v x

Invisible Text. Fuck you.

Home Code Archive ICS SCADA Papers Linux Papers Malware Defense Papers Other Papers Russian Papers The Old New Thing Papers Windows Papers Malware Collections

AV Tech

2007-06-16 - Minifilters for detection of Malware
2008-11-10 - Advanced Metamorphic Techniques in Computer Viruses
2009-06-28 - AVU (Anti Virus UNIX) Demonstration
2010-02-03 - Sequence Based Malware Detection
2015-03-17 - Kprobe instrumentation based kernel patching code
2017-01-22 - Anti-emulation trends in modern packers
2018-06-27 - Fixing ELF static binaries with ASLR RELRO support
2018-09-12- Office VBA - AMSI Parting the veil on malicious macros
2018-09-27 - Out of sight but not invisible - Defeating fileless malware with behavior monitoring AMSI and next-gen
2018-11-18 - Preventing Ransomware Attacks Through File System Filter Drivers
2021-01-05 - Automatic Reverse Engineering of Script Engine Binaries for Building Script API Tracers
2021-01-27 - Analysis of Antivirus Quarantine Files
2021-02-10 - Detecting Manual Syscalls from User Mode
2021-05-24 - Hunting for Suspicious Usage of Background Intelligent
2021-07-09 - An Empirical Assessment of Endpoint Detection and Response Systems against Advanced Persistent Threats Attack Vectors
2021-08-23 - An Empirical Assessment of Endpoint Security Systems Against Advanced Persistent Threats Attack Vectors
2021-11-14 - Instrumentation Callbacks - Detecting SYSCALLs
2021-12-26 - Gatekeeping SysCalls
2022-01-11 - An Empirical Assessment of Endpoint Security Systems Against Advanced Persistent Threats Attack Vectors v3 FINAL
2022-02-02 - Elastic Security - Sandboxing Antimalware Products
2022-02-22 - Writing a C Yara Agent
2022-03-15 - Anti-UPX Unpacking Technique
2022-04-29 - Maelstrom EDR Kernel Callbacks Hooks and Call Stacks
2022-06-30 - Using process creation properties to catch evasion techniques
2022-07-10 - Patriot - Detecting various kinds of in-memory stealth techniques
2023-02-10 - Forensic Log-Based Detection of Keystroke Injection BadUSB Attacks
2023-04-19 - Demonstrating monitoring abnormal syscalls with ETW
2023-04-27 - The Art of Clipboard Forensics Recovering Deleted Data

Malware Analysis 2010

2010-01-17 - Jan 17 Trojan Darkmoon.B EXE Haiti relief from [email protected] 17 Jan 2010 13-15-02 -0800 PST
2010-01-25 - Leveraging ZeuS to send spam through social networks
2010-02-02 - ZeuS spreading via Facebook
2010-02-04 - SpyEye Bot versus Zeus Bot
2010-02-08 - List of Aurora - Hydraq - Roarur files
2010-02-19 - SpyEye Bot (Part two). Conversations with the creator of crimeware
2010-02-20 - Facebook & VISA phishing campaign proposed by ZeuS
2010-03-03 - Black Energy Crypto
2010-03-03 - BlackEnergy Version 2 Threat Analysis
2010-03-07 - March 2010 Opachki Trojan update and sample
2010-03-10 - ZeuS Banking Trojan Report
2010-03-15 - New phishing campaign against Facebook led by Zeus
2010-03-31 - ICS Advisory (ICSA-10-090-01)- Mariposa Botnet
2010-04-01 - SpyEye vs. ZeuS Rivalry
2010-04-19 - ZeuS on IRS Scam remains actively exploited
2010-04-26 - SpyEye’s -Kill Zeus- Bark is Worse Than its Bite
2010-05-03 - A Brief Look at Zeus-Zbot 2.0
2010-05-03 - Heloag has rather no friends, just a master
2010-05-27 - Sasfis Propagation
2010-05-28 - CVE-2009-3129 XLS for office 2002-2007 with fud keylogger EIDHR from [email protected]
2010-05-31 - SASFIS Malware Uses a New Trick
2010-06-10 - Review of the Virus.Win32.Virut.ce Malware Sample
2010-06-15 - Clash of the Titans- ZeuS v SpyEye
2010-07-14 - Who Was the 12th Russian Spy at Microsoft-
2010-07-14 - ZeuS Version scheme by the trojan author
2010-07-15 - Black DDoS
2010-07-24 - Why won’t my sample run-
2010-07-30 - CVE-2010-2568 keylogger Win32-Chymine.A
2010-08-25 - Military Computer Attack Confirmed
2010-09-17 - SpyEye Botnet’s Bogus Billing Feature
2010-11-12 - ZEROACCESS MALWARE - PART 1- De-Obfuscating and Reversing the User-Mode Agent Dropper
2010-11-15 - Tracing the Crimeware Origins by Reversing Injected Code
2010-11-16 - ZEROACCESS MALWARE - PART 3- The Device Driver Process Injection Rootkit
2010-11-20 - The Kernel-Mode Device Driver Stealth Rootkit
2010-12-20 - End of the Line for the Bredolab Botnet-
2010-12-27 - Adventures in analyzing Stuxnet

Malware Analysis 2011

2011-01-09 - Jan 6 CVE-2010-3333 DOC with info theft trojan from the American Chamber of Commerce
2011-01-20 - Beschreibung des Virus Backdoor.Win32. Buterat.afj
2011-01-30 - GpCode Ransomware 2010 Simple Analysis
2011-02-24 - ZeroAccess Max Smiscer Crimeware Rootkit sample for Step-by-Step Reverse Engineering
2011-03-02 - TDL4 and Glupteba- Piggyback PiggyBugs
2011-03-08 - Worm-Win32-Yimfoca.A
2011-03-11 - Trojan.Koredos Comes with an Unwelcomed Surprise
2011-03-28 - Microsoft Hunting Rustock Controllers
2011-04-16 - Troj-Sasfis-O
2011-04-19 - TDSS part 1- The x64 Dollar Question
2011-04-26 - SpyEye Targets Opera, Google Chrome Users
2011-04-28 - Un observateur d’événements aveugle…
2011-04-30 - BKA-Trojaner (Ransomware)
2011-05-19 - Win32-Expiro
2011-05-25 - W32.Qakbot aka W32-Pinkslipbot or infostealer worm
2011-06-22 - Criminals gain control over Mac with BackDoor.Olyx
2011-06-29 - Inside a Back Door Attack
2011-07-06 - Cybercriminals switch from MBR to NTFS
2011-07-07 - Rootkit TDL-4 (TDSS, Alureon.DX, Olmarik, TDL) 32-bit and 64-bit Sample + Analysis links - Update July 7
2011-07-08 - Trojan.Mayachok.2- анализ первого известного VBR-буткита
2011-07-10 - Facts and myths about antivirus evasion with Metasploit
2011-07-14 - Cycbot- Ready to Ride
2011-07-26 - SpyEye Trojan defeating online banking defenses
2011-07-27 - Jul 25 Mac Olyx backdoor + Gh0st Backdoor in RAR archive related to July 2009 Ürümqi riots in China (Samples included)
2011-07-28 - Trojan Tricks Victims Into Transferring Funds
2011-08-03 - HTran and the Advanced Persistent Threat
2011-08-04 - Analysis of ngrBot
2011-08-24 - Ice IX, the first crimeware based on the leaked ZeuS sources
2011-08-27 - Morto.A
2011-08-28 - Windows Remote Desktop Worm -Morto- Spreading
2011-08-29 - Aug 28 Morto - Tsclient - RDP worm with DDoS features
2011-09-02 - ZeuS Gets Another Update
2011-09-09 - BIOS Threat is Showing up Again!
2011-09-09 - Stuxnet Malware Analysis Paper
2011-09-13 - Mebromi- the first BIOS rootkit in the wild
2011-09-14 - Ice IX- not cool at all
2011-09-14 - Malware burrows deep into computer BIOS to escape AV
2011-09-19 - Mebromi BIOS rootkit affecting Award BIOS (aka -BMW- virus)
2011-09-21 - Sept 21 Greedy Shylock - financial malware
2011-09-27 - Debugging Injected Code with IDA Pro
2011-10-06 - Sep 28 CVE-2010-3333 Manuscript with Taidoor (Trojan.Matryoshka by CyberESI)
2011-10-06 - ZeuS-in-the-Mobile – Facts and Theories
2011-10-07 - Rustock samples and analysis links. Rustock.C, E, I, J and other variants
2011-10-08 - Possible Governmental Backdoor Found (-Case R2D2-)
2011-10-13 - A Detailed Analysis of an Advanced Persistent Threat Malware
2011-10-17 - W32-Yunsip!tr.pws
2011-10-26 - Tsunami Backdoor Can Be Used for Denial of Service Attacks
2011-10-31 - The Significance of the -Nitro- Attacks
2011-12-08 - The Sykipot Attacks

Malware Analysis 2012

2012-01-04 - SpyEye Malware Borrows Zeus Trick to Mask Fraud
2012-01-06 - Cracking Cold$eal 5.4.1 FWB++
2012-01-08 - Cold$eal- 'Situation is under control'
2012-01-12 - Blackhole Ramnit - samples and analysis
2012-02-01 - TDL4 - Purple Haze (Pihar) Variant - sample and analysis
2012-02-15 - Merchant of Fraud Returns- Shylock Polymorphic Financial Malware Infections on the Rise
2012-03-06 - Virus Ukash Gendarmerie Absence twexx32.dll
2012-03-16 - OSX-Imuler updated- still a threat on Mac OS X
2012-03-26 - LUCKYCAT REDUX Inside an APT Campaign with Multiple Targets in India and Japan
2012-04-05 - China Hacked South Korea Over Missile Defense, U.S. Firm Says
2012-04-05 - Darkshell DDOS Botnet Evolves With Variants
2012-04-10 - OSX-Flashback.O sample + some domains
2012-04-12 - OSX-Flashback.K sample + Mac OS malware study set (30+ older samples)
2012-04-16 - Detailed Analysis Of Sykipot (Smartcard Proxy Variant)
2012-04-18 - DarkMegi rootkit - sample (distributed via Blackhole)
2012-04-20 - Analysis of DarkMegi aka NpcDark
2012-04-23 - BKDR_CYSXL.A
2012-05-28 - The Flame- Questions and Answers
2012-05-31 - Flamer- A Recipe for Bluetoothache
2012-06-04 - Small banking Trojan poses major risk
2012-06-05 - Smartcard vulnerabilities in modern banking malware
2012-06-06 - Tinba - Zusy - tiny banker trojan
2012-06-09 - You dirty RAT! Part 1- DarkComet
2012-06-15 - You Dirty RAT! Part 2 – BlackShades NET
2012-06-21 - BlackShades in Syria
2012-06-21 - RAT samples from Syrian Targeted attacks - Blackshades RAT, XTreme RAT, Dark Comet RAT used by Syrian Electronic Army
2012-06-24 - Medre.A - AutoCAD worm samples
2012-07-02 - Sykipot is back
2012-07-13 - Rovnix bootkit framework updated
2012-07-17 - Kaspersky Lab and Seculert Announce ‘Madi,’ a Newly Discovered Cyber-Espionage Campaign in the Middle East
2012-07-17 - The Madi Attacks- Series of Social Engineering Campaigns
2012-07-17 - The Madi Campaign – Part I
2012-07-22 - Xtreme RAT analysis
2012-07-24 - New Apple Mac Trojan Called OSX-Crisis Discovered
2012-07-26 - The Madi Campaign – Part II
2012-08-01 - Inside the ICE IX bot, descendent of Zeus
2012-08-02 - Cridex Analysis using Volatility
2012-08-10 - Gauss samples - Nation-state cyber-surveillance + Banking trojan
2012-08-13 - Syrian Electronic Army
2012-08-16 - Inside Upas Kit (1.0.1.1) aka Rombrast C&C - Botnet Control Panel
2012-08-16 - Shamoon the Wiper – Copycats at Work
2012-08-16 - The Shamoon Attacks
2012-08-17 - Shamoon or DistTrack.A samples
2012-08-20 - Crisis for Windows Sneaks onto Virtual Machines
2012-08-22 - The first Trojan in history to steal Linux and Mac OS X passwords
2012-08-30 - Troj-Binanen-B
2012-09-01 - URLZone reloaded- new evolution
2012-09-18 - QassamCyberFighters's Pastebin
2012-09-19 - Blog Posts on Nitol
2012-09-28 - Dissecting 'Operation Ababil' - an OSINT Analysis
2012-10-05 - Dark Comet 2- Electric Boogaloo
2012-10-09 - BKDR_SARHUST.A
2012-10-09 - SASFIS
2012-10-12 - New Multiplatform Backdoor Jacksbot Discovered
2012-10-13 - WORM_EMUDBOT.JP
2012-10-30 - JACKSBOT Has Some Dirty Tricks up Its Sleeves
2012-11-01 - Tracking the 2012 Sasfis campaign
2012-11-05 - Citadel- a cyber-criminal’s ultimate weapon-
2012-11-13 - New variant of Mac Trojan discovered, targeting Tibet
2012-11-14 - Group Photos.zip OSX-Revir - OSX-iMuler samples March 2012-November 2012
2012-11-16 - Malware Targeting Windows 8 Uses Google Docs
2012-11-16 - Remote Administration Tool for Android devices
2012-11-22 - W32.Narilam – Business Database Sabotage
2012-11-25 - Parastoo Hacks IAEA
2012-11-27 - Threat Description- Troj-Ployx-A
2012-11-28 - Shylock’s New Trick- Evading Malware Researchers
2012-11-29 - Inside view of Lyposit aka (for its friends) Lucky LOCKER
2012-11-29 - What’s the Fuss with WORM_VOBFUS-
2012-12-03 - Compromised library
2012-12-03 - New Mac Malware Found on Dalai Lama Related Website
2012-12-05 - OSX-Dockster.A and Win32-Trojan.Agent.AXMO Samples, pcaps, OSX malware analysis tools
2012-12-06 - Nov 2012 - W32.Narilam Sample
2012-12-07 - Aug 2012 Backdoor.Wirenet - OSX and Linux
2012-12-07 - Aug 2012 W32.Crisis and OSX.Crisis - JAR file Samples - APT
2012-12-07 - Nov 2012 - Backdoor.W32.Makadocs Sample
2012-12-07 - Nov 2012 Worm Vobfus Samples
2012-12-12 - Analysis of VirTool-WinNT-Exforel.A rootkit
2012-12-12 - Unpacking Dexter POS -Memory Dump Parsing- Malware
2012-12-13 - The Dexter Malware- Getting Your Hands Dirty
2012-12-15 - Disclosure of another 0day malware - Analysis of 2nd Dropper and 3rd Dropper (Part 2)
2012-12-15 - Disclosure of another 0day malware - Initial Dropper and Downloader (Part 1)
2012-12-17 - Sample for Sanny - Win32.Daws in CVE-2012-0158 -ACEAN Regional Security Forum- targeting Russian companies
2012-12-18 - Malicious Apache module used for content injection- Linux-Chapro.A
2012-12-19 - Win32-Spy.Ranbyus modifying Java code in RBS Ukraine systems
2012-12-20 - Trojan.Stabuniq Found on Financial Institution Servers
2012-12-21 - Infostealer Dexter Targets Checkout Systems
2012-12-23 - Dec 2012 Dexter - POS Infostealer samples and information
2012-12-24 - Dec 2012 Linux.Chapro - trojan Apache iframer
2012-12-24 - Dec. 2012 Trojan.Stabuniq samples - financial infostealer trojan
2012-12-26 - ZeroAccess - Sirefef Rootkit - 5 fresh samples
2012-12-27 - Nitol botnet
2012-12-29 - Attack and IE 0day Informations Used Against Council on Foreign Relations

Malware Analysis 2013

2013-01-02 - Capstone Turbine Corporation Also Targeted in the CFR Watering Hole Attack And More
2013-01-14 - -Red October- Diplomatic Cyber Attacks Investigation
2013-01-14 - The “Red October” Campaign – An Advanced Cyber Espionage Network Targeting Diplomatic and Government Agencies
2013-01-14 - “Red October” Diplomatic Cyber Attacks Investigation
2013-01-17 - “Red October” – Part Two, the Modules
2013-01-18 - Dec 2012 Batchwiper Samples
2013-01-18 - Polish Takedown Targets ‘Virut’ Botnet
2013-01-19 - Cooperative Efforts To Shut Down Virut Botnet
2013-01-21 - Shylock Not the Lone Threat Targeting Skype
2013-01-24 - Linux-SSHDoor.A Backdoored SSH daemon that steals passwords
2013-01-25 - vSkimmer, Another POS malware
2013-01-27 - Trojan.Win32-Spy.Ranbyus
2013-01-30 - Backdoor.Barkiofork Targets Aerospace and Defense Industry
2013-02-03 - The infection of Styx Exploit Kit (Landing page- painterinvoice.ru + Payload- PWS-Ursnif Variant)
2013-02-04 - Alina 3.4 (POS Malware)
2013-02-04 - What do Win32-Redyms and TDL4 have in common-
2013-02-16 - Jan 2013 - Linux SSHDoor - sample
2013-02-19 - APT1- Q&A on Attacks by the Comment Crew
2013-02-19 - Exclusive- Apple, Macs hit by hackers who targeted Facebook
2013-02-19 - PLA Unit 61398
2013-02-22 - Bamital Botnet Takedown Is Successful; Cleanup Underway
2013-02-22 - Recent Cyberattacks
2013-02-25 - Caphaw attacking major European banks using webinject plugin
2013-02-27 - BKDR_RARSTONE- New RAT to Watch Out For
2013-03-05 - Russian ransomware takes advantage of Windows PowerShell
2013-03-13 - How Theola malware uses a Chrome plugin for banking fraud
2013-03-14 - New Uyghur and Tibetan Themed Attacks Using PDF Exploits
2013-03-20 - Computer Networks in South Korea Are Paralyzed in Cyberattacks
2013-03-20 - Researchers Uncover ‘TeamSpy’ Attack Campaign Against Government, Research Targets
2013-03-21 - New Sykipot developments
2013-03-21 - VSkimmer Botnet Targets Credit Card Payment Terminals
2013-03-22 - Who is Anchor Panda
2013-03-24 - OSX-Pintsized Backdoor Additional Details
2013-03-29 - Whois Numbered Panda
2013-03-30 - Fooled by Andromeda
2013-04-02 - Dark South Korea Total War Review
2013-04-04 - Who is Clever Kitten
2013-04-08 - Banking Trojan Carberp- An Epitaph-
2013-04-11 - Winnti FAQ. More Than Just a Game
2013-04-11 - Winnti. More than just a game
2013-04-12 - Who is Samurai Panda
2013-04-24 - South Korea Incident - New Malware samples
2013-04-26 - Linux-Cdorked.A- New Apache backdoor being used in the wild to serve Blackhole
2013-05-01 - Linux-CDorked FAQs
2013-05-02 - The stealthiness of Linux-Cdorked- a clarification
2013-05-03 - Department of Labor Strategic Web Compromise
2013-05-08 - Alina- Casting a Shadow on POS
2013-05-17 - Alina- Following The Shadow Part 1
2013-05-20 - Lockscreen Win32-Lyposit displayed as a fake MacOs app
2013-05-21 - Unveiling the Locker Bomba (aka Lucky Locker v0.6 aka Lyposit-Adneukine)
2013-05-22 - Mac Spyware- OSX-KitM (Kumar in the Mac)
2013-05-28 - South Korean Financial Companies Targeted by Castov
2013-05-29 - South Korean Financial Companies Targeted by Castov
2013-06-03 - Alina- Following The Shadow Part 2
2013-06-04 - Kaspersky Lab Uncovers ‘Operation NetTraveler,’ a Global Cyberespionage Campaign Targeting Government-Affiliated Organizations and Research Institutes
2013-06-04 - “NetTraveler is Running!” – Red Star APT Attacks Compromise High-Profile Victims
2013-06-07 - KeyBoy, Targeted Attacks against Vietnam and India
2013-06-17 - CrowdStrike Falcon Traces Attacks Back To Hackers
2013-06-19 - Your Facebook connection is now secured! Thank you for your support!
2013-06-26 - Four Years of DarkSeoul Cyberattacks Against South Korea Continue on Anniversary of Korean War
2013-07-15 - Signed Mac Malware Using Right-to-Left Override Trick
2013-07-22 - Multisystem Trojan Janicab attacks Windows and MacOSX via scripts
2013-07-25 - ZeroAccess uses Self-Debugging
2013-07-30 - Versatile and infectious- Win64-Expiro is a cross‑platform file infector
2013-07-31 - Secrets of the Comfoo Masters
2013-08-01 - Andromeda 2.7 features
2013-08-01 - Sophos Discovers ZeroAccess Using RLO
2013-08-02 - Surtr Malware Family Targeting the Tibetan Community
2013-08-07 - Thieves Reaching for Linux—”Hand of Thief” Trojan Targets Linux #INTH3WILD
2013-08-12 - Taleret strings - APT (1)
2013-08-13 - Inside a ‘Reveton’ Ransomware Operation
2013-08-13 - PowerLoader Injection – Something truly amazing
2013-08-25 - The Compromised Devices of the Carna Botnet
2013-08-27 - Linux Trojan “Hand of Thief” ungloved
2013-09-01 - Yet another Andromeda - Gamarue analysis
2013-09-04 - Sykipot Now Targeting US Civil Aviation Sector Information
2013-09-05 - Large botnet cause of recent Tor network overload
2013-09-06 - Evasive Tactics- Taidoor
2013-09-11 - The “Kimsuky” Operation- A North Korean APT-
2013-09-17 - Hidden Lynx – Professional Hackers for Hire
2013-09-18 - A New Wave Of WIN32-CAPHAW Attacks - A ThreatLabZ Analysis
2013-09-21 - Operation DeputyDog- Zero-Day (CVE-2013-3893) Attack Against Japanese Targets
2013-09-24 - Now You See Me - H-worm by Houdini
2013-09-24 - OSX-Leverage.a Analysis
2013-09-25 - The Icefog APT- A Tale of Cloak and Three Daggers
2013-09-25 - Win32-64-Napolar- New Trojan shines on the cyber crime-scene
2013-09-25 - Win32-Napolar – A new bot on the block
2013-09-26 - New Solarbot Malware Debuts, Creator Publicly Advertising
2013-10-10 - Regional Conflict and Cyber Blowback
2013-10-14 - PE_MOFKSYS.A
2013-10-16 - CrowdCasts Monthly- You Have an Adversary Problem
2013-11-06 - VICEROY TIGER Delivers New Zero-Day Exploit
2013-11-09 - T-cmd.cpp
2013-12-04 - The Internet of Everything, Including Malware
2013-12-09 - The Curious Case of the Malicious IIS Module
2013-12-12 - OPERATION “KE3CHANG”-Targeted Attacks Against Ministries of Foreign Affairs
2013-12-17 - Bebloh - a well-known banking Trojan with noteworthy innovations
2013-12-18 - CryptoLocker Ransomware
2013-12-18 - Qadars – a banking Trojan with the Netherlands in its sights
2013-12-23 - Mozi, Another Botnet Using DHT
2013-12-31 - VirusTotal Report for Bee

Malware Analysis 2014

2014-01-14 - The Icefog APT Hits US Targets With Java Backdoor
2014-01-19 - Vietnamese Malware Gets Very Personal
2014-01-21 - Digitally signed data-stealing malware targets Mac users in “undelivered courier item” attack
2014-01-22 - Iran and Russia blamed for state-sponsored espionage
2014-02-02 - U.S. Leads Multi-National Action Against “Gameover Zeus” Botnet and “Cryptolocker” Ransomware, Charges Botnet Administrator
2014-02-03 - Needle in a haystack
2014-02-06 - Исследуем Linux Botnet «BillGates»
2014-02-10 - The Careto-Mask APT- Frequently Asked Questions
2014-02-14 - Analysis of DHS NCCIC Indicators
2014-02-15 - Examining Your Very Own Sefnit Trojan
2014-02-16 - Analysis of CoinThief-A -dropper-
2014-02-17 - Hiding in plain sight- a story about a sneaky banking Trojan
2014-02-19 - XtremeRAT- Nuisance or Threat-
2014-02-21 - An In‑depth Analysis of Linux-Ebury
2014-02-21 - CVE 2014-0322 Malware - Sakurel (Feb 21, 2014)
2014-02-24 - The Art of Attribution Identifying and Pursuing your Cyber Adversaries
2014-02-28 - Uroburos - highly complex espionage software with Russian roots
2014-03-05 - Android RATs Branch out with Dendroid
2014-03-06 - Dexter, Project Hook POS Malware Campaigns Persist
2014-03-06 - The Siesta Campaign- A New Targeted Attack Awakens
2014-03-07 - Uroburos – Deeper travel into kernel protection mitigation
2014-03-12 - A Detailed Examination of the Siesta Campaign
2014-03-12 - Agent.btz- a Source of Inspiration-
2014-03-12 - Uroburos the Snake Rootkit
2014-03-18 - Operation Windigo – the vivisection of a large Linux server‑side credential‑stealing malware campaign
2014-03-18 - Windigo Linux Analysis – Ebury and Cdorked
2014-03-25 - Spear Phishing the News Cycle- APT Actors Leverage Interest in the Disappearance of Malaysian Flight MH 370
2014-04-02 - Tofsee botnet
2014-04-09 - BackDoor.Gootkit.112—a new multi-purpose backdoor
2014-04-15 - Trojan banking
2014-04-17 - A quick analysis of the latest Shadow Brokers dump
2014-04-18 - TROJ64_WOWLIK.VT
2014-04-21 - Hacking Team
2014-04-27 - Analysis of the Predator Pain Keylogger
2014-05-06 - Rovnix new “evolution”
2014-05-13 - Cat Scratch Fever- CrowdStrike Tracks Newly Reported Iranian Actor as FLYING KITTEN
2014-05-13 - Uroburos rootkit- Belgian Foreign Ministry stricken
2014-05-15 - DDoS Trojans attack Linux
2014-05-16 - APT Campaign Leverages the Cueisfry Trojan and Microsoft Word Vulnerability CVE-2014-1761
2014-05-19 - 5 in China Army Face U.S. Charges of Cyberattacks
2014-05-22 - Meet the Zberp Trojan
2014-05-29 - Iranian hackers sucker punch U.S. defense officials with creative social-media scam
2014-05-30 - Taking off the Blackshades
2014-06-02 - Analysis of Uroburos, using WinDbg
2014-06-02 - Molerats, Here for Spring!
2014-06-02 - Sinowal banking trojan
2014-06-04 - Introducing Antak - A webshell which utilizes powershell
2014-06-09 - ZeuS.Maple Variant Targets Canadian Online Banking Customers
2014-06-10 - Clandestine Fox, Part Deux
2014-06-18 - Neutrino Bot (aka MS-Win32-Kasidet)
2014-06-23 - Havex Hunts For ICS-SCADA Systems
2014-07-02 - KIVARS With Venom- Targeted Attacks Upgrade with 64-bit “Support”
2014-07-07 - Deep in Thought- Chinese Targeting of National Security Think Tanks
2014-07-07 - Disect Android APKs like a Pro - Static code analysis
2014-07-08 - Security Matters - Cyberespionage Campaign Hits Energy Companies
2014-07-09 - BrutPOS- RDP Bruteforcing Botnet Targeting POS Systems
2014-07-10 - Versatile DDoS Trojan for Linux
2014-07-11 - The Father of Zeus- Kronos Malware Discovered
2014-07-15 - Targeted Attacks on French Company Exploit Multiple Word Vulnerabilities
2014-07-15 - Unit 42 Technical Analysis- Seaduke
2014-07-16 - Mini Analysis of the TinyBanker Tinba
2014-07-18 - Bird's nest
2014-07-31 - Poweliks- the persistent malware without a file
2014-07-31 - Spy of the Tiger
2014-08-04 - New Release- Decrypting NetWire C2 Traffic
2014-08-07 - Innaput Actors Utilize Remote Access Trojan Since 2016, Presumably Targeting Victim Files
2014-08-07 - Malware Analysis of the Lurk Downloader
2014-08-07 - Sophisticated 'Turla' hackers spying on European governments, say researchers
2014-08-07 - The Epic Turla Operation
2014-08-11 - mht, MS12-27 and malware .info
2014-08-14 - Hunting the Mutex
2014-08-19 - APT Gang Branches Out to Medical Espionage in Community Health Breach
2014-08-20 - “El Machete”
2014-08-24 - Another country-sponsored #malware- Vietnam APT Campaign
2014-08-27 - NetTraveler Gets a Makeover for 10th Anniversary
2014-08-28 - BIFROSE Now More Evasive Through Tor, Used for Targeted Attack
2014-08-28 - Scanbox- A Reconnaissance Framework Used with Watering Hole Attacks
2014-08-29 - Connecting the Dots- Syrian Malware Team Uses BlackWorm for Attacks
2014-08-29 - New BlackPOS Malware Emerges in the Wild, Targets Retail Accounts
2014-08-29 - Sinkholing the Backoff POS Trojan
2014-08-31 - Introduction to the ZeroLocker ransomware
2014-09-03 - ALDIBOT
2014-09-03 - Darwin’s Favorite APT Group
2014-09-04 - PITOU- The -silent- resurrection of the notorious Srizbi kernel spambot
2014-09-11 - TorrentLocker Ransomware Cracked and Decrypter has been made
2014-09-19 - Malware microevolution
2014-09-19 - Recent Watering Hole Attacks Attributed to APT Group “th3bug” Using Poison Ivy
2014-09-21 - Reversing Tinba- World's smallest trojan-banker DGA Code
2014-09-22 - Tinba Malware Reloaded and Attacking Banks Around the World
2014-09-23 - Android malware based on SMS encryption and with KitKat support
2014-09-23 - MALWARE-CNC Win.Trojan.Aytoke variant outbound connection
2014-09-29 - MMD-0028-2014 - Linux-XOR.DDoS- Fuzzy reversing a new China ELF
2014-10-02 - Occupy Central- The Umbrella Revolution and Chinese Intelligence
2014-10-03 - New Indicators of Compromise for APT Group Nitro Uncovered
2014-10-05 - Dissecting SmokeLoader (or Yulia's sweet ass proposition)
2014-10-06 - Data Theft in Aisle 9- A FireEye Look at Threats to Retailers
2014-10-14 - CVE‑2014‑4114- Details on August BlackEnergy PowerPoint Campaigns
2014-10-14 - CrowdStrike Discovers Use of 64-bit Zero-Day Privilege Escalation Exploit (CVE-2014-4113) by Hurricane Panda
2014-10-14 - Sandworm Windows zero-day vulnerability being actively exploited in targeted attacks
2014-10-14 - Security vendors take action against Hidden Lynx malware
2014-10-15 - Operation Windigo- “Good job, ESET!” says malware author
2014-10-20 - OrcaRAT - A whale of a tale
2014-10-27 - Full Disclosure of Havex Trojans
2014-10-27 - ScanBox framework – who’s affected, and who’s using it-
2014-10-30 - COM Object hijacking- the discreet way of persistence
2014-11-03 - BE2 custom plugins, router abuse, and target profiles
2014-11-10 - The Darkhotel APT
2014-11-10 - Thoughts on Absolute Computrace
2014-11-10 - Timeline of Sandworm Attacks
2014-11-11 - The Uroburos case- new sophisticated RAT identified
2014-11-12 - Korplug military targeted attacks- Afghanistan & Tajikistan
2014-11-13 - BASHLITE Affects Devices Running on BusyBox
2014-11-13 - Chinese hackers 'breach Australian media organisations' ahead of G20
2014-11-14 - OnionDuke- APT Attacks Via the Tor Network
2014-11-15 - OnionDuke samples
2014-11-19 - ROVNIX Infects Systems with Password-Protected Macros
2014-11-21 - Operation Double Tap
2014-11-24 - I am Ironman- DEEP PANDA Uses Sakula Malware to Target Organizations in Multiple Sectors
2014-11-24 - Regin- nation-state ownage of GSM networks
2014-11-25 - Curious Korlia
2014-11-25 - Regin APT Attacks Among the Most Sophisticated Ever Analyzed
2014-11-26 - Getmypass Point of Sale Malware
2014-11-26 - TR-23 Analysis - NetWiredRC malware
2014-11-27 - New PoS Malware Kicks off Holiday Shopping Weekend
2014-11-30 - W32-HiAsm.A!tr
2014-12-08 - The Hack of Sony Pictures- What We Know and What You Need to Know
2014-12-08 - The ‘Penquin’ Turla
2014-12-09 - Blue Coat Exposes “The Inception Framework”; Very Sophisticated, Layered Malware Attack Targeted at Military, Diplomats, and Bus
2014-12-09 - Blue Coat Exposes “The Inception Framework”; Very Sophisticated, Layered Malware Attack Targeted at Military, Diplomats, and Business Execs
2014-12-09 - Linux Modules Connected to Turla APT Discovered
2014-12-10 - Cloud Atlas- RedOctober APT is back in style
2014-12-11 - The Evolution of Point-of-Sale (PoS) Malware
2014-12-15 - Banatrix – an indepth look
2014-12-16 - EvilBunny- Malware Instrumented By Lua
2014-12-17 - Dyre Banking Trojan
2014-12-18 - Alina POS malware 'sparks' off a new variant
2014-12-18 - Chthonic- a new modification of ZeuS
2014-12-19 - Alert (TA14-353A)- Targeted Destructive Malware
2014-12-19 - The unrelenting evolution of Vawtrak
2014-12-22 - Virlock- First Self‑Reproducing Ransomware is also a Shape Shifter

Malware Analysis 2015

2015-01-06 - Linux DDoS Trojan hiding itself with an embedded rootkit
2015-01-08 - Getmypass Point of Sale Malware Update
2015-01-08 - Major malvertising campaign spreads Kovter Ad Fraud malware
2015-01-09 - Chanitor Downloader Actively Installing Vawtrak
2015-01-11 - The Mozart RAM Scraper
2015-01-13 - New Carberp variant heads down under
2015-01-14 - Catching the “Inception Framework” Phishing Attack
2015-01-15 - Weiterentwicklung anspruchsvoller Spyware- von Agent.BTZ zu ComRAT
2015-01-20 - Analysis of Project Cobra
2015-01-22 - New RATs Emerge from Leaked Njw0rm Source Code
2015-01-22 - Scarab attackers took aim at select Russian targets since 2012
2015-01-26 - Storm Chasing- Hunting Hurricane Panda
2015-02-04 - Pawn Storm Update- iOS Espionage App Found
2015-02-05 - Anatomy of a Brute Force Campaign- The Story of Hee Thai Limited
2015-02-09 - Anthem Breach May Have Started in April 2014
2015-02-12 - Mobile Malware Gang Steals Millions from South Korean Users
2015-02-15 - Carbanak
2015-02-16 - Equation- The Death Star of Malware Galaxy
2015-02-16 - How “omnipotent” hackers tied to NSA hid for 14 years—and were found at last
2015-02-17 - Ali Baba, the APT group from the Middle East
2015-02-17 - Angry Android hacker hides Xbot malware in popular application icons
2015-02-17 - BE2 extraordinary plugins, Siemens targeting, dev fails
2015-02-17 - The Desert Falcons targeted attacks
2015-02-18 - Babar- Suspected Nation State Spyware In The Spotlight
2015-02-18 - Babar- espionage software finally found and put under the microscope
2015-02-18 - Meet Babar, a New Malware Almost Certainly Created by France
2015-02-18 - Sexually Explicit Material Used as Lures in Recent Cyber Attacks
2015-02-18 - Shooting Elephants
2015-02-19 - Arid Viper – Israel entities targeted by malware packaged with sex video
2015-02-20 - The DGAs of Necurs
2015-02-23 - Cyber Kung-Fu- The Great Firewall Art of DNS Poisoning
2015-02-25 - KINS Banking Trojan Source Code
2015-02-25 - Pony Sourcecode
2015-02-27 - ScanBox Framework
2015-02-27 - The Anthem Hack- All Roads Lead to China
2015-02-27 - VB2014 paper- The pluginer - Caphaw
2015-03-03 - C99Shell not dead
2015-03-03 - PwnPOS- Old Undetected PoS Malware Still Causing Havoc
2015-03-04 - And you get a POS malware name...and you get a POS malware name....and you get a POS malware name....
2015-03-04 - New crypto ransomware in town - CryptoFortress
2015-03-04 - Who’s Really Spreading through the Bright Star-
2015-03-05 - Casper Malware- After Babar and Bunny, Another Espionage Cartoon
2015-03-06 - Animals in the APT Farm
2015-03-07 - Slave, Banatrix and ransomware
2015-03-09 - CryptoFortress mimics TorrentLocker but is a different ransomware
2015-03-10 - The DGA of Pykspa
2015-03-11 - Inside the EquationDrug Espionage Platform
2015-03-11 - Malvertising Targeting European Transit Users
2015-03-19 - Analyzing a Backdoor-Bot forthe MIPS Platform
2015-03-19 - FindPOS- New POS Malware Family Discovered
2015-03-19 - Rocket Kitten Showing Its Claws- Operation Woolen-GoldFish and the GHOLE campaign
2015-03-20 - Threat Spotlight- PoSeidon, A Deep Dive Into Point of Sale Malware
2015-03-28 - UACME
2015-03-30 - Fake Judicial Spam Leads to Backdoor with Fake Certificate Authority
2015-03-30 - New reconnaissance threat Trojan.Laziok targets the energy sector
2015-03-31 - Sinkholing Volatile Cedar DGA Infrastructure
2015-03-31 - Volatile Cedar - Analysis of a Global Cyber Espionage Campaign
2015-04-01 - NewPosThings Has New PoS Things
2015-04-09 - Beebone Botnet Takedown- Trend Micro Solutions
2015-04-09 - Operation Buhtrap, the trap for Russian accountants
2015-04-09 - The Banking Trojan Emotet- Detailed Analysis
2015-04-12 - SIMDA- A Botnet Takedown
2015-04-13 - Analyzing Gootkit's persistence mechanism (new ASEP inside!)
2015-04-13 - Cyber Deterrence in Action- A story of one long HURRICANE PANDA campaign
2015-04-13 - sqlconnt1.exe
2015-04-14 - Unit 42 Identifies New DragonOK Backdoor Malware Deployed Against Japanese Targets
2015-04-15 - Betabot retrospective
2015-04-15 - Elite cyber crime group strikes back after attack by rival APT gang
2015-04-15 - Knowledge Fragment- Bruteforcing Andromeda Configuration Buffers
2015-04-15 - New POS Malware Emerges - Punkey
2015-04-15 - The Chronicles of the Hellsing APT- the Empire Strikes Back
2015-04-15 - The Chronicles of the Hellsing APT_the Empire Strikes Back
2015-04-17 - Andromeda-Gamarue bot loves JSON too (new versions details)
2015-04-18 - Operation RussianDoll- Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia’s APT28 in Highly-Targeted Attack
2015-04-21 - Bedep’s DGA- Trading Foreign Exchange for Malware Domains
2015-04-27 - Attacks against Israeli & Palestinian interests
2015-04-27 - Threat Spotlight- TeslaCrypt – Decrypt It Yourself
2015-04-29 - Unboxing Linux-Mumblehard- Muttering spam from your servers
2015-05-04 - Threat Spotlight- Rombertik – Gazing Past the Smoke, Mirrors, and Trapdoors
2015-05-07 - Dissecting the “Kraken”
2015-05-10 - Third-Party Software Was Entry Point for Background-Check System Hack
2015-05-14 - The Naikon APT
2015-05-15 - Carefirst Blue Cross Breach Hits 1.1M
2015-05-17 - Newest addition to a happy family- KBOT
2015-05-18 - Cmstar Downloader- Lurid and Enfal’s New Cousin
2015-05-18 - TT Malware Log
2015-05-20 - Bedep Ad-Fraud Botnet Analysis – Exposing the Mechanics Behind 153.6M Defrauded Ad Impressions A Day
2015-05-22 - The DGA of Ranbyus
2015-05-23 - NitlovePOS- Another New POS Malware
2015-05-26 - Moose – the router worm with an appetite for social networks
2015-05-29 -The MsnMM Campaigns - The Earliest Naikon APT Campaigns
2015-06-01 - Rhetoric Foreshadows Cyber Activity in the South China Sea
2015-06-01 - “Troldesh” – New Ransomware from Russia
2015-06-03 - Thamar Reservoir – An Iranian cyber-attack campaign against targets in the Middle East
2015-06-04 - KeyBase Keylogger Malware Family Exposed
2015-06-09 - New Data- Volatile Cedar Malware Campaign
2015-06-10 - The Mystery of Duqu 2.0- a sophisticated cyberespionage actor returns
2015-06-15 - Catching Up on the OPM Breach
2015-06-15 - Stegoloader- A Stealthy Information Stealer
2015-06-16 - Operation Lotus Blossom- A New Nation-State Cyberthreat-
2015-06-17 - The Spring Dragon APT
2015-06-18 - So Long, and Thanks for All the Domains
2015-06-19 - Digital Attack on German Parliament- Investigative Report on the Hack of the Left Party Infrastructure in Bundestag
2015-06-22 - Games are over- Winnti is now targeting pharmaceutical companies
2015-06-23 - Operation Clandestine Wolf – Adobe Flash Zero-Day in APT3 Phishing Campaign
2015-06-24 - Elusive HanJuan EK Drops New Tinba Version (updated)
2015-06-24 - Stealthy Cyberespionage Campaign Attacks With Social Engineering
2015-06-24 - UnFIN4ished Business
2015-06-25 - Sundown EK Spreads LuminosityLink RAT- Light After Dark
2015-07-02 - Win32-Lethic Botnet Analysis
2015-07-05 - Spy Tech Company 'Hacking Team' Gets Hacked
2015-07-07 - Dyre Banking Trojan Exploits CVE-2015-0057
2015-07-08 - Animal Farm APT and the Shadow of French Intelligence
2015-07-08 - Butterfly- Profiting from high-level corporate attacks
2015-07-08 - Wild Neutron – Economic espionage threat actor returns with new tricks
2015-07-10 - Sednit APT Group Meets Hacking Team
2015-07-13 - Revisiting The Bunitu Trojan
2015-07-13 - “Forkmeiamfamous”- Seaduke, latest weapon in the Duke armory
2015-07-14 - BernhardPOS
2015-07-14 - TeslaCrypt 2.0 disguised as CryptoWall
2015-07-19 - The Faulty Precursor of Pykspa's DGA
2015-07-20 - Watering Hole Attack on Aerospace Firm Exploits CVE-2015-5122 to Install IsSpace Backdoor
2015-07-22 - Duke APT group's latest tools- cloud services and Linux support
2015-07-23 - An Analysis of the Qadars Banking Trojan
2015-07-27 - UPS- Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload
2015-07-30 - Operation Potao Express- Analysis of a cyber‑espionage toolkit
2015-07-30 - Sakula Malware Family
2015-07-31 - OTX Pulse on PlugX
2015-07-31 - OTX- FBI Flash #68 (PlugX)
2015-08 - Uncovering the Seven Pointed Dagger
2015-08-05 - Newly discovered Chinese hacking group hacked 100+ websites to use as “watering holes”
2015-08-05 - Threat Group 3390 Cyberespionage
2015-08-05 - Who’s Behind Your Proxy- Uncovering Bunitu’s Secrets
2015-08-10 - Darkhotel’s attacks in 2015
2015-08-10 - What’s Next in Malware After Kuluoz-
2015-08-12 - Islamic State Hacking Division
2015-08-12 - Tinba Trojan Sets Its Sights on Romania
2015-08-18 - Knowledge Fragment- Unwrapping Fobber
2015-08-18 - ransomware open-sources
2015-08-19 - Antak WebShell
2015-08-19 - Inside Neutrino botnet builder
2015-08-20 - Retefe Banking Trojan Targets Sweden, Switzerland and Japan
2015-08-24 - Sphinx- New Zeus Variant for Sale on the Black Market
2015-08-26 - Sphinx, a new variant of Zeus available for sale in the underground
2015-08-27 - London Calling- Two-Factor Authentication Phishing From Iran
2015-08-27 - New Spear Phishing Campaign Pretends to be EFF
2015-08-31 - Shifu- ‘Masterful’ New Banking Trojan Is Attacking 14 Japanese Banks
2015-09-01 - Attackers Target Organizations in Japan; Transform Local Sites into C&C Servers for EMDIVI Backdoor
2015-09-01 - Fancy Bear
2015-09-08 - Carbanak gang is back and packing new guns
2015-09-09 - Pony Stealer Malware
2015-09-09 - Satellite Turla- APT Command and Control in the Sky
2015-09-11 - CSI MacMark- Janicab
2015-09-11 - SUCEFUL- Next Generation ATM Malware
2015-09-12 - Stuxnet code
2015-09-14 - The Shade Encryptor- a Double Threat
2015-09-16 - Operation Iron Tiger- Attackers Shift from East Asia to the United States
2015-09-17 - The Dukes- 7 Years Of Russian Cyber-Espionage
2015-09-18 - Operation Arid Viper Slithers Back into View
2015-09-23 - Chinese Actors Use ‘3102’ Malware in Attacks on US Government and EU Media
2015-09-23 - Quaverse RAT- Remote-Access-as-a-Service
2015-09-24 - Credit Card-Scraping Kasidet Builder Leads to Spike in Detections
2015-09-24 - Kovter malware learns from Poweliks with persistent fileless registry update
2015-09-25 - Notes on Linux-Xor.DDoS
2015-09-28 - Gaza cybergang, where’s your IR team-
2015-09-28 - Hammertoss- What, Me Worry-
2015-09-28 - Two New PoS Malware Affecting US SMBs
2015-09-29 - Andromeda Bot Analysis part 1
2015-09-29 - Andromeda Bot Analysis part 2
2015-10-01 - Linux.Rekoobe.1
2015-10-06 - I am HDRoot! Part 1
2015-10-06 - MOKER- A NEW APT DISCOVERED WITHIN A SENSITIVE NETWORK
2015-10-06 - Targeted Attack Exposes OWA Weakness
2015-10-06 - Ticked Off- Upatre Malware’s Simple Anti-analysis Trick to Defeat Sandboxes
2015-10-07 - Hacker Group Creates Network of Fake LinkedIn Profiles
2015-10-08 - Dyre Malware Campaigners Innovate with Distribution Techniques
2015-10-09 - Beta Bot Analysis- Part 1
2015-10-09 - Latest TeslaCrypt Ransomware Borrows Code From Carberp Trojan
2015-10-12 - Keybase Logger-Clipboard-CredsStealer campaign
2015-10-13 - Dridex (Bugat v5) Botnet Takeover Operation
2015-10-13 - I am HDRoot! Part 2
2015-10-13 - New Adobe Flash Zero-Day Used in Pawn Storm Campaign Targeting Foreign Affairs Ministries
2015-10-13 - Prolific Cybercrime Gang Favors Legit Login Credentials
2015-10-15 - Archivist
2015-10-16 - Surveillance Malware Trends- Tracking Predator Pain and HawkEye
2015-10-17 - How to Write Simple but Sound Yara Rules – Part 2
2015-10-19 - Github Repository for AllaKore
2015-10-22 - Pawn Storm Targets MH17 Investigation Team
2015-10-26 - Duuzer back door Trojan targets South Korea to take over computers
2015-10-28 - Reversing the C2C HTTP Emmental communication
2015-11-02 - Modular trojan for hidden access to a computer
2015-11-02 - Shifu – the rise of a self-destructive banking trojan
2015-11-02 - Troj-Cryakl-B
2015-11-03 - Reversing the SMS C&C protocol of Emmental (1st part - understanding the code)
2015-11-04 - A Technical Look At Dyreza
2015-11-04 - DroidJack isn’t the only spying software out there- Avast discovers OmniRat
2015-11-04 - “Offline” Ransomware Encrypts Your Data without C&C Communication
2015-11-05 - Sphinx Moth- Expanding our knowledge of the “Wild Neutron” - “Morpho” APT
2015-11-06 - OmniRAT Takes Over Android Devices Through Social Engineering Tricks
2015-11-10 - Bookworm Trojan- A Model of Modular Architecture
2015-11-10 - Talking to Dridex (part 0) – inside the dropper
2015-11-11 - AbaddonPOS- A new point of sale threat linked to Vawtrak
2015-11-11 - Operation Buhtrap malware distributed via ammyy.com
2015-11-16 - Introducing LogPOS
2015-11-16 - Shining the Spotlight on Cherry Picker PoS Malware
2015-11-17 - New Memory Scraping Technique in Cherry Picker PoS Malware
2015-11-20 - A king's ransom- an analysis of the CTB-locker ransomware
2015-11-25 - Detecting GlassRAT using Security Analytics and ECAT
2015-11-30 - Inside Braviax-FakeRean- An analysis and history of a FakeAV family
2015-12-01 - China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets
2015-12-01 - Operation Black Atlas Endangers In-Store Card Payments and SMBs Worldwide; Switches between BlackPOS and Other Tools
2015-12-03 - Colombians major target of email campaigns delivering Xtreme RAT
2015-12-04 - Sofacy APT hits high profile targets with updated toolset
2015-12-07 - Iran-based attackers use back door threats to spy on Middle Eastern targets
2015-12-08 - Packrat- Seven Years of a South American Threat Actor
2015-12-08 - VT Report for SmartEyes
2015-12-11 - LATENTBOT- Trace Me If You Can
2015-12-15 - Newcomers in the Derusbi family
2015-12-16 - Nemucod malware spreads ransomware Teslacrypt around the world
2015-12-17 - SlemBunk- An Evolving Android Trojan Family Targeting Users of Worldwide Banking Apps
2015-12-18 - Attack on French Diplomat Linked to Operation Lotus Blossom
2015-12-22 - BBSRAT Attacks Targeting Russian Organizations Linked to Roaming Tiger
2015-12-22 - Kraken's two Domain Generation Algorithms
2015-12-26 - Backdoor- Win32-Hesetox.A- vSkimmer POS Malware Analysis 
2015-12-31 - Overseas -Dark Inn- organization launched an APT attack on executives of domestic enterprises

Malware Analysis 2016

2016-01-01 - Die erste Ransomware in JavaScript- Ransom32
2016-01-09 - Confirmation of a Coordinated Attack on the Ukrainian Power Grid
2016-01-12 - The Magnificent FIN7- Revealing a Cybercriminal Threat Group
2016-01-12 - Trochilus RAT Evades Antivirus Detection, Used for Cyber-Espionage in South-East Asia
2016-01-13 - Russian group behind 2013 Foreign Ministry hack
2016-01-18 - Updated Blackmoon banking Trojan stays focused on South Korean banking customers
2016-01-21 - NetTraveler Spear-Phishing Email Targets Diplomat of Uzbekistan
2016-01-22 - New Attacks Linked to C0d0so0 Group
2016-01-22 - PlugX APT Malware
2016-01-22 - Sykipot APT Malware
2016-01-22 - The Impact of Dragonfly Malware on Industrial Control Systems
2016-01-23 - Imminent Monitor 4 RAT Analysis – A Glance
2016-01-24 - Scarlet Mimic- Years-Long Espionage Campaign Targets Minority Activists
2016-01-26 - URLZone Zones in on Japan
2016-01-27 - Introducing Hi-Zor RAT
2016-01-28 - BlackEnergy APT Attacks in Ukraine employ spearphishing with Word documents
2016-01-28 - CenterPOS- An Evolving POS Threat
2016-01-28 - Keybase
2016-01-29 - From Linux to Windows – New Family of Cross-Platform Desktop Backdoors Discovered
2016-01-29 - Malicious Office Files Dropping Kasidet And Dridex
2016-01-29 - VB2015 paper- It's A File Infector... It’s Ransomware... It's Virlock
2016-02-02 - DMA Locker- New Ransomware, But No Reason To Panic
2016-02-02 - Vipasana ransomware new ransom on the block
2016-02-03 - Emissary Trojan Changelog- Did Operation Lotus Blossom Cause It to Evolve-
2016-02-05 - Vawtrak and UrlZone Banking Trojans Target Japan
2016-02-08 - APT-style bank robberies increase with Metel, GCMAN and Carbanak 2.0 attacks
2016-02-09 - Bedep Lurking in Angler's Shadows
2016-02-09 - Chinese Cyberspies Pivot To Russia In Wake Of Obama-Xi Pact
2016-02-09 - DMA Locker Strikes Back
2016-02-09 - Poseidon Group- a Targeted Attack Boutique specializing in global cyber-espionage
2016-02-12 - A Look Into Fysbis- Sofacy’s Linux Backdoor
2016-02-12 - Security Alert- Mazar BOT – the Android Malware That Can Erase Your Phone
2016-02-14 - PadCrypt The first ransomware with Live Support Chat and an Uninstaller
2016-02-17 - OceanLotus for OS X – an Application Bundle Pretending to be an Adobe Flash Update
2016-02-17 - Russian Police Prevented Massive Banking Sector Cyber Attack
2016-02-18 - New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom
2016-02-19 - Citadel 0.0.1.1 (Atmos)
2016-02-21 - Phorpiex - An IRC worm
2016-02-21 - Source code for powerful Android banking malware is leaked
2016-02-22 - Russian bank employees received fake job offers in targeted email attack
2016-02-24 - Operation Blockbuster Coalition Ties Destructive Attacks to Lazarus Group
2016-02-24 - The DGA of Qakbot.T
2016-02-25 - KeyBase Threat Grows Despite Public Takedown- A Picture is Worth a Thousand Words
2016-02-26 - Nymaim Moves Past Its Ransomware Roots - What Is Old Is New Again
2016-02-29 - New Malware ‘Rover’ Targets Indian Ambassador to Afghanistan
2016-02-29 - The “HawkEye” attack- how cybercrooks target small businesses for big money
2016-03-01 - Look Into Locky Ransomware
2016-03-01 - Shrouded Crossbow Creators Behind BIFROSE for UNIX
2016-03-01 - Taiwan Presidential Election- A Case Study on Thematic Targeting
2016-03-03 - Attack on Zygote- a new twist in the evolution of mobile threats
2016-03-04 - Tracing the Lineage of DarkSeoul
2016-03-06 - Network detector for Winnti malware
2016-03-06 - New OS X Ransomware KeRanger Infected Transmission BitTorrent Client Installer
2016-03-07 - RedHat Hacker.asp
2016-03-09 - Korean Energy and Transportation Targets Attacked by OnionDog APT
2016-03-10 - Death Comes Calling- Thanatos-Alphabot Trojan Hits the Market
2016-03-11 - Cerber ransomware- new, but mature
2016-03-11 - Gaudox - HTTP Bot (1.1.0.1) - C++-ASM - Ring3 Rootkit - Watchdog - Antis
2016-03-11 - PowerSniff Malware Used in Macro-based Attacks
2016-03-14 - Digital Quartermaster Scenario Demonstrated in Attacks Against the Mongolian Government
2016-03-15 - Suckfly- Revealing the secret life of your code signing certificates
2016-03-18 - Teslacrypt Spam Campaign- “Unpaid Issue…”
2016-03-18 - Xor DDoS
2016-03-20 - Hidden Tear Project- Forbidden Fruit Is the Sweetest
2016-03-21 - OS X Malware Samples Analyzed
2016-03-23 - Gozi ISFB Sourceccode
2016-03-23 - New self‑protecting USB trojan able to avoid detection
2016-03-23 - SamSam- The Doctor Will See You, After He Pays The Ransom
2016-03-24 - Maktub Locker – Beautiful And Dangerous
2016-03-25 - ProjectM- Link Found Between Pakistani Actor and Operation Transparent Tribe
2016-03-29 - Taiwan targeted with new cyberespionage back doorTrojan
2016-03-30 - Ransomware Deployed by Adversary with Established Foothold
2016-03-31 - The evolution of Brazilian Malware
2016-04-01 - Petya – Taking Ransomware To The Low Level
2016-04-06 - Andromeda under the microscope
2016-04-06 - Bootkit's development overview and trend (X)
2016-04-06 - Locky Ransomware Is Becoming More Sophisticated - Cybercriminals Continue Email Campaign Innovation
2016-04-07 - FBI Quietly Admits to Multi-Year APT Attack, Sensitive Data Stolen
2016-04-08 - CryptoHost Decrypted Locks files in a password protected RAR File
2016-04-11 - Manamecrypt – a ransomware that takes a different route
2016-04-13 - Ghosts in the Endpoint
2016-04-14 - Bedep has raised its game vs Bot Zombies
2016-04-14 - Meet GozNym- The Banking Malware Offspring of Gozi ISFB and Nymaim
2016-04-14 - Targeted Ransomware Activity
2016-04-16 - Ever Present Persistence - Established Footholds Seen in the Wild
2016-04-19 - MULTIGRAIN – Point of Sale Attackers Make an Unhealthy Addition to the Pantry
2016-04-19 - Your Package Has Been Successfully Encrypted- TeslaCrypt 4.1A and the Malware Attack Chain
2016-04-21 - PoS Attacks Net Crooks 20 Million Stolen Bank Cards
2016-04-21 - When entropy meets Shannon
2016-04-22 - New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy Activists
2016-04-22 - Tater- A PowerShell implementation of the Hot Potato Windows Privilege Escalation exploit.
2016-04-25 - Attackers Behind GozNym Trojan Set Sights on Europe
2016-04-26 - Digging deep for PLATINUM
2016-04-27 - Freezer Paper around Free Meat (Repackaging Open Source BeEF for Tracking and More)
2016-04-27 - Freezer Paper around Free Meat
2016-04-28 - Research Spotlight- The Resurgence of Qbot
2016-04-28 - Tick cyberespionage group zeros in on Japan
2016-05-02 - Prince of Persia Hashes
2016-05-02 - Prince of Persia- Infy Malware Active In Decade of Targeted Attacks
2016-05-03 - A Universal Windows Bootkit
2016-05-03 - The Continuing Evolution of Samas Ransomware
2016-05-05 - Sophisticated New Packer Identified in CryptXXX Ransomware Sample
2016-05-06 - 7ev3n ransomware turning ‘HONE$T’
2016-05-09 - KRBanker Targets South Korea Through Adware and Exploit Kits
2016-05-09 - PSEUDO-DARKLEECH ANGLER EK FROM 185.118.66.154 SENDS BEDEP-CRYPTXXX
2016-05-09 - PseudoDarkLeech Angler EK from 185.118.66.154 sends Bedep-CryptXXX
2016-05-10 - Setting Sights On Retail- AbaddonPOS Now Targeting Specific POS Software
2016-05-11 - Threat Actor Leverages Windows Zero-day Exploit in Payment Card Data Attacks
2016-05-12 - Chinese-language Ransomware ‘SHUJIN’ Makes An Appearance
2016-05-12 - Hancitor and Ruckguv Reappear, Updated and With Vawtrak On Deck
2016-05-12 - LatentBot – modularny i silnie zaciemniony bot
2016-05-13 - CYBER HEIST ATTRIBUTION
2016-05-15 - What We Can Learn From the Bangladesh Central Bank Cyber Heist
2016-05-16 - Vietnamese Bank Blocks $1 Million SWIFT Heist
2016-05-17 - ATM infector
2016-05-17 - Indian organizations targeted in Suckfly attacks
2016-05-18 - Operation Groundbait- Espionage in Ukrainian war zones
2016-05-19 - Petya and Mischa – Ransomware Duet (Part 1)
2016-05-20 - Special Report- Cyber thieves exploit banks' faith in SWIFT transfer network
2016-05-22 - Cron has fallen
2016-05-22 - Operation Ke3chang Resurfaces With New TidePool Malware
2016-05-23 - DMA Locker 4.0- Known ransomware preparing for a massive distribution
2016-05-23 - Technical Report about the Malware used in the Cyberespionage against RUAG
2016-05-24 - New Wekby Attacks Use DNS Requests As Command and Control Mechanism
2016-05-25 - CVE-2015-2545- overview of current threats
2016-05-26 - SWIFT attackers’ malware linked to more financial attacks
2016-05-26 - The OilRig Campaign- Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor
2016-05-29 - Keep Calm and (Don’t) Enable Macros- A New Threat Actor Targets UAE Dissidents
2016-06 - Form Grabber 2016 [Crome,FF,Opera,Thunderbird, Outlook IE Safari] Hack the world
2016-06-02 - FastPOS- Quick and Easy Credit Card Theft
2016-06-03 - Cooking Up Autumn (Herbst) Ransomware
2016-06-06 - Everyone sees not what they want to see
2016-06-07 - The Story of yet another ransom-fail-ware
2016-06-08 - Spear Phishing Attacks- Why They are Successful and How to Stop Them
2016-06-09 - Reverse-engineering DUBNIUM
2016-06-11 - The Chinese Hackers in the Back Office
2016-06-14 - CVE-2016-4171 – Adobe Flash Zero-day used in targeted attacks
2016-06-14 - New Sofacy Attacks Against US Government Agency
2016-06-15 - Bears in the Midst- Intrusion into the Democratic National Committee
2016-06-15 - Mofang- A politically motivated information stealing adversary
2016-06-15 - Unsupported TeamViewer Versions Exploited For Backdoors, Keylogging
2016-06-17 - In The Wild- Mobile Malware Implements New Features
2016-06-17 - Operation Daybreak
2016-06-17 - ScarCruft APT Group Used Latest Flash Zero Day in Two Dozen Attacks
2016-06-21 - The Curious Case of an Unknown Trojan Targeting German-Speaking Users
2016-06-22 - After Angler- Shift in Exploit Kit Landscape and New Crypto-Ransomware Activity
2016-06-23 - POS and Credit Cards- In the Line of Fire with “PunkeyPOS”
2016-06-24 - Ani-Shell
2016-06-25 - Rokku Ransomware shows possible link with Chimera
2016-06-25 - SectorC08- Multi-Layered SFX in Recent Campaigns Target Ukraine
2016-06-28 - Prince of Persia – Game Over
2016-06-29 - Apocalypse- Ransomware which targets companies through insecure RDP
2016-07-01 - How I Cracked a Keylogger and Ended Up in Someone's Inbox
2016-07-01 - KeyBase - A New Keylogger on the Block
2016-07-03 - Android Triada modular trojan
2016-07-05 - New Backdoor Allows Full Access to Mac Systems, Bitdefender Warns
2016-07-06 - New OSX-Keydnap malware is hungry for credentials
2016-07-07 - NetTraveler APT Targets Russian, European Interests
2016-07-07 - New threat dubbed Zepto Ransomware is spreading out with a new email spam campaign. It is a variant of the recent Locky Ransomware.
2016-07-08 - GootKit- Bobbing and Weaving to Avoid Prying Eyes
2016-07-08 - Investigating the LuminosityLink Remote Access Trojan Configuration
2016-07-08 - The Dropping Elephant – aggressive cyber-espionage in the Asian region
2016-07-11 - When Paying Out Doesn't Pay Off
2016-07-12 - Malware Discovered – SFG- Furtim Malware Analysis
2016-07-12 - Me and Mr. Robot- Tracking the Actor Behind the MAN1 Crypter
2016-07-13 - Troldesh ransomware influenced by (the) Da Vinci code
2016-07-14 - Technical Notes on Sakula
2016-07-18 - Third time (un)lucky – improved Petya is out
2016-07-20 - CrypMIC Ransomware Wants to Follow CryptXXX’s Footsteps
2016-07-21 - Canadian Man Behind Popular ‘Orcus RAT’
2016-07-21 - Phishing Attacks Employ Old but Effective Password Stealer
2016-07-22 - Stampado Ransomware campaign decrypted before it Started
2016-07-25 - Patchwork cyberespionage group expands targets from governments to wide range of industries
2016-07-26 - Attack Delivers ‘9002’ Trojan Through Google Drive
2016-07-26 - OTX Pulse on R980 ransomware
2016-07-26 - Threat Actors Using Legitimate PayPal Accounts To Distribute Chthonic Banking Trojan
2016-07-30 - Luminosity RAT - Re-purposed
2016-08 - Analysis of a packed Pony downloader
2016-08-01 - CrowdStrike’s New Methodology for Tracking eCrime
2016-08-02 - Orcus – Birth of an unusual plugin builder RAT
2016-08-04 - Iran Threats Webpage
2016-08-04 - Iranian Actor -Group5- Targeting Syrian Opposition
2016-08-04 - What is Multigrain- Learn what makes this PoS malware different
2016-08-05 - Smoke Loader – downloader with a smokescreen still alive
2016-08-07 - Strider- Cyberespionage group turns eye of Sauron on targets
2016-08-08 - Doctor Web detected Linux Trojan written in Go
2016-08-08 - MONSOON - Analysis Of An APT Campaign
2016-08-08 - Possibly Italy-Born Android RAT Reported in China, Find Bitdefender Researchers
2016-08-08 - ProjectSauron- top level cyber-espionage platform covertly extracts encrypted government comms
2016-08-08 - Strider- Cyberespionage group turns eye of Sauron on targets
2016-08-10 - Android Marcher- Continuously Evolving Mobile Malware
2016-08-10 - CryptXXX - CrypMIC – intensywnie dystrybuowany ransomware w ramach exploit-kitów
2016-08-11 - Smrss32 (.encrypted) Ransomware Help & Support - _HOW_TO_Decrypt.bmp
2016-08-15 - Shakti Trojan- Document Thief
2016-08-16 - Aveo Malware Family Targets Japanese Speaking Users
2016-08-16 - Brazil Can’t Catch a Break- After Panda Comes the Sphinx
2016-08-17 - Operation Ghoul- targeted attacks on industrial and engineering organizations
2016-08-18 - The Shadow Brokers
2016-08-19 - New Hancitor Malware- Pimp my Downloaded
2016-08-22 - BLATSTING FUNKSPIEL
2016-08-22 - Trojan.Mutabaha.1
2016-08-22 - VB Dropper and Shellcode for Hancitor Reveal New Techniques Behind Uptick
2016-08-23 - GozNym Banking Trojan Targeting German Banks
2016-08-23 - Russian hackers 'Fancy Bear' likely breached Olympic drug-testing agency and DNC, experts say
2016-08-25 - Shakti Trojan - Technical Analysis
2016-08-25 - Unpacking the spyware disguised as antivirus
2016-08-28 - FEINTCLOUD
2016-08-29 - Fantom ransomware impersonates Windows update
2016-08-29 - German Speakers Targeted by SPAM Leading to Ozone RAT
2016-08-29 - Nightmare on Tor Street- Ursnif variant Dreambot adds Tor functionality
2016-08-30 - OSX-Keydnap spreads via signed Transmission application
2016-08-30 - Pythons and Unicorns and Hancitor…Oh My! Decoding Binaries Through Emulation
2016-09-01 - TADAQUEOUS moments
2016-09-02 - Necurs – hybrid spam botnet
2016-09-04 - BLATSTING Command-and-Control protocol
2016-09-05 - Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems
2016-09-06 - Blatsting C&C Transcript
2016-09-06 - Buckeye cyberespionage group shifts gaze from US to Hong Kong
2016-09-07 - The Missing Piece – Sophisticated OS X Backdoor Discovered
2016-09-08 - Doctor Web discovers Linux Trojan written in Rust
2016-09-08 - The Philadelphia Ransomware offers a Mercy Button for Compassionate Criminals
2016-09-09 - GOVRAT V2.0 - Attacking US military and government
2016-09-11 - BUZZDIRECTION- BLATSTING reloaded
2016-09-11 - Free Darktrack RAT Has the Potential of Being the Best RAT on the Market Search
2016-09-13 - DualToy- New Windows Trojan Sideloads Risky Apps to Android and iOS Devices
2016-09-13 - H1N1- Technical analysis reveals new capabilities
2016-09-13 - The curious case of BLATSTING's RSA implementation
2016-09-14 - BkSoD by Ransomware- HDDCryptor Uses Commercial Tools to Encrypt Network Shares and Lock HDDs
2016-09-15 - MILE TEA- Cyber Espionage Campaign Targets Asia Pacific Businesses and Government Agencies
2016-09-16 - Tofsee – modular spambot
2016-09-16 - iSpy Keylogger
2016-09-17 - A few notes on SECONDDATE's C&C protocol
2016-09-19 - Untangling the Ripper ATM Malware
2016-09-20 - Hackers lurking, parliamentarians told _ News _ DW _ 20.09.2016
2016-09-20 - Hackers lurking, parliamentarians told
2016-09-20 - Meanwhile in Britain, Qadars v3 Hardens Evasion, Targets 18 UK Banks
2016-09-21 - KrebsOnSecurity Hit With Record DDoS
2016-09-21 - Reversing GO binaries like a pro
2016-09-22 - Book of Eli- African targeted attacks
2016-09-22 - Zeus Delivered by DELoader to Defraud Customers of Canadian Banks
2016-09-23 - Dissecting a Hacktivist’s DDoS Tool- Saphyra Revealed
2016-09-23 - Hancitor (AKA Chanitor) observed using multiple attack approaches
2016-09-23 - SECONDDATE in action
2016-09-26 - Sofacy’s ‘Komplex’ OS X Trojan
2016-09-27 - Komplex Mac backdoor answers old questions
2016-09-27 - New Voldemort-Nagini Ransomware Virus Infection
2016-09-27 - Threat Spotlight- GozNym
2016-09-28 - Belling the BEAR
2016-09-28 - Confucius Says…Malware Families Get Further By Abusing Legitimate Websites
2016-09-28 - Highly Evasive Code Injection Awaits User Interaction Before Delivering Malware
2016-09-28 - Introducing Her Royal Highness the Princess Locker Ransomware
2016-09-29 - TeamXRat- Brazilian cybercrime meets ransomware
2016-09-29 - Want Tofsee My Pictures- A Botnet Gets Aggressive
2016-09-30 - Hacked Steam accounts spreading Remote Access Trojan
2016-10-01 - Source Code for IoT Botnet ‘Mirai’ Released
2016-10-01 - ‘Shadow Brokers’ Whine That Nobody Is Buying Their Hacked NSA Files
2016-10-03 - On the StrongPity Waterhole Attacks Targeting Italian and Belgian Encryption Users
2016-10-03 - Polyglot – the fake CTB-locker
2016-10-03 - Remsec driver analysis
2016-10-04 - OilRig Malware Campaign Updates Toolset and Expands Targets
2016-10-05 - FastPOS Updates in Time for the Retail Sale Season
2016-10-09 - SiteIntel- Cyber Caliphate Army
2016-10-10 - How France's TV5 was almost destroyed by 'Russian hackers'
2016-10-10 - Remsec driver analysis - Part 2
2016-10-11 - Odinaff- New Trojan used in high level financial attacks
2016-10-11 - Remsec driver analysis - Part 3
2016-10-15 - TrickBot- We Missed you, Dyre
2016-10-17 - A Tale of Two Targets
2016-10-17 - New-looking Sundown EK drops Smoke Loader, Kronos banker
2016-10-17 - RotorCrypt (RotoCrypt) Ransomware Support Topic - .tar, .c400, .c300, .GRANIT
2016-10-17 - ‘DealersChoice’ is Sofacy’s Flash Player Exploit Platform
2016-10-18 - Digitally Signed Malware Targeting Gaming Companies
2016-10-20 - RotorCrypt (RotoCrypt) Ransomware Tar Ransomware
2016-10-20 - TheMoon - A P2P botnet targeting Home Routers
2016-10-21 - BITTER- a targeted attack against Pakistan
2016-10-24 - Evasive Malware Detects and Defeats Virtual Machine Analysis
2016-10-24 - Introducing TrickBot, Dyreza’s successor
2016-10-25 - Houdini’s Magic Reappearance
2016-10-25 - TrickBot Banker Insights
2016-10-26 - Moonlight – Targeted attacks in the Middle East
2016-10-27 - BLACKGEAR Espionage Campaign Evolves, Adds Japan To Target List
2016-10-27 - In-Dev Ransomware forces you do to Survey before unlocking Computer
2016-10-27 - Inside the Gootkit C&C server
2016-10-27 - Mirai DDoS Botnet- Source Code & Binary Analysis
2016-10-28 - zxshell repository
2016-10-31 - Second Shadow Brokers dump released
2016-11-01 - Ursnif Malware- Deep Technical Dive
2016-11-02 - Exposing the EGO MARKET- the cybercrime performed by the Linux-Moose botnet
2016-11-02 - Linux-Moose- Still breathing
2016-11-02 - Nymaim Malware- Deep Technical Dive – Adventures in Evasive Malware
2016-11-07 - Little Trickbot Growing Up- New Campaign
2016-11-08 - Analysis of IOS.GUIINJECT Adware Library
2016-11-08 - Analysis of iOSGuiInject Adware Library
2016-11-08 - SPAMTORTE VERSION 2- DISCOVERY OF AN ADVANCED, MULTILAYERED SPAMBOT CAMPAIGN THAT IS BACK WITH A VENGEANCE
2016-11-09 - Down the H-W0rm Hole with Houdini’s RAT
2016-11-09 - Tricks of the Trade- A Deeper Look Into TrickBot’s Machinations
2016-11-10 - Floki Bot and the stealthy dropper
2016-11-14 - Doctor Web discovers a botnet that attacks Russian banks
2016-11-14 - Ransoc Desktop Locking Ransomware Ransacks Local Files and Social Media Profiles
2016-11-15 - CryptoLuck Ransomware being Malvertised via RIG-E Exploit Kits
2016-11-15 - Kronos Banking Trojan Used to Deliver New Point-of-Sale Malware
2016-11-15 - ScanPOS, new POS malware being distributed by Kronos
2016-11-17 - It’s Parliamentary - KeyBoy and the targeting of the Tibetan Community
2016-11-17 - Princess Locker decryptor
2016-11-21 - Android malware analysis with Radare- Dissecting the Triada Trojan
2016-11-21 - PrincessLocker – ransomware with not so royal encryption
2016-11-22 - Cobalt hackers executed massive, synchronized ATM heists across Europe, Russia
2016-11-22 - Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy
2016-11-23 - Analysis- Ursnif - spying on your data since 2007
2016-11-23 - InPage zero-day exploit used to attack financial institutions in Asia
2016-11-28 - A New All-in-One Botnet- Proteus
2016-11-28 - NetWire RAT Steals Payment Card Data
2016-11-30 - Bladabindi Remains A Constant Threat By Using Dynamic DNS Services
2016-11-30 - Shamoon 2- Return of the Disttrack Wiper
2016-11-30 - Shamoon- Back from the dead and destructive as ever
2016-12-01 - Alert (TA16-336A)- Avalanche (crimeware-as-a-service infrastructure)
2016-12-01 - CNACOM - Open Source Exploitation via Strategic Web Compromise
2016-12-06 - August in November- New Information Stealer Hits the Scene
2016-12-06 - Deep Analysis of the Online Banking Botnet TrickBot
2016-12-07 - August in November- New Information Stealer Hits the Scene
2016-12-07 - Floki Bot Strikes, Talos and Flashpoint Respond
2016-12-07 - The TrickBot Evolution
2016-12-08 - Thyssenkrupp victim of cyber attack
2016-12-09 - -Proof of Concept- CryptoWire Ransomware Spawns Lomix and UltraLocker Families
2016-12-09 - New Exo Android Trojan Sold on Hacking Forums, Dark Web
2016-12-09 - Windows 10- protection, detection, and response against recent Depriz malware attacks
2016-12-13 - The rise of TeleBots- Analyzing disruptive KillDisk attacks
2016-12-14 - MiKey - A Linux keylogger
2016-12-14 - Twin zero-day attacks- PROMETHIUM and NEODYMIUM target individuals in Europe
2016-12-15 - Goldeneye Ransomware – the Petya-Mischa combo rebranded
2016-12-15 - Let It Ride- The Sofacy Group’s DealersChoice Attacks Continue
2016-12-16 - Bayrob- Three suspects extradited to face charges in US
2016-12-19 - Dismantling a Nuclear Bot
2016-12-20 - Alice- A Lightweight, Compact, No-Nonsense ATM Malware
2016-12-20 - New Linux-Rakos threat- devices and servers under SSH scan (again)
2016-12-22 - Tofsee Spambot features .ch DGA - Reversal and Countermesaures
2016-12-23 - Emsisoft Decryptor for GlobeImposter
2016-12-26 - Rocket Kitten
2016-12-27 - ANALYSIS OF AUGUST STEALER MALWARE
2016-12-27 - Pegasus internals- Technical Teardown of the Pegasus malware and Trident exploit chain
2016-12-28 - Switcher- Android joins the ‘attack-the-router’ club
2016-12-29 - GRIZZLY STEPPE – Russian Malicious Cyber Activity
2016-12-29 - Some notes on IoCs

Malware Analysis 2017

2017-01-01 - Mac Malware of 2016
2017-01-03 - Technical details on the Fancy Bear Android malware (poprd30.apk)
2017-01-04 - Exposing an AV-Disabling Driver Just in Time for Lunch
2017-01-04 - FireCrypt Ransomware Comes With a DDoS Component
2017-01-04 - Technical analysis of CryptoMix-CryptFile2 ransomware
2017-01-05 - DragonOK Updates Toolset and Targets Multiple Geographic Regions
2017-01-05 - KillDisk now targeting Linux- Demands $250K ransom, but can’t decrypt
2017-01-05 - Taiwan ATM heist linked to European hacking spree- security firm
2017-01-06 - 2016 Updates to Shifu Banking Trojan
2017-01-09 - Second Wave of Shamoon 2 Attacks Identified
2017-01-10 - Client Maximus- New Remote Overlay Malware Highlights Rising Malcode Sophistication in Brazil
2017-01-10 - Ransomware Recap- Dec. 19 - Dec. 31, 2016
2017-01-11 - Post-holiday spam campaign delivers Neutrino Bot
2017-01-12 - New Variant of Ploutus ATM Malware Observed in the Wild in Latin America
2017-01-12 - The “EyePyramid” attacks
2017-01-13 - Finfisher rootkit analysis
2017-01-17 - Carbanak Group uses Google for malware command-and-control
2017-01-17 - EITEST RIG-V FROM 92.53.127.86 SENDS SPORA RANSOMWARE
2017-01-17 - New GhostAdmin Malware Used for Data Theft and Exfiltration
2017-01-18 - Finding the RAT’s Nest
2017-01-18 - Flashback Wednesday- Pakistani Brain
2017-01-18 - New Mac backdoor using antiquated code
2017-01-18 - Newly discovered Mac malware found in the wild also works well on Linux
2017-01-18 - Spora - the Shortcut Worm that is also a Ransomware
2017-01-18 - Ukraine's power outage was a cyber attack- Ukrenergo
2017-01-19 - New Satan Ransomware available through a Ransomware as a Service
2017-01-20 - Doctor Web anticipates increase in number of banking Trojan attacks on Android users
2017-01-21 - Sage 2.0 Ransomware
2017-01-22 - OurMine
2017-01-22 - Russian Hacker behind 'NeverQuest' Malware, Wanted by FBI, Is Arrested in Spain
2017-01-23 - Greenbug cyberespionage group targeting Middle East, possible links to Shamoon
2017-01-24 - Charger Malware Calls and Raises the Risk on Google Play
2017-01-25 - Detecting threat actors in recent German industrial attacks with Windows Defender ATP
2017-01-26 - Around the World With Zeus Sphinx- From Canada to Australia and Back
2017-01-26 - Deep Analysis of Android Rootnik Malware Using Advanced Anti-Debug and Anti-Hook, Part I- Debugging in The Scope of Native Layer
2017-01-26 - Deep Analysis of Android Rootnik Malware Using Advanced Anti-Debug and Anti-Hook, Part II- Analysis of The Scope of Java
2017-01-26 - Malware ChChes interacts with C & C server using Cookie header
2017-01-26 - Zbot with legitimate applications on board
2017-01-30 - Downeks and Quasar RAT Used in Recent Targeted Attacks Against Governments
2017-01-30 - EyePyramid- An Archaeological Journey
2017-01-30 - Nymaim revisited
2017-01-30 - Sage 2.0 comes with IP Generation Algorithm (IPGA)
2017-01-31 - Locky Bart ransomware and backend server analysis
2017-01-31 - Malicious Office files using fileless UAC bypass to drop KEYBASE malware
2017-02-02 - KopiLuwak- A New JavaScript Payload from Turla
2017-02-02 - Oops, they did it again- APT Targets Russia and Belarus with ZeroT and PlugX
2017-02-02 - Ransomware Recap- January 14 - 29, 2017
2017-02-03 - Zeus Panda Webinjects- a case study
2017-02-04 - Russen faalden bij hackpogingen ambtenaren op Nederlandse ministeries
2017-02-05 - Detailed threat analysis of Shamoon 2.0 Malware
2017-02-06 - Polish Banks Infected with Malware Hosted on Their Own Government's Site
2017-02-06 - Threat Spotlight- Satan
2017-02-06 - iKittens- Iranian Actor Resurfaces with Malware for Mac (MacDownloader)
2017-02-07 - Erebus Ransomware Utilizes a UAC Bypass and Request a 90 Ransom Payment
2017-02-09 - Shell Crew Variants Continue to Fly Under Big AV’s Radar
2017-02-10 - PowerSploit
2017-02-12 - Attackers target dozens of global banks with new malware
2017-02-12 - Attackers target dozens of global banks with new
2017-02-12 - Lazarus & Watering-hole attacks
2017-02-14 - New Android trojan mimics user clicks to download dangerous malware
2017-02-14 - REMCOS- A New RAT In The Wild
2017-02-14 - Sage 2.0 analysis
2017-02-14 - XAgentOSX- Sofacy’s XAgent macOS Tool
2017-02-15 - Banking Trojans- Ursnif Global Distribution Networks Identified
2017-02-15 - Inside OilRig -- Tracking Iran's Busiest Hacker Crew On Its Global Rampage
2017-02-15 - Iranian PupyRAT Bites Middle Eastern Organizations
2017-02-15 - Magic Hound Campaign Attacks Saudi Targets
2017-02-15 - The Rambo Backdoor
2017-02-16 - Breaking The Weakest Link Of The Strongest Chain
2017-02-16 - Demystifying targeted malware used against Polish banks
2017-02-16 - Iranian hackers behind the Magic Hound campaign linked to Shamoon
2017-02-16 - Nefarious Macro Malware drops “Loki Bot” to steal sensitive information across GCC countries!
2017-02-16 - menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations
2017-02-16 - reGeorg
2017-02-18 - Hackers Selling Undetectable Proton Malware for macOS in 40 BTC
2017-02-20 - Lazarus’ False Flag Malware
2017-02-20 - Part I. Russian APT - APT28 collection of samples including OSX XAgent
2017-02-21 - New(ish) Mirai Spreader Poses New Risks
2017-02-22 - Bella- A pure python, post-exploitation, data mining tool and remote administration tool for macOS.
2017-02-22 - Dissecting the Qadars Banking Trojan
2017-02-22 - New crypto‑ransomware hits macOS
2017-02-23 - Korean MalDoc Drops Evil New Years Presents
2017-02-23 - Released Android malware source code used to run a banking botnet
2017-02-24 - Hunting Retefe with Splunk - some interesting points
2017-02-24 - Necurs Proxy Module With DDOS Features
2017-02-25 - Silent RIFLE Response Against Advanced Threat
2017-02-26 - TreasureHunter - A POS Malware Case Study
2017-02-27 - New Neutrino Bot comes in a protective loader
2017-02-27 - Shamoon- Multi-staged destructive attacks limited to specific targets
2017-02-27 - Spambot safari #2 - Online Mail System
2017-02-27 - The Deception Project- A New Japanese-Centric Threat
2017-02-27 - The Gamaredon Group Toolset Evolution
2017-02-28 - Dridex’s Cold War- Enter AtomBombing
2017-03-01 - GootKit Developers Dress It Up With Web Traffic Proxy
2017-03-01 - How Does the Trickbot Malware Work-
2017-03-01 - Poorly coded Lamdelin Lockscreen Ransomware lets you in using Alt+F4
2017-03-01 - Ransomware for Dummies- Anyone Can Do It
2017-03-01 - Threat Spotlight- Flokibot PoS Malware
2017-03-02 - Update on the Fancy Bear Android malware (poprd30.apk)
2017-03-06 - 0-Day- Dahua backdoor Generation 2 and 3
2017-03-07 - Vault 7- CIA Hacking Tools Revealed
2017-03-08 - RawPOS Malware Rides Again
2017-03-09 - Spora Ransomware- Understanding the HTA Infection Vector
2017-03-10 - Explained- Spora ransomware
2017-03-10 - Preinstalled Malware Targeting Mobile Users
2017-03-11 - Wikileaks Vault7 JQJSNICKER code leak
2017-03-13 - Detecting and eliminating Chamois, a fraud botnet on Android
2017-03-13 - Moving Target Defense Blog
2017-03-13 - Zeus Panda Webinjects- Don’t trust your eyes
2017-03-14 - Analyzing and Deobfuscating FlokiBot Banking Trojan
2017-03-14 - PetrWrap- the new Petya-based ransomware used in targeted attacks
2017-03-15 - MajikPOS Combines PoS Malware and RATs to Pull Off its Malicious Tricks
2017-03-15 - NexusLogger- A New Cloud-based Keylogger Enters the Market
2017-03-15 - Revenge Ransomware a CryptoMix Variant Being Distributed by RIG Exploit Kit
2017-03-15 - Teardown of Android-Ztorg (Part 2)
2017-03-15 - Teardown of a Recent Variant of Android-Ztorg (Part 1)
2017-03-15 - Vaccinating against Spora ransomware- a proof-of-concept tool by Minerva
2017-03-16 - Fileless Malware Campaigns Tied to Same Attacker
2017-03-17 - Diamond Fox – part 1- introduction and unpacking
2017-03-17 - Grabbot is Back to Nab Your Data
2017-03-20 - Necurs Diversifies Its Portfolio
2017-03-21 - Hunt Case Study- Hunting Campaign Indicators on Privacy Protected Attack Infrastructure
2017-03-21 - Inside the Hunt for Russia’s Most Notorious Hacker
2017-03-22 - El Machete's Malware Attacks Cut Through LATAM
2017-03-22 - Winnti Abuses GitHub for C&C Communications
2017-03-23 - Tales from the Trenches- Loki Bot Malware
2017-03-24 - Terror EK via Malvertising delivers Tofsee Spambot
2017-03-26 - Shamoon 2- Delivering Disttrack
2017-03-27 - Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005
2017-03-28 - Cerber Starts Evading Machine Learning
2017-03-28 - Dimnie- Hiding in Plain Sight
2017-03-28 - Russian Citizen Pleads Guilty for Involvement in Global Botnet Conspiracy
2017-03-28 - The NukeBot Trojan, a Bruised Ego and a Surprising Source Code Leak
2017-03-28 - Threat Spotlight- GhostAdmin Malware
2017-03-29 - Explained- Sage ransomware
2017-03-29 - New Mirai Variant Launches 54 Hour DDoS Attack against US College
2017-03-29 - Trojanized Adobe installer used to install DragonOK’s new custom backdoor
2017-03-30 - Carbon Paper- Peering into Turla’s second stage backdoor
2017-03-30 - EquationDrug rootkit analysis (mstcp32.sys)
2017-03-30 - Hi-Tech Crime Trends 2016
2017-03-30 - Trochilus and New MoonWind RATs Used In Attack Against Thai Organizations
2017-03-31 - Threat Round-up for Mar 24 - Mar 31
2017-04-03 - DHL Invoice Malspam-Photo Malspam
2017-04-03 - Dissecting One of APT29’s Fileless WMI and PowerShell Backdoors (POSHSPY)
2017-04-03 - IAAF Says It Has Been Hacked, Athlete Medical Info Accessed
2017-04-03 - Introducing ROKRAT
2017-04-03 - Lazarus APT Spinoff Linked to Banking Hacks
2017-04-03 - Lazarus under the Hood
2017-04-03 - Moonlight Maze- Lessons from history
2017-04-03 - RedLeaves - Malware Based on Open Source RAT
2017-04-03 - Shadow Server Domains Leading to RIG Exploit Kit Dropping Smoke Loader. Downloaded Neutrino Bot (AKA Kasidet).
2017-04-03 - Shadow Server Domains Leading to RIG Exploit Kit Dropping Smoke Loader
2017-04-03 - オープンソースのRATを改良したマルウエアRedLeaves
2017-04-04 - ATMitch- remote administration of ATMs
2017-04-04 - Chasing Lazarus- A Hunt for the Infamous Hackers to Prevent Large Bank Robberies
2017-04-04 - POSHSPY backdoor code
2017-04-05 - In-Depth Look at New Variant of MONSOON APT Backdoor, Part 1
2017-04-05 - In-Depth Look at New Variant of MONSOON APT Backdoor, Part 2
2017-04-05 - Targeted Attacks in the Middle East Using KASPERAGENT and MICROPSIA
2017-04-05 - ”BrickerBot” Results In PDoS Attack
2017-04-06 - APT10 (MenuPass Group)- New Tools, Global Campaign Latest Manifestation of Longstanding Threat
2017-04-06 - Chinese Nation-State Hackers Target U.S in Operation TradeSecret
2017-04-06 - Diamond Fox – part 2- let’s dive in the code
2017-04-06 - New IoT-Linux Malware Targets DVRs, Forms Botnet
2017-04-06 - Sathurbot- Distributed WordPress password attack
2017-04-06 - Self-Proclaimed ‘Nuclear Bot’ Author Weighs U.S. Job Offer
2017-04-07 - The Blockbuster Sequel
2017-04-10 - DOJ moves to topple Kelihos, one of the world's largest botnets
2017-04-10 - Justice Department Announces Actions to Dismantle Kelihos Botnet
2017-04-10 - Longhorn Cyber-Espionage Group Is Actually the CIA
2017-04-10 - Longhorn- Tools used by cyberespionage group linked to Vault 7
2017-04-10 - ShadowBrokers Dump More Equation Group Hacks, Auction File Password
2017-04-11 - Unraveling the Lamberts Toolkit
2017-04-12 - ICS Alert (ICS-ALERT-17-102-01A)
2017-04-13 - A deeper look into malware abusing TeamViewer
2017-04-13 - Decrypting Bankbot communications.
2017-04-13 - Inside the Takedown of ZOMBIE SPIDER and the Kelihos Botnet
2017-04-13 - Stuxnet drivers- detailed analysis
2017-04-15 - Hajime - A Decentralized Modular Worm - Followup
2017-04-17 - Azazel
2017-04-17 - New NSA leak may expose its bank spying, Windows exploits
2017-04-17 - Python script for decoding DOUBLEPULSAR
2017-04-17 - Remove Search.searchetan.com Chrome New Tab Page
2017-04-18 - Coming Soon…
2017-04-18 - Github repository for trochilus RAT
2017-04-18 - Hajime worm battles Mirai for control of the Internet of Things
2017-04-18 - Shadow Brokers leaks show U.S. spies successfully hacked Russian, Iranian targets
2017-04-19 - Of Pigs and Malware- Examining a Possible Member of the Winnti Group
2017-04-19 - RawPOS- New Behavior Risks Identity Theft
2017-04-20 - Binary Options malvertising campaign drops ISFB banking Trojan
2017-04-20 - Cardinal RAT Active for Over Two Years
2017-04-21 - BrickerBot Author Claims He Bricked Two Million Devices
2017-04-21 - China Hacked South Korea Over Missile Defense, U.S. Firm Says
2017-04-21 - Elusive Moker Trojan is back
2017-04-21 - Researchers claim China trying to hack South Korea missile defense efforts
2017-04-23 - Let's Talk About FlexiSpy
2017-04-24 - FIN7 Evolution and the Phishing LNK
2017-04-24 - XPan, I am your father
2017-04-25 - 2017-04-25 - -GOOD MAN- CAMPAIGN RIG EK SENDS LATENTBOT
2017-04-25 - Linux Shishiga malware using LUA scripts
2017-04-25 - Philadelphia Ransomware Brings Customization to Commodity Malware
2017-04-25 - ShadowWali- New variant of the xxmm family of backdoors
2017-04-26 - BankBot, the Prequel
2017-04-26 - Hajime – Friend or Foe-
2017-04-26 - Who is behind this Chinese espionage group stealing our intellectual property-
2017-04-27 - APT Targets Financial Analysts with CVE-2017-0199
2017-04-27 - Alert (TA17-117A)- Intrusions Affecting Multiple Victims Across Multiple Sectors
2017-04-27 - Iranian Fileless Attack Infiltrates Israeli Organizations
2017-04-27 - OilRig Actors Provide a Glimpse into Development and Testing Efforts
2017-04-28 - KeyPlexer
2017-04-28 - Use of DNS Tunneling for C&C Communications
2017-05-01 - Another OSX.Dok dropper found installing new backdoor
2017-05-01 - Crouching Yeti (Energetic Bear) Malware
2017-05-02 - Covert Channels and Poor Decisions- The Tale of DNSMessenger
2017-05-02 - HackSpy-Trojan-Exploit
2017-05-02 - Philadelphia Ransomware
2017-05-02 - Shamoon Collaborator Greenbug Adopts New Communication Tool
2017-05-02 - Targeted attack against the Ukrainian military
2017-05-02 - Who is Mr Wu-
2017-05-03 - Deep Analysis of New Emotet Variant - Part 1
2017-05-03 - Hunting pack use case- RedLeaves malware
2017-05-03 - KONNI- A Malware Under The Radar For Years
2017-05-03 - Kazuar- Multiplatform Espionage Backdoor with API Access
2017-05-03 - Snake- Coming soon in Mac OS X flavour
2017-05-03 - To SDB, Or Not To SDB- FIN7 Leveraging Shim Databases for Persistence
2017-05-04 - Behind The Mystery Of Russia's 'Dyre' Hackers Who Stole Millions From American Business
2017-05-04 - Blackmoon Rising- Banking Trojan Back with New Framework
2017-05-04 - OSX Malware is Catching Up, and it wants to Read Your HTTPS Traffic
2017-05-05 - Inside Netrepser – a JavaScript-based Targeted Attack
2017-05-05 - Snake malware ported from Windows to Mac
2017-05-05 - Who is Mr Dong-
2017-05-05 - loki-parse
2017-05-07 - Loki-Bot- Come out, come out, wherever you are!
2017-05-08 - HandBrake for Mac Compromised with Proton Spyware
2017-05-09 - APT3 is Boyusec, a Chinese Intelligence Contractor
2017-05-09 - Deep Analysis of New Emotet Variant – Part 2
2017-05-09 - Persirai- New Internet of Things (IoT) Botnet Targets IP Cameras
2017-05-09 - RIG EK SENDS BUNITU TROJAN
2017-05-09 - Sednit adds two zero‑day exploits using ‘Trump’s attack on Syria’ as a decoy
2017-05-09 - Tracking Android BankBot
2017-05-10 - DiamondFox modular malware – a one-stop shop
2017-05-10 - Introducing Loda Malware
2017-05-10 - OSX-Proton.B
2017-05-10 - Proton.B- What this Mac malware actually does
2017-05-11 - Cyber Attack Impersonating Identity of Indian Think Tank to Target Central Bureau of Investigation CBI and Possibly Indian Army Officials
2017-05-11 - Jaff - New Ransomware From the Actors Behind the Distribution of Dridex, Locky, and Bart
2017-05-11 - Mac.BackDoor.Systemd.1
2017-05-12 - Global WannaCry ransomware outbreak uses known NSA exploits
2017-05-12 - U.K. Hospitals Hit in Widespread Ransomware Attack
2017-05-12 - WannaCry ransomware that infected Telefonica and NHS hospitals is spreading aggressively, with over 50,000 attacks so far today
2017-05-12 - WannaCry ransomware used in widespread attacks all over the world
2017-05-12 - WannaCrypt ransomware worm targets out-of-date systems
2017-05-12 - Warning- Massive -WannaCry- Ransomware campaign launched
2017-05-12 - ‘WCry’ Virus Reportedly Infects Russian Interior Ministry's Computer Network
2017-05-13 - How to Accidentally Stop a Global Cyber Attacks
2017-05-14 - Cyber Espionage is Alive and Well- APT32 and the Threat to Global Corporations
2017-05-15 - Adylkuzz Cryptocurrency Mining Malware Spreading for Weeks Via EternalBlue-DoublePulsar
2017-05-15 - Evolution of the GOLD EVERGREEN Threat Group
2017-05-16 - 2017-05-16 - MORE EXAMPLES OF MALSPAM PUSHING JAFF RANSOMWARE
2017-05-16 - DocuSign Phishing Campaign Includes Hancitor Downloader
2017-05-16 - WannaCry - WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm
2017-05-16 - Wannacryptor Ransomworm
2017-05-17 - New Loki Variant Being Spread via PDF File
2017-05-18 - UIWIX – Evasive Ransomware Exploiting ETERNALBLUE
2017-05-19 - How did the WannaCry ransomworm spread-
2017-05-22 - WannaCry- Ransomware attacks show strong links to Lazarus group
2017-05-23 - Modified Zyklon and plugins from India
2017-05-23 - Ocean Lotus Group-APT 32 identified as Vietnamese APT group
2017-05-23 - Quakbot
2017-05-23 - XData ransomware making rounds amid global WannaCryptor scare
2017-05-24 - APT32- New Cyber Espionage Group
2017-05-24 - Analysis of Emotet v4
2017-05-24 - Operation Cobalt Kitty- A large-scale APT in Asia carried out by the OceanLotus Group
2017-05-25 - Dridex- A History of Evolution
2017-05-25 - EternalRocks (a.k.a. MicroBotMassiveNet)
2017-05-25 - Lazarus- History of mysterious group behind infamous cyber attacks
2017-05-25 - Linguistic Analysis of WannaCry Ransomware Messages Suggests Chinese-Speaking Authors
2017-05-26 - TrickBot’s bag of tricks
2017-05-27 - From PDNS- Another fix length of 7, a-z. tlds- [ru, com]
2017-05-29 - Gozi Tree
2017-05-30 - Bankbot on Google Play
2017-05-30 - Mole ransomware- analysis and decryptor
2017-05-31 - APT16
2017-05-31 - APT17
2017-05-31 - APT18
2017-05-31 - APT29
2017-05-31 - Necurs Recurs
2017-05-31 - Operation Bachosens- A detailed look into a long-running cyber crime campaign
2017-05-31 - Writing PCRE's for applied passive network defense [Emotet]
2017-06-01 - FIREBALL – The Chinese Malware of 250 Million Computers Infected
2017-06-01 - Microsoft Word Intruder Integrates CVE-2017-0199, Utilized by Cobalt Group to Target Financial Institutions
2017-06-02 - QakBot Banking Trojan Causes Massive Active Directory Lockouts
2017-06-05 - A JavaScript and VBScript Based Empire Launcher - by Cn33liz 2017
2017-06-05 - HandBrake Hacked! - osx-proton (re)appears
2017-06-05 - Set up your own malware analysis lab with VirtualBox, INetSim and Burp
2017-06-06 - Privileges and Credentials- Phished at the Request of Counsel
2017-06-06 - Turla’s watering hole campaign- An updated Firefox extension abusing Instagram
2017-06-07 - PLATINUM continues to evolve, find ways to maintain invisibility
2017-06-07 - Rig EK via Fake EVE Online website drops Bunitu
2017-06-07 - Russian malware link hid in a comment on Britney Spears' Instagram
2017-06-08 - Dvmap- the first Android malware with code injection
2017-06-08 - LatentBot piece by piece
2017-06-08 - THE SEVEN YEAR ITCH
2017-06-09 - Another Banker Enters the Matrix
2017-06-09 - FIN7 Takes Another Bite at the Restaurant Industry
2017-06-09 - MacRansom- Offered as Ransomware as a Service
2017-06-09 - MacSpy- OS X Mac RAT as a Service
2017-06-12 - 2017-06-12 - LOKI BOT MALSPAM - SUBJECT- RE- PURCHASE ORDER 457211
2017-06-12 - Alert (TA17-163A)
2017-06-12 - Bahamut, Pursuing a Cyber Espionage Actor in the Middle East
2017-06-12 - Behind the CARBANAK Backdoor
2017-06-12 - Industroyer- Biggest threat to industrial control systems since Stuxnet
2017-06-12 - OSX-MacRansom
2017-06-12 - Open Source Malware - Sharing is caring-
2017-06-13 - HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure
2017-06-13 - Threat Spotlight- Breaking Down FF-Rat Malware
2017-06-14 - Phantom of the Opaera- New KASPERAGENT Malware Campaign
2017-06-15 - DUBrute
2017-06-15 - Trickbot Expands Global Targets Beyond Banks and Payment Processors to CRMs
2017-06-15 - Zeus Sphinx Pushes Empty Configuration Files — What Has the Sphinx Got Cooking-
2017-06-19 - Delphi Used To Score Against Palestine
2017-06-19 - Erebus Resurfaces as Linux Ransomware
2017-06-20 - AdGholas Malvertising Campaign Using Astrum EK to Deliver Mole Ransomware
2017-06-20 - Ztorg- from rooting to SMS
2017-06-21 - Player 1 Limps Back Into the Ring - Hello again, Locky!
2017-06-22 - Following the Trail of BlackTech’s Cyber Espionage Campaigns
2017-06-22 - Locky Ransomware Returns, but Targets Only Windows XP & Vista
2017-06-22 - Loki-Bot- InformationStealer, Keylogger, &More!
2017-06-22 - The New and Improved macOS Backdoor from OceanLotus
2017-06-22 - The Trail of BlackTech’s Cyber Espionage Campaigns
2017-06-26 - How Spora ransomware tries to fool antivirus
2017-06-27 - BRONZE UNION Cyberespionage Persists Despite Disclosures
2017-06-27 - Checking out the new Petya variant
2017-06-27 - Neutrino modification for POS-terminals
2017-06-27 - New Ransomware Variant -Nyetya- Compromises Systems Worldwide
2017-06-27 - New WannaCryptor‑like ransomware attack hits globally- All you need to know
2017-06-27 - New ransomware, old techniques- Petya adds worm capabilities
2017-06-27 - Paranoid PlugX
2017-06-27 - Schroedinger’s Pet(ya)
2017-06-28 - CrowdStrike Protects Against NotPetya Attack
2017-06-28 - ExPetr-Petya-NotPetya is a Wiper, Not Ransomware
2017-06-28 - In-Depth Analysis of A New Variant of .NET Malware AgentTesla
2017-06-28 - Why NotPetya Kept Me Awake (& You Should Worry Too)
2017-06-28 - 日本企業を狙う高度なサイバー攻撃の全貌 – BRONZE BUTLER
2017-06-29 - EternalPetya and the lost Salsa20 key
2017-06-29 - Information Stealer Found Hitting Israeli Hospitals
2017-06-29 - NonPetya- no evidence it was a -smokescreen-
2017-06-29 - Ransomware Attacks Continue in Ukraine with Mysterious WannaCry Clone
2017-06-29 - Windows 10 platform resilience against the Petya ransomware attack
2017-06-30 - EternalPetya – yet another stolen piece in the package-
2017-06-30 - From BlackEnergy to ExPetr
2017-06-30 - TeleBots are back- Supply‑chain attacks against Ukraine
2017-07-01 - TrickBot Banking Trojan - DOC00039217.doc
2017-07-02 - ISFB- Still Live and Kicking
2017-07-03 - 'NotPetya' malware attacks could warrant retaliation, says Nato affiliated-researcher
2017-07-03 - NotPetya Technical Analysis Part II- Further Findings and Potential for MBR Recovery
2017-07-03 - Who is behind Petna-
2017-07-04 - Analysis of TeleBots’ cunning backdoor
2017-07-04 - Important information about Night Dragon
2017-07-04 - Industroyer
2017-07-04 - MALSPAM WITH JAVA-BASED RAT
2017-07-05 - New Azer CryptoMix Ransomware Variant Released
2017-07-05 - SLocker Mobile Ransomware Starts Mimicking WannaCry
2017-07-05 - Security 101- The Impact of Cryptocurrency-Mining Malware
2017-07-05 - The MeDoc Connection
2017-07-05 - Trump Zombies- New IoT Zombies Attacking 'In Trump's Name'
2017-07-06 - New KONNI Campaign References North Korean Missile Capabilities
2017-07-07 - 94 .ch & .li domain names hijacked and used for drive-by
2017-07-08 - A VBScript with Obfuscated Base64 Data
2017-07-08 - Analysis of A New Variant of Konni RAT
2017-07-10 - Upatre - Trojan Downloader
2017-07-11 - Ordinypt hat es auf Benutzer aus Deutschland abgesehen
2017-07-11 - Spam Campaign Delivers Cross-platform Remote Access Trojan Adwind
2017-07-12 - A .NET malware abusing legitimate ffmpeg
2017-07-12 - Iranian Hackers Have Been Infiltrating Critical Infrastructure Companies
2017-07-12 - LockPoS Joins the Flock
2017-07-12 - The Magala Trojan Clicker- A Hidden Advertising Threat
2017-07-13 - Meet Ovidiy Stealer- Bringing credential theft to the masses
2017-07-13 - OSX-Dok Refuses to Go Away and It’s After Your Money
2017-07-14 - Keeping up with the Petyas- Demystifying the malware family
2017-07-15 - Mirai BotNet Source Code
2017-07-17 - Android Backdoor GhostCtrl can Silently Record Your Audio, Video, and More
2017-07-17 - It’s baaaack- Public cyber enemy Emotet has returned
2017-07-17 - WMIGhost - Wimmie - WMI malware
2017-07-18 - Linux Users Urged to Update as a New Threat Exploits SambaCry
2017-07-18 - Ten process injection techniques- A technical survey of common and trending process injection techniques
2017-07-19 - 'DarkHotel' APT Uses New Methods to Target Politicians
2017-07-19 - The NukeBot banking Trojan- from rough drafts to real threats
2017-07-20 - Rurktar - Spyware under Construction
2017-07-20 - Stantinko- A massive adware campaign operating covertly since 2012
2017-07-24 - Bye, bye Petya! Decryptor for old versions released.
2017-07-24 - Let's Learn- Reversing Credential and Payment Card Information Stealer 'AZORult V2'
2017-07-24 - Real News, Fake Flash- Mac OS X Users Targeted
2017-07-24 - Spring Dragon – Updated Activity
2017-07-24 - The Seamless Campaign Drops Ramnit. Follow-up Malware- AZORult Stealer, Smoke Loader, etc.
2017-07-25 - Dridex Loot
2017-07-25 - HawkEye Credential Theft Malware Distributed in Recent Phishing Campaign
2017-07-25 - “Perverse” malware infecting hundreds of Macs remained undetected for years
2017-07-25 - “Tick” Group Continues Attacks
2017-07-27 - After Big Takedown Efforts, 20 More BankBot Mobile Malware Apps Make It Into Google Play
2017-07-27 - ChessMaster Makes its Move- A Look into the Campaign’s Cyberespionage Arsenal
2017-07-27 - New Version of “Trickbot” Adds Worm Propagation Module
2017-07-27 - OilRig Uses ISMDoor Variant; Possibly Linked to Greenbug Threat Group
2017-07-27 - The Curious Case of Mia Ash- Fake Persona Lures Middle Eastern Targets
2017-07-27 - With Fake News And Femmes Fatales, Iran's Spies Learn To Love Facebook
2017-07-31 - A new era in mobile banking Trojans
2017-07-31 - FIN7-Carbanak threat actor unleashes Bateleur JScript backdoor
2017-07-31 - TwoFace Webshell- Persistent Access Point for Lateral Movement
2017-08-01 - Prince of Persia – Ride the Lightning- Infy returns as “Foudre”
2017-08-01 - TrickBot comes up with new tricks- attacking Outlook and browsing data
2017-08-02 - A Look at JS_POWMET, a Completely Fileless Malware
2017-08-02 - Malspam delivers Xtreme RAT 8-1-2017
2017-08-03 - Taking the FIRST look at Crypt0l0cker
2017-08-04 - Smoke Loader Adds Additional Obfuscation Methods to Mitigate Analysis
2017-08-05 - Analysis of New GlobeImposter Ransomware Variant
2017-08-07 - Backdoor-carrying Emails Set Sights on Russian-speaking Businesses
2017-08-07 - New Variants of Agent.BTZ-ComRAT Found- The Threat That Hit The Pentagon In 2008 Still Evolving; Part 1-2
2017-08-08 - HBO breach accomplished with hard work by hacker, poor security practices by victim
2017-08-08 - WTF is Mughthesec!-
2017-08-09 - The return of Mamba ransomware
2017-08-10 - Globe Imposter Ransomware Makes a New Run
2017-08-10 - Weltweite Spamwelle verbreitet teuflische Variante des Locky
2017-08-11 - Ukrainian Man Arrested, Charged in NotPetya Distribution
2017-08-13 - Analysis of APT28 hospitality malware (Part 2)
2017-08-14 - The Blockbuster Saga Continues
2017-08-15 - A Quick Look at a New KONNI RAT Variant
2017-08-15 - Secrets of Cobalt
2017-08-15 - ShadowPad in corporate networks
2017-08-16 - Locky Ransomware switches to the Lukitus extension for Encrypted Files
2017-08-16 - Quick look at another Alina fork- XBOT-POS
2017-08-16 - SyncCrypt Ransomware Hides Inside JPG Files Appends KK Extension
2017-08-17 - HBO Twitter and Facebook Accounts Hacked by OurMine
2017-08-17 - Turla APT actor refreshes KopiLuwak JavaScript backdoor for use in G20-themed attack
2017-08-18 - Inside the Kronos malware – part 1
2017-08-18 - KOVTER- An Evolving Malware Gone Fileless
2017-08-20 - return of fake UPS cannot deliver malspam with an updated nemucod ransomware and Kovter payload
2017-08-21 - Cyberespionage Group Turla Deploys Backdoor Ahead of G20 Task Force Summit
2017-08-22 - Gamescom 2017- It’s all fun and games until black hats step in
2017-08-22 - Phishing attack at Raiffeisen Bank by MazarBot
2017-08-23 - CSGO Hacks for Mac That You Shouldnt Trust
2017-08-23 - Deep Analysis of New Poison Ivy Variant
2017-08-23 - The Seamless Campaign Isn’t Losing Any Steam
2017-08-24 - Bad Rabbit- Not‑Petya is back with improved ransomware
2017-08-24 - Crystal Finance Millennium used to spread malware
2017-08-24 - Defray - New Ransomware Targeting Education and Healthcare Verticals
2017-08-24 - Malicious Chrome Extensions Stealing Roblox In-Game Currency, Sending Cookies via Discord
2017-08-24 - Naikon Targeted Attacks
2017-08-24 - New Defray Ransomware Targets Education and Healthcare Verticals
2017-08-25 - New Arena Crysis Ransomware Variant Released
2017-08-25 - Operation RAT Cook- Chinese APT actors use fake Game of Thrones leaks as lures
2017-08-25 - Schtasks-Backdoor
2017-08-25 - The WireX Botnet- How Industry Collaboration Disrupted a DDoS Attack
2017-08-26 - US Arrests Chinese Man Involved With Sakula Malware Used in OPM and Anthem Hacks
2017-08-28 - New Nuclear BTCWare Ransomware Released Updated
2017-08-28 - Tech Firms Team Up to Take Down ‘WireX’ Android DDoS Botnet
2017-08-29 - From Onliner Spambot to millions of email's lists and credentials
2017-08-29 - Inside the Kronos malware – part 2
2017-08-29 - Jimmy Nukebot- from Neutrino with love
2017-08-29 - Second Google Chrome Extension Banker Malware in Two Weeks
2017-08-30 - Introducing WhiteBear
2017-08-30 - New ESET research uncovers Gazer, the stealthy backdoor that spies on embassies
2017-08-31 - Cobian RAT - A backdoored RAT
2017-08-31 - Lookout discovers sophisticated xRAT malware tied to 2014 “Xsser - mRAT” surveillance campaign against Hong Kong protesters
2017-08-31 - Updated KHRAT Malware Used in Cambodia Attacks
2017-09-01 - EHDevel – The story of a continuously improving advanced threat creation toolkit
2017-09-01 - EITest- HoeflerText Popups Targeting Google Chrome Users Now Push RAT Malware
2017-09-01 - New Android Trojan - Red Alert 2.0 - Targeting Banks and Social Apps
2017-09-01 - Vxer is offering Cobian RAT in the underground, but it is backdoored
2017-09-04 - Despite appearances, WikiLeaks wasn’t hacked
2017-09-05 - Graftor - But I Never Asked for This…
2017-09-05 - Kingdom targeted by new malware
2017-09-05 - Rehashed RAT Used in APT Campaign Against Vietnamese Organizations
2017-09-05 - The Mirai Botnet- A Look Back and Ahead At What's Next
2017-09-06 - Analysing a 10-Year-Old SNOWBALL
2017-09-06 - ShadowBrokers are back demanding nearly $4m and offering 2 dumps per month
2017-09-07 - EMOTET Returns, Starts Spreading via Spam Botnet
2017-09-07 - New NSA Data Dump- ShadowBrokers Release UNITEDRAKE Malware
2017-09-09 - Vault 8- Hive
2017-09-11 - “Re- Details” Malspam Downloads CoreBot Banking Trojan
2017-09-12 - FireEye Uncovers CVE-2017-8759- Zero-Day Used in the Wild to Distribute FINSPY,FireEye Uncovers CVE-2017-8759- Zero-Day Used in the Wild to Distribute FINSPY
2017-09-12 - ThunderShell
2017-09-13 - New Variants of Agent.BTZ-ComRAT Found- The Threat That Hit The Pentagon In 2008 Still Evolving; Part 2-2
2017-09-15 - Deep Analysis of New Poison Ivy-PlugX Variant - Part II
2017-09-15 - Trojan-Win32-Enviserv.A
2017-09-15 - Trojan-Win32-Spyeye
2017-09-15 - TrojanSpy-Win32-Usteal
2017-09-15 - Welp, Vevo Just Got Hacked
2017-09-18 - An (un)documented Word feature abused by attackers
2017-09-18 - CCleanup- A Vast Number of Machines at Risk
2017-09-18 - Casting a Light on BlackEnergy
2017-09-18 - Morphisec Discovers CCleaner Backdoor Saving Millions of Avast Users
2017-09-19 - A Look Into The New Strain Of BankBot
2017-09-19 - A Modern Hypervisor as a Basis for a Sandbox
2017-09-20 - CCleaner Command and Control Causes Concern
2017-09-20 - Evidence Aurora Operation Still Active- Supply Chain Attack Through CCleaner
2017-09-20 - Insights into Iranian Cyber Espionage- APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware
2017-09-20 - Is Hajime botnet dead-
2017-09-20 - Progress on CCleaner Investigation
2017-09-20 - Red Alert 2.0 Android Trojan Spreads Via Third Party App Stores
2017-09-20 - The CCleaner Malware Fiasco Targeted at Least 18 Specific Tech Firms
2017-09-20 - The Formidable FormBook Form Grabber
2017-09-21 - APT33- New Insights into Iranian Cyber Espionage Group
2017-09-21 - Avast Threat Labs analysis of CCleaner incident
2017-09-21 - Fake IRS notice delivers customized spying tool
2017-09-21 - New FinFisher surveillance campaigns- Internet providers involved-
2017-09-21 - Rig EK via Rulan drops an Infostealer
2017-09-21 - This Ransomware Demands Nudes Instead of Bitcoin
2017-09-22 - EternalBlue Exploit Used in Retefe Banking Trojan Campaign
2017-09-22 - NRansom- Ransomware that demands your nudes
2017-09-25 - A simple example of a complex cyberattack
2017-09-25 - Additional information regarding the recent CCleaner APT security incident
2017-09-25 - Analyzing the Various Layers of AgentTesla’s Packing
2017-09-26 - Defray Ransomware Hits Healthcare and Education
2017-09-26 - Elaborate scripting-fu used in espionage attack against Saudi Arabia Government entity
2017-09-26 - Striking Oil- A Closer Look at Adversary Infrastructure
2017-09-26 - XPCTRA Malware Steals Banking and Digital Wallet User's Credentials
2017-09-27 - Threat Actor Profile- TA505, From Dridex to GlobeImposter
2017-09-28 - Money‑making machine- Monero‑mining malware
2017-09-28 - Threat Actors Target Government of Belarus Using CMSTAR Trojan
2017-09-29 - Ramnit – in-depth analysis
2017-10-02 - Evidence Aurora Operation Still Active Part 2- More Ties Uncovered Between CCleaner Hack & Chinese Hackers
2017-10-03 - The Flusihoc Dynasty, A Long Standing DDoS Botnet
2017-10-04 - Protecting the Software Supply Chain- Deep Insights into the CCleaner Backdoor
2017-10-05 - Analysis of a malicious DOC used by Turla APT group; hunting persistence via PowerShell
2017-10-05 - FreeMilk- A Highly Targeted Spear Phishing Campaign
2017-10-05 - Industroyer- Biggest threat to industrial control systems since Stuxnet
2017-10-05 - SYSCON Backdoor Uses FTP as a C&C Channel
2017-10-05 - Significant FormBook Distribution Campaigns Impacting the U.S. and South Korea
2017-10-09 - OilRig Group Steps Up Attacks with New Delivery Documents and New Injector Trojan
2017-10-10 - ATMii- a small but effective ATM robber
2017-10-10 - LokiBot - The first hybrid Android malware
2017-10-10 - Malvertising Campaign Uses RIG EK to Drop Quant Loader which Downloads FormBook.
2017-10-11 - More info on 'Evolved DNSMessenger'
2017-10-11 - Spoofed SEC Emails Distribute Evolved DNSMessenger
2017-10-11 - TrickBot Takes to Latin America, Continues to Expand Its Global Reach
2017-10-12 - BRONZE BUTLER Targets Japanese Enterprises
2017-10-12 - Emotet beutet Outlook aus
2017-10-12 - The Beer Drinker’s Guide to SAML
2017-10-13 - Blank Slate Malspam Stops Pushing Locky, Starts Pushing Sage 2.2 Randsomware
2017-10-13 - DoubleLocker- Innovative Android Ransomware
2017-10-13 - FIN7 Dissected- Hackers Accelerate Pace of Innovation
2017-10-13 - Rig EK via Malvertising drops a Smoke Loader leading to a Miner and AZORult
2017-10-16 - BlackOasis APT and new targeted attacks leveraging zero-day exploit
2017-10-16 - CoalaBot- http Ddos Bot
2017-10-16 - Leviathan- Espionage actor spearphishes maritime and defense targets
2017-10-16 - Taiwan Heist- Lazarus Tools and Ransomware
2017-10-17 - WaterMiner – a New Evasive Crypto-Miner
2017-10-18 - Magniber ransomware- exclusively for South Koreans
2017-10-19 - A New IoT Botnet Storm is Coming
2017-10-19 - A deeper look at Tofsee modules
2017-10-19 - APT28 racing to exploit CVE-2017-11292 Flash vulnerability before patches are deployed
2017-10-20 - Dragonfly- Western energy sector targeted by sophisticated attack group
2017-10-20 - IoT_reaper- A Rappid Spreading New IoT Botnet
2017-10-20 - JadeRAT mobile surveillanceware spikes in espionage activity
2017-10-20 - OSX-Proton spreading again through supply‑chain attack
2017-10-22 - “Cyber Conflict” Decoy Document Used In Real Cyber Conflict
2017-10-23 - Reaper- Calm Before the IoT Security Storm-
2017-10-24 - Bad Rabbit ransomware
2017-10-24 - Bad Rabbit- Not‑Petya is back with improved ransomware
2017-10-24 - New Ransomware Linked to NotPetya Sweeps Russia and Ukraine
2017-10-24 - NotPetya Returns as Bad Rabbit
2017-10-24 - Threat Spotlight- Follow the Bad Rabbit
2017-10-25 - Down the Rabbit Hole- Tracking the BadRabbit Ransomware to a Long Ongoing Campaign of Target Selection
2017-10-25 - SnatchLoader Reloaded
2017-10-26 - BACKSWING - Pulling a BADRABBIT Out of a Hat
2017-10-26 - Keranger- the first “in-the-wild” ransomware for Macs. But certainly not the last
2017-10-26 - New htpRAT Gives Complete Remote Control Capabilities to Chinese Cyber Threat Actors
2017-10-26 - ReversingLabs' YARA rule detects BadRabbit encryption routine specifics
2017-10-27 - Bahamut Revisited, More Cyber Espionage in the Middle East and South Asia
2017-10-27 - British security minister says North Korea was behind WannaCry hack on NHS
2017-10-27 - The big difference with Bad Rabbit
2017-10-27 - Threat Round Up for Oct 20 - Oct 27
2017-10-27 - Tracking Subaat Targeted Phishing Attack Leads to Threat Actors Repository
2017-10-27 - Tracking Subaat- Targeted Phishing Attack Leads to Threat Actor’s Repository
2017-10-27 - XiaoBa Ransomware
2017-10-29 - Sality Configuration Extractor (sality_extractor.py)
2017-10-30 - Coin Miner Mobile Malware Returns, Hits Google Play
2017-10-30 - Gaza Cybergang – updated activity in 2017-
2017-10-30 - Windigo Still not Windigone- An Ebury Update
2017-10-31 - Analyzing malware by API calls
2017-10-31 - Expiro Malware Is Back and Even Harder to Remove
2017-10-31 - ONI Ransomware Used in Month-Long Attacks Against Japanese Companies
2017-11-01 - CryptoShuffler Stole $150,000 by Replacing Bitcoin Wallet IDs in PC Clipboards
2017-11-01 - Everybody Gets One- QtBot Used to Distribute Trickbot and Locky
2017-11-01 - Silence of the Moles
2017-11-01 - Silence – a new Trojan attacking financial organizations
2017-11-01 - VB2017 - Offensive Malware Analysis - Dissecting OSX-FruitFly.B Via a Custom C&C Server
2017-11-02 - ADVENTURES WITH SMOKE LOADER
2017-11-02 - New Insights into Energetic Bear’s Watering Hole Cyber Attacks on Turkish Critical Infrastructure
2017-11-02 - Poisoning the Well- Banking Trojan Targets Google Search Results
2017-11-02 - Recent InPage Exploits Lead to Multiple Malware Families
2017-11-02 - The KeyBoys are back in town
2017-11-04 - How the FBI Took Down Russia's Spam King—And His Massive Botnet
2017-11-05 - Let's Learn- Lethic Spambot & Survey of Anti-Analysis Techniques
2017-11-06 - Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks
2017-11-07 - Locky Ransomware
2017-11-07 - REDBALDKNIGHT-BRONZE BUTLER’s Daserf Backdoor Now Using Steganography
2017-11-07 - Sowbug- Cyber espionage group targets South American and Southeast Asian governments
2017-11-08 - A short journey into DarkVNC attack chain
2017-11-08 - Analysis of an active USB flash drive virus
2017-11-08 - OilRig Deploys “ALMA Communicator” – DNS Tunneling Trojan
2017-11-08 - Overlay RAT Malware Uses AutoIt Scripting to Bypass Antivirus Detection
2017-11-09 - He Perfected a Password-Hacking Tool—Then the Russians Came Calling
2017-11-09 - Ordinypt Ransomware Intentionally Destroys Files, Currently Targeting Germany
2017-11-10 - CCleaner Stage 2- In-Depth Analysis of the Payload
2017-11-10 - New Malware with Ties to SunOrcal Discovered
2017-11-12 - Let's Learn- Dissecting Golroted Trojan's Process Hollowing Technique & UAC Bypass in HKCU-Environment
2017-11-12 - Seamless Campaign Delivers Ramnit via RIG EK at 188.225.82.158. Follow-up Malware is AZORult Stealer.
2017-11-13 - IcedID Banking Trojan Shares Code with Pony 2.0 Trojan
2017-11-13 - New Banking Trojan IcedID Discovered by IBM X-Force Research
2017-11-14 - Alert (TA17-318B)- HIDDEN COBRA – North Korean Trojan- Volgmer
2017-11-14 - HIDDEN COBRA – North Korean Remote Administration Tool- FALLCHILL
2017-11-14 - IceID Banking Trojan Targeting Banks, Payment Card Providers, E-Commerce Sites
2017-11-14 - Muddying the Water- Targeted Attacks in the Middle East
2017-11-15 - New EMOTET Hijacks a Windows API, Evades Sandbox and Analysis
2017-11-16 - CACTUSTORCH- Payload Generation for Adversary Simulations
2017-11-16 - Tropic Trooper goes mobile with Titan surveillanceware
2017-11-17 - [Part 1] - Analysing the New Linux-AES.DDoS IoT Malware
2017-11-19 - Iranian agents blackmailed BBC reporter with ‘naked photo’ threats
2017-11-20 - Android Malware Appears Linked to Lazarus Cybercrime Group
2017-11-20 - Cobalt Strikes Again- Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks
2017-11-20 - OSX.Proton spreading through fake Symantec blog
2017-11-20 - Operation Blockbuster Goes Mobile
2017-11-21 - Let's Learn- Trickbot Socks5 Backconnect Module In Detail
2017-11-21 - New campaigns spread banking malware through Google Play
2017-11-22 - A dive into MuddyWater APT targeting Middle-East
2017-11-22 - Trickbot Gang Evolves, Incorporates Account Checking Into Hybrid Attack Model
2017-11-23 - NECURS BOTNET MALSPAM PUSHES -SCARAB- RANSOMWARE
2017-11-24 - Mirai Activity Picks up Once More After Publication of PoC Exploit Code
2017-11-26 - Source Code of HIVE
2017-11-28 - Gaffe Reveals Full List of Targets in Spear Phishing Attack Using Cobalt Strike Against Financial Institutions
2017-11-28 - Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection
2017-11-28 - OSX.CPUMEANER New Cryptocurrency Mining Trojan Targets MacOS
2017-11-28 - ROKRAT Reloaded
2017-12 - Nine circles of Cerber
2017-12 - TRISIS- Analyzing Safety System Targeting Malware
2017-12-01 - Advanced Persistent Threat Groups
2017-12-02 - Scarabey Ransomware
2017-12-03 - Notes on Linux-BillGates
2017-12-04 - Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda)
2017-12-04 - New method of macro malware disguised as defense-related files
2017-12-05 - Warning- Satori, a Mirai Branch Is Spreading in Worm Style on Port 37215 and 52869
2017-12-06 - Champing at the Cyberbit Ethiopian Dissidents Targeted with New Commercial Spyware
2017-12-06 - Recam Redux - DeConfusing ConfuserEx
2017-12-07 - A Peculiar Case of Orcus RAT Targeting Bitcoin Investors
2017-12-07 - New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit
2017-12-08 - GratefulPOS credit card stealing malware - just in time for the shopping season
2017-12-08 - Interesting disguise employed by new Mac malware HiddenLotus
2017-12-08 - StrongPity2 spyware replaces FinFisher in MitM campaign – ISP involved-
2017-12-09 - 10 Years of Targeted Credential Phishing
2017-12-11 - Banking malware on Google Play targets Polish banks
2017-12-11 - BrickerBot Author Retires Claiming to Have Bricked over 10 Million IoT Devices
2017-12-11 - Malware – Snatch Loader- Reloaded
2017-12-11 - MoneyTaker- in pursuit of the invisible
2017-12-11 - OilRig Performs Tests on the TwoFace Webshell
2017-12-12 - MoneyTaker Hacker Group Steals Millions from US and Russian Banks
2017-12-13 - Maker of sneaky Mac adware sends security researcher cease-and-desist letters
2017-12-13 - Mirai IoT Botnet Co-Authors Plead Guilty
2017-12-13 - Tyupkin ATM Malware- Take The Money Now Or Never!
2017-12-13 - Update- Let's Learn- Reversing FIN6 -GratefulPOS- aka -FrameworkPOS- Point-of-Sale Malware in-Depth
2017-12-13 - WORK Cryptomix Ransomware Variant Released
2017-12-14 - APT32
2017-12-14 - Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure
2017-12-14 - Zeus Panda Banking Trojan Targets Online Holiday Shoppers
2017-12-15 - In depth analysis of malware exploiting CVE-2017-11826
2017-12-15 - Introducing the Adversary Playbook- First up, OilRig
2017-12-17 - r77 Rootkit
2017-12-18 - Collaborative Takedown Kills IoT Worm 'Satori'
2017-12-18 - Jack of all trades
2017-12-18 - MedusaHTTP DDoS Slithers Back into the Spotlight
2017-12-18 - New GnatSpy Mobile Malware Family Discovered
2017-12-19 - BrickerBot mod_plaintext Analysis
2017-12-19 - Cyberespionage Campaign Sphinx Goes Mobile With AnubisSpy
2017-12-19 - Let's Learn- Introducing New Trickbot LDAP -DomainGrabber- Module
2017-12-19 - North Korea Bitten by Bitcoin Bug- Financially motivated campaigns reveal new dimension of the Lazarus Group
2017-12-19 - Novel Excel Spreadsheet Attack Launches Password Stealing Malware Loki Bot
2017-12-20 - An End to “Smash-and-Grab” and a Move to More Targeted Approaches
2017-12-20 - Mining Insights- Infrastructure Analysis of Lazarus Group Cyber Attacks on the Cryptocurrency Industry
2017-12-20 - New version of mobile malware Catelites possibly linked to Cron cyber gang
2017-12-21 - Sednit update- How Fancy Bear Spent the Year
2017-12-22 - MALSPAM USES CVE-2017-0199 TO DISTRIBUTE REMCOS RAT
2017-12-22 - New DOC GlobeImposter Ransomware Variant Malspam Campaign Underway
2017-12-27 - Let's Learn- Cutlet ATM Malware Internals
2017-12-28 - PandaZeuS’s Christmas Gift- Change in the Encryption scheme
2017-12-30 - Analysis DarkSky Botnet

Malware Analysis 2018

2018-01-01 - Analyzing Ramnit used in Seamless campaign
2018-01-04 - Iran’s Cyber Ecosystem- Who Are the Threat Actors-
2018-01-04 - MALSPAM PUSHING PCRAT-GH0ST
2018-01-06 - Ostap malware analysis (Backswap dropper)
2018-01-08 - SkyRAT Powershell RAT
2018-01-09 - BestKorea
2018-01-10 - Analysis of BlackTech's latest APT attack
2018-01-10 - Hack Brief- Russian Hackers Release Apparent IOC Emails in Wake of Olympic Ban
2018-01-10 - Taiwanese cops give malware-laden USB sticks as prizes for security quiz
2018-01-11 - Ay MaMi
2018-01-11 - Malspam Entitled “Invoice attched for your reference” Delivers Agent Tesla Keylogger
2018-01-12 - Fake Spectre and Meltdown patch pushes Smoke Loader malware
2018-01-12 - Holiday lull- Not so much
2018-01-12 - Malware Displaying Porn Ads Discovered in Game Apps on Google Play
2018-01-12 - Sonja Analysis
2018-01-15 - Bootkits are not dead. Pitou is back!
2018-01-15 - GlobeImposter ransomware- A holiday gift from the Necurs botnet
2018-01-15 - New KillDisk Variant Hits Financial Organizations in Latin America
2018-01-16 - Analyzing the TRITON industrial malware
2018-01-16 - Anatomy of the thread suspension mechanism in Windows (Windows Internals)
2018-01-16 - First Activities of Cobalt Group in 2018- Spear Phishing Russian Banks
2018-01-16 - GlobeImposter Ransomware
2018-01-16 - Korea In The Crosshairs
2018-01-16 - Skygofree- Following in the footsteps of HackingTeam
2018-01-16 - Threat Spotlight- LockPOS Point of Sale Malware
2018-01-17 - A coin miner with a “Heaven’s Gate”
2018-01-17 - Art of Steal- Satori Variant is Robbing ETH BitCoin by Replacing Wallet Address
2018-01-17 - Exobot Author Calls It Quits and Sells Off Banking Trojan Source Code
2018-01-17 - Microsoft Office Vulnerabilities Used to Distribute Zyklon Malware in Recent Campaign
2018-01-17 - Reviewing the spam filters- Malspam pushing Gozi-ISFB
2018-01-17 - Turla group malware
2018-01-17 - Zumanek- novo malware tenta roubar credenciais de serviços das vítimas
2018-01-18 - The ARC of Satori
2018-01-21 - Evrial Trojan Switches Bitcoin Addresses Copied to Windows Clipboard
2018-01-22 - Op EvilTraffic CSE CybSec ZLAB Malware Analysis Report – Exclusive, tens of thousands of compromised sites involved in a new massive malvertising campaign
2018-01-22 - Paradise Ransomware strikes again
2018-01-22 - SamSam - The Evolution Continues Netting Over $325,000 in 4 Weeks
2018-01-22 - This hacking gang just updated the malware it uses against UK targets
2018-01-23 - A Walk-Through Tutorial, with Code, on Statically Unpacking the FinSpy VM- Part One, x86 Deobfuscation
2018-01-23 - Espionage Campaign Leverages Spear Phishing, RATs Against Turkish Defense Contractors
2018-01-23 - Maldoc (RTF) drops Loda Logger
2018-01-23 - Satori Author Linked to New Mirai Variant Masuta
2018-01-23 - Uncovering 2017’s Largest Malvertising Operation
2018-01-24 - A Look into the Lazarus Group’s Operations
2018-01-24 - Analyzing CrossRAT- A cross-platform implant, utilized in a global cyber-espionage campaign
2018-01-24 - Lazarus Campaign Targeting Cryptocurrencies Reveals Remote Controller Tool, an Evolved RATANKBA, and More
2018-01-24 - New HNS IoT Botnet Has Already Amassed 14K Bots
2018-01-24 - New Hide ‘N Seek IoT Botnet using custom-built Peer-to-Peer communication spotted in the wild
2018-01-25 - OilRig uses RGDoor IIS Backdoor on Targets in the Middle East
2018-01-25 - WannaMine Cryptomining- Harmless Nuisance or Disruptive Threat-
2018-01-26 - FriedEx- BitPaymer ransomware the work of Dridex authors
2018-01-26 - The TopHat Campaign- Attacks Within The Middle East Region Using Popular Third-Party Services
2018-01-26 - The Velso Ransomware Being Manually Installed by Attackers
2018-01-29 - GandCrab Ransomware Distributed by Exploit Kits Appends GDCB Extension
2018-01-29 - Let's Learn- Dissecting FormBook Infostealer Malware- Crypter & -RunLib.dll-
2018-01-29 - VERMIN- Quasar RAT and Custom Malware Used In Ukraine
2018-01-29 - Weekly TrickBot Analysis - End of w-c 22-Jan-2018 to 1000119
2018-01-30 - GandCrab ransomware distributed by RIG and GrandSoft exploit kits (updated)
2018-01-31 - Smominru Monero mining botnet making millions for operators
2018-01-31 - What are “WannaMine” attacks, and how do I avoid them-
2018-02-01 - JenX – Los Calvos de San Calvicie
2018-02-01 - Operation PZChao- a possible return of the Iron Tiger APT
2018-02-01 - Quick Test Drive of Trickbot (It now has a Monero Module)
2018-02-02 - Break Out Of The Tinynuke Malware
2018-02-02 - Gold Dragon Widens Olympics Malware Attacks, Gains Permanent Presence on Victims’ Systems
2018-02-02 - New Mac cryptominer distributed via a MacUpdate hack
2018-02-03 - Attacks Leveraging Adobe Zero-Day (CVE-2018-4878) – Threat Attribution, Attack Scenario and Recommendations
2018-02-04 - DorkBot- An Investigation
2018-02-04 - MALWARE ANALYSIS – PLUGX
2018-02-05 - Analyzing OSX-CreativeUpdater
2018-02-07 - Compromised Servers & Fraud Accounts- Recent Hancitor Attacks
2018-02-07 - RAT Trapped- LuminosityLink Falls Foul of Vermin Eradication Efforts
2018-02-07 - Targeted Attacks In The Middle East
2018-02-07 - Threat Spotlight- URSNIF Infostealer Malware
2018-02-08 - A review of the evolution of Andromeda over the years before we say goodbye
2018-02-08 - DarkSky Botnet
2018-02-08 - GandCrab Ransomware Being Distributed Via Malspam Disguised as Receipts
2018-02-08 - How not to use a driver to execute code with kernel privileges
2018-02-08 - MBRlock Ransomware
2018-02-08 - Meet CrowdStrike’s Adversary of the Month for February- MUMMY SPIDER
2018-02-08 - Merlin for Red Teams
2018-02-08 - ShurL0ckr Ransomware as a Service Peddled on Dark Web, can Reportedly Bypass Cloud Applications
2018-02-08 - UDPoS - exfiltrating credit card data via DNS
2018-02-09 - Black Ruby Ransomware Skips Victims in Iran and Adds a Miner for Good Measure
2018-02-09 - DexCrypt MBRLocker Demands 30 Yuan To Gain Access to Computer
2018-02-12 - Lazarus Resurfaces, Targets Global Banks and Bitcoin Users
2018-02-12 - New Satori Botnet Variant Enslaves Thousands of Dasan WiFi Routers
2018-02-12 - Olympic Destroyer Takes Aim At Winter Olympics
2018-02-13 - Lotus Blossom Continues ASEAN Targeting
2018-02-13 - Stopping Olympic Destroyer- New Process Injection Insights
2018-02-14 - Reversing Py2Exe binaries
2018-02-15 - Malspam delivers Keybase keylogger
2018-02-15 - Olympic Destroyer
2018-02-15 - SamSam Ransomware Campaigns
2018-02-15 - SamSam- Converting Opportunity into Profit
2018-02-15 - TrickBot’s Cryptocurrency Hunger- Tricking the Bitcoin Out of Wallets
2018-02-16 - New jRAT-Adwind Variant Being Spread With Package Delivery Scam
2018-02-17 - Tearing Apart the Undetected (OSX)Coldroot RAT
2018-02-20 - A Slice of 2017 Sofacy Activity
2018-02-20 - APT37 (Reaper)- The Overlooked North Korean Actor
2018-02-20 - Latest Elise APT comes packed with Sandbox Evasions
2018-02-21 - Avast tracks down Tempting Cedar Spyware
2018-02-21 - FinSpy VM Unpacking Tutorial Part 3- Devirtualization. Phase #1- Deobfuscating FinSpy VM Bytecode Programs
2018-02-21 - FinSpy VM Unpacking Tutorial Part 3- Devirtualization. Phase #2- First Attempt At Devirtualization
2018-02-21 - FinSpy VM Unpacking Tutorial Part 3- Devirtualization. Phase #3- Fixing The Function-Related Issues
2018-02-21 - FinSpy VM Unpacking Tutorial Part 3- Devirtualization. Phase #4- Second Attempt At Devirtualization
2018-02-21 - FinSpy VM Unpacking Tutorial Part 3- Devirtualization
2018-02-21 - FinSpyVM (Static Unpacker for FinSpyVM)
2018-02-21 - Olympic Destroyer- A new Candidate in South Korea
2018-02-22 - Let's Learn- Deeper Dive into Ramnit Banker -VNC IFSB- Remote Control Module
2018-02-23 - Avzhan DDoS bot dropped by Chinese drive-by attack
2018-02-23 - OopsIE! OilRig Uses ThreeDollars to Deliver New Trojan
2018-02-26 - Analyzing the nasty .NET protection of the Ploutus.D malware
2018-02-26 - Anatomy of the Process Environment Block (PEB) (Windows Internals)
2018-02-26 - Nanocore RAT Author Gets 33 Months in Prison
2018-02-26 - Thanatos Ransomware Is First to Use Bitcoin Cash Messes Up Encryption
2018-02-26 - Who Wasn’t Responsible for Olympic Destroyer-
2018-02-27 - Dissecting Hancitor’s Latest 2018 Packer
2018-02-28 - Black Ruby- Combining Ransomware and Coin Miner Malware
2018-02-28 - CannibalRAT targets Brazil
2018-02-28 - Chafer- Latest Attacks Reveal Heightened Ambitions
2018-02-28 - Sofacy Attacks Multiple Government Entities
2018-03-01 - Blast from the past- stowaway Virut delivered with Chinese DDoS bot
2018-03-01 - FinFisher exposed- A researcher’s tale of defeating traps, tricks, and complex virtual machines
2018-03-02 - Analysing Remcos RAT’s executable
2018-03-02 - McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups
2018-03-02 - Spear-phishing campaign leveraging on MSXSL
2018-03-02 - Tales of a Threat Hunter 2 Following the trace of WMI Backdoors & other nastiness
2018-03-05 - Sure, I’ll take that! New ComboJack Malware Alters Clipboards to Steal Cryptocurrency
2018-03-05 - Suricata rules to detect Winnti communication
2018-03-06 - Gozi ISFB Remains Active in 2018, Leverages -Dark Cloud- Botnet For Distribution
2018-03-07 - Leaked Ammyy Admin Source Code Turned into Malware
2018-03-07 - Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent
2018-03-07 - Ransomware news- GlobeImposter gets a facelift, GandCrab is still out there
2018-03-08 - Donot Team Leverages New Modular Malware Framework in South Asia
2018-03-08 - Hidden Cobra Targets Turkish Financial Sector With New Bankshot Implant
2018-03-08 - New investigations into the CCleaner incident point to a possible third stage that had keylogger capacities
2018-03-08 - OlympicDestroyer is here to trick the industry
2018-03-08 - The devil’s in the Rich header
2018-03-09 - Cloning chip-and-PIN cards- Brazilian job
2018-03-09 - From Russia(-) with Code
2018-03-09 - Masha and these Bears - 2018 Sofacy Activity
2018-03-09 - New traces of Hacking Team in the wild
2018-03-09 - Sandvine’s PacketLogic Devices Used to Deploy Government Spyware in Turkey and Redirect Egyptian Users to Affiliate Ads-
2018-03-09 - The Slingshot APT FAQ
2018-03-10 - APT15 is alive and strong- An analysis of RoyalCli and RoyalDNS
2018-03-12 - A Study of RATs- Third Timeline Iteration
2018-03-12 - Campaign Possibly Connected to “MuddyWater” Surfaces in the Middle East and Central Asia
2018-03-12 - Python decryptor for newer AdWind config file
2018-03-13 - HenBox- The Chickens Come Home to Roost
2018-03-13 - Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign
2018-03-13 - New Variant of BankBot Banking Trojan Ups Ante, Cashes Out on Android Users
2018-03-13 - Time of death- A therapeutic postmortem of connected medicine
2018-03-14 - Inception Framework- Alive and Well, and Hiding Behind Proxies
2018-03-14 - New POS Malware PinkKite Takes Flight
2018-03-14 - Tropic Trooper’s New Strategy
2018-03-16 - Royal APT - APT15 Repository
2018-03-16 - Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries
2018-03-20 - Kaspersky's 'Slingshot' report burned an ISIS-focused intelligence operation
2018-03-20 - Rootkit Umbreon - Umreon - x86, ARM samples
2018-03-20 - TeleRAT- Another Android Trojan Leveraging Telegram’s Bot API to Target Iranian Users
2018-03-20 - Tweet on Unlock92 Ransomware
2018-03-21 - Fobos Malvertising Campaign Delivers Bunitu Proxy Trojan via RIG EK
2018-03-21 - GrayBird-Colony
2018-03-21 - TrickBot Banking Trojan Adapts with New Module
2018-03-22 - GhostMiner- Cryptomining Malware Goes Fileless
2018-03-22 - Glupteba is no longer part of Windigo
2018-03-23 - Nine Iranians Charged With Conducting Massive Cyber Theft Campaign on Behalf of the Islamic Revolutionary Guard Corps
2018-03-23 - Sanny malware delivery method updated in recently observed attacks.
2018-03-23 - The AVCrypt Ransomware Tries To Uninstall Your AV Software
2018-03-25 - Let's Learn- Internals of Iranian-Based Threat Group -Chafer- Malware- Autoit and PowerShell Persistence
2018-03-26 - Silent Librarian- More to the Story of the Iranian Mabna Institute Indictment
2018-03-27 - Evolving Trickbot Adds Detection Evasion and Screen-Locking Features
2018-03-27 - Panda Banker Zeros in on Japanese Targets
2018-03-28 - An in-depth malware analysis of QuantLoader
2018-03-28 - Dissecting Olympic Destroyer – a walk-through
2018-03-28 - Multi-stage Powershell script (Brownies)
2018-03-28 - Quick summary about the Port 8291 scan
2018-03-29 - ChessMaster Adds Updated Tools to Its Arsenal
2018-03-30 - BADFLICK is not so bad!
2018-03-30 - Reflow JavaScript Backdoor
2018-03-30 - hajime_hashes
2018-04-02 - Fake AV Investigation Unearths KevDroid, New Android Malware
2018-04-03 - Lazarus KillDisks Central American casino
2018-04-03 - Let's Learn- Trickbot Implements Network Collector Module Leveraging CMD, WMI & LDAP
2018-04-04 - Hostile state actors compromising UK organisations with focus on engineering and industrial control companies
2018-04-04 - Hunting down Dofoil with Windows Defender ATP
2018-04-04 - New MacOS Backdoor Linked to OceanLotus Found
2018-04-04 - Smoking Out the Rarog Cryptocurrency Mining Trojan
2018-04-05 - Analysis of New Agent Tesla Spyware Variant
2018-04-05 - Reaper Group’s Updated Mobile Arsenal
2018-04-05 - Silent Librarian University Attacks Continue Unabated in Days Following Indictment
2018-04-10 - IcedID Banking Trojan Teams up with Ursnif-Dreambot for Distribution
2018-04-10 - Maktub ransomware- possibly rebranded as Iron
2018-04-10 - schneiken
2018-04-10 - ‘FakeUpdates’ campaign leverages multiple website platforms
2018-04-12 - APT Trends report Q1 2018
2018-04-12 - Operation Parliament, who is doing what-
2018-04-13 - Let's Learn- In-Depth Dive into Gootkit Banker Version 4 Malware Analysis
2018-04-13 - RadRAT- An all-in-one toolkit for complex espionage ops
2018-04-13 - Say “Cheese”- WebMonitor RAT Comes with C2-as-a-Service (C2aaS)
2018-04-15 - This is Spartacus- new ransomware on the block
2018-04-16 - Malware Analysis- New Trojan Double Dropper
2018-04-16 - RAT Gone Rogue- Meet ARS VBS Loader
2018-04-16 - Searching for the Reuse of Mirai Code- Hide ‘N Seek Bot
2018-04-16 - Smoke Loader malware improves after Microsoft spoils its Campaign
2018-04-16 - TrickBot & UACME
2018-04-17 - Decoding network data from a Gh0st RAT variant
2018-04-17 - Recent findings from CCleaner APT investigation reveal that attackers entered the Piriform network via TeamViewer
2018-04-17 - Reversing the Bandios - Colony Malware
2018-04-17 - SquirtDanger- The Swiss Army Knife Malware from Veteran Malware Author TheBottle
2018-04-18 - APT33
2018-04-18 - GOLD GALLEON- How a Nigerian Cyber Crew Plunders the Shipping Industry
2018-04-18 - Stresspaint Malware Campaign Targeting Facebook Credentials
2018-04-18 - Stresspaint Malware Steals Facebook Credentials and Session Cookies
2018-04-18 - Stresspaint Malware Targeting Facebook Credentials
2018-04-18 - Tens of thousands of Facebook accounts compromised in days by malware
2018-04-19 - XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing
2018-04-20 - Researchers Discover New variants of APT34 Malware
2018-04-20 - XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing
2018-04-22 - Satan ransomware adds EternalBlue exploit
2018-04-23 - Energetic Bear-Crouching Yeti- attacks on servers
2018-04-23 - Muhstik Botnet Exploits Highly Critical Drupal Bug
2018-04-23 - New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia
2018-04-24 - Analyzing Operation GhostSecret- Attack Seeks to Steal Data Worldwide
2018-04-24 - Metamorfo Campaigns Targeting Brazilian Users
2018-04-24 - New Crossrider variant installs configuration profiles on Macs
2018-04-24 - Sednit update- Analysis of Zebrocy
2018-04-26 - GravityRAT - The Two-Year Evolution Of An APT Targeting India
2018-04-26 - Necurs Evolves to Evade Spam Detection via Internet Shortcut File
2018-04-27 - GravityRAT malware takes your system's temperature
2018-04-27 - North Korean Hackers Are up to No Good Again
2018-05-01 - Legitimate Application AnyDesk Bundled with New Ransomware Variant
2018-05-01 - Lojack Becomes a Double-Agent
2018-05-03 - Who’s who in the Zoo
2018-05-04 - Botception with Necurs- Botnet distributes script with bot capabilities
2018-05-07 - EAST Publishes European Fraud Update 2-2018
2018-05-07 - Hide and Seek IoT Botnet resurfaces with new tricks, persistence
2018-05-07 - SynAck targeted ransomware uses the Doppelgänging technique
2018-05-08 - -Hide and Seek- Becomes First IoT Botnet Capable of Surviving Device Reboots
2018-05-08 - Russian hackers posed as IS to threaten military wives
2018-05-09 - Gandcrab Ransomware Walks its Way onto Compromised Sites
2018-05-09 - Malware Analysis - PlugX - Part 2
2018-05-09 - Panda Malware Broadens Targets to Cryptocurrency Exchanges and Social Media
2018-05-09 - The King is dead. Long live the King!
2018-05-10 - TreasureHunter Point-of-Sale Malware and Builder Source Code Leaked
2018-05-11 - Attackers Exploit DLL Hijacking to Bypass SmartScreen
2018-05-12 - MS Crypto Derive Functions
2018-05-12 - PRB-Backdoor - A Fully Loaded PowerShell Backdoor with Evil Intentions
2018-05-14 - A Deep Dive Into RIG Exploit Kit Delivering Grobios Trojan
2018-05-14 - StalinLocker Deletes Your Files Unless You Enter the Right Code
2018-05-15 - IR in Heterogeneous Environment
2018-05-15 - N40, the botnet created in Brazil which evolves to attack the Chilean banking sector
2018-05-15 - PAKISTAN- HUMAN RIGHTS UNDER SURVEILLANCE
2018-05-15 - Swedish sports body says anti-doping unit hit by hacking attack
2018-05-17 - A Wicked Family of Bots
2018-05-17 - Analyzing an AZORult Attack – Evasion in a Cloak of Multiple Layers
2018-05-17 - Gozi V3 Technical Update
2018-05-18 - Meet CrowdStrike’s Adversary of the Month for May- MYTHIC LEOPARD
2018-05-18 - Stealth Mango and Tangelo- Nation state mobile surveillanceware stealing data from military & government officials
2018-05-19 - Malicious Powershell Targeting UK Bank Customers
2018-05-21 - An In-Depth Analysis of Samsam Ransomware and BOSS SPIDER
2018-05-21 - Decrypting APT33’s Dropshot Malware with Radare2 and Cutter – Part 1
2018-05-21 - Tiny SHell
2018-05-22 - Nmap Script to scan for Winnti infections
2018-05-22 - The destruction of APT3
2018-05-22 - Turla Mosquito- A shift towards more generic tools
2018-05-23 - Justice Department Announces Actions to Disrupt Advanced Persistent Threat 28 Botnet of Infected Routers and Network Storage Devices
2018-05-23 - New VPNFilter malware targets at least 500K networking devices worldwide
2018-05-23 - VPNFilter- New Router Malware with Destructive Capabilities
2018-05-24 - JavaScript based Bot using Github C&C
2018-05-24 - Phorpiex – A decade of spamming from the shadows
2018-05-24 - VPNFilter EXIF to C2 mechanism analysed
2018-05-25 - Analysis of CVE-2018-8174 VBScript 0day and APT actor related to Office targeted attack
2018-05-25 - BackSwap malware finds innovative ways to empty bank accounts
2018-05-28 - BackNet
2018-05-29 - Alert (TA18-149A)- HIDDEN COBRA – Joanap Backdoor Trojan and Brambul Server Message Block Worm
2018-05-29 - Cobalt Renaissance- new attacks and joint operations
2018-05-29 - Iron Cybercrime Group Under The Scope
2018-05-29 - MAR-10135536-3 - HIDDEN COBRA RAT-Worm
2018-05-29 - Mexico Foiled a $110 Million Bank Heist, Then Kept It a Secret
2018-05-30 - Thief in the night- New Nocturnal Stealer grabs data on the cheap
2018-05-31 - APT28 Rollercoaster- The Lowdown on Hijacked Lo
2018-05-31 - DanaBot - A new banking Trojan surfaces Down Under
2018-05-31 - NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea
2018-06-01 - MysteryBot - A New Android Banking Trojan Ready For Android 7 and 8
2018-06-01 - Satan Ransomware Spawns New Methods to Spread
2018-06-05 - The Evolution of GandCrab Ransomware
2018-06-06 - Banking Trojans Under Development
2018-06-06 - Operation Prowli- Monetizing 40,000 Victim Machines
2018-06-06 - Sofacy Group’s Parallel Attacks
2018-06-06 - VPNFilter Update - VPNFilter exploits endpoints, targets new devices
2018-06-07 - InvisiMole- Surprisingly equipped spyware, undercover since 2013
2018-06-07 - New KillDisk Variant Hits Latin American Financial Organizations Again
2018-06-07 - Patchwork APT Group Targets US Think Tanks
2018-06-12 - Deep Dive into UPAS Kit vs. Kronos
2018-06-12 - Trik Spam Botnet Leaks 43 Million Email Addresses
2018-06-13 - Banco de Chile Wiper Attack Just a Cover for $10M SWIFT Heist
2018-06-13 - DDG.Mining.Botnet 近期活动分析
2018-06-13 - Lateral Movement Technique Employed by Hidden Cobra
2018-06-13 - LuckyMouse hits national data center to organize country-level waterholing campaign
2018-06-13 - TrickBot config files
2018-06-14 - Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor
2018-06-14 - DBGer Ransomware Uses EternalBlue and Mimikatz to Spread Across Networks
2018-06-15 - Betabot still alive with multi-stage packing
2018-06-15 - Chinese Cyber-Espionage Group Hacked Government Data Center
2018-06-15 - Hacker Breaches Syscoin GitHub Account and Poisons Official Client
2018-06-15 - Meet CrowdStrike’s Adversary of the Month for June- MUSTANG PANDA
2018-06-17 - Storwize USB Initialization Tool may contain malicious code
2018-06-18 - Decrypting APT33’s Dropshot Malware with Radare2 and Cutter – Part 2
2018-06-18 - Joshua Adam Schulte Charged with the Unauthorized Disclosure of Classified Information and Other Offenses Relating to the Theft of Classified Material from the Central Intelligence Agency
2018-06-18 - New Telegram‑abusing Android RAT discovered in the wild
2018-06-19 - -Hidden Bee- strikes- Kingsoft Internet Security intercepts the world's first Bootkit-class mining botnet
2018-06-19 - Backswap malware analysis
2018-06-19 - FakeSpy Android Information-Stealing Malware Targets Japanese and Korean-Speaking Users
2018-06-19 - FakeSpy Targets Japanese and Korean-Speaking Users
2018-06-19 - Hades, the actor behind Olympic Destroyer is still alive
2018-06-19 - Kardon Loader Looks for Beta Testers
2018-06-19 - Thrip- Espionage Group Hits Satellite, Telecoms, and Defense Companies
2018-06-20 - Meet MyloBot – A New Highly Sophisticated Never-Seen-Before Botnet That’s Out In The Wild
2018-06-20 - My Little FormBook
2018-06-23 - Full Discloser of Andariel, A Subgroup of Lazarus Threat Group
2018-06-23 - Malware Analysis- Kardon Loader
2018-06-26 - Files Cannot Be Decrypted- Challenge Accepted. Talos Releases ThanatosDecryptor
2018-06-26 - RANCOR- Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families
2018-06-26 - Thanatos Ransomware Decryptor Released by the Cisco Talos Group
2018-06-28 - A Brief Overview of the AMMYY RAT Downloader
2018-06-28 - The New Face of Necurs- Noteworthy Changes to Necurs’ Behaviors
2018-06-29 - BackSwap Defrauds Online Banking Customers Using Hidden Input Fields
2018-06-29 - OSX.Dummy
2018-06-29 - Recent LiteHTTP activities and IOCs
2018-06-29 - Where we go, we don't need files- Analysis of fileless malware -Rozena-
2018-07-03 - Hamas Cyber Ops Spied on Hundreds of Israeli Soldiers Using Fake World Cup, Dating Apps
2018-07-03 - Iranian APT Charming Kitten impersonates ClearSky, the security firm that uncovered its campaigns
2018-07-03 - Smoking Guns - Smoke Loader learned new tricks
2018-07-05 - A Look At Recent Tinba Banking Trojan Variant
2018-07-05 - To crypt, or to mine – that is the question
2018-07-06 - BI_D Ransomware
2018-07-06 - HNS Botnet Recent Activities
2018-07-06 - HNS Evolves From IoT to Cross-Platform Botnet
2018-07-06 - Malware “WellMess” Targeting Linux and Windows
2018-07-08 - APT Attack In the Middle East- The Big Bang
2018-07-08 - Hussarini – Targeted Cyber Attack in the Philippines
2018-07-09 - Certificates stolen from Taiwanese tech‑companies misused in Plead malware campaign
2018-07-10 - APT Trends Report Q2 2018
2018-07-11 - Chinese Espionage Group TEMP.Periscope Targets Cambodia Ahead of July 2018 Elections and Reveals Broad Operations Globally
2018-07-11 - Hawkeye Keylogger – Reborn v8- An in-depth campaign analysis
2018-07-11 - NotCarbanak Mystery - Source Code Leak
2018-07-11 - Tackling Gootkit's Traps
2018-07-12 - Old Botnets never Die, and DDG REFUSE to Fade Away
2018-07-13 - Upatre Continued to Evolve with new Anti-Analysis Techniques
2018-07-13 - VPNFilter-affected Devices Still Riddled with 19 Vulnerabilities
2018-07-16 - APT Sidewinder- Tricks powershell, Anti Forensics and execution side loading
2018-07-16 - Author of LuminosityLink Pleads Guilty
2018-07-16 - DanaBot Riding Fake MYOB Invoice Emails
2018-07-17 - A deep dive down the Vermin RAThole
2018-07-17 - Blackgear Cyberespionage Campaign Resurfaces, Abuses Social Media for C&C Communication
2018-07-17 - The return of Fantomas, or how we deciphered Cryakl
2018-07-17 - Who was behind this unprecedented Cyber attack on Western infrastructure-
2018-07-18 - Dissecting Smoke Loader
2018-07-18 - GandCrab v4.1.2 Encryption Blocking Method (Kill Switch)
2018-07-18 - The Evolution of Emotet- From Banking Trojan to Threat Distributor
2018-07-19 - Killswitch File Now Available for GandCrab v4.1.2 Ransomware
2018-07-19 - Router Crapfest- Malware Author Builds 18,000-Strong Botnet in a Day
2018-07-19 - TA505 Abusing SettingContent-ms within PDF files to Distribute FlawedAmmyy RAT
2018-07-20 - Alert (TA18-201A) Emotet Malware
2018-07-20 - Calisto Trojan for macOS
2018-07-20 - Cyberattack on Singapore health database steals details of 1.5 million, including PM
2018-07-20 - Unit 42 Finds New Mirai and Gafgyt IoT-Linux Botnet Campaigns
2018-07-23 - Deobfuscating Emotet’s powershell payload
2018-07-23 - Source Code for Exobot Android Banking Trojan Leaked Online
2018-07-24 - Emotet- The Tricky Trojan that ‘Git Clones’
2018-07-24 - Kronos Reborn
2018-07-25 - Leafminer- New Espionage Campaigns Targeting Middle Eastern Regions
2018-07-25 - OilRig Targets Technology Service Provider and Government Agency with QUADAGENT
2018-07-25 - Parasite HTTP RAT cooks up a stew of stealthy tricks
2018-07-26 - Meet CrowdStrike’s Adversary of the Month for July- WICKED SPIDER
2018-07-26 - Mitigating Emotet, The Most Common Banking Trojan
2018-07-26 - ‘Hidden Bee’ miner delivered via improved drive-by download toolkit
2018-07-27 - Luoxk Malware – Exploiting CVE-2018-2893
2018-07-27 - New Threat Actor Group DarkHydrus Targets Middle East Government
2018-07-28 - New Underminer Exploit Kit Discovered Pushing Bootkits and CoinMiners
2018-07-29 - AdKoob information thief targets Facebook ad purchase info
2018-07-29 - Let's Learn- In-Depth Reversing of Qakbot -qbot- Banker Part 1
2018-07-30 - New version of AZORult stealer improves loading features, spreads alongside ransomware in new campaign
2018-07-30 - Who is Mr Zheng-
2018-07-31 - Bisonal Malware Used in Attacks Against Russia and South Korea
2018-07-31 - Malicious document targets Vietnamese officials
2018-07-31 - Multiple Cobalt Personality Disorder
2018-07-31 - SamSam guide to coverage
2018-07-31 - SamSam- The (almost) $6 million ransomware
2018-07-31 - Scanner for CobaltStrike
2018-07-31 - Sophos releases SamSam ransomware report
2018-08-01 - Arrests Put New Focus on CARBON SPIDER Adversary Group
2018-08-01 - Inside Look at Emotet's Global Victims and Malspam Qakbot Payloads
2018-08-01 - On the Hunt for FIN7- Pursuing an Enigmatic and Evasive Global Criminal Operation
2018-08-01 - Threat Alert- DDG 3013 is Out
2018-08-02 - Goblin Panda against the Bears
2018-08-02 - How to defend yourself against SamSam ransomware
2018-08-02 - Raspite
2018-08-02 - The Gorgon Group- Slithering Between Nation State and Cybercrime
2018-08-02 - Three Carbanak cyber heist gang members arrested
2018-08-02 - Who is Mr Gao-
2018-08-03 - CERT-FR ALERT BULLETIN
2018-08-03 - Volatility Plugin for Detecting Cobalt Strike Beacon
2018-08-05 - Let's Learn- Diving into the Latest -Ramnit- Banker Malware via -sLoad- PowerShell
2018-08-05 - Ramnit’s Network of Proxy Servers
2018-08-06 - Reversing Cerber - RaaS
2018-08-06 - Who is Mr Zhang-
2018-08-07 - DarkHydrus Uses Phishery to Harvest Credentials in the Middle East
2018-08-07 - Doctor Web discovered a clipper Trojan for Android
2018-08-08 - Export JRAT-Adwind Config with x32dbg
2018-08-09 - Bokbot- The (re)birth of a banker
2018-08-09 - Malware Analysis Report (AR18-221A)
2018-08-09 - More on Huaying Haitai and Laoying Baichaun, the companies associated with APT10. Is there a state connection-
2018-08-13 - KeyPass ransomware
2018-08-15 - APT10 was managed by the Tianjin bureau of the Chinese Ministry of State Security
2018-08-15 - Necurs Targeting Banks with PUB File that Drops FlawedAmmyy
2018-08-16 - Chinese Cyberespionage Originating From Tsinghua University Infrastructure
2018-08-16 - New modular downloaders fingerprint systems, prepare for more - Part 1- Marap
2018-08-17 - EvilOSX
2018-08-17 - Prince of Persia- The Sands of Foudre
2018-08-18 - AZORult Trojan Serving Aurora Ransomware by MalActor Oktropys
2018-08-20 - Advanced Brazilian Malware Analysis
2018-08-20 - Interesting hidden threat since years -
2018-08-20 - Let's Learn- Dissecting Panda Banker & Modules- Webinject, Grabber & Keylogger DLL Modules
2018-08-20 - Ryuk Ransomware- A Targeted Campaign Break-Down
2018-08-20 - We are taking new steps against broadening threats to democracy
2018-08-21 - Dark Tequila Añejo
2018-08-21 - Microsoft Disrupts APT28 Hacking Campaign Aimed at US Midterm Elections
2018-08-21 - Microsoft claims win over 'Russian political hackers'
2018-08-21 - Supply Chain Attack Operation Red Signature Targets South Korean Organizations
2018-08-22 - BackSwap Malware Now Targets Six Banks in Spain
2018-08-22 - Picking Apart Remcos Botnet-In-A-Box
2018-08-22 - The Untold Story of NotPetya, the Most Devastating Cyberattack in History
2018-08-22 - Turla Outlook Backdoor Uses Clever Tactics for Stealth and Persistence
2018-08-23 - Lazarus Group Deploys Its First Mac Malware in Cryptocurrency Exchange Hack
2018-08-23 - New modular downloaders fingerprint systems - Part 2- AdvisorsBot
2018-08-23 - Operation AppleJeus- Lazarus hits cryptocurrency exchange with fake installer and macOS malware
2018-08-24 - Back to School- COBALT DICKENS Targets Universities
2018-08-24 - Cobalt Dickens threat group looks to be similar to indicted hackers
2018-08-24 - Iranian Hackers Charged in March Are Still Actively Phishing Universities
2018-08-25 - Let's Learn- In-Depth Reversing of Recent Gozi ISFB Banking Malware Version 2.16-2.17 (portion of ISFB v3) & -loader.dll-client.dll-
2018-08-26 - Remember Fancy Bear-
2018-08-27 - Lime-Miner
2018-08-27 - North Korean Hacking Group Steals $13.5 Million From Indian Bank
2018-08-28 - The rise of mobile banker Asacub
2018-08-29 - BusyGasper – the unfriendly spy
2018-08-29 - Loki Bot- On a hunt for corporate passwords
2018-08-29 - Meet CrowdStrike’s Adversary of the Month for August- GOBLIN PANDA
2018-08-29 - The Urpage Connection to Bahamut, Confucius and Patchwork
2018-08-30 - Cobalt Hacking Group Tests Banks In Russia and Romania
2018-08-30 - Double the Infection, Double the Fun
2018-08-30 - GlobeImposter which has more than 20 variants, is still wildly growing
2018-08-30 - Hackers Are Exposing An Apple Mac Weakness In Middle East Espionage
2018-08-30 - Manually unpacking Anubis APK
2018-08-30 - Reversing malware in a custom format- Hidden Bee elements
2018-08-30 - Rocke- The Champion of Monero Miners
2018-08-30 - Two Birds, One STONE PANDA
2018-08-31 - Who is Mr An, and was he working for APT10-
2018-09-02 - Alleged ‘Satori’ IoT Botnet Operator Sought Media Spotlight, Got Indicted
2018-09-02 - Weekend Project- A Custom IDA Loader Module For The Hidden Bee Malware Family
2018-09-03 - .lockymap Files Virus (PyLocky Ransomware) – Remove and Restore Data
2018-09-04 - CamuBot- New Financial Malware Targets Brazilian Banking Customers
2018-09-05 - New Silence hacking group suspected of having ties to cyber-security industry
2018-09-05 - PowerPool malware exploits ALPC LPE zero‑day vulnerability
2018-09-05 - Silence- Moving into the Darkside
2018-09-05 - Windows Task Scheduler Zero Day Exploited by Malware
2018-09-06 - Dissecting DEloader malware with obfuscation
2018-09-06 - North Korean Regime-Backed Programmer Charged With Conspiracy to Conduct Multiple Cyber Attacks and Intrusions
2018-09-06 - Slicing and Dicing CVE-2018-5002 Payloads- New CHAINSHOT Malware
2018-09-07 - Domestic Kitten APT Operates in Silence Since 2016
2018-09-07 - Let's Learn- Deeper Dive into -IcedID---BokBot- Banking Malware- Part 1
2018-09-10 - A Closer Look at the Locky Poser, PyLocky Ransomware
2018-09-10 - Android Malware Intercepts SMS 2FA- We have the Logs
2018-09-10 - IBM X-Force Delves Into ExoBot’s Leaked Source Code
2018-09-10 - LuckyMouse signs malicious NDISProxy driver with certificate of Chinese IT company
2018-09-11 - British Airways Fell Victim To Card Scraping Attack
2018-09-11 - New modular downloaders fingerprint systems - Part 3- CobInt
2018-09-11 - The Rise of Targeted Ransomware
2018-09-12 - Emotet IOC
2018-09-12 - Feedify Hacked with Magecart Information Stealing Script
2018-09-12 - Malware Campaign Targeting Jaxx Cryptocurrency Wallet Users Shut Down
2018-09-12 - OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government
2018-09-13 - APT10 Targeting Japanese Corporations Using Updated TTPs
2018-09-14 - Kraken Cryptor Ransomware Masquerading as SuperAntiSpyware Security Program
2018-09-14 - Rektware Ransomware
2018-09-14 - Tunneling Under the Sands
2018-09-14 - Wannamine cryptominer that uses EternalBlue still active
2018-09-17 - Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows
2018-09-18 - A taste of our own medicine- How SmokeLoader is deceiving configuration extraction by using binary code as bait
2018-09-18 - Hide and Seek- Tracking NSO Group’s Pegasus Spyware to Operations in 45 Countries
2018-09-18 - Magecart Skimming Attack Targets Mobile Users of Hotel Chain Booking Websites
2018-09-19 - Hex-Rays Microcode API vs. Obfuscating Compiler
2018-09-19 - 绿斑”行动——持续多年的攻击
2018-09-20 - On the Trail of OSX.FairyTale - Adware Playing at Malware
2018-09-20 - Sustes Malware- CPU for Monero
2018-09-21 - DanaBot shifts its targeting to Europe, adds new features
2018-09-21 - VIGILANTE MALWARE REMOVES CRYPTOMINERS FROM THE INFECTED DEVICE
2018-09-24 - Adwind Dodges AV via DDE
2018-09-26 - VPNFilter III- More Tools for the Swiss Army Knife of Malware
2018-09-27 - APT28 Uses LoJax, First UEFI Rootkit Seen in the Wild
2018-09-27 - Cybercriminals Increasingly Trying to Ensnare the Big Financial Fish
2018-09-27 - LoJax- First UEFI rootkit found in the wild, courtesy of the Sednit group
2018-09-27 - New KONNI Malware attacking Eurasia and Southeast Asia
2018-09-27 - Torii botnet - Not another Mirai variant
2018-09-28 - Meet CrowdStrike’s Adversary of the Month for September- COBALT SPIDER
2018-10-01 - BianLian - The Malware Dropper That Had A Dream
2018-10-01 - CDS 2018 - Unmasking APT X
2018-10-01 - NOKKI Almost Ties the Knot with DOGCALL- Reaper Group Uses New Malware to Deploy RAT
2018-10-01 - Report Ties North Korean Attacks to New Malware, Linked by Word Macros
2018-10-01 - Roaming Mantis Group Testing Coinhive Miner Redirects on iPhones
2018-10-01 - VB2018 - Who Was Not Responsible for Olympic Destroyer
2018-10-02 - Alert (TA18-275A) HIDDEN COBRA- FASTCash Campaign
2018-10-02 - Alert (TA18-275A)- HIDDEN COBRA – FASTCash Campaign
2018-10-02 - DanaBot Gains Popularity and Targets US Organizations in Large Campaigns
2018-10-03 - APT37- Final1stspy Reaping the FreeMilk
2018-10-03 - New Betabot campaign under the microscope
2018-10-04 - APT28- New Espionage Operations Target Military and Government Organizations
2018-10-04 - Indicators of Compromise for Malware used by APT28
2018-10-04 - Shedding Skin – Turla’s Fresh Faces
2018-10-05 - ARS Loader evolution, a new stealer (ZeroEvil) and AirNaine (TA545)
2018-10-08 - BSides Belfast 2018- Lazarus On The Rise- Insights From SWIFT Bank Attacks
2018-10-08 - Cobalt Group 2.0
2018-10-08 - Delivery (Key)Boy
2018-10-09 - Magecart Group Compromises Plugin Used in Thousands of Stores, Makes Rookie Mistake
2018-10-09 - Malware Configs - Pandabanker
2018-10-10 - Gallmaker- New Attack Group Eschews Malware to Live off the Land
2018-10-10 - MuddyWater expands operations
2018-10-11 - GPlayed Trojan - .Net playing with Google Market
2018-10-11 - New TeleBots backdoor- First evidence linking Industroyer to NotPetya
2018-10-14 - Godzilla Loader and the Long Tail of Malware
2018-10-15 - Octopus-infested seas of Central Asia
2018-10-15 - Predator The Thief- In-depth analysis (v2.3.5)
2018-10-17 - ESET unmasks ‘GREYENERGY’ cyber-espionage group
2018-10-17 - GreyEnergy- Updated arsenal of one of the most dangerous threat actors
2018-10-17 - Software Description- More_eggs
2018-10-17 - The Emergence of the New Azorult 3.3
2018-10-17 - Thrip
2018-10-17 - ‘Operation Oceansalt’ Delivers Wave After Wave
2018-10-19 - DarkPulsar
2018-10-22 - Mobile beasts and where to find them — part four
2018-10-23 - TRITON Attribution- Russian Government-Owned Lab Most Likely Built Custom Intrusion Tools for TRITON Attackers
2018-10-23 - godoh- A DNS-over-HTTPS Command & Control Proof of Concept
2018-10-23 - sLoad and Ramnit pairing in sustained campaigns against UK and Italy
2018-10-24 - Waiting for goDoH
2018-10-25 - Cutwail Spam Campaign Uses Steganography to Distribute URLZone
2018-10-25 - Game of Trojans- Dissecting the #Khalesi Infostealer Malware
2018-10-25 - GandCrab Ransomware decryption tool
2018-10-25 - New Techniques to Uncover and Attribute Cobalt Gang Commodity Builders and Infrastructure Revealed
2018-10-25 - New sLoad malware downloader being leveraged by APT group TA554 to spread Ramnit
2018-10-26 - Meet CrowdStrike’s Adversary of the Month for October- DUNGEON SPIDER
2018-10-28 - LiteHTTP
2018-10-29 - GPlayed's younger brother is a banker — and it's after Russian banks
2018-10-30 - Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims
2018-10-30 - U.S. Indicts Chinese Hacker-Spies in Conspiracy to Steal Aerospace Secrets
2018-10-31 - Emotet Awakens With New Campaign of Mass Email Exfiltration
2018-10-31 - Let's Learn- Exploring ZeusVM Banking Malware Hooking Engine
2018-11-01 - CTA Adversary Playbook- Goblin Panda
2018-11-01 - GootKit Analysis (French)
2018-11-01 - Trickbot Shows Off New Trick- Password Grabber Module
2018-11-03 - Là 1937CN hay OceanLotus hay Lazarus …
2018-11-04 - BetaBot y Fleercivet, dos nuevos informes de código dañino del CCN-CERT
2018-11-05 - Data Talks- Deeper Down the Rabbit Hole- Second-Stage Attack and a Fileless Finale
2018-11-05 - Inception Attackers Target Europe with Year-old Office Vulnerability
2018-11-05 - Let's Learn- In-Depth Reversing of Hancitor Dropper-Loader- 2016 vs 2018 Malware Progression
2018-11-05 - Persian Stalker pillages Iranian users of Instagram and Telegram
2018-11-06 - Threat Spotlight- Inside VSSDestroy Ransomware (variant of Matrix Ransom)
2018-11-07 - BCMPUPnP_Hunter- A 100k Botnet Turns Home Routers to Email Spammers
2018-11-07 - Let’s Learn- Introducing Latest TrickBot Point-of-Sale Finder Module
2018-11-08 - Deep Analysis of TrickBot New Module pwgrab
2018-11-08 - FASTCash- How the Lazarus Group is Emptying Millions from ATMs
2018-11-08 - Metamorfo Banking Trojan Keeps Its Sights on Brazil
2018-11-09 - Emotet launches major new spam campaign
2018-11-12 - Bug in Malware “TSCookie” - Fails to Read Configuration
2018-11-12 - What’s new in TrickBot- Deobfuscating elements
2018-11-13 - HookAds Malvertising Installing Malware via the Fallout Exploit Kit
2018-11-13 - Let's Learn- Dissect Panda Banking Malware's -libinject- Process Injection Module
2018-11-14 - A new exploit for zero-day vulnerability CVE-2018-8589
2018-11-14 - Big Game Hunting- The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware
2018-11-15 - Mylobot Continues Global Infections
2018-11-15 - tRat- New modular RAT appears in multiple email campaigns
2018-11-16 - Analyzing OilRig’s Ops Tempo from Testing to Weaponization to Delivery
2018-11-16 - Exploring Emotet- Examining Emotet’s Activities, Infrastructure
2018-11-16 - Return to ROKRAT!! (feat. FAAAA...Sad...)
2018-11-18 - CozyBear – In from the Cold-
2018-11-19 - Not So Cozy- An Uncomfortable Examination of a Suspected APT29 Phishing Campaign
2018-11-19 - VisionDirect Data Breach Caused by MageCart Attack
2018-11-20 - Information, tools, and signatures around the Conficker computer worm
2018-11-20 - L0RDIX- MULTIPURPOSE ATTACK TOOL
2018-11-20 - Lazarus Continues Heists, Mounts Attacks on Financial Organizations in Latin America
2018-11-20 - Sednit- What’s going on with Zebrocy-
2018-11-20 - Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan
2018-11-21 - FIN7 Not Finished – Morphisec Spots New Campaign
2018-11-21 - MageCart Group Sabotages Rival to Ruin Data and Reputation
2018-11-23 - Sload hits Italy. Unveil the power of powershell as a downloader
2018-11-26 - A Look into the Connection Between XLoader and FakeSpy, and Their Possible Ties With the Yanbian Gang
2018-11-26 - Examining XLoader, FakeSpy, and the Yanbian Gang
2018-11-27 - DNSpionage Campaign Targets Middle East
2018-11-27 - Let's Learn- In-Depth on Sofacy Cannon Loader-Backdoor Review
2018-11-27 - Meet CrowdStrike’s Adversary of the Month for November- HELIX KITTEN
2018-11-27 - The SLoad Powershell Threat is Expanding to Italy
2018-11-28 - AutoCAD Malware - Computer Aided Theft
2018-11-28 - Russian Hackers Haven't Stopped Probing the US Power Grid (Temp.Isotope)
2018-11-28 - Two Iranian Men Indicted for Deploying Ransomware to Extort Hospitals, Municipalities, and Public Institutions, Causing Over $30 Million in Losses
2018-11-29 - Analysis Of Targeted Attack Against Pakistan By Exploiting InPage Vulnerability And Related APT Groups
2018-11-29 - Golden Chickens- Uncovering A Malware-as-a-Service (MaaS) Provider and Two New Threat Actors Using It
2018-11-29 - How a SamSam-like attack happens, and what you can do about it
2018-11-29 - Snakemackerel delivers Zekapab malware
2018-11-30 - The Evolution of BackSwap
2018-11-30 - Virut Resurrects -- Musings on long-term sinkholing
2018-12-01 - Tracking Mirai Variants (Ya Liu & Hui Wang)
2018-12-03 - Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers
2018-12-04 - Hide ‘N Seek botnet continues infecting devices with default credentials, building a P2P network and more.
2018-12-04 - Malspam pushing Lokibot malware
2018-12-05 - Farewell to Kelihos and ZOMBIE SPIDER
2018-12-05 - STOLEN PENCIL Campaign Targets Academia
2018-12-05 - The Dark Side of the ForSSHe
2018-12-05 - Torpig
2018-12-05 - Trickbot’s Tricks
2018-12-06 - DanaBot evolves beyond banking Trojan with new spam‑sending capability
2018-12-07 - Mac malware combines EmPyre backdoor and XMRig miner
2018-12-07 - Netbooks, RPis, & Bash Bunny Gear - Attacking Banks from the Inside
2018-12-10 - Collecting Malicious Particles from Neutrino Botnets
2018-12-10 - Let's Learn- Reviewing Sofacy's -Zebrocy- C++ Loader- Advanced Insight
2018-12-10 - Seedworm- Group Compromises Government Agencies, Oil & Gas, NGOs, Telecoms, and IT Firms
2018-12-11 - New Satan ransomware variant ‘Lucky’ exposes 10 server-side vulnerabilities
2018-12-12 - Dear Joohn- The Sofacy Group’s Global Campaign
2018-12-12 - The TrickBot and MikroTik connection
2018-12-12 - Zero-day in Windows Kernel Transaction Manager (CVE-2018-8611)
2018-12-12 - ‘Operation Sharpshooter’ Targets Global Defense, Critical Infrastructure
2018-12-13 - POWERSING - From LNK Files To Janicab Through YouTube & Twitter
2018-12-13 - Shamoon 3 Targets Oil and Gas Organization
2018-12-13 - The Return of The Charming Kitten
2018-12-14 - Cybercriminals Use Malicious Memes that Communicate with Malware
2018-12-14 - Shamoon- Destructive Threat Re-Emerges with New Sting in its Tail
2018-12-18 - Scumbag Combo- Agent Tesla and XpertRAT
2018-12-18 - Sofacy Creates New ‘Go’ Variant of Zebrocy Tool
2018-12-18 - URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader
2018-12-19 - Analysis of Smoke Loader in New Tsunami Campaign
2018-12-19 - Danabot's Travels, A Global Perspective
2018-12-19 - MALSPAM PUSHING THE MYDOOM WORM IS STILL A THING
2018-12-19 - Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems
2018-12-20 - Chinese Hackers Indicted - Members of APT 10 Group Targeted Intellectual Property and Confidential Business Information
2018-12-20 - Dissecting the Danabot Payload Targeting Italy
2018-12-20 - Middle East Cyber-Espionage- analyzing WindShift's implant- OSX.WindTail (part 1)
2018-12-20 - With Mirai Comes Miori- IoT Botnet Delivered via ThinkPHP Remote Code Execution Exploit
2018-12-21 - FIN7 Not Finished - Morphisec Spots New Campaign
2018-12-21 - Let's Learn- In-Depth on APT28-Sofacy Zebrocy Golang Loader
2018-12-24 - Let’s dig into Vidar – An Arkei Copycat-Forked Stealer (In-depth analysis)
2018-12-29 - Malware attack disrupts delivery of L.A. Times and Tribune papers across the U.S.
2018-12-30 - Retefe unpacker
2018-12-31 - FastCashMalwareDissected

Malware Analysis 2019

2019-01-01 - VB2018 - Inside Formbook InfoStealer
2019-01-02 - Analysis of Neutrino Bot Sample (dated 2018-08-27)
2019-01-03 - Digging into BokBot’s Core Module
2019-01-03 - LOLbins and trojans- How the Ramnit Trojan spreads via sLoad in a cyberattack
2019-01-04 - How to Decrypt the Aurora Ransomware with AuroraDecrypter
2019-01-04 - mimikatz Repository
2019-01-05 - Emotet Research
2019-01-05 - Getting 'rid' of pre-installed Malware on my YellYouth Android Tablet
2019-01-06 - [RAT] DARK TRACK ALIEN 4.1
2019-01-07 - ChinaZ Revelations- Revealing ChinaZ Relationships with other Chinese Threat Actor Groups
2019-01-07 - GandCrab Operators Use Vidar Infostealer as a Forerunner
2019-01-07 - Let's Learn- Deeper Dive into Gamaredon Group Pteranodon Implant Version '_512'
2019-01-08 - DarkHydrus delivers new Trojan that can use Google Drive for C2 communications
2019-01-09 - Análisis de Linux.Sunless
2019-01-09 - Ryuk Ransomware Attack- Rush to Attribution Misses the Point
2019-01-09 - ServHelper and FlawedGrace - New malware introduced by TA505
2019-01-10 - Big Game Hunting with Ryuk- Another Lucrative Targeted Ransomware
2019-01-10 - Global DNS Hijacking Campaign- DNS Record Manipulation at Scale
2019-01-10 - Pylocky Unlocked- Cisco Talos releases PyLocky ransomware decryptor
2019-01-10 - TA505 Group Adopts New ServHelper Backdoor and FlawedGrace RAT
2019-01-10 - [DNSPIONAGE] – Focus on internal actions
2019-01-11 - A Nasty Trick- From Credential Theft Malware to Business Disruption
2019-01-11 - A Zebrocy Go Downloader
2019-01-11 - PHA Family Highlights- Zen and its cousins
2019-01-11 - TA505 Crime Gang Debuts Brand-New ServHelper Backdoor
2019-01-11 - The “AVE_MARIA” Malware
2019-01-11 - Threat Actor “Cold River”- Network Traffic Analysis and a Deep Dive on Agent Drable
2019-01-14 - A Quick Solution to an Ugly Reverse Engineering Problem
2019-01-14 - Juicy Potato (abusing the golden privileges)
2019-01-15 - Analyzing COMmunication in Malware
2019-01-15 - Disclosure of Chilean Redbanc Intrusion Leads to Lazarus Ties
2019-01-15 - Djvu Ransomware Spreading New .TRO Variant Through Cracks & Adware Bundles
2019-01-16 - North Korean hackers infiltrate Chile's ATM network after Skype job interview
2019-01-17 - BlackRouter Ransomware Promoted as a RaaS by Iranian Developer
2019-01-17 - Emotet infections and follow-up malware
2019-01-17 - Google Play Apps Drop Anubis Banking Malware, Use Motion-based Evasion Tactics
2019-01-17 - Malware Used by “Rocke” Group Evolves to Evade Detection by Cloud Security Products
2019-01-17 - Pond Loach delivers BadCake malware
2019-01-17 - Qealler — The Silent Java Credential Thief
2019-01-17 - Sliver Implant Framework
2019-01-18 - BLACK ENERGY – Analysis
2019-01-18 - From Hacking Team to hacked team to...-
2019-01-18 - Nymaim deobfuscation
2019-01-18 - Spotted- JobCrypter Ransomware Variant With New Encryption Routines, Captures Desktop Screenshots
2019-01-19 - AsyncRAT- Open-Source Remote Administration Tool For Windows CSharp
2019-01-21 - HackTool-Win32-RemoteAdmin
2019-01-21 - The Kutaki Malware Bypasses Gateways to Steal Users’ Credentials
2019-01-22 - A Lazarus Keylogger- PSLogger
2019-01-22 - Happy New Year 2019! Anatova is here!
2019-01-23 - New Anatova Ransomware Supports Modules for Extra Functionality
2019-01-23 - Russian Language Malspam Pushing Redaman Banking Malware
2019-01-23 - SectorA01 Custom Proxy Utility Tool Analysis
2019-01-24 - Cisco AMP tracks new campaign that delivers Ursnif
2019-01-24 - GreyEnergy’s overlap with Zebrocy
2019-01-24 - Razy in search of cryptocurrency
2019-01-24 - Silence group targeting Russian Banks via Malicious CHM
2019-01-25 - Toolkit collection developed to help malware analysts dissecting and detecting the packer used by GreyEnergy samples.
2019-01-25 - Widespread DNS Hijacking Activity Targets Multiple Sectors
2019-01-28 - AZORult- Now, as A Signed “Google Update”
2019-01-28 - Russia hit by new wave of ransomware spam
2019-01-29 - APT38
2019-01-29 - APT39- An Iranian Cyber Espionage Group Focused on Personal Information
2019-01-29 - OSX-Keydnap IoCs
2019-01-29 - Phobos Ransomware, A Combo of CrySiS and Dharma
2019-01-30 - Analysis of NetWiredRC trojan
2019-01-30 - Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities
2019-01-30 - Fake Cisco Job Posting Targets Korean Candidates
2019-01-30 - Matrix- Targeted, small scale, canary in the coalmine ransomware
2019-01-30 - New LockerGoga Ransomware Allegedly Used in Altran Attack
2019-02-01 - Information about lnkr5, malware distributed via Chrome extensions
2019-02-01 - LNKR - Extension analysis - Flash Playlist
2019-02-01 - Tracking OceanLotus’ new Downloader, KerrDown
2019-02-02 - Word-based Malware Attack
2019-02-03 - Maoloa Ransomware
2019-02-04 - ExileRAT shares C2 with LuckyCat, targets Tibet
2019-02-04 - SpeakUp- A New Undetected Backdoor Linux Trojan
2019-02-05 - Revisiting Hancitor in Depth
2019-02-06 - Analysis of multiplatform Java Jacksbot Backdoor
2019-02-06 - IcedID Operators Using ATSEngine Injection Panel to Hit E-Commerce Sites
2019-02-06 - Qealler – a new JAR-based information stealer
2019-02-06 - Some Notes on the Silence Proxy
2019-02-06 - Threat Actor -Magecart-- Coming to an eCommerce Store Near You
2019-02-07 - An Inside Look at the Infrastructure Behind the Russian APT Gamaredon Group
2019-02-07 - DanaBot updated with new C&C communication
2019-02-07 - Sales of AZORult grind to an AZOR-halt
2019-02-07 - Ursnif- Long Live the Steganography!
2019-02-08 - First clipper malware discovered on Google Play
2019-02-11 - 620 million accounts stolen from 16 hacked websites now for sale on dark web, seller boasts
2019-02-11 - How the Silence Downloader Has Evolved Over Time
2019-02-12 - APT Groups Moving Down the Supply Chain
2019-02-12 - GreyEnergy Malware Research Paper- Maldoc to Backdoor
2019-02-12 - Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire
2019-02-13 - Alert (AA19-024A)- DNS Infrastructure Hijacking Campaign
2019-02-13 - Analyzing Amadey – a simple native malware
2019-02-13 - Astaroth Malware Uses Legitimate OS and Antivirus Processes to Steal Passwords and Personal Data
2019-02-13 - Former U.S. Counterintelligence Agent Charged With Espionage on Behalf of Iran; Four Iranians Charged With a Cyber Campaign Targeting Her Former Colleagues
2019-02-14 - 127 million user records from 8 companies put up for sale on the dark web
2019-02-14 - Malware Tales- Gootkit
2019-02-14 - Worm.Win32.PYFILEDEL.AA
2019-02-15 - “Sin”-ful SPIDERS- WIZARD SPIDER and LUNAR SPIDER Sharing the Same Web
2019-02-16 - Emotet droppers
2019-02-16 - Spoofing in the reeds with Rietspoof
2019-02-17 - Hacker puts up for sale third round of hacked databases on the Dark Web
2019-02-18 - A Deep Dive on the Recent Widespread DNS Hijacking Attacks
2019-02-18 - Trojan.Android.SmsAgent 악성코드 분석 보고서
2019-02-19 - ATM robber WinPot- a slot machine instead of cutlets
2019-02-19 - New GandCrab v5.1 Decryptor Available Now
2019-02-19 - North Korea Turns Against New Targets-!
2019-02-19 - 攻撃グループTickによる日本の組織をターゲットにした攻撃活動
2019-02-20 - Combing Through Brushaloader Amid Massive Detection Uptick
2019-02-20 - Cybercrime is focusing on accountants
2019-02-20 - More Russian language malspam pushing Shade (Troldesh) ransomware
2019-02-20 - Spoofing in the reeds with Rietspoof
2019-02-21 - Fake Jobs- Campaigns Delivering More_eggs Backdoor via Fake Job Offers
2019-02-21 - Shifting in the Wind- WINDSHIFT Attacks Target Middle Eastern Governments
2019-02-22 - Cr1ptT0r Ransomware Infects D-Link NAS Devices, Targets Embedded Systems
2019-02-22 - New BabyShark Malware Targets US National Security Think Tanks
2019-02-23 - D-Link DNS-320 NAS Cr1ptT0r Ransomware ARM Dynamic Analysis - QEMU and Raspberry PI VM
2019-02-25 - How To- Analyzing a Malicious Hangul Word Processor Document from a DPRK Threat Actor Group
2019-02-25 - Multiple ArtraDownloader Variants Used by BITTER to Target Pakistan
2019-02-26 - Farseer- Previously Unknown Malware Family bolsters the Chinese armoury
2019-02-26 - Identifying Cobalt Strike team servers in the wild
2019-02-26 - New Golang brute forcer discovered amid rise in e-commerce attacks
2019-02-26 - The Arsenal Behind the Australian Parliament Hack
2019-02-26 - The Supreme Backdoor Factory
2019-02-27 - A Peek into BRONZE UNION’s Toolbox
2019-02-27 - New Global Cyber Attack on Point of Sale Sytem
2019-02-27 - Protecting Against WinRAR Vulnerabilities
2019-02-28 - EmpireMonkey malware distribution
2019-02-28 - Technical Analysis- Pacha Group Deploying Undetected Cryptojacking Campaigns on Linux Servers
2019-03-01 - Breakdown of a Targeted DanaBot Attack
2019-03-01 - Threat Alert- AVE Maria infostealer on the rise
2019-03-03 - Op 'Sharpshooter' Connected to North Korea's Lazarus Group
2019-03-04 - APT40- Examining a China-Nexus Espionage Actor
2019-03-04 - New Python-Based Payload MechaFlounder Used by Chafer
2019-03-04 - Reptile
2019-03-05 - CryptoMix Clop Ransomware Says It's Targeting Networks, Not Computers
2019-03-05 - GandCrab 101- All about the most widely distributed ransomware of the moment
2019-03-05 - Quick Analysis of a Trickbot Sample with NSA's Ghidra SRE Framework
2019-03-06 - DE-Cr1pt0r tool - The Cr1pt0r ransomware decompiled decryption routine
2019-03-06 - Internet of Termites
2019-03-06 - PINCHY SPIDER Affiliates Adopt “Big Game Hunting” Tactics to Distribute GandCrab Ransomware
2019-03-06 - Whitefly- Espionage Group has Singapore in Its Sights
2019-03-07 - New SLUB Backdoor Uses GitHub, Communicates via Slack
2019-03-07 - The inside story of the world's most dangerous malware
2019-03-08 - Emotet trojan implicated in Wolverine Solutions ransomware attack
2019-03-08 - Iranian-backed hackers stole data from major U.S. government contractor
2019-03-09 - retefe- Artefacts from various retefe campaigns
2019-03-10 - BI_D Ransomware Redux (Now With 100% More Ghidra)
2019-03-11 - A predatory tale- Who’s afraid of the thief-
2019-03-11 - Attackers Insert Themselves into the Email Conversation to Spread Malware
2019-03-11 - Gaming industry still in the scope of attackers in Asia
2019-03-11 - Researcher Claims Iranian APT Behind 6TB Data Heist at Citrix
2019-03-11 - Resecurity reports ‘IRIDUIM’ behind Citrix data breach, 200+ government agencies, oil and gas companies, and technology companies also targeted.
2019-03-11 - Study of the Belonard Trojan, exploiting zero-day vulnerabilities in Counter-Strike 1.6
2019-03-12 - New Ursnif Variant targets Japan packed with new Features
2019-03-12 - Nymaim config decoded
2019-03-12 - Operation Comando How to Run a Cheap and Effective Credit Card Business
2019-03-12 - The Advanced Persistent Threat files- Lazarus Group
2019-03-13 - Analysing ISFB - The First Loader
2019-03-13 - BlackBerry Cylance vs. Tinba Banking Trojan
2019-03-13 - DanaBot control panel revealed
2019-03-13 - Fake CDC Flu Pandemic Warning delivers Gandcrab 5.2 ransomware
2019-03-13 - GlitchPOS- New PoS malware for sale
2019-03-13 - N Ways to Unpack Mobile Malware
2019-03-13 - ORANGEWORM GROUP – KWAMPIRS ANALYSIS UPDATE
2019-03-13 - The fourth horseman- CVE-2019-0797 vulnerability
2019-03-13 - ‘DMSniff’ POS Malware Actively Leveraged to Target Small-, Medium-Sized Businesses
2019-03-14 - Attacker Tracking Users Seeking Pakistani Passport
2019-03-14 - Daily Ruleset Update Summary 2019-03-14
2019-03-15 - Flash Bulletin- Emotet Epoch 1 Changes its C2 Communication
2019-03-15 - Immortal information stealer
2019-03-15 - Rocke Evolves Its Arsenal With a New Malware Family Written in Golang
2019-03-17 - Emotet malware analysis. Part 1
2019-03-17 - Global ATM Malware Wall
2019-03-17 - Round 4- Hacker returns and puts 26Mil user records for sale on the Dark Web
2019-03-18 - Analysis of .Net Stealer GrandSteal
2019-03-18 - Analysis of BlackMoon (Banking Trojan)'s Evolution, And The Possibility of a Latest Version Under Development
2019-03-18 - Enterprise Malware-as-a-Service- Lazarus Group and the Evolution of Ransomware
2019-03-19 - Cardinal RAT Sins Again, Targets Israeli Fin-Tech Firms
2019-03-19 - SectorM04 Targeting Singapore – An Analysis
2019-03-20 - APT38 DyePack Framework
2019-03-20 - FIN7 Revisited- Inside Astra Panel and SQLRat Malware
2019-03-20 - New Evidence Proves Ongoing WIZARD SPIDER - LUNAR SPIDER Collaboration
2019-03-20 - Ransomware or Wiper- LockerGoga Straddles the Line
2019-03-21 - How Lockergoga took down Hydro — ransomware used in targeted attacks aimed at big business
2019-03-21 - Interception- Dissecting BokBot’s “Man in the Browser”
2019-03-22 - AZORult++- Rewriting history
2019-03-23 - Reverse Engineering Gootkit with Ghidra Part I
2019-03-24 - JEShell- An OceanLotus (APT32) Backdoor
2019-03-25 - API Hashing Tool, Imagine That
2019-03-25 - Emerging Threat on RANSOM_CRYPTESLA
2019-03-25 - Let’s play with Qulab, an exotic malware developed in AutoIT
2019-03-25 - Operation ShadowHammer
2019-03-25 - Patting the Bear (APT-C-37)- Exposure of Continued Attacks Against an Armed Organization
2019-03-26 - Cryptocurrency businesses still being targeted by Lazarus
2019-03-26 - The Ursnif Gangs keep Threatening Italy
2019-03-26 - WinRAR Zero-day Abused in Multiple Campaigns
2019-03-27 - Analysis of the ShadowHammer backdoor
2019-03-27 - Elfin- Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.
2019-03-27 - Emotet adds a further layer of camouflage
2019-03-27 - Forging the ShadowHammer
2019-03-27 - New steps to protect customers from hacking
2019-03-27 - PsiXBot- The Evolution Of A Modular .NET Bot
2019-03-28 - 10 Years Since Ghostnet
2019-03-28 - Analysis of ShadowHammer ASUS Attack First Stage Payload
2019-03-28 - CRTC and RCMP National Division Execute Warrants in Malware Investigation
2019-03-28 - Group-IB uncovers Android Trojan named «Gustuff» capable of targeting more than 100 global banking apps, cryptocurrency and marketplace applications
2019-03-28 - Let's Learn- Dissecting Operation ShadowHammer Shellcode Internals in crt_ExitProcess
2019-03-28 - The return of the BOM
2019-03-28 - Unleash The Hash - ShadowHammer MAC Address List
2019-03-29 - A Hammer Lurking In The Shadows
2019-03-29 - Exodus- New Android Spyware Made in Italy
2019-03-29 - Researchers Find Google Play Store Apps Were Actually Government Malware
2019-04-01 - Prosecutors Launch Investigation Into Company That Put Malware on Google Play Store
2019-04-02 - A LockerGoga primer and decrypters for Mira and Aurora ransomwares
2019-04-02 - Canadian Police Raid ‘Orcus RAT’ Author
2019-04-02 - New ServHelper Variant Employs Excel 4.0 Macro to Drop Signed Payload
2019-04-02 - Report- OceanLotus APT Group Leveraging Steganography
2019-04-02 - Triple Threat- Emotet Deploys Trickbot to Steal Data & Spread Ryuk
2019-04-02 - Xwo - A Python-based bot scanner
2019-04-03 - Allanite
2019-04-03 - Possible ShadowHammer Targeting (Low Confidence)
2019-04-03 - RAT - Hodin
2019-04-04 - BasBanke- Trend-setting Brazilian banking Trojan
2019-04-04 - Bayer points finger at Wicked Panda in cyberattack
2019-04-04 - IcedID Banking Trojan Spruces Up Injection Tactics to Add Stealth
2019-04-04 - Mimikatz in the Wild- Bypassing Signature-Based Detections Using the “AK47 of Cyber”
2019-04-05 - Pick-Six- Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware
2019-04-05 - Spammed PNG file hides LokiBot
2019-04-05 - Ursnif- The Latest Evolution of the Most Popular Banking Malware
2019-04-07 - Emotet malware analysis. Part 2
2019-04-07 - Mobile Malware Analysis - Tricks used in Anubis
2019-04-08 - Mirai Compiled for New Processors Surfaces in the Wild
2019-04-09 - Collection of helper scripts for OceanLotus
2019-04-09 - Cybercrime market selling full digital fingerprints of over 60,000 users
2019-04-09 - Gustuff banking botnet targets Australia
2019-04-09 - LimeRAT spreads in the wild
2019-04-09 - OceanLotus- macOS malware update
2019-04-09 - Say hello to Baldr, a new stealer on the market
2019-04-10 - Floodor- A Linux TCP - UDP Flooder
2019-04-10 - Lazarus Group rises again from the digital grave with Hoplight malware for all
2019-04-10 - Malware Analysis Report (AR19-100A)- North Korean Trojan- HOPLIGHT
2019-04-10 - OSINT Reporting Regarding DPRK and TA505 Overlap
2019-04-10 - Project TajMahal – a sophisticated new APT framework
2019-04-10 - TRISIS - TRITON - HatMan Malware Repository
2019-04-10 - The Gaza cybergang and its SneakyPastes campaign
2019-04-11 - Ave_Maria Malware- there's more than meets the eye
2019-04-11 - Lazarus rises- Warning over new HOPLIGHT malware linked with North Korea
2019-04-11 - The official website of a popular video editing software was infected with a banking trojan
2019-04-11 - Two Romanian Cybercriminals Convicted of All 21 Counts Relating to Infecting Over 400,000 Victim Computers with Malware and Stealing Millions of Dollars
2019-04-12 - Analysis of an IRC based Botnet
2019-04-12 - Emotet Malware Revives Old Email Conversations Threads to Increase Infection Rates
2019-04-13 - Decoded Turla Powershell Implant
2019-04-15 - A hacker has dumped nearly one billion user records over the past two months
2019-04-15 - Account With Admin Privileges Abused to Install BitPaymer Ransomware via PsExec
2019-04-15 - Cobalt Strike. Walkthrough for Red Teamers
2019-04-15 - New HawkEye Reborn Variant Emerges Following Ownership Change
2019-04-16 - DNS Tunneling in the Wild- Overview of OilRig’s DNS Tunneling
2019-04-16 - Inside Scranos – A Cross Platform, Rootkit-Enabled Spyware Operation
2019-04-16 - Spear Phishing Campaign Targets Ukraine Government and Military; Infrastructure Reveals Potential Link to So-Called Luhansk People's Republic
2019-04-17 - Aggah Campaign- Bit.ly, BlogSpot, and Pastebin Used for C2 in Large Scale Campaign
2019-04-17 - DNS Hijacking Abuses Trust In Core Internet Service
2019-04-18 - APT28 and Upcoming Elections- Evidence of Possible Interference (Part II)
2019-04-18 - Predator the Thief- New Routes of Delivery
2019-04-19 - Security researcher MalwareTech pleads guilty
2019-04-19 - TDL (Turla Driver Loader) Repository
2019-04-22 - Analyzing Emotet with Ghidra — Part 1
2019-04-22 - C-C++ Runtime Library Code Tampering in Supply Chain
2019-04-22 - CARBANAK Week Part One- A Rare Occurrence
2019-04-22 - Dissecting Emotet’s network communication protocol
2019-04-22 - FINTEAM- Trojanized TeamViewer Against Government Targets
2019-04-22 - Unpacking & Decrypting FlawedAmmyy
2019-04-22 - Who’s Behind the RevCode WebMonitor RAT-
2019-04-23 - APT34- webmask project
2019-04-23 - DNSpionage brings out the Karkoff
2019-04-23 - Operation ShadowHammer- a high-profile supply chain attack
2019-04-24 - Beapy- Cryptojacking Worm Hits Enterprises in China
2019-04-24 - Deobfuscating APT32 Flow Graphs with Cutter and Radare2
2019-04-25 - Chinese-based hackers attack domestic energy institutions
2019-04-25 - Emotet Adds New Evasion Technique
2019-04-25 - JasperLoader Emerges, Targets Italy with Gootkit Banking Trojan
2019-04-25 - Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware
2019-04-26 - A Closer Look at the RobbinHood Ransomware
2019-04-26 - GitHub hosted Magecart skimmer used against hundreds of e-commerce sites
2019-04-27 - Analyzing Amadey
2019-04-29 - Where is Emotet- Latest geolocation data
2019-04-30 - APT 40
2019-04-30 - Behind the Scenes with OilRig
2019-04-30 - Buhtrap backdoor and Buran ransomware distributed via major advertising platform
2019-04-30 - Raw Threat Intelligence 2019-04-30- Oilrig data dump link analysis
2019-04-30 - Sodinokibi ransomware exploits WebLogic Server vulnerability
2019-05 - Hancitor's Packer Damystified
2019-05-01 - FrameworkPOS and the adequate persistent threat
2019-05-02 - 2019- The Return of Retefe
2019-05-02 - APT34- Glimpse project
2019-05-02 - Detricking TrickBot Loader
2019-05-02 - FormBook - Hiding in plain sight
2019-05-02 - Goblin Panda continues to target Vietnam
2019-05-02 - Qakbot levels up with new obfuscation techniques
2019-05-03 - Let’s nuke Megumin Trojan
2019-05-03 - Mirrorthief Group Uses Magecart Skimming Attack to Hit Hundreds of Campus Online Stores in US and Canada
2019-05-03 - “MegaCortex” ransomware wants to be The One
2019-05-05 - Unpacking NanoCore Sample Using AutoIT
2019-05-07 - Buckeye- Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak
2019-05-07 - CVE-2019-3396 Redux- Confluence Vulnerability Exploited to Deliver Cryptocurrency Miner With Rootkit
2019-05-07 - MegaCortex Ransomware Spotted Attacking Enterprise Networks
2019-05-07 - SystemdMiner,when a botnet borrows another botnet’s infrastructure
2019-05-07 - Turla LightNeuron- An email too far
2019-05-07 - Vulnerable Apache Jenkins exploited in the wild
2019-05-07 - “Filesnfer” Tool (C#, Python)
2019-05-08 - A new threat for macOS spreads as WhatsApp
2019-05-08 - Dharma Ransomware Uses AV Tool to Distract from Malicious Activities
2019-05-08 - FIN7.5- the infamous cybercrime rig “FIN7” continues its activities
2019-05-08 - Fin7 hacking group targets more than 130 companies after leaders’ arrest
2019-05-08 - Get Smart with Enhanced Memory Dumping in VMRay Analyzer 3.0
2019-05-08 - “RobbinHood” ransomware takes down Baltimore City government networks
2019-05-09 - Chinese national indicted for 2015 Anthem breach
2019-05-09 - Deflect Labs Report #6- Phishing and Web Attacks Targeting Uzbek Human Right Activists and Independent Media
2019-05-09 - Donut - Injecting .NET Assemblies as Shellcode
2019-05-09 - Github Repository of AbSent-Loader
2019-05-09 - Malware Analysis Report (AR19-129A)
2019-05-09 - New KPOT v2.0 stealer brings zero persistence and in-memory features to silently steal credentials
2019-05-09 - New leaks of Iranian cyber-espionage operations hit Telegram and the Dark Web
2019-05-09 - RobinHood Ransomware “CoolMaker” Functions Not So Cool
2019-05-09 - Strange Bits- HTML Smuggling and GitHub Hosted Malware
2019-05-09 - Technical Analysis- Pacha Group Competing against Rocke Group for Cryptocurrency Mining Foothold on the Cloud
2019-05-09 - Top-Tier Russian Hacking Collective Claims Breaches of Three Major Anti-Virus Companies
2019-05-09 - Tracking One Year of Malicious Tor Exit Relay Activities (Part II)
2019-05-10 - Exploring Mimikatz - Part 1 - WDigest
2019-05-10 - MegaCortex, deconstructed- mysteries mount as analysis continues
2019-05-12 - Lime Downloader v4.2
2019-05-13 - A Look At Hworm - Houdini aka Njrat
2019-05-13 - ScarCruft continues to evolve, introduces Bluetooth harvester
2019-05-14 - Plead malware distributed via MitM attacks at router level, misusing ASUS WebStorage
2019-05-14 - Reaver- Mapping Connections Between Disparate Chinese APT Groups
2019-05-14 - Return of Watchbog- Exploiting Jenkins CVE-2018-1000861
2019-05-14 - The Rise of Dridex and the Role of ESPs
2019-05-15 - Threat Actor Profile- TA542, From Banker to Malware Distribution Service
2019-05-16 - GozNym Closure Comes in the Shape of a Europol and DOJ Arrest Operation
2019-05-16 - GozNym Cyber-Criminal Network Operating out of Europe Targeting American Entities Dismantled in International Operation
2019-05-16 - Goznym Indictments – action following on from successful Avalanche Operations
2019-05-16 - The Stealthy Email Stealer in the TA505 Arsenal
2019-05-17 - TeamViewer Confirms Undisclosed Breach From 2016
2019-05-19 - Skreddersydd dobbeltangrep mot Hydro
2019-05-20 - GozNym Banking Malware- Gang Busted, But Is That The End-
2019-05-20 - Malware Against the C Monoculture
2019-05-20 - Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques
2019-05-22 - A journey to Zebrocy land
2019-05-22 - Shade Ransomware Hits High-Tech, Wholesale, Education Sectors in U.S, Japan, India, Thailand, Canada
2019-05-22 - TRICKBOT - Analysis
2019-05-23 - Analysing -Retefe- with Sysmon and Splunk
2019-05-23 - One year later- The VPNFilter catastrophe that wasn't
2019-05-23 - Sorpresa! JasperLoader targets Italy with a new bag of tricks
2019-05-24 - Directed attacks against MySQL servers deliver ransomware
2019-05-24 - Overview of Proton Bot, another loader in the wild!
2019-05-24 - Uncovering new Activity by APT10
2019-05-25 - Analyzing ISFB - The Second Loader
2019-05-25 - Fas-Disassembler for Visuallisp 0.8
2019-05-28 - Emissary Panda Attacks Middle East Government Sharepoint Servers
2019-05-28 - FlawedAmmyy
2019-05-28 - Threat Research- New Rocke Variant Ready to Box Any Mining Challengers
2019-05-29 - A dive into Turla PowerShell usage
2019-05-29 - HiddenWasp Malware Stings Targeted Linux Systems
2019-05-29 - TA505 is Expanding its Operations
2019-05-30 - 10 years of virtual dynamite- A high-level retrospective of ATM malware
2019-05-30 - Bug in Malware “TSCookie” - Fails to Read Configuration - (Update)
2019-05-31 - Hidden Bee- Let’s go down the rabbit hole
2019-05-31 - Thưởng tết….
2019-06-01 - GandCrab Ransomware Shutting Down After Claiming to Earn $2 Billion
2019-06-03 - GandCrab ransomware operators put in retirement papers
2019-06-03 - Into the Fog - The Return of ICEFOG APT
2019-06-03 - Report- No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware
2019-06-03 - Varonis Exposes Global Cyber Campaign- C2 Server Actively Compromising Thousands of Victims
2019-06-03 - Zebrocy’s Multilanguage Malware Salad
2019-06-04 - 2019-06-04 Advisory- Windigo attacks
2019-06-04 - Advisory- Windigo attacks
2019-06-04 - Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vitali Kremez
2019-06-04 - Magecart skimmers found on Amazon CloudFront CDN
2019-06-04 - Taking a look at Baldr stealer
2019-06-04 - Threat Spotlight- Analyzing AZORult Infostealer Malware
2019-06-05 - Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities
2019-06-05 - Possible Turla HTTP Listener
2019-06-05 - Upgraded JasperLoader Infecting Machines with New Targets & Functional Improvements- What You Need to Know
2019-06-06 - A Deep Dive into the Emotet Malware
2019-06-06 - APT34- Jason project
2019-06-06 - Google confirms that advanced backdoor came preinstalled on Android devices
2019-06-06 - New Mirai Variant Adds 8 New Exploits, Targets Additional IoT Devices
2019-06-06 - PHA Family Highlights- Triada
2019-06-08 - The Evolution of Aggah- From Roma225 to the RG Campaign
2019-06-08 - Vanilla RAT
2019-06-10 - MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools
2019-06-10 - Threat Spotlight- MenuPass-QuasarRAT Backdoor
2019-06-11 - CPU miner for Litecoin and Bitcoin
2019-06-11 - The InterPlanetary Storm- New Malware in Wild Using InterPlanetary File System’s (IPFS) p2p network
2019-06-13 - Advanced Notification of Cyber Threats against Family of Malware Giving Remote Access to Computers
2019-06-13 - Hunting and detecting Cobalt Strike
2019-06-13 - New Pervasive Worm Exploiting Linux Exim Server Vulnerability
2019-06-13 - pyLocky Decryptor Released by French Authorities
2019-06-14 - Houdini Worm Transformed in New Phishing Attack
2019-06-14 - Malware Tales- Sodinokibi
2019-06-16 - A Deep Dive Into IcedID Malware- Part II - Analysis of the Core IcedID Payload (Parent Process)
2019-06-16 - APT34 Tools Leak
2019-06-17 - Good riddance, GandCrab! We’re still fixing the mess you left behind
2019-06-18 - Analysis of a New HawkEye Variant
2019-06-18 - Mobile Campaign ‘Bouncing Golf’ Affects Middle East
2019-06-18 - Plurox- Modular backdoor
2019-06-19 - Check Point’s Threat Emulation Stops Large-Scale Phishing Campaign in Germany
2019-06-19 - URLZone top malware in Japan, while Emotet and LINE Phishing round out the landscape
2019-06-20 - DanaBot Demands a Ransom Payment
2019-06-20 - Waterbug- Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments
2019-06-21 - An Analysis of Linux.Ngioweb Botnet
2019-06-24 - GandCrab Threat Actors Retire...Maybe
2019-06-24 - LimeRAT - Simple, yet powerful remote administration tool for Windows (RAT)
2019-06-24 - Ransomware REvil - Sodinokibi- Technical analysis and Threat Intelligence Report
2019-06-25 - Analyzing Ursnif’s Behavior Using a Malware Sandbox
2019-06-25 - More AgentTesla keylogger and Nanocore RAT in one bundle
2019-06-25 - OPERATION SOFT CELL- A WORLDWIDE CAMPAIGN AGAINST TELECOMMUNICATIONS PROVIDERS
2019-06-25 - Ransomware strain Troldesh spikes again – Avast tracks new attacks
2019-06-25 - Rig Exploit Kit sends Pitou.B Trojan
2019-06-25 - Riltok mobile Trojan- A banker with global reach
2019-06-26 - New Silex Malware Trashes IoT Devices Using Default Passwords
2019-06-26 - ViceLeaker Operation- mobile espionage targeting Middle East
2019-06-27 - Criminals, ATMs and a cup of coffee
2019-06-27 - Inter- Skimmer For All
2019-06-27 - Tracking driver inventory to unearth rootkits
2019-07-01 - An Analysis of Godlua Backdoor
2019-07-01 - Remote_Shell- A linux remote shell program.
2019-07-01 - Robbinhood Malware Analysis with Radare2
2019-07-01 - Threat Spotlight- Ratsnif - New Network Vermin from OceanLotus
2019-07-02 - LooCipher- The New Infernal Ransomware
2019-07-02 - TA505 begins summer campaigns with a new pet malware downloader, AndroMut, in the UAE, South Korea, Singapore, and the United States
2019-07-03 - BianLian- A New Wave Emerges
2019-07-03 - Lilocked Ransomware
2019-07-03 - Sodin ransomware exploits Windows vulnerability and processor architecture
2019-07-08 - Analyzing KSL0T Turlas Keylogger Part 1
2019-07-08 - Analyzing KSL0T Turlas Keylogger Part 2
2019-07-08 - Dismantling a fileless campaign- Microsoft Defender ATP’s Antivirus exposes Astaroth attack
2019-07-08 - Malicious campaign targets South Korean users with backdoor‑laced torrents
2019-07-08 - Who’s Behind the GandCrab Ransomware-
2019-07-09 - A Deep Dive Into IcedID Malware- Part I - Unpacking, Hooking and Process Injection
2019-07-09 - Operation Newscaster
2019-07-09 - Sea Turtle Keeps on Swimming
2019-07-09 - Spear Phishing against Cryptocurrency Businesses
2019-07-09 - The 2019 Resurgence of Smokeloader
2019-07-10 - Flirting With IDA and APT28
2019-07-10 - How We Seized 15 Active Ransomware Campaigns Targeting Linux File Storage Servers
2019-07-10 - LooCipher- Can Encrypted Files Be Recovered From Hell-
2019-07-10 - New FinSpy iOS and Android implants revealed ITW
2019-07-10 - The eCh0raix Ransomware
2019-07-11 - Buhtrap group uses zero‑day in latest espionage campaigns
2019-07-11 - Recent AZORult activity
2019-07-11 - Threat Actor Profile- TA544 targets geographies from Italy to Japan with a range of malware
2019-07-12 - BitPaymer Source Code Fork- Meet DoppelPaymer Ransomware and Dridex 2.0
2019-07-12 - TrickBooster – TrickBot’s Email-Based Infection Module
2019-07-13 - Free Tool- LooCipher Decryptor
2019-07-15 - Is there a pattern-
2019-07-15 - Is ‘REvil’ the New GandCrab Ransomware-
2019-07-15 - SWEED- Exposing years of Agent Tesla campaigns
2019-07-15 - Threat Spotlight- Virlock Polymorphic Ransomware
2019-07-16 - Analysis- Server-side polymorphism & PowerShell backdoors
2019-07-16 - The Avast Abuser- Metamorfo Banking Malware Hides By Abusing Avast Executable
2019-07-17 - EvilGnome- Rare Malware Spying on Linux Desktop Users
2019-07-17 - Who is Mr Guo-
2019-07-18 - Android Malware Analysis - Dissecting Hydra Dropper
2019-07-18 - Hard Pass- Declining APT34’s Invite to Join Their Professional Network
2019-07-18 - Okrum- Ke3chang group targets diplomatic missions
2019-07-18 - ZLab - LooCipher Decryption Tool
2019-07-19 - An Analysis of L0rdix RAT, Panel and Builder
2019-07-19 - Elusive MegaCortex Ransomware Found - Here is What We Know
2019-07-19 - Who is Mr Wang-
2019-07-21 - Emissary Panda DLL Backdoor
2019-07-22 - A Deep Dive Into IcedID Malware- Part III - Analysis of Child Processes
2019-07-22 - APT33 PowerShell Malware
2019-07-22 - BrushaLoader still sweeping up victims one year later
2019-07-22 - The Lazarus Injector
2019-07-22 - Who is Mr Zeng-
2019-07-23 - Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia
2019-07-24 - A deep dive into Phobos ransomware
2019-07-24 - APT17 is run by the Jinan bureau of the Chinese Ministry of State Security
2019-07-24 - Attacking the Heart of the German Industry
2019-07-24 - GuessWho Ransomware – A Variant of Rapid Ransomware
2019-07-24 - Resurgent Iron Liberty Targeting Energy Sector
2019-07-24 - Updated Karagany Malware Targets Energy Sector
2019-07-24 - Watching the WatchBog- New BlueKeep Scanner and Linux Exploits
2019-07-24 - Winnti analysis
2019-07-25 - Encore! APT17 hacked Chinese targets and offered the data for sale
2019-07-25 - Unmasking AVE_MARIA
2019-07-26 - Turla Indicators of Compromise
2019-07-28 - Third time's the charm- Analysing WannaCry samples
2019-07-29 - An analysis of a spam distribution botnet- the inner workings of Onliner Spambot
2019-07-29 - Android ransomware is back
2019-07-30 - Picking Locky
2019-07-30 - Practical Threat Hunting and Incidence Response - A Case of A Pony Malware Infection
2019-07-31 - SystemBC is like Christmas in July for SOCKS5 Malware and Exploit Kits
2019-07-31 - TFW Ransomware is only your side hustle...
2019-08-01 - APT trends report Q2 2019
2019-08-01 - Cerberus - A New Banking Trojan from the Underworld
2019-08-01 - Clop Ransomware
2019-08-01 - Decrypting L0rdix RAT’s C2
2019-08-01 - LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing Boards
2019-08-02 - SectorE02 Updates YTY Framework in New Targeted Campaign Against Pakistan Government
2019-08-05 - Catching lateral movement in internal emails
2019-08-05 - Corporate IoT – a path to intrusion (APT28-STRONTIUM)
2019-08-05 - Latest Trickbot Campaign Delivered via Highly Obfuscated JS File
2019-08-05 - MegaCortex Ransomware Revamps for Mass Distribution
2019-08-05 - Sharpening the Machete
2019-08-06 - Clipsa – Multipurpose password stealer
2019-08-06 - New Echobot Botnet Variant Uses Over 50 Exploits to Propagate
2019-08-07 - APT41- A Dual Espionage and Cyber Crime Operation
2019-08-07 - MoqHao Related Android Spyware Targeting Japan and Korea Found on Google Play
2019-08-07 - New Ursnif Variant Spreading by Word Document
2019-08-08 - Saefko- A new multi-layered RAT
2019-08-08 - Varenyky- Spambot à la Française
2019-08-10 - GermanWiper's big Brother- GandGrab's kid - Sodinokibi!
2019-08-10 - SELECT code_execution FROM USING SQLite;
2019-08-12 - An Overview of Public Platform C2’s
2019-08-12 - PsiXBot Continues to Evolve with Updated DNS Infrastructure
2019-08-12 - Recent Cloud Atlas activity
2019-08-12 - Trojaner Emotet greift Unternehmensnetzwerke an
2019-08-13 - The state of advanced code injections
2019-08-14 - In the Balkans, businesses are under fire from a double‑barreled weapon
2019-08-15 - Analysis- New Remcos RAT Arrives Via Phishing Email
2019-08-15 - Gootkit Banking Trojan - Deep Dive into Anti-Analysis Features
2019-08-15 - MICROPSIA (APT-C-23)
2019-08-15 - The Hidden Bee infection chain, part 1- the stegano pack
2019-08-16 - Warning As Devious New Android Malware Hides In Fake Adobe Flash Player Installations (Updated)
2019-08-19 - Banking trojan Bolik spreads disguised as the NordVPN app
2019-08-19 - GAME OVER- Detecting and Stopping an APT41 Operation
2019-08-19 - Konni APT organization emerges as an attack disguised as Russian document
2019-08-20 - Lazarus Continues 'Movie Coin' Campaign Disguised as Calling Document Request
2019-08-20 - Merlin (BETA)
2019-08-20 - Source code- TinyMet
2019-08-21 - Finding Neutrino
2019-08-21 - Kelihos botnet
2019-08-22 - APT34- The Helix Kitten Cybercriminal Group Loves to Meow Middle Eastern and International Organizations
2019-08-22 - Asruex Backdoor Variant Infects Word Documents and PDFs Through Old MS Office and Adobe Vulnerabilities
2019-08-22 - First‑of‑its‑kind spyware sneaks into Google Play
2019-08-22 - Pupy RAT
2019-08-23 - Ransomware Attacks Are Testing Resolve of Cities Across America
2019-08-24 - Notes on Nemty Ransomware
2019-08-24 - Windows worms. Forbix worm analysis
2019-08-25 - Nanocor Sample
2019-08-26 - APT-C-09 Reappeared as Conflict Intensified Between India and Pakistan
2019-08-26 - Memory Analysis of TrickBot
2019-08-26 - New Nemty Ransomware May Spread via Compromised RDP Connections
2019-08-26 - The DAA File Format
2019-08-27 - China Chopper still active 9 years later
2019-08-27 - LYCEUM Takes Center Stage in Middle East Campaign
2019-08-27 - TA505 At It Again- Variety is the Spice of ServHelper and FlawedAmmyy
2019-08-27 - TrickBot Modifications Target U.S. Mobile Users
2019-08-28 - Inside the APT28 DLL Backdoor Blitz
2019-08-28 - Other day other malware in the way (died.exe)
2019-08-28 - Putting an end to Retadup- A malicious worm that infected hundreds of thousands
2019-08-28 - RAT Ratatouille- Backdooring PCs with leaked RATs
2019-08-29 - Fully equipped Spying Android RAT from Brazil- BRATA
2019-08-29 - Gootkit Banking Trojan - Part 2- Persistence & Other Capabilities
2019-08-29 - Implant Teardown
2019-08-29 - More_eggs, Anyone- Threat Actor ITG08 Strikes Again
2019-08-29 - SectorJ04 Group’s Increased Activity in 2019
2019-08-30 - A Look Inside the Highly Profitable Sodinokibi Ransomware Business
2019-08-30 - DarkComet v5.3.1
2019-08-30 - Github Repository of Octopus
2019-08-30 - RAT.Android.OmniRAT
2019-08-30 - njRAT builders
2019-09-02 - Digital Crackdown- Large-Scale Surveillance and Exploitation of Uyghurs
2019-09-02 - Revealed- How a secret Dutch mole aided the U.S.-Israeli Stuxnet cyberattack on Iran
2019-09-03 - Deobfuscating Ostap- TrickBot’s 34,000 Line JavaScript Downloader
2019-09-03 - Nemty Ransomware Gets Distribution from RIG Exploit Kit
2019-09-04 - FunkyBot- A New Android Malware Family Targeting Japan
2019-09-04 - Glupteba Campaign Hits Network Routers and Updates C&C Servers with Data from Bitcoin Transactions
2019-09-05 - Netwalker Ransomware
2019-09-05 - Seems Phishy- Back to School Lures Target University Students and Staff
2019-09-05 - l0rdix C2 traffic decryptor
2019-09-06 - Lilocked Ransomware Actively Targeting Servers and Web Sites
2019-09-06 - PsiXBot Now Using Google DNS over HTTPS and Possible New Sexploitation Module
2019-09-07 - Malicious RATatouille
2019-09-07 - Thousands Of Linux Servers Infected By Lilu (Lilocked) Ransomware
2019-09-08 - Fake PayPal Site Spreads Nemty Ransomware
2019-09-09 - Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study
2019-09-09 - Malware Analysis Report (AR19-252A)
2019-09-09 - ‘Purple Fox’ Fileless Malware with Rookit Component Delivered by Rig Exploit Kit Now Abuses PowerShell
2019-09-10 - Gamaredon Analysis
2019-09-10 - Mirai Botnet Continues to Plague IoT Space
2019-09-11 - COBALT DICKENS Goes Back to School…Again
2019-09-11 - Ryuk Related Malware Steals Confidential Military, Financial Files
2019-09-11 - Vulnerable Private Networks- Corporate VPNs Exploited in the Wild
2019-09-11 - Watchbog and the Importance of Patching
2019-09-12 - InnfiRAT- A new RAT aiming for your cryptocurrency and more
2019-09-12 - Ostap Deobfuscation script
2019-09-12 - The tangle of WiryJMPer’s obfuscation
2019-09-13 - Machete
2019-09-14 - WSH RAT (A variant of H-Worm-Houdini)
2019-09-16 - Emotet is back- botnet springs back to life with new spam campaign
2019-09-17 - Cryptocurrency miners aren’t dead yet- Documenting the voracious but simple “Panda”
2019-09-17 - Nemty Ransomware 1.0- A Threat in its Early Stage
2019-09-17 - TFlower Ransomware - The Latest Attack Targeting Businesses
2019-09-18 - Chirp of the PoisonFrog
2019-09-18 - Malware Used by BlackTech after Network Intrusion
2019-09-18 - The WannaCry hangover
2019-09-18 - Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks
2019-09-19 - Emissary Panda APT- Recent infrastructure and RAT analysis
2019-09-19 - Fileless Cryptocurrency-Miner GhostMiner Weaponizes WMI Objects, Kills Other Cryptocurrency-Mining Payloads
2019-09-19 - Hagga of SectorH01 continues abusing Bitly, Blogger and Pastebin to deliver RevengeRAT and NanoCore
2019-09-19 - Lilith
2019-09-20 - Mac Malware that Spoofs Trading App Steals User Information, Uploads it to Website
2019-09-20 - Multiple signatures 032
2019-09-20 - Russian Cybercrime Group FullofDeep Behind QNAPCrypt Ransomware Campaigns
2019-09-20 - TFlower Ransomware Campaign
2019-09-22 - LookBack Forges Ahead- Continued Targeting of the United States’ Utilities Sector Reveals Additional Adversary TTPs
2019-09-22 - Rancor- The Year of The Phish
2019-09-23 - Diving into Pluroxs DNS based protection layer
2019-09-23 - Hello! My name is Dtrack
2019-09-23 - xHunt Campaign- Attacks on Kuwait Shipping and Transportation Organizations
2019-09-24 - APT or not APT- What's Behind the Aggah Campaign
2019-09-24 - How Tortoiseshell created a fake veteran hiring website to host malware
2019-09-24 - Iranian Government Hackers Target US Veterans
2019-09-24 - Missing Link Tibetan Groups Targeted with 1-Click Mobile Exploits
2019-09-24 - No summer vacations for Zebrocy
2019-09-24 - REvil- The GandCrab Connection
2019-09-24 - REvil-Sodinokibi Ransomware
2019-09-24 - Return of the Mummy - Welcome back, Emotet
2019-09-25 - Ransomware- two pieces of good news
2019-09-26 - Bring your own LOLBin- Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware
2019-09-26 - Divergent- -Fileless- NodeJS Malware Burrows Deep Within the Host
2019-09-26 - Masad Stealer- Exfiltrating using Telegram
2019-09-26 - New WhiteShadow downloader uses Microsoft SQL to retrieve malware
2019-09-28 - MMD-0064-2019 - Linux-AirDropBot
2019-09-30 - HELO Winnti- Attack or Scan-
2019-10 - Geost botnet. The story of the discovery of a new Android banking trojan from an OpSec error
2019-10-01 - Lemon_Duck PowerShell malware cryptojacks enterprise networks
2019-10-01 - Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany
2019-10-01 - New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign
2019-10-02 - Another Lazarus Injector
2019-10-02 - Domestic Kitten- an Iranian surveillance program
2019-10-02 - Malware Tales- FTCODE
2019-10-02 - McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us
2019-10-02 - Nicht so goot - Breaking down Gootkit and Jasper (+ FTCODE)
2019-10-02 - Servers botnet offline
2019-10-03 - AVIVORE – Hunting Global Aerospace through the Supply Chain
2019-10-03 - COMpfun successor Reductor infects files on the fly to compromise TLS traffic
2019-10-03 - Context Identifies new AVIVORE threat group
2019-10-03 - New threat group behind Airbus cyber attacks, claim researchers
2019-10-03 - PKPLUG- Chinese Cyber Espionage Group Attacking Asia
2019-10-03 - Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC
2019-10-04 - ScareCrow Ransomware
2019-10-06 - Go under the hood- Eris Ransomware
2019-10-08 - Một sample nhắm vào Bank ở VN
2019-10-09 - FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops
2019-10-10 - Analysis of the new TA505 campaign
2019-10-10 - ESET discovers Attor, a spy platform with curious GSM fingerprinting
2019-10-10 - Mahalo FIN7- Responding to the Criminal Operators’ New Tools and Techniques
2019-10-10 - Nemty Ransomware Decryptor Released, Recover Files for Free
2019-10-10 - Nemty update- decryptors for Nemty 1.5 and 1.6
2019-10-10 - New espionage malware found targeting Russian-speaking users in Eastern Europe
2019-10-10 - Sophisticated Spy Kit Targets Russians with Rare GSM Plugin
2019-10-10 - xHunt Campaign- New PowerShell Backdoor Blocked Through DNS Tunnel Detection
2019-10-11 - Mespinoza Ransomware
2019-10-11 - За российскими дипломатами 7 лет следят с помощью шпионского ПО
2019-10-12 - Pass the AppleJeus
2019-10-14 - Corona DDoS bot
2019-10-14 - Is Emotet gang targeting companies with external SOC-
2019-10-14 - Threat Actor Profile- TA407, the Silent Librarian
2019-10-15 - Blackremote- Money Money Money – A Swedish Actor Peddles an Expensive New RAT
2019-10-15 - MedusaLocker Ransomware
2019-10-16 - APT15
2019-10-16 - LNKR- More than Just a Browser Extension
2019-10-16 - TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader
2019-10-16 - TA505 Timeline
2019-10-17 - Let's Learn- Dissecting Lazarus Windows x86 Loader Involved in Crypto Trading App Distribution- -snowman- & ADVObfuscator
2019-10-17 - Operation Ghost- The Dukes aren’t back – they never left
2019-10-17 - The Untold Story of the 2018 Olympics Cyberattack, the Most Deceptive Hack in History
2019-10-18 - Maze Ransomware Now Delivered by Spelevo Exploit Kit
2019-10-18 - TrickBot variant “Anchor_DNS” communicating over DNS
2019-10-19 - ABCD Ransomware LockBit Ransomware
2019-10-19 - 商用RATのエコシステム- Unit 42、高機能商用RAT Blackremote RATの作者を公開後数日で特定
2019-10-20 - InfoDot Ransomware
2019-10-20 - McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo
2019-10-21 - Advisory- Turla group exploits Iranian APT to expand coverage of victims
2019-10-21 - Gustuff return, new features for victims
2019-10-21 - New Variant of Remcos RAT Observed In the Wild
2019-10-21 - Shikata Ga Nai Encoder Still Going Strong
2019-10-21 - Winnti Group’s skip‑2.0- A Microsoft SQL Server backdoor
2019-10-22 - New PatchWork Spearphishing Attack
2019-10-23 - Mobile Malware and APT Espionage- Prolific, Pervasive, and Cross-Platform
2019-10-23 - PwndLocker Ransomware
2019-10-23 - Spoofing in the reeds with Rietspoof
2019-10-24 - 10-24-2019 - APT28- Targeted attacks against mining corporations in Kazakhstan
2019-10-24 - FTdecryptor- a simple password-based FTCODE decryptor
2019-10-24 - How TrickBot Malware Hooking Engine Targets Windows 10 Browsers
2019-10-24 - Hunting Raccoon- The new Masked Bandit on the Block
2019-10-24 - Tracking down the developer of Android adware affecting millions of users
2019-10-25 - HDMR, GO-SPORT
2019-10-25 - New FuxSocy Ransomware Impersonates the Notorious Cerber
2019-10-25 - The Deep Dive Malware Analysis Approach
2019-10-26 - Earn-quick-BTC-with-Hiddentear.mp4 - About Open Source Ransomware
2019-10-28 - SWEED Targeting Precision Engineering Companies in Italy
2019-10-29 - Osiris, the god of afterlife...and banking malware-!
2019-10-29 - ShadeDecryptor tool
2019-10-29 - TRICKBOT - Analysis Part II
2019-10-29 - Threat Spotlight- Neshta File Infector Endures
2019-10-30 - Emotet is back in action after a short break
2019-10-31 - Calypso APT- new group attacking state institutions
2019-10-31 - Dynamic Imports and Working Around Indirect Calls - Smokeloader Study Case
2019-10-31 - MESSAGETAP- Who’s Reading Your Text Messages-
2019-10-31 - Malware Analysis Report (AR19-304A)
2019-11-01 - Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium
2019-11-01 - Ginp - A Malware Patchwork Borrowing From Anubis
2019-11-01 - WIZARD SPIDER Adds New Features to Ryuk for Targeting Hosts on LAN
2019-11-03 - DTrack
2019-11-04 - Hakbit Ransomware
2019-11-04 - Is Lazarus-APT38 Targeting Critical Infrastructures-
2019-11-04 - Nemty Ransomware Expands Its Reach, Also Delivered by Trik Botnet
2019-11-05 - Brief analysis of Redaman Banking Malware (v0.6.0.2) Sample
2019-11-05 - Buran Ransomware; the Evolution of VegaLocker
2019-11-05 - DADJOKE
2019-11-05 - DarkUniverse – the mysterious APT framework #27
2019-11-05 - Hospital cyberattack could have been avoided
2019-11-05 - New Megacortex Ransomware Changes Windows Passwords, Threatens to Publish Data
2019-11-05 - Try not to stare - MedusaLocker at a glance
2019-11-06 - Emotet, Trickbot, Ryuk – ein explosiver Malware-Cocktail
2019-11-06 - Outil de déchiffrement du rançongiciel (ransomware) PyLocky versions 1 et 2
2019-11-06 - Spanish consultancy Everis suffers BitPaymer ransomware attack- a brief analysis
2019-11-07 - Swen (computer worm)
2019-11-08 - Wikipedia Entry on Equation Group
2019-11-08 - Wireshark Tutorial- Examining Trickbot Infections
2019-11-09 - API-Hashing in the Sodinokibi-Revil Ransomware - Why and How-
2019-11-09 - APT34 Event Analysis Report
2019-11-11 - APT cases exploiting vulnerabilities in region‑specific software
2019-11-11 - Revenge Is A Dish Best Served… Obfuscated-
2019-11-12 - PureLocker- New Ransomware-as-a-Service Being Used in Targeted Attacks Against Servers
2019-11-12 - Reversing Qakbot
2019-11-12 - The DGA of QSnatch
2019-11-12 - Weeding out WannaMine v4.0- Analyzing and Remediating This Mineware Nightmare
2019-11-13 - AnteFrigus Ransomware
2019-11-14 - MITRE ATT&CKcon 2.0- How a Threat Hunting Team Has Upgraded Its Use of ATT&CK
2019-11-14 - TA2101 plays government imposter to distribute malware to German, Italian, and US organizations
2019-11-15 - New NextCry Ransomware Encrypts Data on NextCloud Linux Servers
2019-11-16 - Fresh PlugX October 2019
2019-11-16 - ddoor
2019-11-18 - Brushaloader gaining new layers like a pro
2019-11-18 - Linux, Windows Users Targeted With New ACBackdoor Malware
2019-11-18 - New Ransomware Available for Targeted Attacks
2019-11-18 - Pipka Card Skimmer Removes Itself After Infecting eCommerce Sites
2019-11-18 - REWTERZ THREAT ALERT – IRANIAN APT USES JOB SCAMS TO LURE TARGETS
2019-11-18 - Surprised by Julius the Great! Disclosure of Cyrus attacks against Iran
2019-11-19 - Mispadu- Advertisement for a discounted Unhappy Meal
2019-11-19 - Phorpiex Breakdown
2019-11-19 - Quick and painless - Reversing DeathRansom - -Wacatac-
2019-11-19 - Wacatac Ransomware
2019-11-20 - MuddyWater Uses New Attack Methods in a Recent Attack Wave
2019-11-20 - New Roboto botnet emerges targeting Linux servers running Webmin
2019-11-20 - Phoenix- The Tale of the Resurrected Keylogger
2019-11-20 - The awaiting Roboto Botnet
2019-11-21 - Allied Universal Breached by Maze Ransomware, Stolen Data Leaked
2019-11-21 - GandCrab Finds DEATHRansom of the Same Appearance Following Nemty in Korea
2019-11-21 - Going Deep - A Guide to Reversing Smoke Loader Malware
2019-11-21 - IconDown – Downloader Used by BlackTech
2019-11-21 - New SectopRAT- Remote access malware utilizes second desktop to control browsers
2019-11-21 - Registers as -Default Print Monitor-, but is a malicious downloader. Meet DePriMon
2019-11-21 - Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon
2019-11-21 - STOP Ransomware- Finger weg von illegalen Software-Downloads
2019-11-22 - Trickbot Updates Password Grabber Module
2019-11-22 - TurkStatik Ransomware
2019-11-23 - Extensive hacking operation discovered in Kazakhstan
2019-11-24 - TA505 Get2 Analysis
2019-11-26 - Insights from one year of tracking a polymorphic threat
2019-11-26 - Stantinko botnet adds cryptomining to its pool of criminal activities
2019-11-27 - Threat Spotlight- Machete Info-Stealer
2019-11-27 - Кейлоггер с сюрпризом- анализ клавиатурного шпиона и деанон его разработчика
2019-11-28 - RevengeHotels- cybercrime targeting hotel front desks worldwide
2019-11-29 - Libertad y gloria - A Mexican cyber heist story - CyberCrimeCon19 Singapore
2019-11-29 - Operation ENDTRADE- Finding Multi-Stage Backdoors that TICK
2019-11-29 - The Fractured Block Campaign- CARROTBAT Used to Deliver Malware Targeting Southeast Asia
2019-12-02 - Facebook Ads Manager Targeted by New Info-Stealing Trojan
2019-12-02 - God save the Queen [...] 'cause Ransom is money - SaveTheQueen Encryptor
2019-12-02 - Imminent Monitor - a RAT Down Under
2019-12-02 - Meet PyXie- A Nefarious New Python RAT
2019-12-03 - In depth analysis of an infostealer- Raccoon
2019-12-03 - Lazarus Group Goes 'Fileless'
2019-12-03 - New version of IcedID Trojan uses steganographic payloads
2019-12-03 - Threat Actor Targeting Hong Kong Pro-Democracy Figures
2019-12-04 - Buer, a new loader emerges in the underground marketplace
2019-12-04 - How to Respond to Emotet Infection (FAQ)
2019-12-04 - Ransomware, interrupted- Sodinokibi and the supply chain
2019-12-04 - xHunt Campaign- xHunt Actor’s Cheat Sheet
2019-12-05 - APT28 Attacks Evolution
2019-12-05 - Buer Loader, new Russian loader on the market with interesting persistence
2019-12-05 - Cobalt Strike 4.0 – Bring Your Own Weaponization
2019-12-05 - PoshC2 (specifically as used by APT33)
2019-12-05 - RedRum Ransomware
2019-12-05 - Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware
2019-12-07 - NetWorm
2019-12-09 - Caution! Ryuk Ransomware decryptor damages larger files, even if you pay
2019-12-09 - Snatch Ransomware Reboots to Windows Safe Mode to Bypass AV Tools
2019-12-09 - Snatch ransomware reboots PCs into Safe Mode to bypass protection
2019-12-09 - TrickBot Campaign Uses Fake Payroll Emails to Conduct Phishing Attacks
2019-12-10 - Anchor Project - The Deadly Planeswalker- How The TrickBot Group United High-Tech Crimeware & APT
2019-12-10 - MORPHISEC DISCOVERS CCLEANER BACKDOOR SAVING MILLIONS OF AVAST USERS
2019-12-10 - Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium
2019-12-10 - [Updated] Alert Regarding Emotet Malware Infection
2019-12-11 - A -Project.exe- that should have stayed in a drawer - MZRevenge - MaMo434376
2019-12-11 - Dropping Anchor- From a TrickBot Infection to the Discovery of the Anchor Malware
2019-12-11 - Maze Ransomware Behind Pensacola Cyberattack, $1M Ransom Demand
2019-12-11 - Story of the year 2019- Cities under ransomware siege
2019-12-11 - Waterbear Returns, Uses API Hooking to Evade Security
2019-12-11 - Zeppelin- Russian Ransomware Targets High Profile Users in the U.S. and Europe
2019-12-12 - Another Ransomware Will Now Publish Victims' Data If Not Paid
2019-12-12 - Cyber Threat Landscape in Japan – Revealing Threat in the Shadow
2019-12-12 - Cyber espionage in the Middle East- unravelling OSX.WindTail
2019-12-12 - Cybercrime Groups (FIN8) Targeting Fuel Dispenser Merchants
2019-12-12 - GALLIUM- Targeting global telecom
2019-12-12 - More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting
2019-12-12 - Mr.Peter
2019-12-13 - Elegant sLoad Carries Out Spying, Payload Delivery in BITS
2019-12-13 - LALALA InfoStealer which comes with Batch and PowerShell scripting combo
2019-12-14 - Another one for the collection - Mespinoza (Pysa) Ransomware
2019-12-15 - Ryuk Ransomware Likely Behind New Orleans Cyberattack
2019-12-16 - Momentum Botnet's Newest DDoS Attacks and IoT Exploits
2019-12-16 - Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up
2019-12-17 - Incident Response lessons from recent Maze ransomware attacks
2019-12-17 - Lazarus Group uses Dacls RAT to attack Linux platform
2019-12-17 - Nuclear Bot Author Arrested in Sextortion Case
2019-12-17 - Rancor- Cyber Espionage Group Uses New Custom Malware to Attack Southeast Asia
2019-12-17 - TA505 evolves ServHelper, uses Predator The Thief and Team Viewer Hijacking
2019-12-18 - Echobot Malware Now up to 71 Exploits, Targeting SCADA
2019-12-18 - IcedID PNG Extractor
2019-12-18 - Maze ransomware
2019-12-18 - Understanding Ransomware Series- Detecting Sodin
2019-12-19 - ChernoLocker Ransomware
2019-12-19 - Inside ‘Evil Corp,’ a $100M Cybercrime Menace
2019-12-19 - Threat spotlight- the curious case of Ryuk ransomware
2019-12-19 - [RE009] Phân tích mã độc “KẾ HOẠCH, NHIỆM VỤ TRỌNG TÂM NĂM 2020.doc” đính kèm email phishing
2019-12-20 - An Updated ServHelper Tunnel Variant
2019-12-20 - Undressing the REvil
2019-12-20 - Unveiling JsOutProx- A New Enterprise Grade Implant
2019-12-21 - How ransomware exploded in the age of Bitcoin
2019-12-21 - Shamoon 2012 Complete Analysis
2019-12-23 - DarkRat - Hacking a malware control panel
2019-12-23 - FBI Issues Alert For LockerGoga and MegaCortex Ransomware
2019-12-23 - I literally can't think of a fitting pun - MrDec Ransomware
2019-12-23 - Mozi, Another Botnet Using DHT
2019-12-23 - POS Malware Used at Fuel Pumps
2019-12-23 - Wireshark Tutorial- Examining Ursnif Infections
2019-12-24 - Gozi V3- tracked by their own stealth
2019-12-24 - Maze Ransomware Releases Files Stolen from City of Pensacola
2019-12-24 - Unpacking Payload used in Bottle EK
2019-12-24 - Warning over LockerGoga and MegaCortex ransomware attacks targeting private industry in western countries
2019-12-25 - BlackNet RAT - When you leave the Panel unprotected
2019-12-25 - Let’s play (again) with Predator the thief
2019-12-26 - FinSpy-Dokumentation
2019-12-26 - Introducing BIOLOAD- FIN7 BOOSTWRITE’s Lost Twin
2019-12-26 - Ryuk Ransomware Stops Encrypting Linux Folders
2019-12-26 - Targeting Portugal- A new trojan ‘Lampion’ has spread using template emails from the Portuguese Government Finance & Tax
2019-12-28 - The Tale of the Pija-Droid Firefinch
2019-12-29 - BRONZE PRESIDENT Targets NGOs
2019-12-29 - Unnamed 1
2019-12-31 - Cuba Ransomware
2019-12-31 - Fuel Pumps II – PoSlurp.B

Malware Analysis 2020

2020-01-01 - New Destructive Wiper “ZeroCleare” Targets Energy Sector in the Middle East
2020-01-01 - Repository for Python Server for PoshC2
2020-01-01 - The Mac Malware of 2019
2020-01-02 - -Nice decorating. Let me guess, Satan-- - Dot - MZP Ransomware
2020-01-02 - DeathRansom Part II- Attribution
2020-01-02 - The Curious Case of DeathRansom- Part I
2020-01-03 - Nice One, Dad- Dissecting A Rare Malware Used By Leviathan
2020-01-03 - Waterbear, a cyber espionage virus, has a new variant with its own anti-virus function
2020-01-06 - First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group
2020-01-06 - Pyrogenic Infostealer static analysis – Part 0x1
2020-01-06 - Sodinokibi Ransomware Hits Travelex, Demands $3 Million
2020-01-07 - Clop ransomware Notes
2020-01-07 - DarkRat v2.2.0
2020-01-07 - Hold My Beer Mirai – Spinoff Named ‘LiquorBot’ Incorporates Cryptomining
2020-01-07 - Powershell Static Analysis & Emotet results
2020-01-08 - Leonardo S.p.A. Data Breach Analysis
2020-01-08 - Naive IoT botnet wastes its time mining cryptocurrency
2020-01-08 - Operation AppleJeus Sequel
2020-01-08 - SNAKE Ransomware Is the Next Threat Targeting Business Networks
2020-01-08 - Threat Spotlight- Amadey Bot Targets Non-Russian Users
2020-01-09 - Ako, MedusaReborn
2020-01-09 - Man jailed for using webcam RAT to spy on women in their bedrooms
2020-01-09 - Not so nice after all - Afrodita Ransomware
2020-01-09 - PARISITE
2020-01-09 - PHA Family Highlights- Bread (and Friends)
2020-01-09 - SAIGON, the Mysterious Ursnif Fork
2020-01-09 - ServHelper 2.0- Enriched with bot capabilities and allow remote desktop access
2020-01-09 - Sodinokibi Ransomware Says Travelex Will Pay, One Way or Another
2020-01-09 - TA428 Group abusing recent conflict between Iran and USA
2020-01-09 - Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets
2020-01-09 - What is the Hainan Xiandun Technology Development Company-
2020-01-10 - Sodinokibi Ransomware Hits New York Airport Systems
2020-01-10 - Threat spotlight- Phobos ransomware lives up to its name
2020-01-10 - Who is Mr Gu-
2020-01-11 - Sodinokibi Ransomware Publishes Stolen Data for the First Time
2020-01-12 - Zeus Museum Entry for Unnamed 2
2020-01-13 - APT27 ZxShell RootKit module updates
2020-01-13 - TAFOF Unpacker
2020-01-13 - Who else works for this cover company network-
2020-01-14 - Family Page for FastLoader
2020-01-14 - Inside of CL0P’s ransomware operation
2020-01-14 - Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices
2020-01-14 - Satan ransomware rebrands as 5ss5c ransomware
2020-01-14 - United Nations Targeted With Emotet Malware Phishing Attack
2020-01-14 - Who is Mr Ding-
2020-01-15 - APT-C-36 recent activity analysis
2020-01-15 - Alien Labs 2019 Analysis of Threat Groups Molerats and APT-C-37
2020-01-15 - Analyzing Magecart Malware – From Zero to Hero
2020-01-15 - Deep Dive into the Lyceum Danbot Malware
2020-01-15 - Hainan Xiandun Technology Company is APT40
2020-01-15 - Iranian Threat Actors- Preliminary Analysis
2020-01-15 - MMD-0065-2020 - Linux-Mirai-Fbot's new encryption explained
2020-01-16 - A Curious Case of CVE-2019-19781 Palware- remove_bds
2020-01-16 - APT40 is run by the Hainan department of the Chinese Ministry of State Security
2020-01-16 - FTCODE Ransomware - New Version Includes Stealing Capabilities
2020-01-16 - JhoneRAT- Cloud based python RAT targeting Middle Eastern countries
2020-01-16 - New Outbreak of h2Miner Worms Exploiting Redis RCE Detected
2020-01-16 - Paradise Ransomware decryption tool
2020-01-16 - TrickBot Now Uses a Windows 10 UAC Bypass to Evade Detection
2020-01-17 - 'Friendly' hackers are seemingly fixing the Citrix server hole – and leaving a nasty present behind
2020-01-17 - 404 Exploit Not Found- Vigilante Deploying Mitigation for Citrix NetScaler Vulnerability While Maintaining Backdoor
2020-01-17 - Unpacking Pyrogenic-Qealler using Java agent -Part 0x2
2020-01-18 - New Jersey Synagogue Suffers Sodinokibi Ransomware Attack
2020-01-19 - Analyzing Modern Malware Techniques - Part 1
2020-01-19 - BayWorld event, Cyber Attack Against Foreign Trade Industry
2020-01-19 - VK post on PIRAT RAT
2020-01-20 - Behind the scenes of GandCrab’s operation
2020-01-20 - Dustman APT- Art of Copy-Paste
2020-01-20 - Linux Rekoobe Operating with New, Undetected Malware Samples
2020-01-20 - Ticket resellers infected with a credit card skimmer
2020-01-21 - BitPyLock Ransomware Now Threatens to Publish Stolen Data
2020-01-21 - FTCODE- taking over (a portion of) the botnet
2020-01-21 - Herpaderping- Security Risk or Unintended Behavior-
2020-01-21 - Muhstik Botnet Attacks Tomato Routers to Harvest New IoT Devices
2020-01-21 - sLoad launches version 2.0, Starslord
2020-01-22 - The malware analyst’s guide to PE timestamps
2020-01-22 - WannaMine - Même les cybercriminels veulent avoir leur mot à dire sur le Brexit !
2020-01-23 - German language malspam pushes Ursnif
2020-01-23 - New Snake Ransomware Adds Itself to the Increasing Collection of Golang Crimeware
2020-01-23 - Shlayer, No. 1 Threat for Mac, Targets YouTube, Wikipedia
2020-01-23 - Sodinokibi Ransomware Threatens to Publish Data of Automotive Group
2020-01-23 - Someone is uninstalling the Phorpiex malware from infected PCs and telling users to install an antivirus
2020-01-23 - The DGA of a Monero Miner Downloader
2020-01-23 - The Fractured Statue Campaign- U.S. Government Targeted in Spear-Phishing Attacks
2020-01-23 - The Opposite of Fileless Malware - NodeJS Ransomware
2020-01-23 - TrickBot Now Steals Windows Active Directory Credentials
2020-01-24 - Hunting for Ransomware
2020-01-24 - New Ryuk Info Stealer Targets Government and Military Secrets
2020-01-24 - Project TajMahal IOCs and Registry Data Decrypter
2020-01-25 - Extracted Config for Ragnarok Ransomware
2020-01-25 - Indonesian Magecart hackers arrested
2020-01-25 - Olympic Ticket Reseller Magecart Infection
2020-01-25 - cryptopatronum ransomware
2020-01-27 - Aggah- How to run a botnet without renting a Server (for more than a year)
2020-01-27 - Operation Night Fury- Group-IB helps take down a cybergang behind the infection of hundreds of websites all over the world
2020-01-27 - xHunt Campaign- New Watering Hole Identified for Credential Harvesting
2020-01-28 - Ragnarok Ransomware Targets Citrix ADC, Disables Windows Defender
2020-01-28 - Stopping the Press- New York Times Journalist Targeted by Saudi-linked Pegasus Spyware Operator
2020-01-28 - Tick ​​Group Aiming at Japanese Manufacturing
2020-01-28 - Tracking REvil
2020-01-29 - An Overhead View of the Royal Road
2020-01-29 - DOD contractor suffers ransomware infection
2020-01-29 - Malware Tries to Trump Security Software With POTUS Impeachment
2020-01-30 - Competitions on Russian-language cybercriminal forums- Sharing expertise or threat actor showboating-
2020-01-30 - Coronavirus Goes Cyber With Emotet
2020-01-30 - Cyber attaque à l’encontre des serveurs de Bouygues Construction
2020-01-30 - Emotet Technical Analysis - Part 1 Reveal the Evil Code
2020-01-30 - Fake Interview- The New Activity of Charming Kitten
2020-01-30 - New Iranian Campaign Tailored to US Companies Utilizes an Updated Toolset
2020-01-30 - TheCursedMurderer Ransomware
2020-01-30 - TrickBot Uses a New Windows 10 UAC Bypass to Launch Quietly
2020-01-30 - Trickbot Trojan Leveraging a New Windows 10 UAC Bypass
2020-01-31 - Deutsches Chemieunternehmen gehackt
2020-01-31 - Emutet
2020-01-31 - New wave of PlugX targets Hong Kong
2020-01-31 - RATs in the Library- Remote Access Trojans Hide in Plain -Public- Site
2020-01-31 - Rich Headers- leveraging this mysterious artifact of the PE format
2020-01-31 - Winnti Group targeting universities in Hong Kong
2020-02-01 - 2020 - Year of the RAT
2020-02-01 - FCT Ransomware
2020-02-02 - Agent Tesla amps up information stealing attacks
2020-02-02 - Defeating Sodinokibi-REvil String-Obfuscation in Ghidra
2020-02-03 - Analysis of a triple-encrypted AZORult downloader
2020-02-03 - Dissecting Emotet – Part 1
2020-02-03 - EKANS Ransomware and ICS Operations
2020-02-03 - PassLock Ransomware
2020-02-03 - Warzone- Behind the enemy lines
2020-02-04 - Analyzing Modern Malware Techniques - Part 3- A case of Powershell, Excel 4 Macros and VB6
2020-02-04 - Borr Malware
2020-02-04 - RagnarLocker Ransomware
2020-02-04 - Similarity between Qealler-Pyrogenic variants -Part 0x3
2020-02-05 - Mailto (NetWalker) Ransomware Targets Enterprise Networks
2020-02-05 - Pro-Russian CyberSpy Gamaredon Intensifies Ukrainian Security Targeting
2020-02-05 - STOMP 2 DIS- Brilliance in the (Visual) Basics
2020-02-05 - The Hole in the Bucket- Attackers Abuse Bitbucket to Deliver an Arsenal of Malware
2020-02-06 - 40,000 CryptBot Downloads per Day- Bitbucket Abused as Malware Slinger
2020-02-06 - DNS Tunneling Series, Part 3- The Siren Song of RogueRobin
2020-02-06 - Living off another land- Ransomware borrows vulnerable driver to remove security software
2020-02-06 - Ransomware Exploits GIGABYTE Driver to Kill AV Processes
2020-02-06 - Sfile Ransomware
2020-02-07 - APT 40 in Malaysia
2020-02-07 - Emotet Evolves With New Wi-Fi Spreader
2020-02-07 - Magecart Group 12’s Latest- Actors Behind Attacks on Olympics Ticket Re-sellers Deftly Swapped Domains to Continue Campaign
2020-02-07 - TA505 Hackers Behind Maastricht University Ransomware Attack
2020-02-08 - Emotet Technical Analysis - Part 2 PowerShell Unveiled
2020-02-08 - MA-774.022020- MyCERT Advisory - Espionage Campaign Based On Technical Indicators
2020-02-08 - Reversing the Gophe SPambot- Confronting COM Code and Surmounting STL Snags
2020-02-10 - FBI warns about ongoing attacks against software supply chain companies
2020-02-10 - Hypervisor Introspection Thwarts Web Memory Corruption Attack in the Wild
2020-02-10 - KBOT- sometimes they come back
2020-02-10 - Suspected Sapphire Mushroom (APT-C-12) malicious LNK files
2020-02-11 - Metamorfo (aka Casbaneiro)
2020-02-12 - CSI- Evidence Indicators for Targeted Ransomware Attacks – Part I
2020-02-12 - Goblin Panda APT- Recent infrastructure and RAT analysis
2020-02-12 - Loda RAT Grows Up
2020-02-13 - A Deep Dive Into Wakeup On Lan (WoL) Implementation of Ryuk
2020-02-13 - New Cyber Espionage Campaigns Targeting Palestinians - Part 1- The Spark Campaign
2020-02-13 - New Cyber Espionage Campaigns Targeting Palestinians - Part 2- The Discovery of the New, Mysterious Pierogi Backdoor
2020-02-13 - Playing defense against Gamaredon Group
2020-02-13 - Threat actors attempt to capitalize on coronavirus outbreak
2020-02-13 - Wireshark Tutorial- Examining Qakbot Infections
2020-02-14 - LokiBot- dissecting the C&C panel deployments
2020-02-14 - Malware Analysis Report (AR20-045A)- MAR-10265965-1.v1 - North Korean Trojan- BISTROMATH
2020-02-14 - Malware Analysis Report (AR20-045C)
2020-02-14 - Malware Analysis Report (AR20-045D)- MAR-10271944-1.v1 - North Korean Trojan- HOTCROISSANT
2020-02-14 - Malware Analysis Report (AR20-045E)- MAR-10271944-2.v1 - North Korean Trojan- ARTFULPIE
2020-02-14 - Malware Analysis Report (AR20-045F)- MAR-10271944-3.v1 - North Korean Trojan- BUFFETLINE
2020-02-14 - Malware Analysis Report (AR20-045G)- MAR-10135536-8.v4 - North Korean Trojan- HOPLIGHT
2020-02-14 - Malware Analysis Report (AR20–045B)- MAR-10265965-2.v1 - North Korean Trojan- SLICKSHOES
2020-02-15 - Python Remote Administration Tool (RAT)
2020-02-16 - Hamas Android Malware On IDF Soldiers-This is How it Happened
2020-02-17 - CLAMBLING - A New Backdoor Base On Dropbox
2020-02-17 - Cyberwarfare- A deep dive into the latest Gamaredon Espionage Campaign
2020-02-17 - Following the tracks of MageCart 12
2020-02-17 - Gibberish Ransomware
2020-02-18 - Building a bypass with MSBuild
2020-02-18 - Hidden in PEB Sight- Hiding Windows API Imports With a Custom Loader
2020-02-18 - Nearly a quarter of malware now communicates using TLS
2020-02-18 - Nemty Ransomware Scaling UP- APAC Mailboxes Swarmed by Dual Downloaders
2020-02-18 - Tracking ‘Kimsuky’, the North Korea-based cyber espionage group- Part 1
2020-02-18 - Uncovering DRBControl- Inside the Cyberespionage Campaign Targeting Gambling Operations
2020-02-18 - What’s up Emotet-
2020-02-19 - Azorult – what we see using our own tools
2020-02-19 - Uncovering New Magecart Implant Attacking eCommerce
2020-02-19 - Uncovering the Anonymity Cloak
2020-02-20 - Analysis of an Unusual HawkEye Sample
2020-02-20 - CSI- Evidence Indicators for Targeted Ransomware Attacks – Part II
2020-02-20 - Croatia's largest petrol station chain impacted by cyber-attack
2020-02-20 - ObliqueRAT- New RAT hits victims' endpoints via malicious documents
2020-02-20 - UK condemns Russia's GRU over Georgia cyber-attacks
2020-02-20 - 日本国内の組織を狙ったマルウエアLODEINFO
2020-02-21 - Exploring the Genesis Supply Chain for Fun and Profit- Part 1 – Misadventures in GUIDology
2020-02-21 - Transparent Tribe- Four Years Later
2020-02-22 - Nexus - Just another stealer
2020-02-22 - Weaponizing a Lazarus Group Implant- repurposing a 1st-stage loader, to execute custom 'fileless' payloads
2020-02-24 - Closing in on MageCart 12
2020-02-24 - MMD-0066-2020 - Linux-Mirai-Fbot - A re-emerged IoT threat
2020-02-25 - BlackKingdom Ransomware
2020-02-25 - DPRK Hidden Cobra Update- North Korean Malicious Cyber Activity
2020-02-25 - DoppelPaymer Ransomware Launches Site to Post Victim's Data
2020-02-25 - Mobile malware evolution 2019
2020-02-26 - (Ab)using bash-fu to analyze recent Aggah sample
2020-02-26 - Business as Usual For Iranian Operations Despite Increased Tensions
2020-02-26 - Lazarus group's Brambul worm of the former Wannacry - 1
2020-02-26 - Lazarus group's Brambul worm of the former Wannacry - 2
2020-02-26 - Revealing the Trick - A Deep Dive into TrickLoader Obfuscation
2020-02-26 - Sodinokibi Ransomware May Tip NASDAQ on Attacks to Hurt Stock Prices
2020-02-26 - What’s Dead May Never Die- AZORult Infostealer Decommissioned Again
2020-02-27 - Let’s Learn- Inside Parallax RAT Malware- Process Hollowing Injection & Process Doppelgänging API Mix- Part I
2020-02-27 - Malware “LODEINFO” Targeting Japan
2020-02-27 - Roaming Mantis, part V- Distributed in 2019 using SMiShing and enhanced anti-researcher techniques
2020-02-28 - Golang wrapper on an old obscene malware
2020-02-28 - Mysterious spam campaign- A security analysis
2020-02-28 - Trickbot Delivery Method Gets a New Upgrade Focusing on Windows 10
2020-02-29 - Meet the white-hat group fighting Emotet, the world's most dangerous malware
2020-02-29 - Sodinokibi Ransomware gang threatens to disclose data from Kenneth Cole fashion firm
2020-03-01 - BackDoor.Spyder.1
2020-03-01 - CryptoDarkRubix Ransomware
2020-03-02 - Karkoff 2020- a new APT34 espionage operation involves Lebanon Government
2020-03-02 - New PwndLocker Ransomware Targeting U.S. Cities, Enterprises
2020-03-02 - Pažnja- Novi opasni ransomware pwndLocker i u Srbiji!
2020-03-02 - Pulling the PKPLUG- the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary
2020-03-02 - Visser, a parts manufacturer for Tesla and SpaceX, confirms data breach
2020-03-02 - Was Emotet anrichtet – und welche Lehren die Opfer daraus ziehen
2020-03-03 - GitHub Repository- winnti-sniff
2020-03-03 - Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations
2020-03-03 - Ransomware Attackers Use Your Cloud Backups Against You
2020-03-04 - Breaking TA505’s Crypter with an SMT Solver
2020-03-04 - Cobalt Strike joins Core Impact at HelpSystems, LLC
2020-03-04 - Ryuk Ransomware Attacked Epiq Global Via TrickBot Infection
2020-03-05 - Bisonal- 10 years of play
2020-03-05 - Defense contractor CPI knocked offline by ransomware attack
2020-03-05 - ELF_TSCookie - Linux Malware Used by BlackTech
2020-03-05 - GuLoader- A Popular New VB6 Downloader that Abuses Cloud Services
2020-03-05 - Guildma- The Devil drives electric
2020-03-05 - Human-operated ransomware attacks- A preventable disaster
2020-03-05 - Mokes and Buerak distributed under the guise of security certificates
2020-03-05 - [RE011] Unpack crypter của malware Netwire bằng x64dbg
2020-03-05 - 신천지 비상연락처 위장한 Bisonal 악성코드 유포 중
2020-03-06 - Dissecting Emotet - Part 2
2020-03-06 - Emotet Wi-Fi Spreader Upgraded
2020-03-07 - JavaLocker Ransomware
2020-03-07 - Ransomware Threatens to Reveal Company's 'Dirty' Secrets
2020-03-09 - New Variant of TrickBot Being Spread by Word Document
2020-03-09 - Tracking ‘Kimsuky’, the North Korea-based cyber espionage group- Part 1
2020-03-09 - Tracking ‘Kimsuky’, the North Korea-based cyber espionage group- Part 2
2020-03-09 - py.unidentified_002
2020-03-09 - py.unidentified_003
2020-03-10 - APT40 goes from Template Injections to OLE-Linkings for payload delivery
2020-03-10 - IQY files and Paradise Ransomware
2020-03-10 - Kimsuky group- tracking the king of the spear phishing
2020-03-10 - New action to disrupt world’s largest online criminal network
2020-03-10 - [RE012] Phân tích mã độc lợi dụng dịch Covid-19 để phát tán giả mạo “Chỉ thị của thủ tướng Nguyễn Xuân Phúc” - Phần 1
2020-03-11 - Attribution is in the object- using RTF object dimensions to track APT phishing weaponizers
2020-03-11 - CoronaVirus Ransomware
2020-03-11 - RHOMBUS an ELF bot installer-dropper
2020-03-12 - Adamantium-Thief
2020-03-12 - How cybercriminals are taking advantage of COVID-19- Scams, fraud, and misinformation
2020-03-12 - Targeted Surveillance Attacks in Uzbekistan- An Old Threat with New Techniques
2020-03-12 - Teslarvng Ransomware Yakuza Ransomware
2020-03-12 - Tracking Turla- New backdoor delivered via Armenian watering holes
2020-03-12 - Vicious Panda- The COVID Campaign
2020-03-13 - Yet Another Active Email Campaign With Malicious Excel Files Identified
2020-03-14 - Nefilim Ransomware
2020-03-14 - RekenSom Ransomware
2020-03-15 - Dad! There’s A Rat In Here!
2020-03-15 - Has The Sun Set On The Necurs Botnet-
2020-03-16 - New RedLine Stealer Distributed Using Coronavirus-themed Email Campaign
2020-03-16 - Shadows in the Rain
2020-03-16 - TA505 and Others Launch New Coronavirus Campaigns; Now the Largest Collection of Attack Types in Years
2020-03-16 - They Come in the Night- Ransomware Deployment Trends
2020-03-17 - New Nefilim Ransomware Threatens to Release Victims' Data
2020-03-17 - ProLock Ransomware
2020-03-18 - Coronavirus Threat Landscape Update
2020-03-18 - Parallax- The new RAT on the block
2020-03-18 - Rapport Menaces et Incidents du CERT-FR- Attaques par le rançongiciel Mespinoza-Pysa
2020-03-18 - Sekhmet Ransomware
2020-03-18 - Why would you even bother-! - JavaLocker
2020-03-19 - France warns of new ransomware gang targeting local governments
2020-03-19 - Is APT 27 Abusing COVID-19 To Attack People -!
2020-03-19 - New Android App Offers Coronavirus Safety Mask But Delivers SMS Trojan
2020-03-19 - Phân tích mã độc lợi dụng dịch Covid-19 để phát tán giả mạo “Chỉ thị của thủ tướng Nguyễn Xuân Phúc” - Phần 2
2020-03-19 - RedLine Info-Stealing Malware Spread by [email protected] Phishing
2020-03-19 - Stantinko’s new cryptominer features unique obfuscation techniques
2020-03-20 - 5 Times More Coronavirus-themed Malware Reports during March
2020-03-20 - Analysis Of Exploitation- CVE-2020-10189 ( exploited by APT41)
2020-03-20 - Jamba Superdeal- Helo Sir, you want to buy mask- - Corona Safety Mask SMS Scam
2020-03-20 - New version of chinoxy backdoor using COVID19 alerts document lure
2020-03-20 - The Case for Limiting Your Browser Extensions
2020-03-21 - Netwalker Ransomware Infecting Users via Coronavirus Phishing
2020-03-21 - On the Royal Road
2020-03-22 - Mustang Panda joins the COVID-19 bandwagon
2020-03-23 - Exclusive- Elite hackers target WHO as coronavirus cyberattacks spike
2020-03-23 - Fake “Corona Antivirus” distributes BlackNET remote administration tool
2020-03-23 - Fin7 APT- how billion dollar crime ring remains active after leaders’ arrest
2020-03-23 - Icnanker, a Linux Trojan-Downloader Protected by SHC
2020-03-23 - KPOT Deployed via AutoIt Script
2020-03-23 - Latest Astaroth living-off-the-land attacks are even more invisible but not less observable
2020-03-23 - Nefilim Ransomware Threatens to Expose Stolen Data
2020-03-23 - Snake Ransomware Analysis Updates
2020-03-24 - A new technique to analyze FormBook malware infections
2020-03-24 - Exchange Exploit Case Study – CVE-2020-0688
2020-03-24 - KEKW Ransomware KEKW-Locker Ransomware
2020-03-24 - Operation Poisoned News- Hong Kong Users Targeted With Mobile Malware via Local News Links
2020-03-24 - People infected with coronavirus are all around you, says Ginp Trojan
2020-03-24 - Three More Ransomware Families Create Sites to Leak Stolen Data
2020-03-24 - WildPressure targets industrial-related entities in the Middle East
2020-03-25 - How the Iranian Cyber Security Agency Detects Emissary Panda Malware
2020-03-25 - New Router DNS Hijacking Attacks Abuse Bitbucket to Host Infostealer
2020-03-25 - This Is Not a Test- APT41 Initiates Global Intrusion Campaign Using Multiple Exploits
2020-03-25 - Unpacking the Kwampirs RAT
2020-03-26 - Android Apps and Malware Capitalize on Coronavirus
2020-03-26 - Azorult loader stages
2020-03-26 - Cyber insurer Chubb had data stolen in Maze ransomware attack
2020-03-26 - Discover Malware Android
2020-03-26 - Ransomware Maze
2020-03-26 - TA505's Box of Chocolate - On Hidden Gems packed with the TA505 Packer
2020-03-26 - Would You Exchange Your Security for a Gift Card-
2020-03-26 - iOS exploit chain deploys LightSpy feature-rich malware
2020-03-27 - Booz Allen analyzed 200+ Russian hacking operations to better understand their tactics
2020-03-27 - The First Stage of ShadowHammer
2020-03-28 - In-depth analysis of a Cerberus trojan variant
2020-03-30 - A New Look at Old Dragonfly Malware (Goodor)
2020-03-30 - An old enemy – Diving into QBot part 1
2020-03-30 - Banking Malware Spreading via COVID-19 Relief Payment Phishing
2020-03-30 - Fantastic payloads and where we find them
2020-03-30 - The 'Spy Cloud' Operation Geumseong121 group carries out the APT attack disguising the evidence of North Korean defection
2020-03-30 - Zeus Sphinx Trojan Awakens Amidst Coronavirus Spam Frenzy
2020-03-31 - An In-depth Look at MailTo Ransomware, Part One of Three
2020-03-31 - FBI re-sends alert about supply chain attacks for the third time in three months
2020-03-31 - Holy water- ongoing targeted water-holing attack in Asia
2020-03-31 - Infected Zoom Apps for Android Target Work-From-Home Users
2020-03-31 - It’s Your Money and They Want It Now - The Cycle of Adversary Pursuit
2020-03-31 - LokiBot- Getting Equation Editor Shellcode
2020-03-31 - Storm Cloud Unleashed- Tibetan Focus of Highly Targeted Fake Flash Campaign
2020-03-31 - Trickbot- A primer
2020-03-31 - Viasat Hit with Russia’s Wiper Malware called ‘AcidRain,’ Affecting European Services
2020-03-31 - WannaRen Ransomware
2020-04-01 - Jeno Ransomware
2020-04-01 - Navigating Cybersecurity During a Pandemic- Latest Malware and Threat Actors
2020-04-01 - REvil Ransomware-as-a-Service An analysis of a ransomware affiliate operation
2020-04-01 - THE VOLLGAR CAMPAIGN- MS-SQL SERVERS UNDER ATTACK
2020-04-02 - AZORult brings friends to the party
2020-04-02 - Catching APT41 exploiting a zero-day vulnerability
2020-04-02 - CoViper locking down computers during lockdown
2020-04-02 - GuLoader- The RAT Downloader
2020-04-02 - Nemty Ransomware – Learning by Doing
2020-04-02 - Pekraut - German RAT starts gnawing
2020-04-03 - GuLoader- Malspam Campaign Installing NetWire RAT
2020-04-03 - Kinsing Malware Attacks Targeting Container Environments
2020-04-03 - Microsoft- Emotet Took Down a Network by Overheating All Computers
2020-04-04 - Nanocore & CypherIT
2020-04-05 - Trojan Agent Tesla – Malware Analysis
2020-04-06 - McAfee Insights- Vicious Panda- The COVID Campaign
2020-04-07 - 2020-04-06 Qealler RAT Malspam
2020-04-07 - Decade of the RATS- Cross-Platform APT Espionage Attacks Targeting Linux, Windows and Android
2020-04-07 - ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework
2020-04-07 - Thinking Outside the Bochs- Code Grafting to Unpack Malware in Emulation
2020-04-07 - Unkillable xHelper and a Trojan matryoshka
2020-04-08 - An In-depth Look at MailTo Ransomware, Part Two of Three
2020-04-08 - DDG botnet, round X, is there an ending-
2020-04-08 - Deep Dive Into TrickBot Executor Module “mexec”- Hidden “Anchor” Bot Nexus Operations
2020-04-08 - Donot team organization (APT-C-35) mobile terminal attack activity analysis
2020-04-08 - How Cyber Adversaries are Adapting to Exploit the Global Pandemic
2020-04-08 - Ransomware NetWalker- análisis y medidas preventivas
2020-04-09 - Malware analysis (Emergency inquiry for Coronavirus response in Jeollanam-do.hwp)
2020-04-09 - SDBbot Unpacker
2020-04-09 - Travelex paid hackers $2.3 million worth of Bitcoin after ransomware attack
2020-04-09 - TrickBot Emerges with a Few New Tricks
2020-04-10 - An In-depth Look at MailTo Ransomware, Part Three of Three
2020-04-10 - Threat Actors Migrating to the Cloud
2020-04-10 - Void Ransomware
2020-04-11 - Sodinokibi Ransomware to stop taking Bitcoin to hide money trail
2020-04-12 - Dynamic analysis technique to get decrypted KPOT Malware
2020-04-13 - APT41 Using New Speculoos Backdoor to Target Organizations Globally
2020-04-13 - GuLoader delivers RATs and Spies in Disguise
2020-04-13 - How Analysing an AgentTesla Could Lead To Attackers Inbox - Part I
2020-04-13 - New Mozi Malware Family Quietly Amasses IoT Bots
2020-04-13 - The Blame Game - About False Flags and overwritten MBRs
2020-04-13 - Threat Spotlight- Gootkit Banking Trojan
2020-04-14 - Deobfuscating and hunting for OSTAP, Trickbot’s dropper and best friend
2020-04-14 - Emotet JavaScript downloader
2020-04-14 - Malicious Attackers Target Government and Medical Organizations With COVID-19 Themed Phishing Campaigns
2020-04-14 - RagnarLocker ransomware hits EDP energy giant, asks for €10M
2020-04-14 - TA505 Continues to Infect Networks With SDBbot RAT
2020-04-14 - Understanding the relationship between Emotet Ryuk and TrickBot
2020-04-15 - Hackers are again attacking Portuguese banking organizations via Android Trojan-Banker
2020-04-15 - How Analysing an AgentTesla Could Lead To Attackers Inbox - Part II
2020-04-15 - Multistage FreeDom loader used in Aggah Campaign to spread Nanocore and AZORult
2020-04-15 - Nation-state Mobile Malware Targets Syrians with COVID-19 Lures
2020-04-15 - 中國駭客 HUAPI 的惡意後門程式 BiFrost 分析
2020-04-16 - New AgentTesla variant steals WiFi credentials
2020-04-16 - PoetRAT- Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors
2020-04-16 - Taiwan High-Tech Ecosystem Targeted by Foreign APT Group- Digital Skeleton Key Bypasses Security Measures
2020-04-18 - IT services giant Cognizant suffers Maze Ransomware cyber attack
2020-04-19 - Reversing Ryuk- A Technical Analysis of Ryuk Ransomware
2020-04-19 - Sadogo Ransomware
2020-04-20 - WINNTI GROUP- Insights From the Past
2020-04-21 - Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant
2020-04-22 - Gomorrah stealer (.NET binary)
2020-04-22 - Nazar- A Lost Amulet
2020-04-22 - Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage
2020-04-23 - A look at the ATM-PoS malware landscape from 2017-2019
2020-04-23 - ESET researchers disrupt cryptomining botnet VictoryGate
2020-04-23 - Quick look at Nazar backdoor - Capabilities
2020-04-23 - Threat Actors Repurpose Hupigon in Adult Dating Attacks Targeting US Universities
2020-04-23 - Threat Spotlight- MedusaLocker
2020-04-24 - Inside -Phobos- Ransomware- -Dharma- Past & Underground
2020-04-24 - LockBit ransomware IoCs
2020-04-24 - LockBit ransomware borrows tricks to keep up with REvil and Maze
2020-04-24 - TrickBot -BazarBackdoor- Process Hollowing Injection Primer
2020-04-24 - Ursnif via LOLbins
2020-04-26 - 35 mil computadores foram infectados na América Latina por malware que minerava Monero
2020-04-26 - The DGA of Zloader
2020-04-26 - goCryptoLocker
2020-04-26 - use Ghidra to Decrypt Strings of KPOTstealer Malware
2020-04-27 - Group Behind TrickBot Spreads Fileless BazarBackdoor
2020-04-27 - Master of RATs - How to create your own Tracker
2020-04-27 - Quick look at Nazar's backdoor - Network Communication
2020-04-27 - Shade (Troldesh) ransomware shuts down and releases decryption keys
2020-04-27 - The LeetHozer botnet
2020-04-28 - Grandoreiro- How engorged can an EXE get-
2020-04-28 - Hiding in plain sight- PhantomLance walks into a market
2020-04-28 - IcedID PhotoLoader evolution
2020-04-28 - Loki Info Stealer Propagates through LZH Files
2020-04-28 - Outlaw is Back, a New Crypto-Botnet Targets European Organizations
2020-04-28 - Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk
2020-04-29 - Compromised Wordpress sites used to distribute Adwind RAT
2020-04-29 - Gazorp - Thieving from thieves
2020-04-29 - More IOCs related to PhantomLance
2020-04-30 - Anomali Suspects that China-Backed APT Pirate Panda May Be Seeking Access to Vietnam Government Data Center
2020-04-30 - EVENTBOT- A NEW MOBILE BANKING TROJAN IS BORN
2020-04-30 - Lazarus APT organization uses information such as recruitment of a Western aviation giant to analyze targeted attack incidents in specific countries
2020-05-01 - The Many Paths Through Maze
2020-05-02 - Shade - Troldesh Ransomware decryption tool
2020-05-04 - ATM malware targets Wincor and Diebold ATMs
2020-05-04 - Android SLocker Variant Uses Coronavirus Scare to Take Android Hostage
2020-05-04 - Changes in REvil ransomware version 2.2
2020-05-04 - Escape from the Maze
2020-05-04 - Kaiji- New Chinese Linux malware turning to Golang
2020-05-04 - Meet NEMTY Successor, Nefilim-Nephilim Ransomware
2020-05-05 - An old enemy – Diving into QBot part 3
2020-05-05 - Awaiting the Inevitable Return of Emotet
2020-05-05 - Bärenjagd
2020-05-05 - Deep Analysis of Ryuk Ransomware
2020-05-05 - GuLoader AntiVM Techniques
2020-05-05 - Kaiji – a new strain of IoT malware seizing control and launching DDoS attacks
2020-05-05 - Kupidon Ransomware
2020-05-05 - Nazar- Spirits of the Past
2020-05-05 - Operation Flash Cobra
2020-05-05 - The Dacls RAT ...now on macOS! deconstructing the mac variant of a lazarus group implant
2020-05-05 - Tinker Telco Soldier Spy
2020-05-05 - Who Is Dmitry Badin, The GRU Hacker Indicted By Germany Over The Bundestag Hacks-
2020-05-06 - 039- Deconstructing the Dukes- A Researcher’s Retrospective of APT29
2020-05-06 - Brazilian trojan banker is targeting Portuguese users using browser overlay
2020-05-06 - Europe’s Largest Private Hospital Operator Fresenius Hit by Ransomware
2020-05-06 - New Cyber Operation Targets Italy- Digging Into the Netwire Attack Chain
2020-05-06 - New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app
2020-05-06 - Shadows with a chance of BlackNix
2020-05-07 - Detecting COR_PROFILER manipulation for persistence
2020-05-07 - GoGoogle Decryption Tool
2020-05-07 - Introducing Blue Mockingbird
2020-05-07 - Naikon APT- Cyber Espionage Reloaded
2020-05-07 - Navigating the MAZE- Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents
2020-05-07 - Ruhr-Universität Bochum meldet Computerangriff
2020-05-07 - Sodinokibi - REvil ransomware
2020-05-07 - The North Korean AV Anthology- a unique look on DPRK’s Anti-Virus market
2020-05-07 - Ursnif beacon decryptor
2020-05-07 - We Chat, They Watch- How International Users Unwittingly Build up WeChat’s Chinese Censorship Apparatus
2020-05-08 - Inception
2020-05-08 - Naikon’s Aria
2020-05-09 - ClodCore- A malware family that delivers mining modules through cloud control
2020-05-09 - Turkey targeted by Cerberus and Anubis Android banking Trojan campaigns
2020-05-10 - The Duties Beyond Assisting the Public- Darknet Threats Against Canadian Health & Support Organizations
2020-05-11 - Astaroth - Maze of obfuscation and evasion reveals dark stealer
2020-05-11 - New MacOS Dacls RAT Backdoor Show Lazarus’ Multi-Platform Attack Capability
2020-05-11 - New MacOS Dacls RAT Backdoor Shows Lazarus’ Multi-Platform Attack Capability
2020-05-11 - ProLock malware analysis
2020-05-11 - Ransomware Hit ATM Giant Diebold Nixdorf
2020-05-11 - Targeted Attacks on Indian Government and Financial Institutions Using the JsOutProx RAT
2020-05-11 - The Anatomy of an APT Attack and CobaltStrike Beacon’s Encoded Configuration
2020-05-11 - Trojan Lampion is back after 3 months
2020-05-11 - Updated BackConfig Malware Targeting Government and Military Organizations in South Asia
2020-05-11 - Zeus Sphinx Back in Business- Some Core Modifications Arise
2020-05-12 - Analyzing Dark Crystal RAT, a C# backdoor
2020-05-12 - Evading Detection with Excel 4.0 Macros and the BIFF8 XLS Format
2020-05-12 - Java RAT Campaign Targets Co-Operative Banks in India
2020-05-12 - MAR-10288834-1.v1 – North Korean Remote Access Tool- COPPERHEDGE
2020-05-12 - MAR-10288834-2.v1 – North Korean Trojan- TAINTEDSCRIBE
2020-05-12 - MAR-10288834-3.v1 – North Korean Trojan- PEBBLEDASH
2020-05-12 - Maze ransomware- extorting victims for 1 year and counting
2020-05-12 - Tropic Trooper’s Back- USBferry Attack Targets Air-gapped Environments
2020-05-13 - Access-as-a-Service – Remote Access Markets in the Cybercrime Underground
2020-05-13 - Global Ransomware and Cyberattacks on Healthcare Spike during Pandemic
2020-05-13 - Malware Analysis Spotlight- Rhino Ransomware
2020-05-13 - Ramsay- A cyber‑espionage toolkit tailored for air‑gapped networks
2020-05-14 - APT Group Planted Backdoors Targeting High Profile Networks in Central Asia
2020-05-14 - ATT&CKing ProLock Ransomware
2020-05-14 - COMpfun authors spoof visa application with HTTP status-based Trojan
2020-05-14 - Deep Dive Into TrickBot Executor Module “mexec”- Reversing the Dropper Variant
2020-05-14 - LOLSnif – Tracking Another Ursnif-Based Targeted Campaign
2020-05-14 - Mikroceen- Spying backdoor leveraged in high‑profile networks in Central Asia
2020-05-14 - Mirai and Hoaxcalls Botnets Target Legacy Symantec Web Gateways
2020-05-14 - Netwalker Ransomware- [API Call Obfuscation (using Structure) and Evading Memory Forensic]
2020-05-14 - QNodeService- Node.js Trojan Spread via Covid-19 Lure
2020-05-14 - RATicate- an attacker’s waves of information-stealing malware
2020-05-14 - The energy reserves in the Eastern Mediterranean Sea and a malicious campaign of APT10 against Turkey
2020-05-14 - Vendetta - new threat actor from Europe
2020-05-15 - A Guide to macOS Threat Hunting and Incident Response
2020-05-15 - DBatLoader
2020-05-15 - In depth analysis of Lazarus validator
2020-05-16 - High Performance Hackers
2020-05-17 - CrowdStrike Falcon Detects Kernel Attacks Exploiting Vulnerable Dell Driver (CVE-2021-21551)
2020-05-18 - DarkSide Goes Dark- How CrowdStrike Falcon Customers Were Protected
2020-05-18 - Eleethub- A Cryptocurrency Mining Botnet with Rootkit for Self-Hiding
2020-05-18 - FBI- ProLock ransomware gains access to victim networks via Qakbot infections
2020-05-18 - Looking Back at LiteDuke
2020-05-18 - Microcin Decryptor
2020-05-18 - Netwalker Fileless Ransomware Injected via Reflective Loading
2020-05-18 - Ransomware Gang Arrested for Spreading Locky to Hospitals
2020-05-19 - Information Stealer Campaign Targeting German HR Contacts
2020-05-19 - NetWalker Ransomware Group Enters Advanced Targeting “Game”
2020-05-19 - Netwalker Ransomware - From Static Reverse Engineering to Automatic Extraction
2020-05-19 - Sophisticated Espionage Group Turns Attention to Telecom Providers in South Asia
2020-05-19 - The wolf is back...
2020-05-19 - TrickBot BazarLoader In-Depth
2020-05-20 - GhostDNS Source Code Leaked
2020-05-20 - Operation TA505- how we analyzed new tools from the creators of the Dridex trojan, Locky ransomware, and Neutrino botnet
2020-05-20 - The Gocgle Malicious Campaign
2020-05-20 - Unloading the GuLoader
2020-05-20 - What happened between the BigBadWolf and the Tiger-
2020-05-20 - Why On-Device Detection Matters- New Ramsay Trojan Targets Air-Gapped Networks
2020-05-20 - ZLoader Loads Again- New ZLoader Variant Returns
2020-05-21 - A brief history of TA505
2020-05-21 - Asnarök attackers twice modified attack midstream
2020-05-21 - Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers
2020-05-21 - Blox Tales #6- Subpoena-Themed Phishing With CAPTCHA Redirect
2020-05-21 - Navigating MAZE- Analysis of a Rising Ransomware Threat
2020-05-21 - No “Game over” for the Winnti Group
2020-05-21 - Ragnar Locker ransomware deploys virtual machine to dodge security
2020-05-21 - T1055 Process Injection
2020-05-21 - The Evolution of APT15’s Codebase 2020
2020-05-22 - Analysis of Ramsay components of Darkhotel's infiltration and isolation network
2020-05-22 - Cyber-Criminal espionage Operation insists on Italian Manufacturing
2020-05-22 - Insidious Android malware gives up all malicious features but one to gain stealth
2020-05-22 - Operation TA505- investigating the ServHelper backdoor with NetSupport RAT. Part 2.
2020-05-22 - ThreatConnect Research Roundup- Possible APT33 Infrastructure
2020-05-23 - AgentTesla Delivered via a Malicious PowerPoint Add-In
2020-05-24 - Examining Smokeloader’s Anti Hooking technique
2020-05-24 - Operation TA505- network infrastructure. Part 3.
2020-05-24 - Reverse Engineering the Mustang Panda PlugX Loader
2020-05-24 - Using AI to Detect Malicious C2 Traffic
2020-05-24 - Zloader String Obfuscation
2020-05-25 - Hangul malware distributed in real estate investment related emails (using EPS)
2020-05-26 - A former DarkSide listing shows up on REvil’s leak site
2020-05-26 - ACIDBOX Clustering
2020-05-26 - Alert (AA21-116A)- Russian Foreign Intelligence Service (SVR) Cyber Operations- Trends and Best Practices for Network Defenders
2020-05-26 - Falcon Complete Disrupts Malvertising Campaign Targeting AnyDesk
2020-05-26 - From Agent.BTZ to ComRAT v4- A ten‑year journey
2020-05-26 - Know Your Enemy- Exploiting the Dell BIOS Driver Vulnerability to Defend Against It
2020-05-26 - New [F]Unicorn ransomware hits Italy via fake COVID-19 infection map
2020-05-26 - The EU’s Response to SolarWinds
2020-05-26 - The updated Grandoreiro Malware equipped with latenbot-C2 features in Q2 2020 now extended to Portuguese banks
2020-05-26 - Weaponized Disk Image Files- Analysis, Trends and Remediation
2020-05-27 - Detecting Rclone – An Effective Tool for Exfiltration
2020-05-27 - Netwalker ransomware tools give insight into threat actor
2020-05-28 - Analysis of recent rattlesnake APT attacks against surrounding countries and regions
2020-05-28 - Berlin seeks sanctions against Russian hackers over Bundestag cyberattack
2020-05-28 - CSA Sandworm Actors Exploiting Vulnerability in Exim Transfer Agent
2020-05-28 - DarkSide Pipeline Attack Shakes Up the Ransomware-as-a-Service Landscape
2020-05-28 - German intelligence agencies warn of Russian hacking threats to critical infrastructure
2020-05-28 - Goodbye Mworm, Hello Nworm- TrickBot Updates Propagation Module
2020-05-28 - Israeli official confirms attempted cyberattack on water systems
2020-05-28 - Michigan State University network breached in ransomware attack
2020-05-28 - Microsoft IIS servers hacked by Blue Mockingbird to mine Monero
2020-05-28 - NSA- Russia's Sandworm Hackers Have Hijacked Mail Servers
2020-05-28 - Russische Bären unter Hackerverdacht
2020-05-28 - Self-described “king of fraud” is convicted for role in Methbot scam
2020-05-28 - Silos of Excellence
2020-05-28 - Suspected Naikon DGA Domains
2020-05-28 - SysInTURLA
2020-05-28 - The Masked SYNger- Investigating a Traffic Phenomenon
2020-05-28 - The Octopus Scanner Malware- Attacking the open source supply chain
2020-05-28 - The zero-day exploits of Operation WizardOpium
2020-05-28 - Valak- More than Meets the Eye
2020-05-29 - Phishers Cast a Wider Net in the African Banking Sector
2020-05-29 - Secret Chats Show How Cybergang Became a Ransomware Powerhouse
2020-05-29 - ShellReset RAT Spread Through Macro-Based Documents Using AppLocker Bypass
2020-05-30 - Exposing the UAE’s Underground Digital Dangers- The Attack Surface of One of the Most Digitally Advanced Countries in the Arab World
2020-05-31 - Guildma is now using Finger and Signed Binary Proxy Execution to evade defenses
2020-05-31 - Hacker Lexicon- What Is a Supply Chain Attack-
2020-05-31 - IT threat evolution Q1 2021
2020-05-31 - Ransomware Avaddon- principales características
2020-05-31 - Revisiting the NSIS-based crypter
2020-05-31 - Russian hacker Pavel Sitnikov arrested for sharing malware source code
2020-05-31 - String Obfuscation in the Hamweq IRC-bot
2020-05-31 - WastedLoader or DridexLoader-
2020-06-01 - In-depth analysis of a trojan banker impacting Portugal and Brazil
2020-06-02 - Evolution of Excel 4.0 Macro Weaponization
2020-06-02 - Hunting Malicious Macros
2020-06-02 - In-depth analysis of the new Team9 malware family
2020-06-02 - Mustang Panda Recent Activity- Dll-Sideloading trojans with temporal C2 servers
2020-06-02 - PebbleDash - Lazarus - HiddenCobra RAT
2020-06-02 - REvil ransomware gang launches auction site to sell stolen data
2020-06-02 - Ursnif-Gozi Delivery - Excel Macro 4.0 Utilization Uptick & OCR Bypass
2020-06-03 - Cycldek- Bridging the (air) gap
2020-06-03 - New LNK attack tied to Higaisa APT discovered
2020-06-03 - Ransomware gang says it breached one of NASA's IT contractors
2020-06-03 - The WizardOpium LPE- Exploiting CVE-2019-1458
2020-06-03 - Threat Assessment- Hangover Threat Group
2020-06-04 - COVID-19 and New Year greetings- an investigation into the tools and methods used by the Higaisa group
2020-06-04 - Nuclear missile contractor hacked in Maze ransomware attack
2020-06-04 - Threat Spotlight- Tycoon Ransomware Targets Education and Software Sectors
2020-06-05 - Anatomy of a Well-Crafted UPS, FedEx, and DHL Phishing Email During COVID-19
2020-06-05 - Avaddon- From seeking affiliates to in-the-wild in 2 days
2020-06-05 - Evasion Tactics in Hybrid Credit Card Skimmers
2020-06-05 - New Campaign Abusing StackBlitz Tool to Host Phishing Pages
2020-06-05 - New Tekya Ad Fraud Found on Google Play
2020-06-05 - Retread Ransomware- Identifying Satana to Understand -CoronaVirus-
2020-06-05 - The Gh0st Remains the Same
2020-06-07 - Dealing with Obfuscated Macros Statically - NanoCore
2020-06-08 - A Guide to macOS Threat Hunting and Incident Response
2020-06-08 - Analysis of Valak Maldoc
2020-06-08 - Dark Nexus- the old, the new and the ugly
2020-06-08 - German Task Force for COVID-19 Medical Equipment Targeted in Ongoing Phishing Campaign
2020-06-08 - GuLoader- No, CloudEyE.
2020-06-08 - Honda investigates possible ransomware attack, networks impacted
2020-06-08 - New Avaddon Ransomware launches in massive smiley spam campaign
2020-06-08 - TA410- The Group Behind LookBack Attacks Against U.S. Utilities Sector Returns with New Malware
2020-06-08 - The A1 Telekom Austria Hack
2020-06-08 - eCh0raix Ransomware
2020-06-09 - CobaltStrikeParser
2020-06-09 - Dark Basin Indicators of Compromise
2020-06-09 - Dark Basin Uncovering a Massive Hack-For-Hire Operation
2020-06-09 - Honda and Enel impacted by cyber attack suspected to be ransomware
2020-06-09 - Kingminer escalates attack complexity for cryptomining
2020-06-09 - Looking at Big Threats Using Code Similarity. Part 1
2020-06-09 - Misconfigured Amazon S3 Buckets Continue to be a Launchpad for Malicious Code
2020-06-09 - RagnarLocker Ransomware Threatens to Release Confidential Information
2020-06-09 - Recent FK_Undead rootkit samples found in the wild
2020-06-09 - Valak Malware and the Connection to Gozi Loader ConfCrew
2020-06-09 - Web shell threat hunting with Azure Sentinel and Microsoft Threat Protection
2020-06-10 - FRat Reporting, YARA, and IoCs
2020-06-10 - FlowCloud Version 4.1.3 Malware Analysis
2020-06-10 - Harmful Logging - Diving into MassLogger
2020-06-10 - MassLogger - Frankenstein's Creation
2020-06-10 - Misconfigured Kubeflow workloads are a security risk
2020-06-10 - Unpacking Smokeloader and Reconstructing PE Programatically using LIEF
2020-06-11 - #ThreatThursday - Buhtrap
2020-06-11 - API Hashing in the Zloader malware
2020-06-11 - All You Need Is Text- Second Wave
2020-06-11 - Gamaredon group grows its game
2020-06-11 - New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa
2020-06-11 - Phishing Attacks from Earth Empusa Reveal ActionSpy
2020-06-11 - Qbot Banking Trojan Still Up to Its Old Tricks
2020-06-11 - SNOWSTORM- Hacker-for-hire and physical surveillance targeted financial analyst
2020-06-11 - The Return of the Higaisa APT
2020-06-11 - Tor2Mine is up to their old tricks — and adds a few new ones
2020-06-11 - マルウエアLODEINFOの進化 (Evolution of Malware LODEINFO)
2020-06-12 - Probable Sandworm Infrastructure
2020-06-12 - Trickbot Malspam Leveraging Black Lives Matter as Lure
2020-06-12 - What is the Gibberish Hack-
2020-06-13 - Black Kingdom ransomware (TTPs & IOC)
2020-06-13 - Black Kingdom ransomware hacks networks with Pulse VPN flaws
2020-06-13 - TroyStealer – A new info stealer targeting Portuguese Internet users
2020-06-14 - CTI is Better Served with Context- Getting better value from IOCs
2020-06-14 - Deep-dive- The DarkHotel APT
2020-06-15 - Global Malicious Spam Campaign Using Black Lives Matter as a Lure
2020-06-15 - India- Human Rights Defenders Targeted by a Coordinated Spyware Operation
2020-06-15 - Magecart strikes amid Corona lockdown
2020-06-15 - Quarterly report- Incident Response trends in Summer 2020
2020-06-15 - Striking Back at Retired Cobalt Strike- A look at a legacy vulnerability
2020-06-15 - Web skimmers found on the websites of Intersport, Claire's, and Icing
2020-06-16 - Chipmaker MaxLinear reports data breach after Maze Ransomware attack
2020-06-16 - Cloud Threat Landscape Report 2020,pdf
2020-06-16 - Cobalt- tactics and tools update
2020-06-16 - CrystalBit - Apple Double DLL Hijack -- From fraudulent software bundle downloads to an evasive miner raging campaign
2020-06-16 - ELF Malware Analysis 101- Linux Threats No Longer an Afterthought
2020-06-16 - Exploiting a crisis- How cybercriminals behaved during the outbreak
2020-06-16 - New Java STRRAT ships with .crimson ransomware module
2020-06-16 - QakBot malspam leading to ProLock- Nothing personal just business
2020-06-16 - TA505 returns with a new bag of tricks
2020-06-16 - The Little Ransomware That Couldn’t (Dharma)
2020-06-17 - A Click from the Backyard - Analysis of CVE-2020-9332, a Vulnerable USB Redirection Software
2020-06-17 - ATT&CK® Deep Dive- Process Injection
2020-06-17 - AcidBox- Rare Malware Repurposing Turla Group Exploit Targeted Russian Organizations
2020-06-17 - Detecting PoshC2 – Indicators of Compromise
2020-06-17 - Die erste Cyberwaffe und ihre Folgen
2020-06-17 - Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature
2020-06-17 - RansomEXX Ransomware
2020-06-17 - Targeted attacks on industrial companies using Snake ransomware
2020-06-17 - deICEr- A Go tool for extracting config from IcedID second stage Loaders
2020-06-18 - #ThreatThursday - APT33
2020-06-18 - Behind the scenes of the Emotet Infrastructure
2020-06-18 - COVID-19 and FMLA Campaigns used to install new IcedID banking malware
2020-06-18 - Digging up InvisiMole’s hidden arsenal
2020-06-18 - EKANS Ransomware Misconceptions and Misunderstandings
2020-06-18 - Ginp Malware Operations are on the Rise, Aiming to Expand in Turkey
2020-06-18 - Hiding In Plain Sight
2020-06-18 - Inside Microsoft Threat Protection- Mapping attack chains from cloud to endpoint (APT33-HOLMIUM)
2020-06-18 - Maze ransomware continues to be a threat to the consumers
2020-06-18 - Office 365 Phishing Campaign Exploits Samsung, Adobe and Oxford Servers
2020-06-19 - Copy-paste compromises
2020-06-19 - Dridex- the secret in a PostMessage()
2020-06-19 - Further Evasion in the Forgotten Corners of MS-XLS
2020-06-19 - Microcin is here With asynchronous sockets, steganography, GitLab ban and a sock
2020-06-19 - Microcin is here
2020-06-19 - Targeted Attack Leverages India-China Border Dispute to Lure Victims
2020-06-19 - The eagle eye is back- old and new backdoors from APT30
2020-06-19 - zloader- VBA, R1C1 References, and Other Tomfoolery
2020-06-21 - Deep Analysis of SmokeLoader
2020-06-21 - Investigating Threats in HP Sure Controller 4.2- TVRAT
2020-06-21 - Snatch Ransomware
2020-06-21 - UpnP – Messing up Security since years
2020-06-22 - Comparative analysis between Bindiff and Diaphora - Patched Smokeloader Study Case
2020-06-22 - Dynamic Correlation, ML and Hunting
2020-06-22 - FTcode targets European countries
2020-06-22 - Hakbit Ransomware Campaign Against Germany, Austria, Switzerland
2020-06-22 - Hijacking DLLs in Windows
2020-06-22 - Indiabulls Group hit by CLOP Ransomware, gets 24h leak deadline
2020-06-22 - IndigoDrop spreads via military-themed lures to deliver Cobalt Strike
2020-06-22 - Inside a TrickBot Cobalt Strike Attack Server
2020-06-22 - Pillowmint- FIN7’s Monkey Thief
2020-06-22 - Unpacking Visual Basic Packers – IcedID
2020-06-22 - VenomRAT - new, hackforums grade, reincarnation of QuassarRAT
2020-06-22 - Web skimming with Google Analytics
2020-06-22 - XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers
2020-06-22 - njRat Malware Analysis
2020-06-23 - Hidden Cobra - from a shed skin to the viper’s nest
2020-06-23 - New Mirai variant Aisuru detects Cowrie opensource honeypots
2020-06-23 - Oh, what a boot-iful mornin’ Rovnix bootkit back in business
2020-06-23 - Ryuk ransomware deployed two weeks after Trickbot infection
2020-06-23 - Sodinokibi- Ransomware Attackers also Scanning for PoS Software, Leveraging Cobalt Strike
2020-06-23 - WastedLocker- A New Ransomware Variant Developed By The Evil Corp Group
2020-06-24 - BRONZE VINEWOOD Targets Supply Chains
2020-06-24 - DropboxAES Remote Access Trojan
2020-06-24 - Glupteba - the malware that gets secret messages from the Bitcoin blockchain
2020-06-24 - Glupteba malware hides in plain sight
2020-06-24 - Hackers are still running coronavirus-related campaigns, CrowdStrike warns
2020-06-24 - Is upatre downloader coming back -
2020-06-24 - Lucifer- New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices
2020-06-24 - Magnitude exploit kit - evolution
2020-06-24 - New ransomware posing as COVID‑19 tracing app targets Canada; ESET offers decryptor
2020-06-24 - Obfuscated VBScript Drops Zloader, Ursnif, Qakbot, Dridex
2020-06-25 - A close look at the advanced techniques used in a Malaysian-focused APT campaign
2020-06-25 - DarkCrewBot – The Return of the Bot Shop Crew
2020-06-25 - Github Repository of PYBACK
2020-06-25 - GuLoader- Peering Into a Shellcode-based Downloader
2020-06-25 - The Golden Tax Department and the Emergence of GoldenSpy Malware
2020-06-25 - Unknown China-Based APT Targeting Myanmarese Entities
2020-06-25 - Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files
2020-06-25 - Zoom In- Emulating 'Exploit Purchase' in Simulated Targeted Attacks
2020-06-26 - Admin of carding portal behind $568M in losses pleads guilty
2020-06-26 - CryptoCore – Cryptocurrency Exchanges Under Attack
2020-06-26 - New Ransom X Ransomware used in Texas TxDOT cyberattack
2020-06-26 - Ransom .exx notes
2020-06-26 - Russian National (Aleksei Burkov, Cardplanet) Sentenced to Prison for Operating Websites Devoted to Fraud and Malicious Cyber Activities
2020-06-26 - Russian hacker group Evil Corp targets US workers at home
2020-06-26 - Taurus- The New Stealer in Town
2020-06-26 - US Local Government Services Targeted by New Magecart Credit Card Skimming Attack
2020-06-26 - Update on IT Security Incident at UCSF
2020-06-26 - WastedLocker- Symantec Identifies Wave of Attacks Against U.S. Organizations
2020-06-27 - Quick analysis note about GuLoader (or CloudEyE)
2020-06-28 - Interesting tactic by Ratty & Adwind for distribution of JAR appended to signed MSI
2020-06-29 - OSX.EvilQuest Uncovered
2020-06-29 - PROMETHIUM extends global reach with StrongPity3 APT
2020-06-30 - Botnet Encyclopedia
2020-06-30 - Detection Rules by Elastic
2020-06-30 - Electric Company Ransomware Attack Calls for $14 Million in Ransom
2020-06-30 - EvilQuest wiper uses ransomware cover to steal files from Macs
2020-06-30 - GoldenSpy- Chapter Two - The Uninstaller
2020-06-30 - M00nD3v, HawkEye threat actor, sells malware after COVID-19 diagnosis
2020-06-30 - Ransomware on the Rise- Buran’s transformation into Zeppelin
2020-07-01 - Alina Point of Sale Malware Still Lurking in DNS
2020-07-01 - BlackRock - The Trojan That Wanted to Get Them All
2020-07-01 - DLL Search Order Hijacking
2020-07-01 - EKANS Ransomware Targeting OT ICS Systems
2020-07-01 - Multiyear Surveillance Campaigns Discovered Targeting Uyghurs
2020-07-01 - Threat Bulletin- Cutting-off the Command-and-Control Infrastructure of CollectorGoomba
2020-07-01 - Threat Spotlight- Valak Slithers Its Way Into Manufacturing and Transportation Networks
2020-07-01 - 游走在东欧和中亚的奇幻熊
2020-07-02 - CyberGate RAT and RedLine Stealer Delivered in Ongoing AutoIt Malware Campaigns
2020-07-02 - GoldenSpy Chapter 3- New and Improved Uninstaller
2020-07-03 - Attack Detection Fundamentals- Code Execution and Persistence - Lab #1
2020-07-04 - Deep Analysis of Anubis Banking Malware
2020-07-05 - How to stop MortiAgent Malware using the snort rule-
2020-07-05 - RIFT- F5 Networks K52145254- TMUI RCE vulnerability CVE-2020-5902 Intelligence
2020-07-05 - Reverse Engineering the Mustang Panda PlugX RAT – Extracting the Config
2020-07-06 - New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader
2020-07-06 - North Korean hackers implicated in stealing from US and European shoppers
2020-07-06 - Pig in a poke- smartphone adware
2020-07-06 - The Gafgyt variant vbot seen in its 31 campaigns
2020-07-06 - TrickBot variant “Anchor_DNS” communicating over DNS
2020-07-06 - WastedLocker Goes Big-Game Hunting in 2020
2020-07-07 - -Keeper- Magecart Group Infects 570 Sites
2020-07-07 - Breaking EvilQuest - Reversing A Custom macOS Ransomware File Encryption Routine
2020-07-07 - Clop, Clop! It’s a TA505 HTML malspam analysis
2020-07-07 - Microsoft takes legal action against COVID-19-related cybercrime
2020-07-07 - SilentDeath Ransomware
2020-07-08 - How to unpack Chinoxy backdoor and decipher the configuration of the backdoor
2020-07-08 - Irans domestic espionage Lessons from recent data leaks
2020-07-08 - New Mirai Variant Expands Arsenal, Exploits CVE-2020-10173
2020-07-08 - Operation ‘Honey Trap’- APT36 Targets Defense Organizations in India
2020-07-08 - Ransomware Report- Avaddon and New Techniques Emerge, Industrial Sector Targeted
2020-07-08 - Restricting SMB-based lateral movement in a Windows environment
2020-07-08 - “EvilQuest” Rolls Ransomware, Spyware & Data Theft Into One
2020-07-09 - An Update for a Very Active DDos Botnet- Moobot
2020-07-09 - Gist with observed grelos skimmer
2020-07-09 - More evil- A deep look at Evilnum and its toolset
2020-07-09 - New Joker variant hits Google Play with an old trick
2020-07-09 - ServHelper- Hidden Miners
2020-07-09 - Threat Bulletin- Dissecting GuLoader’s Evasion Techniques
2020-07-10 - Deep Dive Into the M00nD3V Logger
2020-07-10 - Evilnum — Indicators of Compromise
2020-07-10 - Knowledge Fragment- Casting Sandbox Necromancy on DADSTACHE
2020-07-10 - The Dark Web of Intrigue- How REvil Used the Underground Ecosystem to Form an Extortion Cartel
2020-07-10 - The new Bigviktor Botnet is Targeting DrayTek Vigor Router
2020-07-10 - Threat spotlight- WastedLocker, customized ransomware
2020-07-10 - YARA Rules talks and presentation of REVERSING 2020
2020-07-11 - Injecting Magecart into Magento Global Config
2020-07-11 - TrickBot Group Launches Test Module Alerting on Fraud Activity
2020-07-11 - TrickBot malware mistakenly warns victims that they are infected
2020-07-12 - Deobfuscating DanaBot’s API Hashing
2020-07-13 - Anchor dns malware goes cross platform
2020-07-13 - Become a Microsoft Defender ATP Ninja
2020-07-13 - Campagna sLoad v.2.9.3 veicolata via PEC
2020-07-13 - Fell Deeds Awake
2020-07-13 - Internet Explorer CVE-2019–1367 In the wild Exploitation - prelude
2020-07-13 - New AgeLocker Ransomware uses Googler's utility to encrypt files
2020-07-13 - Remcos RAT Macro Dropper Doc
2020-07-13 - SCANdalous! (External Detection Using Network Scan Data and Automation)
2020-07-13 - TrickBot's new API-Hammering explained
2020-07-14 - GoldenSpy Chapter 4- GoldenHelper Malware Embedded in Official Golden Tax Software
2020-07-14 - Manufacturing Industry in the Adversaries’ Crosshairs
2020-07-14 - PYTHON MALWARE ON THE RISE
2020-07-14 - RATicate upgrades “RATs as a Service” attacks with commercial “crypter”
2020-07-14 - Simple DGA Spotted in a Malicious PowerShell
2020-07-14 - The Domain Generation Algorithm of BazarBackdoor
2020-07-14 - The Tetrade- Brazilian banking malware goes global
2020-07-14 - Turla - Venomous Bear updates its arsenal- “NewPass” appears on the APT threat scene
2020-07-14 - Welcome Chat as a secure messaging app- Nothing could be further from the truth
2020-07-15 - An in-depth analysis of SpyNote remote access trojan
2020-07-15 - Chinese state hackers target Hong Kong Catholic Church
2020-07-15 - Deep Analysis of QBot Banking Trojan
2020-07-15 - Exclusive- Secret Trump order gives CIA more powers to launch cyberattacks
2020-07-15 - Financially Motivated Actors Are Expanding Access Into OT- Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families
2020-07-15 - Flowspec - TA505s bulletproof hoster of choice
2020-07-15 - Inside REvil Extortionist “Machine”- Predictive Insights
2020-07-15 - The Defective Domain Generation Algorithm of BazarBackdoor
2020-07-16 - A Bazar of Tricks- Following Team9’s Development Cycles
2020-07-16 - FastWind Ransomware
2020-07-16 - High‑profile Twitter accounts hacked to promote Bitcoin scam
2020-07-16 - How WellMess malware has been used to target Covid-19 vaccines
2020-07-16 - Iranian Spies Accidentally Leaked Videos of Themselves Hacking
2020-07-16 - Mac cryptocurrency trading application rebranded, bundled with malware
2020-07-16 - Malware Analysis Report (AR20-198A)
2020-07-16 - Malware Analysis Report (AR20-198B)
2020-07-16 - Malware Analysis Report (AR20-198C)
2020-07-16 - New Research Exposes Iranian Threat Group (APT35-ITG18) Operations
2020-07-16 - US, UK, and Canada’s COVID-19 research targeted by APT29
2020-07-17 - New Voicemail-Themed Phishing Attacks Use Evasion Techniques and Steal Credentials
2020-07-17 - TA547 Pivots from Ursnif Banking Trojan to Ransomware in Australian Campaign
2020-07-18 - Firefox Send sends Ursnif malware
2020-07-20 - Emotet is back
2020-07-20 - Emotet-TrickBot malware duo is back infecting Windows machines
2020-07-20 - Golden Chickens- Evolution Oof the MaaS
2020-07-20 - Reverse Engineering the New Mustang Panda PlugX Downloader
2020-07-20 - Shellbot victim overlap with Emotet network infrastructure
2020-07-20 - What even is Winnti-
2020-07-21 - 'World's Most Wanted Man' Involved in Bizarre Attempt to Buy Hacking Tools
2020-07-21 - Chinese APT group targets India and Hong Kong using new variant of MgBot malware
2020-07-21 - How scammers are hiding their phishing trips in public clouds
2020-07-21 - Two Chinese Hackers Working with the Ministry of State Security Charged with Global Computer Intrusion Campaign Targeting Intellectual Property and Confidential Business Information, Including COVID-19 Research
2020-07-22 - 'FormBook Tracker' unveiled on the Dark Web
2020-07-22 - Analysing Fileless Malware- Cobalt Strike Beacon
2020-07-22 - Connecting Kinsing malware to Citrix and SaltStack campaigns
2020-07-22 - Enter the Maze- Demystifying an Affiliate Involved in Maze (SNOW)
2020-07-22 - Github Repository for PowerZure
2020-07-22 - Lockscreen Ransomware Phishing Leads To Google Play Card Scam
2020-07-22 - MATA- Multi-platform targeted malware framework
2020-07-22 - OilRig APT Drills into Malware Innovation with Unique Backdoor
2020-07-22 - OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory
2020-07-22 - Peut-on neutraliser un ransomware lancé en tant que SYSTEM sur des milliers de machines en même temps-
2020-07-22 - Prometei botnet and its quest for Monero
2020-07-22 - Skimmers in Images & GitHub Repos
2020-07-22 - Slacking Off – Slack and the Corporate Attack Surface Landscape
2020-07-23 - Attacking MS Exchange Web Interfaces
2020-07-23 - The resurgence of the Ursnif banking trojan
2020-07-23 - WastedLocker Ransomware- Abusing ADS and NTFS File Attributes
2020-07-23 - Who is behind APT29- What we know about this nation-state cybercrime group
2020-07-24 - Evolution of Valak, from Its Beginnings to Mass Distribution
2020-07-24 - Exorcist Ransomware - From triaging to deep dive
2020-07-24 - Fifty Shades of Malware Strings
2020-07-24 - Garmin outage caused by confirmed WastedLocker ransomware attack
2020-07-24 - Russia's GRU Hackers Hit US Government and Energy Targets
2020-07-25 - Zen- A Complex Campaign of Harmful Android Apps
2020-07-26 - In-Memory shellcode decoding to evade AVs-EDRs
2020-07-27 - Alert (AA20-209A)- Potential Legacy Risk from Malware Targeting QNAP NAS Devices
2020-07-27 - Ensiko- A Webshell With Ransomware Capabilities
2020-07-27 - Four Distinct Families of Lazarus Malware Target Apple’s macOS Platform
2020-07-27 - ProLock ransomware gives you the first 8 kilobytes of decryption for free
2020-07-28 - Emotet malware now steals your email attachments to attack contacts
2020-07-28 - LOLSnif Malware
2020-07-28 - Lazarus on the hunt for big game
2020-07-28 - Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902
2020-07-28 - Watch Your Containers- Doki Infecting Docker Servers in the Cloud
2020-07-29 - 'Ghostwriter' Influence Campaign- Unknown Actors Leverage Website Compromises and Fabricated Content to Push Narratives Aligned With Russian Security Interests
2020-07-29 - APT trends report Q2 2020
2020-07-29 - Android Spyware Targeting Tanzania Premier League
2020-07-29 - Emotet’s return is the canary in the coal mine
2020-07-29 - Kaspersky- New hacker-for-hire mercenary group is targeting European law firms
2020-07-29 - Operation (노스 스타) North Star A Job Offer That’s Too Good to be True-
2020-07-29 - Sodinokibi - REvil Malware Analysis
2020-07-30 - Dissecting Ragnar Locker- The Case Of EDP
2020-07-30 - Obscured by Clouds- Insights into Office 365 Attacks and How Mandiant Managed Defense Investigates
2020-07-30 - Threat Assessment- WastedLocker Ransomware
2020-07-31 - GandCrab ransomware operator arrested in Belarus
2020-07-31 - Malware Author Pleads Guilty for Role in Transnational Cybercrime Organization Responsible for more than $568 Million in Losses
2020-07-31 - MassLogger- An Emerging Spyware and Keylogger
2020-07-31 - OpBlueRaven- Unveiling Fin7-Carbanak - Part 1 - Tirion
2020-07-31 - The webshells powering Emotet
2020-07-31 - WastedLocker- technical analysis
2020-08-01 - Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware
2020-08-03 - Back to school-
2020-08-03 - Belarus Authorities Arrest GandCrab Ransomware Operator
2020-08-03 - Dridex – From Word to Domain Dominance
2020-08-03 - InfectedNight - Mirai Variant With Massive Attacks On Our Honeypots
2020-08-03 - MAR-10292089-1.v1 – Chinese Remote Access Trojan- TAIDOOR
2020-08-03 - Take a “NetWalk” on the Wild Side
2020-08-04 - CrimeOps- The Operational Art of Cyber Crime
2020-08-04 - Part 1- analysing MedusaLocker ransomware
2020-08-04 - Ransomware gang publishes tens of GBs of internal data from LG and Xerox
2020-08-04 - WastedLocker’s techniques point to a familiar heritage
2020-08-05 - Emotet API+string deobfuscator (v0.1)
2020-08-05 - Part 2- Analysing MedusaLocker ransomware
2020-08-05 - Playing with GuLoader Anti-VM techniques
2020-08-06 - Bypassing MassLogger Anti-Analysis — a Man-in-the-Middle Approach
2020-08-06 - Chinese Hackers Have Pillaged Taiwan's Semiconductor Industry
2020-08-06 - FinSpy Android Technical Analysi
2020-08-06 - Part 3- analysing MedusaLocker ransomware
2020-08-06 - The Secret Life of an Initial Access Broker
2020-08-06 - Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts
2020-08-07 - BlackWater Malware Leveraging Beirut Tragedy in New Targeted Campaign
2020-08-07 - Stadeo- Deobfuscating Stantinko and more
2020-08-08 - Phirautee - DEFCON28 - Writing Ransomware using Living off the Land (LotL) Tactics
2020-08-09 - Banking Trojans- A Reference Guide to the Malware Family Tree
2020-08-10 - Agent Tesla - Old RAT Uses New Tricks to Stay on Top
2020-08-10 - Anomali Threat Research Releases First Public Analysis of Smaug Ransomware as a Service
2020-08-10 - ClipBanker Trojan - A 13-Second Attack
2020-08-10 - DarkSide Ransomware
2020-08-10 - DiamondFox - Bank Robbers will be replaced
2020-08-10 - FBI says an Iranian hacking group is attacking F5 networking devices
2020-08-10 - Gorgon APT targeting MSME sector in India
2020-08-10 - SBA phishing scams- from malware to advanced social engineering
2020-08-12 - Antiy's analysis report on the recent APT attacks against the Green Spot organization
2020-08-12 - Color by numbers- inside a Dharma ransomware-as-a-service attack
2020-08-12 - IcedID Campaign Strikes Back
2020-08-12 - Internet Explorer and Windows zero-day exploits used in Operation PowerFall
2020-08-12 - Prioritizing critical vulnerabilities A threat intelligence perspective
2020-08-12 - Retour d’expérience suite à une attaque par rançongiciel contre une structure de santé
2020-08-12 - Why Emotet’s Latest Wave is Harder to Catch than Ever Before
2020-08-13 - Attribution- A Puzzle
2020-08-13 - CactusPete APT group’s updated Bisonal backdoor
2020-08-13 - Case Study- Catching a Human-Operated Maze Ransomware Attack In Action
2020-08-13 - Chrome extensions that lie about their permissions
2020-08-13 - Global Disruption of Three Terror Finance Cyber-Enabled Campaigns
2020-08-13 - Lemon Duck Cryptocurrency-mining Malware Information
2020-08-13 - Matiex on Sale Underground
2020-08-13 - Mekotio- These aren’t the security updates you’re looking for…
2020-08-13 - XCSSET Mac Malware- Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
2020-08-14 - Alert (AA20-227A)- Phishing Emails Used to Deploy KONNI Malware
2020-08-14 - EmoCrash- Exploiting a Vulnerability in Emotet Malware for Defense
2020-08-14 - PurpleWave - A New Infostealer from Russia
2020-08-16 - Manual Unpacking IcedID Write-up
2020-08-17 - Team TNT - The First Crypto-Mining Worm to Steal AWS Credentials
2020-08-17 - Team TNT – The First Crypto-Mining Worm to Steal AWS Credentials
2020-08-17 - WellMess malware- analysis of its Command and Control (C2) server
2020-08-18 - Lazarus Group- Campaign Targeting the Cryptocurrency Vertical
2020-08-18 - New Attack Alert- Duri
2020-08-18 - ThunderX Ransomware
2020-08-18 - UPX Anti-Unpacking Techniques in IoT Malware
2020-08-19 - Chantay’s Resume- Investigating a CV-Themed ZLoader Malware
2020-08-19 - ELF Malware Analysis 101 Part 2- Initial Analysis
2020-08-19 - FritzFrog- A New Generation Of Peer-To-Peer Botnets
2020-08-19 - Malware Analysis Report (AR20-232A)
2020-08-19 - Performing Kerberoasting without SPNs
2020-08-19 - Responder-MultiRelay
2020-08-19 - 調查局 08-19 公布中國對台灣政府機關駭侵事件說明
2020-08-20 - DBatLoader-ModiLoader Analysis – First Stage
2020-08-20 - QakBot (QBot) Maldoc Campaign Introduces Two New Techniques into Its Arsenal
2020-08-20 - Revealing REvil Ransomware With DomainTools and Maltego
2020-08-20 - Transparent Tribe- Evolution analysis, part 1
2020-08-20 - [webinar] Proactive Infrastructure Hunting with ThreatConnect & DomainTools
2020-08-20 - ‘Baka’ JavaScript Skimmer Identified
2020-08-21 - Wireshark Tutorial- Decrypting HTTPS Traffic
2020-08-22 - BitRAT – The Latest in Copy-pasted Malware by Incompetent Developers
2020-08-23 - Dispatches from Drovorub- Network Threat Hunting for Russia GRU GTsSS' Malware at Scale
2020-08-23 - Programmatically NOP the Current Selection in Ghidra
2020-08-24 - Cybercriminal greeners from Iran attack companies worldwide for financial gain
2020-08-24 - Emotet Update increases Downloads
2020-08-24 - Lifting the veil on DeathStalker, a mercenary triumvirate
2020-08-24 - RATs and Spam- The Node.JS QRAT
2020-08-24 - Torum is Dead. Long Live CryptBB-
2020-08-24 - VT Report for Jazuar
2020-08-25 - Cyrat Ransomware
2020-08-25 - Darkhotel (APT-C-06) organized multiple attacks using the Thinmon backdoor framework to reveal the secrets
2020-08-25 - How Ransomware Gangs Find New Monetization Schemes and Evolve in Marketing
2020-08-25 - Ryuk successor Conti Ransomware releases data leak site
2020-08-26 - A twisted malware infection chain
2020-08-26 - Alert (AA20-239A)- FASTCash 2.0- North Korea's BeagleBoyz Robbing Banks
2020-08-26 - MAR-10301706-1.v1 - North Korean Remote Access Tool- ECCENTRICBANDWAGON
2020-08-26 - MAR-10301706-2.v1 - North Korean Remote Access Tool- VIVACIOUSGIFT
2020-08-26 - ReZer0v4 loader
2020-08-26 - SunCrypt Ransomware sheds light on the Maze ransomware cartel
2020-08-26 - Threat Actor Profile- TA2719 Uses Colorful Lures to Deliver RATs in Local Languages
2020-08-26 - Transparent Tribe- Evolution analysis, part 2
2020-08-27 - An Old Bot’s Nasty New Tricks- Exploring Qbot’s Latest Attack Methods
2020-08-27 - Cetus- Cryptojacking Worm Targeting Docker Daemons
2020-08-27 - Growth and Commoditization of Remote Access Trojans (X)
2020-08-27 - Smokeloader Analysis and More Family Detections
2020-08-28 - A Comprehensive Look at Emotet’s Summer 2020 Return
2020-08-28 - Cerberus Banking Trojan Analysis
2020-08-28 - Gozi- The Malware with a Thousand Faces
2020-08-28 - MVISION Insights- Wastedlocker Ransomware
2020-08-28 - TERRACOTTA Android Malware- A Technical Study
2020-08-29 - Emulating NotPetya bootloader with Miasm
2020-08-30 - Z3 Ransomware
2020-08-31 - Analysis of the latest wave of Emotet malicious documents
2020-08-31 - In the wild QNAP NAS attacks
2020-08-31 - Malware Used by Lazarus after Network Intrusion
2020-08-31 - Malware used by the attack group Lazarus after network intrusion
2020-08-31 - NetWalker Ransomware in 1 Hour
2020-08-31 - The BLINDINGCAN RAT and Malicious North Korean Activity
2020-08-31 - Trickbot rdpscanDll – Transforming Candidate Credentials for Brute-Forcing RDP Servers
2020-08-31 - Who Is PIONEER KITTEN-
2020-08-31 - XP10 Ransomware
2020-09-01 - An Exhaustively-Analyzed IDB for ComRAT v4
2020-09-01 - Characterizing Anomalies in Malware-Generated HTTP Traffic
2020-09-01 - DLL Fixer leads to Cyrat Ransomware
2020-09-01 - Epic Manchego – atypical maldoc delivery brings flurry of infostealers
2020-09-01 - Iranian hackers are selling access to compromised companies on an underground forum
2020-09-01 - New web skimmer steals credit card data, sends to crooks via Telegram
2020-09-01 - OpBlueRaven- Unveiling Fin7-Carbanak - Part II - BadUSB Attacks
2020-09-01 - Quarterly Report- Incident Response trends in Summer 2020
2020-09-01 - Who Is PIONEER KITTEN-
2020-09-02 - Chinese APT TA413 Resumes Targeting of Tibet Following COVID-19 Themed Economic Espionage Campaign Delivering Sepulcher Malware Targeting Europe
2020-09-02 - Cybersquatting- Attackers Mimicking Domains of Major Brands Including Facebook, Apple, Amazon and Netflix to Scam Consumers
2020-09-02 - Inside the “fallguys” malware that steals your browsing data and gaming IMs; Continued attack on open source software
2020-09-02 - KryptoCibule- The multitasking multicurrency cryptostealer
2020-09-02 - Machine learning from idea to reality- a PowerShell case study
2020-09-02 - Operation PowerFall- CVE-2020-0986 and variants
2020-09-02 - Salfram- Robbing the place without removing your name tag
2020-09-02 - [Alert] New GlobeImposter of Olympian Gods 2.0 is coming
2020-09-03 - IT threat evolution Q2 2020
2020-09-03 - Multi-Platform SMAUG RaaS Aims To See Off Competitors
2020-09-03 - No Rest for the Wicked- Evilnum Unleashes PyVil RAT
2020-09-03 - The Bitcoin Ransomware Detective Strikes Again- The UCSF Case
2020-09-03 - Turning Open Source Against Malware
2020-09-04 - BitRAT pt. 2- Hidden Browser, SOCKS5 proxy, and UnknownProducts Unmasked
2020-09-04 - Post-Mortem of a Triple Poisoning- New Details Emerge in GRU's Failed Murder Attempts in Bulgaria
2020-09-04 - Thanos Ransomware- Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa
2020-09-07 - Bulletin d'alerte du CERT-FR- Recrudescence d’activité Emotet en France
2020-09-07 - Collection of recent Dridex IOCs
2020-09-07 - Time to take the bull by the horns
2020-09-08 - APT GROUP系列——DARKHOTEL之窃密与RAT篇
2020-09-08 - Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks
2020-09-08 - Automated dynamic import resolving using binary emulation
2020-09-08 - Exposed Docker Server Abused to Drop Cryptominer, DDoS Bot
2020-09-08 - Malware Config Extraction Diaries #1 – GuLoader
2020-09-08 - TeamTNT activity targets Weave Scope deployments
2020-09-08 - TikTok Spyware- A detailed analysis of spyware masquerading as TikTok
2020-09-09 - Malvertising campaigns come back in full swing
2020-09-10 - An overview of targeted attacks and APTs on Linux
2020-09-10 - Lock Like a Pro- Dive in Recent ProLock's Big Game Hunting
2020-09-10 - New cyberattacks targeting U.S. elections
2020-09-10 - Recent Dridex activity
2020-09-10 - STRONTIUM- Detecting new patterns in credential harvesting
2020-09-10 - Who is calling- CDRThief targets Linux VoIP softswitches
2020-09-11 - Research Roundup- Activity on Previously Identified APT33 Domains
2020-09-11 - [RE016] Malware Analysis- ModiLoader
2020-09-13 - Tweet on Cryakl 2.0.0.0
2020-09-14 - Alert (AA20-258A)- Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity
2020-09-14 - Analysis of a Convoluted Attack Chain Involving Ngrok
2020-09-14 - Back to School- Why Cybercriminals Continue to Target the Education Sector - Part Two
2020-09-15 - Alert (AA20-259A)- Iran-Based Threat Actor Exploits VPN Vulnerabilities
2020-09-15 - Malware Analysis Report (AR20-259A)- Iranian Web Shells
2020-09-15 - Rudeminer, Blacksquid and Lucifer Walk Into A Bar
2020-09-15 - Threat analysis- The emergent URSA trojan impacts many countries using a sophisticated loader
2020-09-16 - Malware Leveraging XML-RPC Vulnerability to Exploit WordPress Sites
2020-09-16 - Partners in crime North Koreans and elite Russian-speaking cybercriminals
2020-09-16 - Seven International Cyber Defendants, Including “Apt41” Actors, Charged In Connection With Computer Intrusion Campaigns Against More Than 100 Victims Globally
2020-09-16 - Target defense industry- Lazarus uses recruitment bait combined with continuously updated cyber weapons
2020-09-17 - Analysis of WellMail malware's Command and Control (C2) server
2020-09-17 - Automatic ReZer0 payload and configuration extraction
2020-09-17 - Complex obfuscation- Meh… (1-2)
2020-09-17 - Counter Terrorism Designations; Iran-Cyber-related Designations
2020-09-17 - GuLoader's VM-Exit Instruction Hammering explained
2020-09-17 - Maze attackers adopt Ragnar Locker virtual machine technique
2020-09-17 - Maze ransomware now encrypts via virtual machines to evade detection
2020-09-17 - Ransomware’s New Trend- Exfiltration and Extortion
2020-09-17 - Treasury Sanctions Cyber Actors Backed by Iranian Intelligence Ministry
2020-09-18 - APT41- Indictments Put Chinese Espionage Group in the Spotlight
2020-09-18 - Egregor Ransomware
2020-09-18 - Elfin- Latest U.S. Indictments Appear to Target Iranian Espionage Group
2020-09-18 - EvilQuest-ThiefQuest strings decrypt-deobfuscator
2020-09-18 - Reverse Engineering Dridex and Automating IOC Extraction
2020-09-18 - The Initial Access Broker’s Toolbox – Remote Monitoring and Management
2020-09-18 - U.S. Justice Department Charges APT41 Hackers over Global Cyberattacks
2020-09-20 - Rampant Kitten – An Iranian Espionage Campaign
2020-09-21 - Cybercriminals Distribute Backdoor With VPN Installer
2020-09-22 - APT28 Delivers Zebrocy Malware Campaign using NATO Theme as Lure
2020-09-22 - Alert Number I-092220-PSA- Foreign Actors and Cybercriminals Likely to Spread Disinformation Regarding 2020 Election Results
2020-09-22 - DarkSide- The New Ransomware Group Behind Highly Targeted Attacks
2020-09-22 - Grinju Downloader
2020-09-22 - MTR Casebook- Blocking a $15 million Maze ransomware attack
2020-09-22 - Mispadu Banking Trojan Resurfaces
2020-09-22 - Removing Coordinated Inauthentic Behavior
2020-09-22 - Russian hackers use fake NATO training docs to breach govt networks
2020-09-22 - Taidoor - a truly persistent threat
2020-09-22 - Uniklinik Düsseldorf- Ransomware -DoppelPaymer- soll hinter dem Angriff stecken
2020-09-22 - What Service NSW has to do with Russia-
2020-09-23 - AgeLocker ransomware targets QNAP NAS devices, steals data
2020-09-23 - Big Game Hunting- Now in Russia
2020-09-23 - Case Study- Emotet Thread Hijacking, an Email Attack Technique
2020-09-23 - Government software provider Tyler Technologies hit by ransomware
2020-09-23 - Looking for sophisticated malware in IoT devices
2020-09-23 - Operation SideCopy!
2020-09-23 - Understanding Uncertainty while Undermining Democracy
2020-09-24 - Alert Number I-092420-PSA- Cyber Threats to Voting Processes Could Slow But Not Prevent Voting
2020-09-24 - Alien - the story of Cerberus' demise
2020-09-24 - Analysis Report (AR20-268A)- Federal Agency Compromised by Malicious Cyber Actor
2020-09-24 - Apps on Google Play Tainted with Cerberus Banker Malware
2020-09-24 - Cycldek aka Goblin Panda- Chronicles of the Goblin
2020-09-24 - Double Trouble- Ransomware with Data Leak Extortion, Part 1
2020-09-24 - Email-delivered MoDi RAT attack pastes PowerShell commands
2020-09-24 - Microsoft Security—detecting empires in the cloud
2020-09-24 - Mount Locker ransomware joins the multi-million dollar ransom game
2020-09-24 - Removing Coordinated Inauthentic Behavior
2020-09-24 - zLoader XLM Update- Macro code and behavior change
2020-09-25 - APT vs Internet Service Providers
2020-09-25 - APT-C-43 steals Venezuelan military secrets to provide intelligence support for the reactionaries - HpReact campaign
2020-09-25 - Baltimore ransomware attack was early attempt at data extortion, new report shows
2020-09-25 - Catching Lazarus- Threat Intelligence to Real Detection Logic - Part One
2020-09-25 - Double Trouble- Ransomware with Data Leak Extortion, Part 1
2020-09-25 - German-made FinSpy spyware found in Egypt, and Mac and Linux versions revealed
2020-09-25 - Ghost in action- the Specter botnet
2020-09-25 - Magento Credit Card Stealing Malware- gstaticapi
2020-09-25 - The Fresh Smell of ransomed coffee
2020-09-25 - Turla Carbon System
2020-09-25 - Visa Security Alert New Malware Samples identified in Point-of-Sale Compromises
2020-09-26 - FinFisher Filleted- a triage of the FinSpy (macOS) malware
2020-09-26 - Ironcat Ransomware
2020-09-26 - The Finfisher Tales, Chapter 1- The dropper
2020-09-28 - Alert Number I-092820-PSA- False Claims of Hacked Voter Information Likely Intended to Cast Doubt on Legitimacy of U.S. Elections
2020-09-28 - Kimsuky Phishing Operations Putting In Work
2020-09-29 - BLINDINGCAN - Malware Used by Lazarus
2020-09-29 - Cerberus and Alien- the malware that has put Android in a tight spot
2020-09-29 - CobaltStrikeScan
2020-09-29 - Getting the Bacon from the Beacon
2020-09-29 - LodaRAT Update- Alive and Well
2020-09-29 - Palmerworm- Espionage Gang Targets the Media, Finance, and Other Sectors
2020-09-29 - Spear Phishing Campaign Delivers Buer and Bazar Malware
2020-09-29 - TA2552 Uses OAuth Access Token Phishing to Exploit Read-Only Risks
2020-09-29 - Targeted Attacks on Oil and Gas Supply Chain Industries in the Middle East
2020-09-29 - The return of the Emotet as the world unlocks!
2020-09-29 - What's behind the increase in ransomware attacks this year-
2020-09-30 - APT‑C‑23 group evolves its Android spyware
2020-09-30 - Alert Number I-093020-PSA- Distributed Denial of Service Attacks Could Hinder Access to Voting Information, Would Not Prevent Voting
2020-09-30 - Rooty Dolphin uses Mekotio to target bank clients in South America and Europe
2020-09-30 - Ttint- An IoT remote control Trojan spreading through two 0-day vulnerabilities
2020-09-30 - Ttint- 一款通过2个0-day漏洞传播的IoT远控木马
2020-10-01 - A Storm is Brewing- IPStorm Now Has Linux Malware
2020-10-01 - Alert (AA20-275A)- Potential for China Cyber Response to Heightened U.S.-China Tensions
2020-10-01 - Alert Number I-100120-PSA- Foreign Actors Likely to Use Online Journals to Spread Disinformation Regarding 2020 Elections
2020-10-01 - Duck Hunting with Falcon Complete- Analyzing a Fowl Banking Trojan, Part 1
2020-10-01 - Emotet Makes Timely Adoption of Political and Elections Lures
2020-10-01 - Evasive URLs in Spam- Part 2
2020-10-01 - LATAM financial cybercrime- Competitors‑in‑crime sharing TTPs
2020-10-01 - Malware Analysis Report (AR20-275A)- Remote Access Trojan- SLOTHFULMEDIA
2020-10-01 - Russia’s Fancy Bear Hackers Likely Penetrated a US Federal Agency
2020-10-01 - Threat Spotlight- New InterPlanetary Storm variant targeting IoT devices
2020-10-01 - XDSpy Indicators of Compromise
2020-10-02 - Alert Number I-100220-PSA- Spoofed Internet Domains and Email Accounts Pose Cyber and Disinformation Risks to Voters
2020-10-02 - Appgate Labs Analyzes New Family Of Ransomware - Egregor
2020-10-02 - Attacks Aimed at Disrupting the Trickbot Botnet
2020-10-02 - Graphology of an Exploit – Hunting for exploits by looking for the author’s fingerprints
2020-10-02 - Lockbit analysis