus- new ransomware on the block
2018-04-16 - Malware Analysis- New Trojan Double Dropper
2018-04-16 - RAT Gone Rogue- Meet ARS VBS Loader
2018-04-16 - Searching for the Reuse of Mirai Code- Hide ‘N Seek Bot
2018-04-16 - Smoke Loader malware improves after Microsoft spoils its Campaign
2018-04-16 - TrickBot & UACME
2018-04-17 - Decoding network data from a Gh0st RAT variant
2018-04-17 - Recent findings from CCleaner APT investigation reveal that attackers entered the Piriform network via TeamViewer
2018-04-17 - Reversing the Bandios - Colony Malware
2018-04-17 - SquirtDanger- The Swiss Army Knife Malware from Veteran Malware Author TheBottle
2018-04-18 - APT33
2018-04-18 - GOLD GALLEON- How a Nigerian Cyber Crew Plunders the Shipping Industry
2018-04-18 - Stresspaint Malware Campaign Targeting Facebook Credentials
2018-04-18 - Stresspaint Malware Steals Facebook Credentials and Session Cookies
2018-04-18 - Stresspaint Malware Targeting Facebook Credentials
2018-04-18 - Tens of thousands of Facebook accounts compromised in days by malware
2018-04-19 - XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing
2018-04-20 - Researchers Discover New variants of APT34 Malware
2018-04-20 - XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing
2018-04-22 - Satan ransomware adds EternalBlue exploit
2018-04-23 - Energetic Bear-Crouching Yeti- attacks on servers
2018-04-23 - Muhstik Botnet Exploits Highly Critical Drupal Bug
2018-04-23 - New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia
2018-04-24 - Analyzing Operation GhostSecret- Attack Seeks to Steal Data Worldwide
2018-04-24 - Metamorfo Campaigns Targeting Brazilian Users
2018-04-24 - New Crossrider variant installs configuration profiles on Macs
2018-04-24 - Sednit update- Analysis of Zebrocy
2018-04-26 - GravityRAT - The Two-Year Evolution Of An APT Targeting India
2018-04-26 - Necurs Evolves to Evade Spam Detection via Internet Shortcut File
2018-04-27 - GravityRAT malware takes your system's temperature
2018-04-27 - North Korean Hackers Are up to No Good Again
2018-05-01 - Legitimate Application AnyDesk Bundled with New Ransomware Variant
2018-05-01 - Lojack Becomes a Double-Agent
2018-05-03 - Who’s who in the Zoo
2018-05-04 - Botception with Necurs- Botnet distributes script with bot capabilities
2018-05-07 - EAST Publishes European Fraud Update 2-2018
2018-05-07 - Hide and Seek IoT Botnet resurfaces with new tricks, persistence
2018-05-07 - SynAck targeted ransomware uses the Doppelgänging technique
2018-05-08 - -Hide and Seek- Becomes First IoT Botnet Capable of Surviving Device Reboots
2018-05-08 - Russian hackers posed as IS to threaten military wives
2018-05-09 - Gandcrab Ransomware Walks its Way onto Compromised Sites
2018-05-09 - Malware Analysis - PlugX - Part 2
2018-05-09 - Panda Malware Broadens Targets to Cryptocurrency Exchanges and Social Media
2018-05-09 - The King is dead. Long live the King!
2018-05-10 - TreasureHunter Point-of-Sale Malware and Builder Source Code Leaked
2018-05-11 - Attackers Exploit DLL Hijacking to Bypass SmartScreen
2018-05-12 - MS Crypto Derive Functions
2018-05-12 - PRB-Backdoor - A Fully Loaded PowerShell Backdoor with Evil Intentions
2018-05-14 - A Deep Dive Into RIG Exploit Kit Delivering Grobios Trojan
2018-05-14 - StalinLocker Deletes Your Files Unless You Enter the Right Code
2018-05-15 - IR in Heterogeneous Environment
2018-05-15 - N40, the botnet created in Brazil which evolves to attack the Chilean banking sector
2018-05-15 - PAKISTAN- HUMAN RIGHTS UNDER SURVEILLANCE
2018-05-15 - Swedish sports body says anti-doping unit hit by hacking attack
2018-05-17 - A Wicked Family of Bots
2018-05-17 - Analyzing an AZORult Attack – Evasion in a Cloak of Multiple Layers
2018-05-17 - Gozi V3 Technical Update
2018-05-18 - Meet CrowdStrike’s Adversary of the Month for May- MYTHIC LEOPARD
2018-05-18 - Stealth Mango and Tangelo- Nation state mobile surveillanceware stealing data from military & government officials
2018-05-19 - Malicious Powershell Targeting UK Bank Customers
2018-05-21 - An In-Depth Analysis of Samsam Ransomware and BOSS SPIDER
2018-05-21 - Decrypting APT33’s Dropshot Malware with Radare2 and Cutter – Part 1
2018-05-21 - Tiny SHell
2018-05-22 - Nmap Script to scan for Winnti infections
2018-05-22 - The destruction of APT3
2018-05-22 - Turla Mosquito- A shift towards more generic tools
2018-05-23 - Justice Department Announces Actions to Disrupt Advanced Persistent Threat 28 Botnet of Infected Routers and Network Storage Devices
2018-05-23 - New VPNFilter malware targets at least 500K networking devices worldwide
2018-05-23 - VPNFilter- New Router Malware with Destructive Capabilities
2018-05-24 - JavaScript based Bot using Github C&C
2018-05-24 - Phorpiex – A decade of spamming from the shadows
2018-05-24 - VPNFilter EXIF to C2 mechanism analysed
2018-05-25 - Analysis of CVE-2018-8174 VBScript 0day and APT actor related to Office targeted attack
2018-05-25 - BackSwap malware finds innovative ways to empty bank accounts
2018-05-28 - BackNet
2018-05-29 - Alert (TA18-149A)- HIDDEN COBRA – Joanap Backdoor Trojan and Brambul Server Message Block Worm
2018-05-29 - Cobalt Renaissance- new attacks and joint operations
2018-05-29 - Iron Cybercrime Group Under The Scope
2018-05-29 - MAR-10135536-3 - HIDDEN COBRA RAT-Worm
2018-05-29 - Mexico Foiled a $110 Million Bank Heist, Then Kept It a Secret
2018-05-30 - Thief in the night- New Nocturnal Stealer grabs data on the cheap
2018-05-31 - APT28 Rollercoaster- The Lowdown on Hijacked Lo
2018-05-31 - DanaBot - A new banking Trojan surfaces Down Under
2018-05-31 - NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea
2018-06-01 - MysteryBot - A New Android Banking Trojan Ready For Android 7 and 8
2018-06-01 - Satan Ransomware Spawns New Methods to Spread
2018-06-05 - The Evolution of GandCrab Ransomware
2018-06-06 - Banking Trojans Under Development
2018-06-06 - Operation Prowli- Monetizing 40,000 Victim Machines
2018-06-06 - Sofacy Group’s Parallel Attacks
2018-06-06 - VPNFilter Update - VPNFilter exploits endpoints, targets new devices
2018-06-07 - InvisiMole- Surprisingly equipped spyware, undercover since 2013
2018-06-07 - New KillDisk Variant Hits Latin American Financial Organizations Again
2018-06-07 - Patchwork APT Group Targets US Think Tanks
2018-06-12 - Deep Dive into UPAS Kit vs. Kronos
2018-06-12 - Trik Spam Botnet Leaks 43 Million Email Addresses
2018-06-13 - Banco de Chile Wiper Attack Just a Cover for $10M SWIFT Heist
2018-06-13 - DDG.Mining.Botnet 近期活动分析
2018-06-13 - Lateral Movement Technique Employed by Hidden Cobra
2018-06-13 - LuckyMouse hits national data center to organize country-level waterholing campaign
2018-06-13 - TrickBot config files
2018-06-14 - Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor
2018-06-14 - DBGer Ransomware Uses EternalBlue and Mimikatz to Spread Across Networks
2018-06-15 - Betabot still alive with multi-stage packing
2018-06-15 - Chinese Cyber-Espionage Group Hacked Government Data Center
2018-06-15 - Hacker Breaches Syscoin GitHub Account and Poisons Official Client
2018-06-15 - Meet CrowdStrike’s Adversary of the Month for June- MUSTANG PANDA
2018-06-17 - Storwize USB Initialization Tool may contain malicious code
2018-06-18 - Decrypting APT33’s Dropshot Malware with Radare2 and Cutter – Part 2
2018-06-18 - Joshua Adam Schulte Charged with the Unauthorized Disclosure of Classified Information and Other Offenses Relating to the Theft of Classified Material from the Central Intelligence Agency
2018-06-18 - New Telegram‑abusing Android RAT discovered in the wild
2018-06-19 - -Hidden Bee- strikes- Kingsoft Internet Security intercepts the world's first Bootkit-class mining botnet
2018-06-19 - Backswap malware analysis
2018-06-19 - FakeSpy Android Information-Stealing Malware Targets Japanese and Korean-Speaking Users
2018-06-19 - FakeSpy Targets Japanese and Korean-Speaking Users
2018-06-19 - Hades, the actor behind Olympic Destroyer is still alive
2018-06-19 - Kardon Loader Looks for Beta Testers
2018-06-19 - Thrip- Espionage Group Hits Satellite, Telecoms, and Defense Companies
2018-06-20 - Meet MyloBot – A New Highly Sophisticated Never-Seen-Before Botnet That’s Out In The Wild
2018-06-20 - My Little FormBook
2018-06-23 - Full Discloser of Andariel, A Subgroup of Lazarus Threat Group
2018-06-23 - Malware Analysis- Kardon Loader
2018-06-26 - Files Cannot Be Decrypted- Challenge Accepted. Talos Releases ThanatosDecryptor
2018-06-26 - RANCOR- Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families
2018-06-26 - Thanatos Ransomware Decryptor Released by the Cisco Talos Group
2018-06-28 - A Brief Overview of the AMMYY RAT Downloader
2018-06-28 - The New Face of Necurs- Noteworthy Changes to Necurs’ Behaviors
2018-06-29 - BackSwap Defrauds Online Banking Customers Using Hidden Input Fields
2018-06-29 - OSX.Dummy
2018-06-29 - Recent LiteHTTP activities and IOCs
2018-06-29 - Where we go, we don't need files- Analysis of fileless malware -Rozena-
2018-07-03 - Hamas Cyber Ops Spied on Hundreds of Israeli Soldiers Using Fake World Cup, Dating Apps
2018-07-03 - Iranian APT Charming Kitten impersonates ClearSky, the security firm that uncovered its campaigns
2018-07-03 - Smoking Guns - Smoke Loader learned new tricks
2018-07-05 - A Look At Recent Tinba Banking Trojan Variant
2018-07-05 - To crypt, or to mine – that is the question
2018-07-06 - BI_D Ransomware
2018-07-06 - HNS Botnet Recent Activities
2018-07-06 - HNS Evolves From IoT to Cross-Platform Botnet
2018-07-06 - Malware “WellMess” Targeting Linux and Windows
2018-07-08 - APT Attack In the Middle East- The Big Bang
2018-07-08 - Hussarini – Targeted Cyber Attack in the Philippines
2018-07-09 - Certificates stolen from Taiwanese tech‑companies misused in Plead malware campaign
2018-07-10 - APT Trends Report Q2 2018
2018-07-11 - Chinese Espionage Group TEMP.Periscope Targets Cambodia Ahead of July 2018 Elections and Reveals Broad Operations Globally
2018-07-11 - Hawkeye Keylogger – Reborn v8- An in-depth campaign analysis
2018-07-11 - NotCarbanak Mystery - Source Code Leak
2018-07-11 - Tackling Gootkit's Traps
2018-07-12 - Old Botnets never Die, and DDG REFUSE to Fade Away
2018-07-13 - Upatre Continued to Evolve with new Anti-Analysis Techniques
2018-07-13 - VPNFilter-affected Devices Still Riddled with 19 Vulnerabilities
2018-07-16 - APT Sidewinder- Tricks powershell, Anti Forensics and execution side loading
2018-07-16 - Author of LuminosityLink Pleads Guilty
2018-07-16 - DanaBot Riding Fake MYOB Invoice Emails
2018-07-17 - A deep dive down the Vermin RAThole
2018-07-17 - Blackgear Cyberespionage Campaign Resurfaces, Abuses Social Media for C&C Communication
2018-07-17 - The return of Fantomas, or how we deciphered Cryakl
2018-07-17 - Who was behind this unprecedented Cyber attack on Western infrastructure-
2018-07-18 - Dissecting Smoke Loader
2018-07-18 - GandCrab v4.1.2 Encryption Blocking Method (Kill Switch)
2018-07-18 - The Evolution of Emotet- From Banking Trojan to Threat Distributor
2018-07-19 - Killswitch File Now Available for GandCrab v4.1.2 Ransomware
2018-07-19 - Router Crapfest- Malware Author Builds 18,000-Strong Botnet in a Day
2018-07-19 - TA505 Abusing SettingContent-ms within PDF files to Distribute FlawedAmmyy RAT
2018-07-20 - Alert (TA18-201A) Emotet Malware
2018-07-20 - Calisto Trojan for macOS
2018-07-20 - Cyberattack on Singapore health database steals details of 1.5 million, including PM
2018-07-20 - Unit 42 Finds New Mirai and Gafgyt IoT-Linux Botnet Campaigns
2018-07-23 - Deobfuscating Emotet’s powershell payload
2018-07-23 - Source Code for Exobot Android Banking Trojan Leaked Online
2018-07-24 - Emotet- The Tricky Trojan that ‘Git Clones’
2018-07-24 - Kronos Reborn
2018-07-25 - Leafminer- New Espionage Campaigns Targeting Middle Eastern Regions
2018-07-25 - OilRig Targets Technology Service Provider and Government Agency with QUADAGENT
2018-07-25 - Parasite HTTP RAT cooks up a stew of stealthy tricks
2018-07-26 - Meet CrowdStrike’s Adversary of the Month for July- WICKED SPIDER
2018-07-26 - Mitigating Emotet, The Most Common Banking Trojan
2018-07-26 - ‘Hidden Bee’ miner delivered via improved drive-by download toolkit
2018-07-27 - Luoxk Malware – Exploiting CVE-2018-2893
2018-07-27 - New Threat Actor Group DarkHydrus Targets Middle East Government
2018-07-28 - New Underminer Exploit Kit Discovered Pushing Bootkits and CoinMiners
2018-07-29 - AdKoob information thief targets Facebook ad purchase info
2018-07-29 - Let's Learn- In-Depth Reversing of Qakbot -qbot- Banker Part 1
2018-07-30 - New version of AZORult stealer improves loading features, spreads alongside ransomware in new campaign
2018-07-30 - Who is Mr Zheng-
2018-07-31 - Bisonal Malware Used in Attacks Against Russia and South Korea
2018-07-31 - Malicious document targets Vietnamese officials
2018-07-31 - Multiple Cobalt Personality Disorder
2018-07-31 - SamSam guide to coverage
2018-07-31 - SamSam- The (almost) $6 million ransomware
2018-07-31 - Scanner for CobaltStrike
2018-07-31 - Sophos releases SamSam ransomware report
2018-08-01 - Arrests Put New Focus on CARBON SPIDER Adversary Group
2018-08-01 - Inside Look at Emotet's Global Victims and Malspam Qakbot Payloads
2018-08-01 - On the Hunt for FIN7- Pursuing an Enigmatic and Evasive Global Criminal Operation
2018-08-01 - Threat Alert- DDG 3013 is Out
2018-08-02 - Goblin Panda against the Bears
2018-08-02 - How to defend yourself against SamSam ransomware
2018-08-02 - Raspite
2018-08-02 - The Gorgon Group- Slithering Between Nation State and Cybercrime
2018-08-02 - Three Carbanak cyber heist gang members arrested
2018-08-02 - Who is Mr Gao-
2018-08-03 - CERT-FR ALERT BULLETIN
2018-08-03 - Volatility Plugin for Detecting Cobalt Strike Beacon
2018-08-05 - Let's Learn- Diving into the Latest -Ramnit- Banker Malware via -sLoad- PowerShell
2018-08-05 - Ramnit’s Network of Proxy Servers
2018-08-06 - Reversing Cerber - RaaS
2018-08-06 - Who is Mr Zhang-
2018-08-07 - DarkHydrus Uses Phishery to Harvest Credentials in the Middle East
2018-08-07 - Doctor Web discovered a clipper Trojan for Android
2018-08-08 - Export JRAT-Adwind Config with x32dbg
2018-08-09 - Bokbot- The (re)birth of a banker
2018-08-09 - Malware Analysis Report (AR18-221A)
2018-08-09 - More on Huaying Haitai and Laoying Baichaun, the companies associated with APT10. Is there a state connection-
2018-08-13 - KeyPass ransomware
2018-08-15 - APT10 was managed by the Tianjin bureau of the Chinese Ministry of State Security
2018-08-15 - Necurs Targeting Banks with PUB File that Drops FlawedAmmyy
2018-08-16 - Chinese Cyberespionage Originating From Tsinghua University Infrastructure
2018-08-16 - New modular downloaders fingerprint systems, prepare for more - Part 1- Marap
2018-08-17 - EvilOSX
2018-08-17 - Prince of Persia- The Sands of Foudre
2018-08-18 - AZORult Trojan Serving Aurora Ransomware by MalActor Oktropys
2018-08-20 - Advanced Brazilian Malware Analysis
2018-08-20 - Interesting hidden threat since years -
2018-08-20 - Let's Learn- Dissecting Panda Banker & Modules- Webinject, Grabber & Keylogger DLL Modules
2018-08-20 - Ryuk Ransomware- A Targeted Campaign Break-Down
2018-08-20 - We are taking new steps against broadening threats to democracy
2018-08-21 - Dark Tequila Añejo
2018-08-21 - Microsoft Disrupts APT28 Hacking Campaign Aimed at US Midterm Elections
2018-08-21 - Microsoft claims win over 'Russian political hackers'
2018-08-21 - Supply Chain Attack Operation Red Signature Targets South Korean Organizations
2018-08-22 - BackSwap Malware Now Targets Six Banks in Spain
2018-08-22 - Picking Apart Remcos Botnet-In-A-Box
2018-08-22 - The Untold Story of NotPetya, the Most Devastating Cyberattack in History
2018-08-22 - Turla Outlook Backdoor Uses Clever Tactics for Stealth and Persistence
2018-08-23 - Lazarus Group Deploys Its First Mac Malware in Cryptocurrency Exchange Hack
2018-08-23 - New modular downloaders fingerprint systems - Part 2- AdvisorsBot
2018-08-23 - Operation AppleJeus- Lazarus hits cryptocurrency exchange with fake installer and macOS malware
2018-08-24 - Back to School- COBALT DICKENS Targets Universities
2018-08-24 - Cobalt Dickens threat group looks to be similar to indicted hackers
2018-08-24 - Iranian Hackers Charged in March Are Still Actively Phishing Universities
2018-08-25 - Let's Learn- In-Depth Reversing of Recent Gozi ISFB Banking Malware Version 2.16-2.17 (portion of ISFB v3) & -loader.dll-client.dll-
2018-08-26 - Remember Fancy Bear-
2018-08-27 - Lime-Miner
2018-08-27 - North Korean Hacking Group Steals $13.5 Million From Indian Bank
2018-08-28 - The rise of mobile banker Asacub
2018-08-29 - BusyGasper – the unfriendly spy
2018-08-29 - Loki Bot- On a hunt for corporate passwords
2018-08-29 - Meet CrowdStrike’s Adversary of the Month for August- GOBLIN PANDA
2018-08-29 - The Urpage Connection to Bahamut, Confucius and Patchwork
2018-08-30 - Cobalt Hacking Group Tests Banks In Russia and Romania
2018-08-30 - Double the Infection, Double the Fun
2018-08-30 - GlobeImposter which has more than 20 variants, is still wildly growing
2018-08-30 - Hackers Are Exposing An Apple Mac Weakness In Middle East Espionage
2018-08-30 - Manually unpacking Anubis APK
2018-08-30 - Reversing malware in a custom format- Hidden Bee elements
2018-08-30 - Rocke- The Champion of Monero Miners
2018-08-30 - Two Birds, One STONE PANDA
2018-08-31 - Who is Mr An, and was he working for APT10-
2018-09-02 - Alleged ‘Satori’ IoT Botnet Operator Sought Media Spotlight, Got Indicted
2018-09-02 - Weekend Project- A Custom IDA Loader Module For The Hidden Bee Malware Family
2018-09-03 - .lockymap Files Virus (PyLocky Ransomware) – Remove and Restore Data
2018-09-04 - CamuBot- New Financial Malware Targets Brazilian Banking Customers
2018-09-05 - New Silence hacking group suspected of having ties to cyber-security industry
2018-09-05 - PowerPool malware exploits ALPC LPE zero‑day vulnerability
2018-09-05 - Silence- Moving into the Darkside
2018-09-05 - Windows Task Scheduler Zero Day Exploited by Malware
2018-09-06 - Dissecting DEloader malware with obfuscation
2018-09-06 - North Korean Regime-Backed Programmer Charged With Conspiracy to Conduct Multiple Cyber Attacks and Intrusions
2018-09-06 - Slicing and Dicing CVE-2018-5002 Payloads- New CHAINSHOT Malware
2018-09-07 - Domestic Kitten APT Operates in Silence Since 2016
2018-09-07 - Let's Learn- Deeper Dive into -IcedID---BokBot- Banking Malware- Part 1
2018-09-10 - A Closer Look at the Locky Poser, PyLocky Ransomware
2018-09-10 - Android Malware Intercepts SMS 2FA- We have the Logs
2018-09-10 - IBM X-Force Delves Into ExoBot’s Leaked Source Code
2018-09-10 - LuckyMouse signs malicious NDISProxy driver with certificate of Chinese IT company
2018-09-11 - British Airways Fell Victim To Card Scraping Attack
2018-09-11 - New modular downloaders fingerprint systems - Part 3- CobInt
2018-09-11 - The Rise of Targeted Ransomware
2018-09-12 - Emotet IOC
2018-09-12 - Feedify Hacked with Magecart Information Stealing Script
2018-09-12 - Malware Campaign Targeting Jaxx Cryptocurrency Wallet Users Shut Down
2018-09-12 - OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government
2018-09-13 - APT10 Targeting Japanese Corporations Using Updated TTPs
2018-09-14 - Kraken Cryptor Ransomware Masquerading as SuperAntiSpyware Security Program
2018-09-14 - Rektware Ransomware
2018-09-14 - Tunneling Under the Sands
2018-09-14 - Wannamine cryptominer that uses EternalBlue still active
2018-09-17 - Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows
2018-09-18 - A taste of our own medicine- How SmokeLoader is deceiving configuration extraction by using binary code as bait
2018-09-18 - Hide and Seek- Tracking NSO Group’s Pegasus Spyware to Operations in 45 Countries
2018-09-18 - Magecart Skimming Attack Targets Mobile Users of Hotel Chain Booking Websites
2018-09-19 - Hex-Rays Microcode API vs. Obfuscating Compiler
2018-09-19 - 绿斑”行动——持续多年的攻击
2018-09-20 - On the Trail of OSX.FairyTale - Adware Playing at Malware
2018-09-20 - Sustes Malware- CPU for Monero
2018-09-21 - DanaBot shifts its targeting to Europe, adds new features
2018-09-21 - VIGILANTE MALWARE REMOVES CRYPTOMINERS FROM THE INFECTED DEVICE
2018-09-24 - Adwind Dodges AV via DDE
2018-09-26 - VPNFilter III- More Tools for the Swiss Army Knife of Malware
2018-09-27 - APT28 Uses LoJax, First UEFI Rootkit Seen in the Wild
2018-09-27 - Cybercriminals Increasingly Trying to Ensnare the Big Financial Fish
2018-09-27 - LoJax- First UEFI rootkit found in the wild, courtesy of the Sednit group
2018-09-27 - New KONNI Malware attacking Eurasia and Southeast Asia
2018-09-27 - Torii botnet - Not another Mirai variant
2018-09-28 - Meet CrowdStrike’s Adversary of the Month for September- COBALT SPIDER
2018-10-01 - BianLian - The Malware Dropper That Had A Dream
2018-10-01 - CDS 2018 - Unmasking APT X
2018-10-01 - NOKKI Almost Ties the Knot with DOGCALL- Reaper Group Uses New Malware to Deploy RAT
2018-10-01 - Report Ties North Korean Attacks to New Malware, Linked by Word Macros
2018-10-01 - Roaming Mantis Group Testing Coinhive Miner Redirects on iPhones
2018-10-01 - VB2018 - Who Was Not Responsible for Olympic Destroyer
2018-10-02 - Alert (TA18-275A) HIDDEN COBRA- FASTCash Campaign
2018-10-02 - Alert (TA18-275A)- HIDDEN COBRA – FASTCash Campaign
2018-10-02 - DanaBot Gains Popularity and Targets US Organizations in Large Campaigns
2018-10-03 - APT37- Final1stspy Reaping the FreeMilk
2018-10-03 - New Betabot campaign under the microscope
2018-10-04 - APT28- New Espionage Operations Target Military and Government Organizations
2018-10-04 - Indicators of Compromise for Malware used by APT28
2018-10-04 - Shedding Skin – Turla’s Fresh Faces
2018-10-05 - ARS Loader evolution, a new stealer (ZeroEvil) and AirNaine (TA545)
2018-10-08 - BSides Belfast 2018- Lazarus On The Rise- Insights From SWIFT Bank Attacks
2018-10-08 - Cobalt Group 2.0
2018-10-08 - Delivery (Key)Boy
2018-10-09 - Magecart Group Compromises Plugin Used in Thousands of Stores, Makes Rookie Mistake
2018-10-09 - Malware Configs - Pandabanker
2018-10-10 - Gallmaker- New Attack Group Eschews Malware to Live off the Land
2018-10-10 - MuddyWater expands operations
2018-10-11 - GPlayed Trojan - .Net playing with Google Market
2018-10-11 - New TeleBots backdoor- First evidence linking Industroyer to NotPetya
2018-10-14 - Godzilla Loader and the Long Tail of Malware
2018-10-15 - Octopus-infested seas of Central Asia
2018-10-15 - Predator The Thief- In-depth analysis (v2.3.5)
2018-10-17 - ESET unmasks ‘GREYENERGY’ cyber-espionage group
2018-10-17 - GreyEnergy- Updated arsenal of one of the most dangerous threat actors
2018-10-17 - Software Description- More_eggs
2018-10-17 - The Emergence of the New Azorult 3.3
2018-10-17 - Thrip
2018-10-17 - ‘Operation Oceansalt’ Delivers Wave After Wave
2018-10-19 - DarkPulsar
2018-10-22 - Mobile beasts and where to find them — part four
2018-10-23 - TRITON Attribution- Russian Government-Owned Lab Most Likely Built Custom Intrusion Tools for TRITON Attackers
2018-10-23 - godoh- A DNS-over-HTTPS Command & Control Proof of Concept
2018-10-23 - sLoad and Ramnit pairing in sustained campaigns against UK and Italy
2018-10-24 - Waiting for goDoH
2018-10-25 - Cutwail Spam Campaign Uses Steganography to Distribute URLZone
2018-10-25 - Game of Trojans- Dissecting the #Khalesi Infostealer Malware
2018-10-25 - GandCrab Ransomware decryption tool
2018-10-25 - New Techniques to Uncover and Attribute Cobalt Gang Commodity Builders and Infrastructure Revealed
2018-10-25 - New sLoad malware downloader being leveraged by APT group TA554 to spread Ramnit
2018-10-26 - Meet CrowdStrike’s Adversary of the Month for October- DUNGEON SPIDER
2018-10-28 - LiteHTTP
2018-10-29 - GPlayed's younger brother is a banker — and it's after Russian banks
2018-10-30 - Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims
2018-10-30 - U.S. Indicts Chinese Hacker-Spies in Conspiracy to Steal Aerospace Secrets
2018-10-31 - Emotet Awakens With New Campaign of Mass Email Exfiltration
2018-10-31 - Let's Learn- Exploring ZeusVM Banking Malware Hooking Engine
2018-11-01 - CTA Adversary Playbook- Goblin Panda
2018-11-01 - GootKit Analysis (French)
2018-11-01 - Trickbot Shows Off New Trick- Password Grabber Module
2018-11-03 - Là 1937CN hay OceanLotus hay Lazarus …
2018-11-04 - BetaBot y Fleercivet, dos nuevos informes de código dañino del CCN-CERT
2018-11-05 - Data Talks- Deeper Down the Rabbit Hole- Second-Stage Attack and a Fileless Finale
2018-11-05 - Inception Attackers Target Europe with Year-old Office Vulnerability
2018-11-05 - Let's Learn- In-Depth Reversing of Hancitor Dropper-Loader- 2016 vs 2018 Malware Progression
2018-11-05 - Persian Stalker pillages Iranian users of Instagram and Telegram
2018-11-06 - Threat Spotlight- Inside VSSDestroy Ransomware (variant of Matrix Ransom)
2018-11-07 - BCMPUPnP_Hunter- A 100k Botnet Turns Home Routers to Email Spammers
2018-11-07 - Let’s Learn- Introducing Latest TrickBot Point-of-Sale Finder Module
2018-11-08 - Deep Analysis of TrickBot New Module pwgrab
2018-11-08 - FASTCash- How the Lazarus Group is Emptying Millions from ATMs
2018-11-08 - Metamorfo Banking Trojan Keeps Its Sights on Brazil
2018-11-09 - Emotet launches major new spam campaign
2018-11-12 - Bug in Malware “TSCookie” - Fails to Read Configuration
2018-11-12 - What’s new in TrickBot- Deobfuscating elements
2018-11-13 - HookAds Malvertising Installing Malware via the Fallout Exploit Kit
2018-11-13 - Let's Learn- Dissect Panda Banking Malware's -libinject- Process Injection Module
2018-11-14 - A new exploit for zero-day vulnerability CVE-2018-8589
2018-11-14 - Big Game Hunting- The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware
2018-11-15 - Mylobot Continues Global Infections
2018-11-15 - tRat- New modular RAT appears in multiple email campaigns
2018-11-16 - Analyzing OilRig’s Ops Tempo from Testing to Weaponization to Delivery
2018-11-16 - Exploring Emotet- Examining Emotet’s Activities, Infrastructure
2018-11-16 - Return to ROKRAT!! (feat. FAAAA...Sad...)
2018-11-18 - CozyBear – In from the Cold-
2018-11-19 - Not So Cozy- An Uncomfortable Examination of a Suspected APT29 Phishing Campaign
2018-11-19 - VisionDirect Data Breach Caused by MageCart Attack
2018-11-20 - Information, tools, and signatures around the Conficker computer worm
2018-11-20 - L0RDIX- MULTIPURPOSE ATTACK TOOL
2018-11-20 - Lazarus Continues Heists, Mounts Attacks on Financial Organizations in Latin America
2018-11-20 - Sednit- What’s going on with Zebrocy-
2018-11-20 - Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan
2018-11-21 - FIN7 Not Finished – Morphisec Spots New Campaign
2018-11-21 - MageCart Group Sabotages Rival to Ruin Data and Reputation
2018-11-23 - Sload hits Italy. Unveil the power of powershell as a downloader
2018-11-26 - A Look into the Connection Between XLoader and FakeSpy, and Their Possible Ties With the Yanbian Gang
2018-11-26 - Examining XLoader, FakeSpy, and the Yanbian Gang
2018-11-27 - DNSpionage Campaign Targets Middle East
2018-11-27 - Let's Learn- In-Depth on Sofacy Cannon Loader-Backdoor Review
2018-11-27 - Meet CrowdStrike’s Adversary of the Month for November- HELIX KITTEN
2018-11-27 - The SLoad Powershell Threat is Expanding to Italy
2018-11-28 - AutoCAD Malware - Computer Aided Theft
2018-11-28 - Russian Hackers Haven't Stopped Probing the US Power Grid (Temp.Isotope)
2018-11-28 - Two Iranian Men Indicted for Deploying Ransomware to Extort Hospitals, Municipalities, and Public Institutions, Causing Over $30 Million in Losses
2018-11-29 - Analysis Of Targeted Attack Against Pakistan By Exploiting InPage Vulnerability And Related APT Groups
2018-11-29 - Golden Chickens- Uncovering A Malware-as-a-Service (MaaS) Provider and Two New Threat Actors Using It
2018-11-29 - How a SamSam-like attack happens, and what you can do about it
2018-11-29 - Snakemackerel delivers Zekapab malware
2018-11-30 - The Evolution of BackSwap
2018-11-30 - Virut Resurrects -- Musings on long-term sinkholing
2018-12-01 - Tracking Mirai Variants (Ya Liu & Hui Wang)
2018-12-03 - Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers
2018-12-04 - Hide ‘N Seek botnet continues infecting devices with default credentials, building a P2P network and more.
2018-12-04 - Malspam pushing Lokibot malware
2018-12-05 - Farewell to Kelihos and ZOMBIE SPIDER
2018-12-05 - STOLEN PENCIL Campaign Targets Academia
2018-12-05 - The Dark Side of the ForSSHe
2018-12-05 - Torpig
2018-12-05 - Trickbot’s Tricks
2018-12-06 - DanaBot evolves beyond banking Trojan with new spam‑sending capability
2018-12-07 - Mac malware combines EmPyre backdoor and XMRig miner
2018-12-07 - Netbooks, RPis, & Bash Bunny Gear - Attacking Banks from the Inside
2018-12-10 - Collecting Malicious Particles from Neutrino Botnets
2018-12-10 - Let's Learn- Reviewing Sofacy's -Zebrocy- C++ Loader- Advanced Insight
2018-12-10 - Seedworm- Group Compromises Government Agencies, Oil & Gas, NGOs, Telecoms, and IT Firms
2018-12-11 - New Satan ransomware variant ‘Lucky’ exposes 10 server-side vulnerabilities
2018-12-12 - Dear Joohn- The Sofacy Group’s Global Campaign
2018-12-12 - The TrickBot and MikroTik connection
2018-12-12 - Zero-day in Windows Kernel Transaction Manager (CVE-2018-8611)
2018-12-12 - ‘Operation Sharpshooter’ Targets Global Defense, Critical Infrastructure
2018-12-13 - POWERSING - From LNK Files To Janicab Through YouTube & Twitter
2018-12-13 - Shamoon 3 Targets Oil and Gas Organization
2018-12-13 - The Return of The Charming Kitten
2018-12-14 - Cybercriminals Use Malicious Memes that Communicate with Malware
2018-12-14 - Shamoon- Destructive Threat Re-Emerges with New Sting in its Tail
2018-12-18 - Scumbag Combo- Agent Tesla and XpertRAT
2018-12-18 - Sofacy Creates New ‘Go’ Variant of Zebrocy Tool
2018-12-18 - URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader
2018-12-19 - Analysis of Smoke Loader in New Tsunami Campaign
2018-12-19 - Danabot's Travels, A Global Perspective
2018-12-19 - MALSPAM PUSHING THE MYDOOM WORM IS STILL A THING
2018-12-19 - Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems
2018-12-20 - Chinese Hackers Indicted - Members of APT 10 Group Targeted Intellectual Property and Confidential Business Information
2018-12-20 - Dissecting the Danabot Payload Targeting Italy
2018-12-20 - Middle East Cyber-Espionage- analyzing WindShift's implant- OSX.WindTail (part 1)
2018-12-20 - With Mirai Comes Miori- IoT Botnet Delivered via ThinkPHP Remote Code Execution Exploit
2018-12-21 - FIN7 Not Finished - Morphisec Spots New Campaign
2018-12-21 - Let's Learn- In-Depth on APT28-Sofacy Zebrocy Golang Loader
2018-12-24 - Let’s dig into Vidar – An Arkei Copycat-Forked Stealer (In-depth analysis)
2018-12-29 - Malware attack disrupts delivery of L.A. Times and Tribune papers across the U.S.
2018-12-30 - Retefe unpacker
2018-12-31 - FastCashMalwareDissected
Malware Analysis 2019
2019-01-01 - VB2018 - Inside Formbook InfoStealer
2019-01-02 - Analysis of Neutrino Bot Sample (dated 2018-08-27)
2019-01-03 - Digging into BokBot’s Core Module
2019-01-03 - LOLbins and trojans- How the Ramnit Trojan spreads via sLoad in a cyberattack
2019-01-04 - How to Decrypt the Aurora Ransomware with AuroraDecrypter
2019-01-04 - mimikatz Repository
2019-01-05 - Emotet Research
2019-01-05 - Getting 'rid' of pre-installed Malware on my YellYouth Android Tablet
2019-01-06 - [RAT] DARK TRACK ALIEN 4.1
2019-01-07 - ChinaZ Revelations- Revealing ChinaZ Relationships with other Chinese Threat Actor Groups
2019-01-07 - GandCrab Operators Use Vidar Infostealer as a Forerunner
2019-01-07 - Let's Learn- Deeper Dive into Gamaredon Group Pteranodon Implant Version '_512'
2019-01-08 - DarkHydrus delivers new Trojan that can use Google Drive for C2 communications
2019-01-09 - Análisis de Linux.Sunless
2019-01-09 - Ryuk Ransomware Attack- Rush to Attribution Misses the Point
2019-01-09 - ServHelper and FlawedGrace - New malware introduced by TA505
2019-01-10 - Big Game Hunting with Ryuk- Another Lucrative Targeted Ransomware
2019-01-10 - Global DNS Hijacking Campaign- DNS Record Manipulation at Scale
2019-01-10 - Pylocky Unlocked- Cisco Talos releases PyLocky ransomware decryptor
2019-01-10 - TA505 Group Adopts New ServHelper Backdoor and FlawedGrace RAT
2019-01-10 - [DNSPIONAGE] – Focus on internal actions
2019-01-11 - A Nasty Trick- From Credential Theft Malware to Business Disruption
2019-01-11 - A Zebrocy Go Downloader
2019-01-11 - PHA Family Highlights- Zen and its cousins
2019-01-11 - TA505 Crime Gang Debuts Brand-New ServHelper Backdoor
2019-01-11 - The “AVE_MARIA” Malware
2019-01-11 - Threat Actor “Cold River”- Network Traffic Analysis and a Deep Dive on Agent Drable
2019-01-14 - A Quick Solution to an Ugly Reverse Engineering Problem
2019-01-14 - Juicy Potato (abusing the golden privileges)
2019-01-15 - Analyzing COMmunication in Malware
2019-01-15 - Disclosure of Chilean Redbanc Intrusion Leads to Lazarus Ties
2019-01-15 - Djvu Ransomware Spreading New .TRO Variant Through Cracks & Adware Bundles
2019-01-16 - North Korean hackers infiltrate Chile's ATM network after Skype job interview
2019-01-17 - BlackRouter Ransomware Promoted as a RaaS by Iranian Developer
2019-01-17 - Emotet infections and follow-up malware
2019-01-17 - Google Play Apps Drop Anubis Banking Malware, Use Motion-based Evasion Tactics
2019-01-17 - Malware Used by “Rocke” Group Evolves to Evade Detection by Cloud Security Products
2019-01-17 - Pond Loach delivers BadCake malware
2019-01-17 - Qealler — The Silent Java Credential Thief
2019-01-17 - Sliver Implant Framework
2019-01-18 - BLACK ENERGY – Analysis
2019-01-18 - From Hacking Team to hacked team to...-
2019-01-18 - Nymaim deobfuscation
2019-01-18 - Spotted- JobCrypter Ransomware Variant With New Encryption Routines, Captures Desktop Screenshots
2019-01-19 - AsyncRAT- Open-Source Remote Administration Tool For Windows CSharp
2019-01-21 - HackTool-Win32-RemoteAdmin
2019-01-21 - The Kutaki Malware Bypasses Gateways to Steal Users’ Credentials
2019-01-22 - A Lazarus Keylogger- PSLogger
2019-01-22 - Happy New Year 2019! Anatova is here!
2019-01-23 - New Anatova Ransomware Supports Modules for Extra Functionality
2019-01-23 - Russian Language Malspam Pushing Redaman Banking Malware
2019-01-23 - SectorA01 Custom Proxy Utility Tool Analysis
2019-01-24 - Cisco AMP tracks new campaign that delivers Ursnif
2019-01-24 - GreyEnergy’s overlap with Zebrocy
2019-01-24 - Razy in search of cryptocurrency
2019-01-24 - Silence group targeting Russian Banks via Malicious CHM
2019-01-25 - Toolkit collection developed to help malware analysts dissecting and detecting the packer used by GreyEnergy samples.
2019-01-25 - Widespread DNS Hijacking Activity Targets Multiple Sectors
2019-01-28 - AZORult- Now, as A Signed “Google Update”
2019-01-28 - Russia hit by new wave of ransomware spam
2019-01-29 - APT38
2019-01-29 - APT39- An Iranian Cyber Espionage Group Focused on Personal Information
2019-01-29 - OSX-Keydnap IoCs
2019-01-29 - Phobos Ransomware, A Combo of CrySiS and Dharma
2019-01-30 - Analysis of NetWiredRC trojan
2019-01-30 - Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities
2019-01-30 - Fake Cisco Job Posting Targets Korean Candidates
2019-01-30 - Matrix- Targeted, small scale, canary in the coalmine ransomware
2019-01-30 - New LockerGoga Ransomware Allegedly Used in Altran Attack
2019-02-01 - Information about lnkr5, malware distributed via Chrome extensions
2019-02-01 - LNKR - Extension analysis - Flash Playlist
2019-02-01 - Tracking OceanLotus’ new Downloader, KerrDown
2019-02-02 - Word-based Malware Attack
2019-02-03 - Maoloa Ransomware
2019-02-04 - ExileRAT shares C2 with LuckyCat, targets Tibet
2019-02-04 - SpeakUp- A New Undetected Backdoor Linux Trojan
2019-02-05 - Revisiting Hancitor in Depth
2019-02-06 - Analysis of multiplatform Java Jacksbot Backdoor
2019-02-06 - IcedID Operators Using ATSEngine Injection Panel to Hit E-Commerce Sites
2019-02-06 - Qealler – a new JAR-based information stealer
2019-02-06 - Some Notes on the Silence Proxy
2019-02-06 - Threat Actor -Magecart-- Coming to an eCommerce Store Near You
2019-02-07 - An Inside Look at the Infrastructure Behind the Russian APT Gamaredon Group
2019-02-07 - DanaBot updated with new C&C communication
2019-02-07 - Sales of AZORult grind to an AZOR-halt
2019-02-07 - Ursnif- Long Live the Steganography!
2019-02-08 - First clipper malware discovered on Google Play
2019-02-11 - 620 million accounts stolen from 16 hacked websites now for sale on dark web, seller boasts
2019-02-11 - How the Silence Downloader Has Evolved Over Time
2019-02-12 - APT Groups Moving Down the Supply Chain
2019-02-12 - GreyEnergy Malware Research Paper- Maldoc to Backdoor
2019-02-12 - Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire
2019-02-13 - Alert (AA19-024A)- DNS Infrastructure Hijacking Campaign
2019-02-13 - Analyzing Amadey – a simple native malware
2019-02-13 - Astaroth Malware Uses Legitimate OS and Antivirus Processes to Steal Passwords and Personal Data
2019-02-13 - Former U.S. Counterintelligence Agent Charged With Espionage on Behalf of Iran; Four Iranians Charged With a Cyber Campaign Targeting Her Former Colleagues
2019-02-14 - 127 million user records from 8 companies put up for sale on the dark web
2019-02-14 - Malware Tales- Gootkit
2019-02-14 - Worm.Win32.PYFILEDEL.AA
2019-02-15 - “Sin”-ful SPIDERS- WIZARD SPIDER and LUNAR SPIDER Sharing the Same Web
2019-02-16 - Emotet droppers
2019-02-16 - Spoofing in the reeds with Rietspoof
2019-02-17 - Hacker puts up for sale third round of hacked databases on the Dark Web
2019-02-18 - A Deep Dive on the Recent Widespread DNS Hijacking Attacks
2019-02-18 - Trojan.Android.SmsAgent 악성코드 분석 보고서
2019-02-19 - ATM robber WinPot- a slot machine instead of cutlets
2019-02-19 - New GandCrab v5.1 Decryptor Available Now
2019-02-19 - North Korea Turns Against New Targets-!
2019-02-19 - 攻撃グループTickによる日本の組織をターゲットにした攻撃活動
2019-02-20 - Combing Through Brushaloader Amid Massive Detection Uptick
2019-02-20 - Cybercrime is focusing on accountants
2019-02-20 - More Russian language malspam pushing Shade (Troldesh) ransomware
2019-02-20 - Spoofing in the reeds with Rietspoof
2019-02-21 - Fake Jobs- Campaigns Delivering More_eggs Backdoor via Fake Job Offers
2019-02-21 - Shifting in the Wind- WINDSHIFT Attacks Target Middle Eastern Governments
2019-02-22 - Cr1ptT0r Ransomware Infects D-Link NAS Devices, Targets Embedded Systems
2019-02-22 - New BabyShark Malware Targets US National Security Think Tanks
2019-02-23 - D-Link DNS-320 NAS Cr1ptT0r Ransomware ARM Dynamic Analysis - QEMU and Raspberry PI VM
2019-02-25 - How To- Analyzing a Malicious Hangul Word Processor Document from a DPRK Threat Actor Group
2019-02-25 - Multiple ArtraDownloader Variants Used by BITTER to Target Pakistan
2019-02-26 - Farseer- Previously Unknown Malware Family bolsters the Chinese armoury
2019-02-26 - Identifying Cobalt Strike team servers in the wild
2019-02-26 - New Golang brute forcer discovered amid rise in e-commerce attacks
2019-02-26 - The Arsenal Behind the Australian Parliament Hack
2019-02-26 - The Supreme Backdoor Factory
2019-02-27 - A Peek into BRONZE UNION’s Toolbox
2019-02-27 - New Global Cyber Attack on Point of Sale Sytem
2019-02-27 - Protecting Against WinRAR Vulnerabilities
2019-02-28 - EmpireMonkey malware distribution
2019-02-28 - Technical Analysis- Pacha Group Deploying Undetected Cryptojacking Campaigns on Linux Servers
2019-03-01 - Breakdown of a Targeted DanaBot Attack
2019-03-01 - Threat Alert- AVE Maria infostealer on the rise
2019-03-03 - Op 'Sharpshooter' Connected to North Korea's Lazarus Group
2019-03-04 - APT40- Examining a China-Nexus Espionage Actor
2019-03-04 - New Python-Based Payload MechaFlounder Used by Chafer
2019-03-04 - Reptile
2019-03-05 - CryptoMix Clop Ransomware Says It's Targeting Networks, Not Computers
2019-03-05 - GandCrab 101- All about the most widely distributed ransomware of the moment
2019-03-05 - Quick Analysis of a Trickbot Sample with NSA's Ghidra SRE Framework
2019-03-06 - DE-Cr1pt0r tool - The Cr1pt0r ransomware decompiled decryption routine
2019-03-06 - Internet of Termites
2019-03-06 - PINCHY SPIDER Affiliates Adopt “Big Game Hunting” Tactics to Distribute GandCrab Ransomware
2019-03-06 - Whitefly- Espionage Group has Singapore in Its Sights
2019-03-07 - New SLUB Backdoor Uses GitHub, Communicates via Slack
2019-03-07 - The inside story of the world's most dangerous malware
2019-03-08 - Emotet trojan implicated in Wolverine Solutions ransomware attack
2019-03-08 - Iranian-backed hackers stole data from major U.S. government contractor
2019-03-09 - retefe- Artefacts from various retefe campaigns
2019-03-10 - BI_D Ransomware Redux (Now With 100% More Ghidra)
2019-03-11 - A predatory tale- Who’s afraid of the thief-
2019-03-11 - Attackers Insert Themselves into the Email Conversation to Spread Malware
2019-03-11 - Gaming industry still in the scope of attackers in Asia
2019-03-11 - Researcher Claims Iranian APT Behind 6TB Data Heist at Citrix
2019-03-11 - Resecurity reports ‘IRIDUIM’ behind Citrix data breach, 200+ government agencies, oil and gas companies, and technology companies also targeted.
2019-03-11 - Study of the Belonard Trojan, exploiting zero-day vulnerabilities in Counter-Strike 1.6
2019-03-12 - New Ursnif Variant targets Japan packed with new Features
2019-03-12 - Nymaim config decoded
2019-03-12 - Operation Comando How to Run a Cheap and Effective Credit Card Business
2019-03-12 - The Advanced Persistent Threat files- Lazarus Group
2019-03-13 - Analysing ISFB - The First Loader
2019-03-13 - BlackBerry Cylance vs. Tinba Banking Trojan
2019-03-13 - DanaBot control panel revealed
2019-03-13 - Fake CDC Flu Pandemic Warning delivers Gandcrab 5.2 ransomware
2019-03-13 - GlitchPOS- New PoS malware for sale
2019-03-13 - N Ways to Unpack Mobile Malware
2019-03-13 - ORANGEWORM GROUP – KWAMPIRS ANALYSIS UPDATE
2019-03-13 - The fourth horseman- CVE-2019-0797 vulnerability
2019-03-13 - ‘DMSniff’ POS Malware Actively Leveraged to Target Small-, Medium-Sized Businesses
2019-03-14 - Attacker Tracking Users Seeking Pakistani Passport
2019-03-14 - Daily Ruleset Update Summary 2019-03-14
2019-03-15 - Flash Bulletin- Emotet Epoch 1 Changes its C2 Communication
2019-03-15 - Immortal information stealer
2019-03-15 - Rocke Evolves Its Arsenal With a New Malware Family Written in Golang
2019-03-17 - Emotet malware analysis. Part 1
2019-03-17 - Global ATM Malware Wall
2019-03-17 - Round 4- Hacker returns and puts 26Mil user records for sale on the Dark Web
2019-03-18 - Analysis of .Net Stealer GrandSteal
2019-03-18 - Analysis of BlackMoon (Banking Trojan)'s Evolution, And The Possibility of a Latest Version Under Development
2019-03-18 - Enterprise Malware-as-a-Service- Lazarus Group and the Evolution of Ransomware
2019-03-19 - Cardinal RAT Sins Again, Targets Israeli Fin-Tech Firms
2019-03-19 - SectorM04 Targeting Singapore – An Analysis
2019-03-20 - APT38 DyePack Framework
2019-03-20 - FIN7 Revisited- Inside Astra Panel and SQLRat Malware
2019-03-20 - New Evidence Proves Ongoing WIZARD SPIDER - LUNAR SPIDER Collaboration
2019-03-20 - Ransomware or Wiper- LockerGoga Straddles the Line
2019-03-21 - How Lockergoga took down Hydro — ransomware used in targeted attacks aimed at big business
2019-03-21 - Interception- Dissecting BokBot’s “Man in the Browser”
2019-03-22 - AZORult++- Rewriting history
2019-03-23 - Reverse Engineering Gootkit with Ghidra Part I
2019-03-24 - JEShell- An OceanLotus (APT32) Backdoor
2019-03-25 - API Hashing Tool, Imagine That
2019-03-25 - Emerging Threat on RANSOM_CRYPTESLA
2019-03-25 - Let’s play with Qulab, an exotic malware developed in AutoIT
2019-03-25 - Operation ShadowHammer
2019-03-25 - Patting the Bear (APT-C-37)- Exposure of Continued Attacks Against an Armed Organization
2019-03-26 - Cryptocurrency businesses still being targeted by Lazarus
2019-03-26 - The Ursnif Gangs keep Threatening Italy
2019-03-26 - WinRAR Zero-day Abused in Multiple Campaigns
2019-03-27 - Analysis of the ShadowHammer backdoor
2019-03-27 - Elfin- Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.
2019-03-27 - Emotet adds a further layer of camouflage
2019-03-27 - Forging the ShadowHammer
2019-03-27 - New steps to protect customers from hacking
2019-03-27 - PsiXBot- The Evolution Of A Modular .NET Bot
2019-03-28 - 10 Years Since Ghostnet
2019-03-28 - Analysis of ShadowHammer ASUS Attack First Stage Payload
2019-03-28 - CRTC and RCMP National Division Execute Warrants in Malware Investigation
2019-03-28 - Group-IB uncovers Android Trojan named «Gustuff» capable of targeting more than 100 global banking apps, cryptocurrency and marketplace applications
2019-03-28 - Let's Learn- Dissecting Operation ShadowHammer Shellcode Internals in crt_ExitProcess
2019-03-28 - The return of the BOM
2019-03-28 - Unleash The Hash - ShadowHammer MAC Address List
2019-03-29 - A Hammer Lurking In The Shadows
2019-03-29 - Exodus- New Android Spyware Made in Italy
2019-03-29 - Researchers Find Google Play Store Apps Were Actually Government Malware
2019-04-01 - Prosecutors Launch Investigation Into Company That Put Malware on Google Play Store
2019-04-02 - A LockerGoga primer and decrypters for Mira and Aurora ransomwares
2019-04-02 - Canadian Police Raid ‘Orcus RAT’ Author
2019-04-02 - New ServHelper Variant Employs Excel 4.0 Macro to Drop Signed Payload
2019-04-02 - Report- OceanLotus APT Group Leveraging Steganography
2019-04-02 - Triple Threat- Emotet Deploys Trickbot to Steal Data & Spread Ryuk
2019-04-02 - Xwo - A Python-based bot scanner
2019-04-03 - Allanite
2019-04-03 - Possible ShadowHammer Targeting (Low Confidence)
2019-04-03 - RAT - Hodin
2019-04-04 - BasBanke- Trend-setting Brazilian banking Trojan
2019-04-04 - Bayer points finger at Wicked Panda in cyberattack
2019-04-04 - IcedID Banking Trojan Spruces Up Injection Tactics to Add Stealth
2019-04-04 - Mimikatz in the Wild- Bypassing Signature-Based Detections Using the “AK47 of Cyber”
2019-04-05 - Pick-Six- Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware
2019-04-05 - Spammed PNG file hides LokiBot
2019-04-05 - Ursnif- The Latest Evolution of the Most Popular Banking Malware
2019-04-07 - Emotet malware analysis. Part 2
2019-04-07 - Mobile Malware Analysis - Tricks used in Anubis
2019-04-08 - Mirai Compiled for New Processors Surfaces in the Wild
2019-04-09 - Collection of helper scripts for OceanLotus
2019-04-09 - Cybercrime market selling full digital fingerprints of over 60,000 users
2019-04-09 - Gustuff banking botnet targets Australia
2019-04-09 - LimeRAT spreads in the wild
2019-04-09 - OceanLotus- macOS malware update
2019-04-09 - Say hello to Baldr, a new stealer on the market
2019-04-10 - Floodor- A Linux TCP - UDP Flooder
2019-04-10 - Lazarus Group rises again from the digital grave with Hoplight malware for all
2019-04-10 - Malware Analysis Report (AR19-100A)- North Korean Trojan- HOPLIGHT
2019-04-10 - OSINT Reporting Regarding DPRK and TA505 Overlap
2019-04-10 - Project TajMahal – a sophisticated new APT framework
2019-04-10 - TRISIS - TRITON - HatMan Malware Repository
2019-04-10 - The Gaza cybergang and its SneakyPastes campaign
2019-04-11 - Ave_Maria Malware- there's more than meets the eye
2019-04-11 - Lazarus rises- Warning over new HOPLIGHT malware linked with North Korea
2019-04-11 - The official website of a popular video editing software was infected with a banking trojan
2019-04-11 - Two Romanian Cybercriminals Convicted of All 21 Counts Relating to Infecting Over 400,000 Victim Computers with Malware and Stealing Millions of Dollars
2019-04-12 - Analysis of an IRC based Botnet
2019-04-12 - Emotet Malware Revives Old Email Conversations Threads to Increase Infection Rates
2019-04-13 - Decoded Turla Powershell Implant
2019-04-15 - A hacker has dumped nearly one billion user records over the past two months
2019-04-15 - Account With Admin Privileges Abused to Install BitPaymer Ransomware via PsExec
2019-04-15 - Cobalt Strike. Walkthrough for Red Teamers
2019-04-15 - New HawkEye Reborn Variant Emerges Following Ownership Change
2019-04-16 - DNS Tunneling in the Wild- Overview of OilRig’s DNS Tunneling
2019-04-16 - Inside Scranos – A Cross Platform, Rootkit-Enabled Spyware Operation
2019-04-16 - Spear Phishing Campaign Targets Ukraine Government and Military; Infrastructure Reveals Potential Link to So-Called Luhansk People's Republic
2019-04-17 - Aggah Campaign- Bit.ly, BlogSpot, and Pastebin Used for C2 in Large Scale Campaign
2019-04-17 - DNS Hijacking Abuses Trust In Core Internet Service
2019-04-18 - APT28 and Upcoming Elections- Evidence of Possible Interference (Part II)
2019-04-18 - Predator the Thief- New Routes of Delivery
2019-04-19 - Security researcher MalwareTech pleads guilty
2019-04-19 - TDL (Turla Driver Loader) Repository
2019-04-22 - Analyzing Emotet with Ghidra — Part 1
2019-04-22 - C-C++ Runtime Library Code Tampering in Supply Chain
2019-04-22 - CARBANAK Week Part One- A Rare Occurrence
2019-04-22 - Dissecting Emotet’s network communication protocol
2019-04-22 - FINTEAM- Trojanized TeamViewer Against Government Targets
2019-04-22 - Unpacking & Decrypting FlawedAmmyy
2019-04-22 - Who’s Behind the RevCode WebMonitor RAT-
2019-04-23 - APT34- webmask project
2019-04-23 - DNSpionage brings out the Karkoff
2019-04-23 - Operation ShadowHammer- a high-profile supply chain attack
2019-04-24 - Beapy- Cryptojacking Worm Hits Enterprises in China
2019-04-24 - Deobfuscating APT32 Flow Graphs with Cutter and Radare2
2019-04-25 - Chinese-based hackers attack domestic energy institutions
2019-04-25 - Emotet Adds New Evasion Technique
2019-04-25 - JasperLoader Emerges, Targets Italy with Gootkit Banking Trojan
2019-04-25 - Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware
2019-04-26 - A Closer Look at the RobbinHood Ransomware
2019-04-26 - GitHub hosted Magecart skimmer used against hundreds of e-commerce sites
2019-04-27 - Analyzing Amadey
2019-04-29 - Where is Emotet- Latest geolocation data
2019-04-30 - APT 40
2019-04-30 - Behind the Scenes with OilRig
2019-04-30 - Buhtrap backdoor and Buran ransomware distributed via major advertising platform
2019-04-30 - Raw Threat Intelligence 2019-04-30- Oilrig data dump link analysis
2019-04-30 - Sodinokibi ransomware exploits WebLogic Server vulnerability
2019-05 - Hancitor's Packer Damystified
2019-05-01 - FrameworkPOS and the adequate persistent threat
2019-05-02 - 2019- The Return of Retefe
2019-05-02 - APT34- Glimpse project
2019-05-02 - Detricking TrickBot Loader
2019-05-02 - FormBook - Hiding in plain sight
2019-05-02 - Goblin Panda continues to target Vietnam
2019-05-02 - Qakbot levels up with new obfuscation techniques
2019-05-03 - Let’s nuke Megumin Trojan
2019-05-03 - Mirrorthief Group Uses Magecart Skimming Attack to Hit Hundreds of Campus Online Stores in US and Canada
2019-05-03 - “MegaCortex” ransomware wants to be The One
2019-05-05 - Unpacking NanoCore Sample Using AutoIT
2019-05-07 - Buckeye- Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak
2019-05-07 - CVE-2019-3396 Redux- Confluence Vulnerability Exploited to Deliver Cryptocurrency Miner With Rootkit
2019-05-07 - MegaCortex Ransomware Spotted Attacking Enterprise Networks
2019-05-07 - SystemdMiner,when a botnet borrows another botnet’s infrastructure
2019-05-07 - Turla LightNeuron- An email too far
2019-05-07 - Vulnerable Apache Jenkins exploited in the wild
2019-05-07 - “Filesnfer” Tool (C#, Python)
2019-05-08 - A new threat for macOS spreads as WhatsApp
2019-05-08 - Dharma Ransomware Uses AV Tool to Distract from Malicious Activities
2019-05-08 - FIN7.5- the infamous cybercrime rig “FIN7” continues its activities
2019-05-08 - Fin7 hacking group targets more than 130 companies after leaders’ arrest
2019-05-08 - Get Smart with Enhanced Memory Dumping in VMRay Analyzer 3.0
2019-05-08 - “RobbinHood” ransomware takes down Baltimore City government networks
2019-05-09 - Chinese national indicted for 2015 Anthem breach
2019-05-09 - Deflect Labs Report #6- Phishing and Web Attacks Targeting Uzbek Human Right Activists and Independent Media
2019-05-09 - Donut - Injecting .NET Assemblies as Shellcode
2019-05-09 - Github Repository of AbSent-Loader
2019-05-09 - Malware Analysis Report (AR19-129A)
2019-05-09 - New KPOT v2.0 stealer brings zero persistence and in-memory features to silently steal credentials
2019-05-09 - New leaks of Iranian cyber-espionage operations hit Telegram and the Dark Web
2019-05-09 - RobinHood Ransomware “CoolMaker” Functions Not So Cool
2019-05-09 - Strange Bits- HTML Smuggling and GitHub Hosted Malware
2019-05-09 - Technical Analysis- Pacha Group Competing against Rocke Group for Cryptocurrency Mining Foothold on the Cloud
2019-05-09 - Top-Tier Russian Hacking Collective Claims Breaches of Three Major Anti-Virus Companies
2019-05-09 - Tracking One Year of Malicious Tor Exit Relay Activities (Part II)
2019-05-10 - Exploring Mimikatz - Part 1 - WDigest
2019-05-10 - MegaCortex, deconstructed- mysteries mount as analysis continues
2019-05-12 - Lime Downloader v4.2
2019-05-13 - A Look At Hworm - Houdini aka Njrat
2019-05-13 - ScarCruft continues to evolve, introduces Bluetooth harvester
2019-05-14 - Plead malware distributed via MitM attacks at router level, misusing ASUS WebStorage
2019-05-14 - Reaver- Mapping Connections Between Disparate Chinese APT Groups
2019-05-14 - Return of Watchbog- Exploiting Jenkins CVE-2018-1000861
2019-05-14 - The Rise of Dridex and the Role of ESPs
2019-05-15 - Threat Actor Profile- TA542, From Banker to Malware Distribution Service
2019-05-16 - GozNym Closure Comes in the Shape of a Europol and DOJ Arrest Operation
2019-05-16 - GozNym Cyber-Criminal Network Operating out of Europe Targeting American Entities Dismantled in International Operation
2019-05-16 - Goznym Indictments – action following on from successful Avalanche Operations
2019-05-16 - The Stealthy Email Stealer in the TA505 Arsenal
2019-05-17 - TeamViewer Confirms Undisclosed Breach From 2016
2019-05-19 - Skreddersydd dobbeltangrep mot Hydro
2019-05-20 - GozNym Banking Malware- Gang Busted, But Is That The End-
2019-05-20 - Malware Against the C Monoculture
2019-05-20 - Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques
2019-05-22 - A journey to Zebrocy land
2019-05-22 - Shade Ransomware Hits High-Tech, Wholesale, Education Sectors in U.S, Japan, India, Thailand, Canada
2019-05-22 - TRICKBOT - Analysis
2019-05-23 - Analysing -Retefe- with Sysmon and Splunk
2019-05-23 - One year later- The VPNFilter catastrophe that wasn't
2019-05-23 - Sorpresa! JasperLoader targets Italy with a new bag of tricks
2019-05-24 - Directed attacks against MySQL servers deliver ransomware
2019-05-24 - Overview of Proton Bot, another loader in the wild!
2019-05-24 - Uncovering new Activity by APT10
2019-05-25 - Analyzing ISFB - The Second Loader
2019-05-25 - Fas-Disassembler for Visuallisp 0.8
2019-05-28 - Emissary Panda Attacks Middle East Government Sharepoint Servers
2019-05-28 - FlawedAmmyy
2019-05-28 - Threat Research- New Rocke Variant Ready to Box Any Mining Challengers
2019-05-29 - A dive into Turla PowerShell usage
2019-05-29 - HiddenWasp Malware Stings Targeted Linux Systems
2019-05-29 - TA505 is Expanding its Operations
2019-05-30 - 10 years of virtual dynamite- A high-level retrospective of ATM malware
2019-05-30 - Bug in Malware “TSCookie” - Fails to Read Configuration - (Update)
2019-05-31 - Hidden Bee- Let’s go down the rabbit hole
2019-05-31 - Thưởng tết….
2019-06-01 - GandCrab Ransomware Shutting Down After Claiming to Earn $2 Billion
2019-06-03 - GandCrab ransomware operators put in retirement papers
2019-06-03 - Into the Fog - The Return of ICEFOG APT
2019-06-03 - Report- No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware
2019-06-03 - Varonis Exposes Global Cyber Campaign- C2 Server Actively Compromising Thousands of Victims
2019-06-03 - Zebrocy’s Multilanguage Malware Salad
2019-06-04 - 2019-06-04 Advisory- Windigo attacks
2019-06-04 - Advisory- Windigo attacks
2019-06-04 - Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vitali Kremez
2019-06-04 - Magecart skimmers found on Amazon CloudFront CDN
2019-06-04 - Taking a look at Baldr stealer
2019-06-04 - Threat Spotlight- Analyzing AZORult Infostealer Malware
2019-06-05 - Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities
2019-06-05 - Possible Turla HTTP Listener
2019-06-05 - Upgraded JasperLoader Infecting Machines with New Targets & Functional Improvements- What You Need to Know
2019-06-06 - A Deep Dive into the Emotet Malware
2019-06-06 - APT34- Jason project
2019-06-06 - Google confirms that advanced backdoor came preinstalled on Android devices
2019-06-06 - New Mirai Variant Adds 8 New Exploits, Targets Additional IoT Devices
2019-06-06 - PHA Family Highlights- Triada
2019-06-08 - The Evolution of Aggah- From Roma225 to the RG Campaign
2019-06-08 - Vanilla RAT
2019-06-10 - MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools
2019-06-10 - Threat Spotlight- MenuPass-QuasarRAT Backdoor
2019-06-11 - CPU miner for Litecoin and Bitcoin
2019-06-11 - The InterPlanetary Storm- New Malware in Wild Using InterPlanetary File System’s (IPFS) p2p network
2019-06-13 - Advanced Notification of Cyber Threats against Family of Malware Giving Remote Access to Computers
2019-06-13 - Hunting and detecting Cobalt Strike
2019-06-13 - New Pervasive Worm Exploiting Linux Exim Server Vulnerability
2019-06-13 - pyLocky Decryptor Released by French Authorities
2019-06-14 - Houdini Worm Transformed in New Phishing Attack
2019-06-14 - Malware Tales- Sodinokibi
2019-06-16 - A Deep Dive Into IcedID Malware- Part II - Analysis of the Core IcedID Payload (Parent Process)
2019-06-16 - APT34 Tools Leak
2019-06-17 - Good riddance, GandCrab! We’re still fixing the mess you left behind
2019-06-18 - Analysis of a New HawkEye Variant
2019-06-18 - Mobile Campaign ‘Bouncing Golf’ Affects Middle East
2019-06-18 - Plurox- Modular backdoor
2019-06-19 - Check Point’s Threat Emulation Stops Large-Scale Phishing Campaign in Germany
2019-06-19 - URLZone top malware in Japan, while Emotet and LINE Phishing round out the landscape
2019-06-20 - DanaBot Demands a Ransom Payment
2019-06-20 - Waterbug- Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments
2019-06-21 - An Analysis of Linux.Ngioweb Botnet
2019-06-24 - GandCrab Threat Actors Retire...Maybe
2019-06-24 - LimeRAT - Simple, yet powerful remote administration tool for Windows (RAT)
2019-06-24 - Ransomware REvil - Sodinokibi- Technical analysis and Threat Intelligence Report
2019-06-25 - Analyzing Ursnif’s Behavior Using a Malware Sandbox
2019-06-25 - More AgentTesla keylogger and Nanocore RAT in one bundle
2019-06-25 - OPERATION SOFT CELL- A WORLDWIDE CAMPAIGN AGAINST TELECOMMUNICATIONS PROVIDERS
2019-06-25 - Ransomware strain Troldesh spikes again – Avast tracks new attacks
2019-06-25 - Rig Exploit Kit sends Pitou.B Trojan
2019-06-25 - Riltok mobile Trojan- A banker with global reach
2019-06-26 - New Silex Malware Trashes IoT Devices Using Default Passwords
2019-06-26 - ViceLeaker Operation- mobile espionage targeting Middle East
2019-06-27 - Criminals, ATMs and a cup of coffee
2019-06-27 - Inter- Skimmer For All
2019-06-27 - Tracking driver inventory to unearth rootkits
2019-07-01 - An Analysis of Godlua Backdoor
2019-07-01 - Remote_Shell- A linux remote shell program.
2019-07-01 - Robbinhood Malware Analysis with Radare2
2019-07-01 - Threat Spotlight- Ratsnif - New Network Vermin from OceanLotus
2019-07-02 - LooCipher- The New Infernal Ransomware
2019-07-02 - TA505 begins summer campaigns with a new pet malware downloader, AndroMut, in the UAE, South Korea, Singapore, and the United States
2019-07-03 - BianLian- A New Wave Emerges
2019-07-03 - Lilocked Ransomware
2019-07-03 - Sodin ransomware exploits Windows vulnerability and processor architecture
2019-07-08 - Analyzing KSL0T Turlas Keylogger Part 1
2019-07-08 - Analyzing KSL0T Turlas Keylogger Part 2
2019-07-08 - Dismantling a fileless campaign- Microsoft Defender ATP’s Antivirus exposes Astaroth attack
2019-07-08 - Malicious campaign targets South Korean users with backdoor‑laced torrents
2019-07-08 - Who’s Behind the GandCrab Ransomware-
2019-07-09 - A Deep Dive Into IcedID Malware- Part I - Unpacking, Hooking and Process Injection
2019-07-09 - Operation Newscaster
2019-07-09 - Sea Turtle Keeps on Swimming
2019-07-09 - Spear Phishing against Cryptocurrency Businesses
2019-07-09 - The 2019 Resurgence of Smokeloader
2019-07-10 - Flirting With IDA and APT28
2019-07-10 - How We Seized 15 Active Ransomware Campaigns Targeting Linux File Storage Servers
2019-07-10 - LooCipher- Can Encrypted Files Be Recovered From Hell-
2019-07-10 - New FinSpy iOS and Android implants revealed ITW
2019-07-10 - The eCh0raix Ransomware
2019-07-11 - Buhtrap group uses zero‑day in latest espionage campaigns
2019-07-11 - Recent AZORult activity
2019-07-11 - Threat Actor Profile- TA544 targets geographies from Italy to Japan with a range of malware
2019-07-12 - BitPaymer Source Code Fork- Meet DoppelPaymer Ransomware and Dridex 2.0
2019-07-12 - TrickBooster – TrickBot’s Email-Based Infection Module
2019-07-13 - Free Tool- LooCipher Decryptor
2019-07-15 - Is there a pattern-
2019-07-15 - Is ‘REvil’ the New GandCrab Ransomware-
2019-07-15 - SWEED- Exposing years of Agent Tesla campaigns
2019-07-15 - Threat Spotlight- Virlock Polymorphic Ransomware
2019-07-16 - Analysis- Server-side polymorphism & PowerShell backdoors
2019-07-16 - The Avast Abuser- Metamorfo Banking Malware Hides By Abusing Avast Executable
2019-07-17 - EvilGnome- Rare Malware Spying on Linux Desktop Users
2019-07-17 - Who is Mr Guo-
2019-07-18 - Android Malware Analysis - Dissecting Hydra Dropper
2019-07-18 - Hard Pass- Declining APT34’s Invite to Join Their Professional Network
2019-07-18 - Okrum- Ke3chang group targets diplomatic missions
2019-07-18 - ZLab - LooCipher Decryption Tool
2019-07-19 - An Analysis of L0rdix RAT, Panel and Builder
2019-07-19 - Elusive MegaCortex Ransomware Found - Here is What We Know
2019-07-19 - Who is Mr Wang-
2019-07-21 - Emissary Panda DLL Backdoor
2019-07-22 - A Deep Dive Into IcedID Malware- Part III - Analysis of Child Processes
2019-07-22 - APT33 PowerShell Malware
2019-07-22 - BrushaLoader still sweeping up victims one year later
2019-07-22 - The Lazarus Injector
2019-07-22 - Who is Mr Zeng-
2019-07-23 - Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia
2019-07-24 - A deep dive into Phobos ransomware
2019-07-24 - APT17 is run by the Jinan bureau of the Chinese Ministry of State Security
2019-07-24 - Attacking the Heart of the German Industry
2019-07-24 - GuessWho Ransomware – A Variant of Rapid Ransomware
2019-07-24 - Resurgent Iron Liberty Targeting Energy Sector
2019-07-24 - Updated Karagany Malware Targets Energy Sector
2019-07-24 - Watching the WatchBog- New BlueKeep Scanner and Linux Exploits
2019-07-24 - Winnti analysis
2019-07-25 - Encore! APT17 hacked Chinese targets and offered the data for sale
2019-07-25 - Unmasking AVE_MARIA
2019-07-26 - Turla Indicators of Compromise
2019-07-28 - Third time's the charm- Analysing WannaCry samples
2019-07-29 - An analysis of a spam distribution botnet- the inner workings of Onliner Spambot
2019-07-29 - Android ransomware is back
2019-07-30 - Picking Locky
2019-07-30 - Practical Threat Hunting and Incidence Response - A Case of A Pony Malware Infection
2019-07-31 - SystemBC is like Christmas in July for SOCKS5 Malware and Exploit Kits
2019-07-31 - TFW Ransomware is only your side hustle...
2019-08-01 - APT trends report Q2 2019
2019-08-01 - Cerberus - A New Banking Trojan from the Underworld
2019-08-01 - Clop Ransomware
2019-08-01 - Decrypting L0rdix RAT’s C2
2019-08-01 - LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing Boards
2019-08-02 - SectorE02 Updates YTY Framework in New Targeted Campaign Against Pakistan Government
2019-08-05 - Catching lateral movement in internal emails
2019-08-05 - Corporate IoT – a path to intrusion (APT28-STRONTIUM)
2019-08-05 - Latest Trickbot Campaign Delivered via Highly Obfuscated JS File
2019-08-05 - MegaCortex Ransomware Revamps for Mass Distribution
2019-08-05 - Sharpening the Machete
2019-08-06 - Clipsa – Multipurpose password stealer
2019-08-06 - New Echobot Botnet Variant Uses Over 50 Exploits to Propagate
2019-08-07 - APT41- A Dual Espionage and Cyber Crime Operation
2019-08-07 - MoqHao Related Android Spyware Targeting Japan and Korea Found on Google Play
2019-08-07 - New Ursnif Variant Spreading by Word Document
2019-08-08 - Saefko- A new multi-layered RAT
2019-08-08 - Varenyky- Spambot à la Française
2019-08-10 - GermanWiper's big Brother- GandGrab's kid - Sodinokibi!
2019-08-10 - SELECT code_execution FROM USING SQLite;
2019-08-12 - An Overview of Public Platform C2’s
2019-08-12 - PsiXBot Continues to Evolve with Updated DNS Infrastructure
2019-08-12 - Recent Cloud Atlas activity
2019-08-12 - Trojaner Emotet greift Unternehmensnetzwerke an
2019-08-13 - The state of advanced code injections
2019-08-14 - In the Balkans, businesses are under fire from a double‑barreled weapon
2019-08-15 - Analysis- New Remcos RAT Arrives Via Phishing Email
2019-08-15 - Gootkit Banking Trojan - Deep Dive into Anti-Analysis Features
2019-08-15 - MICROPSIA (APT-C-23)
2019-08-15 - The Hidden Bee infection chain, part 1- the stegano pack
2019-08-16 - Warning As Devious New Android Malware Hides In Fake Adobe Flash Player Installations (Updated)
2019-08-19 - Banking trojan Bolik spreads disguised as the NordVPN app
2019-08-19 - GAME OVER- Detecting and Stopping an APT41 Operation
2019-08-19 - Konni APT organization emerges as an attack disguised as Russian document
2019-08-20 - Lazarus Continues 'Movie Coin' Campaign Disguised as Calling Document Request
2019-08-20 - Merlin (BETA)
2019-08-20 - Source code- TinyMet
2019-08-21 - Finding Neutrino
2019-08-21 - Kelihos botnet
2019-08-22 - APT34- The Helix Kitten Cybercriminal Group Loves to Meow Middle Eastern and International Organizations
2019-08-22 - Asruex Backdoor Variant Infects Word Documents and PDFs Through Old MS Office and Adobe Vulnerabilities
2019-08-22 - First‑of‑its‑kind spyware sneaks into Google Play
2019-08-22 - Pupy RAT
2019-08-23 - Ransomware Attacks Are Testing Resolve of Cities Across America
2019-08-24 - Notes on Nemty Ransomware
2019-08-24 - Windows worms. Forbix worm analysis
2019-08-25 - Nanocor Sample
2019-08-26 - APT-C-09 Reappeared as Conflict Intensified Between India and Pakistan
2019-08-26 - Memory Analysis of TrickBot
2019-08-26 - New Nemty Ransomware May Spread via Compromised RDP Connections
2019-08-26 - The DAA File Format
2019-08-27 - China Chopper still active 9 years later
2019-08-27 - LYCEUM Takes Center Stage in Middle East Campaign
2019-08-27 - TA505 At It Again- Variety is the Spice of ServHelper and FlawedAmmyy
2019-08-27 - TrickBot Modifications Target U.S. Mobile Users
2019-08-28 - Inside the APT28 DLL Backdoor Blitz
2019-08-28 - Other day other malware in the way (died.exe)
2019-08-28 - Putting an end to Retadup- A malicious worm that infected hundreds of thousands
2019-08-28 - RAT Ratatouille- Backdooring PCs with leaked RATs
2019-08-29 - Fully equipped Spying Android RAT from Brazil- BRATA
2019-08-29 - Gootkit Banking Trojan - Part 2- Persistence & Other Capabilities
2019-08-29 - Implant Teardown
2019-08-29 - More_eggs, Anyone- Threat Actor ITG08 Strikes Again
2019-08-29 - SectorJ04 Group’s Increased Activity in 2019
2019-08-30 - A Look Inside the Highly Profitable Sodinokibi Ransomware Business
2019-08-30 - DarkComet v5.3.1
2019-08-30 - Github Repository of Octopus
2019-08-30 - RAT.Android.OmniRAT
2019-08-30 - njRAT builders
2019-09-02 - Digital Crackdown- Large-Scale Surveillance and Exploitation of Uyghurs
2019-09-02 - Revealed- How a secret Dutch mole aided the U.S.-Israeli Stuxnet cyberattack on Iran
2019-09-03 - Deobfuscating Ostap- TrickBot’s 34,000 Line JavaScript Downloader
2019-09-03 - Nemty Ransomware Gets Distribution from RIG Exploit Kit
2019-09-04 - FunkyBot- A New Android Malware Family Targeting Japan
2019-09-04 - Glupteba Campaign Hits Network Routers and Updates C&C Servers with Data from Bitcoin Transactions
2019-09-05 - Netwalker Ransomware
2019-09-05 - Seems Phishy- Back to School Lures Target University Students and Staff
2019-09-05 - l0rdix C2 traffic decryptor
2019-09-06 - Lilocked Ransomware Actively Targeting Servers and Web Sites
2019-09-06 - PsiXBot Now Using Google DNS over HTTPS and Possible New Sexploitation Module
2019-09-07 - Malicious RATatouille
2019-09-07 - Thousands Of Linux Servers Infected By Lilu (Lilocked) Ransomware
2019-09-08 - Fake PayPal Site Spreads Nemty Ransomware
2019-09-09 - Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study
2019-09-09 - Malware Analysis Report (AR19-252A)
2019-09-09 - ‘Purple Fox’ Fileless Malware with Rookit Component Delivered by Rig Exploit Kit Now Abuses PowerShell
2019-09-10 - Gamaredon Analysis
2019-09-10 - Mirai Botnet Continues to Plague IoT Space
2019-09-11 - COBALT DICKENS Goes Back to School…Again
2019-09-11 - Ryuk Related Malware Steals Confidential Military, Financial Files
2019-09-11 - Vulnerable Private Networks- Corporate VPNs Exploited in the Wild
2019-09-11 - Watchbog and the Importance of Patching
2019-09-12 - InnfiRAT- A new RAT aiming for your cryptocurrency and more
2019-09-12 - Ostap Deobfuscation script
2019-09-12 - The tangle of WiryJMPer’s obfuscation
2019-09-13 - Machete
2019-09-14 - WSH RAT (A variant of H-Worm-Houdini)
2019-09-16 - Emotet is back- botnet springs back to life with new spam campaign
2019-09-17 - Cryptocurrency miners aren’t dead yet- Documenting the voracious but simple “Panda”
2019-09-17 - Nemty Ransomware 1.0- A Threat in its Early Stage
2019-09-17 - TFlower Ransomware - The Latest Attack Targeting Businesses
2019-09-18 - Chirp of the PoisonFrog
2019-09-18 - Malware Used by BlackTech after Network Intrusion
2019-09-18 - The WannaCry hangover
2019-09-18 - Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks
2019-09-19 - Emissary Panda APT- Recent infrastructure and RAT analysis
2019-09-19 - Fileless Cryptocurrency-Miner GhostMiner Weaponizes WMI Objects, Kills Other Cryptocurrency-Mining Payloads
2019-09-19 - Hagga of SectorH01 continues abusing Bitly, Blogger and Pastebin to deliver RevengeRAT and NanoCore
2019-09-19 - Lilith
2019-09-20 - Mac Malware that Spoofs Trading App Steals User Information, Uploads it to Website
2019-09-20 - Multiple signatures 032
2019-09-20 - Russian Cybercrime Group FullofDeep Behind QNAPCrypt Ransomware Campaigns
2019-09-20 - TFlower Ransomware Campaign
2019-09-22 - LookBack Forges Ahead- Continued Targeting of the United States’ Utilities Sector Reveals Additional Adversary TTPs
2019-09-22 - Rancor- The Year of The Phish
2019-09-23 - Diving into Pluroxs DNS based protection layer
2019-09-23 - Hello! My name is Dtrack
2019-09-23 - xHunt Campaign- Attacks on Kuwait Shipping and Transportation Organizations
2019-09-24 - APT or not APT- What's Behind the Aggah Campaign
2019-09-24 - How Tortoiseshell created a fake veteran hiring website to host malware
2019-09-24 - Iranian Government Hackers Target US Veterans
2019-09-24 - Missing Link Tibetan Groups Targeted with 1-Click Mobile Exploits
2019-09-24 - No summer vacations for Zebrocy
2019-09-24 - REvil- The GandCrab Connection
2019-09-24 - REvil-Sodinokibi Ransomware
2019-09-24 - Return of the Mummy - Welcome back, Emotet
2019-09-25 - Ransomware- two pieces of good news
2019-09-26 - Bring your own LOLBin- Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware
2019-09-26 - Divergent- -Fileless- NodeJS Malware Burrows Deep Within the Host
2019-09-26 - Masad Stealer- Exfiltrating using Telegram
2019-09-26 - New WhiteShadow downloader uses Microsoft SQL to retrieve malware
2019-09-28 - MMD-0064-2019 - Linux-AirDropBot
2019-09-30 - HELO Winnti- Attack or Scan-
2019-10 - Geost botnet. The story of the discovery of a new Android banking trojan from an OpSec error
2019-10-01 - Lemon_Duck PowerShell malware cryptojacks enterprise networks
2019-10-01 - Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany
2019-10-01 - New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign
2019-10-02 - Another Lazarus Injector
2019-10-02 - Domestic Kitten- an Iranian surveillance program
2019-10-02 - Malware Tales- FTCODE
2019-10-02 - McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us
2019-10-02 - Nicht so goot - Breaking down Gootkit and Jasper (+ FTCODE)
2019-10-02 - Servers botnet offline
2019-10-03 - AVIVORE – Hunting Global Aerospace through the Supply Chain
2019-10-03 - COMpfun successor Reductor infects files on the fly to compromise TLS traffic
2019-10-03 - Context Identifies new AVIVORE threat group
2019-10-03 - New threat group behind Airbus cyber attacks, claim researchers
2019-10-03 - PKPLUG- Chinese Cyber Espionage Group Attacking Asia
2019-10-03 - Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC
2019-10-04 - ScareCrow Ransomware
2019-10-06 - Go under the hood- Eris Ransomware
2019-10-08 - Một sample nhắm vào Bank ở VN
2019-10-09 - FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops
2019-10-10 - Analysis of the new TA505 campaign
2019-10-10 - ESET discovers Attor, a spy platform with curious GSM fingerprinting
2019-10-10 - Mahalo FIN7- Responding to the Criminal Operators’ New Tools and Techniques
2019-10-10 - Nemty Ransomware Decryptor Released, Recover Files for Free
2019-10-10 - Nemty update- decryptors for Nemty 1.5 and 1.6
2019-10-10 - New espionage malware found targeting Russian-speaking users in Eastern Europe
2019-10-10 - Sophisticated Spy Kit Targets Russians with Rare GSM Plugin
2019-10-10 - xHunt Campaign- New PowerShell Backdoor Blocked Through DNS Tunnel Detection
2019-10-11 - Mespinoza Ransomware
2019-10-11 - За российскими дипломатами 7 лет следят с помощью шпионского ПО
2019-10-12 - Pass the AppleJeus
2019-10-14 - Corona DDoS bot
2019-10-14 - Is Emotet gang targeting companies with external SOC-
2019-10-14 - Threat Actor Profile- TA407, the Silent Librarian
2019-10-15 - Blackremote- Money Money Money – A Swedish Actor Peddles an Expensive New RAT
2019-10-15 - MedusaLocker Ransomware
2019-10-16 - APT15
2019-10-16 - LNKR- More than Just a Browser Extension
2019-10-16 - TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader
2019-10-16 - TA505 Timeline
2019-10-17 - Let's Learn- Dissecting Lazarus Windows x86 Loader Involved in Crypto Trading App Distribution- -snowman- & ADVObfuscator
2019-10-17 - Operation Ghost- The Dukes aren’t back – they never left
2019-10-17 - The Untold Story of the 2018 Olympics Cyberattack, the Most Deceptive Hack in History
2019-10-18 - Maze Ransomware Now Delivered by Spelevo Exploit Kit
2019-10-18 - TrickBot variant “Anchor_DNS” communicating over DNS
2019-10-19 - ABCD Ransomware LockBit Ransomware
2019-10-19 - 商用RATのエコシステム- Unit 42、高機能商用RAT Blackremote RATの作者を公開後数日で特定
2019-10-20 - InfoDot Ransomware
2019-10-20 - McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo
2019-10-21 - Advisory- Turla group exploits Iranian APT to expand coverage of victims
2019-10-21 - Gustuff return, new features for victims
2019-10-21 - New Variant of Remcos RAT Observed In the Wild
2019-10-21 - Shikata Ga Nai Encoder Still Going Strong
2019-10-21 - Winnti Group’s skip‑2.0- A Microsoft SQL Server backdoor
2019-10-22 - New PatchWork Spearphishing Attack
2019-10-23 - Mobile Malware and APT Espionage- Prolific, Pervasive, and Cross-Platform
2019-10-23 - PwndLocker Ransomware
2019-10-23 - Spoofing in the reeds with Rietspoof
2019-10-24 - 10-24-2019 - APT28- Targeted attacks against mining corporations in Kazakhstan
2019-10-24 - FTdecryptor- a simple password-based FTCODE decryptor
2019-10-24 - How TrickBot Malware Hooking Engine Targets Windows 10 Browsers
2019-10-24 - Hunting Raccoon- The new Masked Bandit on the Block
2019-10-24 - Tracking down the developer of Android adware affecting millions of users
2019-10-25 - HDMR, GO-SPORT
2019-10-25 - New FuxSocy Ransomware Impersonates the Notorious Cerber
2019-10-25 - The Deep Dive Malware Analysis Approach
2019-10-26 - Earn-quick-BTC-with-Hiddentear.mp4 - About Open Source Ransomware
2019-10-28 - SWEED Targeting Precision Engineering Companies in Italy
2019-10-29 - Osiris, the god of afterlife...and banking malware-!
2019-10-29 - ShadeDecryptor tool
2019-10-29 - TRICKBOT - Analysis Part II
2019-10-29 - Threat Spotlight- Neshta File Infector Endures
2019-10-30 - Emotet is back in action after a short break
2019-10-31 - Calypso APT- new group attacking state institutions
2019-10-31 - Dynamic Imports and Working Around Indirect Calls - Smokeloader Study Case
2019-10-31 - MESSAGETAP- Who’s Reading Your Text Messages-
2019-10-31 - Malware Analysis Report (AR19-304A)
2019-11-01 - Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium
2019-11-01 - Ginp - A Malware Patchwork Borrowing From Anubis
2019-11-01 - WIZARD SPIDER Adds New Features to Ryuk for Targeting Hosts on LAN
2019-11-03 - DTrack
2019-11-04 - Hakbit Ransomware
2019-11-04 - Is Lazarus-APT38 Targeting Critical Infrastructures-
2019-11-04 - Nemty Ransomware Expands Its Reach, Also Delivered by Trik Botnet
2019-11-05 - Brief analysis of Redaman Banking Malware (v0.6.0.2) Sample
2019-11-05 - Buran Ransomware; the Evolution of VegaLocker
2019-11-05 - DADJOKE
2019-11-05 - DarkUniverse – the mysterious APT framework #27
2019-11-05 - Hospital cyberattack could have been avoided
2019-11-05 - New Megacortex Ransomware Changes Windows Passwords, Threatens to Publish Data
2019-11-05 - Try not to stare - MedusaLocker at a glance
2019-11-06 - Emotet, Trickbot, Ryuk – ein explosiver Malware-Cocktail
2019-11-06 - Outil de déchiffrement du rançongiciel (ransomware) PyLocky versions 1 et 2
2019-11-06 - Spanish consultancy Everis suffers BitPaymer ransomware attack- a brief analysis
2019-11-07 - Swen (computer worm)
2019-11-08 - Wikipedia Entry on Equation Group
2019-11-08 - Wireshark Tutorial- Examining Trickbot Infections
2019-11-09 - API-Hashing in the Sodinokibi-Revil Ransomware - Why and How-
2019-11-09 - APT34 Event Analysis Report
2019-11-11 - APT cases exploiting vulnerabilities in region‑specific software
2019-11-11 - Revenge Is A Dish Best Served… Obfuscated-
2019-11-12 - PureLocker- New Ransomware-as-a-Service Being Used in Targeted Attacks Against Servers
2019-11-12 - Reversing Qakbot
2019-11-12 - The DGA of QSnatch
2019-11-12 - Weeding out WannaMine v4.0- Analyzing and Remediating This Mineware Nightmare
2019-11-13 - AnteFrigus Ransomware
2019-11-14 - MITRE ATT&CKcon 2.0- How a Threat Hunting Team Has Upgraded Its Use of ATT&CK
2019-11-14 - TA2101 plays government imposter to distribute malware to German, Italian, and US organizations
2019-11-15 - New NextCry Ransomware Encrypts Data on NextCloud Linux Servers
2019-11-16 - Fresh PlugX October 2019
2019-11-16 - ddoor
2019-11-18 - Brushaloader gaining new layers like a pro
2019-11-18 - Linux, Windows Users Targeted With New ACBackdoor Malware
2019-11-18 - New Ransomware Available for Targeted Attacks
2019-11-18 - Pipka Card Skimmer Removes Itself After Infecting eCommerce Sites
2019-11-18 - REWTERZ THREAT ALERT – IRANIAN APT USES JOB SCAMS TO LURE TARGETS
2019-11-18 - Surprised by Julius the Great! Disclosure of Cyrus attacks against Iran
2019-11-19 - Mispadu- Advertisement for a discounted Unhappy Meal
2019-11-19 - Phorpiex Breakdown
2019-11-19 - Quick and painless - Reversing DeathRansom - -Wacatac-
2019-11-19 - Wacatac Ransomware
2019-11-20 - MuddyWater Uses New Attack Methods in a Recent Attack Wave
2019-11-20 - New Roboto botnet emerges targeting Linux servers running Webmin
2019-11-20 - Phoenix- The Tale of the Resurrected Keylogger
2019-11-20 - The awaiting Roboto Botnet
2019-11-21 - Allied Universal Breached by Maze Ransomware, Stolen Data Leaked
2019-11-21 - GandCrab Finds DEATHRansom of the Same Appearance Following Nemty in Korea
2019-11-21 - Going Deep - A Guide to Reversing Smoke Loader Malware
2019-11-21 - IconDown – Downloader Used by BlackTech
2019-11-21 - New SectopRAT- Remote access malware utilizes second desktop to control browsers
2019-11-21 - Registers as -Default Print Monitor-, but is a malicious downloader. Meet DePriMon
2019-11-21 - Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon
2019-11-21 - STOP Ransomware- Finger weg von illegalen Software-Downloads
2019-11-22 - Trickbot Updates Password Grabber Module
2019-11-22 - TurkStatik Ransomware
2019-11-23 - Extensive hacking operation discovered in Kazakhstan
2019-11-24 - TA505 Get2 Analysis
2019-11-26 - Insights from one year of tracking a polymorphic threat
2019-11-26 - Stantinko botnet adds cryptomining to its pool of criminal activities
2019-11-27 - Threat Spotlight- Machete Info-Stealer
2019-11-27 - Кейлоггер с сюрпризом- анализ клавиатурного шпиона и деанон его разработчика
2019-11-28 - RevengeHotels- cybercrime targeting hotel front desks worldwide
2019-11-29 - Libertad y gloria - A Mexican cyber heist story - CyberCrimeCon19 Singapore
2019-11-29 - Operation ENDTRADE- Finding Multi-Stage Backdoors that TICK
2019-11-29 - The Fractured Block Campaign- CARROTBAT Used to Deliver Malware Targeting Southeast Asia
2019-12-02 - Facebook Ads Manager Targeted by New Info-Stealing Trojan
2019-12-02 - God save the Queen [...] 'cause Ransom is money - SaveTheQueen Encryptor
2019-12-02 - Imminent Monitor - a RAT Down Under
2019-12-02 - Meet PyXie- A Nefarious New Python RAT
2019-12-03 - In depth analysis of an infostealer- Raccoon
2019-12-03 - Lazarus Group Goes 'Fileless'
2019-12-03 - New version of IcedID Trojan uses steganographic payloads
2019-12-03 - Threat Actor Targeting Hong Kong Pro-Democracy Figures
2019-12-04 - Buer, a new loader emerges in the underground marketplace
2019-12-04 - How to Respond to Emotet Infection (FAQ)
2019-12-04 - Ransomware, interrupted- Sodinokibi and the supply chain
2019-12-04 - xHunt Campaign- xHunt Actor’s Cheat Sheet
2019-12-05 - APT28 Attacks Evolution
2019-12-05 - Buer Loader, new Russian loader on the market with interesting persistence
2019-12-05 - Cobalt Strike 4.0 – Bring Your Own Weaponization
2019-12-05 - PoshC2 (specifically as used by APT33)
2019-12-05 - RedRum Ransomware
2019-12-05 - Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware
2019-12-07 - NetWorm
2019-12-09 - Caution! Ryuk Ransomware decryptor damages larger files, even if you pay
2019-12-09 - Snatch Ransomware Reboots to Windows Safe Mode to Bypass AV Tools
2019-12-09 - Snatch ransomware reboots PCs into Safe Mode to bypass protection
2019-12-09 - TrickBot Campaign Uses Fake Payroll Emails to Conduct Phishing Attacks
2019-12-10 - Anchor Project - The Deadly Planeswalker- How The TrickBot Group United High-Tech Crimeware & APT
2019-12-10 - MORPHISEC DISCOVERS CCLEANER BACKDOOR SAVING MILLIONS OF AVAST USERS
2019-12-10 - Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium
2019-12-10 - [Updated] Alert Regarding Emotet Malware Infection
2019-12-11 - A -Project.exe- that should have stayed in a drawer - MZRevenge - MaMo434376
2019-12-11 - Dropping Anchor- From a TrickBot Infection to the Discovery of the Anchor Malware
2019-12-11 - Maze Ransomware Behind Pensacola Cyberattack, $1M Ransom Demand
2019-12-11 - Story of the year 2019- Cities under ransomware siege
2019-12-11 - Waterbear Returns, Uses API Hooking to Evade Security
2019-12-11 - Zeppelin- Russian Ransomware Targets High Profile Users in the U.S. and Europe
2019-12-12 - Another Ransomware Will Now Publish Victims' Data If Not Paid
2019-12-12 - Cyber Threat Landscape in Japan – Revealing Threat in the Shadow
2019-12-12 - Cyber espionage in the Middle East- unravelling OSX.WindTail
2019-12-12 - Cybercrime Groups (FIN8) Targeting Fuel Dispenser Merchants
2019-12-12 - GALLIUM- Targeting global telecom
2019-12-12 - More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting
2019-12-12 - Mr.Peter
2019-12-13 - Elegant sLoad Carries Out Spying, Payload Delivery in BITS
2019-12-13 - LALALA InfoStealer which comes with Batch and PowerShell scripting combo
2019-12-14 - Another one for the collection - Mespinoza (Pysa) Ransomware
2019-12-15 - Ryuk Ransomware Likely Behind New Orleans Cyberattack
2019-12-16 - Momentum Botnet's Newest DDoS Attacks and IoT Exploits
2019-12-16 - Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up
2019-12-17 - Incident Response lessons from recent Maze ransomware attacks
2019-12-17 - Lazarus Group uses Dacls RAT to attack Linux platform
2019-12-17 - Nuclear Bot Author Arrested in Sextortion Case
2019-12-17 - Rancor- Cyber Espionage Group Uses New Custom Malware to Attack Southeast Asia
2019-12-17 - TA505 evolves ServHelper, uses Predator The Thief and Team Viewer Hijacking
2019-12-18 - Echobot Malware Now up to 71 Exploits, Targeting SCADA
2019-12-18 - IcedID PNG Extractor
2019-12-18 - Maze ransomware
2019-12-18 - Understanding Ransomware Series- Detecting Sodin
2019-12-19 - ChernoLocker Ransomware
2019-12-19 - Inside ‘Evil Corp,’ a $100M Cybercrime Menace
2019-12-19 - Threat spotlight- the curious case of Ryuk ransomware
2019-12-19 - [RE009] Phân tích mã độc “KẾ HOẠCH, NHIỆM VỤ TRỌNG TÂM NĂM 2020.doc” đính kèm email phishing
2019-12-20 - An Updated ServHelper Tunnel Variant
2019-12-20 - Undressing the REvil
2019-12-20 - Unveiling JsOutProx- A New Enterprise Grade Implant
2019-12-21 - How ransomware exploded in the age of Bitcoin
2019-12-21 - Shamoon 2012 Complete Analysis
2019-12-23 - DarkRat - Hacking a malware control panel
2019-12-23 - FBI Issues Alert For LockerGoga and MegaCortex Ransomware
2019-12-23 - I literally can't think of a fitting pun - MrDec Ransomware
2019-12-23 - Mozi, Another Botnet Using DHT
2019-12-23 - POS Malware Used at Fuel Pumps
2019-12-23 - Wireshark Tutorial- Examining Ursnif Infections
2019-12-24 - Gozi V3- tracked by their own stealth
2019-12-24 - Maze Ransomware Releases Files Stolen from City of Pensacola
2019-12-24 - Unpacking Payload used in Bottle EK
2019-12-24 - Warning over LockerGoga and MegaCortex ransomware attacks targeting private industry in western countries
2019-12-25 - BlackNet RAT - When you leave the Panel unprotected
2019-12-25 - Let’s play (again) with Predator the thief
2019-12-26 - FinSpy-Dokumentation
2019-12-26 - Introducing BIOLOAD- FIN7 BOOSTWRITE’s Lost Twin
2019-12-26 - Ryuk Ransomware Stops Encrypting Linux Folders
2019-12-26 - Targeting Portugal- A new trojan ‘Lampion’ has spread using template emails from the Portuguese Government Finance & Tax
2019-12-28 - The Tale of the Pija-Droid Firefinch
2019-12-29 - BRONZE PRESIDENT Targets NGOs
2019-12-29 - Unnamed 1
2019-12-31 - Cuba Ransomware
2019-12-31 - Fuel Pumps II – PoSlurp.B
Malware Analysis 2020
2020-01-01 - New Destructive Wiper “ZeroCleare” Targets Energy Sector in the Middle East
2020-01-01 - Repository for Python Server for PoshC2
2020-01-01 - The Mac Malware of 2019
2020-01-02 - -Nice decorating. Let me guess, Satan-- - Dot - MZP Ransomware
2020-01-02 - DeathRansom Part II- Attribution
2020-01-02 - The Curious Case of DeathRansom- Part I
2020-01-03 - Nice One, Dad- Dissecting A Rare Malware Used By Leviathan
2020-01-03 - Waterbear, a cyber espionage virus, has a new variant with its own anti-virus function
2020-01-06 - First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group
2020-01-06 - Pyrogenic Infostealer static analysis – Part 0x1
2020-01-06 - Sodinokibi Ransomware Hits Travelex, Demands $3 Million
2020-01-07 - Clop ransomware Notes
2020-01-07 - DarkRat v2.2.0
2020-01-07 - Hold My Beer Mirai – Spinoff Named ‘LiquorBot’ Incorporates Cryptomining
2020-01-07 - Powershell Static Analysis & Emotet results
2020-01-08 - Leonardo S.p.A. Data Breach Analysis
2020-01-08 - Naive IoT botnet wastes its time mining cryptocurrency
2020-01-08 - Operation AppleJeus Sequel
2020-01-08 - SNAKE Ransomware Is the Next Threat Targeting Business Networks
2020-01-08 - Threat Spotlight- Amadey Bot Targets Non-Russian Users
2020-01-09 - Ako, MedusaReborn
2020-01-09 - Man jailed for using webcam RAT to spy on women in their bedrooms
2020-01-09 - Not so nice after all - Afrodita Ransomware
2020-01-09 - PARISITE
2020-01-09 - PHA Family Highlights- Bread (and Friends)
2020-01-09 - SAIGON, the Mysterious Ursnif Fork
2020-01-09 - ServHelper 2.0- Enriched with bot capabilities and allow remote desktop access
2020-01-09 - Sodinokibi Ransomware Says Travelex Will Pay, One Way or Another
2020-01-09 - TA428 Group abusing recent conflict between Iran and USA
2020-01-09 - Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets
2020-01-09 - What is the Hainan Xiandun Technology Development Company-
2020-01-10 - Sodinokibi Ransomware Hits New York Airport Systems
2020-01-10 - Threat spotlight- Phobos ransomware lives up to its name
2020-01-10 - Who is Mr Gu-
2020-01-11 - Sodinokibi Ransomware Publishes Stolen Data for the First Time
2020-01-12 - Zeus Museum Entry for Unnamed 2
2020-01-13 - APT27 ZxShell RootKit module updates
2020-01-13 - TAFOF Unpacker
2020-01-13 - Who else works for this cover company network-
2020-01-14 - Family Page for FastLoader
2020-01-14 - Inside of CL0P’s ransomware operation
2020-01-14 - Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices
2020-01-14 - Satan ransomware rebrands as 5ss5c ransomware
2020-01-14 - United Nations Targeted With Emotet Malware Phishing Attack
2020-01-14 - Who is Mr Ding-
2020-01-15 - APT-C-36 recent activity analysis
2020-01-15 - Alien Labs 2019 Analysis of Threat Groups Molerats and APT-C-37
2020-01-15 - Analyzing Magecart Malware – From Zero to Hero
2020-01-15 - Deep Dive into the Lyceum Danbot Malware
2020-01-15 - Hainan Xiandun Technology Company is APT40
2020-01-15 - Iranian Threat Actors- Preliminary Analysis
2020-01-15 - MMD-0065-2020 - Linux-Mirai-Fbot's new encryption explained
2020-01-16 - A Curious Case of CVE-2019-19781 Palware- remove_bds
2020-01-16 - APT40 is run by the Hainan department of the Chinese Ministry of State Security
2020-01-16 - FTCODE Ransomware - New Version Includes Stealing Capabilities
2020-01-16 - JhoneRAT- Cloud based python RAT targeting Middle Eastern countries
2020-01-16 - New Outbreak of h2Miner Worms Exploiting Redis RCE Detected
2020-01-16 - Paradise Ransomware decryption tool
2020-01-16 - TrickBot Now Uses a Windows 10 UAC Bypass to Evade Detection
2020-01-17 - 'Friendly' hackers are seemingly fixing the Citrix server hole – and leaving a nasty present behind
2020-01-17 - 404 Exploit Not Found- Vigilante Deploying Mitigation for Citrix NetScaler Vulnerability While Maintaining Backdoor
2020-01-17 - Unpacking Pyrogenic-Qealler using Java agent -Part 0x2
2020-01-18 - New Jersey Synagogue Suffers Sodinokibi Ransomware Attack
2020-01-19 - Analyzing Modern Malware Techniques - Part 1
2020-01-19 - BayWorld event, Cyber Attack Against Foreign Trade Industry
2020-01-19 - VK post on PIRAT RAT
2020-01-20 - Behind the scenes of GandCrab’s operation
2020-01-20 - Dustman APT- Art of Copy-Paste
2020-01-20 - Linux Rekoobe Operating with New, Undetected Malware Samples
2020-01-20 - Ticket resellers infected with a credit card skimmer
2020-01-21 - BitPyLock Ransomware Now Threatens to Publish Stolen Data
2020-01-21 - FTCODE- taking over (a portion of) the botnet
2020-01-21 - Herpaderping- Security Risk or Unintended Behavior-
2020-01-21 - Muhstik Botnet Attacks Tomato Routers to Harvest New IoT Devices
2020-01-21 - sLoad launches version 2.0, Starslord
2020-01-22 - The malware analyst’s guide to PE timestamps
2020-01-22 - WannaMine - Même les cybercriminels veulent avoir leur mot à dire sur le Brexit !
2020-01-23 - German language malspam pushes Ursnif
2020-01-23 - New Snake Ransomware Adds Itself to the Increasing Collection of Golang Crimeware
2020-01-23 - Shlayer, No. 1 Threat for Mac, Targets YouTube, Wikipedia
2020-01-23 - Sodinokibi Ransomware Threatens to Publish Data of Automotive Group
2020-01-23 - Someone is uninstalling the Phorpiex malware from infected PCs and telling users to install an antivirus
2020-01-23 - The DGA of a Monero Miner Downloader
2020-01-23 - The Fractured Statue Campaign- U.S. Government Targeted in Spear-Phishing Attacks
2020-01-23 - The Opposite of Fileless Malware - NodeJS Ransomware
2020-01-23 - TrickBot Now Steals Windows Active Directory Credentials
2020-01-24 - Hunting for Ransomware
2020-01-24 - New Ryuk Info Stealer Targets Government and Military Secrets
2020-01-24 - Project TajMahal IOCs and Registry Data Decrypter
2020-01-25 - Extracted Config for Ragnarok Ransomware
2020-01-25 - Indonesian Magecart hackers arrested
2020-01-25 - Olympic Ticket Reseller Magecart Infection
2020-01-25 - cryptopatronum ransomware
2020-01-27 - Aggah- How to run a botnet without renting a Server (for more than a year)
2020-01-27 - Operation Night Fury- Group-IB helps take down a cybergang behind the infection of hundreds of websites all over the world
2020-01-27 - xHunt Campaign- New Watering Hole Identified for Credential Harvesting
2020-01-28 - Ragnarok Ransomware Targets Citrix ADC, Disables Windows Defender
2020-01-28 - Stopping the Press- New York Times Journalist Targeted by Saudi-linked Pegasus Spyware Operator
2020-01-28 - Tick Group Aiming at Japanese Manufacturing
2020-01-28 - Tracking REvil
2020-01-29 - An Overhead View of the Royal Road
2020-01-29 - DOD contractor suffers ransomware infection
2020-01-29 - Malware Tries to Trump Security Software With POTUS Impeachment
2020-01-30 - Competitions on Russian-language cybercriminal forums- Sharing expertise or threat actor showboating-
2020-01-30 - Coronavirus Goes Cyber With Emotet
2020-01-30 - Cyber attaque à l’encontre des serveurs de Bouygues Construction
2020-01-30 - Emotet Technical Analysis - Part 1 Reveal the Evil Code
2020-01-30 - Fake Interview- The New Activity of Charming Kitten
2020-01-30 - New Iranian Campaign Tailored to US Companies Utilizes an Updated Toolset
2020-01-30 - TheCursedMurderer Ransomware
2020-01-30 - TrickBot Uses a New Windows 10 UAC Bypass to Launch Quietly
2020-01-30 - Trickbot Trojan Leveraging a New Windows 10 UAC Bypass
2020-01-31 - Deutsches Chemieunternehmen gehackt
2020-01-31 - Emutet
2020-01-31 - New wave of PlugX targets Hong Kong
2020-01-31 - RATs in the Library- Remote Access Trojans Hide in Plain -Public- Site
2020-01-31 - Rich Headers- leveraging this mysterious artifact of the PE format
2020-01-31 - Winnti Group targeting universities in Hong Kong
2020-02-01 - 2020 - Year of the RAT
2020-02-01 - FCT Ransomware
2020-02-02 - Agent Tesla amps up information stealing attacks
2020-02-02 - Defeating Sodinokibi-REvil String-Obfuscation in Ghidra
2020-02-03 - Analysis of a triple-encrypted AZORult downloader
2020-02-03 - Dissecting Emotet – Part 1
2020-02-03 - EKANS Ransomware and ICS Operations
2020-02-03 - PassLock Ransomware
2020-02-03 - Warzone- Behind the enemy lines
2020-02-04 - Analyzing Modern Malware Techniques - Part 3- A case of Powershell, Excel 4 Macros and VB6
2020-02-04 - Borr Malware
2020-02-04 - RagnarLocker Ransomware
2020-02-04 - Similarity between Qealler-Pyrogenic variants -Part 0x3
2020-02-05 - Mailto (NetWalker) Ransomware Targets Enterprise Networks
2020-02-05 - Pro-Russian CyberSpy Gamaredon Intensifies Ukrainian Security Targeting
2020-02-05 - STOMP 2 DIS- Brilliance in the (Visual) Basics
2020-02-05 - The Hole in the Bucket- Attackers Abuse Bitbucket to Deliver an Arsenal of Malware
2020-02-06 - 40,000 CryptBot Downloads per Day- Bitbucket Abused as Malware Slinger
2020-02-06 - DNS Tunneling Series, Part 3- The Siren Song of RogueRobin
2020-02-06 - Living off another land- Ransomware borrows vulnerable driver to remove security software
2020-02-06 - Ransomware Exploits GIGABYTE Driver to Kill AV Processes
2020-02-06 - Sfile Ransomware
2020-02-07 - APT 40 in Malaysia
2020-02-07 - Emotet Evolves With New Wi-Fi Spreader
2020-02-07 - Magecart Group 12’s Latest- Actors Behind Attacks on Olympics Ticket Re-sellers Deftly Swapped Domains to Continue Campaign
2020-02-07 - TA505 Hackers Behind Maastricht University Ransomware Attack
2020-02-08 - Emotet Technical Analysis - Part 2 PowerShell Unveiled
2020-02-08 - MA-774.022020- MyCERT Advisory - Espionage Campaign Based On Technical Indicators
2020-02-08 - Reversing the Gophe SPambot- Confronting COM Code and Surmounting STL Snags
2020-02-10 - FBI warns about ongoing attacks against software supply chain companies
2020-02-10 - Hypervisor Introspection Thwarts Web Memory Corruption Attack in the Wild
2020-02-10 - KBOT- sometimes they come back
2020-02-10 - Suspected Sapphire Mushroom (APT-C-12) malicious LNK files
2020-02-11 - Metamorfo (aka Casbaneiro)
2020-02-12 - CSI- Evidence Indicators for Targeted Ransomware Attacks – Part I
2020-02-12 - Goblin Panda APT- Recent infrastructure and RAT analysis
2020-02-12 - Loda RAT Grows Up
2020-02-13 - A Deep Dive Into Wakeup On Lan (WoL) Implementation of Ryuk
2020-02-13 - New Cyber Espionage Campaigns Targeting Palestinians - Part 1- The Spark Campaign
2020-02-13 - New Cyber Espionage Campaigns Targeting Palestinians - Part 2- The Discovery of the New, Mysterious Pierogi Backdoor
2020-02-13 - Playing defense against Gamaredon Group
2020-02-13 - Threat actors attempt to capitalize on coronavirus outbreak
2020-02-13 - Wireshark Tutorial- Examining Qakbot Infections
2020-02-14 - LokiBot- dissecting the C&C panel deployments
2020-02-14 - Malware Analysis Report (AR20-045A)- MAR-10265965-1.v1 - North Korean Trojan- BISTROMATH
2020-02-14 - Malware Analysis Report (AR20-045C)
2020-02-14 - Malware Analysis Report (AR20-045D)- MAR-10271944-1.v1 - North Korean Trojan- HOTCROISSANT
2020-02-14 - Malware Analysis Report (AR20-045E)- MAR-10271944-2.v1 - North Korean Trojan- ARTFULPIE
2020-02-14 - Malware Analysis Report (AR20-045F)- MAR-10271944-3.v1 - North Korean Trojan- BUFFETLINE
2020-02-14 - Malware Analysis Report (AR20-045G)- MAR-10135536-8.v4 - North Korean Trojan- HOPLIGHT
2020-02-14 - Malware Analysis Report (AR20–045B)- MAR-10265965-2.v1 - North Korean Trojan- SLICKSHOES
2020-02-15 - Python Remote Administration Tool (RAT)
2020-02-16 - Hamas Android Malware On IDF Soldiers-This is How it Happened
2020-02-17 - CLAMBLING - A New Backdoor Base On Dropbox
2020-02-17 - Cyberwarfare- A deep dive into the latest Gamaredon Espionage Campaign
2020-02-17 - Following the tracks of MageCart 12
2020-02-17 - Gibberish Ransomware
2020-02-18 - Building a bypass with MSBuild
2020-02-18 - Hidden in PEB Sight- Hiding Windows API Imports With a Custom Loader
2020-02-18 - Nearly a quarter of malware now communicates using TLS
2020-02-18 - Nemty Ransomware Scaling UP- APAC Mailboxes Swarmed by Dual Downloaders
2020-02-18 - Tracking ‘Kimsuky’, the North Korea-based cyber espionage group- Part 1
2020-02-18 - Uncovering DRBControl- Inside the Cyberespionage Campaign Targeting Gambling Operations
2020-02-18 - What’s up Emotet-
2020-02-19 - Azorult – what we see using our own tools
2020-02-19 - Uncovering New Magecart Implant Attacking eCommerce
2020-02-19 - Uncovering the Anonymity Cloak
2020-02-20 - Analysis of an Unusual HawkEye Sample
2020-02-20 - CSI- Evidence Indicators for Targeted Ransomware Attacks – Part II
2020-02-20 - Croatia's largest petrol station chain impacted by cyber-attack
2020-02-20 - ObliqueRAT- New RAT hits victims' endpoints via malicious documents
2020-02-20 - UK condemns Russia's GRU over Georgia cyber-attacks
2020-02-20 - 日本国内の組織を狙ったマルウエアLODEINFO
2020-02-21 - Exploring the Genesis Supply Chain for Fun and Profit- Part 1 – Misadventures in GUIDology
2020-02-21 - Transparent Tribe- Four Years Later
2020-02-22 - Nexus - Just another stealer
2020-02-22 - Weaponizing a Lazarus Group Implant- repurposing a 1st-stage loader, to execute custom 'fileless' payloads
2020-02-24 - Closing in on MageCart 12
2020-02-24 - MMD-0066-2020 - Linux-Mirai-Fbot - A re-emerged IoT threat
2020-02-25 - BlackKingdom Ransomware
2020-02-25 - DPRK Hidden Cobra Update- North Korean Malicious Cyber Activity
2020-02-25 - DoppelPaymer Ransomware Launches Site to Post Victim's Data
2020-02-25 - Mobile malware evolution 2019
2020-02-26 - (Ab)using bash-fu to analyze recent Aggah sample
2020-02-26 - Business as Usual For Iranian Operations Despite Increased Tensions
2020-02-26 - Lazarus group's Brambul worm of the former Wannacry - 1
2020-02-26 - Lazarus group's Brambul worm of the former Wannacry - 2
2020-02-26 - Revealing the Trick - A Deep Dive into TrickLoader Obfuscation
2020-02-26 - Sodinokibi Ransomware May Tip NASDAQ on Attacks to Hurt Stock Prices
2020-02-26 - What’s Dead May Never Die- AZORult Infostealer Decommissioned Again
2020-02-27 - Let’s Learn- Inside Parallax RAT Malware- Process Hollowing Injection & Process Doppelgänging API Mix- Part I
2020-02-27 - Malware “LODEINFO” Targeting Japan
2020-02-27 - Roaming Mantis, part V- Distributed in 2019 using SMiShing and enhanced anti-researcher techniques
2020-02-28 - Golang wrapper on an old obscene malware
2020-02-28 - Mysterious spam campaign- A security analysis
2020-02-28 - Trickbot Delivery Method Gets a New Upgrade Focusing on Windows 10
2020-02-29 - Meet the white-hat group fighting Emotet, the world's most dangerous malware
2020-02-29 - Sodinokibi Ransomware gang threatens to disclose data from Kenneth Cole fashion firm
2020-03-01 - BackDoor.Spyder.1
2020-03-01 - CryptoDarkRubix Ransomware
2020-03-02 - Karkoff 2020- a new APT34 espionage operation involves Lebanon Government
2020-03-02 - New PwndLocker Ransomware Targeting U.S. Cities, Enterprises
2020-03-02 - Pažnja- Novi opasni ransomware pwndLocker i u Srbiji!
2020-03-02 - Pulling the PKPLUG- the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary
2020-03-02 - Visser, a parts manufacturer for Tesla and SpaceX, confirms data breach
2020-03-02 - Was Emotet anrichtet – und welche Lehren die Opfer daraus ziehen
2020-03-03 - GitHub Repository- winnti-sniff
2020-03-03 - Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations
2020-03-03 - Ransomware Attackers Use Your Cloud Backups Against You
2020-03-04 - Breaking TA505’s Crypter with an SMT Solver
2020-03-04 - Cobalt Strike joins Core Impact at HelpSystems, LLC
2020-03-04 - Ryuk Ransomware Attacked Epiq Global Via TrickBot Infection
2020-03-05 - Bisonal- 10 years of play
2020-03-05 - Defense contractor CPI knocked offline by ransomware attack
2020-03-05 - ELF_TSCookie - Linux Malware Used by BlackTech
2020-03-05 - GuLoader- A Popular New VB6 Downloader that Abuses Cloud Services
2020-03-05 - Guildma- The Devil drives electric
2020-03-05 - Human-operated ransomware attacks- A preventable disaster
2020-03-05 - Mokes and Buerak distributed under the guise of security certificates
2020-03-05 - [RE011] Unpack crypter của malware Netwire bằng x64dbg
2020-03-05 - 신천지 비상연락처 위장한 Bisonal 악성코드 유포 중
2020-03-06 - Dissecting Emotet - Part 2
2020-03-06 - Emotet Wi-Fi Spreader Upgraded
2020-03-07 - JavaLocker Ransomware
2020-03-07 - Ransomware Threatens to Reveal Company's 'Dirty' Secrets
2020-03-09 - New Variant of TrickBot Being Spread by Word Document
2020-03-09 - Tracking ‘Kimsuky’, the North Korea-based cyber espionage group- Part 1
2020-03-09 - Tracking ‘Kimsuky’, the North Korea-based cyber espionage group- Part 2
2020-03-09 - py.unidentified_002
2020-03-09 - py.unidentified_003
2020-03-10 - APT40 goes from Template Injections to OLE-Linkings for payload delivery
2020-03-10 - IQY files and Paradise Ransomware
2020-03-10 - Kimsuky group- tracking the king of the spear phishing
2020-03-10 - New action to disrupt world’s largest online criminal network
2020-03-10 - [RE012] Phân tích mã độc lợi dụng dịch Covid-19 để phát tán giả mạo “Chỉ thị của thủ tướng Nguyễn Xuân Phúc” - Phần 1
2020-03-11 - Attribution is in the object- using RTF object dimensions to track APT phishing weaponizers
2020-03-11 - CoronaVirus Ransomware
2020-03-11 - RHOMBUS an ELF bot installer-dropper
2020-03-12 - Adamantium-Thief
2020-03-12 - How cybercriminals are taking advantage of COVID-19- Scams, fraud, and misinformation
2020-03-12 - Targeted Surveillance Attacks in Uzbekistan- An Old Threat with New Techniques
2020-03-12 - Teslarvng Ransomware Yakuza Ransomware
2020-03-12 - Tracking Turla- New backdoor delivered via Armenian watering holes
2020-03-12 - Vicious Panda- The COVID Campaign
2020-03-13 - Yet Another Active Email Campaign With Malicious Excel Files Identified
2020-03-14 - Nefilim Ransomware
2020-03-14 - RekenSom Ransomware
2020-03-15 - Dad! There’s A Rat In Here!
2020-03-15 - Has The Sun Set On The Necurs Botnet-
2020-03-16 - New RedLine Stealer Distributed Using Coronavirus-themed Email Campaign
2020-03-16 - Shadows in the Rain
2020-03-16 - TA505 and Others Launch New Coronavirus Campaigns; Now the Largest Collection of Attack Types in Years
2020-03-16 - They Come in the Night- Ransomware Deployment Trends
2020-03-17 - New Nefilim Ransomware Threatens to Release Victims' Data
2020-03-17 - ProLock Ransomware
2020-03-18 - Coronavirus Threat Landscape Update
2020-03-18 - Parallax- The new RAT on the block
2020-03-18 - Rapport Menaces et Incidents du CERT-FR- Attaques par le rançongiciel Mespinoza-Pysa
2020-03-18 - Sekhmet Ransomware
2020-03-18 - Why would you even bother-! - JavaLocker
2020-03-19 - France warns of new ransomware gang targeting local governments
2020-03-19 - Is APT 27 Abusing COVID-19 To Attack People -!
2020-03-19 - New Android App Offers Coronavirus Safety Mask But Delivers SMS Trojan
2020-03-19 - Phân tích mã độc lợi dụng dịch Covid-19 để phát tán giả mạo “Chỉ thị của thủ tướng Nguyễn Xuân Phúc” - Phần 2
2020-03-19 - RedLine Info-Stealing Malware Spread by [email protected] Phishing
2020-03-19 - Stantinko’s new cryptominer features unique obfuscation techniques
2020-03-20 - 5 Times More Coronavirus-themed Malware Reports during March
2020-03-20 - Analysis Of Exploitation- CVE-2020-10189 ( exploited by APT41)
2020-03-20 - Jamba Superdeal- Helo Sir, you want to buy mask- - Corona Safety Mask SMS Scam
2020-03-20 - New version of chinoxy backdoor using COVID19 alerts document lure
2020-03-20 - The Case for Limiting Your Browser Extensions
2020-03-21 - Netwalker Ransomware Infecting Users via Coronavirus Phishing
2020-03-21 - On the Royal Road
2020-03-22 - Mustang Panda joins the COVID-19 bandwagon
2020-03-23 - Exclusive- Elite hackers target WHO as coronavirus cyberattacks spike
2020-03-23 - Fake “Corona Antivirus” distributes BlackNET remote administration tool
2020-03-23 - Fin7 APT- how billion dollar crime ring remains active after leaders’ arrest
2020-03-23 - Icnanker, a Linux Trojan-Downloader Protected by SHC
2020-03-23 - KPOT Deployed via AutoIt Script
2020-03-23 - Latest Astaroth living-off-the-land attacks are even more invisible but not less observable
2020-03-23 - Nefilim Ransomware Threatens to Expose Stolen Data
2020-03-23 - Snake Ransomware Analysis Updates
2020-03-24 - A new technique to analyze FormBook malware infections
2020-03-24 - Exchange Exploit Case Study – CVE-2020-0688
2020-03-24 - KEKW Ransomware KEKW-Locker Ransomware
2020-03-24 - Operation Poisoned News- Hong Kong Users Targeted With Mobile Malware via Local News Links
2020-03-24 - People infected with coronavirus are all around you, says Ginp Trojan
2020-03-24 - Three More Ransomware Families Create Sites to Leak Stolen Data
2020-03-24 - WildPressure targets industrial-related entities in the Middle East
2020-03-25 - How the Iranian Cyber Security Agency Detects Emissary Panda Malware
2020-03-25 - New Router DNS Hijacking Attacks Abuse Bitbucket to Host Infostealer
2020-03-25 - This Is Not a Test- APT41 Initiates Global Intrusion Campaign Using Multiple Exploits
2020-03-25 - Unpacking the Kwampirs RAT
2020-03-26 - Android Apps and Malware Capitalize on Coronavirus
2020-03-26 - Azorult loader stages
2020-03-26 - Cyber insurer Chubb had data stolen in Maze ransomware attack
2020-03-26 - Discover Malware Android
2020-03-26 - Ransomware Maze
2020-03-26 - TA505's Box of Chocolate - On Hidden Gems packed with the TA505 Packer
2020-03-26 - Would You Exchange Your Security for a Gift Card-
2020-03-26 - iOS exploit chain deploys LightSpy feature-rich malware
2020-03-27 - Booz Allen analyzed 200+ Russian hacking operations to better understand their tactics
2020-03-27 - The First Stage of ShadowHammer
2020-03-28 - In-depth analysis of a Cerberus trojan variant
2020-03-30 - A New Look at Old Dragonfly Malware (Goodor)
2020-03-30 - An old enemy – Diving into QBot part 1
2020-03-30 - Banking Malware Spreading via COVID-19 Relief Payment Phishing
2020-03-30 - Fantastic payloads and where we find them
2020-03-30 - The 'Spy Cloud' Operation Geumseong121 group carries out the APT attack disguising the evidence of North Korean defection
2020-03-30 - Zeus Sphinx Trojan Awakens Amidst Coronavirus Spam Frenzy
2020-03-31 - An In-depth Look at MailTo Ransomware, Part One of Three
2020-03-31 - FBI re-sends alert about supply chain attacks for the third time in three months
2020-03-31 - Holy water- ongoing targeted water-holing attack in Asia
2020-03-31 - Infected Zoom Apps for Android Target Work-From-Home Users
2020-03-31 - It’s Your Money and They Want It Now - The Cycle of Adversary Pursuit
2020-03-31 - LokiBot- Getting Equation Editor Shellcode
2020-03-31 - Storm Cloud Unleashed- Tibetan Focus of Highly Targeted Fake Flash Campaign
2020-03-31 - Trickbot- A primer
2020-03-31 - Viasat Hit with Russia’s Wiper Malware called ‘AcidRain,’ Affecting European Services
2020-03-31 - WannaRen Ransomware
2020-04-01 - Jeno Ransomware
2020-04-01 - Navigating Cybersecurity During a Pandemic- Latest Malware and Threat Actors
2020-04-01 - REvil Ransomware-as-a-Service An analysis of a ransomware affiliate operation
2020-04-01 - THE VOLLGAR CAMPAIGN- MS-SQL SERVERS UNDER ATTACK
2020-04-02 - AZORult brings friends to the party
2020-04-02 - Catching APT41 exploiting a zero-day vulnerability
2020-04-02 - CoViper locking down computers during lockdown
2020-04-02 - GuLoader- The RAT Downloader
2020-04-02 - Nemty Ransomware – Learning by Doing
2020-04-02 - Pekraut - German RAT starts gnawing
2020-04-03 - GuLoader- Malspam Campaign Installing NetWire RAT
2020-04-03 - Kinsing Malware Attacks Targeting Container Environments
2020-04-03 - Microsoft- Emotet Took Down a Network by Overheating All Computers
2020-04-04 - Nanocore & CypherIT
2020-04-05 - Trojan Agent Tesla – Malware Analysis
2020-04-06 - McAfee Insights- Vicious Panda- The COVID Campaign
2020-04-07 - 2020-04-06 Qealler RAT Malspam
2020-04-07 - Decade of the RATS- Cross-Platform APT Espionage Attacks Targeting Linux, Windows and Android
2020-04-07 - ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework
2020-04-07 - Thinking Outside the Bochs- Code Grafting to Unpack Malware in Emulation
2020-04-07 - Unkillable xHelper and a Trojan matryoshka
2020-04-08 - An In-depth Look at MailTo Ransomware, Part Two of Three
2020-04-08 - DDG botnet, round X, is there an ending-
2020-04-08 - Deep Dive Into TrickBot Executor Module “mexec”- Hidden “Anchor” Bot Nexus Operations
2020-04-08 - Donot team organization (APT-C-35) mobile terminal attack activity analysis
2020-04-08 - How Cyber Adversaries are Adapting to Exploit the Global Pandemic
2020-04-08 - Ransomware NetWalker- análisis y medidas preventivas
2020-04-09 - Malware analysis (Emergency inquiry for Coronavirus response in Jeollanam-do.hwp)
2020-04-09 - SDBbot Unpacker
2020-04-09 - Travelex paid hackers $2.3 million worth of Bitcoin after ransomware attack
2020-04-09 - TrickBot Emerges with a Few New Tricks
2020-04-10 - An In-depth Look at MailTo Ransomware, Part Three of Three
2020-04-10 - Threat Actors Migrating to the Cloud
2020-04-10 - Void Ransomware
2020-04-11 - Sodinokibi Ransomware to stop taking Bitcoin to hide money trail
2020-04-12 - Dynamic analysis technique to get decrypted KPOT Malware
2020-04-13 - APT41 Using New Speculoos Backdoor to Target Organizations Globally
2020-04-13 - GuLoader delivers RATs and Spies in Disguise
2020-04-13 - How Analysing an AgentTesla Could Lead To Attackers Inbox - Part I
2020-04-13 - New Mozi Malware Family Quietly Amasses IoT Bots
2020-04-13 - The Blame Game - About False Flags and overwritten MBRs
2020-04-13 - Threat Spotlight- Gootkit Banking Trojan
2020-04-14 - Deobfuscating and hunting for OSTAP, Trickbot’s dropper and best friend
2020-04-14 - Emotet JavaScript downloader
2020-04-14 - Malicious Attackers Target Government and Medical Organizations With COVID-19 Themed Phishing Campaigns
2020-04-14 - RagnarLocker ransomware hits EDP energy giant, asks for €10M
2020-04-14 - TA505 Continues to Infect Networks With SDBbot RAT
2020-04-14 - Understanding the relationship between Emotet Ryuk and TrickBot
2020-04-15 - Hackers are again attacking Portuguese banking organizations via Android Trojan-Banker
2020-04-15 - How Analysing an AgentTesla Could Lead To Attackers Inbox - Part II
2020-04-15 - Multistage FreeDom loader used in Aggah Campaign to spread Nanocore and AZORult
2020-04-15 - Nation-state Mobile Malware Targets Syrians with COVID-19 Lures
2020-04-15 - 中國駭客 HUAPI 的惡意後門程式 BiFrost 分析
2020-04-16 - New AgentTesla variant steals WiFi credentials
2020-04-16 - PoetRAT- Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors
2020-04-16 - Taiwan High-Tech Ecosystem Targeted by Foreign APT Group- Digital Skeleton Key Bypasses Security Measures
2020-04-18 - IT services giant Cognizant suffers Maze Ransomware cyber attack
2020-04-19 - Reversing Ryuk- A Technical Analysis of Ryuk Ransomware
2020-04-19 - Sadogo Ransomware
2020-04-20 - WINNTI GROUP- Insights From the Past
2020-04-21 - Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant
2020-04-22 - Gomorrah stealer (.NET binary)
2020-04-22 - Nazar- A Lost Amulet
2020-04-22 - Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage
2020-04-23 - A look at the ATM-PoS malware landscape from 2017-2019
2020-04-23 - ESET researchers disrupt cryptomining botnet VictoryGate
2020-04-23 - Quick look at Nazar backdoor - Capabilities
2020-04-23 - Threat Actors Repurpose Hupigon in Adult Dating Attacks Targeting US Universities
2020-04-23 - Threat Spotlight- MedusaLocker
2020-04-24 - Inside -Phobos- Ransomware- -Dharma- Past & Underground
2020-04-24 - LockBit ransomware IoCs
2020-04-24 - LockBit ransomware borrows tricks to keep up with REvil and Maze
2020-04-24 - TrickBot -BazarBackdoor- Process Hollowing Injection Primer
2020-04-24 - Ursnif via LOLbins
2020-04-26 - 35 mil computadores foram infectados na América Latina por malware que minerava Monero
2020-04-26 - The DGA of Zloader
2020-04-26 - goCryptoLocker
2020-04-26 - use Ghidra to Decrypt Strings of KPOTstealer Malware
2020-04-27 - Group Behind TrickBot Spreads Fileless BazarBackdoor
2020-04-27 - Master of RATs - How to create your own Tracker
2020-04-27 - Quick look at Nazar's backdoor - Network Communication
2020-04-27 - Shade (Troldesh) ransomware shuts down and releases decryption keys
2020-04-27 - The LeetHozer botnet
2020-04-28 - Grandoreiro- How engorged can an EXE get-
2020-04-28 - Hiding in plain sight- PhantomLance walks into a market
2020-04-28 - IcedID PhotoLoader evolution
2020-04-28 - Loki Info Stealer Propagates through LZH Files
2020-04-28 - Outlaw is Back, a New Crypto-Botnet Targets European Organizations
2020-04-28 - Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk
2020-04-29 - Compromised Wordpress sites used to distribute Adwind RAT
2020-04-29 - Gazorp - Thieving from thieves
2020-04-29 - More IOCs related to PhantomLance
2020-04-30 - Anomali Suspects that China-Backed APT Pirate Panda May Be Seeking Access to Vietnam Government Data Center
2020-04-30 - EVENTBOT- A NEW MOBILE BANKING TROJAN IS BORN
2020-04-30 - Lazarus APT organization uses information such as recruitment of a Western aviation giant to analyze targeted attack incidents in specific countries
2020-05-01 - The Many Paths Through Maze
2020-05-02 - Shade - Troldesh Ransomware decryption tool
2020-05-04 - ATM malware targets Wincor and Diebold ATMs
2020-05-04 - Android SLocker Variant Uses Coronavirus Scare to Take Android Hostage
2020-05-04 - Changes in REvil ransomware version 2.2
2020-05-04 - Escape from the Maze
2020-05-04 - Kaiji- New Chinese Linux malware turning to Golang
2020-05-04 - Meet NEMTY Successor, Nefilim-Nephilim Ransomware
2020-05-05 - An old enemy – Diving into QBot part 3
2020-05-05 - Awaiting the Inevitable Return of Emotet
2020-05-05 - Bärenjagd
2020-05-05 - Deep Analysis of Ryuk Ransomware
2020-05-05 - GuLoader AntiVM Techniques
2020-05-05 - Kaiji – a new strain of IoT malware seizing control and launching DDoS attacks
2020-05-05 - Kupidon Ransomware
2020-05-05 - Nazar- Spirits of the Past
2020-05-05 - Operation Flash Cobra
2020-05-05 - The Dacls RAT ...now on macOS! deconstructing the mac variant of a lazarus group implant
2020-05-05 - Tinker Telco Soldier Spy
2020-05-05 - Who Is Dmitry Badin, The GRU Hacker Indicted By Germany Over The Bundestag Hacks-
2020-05-06 - 039- Deconstructing the Dukes- A Researcher’s Retrospective of APT29
2020-05-06 - Brazilian trojan banker is targeting Portuguese users using browser overlay
2020-05-06 - Europe’s Largest Private Hospital Operator Fresenius Hit by Ransomware
2020-05-06 - New Cyber Operation Targets Italy- Digging Into the Netwire Attack Chain
2020-05-06 - New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app
2020-05-06 - Shadows with a chance of BlackNix
2020-05-07 - Detecting COR_PROFILER manipulation for persistence
2020-05-07 - GoGoogle Decryption Tool
2020-05-07 - Introducing Blue Mockingbird
2020-05-07 - Naikon APT- Cyber Espionage Reloaded
2020-05-07 - Navigating the MAZE- Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents
2020-05-07 - Ruhr-Universität Bochum meldet Computerangriff
2020-05-07 - Sodinokibi - REvil ransomware
2020-05-07 - The North Korean AV Anthology- a unique look on DPRK’s Anti-Virus market
2020-05-07 - Ursnif beacon decryptor
2020-05-07 - We Chat, They Watch- How International Users Unwittingly Build up WeChat’s Chinese Censorship Apparatus
2020-05-08 - Inception
2020-05-08 - Naikon’s Aria
2020-05-09 - ClodCore- A malware family that delivers mining modules through cloud control
2020-05-09 - Turkey targeted by Cerberus and Anubis Android banking Trojan campaigns
2020-05-10 - The Duties Beyond Assisting the Public- Darknet Threats Against Canadian Health & Support Organizations
2020-05-11 - Astaroth - Maze of obfuscation and evasion reveals dark stealer
2020-05-11 - New MacOS Dacls RAT Backdoor Show Lazarus’ Multi-Platform Attack Capability
2020-05-11 - New MacOS Dacls RAT Backdoor Shows Lazarus’ Multi-Platform Attack Capability
2020-05-11 - ProLock malware analysis
2020-05-11 - Ransomware Hit ATM Giant Diebold Nixdorf
2020-05-11 - Targeted Attacks on Indian Government and Financial Institutions Using the JsOutProx RAT
2020-05-11 - The Anatomy of an APT Attack and CobaltStrike Beacon’s Encoded Configuration
2020-05-11 - Trojan Lampion is back after 3 months
2020-05-11 - Updated BackConfig Malware Targeting Government and Military Organizations in South Asia
2020-05-11 - Zeus Sphinx Back in Business- Some Core Modifications Arise
2020-05-12 - Analyzing Dark Crystal RAT, a C# backdoor
2020-05-12 - Evading Detection with Excel 4.0 Macros and the BIFF8 XLS Format
2020-05-12 - Java RAT Campaign Targets Co-Operative Banks in India
2020-05-12 - MAR-10288834-1.v1 – North Korean Remote Access Tool- COPPERHEDGE
2020-05-12 - MAR-10288834-2.v1 – North Korean Trojan- TAINTEDSCRIBE
2020-05-12 - MAR-10288834-3.v1 – North Korean Trojan- PEBBLEDASH
2020-05-12 - Maze ransomware- extorting victims for 1 year and counting
2020-05-12 - Tropic Trooper’s Back- USBferry Attack Targets Air-gapped Environments
2020-05-13 - Access-as-a-Service – Remote Access Markets in the Cybercrime Underground
2020-05-13 - Global Ransomware and Cyberattacks on Healthcare Spike during Pandemic
2020-05-13 - Malware Analysis Spotlight- Rhino Ransomware
2020-05-13 - Ramsay- A cyber‑espionage toolkit tailored for air‑gapped networks
2020-05-14 - APT Group Planted Backdoors Targeting High Profile Networks in Central Asia
2020-05-14 - ATT&CKing ProLock Ransomware
2020-05-14 - COMpfun authors spoof visa application with HTTP status-based Trojan
2020-05-14 - Deep Dive Into TrickBot Executor Module “mexec”- Reversing the Dropper Variant
2020-05-14 - LOLSnif – Tracking Another Ursnif-Based Targeted Campaign
2020-05-14 - Mikroceen- Spying backdoor leveraged in high‑profile networks in Central Asia
2020-05-14 - Mirai and Hoaxcalls Botnets Target Legacy Symantec Web Gateways
2020-05-14 - Netwalker Ransomware- [API Call Obfuscation (using Structure) and Evading Memory Forensic]
2020-05-14 - QNodeService- Node.js Trojan Spread via Covid-19 Lure
2020-05-14 - RATicate- an attacker’s waves of information-stealing malware
2020-05-14 - The energy reserves in the Eastern Mediterranean Sea and a malicious campaign of APT10 against Turkey
2020-05-14 - Vendetta - new threat actor from Europe
2020-05-15 - A Guide to macOS Threat Hunting and Incident Response
2020-05-15 - DBatLoader
2020-05-15 - In depth analysis of Lazarus validator
2020-05-16 - High Performance Hackers
2020-05-17 - CrowdStrike Falcon Detects Kernel Attacks Exploiting Vulnerable Dell Driver (CVE-2021-21551)
2020-05-18 - DarkSide Goes Dark- How CrowdStrike Falcon Customers Were Protected
2020-05-18 - Eleethub- A Cryptocurrency Mining Botnet with Rootkit for Self-Hiding
2020-05-18 - FBI- ProLock ransomware gains access to victim networks via Qakbot infections
2020-05-18 - Looking Back at LiteDuke
2020-05-18 - Microcin Decryptor
2020-05-18 - Netwalker Fileless Ransomware Injected via Reflective Loading
2020-05-18 - Ransomware Gang Arrested for Spreading Locky to Hospitals
2020-05-19 - Information Stealer Campaign Targeting German HR Contacts
2020-05-19 - NetWalker Ransomware Group Enters Advanced Targeting “Game”
2020-05-19 - Netwalker Ransomware - From Static Reverse Engineering to Automatic Extraction
2020-05-19 - Sophisticated Espionage Group Turns Attention to Telecom Providers in South Asia
2020-05-19 - The wolf is back...
2020-05-19 - TrickBot BazarLoader In-Depth
2020-05-20 - GhostDNS Source Code Leaked
2020-05-20 - Operation TA505- how we analyzed new tools from the creators of the Dridex trojan, Locky ransomware, and Neutrino botnet
2020-05-20 - The Gocgle Malicious Campaign
2020-05-20 - Unloading the GuLoader
2020-05-20 - What happened between the BigBadWolf and the Tiger-
2020-05-20 - Why On-Device Detection Matters- New Ramsay Trojan Targets Air-Gapped Networks
2020-05-20 - ZLoader Loads Again- New ZLoader Variant Returns
2020-05-21 - A brief history of TA505
2020-05-21 - Asnarök attackers twice modified attack midstream
2020-05-21 - Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers
2020-05-21 - Blox Tales #6- Subpoena-Themed Phishing With CAPTCHA Redirect
2020-05-21 - Navigating MAZE- Analysis of a Rising Ransomware Threat
2020-05-21 - No “Game over” for the Winnti Group
2020-05-21 - Ragnar Locker ransomware deploys virtual machine to dodge security
2020-05-21 - T1055 Process Injection
2020-05-21 - The Evolution of APT15’s Codebase 2020
2020-05-22 - Analysis of Ramsay components of Darkhotel's infiltration and isolation network
2020-05-22 - Cyber-Criminal espionage Operation insists on Italian Manufacturing
2020-05-22 - Insidious Android malware gives up all malicious features but one to gain stealth
2020-05-22 - Operation TA505- investigating the ServHelper backdoor with NetSupport RAT. Part 2.
2020-05-22 - ThreatConnect Research Roundup- Possible APT33 Infrastructure
2020-05-23 - AgentTesla Delivered via a Malicious PowerPoint Add-In
2020-05-24 - Examining Smokeloader’s Anti Hooking technique
2020-05-24 - Operation TA505- network infrastructure. Part 3.
2020-05-24 - Reverse Engineering the Mustang Panda PlugX Loader
2020-05-24 - Using AI to Detect Malicious C2 Traffic
2020-05-24 - Zloader String Obfuscation
2020-05-25 - Hangul malware distributed in real estate investment related emails (using EPS)
2020-05-26 - A former DarkSide listing shows up on REvil’s leak site
2020-05-26 - ACIDBOX Clustering
2020-05-26 - Alert (AA21-116A)- Russian Foreign Intelligence Service (SVR) Cyber Operations- Trends and Best Practices for Network Defenders
2020-05-26 - Falcon Complete Disrupts Malvertising Campaign Targeting AnyDesk
2020-05-26 - From Agent.BTZ to ComRAT v4- A ten‑year journey
2020-05-26 - Know Your Enemy- Exploiting the Dell BIOS Driver Vulnerability to Defend Against It
2020-05-26 - New [F]Unicorn ransomware hits Italy via fake COVID-19 infection map
2020-05-26 - The EU’s Response to SolarWinds
2020-05-26 - The updated Grandoreiro Malware equipped with latenbot-C2 features in Q2 2020 now extended to Portuguese banks
2020-05-26 - Weaponized Disk Image Files- Analysis, Trends and Remediation
2020-05-27 - Detecting Rclone – An Effective Tool for Exfiltration
2020-05-27 - Netwalker ransomware tools give insight into threat actor
2020-05-28 - Analysis of recent rattlesnake APT attacks against surrounding countries and regions
2020-05-28 - Berlin seeks sanctions against Russian hackers over Bundestag cyberattack
2020-05-28 - CSA Sandworm Actors Exploiting Vulnerability in Exim Transfer Agent
2020-05-28 - DarkSide Pipeline Attack Shakes Up the Ransomware-as-a-Service Landscape
2020-05-28 - German intelligence agencies warn of Russian hacking threats to critical infrastructure
2020-05-28 - Goodbye Mworm, Hello Nworm- TrickBot Updates Propagation Module
2020-05-28 - Israeli official confirms attempted cyberattack on water systems
2020-05-28 - Michigan State University network breached in ransomware attack
2020-05-28 - Microsoft IIS servers hacked by Blue Mockingbird to mine Monero
2020-05-28 - NSA- Russia's Sandworm Hackers Have Hijacked Mail Servers
2020-05-28 - Russische Bären unter Hackerverdacht
2020-05-28 - Self-described “king of fraud” is convicted for role in Methbot scam
2020-05-28 - Silos of Excellence
2020-05-28 - Suspected Naikon DGA Domains
2020-05-28 - SysInTURLA
2020-05-28 - The Masked SYNger- Investigating a Traffic Phenomenon
2020-05-28 - The Octopus Scanner Malware- Attacking the open source supply chain
2020-05-28 - The zero-day exploits of Operation WizardOpium
2020-05-28 - Valak- More than Meets the Eye
2020-05-29 - Phishers Cast a Wider Net in the African Banking Sector
2020-05-29 - Secret Chats Show How Cybergang Became a Ransomware Powerhouse
2020-05-29 - ShellReset RAT Spread Through Macro-Based Documents Using AppLocker Bypass
2020-05-30 - Exposing the UAE’s Underground Digital Dangers- The Attack Surface of One of the Most Digitally Advanced Countries in the Arab World
2020-05-31 - Guildma is now using Finger and Signed Binary Proxy Execution to evade defenses
2020-05-31 - Hacker Lexicon- What Is a Supply Chain Attack-
2020-05-31 - IT threat evolution Q1 2021
2020-05-31 - Ransomware Avaddon- principales características
2020-05-31 - Revisiting the NSIS-based crypter
2020-05-31 - Russian hacker Pavel Sitnikov arrested for sharing malware source code
2020-05-31 - String Obfuscation in the Hamweq IRC-bot
2020-05-31 - WastedLoader or DridexLoader-
2020-06-01 - In-depth analysis of a trojan banker impacting Portugal and Brazil
2020-06-02 - Evolution of Excel 4.0 Macro Weaponization
2020-06-02 - Hunting Malicious Macros
2020-06-02 - In-depth analysis of the new Team9 malware family
2020-06-02 - Mustang Panda Recent Activity- Dll-Sideloading trojans with temporal C2 servers
2020-06-02 - PebbleDash - Lazarus - HiddenCobra RAT
2020-06-02 - REvil ransomware gang launches auction site to sell stolen data
2020-06-02 - Ursnif-Gozi Delivery - Excel Macro 4.0 Utilization Uptick & OCR Bypass
2020-06-03 - Cycldek- Bridging the (air) gap
2020-06-03 - New LNK attack tied to Higaisa APT discovered
2020-06-03 - Ransomware gang says it breached one of NASA's IT contractors
2020-06-03 - The WizardOpium LPE- Exploiting CVE-2019-1458
2020-06-03 - Threat Assessment- Hangover Threat Group
2020-06-04 - COVID-19 and New Year greetings- an investigation into the tools and methods used by the Higaisa group
2020-06-04 - Nuclear missile contractor hacked in Maze ransomware attack
2020-06-04 - Threat Spotlight- Tycoon Ransomware Targets Education and Software Sectors
2020-06-05 - Anatomy of a Well-Crafted UPS, FedEx, and DHL Phishing Email During COVID-19
2020-06-05 - Avaddon- From seeking affiliates to in-the-wild in 2 days
2020-06-05 - Evasion Tactics in Hybrid Credit Card Skimmers
2020-06-05 - New Campaign Abusing StackBlitz Tool to Host Phishing Pages
2020-06-05 - New Tekya Ad Fraud Found on Google Play
2020-06-05 - Retread Ransomware- Identifying Satana to Understand -CoronaVirus-
2020-06-05 - The Gh0st Remains the Same
2020-06-07 - Dealing with Obfuscated Macros Statically - NanoCore
2020-06-08 - A Guide to macOS Threat Hunting and Incident Response
2020-06-08 - Analysis of Valak Maldoc
2020-06-08 - Dark Nexus- the old, the new and the ugly
2020-06-08 - German Task Force for COVID-19 Medical Equipment Targeted in Ongoing Phishing Campaign
2020-06-08 - GuLoader- No, CloudEyE.
2020-06-08 - Honda investigates possible ransomware attack, networks impacted
2020-06-08 - New Avaddon Ransomware launches in massive smiley spam campaign
2020-06-08 - TA410- The Group Behind LookBack Attacks Against U.S. Utilities Sector Returns with New Malware
2020-06-08 - The A1 Telekom Austria Hack
2020-06-08 - eCh0raix Ransomware
2020-06-09 - CobaltStrikeParser
2020-06-09 - Dark Basin Indicators of Compromise
2020-06-09 - Dark Basin Uncovering a Massive Hack-For-Hire Operation
2020-06-09 - Honda and Enel impacted by cyber attack suspected to be ransomware
2020-06-09 - Kingminer escalates attack complexity for cryptomining
2020-06-09 - Looking at Big Threats Using Code Similarity. Part 1
2020-06-09 - Misconfigured Amazon S3 Buckets Continue to be a Launchpad for Malicious Code
2020-06-09 - RagnarLocker Ransomware Threatens to Release Confidential Information
2020-06-09 - Recent FK_Undead rootkit samples found in the wild
2020-06-09 - Valak Malware and the Connection to Gozi Loader ConfCrew
2020-06-09 - Web shell threat hunting with Azure Sentinel and Microsoft Threat Protection
2020-06-10 - FRat Reporting, YARA, and IoCs
2020-06-10 - FlowCloud Version 4.1.3 Malware Analysis
2020-06-10 - Harmful Logging - Diving into MassLogger
2020-06-10 - MassLogger - Frankenstein's Creation
2020-06-10 - Misconfigured Kubeflow workloads are a security risk
2020-06-10 - Unpacking Smokeloader and Reconstructing PE Programatically using LIEF
2020-06-11 - #ThreatThursday - Buhtrap
2020-06-11 - API Hashing in the Zloader malware
2020-06-11 - All You Need Is Text- Second Wave
2020-06-11 - Gamaredon group grows its game
2020-06-11 - New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa
2020-06-11 - Phishing Attacks from Earth Empusa Reveal ActionSpy
2020-06-11 - Qbot Banking Trojan Still Up to Its Old Tricks
2020-06-11 - SNOWSTORM- Hacker-for-hire and physical surveillance targeted financial analyst
2020-06-11 - The Return of the Higaisa APT
2020-06-11 - Tor2Mine is up to their old tricks — and adds a few new ones
2020-06-11 - マルウエアLODEINFOの進化 (Evolution of Malware LODEINFO)
2020-06-12 - Probable Sandworm Infrastructure
2020-06-12 - Trickbot Malspam Leveraging Black Lives Matter as Lure
2020-06-12 - What is the Gibberish Hack-
2020-06-13 - Black Kingdom ransomware (TTPs & IOC)
2020-06-13 - Black Kingdom ransomware hacks networks with Pulse VPN flaws
2020-06-13 - TroyStealer – A new info stealer targeting Portuguese Internet users
2020-06-14 - CTI is Better Served with Context- Getting better value from IOCs
2020-06-14 - Deep-dive- The DarkHotel APT
2020-06-15 - Global Malicious Spam Campaign Using Black Lives Matter as a Lure
2020-06-15 - India- Human Rights Defenders Targeted by a Coordinated Spyware Operation
2020-06-15 - Magecart strikes amid Corona lockdown
2020-06-15 - Quarterly report- Incident Response trends in Summer 2020
2020-06-15 - Striking Back at Retired Cobalt Strike- A look at a legacy vulnerability
2020-06-15 - Web skimmers found on the websites of Intersport, Claire's, and Icing
2020-06-16 - Chipmaker MaxLinear reports data breach after Maze Ransomware attack
2020-06-16 - Cloud Threat Landscape Report 2020,pdf
2020-06-16 - Cobalt- tactics and tools update
2020-06-16 - CrystalBit - Apple Double DLL Hijack -- From fraudulent software bundle downloads to an evasive miner raging campaign
2020-06-16 - ELF Malware Analysis 101- Linux Threats No Longer an Afterthought
2020-06-16 - Exploiting a crisis- How cybercriminals behaved during the outbreak
2020-06-16 - New Java STRRAT ships with .crimson ransomware module
2020-06-16 - QakBot malspam leading to ProLock- Nothing personal just business
2020-06-16 - TA505 returns with a new bag of tricks
2020-06-16 - The Little Ransomware That Couldn’t (Dharma)
2020-06-17 - A Click from the Backyard - Analysis of CVE-2020-9332, a Vulnerable USB Redirection Software
2020-06-17 - ATT&CK® Deep Dive- Process Injection
2020-06-17 - AcidBox- Rare Malware Repurposing Turla Group Exploit Targeted Russian Organizations
2020-06-17 - Detecting PoshC2 – Indicators of Compromise
2020-06-17 - Die erste Cyberwaffe und ihre Folgen
2020-06-17 - Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature
2020-06-17 - RansomEXX Ransomware
2020-06-17 - Targeted attacks on industrial companies using Snake ransomware
2020-06-17 - deICEr- A Go tool for extracting config from IcedID second stage Loaders
2020-06-18 - #ThreatThursday - APT33
2020-06-18 - Behind the scenes of the Emotet Infrastructure
2020-06-18 - COVID-19 and FMLA Campaigns used to install new IcedID banking malware
2020-06-18 - Digging up InvisiMole’s hidden arsenal
2020-06-18 - EKANS Ransomware Misconceptions and Misunderstandings
2020-06-18 - Ginp Malware Operations are on the Rise, Aiming to Expand in Turkey
2020-06-18 - Hiding In Plain Sight
2020-06-18 - Inside Microsoft Threat Protection- Mapping attack chains from cloud to endpoint (APT33-HOLMIUM)
2020-06-18 - Maze ransomware continues to be a threat to the consumers
2020-06-18 - Office 365 Phishing Campaign Exploits Samsung, Adobe and Oxford Servers
2020-06-19 - Copy-paste compromises
2020-06-19 - Dridex- the secret in a PostMessage()
2020-06-19 - Further Evasion in the Forgotten Corners of MS-XLS
2020-06-19 - Microcin is here With asynchronous sockets, steganography, GitLab ban and a sock
2020-06-19 - Microcin is here
2020-06-19 - Targeted Attack Leverages India-China Border Dispute to Lure Victims
2020-06-19 - The eagle eye is back- old and new backdoors from APT30
2020-06-19 - zloader- VBA, R1C1 References, and Other Tomfoolery
2020-06-21 - Deep Analysis of SmokeLoader
2020-06-21 - Investigating Threats in HP Sure Controller 4.2- TVRAT
2020-06-21 - Snatch Ransomware
2020-06-21 - UpnP – Messing up Security since years
2020-06-22 - Comparative analysis between Bindiff and Diaphora - Patched Smokeloader Study Case
2020-06-22 - Dynamic Correlation, ML and Hunting
2020-06-22 - FTcode targets European countries
2020-06-22 - Hakbit Ransomware Campaign Against Germany, Austria, Switzerland
2020-06-22 - Hijacking DLLs in Windows
2020-06-22 - Indiabulls Group hit by CLOP Ransomware, gets 24h leak deadline
2020-06-22 - IndigoDrop spreads via military-themed lures to deliver Cobalt Strike
2020-06-22 - Inside a TrickBot Cobalt Strike Attack Server
2020-06-22 - Pillowmint- FIN7’s Monkey Thief
2020-06-22 - Unpacking Visual Basic Packers – IcedID
2020-06-22 - VenomRAT - new, hackforums grade, reincarnation of QuassarRAT
2020-06-22 - Web skimming with Google Analytics
2020-06-22 - XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers
2020-06-22 - njRat Malware Analysis
2020-06-23 - Hidden Cobra - from a shed skin to the viper’s nest
2020-06-23 - New Mirai variant Aisuru detects Cowrie opensource honeypots
2020-06-23 - Oh, what a boot-iful mornin’ Rovnix bootkit back in business
2020-06-23 - Ryuk ransomware deployed two weeks after Trickbot infection
2020-06-23 - Sodinokibi- Ransomware Attackers also Scanning for PoS Software, Leveraging Cobalt Strike
2020-06-23 - WastedLocker- A New Ransomware Variant Developed By The Evil Corp Group
2020-06-24 - BRONZE VINEWOOD Targets Supply Chains
2020-06-24 - DropboxAES Remote Access Trojan
2020-06-24 - Glupteba - the malware that gets secret messages from the Bitcoin blockchain
2020-06-24 - Glupteba malware hides in plain sight
2020-06-24 - Hackers are still running coronavirus-related campaigns, CrowdStrike warns
2020-06-24 - Is upatre downloader coming back -
2020-06-24 - Lucifer- New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices
2020-06-24 - Magnitude exploit kit - evolution
2020-06-24 - New ransomware posing as COVID‑19 tracing app targets Canada; ESET offers decryptor
2020-06-24 - Obfuscated VBScript Drops Zloader, Ursnif, Qakbot, Dridex
2020-06-25 - A close look at the advanced techniques used in a Malaysian-focused APT campaign
2020-06-25 - DarkCrewBot – The Return of the Bot Shop Crew
2020-06-25 - Github Repository of PYBACK
2020-06-25 - GuLoader- Peering Into a Shellcode-based Downloader
2020-06-25 - The Golden Tax Department and the Emergence of GoldenSpy Malware
2020-06-25 - Unknown China-Based APT Targeting Myanmarese Entities
2020-06-25 - Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files
2020-06-25 - Zoom In- Emulating 'Exploit Purchase' in Simulated Targeted Attacks
2020-06-26 - Admin of carding portal behind $568M in losses pleads guilty
2020-06-26 - CryptoCore – Cryptocurrency Exchanges Under Attack
2020-06-26 - New Ransom X Ransomware used in Texas TxDOT cyberattack
2020-06-26 - Ransom .exx notes
2020-06-26 - Russian National (Aleksei Burkov, Cardplanet) Sentenced to Prison for Operating Websites Devoted to Fraud and Malicious Cyber Activities
2020-06-26 - Russian hacker group Evil Corp targets US workers at home
2020-06-26 - Taurus- The New Stealer in Town
2020-06-26 - US Local Government Services Targeted by New Magecart Credit Card Skimming Attack
2020-06-26 - Update on IT Security Incident at UCSF
2020-06-26 - WastedLocker- Symantec Identifies Wave of Attacks Against U.S. Organizations
2020-06-27 - Quick analysis note about GuLoader (or CloudEyE)
2020-06-28 - Interesting tactic by Ratty & Adwind for distribution of JAR appended to signed MSI
2020-06-29 - OSX.EvilQuest Uncovered
2020-06-29 - PROMETHIUM extends global reach with StrongPity3 APT
2020-06-30 - Botnet Encyclopedia
2020-06-30 - Detection Rules by Elastic
2020-06-30 - Electric Company Ransomware Attack Calls for $14 Million in Ransom
2020-06-30 - EvilQuest wiper uses ransomware cover to steal files from Macs
2020-06-30 - GoldenSpy- Chapter Two - The Uninstaller
2020-06-30 - M00nD3v, HawkEye threat actor, sells malware after COVID-19 diagnosis
2020-06-30 - Ransomware on the Rise- Buran’s transformation into Zeppelin
2020-07-01 - Alina Point of Sale Malware Still Lurking in DNS
2020-07-01 - BlackRock - The Trojan That Wanted to Get Them All
2020-07-01 - DLL Search Order Hijacking
2020-07-01 - EKANS Ransomware Targeting OT ICS Systems
2020-07-01 - Multiyear Surveillance Campaigns Discovered Targeting Uyghurs
2020-07-01 - Threat Bulletin- Cutting-off the Command-and-Control Infrastructure of CollectorGoomba
2020-07-01 - Threat Spotlight- Valak Slithers Its Way Into Manufacturing and Transportation Networks
2020-07-01 - 游走在东欧和中亚的奇幻熊
2020-07-02 - CyberGate RAT and RedLine Stealer Delivered in Ongoing AutoIt Malware Campaigns
2020-07-02 - GoldenSpy Chapter 3- New and Improved Uninstaller
2020-07-03 - Attack Detection Fundamentals- Code Execution and Persistence - Lab #1
2020-07-04 - Deep Analysis of Anubis Banking Malware
2020-07-05 - How to stop MortiAgent Malware using the snort rule-
2020-07-05 - RIFT- F5 Networks K52145254- TMUI RCE vulnerability CVE-2020-5902 Intelligence
2020-07-05 - Reverse Engineering the Mustang Panda PlugX RAT – Extracting the Config
2020-07-06 - New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader
2020-07-06 - North Korean hackers implicated in stealing from US and European shoppers
2020-07-06 - Pig in a poke- smartphone adware
2020-07-06 - The Gafgyt variant vbot seen in its 31 campaigns
2020-07-06 - TrickBot variant “Anchor_DNS” communicating over DNS
2020-07-06 - WastedLocker Goes Big-Game Hunting in 2020
2020-07-07 - -Keeper- Magecart Group Infects 570 Sites
2020-07-07 - Breaking EvilQuest - Reversing A Custom macOS Ransomware File Encryption Routine
2020-07-07 - Clop, Clop! It’s a TA505 HTML malspam analysis
2020-07-07 - Microsoft takes legal action against COVID-19-related cybercrime
2020-07-07 - SilentDeath Ransomware
2020-07-08 - How to unpack Chinoxy backdoor and decipher the configuration of the backdoor
2020-07-08 - Irans domestic espionage Lessons from recent data leaks
2020-07-08 - New Mirai Variant Expands Arsenal, Exploits CVE-2020-10173
2020-07-08 - Operation ‘Honey Trap’- APT36 Targets Defense Organizations in India
2020-07-08 - Ransomware Report- Avaddon and New Techniques Emerge, Industrial Sector Targeted
2020-07-08 - Restricting SMB-based lateral movement in a Windows environment
2020-07-08 - “EvilQuest” Rolls Ransomware, Spyware & Data Theft Into One
2020-07-09 - An Update for a Very Active DDos Botnet- Moobot
2020-07-09 - Gist with observed grelos skimmer
2020-07-09 - More evil- A deep look at Evilnum and its toolset
2020-07-09 - New Joker variant hits Google Play with an old trick
2020-07-09 - ServHelper- Hidden Miners
2020-07-09 - Threat Bulletin- Dissecting GuLoader’s Evasion Techniques
2020-07-10 - Deep Dive Into the M00nD3V Logger
2020-07-10 - Evilnum — Indicators of Compromise
2020-07-10 - Knowledge Fragment- Casting Sandbox Necromancy on DADSTACHE
2020-07-10 - The Dark Web of Intrigue- How REvil Used the Underground Ecosystem to Form an Extortion Cartel
2020-07-10 - The new Bigviktor Botnet is Targeting DrayTek Vigor Router
2020-07-10 - Threat spotlight- WastedLocker, customized ransomware
2020-07-10 - YARA Rules talks and presentation of REVERSING 2020
2020-07-11 - Injecting Magecart into Magento Global Config
2020-07-11 - TrickBot Group Launches Test Module Alerting on Fraud Activity
2020-07-11 - TrickBot malware mistakenly warns victims that they are infected
2020-07-12 - Deobfuscating DanaBot’s API Hashing
2020-07-13 - Anchor dns malware goes cross platform
2020-07-13 - Become a Microsoft Defender ATP Ninja
2020-07-13 - Campagna sLoad v.2.9.3 veicolata via PEC
2020-07-13 - Fell Deeds Awake
2020-07-13 - Internet Explorer CVE-2019–1367 In the wild Exploitation - prelude
2020-07-13 - New AgeLocker Ransomware uses Googler's utility to encrypt files
2020-07-13 - Remcos RAT Macro Dropper Doc
2020-07-13 - SCANdalous! (External Detection Using Network Scan Data and Automation)
2020-07-13 - TrickBot's new API-Hammering explained
2020-07-14 - GoldenSpy Chapter 4- GoldenHelper Malware Embedded in Official Golden Tax Software
2020-07-14 - Manufacturing Industry in the Adversaries’ Crosshairs
2020-07-14 - PYTHON MALWARE ON THE RISE
2020-07-14 - RATicate upgrades “RATs as a Service” attacks with commercial “crypter”
2020-07-14 - Simple DGA Spotted in a Malicious PowerShell
2020-07-14 - The Domain Generation Algorithm of BazarBackdoor
2020-07-14 - The Tetrade- Brazilian banking malware goes global
2020-07-14 - Turla - Venomous Bear updates its arsenal- “NewPass” appears on the APT threat scene
2020-07-14 - Welcome Chat as a secure messaging app- Nothing could be further from the truth
2020-07-15 - An in-depth analysis of SpyNote remote access trojan
2020-07-15 - Chinese state hackers target Hong Kong Catholic Church
2020-07-15 - Deep Analysis of QBot Banking Trojan
2020-07-15 - Exclusive- Secret Trump order gives CIA more powers to launch cyberattacks
2020-07-15 - Financially Motivated Actors Are Expanding Access Into OT- Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families
2020-07-15 - Flowspec - TA505s bulletproof hoster of choice
2020-07-15 - Inside REvil Extortionist “Machine”- Predictive Insights
2020-07-15 - The Defective Domain Generation Algorithm of BazarBackdoor
2020-07-16 - A Bazar of Tricks- Following Team9’s Development Cycles
2020-07-16 - FastWind Ransomware
2020-07-16 - High‑profile Twitter accounts hacked to promote Bitcoin scam
2020-07-16 - How WellMess malware has been used to target Covid-19 vaccines
2020-07-16 - Iranian Spies Accidentally Leaked Videos of Themselves Hacking
2020-07-16 - Mac cryptocurrency trading application rebranded, bundled with malware
2020-07-16 - Malware Analysis Report (AR20-198A)
2020-07-16 - Malware Analysis Report (AR20-198B)
2020-07-16 - Malware Analysis Report (AR20-198C)
2020-07-16 - New Research Exposes Iranian Threat Group (APT35-ITG18) Operations
2020-07-16 - US, UK, and Canada’s COVID-19 research targeted by APT29
2020-07-17 - New Voicemail-Themed Phishing Attacks Use Evasion Techniques and Steal Credentials
2020-07-17 - TA547 Pivots from Ursnif Banking Trojan to Ransomware in Australian Campaign
2020-07-18 - Firefox Send sends Ursnif malware
2020-07-20 - Emotet is back
2020-07-20 - Emotet-TrickBot malware duo is back infecting Windows machines
2020-07-20 - Golden Chickens- Evolution Oof the MaaS
2020-07-20 - Reverse Engineering the New Mustang Panda PlugX Downloader
2020-07-20 - Shellbot victim overlap with Emotet network infrastructure
2020-07-20 - What even is Winnti-
2020-07-21 - 'World's Most Wanted Man' Involved in Bizarre Attempt to Buy Hacking Tools
2020-07-21 - Chinese APT group targets India and Hong Kong using new variant of MgBot malware
2020-07-21 - How scammers are hiding their phishing trips in public clouds
2020-07-21 - Two Chinese Hackers Working with the Ministry of State Security Charged with Global Computer Intrusion Campaign Targeting Intellectual Property and Confidential Business Information, Including COVID-19 Research
2020-07-22 - 'FormBook Tracker' unveiled on the Dark Web
2020-07-22 - Analysing Fileless Malware- Cobalt Strike Beacon
2020-07-22 - Connecting Kinsing malware to Citrix and SaltStack campaigns
2020-07-22 - Enter the Maze- Demystifying an Affiliate Involved in Maze (SNOW)
2020-07-22 - Github Repository for PowerZure
2020-07-22 - Lockscreen Ransomware Phishing Leads To Google Play Card Scam
2020-07-22 - MATA- Multi-platform targeted malware framework
2020-07-22 - OilRig APT Drills into Malware Innovation with Unique Backdoor
2020-07-22 - OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory
2020-07-22 - Peut-on neutraliser un ransomware lancé en tant que SYSTEM sur des milliers de machines en même temps-
2020-07-22 - Prometei botnet and its quest for Monero
2020-07-22 - Skimmers in Images & GitHub Repos
2020-07-22 - Slacking Off – Slack and the Corporate Attack Surface Landscape
2020-07-23 - Attacking MS Exchange Web Interfaces
2020-07-23 - The resurgence of the Ursnif banking trojan
2020-07-23 - WastedLocker Ransomware- Abusing ADS and NTFS File Attributes
2020-07-23 - Who is behind APT29- What we know about this nation-state cybercrime group
2020-07-24 - Evolution of Valak, from Its Beginnings to Mass Distribution
2020-07-24 - Exorcist Ransomware - From triaging to deep dive
2020-07-24 - Fifty Shades of Malware Strings
2020-07-24 - Garmin outage caused by confirmed WastedLocker ransomware attack
2020-07-24 - Russia's GRU Hackers Hit US Government and Energy Targets
2020-07-25 - Zen- A Complex Campaign of Harmful Android Apps
2020-07-26 - In-Memory shellcode decoding to evade AVs-EDRs
2020-07-27 - Alert (AA20-209A)- Potential Legacy Risk from Malware Targeting QNAP NAS Devices
2020-07-27 - Ensiko- A Webshell With Ransomware Capabilities
2020-07-27 - Four Distinct Families of Lazarus Malware Target Apple’s macOS Platform
2020-07-27 - ProLock ransomware gives you the first 8 kilobytes of decryption for free
2020-07-28 - Emotet malware now steals your email attachments to attack contacts
2020-07-28 - LOLSnif Malware
2020-07-28 - Lazarus on the hunt for big game
2020-07-28 - Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902
2020-07-28 - Watch Your Containers- Doki Infecting Docker Servers in the Cloud
2020-07-29 - 'Ghostwriter' Influence Campaign- Unknown Actors Leverage Website Compromises and Fabricated Content to Push Narratives Aligned With Russian Security Interests
2020-07-29 - APT trends report Q2 2020
2020-07-29 - Android Spyware Targeting Tanzania Premier League
2020-07-29 - Emotet’s return is the canary in the coal mine
2020-07-29 - Kaspersky- New hacker-for-hire mercenary group is targeting European law firms
2020-07-29 - Operation (노스 스타) North Star A Job Offer That’s Too Good to be True-
2020-07-29 - Sodinokibi - REvil Malware Analysis
2020-07-30 - Dissecting Ragnar Locker- The Case Of EDP
2020-07-30 - Obscured by Clouds- Insights into Office 365 Attacks and How Mandiant Managed Defense Investigates
2020-07-30 - Threat Assessment- WastedLocker Ransomware
2020-07-31 - GandCrab ransomware operator arrested in Belarus
2020-07-31 - Malware Author Pleads Guilty for Role in Transnational Cybercrime Organization Responsible for more than $568 Million in Losses
2020-07-31 - MassLogger- An Emerging Spyware and Keylogger
2020-07-31 - OpBlueRaven- Unveiling Fin7-Carbanak - Part 1 - Tirion
2020-07-31 - The webshells powering Emotet
2020-07-31 - WastedLocker- technical analysis
2020-08-01 - Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware
2020-08-03 - Back to school-
2020-08-03 - Belarus Authorities Arrest GandCrab Ransomware Operator
2020-08-03 - Dridex – From Word to Domain Dominance
2020-08-03 - InfectedNight - Mirai Variant With Massive Attacks On Our Honeypots
2020-08-03 - MAR-10292089-1.v1 – Chinese Remote Access Trojan- TAIDOOR
2020-08-03 - Take a “NetWalk” on the Wild Side
2020-08-04 - CrimeOps- The Operational Art of Cyber Crime
2020-08-04 - Part 1- analysing MedusaLocker ransomware
2020-08-04 - Ransomware gang publishes tens of GBs of internal data from LG and Xerox
2020-08-04 - WastedLocker’s techniques point to a familiar heritage
2020-08-05 - Emotet API+string deobfuscator (v0.1)
2020-08-05 - Part 2- Analysing MedusaLocker ransomware
2020-08-05 - Playing with GuLoader Anti-VM techniques
2020-08-06 - Bypassing MassLogger Anti-Analysis — a Man-in-the-Middle Approach
2020-08-06 - Chinese Hackers Have Pillaged Taiwan's Semiconductor Industry
2020-08-06 - FinSpy Android Technical Analysi
2020-08-06 - Part 3- analysing MedusaLocker ransomware
2020-08-06 - The Secret Life of an Initial Access Broker
2020-08-06 - Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts
2020-08-07 - BlackWater Malware Leveraging Beirut Tragedy in New Targeted Campaign
2020-08-07 - Stadeo- Deobfuscating Stantinko and more
2020-08-08 - Phirautee - DEFCON28 - Writing Ransomware using Living off the Land (LotL) Tactics
2020-08-09 - Banking Trojans- A Reference Guide to the Malware Family Tree
2020-08-10 - Agent Tesla - Old RAT Uses New Tricks to Stay on Top
2020-08-10 - Anomali Threat Research Releases First Public Analysis of Smaug Ransomware as a Service
2020-08-10 - ClipBanker Trojan - A 13-Second Attack
2020-08-10 - DarkSide Ransomware
2020-08-10 - DiamondFox - Bank Robbers will be replaced
2020-08-10 - FBI says an Iranian hacking group is attacking F5 networking devices
2020-08-10 - Gorgon APT targeting MSME sector in India
2020-08-10 - SBA phishing scams- from malware to advanced social engineering
2020-08-12 - Antiy's analysis report on the recent APT attacks against the Green Spot organization
2020-08-12 - Color by numbers- inside a Dharma ransomware-as-a-service attack
2020-08-12 - IcedID Campaign Strikes Back
2020-08-12 - Internet Explorer and Windows zero-day exploits used in Operation PowerFall
2020-08-12 - Prioritizing critical vulnerabilities A threat intelligence perspective
2020-08-12 - Retour d’expérience suite à une attaque par rançongiciel contre une structure de santé
2020-08-12 - Why Emotet’s Latest Wave is Harder to Catch than Ever Before
2020-08-13 - Attribution- A Puzzle
2020-08-13 - CactusPete APT group’s updated Bisonal backdoor
2020-08-13 - Case Study- Catching a Human-Operated Maze Ransomware Attack In Action
2020-08-13 - Chrome extensions that lie about their permissions
2020-08-13 - Global Disruption of Three Terror Finance Cyber-Enabled Campaigns
2020-08-13 - Lemon Duck Cryptocurrency-mining Malware Information
2020-08-13 - Matiex on Sale Underground
2020-08-13 - Mekotio- These aren’t the security updates you’re looking for…
2020-08-13 - XCSSET Mac Malware- Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
2020-08-14 - Alert (AA20-227A)- Phishing Emails Used to Deploy KONNI Malware
2020-08-14 - EmoCrash- Exploiting a Vulnerability in Emotet Malware for Defense
2020-08-14 - PurpleWave - A New Infostealer from Russia
2020-08-16 - Manual Unpacking IcedID Write-up
2020-08-17 - Team TNT - The First Crypto-Mining Worm to Steal AWS Credentials
2020-08-17 - Team TNT – The First Crypto-Mining Worm to Steal AWS Credentials
2020-08-17 - WellMess malware- analysis of its Command and Control (C2) server
2020-08-18 - Lazarus Group- Campaign Targeting the Cryptocurrency Vertical
2020-08-18 - New Attack Alert- Duri
2020-08-18 - ThunderX Ransomware
2020-08-18 - UPX Anti-Unpacking Techniques in IoT Malware
2020-08-19 - Chantay’s Resume- Investigating a CV-Themed ZLoader Malware
2020-08-19 - ELF Malware Analysis 101 Part 2- Initial Analysis
2020-08-19 - FritzFrog- A New Generation Of Peer-To-Peer Botnets
2020-08-19 - Malware Analysis Report (AR20-232A)
2020-08-19 - Performing Kerberoasting without SPNs
2020-08-19 - Responder-MultiRelay
2020-08-19 - 調查局 08-19 公布中國對台灣政府機關駭侵事件說明
2020-08-20 - DBatLoader-ModiLoader Analysis – First Stage
2020-08-20 - QakBot (QBot) Maldoc Campaign Introduces Two New Techniques into Its Arsenal
2020-08-20 - Revealing REvil Ransomware With DomainTools and Maltego
2020-08-20 - Transparent Tribe- Evolution analysis, part 1
2020-08-20 - [webinar] Proactive Infrastructure Hunting with ThreatConnect & DomainTools
2020-08-20 - ‘Baka’ JavaScript Skimmer Identified
2020-08-21 - Wireshark Tutorial- Decrypting HTTPS Traffic
2020-08-22 - BitRAT – The Latest in Copy-pasted Malware by Incompetent Developers
2020-08-23 - Dispatches from Drovorub- Network Threat Hunting for Russia GRU GTsSS' Malware at Scale
2020-08-23 - Programmatically NOP the Current Selection in Ghidra
2020-08-24 - Cybercriminal greeners from Iran attack companies worldwide for financial gain
2020-08-24 - Emotet Update increases Downloads
2020-08-24 - Lifting the veil on DeathStalker, a mercenary triumvirate
2020-08-24 - RATs and Spam- The Node.JS QRAT
2020-08-24 - Torum is Dead. Long Live CryptBB-
2020-08-24 - VT Report for Jazuar
2020-08-25 - Cyrat Ransomware
2020-08-25 - Darkhotel (APT-C-06) organized multiple attacks using the Thinmon backdoor framework to reveal the secrets
2020-08-25 - How Ransomware Gangs Find New Monetization Schemes and Evolve in Marketing
2020-08-25 - Ryuk successor Conti Ransomware releases data leak site
2020-08-26 - A twisted malware infection chain
2020-08-26 - Alert (AA20-239A)- FASTCash 2.0- North Korea's BeagleBoyz Robbing Banks
2020-08-26 - MAR-10301706-1.v1 - North Korean Remote Access Tool- ECCENTRICBANDWAGON
2020-08-26 - MAR-10301706-2.v1 - North Korean Remote Access Tool- VIVACIOUSGIFT
2020-08-26 - ReZer0v4 loader
2020-08-26 - SunCrypt Ransomware sheds light on the Maze ransomware cartel
2020-08-26 - Threat Actor Profile- TA2719 Uses Colorful Lures to Deliver RATs in Local Languages
2020-08-26 - Transparent Tribe- Evolution analysis, part 2
2020-08-27 - An Old Bot’s Nasty New Tricks- Exploring Qbot’s Latest Attack Methods
2020-08-27 - Cetus- Cryptojacking Worm Targeting Docker Daemons
2020-08-27 - Growth and Commoditization of Remote Access Trojans (X)
2020-08-27 - Smokeloader Analysis and More Family Detections
2020-08-28 - A Comprehensive Look at Emotet’s Summer 2020 Return
2020-08-28 - Cerberus Banking Trojan Analysis
2020-08-28 - Gozi- The Malware with a Thousand Faces
2020-08-28 - MVISION Insights- Wastedlocker Ransomware
2020-08-28 - TERRACOTTA Android Malware- A Technical Study
2020-08-29 - Emulating NotPetya bootloader with Miasm
2020-08-30 - Z3 Ransomware
2020-08-31 - Analysis of the latest wave of Emotet malicious documents
2020-08-31 - In the wild QNAP NAS attacks
2020-08-31 - Malware Used by Lazarus after Network Intrusion
2020-08-31 - Malware used by the attack group Lazarus after network intrusion
2020-08-31 - NetWalker Ransomware in 1 Hour
2020-08-31 - The BLINDINGCAN RAT and Malicious North Korean Activity
2020-08-31 - Trickbot rdpscanDll – Transforming Candidate Credentials for Brute-Forcing RDP Servers
2020-08-31 - Who Is PIONEER KITTEN-
2020-08-31 - XP10 Ransomware
2020-09-01 - An Exhaustively-Analyzed IDB for ComRAT v4
2020-09-01 - Characterizing Anomalies in Malware-Generated HTTP Traffic
2020-09-01 - DLL Fixer leads to Cyrat Ransomware
2020-09-01 - Epic Manchego – atypical maldoc delivery brings flurry of infostealers
2020-09-01 - Iranian hackers are selling access to compromised companies on an underground forum
2020-09-01 - New web skimmer steals credit card data, sends to crooks via Telegram
2020-09-01 - OpBlueRaven- Unveiling Fin7-Carbanak - Part II - BadUSB Attacks
2020-09-01 - Quarterly Report- Incident Response trends in Summer 2020
2020-09-01 - Who Is PIONEER KITTEN-
2020-09-02 - Chinese APT TA413 Resumes Targeting of Tibet Following COVID-19 Themed Economic Espionage Campaign Delivering Sepulcher Malware Targeting Europe
2020-09-02 - Cybersquatting- Attackers Mimicking Domains of Major Brands Including Facebook, Apple, Amazon and Netflix to Scam Consumers
2020-09-02 - Inside the “fallguys” malware that steals your browsing data and gaming IMs; Continued attack on open source software
2020-09-02 - KryptoCibule- The multitasking multicurrency cryptostealer
2020-09-02 - Machine learning from idea to reality- a PowerShell case study
2020-09-02 - Operation PowerFall- CVE-2020-0986 and variants
2020-09-02 - Salfram- Robbing the place without removing your name tag
2020-09-02 - [Alert] New GlobeImposter of Olympian Gods 2.0 is coming
2020-09-03 - IT threat evolution Q2 2020
2020-09-03 - Multi-Platform SMAUG RaaS Aims To See Off Competitors
2020-09-03 - No Rest for the Wicked- Evilnum Unleashes PyVil RAT
2020-09-03 - The Bitcoin Ransomware Detective Strikes Again- The UCSF Case
2020-09-03 - Turning Open Source Against Malware
2020-09-04 - BitRAT pt. 2- Hidden Browser, SOCKS5 proxy, and UnknownProducts Unmasked
2020-09-04 - Post-Mortem of a Triple Poisoning- New Details Emerge in GRU's Failed Murder Attempts in Bulgaria
2020-09-04 - Thanos Ransomware- Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa
2020-09-07 - Bulletin d'alerte du CERT-FR- Recrudescence d’activité Emotet en France
2020-09-07 - Collection of recent Dridex IOCs
2020-09-07 - Time to take the bull by the horns
2020-09-08 - APT GROUP系列——DARKHOTEL之窃密与RAT篇
2020-09-08 - Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks
2020-09-08 - Automated dynamic import resolving using binary emulation
2020-09-08 - Exposed Docker Server Abused to Drop Cryptominer, DDoS Bot
2020-09-08 - Malware Config Extraction Diaries #1 – GuLoader
2020-09-08 - TeamTNT activity targets Weave Scope deployments
2020-09-08 - TikTok Spyware- A detailed analysis of spyware masquerading as TikTok
2020-09-09 - Malvertising campaigns come back in full swing
2020-09-10 - An overview of targeted attacks and APTs on Linux
2020-09-10 - Lock Like a Pro- Dive in Recent ProLock's Big Game Hunting
2020-09-10 - New cyberattacks targeting U.S. elections
2020-09-10 - Recent Dridex activity
2020-09-10 - STRONTIUM- Detecting new patterns in credential harvesting
2020-09-10 - Who is calling- CDRThief targets Linux VoIP softswitches
2020-09-11 - Research Roundup- Activity on Previously Identified APT33 Domains
2020-09-11 - [RE016] Malware Analysis- ModiLoader
2020-09-13 - Tweet on Cryakl 2.0.0.0
2020-09-14 - Alert (AA20-258A)- Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity
2020-09-14 - Analysis of a Convoluted Attack Chain Involving Ngrok
2020-09-14 - Back to School- Why Cybercriminals Continue to Target the Education Sector - Part Two
2020-09-15 - Alert (AA20-259A)- Iran-Based Threat Actor Exploits VPN Vulnerabilities
2020-09-15 - Malware Analysis Report (AR20-259A)- Iranian Web Shells
2020-09-15 - Rudeminer, Blacksquid and Lucifer Walk Into A Bar
2020-09-15 - Threat analysis- The emergent URSA trojan impacts many countries using a sophisticated loader
2020-09-16 - Malware Leveraging XML-RPC Vulnerability to Exploit WordPress Sites
2020-09-16 - Partners in crime North Koreans and elite Russian-speaking cybercriminals
2020-09-16 - Seven International Cyber Defendants, Including “Apt41” Actors, Charged In Connection With Computer Intrusion Campaigns Against More Than 100 Victims Globally
2020-09-16 - Target defense industry- Lazarus uses recruitment bait combined with continuously updated cyber weapons
2020-09-17 - Analysis of WellMail malware's Command and Control (C2) server
2020-09-17 - Automatic ReZer0 payload and configuration extraction
2020-09-17 - Complex obfuscation- Meh… (1-2)
2020-09-17 - Counter Terrorism Designations; Iran-Cyber-related Designations
2020-09-17 - GuLoader's VM-Exit Instruction Hammering explained
2020-09-17 - Maze attackers adopt Ragnar Locker virtual machine technique
2020-09-17 - Maze ransomware now encrypts via virtual machines to evade detection
2020-09-17 - Ransomware’s New Trend- Exfiltration and Extortion
2020-09-17 - Treasury Sanctions Cyber Actors Backed by Iranian Intelligence Ministry
2020-09-18 - APT41- Indictments Put Chinese Espionage Group in the Spotlight
2020-09-18 - Egregor Ransomware
2020-09-18 - Elfin- Latest U.S. Indictments Appear to Target Iranian Espionage Group
2020-09-18 - EvilQuest-ThiefQuest strings decrypt-deobfuscator
2020-09-18 - Reverse Engineering Dridex and Automating IOC Extraction
2020-09-18 - The Initial Access Broker’s Toolbox – Remote Monitoring and Management
2020-09-18 - U.S. Justice Department Charges APT41 Hackers over Global Cyberattacks
2020-09-20 - Rampant Kitten – An Iranian Espionage Campaign
2020-09-21 - Cybercriminals Distribute Backdoor With VPN Installer
2020-09-22 - APT28 Delivers Zebrocy Malware Campaign using NATO Theme as Lure
2020-09-22 - Alert Number I-092220-PSA- Foreign Actors and Cybercriminals Likely to Spread Disinformation Regarding 2020 Election Results
2020-09-22 - DarkSide- The New Ransomware Group Behind Highly Targeted Attacks
2020-09-22 - Grinju Downloader
2020-09-22 - MTR Casebook- Blocking a $15 million Maze ransomware attack
2020-09-22 - Mispadu Banking Trojan Resurfaces
2020-09-22 - Removing Coordinated Inauthentic Behavior
2020-09-22 - Russian hackers use fake NATO training docs to breach govt networks
2020-09-22 - Taidoor - a truly persistent threat
2020-09-22 - Uniklinik Düsseldorf- Ransomware -DoppelPaymer- soll hinter dem Angriff stecken
2020-09-22 - What Service NSW has to do with Russia-
2020-09-23 - AgeLocker ransomware targets QNAP NAS devices, steals data
2020-09-23 - Big Game Hunting- Now in Russia
2020-09-23 - Case Study- Emotet Thread Hijacking, an Email Attack Technique
2020-09-23 - Government software provider Tyler Technologies hit by ransomware
2020-09-23 - Looking for sophisticated malware in IoT devices
2020-09-23 - Operation SideCopy!
2020-09-23 - Understanding Uncertainty while Undermining Democracy
2020-09-24 - Alert Number I-092420-PSA- Cyber Threats to Voting Processes Could Slow But Not Prevent Voting
2020-09-24 - Alien - the story of Cerberus' demise
2020-09-24 - Analysis Report (AR20-268A)- Federal Agency Compromised by Malicious Cyber Actor
2020-09-24 - Apps on Google Play Tainted with Cerberus Banker Malware
2020-09-24 - Cycldek aka Goblin Panda- Chronicles of the Goblin
2020-09-24 - Double Trouble- Ransomware with Data Leak Extortion, Part 1
2020-09-24 - Email-delivered MoDi RAT attack pastes PowerShell commands
2020-09-24 - Microsoft Security—detecting empires in the cloud
2020-09-24 - Mount Locker ransomware joins the multi-million dollar ransom game
2020-09-24 - Removing Coordinated Inauthentic Behavior
2020-09-24 - zLoader XLM Update- Macro code and behavior change
2020-09-25 - APT vs Internet Service Providers
2020-09-25 - APT-C-43 steals Venezuelan military secrets to provide intelligence support for the reactionaries - HpReact campaign
2020-09-25 - Baltimore ransomware attack was early attempt at data extortion, new report shows
2020-09-25 - Catching Lazarus- Threat Intelligence to Real Detection Logic - Part One
2020-09-25 - Double Trouble- Ransomware with Data Leak Extortion, Part 1
2020-09-25 - German-made FinSpy spyware found in Egypt, and Mac and Linux versions revealed
2020-09-25 - Ghost in action- the Specter botnet
2020-09-25 - Magento Credit Card Stealing Malware- gstaticapi
2020-09-25 - The Fresh Smell of ransomed coffee
2020-09-25 - Turla Carbon System
2020-09-25 - Visa Security Alert New Malware Samples identified in Point-of-Sale Compromises
2020-09-26 - FinFisher Filleted- a triage of the FinSpy (macOS) malware
2020-09-26 - Ironcat Ransomware
2020-09-26 - The Finfisher Tales, Chapter 1- The dropper
2020-09-28 - Alert Number I-092820-PSA- False Claims of Hacked Voter Information Likely Intended to Cast Doubt on Legitimacy of U.S. Elections
2020-09-28 - Kimsuky Phishing Operations Putting In Work
2020-09-29 - BLINDINGCAN - Malware Used by Lazarus
2020-09-29 - Cerberus and Alien- the malware that has put Android in a tight spot
2020-09-29 - CobaltStrikeScan
2020-09-29 - Getting the Bacon from the Beacon
2020-09-29 - LodaRAT Update- Alive and Well
2020-09-29 - Palmerworm- Espionage Gang Targets the Media, Finance, and Other Sectors
2020-09-29 - Spear Phishing Campaign Delivers Buer and Bazar Malware
2020-09-29 - TA2552 Uses OAuth Access Token Phishing to Exploit Read-Only Risks
2020-09-29 - Targeted Attacks on Oil and Gas Supply Chain Industries in the Middle East
2020-09-29 - The return of the Emotet as the world unlocks!
2020-09-29 - What's behind the increase in ransomware attacks this year-
2020-09-30 - APT‑C‑23 group evolves its Android spyware
2020-09-30 - Alert Number I-093020-PSA- Distributed Denial of Service Attacks Could Hinder Access to Voting Information, Would Not Prevent Voting
2020-09-30 - Rooty Dolphin uses Mekotio to target bank clients in South America and Europe
2020-09-30 - Ttint- An IoT remote control Trojan spreading through two 0-day vulnerabilities
2020-09-30 - Ttint- 一款通过2个0-day漏洞传播的IoT远控木马
2020-10-01 - A Storm is Brewing- IPStorm Now Has Linux Malware
2020-10-01 - Alert (AA20-275A)- Potential for China Cyber Response to Heightened U.S.-China Tensions
2020-10-01 - Alert Number I-100120-PSA- Foreign Actors Likely to Use Online Journals to Spread Disinformation Regarding 2020 Elections
2020-10-01 - Duck Hunting with Falcon Complete- Analyzing a Fowl Banking Trojan, Part 1
2020-10-01 - Emotet Makes Timely Adoption of Political and Elections Lures
2020-10-01 - Evasive URLs in Spam- Part 2
2020-10-01 - LATAM financial cybercrime- Competitors‑in‑crime sharing TTPs
2020-10-01 - Malware Analysis Report (AR20-275A)- Remote Access Trojan- SLOTHFULMEDIA
2020-10-01 - Russia’s Fancy Bear Hackers Likely Penetrated a US Federal Agency
2020-10-01 - Threat Spotlight- New InterPlanetary Storm variant targeting IoT devices
2020-10-01 - XDSpy Indicators of Compromise
2020-10-02 - Alert Number I-100220-PSA- Spoofed Internet Domains and Email Accounts Pose Cyber and Disinformation Risks to Voters
2020-10-02 - Appgate Labs Analyzes New Family Of Ransomware - Egregor
2020-10-02 - Attacks Aimed at Disrupting the Trickbot Botnet
2020-10-02 - Graphology of an Exploit – Hunting for exploits by looking for the author’s fingerprints
2020-10-02 - Lockbit analysis
 Ransomware Help & Support - _HOW_TO_Decrypt.bmp.pdf){kind=link}