AV Tech
2007-06-16 - Minifilters for detection of Malware2008-11-10 - Advanced Metamorphic Techniques in Computer Viruses
2009-06-28 - AVU (Anti Virus UNIX) Demonstration
2010-02-03 - Sequence Based Malware Detection
2015-03-17 - Kprobe instrumentation based kernel patching code
2017-01-22 - Anti-emulation trends in modern packers
2018-06-27 - Fixing ELF static binaries with ASLR RELRO support
2018-09-12- Office VBA - AMSI Parting the veil on malicious macros
2018-09-27 - Out of sight but not invisible - Defeating fileless malware with behavior monitoring AMSI and next-gen
2018-11-18 - Preventing Ransomware Attacks Through File System Filter Drivers
2021-01-05 - Automatic Reverse Engineering of Script Engine Binaries for Building Script API Tracers
2021-01-27 - Analysis of Antivirus Quarantine Files
2021-02-10 - Detecting Manual Syscalls from User Mode
2021-05-24 - Hunting for Suspicious Usage of Background Intelligent
2021-07-09 - An Empirical Assessment of Endpoint Detection and Response Systems against Advanced Persistent Threats Attack Vectors
2021-08-23 - An Empirical Assessment of Endpoint Security Systems Against Advanced Persistent Threats Attack Vectors
2021-11-14 - Instrumentation Callbacks - Detecting SYSCALLs
2021-12-26 - Gatekeeping SysCalls
2022-01-11 - An Empirical Assessment of Endpoint Security Systems Against Advanced Persistent Threats Attack Vectors v3 FINAL
2022-02-02 - Elastic Security - Sandboxing Antimalware Products
2022-02-22 - Writing a C Yara Agent
2022-03-15 - Anti-UPX Unpacking Technique
2022-04-29 - Maelstrom EDR Kernel Callbacks Hooks and Call Stacks
2022-06-30 - Using process creation properties to catch evasion techniques
2022-07-10 - Patriot - Detecting various kinds of in-memory stealth techniques
2023-02-10 - Forensic Log-Based Detection of Keystroke Injection BadUSB Attacks
Malware Analysis 2003 - 2009
2003-08-22 - SoBig.F breaks virus speed records2006-01-15 - Win32-Neshta
2007-01-09 - A Rustock-ing Stuffer
2007-04-03 - A Case Study of the Rustock Rootkit and Spam Bot
2007-10-31 - Trojan.Bayrob Strikes Again!
2007-11-01 - Spam from the kernel
2007-12-04 - Inside the -Ron Paul- Spam Botnet
2007-12-16 - Pushdo - Analysis of a Modern Malware Distribution System
2008-05-18 - Rustock.C – Unpacking a Nested Doll
2008-06-08 - Потомок «нецензурного» трояна или как воруют пароли на FTP
2008-06-10 - Who's behind the GPcode ransomware-
2008-11-30 - Agent.btz - A Threat That Hit Pentagon
2009-03-08 - Conficker C Analysis
2009-03-29 - GhostNet
2009-05-31 - Conficker.A binaries
2009-06-02 - win32update.exe eec80fd4c7fc5cf5522f0ca4eb2d9c6f
2009-06-23 - Virut Encryption Analysis
2009-07-08 - Cyber attackers target South Korea and US
2009-07-11 - Special!!! ZeuS Botnet for Dummies
2009-08-05 - PC Users Threatened by Conficker Worm and new Internet-browser Modifier
2009-10-01 - Detecting ZeuS
2009-10-29 - Two-Headed Trojan Targets Online Banks
2009-11-02 - New banking trojan W32.Silon -msjet51.dll
2009-11-02 - Win32-Opachki.A - Trojan that removes Zeus (but it is not benign)
2009-11-03 - Opachki, from (and to) Russia with love
2009-11-11 - Trojan-Win32-Opachki - redirections Google
Malware Analysis 2010
2010-01-17 - Jan 17 Trojan Darkmoon.B EXE Haiti relief from [email protected] 17 Jan 2010 13-15-02 -0800 PST2010-01-25 - Leveraging ZeuS to send spam through social networks
2010-02-02 - ZeuS spreading via Facebook
2010-02-04 - SpyEye Bot versus Zeus Bot
2010-02-08 - List of Aurora - Hydraq - Roarur files
2010-02-19 - SpyEye Bot (Part two). Conversations with the creator of crimeware
2010-02-20 - Facebook & VISA phishing campaign proposed by ZeuS
2010-03-03 - Black Energy Crypto
2010-03-03 - BlackEnergy Version 2 Threat Analysis
2010-03-07 - March 2010 Opachki Trojan update and sample
2010-03-10 - ZeuS Banking Trojan Report
2010-03-15 - New phishing campaign against Facebook led by Zeus
2010-03-31 - ICS Advisory (ICSA-10-090-01)- Mariposa Botnet
2010-04-01 - SpyEye vs. ZeuS Rivalry
2010-04-19 - ZeuS on IRS Scam remains actively exploited
2010-04-26 - SpyEye’s -Kill Zeus- Bark is Worse Than its Bite
2010-05-03 - A Brief Look at Zeus-Zbot 2.0
2010-05-03 - Heloag has rather no friends, just a master
2010-05-27 - Sasfis Propagation
2010-05-28 - CVE-2009-3129 XLS for office 2002-2007 with fud keylogger EIDHR from [email protected]
2010-05-31 - SASFIS Malware Uses a New Trick
2010-06-10 - Review of the Virus.Win32.Virut.ce Malware Sample
2010-06-15 - Clash of the Titans- ZeuS v SpyEye
2010-07-14 - Who Was the 12th Russian Spy at Microsoft-
2010-07-14 - ZeuS Version scheme by the trojan author
2010-07-15 - Black DDoS
2010-07-24 - Why won’t my sample run-
2010-07-30 - CVE-2010-2568 keylogger Win32-Chymine.A
2010-08-25 - Military Computer Attack Confirmed
2010-09-17 - SpyEye Botnet’s Bogus Billing Feature
2010-11-12 - ZEROACCESS MALWARE - PART 1- De-Obfuscating and Reversing the User-Mode Agent Dropper
2010-11-15 - Tracing the Crimeware Origins by Reversing Injected Code
2010-11-16 - ZEROACCESS MALWARE - PART 3- The Device Driver Process Injection Rootkit
2010-11-20 - The Kernel-Mode Device Driver Stealth Rootkit
2010-12-20 - End of the Line for the Bredolab Botnet-
2010-12-27 - Adventures in analyzing Stuxnet
Malware Analysis 2011
2011-01-09 - Jan 6 CVE-2010-3333 DOC with info theft trojan from the American Chamber of Commerce2011-01-20 - Beschreibung des Virus Backdoor.Win32. Buterat.afj
2011-01-30 - GpCode Ransomware 2010 Simple Analysis
2011-02-24 - ZeroAccess Max Smiscer Crimeware Rootkit sample for Step-by-Step Reverse Engineering
2011-03-02 - TDL4 and Glupteba- Piggyback PiggyBugs
2011-03-08 - Worm-Win32-Yimfoca.A
2011-03-11 - Trojan.Koredos Comes with an Unwelcomed Surprise
2011-03-28 - Microsoft Hunting Rustock Controllers
2011-04-16 - Troj-Sasfis-O
2011-04-19 - TDSS part 1- The x64 Dollar Question
2011-04-26 - SpyEye Targets Opera, Google Chrome Users
2011-04-28 - Un observateur d’événements aveugle…
2011-04-30 - BKA-Trojaner (Ransomware)
2011-05-19 - Win32-Expiro
2011-05-25 - W32.Qakbot aka W32-Pinkslipbot or infostealer worm
2011-06-22 - Criminals gain control over Mac with BackDoor.Olyx
2011-06-29 - Inside a Back Door Attack
2011-07-06 - Cybercriminals switch from MBR to NTFS
2011-07-07 - Rootkit TDL-4 (TDSS, Alureon.DX, Olmarik, TDL) 32-bit and 64-bit Sample + Analysis links - Update July 7
2011-07-08 - Trojan.Mayachok.2- анализ первого известного VBR-буткита
2011-07-10 - Facts and myths about antivirus evasion with Metasploit
2011-07-14 - Cycbot- Ready to Ride
2011-07-26 - SpyEye Trojan defeating online banking defenses
2011-07-27 - Jul 25 Mac Olyx backdoor + Gh0st Backdoor in RAR archive related to July 2009 Ürümqi riots in China (Samples included)
2011-07-28 - Trojan Tricks Victims Into Transferring Funds
2011-08-03 - HTran and the Advanced Persistent Threat
2011-08-04 - Analysis of ngrBot
2011-08-24 - Ice IX, the first crimeware based on the leaked ZeuS sources
2011-08-27 - Morto.A
2011-08-28 - Windows Remote Desktop Worm -Morto- Spreading
2011-08-29 - Aug 28 Morto - Tsclient - RDP worm with DDoS features
2011-09-02 - ZeuS Gets Another Update
2011-09-09 - BIOS Threat is Showing up Again!
2011-09-09 - Stuxnet Malware Analysis Paper
2011-09-13 - Mebromi- the first BIOS rootkit in the wild
2011-09-14 - Ice IX- not cool at all
2011-09-14 - Malware burrows deep into computer BIOS to escape AV
2011-09-19 - Mebromi BIOS rootkit affecting Award BIOS (aka -BMW- virus)
2011-09-21 - Sept 21 Greedy Shylock - financial malware
2011-09-27 - Debugging Injected Code with IDA Pro
2011-10-06 - Sep 28 CVE-2010-3333 Manuscript with Taidoor (Trojan.Matryoshka by CyberESI)
2011-10-06 - ZeuS-in-the-Mobile – Facts and Theories
2011-10-07 - Rustock samples and analysis links. Rustock.C, E, I, J and other variants
2011-10-08 - Possible Governmental Backdoor Found (-Case R2D2-)
2011-10-13 - A Detailed Analysis of an Advanced Persistent Threat Malware
2011-10-17 - W32-Yunsip!tr.pws
2011-10-26 - Tsunami Backdoor Can Be Used for Denial of Service Attacks
2011-10-31 - The Significance of the -Nitro- Attacks
2011-12-08 - The Sykipot Attacks
Malware Analysis 2012
2012-01-04 - SpyEye Malware Borrows Zeus Trick to Mask Fraud2012-01-06 - Cracking Cold$eal 5.4.1 FWB++
2012-01-08 - Cold$eal- 'Situation is under control'
2012-01-12 - Blackhole Ramnit - samples and analysis
2012-02-01 - TDL4 - Purple Haze (Pihar) Variant - sample and analysis
2012-02-15 - Merchant of Fraud Returns- Shylock Polymorphic Financial Malware Infections on the Rise
2012-03-06 - Virus Ukash Gendarmerie Absence twexx32.dll
2012-03-16 - OSX-Imuler updated- still a threat on Mac OS X
2012-03-26 - LUCKYCAT REDUX Inside an APT Campaign with Multiple Targets in India and Japan
2012-04-05 - China Hacked South Korea Over Missile Defense, U.S. Firm Says
2012-04-05 - Darkshell DDOS Botnet Evolves With Variants
2012-04-10 - OSX-Flashback.O sample + some domains
2012-04-12 - OSX-Flashback.K sample + Mac OS malware study set (30+ older samples)
2012-04-16 - Detailed Analysis Of Sykipot (Smartcard Proxy Variant)
2012-04-18 - DarkMegi rootkit - sample (distributed via Blackhole)
2012-04-20 - Analysis of DarkMegi aka NpcDark
2012-04-23 - BKDR_CYSXL.A
2012-05-28 - The Flame- Questions and Answers
2012-05-31 - Flamer- A Recipe for Bluetoothache
2012-06-04 - Small banking Trojan poses major risk
2012-06-05 - Smartcard vulnerabilities in modern banking malware
2012-06-06 - Tinba - Zusy - tiny banker trojan
2012-06-09 - You dirty RAT! Part 1- DarkComet
2012-06-15 - You Dirty RAT! Part 2 – BlackShades NET
2012-06-21 - BlackShades in Syria
2012-06-21 - RAT samples from Syrian Targeted attacks - Blackshades RAT, XTreme RAT, Dark Comet RAT used by Syrian Electronic Army
2012-06-24 - Medre.A - AutoCAD worm samples
2012-07-02 - Sykipot is back
2012-07-13 - Rovnix bootkit framework updated
2012-07-17 - Kaspersky Lab and Seculert Announce ‘Madi,’ a Newly Discovered Cyber-Espionage Campaign in the Middle East
2012-07-17 - The Madi Attacks- Series of Social Engineering Campaigns
2012-07-17 - The Madi Campaign – Part I
2012-07-22 - Xtreme RAT analysis
2012-07-24 - New Apple Mac Trojan Called OSX-Crisis Discovered
2012-07-26 - The Madi Campaign – Part II
2012-08-01 - Inside the ICE IX bot, descendent of Zeus
2012-08-02 - Cridex Analysis using Volatility
2012-08-10 - Gauss samples - Nation-state cyber-surveillance + Banking trojan
2012-08-13 - Syrian Electronic Army
2012-08-16 - Inside Upas Kit (1.0.1.1) aka Rombrast C&C - Botnet Control Panel
2012-08-16 - Shamoon the Wiper – Copycats at Work
2012-08-16 - The Shamoon Attacks
2012-08-17 - Shamoon or DistTrack.A samples
2012-08-20 - Crisis for Windows Sneaks onto Virtual Machines
2012-08-22 - The first Trojan in history to steal Linux and Mac OS X passwords
2012-08-30 - Troj-Binanen-B
2012-09-01 - URLZone reloaded- new evolution
2012-09-18 - QassamCyberFighters's Pastebin
2012-09-19 - Blog Posts on Nitol
2012-09-28 - Dissecting 'Operation Ababil' - an OSINT Analysis
2012-10-05 - Dark Comet 2- Electric Boogaloo
2012-10-09 - BKDR_SARHUST.A
2012-10-09 - SASFIS
2012-10-12 - New Multiplatform Backdoor Jacksbot Discovered
2012-10-13 - WORM_EMUDBOT.JP
2012-10-30 - JACKSBOT Has Some Dirty Tricks up Its Sleeves
2012-11-01 - Tracking the 2012 Sasfis campaign
2012-11-05 - Citadel- a cyber-criminal’s ultimate weapon-
2012-11-13 - New variant of Mac Trojan discovered, targeting Tibet
2012-11-14 - Group Photos.zip OSX-Revir - OSX-iMuler samples March 2012-November 2012
2012-11-16 - Malware Targeting Windows 8 Uses Google Docs
2012-11-16 - Remote Administration Tool for Android devices
2012-11-22 - W32.Narilam – Business Database Sabotage
2012-11-25 - Parastoo Hacks IAEA
2012-11-27 - Threat Description- Troj-Ployx-A
2012-11-28 - Shylock’s New Trick- Evading Malware Researchers
2012-11-29 - Inside view of Lyposit aka (for its friends) Lucky LOCKER
2012-11-29 - What’s the Fuss with WORM_VOBFUS-
2012-12-03 - Compromised library
2012-12-03 - New Mac Malware Found on Dalai Lama Related Website
2012-12-05 - OSX-Dockster.A and Win32-Trojan.Agent.AXMO Samples, pcaps, OSX malware analysis tools
2012-12-06 - Nov 2012 - W32.Narilam Sample
2012-12-07 - Aug 2012 Backdoor.Wirenet - OSX and Linux
2012-12-07 - Aug 2012 W32.Crisis and OSX.Crisis - JAR file Samples - APT
2012-12-07 - Nov 2012 - Backdoor.W32.Makadocs Sample
2012-12-07 - Nov 2012 Worm Vobfus Samples
2012-12-12 - Analysis of VirTool-WinNT-Exforel.A rootkit
2012-12-12 - Unpacking Dexter POS -Memory Dump Parsing- Malware
2012-12-13 - The Dexter Malware- Getting Your Hands Dirty
2012-12-15 - Disclosure of another 0day malware - Analysis of 2nd Dropper and 3rd Dropper (Part 2)
2012-12-15 - Disclosure of another 0day malware - Initial Dropper and Downloader (Part 1)
2012-12-17 - Sample for Sanny - Win32.Daws in CVE-2012-0158 -ACEAN Regional Security Forum- targeting Russian companies
2012-12-18 - Malicious Apache module used for content injection- Linux-Chapro.A
2012-12-19 - Win32-Spy.Ranbyus modifying Java code in RBS Ukraine systems
2012-12-20 - Trojan.Stabuniq Found on Financial Institution Servers
2012-12-21 - Infostealer Dexter Targets Checkout Systems
2012-12-23 - Dec 2012 Dexter - POS Infostealer samples and information
2012-12-24 - Dec 2012 Linux.Chapro - trojan Apache iframer
2012-12-24 - Dec. 2012 Trojan.Stabuniq samples - financial infostealer trojan
2012-12-26 - ZeroAccess - Sirefef Rootkit - 5 fresh samples
2012-12-27 - Nitol botnet
2012-12-29 - Attack and IE 0day Informations Used Against Council on Foreign Relations
Malware Analysis 2013
2013-01-02 - Capstone Turbine Corporation Also Targeted in the CFR Watering Hole Attack And More2013-01-14 - -Red October- Diplomatic Cyber Attacks Investigation
2013-01-14 - The “Red October” Campaign – An Advanced Cyber Espionage Network Targeting Diplomatic and Government Agencies
2013-01-14 - “Red October” Diplomatic Cyber Attacks Investigation
2013-01-17 - “Red October” – Part Two, the Modules
2013-01-18 - Dec 2012 Batchwiper Samples
2013-01-18 - Polish Takedown Targets ‘Virut’ Botnet
2013-01-19 - Cooperative Efforts To Shut Down Virut Botnet
2013-01-21 - Shylock Not the Lone Threat Targeting Skype
2013-01-24 - Linux-SSHDoor.A Backdoored SSH daemon that steals passwords
2013-01-25 - vSkimmer, Another POS malware
2013-01-27 - Trojan.Win32-Spy.Ranbyus
2013-01-30 - Backdoor.Barkiofork Targets Aerospace and Defense Industry
2013-02-03 - The infection of Styx Exploit Kit (Landing page- painterinvoice.ru + Payload- PWS-Ursnif Variant)
2013-02-04 - Alina 3.4 (POS Malware)
2013-02-04 - What do Win32-Redyms and TDL4 have in common-
2013-02-16 - Jan 2013 - Linux SSHDoor - sample
2013-02-19 - APT1- Q&A on Attacks by the Comment Crew
2013-02-19 - Exclusive- Apple, Macs hit by hackers who targeted Facebook
2013-02-19 - PLA Unit 61398
2013-02-22 - Bamital Botnet Takedown Is Successful; Cleanup Underway
2013-02-22 - Recent Cyberattacks
2013-02-27 - BKDR_RARSTONE- New RAT to Watch Out For
2013-03-05 - Russian ransomware takes advantage of Windows PowerShell
2013-03-13 - How Theola malware uses a Chrome plugin for banking fraud
2013-03-14 - New Uyghur and Tibetan Themed Attacks Using PDF Exploits
2013-03-20 - Computer Networks in South Korea Are Paralyzed in Cyberattacks
2013-03-20 - Researchers Uncover ‘TeamSpy’ Attack Campaign Against Government, Research Targets
2013-03-21 - New Sykipot developments
2013-03-21 - VSkimmer Botnet Targets Credit Card Payment Terminals
2013-03-22 - Who is Anchor Panda
2013-03-24 - OSX-Pintsized Backdoor Additional Details
2013-03-29 - Whois Numbered Panda
2013-03-30 - Fooled by Andromeda
2013-04-02 - Dark South Korea Total War Review
2013-04-04 - Who is Clever Kitten
2013-04-08 - Banking Trojan Carberp- An Epitaph-
2013-04-11 - Winnti FAQ. More Than Just a Game
2013-04-11 - Winnti. More than just a game
2013-04-12 - Who is Samurai Panda
2013-04-24 - South Korea Incident - New Malware samples
2013-04-26 - Linux-Cdorked.A- New Apache backdoor being used in the wild to serve Blackhole
2013-05-01 - Linux-CDorked FAQs
2013-05-02 - The stealthiness of Linux-Cdorked- a clarification
2013-05-03 - Department of Labor Strategic Web Compromise
2013-05-08 - Alina- Casting a Shadow on POS
2013-05-17 - Alina- Following The Shadow Part 1
2013-05-20 - Lockscreen Win32-Lyposit displayed as a fake MacOs app
2013-05-21 - Unveiling the Locker Bomba (aka Lucky Locker v0.6 aka Lyposit-Adneukine)
2013-05-22 - Mac Spyware- OSX-KitM (Kumar in the Mac)
2013-05-28 - South Korean Financial Companies Targeted by Castov
2013-05-29 - South Korean Financial Companies Targeted by Castov
2013-06-03 - Alina- Following The Shadow Part 2
2013-06-04 - Kaspersky Lab Uncovers ‘Operation NetTraveler,’ a Global Cyberespionage Campaign Targeting Government-Affiliated Organizations and Research Institutes
2013-06-04 - “NetTraveler is Running!” – Red Star APT Attacks Compromise High-Profile Victims
2013-06-07 - KeyBoy, Targeted Attacks against Vietnam and India
2013-06-17 - CrowdStrike Falcon Traces Attacks Back To Hackers
2013-06-26 - Four Years of DarkSeoul Cyberattacks Against South Korea Continue on Anniversary of Korean War
2013-07-15 - Signed Mac Malware Using Right-to-Left Override Trick
2013-07-22 - Multisystem Trojan Janicab attacks Windows and MacOSX via scripts
2013-07-25 - ZeroAccess uses Self-Debugging
2013-07-30 - Versatile and infectious- Win64-Expiro is a cross‑platform file infector
2013-07-31 - Secrets of the Comfoo Masters
2013-08-01 - Andromeda 2.7 features
2013-08-01 - Sophos Discovers ZeroAccess Using RLO
2013-08-02 - Surtr Malware Family Targeting the Tibetan Community
2013-08-07 - Thieves Reaching for Linux—”Hand of Thief” Trojan Targets Linux #INTH3WILD
2013-08-12 - Taleret strings - APT (1)
2013-08-13 - Inside a ‘Reveton’ Ransomware Operation
2013-08-13 - PowerLoader Injection – Something truly amazing
2013-08-25 - The Compromised Devices of the Carna Botnet
2013-08-27 - Linux Trojan “Hand of Thief” ungloved
2013-09-01 - Yet another Andromeda - Gamarue analysis
2013-09-04 - Sykipot Now Targeting US Civil Aviation Sector Information
2013-09-05 - Large botnet cause of recent Tor network overload
2013-09-06 - Evasive Tactics- Taidoor
2013-09-11 - The “Kimsuky” Operation- A North Korean APT-
2013-09-17 - Hidden Lynx – Professional Hackers for Hire
2013-09-18 - A New Wave Of WIN32-CAPHAW Attacks - A ThreatLabZ Analysis
2013-09-21 - Operation DeputyDog- Zero-Day (CVE-2013-3893) Attack Against Japanese Targets
2013-09-24 - Now You See Me - H-worm by Houdini
2013-09-24 - OSX-Leverage.a Analysis
2013-09-25 - The Icefog APT- A Tale of Cloak and Three Daggers
2013-09-25 - Win32-64-Napolar- New Trojan shines on the cyber crime-scene
2013-09-25 - Win32-Napolar – A new bot on the block
2013-09-26 - New Solarbot Malware Debuts, Creator Publicly Advertising
2013-10-10 - Regional Conflict and Cyber Blowback
2013-10-14 - PE_MOFKSYS.A
2013-10-16 - CrowdCasts Monthly- You Have an Adversary Problem
2013-11-06 - VICEROY TIGER Delivers New Zero-Day Exploit
2013-11-09 - T-cmd.cpp
2013-12-04 - The Internet of Everything, Including Malware
2013-12-09 - The Curious Case of the Malicious IIS Module
2013-12-12 - OPERATION “KE3CHANG”-Targeted Attacks Against Ministries of Foreign Affairs
2013-12-17 - Bebloh - a well-known banking Trojan with noteworthy innovations
2013-12-18 - CryptoLocker Ransomware
2013-12-18 - Qadars – a banking Trojan with the Netherlands in its sights
2013-12-23 - Mozi, Another Botnet Using DHT
2013-12-31 - VirusTotal Report for Bee
Malware Analysis 2014
2014-01-14 - The Icefog APT Hits US Targets With Java Backdoor2014-01-19 - Vietnamese Malware Gets Very Personal
2014-01-21 - Digitally signed data-stealing malware targets Mac users in “undelivered courier item” attack
2014-01-22 - Iran and Russia blamed for state-sponsored espionage
2014-02-02 - U.S. Leads Multi-National Action Against “Gameover Zeus” Botnet and “Cryptolocker” Ransomware, Charges Botnet Administrator
2014-02-03 - Needle in a haystack
2014-02-06 - Исследуем Linux Botnet «BillGates»
2014-02-10 - The Careto-Mask APT- Frequently Asked Questions
2014-02-14 - Analysis of DHS NCCIC Indicators
2014-02-15 - Examining Your Very Own Sefnit Trojan
2014-02-16 - Analysis of CoinThief-A -dropper-
2014-02-17 - Hiding in plain sight- a story about a sneaky banking Trojan
2014-02-19 - XtremeRAT- Nuisance or Threat-
2014-02-21 - An In‑depth Analysis of Linux-Ebury
2014-02-21 - CVE 2014-0322 Malware - Sakurel (Feb 21, 2014)
2014-02-24 - The Art of Attribution Identifying and Pursuing your Cyber Adversaries
2014-02-28 - Uroburos - highly complex espionage software with Russian roots
2014-03-05 - Android RATs Branch out with Dendroid
2014-03-06 - Dexter, Project Hook POS Malware Campaigns Persist
2014-03-06 - The Siesta Campaign- A New Targeted Attack Awakens
2014-03-07 - Uroburos – Deeper travel into kernel protection mitigation
2014-03-12 - A Detailed Examination of the Siesta Campaign
2014-03-12 - Agent.btz- a Source of Inspiration-
2014-03-12 - Uroburos the Snake Rootkit
2014-03-18 - Operation Windigo – the vivisection of a large Linux server‑side credential‑stealing malware campaign
2014-03-18 - Windigo Linux Analysis – Ebury and Cdorked
2014-03-25 - Spear Phishing the News Cycle- APT Actors Leverage Interest in the Disappearance of Malaysian Flight MH 370
2014-04-02 - Tofsee botnet
2014-04-09 - BackDoor.Gootkit.112—a new multi-purpose backdoor
2014-04-15 - Trojan banking
2014-04-17 - A quick analysis of the latest Shadow Brokers dump
2014-04-18 - TROJ64_WOWLIK.VT
2014-04-21 - Hacking Team
2014-04-27 - Analysis of the Predator Pain Keylogger
2014-05-06 - Rovnix new “evolution”
2014-05-13 - Cat Scratch Fever- CrowdStrike Tracks Newly Reported Iranian Actor as FLYING KITTEN
2014-05-13 - Uroburos rootkit- Belgian Foreign Ministry stricken
2014-05-15 - DDoS Trojans attack Linux
2014-05-16 - APT Campaign Leverages the Cueisfry Trojan and Microsoft Word Vulnerability CVE-2014-1761
2014-05-19 - 5 in China Army Face U.S. Charges of Cyberattacks
2014-05-22 - Meet the Zberp Trojan
2014-05-29 - Iranian hackers sucker punch U.S. defense officials with creative social-media scam
2014-05-30 - Taking off the Blackshades
2014-06-02 - Analysis of Uroburos, using WinDbg
2014-06-02 - Molerats, Here for Spring!
2014-06-02 - Sinowal banking trojan
2014-06-04 - Introducing Antak - A webshell which utilizes powershell
2014-06-09 - ZeuS.Maple Variant Targets Canadian Online Banking Customers
2014-06-10 - Clandestine Fox, Part Deux
2014-06-18 - Neutrino Bot (aka MS-Win32-Kasidet)
2014-06-23 - Havex Hunts For ICS-SCADA Systems
2014-07-02 - KIVARS With Venom- Targeted Attacks Upgrade with 64-bit “Support”
2014-07-07 - Deep in Thought- Chinese Targeting of National Security Think Tanks
2014-07-07 - Disect Android APKs like a Pro - Static code analysis
2014-07-08 - Security Matters - Cyberespionage Campaign Hits Energy Companies
2014-07-09 - BrutPOS- RDP Bruteforcing Botnet Targeting POS Systems
2014-07-10 - Versatile DDoS Trojan for Linux
2014-07-11 - The Father of Zeus- Kronos Malware Discovered
2014-07-15 - Targeted Attacks on French Company Exploit Multiple Word Vulnerabilities
2014-07-15 - Unit 42 Technical Analysis- Seaduke
2014-07-16 - Mini Analysis of the TinyBanker Tinba
2014-07-18 - Bird's nest
2014-07-31 - Poweliks- the persistent malware without a file
2014-07-31 - Spy of the Tiger
2014-08-04 - New Release- Decrypting NetWire C2 Traffic
2014-08-07 - Innaput Actors Utilize Remote Access Trojan Since 2016, Presumably Targeting Victim Files
2014-08-07 - Malware Analysis of the Lurk Downloader
2014-08-07 - Sophisticated 'Turla' hackers spying on European governments, say researchers
2014-08-07 - The Epic Turla Operation
2014-08-11 - mht, MS12-27 and malware .info
2014-08-14 - Hunting the Mutex
2014-08-19 - APT Gang Branches Out to Medical Espionage in Community Health Breach
2014-08-20 - “El Machete”
2014-08-24 - Another country-sponsored #malware- Vietnam APT Campaign
2014-08-27 - NetTraveler Gets a Makeover for 10th Anniversary
2014-08-28 - BIFROSE Now More Evasive Through Tor, Used for Targeted Attack
2014-08-28 - Scanbox- A Reconnaissance Framework Used with Watering Hole Attacks
2014-08-29 - Connecting the Dots- Syrian Malware Team Uses BlackWorm for Attacks
2014-08-29 - New BlackPOS Malware Emerges in the Wild, Targets Retail Accounts
2014-08-29 - Sinkholing the Backoff POS Trojan
2014-08-31 - Introduction to the ZeroLocker ransomware
2014-09-03 - ALDIBOT
2014-09-03 - Darwin’s Favorite APT Group
2014-09-04 - PITOU- The -silent- resurrection of the notorious Srizbi kernel spambot
2014-09-11 - TorrentLocker Ransomware Cracked and Decrypter has been made
2014-09-19 - Malware microevolution
2014-09-19 - Recent Watering Hole Attacks Attributed to APT Group “th3bug” Using Poison Ivy
2014-09-21 - Reversing Tinba- World's smallest trojan-banker DGA Code
2014-09-22 - Tinba Malware Reloaded and Attacking Banks Around the World
2014-09-23 - Android malware based on SMS encryption and with KitKat support
2014-09-23 - MALWARE-CNC Win.Trojan.Aytoke variant outbound connection
2014-09-29 - MMD-0028-2014 - Linux-XOR.DDoS- Fuzzy reversing a new China ELF
2014-10-02 - Occupy Central- The Umbrella Revolution and Chinese Intelligence
2014-10-03 - New Indicators of Compromise for APT Group Nitro Uncovered
2014-10-05 - Dissecting SmokeLoader (or Yulia's sweet ass proposition)
2014-10-06 - Data Theft in Aisle 9- A FireEye Look at Threats to Retailers
2014-10-14 - CVE‑2014‑4114- Details on August BlackEnergy PowerPoint Campaigns
2014-10-14 - CrowdStrike Discovers Use of 64-bit Zero-Day Privilege Escalation Exploit (CVE-2014-4113) by Hurricane Panda
2014-10-14 - Sandworm Windows zero-day vulnerability being actively exploited in targeted attacks
2014-10-14 - Security vendors take action against Hidden Lynx malware
2014-10-15 - Operation Windigo- “Good job, ESET!” says malware author
2014-10-20 - OrcaRAT - A whale of a tale
2014-10-27 - Full Disclosure of Havex Trojans
2014-10-27 - ScanBox framework – who’s affected, and who’s using it-
2014-10-30 - COM Object hijacking- the discreet way of persistence
2014-11-03 - BE2 custom plugins, router abuse, and target profiles
2014-11-10 - The Darkhotel APT
2014-11-10 - Thoughts on Absolute Computrace
2014-11-10 - Timeline of Sandworm Attacks
2014-11-11 - The Uroburos case- new sophisticated RAT identified
2014-11-12 - Korplug military targeted attacks- Afghanistan & Tajikistan
2014-11-13 - BASHLITE Affects Devices Running on BusyBox
2014-11-13 - Chinese hackers 'breach Australian media organisations' ahead of G20
2014-11-14 - OnionDuke- APT Attacks Via the Tor Network
2014-11-15 - OnionDuke samples
2014-11-19 - ROVNIX Infects Systems with Password-Protected Macros
2014-11-21 - Operation Double Tap
2014-11-24 - I am Ironman- DEEP PANDA Uses Sakula Malware to Target Organizations in Multiple Sectors
2014-11-24 - Regin- nation-state ownage of GSM networks
2014-11-25 - Curious Korlia
2014-11-25 - Regin APT Attacks Among the Most Sophisticated Ever Analyzed
2014-11-26 - Getmypass Point of Sale Malware
2014-11-26 - TR-23 Analysis - NetWiredRC malware
2014-11-27 - New PoS Malware Kicks off Holiday Shopping Weekend
2014-11-30 - W32-HiAsm.A!tr
2014-12-08 - The Hack of Sony Pictures- What We Know and What You Need to Know
2014-12-08 - The ‘Penquin’ Turla
2014-12-09 - Blue Coat Exposes “The Inception Framework”; Very Sophisticated, Layered Malware Attack Targeted at Military, Diplomats, and Bus
2014-12-09 - Blue Coat Exposes “The Inception Framework”; Very Sophisticated, Layered Malware Attack Targeted at Military, Diplomats, and Business Execs
2014-12-09 - Linux Modules Connected to Turla APT Discovered
2014-12-10 - Cloud Atlas- RedOctober APT is back in style
2014-12-11 - The Evolution of Point-of-Sale (PoS) Malware
2014-12-15 - Banatrix – an indepth look
2014-12-16 - EvilBunny- Malware Instrumented By Lua
2014-12-17 - Dyre Banking Trojan
2014-12-18 - Alina POS malware 'sparks' off a new variant
2014-12-18 - Chthonic- a new modification of ZeuS
2014-12-19 - Alert (TA14-353A)- Targeted Destructive Malware
2014-12-19 - The unrelenting evolution of Vawtrak
2014-12-22 - Virlock- First Self‑Reproducing Ransomware is also a Shape Shifter
Malware Analysis 2015
2015-01-06 - Linux DDoS Trojan hiding itself with an embedded rootkit2015-01-08 - Getmypass Point of Sale Malware Update
2015-01-08 - Major malvertising campaign spreads Kovter Ad Fraud malware
2015-01-09 - Chanitor Downloader Actively Installing Vawtrak
2015-01-11 - The Mozart RAM Scraper
2015-01-13 - New Carberp variant heads down under
2015-01-14 - Catching the “Inception Framework” Phishing Attack
2015-01-15 - Weiterentwicklung anspruchsvoller Spyware- von Agent.BTZ zu ComRAT
2015-01-20 - Analysis of Project Cobra
2015-01-22 - New RATs Emerge from Leaked Njw0rm Source Code
2015-01-22 - Scarab attackers took aim at select Russian targets since 2012
2015-01-26 - Storm Chasing- Hunting Hurricane Panda
2015-02-04 - Pawn Storm Update- iOS Espionage App Found
2015-02-05 - Anatomy of a Brute Force Campaign- The Story of Hee Thai Limited
2015-02-09 - Anthem Breach May Have Started in April 2014
2015-02-12 - Mobile Malware Gang Steals Millions from South Korean Users
2015-02-15 - Carbanak
2015-02-16 - Equation- The Death Star of Malware Galaxy
2015-02-16 - How “omnipotent” hackers tied to NSA hid for 14 years—and were found at last
2015-02-17 - Ali Baba, the APT group from the Middle East
2015-02-17 - Angry Android hacker hides Xbot malware in popular application icons
2015-02-17 - BE2 extraordinary plugins, Siemens targeting, dev fails
2015-02-17 - The Desert Falcons targeted attacks
2015-02-18 - Babar- Suspected Nation State Spyware In The Spotlight
2015-02-18 - Babar- espionage software finally found and put under the microscope
2015-02-18 - Meet Babar, a New Malware Almost Certainly Created by France
2015-02-18 - Sexually Explicit Material Used as Lures in Recent Cyber Attacks
2015-02-18 - Shooting Elephants
2015-02-19 - Arid Viper – Israel entities targeted by malware packaged with sex video
2015-02-23 - Cyber Kung-Fu- The Great Firewall Art of DNS Poisoning
2015-02-25 - KINS Banking Trojan Source Code
2015-02-25 - Pony Sourcecode
2015-02-27 - ScanBox Framework
2015-02-27 - The Anthem Hack- All Roads Lead to China
2015-02-27 - VB2014 paper- The pluginer - Caphaw
2015-03-03 - C99Shell not dead
2015-03-03 - PwnPOS- Old Undetected PoS Malware Still Causing Havoc
2015-03-04 - And you get a POS malware name...and you get a POS malware name....and you get a POS malware name....
2015-03-04 - New crypto ransomware in town - CryptoFortress
2015-03-04 - Who’s Really Spreading through the Bright Star-
2015-03-05 - Casper Malware- After Babar and Bunny, Another Espionage Cartoon
2015-03-06 - Animals in the APT Farm
2015-03-07 - Slave, Banatrix and ransomware
2015-03-09 - CryptoFortress mimics TorrentLocker but is a different ransomware
2015-03-11 - Inside the EquationDrug Espionage Platform
2015-03-11 - Malvertising Targeting European Transit Users
2015-03-19 - Analyzing a Backdoor-Bot forthe MIPS Platform
2015-03-19 - FindPOS- New POS Malware Family Discovered
2015-03-19 - Rocket Kitten Showing Its Claws- Operation Woolen-GoldFish and the GHOLE campaign
2015-03-20 - Threat Spotlight- PoSeidon, A Deep Dive Into Point of Sale Malware
2015-03-28 - UACME
2015-03-30 - Fake Judicial Spam Leads to Backdoor with Fake Certificate Authority
2015-03-30 - New reconnaissance threat Trojan.Laziok targets the energy sector
2015-03-31 - Sinkholing Volatile Cedar DGA Infrastructure
2015-03-31 - Volatile Cedar - Analysis of a Global Cyber Espionage Campaign
2015-04-01 - NewPosThings Has New PoS Things
2015-04-09 - Beebone Botnet Takedown- Trend Micro Solutions
2015-04-09 - Operation Buhtrap, the trap for Russian accountants
2015-04-09 - The Banking Trojan Emotet- Detailed Analysis
2015-04-12 - SIMDA- A Botnet Takedown
2015-04-13 - Analyzing Gootkit's persistence mechanism (new ASEP inside!)
2015-04-13 - Cyber Deterrence in Action- A story of one long HURRICANE PANDA campaign
2015-04-13 - sqlconnt1.exe
2015-04-14 - Unit 42 Identifies New DragonOK Backdoor Malware Deployed Against Japanese Targets
2015-04-15 - Betabot retrospective
2015-04-15 - Elite cyber crime group strikes back after attack by rival APT gang
2015-04-15 - Knowledge Fragment- Bruteforcing Andromeda Configuration Buffers
2015-04-15 - New POS Malware Emerges - Punkey
2015-04-15 - The Chronicles of the Hellsing APT- the Empire Strikes Back
2015-04-15 - The Chronicles of the Hellsing APT_the Empire Strikes Back
2015-04-17 - Andromeda-Gamarue bot loves JSON too (new versions details)
2015-04-18 - Operation RussianDoll- Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia’s APT28 in Highly-Targeted Attack
2015-04-27 - Attacks against Israeli & Palestinian interests
2015-04-27 - Threat Spotlight- TeslaCrypt – Decrypt It Yourself
2015-04-29 - Unboxing Linux-Mumblehard- Muttering spam from your servers
2015-05-04 - Threat Spotlight- Rombertik – Gazing Past the Smoke, Mirrors, and Trapdoors
2015-05-07 - Dissecting the “Kraken”
2015-05-10 - Third-Party Software Was Entry Point for Background-Check System Hack
2015-05-14 - The Naikon APT
2015-05-15 - Carefirst Blue Cross Breach Hits 1.1M
2015-05-17 - Newest addition to a happy family- KBOT
2015-05-18 - Cmstar Downloader- Lurid and Enfal’s New Cousin
2015-05-18 - TT Malware Log
2015-05-20 - Bedep Ad-Fraud Botnet Analysis – Exposing the Mechanics Behind 153.6M Defrauded Ad Impressions A Day
2015-05-23 - NitlovePOS- Another New POS Malware
2015-05-26 - Moose – the router worm with an appetite for social networks
2015-05-29 -The MsnMM Campaigns - The Earliest Naikon APT Campaigns
2015-06-01 - Rhetoric Foreshadows Cyber Activity in the South China Sea
2015-06-01 - “Troldesh” – New Ransomware from Russia
2015-06-03 - Thamar Reservoir – An Iranian cyber-attack campaign against targets in the Middle East
2015-06-04 - KeyBase Keylogger Malware Family Exposed
2015-06-09 - New Data- Volatile Cedar Malware Campaign
2015-06-10 - The Mystery of Duqu 2.0- a sophisticated cyberespionage actor returns
2015-06-15 - Catching Up on the OPM Breach
2015-06-15 - Stegoloader- A Stealthy Information Stealer
2015-06-16 - Operation Lotus Blossom- A New Nation-State Cyberthreat-
2015-06-17 - The Spring Dragon APT
2015-06-18 - So Long, and Thanks for All the Domains
2015-06-19 - Digital Attack on German Parliament- Investigative Report on the Hack of the Left Party Infrastructure in Bundestag
2015-06-22 - Games are over- Winnti is now targeting pharmaceutical companies
2015-06-23 - Operation Clandestine Wolf – Adobe Flash Zero-Day in APT3 Phishing Campaign
2015-06-24 - Elusive HanJuan EK Drops New Tinba Version (updated)
2015-06-24 - Stealthy Cyberespionage Campaign Attacks With Social Engineering
2015-06-24 - UnFIN4ished Business
2015-06-25 - Sundown EK Spreads LuminosityLink RAT- Light After Dark
2015-07-02 - Win32-Lethic Botnet Analysis
2015-07-05 - Spy Tech Company 'Hacking Team' Gets Hacked
2015-07-07 - Dyre Banking Trojan Exploits CVE-2015-0057
2015-07-08 - Animal Farm APT and the Shadow of French Intelligence
2015-07-08 - Butterfly- Profiting from high-level corporate attacks
2015-07-08 - Wild Neutron – Economic espionage threat actor returns with new tricks
2015-07-10 - Sednit APT Group Meets Hacking Team
2015-07-13 - Revisiting The Bunitu Trojan
2015-07-13 - “Forkmeiamfamous”- Seaduke, latest weapon in the Duke armory
2015-07-14 - BernhardPOS
2015-07-14 - TeslaCrypt 2.0 disguised as CryptoWall
2015-07-20 - Watering Hole Attack on Aerospace Firm Exploits CVE-2015-5122 to Install IsSpace Backdoor
2015-07-22 - Duke APT group's latest tools- cloud services and Linux support
2015-07-23 - An Analysis of the Qadars Banking Trojan
2015-07-27 - UPS- Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload
2015-07-30 - Operation Potao Express- Analysis of a cyber‑espionage toolkit
2015-07-30 - Sakula Malware Family
2015-07-31 - OTX Pulse on PlugX
2015-07-31 - OTX- FBI Flash #68 (PlugX)
2015-08 - Uncovering the Seven Pointed Dagger
2015-08-05 - Newly discovered Chinese hacking group hacked 100+ websites to use as “watering holes”
2015-08-05 - Threat Group 3390 Cyberespionage
2015-08-05 - Who’s Behind Your Proxy- Uncovering Bunitu’s Secrets
2015-08-10 - Darkhotel’s attacks in 2015
2015-08-10 - What’s Next in Malware After Kuluoz-
2015-08-12 - Islamic State Hacking Division
2015-08-12 - Tinba Trojan Sets Its Sights on Romania
2015-08-18 - Knowledge Fragment- Unwrapping Fobber
2015-08-18 - ransomware open-sources
2015-08-19 - Antak WebShell
2015-08-19 - Inside Neutrino botnet builder
2015-08-20 - Retefe Banking Trojan Targets Sweden, Switzerland and Japan
2015-08-24 - Sphinx- New Zeus Variant for Sale on the Black Market
2015-08-26 - Sphinx, a new variant of Zeus available for sale in the underground
2015-08-27 - London Calling- Two-Factor Authentication Phishing From Iran
2015-08-27 - New Spear Phishing Campaign Pretends to be EFF
2015-08-31 - Shifu- ‘Masterful’ New Banking Trojan Is Attacking 14 Japanese Banks
2015-09-01 - Attackers Target Organizations in Japan; Transform Local Sites into C&C Servers for EMDIVI Backdoor
2015-09-01 - Fancy Bear
2015-09-08 - Carbanak gang is back and packing new guns
2015-09-09 - Pony Stealer Malware
2015-09-09 - Satellite Turla- APT Command and Control in the Sky
2015-09-11 - CSI MacMark- Janicab
2015-09-11 - SUCEFUL- Next Generation ATM Malware
2015-09-12 - Stuxnet code
2015-09-14 - The Shade Encryptor- a Double Threat
2015-09-16 - Operation Iron Tiger- Attackers Shift from East Asia to the United States
2015-09-17 - The Dukes- 7 Years Of Russian Cyber-Espionage
2015-09-18 - Operation Arid Viper Slithers Back into View
2015-09-23 - Chinese Actors Use ‘3102’ Malware in Attacks on US Government and EU Media
2015-09-23 - Quaverse RAT- Remote-Access-as-a-Service
2015-09-24 - Credit Card-Scraping Kasidet Builder Leads to Spike in Detections
2015-09-24 - Kovter malware learns from Poweliks with persistent fileless registry update
2015-09-25 - Notes on Linux-Xor.DDoS
2015-09-28 - Gaza cybergang, where’s your IR team-
2015-09-28 - Hammertoss- What, Me Worry-
2015-09-28 - Two New PoS Malware Affecting US SMBs
2015-09-29 - Andromeda Bot Analysis part 1
2015-09-29 - Andromeda Bot Analysis part 2
2015-10-01 - Linux.Rekoobe.1
2015-10-06 - I am HDRoot! Part 1
2015-10-06 - MOKER- A NEW APT DISCOVERED WITHIN A SENSITIVE NETWORK
2015-10-06 - Targeted Attack Exposes OWA Weakness
2015-10-07 - Hacker Group Creates Network of Fake LinkedIn Profiles
2015-10-08 - Dyre Malware Campaigners Innovate with Distribution Techniques
2015-10-09 - Beta Bot Analysis- Part 1
2015-10-09 - Latest TeslaCrypt Ransomware Borrows Code From Carberp Trojan
2015-10-12 - Keybase Logger-Clipboard-CredsStealer campaign
2015-10-13 - Dridex (Bugat v5) Botnet Takeover Operation
2015-10-13 - I am HDRoot! Part 2
2015-10-13 - New Adobe Flash Zero-Day Used in Pawn Storm Campaign Targeting Foreign Affairs Ministries
2015-10-13 - Prolific Cybercrime Gang Favors Legit Login Credentials
2015-10-15 - Archivist
2015-10-16 - Surveillance Malware Trends- Tracking Predator Pain and HawkEye
2015-10-17 - How to Write Simple but Sound Yara Rules – Part 2
2015-10-19 - Github Repository for AllaKore
2015-10-22 - Pawn Storm Targets MH17 Investigation Team
2015-10-26 - Duuzer back door Trojan targets South Korea to take over computers
2015-10-28 - Reversing the C2C HTTP Emmental communication
2015-11-02 - Modular trojan for hidden access to a computer
2015-11-02 - Shifu – the rise of a self-destructive banking trojan
2015-11-02 - Troj-Cryakl-B
2015-11-03 - Reversing the SMS C&C protocol of Emmental (1st part - understanding the code)
2015-11-04 - A Technical Look At Dyreza
2015-11-04 - DroidJack isn’t the only spying software out there- Avast discovers OmniRat
2015-11-04 - “Offline” Ransomware Encrypts Your Data without C&C Communication
2015-11-05 - Sphinx Moth- Expanding our knowledge of the “Wild Neutron” - “Morpho” APT
2015-11-06 - OmniRAT Takes Over Android Devices Through Social Engineering Tricks
2015-11-10 - Bookworm Trojan- A Model of Modular Architecture
2015-11-10 - Talking to Dridex (part 0) – inside the dropper
2015-11-11 - AbaddonPOS- A new point of sale threat linked to Vawtrak
2015-11-11 - Operation Buhtrap malware distributed via ammyy.com
2015-11-16 - Introducing LogPOS
2015-11-16 - Shining the Spotlight on Cherry Picker PoS Malware
2015-11-17 - New Memory Scraping Technique in Cherry Picker PoS Malware
2015-11-20 - A king's ransom- an analysis of the CTB-locker ransomware
2015-11-25 - Detecting GlassRAT using Security Analytics and ECAT
2015-11-30 - Inside Braviax-FakeRean- An analysis and history of a FakeAV family
2015-12-01 - China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets
2015-12-01 - Operation Black Atlas Endangers In-Store Card Payments and SMBs Worldwide; Switches between BlackPOS and Other Tools
2015-12-03 - Colombians major target of email campaigns delivering Xtreme RAT
2015-12-04 - Sofacy APT hits high profile targets with updated toolset
2015-12-07 - Iran-based attackers use back door threats to spy on Middle Eastern targets
2015-12-08 - Packrat- Seven Years of a South American Threat Actor
2015-12-08 - VT Report for SmartEyes
2015-12-11 - LATENTBOT- Trace Me If You Can
2015-12-15 - Newcomers in the Derusbi family
2015-12-16 - Nemucod malware spreads ransomware Teslacrypt around the world
2015-12-17 - SlemBunk- An Evolving Android Trojan Family Targeting Users of Worldwide Banking Apps
2015-12-18 - Attack on French Diplomat Linked to Operation Lotus Blossom
2015-12-22 - BBSRAT Attacks Targeting Russian Organizations Linked to Roaming Tiger
2015-12-22 - Kraken's two Domain Generation Algorithms
2015-12-26 - Backdoor- Win32-Hesetox.A- vSkimmer POS Malware Analysis
2015-12-31 - Overseas -Dark Inn- organization launched an APT attack on executives of domestic enterprises
Malware Analysis 2016
2016-01-01 - Die erste Ransomware in JavaScript- Ransom322016-01-09 - Confirmation of a Coordinated Attack on the Ukrainian Power Grid
2016-01-12 - The Magnificent FIN7- Revealing a Cybercriminal Threat Group
2016-01-12 - Trochilus RAT Evades Antivirus Detection, Used for Cyber-Espionage in South-East Asia
2016-01-13 - Russian group behind 2013 Foreign Ministry hack
2016-01-18 - Updated Blackmoon banking Trojan stays focused on South Korean banking customers
2016-01-21 - NetTraveler Spear-Phishing Email Targets Diplomat of Uzbekistan
2016-01-22 - New Attacks Linked to C0d0so0 Group
2016-01-22 - PlugX APT Malware
2016-01-22 - Sykipot APT Malware
2016-01-22 - The Impact of Dragonfly Malware on Industrial Control Systems
2016-01-23 - Imminent Monitor 4 RAT Analysis – A Glance
2016-01-24 - Scarlet Mimic- Years-Long Espionage Campaign Targets Minority Activists
2016-01-26 - URLZone Zones in on Japan
2016-01-27 - Introducing Hi-Zor RAT
2016-01-28 - BlackEnergy APT Attacks in Ukraine employ spearphishing with Word documents
2016-01-28 - CenterPOS- An Evolving POS Threat
2016-01-28 - Keybase
2016-01-29 - From Linux to Windows – New Family of Cross-Platform Desktop Backdoors Discovered
2016-01-29 - Malicious Office Files Dropping Kasidet And Dridex
2016-01-29 - VB2015 paper- It's A File Infector... It’s Ransomware... It's Virlock
2016-02-02 - DMA Locker- New Ransomware, But No Reason To Panic
2016-02-02 - Vipasana ransomware new ransom on the block
2016-02-03 - Emissary Trojan Changelog- Did Operation Lotus Blossom Cause It to Evolve-
2016-02-05 - Vawtrak and UrlZone Banking Trojans Target Japan
2016-02-08 - APT-style bank robberies increase with Metel, GCMAN and Carbanak 2.0 attacks
2016-02-09 - Chinese Cyberspies Pivot To Russia In Wake Of Obama-Xi Pact
2016-02-09 - DMA Locker Strikes Back
2016-02-09 - Poseidon Group- a Targeted Attack Boutique specializing in global cyber-espionage
2016-02-12 - A Look Into Fysbis- Sofacy’s Linux Backdoor
2016-02-12 - Security Alert- Mazar BOT – the Android Malware That Can Erase Your Phone
2016-02-14 - PadCrypt The first ransomware with Live Support Chat and an Uninstaller
2016-02-17 - OceanLotus for OS X – an Application Bundle Pretending to be an Adobe Flash Update
2016-02-17 - Russian Police Prevented Massive Banking Sector Cyber Attack
2016-02-18 - New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom
2016-02-19 - Citadel 0.0.1.1 (Atmos)
2016-02-21 - Source code for powerful Android banking malware is leaked
2016-02-22 - Russian bank employees received fake job offers in targeted email attack
2016-02-24 - Operation Blockbuster Coalition Ties Destructive Attacks to Lazarus Group
2016-02-25 - KeyBase Threat Grows Despite Public Takedown- A Picture is Worth a Thousand Words
2016-02-26 - Nymaim Moves Past Its Ransomware Roots - What Is Old Is New Again
2016-02-29 - New Malware ‘Rover’ Targets Indian Ambassador to Afghanistan
2016-02-29 - The “HawkEye” attack- how cybercrooks target small businesses for big money
2016-03-01 - Look Into Locky Ransomware
2016-03-01 - Shrouded Crossbow Creators Behind BIFROSE for UNIX
2016-03-01 - Taiwan Presidential Election- A Case Study on Thematic Targeting
2016-03-03 - Attack on Zygote- a new twist in the evolution of mobile threats
2016-03-04 - Tracing the Lineage of DarkSeoul
2016-03-06 - Network detector for Winnti malware
2016-03-06 - New OS X Ransomware KeRanger Infected Transmission BitTorrent Client Installer
2016-03-07 - RedHat Hacker.asp
2016-03-09 - Korean Energy and Transportation Targets Attacked by OnionDog APT
2016-03-10 - Death Comes Calling- Thanatos-Alphabot Trojan Hits the Market
2016-03-11 - Cerber ransomware- new, but mature
2016-03-11 - Gaudox - HTTP Bot (1.1.0.1) - C++-ASM - Ring3 Rootkit - Watchdog - Antis
2016-03-11 - PowerSniff Malware Used in Macro-based Attacks
2016-03-14 - Digital Quartermaster Scenario Demonstrated in Attacks Against the Mongolian Government
2016-03-15 - Suckfly- Revealing the secret life of your code signing certificates
2016-03-18 - Teslacrypt Spam Campaign- “Unpaid Issue…”
2016-03-18 - Xor DDoS
2016-03-20 - Hidden Tear Project- Forbidden Fruit Is the Sweetest
2016-03-21 - OS X Malware Samples Analyzed
2016-03-23 - Gozi ISFB Sourceccode
2016-03-23 - New self‑protecting USB trojan able to avoid detection
2016-03-23 - SamSam- The Doctor Will See You, After He Pays The Ransom
2016-03-24 - Maktub Locker – Beautiful And Dangerous
2016-03-25 - ProjectM- Link Found Between Pakistani Actor and Operation Transparent Tribe
2016-03-29 - Taiwan targeted with new cyberespionage back doorTrojan
2016-03-30 - Ransomware Deployed by Adversary with Established Foothold
2016-03-31 - The evolution of Brazilian Malware
2016-04-01 - Petya – Taking Ransomware To The Low Level
2016-04-06 - Andromeda under the microscope
2016-04-06 - Bootkit's development overview and trend (X)
2016-04-06 - Locky Ransomware Is Becoming More Sophisticated - Cybercriminals Continue Email Campaign Innovation
2016-04-07 - FBI Quietly Admits to Multi-Year APT Attack, Sensitive Data Stolen
2016-04-08 - CryptoHost Decrypted Locks files in a password protected RAR File
2016-04-11 - Manamecrypt – a ransomware that takes a different route
2016-04-13 - Ghosts in the Endpoint
2016-04-14 - Meet GozNym- The Banking Malware Offspring of Gozi ISFB and Nymaim
2016-04-14 - Targeted Ransomware Activity
2016-04-16 - Ever Present Persistence - Established Footholds Seen in the Wild
2016-04-19 - MULTIGRAIN – Point of Sale Attackers Make an Unhealthy Addition to the Pantry
2016-04-19 - Your Package Has Been Successfully Encrypted- TeslaCrypt 4.1A and the Malware Attack Chain
2016-04-21 - PoS Attacks Net Crooks 20 Million Stolen Bank Cards
2016-04-21 - When entropy meets Shannon
2016-04-22 - New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy Activists
2016-04-22 - Tater- A PowerShell implementation of the Hot Potato Windows Privilege Escalation exploit.
2016-04-25 - Attackers Behind GozNym Trojan Set Sights on Europe
2016-04-26 - Digging deep for PLATINUM
2016-04-27 - Freezer Paper around Free Meat (Repackaging Open Source BeEF for Tracking and More)
2016-04-27 - Freezer Paper around Free Meat
2016-04-28 - Research Spotlight- The Resurgence of Qbot
2016-04-28 - Tick cyberespionage group zeros in on Japan
2016-05-02 - Prince of Persia Hashes
2016-05-02 - Prince of Persia- Infy Malware Active In Decade of Targeted Attacks
2016-05-03 - A Universal Windows Bootkit
2016-05-03 - The Continuing Evolution of Samas Ransomware
2016-05-05 - Sophisticated New Packer Identified in CryptXXX Ransomware Sample
2016-05-06 - 7ev3n ransomware turning ‘HONE$T’
2016-05-09 - KRBanker Targets South Korea Through Adware and Exploit Kits
2016-05-09 - PSEUDO-DARKLEECH ANGLER EK FROM 185.118.66.154 SENDS BEDEP-CRYPTXXX
2016-05-10 - Setting Sights On Retail- AbaddonPOS Now Targeting Specific POS Software
2016-05-11 - Threat Actor Leverages Windows Zero-day Exploit in Payment Card Data Attacks
2016-05-12 - Chinese-language Ransomware ‘SHUJIN’ Makes An Appearance
2016-05-12 - Hancitor and Ruckguv Reappear, Updated and With Vawtrak On Deck
2016-05-12 - LatentBot – modularny i silnie zaciemniony bot
2016-05-13 - CYBER HEIST ATTRIBUTION
2016-05-15 - What We Can Learn From the Bangladesh Central Bank Cyber Heist
2016-05-16 - Vietnamese Bank Blocks $1 Million SWIFT Heist
2016-05-17 - ATM infector
2016-05-17 - Indian organizations targeted in Suckfly attacks
2016-05-18 - Operation Groundbait- Espionage in Ukrainian war zones
2016-05-19 - Petya and Mischa – Ransomware Duet (Part 1)
2016-05-20 - Special Report- Cyber thieves exploit banks' faith in SWIFT transfer network
2016-05-22 - Cron has fallen
2016-05-22 - Operation Ke3chang Resurfaces With New TidePool Malware
2016-05-23 - DMA Locker 4.0- Known ransomware preparing for a massive distribution
2016-05-23 - Technical Report about the Malware used in the Cyberespionage against RUAG
2016-05-24 - New Wekby Attacks Use DNS Requests As Command and Control Mechanism
2016-05-25 - CVE-2015-2545- overview of current threats
2016-05-26 - SWIFT attackers’ malware linked to more financial attacks
2016-05-26 - The OilRig Campaign- Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor
2016-05-29 - Keep Calm and (Don’t) Enable Macros- A New Threat Actor Targets UAE Dissidents
2016-06 - Form Grabber 2016 [Crome,FF,Opera,Thunderbird, Outlook IE Safari] Hack the world
2016-06-02 - FastPOS- Quick and Easy Credit Card Theft
2016-06-03 - Cooking Up Autumn (Herbst) Ransomware
2016-06-06 - Everyone sees not what they want to see
2016-06-08 - Spear Phishing Attacks- Why They are Successful and How to Stop Them
2016-06-09 - Reverse-engineering DUBNIUM
2016-06-11 - The Chinese Hackers in the Back Office
2016-06-14 - CVE-2016-4171 – Adobe Flash Zero-day used in targeted attacks
2016-06-14 - New Sofacy Attacks Against US Government Agency
2016-06-15 - Bears in the Midst- Intrusion into the Democratic National Committee
2016-06-15 - Mofang- A politically motivated information stealing adversary
2016-06-15 - Unsupported TeamViewer Versions Exploited For Backdoors, Keylogging
2016-06-17 - In The Wild- Mobile Malware Implements New Features
2016-06-17 - Operation Daybreak
2016-06-17 - ScarCruft APT Group Used Latest Flash Zero Day in Two Dozen Attacks
2016-06-21 - The Curious Case of an Unknown Trojan Targeting German-Speaking Users
2016-06-22 - After Angler- Shift in Exploit Kit Landscape and New Crypto-Ransomware Activity
2016-06-23 - POS and Credit Cards- In the Line of Fire with “PunkeyPOS”
2016-06-24 - Ani-Shell
2016-06-25 - Rokku Ransomware shows possible link with Chimera
2016-06-25 - SectorC08- Multi-Layered SFX in Recent Campaigns Target Ukraine
2016-06-28 - Prince of Persia – Game Over
2016-06-29 - Apocalypse- Ransomware which targets companies through insecure RDP
2016-07-01 - How I Cracked a Keylogger and Ended Up in Someone's Inbox
2016-07-01 - KeyBase - A New Keylogger on the Block
2016-07-03 - Android Triada modular trojan
2016-07-05 - New Backdoor Allows Full Access to Mac Systems, Bitdefender Warns
2016-07-06 - New OSX-Keydnap malware is hungry for credentials
2016-07-07 - NetTraveler APT Targets Russian, European Interests
2016-07-07 - New threat dubbed Zepto Ransomware is spreading out with a new email spam campaign. It is a variant of the recent Locky Ransomware.
2016-07-08 - GootKit- Bobbing and Weaving to Avoid Prying Eyes
2016-07-08 - Investigating the LuminosityLink Remote Access Trojan Configuration
2016-07-08 - The Dropping Elephant – aggressive cyber-espionage in the Asian region
2016-07-11 - When Paying Out Doesn't Pay Off
2016-07-12 - Malware Discovered – SFG- Furtim Malware Analysis
2016-07-12 - Me and Mr. Robot- Tracking the Actor Behind the MAN1 Crypter
2016-07-13 - Troldesh ransomware influenced by (the) Da Vinci code
2016-07-14 - Technical Notes on Sakula
2016-07-18 - Third time (un)lucky – improved Petya is out
2016-07-20 - CrypMIC Ransomware Wants to Follow CryptXXX’s Footsteps
2016-07-21 - Canadian Man Behind Popular ‘Orcus RAT’
2016-07-21 - Phishing Attacks Employ Old but Effective Password Stealer
2016-07-22 - Stampado Ransomware campaign decrypted before it Started
2016-07-25 - Patchwork cyberespionage group expands targets from governments to wide range of industries
2016-07-26 - Attack Delivers ‘9002’ Trojan Through Google Drive
2016-07-26 - OTX Pulse on R980 ransomware
2016-07-26 - Threat Actors Using Legitimate PayPal Accounts To Distribute Chthonic Banking Trojan
2016-07-30 - Luminosity RAT - Re-purposed
2016-08 - Analysis of a packed Pony downloader
2016-08-01 - CrowdStrike’s New Methodology for Tracking eCrime
2016-08-02 - Orcus – Birth of an unusual plugin builder RAT
2016-08-04 - Iran Threats Webpage
2016-08-04 - Iranian Actor -Group5- Targeting Syrian Opposition
2016-08-04 - What is Multigrain- Learn what makes this PoS malware different
2016-08-05 - Smoke Loader – downloader with a smokescreen still alive
2016-08-07 - Strider- Cyberespionage group turns eye of Sauron on targets
2016-08-08 - Doctor Web detected Linux Trojan written in Go
2016-08-08 - MONSOON - Analysis Of An APT Campaign
2016-08-08 - Possibly Italy-Born Android RAT Reported in China, Find Bitdefender Researchers
2016-08-08 - ProjectSauron- top level cyber-espionage platform covertly extracts encrypted government comms
2016-08-08 - Strider- Cyberespionage group turns eye of Sauron on targets
2016-08-10 - Android Marcher- Continuously Evolving Mobile Malware
2016-08-10 - CryptXXX - CrypMIC – intensywnie dystrybuowany ransomware w ramach exploit-kitów
2016-08-11 - Smrss32 (.encrypted) Ransomware Help & Support - _HOW_TO_Decrypt.bmp
2016-08-15 - Shakti Trojan- Document Thief
2016-08-16 - Aveo Malware Family Targets Japanese Speaking Users
2016-08-16 - Brazil Can’t Catch a Break- After Panda Comes the Sphinx
2016-08-17 - Operation Ghoul- targeted attacks on industrial and engineering organizations
2016-08-18 - The Shadow Brokers
2016-08-19 - New Hancitor Malware- Pimp my Downloaded
2016-08-22 - BLATSTING FUNKSPIEL
2016-08-22 - Trojan.Mutabaha.1
2016-08-22 - VB Dropper and Shellcode for Hancitor Reveal New Techniques Behind Uptick
2016-08-23 - GozNym Banking Trojan Targeting German Banks
2016-08-23 - Russian hackers 'Fancy Bear' likely breached Olympic drug-testing agency and DNC, experts say
2016-08-25 - Shakti Trojan - Technical Analysis
2016-08-25 - Unpacking the spyware disguised as antivirus
2016-08-28 - FEINTCLOUD
2016-08-29 - Fantom ransomware impersonates Windows update
2016-08-29 - German Speakers Targeted by SPAM Leading to Ozone RAT
2016-08-29 - Nightmare on Tor Street- Ursnif variant Dreambot adds Tor functionality
2016-08-30 - OSX-Keydnap spreads via signed Transmission application
2016-08-30 - Pythons and Unicorns and Hancitor…Oh My! Decoding Binaries Through Emulation
2016-09-01 - TADAQUEOUS moments
2016-09-02 - Necurs – hybrid spam botnet
2016-09-04 - BLATSTING Command-and-Control protocol
2016-09-05 - Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems
2016-09-06 - Blatsting C&C Transcript
2016-09-06 - Buckeye cyberespionage group shifts gaze from US to Hong Kong
2016-09-07 - The Missing Piece – Sophisticated OS X Backdoor Discovered
2016-09-08 - Doctor Web discovers Linux Trojan written in Rust
2016-09-08 - The Philadelphia Ransomware offers a Mercy Button for Compassionate Criminals
2016-09-09 - GOVRAT V2.0 - Attacking US military and government
2016-09-11 - BUZZDIRECTION- BLATSTING reloaded
2016-09-11 - Free Darktrack RAT Has the Potential of Being the Best RAT on the Market Search
2016-09-13 - DualToy- New Windows Trojan Sideloads Risky Apps to Android and iOS Devices
2016-09-13 - H1N1- Technical analysis reveals new capabilities
2016-09-13 - The curious case of BLATSTING's RSA implementation
2016-09-14 - BkSoD by Ransomware- HDDCryptor Uses Commercial Tools to Encrypt Network Shares and Lock HDDs
2016-09-15 - MILE TEA- Cyber Espionage Campaign Targets Asia Pacific Businesses and Government Agencies
2016-09-16 - Tofsee – modular spambot
2016-09-16 - iSpy Keylogger
2016-09-17 - A few notes on SECONDDATE's C&C protocol
2016-09-19 - Untangling the Ripper ATM Malware
2016-09-20 - Hackers lurking, parliamentarians told _ News _ DW _ 20.09.2016
2016-09-20 - Hackers lurking, parliamentarians told
2016-09-20 - Meanwhile in Britain, Qadars v3 Hardens Evasion, Targets 18 UK Banks
2016-09-21 - KrebsOnSecurity Hit With Record DDoS
2016-09-21 - Reversing GO binaries like a pro
2016-09-22 - Book of Eli- African targeted attacks
2016-09-22 - Zeus Delivered by DELoader to Defraud Customers of Canadian Banks
2016-09-23 - Dissecting a Hacktivist’s DDoS Tool- Saphyra Revealed
2016-09-23 - Hancitor (AKA Chanitor) observed using multiple attack approaches
2016-09-23 - SECONDDATE in action
2016-09-26 - Sofacy’s ‘Komplex’ OS X Trojan
2016-09-27 - Komplex Mac backdoor answers old questions
2016-09-27 - New Voldemort-Nagini Ransomware Virus Infection
2016-09-28 - Belling the BEAR
2016-09-28 - Confucius Says…Malware Families Get Further By Abusing Legitimate Websites
2016-09-28 - Highly Evasive Code Injection Awaits User Interaction Before Delivering Malware
2016-09-28 - Introducing Her Royal Highness the Princess Locker Ransomware
2016-09-29 - TeamXRat- Brazilian cybercrime meets ransomware
2016-09-29 - Want Tofsee My Pictures- A Botnet Gets Aggressive
2016-09-30 - Hacked Steam accounts spreading Remote Access Trojan
2016-10-01 - Source Code for IoT Botnet ‘Mirai’ Released
2016-10-01 - ‘Shadow Brokers’ Whine That Nobody Is Buying Their Hacked NSA Files
2016-10-03 - On the StrongPity Waterhole Attacks Targeting Italian and Belgian Encryption Users
2016-10-03 - Polyglot – the fake CTB-locker
2016-10-03 - Remsec driver analysis
2016-10-04 - OilRig Malware Campaign Updates Toolset and Expands Targets
2016-10-05 - FastPOS Updates in Time for the Retail Sale Season
2016-10-09 - SiteIntel- Cyber Caliphate Army
2016-10-10 - How France's TV5 was almost destroyed by 'Russian hackers'
2016-10-10 - Remsec driver analysis - Part 2
2016-10-11 - Odinaff- New Trojan used in high level financial attacks
2016-10-11 - Remsec driver analysis - Part 3
2016-10-15 - TrickBot- We Missed you, Dyre
2016-10-17 - A Tale of Two Targets
2016-10-17 - New-looking Sundown EK drops Smoke Loader, Kronos banker
2016-10-17 - RotorCrypt (RotoCrypt) Ransomware Support Topic - .tar, .c400, .c300, .GRANIT
2016-10-17 - ‘DealersChoice’ is Sofacy’s Flash Player Exploit Platform
2016-10-18 - Digitally Signed Malware Targeting Gaming Companies
2016-10-20 - RotorCrypt (RotoCrypt) Ransomware Tar Ransomware
2016-10-20 - TheMoon - A P2P botnet targeting Home Routers
2016-10-21 - BITTER- a targeted attack against Pakistan
2016-10-24 - Evasive Malware Detects and Defeats Virtual Machine Analysis
2016-10-24 - Introducing TrickBot, Dyreza’s successor
2016-10-25 - Houdini’s Magic Reappearance
2016-10-25 - TrickBot Banker Insights
2016-10-26 - Moonlight – Targeted attacks in the Middle East
2016-10-27 - BLACKGEAR Espionage Campaign Evolves, Adds Japan To Target List
2016-10-27 - In-Dev Ransomware forces you do to Survey before unlocking Computer
2016-10-27 - Inside the Gootkit C&C server
2016-10-27 - Mirai DDoS Botnet- Source Code & Binary Analysis
2016-10-28 - zxshell repository
2016-10-31 - Second Shadow Brokers dump released
2016-11-01 - Ursnif Malware- Deep Technical Dive
2016-11-02 - Exposing the EGO MARKET- the cybercrime performed by the Linux-Moose botnet
2016-11-02 - Linux-Moose- Still breathing
2016-11-02 - Nymaim Malware- Deep Technical Dive – Adventures in Evasive Malware
2016-11-07 - Little Trickbot Growing Up- New Campaign
2016-11-08 - Analysis of IOS.GUIINJECT Adware Library
2016-11-08 - Analysis of iOSGuiInject Adware Library
2016-11-08 - SPAMTORTE VERSION 2- DISCOVERY OF AN ADVANCED, MULTILAYERED SPAMBOT CAMPAIGN THAT IS BACK WITH A VENGEANCE
2016-11-09 - Down the H-W0rm Hole with Houdini’s RAT
2016-11-09 - Tricks of the Trade- A Deeper Look Into TrickBot’s Machinations
2016-11-10 - Floki Bot and the stealthy dropper
2016-11-14 - Doctor Web discovers a botnet that attacks Russian banks
2016-11-14 - Ransoc Desktop Locking Ransomware Ransacks Local Files and Social Media Profiles
2016-11-15 - CryptoLuck Ransomware being Malvertised via RIG-E Exploit Kits
2016-11-15 - Kronos Banking Trojan Used to Deliver New Point-of-Sale Malware
2016-11-15 - ScanPOS, new POS malware being distributed by Kronos
2016-11-17 - It’s Parliamentary - KeyBoy and the targeting of the Tibetan Community
2016-11-17 - Princess Locker decryptor
2016-11-21 - Android malware analysis with Radare- Dissecting the Triada Trojan
2016-11-21 - PrincessLocker – ransomware with not so royal encryption
2016-11-22 - Cobalt hackers executed massive, synchronized ATM heists across Europe, Russia
2016-11-22 - Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy
2016-11-23 - Analysis- Ursnif - spying on your data since 2007
2016-11-23 - InPage zero-day exploit used to attack financial institutions in Asia
2016-11-28 - A New All-in-One Botnet- Proteus
2016-11-28 - NetWire RAT Steals Payment Card Data
2016-11-30 - Bladabindi Remains A Constant Threat By Using Dynamic DNS Services
2016-11-30 - Shamoon 2- Return of the Disttrack Wiper
2016-11-30 - Shamoon- Back from the dead and destructive as ever
2016-12-01 - Alert (TA16-336A)- Avalanche (crimeware-as-a-service infrastructure)
2016-12-01 - CNACOM - Open Source Exploitation via Strategic Web Compromise
2016-12-06 - August in November- New Information Stealer Hits the Scene
2016-12-06 - Deep Analysis of the Online Banking Botnet TrickBot
2016-12-07 - August in November- New Information Stealer Hits the Scene
2016-12-07 - Floki Bot Strikes, Talos and Flashpoint Respond
2016-12-07 - The TrickBot Evolution
2016-12-08 - Thyssenkrupp victim of cyber attack
2016-12-09 - -Proof of Concept- CryptoWire Ransomware Spawns Lomix and UltraLocker Families
2016-12-09 - New Exo Android Trojan Sold on Hacking Forums, Dark Web
2016-12-09 - Windows 10- protection, detection, and response against recent Depriz malware attacks
2016-12-13 - The rise of TeleBots- Analyzing disruptive KillDisk attacks
2016-12-14 - MiKey - A Linux keylogger
2016-12-14 - Twin zero-day attacks- PROMETHIUM and NEODYMIUM target individuals in Europe
2016-12-15 - Goldeneye Ransomware – the Petya-Mischa combo rebranded
2016-12-15 - Let It Ride- The Sofacy Group’s DealersChoice Attacks Continue
2016-12-16 - Bayrob- Three suspects extradited to face charges in US
2016-12-19 - Dismantling a Nuclear Bot
2016-12-20 - Alice- A Lightweight, Compact, No-Nonsense ATM Malware
2016-12-20 - New Linux-Rakos threat- devices and servers under SSH scan (again)
2016-12-22 - Tofsee Spambot features .ch DGA - Reversal and Countermesaures
2016-12-23 - Emsisoft Decryptor for GlobeImposter
2016-12-26 - Rocket Kitten
2016-12-27 - ANALYSIS OF AUGUST STEALER MALWARE
2016-12-27 - Pegasus internals- Technical Teardown of the Pegasus malware and Trident exploit chain
2016-12-28 - Switcher- Android joins the ‘attack-the-router’ club
2016-12-29 - GRIZZLY STEPPE – Russian Malicious Cyber Activity
2016-12-29 - Some notes on IoCs
Malware Analysis 2017
2017-01-01 - Mac Malware of 20162017-01-03 - Technical details on the Fancy Bear Android malware (poprd30.apk)
2017-01-04 - Exposing an AV-Disabling Driver Just in Time for Lunch
2017-01-04 - FireCrypt Ransomware Comes With a DDoS Component
2017-01-04 - Technical analysis of CryptoMix-CryptFile2 ransomware
2017-01-05 - DragonOK Updates Toolset and Targets Multiple Geographic Regions
2017-01-05 - KillDisk now targeting Linux- Demands $250K ransom, but can’t decrypt
2017-01-05 - Taiwan ATM heist linked to European hacking spree- security firm
2017-01-06 - 2016 Updates to Shifu Banking Trojan
2017-01-09 - Second Wave of Shamoon 2 Attacks Identified
2017-01-10 - Client Maximus- New Remote Overlay Malware Highlights Rising Malcode Sophistication in Brazil
2017-01-10 - Ransomware Recap- Dec. 19 - Dec. 31, 2016
2017-01-11 - Post-holiday spam campaign delivers Neutrino Bot
2017-01-12 - New Variant of Ploutus ATM Malware Observed in the Wild in Latin America
2017-01-12 - The “EyePyramid” attacks
2017-01-13 - Finfisher rootkit analysis
2017-01-17 - Carbanak Group uses Google for malware command-and-control
2017-01-17 - EITEST RIG-V FROM 92.53.127.86 SENDS SPORA RANSOMWARE
2017-01-17 - New GhostAdmin Malware Used for Data Theft and Exfiltration
2017-01-18 - Finding the RAT’s Nest
2017-01-18 - Flashback Wednesday- Pakistani Brain
2017-01-18 - New Mac backdoor using antiquated code
2017-01-18 - Newly discovered Mac malware found in the wild also works well on Linux
2017-01-18 - Spora - the Shortcut Worm that is also a Ransomware
2017-01-18 - Ukraine's power outage was a cyber attack- Ukrenergo
2017-01-19 - New Satan Ransomware available through a Ransomware as a Service
2017-01-20 - Doctor Web anticipates increase in number of banking Trojan attacks on Android users
2017-01-21 - Sage 2.0 Ransomware
2017-01-22 - OurMine
2017-01-22 - Russian Hacker behind 'NeverQuest' Malware, Wanted by FBI, Is Arrested in Spain
2017-01-23 - Greenbug cyberespionage group targeting Middle East, possible links to Shamoon
2017-01-24 - Charger Malware Calls and Raises the Risk on Google Play
2017-01-25 - Detecting threat actors in recent German industrial attacks with Windows Defender ATP
2017-01-26 - Around the World With Zeus Sphinx- From Canada to Australia and Back
2017-01-26 - Deep Analysis of Android Rootnik Malware Using Advanced Anti-Debug and Anti-Hook, Part I- Debugging in The Scope of Native Layer
2017-01-26 - Deep Analysis of Android Rootnik Malware Using Advanced Anti-Debug and Anti-Hook, Part II- Analysis of The Scope of Java
2017-01-26 - Malware ChChes interacts with C & C server using Cookie header
2017-01-26 - Zbot with legitimate applications on board
2017-01-30 - Downeks and Quasar RAT Used in Recent Targeted Attacks Against Governments
2017-01-30 - EyePyramid- An Archaeological Journey
2017-01-30 - Nymaim revisited
2017-01-30 - Sage 2.0 comes with IP Generation Algorithm (IPGA)
2017-01-31 - Locky Bart ransomware and backend server analysis
2017-01-31 - Malicious Office files using fileless UAC bypass to drop KEYBASE malware
2017-02-02 - KopiLuwak- A New JavaScript Payload from Turla
2017-02-02 - Oops, they did it again- APT Targets Russia and Belarus with ZeroT and PlugX
2017-02-02 - Ransomware Recap- January 14 - 29, 2017
2017-02-03 - Zeus Panda Webinjects- a case study
2017-02-04 - Russen faalden bij hackpogingen ambtenaren op Nederlandse ministeries
2017-02-05 - Detailed threat analysis of Shamoon 2.0 Malware
2017-02-06 - Polish Banks Infected with Malware Hosted on Their Own Government's Site
2017-02-06 - Threat Spotlight- Satan
2017-02-06 - iKittens- Iranian Actor Resurfaces with Malware for Mac (MacDownloader)
2017-02-07 - Erebus Ransomware Utilizes a UAC Bypass and Request a 90 Ransom Payment
2017-02-09 - Shell Crew Variants Continue to Fly Under Big AV’s Radar
2017-02-10 - PowerSploit
2017-02-12 - Attackers target dozens of global banks with new malware
2017-02-12 - Attackers target dozens of global banks with new
2017-02-12 - Lazarus & Watering-hole attacks
2017-02-14 - New Android trojan mimics user clicks to download dangerous malware
2017-02-14 - REMCOS- A New RAT In The Wild
2017-02-14 - Sage 2.0 analysis
2017-02-14 - XAgentOSX- Sofacy’s XAgent macOS Tool
2017-02-15 - Banking Trojans- Ursnif Global Distribution Networks Identified
2017-02-15 - Inside OilRig -- Tracking Iran's Busiest Hacker Crew On Its Global Rampage
2017-02-15 - Iranian PupyRAT Bites Middle Eastern Organizations
2017-02-15 - Magic Hound Campaign Attacks Saudi Targets
2017-02-15 - The Rambo Backdoor
2017-02-16 - Breaking The Weakest Link Of The Strongest Chain
2017-02-16 - Demystifying targeted malware used against Polish banks
2017-02-16 - Iranian hackers behind the Magic Hound campaign linked to Shamoon
2017-02-16 - Nefarious Macro Malware drops “Loki Bot” to steal sensitive information across GCC countries!
2017-02-16 - menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations
2017-02-16 - reGeorg
2017-02-18 - Hackers Selling Undetectable Proton Malware for macOS in 40 BTC
2017-02-20 - Lazarus’ False Flag Malware
2017-02-20 - Part I. Russian APT - APT28 collection of samples including OSX XAgent
2017-02-21 - New(ish) Mirai Spreader Poses New Risks
2017-02-22 - Bella- A pure python, post-exploitation, data mining tool and remote administration tool for macOS.
2017-02-22 - Dissecting the Qadars Banking Trojan
2017-02-22 - New crypto‑ransomware hits macOS
2017-02-23 - Korean MalDoc Drops Evil New Years Presents
2017-02-23 - Released Android malware source code used to run a banking botnet
2017-02-24 - Hunting Retefe with Splunk - some interesting points
2017-02-24 - Necurs Proxy Module With DDOS Features
2017-02-25 - Silent RIFLE Response Against Advanced Threat
2017-02-26 - TreasureHunter - A POS Malware Case Study
2017-02-27 - New Neutrino Bot comes in a protective loader
2017-02-27 - Shamoon- Multi-staged destructive attacks limited to specific targets
2017-02-27 - Spambot safari #2 - Online Mail System
2017-02-27 - The Deception Project- A New Japanese-Centric Threat
2017-02-27 - The Gamaredon Group Toolset Evolution
2017-02-28 - Dridex’s Cold War- Enter AtomBombing
2017-03-01 - GootKit Developers Dress It Up With Web Traffic Proxy
2017-03-01 - How Does the Trickbot Malware Work-
2017-03-01 - Poorly coded Lamdelin Lockscreen Ransomware lets you in using Alt+F4
2017-03-01 - Ransomware for Dummies- Anyone Can Do It
2017-03-01 - Threat Spotlight- Flokibot PoS Malware
2017-03-02 - Update on the Fancy Bear Android malware (poprd30.apk)
2017-03-06 - 0-Day- Dahua backdoor Generation 2 and 3
2017-03-07 - Vault 7- CIA Hacking Tools Revealed
2017-03-08 - RawPOS Malware Rides Again
2017-03-09 - Spora Ransomware- Understanding the HTA Infection Vector
2017-03-10 - Explained- Spora ransomware
2017-03-10 - Preinstalled Malware Targeting Mobile Users
2017-03-11 - Wikileaks Vault7 JQJSNICKER code leak
2017-03-13 - Detecting and eliminating Chamois, a fraud botnet on Android
2017-03-13 - Moving Target Defense Blog
2017-03-13 - Zeus Panda Webinjects- Don’t trust your eyes
2017-03-14 - Analyzing and Deobfuscating FlokiBot Banking Trojan
2017-03-14 - PetrWrap- the new Petya-based ransomware used in targeted attacks
2017-03-15 - MajikPOS Combines PoS Malware and RATs to Pull Off its Malicious Tricks
2017-03-15 - NexusLogger- A New Cloud-based Keylogger Enters the Market
2017-03-15 - Revenge Ransomware a CryptoMix Variant Being Distributed by RIG Exploit Kit
2017-03-15 - Teardown of Android-Ztorg (Part 2)
2017-03-15 - Teardown of a Recent Variant of Android-Ztorg (Part 1)
2017-03-15 - Vaccinating against Spora ransomware- a proof-of-concept tool by Minerva
2017-03-16 - Fileless Malware Campaigns Tied to Same Attacker
2017-03-17 - Diamond Fox – part 1- introduction and unpacking
2017-03-17 - Grabbot is Back to Nab Your Data
2017-03-20 - Necurs Diversifies Its Portfolio
2017-03-21 - Hunt Case Study- Hunting Campaign Indicators on Privacy Protected Attack Infrastructure
2017-03-21 - Inside the Hunt for Russia’s Most Notorious Hacker
2017-03-22 - El Machete's Malware Attacks Cut Through LATAM
2017-03-22 - Winnti Abuses GitHub for C&C Communications
2017-03-23 - Tales from the Trenches- Loki Bot Malware
2017-03-24 - Terror EK via Malvertising delivers Tofsee Spambot
2017-03-26 - Shamoon 2- Delivering Disttrack
2017-03-27 - Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005
2017-03-28 - Cerber Starts Evading Machine Learning
2017-03-28 - Dimnie- Hiding in Plain Sight
2017-03-28 - Russian Citizen Pleads Guilty for Involvement in Global Botnet Conspiracy
2017-03-28 - The NukeBot Trojan, a Bruised Ego and a Surprising Source Code Leak
2017-03-28 - Threat Spotlight- GhostAdmin Malware
2017-03-29 - Explained- Sage ransomware
2017-03-29 - New Mirai Variant Launches 54 Hour DDoS Attack against US College
2017-03-29 - Trojanized Adobe installer used to install DragonOK’s new custom backdoor
2017-03-30 - Carbon Paper- Peering into Turla’s second stage backdoor
2017-03-30 - EquationDrug rootkit analysis (mstcp32.sys)
2017-03-30 - Hi-Tech Crime Trends 2016
2017-03-30 - Trochilus and New MoonWind RATs Used In Attack Against Thai Organizations
2017-03-31 - Threat Round-up for Mar 24 - Mar 31
2017-04-03 - DHL Invoice Malspam-Photo Malspam
2017-04-03 - Dissecting One of APT29’s Fileless WMI and PowerShell Backdoors (POSHSPY)
2017-04-03 - IAAF Says It Has Been Hacked, Athlete Medical Info Accessed
2017-04-03 - Introducing ROKRAT
2017-04-03 - Lazarus APT Spinoff Linked to Banking Hacks
2017-04-03 - Lazarus under the Hood
2017-04-03 - Moonlight Maze- Lessons from history
2017-04-03 - RedLeaves - Malware Based on Open Source RAT
2017-04-03 - Shadow Server Domains Leading to RIG Exploit Kit Dropping Smoke Loader. Downloaded Neutrino Bot (AKA Kasidet).
2017-04-03 - Shadow Server Domains Leading to RIG Exploit Kit Dropping Smoke Loader
2017-04-03 - オープンソースのRATを改良したマルウエアRedLeaves
2017-04-04 - ATMitch- remote administration of ATMs
2017-04-04 - Chasing Lazarus- A Hunt for the Infamous Hackers to Prevent Large Bank Robberies
2017-04-04 - POSHSPY backdoor code
2017-04-05 - In-Depth Look at New Variant of MONSOON APT Backdoor, Part 1
2017-04-05 - In-Depth Look at New Variant of MONSOON APT Backdoor, Part 2
2017-04-05 - Targeted Attacks in the Middle East Using KASPERAGENT and MICROPSIA
2017-04-05 - ”BrickerBot” Results In PDoS Attack
2017-04-06 - APT10 (MenuPass Group)- New Tools, Global Campaign Latest Manifestation of Longstanding Threat
2017-04-06 - Chinese Nation-State Hackers Target U.S in Operation TradeSecret
2017-04-06 - Diamond Fox – part 2- let’s dive in the code
2017-04-06 - New IoT-Linux Malware Targets DVRs, Forms Botnet
2017-04-06 - Sathurbot- Distributed WordPress password attack
2017-04-06 - Self-Proclaimed ‘Nuclear Bot’ Author Weighs U.S. Job Offer
2017-04-07 - The Blockbuster Sequel
2017-04-10 - DOJ moves to topple Kelihos, one of the world's largest botnets
2017-04-10 - Justice Department Announces Actions to Dismantle Kelihos Botnet
2017-04-10 - Longhorn Cyber-Espionage Group Is Actually the CIA
2017-04-10 - Longhorn- Tools used by cyberespionage group linked to Vault 7
2017-04-10 - ShadowBrokers Dump More Equation Group Hacks, Auction File Password
2017-04-11 - Unraveling the Lamberts Toolkit
2017-04-12 - ICS Alert (ICS-ALERT-17-102-01A)
2017-04-13 - A deeper look into malware abusing TeamViewer
2017-04-13 - Decrypting Bankbot communications.
2017-04-13 - Inside the Takedown of ZOMBIE SPIDER and the Kelihos Botnet
2017-04-13 - Stuxnet drivers- detailed analysis
2017-04-15 - Hajime - A Decentralized Modular Worm - Followup
2017-04-17 - Azazel
2017-04-17 - New NSA leak may expose its bank spying, Windows exploits
2017-04-17 - Python script for decoding DOUBLEPULSAR
2017-04-17 - Remove Search.searchetan.com Chrome New Tab Page
2017-04-18 - Coming Soon…
2017-04-18 - Github repository for trochilus RAT
2017-04-18 - Hajime worm battles Mirai for control of the Internet of Things
2017-04-18 - Shadow Brokers leaks show U.S. spies successfully hacked Russian, Iranian targets
2017-04-19 - Of Pigs and Malware- Examining a Possible Member of the Winnti Group
2017-04-19 - RawPOS- New Behavior Risks Identity Theft
2017-04-20 - Binary Options malvertising campaign drops ISFB banking Trojan
2017-04-20 - Cardinal RAT Active for Over Two Years
2017-04-21 - BrickerBot Author Claims He Bricked Two Million Devices
2017-04-21 - China Hacked South Korea Over Missile Defense, U.S. Firm Says
2017-04-21 - Elusive Moker Trojan is back
2017-04-21 - Researchers claim China trying to hack South Korea missile defense efforts
2017-04-23 - Let's Talk About FlexiSpy
2017-04-24 - FIN7 Evolution and the Phishing LNK
2017-04-24 - XPan, I am your father
2017-04-25 - 2017-04-25 - -GOOD MAN- CAMPAIGN RIG EK SENDS LATENTBOT
2017-04-25 - Linux Shishiga malware using LUA scripts
2017-04-25 - Philadelphia Ransomware Brings Customization to Commodity Malware
2017-04-25 - ShadowWali- New variant of the xxmm family of backdoors
2017-04-26 - BankBot, the Prequel
2017-04-26 - Hajime – Friend or Foe-
2017-04-26 - Who is behind this Chinese espionage group stealing our intellectual property-
2017-04-27 - APT Targets Financial Analysts with CVE-2017-0199
2017-04-27 - Alert (TA17-117A)- Intrusions Affecting Multiple Victims Across Multiple Sectors
2017-04-27 - Iranian Fileless Attack Infiltrates Israeli Organizations
2017-04-27 - OilRig Actors Provide a Glimpse into Development and Testing Efforts
2017-04-28 - KeyPlexer
2017-04-28 - Use of DNS Tunneling for C&C Communications
2017-05-01 - Another OSX.Dok dropper found installing new backdoor
2017-05-01 - Crouching Yeti (Energetic Bear) Malware
2017-05-02 - Covert Channels and Poor Decisions- The Tale of DNSMessenger
2017-05-02 - HackSpy-Trojan-Exploit
2017-05-02 - Philadelphia Ransomware
2017-05-02 - Shamoon Collaborator Greenbug Adopts New Communication Tool
2017-05-02 - Targeted attack against the Ukrainian military
2017-05-02 - Who is Mr Wu-
2017-05-03 - Deep Analysis of New Emotet Variant - Part 1
2017-05-03 - Hunting pack use case- RedLeaves malware
2017-05-03 - KONNI- A Malware Under The Radar For Years
2017-05-03 - Kazuar- Multiplatform Espionage Backdoor with API Access
2017-05-03 - Snake- Coming soon in Mac OS X flavour
2017-05-03 - To SDB, Or Not To SDB- FIN7 Leveraging Shim Databases for Persistence
2017-05-04 - Behind The Mystery Of Russia's 'Dyre' Hackers Who Stole Millions From American Business
2017-05-04 - OSX Malware is Catching Up, and it wants to Read Your HTTPS Traffic
2017-05-05 - Inside Netrepser – a JavaScript-based Targeted Attack
2017-05-05 - Snake malware ported from Windows to Mac
2017-05-05 - Who is Mr Dong-
2017-05-05 - loki-parse
2017-05-07 - Loki-Bot- Come out, come out, wherever you are!
2017-05-08 - HandBrake for Mac Compromised with Proton Spyware
2017-05-09 - APT3 is Boyusec, a Chinese Intelligence Contractor
2017-05-09 - Deep Analysis of New Emotet Variant – Part 2
2017-05-09 - Persirai- New Internet of Things (IoT) Botnet Targets IP Cameras
2017-05-09 - RIG EK SENDS BUNITU TROJAN
2017-05-09 - Sednit adds two zero‑day exploits using ‘Trump’s attack on Syria’ as a decoy
2017-05-09 - Tracking Android BankBot
2017-05-10 - DiamondFox modular malware – a one-stop shop
2017-05-10 - Introducing Loda Malware
2017-05-10 - OSX-Proton.B
2017-05-10 - Proton.B- What this Mac malware actually does
2017-05-11 - Cyber Attack Impersonating Identity of Indian Think Tank to Target Central Bureau of Investigation CBI and Possibly Indian Army Officials
2017-05-11 - Jaff - New Ransomware From the Actors Behind the Distribution of Dridex, Locky, and Bart
2017-05-11 - Mac.BackDoor.Systemd.1
2017-05-12 - Global WannaCry ransomware outbreak uses known NSA exploits
2017-05-12 - U.K. Hospitals Hit in Widespread Ransomware Attack
2017-05-12 - WannaCry ransomware that infected Telefonica and NHS hospitals is spreading aggressively, with over 50,000 attacks so far today
2017-05-12 - WannaCry ransomware used in widespread attacks all over the world
2017-05-12 - WannaCrypt ransomware worm targets out-of-date systems
2017-05-12 - Warning- Massive -WannaCry- Ransomware campaign launched
2017-05-12 - ‘WCry’ Virus Reportedly Infects Russian Interior Ministry's Computer Network
2017-05-13 - How to Accidentally Stop a Global Cyber Attacks
2017-05-14 - Cyber Espionage is Alive and Well- APT32 and the Threat to Global Corporations
2017-05-15 - Adylkuzz Cryptocurrency Mining Malware Spreading for Weeks Via EternalBlue-DoublePulsar
2017-05-15 - Evolution of the GOLD EVERGREEN Threat Group
2017-05-16 - 2017-05-16 - MORE EXAMPLES OF MALSPAM PUSHING JAFF RANSOMWARE
2017-05-16 - DocuSign Phishing Campaign Includes Hancitor Downloader
2017-05-16 - WannaCry - WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm
2017-05-16 - Wannacryptor Ransomworm
2017-05-17 - New Loki Variant Being Spread via PDF File
2017-05-18 - UIWIX – Evasive Ransomware Exploiting ETERNALBLUE
2017-05-19 - How did the WannaCry ransomworm spread-
2017-05-22 - WannaCry- Ransomware attacks show strong links to Lazarus group
2017-05-23 - Modified Zyklon and plugins from India
2017-05-23 - Ocean Lotus Group-APT 32 identified as Vietnamese APT group
2017-05-23 - Quakbot
2017-05-23 - XData ransomware making rounds amid global WannaCryptor scare
2017-05-24 - APT32- New Cyber Espionage Group
2017-05-24 - Analysis of Emotet v4
2017-05-24 - Operation Cobalt Kitty- A large-scale APT in Asia carried out by the OceanLotus Group
2017-05-25 - Dridex- A History of Evolution
2017-05-25 - EternalRocks (a.k.a. MicroBotMassiveNet)
2017-05-25 - Lazarus- History of mysterious group behind infamous cyber attacks
2017-05-25 - Linguistic Analysis of WannaCry Ransomware Messages Suggests Chinese-Speaking Authors
2017-05-26 - TrickBot’s bag of tricks
2017-05-27 - From PDNS- Another fix length of 7, a-z. tlds- [ru, com]
2017-05-29 - Gozi Tree
2017-05-30 - Bankbot on Google Play
2017-05-30 - Mole ransomware- analysis and decryptor
2017-05-31 - APT16
2017-05-31 - APT17
2017-05-31 - APT18
2017-05-31 - APT29
2017-05-31 - Necurs Recurs
2017-05-31 - Writing PCRE's for applied passive network defense [Emotet]
2017-06-01 - FIREBALL – The Chinese Malware of 250 Million Computers Infected
2017-06-01 - Microsoft Word Intruder Integrates CVE-2017-0199, Utilized by Cobalt Group to Target Financial Institutions
2017-06-02 - QakBot Banking Trojan Causes Massive Active Directory Lockouts
2017-06-05 - A JavaScript and VBScript Based Empire Launcher - by Cn33liz 2017
2017-06-05 - HandBrake Hacked! - osx-proton (re)appears
2017-06-05 - Set up your own malware analysis lab with VirtualBox, INetSim and Burp
2017-06-06 - Privileges and Credentials- Phished at the Request of Counsel
2017-06-06 - Turla’s watering hole campaign- An updated Firefox extension abusing Instagram
2017-06-07 - PLATINUM continues to evolve, find ways to maintain invisibility
2017-06-07 - Rig EK via Fake EVE Online website drops Bunitu
2017-06-07 - Russian malware link hid in a comment on Britney Spears' Instagram
2017-06-08 - Dvmap- the first Android malware with code injection
2017-06-08 - LatentBot piece by piece
2017-06-08 - THE SEVEN YEAR ITCH
2017-06-09 - Another Banker Enters the Matrix
2017-06-09 - FIN7 Takes Another Bite at the Restaurant Industry
2017-06-09 - MacRansom- Offered as Ransomware as a Service
2017-06-09 - MacSpy- OS X Mac RAT as a Service
2017-06-12 - 2017-06-12 - LOKI BOT MALSPAM - SUBJECT- RE- PURCHASE ORDER 457211
2017-06-12 - Alert (TA17-163A)
2017-06-12 - Bahamut, Pursuing a Cyber Espionage Actor in the Middle East
2017-06-12 - Behind the CARBANAK Backdoor
2017-06-12 - Industroyer- Biggest threat to industrial control systems since Stuxnet
2017-06-12 - OSX-MacRansom
2017-06-12 - Open Source Malware - Sharing is caring-
2017-06-13 - HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure
2017-06-13 - Threat Spotlight- Breaking Down FF-Rat Malware
2017-06-14 - Phantom of the Opaera- New KASPERAGENT Malware Campaign
2017-06-15 - DUBrute
2017-06-15 - Trickbot Expands Global Targets Beyond Banks and Payment Processors to CRMs
2017-06-15 - Zeus Sphinx Pushes Empty Configuration Files — What Has the Sphinx Got Cooking-
2017-06-19 - Delphi Used To Score Against Palestine
2017-06-19 - Erebus Resurfaces as Linux Ransomware
2017-06-20 - AdGholas Malvertising Campaign Using Astrum EK to Deliver Mole Ransomware
2017-06-20 - Ztorg- from rooting to SMS
2017-06-21 - Player 1 Limps Back Into the Ring - Hello again, Locky!
2017-06-22 - Following the Trail of BlackTech’s Cyber Espionage Campaigns
2017-06-22 - Locky Ransomware Returns, but Targets Only Windows XP & Vista
2017-06-22 - Loki-Bot- InformationStealer, Keylogger, &More!
2017-06-22 - The New and Improved macOS Backdoor from OceanLotus
2017-06-22 - The Trail of BlackTech’s Cyber Espionage Campaigns
2017-06-26 - How Spora ransomware tries to fool antivirus
2017-06-27 - BRONZE UNION Cyberespionage Persists Despite Disclosures
2017-06-27 - Checking out the new Petya variant
2017-06-27 - Neutrino modification for POS-terminals
2017-06-27 - New Ransomware Variant -Nyetya- Compromises Systems Worldwide
2017-06-27 - New WannaCryptor‑like ransomware attack hits globally- All you need to know
2017-06-27 - New ransomware, old techniques- Petya adds worm capabilities
2017-06-27 - Paranoid PlugX
2017-06-27 - Schroedinger’s Pet(ya)
2017-06-28 - CrowdStrike Protects Against NotPetya Attack
2017-06-28 - ExPetr-Petya-NotPetya is a Wiper, Not Ransomware
2017-06-28 - In-Depth Analysis of A New Variant of .NET Malware AgentTesla
2017-06-28 - Why NotPetya Kept Me Awake (& You Should Worry Too)
2017-06-28 - 日本企業を狙う高度なサイバー攻撃の全貌 – BRONZE BUTLER
2017-06-29 - EternalPetya and the lost Salsa20 key
2017-06-29 - Information Stealer Found Hitting Israeli Hospitals
2017-06-29 - NonPetya- no evidence it was a -smokescreen-
2017-06-29 - Ransomware Attacks Continue in Ukraine with Mysterious WannaCry Clone
2017-06-29 - Windows 10 platform resilience against the Petya ransomware attack
2017-06-30 - EternalPetya – yet another stolen piece in the package-
2017-06-30 - From BlackEnergy to ExPetr
2017-06-30 - TeleBots are back- Supply‑chain attacks against Ukraine
2017-07-01 - TrickBot Banking Trojan - DOC00039217.doc
2017-07-02 - ISFB- Still Live and Kicking
2017-07-03 - 'NotPetya' malware attacks could warrant retaliation, says Nato affiliated-researcher
2017-07-03 - NotPetya Technical Analysis Part II- Further Findings and Potential for MBR Recovery
2017-07-03 - Who is behind Petna-
2017-07-04 - Analysis of TeleBots’ cunning backdoor
2017-07-04 - Important information about Night Dragon
2017-07-04 - Industroyer
2017-07-04 - MALSPAM WITH JAVA-BASED RAT
2017-07-05 - New Azer CryptoMix Ransomware Variant Released
2017-07-05 - SLocker Mobile Ransomware Starts Mimicking WannaCry
2017-07-05 - Security 101- The Impact of Cryptocurrency-Mining Malware
2017-07-05 - The MeDoc Connection
2017-07-05 - Trump Zombies- New IoT Zombies Attacking 'In Trump's Name'
2017-07-06 - New KONNI Campaign References North Korean Missile Capabilities
2017-07-07 - 94 .ch & .li domain names hijacked and used for drive-by
2017-07-08 - A VBScript with Obfuscated Base64 Data
2017-07-08 - Analysis of A New Variant of Konni RAT
2017-07-10 - Upatre - Trojan Downloader
2017-07-11 - Ordinypt hat es auf Benutzer aus Deutschland abgesehen
2017-07-11 - Spam Campaign Delivers Cross-platform Remote Access Trojan Adwind
2017-07-12 - A .NET malware abusing legitimate ffmpeg
2017-07-12 - Iranian Hackers Have Been Infiltrating Critical Infrastructure Companies
2017-07-12 - LockPoS Joins the Flock
2017-07-12 - The Magala Trojan Clicker- A Hidden Advertising Threat
2017-07-13 - Meet Ovidiy Stealer- Bringing credential theft to the masses
2017-07-13 - OSX-Dok Refuses to Go Away and It’s After Your Money
2017-07-14 - Keeping up with the Petyas- Demystifying the malware family
2017-07-15 - Mirai BotNet Source Code
2017-07-17 - Android Backdoor GhostCtrl can Silently Record Your Audio, Video, and More
2017-07-17 - It’s baaaack- Public cyber enemy Emotet has returned
2017-07-17 - WMIGhost - Wimmie - WMI malware
2017-07-18 - Linux Users Urged to Update as a New Threat Exploits SambaCry
2017-07-18 - Ten process injection techniques- A technical survey of common and trending process injection techniques
2017-07-19 - 'DarkHotel' APT Uses New Methods to Target Politicians
2017-07-19 - The NukeBot banking Trojan- from rough drafts to real threats
2017-07-20 - Rurktar - Spyware under Construction
2017-07-20 - Stantinko- A massive adware campaign operating covertly since 2012
2017-07-24 - Bye, bye Petya! Decryptor for old versions released.
2017-07-24 - Let's Learn- Reversing Credential and Payment Card Information Stealer 'AZORult V2'
2017-07-24 - Real News, Fake Flash- Mac OS X Users Targeted
2017-07-24 - Spring Dragon – Updated Activity
2017-07-24 - The Seamless Campaign Drops Ramnit. Follow-up Malware- AZORult Stealer, Smoke Loader, etc.
2017-07-25 - Dridex Loot
2017-07-25 - HawkEye Credential Theft Malware Distributed in Recent Phishing Campaign
2017-07-25 - “Perverse” malware infecting hundreds of Macs remained undetected for years
2017-07-25 - “Tick” Group Continues Attacks
2017-07-27 - After Big Takedown Efforts, 20 More BankBot Mobile Malware Apps Make It Into Google Play
2017-07-27 - ChessMaster Makes its Move- A Look into the Campaign’s Cyberespionage Arsenal
2017-07-27 - New Version of “Trickbot” Adds Worm Propagation Module
2017-07-27 - OilRig Uses ISMDoor Variant; Possibly Linked to Greenbug Threat Group
2017-07-27 - The Curious Case of Mia Ash- Fake Persona Lures Middle Eastern Targets
2017-07-27 - With Fake News And Femmes Fatales, Iran's Spies Learn To Love Facebook
2017-07-31 - A new era in mobile banking Trojans
2017-07-31 - FIN7-Carbanak threat actor unleashes Bateleur JScript backdoor
2017-07-31 - TwoFace Webshell- Persistent Access Point for Lateral Movement
2017-08-01 - Prince of Persia – Ride the Lightning- Infy returns as “Foudre”
2017-08-01 - TrickBot comes up with new tricks- attacking Outlook and browsing data
2017-08-02 - A Look at JS_POWMET, a Completely Fileless Malware
2017-08-02 - Malspam delivers Xtreme RAT 8-1-2017
2017-08-03 - Taking the FIRST look at Crypt0l0cker
2017-08-04 - Smoke Loader Adds Additional Obfuscation Methods to Mitigate Analysis
2017-08-05 - Analysis of New GlobeImposter Ransomware Variant
2017-08-07 - Backdoor-carrying Emails Set Sights on Russian-speaking Businesses
2017-08-07 - New Variants of Agent.BTZ-ComRAT Found- The Threat That Hit The Pentagon In 2008 Still Evolving; Part 1-2
2017-08-08 - HBO breach accomplished with hard work by hacker, poor security practices by victim
2017-08-08 - WTF is Mughthesec!-
2017-08-09 - The return of Mamba ransomware
2017-08-10 - Globe Imposter Ransomware Makes a New Run
2017-08-10 - Weltweite Spamwelle verbreitet teuflische Variante des Locky
2017-08-11 - Ukrainian Man Arrested, Charged in NotPetya Distribution
2017-08-13 - Analysis of APT28 hospitality malware (Part 2)
2017-08-14 - The Blockbuster Saga Continues
2017-08-15 - A Quick Look at a New KONNI RAT Variant
2017-08-15 - Secrets of Cobalt
2017-08-15 - ShadowPad in corporate networks
2017-08-16 - Locky Ransomware switches to the Lukitus extension for Encrypted Files
2017-08-16 - Quick look at another Alina fork- XBOT-POS
2017-08-16 - SyncCrypt Ransomware Hides Inside JPG Files Appends KK Extension
2017-08-17 - HBO Twitter and Facebook Accounts Hacked by OurMine
2017-08-17 - Turla APT actor refreshes KopiLuwak JavaScript backdoor for use in G20-themed attack
2017-08-18 - Inside the Kronos malware – part 1
2017-08-18 - KOVTER- An Evolving Malware Gone Fileless
2017-08-20 - return of fake UPS cannot deliver malspam with an updated nemucod ransomware and Kovter payload
2017-08-21 - Cyberespionage Group Turla Deploys Backdoor Ahead of G20 Task Force Summit
2017-08-22 - Gamescom 2017- It’s all fun and games until black hats step in
2017-08-22 - Phishing attack at Raiffeisen Bank by MazarBot
2017-08-23 - CSGO Hacks for Mac That You Shouldnt Trust
2017-08-23 - Deep Analysis of New Poison Ivy Variant
2017-08-23 - The Seamless Campaign Isn’t Losing Any Steam
2017-08-24 - Bad Rabbit- Not‑Petya is back with improved ransomware
2017-08-24 - Crystal Finance Millennium used to spread malware
2017-08-24 - Defray - New Ransomware Targeting Education and Healthcare Verticals
2017-08-24 - Malicious Chrome Extensions Stealing Roblox In-Game Currency, Sending Cookies via Discord
2017-08-24 - Naikon Targeted Attacks
2017-08-24 - New Defray Ransomware Targets Education and Healthcare Verticals
2017-08-25 - New Arena Crysis Ransomware Variant Released
2017-08-25 - Operation RAT Cook- Chinese APT actors use fake Game of Thrones leaks as lures
2017-08-25 - Schtasks-Backdoor
2017-08-25 - The WireX Botnet- How Industry Collaboration Disrupted a DDoS Attack
2017-08-26 - US Arrests Chinese Man Involved With Sakula Malware Used in OPM and Anthem Hacks
2017-08-28 - New Nuclear BTCWare Ransomware Released Updated
2017-08-28 - Tech Firms Team Up to Take Down ‘WireX’ Android DDoS Botnet
2017-08-29 - From Onliner Spambot to millions of email's lists and credentials
2017-08-29 - Inside the Kronos malware – part 2
2017-08-29 - Jimmy Nukebot- from Neutrino with love
2017-08-29 - Second Google Chrome Extension Banker Malware in Two Weeks
2017-08-30 - Introducing WhiteBear
2017-08-30 - New ESET research uncovers Gazer, the stealthy backdoor that spies on embassies
2017-08-31 - Cobian RAT - A backdoored RAT
2017-08-31 - Lookout discovers sophisticated xRAT malware tied to 2014 “Xsser - mRAT” surveillance campaign against Hong Kong protesters
2017-08-31 - Updated KHRAT Malware Used in Cambodia Attacks
2017-09-01 - EHDevel – The story of a continuously improving advanced threat creation toolkit
2017-09-01 - EITest- HoeflerText Popups Targeting Google Chrome Users Now Push RAT Malware
2017-09-01 - New Android Trojan - Red Alert 2.0 - Targeting Banks and Social Apps
2017-09-01 - Vxer is offering Cobian RAT in the underground, but it is backdoored
2017-09-04 - Despite appearances, WikiLeaks wasn’t hacked
2017-09-05 - Graftor - But I Never Asked for This…
2017-09-05 - Kingdom targeted by new malware
2017-09-05 - Rehashed RAT Used in APT Campaign Against Vietnamese Organizations
2017-09-05 - The Mirai Botnet- A Look Back and Ahead At What's Next
2017-09-06 - Analysing a 10-Year-Old SNOWBALL
2017-09-06 - ShadowBrokers are back demanding nearly $4m and offering 2 dumps per month
2017-09-07 - EMOTET Returns, Starts Spreading via Spam Botnet
2017-09-07 - New NSA Data Dump- ShadowBrokers Release UNITEDRAKE Malware
2017-09-09 - Vault 8- Hive
2017-09-11 - “Re- Details” Malspam Downloads CoreBot Banking Trojan
2017-09-12 - FireEye Uncovers CVE-2017-8759- Zero-Day Used in the Wild to Distribute FINSPY,FireEye Uncovers CVE-2017-8759- Zero-Day Used in the Wild to Distribute FINSPY
2017-09-12 - ThunderShell
2017-09-13 - New Variants of Agent.BTZ-ComRAT Found- The Threat That Hit The Pentagon In 2008 Still Evolving; Part 2-2
2017-09-15 - Deep Analysis of New Poison Ivy-PlugX Variant - Part II
2017-09-15 - Trojan-Win32-Enviserv.A
2017-09-15 - Trojan-Win32-Spyeye
2017-09-15 - TrojanSpy-Win32-Usteal
2017-09-15 - Welp, Vevo Just Got Hacked
2017-09-18 - An (un)documented Word feature abused by attackers
2017-09-18 - CCleanup- A Vast Number of Machines at Risk
2017-09-18 - Casting a Light on BlackEnergy
2017-09-18 - Morphisec Discovers CCleaner Backdoor Saving Millions of Avast Users
2017-09-19 - A Look Into The New Strain Of BankBot
2017-09-19 - A Modern Hypervisor as a Basis for a Sandbox
2017-09-20 - CCleaner Command and Control Causes Concern
2017-09-20 - Evidence Aurora Operation Still Active- Supply Chain Attack Through CCleaner
2017-09-20 - Insights into Iranian Cyber Espionage- APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware
2017-09-20 - Is Hajime botnet dead-
2017-09-20 - Progress on CCleaner Investigation
2017-09-20 - Red Alert 2.0 Android Trojan Spreads Via Third Party App Stores
2017-09-20 - The CCleaner Malware Fiasco Targeted at Least 18 Specific Tech Firms
2017-09-20 - The Formidable FormBook Form Grabber
2017-09-21 - APT33- New Insights into Iranian Cyber Espionage Group
2017-09-21 - Avast Threat Labs analysis of CCleaner incident
2017-09-21 - Fake IRS notice delivers customized spying tool
2017-09-21 - New FinFisher surveillance campaigns- Internet providers involved-
2017-09-21 - Rig EK via Rulan drops an Infostealer
2017-09-21 - This Ransomware Demands Nudes Instead of Bitcoin
2017-09-22 - EternalBlue Exploit Used in Retefe Banking Trojan Campaign
2017-09-22 - NRansom- Ransomware that demands your nudes
2017-09-25 - A simple example of a complex cyberattack
2017-09-25 - Additional information regarding the recent CCleaner APT security incident
2017-09-25 - Analyzing the Various Layers of AgentTesla’s Packing
2017-09-26 - Defray Ransomware Hits Healthcare and Education
2017-09-26 - Elaborate scripting-fu used in espionage attack against Saudi Arabia Government entity
2017-09-26 - Striking Oil- A Closer Look at Adversary Infrastructure
2017-09-26 - XPCTRA Malware Steals Banking and Digital Wallet User's Credentials
2017-09-27 - Threat Actor Profile- TA505, From Dridex to GlobeImposter
2017-09-28 - Money‑making machine- Monero‑mining malware
2017-09-28 - Threat Actors Target Government of Belarus Using CMSTAR Trojan
2017-09-29 - Ramnit – in-depth analysis
2017-10-02 - Evidence Aurora Operation Still Active Part 2- More Ties Uncovered Between CCleaner Hack & Chinese Hackers
2017-10-03 - The Flusihoc Dynasty, A Long Standing DDoS Botnet
2017-10-04 - Protecting the Software Supply Chain- Deep Insights into the CCleaner Backdoor
2017-10-05 - Analysis of a malicious DOC used by Turla APT group; hunting persistence via PowerShell
2017-10-05 - FreeMilk- A Highly Targeted Spear Phishing Campaign
2017-10-05 - Industroyer- Biggest threat to industrial control systems since Stuxnet
2017-10-05 - SYSCON Backdoor Uses FTP as a C&C Channel
2017-10-05 - Significant FormBook Distribution Campaigns Impacting the U.S. and South Korea
2017-10-09 - OilRig Group Steps Up Attacks with New Delivery Documents and New Injector Trojan
2017-10-10 - ATMii- a small but effective ATM robber
2017-10-10 - LokiBot - The first hybrid Android malware
2017-10-10 - Malvertising Campaign Uses RIG EK to Drop Quant Loader which Downloads FormBook.
2017-10-11 - More info on 'Evolved DNSMessenger'
2017-10-11 - Spoofed SEC Emails Distribute Evolved DNSMessenger
2017-10-11 - TrickBot Takes to Latin America, Continues to Expand Its Global Reach
2017-10-12 - BRONZE BUTLER Targets Japanese Enterprises
2017-10-12 - Emotet beutet Outlook aus
2017-10-12 - The Beer Drinker’s Guide to SAML
2017-10-13 - Blank Slate Malspam Stops Pushing Locky, Starts Pushing Sage 2.2 Randsomware
2017-10-13 - DoubleLocker- Innovative Android Ransomware
2017-10-13 - FIN7 Dissected- Hackers Accelerate Pace of Innovation
2017-10-13 - Rig EK via Malvertising drops a Smoke Loader leading to a Miner and AZORult
2017-10-16 - BlackOasis APT and new targeted attacks leveraging zero-day exploit
2017-10-16 - CoalaBot- http Ddos Bot
2017-10-16 - Leviathan- Espionage actor spearphishes maritime and defense targets
2017-10-16 - Taiwan Heist- Lazarus Tools and Ransomware
2017-10-17 - WaterMiner – a New Evasive Crypto-Miner
2017-10-18 - Magniber ransomware- exclusively for South Koreans
2017-10-19 - A New IoT Botnet Storm is Coming
2017-10-19 - A deeper look at Tofsee modules
2017-10-19 - APT28 racing to exploit CVE-2017-11292 Flash vulnerability before patches are deployed
2017-10-20 - Dragonfly- Western energy sector targeted by sophisticated attack group
2017-10-20 - IoT_reaper- A Rappid Spreading New IoT Botnet
2017-10-20 - JadeRAT mobile surveillanceware spikes in espionage activity
2017-10-20 - OSX-Proton spreading again through supply‑chain attack
2017-10-22 - “Cyber Conflict” Decoy Document Used In Real Cyber Conflict
2017-10-23 - Reaper- Calm Before the IoT Security Storm-
2017-10-24 - Bad Rabbit ransomware
2017-10-24 - Bad Rabbit- Not‑Petya is back with improved ransomware
2017-10-24 - New Ransomware Linked to NotPetya Sweeps Russia and Ukraine
2017-10-24 - NotPetya Returns as Bad Rabbit
2017-10-24 - Threat Spotlight- Follow the Bad Rabbit
2017-10-25 - Down the Rabbit Hole- Tracking the BadRabbit Ransomware to a Long Ongoing Campaign of Target Selection
2017-10-25 - SnatchLoader Reloaded
2017-10-26 - BACKSWING - Pulling a BADRABBIT Out of a Hat
2017-10-26 - Keranger- the first “in-the-wild” ransomware for Macs. But certainly not the last
2017-10-26 - New htpRAT Gives Complete Remote Control Capabilities to Chinese Cyber Threat Actors
2017-10-26 - ReversingLabs' YARA rule detects BadRabbit encryption routine specifics
2017-10-27 - Bahamut Revisited, More Cyber Espionage in the Middle East and South Asia
2017-10-27 - British security minister says North Korea was behind WannaCry hack on NHS
2017-10-27 - The big difference with Bad Rabbit
2017-10-27 - Threat Round Up for Oct 20 - Oct 27
2017-10-27 - Tracking Subaat Targeted Phishing Attack Leads to Threat Actors Repository
2017-10-27 - Tracking Subaat- Targeted Phishing Attack Leads to Threat Actor’s Repository
2017-10-27 - XiaoBa Ransomware
2017-10-29 - Sality Configuration Extractor (sality_extractor.py)
2017-10-30 - Coin Miner Mobile Malware Returns, Hits Google Play
2017-10-30 - Gaza Cybergang – updated activity in 2017-
2017-10-30 - Windigo Still not Windigone- An Ebury Update
2017-10-31 - Analyzing malware by API calls
2017-10-31 - Expiro Malware Is Back and Even Harder to Remove
2017-10-31 - ONI Ransomware Used in Month-Long Attacks Against Japanese Companies
2017-11-01 - CryptoShuffler Stole $150,000 by Replacing Bitcoin Wallet IDs in PC Clipboards
2017-11-01 - Everybody Gets One- QtBot Used to Distribute Trickbot and Locky
2017-11-01 - Silence of the Moles
2017-11-01 - Silence – a new Trojan attacking financial organizations
2017-11-01 - VB2017 - Offensive Malware Analysis - Dissecting OSX-FruitFly.B Via a Custom C&C Server
2017-11-02 - ADVENTURES WITH SMOKE LOADER
2017-11-02 - New Insights into Energetic Bear’s Watering Hole Cyber Attacks on Turkish Critical Infrastructure
2017-11-02 - Poisoning the Well- Banking Trojan Targets Google Search Results
2017-11-02 - Recent InPage Exploits Lead to Multiple Malware Families
2017-11-02 - The KeyBoys are back in town
2017-11-04 - How the FBI Took Down Russia's Spam King—And His Massive Botnet
2017-11-05 - Let's Learn- Lethic Spambot & Survey of Anti-Analysis Techniques
2017-11-06 - Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks
2017-11-07 - Locky Ransomware
2017-11-07 - REDBALDKNIGHT-BRONZE BUTLER’s Daserf Backdoor Now Using Steganography
2017-11-07 - Sowbug- Cyber espionage group targets South American and Southeast Asian governments
2017-11-08 - A short journey into DarkVNC attack chain
2017-11-08 - Analysis of an active USB flash drive virus
2017-11-08 - OilRig Deploys “ALMA Communicator” – DNS Tunneling Trojan
2017-11-08 - Overlay RAT Malware Uses AutoIt Scripting to Bypass Antivirus Detection
2017-11-09 - He Perfected a Password-Hacking Tool—Then the Russians Came Calling
2017-11-09 - Ordinypt Ransomware Intentionally Destroys Files, Currently Targeting Germany
2017-11-10 - CCleaner Stage 2- In-Depth Analysis of the Payload
2017-11-10 - New Malware with Ties to SunOrcal Discovered
2017-11-12 - Let's Learn- Dissecting Golroted Trojan's Process Hollowing Technique & UAC Bypass in HKCU-Environment
2017-11-12 - Seamless Campaign Delivers Ramnit via RIG EK at 188.225.82.158. Follow-up Malware is AZORult Stealer.
2017-11-13 - IcedID Banking Trojan Shares Code with Pony 2.0 Trojan
2017-11-13 - New Banking Trojan IcedID Discovered by IBM X-Force Research
2017-11-14 - Alert (TA17-318B)- HIDDEN COBRA – North Korean Trojan- Volgmer
2017-11-14 - HIDDEN COBRA – North Korean Remote Administration Tool- FALLCHILL
2017-11-14 - IceID Banking Trojan Targeting Banks, Payment Card Providers, E-Commerce Sites
2017-11-14 - Muddying the Water- Targeted Attacks in the Middle East
2017-11-15 - New EMOTET Hijacks a Windows API, Evades Sandbox and Analysis
2017-11-16 - CACTUSTORCH- Payload Generation for Adversary Simulations
2017-11-16 - Tropic Trooper goes mobile with Titan surveillanceware
2017-11-17 - [Part 1] - Analysing the New Linux-AES.DDoS IoT Malware
2017-11-19 - Iranian agents blackmailed BBC reporter with ‘naked photo’ threats
2017-11-20 - Android Malware Appears Linked to Lazarus Cybercrime Group
2017-11-20 - Cobalt Strikes Again- Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks
2017-11-20 - OSX.Proton spreading through fake Symantec blog
2017-11-20 - Operation Blockbuster Goes Mobile
2017-11-21 - Let's Learn- Trickbot Socks5 Backconnect Module In Detail
2017-11-21 - New campaigns spread banking malware through Google Play
2017-11-22 - A dive into MuddyWater APT targeting Middle-East
2017-11-22 - Trickbot Gang Evolves, Incorporates Account Checking Into Hybrid Attack Model
2017-11-23 - NECURS BOTNET MALSPAM PUSHES -SCARAB- RANSOMWARE
2017-11-24 - Mirai Activity Picks up Once More After Publication of PoC Exploit Code
2017-11-26 - Source Code of HIVE
2017-11-28 - Gaffe Reveals Full List of Targets in Spear Phishing Attack Using Cobalt Strike Against Financial Institutions
2017-11-28 - Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection
2017-11-28 - OSX.CPUMEANER New Cryptocurrency Mining Trojan Targets MacOS
2017-11-28 - ROKRAT Reloaded
2017-12 - Nine circles of Cerber
2017-12 - TRISIS- Analyzing Safety System Targeting Malware
2017-12-01 - Advanced Persistent Threat Groups
2017-12-02 - Scarabey Ransomware
2017-12-03 - Notes on Linux-BillGates
2017-12-04 - Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda)
2017-12-04 - New method of macro malware disguised as defense-related files
2017-12-05 - Warning- Satori, a Mirai Branch Is Spreading in Worm Style on Port 37215 and 52869
2017-12-06 - Champing at the Cyberbit Ethiopian Dissidents Targeted with New Commercial Spyware
2017-12-06 - Recam Redux - DeConfusing ConfuserEx
2017-12-07 - A Peculiar Case of Orcus RAT Targeting Bitcoin Investors
2017-12-07 - New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit
2017-12-08 - GratefulPOS credit card stealing malware - just in time for the shopping season
2017-12-08 - Interesting disguise employed by new Mac malware HiddenLotus
2017-12-08 - StrongPity2 spyware replaces FinFisher in MitM campaign – ISP involved-
2017-12-09 - 10 Years of Targeted Credential Phishing
2017-12-11 - Banking malware on Google Play targets Polish banks
2017-12-11 - BrickerBot Author Retires Claiming to Have Bricked over 10 Million IoT Devices
2017-12-11 - Malware – Snatch Loader- Reloaded
2017-12-11 - MoneyTaker- in pursuit of the invisible
2017-12-11 - OilRig Performs Tests on the TwoFace Webshell
2017-12-12 - MoneyTaker Hacker Group Steals Millions from US and Russian Banks
2017-12-13 - Maker of sneaky Mac adware sends security researcher cease-and-desist letters
2017-12-13 - Mirai IoT Botnet Co-Authors Plead Guilty
2017-12-13 - Tyupkin ATM Malware- Take The Money Now Or Never!
2017-12-13 - Update- Let's Learn- Reversing FIN6 -GratefulPOS- aka -FrameworkPOS- Point-of-Sale Malware in-Depth
2017-12-13 - WORK Cryptomix Ransomware Variant Released
2017-12-14 - APT32
2017-12-14 - Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure
2017-12-14 - Zeus Panda Banking Trojan Targets Online Holiday Shoppers
2017-12-15 - In depth analysis of malware exploiting CVE-2017-11826
2017-12-15 - Introducing the Adversary Playbook- First up, OilRig
2017-12-18 - Collaborative Takedown Kills IoT Worm 'Satori'
2017-12-18 - Jack of all trades
2017-12-18 - MedusaHTTP DDoS Slithers Back into the Spotlight
2017-12-18 - New GnatSpy Mobile Malware Family Discovered
2017-12-19 - BrickerBot mod_plaintext Analysis
2017-12-19 - Cyberespionage Campaign Sphinx Goes Mobile With AnubisSpy
2017-12-19 - Let's Learn- Introducing New Trickbot LDAP -DomainGrabber- Module
2017-12-19 - North Korea Bitten by Bitcoin Bug- Financially motivated campaigns reveal new dimension of the Lazarus Group
2017-12-19 - Novel Excel Spreadsheet Attack Launches Password Stealing Malware Loki Bot
2017-12-20 - An End to “Smash-and-Grab” and a Move to More Targeted Approaches
2017-12-20 - Mining Insights- Infrastructure Analysis of Lazarus Group Cyber Attacks on the Cryptocurrency Industry
2017-12-20 - New version of mobile malware Catelites possibly linked to Cron cyber gang
2017-12-21 - Sednit update- How Fancy Bear Spent the Year
2017-12-22 - MALSPAM USES CVE-2017-0199 TO DISTRIBUTE REMCOS RAT
2017-12-22 - New DOC GlobeImposter Ransomware Variant Malspam Campaign Underway
2017-12-27 - Let's Learn- Cutlet ATM Malware Internals
2017-12-28 - PandaZeuS’s Christmas Gift- Change in the Encryption scheme
2017-12-30 - Analysis DarkSky Botnet
Malware Analysis 2018
2018-01-01 - Analyzing Ramnit used in Seamless campaign2018-01-04 - Iran’s Cyber Ecosystem- Who Are the Threat Actors-
2018-01-04 - MALSPAM PUSHING PCRAT-GH0ST
2018-01-06 - Ostap malware analysis (Backswap dropper)
2018-01-08 - SkyRAT Powershell RAT
2018-01-09 - BestKorea
2018-01-10 - Analysis of BlackTech's latest APT attack
2018-01-10 - Hack Brief- Russian Hackers Release Apparent IOC Emails in Wake of Olympic Ban
2018-01-10 - Taiwanese cops give malware-laden USB sticks as prizes for security quiz
2018-01-11 - Ay MaMi
2018-01-11 - Malspam Entitled “Invoice attched for your reference” Delivers Agent Tesla Keylogger
2018-01-12 - Fake Spectre and Meltdown patch pushes Smoke Loader malware
2018-01-12 - Holiday lull- Not so much
2018-01-12 - Malware Displaying Porn Ads Discovered in Game Apps on Google Play
2018-01-12 - Sonja Analysis
2018-01-15 - Bootkits are not dead. Pitou is back!
2018-01-15 - GlobeImposter ransomware- A holiday gift from the Necurs botnet
2018-01-15 - New KillDisk Variant Hits Financial Organizations in Latin America
2018-01-16 - Analyzing the TRITON industrial malware
2018-01-16 - Anatomy of the thread suspension mechanism in Windows (Windows Internals)
2018-01-16 - First Activities of Cobalt Group in 2018- Spear Phishing Russian Banks
2018-01-16 - GlobeImposter Ransomware
2018-01-16 - Korea In The Crosshairs
2018-01-16 - Skygofree- Following in the footsteps of HackingTeam
2018-01-16 - Threat Spotlight- LockPOS Point of Sale Malware
2018-01-17 - A coin miner with a “Heaven’s Gate”
2018-01-17 - Art of Steal- Satori Variant is Robbing ETH BitCoin by Replacing Wallet Address
2018-01-17 - Exobot Author Calls It Quits and Sells Off Banking Trojan Source Code
2018-01-17 - Microsoft Office Vulnerabilities Used to Distribute Zyklon Malware in Recent Campaign
2018-01-17 - Reviewing the spam filters- Malspam pushing Gozi-ISFB
2018-01-17 - Turla group malware
2018-01-17 - Zumanek- novo malware tenta roubar credenciais de serviços das vítimas
2018-01-18 - The ARC of Satori
2018-01-21 - Evrial Trojan Switches Bitcoin Addresses Copied to Windows Clipboard
2018-01-22 - Op EvilTraffic CSE CybSec ZLAB Malware Analysis Report – Exclusive, tens of thousands of compromised sites involved in a new massive malvertising campaign
2018-01-22 - Paradise Ransomware strikes again
2018-01-22 - SamSam - The Evolution Continues Netting Over $325,000 in 4 Weeks
2018-01-22 - This hacking gang just updated the malware it uses against UK targets
2018-01-23 - A Walk-Through Tutorial, with Code, on Statically Unpacking the FinSpy VM- Part One, x86 Deobfuscation
2018-01-23 - Espionage Campaign Leverages Spear Phishing, RATs Against Turkish Defense Contractors
2018-01-23 - Maldoc (RTF) drops Loda Logger
2018-01-23 - Satori Author Linked to New Mirai Variant Masuta
2018-01-23 - Uncovering 2017’s Largest Malvertising Operation
2018-01-24 - A Look into the Lazarus Group’s Operations
2018-01-24 - Analyzing CrossRAT- A cross-platform implant, utilized in a global cyber-espionage campaign
2018-01-24 - Lazarus Campaign Targeting Cryptocurrencies Reveals Remote Controller Tool, an Evolved RATANKBA, and More
2018-01-24 - New HNS IoT Botnet Has Already Amassed 14K Bots
2018-01-24 - New Hide ‘N Seek IoT Botnet using custom-built Peer-to-Peer communication spotted in the wild
2018-01-25 - OilRig uses RGDoor IIS Backdoor on Targets in the Middle East
2018-01-25 - WannaMine Cryptomining- Harmless Nuisance or Disruptive Threat-
2018-01-26 - FriedEx- BitPaymer ransomware the work of Dridex authors
2018-01-26 - The TopHat Campaign- Attacks Within The Middle East Region Using Popular Third-Party Services
2018-01-26 - The Velso Ransomware Being Manually Installed by Attackers
2018-01-29 - GandCrab Ransomware Distributed by Exploit Kits Appends GDCB Extension
2018-01-29 - Let's Learn- Dissecting FormBook Infostealer Malware- Crypter & -RunLib.dll-
2018-01-29 - VERMIN- Quasar RAT and Custom Malware Used In Ukraine
2018-01-29 - Weekly TrickBot Analysis - End of w-c 22-Jan-2018 to 1000119
2018-01-30 - GandCrab ransomware distributed by RIG and GrandSoft exploit kits (updated)
2018-01-31 - Smominru Monero mining botnet making millions for operators
2018-01-31 - What are “WannaMine” attacks, and how do I avoid them-
2018-02-01 - JenX – Los Calvos de San Calvicie
2018-02-01 - Operation PZChao- a possible return of the Iron Tiger APT
2018-02-01 - Quick Test Drive of Trickbot (It now has a Monero Module)
2018-02-02 - Break Out Of The Tinynuke Malware
2018-02-02 - Gold Dragon Widens Olympics Malware Attacks, Gains Permanent Presence on Victims’ Systems
2018-02-02 - New Mac cryptominer distributed via a MacUpdate hack
2018-02-03 - Attacks Leveraging Adobe Zero-Day (CVE-2018-4878) – Threat Attribution, Attack Scenario and Recommendations
2018-02-04 - DorkBot- An Investigation
2018-02-04 - MALWARE ANALYSIS – PLUGX
2018-02-05 - Analyzing OSX-CreativeUpdater
2018-02-07 - Compromised Servers & Fraud Accounts- Recent Hancitor Attacks
2018-02-07 - RAT Trapped- LuminosityLink Falls Foul of Vermin Eradication Efforts
2018-02-07 - Targeted Attacks In The Middle East
2018-02-07 - Threat Spotlight- URSNIF Infostealer Malware
2018-02-08 - A review of the evolution of Andromeda over the years before we say goodbye
2018-02-08 - DarkSky Botnet
2018-02-08 - GandCrab Ransomware Being Distributed Via Malspam Disguised as Receipts
2018-02-08 - How not to use a driver to execute code with kernel privileges
2018-02-08 - MBRlock Ransomware
2018-02-08 - Meet CrowdStrike’s Adversary of the Month for February- MUMMY SPIDER
2018-02-08 - Merlin for Red Teams
2018-02-08 - ShurL0ckr Ransomware as a Service Peddled on Dark Web, can Reportedly Bypass Cloud Applications
2018-02-08 - UDPoS - exfiltrating credit card data via DNS
2018-02-09 - Black Ruby Ransomware Skips Victims in Iran and Adds a Miner for Good Measure
2018-02-09 - DexCrypt MBRLocker Demands 30 Yuan To Gain Access to Computer
2018-02-12 - Lazarus Resurfaces, Targets Global Banks and Bitcoin Users
2018-02-12 - New Satori Botnet Variant Enslaves Thousands of Dasan WiFi Routers
2018-02-12 - Olympic Destroyer Takes Aim At Winter Olympics
2018-02-13 - Lotus Blossom Continues ASEAN Targeting
2018-02-13 - Stopping Olympic Destroyer- New Process Injection Insights
2018-02-14 - Reversing Py2Exe binaries
2018-02-15 - Malspam delivers Keybase keylogger
2018-02-15 - Olympic Destroyer
2018-02-15 - SamSam Ransomware Campaigns
2018-02-15 - SamSam- Converting Opportunity into Profit
2018-02-15 - TrickBot’s Cryptocurrency Hunger- Tricking the Bitcoin Out of Wallets
2018-02-16 - New jRAT-Adwind Variant Being Spread With Package Delivery Scam
2018-02-17 - Tearing Apart the Undetected (OSX)Coldroot RAT
2018-02-20 - A Slice of 2017 Sofacy Activity
2018-02-20 - APT37 (Reaper)- The Overlooked North Korean Actor
2018-02-20 - Latest Elise APT comes packed with Sandbox Evasions
2018-02-21 - Avast tracks down Tempting Cedar Spyware
2018-02-21 - FinSpy VM Unpacking Tutorial Part 3- Devirtualization. Phase #1- Deobfuscating FinSpy VM Bytecode Programs
2018-02-21 - FinSpy VM Unpacking Tutorial Part 3- Devirtualization. Phase #2- First Attempt At Devirtualization
2018-02-21 - FinSpy VM Unpacking Tutorial Part 3- Devirtualization. Phase #3- Fixing The Function-Related Issues
2018-02-21 - FinSpy VM Unpacking Tutorial Part 3- Devirtualization. Phase #4- Second Attempt At Devirtualization
2018-02-21 - FinSpy VM Unpacking Tutorial Part 3- Devirtualization
2018-02-21 - FinSpyVM (Static Unpacker for FinSpyVM)
2018-02-21 - Olympic Destroyer- A new Candidate in South Korea
2018-02-22 - Let's Learn- Deeper Dive into Ramnit Banker -VNC IFSB- Remote Control Module
2018-02-23 - Avzhan DDoS bot dropped by Chinese drive-by attack
2018-02-23 - OopsIE! OilRig Uses ThreeDollars to Deliver New Trojan
2018-02-26 - Analyzing the nasty .NET protection of the Ploutus.D malware
2018-02-26 - Anatomy of the Process Environment Block (PEB) (Windows Internals)
2018-02-26 - Nanocore RAT Author Gets 33 Months in Prison
2018-02-26 - Thanatos Ransomware Is First to Use Bitcoin Cash Messes Up Encryption
2018-02-26 - Who Wasn’t Responsible for Olympic Destroyer-
2018-02-27 - Dissecting Hancitor’s Latest 2018 Packer
2018-02-28 - Black Ruby- Combining Ransomware and Coin Miner Malware
2018-02-28 - CannibalRAT targets Brazil
2018-02-28 - Chafer- Latest Attacks Reveal Heightened Ambitions
2018-02-28 - Sofacy Attacks Multiple Government Entities
2018-03-01 - Blast from the past- stowaway Virut delivered with Chinese DDoS bot
2018-03-01 - FinFisher exposed- A researcher’s tale of defeating traps, tricks, and complex virtual machines
2018-03-02 - Analysing Remcos RAT’s executable
2018-03-02 - McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups
2018-03-02 - Spear-phishing campaign leveraging on MSXSL
2018-03-02 - Tales of a Threat Hunter 2 Following the trace of WMI Backdoors & other nastiness
2018-03-05 - Sure, I’ll take that! New ComboJack Malware Alters Clipboards to Steal Cryptocurrency
2018-03-05 - Suricata rules to detect Winnti communication
2018-03-06 - Gozi ISFB Remains Active in 2018, Leverages -Dark Cloud- Botnet For Distribution
2018-03-07 - Leaked Ammyy Admin Source Code Turned into Malware
2018-03-07 - Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent
2018-03-07 - Ransomware news- GlobeImposter gets a facelift, GandCrab is still out there
2018-03-08 - Donot Team Leverages New Modular Malware Framework in South Asia
2018-03-08 - Hidden Cobra Targets Turkish Financial Sector With New Bankshot Implant
2018-03-08 - New investigations into the CCleaner incident point to a possible third stage that had keylogger capacities
2018-03-08 - OlympicDestroyer is here to trick the industry
2018-03-08 - The devil’s in the Rich header
2018-03-09 - Cloning chip-and-PIN cards- Brazilian job
2018-03-09 - From Russia(-) with Code
2018-03-09 - Masha and these Bears - 2018 Sofacy Activity
2018-03-09 - New traces of Hacking Team in the wild
2018-03-09 - Sandvine’s PacketLogic Devices Used to Deploy Government Spyware in Turkey and Redirect Egyptian Users to Affiliate Ads-
2018-03-09 - The Slingshot APT FAQ
2018-03-10 - APT15 is alive and strong- An analysis of RoyalCli and RoyalDNS
2018-03-12 - A Study of RATs- Third Timeline Iteration
2018-03-12 - Campaign Possibly Connected to “MuddyWater” Surfaces in the Middle East and Central Asia
2018-03-12 - Python decryptor for newer AdWind config file
2018-03-13 - HenBox- The Chickens Come Home to Roost
2018-03-13 - Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign
2018-03-13 - New Variant of BankBot Banking Trojan Ups Ante, Cashes Out on Android Users
2018-03-13 - Time of death- A therapeutic postmortem of connected medicine
2018-03-14 - Inception Framework- Alive and Well, and Hiding Behind Proxies
2018-03-14 - New POS Malware PinkKite Takes Flight
2018-03-14 - Tropic Trooper’s New Strategy
2018-03-16 - Royal APT - APT15 Repository
2018-03-16 - Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries
2018-03-20 - Kaspersky's 'Slingshot' report burned an ISIS-focused intelligence operation
2018-03-20 - Rootkit Umbreon - Umreon - x86, ARM samples
2018-03-20 - TeleRAT- Another Android Trojan Leveraging Telegram’s Bot API to Target Iranian Users
2018-03-20 - Tweet on Unlock92 Ransomware
2018-03-21 - Fobos Malvertising Campaign Delivers Bunitu Proxy Trojan via RIG EK
2018-03-21 - GrayBird-Colony
2018-03-21 - TrickBot Banking Trojan Adapts with New Module
2018-03-22 - GhostMiner- Cryptomining Malware Goes Fileless
2018-03-22 - Glupteba is no longer part of Windigo
2018-03-23 - Nine Iranians Charged With Conducting Massive Cyber Theft Campaign on Behalf of the Islamic Revolutionary Guard Corps
2018-03-23 - Sanny malware delivery method updated in recently observed attacks.
2018-03-23 - The AVCrypt Ransomware Tries To Uninstall Your AV Software
2018-03-25 - Let's Learn- Internals of Iranian-Based Threat Group -Chafer- Malware- Autoit and PowerShell Persistence
2018-03-26 - Silent Librarian- More to the Story of the Iranian Mabna Institute Indictment
2018-03-27 - Evolving Trickbot Adds Detection Evasion and Screen-Locking Features
2018-03-27 - Panda Banker Zeros in on Japanese Targets
2018-03-28 - An in-depth malware analysis of QuantLoader
2018-03-28 - Dissecting Olympic Destroyer – a walk-through
2018-03-28 - Multi-stage Powershell script (Brownies)
2018-03-28 - Quick summary about the Port 8291 scan
2018-03-29 - ChessMaster Adds Updated Tools to Its Arsenal
2018-03-30 - BADFLICK is not so bad!
2018-03-30 - Reflow JavaScript Backdoor
2018-03-30 - hajime_hashes
2018-04-02 - Fake AV Investigation Unearths KevDroid, New Android Malware
2018-04-03 - Lazarus KillDisks Central American casino
2018-04-03 - Let's Learn- Trickbot Implements Network Collector Module Leveraging CMD, WMI & LDAP
2018-04-04 - Hostile state actors compromising UK organisations with focus on engineering and industrial control companies
2018-04-04 - Hunting down Dofoil with Windows Defender ATP
2018-04-04 - New MacOS Backdoor Linked to OceanLotus Found
2018-04-04 - Smoking Out the Rarog Cryptocurrency Mining Trojan
2018-04-05 - Analysis of New Agent Tesla Spyware Variant
2018-04-05 - Reaper Group’s Updated Mobile Arsenal
2018-04-05 - Silent Librarian University Attacks Continue Unabated in Days Following Indictment
2018-04-10 - IcedID Banking Trojan Teams up with Ursnif-Dreambot for Distribution
2018-04-10 - Maktub ransomware- possibly rebranded as Iron
2018-04-10 - schneiken
2018-04-10 - ‘FakeUpdates’ campaign leverages multiple website platforms
2018-04-12 - APT Trends report Q1 2018
2018-04-12 - Operation Parliament, who is doing what-
2018-04-13 - Let's Learn- In-Depth Dive into Gootkit Banker Version 4 Malware Analysis
2018-04-13 - RadRAT- An all-in-one toolkit for complex espionage ops
2018-04-13 - Say “Cheese”- WebMonitor RAT Comes with C2-as-a-Service (C2aaS)
2018-04-15 - This is Spartacus- new ransomware on the block
2018-04-16 - Malware Analysis- New Trojan Double Dropper
2018-04-16 - RAT Gone Rogue- Meet ARS VBS Loader
2018-04-16 - Searching for the Reuse of Mirai Code- Hide ‘N Seek Bot
2018-04-16 - Smoke Loader malware improves after Microsoft spoils its Campaign
2018-04-16 - TrickBot & UACME
2018-04-17 - Decoding network data from a Gh0st RAT variant
2018-04-17 - Recent findings from CCleaner APT investigation reveal that attackers entered the Piriform network via TeamViewer
2018-04-17 - Reversing the Bandios - Colony Malware
2018-04-17 - SquirtDanger- The Swiss Army Knife Malware from Veteran Malware Author TheBottle
2018-04-18 - APT33
2018-04-18 - GOLD GALLEON- How a Nigerian Cyber Crew Plunders the Shipping Industry
2018-04-18 - Stresspaint Malware Campaign Targeting Facebook Credentials
2018-04-18 - Stresspaint Malware Steals Facebook Credentials and Session Cookies
2018-04-18 - Stresspaint Malware Targeting Facebook Credentials
2018-04-18 - Tens of thousands of Facebook accounts compromised in days by malware
2018-04-19 - XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing
2018-04-20 - Researchers Discover New variants of APT34 Malware
2018-04-20 - XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing
2018-04-22 - Satan ransomware adds EternalBlue exploit
2018-04-23 - Energetic Bear-Crouching Yeti- attacks on servers
2018-04-23 - Muhstik Botnet Exploits Highly Critical Drupal Bug
2018-04-23 - New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia
2018-04-24 - Analyzing Operation GhostSecret- Attack Seeks to Steal Data Worldwide
2018-04-24 - Metamorfo Campaigns Targeting Brazilian Users
2018-04-24 - New Crossrider variant installs configuration profiles on Macs
2018-04-24 - Sednit update- Analysis of Zebrocy
2018-04-26 - GravityRAT - The Two-Year Evolution Of An APT Targeting India
2018-04-26 - Necurs Evolves to Evade Spam Detection via Internet Shortcut File
2018-04-27 - GravityRAT malware takes your system's temperature
2018-04-27 - North Korean Hackers Are up to No Good Again
2018-05-01 - Legitimate Application AnyDesk Bundled with New Ransomware Variant
2018-05-01 - Lojack Becomes a Double-Agent
2018-05-03 - Who’s who in the Zoo
2018-05-04 - Botception with Necurs- Botnet distributes script with bot capabilities
2018-05-07 - EAST Publishes European Fraud Update 2-2018
2018-05-07 - Hide and Seek IoT Botnet resurfaces with new tricks, persistence
2018-05-07 - SynAck targeted ransomware uses the Doppelgänging technique
2018-05-08 - -Hide and Seek- Becomes First IoT Botnet Capable of Surviving Device Reboots
2018-05-08 - Russian hackers posed as IS to threaten military wives
2018-05-09 - Gandcrab Ransomware Walks its Way onto Compromised Sites
2018-05-09 - Malware Analysis - PlugX - Part 2
2018-05-09 - Panda Malware Broadens Targets to Cryptocurrency Exchanges and Social Media
2018-05-09 - The King is dead. Long live the King!
2018-05-10 - TreasureHunter Point-of-Sale Malware and Builder Source Code Leaked
2018-05-11 - Attackers Exploit DLL Hijacking to Bypass SmartScreen
2018-05-12 - MS Crypto Derive Functions
2018-05-12 - PRB-Backdoor - A Fully Loaded PowerShell Backdoor with Evil Intentions
2018-05-14 - A Deep Dive Into RIG Exploit Kit Delivering Grobios Trojan
2018-05-14 - StalinLocker Deletes Your Files Unless You Enter the Right Code
2018-05-15 - IR in Heterogeneous Environment
2018-05-15 - N40, the botnet created in Brazil which evolves to attack the Chilean banking sector
2018-05-15 - PAKISTAN- HUMAN RIGHTS UNDER SURVEILLANCE
2018-05-15 - Swedish sports body says anti-doping unit hit by hacking attack
2018-05-17 - A Wicked Family of Bots
2018-05-17 - Analyzing an AZORult Attack – Evasion in a Cloak of Multiple Layers
2018-05-17 - Gozi V3 Technical Update
2018-05-18 - Meet CrowdStrike’s Adversary of the Month for May- MYTHIC LEOPARD
2018-05-18 - Stealth Mango and Tangelo- Nation state mobile surveillanceware stealing data from military & government officials
2018-05-19 - Malicious Powershell Targeting UK Bank Customers
2018-05-21 - An In-Depth Analysis of Samsam Ransomware and BOSS SPIDER
2018-05-21 - Decrypting APT33’s Dropshot Malware with Radare2 and Cutter – Part 1
2018-05-21 - Tiny SHell
2018-05-22 - Nmap Script to scan for Winnti infections
2018-05-22 - The destruction of APT3
2018-05-22 - Turla Mosquito- A shift towards more generic tools
2018-05-23 - Justice Department Announces Actions to Disrupt Advanced Persistent Threat 28 Botnet of Infected Routers and Network Storage Devices
2018-05-23 - New VPNFilter malware targets at least 500K networking devices worldwide
2018-05-23 - VPNFilter- New Router Malware with Destructive Capabilities
2018-05-24 - JavaScript based Bot using Github C&C
2018-05-24 - Phorpiex – A decade of spamming from the shadows
2018-05-24 - VPNFilter EXIF to C2 mechanism analysed
2018-05-25 - Analysis of CVE-2018-8174 VBScript 0day and APT actor related to Office targeted attack
2018-05-25 - BackSwap malware finds innovative ways to empty bank accounts
2018-05-28 - BackNet
2018-05-29 - Alert (TA18-149A)- HIDDEN COBRA – Joanap Backdoor Trojan and Brambul Server Message Block Worm
2018-05-29 - Cobalt Renaissance- new attacks and joint operations
2018-05-29 - Iron Cybercrime Group Under The Scope
2018-05-29 - MAR-10135536-3 - HIDDEN COBRA RAT-Worm
2018-05-29 - Mexico Foiled a $110 Million Bank Heist, Then Kept It a Secret
2018-05-30 - Thief in the night- New Nocturnal Stealer grabs data on the cheap
2018-05-31 - APT28 Rollercoaster- The Lowdown on Hijacked Lo
2018-05-31 - DanaBot - A new banking Trojan surfaces Down Under
2018-05-31 - NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea
2018-06-01 - MysteryBot - A New Android Banking Trojan Ready For Android 7 and 8
2018-06-01 - Satan Ransomware Spawns New Methods to Spread
2018-06-05 - The Evolution of GandCrab Ransomware
2018-06-06 - Banking Trojans Under Development
2018-06-06 - Operation Prowli- Monetizing 40,000 Victim Machines
2018-06-06 - Sofacy Group’s Parallel Attacks
2018-06-06 - VPNFilter Update - VPNFilter exploits endpoints, targets new devices
2018-06-07 - InvisiMole- Surprisingly equipped spyware, undercover since 2013
2018-06-07 - New KillDisk Variant Hits Latin American Financial Organizations Again
2018-06-07 - Patchwork APT Group Targets US Think Tanks
2018-06-12 - Deep Dive into UPAS Kit vs. Kronos
2018-06-12 - Trik Spam Botnet Leaks 43 Million Email Addresses
2018-06-13 - Banco de Chile Wiper Attack Just a Cover for $10M SWIFT Heist
2018-06-13 - DDG.Mining.Botnet 近期活动分析
2018-06-13 - Lateral Movement Technique Employed by Hidden Cobra
2018-06-13 - LuckyMouse hits national data center to organize country-level waterholing campaign
2018-06-13 - TrickBot config files
2018-06-14 - Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor
2018-06-14 - DBGer Ransomware Uses EternalBlue and Mimikatz to Spread Across Networks
2018-06-15 - Betabot still alive with multi-stage packing
2018-06-15 - Chinese Cyber-Espionage Group Hacked Government Data Center
2018-06-15 - Hacker Breaches Syscoin GitHub Account and Poisons Official Client
2018-06-15 - Meet CrowdStrike’s Adversary of the Month for June- MUSTANG PANDA
2018-06-17 - Storwize USB Initialization Tool may contain malicious code
2018-06-18 - Decrypting APT33’s Dropshot Malware with Radare2 and Cutter – Part 2
2018-06-18 - Joshua Adam Schulte Charged with the Unauthorized Disclosure of Classified Information and Other Offenses Relating to the Theft of Classified Material from the Central Intelligence Agency
2018-06-18 - New Telegram‑abusing Android RAT discovered in the wild
2018-06-19 - -Hidden Bee- strikes- Kingsoft Internet Security intercepts the world's first Bootkit-class mining botnet
2018-06-19 - Backswap malware analysis
2018-06-19 - FakeSpy Android Information-Stealing Malware Targets Japanese and Korean-Speaking Users
2018-06-19 - FakeSpy Targets Japanese and Korean-Speaking Users
2018-06-19 - Hades, the actor behind Olympic Destroyer is still alive
2018-06-19 - Kardon Loader Looks for Beta Testers
2018-06-19 - Thrip- Espionage Group Hits Satellite, Telecoms, and Defense Companies
2018-06-20 - Meet MyloBot – A New Highly Sophisticated Never-Seen-Before Botnet That’s Out In The Wild
2018-06-20 - My Little FormBook
2018-06-23 - Full Discloser of Andariel, A Subgroup of Lazarus Threat Group
2018-06-23 - Malware Analysis- Kardon Loader
2018-06-26 - Files Cannot Be Decrypted- Challenge Accepted. Talos Releases ThanatosDecryptor
2018-06-26 - RANCOR- Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families
2018-06-26 - Thanatos Ransomware Decryptor Released by the Cisco Talos Group
2018-06-28 - A Brief Overview of the AMMYY RAT Downloader
2018-06-28 - The New Face of Necurs- Noteworthy Changes to Necurs’ Behaviors
2018-06-29 - BackSwap Defrauds Online Banking Customers Using Hidden Input Fields
2018-06-29 - OSX.Dummy
2018-06-29 - Recent LiteHTTP activities and IOCs
2018-06-29 - Where we go, we don't need files- Analysis of fileless malware -Rozena-
2018-07-03 - Hamas Cyber Ops Spied on Hundreds of Israeli Soldiers Using Fake World Cup, Dating Apps
2018-07-03 - Iranian APT Charming Kitten impersonates ClearSky, the security firm that uncovered its campaigns
2018-07-03 - Smoking Guns - Smoke Loader learned new tricks
2018-07-05 - A Look At Recent Tinba Banking Trojan Variant
2018-07-05 - To crypt, or to mine – that is the question
2018-07-06 - BI_D Ransomware
2018-07-06 - HNS Botnet Recent Activities
2018-07-06 - HNS Evolves From IoT to Cross-Platform Botnet
2018-07-06 - Malware “WellMess” Targeting Linux and Windows
2018-07-08 - APT Attack In the Middle East- The Big Bang
2018-07-08 - Hussarini – Targeted Cyber Attack in the Philippines
2018-07-09 - Certificates stolen from Taiwanese tech‑companies misused in Plead malware campaign
2018-07-10 - APT Trends Report Q2 2018
2018-07-11 - Chinese Espionage Group TEMP.Periscope Targets Cambodia Ahead of July 2018 Elections and Reveals Broad Operations Globally
2018-07-11 - Hawkeye Keylogger – Reborn v8- An in-depth campaign analysis
2018-07-11 - NotCarbanak Mystery - Source Code Leak
2018-07-11 - Tackling Gootkit's Traps
2018-07-12 - Old Botnets never Die, and DDG REFUSE to Fade Away
2018-07-13 - Upatre Continued to Evolve with new Anti-Analysis Techniques
2018-07-13 - VPNFilter-affected Devices Still Riddled with 19 Vulnerabilities
2018-07-16 - APT Sidewinder- Tricks powershell, Anti Forensics and execution side loading
2018-07-16 - Author of LuminosityLink Pleads Guilty
2018-07-16 - DanaBot Riding Fake MYOB Invoice Emails
2018-07-17 - A deep dive down the Vermin RAThole
2018-07-17 - Blackgear Cyberespionage Campaign Resurfaces, Abuses Social Media for C&C Communication
2018-07-17 - The return of Fantomas, or how we deciphered Cryakl
2018-07-17 - Who was behind this unprecedented Cyber attack on Western infrastructure-
2018-07-18 - Dissecting Smoke Loader
2018-07-18 - GandCrab v4.1.2 Encryption Blocking Method (Kill Switch)
2018-07-18 - The Evolution of Emotet- From Banking Trojan to Threat Distributor
2018-07-19 - Killswitch File Now Available for GandCrab v4.1.2 Ransomware
2018-07-19 - Router Crapfest- Malware Author Builds 18,000-Strong Botnet in a Day
2018-07-19 - TA505 Abusing SettingContent-ms within PDF files to Distribute FlawedAmmyy RAT
2018-07-20 - Alert (TA18-201A) Emotet Malware
2018-07-20 - Calisto Trojan for macOS
2018-07-20 - Cyberattack on Singapore health database steals details of 1.5 million, including PM
2018-07-20 - Unit 42 Finds New Mirai and Gafgyt IoT-Linux Botnet Campaigns
2018-07-23 - Deobfuscating Emotet’s powershell payload
2018-07-23 - Source Code for Exobot Android Banking Trojan Leaked Online
2018-07-24 - Emotet- The Tricky Trojan that ‘Git Clones’
2018-07-24 - Kronos Reborn
2018-07-25 - Leafminer- New Espionage Campaigns Targeting Middle Eastern Regions
2018-07-25 - OilRig Targets Technology Service Provider and Government Agency with QUADAGENT
2018-07-25 - Parasite HTTP RAT cooks up a stew of stealthy tricks
2018-07-26 - Meet CrowdStrike’s Adversary of the Month for July- WICKED SPIDER
2018-07-26 - Mitigating Emotet, The Most Common Banking Trojan
2018-07-26 - ‘Hidden Bee’ miner delivered via improved drive-by download toolkit
2018-07-27 - Luoxk Malware – Exploiting CVE-2018-2893
2018-07-27 - New Threat Actor Group DarkHydrus Targets Middle East Government
2018-07-28 - New Underminer Exploit Kit Discovered Pushing Bootkits and CoinMiners
2018-07-29 - AdKoob information thief targets Facebook ad purchase info
2018-07-29 - Let's Learn- In-Depth Reversing of Qakbot -qbot- Banker Part 1
2018-07-30 - New version of AZORult stealer improves loading features, spreads alongside ransomware in new campaign
2018-07-30 - Who is Mr Zheng-
2018-07-31 - Bisonal Malware Used in Attacks Against Russia and South Korea
2018-07-31 - Malicious document targets Vietnamese officials
2018-07-31 - Multiple Cobalt Personality Disorder
2018-07-31 - SamSam guide to coverage
2018-07-31 - SamSam- The (almost) $6 million ransomware
2018-07-31 - Scanner for CobaltStrike
2018-07-31 - Sophos releases SamSam ransomware report
2018-08-01 - Arrests Put New Focus on CARBON SPIDER Adversary Group
2018-08-01 - Inside Look at Emotet's Global Victims and Malspam Qakbot Payloads
2018-08-01 - On the Hunt for FIN7- Pursuing an Enigmatic and Evasive Global Criminal Operation
2018-08-01 - Threat Alert- DDG 3013 is Out
2018-08-02 - Goblin Panda against the Bears
2018-08-02 - How to defend yourself against SamSam ransomware
2018-08-02 - Raspite
2018-08-02 - The Gorgon Group- Slithering Between Nation State and Cybercrime
2018-08-02 - Three Carbanak cyber heist gang members arrested
2018-08-02 - Who is Mr Gao-
2018-08-03 - CERT-FR ALERT BULLETIN
2018-08-03 - Volatility Plugin for Detecting Cobalt Strike Beacon
2018-08-05 - Let's Learn- Diving into the Latest -Ramnit- Banker Malware via -sLoad- PowerShell
2018-08-05 - Ramnit’s Network of Proxy Servers
2018-08-06 - Reversing Cerber - RaaS
2018-08-06 - Who is Mr Zhang-
2018-08-07 - DarkHydrus Uses Phishery to Harvest Credentials in the Middle East
2018-08-07 - Doctor Web discovered a clipper Trojan for Android
2018-08-08 - Export JRAT-Adwind Config with x32dbg
2018-08-09 - Bokbot- The (re)birth of a banker
2018-08-09 - Malware Analysis Report (AR18-221A)
2018-08-09 - More on Huaying Haitai and Laoying Baichaun, the companies associated with APT10. Is there a state connection-
2018-08-13 - KeyPass ransomware
2018-08-15 - APT10 was managed by the Tianjin bureau of the Chinese Ministry of State Security
2018-08-15 - Necurs Targeting Banks with PUB File that Drops FlawedAmmyy
2018-08-16 - Chinese Cyberespionage Originating From Tsinghua University Infrastructure
2018-08-16 - New modular downloaders fingerprint systems, prepare for more - Part 1- Marap
2018-08-17 - EvilOSX
2018-08-17 - Prince of Persia- The Sands of Foudre
2018-08-18 - AZORult Trojan Serving Aurora Ransomware by MalActor Oktropys
2018-08-20 - Advanced Brazilian Malware Analysis
2018-08-20 - Interesting hidden threat since years -
2018-08-20 - Let's Learn- Dissecting Panda Banker & Modules- Webinject, Grabber & Keylogger DLL Modules
2018-08-20 - Ryuk Ransomware- A Targeted Campaign Break-Down
2018-08-20 - We are taking new steps against broadening threats to democracy
2018-08-21 - Dark Tequila Añejo
2018-08-21 - Microsoft Disrupts APT28 Hacking Campaign Aimed at US Midterm Elections
2018-08-21 - Microsoft claims win over 'Russian political hackers'
2018-08-21 - Supply Chain Attack Operation Red Signature Targets South Korean Organizations
2018-08-22 - BackSwap Malware Now Targets Six Banks in Spain
2018-08-22 - Picking Apart Remcos Botnet-In-A-Box
2018-08-22 - The Untold Story of NotPetya, the Most Devastating Cyberattack in History
2018-08-22 - Turla Outlook Backdoor Uses Clever Tactics for Stealth and Persistence
2018-08-23 - Lazarus Group Deploys Its First Mac Malware in Cryptocurrency Exchange Hack
2018-08-23 - New modular downloaders fingerprint systems - Part 2- AdvisorsBot
2018-08-23 - Operation AppleJeus- Lazarus hits cryptocurrency exchange with fake installer and macOS malware
2018-08-24 - Back to School- COBALT DICKENS Targets Universities
2018-08-24 - Cobalt Dickens threat group looks to be similar to indicted hackers
2018-08-24 - Iranian Hackers Charged in March Are Still Actively Phishing Universities
2018-08-25 - Let's Learn- In-Depth Reversing of Recent Gozi ISFB Banking Malware Version 2.16-2.17 (portion of ISFB v3) & -loader.dll-client.dll-
2018-08-26 - Remember Fancy Bear-
2018-08-27 - Lime-Miner
2018-08-27 - North Korean Hacking Group Steals $13.5 Million From Indian Bank
2018-08-28 - The rise of mobile banker Asacub
2018-08-29 - BusyGasper – the unfriendly spy
2018-08-29 - Loki Bot- On a hunt for corporate passwords
2018-08-29 - Meet CrowdStrike’s Adversary of the Month for August- GOBLIN PANDA
2018-08-29 - The Urpage Connection to Bahamut, Confucius and Patchwork
2018-08-30 - Cobalt Hacking Group Tests Banks In Russia and Romania
2018-08-30 - Double the Infection, Double the Fun
2018-08-30 - GlobeImposter which has more than 20 variants, is still wildly growing
2018-08-30 - Hackers Are Exposing An Apple Mac Weakness In Middle East Espionage
2018-08-30 - Manually unpacking Anubis APK
2018-08-30 - Reversing malware in a custom format- Hidden Bee elements
2018-08-30 - Rocke- The Champion of Monero Miners
2018-08-30 - Two Birds, One STONE PANDA
2018-08-31 - Who is Mr An, and was he working for APT10-
2018-09-02 - Alleged ‘Satori’ IoT Botnet Operator Sought Media Spotlight, Got Indicted
2018-09-02 - Weekend Project- A Custom IDA Loader Module For The Hidden Bee Malware Family
2018-09-03 - .lockymap Files Virus (PyLocky Ransomware) – Remove and Restore Data
2018-09-04 - CamuBot- New Financial Malware Targets Brazilian Banking Customers
2018-09-05 - New Silence hacking group suspected of having ties to cyber-security industry
2018-09-05 - PowerPool malware exploits ALPC LPE zero‑day vulnerability
2018-09-05 - Silence- Moving into the Darkside
2018-09-05 - Windows Task Scheduler Zero Day Exploited by Malware
2018-09-06 - Dissecting DEloader malware with obfuscation
2018-09-06 - North Korean Regime-Backed Programmer Charged With Conspiracy to Conduct Multiple Cyber Attacks and Intrusions
2018-09-06 - Slicing and Dicing CVE-2018-5002 Payloads- New CHAINSHOT Malware
2018-09-07 - Domestic Kitten APT Operates in Silence Since 2016
2018-09-07 - Let's Learn- Deeper Dive into -IcedID---BokBot- Banking Malware- Part 1
2018-09-10 - A Closer Look at the Locky Poser, PyLocky Ransomware
2018-09-10 - Android Malware Intercepts SMS 2FA- We have the Logs
2018-09-10 - IBM X-Force Delves Into ExoBot’s Leaked Source Code
2018-09-10 - LuckyMouse signs malicious NDISProxy driver with certificate of Chinese IT company
2018-09-11 - British Airways Fell Victim To Card Scraping Attack
2018-09-11 - New modular downloaders fingerprint systems - Part 3- CobInt
2018-09-11 - The Rise of Targeted Ransomware
2018-09-12 - Emotet IOC
2018-09-12 - Feedify Hacked with Magecart Information Stealing Script
2018-09-12 - Malware Campaign Targeting Jaxx Cryptocurrency Wallet Users Shut Down
2018-09-12 - OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government
2018-09-13 - APT10 Targeting Japanese Corporations Using Updated TTPs
2018-09-14 - Kraken Cryptor Ransomware Masquerading as SuperAntiSpyware Security Program
2018-09-14 - Rektware Ransomware
2018-09-14 - Tunneling Under the Sands
2018-09-14 - Wannamine cryptominer that uses EternalBlue still active
2018-09-17 - Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows
2018-09-18 - A taste of our own medicine- How SmokeLoader is deceiving configuration extraction by using binary code as bait
2018-09-18 - Hide and Seek- Tracking NSO Group’s Pegasus Spyware to Operations in 45 Countries
2018-09-18 - Magecart Skimming Attack Targets Mobile Users of Hotel Chain Booking Websites
2018-09-19 - Hex-Rays Microcode API vs. Obfuscating Compiler
2018-09-19 - 绿斑”行动——持续多年的攻击
2018-09-20 - On the Trail of OSX.FairyTale - Adware Playing at Malware
2018-09-20 - Sustes Malware- CPU for Monero
2018-09-21 - DanaBot shifts its targeting to Europe, adds new features
2018-09-21 - VIGILANTE MALWARE REMOVES CRYPTOMINERS FROM THE INFECTED DEVICE
2018-09-24 - Adwind Dodges AV via DDE
2018-09-26 - VPNFilter III- More Tools for the Swiss Army Knife of Malware
2018-09-27 - APT28 Uses LoJax, First UEFI Rootkit Seen in the Wild
2018-09-27 - Cybercriminals Increasingly Trying to Ensnare the Big Financial Fish
2018-09-27 - LoJax- First UEFI rootkit found in the wild, courtesy of the Sednit group
2018-09-27 - New KONNI Malware attacking Eurasia and Southeast Asia
2018-09-27 - Torii botnet - Not another Mirai variant
2018-09-28 - Meet CrowdStrike’s Adversary of the Month for September- COBALT SPIDER
2018-10-01 - BianLian - The Malware Dropper That Had A Dream
2018-10-01 - CDS 2018 - Unmasking APT X
2018-10-01 - NOKKI Almost Ties the Knot with DOGCALL- Reaper Group Uses New Malware to Deploy RAT
2018-10-01 - Report Ties North Korean Attacks to New Malware, Linked by Word Macros
2018-10-01 - Roaming Mantis Group Testing Coinhive Miner Redirects on iPhones
2018-10-01 - VB2018 - Who Was Not Responsible for Olympic Destroyer
2018-10-02 - Alert (TA18-275A) HIDDEN COBRA- FASTCash Campaign
2018-10-02 - Alert (TA18-275A)- HIDDEN COBRA – FASTCash Campaign
2018-10-02 - DanaBot Gains Popularity and Targets US Organizations in Large Campaigns
2018-10-03 - APT37- Final1stspy Reaping the FreeMilk
2018-10-03 - New Betabot campaign under the microscope
2018-10-04 - APT28- New Espionage Operations Target Military and Government Organizations
2018-10-04 - Indicators of Compromise for Malware used by APT28
2018-10-04 - Shedding Skin – Turla’s Fresh Faces
2018-10-05 - ARS Loader evolution, a new stealer (ZeroEvil) and AirNaine (TA545)
2018-10-08 - BSides Belfast 2018- Lazarus On The Rise- Insights From SWIFT Bank Attacks
2018-10-08 - Cobalt Group 2.0
2018-10-08 - Delivery (Key)Boy
2018-10-09 - Magecart Group Compromises Plugin Used in Thousands of Stores, Makes Rookie Mistake
2018-10-09 - Malware Configs - Pandabanker
2018-10-10 - Gallmaker- New Attack Group Eschews Malware to Live off the Land
2018-10-10 - MuddyWater expands operations
2018-10-11 - GPlayed Trojan - .Net playing with Google Market
2018-10-11 - New TeleBots backdoor- First evidence linking Industroyer to NotPetya
2018-10-14 - Godzilla Loader and the Long Tail of Malware
2018-10-15 - Octopus-infested seas of Central Asia
2018-10-15 - Predator The Thief- In-depth analysis (v2.3.5)
2018-10-17 - ESET unmasks ‘GREYENERGY’ cyber-espionage group
2018-10-17 - GreyEnergy- Updated arsenal of one of the most dangerous threat actors
2018-10-17 - Software Description- More_eggs
2018-10-17 - The Emergence of the New Azorult 3.3
2018-10-17 - Thrip
2018-10-17 - ‘Operation Oceansalt’ Delivers Wave After Wave
2018-10-19 - DarkPulsar
2018-10-22 - Mobile beasts and where to find them — part four
2018-10-23 - TRITON Attribution- Russian Government-Owned Lab Most Likely Built Custom Intrusion Tools for TRITON Attackers
2018-10-23 - godoh- A DNS-over-HTTPS Command & Control Proof of Concept
2018-10-23 - sLoad and Ramnit pairing in sustained campaigns against UK and Italy
2018-10-24 - Waiting for goDoH
2018-10-25 - Cutwail Spam Campaign Uses Steganography to Distribute URLZone
2018-10-25 - Game of Trojans- Dissecting the #Khalesi Infostealer Malware
2018-10-25 - GandCrab Ransomware decryption tool
2018-10-25 - New Techniques to Uncover and Attribute Cobalt Gang Commodity Builders and Infrastructure Revealed
2018-10-25 - New sLoad malware downloader being leveraged by APT group TA554 to spread Ramnit
2018-10-26 - Meet CrowdStrike’s Adversary of the Month for October- DUNGEON SPIDER
2018-10-28 - LiteHTTP
2018-10-29 - GPlayed's younger brother is a banker — and it's after Russian banks
2018-10-30 - Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims
2018-10-30 - U.S. Indicts Chinese Hacker-Spies in Conspiracy to Steal Aerospace Secrets
2018-10-31 - Emotet Awakens With New Campaign of Mass Email Exfiltration
2018-10-31 - Let's Learn- Exploring ZeusVM Banking Malware Hooking Engine
2018-11-01 - CTA Adversary Playbook- Goblin Panda
2018-11-01 - GootKit Analysis (French)
2018-11-01 - Trickbot Shows Off New Trick- Password Grabber Module
2018-11-03 - Là 1937CN hay OceanLotus hay Lazarus …
2018-11-04 - BetaBot y Fleercivet, dos nuevos informes de código dañino del CCN-CERT
2018-11-05 - Data Talks- Deeper Down the Rabbit Hole- Second-Stage Attack and a Fileless Finale
2018-11-05 - Inception Attackers Target Europe with Year-old Office Vulnerability
2018-11-05 - Let's Learn- In-Depth Reversing of Hancitor Dropper-Loader- 2016 vs 2018 Malware Progression
2018-11-05 - Persian Stalker pillages Iranian users of Instagram and Telegram
2018-11-06 - Threat Spotlight- Inside VSSDestroy Ransomware (variant of Matrix Ransom)
2018-11-07 - BCMPUPnP_Hunter- A 100k Botnet Turns Home Routers to Email Spammers
2018-11-07 - Let’s Learn- Introducing Latest TrickBot Point-of-Sale Finder Module
2018-11-08 - Deep Analysis of TrickBot New Module pwgrab
2018-11-08 - FASTCash- How the Lazarus Group is Emptying Millions from ATMs
2018-11-08 - Metamorfo Banking Trojan Keeps Its Sights on Brazil
2018-11-09 - Emotet launches major new spam campaign
2018-11-12 - Bug in Malware “TSCookie” - Fails to Read Configuration
2018-11-12 - What’s new in TrickBot- Deobfuscating elements
2018-11-13 - HookAds Malvertising Installing Malware via the Fallout Exploit Kit
2018-11-13 - Let's Learn- Dissect Panda Banking Malware's -libinject- Process Injection Module
2018-11-14 - A new exploit for zero-day vulnerability CVE-2018-8589
2018-11-14 - Big Game Hunting- The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware
2018-11-15 - Mylobot Continues Global Infections
2018-11-15 - tRat- New modular RAT appears in multiple email campaigns
2018-11-16 - Analyzing OilRig’s Ops Tempo from Testing to Weaponization to Delivery
2018-11-16 - Exploring Emotet- Examining Emotet’s Activities, Infrastructure
2018-11-16 - Return to ROKRAT!! (feat. FAAAA...Sad...)
2018-11-18 - CozyBear – In from the Cold-
2018-11-19 - Not So Cozy- An Uncomfortable Examination of a Suspected APT29 Phishing Campaign
2018-11-19 - VisionDirect Data Breach Caused by MageCart Attack
2018-11-20 - Information, tools, and signatures around the Conficker computer worm
2018-11-20 - L0RDIX- MULTIPURPOSE ATTACK TOOL
2018-11-20 - Lazarus Continues Heists, Mounts Attacks on Financial Organizations in Latin America
2018-11-20 - Sednit- What’s going on with Zebrocy-
2018-11-20 - Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan
2018-11-21 - FIN7 Not Finished – Morphisec Spots New Campaign
2018-11-21 - MageCart Group Sabotages Rival to Ruin Data and Reputation
2018-11-23 - Sload hits Italy. Unveil the power of powershell as a downloader
2018-11-26 - A Look into the Connection Between XLoader and FakeSpy, and Their Possible Ties With the Yanbian Gang
2018-11-26 - Examining XLoader, FakeSpy, and the Yanbian Gang
2018-11-27 - DNSpionage Campaign Targets Middle East
2018-11-27 - Let's Learn- In-Depth on Sofacy Cannon Loader-Backdoor Review
2018-11-27 - Meet CrowdStrike’s Adversary of the Month for November- HELIX KITTEN
2018-11-27 - The SLoad Powershell Threat is Expanding to Italy
2018-11-28 - AutoCAD Malware - Computer Aided Theft
2018-11-28 - Russian Hackers Haven't Stopped Probing the US Power Grid (Temp.Isotope)
2018-11-28 - Two Iranian Men Indicted for Deploying Ransomware to Extort Hospitals, Municipalities, and Public Institutions, Causing Over $30 Million in Losses
2018-11-29 - Analysis Of Targeted Attack Against Pakistan By Exploiting InPage Vulnerability And Related APT Groups
2018-11-29 - Golden Chickens- Uncovering A Malware-as-a-Service (MaaS) Provider and Two New Threat Actors Using It
2018-11-29 - How a SamSam-like attack happens, and what you can do about it
2018-11-29 - Snakemackerel delivers Zekapab malware
2018-11-30 - The Evolution of BackSwap
2018-11-30 - Virut Resurrects -- Musings on long-term sinkholing
2018-12-01 - Tracking Mirai Variants (Ya Liu & Hui Wang)
2018-12-03 - Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers
2018-12-04 - Hide ‘N Seek botnet continues infecting devices with default credentials, building a P2P network and more.
2018-12-04 - Malspam pushing Lokibot malware
2018-12-05 - Farewell to Kelihos and ZOMBIE SPIDER
2018-12-05 - STOLEN PENCIL Campaign Targets Academia
2018-12-05 - The Dark Side of the ForSSHe
2018-12-05 - Torpig
2018-12-05 - Trickbot’s Tricks
2018-12-06 - DanaBot evolves beyond banking Trojan with new spam‑sending capability
2018-12-07 - Mac malware combines EmPyre backdoor and XMRig miner
2018-12-07 - Netbooks, RPis, & Bash Bunny Gear - Attacking Banks from the Inside
2018-12-10 - Collecting Malicious Particles from Neutrino Botnets
2018-12-10 - Let's Learn- Reviewing Sofacy's -Zebrocy- C++ Loader- Advanced Insight
2018-12-10 - Seedworm- Group Compromises Government Agencies, Oil & Gas, NGOs, Telecoms, and IT Firms
2018-12-11 - New Satan ransomware variant ‘Lucky’ exposes 10 server-side vulnerabilities
2018-12-12 - Dear Joohn- The Sofacy Group’s Global Campaign
2018-12-12 - The TrickBot and MikroTik connection
2018-12-12 - Zero-day in Windows Kernel Transaction Manager (CVE-2018-8611)
2018-12-12 - ‘Operation Sharpshooter’ Targets Global Defense, Critical Infrastructure
2018-12-13 - POWERSING - From LNK Files To Janicab Through YouTube & Twitter
2018-12-13 - Shamoon 3 Targets Oil and Gas Organization
2018-12-13 - The Return of The Charming Kitten
2018-12-14 - Cybercriminals Use Malicious Memes that Communicate with Malware
2018-12-14 - Shamoon- Destructive Threat Re-Emerges with New Sting in its Tail
2018-12-18 - Scumbag Combo- Agent Tesla and XpertRAT
2018-12-18 - Sofacy Creates New ‘Go’ Variant of Zebrocy Tool
2018-12-18 - URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader
2018-12-19 - Danabot's Travels, A Global Perspective
2018-12-19 - MALSPAM PUSHING THE MYDOOM WORM IS STILL A THING
2018-12-19 - Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems
2018-12-20 - Chinese Hackers Indicted - Members of APT 10 Group Targeted Intellectual Property and Confidential Business Information
2018-12-20 - Dissecting the Danabot Payload Targeting Italy
2018-12-20 - Middle East Cyber-Espionage- analyzing WindShift's implant- OSX.WindTail (part 1)
2018-12-20 - With Mirai Comes Miori- IoT Botnet Delivered via ThinkPHP Remote Code Execution Exploit
2018-12-21 - FIN7 Not Finished - Morphisec Spots New Campaign
2018-12-21 - Let's Learn- In-Depth on APT28-Sofacy Zebrocy Golang Loader
2018-12-24 - Let’s dig into Vidar – An Arkei Copycat-Forked Stealer (In-depth analysis)
2018-12-29 - Malware attack disrupts delivery of L.A. Times and Tribune papers across the U.S.
2018-12-30 - Retefe unpacker
2018-12-31 - FastCashMalwareDissected
Malware Analysis 2019
2019-01-01 - VB2018 - Inside Formbook InfoStealer2019-01-02 - Analysis of Neutrino Bot Sample (dated 2018-08-27)
2019-01-03 - Digging into BokBot’s Core Module
2019-01-03 - LOLbins and trojans- How the Ramnit Trojan spreads via sLoad in a cyberattack
2019-01-04 - How to Decrypt the Aurora Ransomware with AuroraDecrypter
2019-01-04 - mimikatz Repository
2019-01-05 - Emotet Research
2019-01-05 - Getting 'rid' of pre-installed Malware on my YellYouth Android Tablet
2019-01-06 - [RAT] DARK TRACK ALIEN 4.1
2019-01-07 - ChinaZ Revelations- Revealing ChinaZ Relationships with other Chinese Threat Actor Groups
2019-01-07 - GandCrab Operators Use Vidar Infostealer as a Forerunner
2019-01-07 - Let's Learn- Deeper Dive into Gamaredon Group Pteranodon Implant Version '_512'
2019-01-08 - DarkHydrus delivers new Trojan that can use Google Drive for C2 communications
2019-01-09 - Análisis de Linux.Sunless
2019-01-09 - Ryuk Ransomware Attack- Rush to Attribution Misses the Point
2019-01-09 - ServHelper and FlawedGrace - New malware introduced by TA505
2019-01-10 - Big Game Hunting with Ryuk- Another Lucrative Targeted Ransomware
2019-01-10 - Global DNS Hijacking Campaign- DNS Record Manipulation at Scale
2019-01-10 - Pylocky Unlocked- Cisco Talos releases PyLocky ransomware decryptor
2019-01-10 - TA505 Group Adopts New ServHelper Backdoor and FlawedGrace RAT
2019-01-10 - [DNSPIONAGE] – Focus on internal actions
2019-01-11 - A Nasty Trick- From Credential Theft Malware to Business Disruption
2019-01-11 - A Zebrocy Go Downloader
2019-01-11 - PHA Family Highlights- Zen and its cousins
2019-01-11 - TA505 Crime Gang Debuts Brand-New ServHelper Backdoor
2019-01-11 - The “AVE_MARIA” Malware
2019-01-11 - Threat Actor “Cold River”- Network Traffic Analysis and a Deep Dive on Agent Drable
2019-01-14 - A Quick Solution to an Ugly Reverse Engineering Problem
2019-01-14 - Juicy Potato (abusing the golden privileges)
2019-01-15 - Analyzing COMmunication in Malware
2019-01-15 - Disclosure of Chilean Redbanc Intrusion Leads to Lazarus Ties
2019-01-15 - Djvu Ransomware Spreading New .TRO Variant Through Cracks & Adware Bundles
2019-01-16 - North Korean hackers infiltrate Chile's ATM network after Skype job interview
2019-01-17 - BlackRouter Ransomware Promoted as a RaaS by Iranian Developer
2019-01-17 - Emotet infections and follow-up malware
2019-01-17 - Google Play Apps Drop Anubis Banking Malware, Use Motion-based Evasion Tactics
2019-01-17 - Malware Used by “Rocke” Group Evolves to Evade Detection by Cloud Security Products
2019-01-17 - Pond Loach delivers BadCake malware
2019-01-17 - Qealler — The Silent Java Credential Thief
2019-01-17 - Sliver Implant Framework
2019-01-18 - BLACK ENERGY – Analysis
2019-01-18 - From Hacking Team to hacked team to...-
2019-01-18 - Nymaim deobfuscation
2019-01-18 - Spotted- JobCrypter Ransomware Variant With New Encryption Routines, Captures Desktop Screenshots
2019-01-19 - AsyncRAT- Open-Source Remote Administration Tool For Windows C# (RAT)
2019-01-21 - HackTool-Win32-RemoteAdmin
2019-01-21 - The Kutaki Malware Bypasses Gateways to Steal Users’ Credentials
2019-01-22 - A Lazarus Keylogger- PSLogger
2019-01-22 - Happy New Year 2019! Anatova is here!
2019-01-23 - New Anatova Ransomware Supports Modules for Extra Functionality
2019-01-23 - Russian Language Malspam Pushing Redaman Banking Malware
2019-01-23 - SectorA01 Custom Proxy Utility Tool Analysis
2019-01-24 - Cisco AMP tracks new campaign that delivers Ursnif
2019-01-24 - GreyEnergy’s overlap with Zebrocy
2019-01-24 - Razy in search of cryptocurrency
2019-01-24 - Silence group targeting Russian Banks via Malicious CHM
2019-01-25 - Toolkit collection developed to help malware analysts dissecting and detecting the packer used by GreyEnergy samples.
2019-01-25 - Widespread DNS Hijacking Activity Targets Multiple Sectors
2019-01-28 - AZORult- Now, as A Signed “Google Update”
2019-01-28 - Russia hit by new wave of ransomware spam
2019-01-29 - APT38
2019-01-29 - APT39- An Iranian Cyber Espionage Group Focused on Personal Information
2019-01-29 - OSX-Keydnap IoCs
2019-01-29 - Phobos Ransomware, A Combo of CrySiS and Dharma
2019-01-30 - Analysis of NetWiredRC trojan
2019-01-30 - Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities
2019-01-30 - Fake Cisco Job Posting Targets Korean Candidates
2019-01-30 - Matrix- Targeted, small scale, canary in the coalmine ransomware
2019-01-30 - New LockerGoga Ransomware Allegedly Used in Altran Attack
2019-02-01 - Information about lnkr5, malware distributed via Chrome extensions
2019-02-01 - LNKR - Extension analysis - Flash Playlist
2019-02-01 - Tracking OceanLotus’ new Downloader, KerrDown
2019-02-02 - Word-based Malware Attack
2019-02-03 - Maoloa Ransomware
2019-02-04 - ExileRAT shares C2 with LuckyCat, targets Tibet
2019-02-04 - SpeakUp- A New Undetected Backdoor Linux Trojan
2019-02-05 - Revisiting Hancitor in Depth
2019-02-06 - Analysis of multiplatform Java Jacksbot Backdoor
2019-02-06 - IcedID Operators Using ATSEngine Injection Panel to Hit E-Commerce Sites
2019-02-06 - Qealler – a new JAR-based information stealer
2019-02-06 - Some Notes on the Silence Proxy
2019-02-06 - Threat Actor -Magecart-- Coming to an eCommerce Store Near You
2019-02-07 - An Inside Look at the Infrastructure Behind the Russian APT Gamaredon Group
2019-02-07 - DanaBot updated with new C&C communication
2019-02-07 - Sales of AZORult grind to an AZOR-halt
2019-02-07 - Ursnif- Long Live the Steganography!
2019-02-08 - First clipper malware discovered on Google Play
2019-02-11 - 620 million accounts stolen from 16 hacked websites now for sale on dark web, seller boasts
2019-02-11 - How the Silence Downloader Has Evolved Over Time
2019-02-12 - APT Groups Moving Down the Supply Chain
2019-02-12 - GreyEnergy Malware Research Paper- Maldoc to Backdoor
2019-02-12 - Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire
2019-02-13 - Alert (AA19-024A)- DNS Infrastructure Hijacking Campaign
2019-02-13 - Analyzing Amadey – a simple native malware
2019-02-13 - Astaroth Malware Uses Legitimate OS and Antivirus Processes to Steal Passwords and Personal Data
2019-02-13 - Former U.S. Counterintelligence Agent Charged With Espionage on Behalf of Iran; Four Iranians Charged With a Cyber Campaign Targeting Her Former Colleagues
2019-02-14 - 127 million user records from 8 companies put up for sale on the dark web
2019-02-14 - Malware Tales- Gootkit
2019-02-14 - Worm.Win32.PYFILEDEL.AA
2019-02-15 - “Sin”-ful SPIDERS- WIZARD SPIDER and LUNAR SPIDER Sharing the Same Web
2019-02-16 - Emotet droppers
2019-02-16 - Spoofing in the reeds with Rietspoof
2019-02-17 - Hacker puts up for sale third round of hacked databases on the Dark Web
2019-02-18 - A Deep Dive on the Recent Widespread DNS Hijacking Attacks
2019-02-18 - Trojan.Android.SmsAgent 악성코드 분석 보고서
2019-02-19 - ATM robber WinPot- a slot machine instead of cutlets
2019-02-19 - New GandCrab v5.1 Decryptor Available Now
2019-02-19 - North Korea Turns Against New Targets-!
2019-02-19 - 攻撃グループTickによる日本の組織をターゲットにした攻撃活動
2019-02-20 - Combing Through Brushaloader Amid Massive Detection Uptick
2019-02-20 - Cybercrime is focusing on accountants
2019-02-20 - More Russian language malspam pushing Shade (Troldesh) ransomware
2019-02-20 - Spoofing in the reeds with Rietspoof
2019-02-21 - Fake Jobs- Campaigns Delivering More_eggs Backdoor via Fake Job Offers
2019-02-21 - Shifting in the Wind- WINDSHIFT Attacks Target Middle Eastern Governments
2019-02-22 - Cr1ptT0r Ransomware Infects D-Link NAS Devices, Targets Embedded Systems
2019-02-22 - New BabyShark Malware Targets US National Security Think Tanks
2019-02-23 - D-Link DNS-320 NAS Cr1ptT0r Ransomware ARM Dynamic Analysis - QEMU and Raspberry PI VM
2019-02-25 - How To- Analyzing a Malicious Hangul Word Processor Document from a DPRK Threat Actor Group
2019-02-25 - Multiple ArtraDownloader Variants Used by BITTER to Target Pakistan
2019-02-26 - Farseer- Previously Unknown Malware Family bolsters the Chinese armoury
2019-02-26 - Identifying Cobalt Strike team servers in the wild
2019-02-26 - New Golang brute forcer discovered amid rise in e-commerce attacks
2019-02-26 - The Arsenal Behind the Australian Parliament Hack
2019-02-26 - The Supreme Backdoor Factory
2019-02-27 - A Peek into BRONZE UNION’s Toolbox
2019-02-27 - New Global Cyber Attack on Point of Sale Sytem
2019-02-27 - Protecting Against WinRAR Vulnerabilities
2019-02-28 - EmpireMonkey malware distribution
2019-02-28 - Technical Analysis- Pacha Group Deploying Undetected Cryptojacking Campaigns on Linux Servers
2019-03-01 - Breakdown of a Targeted DanaBot Attack
2019-03-01 - Threat Alert- AVE Maria infostealer on the rise
2019-03-03 - Op 'Sharpshooter' Connected to North Korea's Lazarus Group
2019-03-04 - APT40- Examining a China-Nexus Espionage Actor
2019-03-04 - New Python-Based Payload MechaFlounder Used by Chafer
2019-03-04 - Reptile
2019-03-05 - CryptoMix Clop Ransomware Says It's Targeting Networks, Not Computers
2019-03-05 - GandCrab 101- All about the most widely distributed ransomware of the moment
2019-03-05 - Quick Analysis of a Trickbot Sample with NSA's Ghidra SRE Framework
2019-03-06 - DE-Cr1pt0r tool - The Cr1pt0r ransomware decompiled decryption routine
2019-03-06 - Internet of Termites
2019-03-06 - PINCHY SPIDER Affiliates Adopt “Big Game Hunting” Tactics to Distribute GandCrab Ransomware
2019-03-06 - Whitefly- Espionage Group has Singapore in Its Sights
2019-03-07 - New SLUB Backdoor Uses GitHub, Communicates via Slack
2019-03-07 - The inside story of the world's most dangerous malware
2019-03-08 - Emotet trojan implicated in Wolverine Solutions ransomware attack
2019-03-08 - Iranian-backed hackers stole data from major U.S. government contractor
2019-03-09 - retefe- Artefacts from various retefe campaigns
2019-03-10 - BI_D Ransomware Redux (Now With 100% More Ghidra)
2019-03-11 - A predatory tale- Who’s afraid of the thief-
2019-03-11 - Attackers Insert Themselves into the Email Conversation to Spread Malware
2019-03-11 - Gaming industry still in the scope of attackers in Asia
2019-03-11 - Researcher Claims Iranian APT Behind 6TB Data Heist at Citrix
2019-03-11 - Resecurity reports ‘IRIDUIM’ behind Citrix data breach, 200+ government agencies, oil and gas companies, and technology companies also targeted.
2019-03-11 - Study of the Belonard Trojan, exploiting zero-day vulnerabilities in Counter-Strike 1.6
2019-03-12 - New Ursnif Variant targets Japan packed with new Features
2019-03-12 - Nymaim config decoded
2019-03-12 - Operation Comando How to Run a Cheap and Effective Credit Card Business
2019-03-12 - The Advanced Persistent Threat files- Lazarus Group
2019-03-13 - Analysing ISFB - The First Loader
2019-03-13 - BlackBerry Cylance vs. Tinba Banking Trojan
2019-03-13 - DanaBot control panel revealed
2019-03-13 - Fake CDC Flu Pandemic Warning delivers Gandcrab 5.2 ransomware
2019-03-13 - GlitchPOS- New PoS malware for sale
2019-03-13 - N Ways to Unpack Mobile Malware
2019-03-13 - ORANGEWORM GROUP – KWAMPIRS ANALYSIS UPDATE
2019-03-13 - The fourth horseman- CVE-2019-0797 vulnerability
2019-03-13 - ‘DMSniff’ POS Malware Actively Leveraged to Target Small-, Medium-Sized Businesses
2019-03-14 - Attacker Tracking Users Seeking Pakistani Passport
2019-03-14 - Daily Ruleset Update Summary 2019-03-14
2019-03-15 - Flash Bulletin- Emotet Epoch 1 Changes its C2 Communication
2019-03-15 - Immortal information stealer
2019-03-15 - Rocke Evolves Its Arsenal With a New Malware Family Written in Golang
2019-03-17 - Emotet malware analysis. Part 1
2019-03-17 - Global ATM Malware Wall
2019-03-17 - Round 4- Hacker returns and puts 26Mil user records for sale on the Dark Web
2019-03-18 - Analysis of .Net Stealer GrandSteal
2019-03-18 - Analysis of BlackMoon (Banking Trojan)'s Evolution, And The Possibility of a Latest Version Under Development
2019-03-18 - Enterprise Malware-as-a-Service- Lazarus Group and the Evolution of Ransomware
2019-03-19 - Cardinal RAT Sins Again, Targets Israeli Fin-Tech Firms
2019-03-19 - SectorM04 Targeting Singapore – An Analysis
2019-03-20 - APT38 DyePack Framework
2019-03-20 - FIN7 Revisited- Inside Astra Panel and SQLRat Malware
2019-03-20 - New Evidence Proves Ongoing WIZARD SPIDER - LUNAR SPIDER Collaboration
2019-03-21 - How Lockergoga took down Hydro — ransomware used in targeted attacks aimed at big business
2019-03-21 - Interception- Dissecting BokBot’s “Man in the Browser”
2019-03-22 - AZORult++- Rewriting history
2019-03-23 - Reverse Engineering Gootkit with Ghidra Part I
2019-03-24 - JEShell- An OceanLotus (APT32) Backdoor
2019-03-25 - API Hashing Tool, Imagine That
2019-03-25 - Emerging Threat on RANSOM_CRYPTESLA
2019-03-25 - Let’s play with Qulab, an exotic malware developed in AutoIT
2019-03-25 - Operation ShadowHammer
2019-03-25 - Patting the Bear (APT-C-37)- Exposure of Continued Attacks Against an Armed Organization
2019-03-26 - Cryptocurrency businesses still being targeted by Lazarus
2019-03-26 - The Ursnif Gangs keep Threatening Italy
2019-03-26 - WinRAR Zero-day Abused in Multiple Campaigns
2019-03-27 - Analysis of the ShadowHammer backdoor
2019-03-27 - Elfin- Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.
2019-03-27 - Emotet adds a further layer of camouflage
2019-03-27 - Forging the ShadowHammer
2019-03-27 - New steps to protect customers from hacking
2019-03-27 - PsiXBot- The Evolution Of A Modular .NET Bot
2019-03-28 - 10 Years Since Ghostnet
2019-03-28 - Analysis of ShadowHammer ASUS Attack First Stage Payload
2019-03-28 - CRTC and RCMP National Division Execute Warrants in Malware Investigation
2019-03-28 - Group-IB uncovers Android Trojan named «Gustuff» capable of targeting more than 100 global banking apps, cryptocurrency and marketplace applications
2019-03-28 - Let's Learn- Dissecting Operation ShadowHammer Shellcode Internals in crt_ExitProcess
2019-03-28 - The return of the BOM
2019-03-28 - Unleash The Hash - ShadowHammer MAC Address List
2019-03-29 - A Hammer Lurking In The Shadows
2019-03-29 - Exodus- New Android Spyware Made in Italy
2019-03-29 - Researchers Find Google Play Store Apps Were Actually Government Malware
2019-04-01 - Prosecutors Launch Investigation Into Company That Put Malware on Google Play Store
2019-04-02 - A LockerGoga primer and decrypters for Mira and Aurora ransomwares
2019-04-02 - Canadian Police Raid ‘Orcus RAT’ Author
2019-04-02 - New ServHelper Variant Employs Excel 4.0 Macro to Drop Signed Payload
2019-04-02 - Report- OceanLotus APT Group Leveraging Steganography
2019-04-02 - Triple Threat- Emotet Deploys Trickbot to Steal Data & Spread Ryuk
2019-04-02 - Xwo - A Python-based bot scanner
2019-04-03 - Allanite
2019-04-03 - Possible ShadowHammer Targeting (Low Confidence)
2019-04-03 - RAT - Hodin
2019-04-04 - BasBanke- Trend-setting Brazilian banking Trojan
2019-04-04 - Bayer points finger at Wicked Panda in cyberattack
2019-04-04 - IcedID Banking Trojan Spruces Up Injection Tactics to Add Stealth
2019-04-04 - Mimikatz in the Wild- Bypassing Signature-Based Detections Using the “AK47 of Cyber”
2019-04-05 - Pick-Six- Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware
2019-04-05 - Spammed PNG file hides LokiBot
2019-04-05 - Ursnif- The Latest Evolution of the Most Popular Banking Malware
2019-04-07 - Emotet malware analysis. Part 2
2019-04-07 - Mobile Malware Analysis - Tricks used in Anubis
2019-04-08 - Mirai Compiled for New Processors Surfaces in the Wild
2019-04-09 - Collection of helper scripts for OceanLotus
2019-04-09 - Cybercrime market selling full digital fingerprints of over 60,000 users
2019-04-09 - Gustuff banking botnet targets Australia
2019-04-09 - LimeRAT spreads in the wild
2019-04-09 - OceanLotus- macOS malware update
2019-04-09 - Say hello to Baldr, a new stealer on the market
2019-04-10 - Floodor- A Linux TCP - UDP Flooder
2019-04-10 - Lazarus Group rises again from the digital grave with Hoplight malware for all
2019-04-10 - Malware Analysis Report (AR19-100A)- North Korean Trojan- HOPLIGHT
2019-04-10 - OSINT Reporting Regarding DPRK and TA505 Overlap
2019-04-10 - Project TajMahal – a sophisticated new APT framework
2019-04-10 - TRISIS - TRITON - HatMan Malware Repository
2019-04-10 - The Gaza cybergang and its SneakyPastes campaign
2019-04-11 - Ave_Maria Malware- there's more than meets the eye
2019-04-11 - Lazarus rises- Warning over new HOPLIGHT malware linked with North Korea
2019-04-11 - The official website of a popular video editing software was infected with a banking trojan
2019-04-11 - Two Romanian Cybercriminals Convicted of All 21 Counts Relating to Infecting Over 400,000 Victim Computers with Malware and Stealing Millions of Dollars
2019-04-12 - Analysis of an IRC based Botnet
2019-04-12 - Emotet Malware Revives Old Email Conversations Threads to Increase Infection Rates
2019-04-13 - Decoded Turla Powershell Implant
2019-04-15 - A hacker has dumped nearly one billion user records over the past two months
2019-04-15 - Account With Admin Privileges Abused to Install BitPaymer Ransomware via PsExec
2019-04-15 - Cobalt Strike. Walkthrough for Red Teamers
2019-04-15 - New HawkEye Reborn Variant Emerges Following Ownership Change
2019-04-16 - DNS Tunneling in the Wild- Overview of OilRig’s DNS Tunneling
2019-04-16 - Inside Scranos – A Cross Platform, Rootkit-Enabled Spyware Operation
2019-04-16 - Spear Phishing Campaign Targets Ukraine Government and Military; Infrastructure Reveals Potential Link to So-Called Luhansk People's Republic
2019-04-17 - Aggah Campaign- Bit.ly, BlogSpot, and Pastebin Used for C2 in Large Scale Campaign
2019-04-17 - DNS Hijacking Abuses Trust In Core Internet Service
2019-04-18 - APT28 and Upcoming Elections- Evidence of Possible Interference (Part II)
2019-04-18 - Predator the Thief- New Routes of Delivery
2019-04-19 - Security researcher MalwareTech pleads guilty
2019-04-19 - TDL (Turla Driver Loader) Repository
2019-04-22 - Analyzing Emotet with Ghidra — Part 1
2019-04-22 - C-C++ Runtime Library Code Tampering in Supply Chain
2019-04-22 - CARBANAK Week Part One- A Rare Occurrence
2019-04-22 - Dissecting Emotet’s network communication protocol
2019-04-22 - FINTEAM- Trojanized TeamViewer Against Government Targets
2019-04-22 - Unpacking & Decrypting FlawedAmmyy
2019-04-22 - Who’s Behind the RevCode WebMonitor RAT-
2019-04-23 - APT34- webmask project
2019-04-23 - DNSpionage brings out the Karkoff
2019-04-23 - Operation ShadowHammer- a high-profile supply chain attack
2019-04-24 - Beapy- Cryptojacking Worm Hits Enterprises in China
2019-04-24 - Deobfuscating APT32 Flow Graphs with Cutter and Radare2
2019-04-25 - Chinese-based hackers attack domestic energy institutions
2019-04-25 - Emotet Adds New Evasion Technique
2019-04-25 - JasperLoader Emerges, Targets Italy with Gootkit Banking Trojan
2019-04-25 - Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware
2019-04-26 - A Closer Look at the RobbinHood Ransomware
2019-04-26 - GitHub hosted Magecart skimmer used against hundreds of e-commerce sites
2019-04-27 - Analyzing Amadey
2019-04-29 - Where is Emotet- Latest geolocation data
2019-04-30 - APT 40
2019-04-30 - Behind the Scenes with OilRig
2019-04-30 - Buhtrap backdoor and Buran ransomware distributed via major advertising platform
2019-04-30 - Raw Threat Intelligence 2019-04-30- Oilrig data dump link analysis
2019-04-30 - Sodinokibi ransomware exploits WebLogic Server vulnerability
2019-05 - Hancitor's Packer Damystified
2019-05-01 - FrameworkPOS and the adequate persistent threat
2019-05-02 - 2019- The Return of Retefe
2019-05-02 - APT34- Glimpse project
2019-05-02 - Detricking TrickBot Loader
2019-05-02 - FormBook - Hiding in plain sight
2019-05-02 - Goblin Panda continues to target Vietnam
2019-05-02 - Qakbot levels up with new obfuscation techniques
2019-05-03 - Let’s nuke Megumin Trojan
2019-05-03 - Mirrorthief Group Uses Magecart Skimming Attack to Hit Hundreds of Campus Online Stores in US and Canada
2019-05-03 - “MegaCortex” ransomware wants to be The One
2019-05-05 - Unpacking NanoCore Sample Using AutoIT
2019-05-07 - Buckeye- Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak
2019-05-07 - CVE-2019-3396 Redux- Confluence Vulnerability Exploited to Deliver Cryptocurrency Miner With Rootkit
2019-05-07 - MegaCortex Ransomware Spotted Attacking Enterprise Networks
2019-05-07 - SystemdMiner,when a botnet borrows another botnet’s infrastructure
2019-05-07 - Turla LightNeuron- An email too far
2019-05-07 - Vulnerable Apache Jenkins exploited in the wild
2019-05-07 - “Filesnfer” Tool (C#, Python)
2019-05-08 - A new threat for macOS spreads as WhatsApp
2019-05-08 - Dharma Ransomware Uses AV Tool to Distract from Malicious Activities
2019-05-08 - FIN7.5- the infamous cybercrime rig “FIN7” continues its activities
2019-05-08 - Fin7 hacking group targets more than 130 companies after leaders’ arrest
2019-05-08 - Get Smart with Enhanced Memory Dumping in VMRay Analyzer 3.0
2019-05-08 - “RobbinHood” ransomware takes down Baltimore City government networks
2019-05-09 - Chinese national indicted for 2015 Anthem breach
2019-05-09 - Deflect Labs Report #6- Phishing and Web Attacks Targeting Uzbek Human Right Activists and Independent Media
2019-05-09 - Donut - Injecting .NET Assemblies as Shellcode
2019-05-09 - Github Repository of AbSent-Loader
2019-05-09 - Malware Analysis Report (AR19-129A)
2019-05-09 - New KPOT v2.0 stealer brings zero persistence and in-memory features to silently steal credentials
2019-05-09 - New leaks of Iranian cyber-espionage operations hit Telegram and the Dark Web
2019-05-09 - RobinHood Ransomware “CoolMaker” Functions Not So Cool
2019-05-09 - Strange Bits- HTML Smuggling and GitHub Hosted Malware
2019-05-09 - Technical Analysis- Pacha Group Competing against Rocke Group for Cryptocurrency Mining Foothold on the Cloud
2019-05-09 - Top-Tier Russian Hacking Collective Claims Breaches of Three Major Anti-Virus Companies
2019-05-09 - Tracking One Year of Malicious Tor Exit Relay Activities (Part II)
2019-05-10 - Exploring Mimikatz - Part 1 - WDigest
2019-05-10 - MegaCortex, deconstructed- mysteries mount as analysis continues
2019-05-12 - Lime Downloader v4.2
2019-05-13 - A Look At Hworm - Houdini aka Njrat
2019-05-13 - ScarCruft continues to evolve, introduces Bluetooth harvester
2019-05-14 - Plead malware distributed via MitM attacks at router level, misusing ASUS WebStorage
2019-05-14 - Reaver- Mapping Connections Between Disparate Chinese APT Groups
2019-05-14 - Return of Watchbog- Exploiting Jenkins CVE-2018-1000861
2019-05-14 - The Rise of Dridex and the Role of ESPs
2019-05-15 - Threat Actor Profile- TA542, From Banker to Malware Distribution Service
2019-05-16 - GozNym Closure Comes in the Shape of a Europol and DOJ Arrest Operation
2019-05-16 - GozNym Cyber-Criminal Network Operating out of Europe Targeting American Entities Dismantled in International Operation
2019-05-16 - Goznym Indictments – action following on from successful Avalanche Operations
2019-05-16 - The Stealthy Email Stealer in the TA505 Arsenal
2019-05-17 - TeamViewer Confirms Undisclosed Breach From 2016
2019-05-19 - Skreddersydd dobbeltangrep mot Hydro
2019-05-20 - Malware Against the C Monoculture
2019-05-20 - Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques
2019-05-22 - A journey to Zebrocy land
2019-05-22 - Shade Ransomware Hits High-Tech, Wholesale, Education Sectors in U.S, Japan, India, Thailand, Canada
2019-05-22 - TRICKBOT - Analysis
2019-05-23 - Analysing -Retefe- with Sysmon and Splunk
2019-05-23 - One year later- The VPNFilter catastrophe that wasn't
2019-05-23 - Sorpresa! JasperLoader targets Italy with a new bag of tricks
2019-05-24 - Directed attacks against MySQL servers deliver ransomware
2019-05-24 - Overview of Proton Bot, another loader in the wild!
2019-05-24 - Uncovering new Activity by APT10
2019-05-25 - Analyzing ISFB - The Second Loader
2019-05-25 - Fas-Disassembler for Visuallisp 0.8
2019-05-28 - Emissary Panda Attacks Middle East Government Sharepoint Servers
2019-05-28 - FlawedAmmyy
2019-05-28 - Threat Research- New Rocke Variant Ready to Box Any Mining Challengers
2019-05-29 - A dive into Turla PowerShell usage
2019-05-29 - HiddenWasp Malware Stings Targeted Linux Systems
2019-05-29 - TA505 is Expanding its Operations
2019-05-30 - 10 years of virtual dynamite- A high-level retrospective of ATM malware
2019-05-30 - Bug in Malware “TSCookie” - Fails to Read Configuration - (Update)
2019-05-31 - Hidden Bee- Let’s go down the rabbit hole
2019-05-31 - Thưởng tết….
2019-06-01 - GandCrab Ransomware Shutting Down After Claiming to Earn $2 Billion
2019-06-03 - GandCrab ransomware operators put in retirement papers
2019-06-03 - Into the Fog - The Return of ICEFOG APT
2019-06-03 - Report- No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware
2019-06-03 - Varonis Exposes Global Cyber Campaign- C2 Server Actively Compromising Thousands of Victims
2019-06-03 - Zebrocy’s Multilanguage Malware Salad
2019-06-04 - 2019-06-04 Advisory- Windigo attacks
2019-06-04 - Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vitali Kremez
2019-06-04 - Magecart skimmers found on Amazon CloudFront CDN
2019-06-04 - Taking a look at Baldr stealer
2019-06-04 - Threat Spotlight- Analyzing AZORult Infostealer Malware
2019-06-05 - Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities
2019-06-05 - Possible Turla HTTP Listener
2019-06-05 - Upgraded JasperLoader Infecting Machines with New Targets & Functional Improvements- What You Need to Know
2019-06-06 - A Deep Dive into the Emotet Malware
2019-06-06 - APT34- Jason project
2019-06-06 - Google confirms that advanced backdoor came preinstalled on Android devices
2019-06-06 - New Mirai Variant Adds 8 New Exploits, Targets Additional IoT Devices
2019-06-06 - PHA Family Highlights- Triada
2019-06-08 - The Evolution of Aggah- From Roma225 to the RG Campaign
2019-06-08 - Vanilla RAT
2019-06-10 - MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools
2019-06-10 - Threat Spotlight- MenuPass-QuasarRAT Backdoor
2019-06-11 - CPU miner for Litecoin and Bitcoin
2019-06-11 - The InterPlanetary Storm- New Malware in Wild Using InterPlanetary File System’s (IPFS) p2p network
2019-06-13 - Advanced Notification of Cyber Threats against Family of Malware Giving Remote Access to Computers
2019-06-13 - Hunting and detecting Cobalt Strike
2019-06-13 - New Pervasive Worm Exploiting Linux Exim Server Vulnerability
2019-06-13 - pyLocky Decryptor Released by French Authorities
2019-06-14 - Houdini Worm Transformed in New Phishing Attack
2019-06-14 - Malware Tales- Sodinokibi
2019-06-16 - A Deep Dive Into IcedID Malware- Part II - Analysis of the Core IcedID Payload (Parent Process)
2019-06-16 - APT34 Tools Leak
2019-06-17 - Good riddance, GandCrab! We’re still fixing the mess you left behind
2019-06-18 - Analysis of a New HawkEye Variant
2019-06-18 - Mobile Campaign ‘Bouncing Golf’ Affects Middle East
2019-06-18 - Plurox- Modular backdoor
2019-06-19 - Check Point’s Threat Emulation Stops Large-Scale Phishing Campaign in Germany
2019-06-19 - URLZone top malware in Japan, while Emotet and LINE Phishing round out the landscape
2019-06-20 - DanaBot Demands a Ransom Payment
2019-06-20 - Waterbug- Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments
2019-06-21 - An Analysis of Linux.Ngioweb Botnet
2019-06-24 - GandCrab Threat Actors Retire...Maybe
2019-06-24 - LimeRAT - Simple, yet powerful remote administration tool for Windows (RAT)
2019-06-24 - Ransomware REvil - Sodinokibi- Technical analysis and Threat Intelligence Report
2019-06-25 - Analyzing Ursnif’s Behavior Using a Malware Sandbox
2019-06-25 - More AgentTesla keylogger and Nanocore RAT in one bundle
2019-06-25 - OPERATION SOFT CELL- A WORLDWIDE CAMPAIGN AGAINST TELECOMMUNICATIONS PROVIDERS
2019-06-25 - Ransomware strain Troldesh spikes again – Avast tracks new attacks
2019-06-25 - Rig Exploit Kit sends Pitou.B Trojan
2019-06-25 - Riltok mobile Trojan- A banker with global reach
2019-06-26 - New Silex Malware Trashes IoT Devices Using Default Passwords
2019-06-26 - ViceLeaker Operation- mobile espionage targeting Middle East
2019-06-27 - Criminals, ATMs and a cup of coffee
2019-06-27 - Inter- Skimmer For All
2019-06-27 - Tracking driver inventory to unearth rootkits
2019-07-01 - An Analysis of Godlua Backdoor
2019-07-01 - Remote_Shell- A linux remote shell program.
2019-07-01 - Robbinhood Malware Analysis with Radare2
2019-07-01 - Threat Spotlight- Ratsnif - New Network Vermin from OceanLotus
2019-07-02 - LooCipher- The New Infernal Ransomware
2019-07-02 - TA505 begins summer campaigns with a new pet malware downloader, AndroMut, in the UAE, South Korea, Singapore, and the United States
2019-07-03 - BianLian- A New Wave Emerges
2019-07-03 - Lilocked Ransomware
2019-07-03 - Sodin ransomware exploits Windows vulnerability and processor architecture
2019-07-08 - Analyzing KSL0T Turlas Keylogger Part 1
2019-07-08 - Analyzing KSL0T Turlas Keylogger Part 2
2019-07-08 - Dismantling a fileless campaign- Microsoft Defender ATP’s Antivirus exposes Astaroth attack
2019-07-08 - Malicious campaign targets South Korean users with backdoor‑laced torrents
2019-07-08 - Who’s Behind the GandCrab Ransomware-
2019-07-09 - A Deep Dive Into IcedID Malware- Part I - Unpacking, Hooking and Process Injection
2019-07-09 - Operation Newscaster
2019-07-09 - Sea Turtle Keeps on Swimming
2019-07-09 - Spear Phishing against Cryptocurrency Businesses
2019-07-09 - The 2019 Resurgence of Smokeloader
2019-07-10 - Flirting With IDA and APT28
2019-07-10 - How We Seized 15 Active Ransomware Campaigns Targeting Linux File Storage Servers
2019-07-10 - LooCipher- Can Encrypted Files Be Recovered From Hell-
2019-07-10 - New FinSpy iOS and Android implants revealed ITW
2019-07-10 - The eCh0raix Ransomware
2019-07-11 - Buhtrap group uses zero‑day in latest espionage campaigns
2019-07-11 - Recent AZORult activity
2019-07-11 - Threat Actor Profile- TA544 targets geographies from Italy to Japan with a range of malware
2019-07-12 - BitPaymer Source Code Fork- Meet DoppelPaymer Ransomware and Dridex 2.0
2019-07-12 - TrickBooster – TrickBot’s Email-Based Infection Module
2019-07-13 - Free Tool- LooCipher Decryptor
2019-07-15 - Is there a pattern-
2019-07-15 - Is ‘REvil’ the New GandCrab Ransomware-
2019-07-15 - SWEED- Exposing years of Agent Tesla campaigns
2019-07-15 - Threat Spotlight- Virlock Polymorphic Ransomware
2019-07-16 - Analysis- Server-side polymorphism & PowerShell backdoors
2019-07-16 - The Avast Abuser- Metamorfo Banking Malware Hides By Abusing Avast Executable
2019-07-17 - EvilGnome- Rare Malware Spying on Linux Desktop Users
2019-07-17 - Who is Mr Guo-
2019-07-18 - Android Malware Analysis - Dissecting Hydra Dropper
2019-07-18 - Hard Pass- Declining APT34’s Invite to Join Their Professional Network
2019-07-18 - Okrum- Ke3chang group targets diplomatic missions
2019-07-18 - ZLab - LooCipher Decryption Tool
2019-07-19 - An Analysis of L0rdix RAT, Panel and Builder
2019-07-19 - Elusive MegaCortex Ransomware Found - Here is What We Know
2019-07-19 - Who is Mr Wang-
2019-07-21 - Emissary Panda DLL Backdoor
2019-07-22 - A Deep Dive Into IcedID Malware- Part III - Analysis of Child Processes
2019-07-22 - APT33 PowerShell Malware
2019-07-22 - BrushaLoader still sweeping up victims one year later
2019-07-22 - The Lazarus Injector
2019-07-22 - Who is Mr Zeng-
2019-07-23 - Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia
2019-07-24 - A deep dive into Phobos ransomware
2019-07-24 - APT17 is run by the Jinan bureau of the Chinese Ministry of State Security
2019-07-24 - Attacking the Heart of the German Industry
2019-07-24 - GuessWho Ransomware – A Variant of Rapid Ransomware
2019-07-24 - Resurgent Iron Liberty Targeting Energy Sector
2019-07-24 - Updated Karagany Malware Targets Energy Sector
2019-07-24 - Watching the WatchBog- New BlueKeep Scanner and Linux Exploits
2019-07-24 - Winnti analysis
2019-07-25 - Encore! APT17 hacked Chinese targets and offered the data for sale
2019-07-25 - Unmasking AVE_MARIA
2019-07-26 - Turla Indicators of Compromise
2019-07-28 - Third time's the charm- Analysing WannaCry samples
2019-07-29 - An analysis of a spam distribution botnet- the inner workings of Onliner Spambot
2019-07-29 - Android ransomware is back
2019-07-30 - Picking Locky
2019-07-30 - Practical Threat Hunting and Incidence Response - A Case of A Pony Malware Infection
2019-07-31 - SystemBC is like Christmas in July for SOCKS5 Malware and Exploit Kits
2019-07-31 - TFW Ransomware is only your side hustle...
2019-08-01 - APT trends report Q2 2019
2019-08-01 - Cerberus - A New Banking Trojan from the Underworld
2019-08-01 - Clop Ransomware
2019-08-01 - Decrypting L0rdix RAT’s C2
2019-08-01 - LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing Boards
2019-08-02 - SectorE02 Updates YTY Framework in New Targeted Campaign Against Pakistan Government
2019-08-05 - Catching lateral movement in internal emails
2019-08-05 - Corporate IoT – a path to intrusion (APT28-STRONTIUM)
2019-08-05 - Latest Trickbot Campaign Delivered via Highly Obfuscated JS File
2019-08-05 - MegaCortex Ransomware Revamps for Mass Distribution
2019-08-05 - Sharpening the Machete
2019-08-06 - Clipsa – Multipurpose password stealer
2019-08-06 - New Echobot Botnet Variant Uses Over 50 Exploits to Propagate
2019-08-07 - APT41- A Dual Espionage and Cyber Crime Operation
2019-08-07 - MoqHao Related Android Spyware Targeting Japan and Korea Found on Google Play
2019-08-07 - New Ursnif Variant Spreading by Word Document
2019-08-08 - Saefko- A new multi-layered RAT
2019-08-08 - Varenyky- Spambot à la Française
2019-08-10 - GermanWiper's big Brother- GandGrab's kid - Sodinokibi!
2019-08-10 - SELECT code_execution FROM USING SQLite;
2019-08-12 - An Overview of Public Platform C2’s
2019-08-12 - PsiXBot Continues to Evolve with Updated DNS Infrastructure
2019-08-12 - Recent Cloud Atlas activity
2019-08-12 - Trojaner Emotet greift Unternehmensnetzwerke an
2019-08-13 - The state of advanced code injections
2019-08-14 - In the Balkans, businesses are under fire from a double‑barreled weapon
2019-08-15 - Analysis- New Remcos RAT Arrives Via Phishing Email
2019-08-15 - Gootkit Banking Trojan - Deep Dive into Anti-Analysis Features
2019-08-15 - MICROPSIA (APT-C-23)
2019-08-15 - The Hidden Bee infection chain, part 1- the stegano pack
2019-08-16 - Warning As Devious New Android Malware Hides In Fake Adobe Flash Player Installations (Updated)
2019-08-19 - Banking trojan Bolik spreads disguised as the NordVPN app
2019-08-19 - GAME OVER- Detecting and Stopping an APT41 Operation
2019-08-19 - Konni APT organization emerges as an attack disguised as Russian document
2019-08-20 - Lazarus Continues 'Movie Coin' Campaign Disguised as Calling Document Request
2019-08-20 - Merlin (BETA)
2019-08-20 - Source code- TinyMet
2019-08-21 - Finding Neutrino
2019-08-21 - Kelihos botnet
2019-08-22 - APT34- The Helix Kitten Cybercriminal Group Loves to Meow Middle Eastern and International Organizations
2019-08-22 - Asruex Backdoor Variant Infects Word Documents and PDFs Through Old MS Office and Adobe Vulnerabilities
2019-08-22 - First‑of‑its‑kind spyware sneaks into Google Play
2019-08-22 - Pupy RAT
2019-08-23 - Ransomware Attacks Are Testing Resolve of Cities Across America
2019-08-24 - Notes on Nemty Ransomware
2019-08-24 - Windows worms. Forbix worm analysis
2019-08-25 - Nanocor Sample
2019-08-26 - APT-C-09 Reappeared as Conflict Intensified Between India and Pakistan
2019-08-26 - Memory Analysis of TrickBot
2019-08-26 - New Nemty Ransomware May Spread via Compromised RDP Connections
2019-08-26 - The DAA File Format
2019-08-27 - China Chopper still active 9 years later
2019-08-27 - LYCEUM Takes Center Stage in Middle East Campaign
2019-08-27 - TA505 At It Again- Variety is the Spice of ServHelper and FlawedAmmyy
2019-08-27 - TrickBot Modifications Target U.S. Mobile Users
2019-08-28 - Inside the APT28 DLL Backdoor Blitz
2019-08-28 - Other day other malware in the way (died.exe)
2019-08-28 - Putting an end to Retadup- A malicious worm that infected hundreds of thousands
2019-08-28 - RAT Ratatouille- Backdooring PCs with leaked RATs
2019-08-29 - Fully equipped Spying Android RAT from Brazil- BRATA
2019-08-29 - Gootkit Banking Trojan - Part 2- Persistence & Other Capabilities
2019-08-29 - Implant Teardown
2019-08-29 - More_eggs, Anyone- Threat Actor ITG08 Strikes Again
2019-08-29 - SectorJ04 Group’s Increased Activity in 2019
2019-08-30 - A Look Inside the Highly Profitable Sodinokibi Ransomware Business
2019-08-30 - DarkComet v5.3.1
2019-08-30 - Github Repository of Octopus
2019-08-30 - RAT.Android.OmniRAT
2019-08-30 - njRAT builders
2019-09-02 - Digital Crackdown- Large-Scale Surveillance and Exploitation of Uyghurs
2019-09-02 - Revealed- How a secret Dutch mole aided the U.S.-Israeli Stuxnet cyberattack on Iran
2019-09-03 - Deobfuscating Ostap- TrickBot’s 34,000 Line JavaScript Downloader
2019-09-03 - Nemty Ransomware Gets Distribution from RIG Exploit Kit
2019-09-04 - FunkyBot- A New Android Malware Family Targeting Japan
2019-09-04 - Glupteba Campaign Hits Network Routers and Updates C&C Servers with Data from Bitcoin Transactions
2019-09-05 - Netwalker Ransomware
2019-09-05 - Seems Phishy- Back to School Lures Target University Students and Staff
2019-09-05 - l0rdix C2 traffic decryptor
2019-09-06 - Lilocked Ransomware Actively Targeting Servers and Web Sites
2019-09-06 - PsiXBot Now Using Google DNS over HTTPS and Possible New Sexploitation Module
2019-09-07 - Malicious RATatouille
2019-09-07 - Thousands Of Linux Servers Infected By Lilu (Lilocked) Ransomware
2019-09-08 - Fake PayPal Site Spreads Nemty Ransomware
2019-09-09 - Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study
2019-09-09 - Malware Analysis Report (AR19-252A)
2019-09-09 - ‘Purple Fox’ Fileless Malware with Rookit Component Delivered by Rig Exploit Kit Now Abuses PowerShell
2019-09-10 - Gamaredon Analysis
2019-09-10 - Mirai Botnet Continues to Plague IoT Space
2019-09-11 - COBALT DICKENS Goes Back to School…Again
2019-09-11 - Ryuk Related Malware Steals Confidential Military, Financial Files
2019-09-11 - Vulnerable Private Networks- Corporate VPNs Exploited in the Wild
2019-09-11 - Watchbog and the Importance of Patching
2019-09-12 - InnfiRAT- A new RAT aiming for your cryptocurrency and more
2019-09-12 - Ostap Deobfuscation script
2019-09-12 - The tangle of WiryJMPer’s obfuscation
2019-09-13 - Machete
2019-09-14 - WSH RAT (A variant of H-Worm-Houdini)
2019-09-16 - Emotet is back- botnet springs back to life with new spam campaign
2019-09-17 - Cryptocurrency miners aren’t dead yet- Documenting the voracious but simple “Panda”
2019-09-17 - Nemty Ransomware 1.0- A Threat in its Early Stage
2019-09-17 - TFlower Ransomware - The Latest Attack Targeting Businesses
2019-09-18 - Chirp of the PoisonFrog
2019-09-18 - Malware Used by BlackTech after Network Intrusion
2019-09-18 - The WannaCry hangover
2019-09-18 - Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks
2019-09-19 - Emissary Panda APT- Recent infrastructure and RAT analysis
2019-09-19 - Fileless Cryptocurrency-Miner GhostMiner Weaponizes WMI Objects, Kills Other Cryptocurrency-Mining Payloads
2019-09-19 - Hagga of SectorH01 continues abusing Bitly, Blogger and Pastebin to deliver RevengeRAT and NanoCore
2019-09-19 - Lilith
2019-09-20 - Mac Malware that Spoofs Trading App Steals User Information, Uploads it to Website
2019-09-20 - Multiple signatures 032
2019-09-20 - Russian Cybercrime Group FullofDeep Behind QNAPCrypt Ransomware Campaigns
2019-09-20 - TFlower Ransomware Campaign
2019-09-22 - LookBack Forges Ahead- Continued Targeting of the United States’ Utilities Sector Reveals Additional Adversary TTPs
2019-09-22 - Rancor- The Year of The Phish
2019-09-23 - Diving into Pluroxs DNS based protection layer
2019-09-23 - Hello! My name is Dtrack
2019-09-23 - xHunt Campaign- Attacks on Kuwait Shipping and Transportation Organizations
2019-09-24 - APT or not APT- What's Behind the Aggah Campaign
2019-09-24 - How Tortoiseshell created a fake veteran hiring website to host malware
2019-09-24 - Iranian Government Hackers Target US Veterans
2019-09-24 - Missing Link Tibetan Groups Targeted with 1-Click Mobile Exploits
2019-09-24 - No summer vacations for Zebrocy
2019-09-24 - REvil- The GandCrab Connection
2019-09-24 - REvil-Sodinokibi Ransomware
2019-09-24 - Return of the Mummy - Welcome back, Emotet
2019-09-25 - Ransomware- two pieces of good news
2019-09-26 - Bring your own LOLBin- Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware
2019-09-26 - Divergent- -Fileless- NodeJS Malware Burrows Deep Within the Host
2019-09-26 - Masad Stealer- Exfiltrating using Telegram
2019-09-26 - New WhiteShadow downloader uses Microsoft SQL to retrieve malware
2019-09-28 - MMD-0064-2019 - Linux-AirDropBot
2019-09-30 - HELO Winnti- Attack or Scan-
2019-10 - Geost botnet. The story of the discovery of a new Android banking trojan from an OpSec error
2019-10-01 - Lemon_Duck PowerShell malware cryptojacks enterprise networks
2019-10-01 - Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany
2019-10-01 - New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign
2019-10-02 - Another Lazarus Injector
2019-10-02 - Domestic Kitten- an Iranian surveillance program
2019-10-02 - Malware Tales- FTCODE
2019-10-02 - McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us
2019-10-02 - Nicht so goot - Breaking down Gootkit and Jasper (+ FTCODE)
2019-10-02 - Servers botnet offline
2019-10-03 - AVIVORE – Hunting Global Aerospace through the Supply Chain
2019-10-03 - COMpfun successor Reductor infects files on the fly to compromise TLS traffic
2019-10-03 - Context Identifies new AVIVORE threat group
2019-10-03 - New threat group behind Airbus cyber attacks, claim researchers
2019-10-03 - PKPLUG- Chinese Cyber Espionage Group Attacking Asia
2019-10-03 - Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC
2019-10-04 - ScareCrow Ransomware
2019-10-06 - Go under the hood- Eris Ransomware
2019-10-08 - Một sample nhắm vào Bank ở VN
2019-10-09 - FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops
2019-10-10 - Analysis of the new TA505 campaign
2019-10-10 - ESET discovers Attor, a spy platform with curious GSM fingerprinting
2019-10-10 - Mahalo FIN7- Responding to the Criminal Operators’ New Tools and Techniques
2019-10-10 - Nemty Ransomware Decryptor Released, Recover Files for Free
2019-10-10 - Nemty update- decryptors for Nemty 1.5 and 1.6
2019-10-10 - New espionage malware found targeting Russian-speaking users in Eastern Europe
2019-10-10 - Sophisticated Spy Kit Targets Russians with Rare GSM Plugin
2019-10-10 - xHunt Campaign- New PowerShell Backdoor Blocked Through DNS Tunnel Detection
2019-10-11 - Mespinoza Ransomware
2019-10-11 - За российскими дипломатами 7 лет следят с помощью шпионского ПО
2019-10-12 - Pass the AppleJeus
2019-10-14 - Corona DDoS bot
2019-10-14 - Is Emotet gang targeting companies with external SOC-
2019-10-14 - Threat Actor Profile- TA407, the Silent Librarian
2019-10-15 - Blackremote- Money Money Money – A Swedish Actor Peddles an Expensive New RAT
2019-10-15 - MedusaLocker Ransomware
2019-10-16 - APT15
2019-10-16 - LNKR- More than Just a Browser Extension
2019-10-16 - TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader
2019-10-16 - TA505 Timeline
2019-10-17 - Let's Learn- Dissecting Lazarus Windows x86 Loader Involved in Crypto Trading App Distribution- -snowman- & ADVObfuscator
2019-10-17 - Operation Ghost- The Dukes aren’t back – they never left
2019-10-17 - The Untold Story of the 2018 Olympics Cyberattack, the Most Deceptive Hack in History
2019-10-18 - Maze Ransomware Now Delivered by Spelevo Exploit Kit
2019-10-18 - TrickBot variant “Anchor_DNS” communicating over DNS
2019-10-19 - ABCD Ransomware LockBit Ransomware
2019-10-19 - 商用RATのエコシステム- Unit 42、高機能商用RAT Blackremote RATの作者を公開後数日で特定
2019-10-20 - InfoDot Ransomware
2019-10-20 - McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo
2019-10-21 - Advisory- Turla group exploits Iranian APT to expand coverage of victims
2019-10-21 - Gustuff return, new features for victims
2019-10-21 - New Variant of Remcos RAT Observed In the Wild
2019-10-21 - Shikata Ga Nai Encoder Still Going Strong
2019-10-21 - Winnti Group’s skip‑2.0- A Microsoft SQL Server backdoor
2019-10-22 - New PatchWork Spearphishing Attack
2019-10-23 - Mobile Malware and APT Espionage- Prolific, Pervasive, and Cross-Platform
2019-10-23 - PwndLocker Ransomware
2019-10-23 - Spoofing in the reeds with Rietspoof
2019-10-24 - 10-24-2019 - APT28- Targeted attacks against mining corporations in Kazakhstan
2019-10-24 - FTdecryptor- a simple password-based FTCODE decryptor
2019-10-24 - How TrickBot Malware Hooking Engine Targets Windows 10 Browsers
2019-10-24 - Hunting Raccoon- The new Masked Bandit on the Block
2019-10-24 - Tracking down the developer of Android adware affecting millions of users
2019-10-25 - HDMR, GO-SPORT
2019-10-25 - New FuxSocy Ransomware Impersonates the Notorious Cerber
2019-10-25 - The Deep Dive Malware Analysis Approach
2019-10-26 - Earn-quick-BTC-with-Hiddentear.mp4 - About Open Source Ransomware
2019-10-28 - SWEED Targeting Precision Engineering Companies in Italy
2019-10-29 - Osiris, the god of afterlife...and banking malware-!
2019-10-29 - ShadeDecryptor tool
2019-10-29 - TRICKBOT - Analysis Part II
2019-10-29 - Threat Spotlight- Neshta File Infector Endures
2019-10-30 - Emotet is back in action after a short break
2019-10-31 - Calypso APT- new group attacking state institutions
2019-10-31 - Dynamic Imports and Working Around Indirect Calls - Smokeloader Study Case
2019-10-31 - MESSAGETAP- Who’s Reading Your Text Messages-
2019-10-31 - Malware Analysis Report (AR19-304A)
2019-11-01 - Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium
2019-11-01 - Ginp - A Malware Patchwork Borrowing From Anubis
2019-11-01 - WIZARD SPIDER Adds New Features to Ryuk for Targeting Hosts on LAN
2019-11-03 - DTrack
2019-11-04 - Hakbit Ransomware
2019-11-04 - Is Lazarus-APT38 Targeting Critical Infrastructures-
2019-11-04 - Nemty Ransomware Expands Its Reach, Also Delivered by Trik Botnet
2019-11-05 - Brief analysis of Redaman Banking Malware (v0.6.0.2) Sample
2019-11-05 - Buran Ransomware; the Evolution of VegaLocker
2019-11-05 - DADJOKE
2019-11-05 - DarkUniverse – the mysterious APT framework #27
2019-11-05 - Hospital cyberattack could have been avoided
2019-11-05 - New Megacortex Ransomware Changes Windows Passwords, Threatens to Publish Data
2019-11-05 - Try not to stare - MedusaLocker at a glance
2019-11-06 - Emotet, Trickbot, Ryuk – ein explosiver Malware-Cocktail
2019-11-06 - Outil de déchiffrement du rançongiciel (ransomware) PyLocky versions 1 et 2
2019-11-06 - Spanish consultancy Everis suffers BitPaymer ransomware attack- a brief analysis
2019-11-07 - Swen (computer worm)
2019-11-08 - Wikipedia Entry on Equation Group
2019-11-08 - Wireshark Tutorial- Examining Trickbot Infections
2019-11-09 - API-Hashing in the Sodinokibi-Revil Ransomware - Why and How-
2019-11-09 - APT34 Event Analysis Report
2019-11-11 - APT cases exploiting vulnerabilities in region‑specific software
2019-11-11 - Revenge Is A Dish Best Served… Obfuscated-
2019-11-12 - PureLocker- New Ransomware-as-a-Service Being Used in Targeted Attacks Against Servers
2019-11-12 - Reversing Qakbot
2019-11-12 - The DGA of QSnatch
2019-11-12 - Weeding out WannaMine v4.0- Analyzing and Remediating This Mineware Nightmare
2019-11-13 - AnteFrigus Ransomware
2019-11-14 - MITRE ATT&CKcon 2.0- How a Threat Hunting Team Has Upgraded Its Use of ATT&CK
2019-11-14 - TA2101 plays government imposter to distribute malware to German, Italian, and US organizations
2019-11-15 - New NextCry Ransomware Encrypts Data on NextCloud Linux Servers
2019-11-16 - Fresh PlugX October 2019
2019-11-16 - ddoor
2019-11-18 - Brushaloader gaining new layers like a pro
2019-11-18 - Linux, Windows Users Targeted With New ACBackdoor Malware
2019-11-18 - New Ransomware Available for Targeted Attacks
2019-11-18 - Pipka Card Skimmer Removes Itself After Infecting eCommerce Sites
2019-11-18 - REWTERZ THREAT ALERT – IRANIAN APT USES JOB SCAMS TO LURE TARGETS
2019-11-18 - Surprised by Julius the Great! Disclosure of Cyrus attacks against Iran
2019-11-19 - Mispadu- Advertisement for a discounted Unhappy Meal
2019-11-19 - Phorpiex Breakdown
2019-11-19 - Quick and painless - Reversing DeathRansom - -Wacatac-
2019-11-19 - Wacatac Ransomware
2019-11-20 - MuddyWater Uses New Attack Methods in a Recent Attack Wave
2019-11-20 - New Roboto botnet emerges targeting Linux servers running Webmin
2019-11-20 - Phoenix- The Tale of the Resurrected Keylogger
2019-11-20 - The awaiting Roboto Botnet
2019-11-21 - Allied Universal Breached by Maze Ransomware, Stolen Data Leaked
2019-11-21 - GandCrab Finds DEATHRansom of the Same Appearance Following Nemty in Korea
2019-11-21 - Going Deep - A Guide to Reversing Smoke Loader Malware
2019-11-21 - IconDown – Downloader Used by BlackTech
2019-11-21 - New SectopRAT- Remote access malware utilizes second desktop to control browsers
2019-11-21 - Registers as -Default Print Monitor-, but is a malicious downloader. Meet DePriMon
2019-11-21 - Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon
2019-11-21 - STOP Ransomware- Finger weg von illegalen Software-Downloads
2019-11-22 - Trickbot Updates Password Grabber Module
2019-11-22 - TurkStatik Ransomware
2019-11-23 - Extensive hacking operation discovered in Kazakhstan
2019-11-24 - TA505 Get2 Analysis
2019-11-26 - Insights from one year of tracking a polymorphic threat
2019-11-26 - Stantinko botnet adds cryptomining to its pool of criminal activities
2019-11-27 - Threat Spotlight- Machete Info-Stealer
2019-11-27 - Кейлоггер с сюрпризом- анализ клавиатурного шпиона и деанон его разработчика
2019-11-28 - RevengeHotels- cybercrime targeting hotel front desks worldwide
2019-11-29 - Libertad y gloria - A Mexican cyber heist story - CyberCrimeCon19 Singapore
2019-11-29 - Operation ENDTRADE- Finding Multi-Stage Backdoors that TICK
2019-11-29 - The Fractured Block Campaign- CARROTBAT Used to Deliver Malware Targeting Southeast Asia
2019-12-02 - Facebook Ads Manager Targeted by New Info-Stealing Trojan
2019-12-02 - God save the Queen [...] 'cause Ransom is money - SaveTheQueen Encryptor
2019-12-02 - Imminent Monitor - a RAT Down Under
2019-12-02 - Meet PyXie- A Nefarious New Python RAT
2019-12-03 - In depth analysis of an infostealer- Raccoon
2019-12-03 - Lazarus Group Goes 'Fileless'
2019-12-03 - New version of IcedID Trojan uses steganographic payloads
2019-12-03 - Threat Actor Targeting Hong Kong Pro-Democracy Figures
2019-12-04 - Buer, a new loader emerges in the underground marketplace
2019-12-04 - How to Respond to Emotet Infection (FAQ)
2019-12-04 - Ransomware, interrupted- Sodinokibi and the supply chain
2019-12-04 - xHunt Campaign- xHunt Actor’s Cheat Sheet
2019-12-05 - APT28 Attacks Evolution
2019-12-05 - Buer Loader, new Russian loader on the market with interesting persistence
2019-12-05 - Cobalt Strike 4.0 – Bring Your Own Weaponization
2019-12-05 - PoshC2 (specifically as used by APT33)
2019-12-05 - RedRum Ransomware
2019-12-05 - Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware
2019-12-07 - NetWorm
2019-12-09 - Caution! Ryuk Ransomware decryptor damages larger files, even if you pay
2019-12-09 - Snatch Ransomware Reboots to Windows Safe Mode to Bypass AV Tools
2019-12-09 - Snatch ransomware reboots PCs into Safe Mode to bypass protection
2019-12-09 - TrickBot Campaign Uses Fake Payroll Emails to Conduct Phishing Attacks
2019-12-10 - MORPHISEC DISCOVERS CCLEANER BACKDOOR SAVING MILLIONS OF AVAST USERS
2019-12-10 - Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium
2019-12-10 - [Updated] Alert Regarding Emotet Malware Infection
2019-12-11 - A -Project.exe- that should have stayed in a drawer - MZRevenge - MaMo434376
2019-12-11 - Dropping Anchor- From a TrickBot Infection to the Discovery of the Anchor Malware
2019-12-11 - Maze Ransomware Behind Pensacola Cyberattack, $1M Ransom Demand
2019-12-11 - Story of the year 2019- Cities under ransomware siege
2019-12-11 - Waterbear Returns, Uses API Hooking to Evade Security
2019-12-11 - Zeppelin- Russian Ransomware Targets High Profile Users in the U.S. and Europe
2019-12-12 - Another Ransomware Will Now Publish Victims' Data If Not Paid
2019-12-12 - Cyber Threat Landscape in Japan – Revealing Threat in the Shadow
2019-12-12 - Cyber espionage in the Middle East- unravelling OSX.WindTail
2019-12-12 - Cybercrime Groups (FIN8) Targeting Fuel Dispenser Merchants
2019-12-12 - GALLIUM- Targeting global telecom
2019-12-12 - More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting
2019-12-12 - Mr.Peter
2019-12-13 - Elegant sLoad Carries Out Spying, Payload Delivery in BITS
2019-12-13 - LALALA InfoStealer which comes with Batch and PowerShell scripting combo
2019-12-14 - Another one for the collection - Mespinoza (Pysa) Ransomware
2019-12-15 - Ryuk Ransomware Likely Behind New Orleans Cyberattack
2019-12-16 - Momentum Botnet's Newest DDoS Attacks and IoT Exploits
2019-12-16 - Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up
2019-12-17 - Incident Response lessons from recent Maze ransomware attacks
2019-12-17 - Lazarus Group uses Dacls RAT to attack Linux platform
2019-12-17 - Nuclear Bot Author Arrested in Sextortion Case
2019-12-17 - Rancor- Cyber Espionage Group Uses New Custom Malware to Attack Southeast Asia
2019-12-17 - TA505 evolves ServHelper, uses Predator The Thief and Team Viewer Hijacking
2019-12-18 - Echobot Malware Now up to 71 Exploits, Targeting SCADA
2019-12-18 - IcedID PNG Extractor
2019-12-18 - Maze ransomware
2019-12-18 - Understanding Ransomware Series- Detecting Sodin
2019-12-19 - ChernoLocker Ransomware
2019-12-19 - Inside ‘Evil Corp,’ a $100M Cybercrime Menace
2019-12-19 - Threat spotlight- the curious case of Ryuk ransomware
2019-12-19 - [RE009] Phân tích mã độc “KẾ HOẠCH, NHIỆM VỤ TRỌNG TÂM NĂM 2020.doc” đính kèm email phishing
2019-12-20 - An Updated ServHelper Tunnel Variant
2019-12-20 - Undressing the REvil
2019-12-20 - Unveiling JsOutProx- A New Enterprise Grade Implant
2019-12-21 - How ransomware exploded in the age of Bitcoin
2019-12-21 - Shamoon 2012 Complete Analysis
2019-12-23 - DarkRat - Hacking a malware control panel
2019-12-23 - FBI Issues Alert For LockerGoga and MegaCortex Ransomware
2019-12-23 - I literally can't think of a fitting pun - MrDec Ransomware
2019-12-23 - Mozi, Another Botnet Using DHT
2019-12-23 - POS Malware Used at Fuel Pumps
2019-12-23 - Wireshark Tutorial- Examining Ursnif Infections
2019-12-24 - Gozi V3- tracked by their own stealth
2019-12-24 - Maze Ransomware Releases Files Stolen from City of Pensacola
2019-12-24 - Unpacking Payload used in Bottle EK
2019-12-24 - Warning over LockerGoga and MegaCortex ransomware attacks targeting private industry in western countries
2019-12-25 - BlackNet RAT - When you leave the Panel unprotected
2019-12-25 - Let’s play (again) with Predator the thief
2019-12-26 - FinSpy-Dokumentation
2019-12-26 - Introducing BIOLOAD- FIN7 BOOSTWRITE’s Lost Twin
2019-12-26 - Ryuk Ransomware Stops Encrypting Linux Folders
2019-12-26 - Targeting Portugal- A new trojan ‘Lampion’ has spread using template emails from the Portuguese Government Finance & Tax
2019-12-28 - The Tale of the Pija-Droid Firefinch
2019-12-29 - BRONZE PRESIDENT Targets NGOs
2019-12-29 - Unnamed 1
2019-12-31 - Cuba Ransomware
2019-12-31 - Fuel Pumps II – PoSlurp.B
Malware Analysis 2020
2020-01-01 - New Destructive Wiper “ZeroCleare” Targets Energy Sector in the Middle East2020-01-01 - Repository for Python Server for PoshC2
2020-01-01 - The Mac Malware of 2019
2020-01-02 - -Nice decorating. Let me guess, Satan-- - Dot - MZP Ransomware
2020-01-02 - DeathRansom Part II- Attribution
2020-01-02 - The Curious Case of DeathRansom- Part I
2020-01-03 - Nice One, Dad- Dissecting A Rare Malware Used By Leviathan
2020-01-03 - Waterbear, a cyber espionage virus, has a new variant with its own anti-virus function
2020-01-06 - First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group
2020-01-06 - Pyrogenic Infostealer static analysis – Part 0x1
2020-01-06 - Sodinokibi Ransomware Hits Travelex, Demands $3 Million
2020-01-07 - Clop ransomware Notes
2020-01-07 - DarkRat v2.2.0
2020-01-07 - Hold My Beer Mirai – Spinoff Named ‘LiquorBot’ Incorporates Cryptomining
2020-01-07 - Powershell Static Analysis & Emotet results
2020-01-08 - Leonardo S.p.A. Data Breach Analysis
2020-01-08 - Naive IoT botnet wastes its time mining cryptocurrency
2020-01-08 - Operation AppleJeus Sequel
2020-01-08 - SNAKE Ransomware Is the Next Threat Targeting Business Networks
2020-01-08 - Threat Spotlight- Amadey Bot Targets Non-Russian Users
2020-01-09 - Ako, MedusaReborn
2020-01-09 - Man jailed for using webcam RAT to spy on women in their bedrooms
2020-01-09 - Not so nice after all - Afrodita Ransomware
2020-01-09 - PARISITE
2020-01-09 - PHA Family Highlights- Bread (and Friends)
2020-01-09 - SAIGON, the Mysterious Ursnif Fork
2020-01-09 - ServHelper 2.0- Enriched with bot capabilities and allow remote desktop access
2020-01-09 - Sodinokibi Ransomware Says Travelex Will Pay, One Way or Another
2020-01-09 - TA428 Group abusing recent conflict between Iran and USA
2020-01-09 - Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets
2020-01-09 - What is the Hainan Xiandun Technology Development Company-
2020-01-10 - Sodinokibi Ransomware Hits New York Airport Systems
2020-01-10 - Threat spotlight- Phobos ransomware lives up to its name
2020-01-10 - Who is Mr Gu-
2020-01-11 - Sodinokibi Ransomware Publishes Stolen Data for the First Time
2020-01-12 - Zeus Museum Entry for Unnamed 2
2020-01-13 - APT27 ZxShell RootKit module updates
2020-01-13 - TAFOF Unpacker
2020-01-13 - Who else works for this cover company network-
2020-01-14 - Family Page for FastLoader
2020-01-14 - Inside of CL0P’s ransomware operation
2020-01-14 - Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices
2020-01-14 - Satan ransomware rebrands as 5ss5c ransomware
2020-01-14 - United Nations Targeted With Emotet Malware Phishing Attack
2020-01-14 - Who is Mr Ding-
2020-01-15 - APT-C-36 recent activity analysis
2020-01-15 - Alien Labs 2019 Analysis of Threat Groups Molerats and APT-C-37
2020-01-15 - Analyzing Magecart Malware – From Zero to Hero
2020-01-15 - Deep Dive into the Lyceum Danbot Malware
2020-01-15 - Hainan Xiandun Technology Company is APT40
2020-01-15 - Iranian Threat Actors- Preliminary Analysis
2020-01-15 - MMD-0065-2020 - Linux-Mirai-Fbot's new encryption explained
2020-01-16 - A Curious Case of CVE-2019-19781 Palware- remove_bds
2020-01-16 - APT40 is run by the Hainan department of the Chinese Ministry of State Security
2020-01-16 - FTCODE Ransomware - New Version Includes Stealing Capabilities
2020-01-16 - JhoneRAT- Cloud based python RAT targeting Middle Eastern countries
2020-01-16 - New Outbreak of h2Miner Worms Exploiting Redis RCE Detected
2020-01-16 - Paradise Ransomware decryption tool
2020-01-16 - TrickBot Now Uses a Windows 10 UAC Bypass to Evade Detection
2020-01-17 - 'Friendly' hackers are seemingly fixing the Citrix server hole – and leaving a nasty present behind
2020-01-17 - 404 Exploit Not Found- Vigilante Deploying Mitigation for Citrix NetScaler Vulnerability While Maintaining Backdoor
2020-01-17 - Unpacking Pyrogenic-Qealler using Java agent -Part 0x2
2020-01-18 - New Jersey Synagogue Suffers Sodinokibi Ransomware Attack
2020-01-19 - Analyzing Modern Malware Techniques - Part 1
2020-01-19 - BayWorld event, Cyber Attack Against Foreign Trade Industry
2020-01-19 - VK post on PIRAT RAT
2020-01-20 - Behind the scenes of GandCrab’s operation
2020-01-20 - Dustman APT- Art of Copy-Paste
2020-01-20 - Linux Rekoobe Operating with New, Undetected Malware Samples
2020-01-20 - Ticket resellers infected with a credit card skimmer
2020-01-21 - BitPyLock Ransomware Now Threatens to Publish Stolen Data
2020-01-21 - FTCODE- taking over (a portion of) the botnet
2020-01-21 - Herpaderping- Security Risk or Unintended Behavior-
2020-01-21 - Muhstik Botnet Attacks Tomato Routers to Harvest New IoT Devices
2020-01-21 - sLoad launches version 2.0, Starslord
2020-01-22 - The malware analyst’s guide to PE timestamps
2020-01-22 - WannaMine - Même les cybercriminels veulent avoir leur mot à dire sur le Brexit !
2020-01-23 - German language malspam pushes Ursnif
2020-01-23 - New Snake Ransomware Adds Itself to the Increasing Collection of Golang Crimeware
2020-01-23 - Shlayer, No. 1 Threat for Mac, Targets YouTube, Wikipedia
2020-01-23 - Sodinokibi Ransomware Threatens to Publish Data of Automotive Group
2020-01-23 - Someone is uninstalling the Phorpiex malware from infected PCs and telling users to install an antivirus
2020-01-23 - The DGA of a Monero Miner Downloader
2020-01-23 - The Fractured Statue Campaign- U.S. Government Targeted in Spear-Phishing Attacks
2020-01-23 - The Opposite of Fileless Malware - NodeJS Ransomware
2020-01-23 - TrickBot Now Steals Windows Active Directory Credentials
2020-01-24 - Hunting for Ransomware
2020-01-24 - New Ryuk Info Stealer Targets Government and Military Secrets
2020-01-24 - Project TajMahal IOCs and Registry Data Decrypter
2020-01-25 - Extracted Config for Ragnarok Ransomware
2020-01-25 - Indonesian Magecart hackers arrested
2020-01-25 - Olympic Ticket Reseller Magecart Infection
2020-01-25 - cryptopatronum ransomware
2020-01-27 - Aggah- How to run a botnet without renting a Server (for more than a year)
2020-01-27 - Operation Night Fury- Group-IB helps take down a cybergang behind the infection of hundreds of websites all over the world
2020-01-27 - xHunt Campaign- New Watering Hole Identified for Credential Harvesting
2020-01-28 - Ragnarok Ransomware Targets Citrix ADC, Disables Windows Defender
2020-01-28 - Stopping the Press- New York Times Journalist Targeted by Saudi-linked Pegasus Spyware Operator
2020-01-28 - Tick Group Aiming at Japanese Manufacturing
2020-01-28 - Tracking REvil
2020-01-29 - An Overhead View of the Royal Road
2020-01-29 - DOD contractor suffers ransomware infection
2020-01-29 - Malware Tries to Trump Security Software With POTUS Impeachment
2020-01-30 - Competitions on Russian-language cybercriminal forums- Sharing expertise or threat actor showboating-
2020-01-30 - Coronavirus Goes Cyber With Emotet
2020-01-30 - Cyber attaque à l’encontre des serveurs de Bouygues Construction
2020-01-30 - Emotet Technical Analysis - Part 1 Reveal the Evil Code
2020-01-30 - Fake Interview- The New Activity of Charming Kitten
2020-01-30 - New Iranian Campaign Tailored to US Companies Utilizes an Updated Toolset
2020-01-30 - TheCursedMurderer Ransomware
2020-01-30 - TrickBot Uses a New Windows 10 UAC Bypass to Launch Quietly
2020-01-30 - Trickbot Trojan Leveraging a New Windows 10 UAC Bypass
2020-01-31 - Deutsches Chemieunternehmen gehackt
2020-01-31 - Emutet
2020-01-31 - New wave of PlugX targets Hong Kong
2020-01-31 - RATs in the Library- Remote Access Trojans Hide in Plain -Public- Site
2020-01-31 - Rich Headers- leveraging this mysterious artifact of the PE format
2020-01-31 - Winnti Group targeting universities in Hong Kong
2020-02-01 - 2020 - Year of the RAT
2020-02-01 - FCT Ransomware
2020-02-02 - Agent Tesla amps up information stealing attacks
2020-02-02 - Defeating Sodinokibi-REvil String-Obfuscation in Ghidra
2020-02-03 - Analysis of a triple-encrypted AZORult downloader
2020-02-03 - Dissecting Emotet – Part 1
2020-02-03 - EKANS Ransomware and ICS Operations
2020-02-03 - PassLock Ransomware
2020-02-03 - Warzone- Behind the enemy lines
2020-02-04 - Analyzing Modern Malware Techniques - Part 3- A case of Powershell, Excel 4 Macros and VB6
2020-02-04 - Borr Malware
2020-02-04 - RagnarLocker Ransomware
2020-02-04 - Similarity between Qealler-Pyrogenic variants -Part 0x3
2020-02-05 - Mailto (NetWalker) Ransomware Targets Enterprise Networks
2020-02-05 - Pro-Russian CyberSpy Gamaredon Intensifies Ukrainian Security Targeting
2020-02-05 - STOMP 2 DIS- Brilliance in the (Visual) Basics
2020-02-05 - The Hole in the Bucket- Attackers Abuse Bitbucket to Deliver an Arsenal of Malware
2020-02-06 - 40,000 CryptBot Downloads per Day- Bitbucket Abused as Malware Slinger
2020-02-06 - DNS Tunneling Series, Part 3- The Siren Song of RogueRobin
2020-02-06 - Living off another land- Ransomware borrows vulnerable driver to remove security software
2020-02-06 - Ransomware Exploits GIGABYTE Driver to Kill AV Processes
2020-02-06 - Sfile Ransomware
2020-02-07 - APT 40 in Malaysia
2020-02-07 - Emotet Evolves With New Wi-Fi Spreader
2020-02-07 - Magecart Group 12’s Latest- Actors Behind Attacks on Olympics Ticket Re-sellers Deftly Swapped Domains to Continue Campaign
2020-02-07 - TA505 Hackers Behind Maastricht University Ransomware Attack
2020-02-08 - Emotet Technical Analysis - Part 2 PowerShell Unveiled
2020-02-08 - MA-774.022020- MyCERT Advisory - Espionage Campaign Based On Technical Indicators
2020-02-08 - Reversing the Gophe SPambot- Confronting COM Code and Surmounting STL Snags
2020-02-10 - FBI warns about ongoing attacks against software supply chain companies
2020-02-10 - Hypervisor Introspection Thwarts Web Memory Corruption Attack in the Wild
2020-02-10 - KBOT- sometimes they come back
2020-02-10 - Suspected Sapphire Mushroom (APT-C-12) malicious LNK files
2020-02-11 - Metamorfo (aka Casbaneiro)
2020-02-12 - CSI- Evidence Indicators for Targeted Ransomware Attacks – Part I
2020-02-12 - Goblin Panda APT- Recent infrastructure and RAT analysis
2020-02-12 - Loda RAT Grows Up
2020-02-13 - A Deep Dive Into Wakeup On Lan (WoL) Implementation of Ryuk
2020-02-13 - New Cyber Espionage Campaigns Targeting Palestinians - Part 1- The Spark Campaign
2020-02-13 - New Cyber Espionage Campaigns Targeting Palestinians - Part 2- The Discovery of the New, Mysterious Pierogi Backdoor
2020-02-13 - Playing defense against Gamaredon Group
2020-02-13 - Threat actors attempt to capitalize on coronavirus outbreak
2020-02-13 - Wireshark Tutorial- Examining Qakbot Infections
2020-02-14 - LokiBot- dissecting the C&C panel deployments
2020-02-14 - Malware Analysis Report (AR20-045A)- MAR-10265965-1.v1 - North Korean Trojan- BISTROMATH
2020-02-14 - Malware Analysis Report (AR20-045C)
2020-02-14 - Malware Analysis Report (AR20-045D)- MAR-10271944-1.v1 - North Korean Trojan- HOTCROISSANT
2020-02-14 - Malware Analysis Report (AR20-045E)- MAR-10271944-2.v1 - North Korean Trojan- ARTFULPIE
2020-02-14 - Malware Analysis Report (AR20-045F)- MAR-10271944-3.v1 - North Korean Trojan- BUFFETLINE
2020-02-14 - Malware Analysis Report (AR20-045G)- MAR-10135536-8.v4 - North Korean Trojan- HOPLIGHT
2020-02-14 - Malware Analysis Report (AR20–045B)- MAR-10265965-2.v1 - North Korean Trojan- SLICKSHOES
2020-02-15 - Python Remote Administration Tool (RAT)
2020-02-16 - Hamas Android Malware On IDF Soldiers-This is How it Happened
2020-02-17 - CLAMBLING - A New Backdoor Base On Dropbox
2020-02-17 - Cyberwarfare- A deep dive into the latest Gamaredon Espionage Campaign
2020-02-17 - Following the tracks of MageCart 12
2020-02-17 - Gibberish Ransomware
2020-02-18 - Building a bypass with MSBuild
2020-02-18 - Hidden in PEB Sight- Hiding Windows API Imports With a Custom Loader
2020-02-18 - Nearly a quarter of malware now communicates using TLS
2020-02-18 - Nemty Ransomware Scaling UP- APAC Mailboxes Swarmed by Dual Downloaders
2020-02-18 - Tracking ‘Kimsuky’, the North Korea-based cyber espionage group- Part 1
2020-02-18 - Uncovering DRBControl- Inside the Cyberespionage Campaign Targeting Gambling Operations
2020-02-18 - What’s up Emotet-
2020-02-19 - Azorult – what we see using our own tools
2020-02-19 - Uncovering New Magecart Implant Attacking eCommerce
2020-02-19 - Uncovering the Anonymity Cloak
2020-02-20 - Analysis of an Unusual HawkEye Sample
2020-02-20 - CSI- Evidence Indicators for Targeted Ransomware Attacks – Part II
2020-02-20 - Croatia's largest petrol station chain impacted by cyber-attack
2020-02-20 - ObliqueRAT- New RAT hits victims' endpoints via malicious documents
2020-02-20 - UK condemns Russia's GRU over Georgia cyber-attacks
2020-02-20 - 日本国内の組織を狙ったマルウエアLODEINFO
2020-02-21 - Exploring the Genesis Supply Chain for Fun and Profit- Part 1 – Misadventures in GUIDology
2020-02-21 - Transparent Tribe- Four Years Later
2020-02-22 - Nexus - Just another stealer
2020-02-22 - Weaponizing a Lazarus Group Implant- repurposing a 1st-stage loader, to execute custom 'fileless' payloads
2020-02-24 - Closing in on MageCart 12
2020-02-24 - MMD-0066-2020 - Linux-Mirai-Fbot - A re-emerged IoT threat
2020-02-25 - BlackKingdom Ransomware
2020-02-25 - DPRK Hidden Cobra Update- North Korean Malicious Cyber Activity
2020-02-25 - DoppelPaymer Ransomware Launches Site to Post Victim's Data
2020-02-25 - Mobile malware evolution 2019
2020-02-26 - (Ab)using bash-fu to analyze recent Aggah sample
2020-02-26 - Business as Usual For Iranian Operations Despite Increased Tensions
2020-02-26 - Lazarus group's Brambul worm of the former Wannacry - 1
2020-02-26 - Lazarus group's Brambul worm of the former Wannacry - 2
2020-02-26 - Revealing the Trick - A Deep Dive into TrickLoader Obfuscation
2020-02-26 - Sodinokibi Ransomware May Tip NASDAQ on Attacks to Hurt Stock Prices
2020-02-26 - What’s Dead May Never Die- AZORult Infostealer Decommissioned Again
2020-02-27 - Let’s Learn- Inside Parallax RAT Malware- Process Hollowing Injection & Process Doppelgänging API Mix- Part I
2020-02-27 - Malware “LODEINFO” Targeting Japan
2020-02-27 - Roaming Mantis, part V- Distributed in 2019 using SMiShing and enhanced anti-researcher techniques
2020-02-28 - Golang wrapper on an old obscene malware
2020-02-28 - Mysterious spam campaign- A security analysis
2020-02-28 - Trickbot Delivery Method Gets a New Upgrade Focusing on Windows 10
2020-02-29 - Meet the white-hat group fighting Emotet, the world's most dangerous malware
2020-02-29 - Sodinokibi Ransomware gang threatens to disclose data from Kenneth Cole fashion firm
2020-03-01 - BackDoor.Spyder.1
2020-03-01 - CryptoDarkRubix Ransomware
2020-03-02 - Karkoff 2020- a new APT34 espionage operation involves Lebanon Government
2020-03-02 - New PwndLocker Ransomware Targeting U.S. Cities, Enterprises
2020-03-02 - Pažnja- Novi opasni ransomware pwndLocker i u Srbiji!
2020-03-02 - Pulling the PKPLUG- the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary
2020-03-02 - Visser, a parts manufacturer for Tesla and SpaceX, confirms data breach
2020-03-02 - Was Emotet anrichtet – und welche Lehren die Opfer daraus ziehen
2020-03-03 - GitHub Repository- winnti-sniff
2020-03-03 - Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations
2020-03-03 - Ransomware Attackers Use Your Cloud Backups Against You
2020-03-04 - Breaking TA505’s Crypter with an SMT Solver
2020-03-04 - Cobalt Strike joins Core Impact at HelpSystems, LLC
2020-03-04 - Ryuk Ransomware Attacked Epiq Global Via TrickBot Infection
2020-03-05 - Bisonal- 10 years of play
2020-03-05 - Defense contractor CPI knocked offline by ransomware attack
2020-03-05 - ELF_TSCookie - Linux Malware Used by BlackTech
2020-03-05 - GuLoader- A Popular New VB6 Downloader that Abuses Cloud Services
2020-03-05 - Guildma- The Devil drives electric
2020-03-05 - Human-operated ransomware attacks- A preventable disaster
2020-03-05 - Mokes and Buerak distributed under the guise of security certificates
2020-03-05 - [RE011] Unpack crypter của malware Netwire bằng x64dbg
2020-03-05 - 신천지 비상연락처 위장한 Bisonal 악성코드 유포 중
2020-03-06 - Dissecting Emotet - Part 2
2020-03-06 - Emotet Wi-Fi Spreader Upgraded
2020-03-07 - JavaLocker Ransomware
2020-03-07 - Ransomware Threatens to Reveal Company's 'Dirty' Secrets
2020-03-09 - New Variant of TrickBot Being Spread by Word Document
2020-03-09 - Tracking ‘Kimsuky’, the North Korea-based cyber espionage group- Part 1
2020-03-09 - Tracking ‘Kimsuky’, the North Korea-based cyber espionage group- Part 2
2020-03-09 - py.unidentified_002
2020-03-09 - py.unidentified_003
2020-03-10 - APT40 goes from Template Injections to OLE-Linkings for payload delivery
2020-03-10 - IQY files and Paradise Ransomware
2020-03-10 - Kimsuky group- tracking the king of the spear phishing
2020-03-10 - New action to disrupt world’s largest online criminal network
2020-03-10 - [RE012] Phân tích mã độc lợi dụng dịch Covid-19 để phát tán giả mạo “Chỉ thị của thủ tướng Nguyễn Xuân Phúc” - Phần 1
2020-03-11 - Attribution is in the object- using RTF object dimensions to track APT phishing weaponizers
2020-03-11 - CoronaVirus Ransomware
2020-03-11 - RHOMBUS an ELF bot installer-dropper
2020-03-12 - Adamantium-Thief
2020-03-12 - How cybercriminals are taking advantage of COVID-19- Scams, fraud, and misinformation
2020-03-12 - Targeted Surveillance Attacks in Uzbekistan- An Old Threat with New Techniques
2020-03-12 - Teslarvng Ransomware Yakuza Ransomware
2020-03-12 - Tracking Turla- New backdoor delivered via Armenian watering holes
2020-03-12 - Vicious Panda- The COVID Campaign
2020-03-13 - Yet Another Active Email Campaign With Malicious Excel Files Identified
2020-03-14 - Nefilim Ransomware
2020-03-14 - RekenSom Ransomware
2020-03-15 - Dad! There’s A Rat In Here!
2020-03-15 - Has The Sun Set On The Necurs Botnet-
2020-03-16 - New RedLine Stealer Distributed Using Coronavirus-themed Email Campaign
2020-03-16 - Shadows in the Rain
2020-03-16 - TA505 and Others Launch New Coronavirus Campaigns; Now the Largest Collection of Attack Types in Years
2020-03-16 - They Come in the Night- Ransomware Deployment Trends
2020-03-17 - New Nefilim Ransomware Threatens to Release Victims' Data
2020-03-17 - ProLock Ransomware
2020-03-18 - Coronavirus Threat Landscape Update
2020-03-18 - Parallax- The new RAT on the block
2020-03-18 - Rapport Menaces et Incidents du CERT-FR- Attaques par le rançongiciel Mespinoza-Pysa
2020-03-18 - Sekhmet Ransomware
2020-03-18 - Why would you even bother-! - JavaLocker
2020-03-19 - France warns of new ransomware gang targeting local governments
2020-03-19 - Is APT 27 Abusing COVID-19 To Attack People -!
2020-03-19 - New Android App Offers Coronavirus Safety Mask But Delivers SMS Trojan
2020-03-19 - Phân tích mã độc lợi dụng dịch Covid-19 để phát tán giả mạo “Chỉ thị của thủ tướng Nguyễn Xuân Phúc” - Phần 2
2020-03-19 - RedLine Info-Stealing Malware Spread by [email protected] Phishing
2020-03-19 - Stantinko’s new cryptominer features unique obfuscation techniques
2020-03-20 - 5 Times More Coronavirus-themed Malware Reports during March
2020-03-20 - Analysis Of Exploitation- CVE-2020-10189 ( exploited by APT41)
2020-03-20 - Jamba Superdeal- Helo Sir, you want to buy mask- - Corona Safety Mask SMS Scam
2020-03-20 - New version of chinoxy backdoor using COVID19 alerts document lure
2020-03-20 - The Case for Limiting Your Browser Extensions
2020-03-21 - Netwalker Ransomware Infecting Users via Coronavirus Phishing
2020-03-21 - On the Royal Road
2020-03-22 - Mustang Panda joins the COVID-19 bandwagon
2020-03-23 - Exclusive- Elite hackers target WHO as coronavirus cyberattacks spike
2020-03-23 - Fake “Corona Antivirus” distributes BlackNET remote administration tool
2020-03-23 - Fin7 APT- how billion dollar crime ring remains active after leaders’ arrest
2020-03-23 - Icnanker, a Linux Trojan-Downloader Protected by SHC
2020-03-23 - KPOT Deployed via AutoIt Script
2020-03-23 - Latest Astaroth living-off-the-land attacks are even more invisible but not less observable
2020-03-23 - Nefilim Ransomware Threatens to Expose Stolen Data
2020-03-23 - Snake Ransomware Analysis Updates
2020-03-24 - A new technique to analyze FormBook malware infections
2020-03-24 - Exchange Exploit Case Study – CVE-2020-0688
2020-03-24 - KEKW Ransomware KEKW-Locker Ransomware
2020-03-24 - Operation Poisoned News- Hong Kong Users Targeted With Mobile Malware via Local News Links
2020-03-24 - People infected with coronavirus are all around you, says Ginp Trojan
2020-03-24 - Three More Ransomware Families Create Sites to Leak Stolen Data
2020-03-24 - WildPressure targets industrial-related entities in the Middle East
2020-03-25 - How the Iranian Cyber Security Agency Detects Emissary Panda Malware
2020-03-25 - New Router DNS Hijacking Attacks Abuse Bitbucket to Host Infostealer
2020-03-25 - This Is Not a Test- APT41 Initiates Global Intrusion Campaign Using Multiple Exploits
2020-03-25 - Unpacking the Kwampirs RAT
2020-03-26 - Android Apps and Malware Capitalize on Coronavirus
2020-03-26 - Azorult loader stages
2020-03-26 - Cyber insurer Chubb had data stolen in Maze ransomware attack
2020-03-26 - Discover Malware Android
2020-03-26 - Ransomware Maze
2020-03-26 - TA505's Box of Chocolate - On Hidden Gems packed with the TA505 Packer
2020-03-26 - Would You Exchange Your Security for a Gift Card-
2020-03-26 - iOS exploit chain deploys LightSpy feature-rich malware
2020-03-27 - Booz Allen analyzed 200+ Russian hacking operations to better understand their tactics
2020-03-27 - The First Stage of ShadowHammer
2020-03-28 - In-depth analysis of a Cerberus trojan variant
2020-03-30 - A New Look at Old Dragonfly Malware (Goodor)
2020-03-30 - An old enemy – Diving into QBot part 1
2020-03-30 - Banking Malware Spreading via COVID-19 Relief Payment Phishing
2020-03-30 - Fantastic payloads and where we find them
2020-03-30 - The 'Spy Cloud' Operation Geumseong121 group carries out the APT attack disguising the evidence of North Korean defection
2020-03-30 - Zeus Sphinx Trojan Awakens Amidst Coronavirus Spam Frenzy
2020-03-31 - An In-depth Look at MailTo Ransomware, Part One of Three
2020-03-31 - FBI re-sends alert about supply chain attacks for the third time in three months
2020-03-31 - Holy water- ongoing targeted water-holing attack in Asia
2020-03-31 - Infected Zoom Apps for Android Target Work-From-Home Users
2020-03-31 - It’s Your Money and They Want It Now - The Cycle of Adversary Pursuit
2020-03-31 - LokiBot- Getting Equation Editor Shellcode
2020-03-31 - Storm Cloud Unleashed- Tibetan Focus of Highly Targeted Fake Flash Campaign
2020-03-31 - Trickbot- A primer
2020-03-31 - Viasat Hit with Russia’s Wiper Malware called ‘AcidRain,’ Affecting European Services
2020-03-31 - WannaRen Ransomware
2020-04-01 - Jeno Ransomware
2020-04-01 - Navigating Cybersecurity During a Pandemic- Latest Malware and Threat Actors
2020-04-01 - REvil Ransomware-as-a-Service An analysis of a ransomware affiliate operation
2020-04-01 - THE VOLLGAR CAMPAIGN- MS-SQL SERVERS UNDER ATTACK
2020-04-02 - AZORult brings friends to the party
2020-04-02 - Catching APT41 exploiting a zero-day vulnerability
2020-04-02 - CoViper locking down computers during lockdown
2020-04-02 - GuLoader- The RAT Downloader
2020-04-02 - Nemty Ransomware – Learning by Doing
2020-04-02 - Pekraut - German RAT starts gnawing
2020-04-03 - GuLoader- Malspam Campaign Installing NetWire RAT
2020-04-03 - Kinsing Malware Attacks Targeting Container Environments
2020-04-03 - Microsoft- Emotet Took Down a Network by Overheating All Computers
2020-04-04 - Nanocore & CypherIT
2020-04-05 - Trojan Agent Tesla – Malware Analysis
2020-04-06 - McAfee Insights- Vicious Panda- The COVID Campaign
2020-04-07 - 2020-04-06 Qealler RAT Malspam
2020-04-07 - Decade of the RATS- Cross-Platform APT Espionage Attacks Targeting Linux, Windows and Android
2020-04-07 - ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework
2020-04-07 - Thinking Outside the Bochs- Code Grafting to Unpack Malware in Emulation
2020-04-07 - Unkillable xHelper and a Trojan matryoshka
2020-04-08 - An In-depth Look at MailTo Ransomware, Part Two of Three
2020-04-08 - DDG botnet, round X, is there an ending-
2020-04-08 - Deep Dive Into TrickBot Executor Module “mexec”- Hidden “Anchor” Bot Nexus Operations
2020-04-08 - Donot team organization (APT-C-35) mobile terminal attack activity analysis
2020-04-08 - How Cyber Adversaries are Adapting to Exploit the Global Pandemic
2020-04-08 - Ransomware NetWalker- análisis y medidas preventivas
2020-04-09 - Malware analysis (Emergency inquiry for Coronavirus response in Jeollanam-do.hwp)
2020-04-09 - SDBbot Unpacker
2020-04-09 - Travelex paid hackers $2.3 million worth of Bitcoin after ransomware attack
2020-04-09 - TrickBot Emerges with a Few New Tricks
2020-04-10 - An In-depth Look at MailTo Ransomware, Part Three of Three
2020-04-10 - Threat Actors Migrating to the Cloud
2020-04-10 - Void Ransomware
2020-04-11 - Sodinokibi Ransomware to stop taking Bitcoin to hide money trail
2020-04-12 - Dynamic analysis technique to get decrypted KPOT Malware
2020-04-13 - APT41 Using New Speculoos Backdoor to Target Organizations Globally
2020-04-13 - GuLoader delivers RATs and Spies in Disguise
2020-04-13 - How Analysing an AgentTesla Could Lead To Attackers Inbox - Part I
2020-04-13 - New Mozi Malware Family Quietly Amasses IoT Bots
2020-04-13 - The Blame Game - About False Flags and overwritten MBRs
2020-04-13 - Threat Spotlight- Gootkit Banking Trojan
2020-04-14 - Deobfuscating and hunting for OSTAP, Trickbot’s dropper and best friend
2020-04-14 - Emotet JavaScript downloader
2020-04-14 - Malicious Attackers Target Government and Medical Organizations With COVID-19 Themed Phishing Campaigns
2020-04-14 - RagnarLocker ransomware hits EDP energy giant, asks for €10M
2020-04-14 - TA505 Continues to Infect Networks With SDBbot RAT
2020-04-14 - Understanding the relationship between Emotet Ryuk and TrickBot
2020-04-15 - Hackers are again attacking Portuguese banking organizations via Android Trojan-Banker
2020-04-15 - How Analysing an AgentTesla Could Lead To Attackers Inbox - Part II
2020-04-15 - Multistage FreeDom loader used in Aggah Campaign to spread Nanocore and AZORult
2020-04-15 - Nation-state Mobile Malware Targets Syrians with COVID-19 Lures
2020-04-15 - 中國駭客 HUAPI 的惡意後門程式 BiFrost 分析
2020-04-16 - New AgentTesla variant steals WiFi credentials
2020-04-16 - PoetRAT- Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors
2020-04-16 - Taiwan High-Tech Ecosystem Targeted by Foreign APT Group- Digital Skeleton Key Bypasses Security Measures
2020-04-18 - IT services giant Cognizant suffers Maze Ransomware cyber attack
2020-04-19 - Reversing Ryuk- A Technical Analysis of Ryuk Ransomware
2020-04-19 - Sadogo Ransomware
2020-04-20 - WINNTI GROUP- Insights From the Past
2020-04-21 - Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant
2020-04-22 - Gomorrah stealer (.NET binary)
2020-04-22 - Nazar- A Lost Amulet
2020-04-22 - Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage
2020-04-23 - A look at the ATM-PoS malware landscape from 2017-2019
2020-04-23 - ESET researchers disrupt cryptomining botnet VictoryGate
2020-04-23 - Quick look at Nazar backdoor - Capabilities
2020-04-23 - Threat Actors Repurpose Hupigon in Adult Dating Attacks Targeting US Universities
2020-04-23 - Threat Spotlight- MedusaLocker
2020-04-24 - Inside -Phobos- Ransomware- -Dharma- Past & Underground
2020-04-24 - LockBit ransomware IoCs
2020-04-24 - LockBit ransomware borrows tricks to keep up with REvil and Maze
2020-04-24 - TrickBot -BazarBackdoor- Process Hollowing Injection Primer
2020-04-24 - Ursnif via LOLbins
2020-04-26 - 35 mil computadores foram infectados na América Latina por malware que minerava Monero
2020-04-26 - The DGA of Zloader
2020-04-26 - goCryptoLocker
2020-04-26 - use Ghidra to Decrypt Strings of KPOTstealer Malware
2020-04-27 - Group Behind TrickBot Spreads Fileless BazarBackdoor
2020-04-27 - Master of RATs - How to create your own Tracker
2020-04-27 - Quick look at Nazar's backdoor - Network Communication
2020-04-27 - Shade (Troldesh) ransomware shuts down and releases decryption keys
2020-04-27 - The LeetHozer botnet
2020-04-28 - Grandoreiro- How engorged can an EXE get-
2020-04-28 - Hiding in plain sight- PhantomLance walks into a market
2020-04-28 - IcedID PhotoLoader evolution
2020-04-28 - Loki Info Stealer Propagates through LZH Files
2020-04-28 - Outlaw is Back, a New Crypto-Botnet Targets European Organizations
2020-04-28 - Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk
2020-04-29 - Compromised Wordpress sites used to distribute Adwind RAT
2020-04-29 - Gazorp - Thieving from thieves
2020-04-29 - More IOCs related to PhantomLance
2020-04-30 - Anomali Suspects that China-Backed APT Pirate Panda May Be Seeking Access to Vietnam Government Data Center
2020-04-30 - EVENTBOT- A NEW MOBILE BANKING TROJAN IS BORN
2020-04-30 - Lazarus APT organization uses information such as recruitment of a Western aviation giant to analyze targeted attack incidents in specific countries
2020-05-01 - The Many Paths Through Maze
2020-05-02 - Shade - Troldesh Ransomware decryption tool
2020-05-04 - ATM malware targets Wincor and Diebold ATMs
2020-05-04 - Android SLocker Variant Uses Coronavirus Scare to Take Android Hostage
2020-05-04 - Changes in REvil ransomware version 2.2
2020-05-04 - Escape from the Maze
2020-05-04 - Kaiji- New Chinese Linux malware turning to Golang
2020-05-04 - Meet NEMTY Successor, Nefilim-Nephilim Ransomware
2020-05-05 - An old enemy – Diving into QBot part 3
2020-05-05 - Awaiting the Inevitable Return of Emotet
2020-05-05 - Bärenjagd
2020-05-05 - Deep Analysis of Ryuk Ransomware
2020-05-05 - GuLoader AntiVM Techniques
2020-05-05 - Kaiji – a new strain of IoT malware seizing control and launching DDoS attacks
2020-05-05 - Kupidon Ransomware
2020-05-05 - Nazar- Spirits of the Past
2020-05-05 - Operation Flash Cobra
2020-05-05 - The Dacls RAT ...now on macOS! deconstructing the mac variant of a lazarus group implant
2020-05-05 - Tinker Telco Soldier Spy
2020-05-05 - Who Is Dmitry Badin, The GRU Hacker Indicted By Germany Over The Bundestag Hacks-
2020-05-06 - 039- Deconstructing the Dukes- A Researcher’s Retrospective of APT29
2020-05-06 - Brazilian trojan banker is targeting Portuguese users using browser overlay
2020-05-06 - Europe’s Largest Private Hospital Operator Fresenius Hit by Ransomware
2020-05-06 - New Cyber Operation Targets Italy- Digging Into the Netwire Attack Chain
2020-05-06 - New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app
2020-05-06 - Shadows with a chance of BlackNix
2020-05-07 - Detecting COR_PROFILER manipulation for persistence
2020-05-07 - GoGoogle Decryption Tool
2020-05-07 - Introducing Blue Mockingbird
2020-05-07 - Naikon APT- Cyber Espionage Reloaded
2020-05-07 - Navigating the MAZE- Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents
2020-05-07 - Ruhr-Universität Bochum meldet Computerangriff
2020-05-07 - Sodinokibi - REvil ransomware
2020-05-07 - The North Korean AV Anthology- a unique look on DPRK’s Anti-Virus market
2020-05-07 - Ursnif beacon decryptor
2020-05-07 - We Chat, They Watch- How International Users Unwittingly Build up WeChat’s Chinese Censorship Apparatus
2020-05-08 - Inception
2020-05-08 - Naikon’s Aria
2020-05-09 - ClodCore- A malware family that delivers mining modules through cloud control
2020-05-09 - Turkey targeted by Cerberus and Anubis Android banking Trojan campaigns
2020-05-10 - The Duties Beyond Assisting the Public- Darknet Threats Against Canadian Health & Support Organizations
2020-05-11 - Astaroth - Maze of obfuscation and evasion reveals dark stealer
2020-05-11 - New MacOS Dacls RAT Backdoor Show Lazarus’ Multi-Platform Attack Capability
2020-05-11 - New MacOS Dacls RAT Backdoor Shows Lazarus’ Multi-Platform Attack Capability
2020-05-11 - ProLock malware analysis
2020-05-11 - Ransomware Hit ATM Giant Diebold Nixdorf
2020-05-11 - Targeted Attacks on Indian Government and Financial Institutions Using the JsOutProx RAT
2020-05-11 - The Anatomy of an APT Attack and CobaltStrike Beacon’s Encoded Configuration
2020-05-11 - Trojan Lampion is back after 3 months
2020-05-11 - Updated BackConfig Malware Targeting Government and Military Organizations in South Asia
2020-05-11 - Zeus Sphinx Back in Business- Some Core Modifications Arise
2020-05-12 - Analyzing Dark Crystal RAT, a C# backdoor
2020-05-12 - Evading Detection with Excel 4.0 Macros and the BIFF8 XLS Format
2020-05-12 - Java RAT Campaign Targets Co-Operative Banks in India
2020-05-12 - MAR-10288834-1.v1 – North Korean Remote Access Tool- COPPERHEDGE
2020-05-12 - MAR-10288834-2.v1 – North Korean Trojan- TAINTEDSCRIBE
2020-05-12 - MAR-10288834-3.v1 – North Korean Trojan- PEBBLEDASH
2020-05-12 - Maze ransomware- extorting victims for 1 year and counting
2020-05-12 - Tropic Trooper’s Back- USBferry Attack Targets Air-gapped Environments
2020-05-13 - Access-as-a-Service – Remote Access Markets in the Cybercrime Underground
2020-05-13 - Global Ransomware and Cyberattacks on Healthcare Spike during Pandemic
2020-05-13 - Malware Analysis Spotlight- Rhino Ransomware
2020-05-13 - Ramsay- A cyber‑espionage toolkit tailored for air‑gapped networks
2020-05-14 - APT Group Planted Backdoors Targeting High Profile Networks in Central Asia
2020-05-14 - ATT&CKing ProLock Ransomware
2020-05-14 - COMpfun authors spoof visa application with HTTP status-based Trojan
2020-05-14 - Deep Dive Into TrickBot Executor Module “mexec”- Reversing the Dropper Variant
2020-05-14 - LOLSnif – Tracking Another Ursnif-Based Targeted Campaign
2020-05-14 - Mikroceen- Spying backdoor leveraged in high‑profile networks in Central Asia
2020-05-14 - Mirai and Hoaxcalls Botnets Target Legacy Symantec Web Gateways
2020-05-14 - Netwalker Ransomware- [API Call Obfuscation (using Structure) and Evading Memory Forensic]
2020-05-14 - QNodeService- Node.js Trojan Spread via Covid-19 Lure
2020-05-14 - RATicate- an attacker’s waves of information-stealing malware
2020-05-14 - The energy reserves in the Eastern Mediterranean Sea and a malicious campaign of APT10 against Turkey
2020-05-14 - Vendetta - new threat actor from Europe
2020-05-15 - A Guide to macOS Threat Hunting and Incident Response
2020-05-15 - DBatLoader
2020-05-15 - In depth analysis of Lazarus validator
2020-05-16 - High Performance Hackers
2020-05-17 - CrowdStrike Falcon Detects Kernel Attacks Exploiting Vulnerable Dell Driver (CVE-2021-21551)
2020-05-18 - DarkSide Goes Dark- How CrowdStrike Falcon Customers Were Protected
2020-05-18 - Eleethub- A Cryptocurrency Mining Botnet with Rootkit for Self-Hiding
2020-05-18 - FBI- ProLock ransomware gains access to victim networks via Qakbot infections
2020-05-18 - Looking Back at LiteDuke
2020-05-18 - Microcin Decryptor
2020-05-18 - Netwalker Fileless Ransomware Injected via Reflective Loading
2020-05-18 - Ransomware Gang Arrested for Spreading Locky to Hospitals
2020-05-19 - Information Stealer Campaign Targeting German HR Contacts
2020-05-19 - NetWalker Ransomware Group Enters Advanced Targeting “Game”
2020-05-19 - Netwalker Ransomware - From Static Reverse Engineering to Automatic Extraction
2020-05-19 - Sophisticated Espionage Group Turns Attention to Telecom Providers in South Asia
2020-05-19 - The wolf is back...
2020-05-19 - TrickBot BazarLoader In-Depth
2020-05-20 - GhostDNS Source Code Leaked
2020-05-20 - Operation TA505- how we analyzed new tools from the creators of the Dridex trojan, Locky ransomware, and Neutrino botnet
2020-05-20 - The Gocgle Malicious Campaign
2020-05-20 - Unloading the GuLoader
2020-05-20 - What happened between the BigBadWolf and the Tiger-
2020-05-20 - Why On-Device Detection Matters- New Ramsay Trojan Targets Air-Gapped Networks
2020-05-20 - ZLoader Loads Again- New ZLoader Variant Returns
2020-05-21 - A brief history of TA505
2020-05-21 - Asnarök attackers twice modified attack midstream
2020-05-21 - Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers
2020-05-21 - Blox Tales #6- Subpoena-Themed Phishing With CAPTCHA Redirect
2020-05-21 - Navigating MAZE- Analysis of a Rising Ransomware Threat
2020-05-21 - No “Game over” for the Winnti Group
2020-05-21 - Ragnar Locker ransomware deploys virtual machine to dodge security
2020-05-21 - T1055 Process Injection
2020-05-21 - The Evolution of APT15’s Codebase 2020
2020-05-22 - Analysis of Ramsay components of Darkhotel's infiltration and isolation network
2020-05-22 - Cyber-Criminal espionage Operation insists on Italian Manufacturing
2020-05-22 - Insidious Android malware gives up all malicious features but one to gain stealth
2020-05-22 - Operation TA505- investigating the ServHelper backdoor with NetSupport RAT. Part 2.
2020-05-22 - ThreatConnect Research Roundup- Possible APT33 Infrastructure
2020-05-23 - AgentTesla Delivered via a Malicious PowerPoint Add-In
2020-05-24 - Examining Smokeloader’s Anti Hooking technique
2020-05-24 - Operation TA505- network infrastructure. Part 3.
2020-05-24 - Reverse Engineering the Mustang Panda PlugX Loader
2020-05-24 - Using AI to Detect Malicious C2 Traffic
2020-05-24 - Zloader String Obfuscation
2020-05-25 - Hangul malware distributed in real estate investment related emails (using EPS)
2020-05-26 - A former DarkSide listing shows up on REvil’s leak site
2020-05-26 - ACIDBOX Clustering
2020-05-26 - Alert (AA21-116A)- Russian Foreign Intelligence Service (SVR) Cyber Operations- Trends and Best Practices for Network Defenders
2020-05-26 - Falcon Complete Disrupts Malvertising Campaign Targeting AnyDesk
2020-05-26 - From Agent.BTZ to ComRAT v4- A ten‑year journey
2020-05-26 - Know Your Enemy- Exploiting the Dell BIOS Driver Vulnerability to Defend Against It
2020-05-26 - New [F]Unicorn ransomware hits Italy via fake COVID-19 infection map
2020-05-26 - The EU’s Response to SolarWinds
2020-05-26 - The updated Grandoreiro Malware equipped with latenbot-C2 features in Q2 2020 now extended to Portuguese banks
2020-05-26 - Weaponized Disk Image Files- Analysis, Trends and Remediation
2020-05-27 - Detecting Rclone – An Effective Tool for Exfiltration
2020-05-27 - Netwalker ransomware tools give insight into threat actor
2020-05-28 - Analysis of recent rattlesnake APT attacks against surrounding countries and regions
2020-05-28 - Berlin seeks sanctions against Russian hackers over Bundestag cyberattack
2020-05-28 - CSA Sandworm Actors Exploiting Vulnerability in Exim Transfer Agent
2020-05-28 - DarkSide Pipeline Attack Shakes Up the Ransomware-as-a-Service Landscape
2020-05-28 - German intelligence agencies warn of Russian hacking threats to critical infrastructure
2020-05-28 - Goodbye Mworm, Hello Nworm- TrickBot Updates Propagation Module
2020-05-28 - Israeli official confirms attempted cyberattack on water systems
2020-05-28 - Michigan State University network breached in ransomware attack
2020-05-28 - Microsoft IIS servers hacked by Blue Mockingbird to mine Monero
2020-05-28 - NSA- Russia's Sandworm Hackers Have Hijacked Mail Servers
2020-05-28 - Russische Bären unter Hackerverdacht
2020-05-28 - Self-described “king of fraud” is convicted for role in Methbot scam
2020-05-28 - Silos of Excellence
2020-05-28 - Suspected Naikon DGA Domains
2020-05-28 - SysInTURLA
2020-05-28 - The Masked SYNger- Investigating a Traffic Phenomenon
2020-05-28 - The Octopus Scanner Malware- Attacking the open source supply chain
2020-05-28 - The zero-day exploits of Operation WizardOpium
2020-05-28 - Valak- More than Meets the Eye
2020-05-29 - Phishers Cast a Wider Net in the African Banking Sector
2020-05-29 - Secret Chats Show How Cybergang Became a Ransomware Powerhouse
2020-05-29 - ShellReset RAT Spread Through Macro-Based Documents Using AppLocker Bypass
2020-05-30 - Exposing the UAE’s Underground Digital Dangers- The Attack Surface of One of the Most Digitally Advanced Countries in the Arab World
2020-05-31 - Guildma is now using Finger and Signed Binary Proxy Execution to evade defenses
2020-05-31 - Hacker Lexicon- What Is a Supply Chain Attack-
2020-05-31 - IT threat evolution Q1 2021
2020-05-31 - Ransomware Avaddon- principales características
2020-05-31 - Revisiting the NSIS-based crypter
2020-05-31 - Russian hacker Pavel Sitnikov arrested for sharing malware source code
2020-05-31 - String Obfuscation in the Hamweq IRC-bot
2020-05-31 - WastedLoader or DridexLoader-
2020-06-01 - In-depth analysis of a trojan banker impacting Portugal and Brazil
2020-06-02 - Evolution of Excel 4.0 Macro Weaponization
2020-06-02 - Hunting Malicious Macros
2020-06-02 - In-depth analysis of the new Team9 malware family
2020-06-02 - Mustang Panda Recent Activity- Dll-Sideloading trojans with temporal C2 servers
2020-06-02 - PebbleDash - Lazarus - HiddenCobra RAT
2020-06-02 - REvil ransomware gang launches auction site to sell stolen data
2020-06-02 - Ursnif-Gozi Delivery - Excel Macro 4.0 Utilization Uptick & OCR Bypass
2020-06-03 - Cycldek- Bridging the (air) gap
2020-06-03 - New LNK attack tied to Higaisa APT discovered
2020-06-03 - Ransomware gang says it breached one of NASA's IT contractors
2020-06-03 - The WizardOpium LPE- Exploiting CVE-2019-1458
2020-06-03 - Threat Assessment- Hangover Threat Group
2020-06-04 - COVID-19 and New Year greetings- an investigation into the tools and methods used by the Higaisa group
2020-06-04 - Nuclear missile contractor hacked in Maze ransomware attack
2020-06-04 - Threat Spotlight- Tycoon Ransomware Targets Education and Software Sectors
2020-06-05 - Anatomy of a Well-Crafted UPS, FedEx, and DHL Phishing Email During COVID-19
2020-06-05 - Avaddon- From seeking affiliates to in-the-wild in 2 days
2020-06-05 - Evasion Tactics in Hybrid Credit Card Skimmers
2020-06-05 - New Campaign Abusing StackBlitz Tool to Host Phishing Pages
2020-06-05 - New Tekya Ad Fraud Found on Google Play
2020-06-05 - Retread Ransomware- Identifying Satana to Understand -CoronaVirus-
2020-06-05 - The Gh0st Remains the Same
2020-06-07 - Dealing with Obfuscated Macros Statically - NanoCore
2020-06-08 - A Guide to macOS Threat Hunting and Incident Response
2020-06-08 - Analysis of Valak Maldoc
2020-06-08 - Dark Nexus- the old, the new and the ugly
2020-06-08 - German Task Force for COVID-19 Medical Equipment Targeted in Ongoing Phishing Campaign
2020-06-08 - GuLoader- No, CloudEyE.
2020-06-08 - Honda investigates possible ransomware attack, networks impacted
2020-06-08 - New Avaddon Ransomware launches in massive smiley spam campaign
2020-06-08 - TA410- The Group Behind LookBack Attacks Against U.S. Utilities Sector Returns with New Malware
2020-06-08 - The A1 Telekom Austria Hack
2020-06-08 - eCh0raix Ransomware
2020-06-09 - CobaltStrikeParser
2020-06-09 - Dark Basin Indicators of Compromise
2020-06-09 - Dark Basin Uncovering a Massive Hack-For-Hire Operation
2020-06-09 - Honda and Enel impacted by cyber attack suspected to be ransomware
2020-06-09 - Kingminer escalates attack complexity for cryptomining
2020-06-09 - Looking at Big Threats Using Code Similarity. Part 1
2020-06-09 - Misconfigured Amazon S3 Buckets Continue to be a Launchpad for Malicious Code
2020-06-09 - RagnarLocker Ransomware Threatens to Release Confidential Information
2020-06-09 - Recent FK_Undead rootkit samples found in the wild
2020-06-09 - Valak Malware and the Connection to Gozi Loader ConfCrew
2020-06-09 - Web shell threat hunting with Azure Sentinel and Microsoft Threat Protection
2020-06-10 - FRat Reporting, YARA, and IoCs
2020-06-10 - FlowCloud Version 4.1.3 Malware Analysis
2020-06-10 - Harmful Logging - Diving into MassLogger
2020-06-10 - MassLogger - Frankenstein's Creation
2020-06-10 - Misconfigured Kubeflow workloads are a security risk
2020-06-10 - Unpacking Smokeloader and Reconstructing PE Programatically using LIEF
2020-06-11 - #ThreatThursday - Buhtrap
2020-06-11 - API Hashing in the Zloader malware
2020-06-11 - All You Need Is Text- Second Wave
2020-06-11 - Gamaredon group grows its game
2020-06-11 - New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa
2020-06-11 - Phishing Attacks from Earth Empusa Reveal ActionSpy
2020-06-11 - Qbot Banking Trojan Still Up to Its Old Tricks
2020-06-11 - SNOWSTORM- Hacker-for-hire and physical surveillance targeted financial analyst
2020-06-11 - The Return of the Higaisa APT
2020-06-11 - Tor2Mine is up to their old tricks — and adds a few new ones
2020-06-11 - マルウエアLODEINFOの進化 (Evolution of Malware LODEINFO)
2020-06-12 - Probable Sandworm Infrastructure
2020-06-12 - Trickbot Malspam Leveraging Black Lives Matter as Lure
2020-06-12 - What is the Gibberish Hack-
2020-06-13 - Black Kingdom ransomware (TTPs & IOC)
2020-06-13 - Black Kingdom ransomware hacks networks with Pulse VPN flaws
2020-06-13 - TroyStealer – A new info stealer targeting Portuguese Internet users
2020-06-14 - CTI is Better Served with Context- Getting better value from IOCs
2020-06-14 - Deep-dive- The DarkHotel APT
2020-06-15 - Global Malicious Spam Campaign Using Black Lives Matter as a Lure
2020-06-15 - India- Human Rights Defenders Targeted by a Coordinated Spyware Operation
2020-06-15 - Magecart strikes amid Corona lockdown
2020-06-15 - Quarterly report- Incident Response trends in Summer 2020
2020-06-15 - Striking Back at Retired Cobalt Strike- A look at a legacy vulnerability
2020-06-15 - Web skimmers found on the websites of Intersport, Claire's, and Icing
2020-06-16 - Chipmaker MaxLinear reports data breach after Maze Ransomware attack
2020-06-16 - Cloud Threat Landscape Report 2020,pdf
2020-06-16 - Cobalt- tactics and tools update
2020-06-16 - CrystalBit - Apple Double DLL Hijack -- From fraudulent software bundle downloads to an evasive miner raging campaign
2020-06-16 - ELF Malware Analysis 101- Linux Threats No Longer an Afterthought
2020-06-16 - Exploiting a crisis- How cybercriminals behaved during the outbreak
2020-06-16 - New Java STRRAT ships with .crimson ransomware module
2020-06-16 - QakBot malspam leading to ProLock- Nothing personal just business
2020-06-16 - TA505 returns with a new bag of tricks
2020-06-16 - The Little Ransomware That Couldn’t (Dharma)
2020-06-17 - A Click from the Backyard - Analysis of CVE-2020-9332, a Vulnerable USB Redirection Software
2020-06-17 - ATT&CK® Deep Dive- Process Injection
2020-06-17 - AcidBox- Rare Malware Repurposing Turla Group Exploit Targeted Russian Organizations
2020-06-17 - Detecting PoshC2 – Indicators of Compromise
2020-06-17 - Die erste Cyberwaffe und ihre Folgen
2020-06-17 - Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature
2020-06-17 - RansomEXX Ransomware
2020-06-17 - Targeted attacks on industrial companies using Snake ransomware
2020-06-17 - deICEr- A Go tool for extracting config from IcedID second stage Loaders
2020-06-18 - #ThreatThursday - APT33
2020-06-18 - Behind the scenes of the Emotet Infrastructure
2020-06-18 - COVID-19 and FMLA Campaigns used to install new IcedID banking malware
2020-06-18 - Digging up InvisiMole’s hidden arsenal
2020-06-18 - EKANS Ransomware Misconceptions and Misunderstandings
2020-06-18 - Ginp Malware Operations are on the Rise, Aiming to Expand in Turkey
2020-06-18 - Hiding In Plain Sight
2020-06-18 - Inside Microsoft Threat Protection- Mapping attack chains from cloud to endpoint (APT33-HOLMIUM)
2020-06-18 - Maze ransomware continues to be a threat to the consumers
2020-06-18 - Office 365 Phishing Campaign Exploits Samsung, Adobe and Oxford Servers
2020-06-19 - Copy-paste compromises
2020-06-19 - Dridex- the secret in a PostMessage()
2020-06-19 - Further Evasion in the Forgotten Corners of MS-XLS
2020-06-19 - Microcin is here With asynchronous sockets, steganography, GitLab ban and a sock
2020-06-19 - Microcin is here
2020-06-19 - Targeted Attack Leverages India-China Border Dispute to Lure Victims
2020-06-19 - The eagle eye is back- old and new backdoors from APT30
2020-06-19 - zloader- VBA, R1C1 References, and Other Tomfoolery
2020-06-21 - Deep Analysis of SmokeLoader
2020-06-21 - Investigating Threats in HP Sure Controller 4.2- TVRAT
2020-06-21 - Snatch Ransomware
2020-06-21 - UpnP – Messing up Security since years
2020-06-22 - Comparative analysis between Bindiff and Diaphora - Patched Smokeloader Study Case
2020-06-22 - Dynamic Correlation, ML and Hunting
2020-06-22 - FTcode targets European countries
2020-06-22 - Hakbit Ransomware Campaign Against Germany, Austria, Switzerland
2020-06-22 - Hijacking DLLs in Windows
2020-06-22 - Indiabulls Group hit by CLOP Ransomware, gets 24h leak deadline
2020-06-22 - IndigoDrop spreads via military-themed lures to deliver Cobalt Strike
2020-06-22 - Inside a TrickBot Cobalt Strike Attack Server
2020-06-22 - Pillowmint- FIN7’s Monkey Thief
2020-06-22 - Unpacking Visual Basic Packers – IcedID
2020-06-22 - VenomRAT - new, hackforums grade, reincarnation of QuassarRAT
2020-06-22 - Web skimming with Google Analytics
2020-06-22 - XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers
2020-06-22 - njRat Malware Analysis
2020-06-23 - Hidden Cobra - from a shed skin to the viper’s nest
2020-06-23 - New Mirai variant Aisuru detects Cowrie opensource honeypots
2020-06-23 - Oh, what a boot-iful mornin’ Rovnix bootkit back in business
2020-06-23 - Ryuk ransomware deployed two weeks after Trickbot infection
2020-06-23 - Sodinokibi- Ransomware Attackers also Scanning for PoS Software, Leveraging Cobalt Strike
2020-06-23 - WastedLocker- A New Ransomware Variant Developed By The Evil Corp Group
2020-06-24 - BRONZE VINEWOOD Targets Supply Chains
2020-06-24 - DropboxAES Remote Access Trojan
2020-06-24 - Glupteba - the malware that gets secret messages from the Bitcoin blockchain
2020-06-24 - Glupteba malware hides in plain sight
2020-06-24 - Hackers are still running coronavirus-related campaigns, CrowdStrike warns
2020-06-24 - Is upatre downloader coming back -
2020-06-24 - Lucifer- New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices
2020-06-24 - Magnitude exploit kit - evolution
2020-06-24 - New ransomware posing as COVID‑19 tracing app targets Canada; ESET offers decryptor
2020-06-24 - Obfuscated VBScript Drops Zloader, Ursnif, Qakbot, Dridex
2020-06-25 - A close look at the advanced techniques used in a Malaysian-focused APT campaign
2020-06-25 - DarkCrewBot – The Return of the Bot Shop Crew
2020-06-25 - Github Repository of PYBACK
2020-06-25 - GuLoader- Peering Into a Shellcode-based Downloader
2020-06-25 - The Golden Tax Department and the Emergence of GoldenSpy Malware
2020-06-25 - Unknown China-Based APT Targeting Myanmarese Entities
2020-06-25 - Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files
2020-06-25 - Zoom In- Emulating 'Exploit Purchase' in Simulated Targeted Attacks
2020-06-26 - Admin of carding portal behind $568M in losses pleads guilty
2020-06-26 - CryptoCore – Cryptocurrency Exchanges Under Attack
2020-06-26 - New Ransom X Ransomware used in Texas TxDOT cyberattack
2020-06-26 - Ransom .exx notes
2020-06-26 - Russian National (Aleksei Burkov, Cardplanet) Sentenced to Prison for Operating Websites Devoted to Fraud and Malicious Cyber Activities
2020-06-26 - Russian hacker group Evil Corp targets US workers at home
2020-06-26 - Taurus- The New Stealer in Town
2020-06-26 - US Local Government Services Targeted by New Magecart Credit Card Skimming Attack
2020-06-26 - Update on IT Security Incident at UCSF
2020-06-26 - WastedLocker- Symantec Identifies Wave of Attacks Against U.S. Organizations
2020-06-27 - Quick analysis note about GuLoader (or CloudEyE)
2020-06-28 - Interesting tactic by Ratty & Adwind for distribution of JAR appended to signed MSI
2020-06-29 - OSX.EvilQuest Uncovered
2020-06-29 - PROMETHIUM extends global reach with StrongPity3 APT
2020-06-30 - Botnet Encyclopedia
2020-06-30 - Detection Rules by Elastic
2020-06-30 - Electric Company Ransomware Attack Calls for $14 Million in Ransom
2020-06-30 - EvilQuest wiper uses ransomware cover to steal files from Macs
2020-06-30 - GoldenSpy- Chapter Two - The Uninstaller
2020-06-30 - M00nD3v, HawkEye threat actor, sells malware after COVID-19 diagnosis
2020-06-30 - Ransomware on the Rise- Buran’s transformation into Zeppelin
2020-07-01 - Alina Point of Sale Malware Still Lurking in DNS
2020-07-01 - BlackRock - The Trojan That Wanted to Get Them All
2020-07-01 - DLL Search Order Hijacking
2020-07-01 - EKANS Ransomware Targeting OT ICS Systems
2020-07-01 - Multiyear Surveillance Campaigns Discovered Targeting Uyghurs
2020-07-01 - Threat Bulletin- Cutting-off the Command-and-Control Infrastructure of CollectorGoomba
2020-07-01 - Threat Spotlight- Valak Slithers Its Way Into Manufacturing and Transportation Networks
2020-07-01 - 游走在东欧和中亚的奇幻熊
2020-07-02 - CyberGate RAT and RedLine Stealer Delivered in Ongoing AutoIt Malware Campaigns
2020-07-02 - GoldenSpy Chapter 3- New and Improved Uninstaller
2020-07-03 - Attack Detection Fundamentals- Code Execution and Persistence - Lab #1
2020-07-04 - Deep Analysis of Anubis Banking Malware
2020-07-05 - How to stop MortiAgent Malware using the snort rule-
2020-07-05 - RIFT- F5 Networks K52145254- TMUI RCE vulnerability CVE-2020-5902 Intelligence
2020-07-05 - Reverse Engineering the Mustang Panda PlugX RAT – Extracting the Config
2020-07-06 - New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader
2020-07-06 - North Korean hackers implicated in stealing from US and European shoppers
2020-07-06 - Pig in a poke- smartphone adware
2020-07-06 - The Gafgyt variant vbot seen in its 31 campaigns
2020-07-06 - TrickBot variant “Anchor_DNS” communicating over DNS
2020-07-06 - WastedLocker Goes Big-Game Hunting in 2020
2020-07-07 - -Keeper- Magecart Group Infects 570 Sites
2020-07-07 - Breaking EvilQuest - Reversing A Custom macOS Ransomware File Encryption Routine
2020-07-07 - Clop, Clop! It’s a TA505 HTML malspam analysis
2020-07-07 - Microsoft takes legal action against COVID-19-related cybercrime
2020-07-07 - SilentDeath Ransomware
2020-07-08 - How to unpack Chinoxy backdoor and decipher the configuration of the backdoor
2020-07-08 - Irans domestic espionage Lessons from recent data leaks
2020-07-08 - New Mirai Variant Expands Arsenal, Exploits CVE-2020-10173
2020-07-08 - Operation ‘Honey Trap’- APT36 Targets Defense Organizations in India
2020-07-08 - Ransomware Report- Avaddon and New Techniques Emerge, Industrial Sector Targeted
2020-07-08 - Restricting SMB-based lateral movement in a Windows environment
2020-07-08 - “EvilQuest” Rolls Ransomware, Spyware & Data Theft Into One
2020-07-09 - An Update for a Very Active DDos Botnet- Moobot
2020-07-09 - Gist with observed grelos skimmer
2020-07-09 - More evil- A deep look at Evilnum and its toolset
2020-07-09 - New Joker variant hits Google Play with an old trick
2020-07-09 - ServHelper- Hidden Miners
2020-07-09 - Threat Bulletin- Dissecting GuLoader’s Evasion Techniques
2020-07-10 - Deep Dive Into the M00nD3V Logger
2020-07-10 - Evilnum — Indicators of Compromise
2020-07-10 - Knowledge Fragment- Casting Sandbox Necromancy on DADSTACHE
2020-07-10 - The Dark Web of Intrigue- How REvil Used the Underground Ecosystem to Form an Extortion Cartel
2020-07-10 - The new Bigviktor Botnet is Targeting DrayTek Vigor Router
2020-07-10 - Threat spotlight- WastedLocker, customized ransomware
2020-07-10 - YARA Rules talks and presentation of REVERSING 2020
2020-07-11 - Injecting Magecart into Magento Global Config
2020-07-11 - TrickBot Group Launches Test Module Alerting on Fraud Activity
2020-07-11 - TrickBot malware mistakenly warns victims that they are infected
2020-07-12 - Deobfuscating DanaBot’s API Hashing
2020-07-13 - Anchor dns malware goes cross platform
2020-07-13 - Become a Microsoft Defender ATP Ninja
2020-07-13 - Campagna sLoad v.2.9.3 veicolata via PEC
2020-07-13 - Fell Deeds Awake
2020-07-13 - Internet Explorer CVE-2019–1367 In the wild Exploitation - prelude
2020-07-13 - New AgeLocker Ransomware uses Googler's utility to encrypt files
2020-07-13 - Remcos RAT Macro Dropper Doc
2020-07-13 - SCANdalous! (External Detection Using Network Scan Data and Automation)
2020-07-13 - TrickBot's new API-Hammering explained
2020-07-14 - GoldenSpy Chapter 4- GoldenHelper Malware Embedded in Official Golden Tax Software
2020-07-14 - Manufacturing Industry in the Adversaries’ Crosshairs
2020-07-14 - PYTHON MALWARE ON THE RISE
2020-07-14 - RATicate upgrades “RATs as a Service” attacks with commercial “crypter”
2020-07-14 - Simple DGA Spotted in a Malicious PowerShell
2020-07-14 - The Domain Generation Algorithm of BazarBackdoor
2020-07-14 - The Tetrade- Brazilian banking malware goes global
2020-07-14 - Turla - Venomous Bear updates its arsenal- “NewPass” appears on the APT threat scene
2020-07-14 - Welcome Chat as a secure messaging app- Nothing could be further from the truth
2020-07-15 - An in-depth analysis of SpyNote remote access trojan
2020-07-15 - Chinese state hackers target Hong Kong Catholic Church
2020-07-15 - Deep Analysis of QBot Banking Trojan
2020-07-15 - Exclusive- Secret Trump order gives CIA more powers to launch cyberattacks
2020-07-15 - Financially Motivated Actors Are Expanding Access Into OT- Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families
2020-07-15 - Flowspec - TA505s bulletproof hoster of choice
2020-07-15 - Inside REvil Extortionist “Machine”- Predictive Insights
2020-07-15 - The Defective Domain Generation Algorithm of BazarBackdoor
2020-07-16 - A Bazar of Tricks- Following Team9’s Development Cycles
2020-07-16 - FastWind Ransomware
2020-07-16 - High‑profile Twitter accounts hacked to promote Bitcoin scam
2020-07-16 - How WellMess malware has been used to target Covid-19 vaccines
2020-07-16 - Iranian Spies Accidentally Leaked Videos of Themselves Hacking
2020-07-16 - Mac cryptocurrency trading application rebranded, bundled with malware
2020-07-16 - Malware Analysis Report (AR20-198A)
2020-07-16 - Malware Analysis Report (AR20-198B)
2020-07-16 - Malware Analysis Report (AR20-198C)
2020-07-16 - New Research Exposes Iranian Threat Group (APT35-ITG18) Operations
2020-07-16 - US, UK, and Canada’s COVID-19 research targeted by APT29
2020-07-17 - New Voicemail-Themed Phishing Attacks Use Evasion Techniques and Steal Credentials
2020-07-17 - TA547 Pivots from Ursnif Banking Trojan to Ransomware in Australian Campaign
2020-07-18 - Firefox Send sends Ursnif malware
2020-07-20 - Emotet is back
2020-07-20 - Emotet-TrickBot malware duo is back infecting Windows machines
2020-07-20 - Golden Chickens- Evolution Oof the MaaS
2020-07-20 - Reverse Engineering the New Mustang Panda PlugX Downloader
2020-07-20 - Shellbot victim overlap with Emotet network infrastructure
2020-07-20 - What even is Winnti-
2020-07-21 - 'World's Most Wanted Man' Involved in Bizarre Attempt to Buy Hacking Tools
2020-07-21 - Chinese APT group targets India and Hong Kong using new variant of MgBot malware
2020-07-21 - How scammers are hiding their phishing trips in public clouds
2020-07-21 - Two Chinese Hackers Working with the Ministry of State Security Charged with Global Computer Intrusion Campaign Targeting Intellectual Property and Confidential Business Information, Including COVID-19 Research
2020-07-22 - 'FormBook Tracker' unveiled on the Dark Web
2020-07-22 - Analysing Fileless Malware- Cobalt Strike Beacon
2020-07-22 - Connecting Kinsing malware to Citrix and SaltStack campaigns
2020-07-22 - Enter the Maze- Demystifying an Affiliate Involved in Maze (SNOW)
2020-07-22 - Github Repository for PowerZure
2020-07-22 - Lockscreen Ransomware Phishing Leads To Google Play Card Scam
2020-07-22 - MATA- Multi-platform targeted malware framework
2020-07-22 - OilRig APT Drills into Malware Innovation with Unique Backdoor
2020-07-22 - OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory
2020-07-22 - Peut-on neutraliser un ransomware lancé en tant que SYSTEM sur des milliers de machines en même temps-
2020-07-22 - Prometei botnet and its quest for Monero
2020-07-22 - Skimmers in Images & GitHub Repos
2020-07-22 - Slacking Off – Slack and the Corporate Attack Surface Landscape
2020-07-23 - Attacking MS Exchange Web Interfaces
2020-07-23 - The resurgence of the Ursnif banking trojan
2020-07-23 - WastedLocker Ransomware- Abusing ADS and NTFS File Attributes
2020-07-23 - Who is behind APT29- What we know about this nation-state cybercrime group
2020-07-24 - Evolution of Valak, from Its Beginnings to Mass Distribution
2020-07-24 - Exorcist Ransomware - From triaging to deep dive
2020-07-24 - Fifty Shades of Malware Strings
2020-07-24 - Garmin outage caused by confirmed WastedLocker ransomware attack
2020-07-24 - Russia's GRU Hackers Hit US Government and Energy Targets
2020-07-25 - Zen- A Complex Campaign of Harmful Android Apps
2020-07-26 - In-Memory shellcode decoding to evade AVs-EDRs
2020-07-27 - Alert (AA20-209A)- Potential Legacy Risk from Malware Targeting QNAP NAS Devices
2020-07-27 - Ensiko- A Webshell With Ransomware Capabilities
2020-07-27 - Four Distinct Families of Lazarus Malware Target Apple’s macOS Platform
2020-07-27 - ProLock ransomware gives you the first 8 kilobytes of decryption for free
2020-07-28 - Emotet malware now steals your email attachments to attack contacts
2020-07-28 - LOLSnif Malware
2020-07-28 - Lazarus on the hunt for big game
2020-07-28 - Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902
2020-07-28 - Watch Your Containers- Doki Infecting Docker Servers in the Cloud
2020-07-29 - 'Ghostwriter' Influence Campaign- Unknown Actors Leverage Website Compromises and Fabricated Content to Push Narratives Aligned With Russian Security Interests
2020-07-29 - APT trends report Q2 2020
2020-07-29 - Android Spyware Targeting Tanzania Premier League
2020-07-29 - Emotet’s return is the canary in the coal mine
2020-07-29 - Kaspersky- New hacker-for-hire mercenary group is targeting European law firms
2020-07-29 - Operation (노스 스타) North Star A Job Offer That’s Too Good to be True-
2020-07-29 - Sodinokibi - REvil Malware Analysis
2020-07-30 - Dissecting Ragnar Locker- The Case Of EDP
2020-07-30 - Obscured by Clouds- Insights into Office 365 Attacks and How Mandiant Managed Defense Investigates
2020-07-30 - Threat Assessment- WastedLocker Ransomware
2020-07-31 - GandCrab ransomware operator arrested in Belarus
2020-07-31 - Malware Author Pleads Guilty for Role in Transnational Cybercrime Organization Responsible for more than $568 Million in Losses
2020-07-31 - MassLogger- An Emerging Spyware and Keylogger
2020-07-31 - OpBlueRaven- Unveiling Fin7-Carbanak - Part 1 - Tirion
2020-07-31 - The webshells powering Emotet
2020-07-31 - WastedLocker- technical analysis
2020-08-01 - Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware
2020-08-03 - Back to school-
2020-08-03 - Belarus Authorities Arrest GandCrab Ransomware Operator
2020-08-03 - Dridex – From Word to Domain Dominance
2020-08-03 - InfectedNight - Mirai Variant With Massive Attacks On Our Honeypots
2020-08-03 - MAR-10292089-1.v1 – Chinese Remote Access Trojan- TAIDOOR
2020-08-03 - Take a “NetWalk” on the Wild Side
2020-08-04 - CrimeOps- The Operational Art of Cyber Crime
2020-08-04 - Part 1- analysing MedusaLocker ransomware
2020-08-04 - Ransomware gang publishes tens of GBs of internal data from LG and Xerox
2020-08-04 - WastedLocker’s techniques point to a familiar heritage
2020-08-05 - Emotet API+string deobfuscator (v0.1)
2020-08-05 - Part 2- Analysing MedusaLocker ransomware
2020-08-05 - Playing with GuLoader Anti-VM techniques
2020-08-06 - Bypassing MassLogger Anti-Analysis — a Man-in-the-Middle Approach
2020-08-06 - Chinese Hackers Have Pillaged Taiwan's Semiconductor Industry
2020-08-06 - FinSpy Android Technical Analysi
2020-08-06 - Part 3- analysing MedusaLocker ransomware
2020-08-06 - The Secret Life of an Initial Access Broker
2020-08-06 - Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts
2020-08-07 - BlackWater Malware Leveraging Beirut Tragedy in New Targeted Campaign
2020-08-07 - Stadeo- Deobfuscating Stantinko and more
2020-08-08 - Phirautee - DEFCON28 - Writing Ransomware using Living off the Land (LotL) Tactics
2020-08-09 - Banking Trojans- A Reference Guide to the Malware Family Tree
2020-08-10 - Agent Tesla - Old RAT Uses New Tricks to Stay on Top
2020-08-10 - Anomali Threat Research Releases First Public Analysis of Smaug Ransomware as a Service
2020-08-10 - ClipBanker Trojan - A 13-Second Attack
2020-08-10 - DarkSide Ransomware
2020-08-10 - DiamondFox - Bank Robbers will be replaced
2020-08-10 - FBI says an Iranian hacking group is attacking F5 networking devices
2020-08-10 - Gorgon APT targeting MSME sector in India
2020-08-10 - SBA phishing scams- from malware to advanced social engineering
2020-08-12 - Antiy's analysis report on the recent APT attacks against the Green Spot organization
2020-08-12 - Color by numbers- inside a Dharma ransomware-as-a-service attack
2020-08-12 - IcedID Campaign Strikes Back
2020-08-12 - Internet Explorer and Windows zero-day exploits used in Operation PowerFall
2020-08-12 - Prioritizing critical vulnerabilities A threat intelligence perspective
2020-08-12 - Retour d’expérience suite à une attaque par rançongiciel contre une structure de santé
2020-08-12 - Why Emotet’s Latest Wave is Harder to Catch than Ever Before
2020-08-13 - Attribution- A Puzzle
2020-08-13 - CactusPete APT group’s updated Bisonal backdoor
2020-08-13 - Case Study- Catching a Human-Operated Maze Ransomware Attack In Action
2020-08-13 - Chrome extensions that lie about their permissions
2020-08-13 - Global Disruption of Three Terror Finance Cyber-Enabled Campaigns
2020-08-13 - Lemon Duck Cryptocurrency-mining Malware Information
2020-08-13 - Matiex on Sale Underground
2020-08-13 - Mekotio- These aren’t the security updates you’re looking for…
2020-08-13 - XCSSET Mac Malware- Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
2020-08-14 - Alert (AA20-227A)- Phishing Emails Used to Deploy KONNI Malware
2020-08-14 - EmoCrash- Exploiting a Vulnerability in Emotet Malware for Defense
2020-08-14 - PurpleWave - A New Infostealer from Russia
2020-08-16 - Manual Unpacking IcedID Write-up
2020-08-17 - Team TNT - The First Crypto-Mining Worm to Steal AWS Credentials
2020-08-17 - Team TNT – The First Crypto-Mining Worm to Steal AWS Credentials
2020-08-17 - WellMess malware- analysis of its Command and Control (C2) server
2020-08-18 - Lazarus Group- Campaign Targeting the Cryptocurrency Vertical
2020-08-18 - New Attack Alert- Duri
2020-08-18 - ThunderX Ransomware
2020-08-18 - UPX Anti-Unpacking Techniques in IoT Malware
2020-08-19 - Chantay’s Resume- Investigating a CV-Themed ZLoader Malware
2020-08-19 - ELF Malware Analysis 101 Part 2- Initial Analysis
2020-08-19 - FritzFrog- A New Generation Of Peer-To-Peer Botnets
2020-08-19 - Malware Analysis Report (AR20-232A)
2020-08-19 - Performing Kerberoasting without SPNs
2020-08-19 - Responder-MultiRelay
2020-08-19 - 調查局 08-19 公布中國對台灣政府機關駭侵事件說明
2020-08-20 - DBatLoader-ModiLoader Analysis – First Stage
2020-08-20 - QakBot (QBot) Maldoc Campaign Introduces Two New Techniques into Its Arsenal
2020-08-20 - Revealing REvil Ransomware With DomainTools and Maltego
2020-08-20 - Transparent Tribe- Evolution analysis, part 1
2020-08-20 - [webinar] Proactive Infrastructure Hunting with ThreatConnect & DomainTools
2020-08-20 - ‘Baka’ JavaScript Skimmer Identified
2020-08-21 - Wireshark Tutorial- Decrypting HTTPS Traffic
2020-08-22 - BitRAT – The Latest in Copy-pasted Malware by Incompetent Developers
2020-08-23 - Dispatches from Drovorub- Network Threat Hunting for Russia GRU GTsSS' Malware at Scale
2020-08-23 - Programmatically NOP the Current Selection in Ghidra
2020-08-24 - Cybercriminal greeners from Iran attack companies worldwide for financial gain
2020-08-24 - Emotet Update increases Downloads
2020-08-24 - Lifting the veil on DeathStalker, a mercenary triumvirate
2020-08-24 - RATs and Spam- The Node.JS QRAT
2020-08-24 - Torum is Dead. Long Live CryptBB-
2020-08-24 - VT Report for Jazuar
2020-08-25 - Cyrat Ransomware
2020-08-25 - Darkhotel (APT-C-06) organized multiple attacks using the Thinmon backdoor framework to reveal the secrets
2020-08-25 - How Ransomware Gangs Find New Monetization Schemes and Evolve in Marketing
2020-08-25 - Ryuk successor Conti Ransomware releases data leak site
2020-08-26 - A twisted malware infection chain
2020-08-26 - Alert (AA20-239A)- FASTCash 2.0- North Korea's BeagleBoyz Robbing Banks
2020-08-26 - MAR-10301706-1.v1 - North Korean Remote Access Tool- ECCENTRICBANDWAGON
2020-08-26 - MAR-10301706-2.v1 - North Korean Remote Access Tool- VIVACIOUSGIFT
2020-08-26 - ReZer0v4 loader
2020-08-26 - SunCrypt Ransomware sheds light on the Maze ransomware cartel
2020-08-26 - Threat Actor Profile- TA2719 Uses Colorful Lures to Deliver RATs in Local Languages
2020-08-26 - Transparent Tribe- Evolution analysis, part 2
2020-08-27 - An Old Bot’s Nasty New Tricks- Exploring Qbot’s Latest Attack Methods
2020-08-27 - Cetus- Cryptojacking Worm Targeting Docker Daemons
2020-08-27 - Growth and Commoditization of Remote Access Trojans (X)
2020-08-27 - Smokeloader Analysis and More Family Detections
2020-08-28 - A Comprehensive Look at Emotet’s Summer 2020 Return
2020-08-28 - Cerberus Banking Trojan Analysis
2020-08-28 - Gozi- The Malware with a Thousand Faces
2020-08-28 - MVISION Insights- Wastedlocker Ransomware
2020-08-28 - TERRACOTTA Android Malware- A Technical Study
2020-08-29 - Emulating NotPetya bootloader with Miasm
2020-08-30 - Z3 Ransomware
2020-08-31 - Analysis of the latest wave of Emotet malicious documents
2020-08-31 - In the wild QNAP NAS attacks
2020-08-31 - Malware Used by Lazarus after Network Intrusion
2020-08-31 - Malware used by the attack group Lazarus after network intrusion
2020-08-31 - NetWalker Ransomware in 1 Hour
2020-08-31 - The BLINDINGCAN RAT and Malicious North Korean Activity
2020-08-31 - Trickbot rdpscanDll – Transforming Candidate Credentials for Brute-Forcing RDP Servers
2020-08-31 - Who Is PIONEER KITTEN-
2020-08-31 - XP10 Ransomware
2020-09-01 - An Exhaustively-Analyzed IDB for ComRAT v4
2020-09-01 - Characterizing Anomalies in Malware-Generated HTTP Traffic
2020-09-01 - DLL Fixer leads to Cyrat Ransomware
2020-09-01 - Epic Manchego – atypical maldoc delivery brings flurry of infostealers
2020-09-01 - Iranian hackers are selling access to compromised companies on an underground forum
2020-09-01 - New web skimmer steals credit card data, sends to crooks via Telegram
2020-09-01 - OpBlueRaven- Unveiling Fin7-Carbanak - Part II - BadUSB Attacks
2020-09-01 - Quarterly Report- Incident Response trends in Summer 2020
2020-09-01 - Who Is PIONEER KITTEN-
2020-09-02 - Chinese APT TA413 Resumes Targeting of Tibet Following COVID-19 Themed Economic Espionage Campaign Delivering Sepulcher Malware Targeting Europe
2020-09-02 - Cybersquatting- Attackers Mimicking Domains of Major Brands Including Facebook, Apple, Amazon and Netflix to Scam Consumers
2020-09-02 - Inside the “fallguys” malware that steals your browsing data and gaming IMs; Continued attack on open source software
2020-09-02 - KryptoCibule- The multitasking multicurrency cryptostealer
2020-09-02 - Machine learning from idea to reality- a PowerShell case study
2020-09-02 - Operation PowerFall- CVE-2020-0986 and variants
2020-09-02 - Salfram- Robbing the place without removing your name tag
2020-09-03 - IT threat evolution Q2 2020
2020-09-03 - Multi-Platform SMAUG RaaS Aims To See Off Competitors
2020-09-03 - No Rest for the Wicked- Evilnum Unleashes PyVil RAT
2020-09-03 - The Bitcoin Ransomware Detective Strikes Again- The UCSF Case
2020-09-03 - Turning Open Source Against Malware
2020-09-04 - BitRAT pt. 2- Hidden Browser, SOCKS5 proxy, and UnknownProducts Unmasked
2020-09-04 - Post-Mortem of a Triple Poisoning- New Details Emerge in GRU's Failed Murder Attempts in Bulgaria
2020-09-04 - Thanos Ransomware- Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa
2020-09-07 - Bulletin d'alerte du CERT-FR- Recrudescence d’activité Emotet en France
2020-09-07 - Collection of recent Dridex IOCs
2020-09-07 - Time to take the bull by the horns
2020-09-08 - APT GROUP系列——DARKHOTEL之窃密与RAT篇
2020-09-08 - Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks
2020-09-08 - Automated dynamic import resolving using binary emulation
2020-09-08 - Exposed Docker Server Abused to Drop Cryptominer, DDoS Bot
2020-09-08 - Malware Config Extraction Diaries #1 – GuLoader
2020-09-08 - TeamTNT activity targets Weave Scope deployments
2020-09-08 - TikTok Spyware- A detailed analysis of spyware masquerading as TikTok
2020-09-09 - Malvertising campaigns come back in full swing
2020-09-10 - An overview of targeted attacks and APTs on Linux
2020-09-10 - Lock Like a Pro- Dive in Recent ProLock's Big Game Hunting
2020-09-10 - New cyberattacks targeting U.S. elections
2020-09-10 - Recent Dridex activity
2020-09-10 - STRONTIUM- Detecting new patterns in credential harvesting
2020-09-10 - Who is calling- CDRThief targets Linux VoIP softswitches
2020-09-11 - Research Roundup- Activity on Previously Identified APT33 Domains
2020-09-11 - [RE016] Malware Analysis- ModiLoader
2020-09-13 - Tweet on Cryakl 2.0.0.0
2020-09-14 - Alert (AA20-258A)- Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity
2020-09-14 - Analysis of a Convoluted Attack Chain Involving Ngrok
2020-09-14 - Back to School- Why Cybercriminals Continue to Target the Education Sector - Part Two
2020-09-15 - Alert (AA20-259A)- Iran-Based Threat Actor Exploits VPN Vulnerabilities
2020-09-15 - Malware Analysis Report (AR20-259A)- Iranian Web Shells
2020-09-15 - Rudeminer, Blacksquid and Lucifer Walk Into A Bar
2020-09-15 - Threat analysis- The emergent URSA trojan impacts many countries using a sophisticated loader
2020-09-16 - Malware Leveraging XML-RPC Vulnerability to Exploit WordPress Sites
2020-09-16 - Partners in crime North Koreans and elite Russian-speaking cybercriminals
2020-09-16 - Seven International Cyber Defendants, Including “Apt41” Actors, Charged In Connection With Computer Intrusion Campaigns Against More Than 100 Victims Globally
2020-09-16 - Target defense industry- Lazarus uses recruitment bait combined with continuously updated cyber weapons
2020-09-17 - Analysis of WellMail malware's Command and Control (C2) server
2020-09-17 - Automatic ReZer0 payload and configuration extraction
2020-09-17 - Complex obfuscation- Meh… (1-2)
2020-09-17 - Counter Terrorism Designations; Iran-Cyber-related Designations
2020-09-17 - GuLoader's VM-Exit Instruction Hammering explained
2020-09-17 - Maze attackers adopt Ragnar Locker virtual machine technique
2020-09-17 - Maze ransomware now encrypts via virtual machines to evade detection
2020-09-17 - Ransomware’s New Trend- Exfiltration and Extortion
2020-09-17 - Treasury Sanctions Cyber Actors Backed by Iranian Intelligence Ministry
2020-09-18 - APT41- Indictments Put Chinese Espionage Group in the Spotlight
2020-09-18 - Egregor Ransomware
2020-09-18 - Elfin- Latest U.S. Indictments Appear to Target Iranian Espionage Group
2020-09-18 - EvilQuest-ThiefQuest strings decrypt-deobfuscator
2020-09-18 - Reverse Engineering Dridex and Automating IOC Extraction
2020-09-18 - The Initial Access Broker’s Toolbox – Remote Monitoring and Management
2020-09-18 - U.S. Justice Department Charges APT41 Hackers over Global Cyberattacks
2020-09-20 - Rampant Kitten – An Iranian Espionage Campaign
2020-09-21 - Cybercriminals Distribute Backdoor With VPN Installer
2020-09-22 - APT28 Delivers Zebrocy Malware Campaign using NATO Theme as Lure
2020-09-22 - Alert Number I-092220-PSA- Foreign Actors and Cybercriminals Likely to Spread Disinformation Regarding 2020 Election Results
2020-09-22 - DarkSide- The New Ransomware Group Behind Highly Targeted Attacks
2020-09-22 - Grinju Downloader
2020-09-22 - MTR Casebook- Blocking a $15 million Maze ransomware attack
2020-09-22 - Mispadu Banking Trojan Resurfaces
2020-09-22 - Removing Coordinated Inauthentic Behavior
2020-09-22 - Russian hackers use fake NATO training docs to breach govt networks
2020-09-22 - Taidoor - a truly persistent threat
2020-09-22 - Uniklinik Düsseldorf- Ransomware -DoppelPaymer- soll hinter dem Angriff stecken
2020-09-22 - What Service NSW has to do with Russia-
2020-09-23 - AgeLocker ransomware targets QNAP NAS devices, steals data
2020-09-23 - Big Game Hunting- Now in Russia
2020-09-23 - Case Study- Emotet Thread Hijacking, an Email Attack Technique
2020-09-23 - Government software provider Tyler Technologies hit by ransomware
2020-09-23 - Looking for sophisticated malware in IoT devices
2020-09-23 - Operation SideCopy!
2020-09-23 - Understanding Uncertainty while Undermining Democracy
2020-09-24 - Alert Number I-092420-PSA- Cyber Threats to Voting Processes Could Slow But Not Prevent Voting
2020-09-24 - Alien - the story of Cerberus' demise
2020-09-24 - Analysis Report (AR20-268A)- Federal Agency Compromised by Malicious Cyber Actor
2020-09-24 - Apps on Google Play Tainted with Cerberus Banker Malware
2020-09-24 - Cycldek aka Goblin Panda- Chronicles of the Goblin
2020-09-24 - Double Trouble- Ransomware with Data Leak Extortion, Part 1
2020-09-24 - Email-delivered MoDi RAT attack pastes PowerShell commands
2020-09-24 - Microsoft Security—detecting empires in the cloud
2020-09-24 - Mount Locker ransomware joins the multi-million dollar ransom game
2020-09-24 - Removing Coordinated Inauthentic Behavior
2020-09-24 - zLoader XLM Update- Macro code and behavior change
2020-09-25 - APT vs Internet Service Providers
2020-09-25 - APT-C-43 steals Venezuelan military secrets to provide intelligence support for the reactionaries - HpReact campaign
2020-09-25 - Baltimore ransomware attack was early attempt at data extortion, new report shows
2020-09-25 - Catching Lazarus- Threat Intelligence to Real Detection Logic - Part One
2020-09-25 - Double Trouble- Ransomware with Data Leak Extortion, Part 1
2020-09-25 - German-made FinSpy spyware found in Egypt, and Mac and Linux versions revealed
2020-09-25 - Ghost in action- the Specter botnet
2020-09-25 - Magento Credit Card Stealing Malware- gstaticapi
2020-09-25 - The Fresh Smell of ransomed coffee
2020-09-25 - Turla Carbon System
2020-09-25 - Visa Security Alert New Malware Samples identified in Point-of-Sale Compromises
2020-09-26 - FinFisher Filleted- a triage of the FinSpy (macOS) malware
2020-09-26 - Ironcat Ransomware
2020-09-26 - The Finfisher Tales, Chapter 1- The dropper
2020-09-28 - Alert Number I-092820-PSA- False Claims of Hacked Voter Information Likely Intended to Cast Doubt on Legitimacy of U.S. Elections
2020-09-28 - Kimsuky Phishing Operations Putting In Work
2020-09-29 - BLINDINGCAN - Malware Used by Lazarus
2020-09-29 - Cerberus and Alien- the malware that has put Android in a tight spot
2020-09-29 - CobaltStrikeScan
2020-09-29 - Getting the Bacon from the Beacon
2020-09-29 - LodaRAT Update- Alive and Well
2020-09-29 - Palmerworm- Espionage Gang Targets the Media, Finance, and Other Sectors
2020-09-29 - Spear Phishing Campaign Delivers Buer and Bazar Malware
2020-09-29 - TA2552 Uses OAuth Access Token Phishing to Exploit Read-Only Risks
2020-09-29 - Targeted Attacks on Oil and Gas Supply Chain Industries in the Middle East
2020-09-29 - The return of the Emotet as the world unlocks!
2020-09-29 - What's behind the increase in ransomware attacks this year-
2020-09-30 - APT‑C‑23 group evolves its Android spyware
2020-09-30 - Alert Number I-093020-PSA- Distributed Denial of Service Attacks Could Hinder Access to Voting Information, Would Not Prevent Voting
2020-09-30 - Rooty Dolphin uses Mekotio to target bank clients in South America and Europe
2020-09-30 - Ttint- 一款通过2个0-day漏洞传播的IoT远控木马
2020-10-01 - A Storm is Brewing- IPStorm Now Has Linux Malware
2020-10-01 - Alert (AA20-275A)- Potential for China Cyber Response to Heightened U.S.-China Tensions
2020-10-01 - Alert Number I-100120-PSA- Foreign Actors Likely to Use Online Journals to Spread Disinformation Regarding 2020 Elections
2020-10-01 - Duck Hunting with Falcon Complete- Analyzing a Fowl Banking Trojan, Part 1
2020-10-01 - Emotet Makes Timely Adoption of Political and Elections Lures
2020-10-01 - Evasive URLs in Spam- Part 2
2020-10-01 - LATAM financial cybercrime- Competitors‑in‑crime sharing TTPs
2020-10-01 - Malware Analysis Report (AR20-275A)- Remote Access Trojan- SLOTHFULMEDIA
2020-10-01 - Russia’s Fancy Bear Hackers Likely Penetrated a US Federal Agency
2020-10-01 - Threat Spotlight- New InterPlanetary Storm variant targeting IoT devices
2020-10-01 - XDSpy Indicators of Compromise
2020-10-02 - Alert Number I-100220-PSA- Spoofed Internet Domains and Email Accounts Pose Cyber and Disinformation Risks to Voters
2020-10-02 - Appgate Labs Analyzes New Family Of Ransomware - Egregor
2020-10-02 - Attacks Aimed at Disrupting the Trickbot Botnet
2020-10-02 - Graphology of an Exploit – Hunting for exploits by looking for the author’s fingerprints
2020-10-02 - Lockbit analysis
2020-10-02 - XDSpy- Stealing government secrets since 2011
2020-10-03 - TA505 targets the Americas in a new campaign
2020-10-03 - Unveiling the CryptoMimic
2020-10-03 - Wikipedia Page- Maksim Yakubets
2020-10-05 - Black-T- New Cryptojacking Variant from TeamTnT
2020-10-05 - DarkSide ransomware analysis
2020-10-05 - MosaicRegressor- Lurking in the Shadows of UEFI
2020-10-05 - New pastebin-like service used in multiple malware campaigns
2020-10-06 - BAHAMUT- Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps
2020-10-06 - Double Trouble- Ransomware with Data Leak Extortion, Part 2
2020-10-06 - Eager Beaver- A Short Overview of the Restless Threat Actor TA505
2020-10-06 - French companies Under Attack from Clever BEC Scam
2020-10-06 - IXWare - Kids will be skids
2020-10-06 - PoetRAT- Malware targeting public and private sector in Azerbaijan evolves
2020-10-06 - Release the Kraken- Fileless APT attack abuses Windows Error Reporting service
2020-10-06 - TA505 targets the Americas in a new campaign
2020-10-06 - The FONIX RaaS - New Low-Key Threat with Unnecessary Complexities
2020-10-07 - Break out the Box (BOtB)
2020-10-07 - Duck Hunting with Falcon Complete- Analyzing a Fowl Banking Trojan, Part 2
2020-10-07 - GhostDNSbusters (Part 2)
2020-10-07 - United States Seizes Domain Names Used by Iran’s Islamic Revolutionary Guard Corps
2020-10-08 - Credit card skimmer targets virtual conference platform
2020-10-08 - Droppers, Downloaders and TrickBot- Detecting a Stealthy COVID-19-themed Campaign using Toolmarks
2020-10-08 - Fake Users Rave but Real Users Rant as Apps on Google Play Deal Aggressive Adware
2020-10-08 - German tech giant Software AG down after ransomware attack
2020-10-08 - MontysThree- Industrial espionage with steganography and a Russian accent on both sides
2020-10-08 - Ryuk’s Return
2020-10-08 - Shining a light on SunCrypt’s curious file encryption mechanism
2020-10-08 - Sophisticated new Android malware marks the latest evolution of mobile ransomware
2020-10-08 - Taiwan Government Targeted by Multiple Cyberattacks in April 2020 Part 1- Waterbear Malware
2020-10-08 - Waterbear malware used in attack wave against government agencies
2020-10-09 - Alert (AA20-283A)- APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations
2020-10-09 - There’s a New a Golang-written RAT in Town
2020-10-11 - Chimera, APT19 under the radar -
2020-10-12 - -Front Door- into BazarBackdoor- Stealthy Cybercrime Weapon
2020-10-12 - A Look Inside The TrickBot Botnet
2020-10-12 - CVE-2020-1472- Advanced Persistent Threat Actors Use Zerologon Vulnerability In Exploit Chain with Unpatched Vulnerabilities
2020-10-12 - ESET takes part in global operation to disrupt Trickbot
2020-10-12 - KELA’s 100 Over 100- September 2020 in Network Access Sales
2020-10-12 - New action to combat ransomware ahead of U.S. elections
2020-10-12 - Trickbot disrupted
2020-10-12 - Trickbot- U.S. Court Order Hits Botnet’s Infrastructure
2020-10-12 - Why Emotet’s Latest Wave is Harder to Catch Than Ever Before – Part 2
2020-10-13 - Attackers Abuse MobileIron’s RCE to deliver Kaiten
2020-10-13 - BazarLoader Campaign with Fake Termination Emails
2020-10-13 - Deep Analysis – The EKING Variant of Phobos Ransomware
2020-10-13 - Overcoming the Challenges of Detecting P2P Botnets on Your Network
2020-10-13 - Tracing fresh Ryuk campaigns itw
2020-10-14 - Duck Hunting with Falcon Complete- Remediating a Fowl Banking Trojan, Part 3
2020-10-14 - FIN11- Widespread Email Campaigns as Precursor for Ransomware and Data Theft
2020-10-14 - FakeMBAM- Backdoor Delivered Through Software Updates
2020-10-14 - German Made State Malware Company FinFisher Raided
2020-10-14 - LV Ransomware
2020-10-14 - Secret Stealing Trojan Active in Brazil Releases the New Framework SolarSys
2020-10-14 - Silent Librarian APT right on schedule for 20-21 academic year
2020-10-14 - They’re back- inside a new Ryuk ransomware attack
2020-10-14 - Two New IoT Vulnerabilities Identified with Mirai Payloads
2020-10-15 - IAmTheKing and the SlothfulMedia malware family
2020-10-15 - Officials Announce International Operation Targeting Transnational Criminal Organization QQAAZZ that Provided Money Laundering Services to High-Level Cybercriminals
2020-10-15 - Panda’s New Arsenal- Part 1 Tmanger
2020-10-15 - That was quick Trickbot is back after disruption attempts
2020-10-15 - Ubisoft, Crytek data posted on ransomware gang's site
2020-10-16 - Geofenced Amazon Japan Credential Phishing Volumes Rival Emotet
2020-10-16 - How we're tackling evolving online threats
2020-10-16 - ThreatConnect Research Roundup- Possible Ryuk Infrastructure
2020-10-16 - ThunderX Ransomware rebrands as Ranzy Locker, adds data leak site
2020-10-16 - Trickbot Up to Its Old Tricks
2020-10-16 - VBA Purging Malspam Campaigns
2020-10-16 - WIZARD SPIDER Update- Resilient, Reactive and Resolute
2020-10-18 - Ryuk in 5 Hours
2020-10-19 - GRU HACKERS' DESTRUCTIVE MALWARE AND INTERNATIONAL CYBER ATTACKS
2020-10-19 - GravityRAT- The spy returns
2020-10-19 - Hackers Planted Trump Smears - and Pro-Iran Trolls Spread Them
2020-10-19 - Industry alert pins state, local government hacking on suspected Russian group (Temp.Isotope)
2020-10-19 - New Vizom Malware Discovered Targets Brazilian Bank Customers with Remote Overlay Attacks
2020-10-19 - Possible Identity of a Kuwaiti Hacker NYANxCAT
2020-10-19 - Purple Fox EK - New CVEs, Steganography, and Virtualization Added to Attack Flow
2020-10-19 - Revisited- Fancy Bear's New Faces...and Sandworms' too
2020-10-19 - The Many Faces of Emotet
2020-10-19 - UK exposes series of Russian cyber attacks against Olympic and Paralympic Games
2020-10-19 - US Indicts Sandworm, Russia's Most Destructive Cyberwar Unit
2020-10-19 - US charges Russian GRU officers for NotPetya, other major hacks
2020-10-20 - 404 Keylogger Campaigns
2020-10-20 - An update on disruption of Trickbot
2020-10-20 - Barnes & Noble hit by Egregor ransomware, strange data leaked
2020-10-20 - Chinese State-Sponsored Actors Exploit Publicly Known Vulnerabilitie
2020-10-20 - FBI Investigating Threatening Emails Sent To Democrats In Florida
2020-10-20 - Global Trickbot disruption operation shows promise
2020-10-20 - Katana- a new variant of the Mirai botnet
2020-10-21 - 'MuddyWater' spies suspected in attacks against Middle East governments, telecoms
2020-10-21 - Life of Maze ransomware
2020-10-21 - LockBit uses automated attack tools to identify tasty targets
2020-10-21 - Media Coverage Doesn’t Deter Actor From Threatening Democratic Voters
2020-10-21 - Seedworm- Iran-Linked Group Continues to Target Organizations in the Middle East
2020-10-21 - T-RAT 2.0- Malware control via smartphone
2020-10-22 - Alert (AA20-296A)- Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets
2020-10-22 - Alert (AA20-296B)- Iranian Advanced Persistent Threat Actors Threaten Election-Related Systems
2020-10-22 - An Inside Look at How Ryuk Evolved Its Encryption and Evasion Techniques
2020-10-22 - EU sanctions Russia over 2015 German Parliament hack
2020-10-22 - French IT giant Sopra Steria hit by Ryuk ransomware
2020-10-22 - On the trail of the XMRig miner
2020-10-22 - Russian Vehicle Registration Leak Reveals Additional GRU Hackers
2020-10-22 - Treasury Sanctions Iranian Entities for Attempted Election Interference
2020-10-23 - A Last Clever Knot-
2020-10-23 - APT28携小众压缩包诱饵对北约、中亚目标的定向攻击分析
2020-10-23 - Catching Lazarus- Threat Intelligence to Real Detection Logic - Part Two
2020-10-23 - Exclusive- 'Dumb mistake' exposed Iranian hand behind fake Proud Boys U.S. election emails - sources
2020-10-23 - Exclusive- National Guard called in to thwart cyberattack in Louisiana weeks before election
2020-10-23 - Leakware-Ransomware-Hybrid Attacks
2020-10-23 - New RAT malware gets commands via Discord, has ransomware feature
2020-10-23 - Report- Ransomware disables Georgia county election database
2020-10-23 - Russia’s Clandestine Chemical Weapons Programme and the GRU’s Unit 29155
2020-10-23 - Treasury Sanctions Russian Government Research Institution Connected to the Triton Malware
2020-10-24 - Gacrux – a basic C malware with a custom PE loader
2020-10-25 - MetadataBin Ransomware
2020-10-26 - Dropping the Anchor
2020-10-26 - Excel 4 Macros- -Abnormal Sheet Visibility-
2020-10-26 - Exploit Developer Spotlight- The Story of PlayBit
2020-10-26 - The Russian Hackers (BERSERK BEAR) Playing 'Chekhov's Gun' With US Infrastructure
2020-10-26 - Threat Hunting for Avaddon Ransomware
2020-10-26 - ThreatConnect Research Roundup- Ryuk and Domains Spoofing ESET and Microsoft
2020-10-27 - APT-31 leverages COVID-19 vaccine theme and abuses legitimate online services
2020-10-27 - Alert (AA20-301A)- North Korean Advanced Persistent Threat Focus- Kimsuky
2020-10-27 - Data exfiltration via IPv6
2020-10-27 - Enel Group hit by ransomware again, Netwalker demands $14 million
2020-10-27 - MTR Casebook- An active adversary caught in the act
2020-10-27 - Mars Ransomware
2020-10-27 - Purchase Order Phishing, the Everlasting Phishing Tactic
2020-10-27 - Steelcase furniture giant hit by Ryuk ransomware attack
2020-10-28 - Alleged REvil member spills details on groups ransomware operations
2020-10-28 - Cyberattacks target international conference attendees (APT35-PHOSPHORUS)
2020-10-28 - FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals
2020-10-28 - Fake COVID-19 survey hides ransomware in Canadian university attack
2020-10-28 - Hacks for sale- inside the Buer Loader malware-as-a-service
2020-10-28 - Operation Earth Kitsune- A Dance of Two New Backdoors
2020-10-28 - The many personalities of Lazarus
2020-10-28 - Turla uses HyperStack, Carbon, and Kazuar to compromise government entity
2020-10-28 - UNC1878 indicators
2020-10-28 - Unhappy Hour Special- KEGTAP and SINGLEMALT With a Ransomware Chaser
2020-10-29 - A Bazar start- How one hospital thwarted a Ryuk ransomware outbreak
2020-10-29 - Building wave of ransomware attacks strike U.S. hospitals
2020-10-29 - DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread
2020-10-29 - Domain Parking- A Gateway to Attackers Spreading Emotet and Impersonating McAfee
2020-10-29 - Egregor- Sekhmet’s Cousin
2020-10-29 - FIN11- A Widespread Ransomware and Extortion Operation (Webinar)
2020-10-29 - Hacking group is targeting US hospitals with Ryuk ransomware
2020-10-29 - List of CobaltStrike C2's used by RYUK
2020-10-29 - Malware Analysis Report (AR20-303A)- PowerShell Script- ComRAT
2020-10-29 - Malware Analysis Report (AR20-303B)- ZEBROCY Backdoor
2020-10-29 - Maze ransomware is shutting down its cybercrime operation
2020-10-29 - Online Leader Invites You to This Webex Phish
2020-10-29 - REvil ransomware gang claims over $100 million profit in a year
2020-10-29 - Several hospitals targeted in new wave of ransomware attacks
2020-10-29 - Threat Assessment- Ryuk Ransomware and Trickbot Targeting U.S. Healthcare and Public Health Sector
2020-10-30 - Alert (AA20-304A)- Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data
2020-10-30 - Russian hackers targeted California, Indiana Democratic parties
2020-10-30 - The Ryuk Threat- Why BazarBackdoor Matters Most
2020-10-30 - UNC 1878 Indicators from Threatconnect
2020-10-30 - 攻击武器再升级:Donot组织利用伪造签名样本的攻击活动分析
2020-10-30 - 蓝色魔眼(APT-C-41)组织首次针对我国重要机构定向攻击活动披露
2020-10-31 - Ryuk and Splunk Detections
2020-11-01 - Observed Malware Campaigns – October 2020
2020-11-01 - Vjw0rm is Back With New Tactics
2020-11-02 - CSS-JS Steganography in Fake Flash Player Update Malware
2020-11-02 - Live off the Land- How About Bringing Your Own Island- An Overview of UNC1945
2020-11-02 - TinyPOS and ProLocker- An Odd Relationship
2020-11-03 - APT trends report Q3 2020
2020-11-03 - Adventures in Anti-Gravity- Deconstructing the Mac Variant of GravityRAT
2020-11-03 - Attackers Exploiting WebLogic Servers via CVE-2020-14882 to install Cobalt Strike
2020-11-03 - New RegretLocker ransomware targets Windows virtual machines
2020-11-03 - Versions of PsiXBot
2020-11-04 - A new APT uses DLL side-loads to “KilllSomeOne”
2020-11-04 - In Wild Critical Buffer Overflow Vulnerability in Solaris Can Allow Remote Takeover — CVE-2020-14871
2020-11-04 - Persistent Actor Targets Ledger Cryptocurrency Wallets
2020-11-04 - REvil ransomware gang 'acquires' KPOT malware
2020-11-04 - The Enigmatic Energetic Bear
2020-11-04 - United States Seizes 27 Additional Domain Names Used by Iran’s Islamic Revolutionary Guard Corps to Further a Global, Covert Influence Campaign
2020-11-05 - #ThreatThursday - Ryuk
2020-11-05 - ALFA TEaM Shell ~ v4.1-Tesla- A Feature Update Analysis
2020-11-05 - Agent Tesla- A Day in a Life of IR
2020-11-05 - Attack of the clones- Git clients remote code execution
2020-11-05 - Babax stealer rebrands to Osno, installs rootkit
2020-11-05 - Brazil's court system under massive RansomExx ransomware attack
2020-11-05 - Capcom hit by Ragnar Locker ransomware, 1TB allegedly stolen
2020-11-05 - Capcom quietly discloses cyberattack impacting email, file servers
2020-11-05 - Cerberus is Dead, Long Live Cerberus-
2020-11-05 - Gitpaste-12- a new worming botnet with reverse shell capability spreading via GitHub and Pastebin
2020-11-05 - Hunting Emotet with Brim and Zeek
2020-11-05 - INJ3CTOR3 Operation – Leveraging Asterisk Servers for Monetization
2020-11-05 - Japanese game dev Capcom hit by cyberattack, business impacted
2020-11-05 - Operation North Star- Behind The Scenes
2020-11-05 - Resourceful macOS Malware Hides in Named Fork
2020-11-05 - Ryuk Adversary Emulation Plan
2020-11-05 - Ryuk Speed Run, 2 Hours to Ransom
2020-11-06 - Anatomy of Attack- Inside BazarBackdoor to Ryuk Ransomware -one- Group via Cobalt Strike
2020-11-06 - Cobalt Strike 4.2 – Everything but the kitchen sink
2020-11-06 - Indicators of Compromise related to Cobaltstrike, PyXie Lite, Vatet and Defray777
2020-11-06 - Last, but Not Least- Defray777
2020-11-06 - Linking Vatet, PyXie and Defray777
2020-11-06 - Netwalker Ransomware
2020-11-06 - Next Up- “PyXie Lite”
2020-11-06 - Quick Post- Spooky New PowerShell Obfuscation in Emotet Maldocs
2020-11-06 - RansomEXX Trojan attacks Linux systems
2020-11-06 - Ransomware Alert- Pay2Key
2020-11-06 - When Threat Actors Fly Under the Radar- Vatet, PyXie and Defray777
2020-11-06 - 分析レポート:Emotetの裏で動くバンキングマルウェア「Zloader」に注意
2020-11-07 - Linux.Midrashim
2020-11-09 - A Closer Look at the Web Skimmer
2020-11-09 - An Old Joker’s New Tricks- Using Github To Hide Its Payload
2020-11-09 - Analysis of the latest targeted attacks by Lugansk against Ukraine
2020-11-09 - Fake Microsoft Teams updates lead to Cobalt Strike deployment
2020-11-09 - Ghimob- a Tétrade threat actor moves to infect mobile devices
2020-11-09 - Laptop maker Compal hit by ransomware, $17 million demanded
2020-11-09 - Phishing Campaign Threatens Job Security, Drops Bazar and Buer Malware
2020-11-09 - The Exploitation of CVE-2020-0688 in the UAE
2020-11-09 - WOW64!Hooks- WOW64 Subsystem Internals and Hooking Techniques
2020-11-09 - xHunt Campaign- Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control
2020-11-10 - Ransomware Group Turns to Facebook Ads
2020-11-10 - Threat Hunting for REvil Ransomware
2020-11-10 - Trickbot down but is it out
2020-11-11 - Extrapolating Adversary Intent Through Infrastructure
2020-11-11 - Targeted ransomware- it’s not just about encrypting your data! Part 1 - “Old and New Friends”
2020-11-11 - Wroba Android banking trojan targets Japan
2020-11-12 - An Investigative Analysis of the Silent Librarian IoCs
2020-11-12 - Biotech research firm Miltenyi Biotec hit by ransomware, data leaked
2020-11-12 - CRAT wants to plunder your endpoints
2020-11-12 - Cryptominers Exploiting WebLogic RCE CVE-2020-14882
2020-11-12 - Darkside Ransomware Gang Launches Affiliate Program
2020-11-12 - Diving into the Sun — SunCrypt- A new neighbour in the ransomware mafia
2020-11-12 - Egregor – Prolock- Fraternal Twins -
2020-11-12 - Hungry for data, ModPipe backdoor hits POS software used in hospitality sector
2020-11-12 - Hunting for Barium using Azure Sentinel
2020-11-12 - Living Off The Land on a Private Island- An Overview of UNC1945
2020-11-12 - Operation Gold Hunting- Targeting the Cutting-Edge Technology Industry
2020-11-12 - Splunking with Sysmon Part 4- Detecting Trickbot
2020-11-12 - The CostaRicto Campaign- Cyber-Espionage Outsourced
2020-11-12 - Threat Profile- JUPYTER INFOSTEALER
2020-11-13 - Biotech research firm Miltenyi Biotec hit by ransomware, data leaked
2020-11-13 - Cyberattacks targeting health care must stop
2020-11-13 - DarkSide ransomware is creating a secure data leak service in Iran
2020-11-13 - HelloKitty Ransomware
2020-11-13 - Here Comes TroubleGrabber- Stealing Credentials Through Discord
2020-11-13 - Quick update on the Linux.Ngioweb botnet, now it is going after IoT devices
2020-11-14 - Deep Dive Into Ryuk Ransomware
2020-11-14 - Retail giant Cencosud hit by Egregor Ransomware attack, stores impacted
2020-11-14 - The Week in Ransomware - November 13th 2020 - Extortion gone wild
2020-11-15 - From virus alert to PowerShell Encrypted Loader
2020-11-16 - ELF_PLEAD - Linux Malware Used by BlackTech
2020-11-16 - Lazarus supply‑chain attack in South Korea
2020-11-16 - Malicious Actors Target Comm Apps such as Zoom, Slack, Discord
2020-11-16 - Malsmoke operators abandon exploit kits in favor of social engineering scheme
2020-11-16 - Massive threat campaign strikes open-source repos, Sonatype spots new CursedGrabber malware
2020-11-16 - PoorWeb - Hitching a Ride on Hangul
2020-11-16 - Ransomware-as-a-service The pandemic within a pandemic
2020-11-16 - TA505- A Brief History Of Their Time
2020-11-17 - FIN7 recruiter Andrii Kolpakov pleads guilty to role in global hacking scheme
2020-11-17 - Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign
2020-11-17 - Nibiru ransomware variant decryptor
2020-11-17 - OceanLotus Continues With Its Cyber Espionage Operations
2020-11-17 - RegretLocker
2020-11-17 - TAG Bulletin- Q4 2020
2020-11-17 - Ukraine’s Top Cyber Cop on Defending Against Disinformation and Russian Hackers
2020-11-18 - Analyzing Network Infrastructure as Composite Objects
2020-11-18 - Android Mischief Dataset
2020-11-18 - Back from vacation- Analyzing Emotet’s activity in 2020
2020-11-18 - Business as usual- Criminal Activities in Times of a Global Pandemic
2020-11-18 - Hacking Farm to Table- Threat Hunters Uncover Rise in Attacks Against Agriculture
2020-11-18 - Malware Analysis Spotlight- AZORult Delivered by GuLoader
2020-11-18 - Panda’s New Arsenal- Part 2 Albaniiutas
2020-11-18 - REvil ransomware hits Managed.com hosting provider, 500K ransom
2020-11-18 - Ranzy Ransomware - Better Encryption Among New Features of ThunderX Derivative
2020-11-18 - Stopping BuerLoader With Minerva Lab's Hostile Environment Simulation module
2020-11-18 - Thanos Ransomware Evading Anti-ransomware Protection With RIPlace Tactic
2020-11-18 - Zooming into Darknet Threats Targeting Japanese Organizations
2020-11-19 - APT Exploits Microsoft Zerologon Bug- Targets Japanese Companies
2020-11-19 - Chinese Scam Shops Lure Black Friday Shoppers
2020-11-19 - Cybereason vs. MedusaLocker Ransomware
2020-11-19 - Hiding in the Noise
2020-11-19 - Mount Locker ransomware now targets your TurboTax tax returns
2020-11-19 - OK Google, Build Me a Phishing Campaign
2020-11-19 - PowerShell Dropper Delivering Formbook
2020-11-19 - Purgalicious VBA- Macro Obfuscation With VBA Purging
2020-11-19 - Rewterz Threat Alert – Common Raven – IOCs
2020-11-19 - Threat Actor Utilizes COVID-19 Uncertainty to Target Users
2020-11-20 - 360 File-less Attack Protection Intercepts the Banker Trojan BBtok Active in Mexico
2020-11-20 - Current Events to Widespread Campaigns- Pivoting from Samples to Identify Activity
2020-11-20 - Detecting Cobalt Strike Default Modules via Named Pipe Analysis
2020-11-20 - MooBot on the run using another 0 day targeting UNIX CCTV DVR
2020-11-20 - The Locking Egregor
2020-11-20 - The malware that usually installs ransomware and you need to remove right away
2020-11-20 - Weaponizing Open Source Software for Targeted Attacks
2020-11-21 - Deep Dive Into HERMES Ransomware
2020-11-21 - Multi-Vector Miner+Tsunami Botnet with SSH Lateral Movement
2020-11-22 - Analyzing an Emotet Dropper and Writing a Python Script to Statically Unpack Payload.
2020-11-22 - Election Cyber Threats in the Asia-Pacific Region
2020-11-23 - Alert Number I-112320-PSA- Spoofed FBI Internet Domains Pose Cyber and Disinformation Risks
2020-11-23 - Genetic Analysis of CryptoWall Ransomware
2020-11-23 - Heres what happens after a business gets hit with ransomware
2020-11-23 - PYSA-Mespinoza Ransomware
2020-11-23 - TA416 Goes to Ground and Returns with a Golang PlugX Malware Loader
2020-11-23 - TrickBot is Dead. Long Live TrickBot!
2020-11-23 - Zoom into Kinsing
2020-11-24 - Analysis of Kinsing Malware's Use of Rootkit
2020-11-24 - Stantinko’s Proxy After Your Apache Server
2020-11-25 - CSP, the Right Solution for the Web-Skimming Pandemic-
2020-11-25 - Egregor RaaS Continues the Chaos with Cobalt Strike and Rclone
2020-11-25 - Microsoft Teams- New Attack Form Almost Takes Down Global Financial Institution
2020-11-25 - Warzone RAT comes with UAC bypass technique
2020-11-26 - Actor behind Operation LagTime targets Russia
2020-11-26 - Bandook- Signed & Delivered
2020-11-26 - Cybereason vs. Egregor Ransomware
2020-11-26 - Hackers Love Expired Domains
2020-11-26 - Payment skimmer hides in social media buttons
2020-11-26 - Tracking Cryptocurrency Malware in The Homelab
2020-11-26 - Using similarity to expand context and map out threat campaigns
2020-11-27 - Adventures in Anti-Gravity (Part II) Deconstructing the Mac Variant of GravityRAT
2020-11-27 - Aggah Campaign’s Latest Tactics- Victimology, PowerPoint Dropper and Cryptocurrency Stealer
2020-11-27 - Analyzing Organizational Invasion Ransom Incidents Using Dtrack
2020-11-27 - Dissecting APT21 samples using a step-by-step approach
2020-11-27 - Having fun with a Ursnif VBS dropper
2020-11-27 - New MacOS Backdoor Connected to OceanLotus Surfaces
2020-11-27 - The ICO Fines Ticketmaster UK £1.25 Million for Security Failures- A Lesson to be Learned
2020-11-27 - Threat Actor- Unkown
2020-11-27 - 钱包黑洞:Lazarus 组织近期在加密货币方面的隐蔽攻击活动
2020-11-28 - Hunting Koadic Pt. 2 - JARM Fingerprinting
2020-11-30 - Do you want to bake a donut- Come on, let’s go update~ Go away, Maria.
2020-11-30 - German users targeted with Gootkit banker or REvil ransomware
2020-11-30 - Shadows From The Past Threaten Italian Enterprises
2020-11-30 - Threat actor (BISMUTH) leverages coin miner techniques to stay under the radar – here’s how to spot them
2020-11-30 - Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them
2020-12 - Solarwinds Breach Resource Center
2020-12-01 - Alert (AA20-336A)- Advanced Persistent Threat Actors Targeting U.S. Think Tanks
2020-12-01 - Blade Eagle Group - Targeted attack group activities circling the Middle East and West Asia's cyberspace revealed
2020-12-01 - Cobalt Strike PowerShell Execution
2020-12-01 - DarkIRC bot exploits recent Oracle WebLogic vulnerability
2020-12-01 - Dox, steal, reveal. Where does your personal data end up-
2020-12-01 - Hunting Beacons
2020-12-01 - IceRat evades antivirus by running PHP on Java VM
2020-12-01 - Running in Circles Uncovering the Clients of Cyberespionage Firm Circles
2020-12-01 - Steal then strike Access merchants are first clues to future ransomware attacks
2020-12-01 - The Impact of Modern Ransomware on Manufacturing Networks
2020-12-01 - There’s a RAT in my code- new npm malware with Bladabindi trojan spotted
2020-12-01 - Using Speakeasy Emulation Framework Programmatically to Unpack Malware
2020-12-01 - Xanthe - Docker aware miner
2020-12-01 - [Urgent Report] Targeted attack by -SigLoader- that exploits Microsoft's digital signature file confirmed
2020-12-01 - “Free” Symchanger Malware Tricks Users Into Installing Backdoor
2020-12-02 - APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique
2020-12-02 - Automated string de-gobfuscation
2020-12-02 - Deep Dive into an Obfuscation-as-a-Service for Android Malware
2020-12-02 - IcedID Stealer Man-in-the-browser Banking Trojan
2020-12-02 - Identifying Network Infrastructure Related to a World Health Organization Spoofing Campaign
2020-12-02 - Persistent parasite in EOL Magento 2 stores wakes at Black Friday
2020-12-02 - Threat Alert- Fileless Malware Executing in Containers
2020-12-02 - Turla Crutch- Keeping the “back door” open
2020-12-02 - ‘Shadow Academy’ Targets 20 Universities Worldwide
2020-12-03 - Another LILIN DVR 0-day being used to spread Mirai
2020-12-03 - DeathStalker Hits the Americas & Europe With New PowerPepper Malware
2020-12-03 - Easy Way In- 5 Ransomware Victims Had Their Pulse Secure VPN Credentials Leaked
2020-12-03 - How to Beat Nefilim Ransomware Attacks
2020-12-03 - IBM Uncovers Global Phishing Campaign Targeting the COVID-19 Vaccine Cold Chain
2020-12-03 - Kmart nationwide retailer suffers a ransomware attack
2020-12-03 - Ransomware gang says they stole 2 million credit cards from E-Land
2020-12-03 - TrickBot Now Offers ‘TrickBoot’- Persist, Brick, Profit
2020-12-03 - Vulnerability in Google Play Core Library Remains Unpatched in Google Play Applications
2020-12-03 - What did DeathStalker hide between two ferns-
2020-12-03 - [Mal Series #13] Darkside Ransom
2020-12-04 - Inside a .NET Stealer- AgentTesla
2020-12-04 - Largest global staffing agency Randstad hit by Egregor ransomware
2020-12-04 - Metro Vancouver's transit system hit by Egregor ransomware
2020-12-04 - Obfuscation Techniques in MARIJUANA Shell “Bypass”
2020-12-04 - Snakes & Ladders- the offensive use of Python on Windows
2020-12-04 - The chronicles of Emotet
2020-12-04 - Yellow Cockatoo- Search engine redirects, in-memory remote access trojan, and more
2020-12-05 - Ransomware hits helicopter maker Kopter
2020-12-07 - A Gafgyt variant that exploits Pulse Secure CVE-2020-8218
2020-12-07 - Advanced Persistent Infrastructure Tracking
2020-12-07 - Analysis of the suspected two-tailed scorpion APT organization using CIA-funded information about Hamas as bait
2020-12-07 - Blocking APT- Qi'anxin QOWL engine defeats BITTER's targeted attacks on domestic government and enterprises
2020-12-07 - Commodity .NET Packers use Embedded Images to Hide Payloads
2020-12-07 - Egregor Ransomware - An In-Depth Analysis
2020-12-07 - Foxconn electronics giant hit by ransomware, $34 million ransom
2020-12-07 - Massive malicious campaign by FakeSecurity JS-sniffer
2020-12-07 - Rana Android Malware Your past catches up, sooner or later...
2020-12-07 - The footprints of Raccoon- a story about operators of JS-sniffer FakeSecurity distributing Raccoon stealer
2020-12-08 - A Red Teamer Plays with JARM
2020-12-08 - Egregor ransomware- Maze’s heir apparent
2020-12-08 - FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community
2020-12-08 - Gift Card Scams Explode in Upcoming Holiday Shopping Season
2020-12-08 - Identifying Critical Infrastructure Targeting through Network Creation
2020-12-08 - Norway says Russian hacking group APT28 is behind August 2020 Parliament hack
2020-12-08 - The why, what, and how of threat research
2020-12-08 - Threat Assessment- Egregor Ransomware
2020-12-08 - Unauthorized Access of FireEye Red Team Tools
2020-12-08 - Understanding BEC Scams- Supplier Invoicing Fraud
2020-12-08 - “「2021 평화∙통일 이야기 공모전」 참가 신청서” 제목의 한글문서 유포 (APT 추정)
2020-12-09 - A Zebra in Gopher's Clothing- Russian APT Uses COVID-19 Lures to Deliver Zebrocy
2020-12-09 - APT Group Targeting Governmental Agencies in East Asia
2020-12-09 - EDR in block mode stops IcedID cold
2020-12-09 - Fireeye RED TEAM tool countermeasures
2020-12-09 - New Malware Arsenal Abusing Cloud Platforms in Middle East Espionage Campaign
2020-12-09 - Quarterly Report- Incident Response trends from Fall 2020
2020-12-09 - Recent Qakbot (Qbot) activity
2020-12-09 - SideWinder Leverages South Asian Territorial Issues for Spear Phishing and Mobile Device Attacks
2020-12-09 - njRAT Spreading Through Active Pastebin Command and Control Tunnel
2020-12-10 - APT model worker- A summary of the activities of the Eastern European hacker group using spear phishing emails to attack Ukraine
2020-12-10 - Alert (AA20-345A)- Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data
2020-12-10 - Attack Activities by Quasar Family
2020-12-10 - Cybereason vs. Ryuk Ransomware
2020-12-10 - Dark Caracal- You Missed a Spot
2020-12-10 - Dutch expel two Russian diplomats for suspected espionage
2020-12-10 - No pandas just people The current state of Chinas cybercrime underground
2020-12-10 - Operation StealthyTrident- corporate software under attack
2020-12-10 - PGMiner- New Cryptocurrency Mining Botnet Delivered via PostgreSQL
2020-12-10 - PLEASE_READ_ME- The Opportunistic Ransomware Devastating MySQL Servers
2020-12-10 - Ryuk Crypto-Ransomware
2020-12-10 - Tactics, Techniques and Procedures (TTPs) Utilized by FireEye’s Red Team Tools
2020-12-10 - Taking Action Against Hackers in Bangladesh and Vietnam
2020-12-10 - Terrorism or Information Operation-
2020-12-10 - Threat Brief- FireEye Red Team Tool Breach
2020-12-10 - Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers
2020-12-10 - マルウェア「IcedID」の検知傾向と感染に至るプロセスを徹底解説
2020-12-11 - Investigating the Gootkit Loader
2020-12-11 - MountLocker Ransomware-as-a-Service Offers Double Extortion Capabilities to Affiliates
2020-12-11 - Panda’s New Arsenal- Part 3 Smanager
2020-12-11 - The Tangled Genealogy of IoT Malware
2020-12-12 - ContiUnpacker- An automatic unpacker for Conti rasnomware
2020-12-13 - Customer Guidance on Recent Nation-State Cyber Attacks
2020-12-13 - Decrypting strings with a JEB script
2020-12-13 - Defender Control
2020-12-13 - From ThreatHunting to Campaign Tracking
2020-12-13 - Global Intrusion Campaign Leverages Software Supply Chain Compromise
2020-12-13 - Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
2020-12-13 - Important steps for customers to protect themselves from recent nation-state cyberattacks
2020-12-13 - Intel's Habana Labs hacked by Pay2Key ransomware, data stolen
2020-12-13 - SUNBURST Countermeasures
2020-12-13 - Suspected Russian hackers spied on U.S. Treasury emails - sources
2020-12-13 - Trojan-MSIL-Solorigate.B!dha
2020-12-14 - Dark Halo Leverages SolarWinds Compromise to Breach Organizations
2020-12-14 - Egregor Ransomware Launches String of High-Profile Attacks to End 2020
2020-12-14 - Everything but the kitchen sink- more attacks from the Gitpaste-12 worm
2020-12-14 - FireEye Sunburst KQL Detections
2020-12-14 - Incident response playbook for responding to SolarWinds Orion compromise
2020-12-14 - PyMICROPSIA- New Information-Stealing Trojan from AridViper
2020-12-14 - Responding to Solarigate
2020-12-14 - Security Advisory on SolarWinds Supply chain attack FAQ
2020-12-14 - Security Advisory on SolarWinds Supply chain attack
2020-12-14 - SolarWinds Orion and UNC2452 – Summary and Recommendations
2020-12-14 - Sophos-ReversingLabs (SOREL) 20 Million sample malware dataset
2020-12-14 - Sunburst- Supply Chain Attack Targets SolarWinds Users
2020-12-14 - Threat Advisory- SolarWinds supply chain attack
2020-12-14 - Threat Brief SolarStorm and SUNBURST Customer Coverage
2020-12-14 - Unraveling Network Infrastructure Linked to the SolarWinds Hack
2020-12-14 - Using Qiling Framework to Unpack TA505 packed samples
2020-12-14 - Using Splunk to Detect Sunburst Backdoor
2020-12-15 - A deep dive into an NSO zero-click iMessage exploit- Remote Code Execution
2020-12-15 - A quick note from Nick Carr on COSMICGALE and SUPERNOVA that those are unrelated to UC2452 intrusion campaign
2020-12-15 - Analyzing FireEye Maldocs
2020-12-15 - Conti Ransomware v2
2020-12-15 - Finding SUNBURST Backdoor with Zeek Logs & Corelight
2020-12-15 - Greetings from Lazarus Anatomy of a cyber espionage campaign
2020-12-15 - Infrastructure Research and Hunting- Boiling the Domain Ocean
2020-12-15 - Malware Analysis Spotlight – Hentai Oniichan Ransomware (Berserker Variant)
2020-12-15 - Operation Falling Eagle-the secret of the most influential supply chain attack in history
2020-12-15 - Overview of Recent Sunburst Targeted Attacks
2020-12-15 - QakBot reducing its on disk artifacts
2020-12-15 - Removing Coordinated Inauthentic Behavior from France and Russia
2020-12-15 - Reverse engineering KPOT v2.0 Stealer
2020-12-15 - Strategic Analysis- Agent Tesla Expands Targeting and Networking Capabilities
2020-12-15 - Sunburst Backdoor- A Deeper Look Into The SolarWinds' Supply Chain Malware (Broken link)
2020-12-15 - Tactics, Techniques, and Procedures (TTPs) Used in the SolarWinds Breach
2020-12-15 - Threat Hunt Deep Dives- SolarWinds Supply Chain Compromise (Solorigate - SUNBURST Backdoor)
2020-12-15 - Threat profile- Egregor ransomware is making a name for itself
2020-12-15 - Who is the Threat Actor Behind Operation Earth Kitsune-
2020-12-15 - solarwinds-threathunt
2020-12-16 - A script to decode SUNBURST DGA domain
2020-12-16 - Adversary Playbook- JavaScript RAT Looking for that Government Cheese
2020-12-16 - Exclusive-Suspected Chinese hackers stole camera footage from African Union - memo
2020-12-16 - FireEye, Microsoft create kill switch for SolarWinds backdoor
2020-12-16 - Hiding in Plain Sight- Remediating “Hidden” Malware with Real Time Response
2020-12-16 - List of domain infrastructure including DGA domain used by UNC2452
2020-12-16 - Lookout Discovers New Spyware Used by Sextortionists to Blackmail iOS and Android Users
2020-12-16 - Next Version of the Bazar Loader DGA
2020-12-16 - Ransomware operators use SystemBC RAT as off-the-shelf Tor backdoor
2020-12-16 - SUNBURST- SolarWinds Supply-Chain Attack
2020-12-16 - Snake-404 Keylogger, BIFF, and Covering Tracks-- An unusual maldoc
2020-12-16 - SolarWinds Post-Compromise Hunting with Azure Sentinel
2020-12-16 - SunBurst- the next level of stealth SolarWinds compromise exploited through sophistication and patience
2020-12-16 - Tracking and combatting an evolving danger- Ransomware extortion
2020-12-16 - 中招目标首次披露:SolarWinds供应链攻击相关域名生成算法可破解!
2020-12-16 - 旺刺组织(APT-C-47)使用ClickOnce技术的攻击活动披露
2020-12-17 - A moment of reckoning- the need for a strong and global cybersecurity response
2020-12-17 - Additional Analysis into the SUNBURST Backdoor
2020-12-17 - Alert (AA20-352A)- Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations
2020-12-17 - Credential Stealer Targets US, Canadian Bank Customers
2020-12-17 - DebUNCing Attribution How Mandiant Tracks Uncategorized Threat Actors
2020-12-17 - Hack Suggests New Scope, Sophistication for Cyberattacks
2020-12-17 - Increase In Attack- SocGholish
2020-12-17 - Microsoft confirms it was also breached in recent SolarWinds supply chain hack
2020-12-17 - Onboarding Threat Indicators into Splunk Enterprise Security- SolarWinds Continued
2020-12-17 - Operation SignSight- Supply‑chain attack against a certification authority in Southeast Asia
2020-12-17 - Pawn Storm’s Lack of Sophistication as a Strategy
2020-12-17 - Reassembling Victim Domain Fragments from SUNBURST DNS
2020-12-17 - Russia's Hack Wasn't Cyberwar. That Complicates US Strategy
2020-12-17 - Russian Hackers Have Been Inside Austin City Network for Months
2020-12-17 - SUPERNOVA SolarWinds .NET Webshell Analysis
2020-12-17 - SUPERNOVA- SolarStorm’s Novel .NET Webshell
2020-12-17 - Smokeloader is still alive and kickin’ – A new way to encrypt CC server URLs
2020-12-17 - SolarWinds Backdoor (Sunburst) Incident Response Playbook
2020-12-17 - Sunburst Backdoor, Part II- DGA & The List of Victims
2020-12-17 - The Dangers of Using Abandoned Plugins & Themes
2020-12-17 - The SolarWinds Orion SUNBURST supply-chain Attack
2020-12-17 - [RE017-1] Phân tích kỹ thuật dòng mã độc mới được sử dụng để tấn công chuỗi cung ứng nhắm vào Ban Cơ yếu Chính phủ Việt Nam của nhóm tin tặc Panda Trung Quốc (Phần 1)
2020-12-18 - A quirk in the SUNBURST DGA algorithm
2020-12-18 - Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers
2020-12-18 - Combining supervised and unsupervised machine learning for DGA detection
2020-12-18 - Continuous Eruption- Further Analysis of the SolarWinds Supply Chain Incident
2020-12-18 - Exclusive- Microsoft breached in suspected Russian hack using SolarWinds - sources
2020-12-18 - High Value Malicious Domains.
2020-12-18 - Negasteal Uses Hastebin for Fileless Delivery of Crysis Ransomware
2020-12-18 - Nordkorea in Verdacht- Cyberspionage gegen deutsche Rüstungskonzerne
2020-12-18 - Protecting Microsoft 365 from on-premises attacks
2020-12-18 - RAT used by Chinese cyberspies infiltrating Indian businesses
2020-12-18 - SUNBURST indicator detection in QRadar
2020-12-18 - Self-Delusion on the Russia Hack
2020-12-18 - SolarWinds SUNBURST Backdoor- Inside the APT Campaign
2020-12-18 - Sunburst- connecting the dots in the DNS requests
2020-12-18 - TA505s modified loader means new attack campaign could be coming
2020-12-18 - TeamTNT Now Deploying DDoS-Capable IRC Bot TNTbotinger
2020-12-18 - The Strategic Implications of SolarWinds
2020-12-18 - Tracking Sunburst-Related Activity with ThreatConnect Dashboards
2020-12-19 - Hackers last year conducted a 'dry run' of SolarWinds breach
2020-12-19 - [RE017-2] Phân tích kỹ thuật dòng mã độc mới được sử dụng để tấn công chuỗi cung ứng nhắm vào Ban Cơ yếu Chính phủ Việt Nam của nhóm tin tặc Panda Trung Quốc (Phần 2)
2020-12-19 - [RE018-1] Analyzing new malware of China Panda hacker group used to attack supply chain against Vietnam Government Certification Authority - Part 1
2020-12-20 - A Look into SUNBURST’s DGA
2020-12-20 - Analyzing Cobalt Strike for Fun and Profit
2020-12-20 - SolarWinds-SunBurst FNV-1a-XOR hashes found in analysis
2020-12-20 - The Great iPwn Journalists Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit
2020-12-20 - Tracking Jupyter Malware
2020-12-20 - Transcript- Kevin Mandia on -Face the Nation,- December 20, 2020
2020-12-21 - 2020- The year in malware
2020-12-21 - Active Directory 侵害と推奨対策
2020-12-21 - Advice for incident responders on recovery from systemic identity compromises
2020-12-21 - Cyber Mercenaries Don’t Deserve Immunity
2020-12-21 - How A Cybersecurity Firm Uncovered The Massive Computer Hack
2020-12-21 - How A Device to Cloud Architecture Defends Against the SolarWinds Supply Chain Compromise
2020-12-21 - How SunBurst malware does defense evasion
2020-12-21 - Investigating Crimeware Name Servers
2020-12-21 - Russian cyber attack campaigns and actors
2020-12-21 - SolarWinds Adviser Warned of Lax Security Years Before Hack
2020-12-21 - SolarWinds-SUNBURST- DGA or DNS Tunneling-
2020-12-21 - Solorigate Resource Center
2020-12-21 - Top Linux Cloud Threats of 2020
2020-12-21 - TrickBot- A Closer Look
2020-12-21 - Trucking giant Forward Air hit by new Hades ransomware gang
2020-12-21 - UNIT 68240 Meet Russia’s DARPA
2020-12-21 - Understanding -Solorigate-'s Identity IOCs - for Identity Vendors and their customers.
2020-12-21 - What We Have Learned So Far about the “Sunburst”-SolarWinds Hack
2020-12-22 - Azure AD workbook to help you assess Solorigate risk
2020-12-22 - Biden blasts Trump administration over SolarWinds attack response
2020-12-22 - Collaboration between FIN7 and the RYUK group, a Truesec Investigation
2020-12-22 - Identifying UNC2452-Related Techniques for ATT&CK
2020-12-22 - Leftover Lunch- Finding, Hunting and Eradicating Spicy Hot Pot, a Persistent Browser Hijacking Rootkit
2020-12-22 - SUNBURST, TEARDROP and the NetSec New Normal
2020-12-22 - SolarWinds Attacks- Stealthy Attackers Attempted To Evade Detection
2020-12-22 - The Hitchhiker’s Guide to SolarWinds Incident Response
2020-12-22 - [TrendMicro CTF 2020 Finals] Wildcard-2- Yara exfiltration
2020-12-22 - macOS 用戶當心!北韓駭客 Lazarus 將目標瞄準虛擬貨幣交易用戶
2020-12-23 - CrowdStrike Launches Free Tool to Identify and Help Mitigate Risks in Azure Active Directory
2020-12-23 - Detect RC4 in (malicious) binaries
2020-12-23 - Iranian Cyber Actors Responsible for Website Threatening U.S. Election Officials
2020-12-23 - Lazarus covets COVID-19-related intelligence
2020-12-23 - Mindmap on Russia-linked threat groups
2020-12-23 - New attacks by UltraRank group
2020-12-23 - SolarStorm Supply Chain Attack Timeline
2020-12-23 - SolarWinds - Understanding & Detecting the SUPERNOVA Webshell Trojan
2020-12-23 - 从Solarwinds供应链攻击(金链熊)看APT行动中的隐蔽作战
2020-12-24 - China cyber attacks- the current threat landscape
2020-12-24 - Dark Side Of BlackNET RAT
2020-12-24 - Malicious Word Document Delivering an Octopus Backdoor
2020-12-24 - SUNBURST Additional Technical Details
2020-12-25 - SUNBURST & Memory Analysis
2020-12-25 - [RE018-2] Analyzing new malware of China Panda hacker group used to attack supply chain against Vietnam Government Certification Authority - Part 2
2020-12-26 - Analyzing APT19 malware using a step-by-step method
2020-12-26 - SolarWinds Orion API authentication bypass allows remote comand execution (CVE-2020-10148)
2020-12-26 - Spoofing JARM signatures. I am the Cobalt Strike server now!
2020-12-27 - HorusEyesRat
2020-12-28 - -Civerids- organization vs. Middle East area attack activity analysis report
2020-12-28 - Avaddon Ransomware- Incident Response Analysis
2020-12-28 - Home appliance giant Whirlpool hit in Nefilim ransomware attack
2020-12-28 - Never upload ransomware samples to the Internet
2020-12-28 - Using Microsoft 365 Defender to protect against Solorigate
2020-12-29 - Early Bird Catches the Worm- New Golang Worm Drops XMRig Miner on Servers
2020-12-29 - Extracting Security Products from SUNBURST DNS Beacons
2020-12-29 - Golden SAML Revisited- The Solorigate Connection
2020-12-29 - Revenge RAT targeting users in South America
2020-12-30 - Emotet malware hits Lithuania's National Public Health Center
2020-12-31 - Microsoft Internal Solorigate Investigation Update
2020-12-31 - Simplify Emotet parsing with Python and iced x86
2020-12-31 - SolarWinds_SUNBURST- Behavioral analytics and Collective Defense in action
2020-12-31 - StrongPity APT Extends Global Reach with New Infrastructure
2021 - Breaking the Ice- Detecting IcedID and Cobalt Strike Beacon with Network Detection and Response (NDR)
Malware Analysis 2021
2021 - Breaking the Ice- Detecting IcedID and Cobalt Strike Beacon with Network Detection and Response (NDR)2021-01-01 - The Mac Malware of 2020 - a comprehensive analysis of the year's new malware
2021-01-02 - As Understanding of Russian Hacking Grows, So Does Alarm
2021-01-02 - How Russia’s ‘Info Warrior’ Hackers Let Kremlin Play Geopolitics on the Cheap
2021-01-03 - Babuk Ransomware
2021-01-04 - Building a Custom Malware Analysis Lab Environment
2021-01-04 - China's APT hackers move to ransomware attacks
2021-01-04 - DRIDEX Stopping Serial Killer- Catching the Next Strike
2021-01-04 - Darknet Threat Actors Are Not Playing Games with the Gaming Industry
2021-01-04 - Detecting Supernova Malware- SolarWinds Continued
2021-01-04 - Finding Targeted SUNBURST Victims with pDNS
2021-01-04 - Royal Road! Re-Dive
2021-01-04 - TransLink confirms ransomware data theft, still restoring systems
2021-01-05 - An Overview of the DoppelPaymer Ransomware
2021-01-05 - Attack from Mustang Panda- My rabbit is back!
2021-01-05 - Discharging ElectroRAT
2021-01-05 - Earth Wendigo Injects JavaScript Backdoor to Service Worker for Mailbox Exfiltration
2021-01-05 - Manual analysis of new PowerSplit maldocs delivering Emotet
2021-01-05 - Operation ElectroRAT- Attacker Creates Fake Companies to Drain Your Crypto Wallets
2021-01-05 - Red team's perspective on the TTPs in Sunburst's backdoor
2021-01-05 - [Threat Analysis] CLOP Ransomware that Attacked Korean Distribution Giant
2021-01-05 - ‘I Was Running Two Parallel Lives’- An Ex-Secret Service Agent Opens Up About Going Undercover To Catch Cybercriminals
2021-01-06 - A Deep Dive into Lokibot Infection Chain
2021-01-06 - A Trump Sex Video- No, It's a RAT!
2021-01-06 - All About Doki Malware
2021-01-06 - Department of Justice Statement on Solarwinds Update
2021-01-06 - Expanding Range and Improving Speed- A RansomExx Approach
2021-01-06 - Hackers start exploiting the new backdoor in Zyxel devices
2021-01-06 - Holiday Bazar- Tracking a TrickBot-Related Ransomware Incident
2021-01-06 - How to Slam a Door on the Cutwail Botnet- Enforce DMARC
2021-01-06 - ReconHellcat Uses NIST Theme as Lure To Deliver New BlackSoul Malware
2021-01-06 - Retrohunting APT37- North Korean APT used VBA self decode technique to inject RokRat
2021-01-06 - SolarWinds_Countermeasures
2021-01-06 - Supply Chain Compromise
2021-01-07 - Avoiding supply-chain attacks similar to SolarWinds Orion’s (SUNBURST)
2021-01-07 - Malware using new Ezuri memory loader
2021-01-07 - Meet Oski Stealer- An In-depth Analysis of the Popular Credential Stealer
2021-01-07 - SolarWinds- How a Rare DGA Helped Attacker Communications Fly Under the Radar
2021-01-07 - TA551- Email Attack Campaign Switches from Valak to IcedID
2021-01-08 - A Golden SAML Journey- SolarWinds Continued
2021-01-08 - Alert (AA21-008A)- Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments
2021-01-08 - Charming Kitten’s Christmas Gift
2021-01-08 - Leonardo S.p.A. Data Breach Analysis
2021-01-08 - Ransomware Delivered Using RDP Brute-Force Attack
2021-01-08 - The malware analyst’s guide to aPLib decompression
2021-01-09 - Command and Control Traffic Patterns
2021-01-09 - Malware Development- Leveraging Beacon Object Files for Remote Process Injection via Thread Hijacking
2021-01-09 - ezuri_unpack
2021-01-10 - MAN1, Moskal, Hancitor and a side of Ransomware
2021-01-11 - Darkside Ransomware Decryption Tool
2021-01-11 - Exclusive- FBI probes Russian-linked postcard sent to FireEye CEO after cybersecurity firm uncovered hack - sources
2021-01-11 - FADE DEAD - Adventures in Reversing Malicious Run-Only AppleScripts
2021-01-11 - New Findings From Our Investigation of SUNBURST
2021-01-11 - Operation Spalax- Targeted malware attacks in Colombia
2021-01-11 - Robust Indicators of Compromise for SUNBURST
2021-01-11 - SUNSPOT- An Implant in the Build Process
2021-01-11 - Sunburst backdoor – code overlaps with Kazuar
2021-01-11 - Trickbot Still Alive and Well
2021-01-11 - xHunt Campaign- New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement
2021-01-12 - Abusing cloud services to fly under the radar
2021-01-12 - Confucius APT deploys Warzone RAT
2021-01-12 - Cybereason vs. Conti Ransomware
2021-01-12 - Going Rogue- a Mastermind behind Android Malware Returns with a New RAT
2021-01-12 - Important Update from Mimecast
2021-01-12 - Multiple vulnerabilities found in FiberHome HG6245D routers
2021-01-12 - New Android spyware targets users in Pakistan
2021-01-12 - New Variant of Ursnif Continuously Targeting Italy
2021-01-12 - Opening “STEELCORGI”- A Sophisticated APT Swiss Army Knife
2021-01-12 - Slamming The Backdoor On BazarLoader
2021-01-12 - UNC2452- What We Know So Far
2021-01-13 - A Rare Look Inside a Cryptojacking Campaign and its Profit
2021-01-13 - Analysis Report (AR21-013A)- Strengthening Security Configurations to Defend Against Attackers Targeting Cloud Services
2021-01-13 - Github Repository- BlackNET 3.7.0.1
2021-01-13 - Gitlab RCE Stealth Shellbot
2021-01-13 - Hancitor activity resumes after a hoilday break
2021-01-13 - Passive Income of Cyber Criminals- Dissecting Bitcoin Multiplier Scam
2021-01-13 - Reviving MuddyC3 Used by MuddyWater (IRAN) APT
2021-01-13 - [RE019] From A to X analyzing some real cases which used recent Emotet samples
2021-01-13 - 年度最慘漏洞!深入探究 Oracle WebLogic CVE-2020-14882
2021-01-14 - Higaisa or Winnti- APT41 backdoors, old and new
2021-01-14 - Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender
2021-01-14 - New Analysis Puts Magecart Interconnectivity into Focus
2021-01-14 - Python Cryptominer Botnet Quickly Adopts Latest Vulnerabilities
2021-01-14 - Real-Time Phishing Kit Targets Brazilian Central Bank
2021-01-14 - The Devil’s in the Details- SUNBURST Attribution
2021-01-14 - You Can Run, But You Can’t Hide- Advanced Emotet Updates
2021-01-15 - Detecting Malicious C2 Activity -SpawnAs & SMB Lateral Movement in CobaltStrike
2021-01-15 - How we’re helping to reshape the software supply chain ecosystem securely
2021-01-15 - Joker’s Stash, the Largest Carding Marketplace, Shuts Down
2021-01-15 - Last Dash for Jokers Stash Carding forum may close in 30 days
2021-01-15 - Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks
2021-01-15 - Sign over Your Hashes – Stealing NetNTLM Hashes via Outlook Signatures
2021-01-15 - SolarWinds- Insights into Attacker Command and Control Process
2021-01-15 - Windows Finger command abused by phishing to download malware
2021-01-16 - Babuk Ransomware v3
2021-01-16 - Iran’s Cyber Campaign, and Coercive Recruitment Methods
2021-01-16 - Oski Stealer - A Credential Theft Malware
2021-01-17 - Backdooring MSBuild
2021-01-18 - All That for a Coinminer-
2021-01-18 - Botnet Deploys Cloud and Container Attack Techniques
2021-01-18 - Docx Files Template-Injection
2021-01-18 - Extracting Shellcode in ICEID .PNG Steganography
2021-01-18 - IObit forums hacked in widespread DeroHE ransomware attack
2021-01-18 - IObit forums hacked to spread ransomware to its members
2021-01-18 - Linux.Midrashim- Assembly x64 ELF virus
2021-01-18 - Raindrop- New Malware Discovered in SolarWinds Investigation
2021-01-18 - Trump’s Worst, Most Bizarre Statements About ‘the Cyber’
2021-01-19 - Dridex Malicious Document Analysis- Automating the Extraction of Payload URLs
2021-01-19 - FreakOut – Leveraging Newest Vulnerabilities for creating a Botnet
2021-01-19 - Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments
2021-01-19 - Mandiant Azure AD Investigator- Focusing on UNC2452 TTPs
2021-01-19 - Oh, So You Got IOCs- Being a Good CTI Consumer
2021-01-19 - Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
2021-01-19 - Tools used within the network invaded by attack group Lazarus
2021-01-19 - VPNFilter Two Years Later- Routers Still Compromised
2021-01-19 - Wireshark Tutorial- Examining Emotet Infection Traffic
2021-01-20 - Anchor and Lazarus together again-
2021-01-20 - Commonly Known Tools Used by Lazarus
2021-01-20 - Deep dive into the Solorigate second-stage activation- From SUNBURST to TEARDROP and Raindrop
2021-01-20 - Emulation of Kernel Mode Rootkits With Speakeasy
2021-01-20 - MoqHao Part 1- Identifying Phishing Infrastructure
2021-01-20 - XDR investigation uncovers PlugX, unique technique in APT attack
2021-01-21 - Disclosure of Manling Flower Organization (APT-C-08) using Warzone RAT attack
2021-01-21 - MrbMiner- Cryptojacking to bypass international sanctions
2021-01-21 - Necro在频繁升级,新版本开始使用PyInstaller和DGA
2021-01-21 - Powershell Dropping a REvil Ransomware
2021-01-21 - Silencing Microsoft Defender for Endpoint using firewall rules
2021-01-21 - Solarwinds Attack- Sunburst's DLL Technical Analysis
2021-01-21 - Vadokrist- A wolf in sheep’s clothing
2021-01-22 - Another File Extension to Block in your MTA- .jnlp
2021-01-22 - Change in Perspective on the Utility of SUNBURST-related Network Indicators
2021-01-22 - DreamBus Botnet - Technical Analysis
2021-01-22 - LDAP Channel Binding and Signing
2021-01-22 - Malware Analysis Report No2
2021-01-22 - SolarWinds- How Sunburst Sends Data Back to the Attackers
2021-01-23 - Deep Dive Into SectopRat
2021-01-23 - RIFT- Analysing a Lazarus Shellcode Execution Method
2021-01-23 - Yet Another Bazar Loader DGA
2021-01-24 - Another ransomware (Avaddon) now uses DDoS attacks to force victims to pay
2021-01-24 - Catching Debuggers with Section Hashing
2021-01-24 - Finding SUNBURST victims and targets by using passive DNS, OSINT
2021-01-24 - The only command you will ever need to understand and fix your Group Policies (GPO)
2021-01-24 - VisualDoor- SonicWall SSL-VPN Exploit
2021-01-25 - A detailed analysis of ELMER Backdoor used by APT16
2021-01-25 - Affiliates vs Hunters- Fighting the DarkSide
2021-01-25 - Fake Office 365 Used for Phishing Attacks on C-Suite Targets
2021-01-25 - Individuato sito che veicola in Italia un APK malevolo
2021-01-25 - New campaign targeting security researchers
2021-01-25 - On attribution- APT28, APT29…Turla- No, they are NOT the same
2021-01-25 - Twenty-three SUNBURST Targets Identified
2021-01-25 - Ungilded Secrets- A New Paradigm for Key Security
2021-01-26 - Cybereason vs. RansomEXX Ransomware
2021-01-26 - DPRK Malware Targeting Security Researchers
2021-01-26 - Examining a Sodinokibi Attack
2021-01-26 - GhostDNSbusters (Part 3) Illuminating GhostDNS Infrastructure
2021-01-26 - Important Security Update
2021-01-26 - Mimecast links security breach to SolarWinds hackers
2021-01-26 - Nefilim Ransomware Attack Uses “Ghost” Credentials
2021-01-26 - New Year, New Version of DanaBot
2021-01-26 - North Korea APT Might Have Used a Mobile 0day Too-
2021-01-26 - Ongoing Analysis of SolarWinds Impacts
2021-01-26 - Operation Dream Job by Lazarus
2021-01-26 - PANDORABOX - North Koreans target security researchers
2021-01-26 - Phishing Campaign Leverages WOFF Obfuscation and Telegram Channels for Communication
2021-01-26 - Ransomware- Analyzing the data from 2020
2021-01-26 - Shell Break-Lazarus (APT-C-26) organized targeted attacks against security researchers to reveal the secret
2021-01-26 - SunBurst industrial victims
2021-01-26 - Threat Attribution — Chimera -Under the Radar-
2021-01-26 - TrickBot’s Survival Instinct Prevails — What’s Different About the TrickBoot Version-
2021-01-26 - Undefeated, hackers use Visual Studio compiler features to target binary vulnerabilities security researcher
2021-01-26 - W4 Jan - EN - Story of the week- Ransomware on the Darkweb
2021-01-27 - Accellion cyber incident
2021-01-27 - Analysis of THREATNEEDLE C&C Communication (feat. Google TAG Warning to Researchers)
2021-01-27 - Arrest, Seizures Tied to Netwalker Ransomware
2021-01-27 - CrimsonIAS- Listening for an 3v1l User
2021-01-27 - Department of Justice Launches Global Action Against NetWalker Ransomware
2021-01-27 - Emotet takedown is not like the Trickbot takedown
2021-01-27 - How We Hacked Azure Functions and Escaped Docker
2021-01-27 - How to communicate between RAT infected devices (White paper)
2021-01-27 - International Action Targets Emotet Crimeware
2021-01-27 - Malware Analysis Report (AR21-027A)- MAR-10319053-1.v1 - Supernova
2021-01-27 - Oscorp, il “solito” malware per Android
2021-01-27 - Taking Down Emotet How Team Cymru Leveraged Visibility and Relationships to Coordinate Community Efforts
2021-01-27 - TeamTNT delivers malware with new detection evasion tool
2021-01-27 - World’s most dangerous malware EMOTET disrupted through global action
2021-01-28 - A Look at iMessage in iOS 14
2021-01-28 - BazarLoader’s Elaborate Flower Shop Lure
2021-01-28 - BlueCrab ransomware constantly trying to bypass detection
2021-01-28 - Deep into the SunBurst Attack
2021-01-28 - Emotet Botnet Disrupted in International Cyber Operation
2021-01-28 - Emotet Botnet Takedown
2021-01-28 - Emotet disruption - Europol counterattack
2021-01-28 - Emotet vs. Windows Attack Surface Reduction
2021-01-28 - In cyber espionage, U.S. is both hunted and hunter
2021-01-28 - Learn how to fix PE magic numbers with Malduck
2021-01-28 - Osno – A Stealer and a Miner in One
2021-01-28 - Pro-Ocean- Rocke Group’s New Cryptojacking Malware
2021-01-28 - Tailoring Cobalt Strike on Target
2021-01-28 - ZINC attacks against security researchers
2021-01-29 - Chopper ASPX web shell used in targeted attack
2021-01-29 - Cleaning up after Emotet- the law enforcement file
2021-01-29 - Cloudy with a Chance of Persistent Email Access
2021-01-30 - Analysis of Lazarus attacks against security researchers
2021-01-31 - $1 Million is Just the Beginning- Q4 2020 in Network Access Sales
2021-01-31 - Bazar, No Ryuk-
2021-02-01 - Analysis of the attack activity organized by Konni APT using the topic of North Korean epidemic materials as bait
2021-02-01 - BazarLoader Mocks Researchers in December 2020 Malspam Campaign
2021-02-01 - BlueCrab ransomware, CobaltStrike hacking tool installed in corporate environment
2021-02-01 - DDG- A Mining Botnet Aiming at Database Servers
2021-02-01 - DPRK Targeting Researchers II- .Sys Payload and Registry Hunting
2021-02-01 - Operation NightScout- Supply‑chain attack targets online gaming in Asia
2021-02-01 - Pivoting- finding malware domains without seeing malicious activity
2021-02-01 - Relay Attacks via Cobalt Strike Beacons
2021-02-01 - Trickbot masrv Module
2021-02-01 - Urgent Security Notice- SonicWall Confirms SMA 100 Series 10. X Zero-Day Vulnerability
2021-02-01 - What tracking an attacker email infrastructure tells us about persistent cybercriminal operations
2021-02-02 - Babyk Ransomware won't hit charities, unless they support LGBT, BLM
2021-02-02 - Credit card skimmer piggybacks on Magento 1 hacking spree
2021-02-02 - De ataque con Malware a incidente de Ransomware
2021-02-02 - Exclusive- Suspected Chinese hackers used SolarWinds bug to spy on U.S. payroll agency - sources
2021-02-02 - Finding and Decoding Multi-Step Obfuscated Malware
2021-02-02 - Hackers Lurked in SolarWinds Email System for at Least 9 Months, CEO Says
2021-02-02 - How Vietnam-based hacking operation OceanLotus targets journalists
2021-02-02 - Investigation Xoth - Smartphone Location Tracking
2021-02-02 - Kobalos – A complex Linux threat to high performance computing infrastructure
2021-02-02 - Whitespace Steganography Conceals Web Shell in PHP Malware
2021-02-02 - XLSB- Analyzing a Microsoft Excel Binary Spreadsheet
2021-02-03 - A Spyware Vendor Seemingly Made a Fake WhatsApp to Hack Targets
2021-02-03 - Backdoored Browser Extensions Hid Malicious Traffic in Analytics Requests
2021-02-03 - Dissecting a RAT. Analysis of DroidJack v4.4 RAT network traffic.
2021-02-03 - Dissemination of malicious code disguised as a document of'Amendment of Ministry of Defense's Business Report in 2021
2021-02-03 - Déjà vu-lnerability A Year in Review of 0-days Exploited In-The-Wild in 2020
2021-02-03 - Emotet Disruption- what it means for the cyber threat landscape
2021-02-03 - Excel spreadsheets push SystemBC malware
2021-02-03 - Findings From Our Ongoing Investigations
2021-02-03 - Hildegard- New TeamTNT Malware Targeting Kubernetes
2021-02-03 - MTR casebook- Uncovering a backdoor implant in a SolarWinds Orion server
2021-02-03 - Malvertising- Made in China
2021-02-03 - New cryptojacking malware called Pro-Ocean is now attacking Apache, Oracle and Redis servers
2021-02-03 - Ursnif Trojan has targeted over 100 Italian banks
2021-02-03 - Zeoticus 2.0 - Ransomware With No C2 Required
2021-02-04 - Abusing Google Chrome extension syncing for data exfiltration and C&C
2021-02-04 - Blockchain Analysis Shows Connections Between Four of 2020’s Biggest Ransomware Strains
2021-02-04 - Connecting the dots inside the Italian APT Landscape
2021-02-04 - Fonix Ransomware Decryptor
2021-02-05 - Behavior Clustering just got easier using new characteristics.
2021-02-05 - CinaRAT Resurfaces with New Evasive Tactics and Techniques
2021-02-05 - Cybersecurity Advisory for Public Water Suppliers
2021-02-05 - Exploits in the Wild for WordPress File Manager RCE Vulnerability (CVE-2020-25213)
2021-02-05 - Kobalos Malware Mapping Potentially Impacted Networks and IP Address Mapping
2021-02-05 - Microsoft warns of increasing OAuth Office 365 phishing attacks
2021-02-05 - New in Ransomware- Seth-Locker, Babuk Locker, Maoloa, TeslaCrypt, and CobraLocker
2021-02-05 - Voltron STA The curious case of 0xFancyFilter
2021-02-06 - Decrypting AzoRult traffic for fun and profit
2021-02-07 - Dridex Malware Analysis
2021-02-07 - New phishing attack uses Morse code to hide malicious URLs
2021-02-08 - A Hacker Tried to Poison a Florida City's Water Supply, Officials Say
2021-02-08 - After Lightning Comes Thunder
2021-02-08 - Auf Tätersuche- Herausforderungen bei der Analyse von Cyber-Angriffen
2021-02-08 - Blocking SolarMarker Backdoor
2021-02-08 - Domestic Kitten – An Inside Look at the Iranian Surveillance Operations
2021-02-08 - Long Live, Osiris; Banking Trojan Targets German IP Addresses
2021-02-08 - Malware Analysis Report (AR21-039A)- SUNBURST
2021-02-08 - Malware Analysis Report (AR21-039B)- MAR-10320115-1.v1 - TEARDROP
2021-02-08 - Recommendations Following the Oldsmar Water Treatment Facility Cyber Attack
2021-02-08 - Reverse engineering Emotet – Our approach to protect GRNET against the trojan
2021-02-08 - What Is the Point of These Nation-State Indictments-
2021-02-09 - BazarBackdoor’s Stealthy Infiltration Evades Multiple SEGs
2021-02-09 - Dependency Confusion- How I Hacked Into Apple, Microsoft and Dozens of Other Companies
2021-02-09 - Extracting the Cobalt Strike Config from a TEARDROP Loader
2021-02-09 - Ghidra script to decrypt strings in Amadey 1.09
2021-02-09 - Kasablanka Group's LodaRAT improves espionage capabilities on Android and Windows
2021-02-09 - Learn Pipe Fitting for all of your Offense Projects
2021-02-09 - Multiple Security Updates Affecting TCP-IP- CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086
2021-02-09 - Threat actors now target Docker via container escape features
2021-02-09 - Water, Water Everywhere – But Nary a Hacker to Blame
2021-02-09 - Windows Win32k Elevation of Privilege Vulnerability CVE-2021-1732 (exploited ITW)
2021-02-10 - Lampion trojan disseminated in Portugal using COVID-19 template
2021-02-10 - Lookout Discovers Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict
2021-02-10 - Probable Iranian Cyber Actors, Static Kitten, Conducting Cyberespionage Campaign Targeting UAE and Kuwait Government Agencies
2021-02-10 - Profiling a Currently Active High-Profile Cybercriminals Portfolio of Ransomware-Themed Extortion Email Addresses - Part Two
2021-02-10 - Punk Kitty Ransom - Analysing HelloKitty Ransomware Attacks
2021-02-10 - Rinfo Is Making A Comeback and Is Scanning and Mining in Full Speed
2021-02-10 - Windows kernel zero-day exploit (CVE-2021-1732) is used by BITTER APT in targeted attack
2021-02-11 - A Baza Valentine’s Day
2021-02-11 - Agent Tesla hidden in a historical anti-malware tool
2021-02-11 - BlackTech Updates Elf-Plead Backdoor
2021-02-11 - Cosmic Lynx Returns in 2021 with Updated Tricks
2021-02-11 - Press #1 to Play- A Look Into eCrime Menu-style Toolkits
2021-02-11 - Visibility, Monitoring, and Critical Infrastructure Security
2021-02-11 - Web shell attacks continue to rise
2021-02-12 - AgentTesla Dropped Through Automatic Click in Microsoft Help File
2021-02-12 - Malvertising campaign on PornHub and other top adult brands exposes users to tech support scams
2021-02-12 - New Bazar Trojan Variant is Being Spread in Recent Phishing Campaign – Part I
2021-02-12 - New Bazar Trojan Variant is Being Spread in Recent Phishing Campaign – Part II
2021-02-12 - The Many Roads Leading To Agent Tesla
2021-02-14 - Arm'd & Dangerous malicious code, now native on apple silicon
2021-02-14 - Hildegard- TeamTNT’s New Feature-Rich Malware Targeting Kubernetes
2021-02-15 - France Ties Russia's Sandworm to a Multiyear Hacking Spree
2021-02-15 - More LodaRAT infrastructure targeting Bangladesh uncovered
2021-02-15 - Ngrok Platform Abused by Hackers to Deliver a New Wave of Phishing Attacks
2021-02-15 - Ransomware Profile- Egregor
2021-02-16 - A Conti ransomware attack day-by-day
2021-02-16 - ApoMacroSploit- Apocalyptical FUD race
2021-02-16 - Conti ransomware- Evasive by nature
2021-02-16 - Cybereason vs. NetWalker Ransomware
2021-02-16 - Dark Net Markets Going Out of Business- Where are Users Headed to Next-
2021-02-16 - Hacker Claims to Have Stolen Files Belonging to Prominent Law Firm Jones Day
2021-02-16 - Hard lessons learned- Threat intel takeaways from the community response to Solarigate
2021-02-16 - Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware
2021-02-16 - Malvertiser “ScamClub” Bypasses Iframe Sandboxing With postMessage() Shenanigans [CVE-2021–1801]
2021-02-16 - Q4 2020 Threat Report- A Quarterly Analysis of Cybersecurity Trends, Tactics and Themes
2021-02-16 - TAG Bulletin- Q1 2021
2021-02-16 - What to expect when you’ve been hit with Conti ransomware
2021-02-17 - Alert (AA21-048A)- AppleJeus- Analysis of North Korea’s Cryptocurrency Malware
2021-02-17 - Detect and prevent the SolarWinds build-time code injection attack
2021-02-17 - Don’t Get Schooled- Understanding the Threats to the Academic Industry
2021-02-17 - ELF Malware Analysis 101- Part 3 - Advanced Analysis
2021-02-17 - Egregor operation takes huge hit after police raids
2021-02-17 - GuLoader Snowballs via MalSpam Campaigns
2021-02-17 - Malware Analysis Report (AR21-048A)- AppleJeus- Celas Trade Pro
2021-02-17 - Malware Analysis Report (AR21-048B)- AppleJeus- JMT Trading
2021-02-17 - Malware Analysis Report (AR21-048C)- AppleJeus- Union Crypto
2021-02-17 - Malware Analysis Report (AR21-048D)- AppleJeus- Kupay Wallet
2021-02-17 - Malware Analysis Report (AR21-048E)- AppleJeus- CoinGoTrade
2021-02-17 - Malware Analysis Report (AR21-048F)- AppleJeus- Dorusio
2021-02-17 - Malware Analysis Report (AR21-048G)- AppleJeus- Ants2Whale
2021-02-17 - Masslogger campaigns exfiltrates user credentials
2021-02-17 - Politie bestrijdt cybercrime via Nederlandse infrastructuur
2021-02-17 - SBU blocks activity of transnational hacking group
2021-02-17 - Targeting Process for the SolarWinds Backdoor
2021-02-17 - Threat Alert- TeamTNT Pwn Campaign Against Docker and K8s Environments
2021-02-17 - Three North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyberattacks and Financial Crimes Across the Globe
2021-02-17 - Understand Shellcode with CyberChef
2021-02-17 - Update on Investigaton on Solarwinds supply chain attack from the Deputy National Security Advisor
2021-02-17 - WatchDog- Exposing a Cryptojacking Campaign That’s Operated for Two Years
2021-02-17 - [RE020] ElephantRAT (Kunming version)- our latest discovered RAT of Panda and the similarities with recently Smanager RAT
2021-02-18 - Clipping Silver Sparrow’s wings- Outing macOS malware before it takes flight
2021-02-18 - Further Updates in LODEINFO Malware
2021-02-18 - Microsoft Internal Solorigate Investigation – Final Update
2021-02-18 - One thousand and one ways to copy your shellcode to memory (VBA Macros)
2021-02-18 - https---www.ptsecurity.com-ww-en-analytics-antisandbox-techniques-
2021-02-18 - nccTrojan used in targeted attack by TA428 group against defense and aviation organizations
2021-02-19 - Alleged Hydra Market Operators Identified
2021-02-19 - Behind the Scenes of the SunBurst Attack
2021-02-19 - Cyber Attribution Is More Art Than Science. This Researcher Has a Plan to Change That
2021-02-19 - GitHub – Home to AsyncRAT Backdoor
2021-02-19 - How to Understand Iranian Information Operations
2021-02-19 - IronNetInjector- Turla’s New Malware Loading Tool
2021-02-20 - Finding Forensic Goodness In Obscure Windows Event Logs
2021-02-20 - Malpedia Website for Malware Family Team TNT
2021-02-22 - Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion
2021-02-22 - Economic Growth, Digital Inclusion, & Specialized Crime- Financial Cyber Fraud in LATAM
2021-02-22 - Gh0stRat Anti-Debugging- Nested SEH (try - catch) to Decrypt and Load its Payload
2021-02-22 - MassLogger v3- a .NET stealer with serious obfuscation
2021-02-22 - The NCCC at the NSDC of Ukraine warns of a new mechanism of attacks on Ukrainian infrastructure
2021-02-22 - The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day
2021-02-23 - A Cyber Threat Intelligence Self-Study Plan- Part 1
2021-02-23 - An Analysis of the Nefilim Ransomware
2021-02-23 - DNS Hijacking Attacks on Home Routers in Brazil
2021-02-23 - Gamaredon - When nation states don’t pay all the bills
2021-02-23 - New Mysterious Operators Usurp Elite Russian Hacker Forum “Verified”
2021-02-23 - Return of the MINEBRIDGE RAT With New TTPs and Social Engineering Lures
2021-02-23 - Surge in ZLoader Attacks Observed
2021-02-24 - Alert (AA21-055A)- Exploitation of Accellion File Transfer Appliance
2021-02-24 - Malware Analysis Report (AR21-055A)- Accellion FTA
2021-02-24 - NASA and the FAA were also breached by the SolarWinds hackers
2021-02-24 - Overview of Ocean Lotus Samples used to target Vietnamese Human Rights Defenders
2021-02-25 - DarkWorld Ransomware
2021-02-25 - Emotet Disruption and Outreach to Affected Users
2021-02-25 - Lazarus targets defense industry with ThreatNeedle
2021-02-25 - Light in the Dark- Hunting for SUNBURST
2021-02-25 - Microsoft open sources CodeQL queries used to hunt for Solorigate activity
2021-02-25 - Preventing AgentTelsa Infiltration
2021-02-25 - So Unchill Melting UNC2198 ICEDID to Ransomware Operations
2021-02-25 - TA413 Leverages New FriarFox Browser Extension to Target the Gmail Accounts of Global Tibetan Organizations
2021-02-25 - The Continuous Conundrum of Cloud Atlas
2021-02-26 - Hypervisor Jackpotting - CARBON SPIDER and SPRITE SPIDER Target ESXi Servers with Ransomware
2021-02-26 - Hypervisor Jackpotting- CARBON SPIDER and SPRITE SPIDER Target ESXi Servers With Ransomware to Maximize Impact
2021-02-26 - New Advanced Android Malware Posing as “System Update”
2021-02-27 - Nice to meet you too My name is Ryuk
2021-02-28 - China-linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions
2021-02-28 - Deobfuscating Emotet Macro Document and Powershell Command
2021-02-28 - Finding Evil Go Packages
2021-02-28 - Laravel Apps Leaking Secrets
2021-03 - Ransomware negotiations- An inside look at the process
2021-03-01 - First Fully Weaponized Spectre Exploit Discovered Online
2021-03-01 - Newly Identified Dependency Confusion Packages Target Amazon, Zillow, and Slack; Go Beyond Just Bug Bounties
2021-03-01 - Povlsomware Ransomware Features Cobalt Strike Compatibility
2021-03-01 - “Gootloader” expands its payload delivery options
2021-03-02 - An Exhaustively-Analyzed IDB for FlawedGrace
2021-03-02 - HAFNIUM targeting Exchange Servers with 0-day exploits
2021-03-02 - Malware in images
2021-03-02 - Microsoft-365-Defender-Hunting-Queries for hunting Gootkit malware delivery and C2
2021-03-02 - Multiple Security Updates Released for Exchange Server – updated March 8, 2021
2021-03-02 - New nation-state cyberattacks (HAFNIUM)
2021-03-02 - ObliqueRAT returns with new campaign using hijacked websites
2021-03-02 - Operation Exchange Marauder- Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities
2021-03-02 - Ploutus is back, targeting Itautec ATMs in Latin America
2021-03-02 - Rapid7’s InsightIDR Enables Detection And Response to Microsoft Exchange Zero-Day
2021-03-02 - The Egregor Ransomware
2021-03-02 - When Viruses Mutate- Did SunCrypt Ransomware Evolve from QNAPCrypt-
2021-03-03 - 'Mild' update on Microsoft Exchange 0day security vulnerability being used to attack organizations in Vietnam
2021-03-03 - Alert (AA21-062A)- Mitigate Microsoft Exchange Server Vulnerabilities
2021-03-03 - Centreon to Exim and Back- On the Trail of Sandworm
2021-03-03 - Detecting HAFNIUM Exchange Server Zero-Day Activity in Splunk
2021-03-03 - Fbot is now riding the traffic and transportation smart devices
2021-03-03 - HAFNIUM
2021-03-03 - Lazarus Group’s MATA Framework Leveraged to Deploy TFlower Ransomware
2021-03-03 - Mass exploitation of on-prem Exchange servers -(
2021-03-03 - Mitigate Microsoft Exchange On-Premises Product Vulnerabilities
2021-03-03 - New targeted RTM attacks
2021-03-03 - Please leave an exploit after the beep
2021-03-03 - Rapid Response- Mass Exploitation of On-Prem Exchange Servers
2021-03-04 - Breaking- Elite Cybercrime Forum “Maza” Breached by Unknown Attacker
2021-03-04 - Deception Engineering- exploring the use of Windows Service Canaries against ransomware
2021-03-04 - Detection and Response for HAFNIUM Activity
2021-03-04 - Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities
2021-03-04 - Falcon Complete Stops Microsoft Exchange Server Zero-Day Exploits
2021-03-04 - Gafgtyt_tor and Necro are on the move again
2021-03-04 - GoldMax, GoldFinder, and Sibot- Analyzing NOBELIUM’s layered persistence
2021-03-04 - IcedID Banking Trojan Uses COVID-19 Pandemic to Lure New Victims
2021-03-04 - Malpedia Page for family Sidewinder
2021-03-04 - New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452
2021-03-04 - New in Ransomware- AlumniLocker, Humble Feature Different Extortion Techniques
2021-03-04 - The Compact Campaign
2021-03-05 - A look at an Android bot from unpacking to DGA
2021-03-05 - Advancements in Invoicing - A highly sophisticated way to distribute ZLoader
2021-03-05 - Chinese Hacking Spree Hit an ‘Astronomical’ Number of Victims
2021-03-05 - Detect webshells dropped on Microsoft Exchange servers after 0day compromises
2021-03-05 - Earth Vetala – MuddyWater Continues to Target Organizations in the Middle East
2021-03-05 - Exchange Server IIS dropping web shells and other artifacts
2021-03-05 - HAFNIUM- Advice about the new nation-state attack
2021-03-05 - Hafnium Exchange Vuln Detection - KQL
2021-03-05 - New steganography attack targets Azerbaijan
2021-03-05 - QNAP NAS users, make sure you check your system
2021-03-05 - Sarbloh- The Ransomware With NO Demand
2021-03-05 - ZeroLogon to Ransomware
2021-03-06 - Microsoft Exchange Zero Days - Mitigations and Detections
2021-03-06 - Russian and Chinese hackers gained access to EMA
2021-03-06 - Scan for HAFNIUM Exploitation Evidence with THOR Lite
2021-03-06 - Security scripts
2021-03-06 - oleObject1.bin – OLe10nATive – shellcode
2021-03-07 - Australian Mining Companies and Cybercriminals Digging for the Gold
2021-03-07 - PCAPs and Beacons
2021-03-07 - Russian Disinformation Campaign Aims to Undermine Confidence in Pfizer, Other Covid-19 Vaccines, U.S. Officials Say
2021-03-08 - Analyzing Attacks Against Microsoft Exchange Server With China Chopper Webshells
2021-03-08 - Attack Chain Overview- Emotet in December 2020 and January 2021
2021-03-08 - Bazar Drops the Anchor
2021-03-08 - FluBot Malware Gang Arrested in Barcelona
2021-03-08 - HelloKitty Ransomware Lacks Stealth, But Still Strikes Home
2021-03-08 - How Symantec Stops Microsoft Exchange Server Attacks
2021-03-08 - Investigating the Print Spooler EoP exploitation
2021-03-08 - Renewed SideWinder Activity in South Asia
2021-03-08 - SUPERNOVA Web Shell Deployment Linked to SPIRAL Threat Group
2021-03-08 - Sunshuttle Malware
2021-03-09 - Clast82 – A new Dropper on Google Play Dropping the AlienBot Banker and MRAT
2021-03-09 - Cloud Federated Credential Abuse & Cobalt Strike- Threat Research February 2021
2021-03-09 - Hafnium Update- Continued Microsoft Exchange Server Exploitation
2021-03-09 - Hafnium – Active Exploitation of Microsoft Exchange and Lateral Movement
2021-03-09 - Kinsing- The Malware with Two Faces
2021-03-09 - Microsoft Exchange Server Vulnerabilities Mitigations – updated March 9, 2021
2021-03-09 - Microsoft Exchange attacks cause panic as criminals go shell collecting
2021-03-09 - Microsoft Exchange server exploitation- how to detect, mitigate, and stay calm
2021-03-09 - MineBridge Is on the Rise, With a Sophisticated Delivery Mechanism
2021-03-09 - Remediation Steps for the Microsoft Exchange Server Vulnerabilities
2021-03-09 - Reproducing the Microsoft Exchange Proxylogon Exploit Chain
2021-03-09 - Threat Alert- z0Miner Is Spreading quickly by Exploiting ElasticSearch and Jenkins Vulnerabilities
2021-03-10 - Azure Sentinel and Sysmon 4 B!ue T3amer$
2021-03-10 - Examining Exchange Exploitation and its Lessons for Defenders
2021-03-10 - Exchange servers under siege from at least 10 APT groups
2021-03-10 - IoT Malware Journals- Prometei (Linux)
2021-03-10 - Monitoring the Software Supply Chain with Azure Sentinel
2021-03-10 - New Linux Backdoor RedXOR Likely Operated by Chinese Nation-State Actor
2021-03-10 - NimzaLoader- TA800’s New Initial Access Malware
2021-03-10 - Norway parliament data stolen in Microsoft Exchange attack
2021-03-10 - Remediating Networks Affected by the SolarWinds and Active Directory-M365 Compromise
2021-03-10 - Tactics, Techniques, and Procedures (TTPs) Used by HAFNIUM to Target Microsoft Exchange Servers
2021-03-10 - 日本を標的としたPseudoGateキャンペーンによるSpelevo Exploit Kitを用いた攻撃について
2021-03-11 - 2020 Vulnerability Intelligence Report
2021-03-11 - AutoHotKey Leveraged by Metamorfo-Mekotio Banking Trojan
2021-03-11 - CL0P and REvil Escalate Their Ransomware Tactics
2021-03-11 - Detection and Investigation Using Devo- HAFNIUM 0-day Exploits on Microsoft Exchange Service
2021-03-11 - Dridex Campaign Propelled by Cutwail Botnet and Poisonous PowerShell Scripts
2021-03-11 - Exploits on Organizations Worldwide Tripled after Microsoft’s Revelation of Four Zero-days
2021-03-11 - Formbook Reversing - Part1 [Formbook .NET loader-injector analyzing, decrypting, unpacking, patching]
2021-03-11 - Image File Trickery Part II- Fake Icon Delivers NanoCore
2021-03-11 - Microsoft Exchange Server Attack Timeline
2021-03-11 - Myanmar – Multi-stage malware attack targets elected lawmakers
2021-03-11 - Playing in the (Windows) Sandbox
2021-03-11 - Ransomware now attacks Microsoft Exchange servers with ProxyLogon exploits
2021-03-11 - Update - Detection and Response for HAFNIUM Activity
2021-03-11 - Whitelist Me, Maybe- “Netbounce” Threat Actor Tries A Bold Approach To Evade Detection
2021-03-11 - You Don't Know the HAFNIUM of it...
2021-03-12 - Detecting Microsoft Exchange Vulnerabilities - 0 + 8 Days Later…
2021-03-12 - DotNET Loaders
2021-03-12 - Good old malware for the new Apple Silicon platform
2021-03-12 - IcedID GZIPLOADER Analysis
2021-03-12 - Spear-Phishing Campaign Distributes Nim-Based Malware
2021-03-14 - How China’s Devastating Microsoft Hack Puts Us All at Risk
2021-03-15 - Conficker - One of the Most Prevalent & Complex Windows Worms
2021-03-15 - DearCry ransomware attacks exploit Exchange server vulnerabilities
2021-03-15 - FIN8- BADHATCH Threat Indicator Enrichmen
2021-03-15 - HAFNIUM, China Chopper and ASP.NET Runtime
2021-03-15 - Incorporating the Cyberspace Domain- How Russia and China Exploit Asymmetric Advantages in Great Power Competition
2021-03-15 - JavaScript sniffers' new tricks- Analysis of the E1RB JS sniffer family
2021-03-15 - New Mirai Variant Targeting New IoT Vulnerabilities, Including in Network Security Devices
2021-03-15 - One-Click Microsoft Exchange On-Premises Mitigation Tool – March 2021
2021-03-15 - Taurus Stealer's Evolution
2021-03-15 - The Iran-Russia Cyber Agreement and U.S. Strategy in the Middle East
2021-03-16 - Detecting Cobalt Strike with memory signatures
2021-03-16 - France’s lead cybercrime investigator on the Egregor arrests, cybercrime
2021-03-16 - Incident Report
2021-03-16 - The Brief Glory of Cabassous-FluBot — a private Android banking botnet
2021-03-16 - Threatening within Budget- How WSH-RAT is abused by Cyber-Crooks
2021-03-16 - Tracking HCrypt- An Active Crypter as a Service
2021-03-16 - ‘I scrounged through the trash heaps… now I’m a millionaire-’ An interview with REvil’s Unknown
2021-03-17 - Alert (AA21-076A)- TrickBot Malware
2021-03-17 - Automatic Gobfuscator Deobfuscation with EKANS Ransomware
2021-03-17 - China-linked TA428 Continues to Target Russia and Mongolia IT Companies
2021-03-17 - China’s Five-Year Plan- A Pursuit for GDP Growth & Technological Self-Sufficiency
2021-03-17 - Hidden menace- Peeling back the secrets of OnionCrypter
2021-03-17 - INDRIK SPIDER Supersedes WastedLocker with Hades Ransomware to Circumvent OFAC Sanctions
2021-03-17 - Missed opportunity- Bug in LockBit ransomware allowed free decryptions
2021-03-17 - Satori- Mirai Botnet Variant Targeting Vantage Velocity Field Unit RCE Vulnerability
2021-03-18 - Alert (AA21-077A)- Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool
2021-03-18 - Beware Android trojan posing as Clubhouse app
2021-03-18 - Buer Loader Found in an Unusual Email Attachment
2021-03-18 - CISA Hunt and Incident Response Program (CHIRP)
2021-03-18 - Cobalt Strike – Post-Exploitation Attackers Toolkit
2021-03-18 - Communiqué de presse- 400 systèmes informatique belges infiltrés dans le cadre d'une vulnérabilité des serveurs Microsoft Exchange
2021-03-18 - Convuster- macOS adware now in Rust
2021-03-18 - Cybereason Exposes Campaign Targeting US Taxpayers with NetWire and Remcos Malware
2021-03-18 - DGA and decoder scripts for n3cr0morph IRC malware
2021-03-18 - Eduskunnan tietojärjestelmiin kohdistuneen tietomurron tutkinnassa selvitetään yhteyttä APT31-toimijaan
2021-03-18 - Github repository for STOWAWAY
2021-03-18 - HelloKitty- When Cyberpunk met cy-purr-crime
2021-03-18 - Hunting for Lateral Movement using Event Query Language
2021-03-18 - Necro upgrades again, using Tor + dynamic domain DGA and aiming at both Windows & Linux
2021-03-18 - New macOS malware XcodeSpy Targets Xcode Developers with EggShell Backdoor
2021-03-18 - Now You See It, Now You Don’t- CopperStealer Performs Widespread Theft
2021-03-18 - Return of the Darkside- Analysis of a Large-Scale Data Theft Campaign
2021-03-18 - Server Side Data Exfiltration via Telegram API
2021-03-18 - Supo identified the cyber espionage operation against the parliament as APT31
2021-03-19 - REvil ransomware has a new ‘Windows Safe Mode’ encryption mode
2021-03-19 - TA551
2021-03-21 - In the eye of our CyberSOC- Campo Loader, analysis and detection perspectives
2021-03-22 - Lazarus Attack Activities Targeting Japan (VSingle-ValeforBeta)
2021-03-22 - MalSpam Campaigns Download njRAT from Paste Sites
2021-03-22 - New Spear Phishing Campaign using Army Welfare Education Society’s Scholarship form
2021-03-22 - 대북관련 본문 내용의 External 링크를 이용한 악성 워드 문서
2021-03-23 - Black Kingdom ransomware begins appearing on Exchange servers
2021-03-23 - Low-volume multi-stage attack leveraging AzureEdge and Shopify CDNs
2021-03-23 - ModPipe Malware has a new module that siphons Credit Card Data
2021-03-23 - RemRAT- Android spyware that has been lurking in the Middle East for many years
2021-03-23 - Zloader- Entailing Different Office Files
2021-03-24 - A .NET rat targets Mongolia
2021-03-24 - APT Encounters of the Third Kind
2021-03-24 - Anti-Analysis Techniques Used in Excel 4.0 Macros
2021-03-24 - Black Kingdom ransomware begins appearing on Exchange servers
2021-03-24 - Fake Websites Used in COVID-19 Themed Phishing Attacks, Impersonating Brands Like Pfizer and BioNTech
2021-03-24 - Golang Bot Starts Targeting WordPress Websites
2021-03-24 - OAuth Abuse- Think SolarWinds-Solorigate Campaign with Focus on Cloud Applications
2021-03-24 - Purple Fox Rootkit Now Propagates as a Worm
2021-03-24 - Quarterly Report- Incident Response trends from Winter 2020-21
2021-03-24 - Software renewal scammers unmasked
2021-03-24 - Taking Action Against Hackers in China
2021-03-25 - Analyzing attacks taking advantage of the Exchange Server vulnerabilities
2021-03-25 - CVE-2021-26855- Microsoft Exchange Server-Side Request Forgery
2021-03-25 - Evil Corp switches to Hades ransomware to evade sanctions
2021-03-25 - Insurance giant CNA hit by new Phoenix CryptoLocker ransomware
2021-03-25 - Perkiler malware turns to SMB brute force to spread
2021-03-25 - Web Shell Threat Hunting with Azure Sentinel
2021-03-26 - 20 Million Miners- Finding Malicious Cryptojacking Images in Docker Hub
2021-03-26 - Alleged Members of Egregor Ransomware Cartel Arrested
2021-03-26 - China’s “Winnti” Spyder Module
2021-03-26 - Google Shuts Down Western Active Counter-Terrorism Operation
2021-03-26 - Google’s top security teams unilaterally shut down a counterterrorism operation
2021-03-26 - Imperva Observes Hive of Activity Following Hafnium Microsoft Exchange Disclosures
2021-03-26 - It's getting hot in here! Unknown threat group using Hades ransomware to turn up the heat on their victims
2021-03-26 - Ransomware gang urges victims’ customers to demand a ransom payment
2021-03-26 - Russian group -Ghostwriters- apparently attacked parliamentarians
2021-03-26 - Securing our approach to domain fronting within Azure
2021-03-26 - Threat Assessment Matrix Ransomware
2021-03-27 - Malware Analysis with elastic-agent and Microsoft Sandbox
2021-03-27 - Terraloader- Congrats, you have a new fake job!
2021-03-28 - No, I Did Not Hack Your MS Exchange Server
2021-03-28 - SunCrypt, PowerShell obfuscation, shellcode and more yara
2021-03-29 - AP sources- SolarWinds hack got emails of top DHS officials
2021-03-29 - Android-Flubot- preparing for a new campaign-
2021-03-29 - Jumping into Shellcode
2021-03-29 - Malspam Campaign Delivers Burkina Trojan
2021-03-29 - New ICS Threat Activity Group- STIBNITE
2021-03-29 - RedEcho group parks domains after public exposure
2021-03-29 - Sodinokibi (aka REvil) Ransomware
2021-03-29 - The Unseen One- Hades Ransomware Gang or Hafnium
2021-03-29 - Zloader email campaign using MHTML to download and decrypt XLS
2021-03-30 - Ares Malware- The Grandson of the Kronos Banking Trojan
2021-03-30 - BadBlood- TA453 Targets US and Israeli Medical Research Personnel in Credential Phishing Campaigns
2021-03-30 - Campo Loader - Simple but effective
2021-03-31 - Attack of the -chaos troops- (Ghostwriter)
2021-03-31 - Back in a Bit- Attacker Use of the Windows Background Intelligent Transfer Service
2021-03-31 - Bahamut Possibly Responsible for Multi-Stage Infection Chain Campaign
2021-03-31 - Dissecting a RAT. Analysis of the AndroRAT
2021-03-31 - Financial Cyberthreats in 2020
2021-03-31 - IcedID Command and Control Infrastructure
2021-03-31 - Quick Analysis of a Modular InfoStealer
2021-03-31 - Sophos MTR in Real Time- What is Astro Locker Team-
2021-03-31 - Update on campaign targeting security researchers
2021-04-01 - Automating threat actor tracking- Understanding attacker behavior for intelligence and contextual alerting
2021-04-01 - Avaddon RaaS - Breaks Public Decryptor, Continues On Rampage
2021-04-01 - COVID-19 Phishing With a Side of Cobalt Strike
2021-04-01 - Code Reuse Across Packers and DLL Loaders
2021-04-01 - Cybereason vs. DarkSide Ransomware
2021-04-01 - Hancitor’s Use of Cobalt Strike and a Noisy Network Ping Tool
2021-04-01 - Wireshark Tutorial- Decrypting RDP Traffic
2021-04-02 - A “txt file” can steal all your secrets
2021-04-02 - Browser lockers- extortion disguised as a fine
2021-04-02 - The “Fair” Upgrade Variant of Phobos Ransomware
2021-04-03 - Hubnr Botnet
2021-04-04 - Technical report of AgentTesla
2021-04-05 - 2020 Phishing Trends With PDF Files
2021-04-05 - CruLoader Analysis
2021-04-05 - From PowerShell to Payload- An Analysis of Weaponized Malware
2021-04-05 - Hackers Spearphish Professionals on LinkedIn with Fake Job Offers, Infecting them with Malware, Warns eSentire
2021-04-05 - Kremlin RATs from Nigeria
2021-04-05 - The leap of a Cycldek-related threat actor
2021-04-05 - Thwarting Loaders- From SocGholish to BLISTER’s LockBit Payload
2021-04-05 - TrickBot Crews New CobaltStrike Loader
2021-04-06 - A deep dive into Saint Bot, a new downloader
2021-04-06 - Aurora campaign- Attacking Azerbaijan using multiple RATs
2021-04-06 - Dridex Loader Analysis
2021-04-06 - EtterSilent the undergrounds new favorite maldoc builder
2021-04-06 - Github Repository- RATel
2021-04-06 - Janeleiro, the time traveler- A new old banking trojan in Brazil
2021-04-06 - Malicious Cyber Activity Targeting Critical SAP Applications
2021-04-06 - Malspam with Lokibot vs. Outlook and RFCs
2021-04-06 - Rocke Group Actively Targeting the Cloud- Wants Your SSH Keys
2021-04-06 - Threat Group Uses Voice Changing Software in Espionage Attempt
2021-04-07 - IcedID - A New Threat In Office Attachments
2021-04-07 - IcedID campaign spotted being spiced with Excel 4 Macros
2021-04-07 - New Wormable Android Malware Spreads by Creating Auto-Replies to Messages in WhatsApp
2021-04-07 - Ransom Mafia - Analysis of the World's First Ransomware Cartel
2021-04-07 - Sowing Discord- Reaping the benefits of collaboration app abuse
2021-04-07 - Threat Intelligence- Analysis of the SBIDIOT IoT Malware
2021-04-07 - Wireshark Tutorial- Examining Traffic from Hancitor Infections
2021-04-07 - Yanbian Gang Malware Continues with Wide-Scale Distribution and C2
2021-04-08 - Attackers Conducting Cryptojacking Operation Against U.S. Education Organizations
2021-04-08 - Breaking the Ice- Detecting IcedID and Cobalt Strike Beacon with Network Detection and Response (NDR)
2021-04-08 - Iran’s APT34 Returns with an Updated Arsenal
2021-04-08 - Sysrv Botnet Expands and Gains Persistence
2021-04-09 - Detecting Exposed Cobalt Strike DNS Redirectors
2021-04-09 - Dissemination of Korean document (HWP) titled inquiries related to North Korea
2021-04-09 - Emotet Command and Control Case Study
2021-04-09 - IcedID Analysis
2021-04-09 - Investigating a unique “form” of email delivery for IcedID malware
2021-04-09 - Iron Tiger APT Updates Toolkit With Evolved SysUpdate Malware
2021-04-09 - Malicious code in APKPure app
2021-04-11 - IcedID on my neck Im the coolest
2021-04-12 - A Different Kind of Zoombomb
2021-04-12 - A Spike in BazarCall and IcedID Activity Detected in March
2021-04-12 - A chat with DarkSide
2021-04-12 - APT SideWinder's latest attack on a certain region in South Asia
2021-04-12 - Analysis Report (AR21-102B)- DearCry Ransomware
2021-04-12 - Deep Analysis- New FormBook Variant Delivered in Phishing Campaign – Part I
2021-04-12 - Deep water- exploring phishing kits
2021-04-12 - Nitro Ransomware - Proof of Concept
2021-04-12 - PaaS, or how hackers evade antivirus software
2021-04-12 - Unpacking RAGNARLOCKER via emulation
2021-04-13 - Alert Number I-041321-PSA- Rise In Use of Cryptocurrency In Business Email Compromise Schemes
2021-04-13 - Compromised Exchange server hosting cryptojacker targeting other Exchange servers
2021-04-13 - Detecting Clop Ransomware
2021-04-13 - From Cracks to Empty Wallets – How Popular Cracks Lead to Digital Currency and Data Theft
2021-04-13 - Hackers Flood the Web with 100,000 Malicious Pages, Promising Professionals Free Business Forms, But Delivering Malware, Reports eSentire
2021-04-13 - Justice Department announces court-authorized effort to disrupt exploitation of Microsoft Exchange Server vulnerabilities
2021-04-13 - Keeping an eye on CloudEyE (GuLoader) - Reverse engineering the loader
2021-04-13 - Malicious infrastructure as a service
2021-04-13 - Moobot updates its infrastructure and targets vulnerable Tenda routers
2021-04-13 - Sweden drops Russian hacking investigation due to legal complications
2021-04-13 - Threat Assessment- Clop Ransomware
2021-04-13 - Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild
2021-04-14 - A look at HydroJiin campaign
2021-04-14 - An Update- The COVID-19 Vaccine’s Global Cold Chain Continues to Be a Target
2021-04-14 - April 2021 Forensic Quiz- Answers and Analysis
2021-04-14 - From PoC to Exploit Kit- Purple Fox now exploits CVE-2021-26411
2021-04-14 - Lazarus BTC Changer Back in action with JS sniffers redesigned to steal crypto
2021-04-14 - Meet The Ransomware Gang Behind One of the Biggest Supply Chain Hacks Ever
2021-04-15 - A Letter on Blocking Property with Respect to Specified Harmful Foreign Activities of the Government of the Russian Federation
2021-04-15 - Actor Exploits Microsoft Exchange Server Vulnerabilities, Cortex XDR Blocks Harvesting of Credentials
2021-04-15 - BazarLoader deploys a pair of novel spam vectors
2021-04-15 - Declaration by the High Representative on behalf of the European Union expressing solidarity with the United States on the impact of the SolarWinds cyber operation
2021-04-15 - Executive Order on Blocking Property with Respect to Specified Harmful Foreign Activities of the Government of the Russian Federation
2021-04-15 - Exploit Kit still sharpens a sword
2021-04-15 - FACT SHEET- Imposing Costs for Harmful Foreign Activities by the Russian Government
2021-04-15 - HackBoss- A cryptocurrency-stealing malware distributed through Telegram
2021-04-15 - Holding Russia To Account
2021-04-15 - Issuance of Executive Order Blocking Property With Respect To Specified Harmful Foreign Activities Of The Government Of The Russian Federation and related Frequently Asked Questions; Russia-related Designations
2021-04-15 - Malware Analysis Report (AR21-105A)- SUNSHUTTLE
2021-04-15 - Mirai code re-use in Gafgyt
2021-04-15 - North Atlantic Council Statement following the announcement by the United States of actions with regard to Russia
2021-04-15 - Russia- UK and US expose global campaign of malign activity by Russian intelligence services
2021-04-15 - Russia- UK exposes Russian involvement in SolarWinds cyber compromise
2021-04-15 - Statement on Solar Winds Orion cyberattacks
2021-04-15 - Statement on SolarWinds Cyber Compromise
2021-04-15 - The $1 billion Russian cyber company that the US says hacks for Moscow
2021-04-15 - The rise of QakBot
2021-04-15 - Threat Actors Pair Tax-Themed Lures With COVID-19, Healthcare Themes
2021-04-15 - Treasury Escalates Sanctions Against the Russian Government’s Attempts to Influence U.S. Elections
2021-04-15 - Treasury Sanctions Russia with Sweeping New Sanctions Authority
2021-04-15 - Treasury Sanctions Russian Persons in the Crimea Region of Ukraine
2021-04-15 - U.S. Puts Fresh Sanctions on Russia Over Hacking, Election Interference
2021-04-16 - A 'Worst Nightmare' Cyberattack- The Untold Story Of The SolarWinds Hack
2021-04-16 - A Worst Nightmare Cyberattack - The Untold Story Of The SolarWinds Hack
2021-04-16 - Combating Sleeper Threats With MTTD
2021-04-16 - Could the Microsoft Exchange breach be stopped-
2021-04-16 - FIN7 'technical guru' sentenced to 10 years in prison
2021-04-16 - High-level organizer of notorious hacking group FIN7 sentenced to ten years in prison for scheme that compromised tens of millions of debit and credit cards
2021-04-16 - How the Kremlin provides a safe harbor for ransomware
2021-04-16 - Ransomware micro-criminals are still out here (and growing)
2021-04-16 - Russia’s Cyber Operations Groups
2021-04-16 - Sanctioned Firm Accused of Helping Russian Intelligence Was Part of Microsoft’s Early Vuln Access Program — MAPP
2021-04-16 - Sanctioned Russian IT firm was partner with Microsoft, IBM
2021-04-16 - Transparent Tribe APT Infrastructure Mapping Part 1- A High-Level Study of CrimsonRAT Infrastructure October 2020 – March 2021
2021-04-16 - Unearthing Hancitor Infrastructure
2021-04-16 - XCSSET Quickly Adapts to macOS 11 and M1-based Macs
2021-04-17 - Adversary Dossier- Ryuk Ransomware Anatomy of an Attack in 2021
2021-04-17 - SVR snaps back at Biden
2021-04-18 - 1. Hacking Hollywood
2021-04-18 - Discord Nitro gift codes now demanded as ransomware payments
2021-04-18 - Recover your files with StrongPity
2021-04-18 - US Cyber Operations Groups
2021-04-19 - A Deep Dive into Zebrocy’s Dropper Docs
2021-04-19 - Analysing a malware PCAP with IcedID and Cobalt Strike traffic
2021-04-19 - Great Power Cyber Party
2021-04-19 - How Chinas cybercrime underground is making money off big data
2021-04-19 - How to analyze mobile malware- a Cabassous-FluBot Case study
2021-04-19 - Hunting phishing websites with favicon hashes
2021-04-19 - Inside the CIA and NSA disagreement over Russian bounties story
2021-04-19 - Lazarus APT conceals malicious code within BMP image to drop its RAT
2021-04-19 - PRIMITIVE BEAR (Gamaredon) Targets Ukraine with Timely Themes
2021-04-19 - The Incredible Rise of North Korea’s Hacking Army
2021-04-19 - ZLoader Returns Through Spelevo Exploit Kit & Phishing Campaign
2021-04-20 - Alert (AA21-110A)- Exploitation of Pulse Connect Secure Vulnerabilities
2021-04-20 - Carbanak and FIN7 Attack Techniques
2021-04-20 - Check Your Pulse- Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day
2021-04-20 - Chinese Cyber Operations Groups
2021-04-20 - CobaltStrike Stager Utilizing Floating Point Math
2021-04-20 - Fake Microsoft Store, Spotify sites spread info-stealing malware
2021-04-20 - FireEye Mandiant PulseSecure Exploitation Countermeasures
2021-04-20 - HabitsRAT Used to Target Linux and Windows Servers
2021-04-20 - How attackers abuse Access Token Manipulation (ATT&CK T1134)
2021-04-20 - REvil gang tries to extort Apple, threatens to sell stolen blueprints
2021-04-20 - Transparent Tribe uses the new crown vaccine hotspot to analyze the targeted attacks on the Indian medical industry
2021-04-20 - Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise
2021-04-21 - A year of Fajan evolution and Bloomberg themed campaigns
2021-04-21 - Codecov hackers breached hundreds of restricted customer sites - sources
2021-04-21 - Donot Team APT Group Is Back To Using Old Malicious Patterns
2021-04-21 - Logins for 1.3 million Windows RDP servers collected from hacker market
2021-04-21 - Massive Qlocker ransomware attack uses 7zip to encrypt QNAP devices
2021-04-21 - Monitoring Pulse Connect Secure With Splunk (CISA Emergency Directive 21-03)
2021-04-21 - Nearly half of malware now use TLS to conceal communications
2021-04-21 - Taking Action Against Hackers in Palestine
2021-04-21 - ZLoader Dominates Email Payloads in Q1
2021-04-22 - A gentle introduction to building a threat intelligence team
2021-04-22 - AR21-112A- CISA Identifies SUPERNOVA Malware During Incident Response
2021-04-22 - An Undersea Royal Road- Exploring Malicious Documents and Associated Malware
2021-04-22 - Binary Data Hiding in VB6 Executables
2021-04-22 - Deep Analysis- FormBook New Variant Delivered in Phishing Campaign – Part II
2021-04-22 - Der Mann in Merkels Rechner - Jagd auf Putins Hacker
2021-04-22 - EMOTET- a State-Machine reversing exercise
2021-04-22 - Nightmare week for security vendors- Now a Trend Micro bug is being exploited in the wild
2021-04-22 - Prometei Botnet Exploiting Microsoft Exchange Vulnerabilities
2021-04-22 - Ransomware gang wants to short the stock price of their victims
2021-04-22 - SUPERNOVA Redux, with a Generous Portion of Masquerading
2021-04-22 - Sysrv-Hello Expands Infrastructure
2021-04-22 - Tor-Based Botnet Malware Targets Linux Systems, Abuses Cloud Management Tools
2021-04-22 - Turning Telegram toxic- ‘ToxicEye’ RAT is the latest to use Telegram for command & control
2021-04-23 - APT35 ‘Charming Kitten' discovered in a pre-infected environment
2021-04-23 - Analysis of the CardingMafia March 2021 data breach
2021-04-23 - Axis of REvil- What we know about the hacker collective taunting Apple
2021-04-23 - Russia's Disinformation Ecosystem - A Snapshot
2021-04-23 - Supply chain attack on the password manager Clickstudios - PASSWORDSTATE
2021-04-24 - A ransomware gang made $260,000 in 5 days using the 7zip utility
2021-04-24 - Anatomy of a simple and popular packer
2021-04-24 - HashiCorp is the latest victim of Codecov supply-chain attack
2021-04-24 - Initial analysis of PasswordState supply chain attack backdoor code
2021-04-24 - North Korea (DPRK) Cyber Operations Groups
2021-04-25 - 2. Disaster movie
2021-04-25 - Hacking campaign targets FileZen file-sharing network appliances
2021-04-25 - Ransomware and Data Leak Site Publication Time Analysis
2021-04-25 - Supply Chain Attacks via GitHub.com Releases
2021-04-25 - VPN Hacks Are a Slow-Motion Disaster
2021-04-26 - All Your Macs Are Belong To Us- bypassing macOS's file quarantine, gatekeeper, and notarization requirements
2021-04-26 - Anatomy of Cobalt Strike’s DLL Stager
2021-04-26 - Despite arrests in Spain, FluBot operations explode across Europe and Japan
2021-04-26 - Linux Servers Hijacked to Implant SSH Backdoor
2021-04-26 - New ICS Threat Activity Group- TALONITE
2021-04-26 - Ransomware Attack Vectors Shift as New Software Vulnerability Exploits Abound
2021-04-26 - Shlayer malware abusing Gatekeeper bypass on macOS
2021-04-26 - The cybercriminal underground hasnt forgotten about financial services
2021-04-27 - 'Cock.li' Admin Says He’s Not Surprised Russian Intelligence Uses His Site
2021-04-27 - APT trends report Q1 2021
2021-04-27 - Abusing Replication- Stealing AD FS Secrets Over the Network
2021-04-27 - FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon
2021-04-27 - How law enforcement can stay a step ahead of hackers
2021-04-27 - Ransomware Preparedness- A Call to Action
2021-04-27 - RedLine Stealer Masquerades as Telegram Installer
2021-04-27 - Winter Vivern- A Look At Re-Crafted Government MalDocs Targeting Multiple Languages
2021-04-28 - Cyberspies target military organizations with new Nebulae backdoor
2021-04-28 - EU Cyber Operations Groups
2021-04-28 - QBot Malware Spotted Using Windows Defender Antivirus Lure
2021-04-28 - RotaJakiro- A long live secret backdoor with 0 VT detection
2021-04-28 - Spotting malicious Excel4 macros
2021-04-28 - The Rage of Android Banking Trojans
2021-04-28 - The Sodinokibi Chronicles- A (R)Evil Cybercrime Gang Disrupts Organizations for Trade Secrets and Cash
2021-04-28 - UK rail network Merseyrail likely hit by Lockbit ransomware
2021-04-28 - Un sospetto attacco telematico blocca le filiali della Bcc di Roma
2021-04-28 - VB6 P-Code Obfuscation
2021-04-28 - Water Pamola Attacked Online Shops Via Malicious Orders
2021-04-29 - Chimera APT updates on its OwlProxy malware
2021-04-29 - Chinese Cyberspies Target Military Organizations in Asia With New Malware
2021-04-29 - DomainTools And Digital Archeology- A Look At RotaJakiro
2021-04-29 - Information Gathering as a Researcher- a use case
2021-04-29 - Investigating TA413 Threat Actor Group Using OpenCTI in Maltego
2021-04-29 - Leaping Down a Rabbit Hole of Fraud and Misdirection
2021-04-29 - New Shameless Commodity Cryptocurrency Stealer (WeSteal) and Commodity RAT (WeControl)
2021-04-29 - QNAP warns of AgeLocker ransomware attacks against NAS devices
2021-04-29 - Saving World Health Day- UNICC and Group-IB Take Down Scam Campaign Impersonating the World Health Organization
2021-04-29 - The Story of FakeChat
2021-04-29 - Threat Alert- New update from Sysrv-hello, now infecting victims‘ webpages to push malicious exe to end users
2021-04-29 - UNC2447 SOMBRAT and FIVEHANDS Ransomware- A Sophisticated Financial Threat
2021-04-29 - Udało nam się zrealizować wywiad z grupą ransomware (Babuk), która zaszyfrowała policję metropolitarną w Waszyngtonie
2021-04-29 - Whistler resort municipality hit by new ransomware operation
2021-04-30 - A Second Iranian State-Sponsored Ransomware Operation “Project Signal” Emerges
2021-04-30 - Cybercrime Featured DarkPath scam group loses 134 domains impersonating the WHO
2021-04-30 - Detecting network beacons via KQL using simple spread stats functions
2021-04-30 - How Cybercriminals Abuse OpenBullet for Credential Stuffing
2021-04-30 - Qbot- Analyzing PHP Proxy Scripts from Compromised Web Server
2021-04-30 - Transparent Tribe Operating with a New Variant of Crimson RAT
2021-05-01 - Guy's 30 Reverse Engineering Tips & Tricks
2021-05-01 - Muddywater- Binder Project
2021-05-02 - 3. Superdollars
2021-05-02 - DOJ hiring new liaison prosecutor to hunt cybercriminals in Eastern Europe
2021-05-02 - Mobile Malware App Anubis Strikes Again, Continues to Lure Users Disguised as a Fake Antivirus
2021-05-02 - Sodinokibi Ransomware Analysis
2021-05-02 - Trickbot Brief- Creds and Beacons
2021-05-03 - Apple fixes 2 iOS zero-day vulnerabilities actively used in attacks
2021-05-03 - BuerLoader Updates
2021-05-03 - Clop Ransomware Detection- Threat Research Release, April 2021
2021-05-03 - Exploitation of data breaches for executive protection
2021-05-03 - N3TW0RM ransomware emerges in wave of cyberattacks in Israel
2021-05-03 - New Variant of Buer Loader Written in Rust
2021-05-03 - Spearphishing Attack Uses COVID-21 Lure to Target Ukrainian Government
2021-05-03 - Tween on new RaaS Galaxy Ransomware
2021-05-04 - A taste of the latest release of QakBot
2021-05-04 - Alien Mobile Malware Evades Detection, Increases Targets
2021-05-04 - Cr4sh - MicroBackdoor - Small and convenient C2 tool for Windows targets
2021-05-04 - Detecting Lateral Movement via WinRM Using KQL
2021-05-04 - Grab your own copy of Phenakite iOS malware today
2021-05-04 - New Panda Stealer Targets Cryptocurrency Wallets
2021-05-04 - Pingback- Backdoor At The End Of The ICMP Tunnel
2021-05-04 - RM3 – Curiosities of the wildest banking malware
2021-05-04 - The UNC2529 Triple Double- A Trifecta Phishing Campaign
2021-05-04 - Transferring leverage in a ransomware attack
2021-05-05 - Are The Notorious Cyber Criminals Evil Corp actually Russian Spies-
2021-05-05 - Catching RATs Over Custom Protocols Analysis of top non-HTTP-S threats
2021-05-05 - China’s PLA Unit 61419 Purchasing Foreign Antivirus Products, Likely for Exploitation
2021-05-05 - Flubot vs. Zimperium
2021-05-05 - Intervention halts a ProxyLogon-enabled attack
2021-05-05 - Joker
2021-05-05 - Malware group leaks millions of stolen authentication cookies
2021-05-05 - Multi-Factor Authentication- Headache for Cyber Actors Inspires New Attack Techniques
2021-05-05 - Ousaban- Private photo collection hidden in a CABinet
2021-05-05 - Roaming Mantis Amplifies Smishing Campaign with OS-Specific Android Malware
2021-05-05 - Smishing campaign in NL spreading Cabassous and Anatsa
2021-05-05 - VB6 P-Code Disassembly
2021-05-06 - An APT with no name
2021-05-06 - Analysis Report- FiveHands Ransomware
2021-05-06 - Darkside Ransomware
2021-05-06 - GrelosGTM group abuses Google Tag Manager to attack e-commerce websites
2021-05-06 - How China turned a prize-winning iPhone hack against the Uyghurs
2021-05-06 - Iran Cyber Operations Groups
2021-05-06 - MAR-10324784-1.v1- FiveHands Ransomware
2021-05-06 - MTR in Real Time- Pirates pave way for Ryuk ransomware
2021-05-06 - Operation TunnelSnake
2021-05-06 - Proxylogon- A Coinminer, a Ransomware, and a Botnet Join the Party
2021-05-06 - Ransomware- Hunting for Inhibiting System Backup or Recovery
2021-05-06 - RotaJakiro, the Linux version of the OceanLotus
2021-05-06 - Threat Thursday- Dr. REvil Ransomware Strikes Again, Employs Double Extortion Tactics
2021-05-07 - An In-Depth analysis of the new Taurus Stealer
2021-05-07 - An Investigative Update of the Cyberattack
2021-05-07 - Connecting the Bots Hancitor fuels Cuba Ransomware Operations
2021-05-07 - Data leak marketplaces aim to take over the extortion economy
2021-05-07 - Four Individuals Plead Guilty to RICO Conspiracy Involving “Bulletproof Hosting” for Cybercriminals
2021-05-07 - Human operated ransomware
2021-05-07 - Lemon Duck spreads its wings- Actors target Microsoft Exchange servers, incorporate new TTPs
2021-05-07 - MuddyWater- Binder Project (Part 2)
2021-05-07 - New Lemon Duck variants exploiting Microsoft Exchange Server
2021-05-07 - Revealing the ‘Snip3’ Crypter, a Highly Evasive RAT Loader
2021-05-07 - Stats from Hunting Cobalt Strike Beacons
2021-05-08 - Cyber attack shuts down top U.S. fuel pipeline network
2021-05-08 - SolarWinds says fewer than 100 customers were impacted by supply chain attack
2021-05-08 - When Karma Comes Back- The rise and fall of illicit cardshop breached twice in two years
2021-05-10 - APT Threat Landscape of Taiwan in 2020
2021-05-10 - Analysis of U.S. Oil Products Pipeline Operators Suspended by Ransomware Attacks
2021-05-10 - City of Tulsa's online services disrupted in ransomware incident
2021-05-10 - Cobaltstrike-Beacons analyzed
2021-05-10 - Dissecting a RAT. Analysis of the HawkShaw.
2021-05-10 - Heres what we know about DarkSide ransomware
2021-05-10 - How one of the largest hacker networks in the world was paralyzed
2021-05-10 - IcedID Malware Technical Analysis Report
2021-05-10 - Intelligence Report on Ransomware Gangs on the DarkWeb- List of victim organizations attacked by ransomware gangs released on the DarkWeb
2021-05-10 - Meet DarkSide and Their Ransomware – SentinelOne Customers Protected
2021-05-10 - Overview of Campo, a new attack campaign targeting Japan
2021-05-10 - Prelude to Ransomware- SystemBC
2021-05-10 - Prometheus Ransomware Haron Ransomware
2021-05-10 - Rise of the Chief Intelligence Officer (CINO)
2021-05-10 - Russian spy unit suspected of directed-energy attacks on U.S. personnel
2021-05-10 - Shedding Light on the DarkSide Ransomware Attack
2021-05-11 - 15% of 2020 ransomware payments carried a sanctions violations risk
2021-05-11 - A Closer Look at the DarkSide Ransomware Gang
2021-05-11 - A defender’s view inside a DarkSide ransomware attack
2021-05-11 - Alert (AA21-131A) DarkSide Ransomware- Best Practices for Preventing Business Disruption from Ransomware Attacks
2021-05-11 - Analysis of a series of attacks by the suspected Lazarus organization using Daewoo Shipyard as relevant bait
2021-05-11 - Android overlay attacks on Belgian financial applications
2021-05-11 - Campo, a New Attack Campaign Targeting Japan
2021-05-11 - DarkSide Ransomware Links to REvil Group Difficult to Dismiss
2021-05-11 - Osiris banking trojan shuts down as new Ares variant emerges
2021-05-11 - Quick analysis note about DealPly (Adware)
2021-05-11 - Reasonable IR Team Expectations
2021-05-11 - Recommendations Following the Colonial Pipeline Cyber Attack
2021-05-11 - Response When Minutes Matter- Rising Up Against Ransomware
2021-05-11 - Shining a Light on DARKSIDE Ransomware Operations
2021-05-11 - The DarkSide of the Ransomware Pipeline
2021-05-11 - Threat Bulletin- Exploring the Differences and Similarities of Agent Tesla v2 & v3
2021-05-12 - Agents raid home of Kansas man seeking info on botnet that infected DOD network
2021-05-12 - Anatomy of a $2 Million Darkside Ransomware Breach
2021-05-12 - Conti Ransomware
2021-05-12 - DarkSide Ransomware Gang- An Overview
2021-05-12 - Encrypted Chat Apps Doubling as Illegal Marketplaces
2021-05-12 - Executive Order on Improving the Nation’s Cybersecurity
2021-05-12 - Incident response playbooks
2021-05-12 - Nefilim Ransomware
2021-05-12 - New Evidence Supports Assessment that DarkSide Likely Responsible for Colonial Pipeline Ransomware Attack; Others Targeted
2021-05-12 - Ransomware world in 2021- who, how and why
2021-05-12 - What We Know About Darkside Ransomware and the US Pipeline Attack
2021-05-12 - Writing a VB6 P-Code Debugger
2021-05-13 - 'Don't panic,' Biden tells Americans facing gasoline shortages from pipeline attack
2021-05-13 - APT attack for domestic companies using library files
2021-05-13 - Catching the White Stork in Flight
2021-05-13 - Chemical distributor pays $4.4 million to DarkSide ransomware
2021-05-13 - Colonial Pipeline Paid Hackers Nearly $5 Million in Ransom
2021-05-13 - Domain Blooms- Identifying Domain Name Themes Targeted By Threat Actors
2021-05-13 - Meet Lorenz — A new ransomware gang targeting the enterprise
2021-05-13 - Mind the (Air) Gap
2021-05-13 - Newly observed PHP-based skimmer shows ongoing Magecart Group 12 activity
2021-05-13 - Popular Russian hacking forum XSS bans all ransomware topics
2021-05-13 - Popular hacking forum bans ransomware ads
2021-05-13 - Ransomware Groups Use Tor-Based Backdoor for Persistent Access
2021-05-13 - Threat Actors Use MSBuild to Deliver RATs Filelessly
2021-05-13 - Threat Thursday- SombRAT — Always Leave Yourself a Backdoor
2021-05-13 - Transparent Tribe APT expands its Windows malware arsenal
2021-05-13 - Who is Mr. Zhao-
2021-05-14 - AHK RAT Loader Used in Unique Delivery Campaigns
2021-05-14 - Analysis Report (AR21-134A)- Eviction Guidance for Networks Affected by the SolarWinds and Active Directory-M365 Compromise
2021-05-14 - DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized
2021-05-14 - DarkSide Ransomware Operations - Preventions and Detections
2021-05-14 - DarkSide ransomware servers reportedly seized, REvil restricts targets
2021-05-14 - Darkside Ransomware Victims Sold Short
2021-05-14 - Darkside ransomware gang says it lost control of its servers & money a day after Biden threat
2021-05-14 - Elliptic Follows the Bitcoin Ransoms Paid by Colonial Pipeline and Other DarkSide Ransomware Victims
2021-05-14 - From Dawn to -Silent Night-- -DarkSide Ransomware- Initial Attack Vector Evolution
2021-05-14 - How Flubot targets Android phone users and their money
2021-05-14 - QNAP warns of eCh0raix ransomware attacks, Roon Server zero-day
2021-05-14 - Slides & Recordings for Mobile security trainings
2021-05-14 - The moral underground Ransomware operators retreat after Colonial Pipeline hack
2021-05-16 - HSE Conti 40521 UPDATE
2021-05-16 - Japan lashes out against alleged Chinese military cyberattacks
2021-05-17 - Analysis of NoCry- A variant of the Judge ransomware
2021-05-17 - Bizarro banking Trojan expands its attacks to Europe
2021-05-17 - Case Study- Incident Response is a relationship-driven business
2021-05-17 - DarkSide Ransomware- Splunk Threat Update and Detections
2021-05-17 - Discovery of Simps Botnet Leads To Ties to Keksec Group
2021-05-17 - Icedid Analysis
2021-05-17 - Investigating the Watering Hole Linked to the Oldsmar Water Treatment Facility Breach
2021-05-17 - Let’s set ice on fire- Hunting and detecting IcedID infections
2021-05-17 - Literature lover targeting Colombia with LimeRAT
2021-05-17 - Mustang Panda PlugX - 45.251.240.55 Pivot
2021-05-17 - Newly Discovered Function in DarkSide Ransomware Variant Targets Disk Partitions
2021-05-17 - Three major hacking forums ban ransomware ads as some ransomware gangs shut down
2021-05-17 - Tracking DarkSide and Ransomware- The Network View
2021-05-17 - VMProtect 2 - Detailed Analysis of the Virtual Machine Architecture
2021-05-17 - W3 May - EN - Story of the week- Code Signing Certificate on the Darkweb
2021-05-18 - A native packer for Android-MoqHao
2021-05-18 - An Encounter With TA551-Shathak
2021-05-18 - Analysis of MountLocker
2021-05-18 - DarkSide Ransomware Behavior and Techniques
2021-05-18 - DarkSide Ransomware has Netted Over $90 million in Bitcoin
2021-05-18 - DarkSide ransomware made $90 million in just nine months
2021-05-18 - Darkside gang estimated to have made over $90 million from ransomware attacks
2021-05-18 - Examining Russian-language Cybercriminal Marketplaces
2021-05-18 - ProblemChild- Detecting living-off-the-land attacks using the Elastic Stack
2021-05-18 - Strong ARMing with MacOS- Adventures in Cross-Platform Emulation
2021-05-18 - TeamTNT’s Extended Credential Harvester Targets Cloud Services, Other Software
2021-05-18 - The Active Adversary Playbook 2021
2021-05-19 - Aanhouding in onderzoek naar cybercrime
2021-05-19 - BazarCall- Call Centers Help Spread BazarLoader Malware
2021-05-19 - Binary Reuse of VB6 P-Code Functions
2021-05-19 - Colonial Pipeline CEO Tells Why He Paid Hackers a $4.4 Million Ransom
2021-05-19 - Colonial Pipeline Ransomware Attack- Revealing How DarkSide Works
2021-05-19 - Look how many cybercriminals love Cobalt Strike
2021-05-19 - May Android security updates patch 4 zero-days exploited in the wild
2021-05-19 - Python stealer distribution via excel maldoc
2021-05-19 - Qlocker ransomware shuts down after extorting hundreds of QNAP users
2021-05-19 - SolarWinds CEO apologizes for blaming an intern, says attack may have started in January 2019
2021-05-19 - Tracking BokBot Infrastructure Mapping a Vast and Currently Active BokBot Network
2021-05-20 - Caught in the Cloud - How a Monero Cryptominer Exploits Docker Containers
2021-05-20 - Microsoft 365 Defender Hunting Queries for hunting multiple threat actors' TTPs and malwares
2021-05-20 - Phorpiex morphs- How a longstanding botnet persists and thrives in the current threat environment
2021-05-20 - Ransomware-as-a-Service, Rogue Affiliates, and What’s Next
2021-05-20 - Response When Minutes Matter- When Good Tools Are Used for (R)Evil
2021-05-20 - The Full Story of the Stunning RSA Hack Can Finally Be Told
2021-05-21 - DarkSide affiliates claim gang's bitcoins in deposit on hacker forum
2021-05-21 - DarkSide’s Targeted Ransomware Analysis Report for Critical U.S. Infrastructure
2021-05-21 - FSB NKTsKI- Foreign ‘cyber mercenaries’ breached Russian federal agencies
2021-05-21 - Leveraging Microsoft Teams to persist and cover up Cobalt Strike traffic
2021-05-23 - MountLocker Ransomware
2021-05-24 - SCOTCH- A framework for rapidly assessing influence operations
2021-05-24 - The Colonial pipeline ransomware hackers had a secret weapon- self-promoting cybersecurity firms
2021-05-24 - Tracking StrongPity with Yara
2021-05-24 - Vidar Info-Stealer Abusing Game Platform
2021-05-24 - Zero-Day TCC bypass discovered in XCSSET malware
2021-05-24 - [RE022] Part 1- Quick analysis of malicious sample forging the official dispatch of the Central Inspection Committee
2021-05-25 - Cobalt Strikes Again- An Analysis of Obfuscated Malware
2021-05-25 - Crimes of Opportunity- Increasing Frequency of Low Sophistication Operational Technology Compromises
2021-05-25 - Evolution of JSWorm ransomware
2021-05-25 - Indicators Over Cocktails- Exporting Indicators from Iris (UNC1151)
2021-05-25 - TeamTNT Targets Kubernetes, Nearly 50,000 IPs Compromised in Worm-like Attack
2021-05-25 - W4 May - EN - Story of the week- Ransomware on the Darkweb
2021-05-26 - A Deep Dive into Packing Software CryptOne
2021-05-26 - Belgium uproots cyber-espionage campaign with suspected ties to China
2021-05-26 - Elizabethan England has nothing on modern-day Russia
2021-05-26 - Melting Ice – Tracking IcedID Servers with a few simple steps
2021-05-26 - New Version of Kido (Conficker) (Kaspersky Lab)
2021-05-26 - PSChain
2021-05-27 - Another Nobelium Cyberattack
2021-05-27 - Apostle Ransomware Analysis
2021-05-27 - Attacks Embedding XMRig on Compromised Servers
2021-05-27 - Financial spear-phishing campaigns pushing RATs
2021-05-27 - Mustang Panda PlugX - Reused Mutex and Folder Found in the Extracted Config
2021-05-27 - Re-Checking Your Pulse- Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices
2021-05-27 - Suspected APT29 Operation Launches Election Fraud Themed Phishing Campaigns
2021-05-27 - Trapping A Fat Quasar RAT
2021-05-27 - Uyghurs, a Turkic ethnic minority in China, targeted via fake foundations - Check Point Research
2021-05-28 - A new ransomware enters the fray- Epsilon Red
2021-05-28 - Alert (AA21-148A)- Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs
2021-05-28 - Breaking down NOBELIUM’s latest early-stage toolset
2021-05-28 - DarkSide on Linux- Virtual Machines Targeted
2021-05-28 - Deep Analysis of Vidar Stealer
2021-05-28 - Malware Analysis Report (AR21-148A)- Cobalt Strike Beacon
2021-05-28 - WooCommerce Credit Card Skimmer Hides in Plain Sight
2021-05-30 - Defend and deter
2021-05-31 - Babuk re-organizes as Payload Bin, offers its first leak
2021-05-31 - Hacker Lexicon- What Is a Supply Chain Attack-
2021-06-01 - A Contrarian View on SolarWinds
2021-06-01 - Backdoors, RATs, Loaders evasion techniques
2021-06-01 - Critical 0-day in Fancy Product Designer Under Active Attack
2021-06-01 - Critical WordPress plugin zero-day under active exploitation
2021-06-01 - Detecting Initial Access- HTML Smuggling and ISO Images — Part 1
2021-06-01 - Detecting Initial Access- HTML Smuggling and ISO Images — Part 2
2021-06-01 - Dissecting a RAT. Analysis of the Command-line AndroRAT.
2021-06-01 - Evadere Classifications
2021-06-01 - Ex-US ambassador, anti-corruption activists in Ukraine were targets of suspected Russian phishing
2021-06-01 - Hex-Rays, GetProcAddress, and Malware Analysis
2021-06-01 - Inside commercial malware sandboxes
2021-06-01 - Justice Department Announces Court-Authorized Seizure of Domain Names Used in Furtherance of Spear-Phishing Campaign Posing as U.S. Agency for International Development
2021-06-01 - Kimsuky APT continues to target South Korean government using AppleSeed backdoor
2021-06-01 - New sophisticated email-based attack from NOBELIUM
2021-06-01 - NobleBaron - New Poisoned Installers Could Be Used In Supply Chain Attacks
2021-06-01 - Rising warning- APT organizes Lazarus Group to launch an attack on China
2021-06-01 - Threat Actors Use Mockups of Popular Apps to Spread Teabot and Flubot Malware on Android
2021-06-02 - AMSI bypasses remain tricks of the malware trade
2021-06-02 - Analysis of Lazarus's recent targeted attacks against military industry and other industries
2021-06-02 - Call for crimes- Russian-language forum runs contest for cryptocurrency hacks
2021-06-02 - China-Linked Threat Group Targets Taiwan Critical Infrastructure, Smokescreen Ransomware
2021-06-02 - FUJIFILM shuts down network after suspected ransomware attack
2021-06-02 - Google PPC Ads Deliver Redline, Taurus, and mini-Redline Infostealers
2021-06-02 - Introducing The Most Profitable Ransomware REvil
2021-06-02 - Lemon-Duck Cryptominer Technical Analysis
2021-06-02 - RedDelta PlugX Undergoing Changes and Overlapping Again with Mustang Panda PlugX Infrastructure
2021-06-02 - SharpPanda- Chinese APT Group Targets Southeast Asian Government With Previously Unknown Backdoor
2021-06-02 - Two Carbanak hackers sentenced to eight years in prison in Kazakhstan
2021-06-02 - Under Attack- Protecting Against Conti, DarkSide, REvil and Other Ransomware
2021-06-03 - Chinese threat actors hacked NYC MTA using Pulse Secure zero-day
2021-06-03 - FontPack- A dangerous update Attribution secrets- Who is behind stealing credentials and bank card data by asking to install fake Flash Player, browser or font updates-
2021-06-03 - Necro Python bot adds new exploits and Tezos mining to its bag of tricks
2021-06-03 - OAuth’s Device Code Flow Abused in Phishing Attacks
2021-06-03 - W1 Jun - EN - Story of the week- Ransomware on the Darkweb
2021-06-03 - WebLogic RCE Leads to XMRig
2021-06-04 - Analysis of Ragnar Locker Ransomware (Acronis)
2021-06-04 - Colonial Pipeline Ransomware Hack Unleashes Flood of Related Phishing Attempts
2021-06-04 - EpsilonRed ransomware group hits one of India’s financial software powerhouses
2021-06-04 - FreakOut malware worms its way into vulnerable VMware servers
2021-06-04 - Glupteba back on track spreading via EternalBlue exploits
2021-06-04 - Latvian National Charged for Alleged Role in Transnational Cybercrime Organization
2021-06-04 - MercurialGrabber Github Repository
2021-06-04 - PHP Malware Used in Lucky Visitor Scam
2021-06-04 - Phishing Malware Hijacks Bitcoin Addresses and Delivers New Agent Tesla Variant
2021-06-04 - TeamTNT Actively Enumerating Cloud Environments to Infiltrate Organizations
2021-06-04 - The Ransomware Conundrum – A Look into DarkSide
2021-06-04 - The SBU blocked a mass cyberattack by Russian special services on the computer networks of the Ukrainian authorities
2021-06-04 - The Sysrv-hello Cryptojacking Botnet- Here’s What’s New
2021-06-04 - US arrests Latvian woman who worked on Trickbot malware source code
2021-06-05 - Geopolitical nation-state threat actor overview May 2021
2021-06-05 - Prometheus- An Emerging Ransomware Group Using Thanos Ransomware To Target Organizations
2021-06-06 - New Evil Corp ransomware mimics PayloadBin gang to evade US sanctions
2021-06-07 - Adventures in Contacting the Russian FSB
2021-06-07 - Avaddon Ransomware Analysis
2021-06-07 - Department of Justice Seizes $2.3 Million in Cryptocurrency Paid to the Ransomware Extortionists Darkside
2021-06-07 - Gootkit- the cautious Trojan
2021-06-07 - Inside the SystemBC Malware-As-A-Service
2021-06-07 - Malware family naming hell is our own fault
2021-06-07 - Ransomware Struck Another Pipeline Firm—and 70GB of Data Leaked
2021-06-07 - Siloscape- First Known Malware Targeting Windows Containers to Compromise Cloud Environments
2021-06-08 - Another Brick in the Wall- eCrime Groups Leverage SonicWall VPN Vulnerability
2021-06-08 - From QBot...with REvil Ransomware- Initial Attack Exposure of JBS
2021-06-08 - LOKIBOT - A commodity malware
2021-06-08 - Microsoft patches six Windows zero-days, including a commercial exploit
2021-06-08 - New large-scale campaign targets Kubeflow
2021-06-08 - PuzzleMaker attacks with Chrome zero-day exploit chain
2021-06-08 - TeamTNT Using WatchDog TTPs to Expand Its Cryptojacking Footprint
2021-06-08 - The blurry boundaries between nation-state actors and the cybercrime underground
2021-06-08 - ThunderCats Hack the FSB - Your Taxes Didn’t Pay For This Op
2021-06-08 - UAL Thank Us Later- Leveraging User Access Logging for Forensic Investigations
2021-06-09 - Gelsemium- When threat actors go gardening
2021-06-09 - Prometheus Ransomware Gang- A Group of REvil-
2021-06-09 - Russian hackers breached Dutch police systems in 2017
2021-06-10 - Are Virtual Machines the New Gold for Cyber Criminals-
2021-06-10 - BackdoorDiplomacy- Upgrading from Quarian to Turian
2021-06-10 - Big airline heist APT41 likely behind massive supply chain attack
2021-06-10 - Cloud Atlas Navigates Us Into New Waters
2021-06-10 - CrowdStrike Falcon Protects Customers from Recent COZY BEAR Sophisticated Phishing Campaign
2021-06-10 - Detecting Password Spraying Attacks- Threat Research Release May 2021
2021-06-10 - Hiding your syscalls
2021-06-10 - June 2021 Patch Tuesday- Six Actively Exploited Zero-Day Vulnerabilities and More Critical CVEs
2021-06-10 - LokiBot Technical Analysis Report
2021-06-10 - NetWire Technical Analysis Report
2021-06-10 - QakBot Technical Analysis Report
2021-06-10 - REvil- the usage of legitimate remote admin tooling
2021-06-10 - Ransom DDoS Extortion Actor “Fancy Lazarus” Returns
2021-06-10 - Schadsoftware Emotet- BKA befragt Schlüsselfigur
2021-06-10 - SmokeLoader Technical Analysis Report
2021-06-11 - Avaddon ransomware shuts down and releases decryption keys
2021-06-11 - Cybercrime Featured Avaddon ransomware operation shuts down and releases decryption keys
2021-06-11 - Relentless REvil, revealed- RaaS as variable as the criminals who use it
2021-06-13 - Blue Team Detection- DarkSide Ransomware
2021-06-14 - A Step-by-Step Analysis of a New Version of DarkSide Ransomware
2021-06-14 - Apple patches two iOS zero-days in old-gen devices
2021-06-14 - Behind the scenes of business email compromise- Using cross-domain threat data to disrupt a large BEC campaign
2021-06-14 - Digital artists targeted in RedLine infostealer campaign
2021-06-14 - G7 calls on Russia to crack down on ransomware gangs
2021-06-14 - Incremental Machine Learning by Example- Detecting Suspicious Activity with Zeek Data Streams, River, and JA3 Hashes
2021-06-14 - Introducing Script Watch- Detect Magecart style attacks, fast!
2021-06-14 - Malware hosting domain Cyberium fanning out Mirai variants
2021-06-14 - The Allegedly Ryuk Ransomware builder- #RyukJoke
2021-06-15 - A Defender's Perspective of SSL VPN Exploitation
2021-06-15 - Andariel evolves to target South Korea with ransomware
2021-06-15 - Hades Ransomware Operators Use Distinctive Tactics and Infrastructure
2021-06-15 - Handy guide to a new Fivehands ransomware variant
2021-06-15 - How to Protect Active Directory Against Ransomware Attacks
2021-06-15 - Infra-Tagging -a new tool in Cyber Threat Intelligence
2021-06-15 - Insights Into an Excel 4.0 Macro Attack using Qakbot Malware
2021-06-15 - Ransomware Gang Turns to Revenge Porn
2021-06-15 - Source code for Paradise ransomware leaked on hacking forums
2021-06-15 - TargetCompany Ransomware
2021-06-15 - Use YARA math Module Extension in THOR TechPreview and THOR Lite
2021-06-15 - What you need to know about Process Ghosting, a new executable image tampering attack
2021-06-16 - Cerberus Analysis - Android Banking Trojan
2021-06-16 - DirtyMoe- Introduction and General Overview of Modularized Malware
2021-06-16 - Emotet campaign analysis
2021-06-16 - Evilnum organizes recent attacks against European financial companies
2021-06-16 - Ferocious Kitten- 6 years of covert surveillance in Iran
2021-06-16 - Gootloader- ‘Initial Access as a Service’ Platform Expands Its Search for High Value Targets
2021-06-16 - Matanbuchus- Malware-as-a-Service with Demonic Intentions
2021-06-16 - Removing Coordinated Inauthentic Behavior From Ethiopia
2021-06-16 - Russian National Convicted of Charges Relating to Kelihos Botnet
2021-06-16 - Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
2021-06-16 - The First Step- Initial Access Leads to Ransomware
2021-06-16 - The Rise & Demise of Multi-Million Ransomware Business Empire
2021-06-16 - US convicts Russian national behind Kelihos botnet crypting service
2021-06-16 - Ukrainian Police Nab Six Tied to CLOP Ransomware
2021-06-16 - Ukrainian police arrest Clop ransomware members, seize server infrastructure
2021-06-17 - Analysis of Hancitor – When Boring Begets Beacon
2021-06-17 - Bash Ransomware DarkRadiation Targets Red Hat- and Debian-based Linux Distributions
2021-06-17 - Black Kingdom ransomware
2021-06-17 - Etterforskningen av datanettverksoperasjonen mot statsforvalterembeter henlegges
2021-06-17 - For the first time, PST says that China (APT31) is behind a computer attack
2021-06-17 - Hold the Door- Examining Exfiltration Activity and Applying Countermeasures
2021-06-17 - Klingon RAT Holding on for Dear Life
2021-06-17 - New TA402 Molerats Malware Targets Governments in the Middle East
2021-06-17 - Teabot - Android Banking Trojan Targets Banks in Europe
2021-06-17 - The investigation of the computer network operation (by APT31) against public administration offices is closed
2021-06-17 - Vigilante malware rats out software pirates while blocking ThePirateBay
2021-06-18 - 0xxx Ransomware
2021-06-18 - Conti Ransomware Gang- An Overview
2021-06-18 - Poland blames Russia for breach, theft of Polish officials' emails
2021-06-18 - Ransomware Actors Evolved Their Operations in 2020
2021-06-18 - Ryuk Botnet, Simps Botnet, Gods of Destny Botnet
2021-06-18 - SecurityScorecard Finds USAID Hack Much Larger Than Initially Thought
2021-06-18 - Statement by the Vice-President of the Council of Ministers, Chairman of the Committee for National Security and Defense Affairs, Jarosław Kaczyński (about UNC1151)
2021-06-19 - Alert (AA21-200A)- Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department
2021-06-19 - Android FluBot enters Switzerland
2021-06-20 - Dangerous Phishing Campaign for Harvesting Credentials using an HTML Attachment
2021-06-20 - From Word to Lateral Movement in 1 Hour
2021-06-20 - Mars-Deimos- From Jupiter to Mars and Back again (Part Two)
2021-06-20 - The Sorcery of Malware Reverse Engineering
2021-06-20 - Unpacking UPX Manually
2021-06-21 - An Encounter With Ransomware-as-a-Service- MEGAsync Analysis
2021-06-21 - DJVU Malware of STOP Ransomware Family Back with New Variant
2021-06-21 - DarkRadiation - Abusing Bash For Linux and Docker Container Ransomware
2021-06-21 - Darkside RaaS in Linux version
2021-06-21 - Dissecting a RAT. Analysis of the Saefko RAT.
2021-06-21 - Lolifox – kto za nim stał i co się z nim stało-
2021-06-21 - Ready for (nearly) anything- Five things to prepare for a cyber security incident
2021-06-21 - Sload Targeting Europe Again
2021-06-21 - Sonatype Catches New PyPI Cryptomining Malware
2021-06-21 - Threat Hunting SSH Keys – Bash Script Feature Pivoting
2021-06-21 - VMProtect 2 - Part Two, Complete Static Analysis
2021-06-22 - Android Application Disguised as Dating App Targets Indian Military Personnel
2021-06-22 - Attackers in Executive Clothing - BEC continues to separate orgs from their money
2021-06-22 - Attacks against media in the Philippines continue
2021-06-22 - Chasing DarkSide Affiliates- Identifying Threat Actors Connected to Darkside Ransomware Using Maltego & Intel 471
2021-06-22 - Crypto-mining on a DNS server
2021-06-22 - Darkside RaaS in Linux version
2021-06-22 - How to Dissect Unusual Protocols for Troubleshooting OT Security
2021-06-22 - LV Ransomware
2021-06-22 - NukeSped Copies Fileless Code From Bundlore, Leaves It Unused
2021-06-22 - Polish intelligence agencies link cyberattack to Russia (UNC1151)
2021-06-22 - Preventing Exploitation of the ZIP File Format
2021-06-22 - Response When Minutes Matter- Falcon Complete Disrupts WIZARD SPIDER eCrime Operators
2021-06-22 - Suspected Pakistani Actor Compromises Indian Power Company with New ReverseRat
2021-06-23 - Cybercriminals shop around for schemes targeting retail
2021-06-23 - Deep analysis of REvil Ransomware
2021-06-23 - Java Plug-Ins Delivering Zloader
2021-06-23 - Kimsuky APT organization's targeted attacks on South Korean defense and security related departments
2021-06-23 - PYSA Loves ChaChi- a New GoLang RAT
2021-06-23 - Ransomware- Growing Number of Attackers Using Virtual Machines
2021-06-23 - Ursnif Leverages Cerberus to Automate Fraudulent Bank Transfers in Italy
2021-06-24 - Binance Helps Take Down Cybercriminal Ring Laundering $500M in Ransomware Attacks
2021-06-24 - Crackonosh- A New Malware Distributed in Cracked Software
2021-06-24 - Demystifying the full attack chain of MineBridge RAT
2021-06-24 - Evasive Maneuvers - Massive IcedID Campaign Aims For Stealth with Benign Macros
2021-06-24 - High-Level Member of Hacking Group Sentenced to Prison for Scheme that Compromised Tens of Millions of Debit and Credit Cards
2021-06-24 - JSSLoader- Recoded and Reloaded
2021-06-24 - Lu0bot – An unknown NodeJS malware using UDP
2021-06-24 - Malicious spam campaigns delivering banking Trojans
2021-06-24 - The Ghosts of Mirai
2021-06-24 - Threat Thursday- Agent Tesla Infostealer
2021-06-24 - Yet Another Archive Format Smuggling Malware
2021-06-25 - Investigating and Mitigating Malicious Drivers
2021-06-25 - Lorenz ransomware- analysis and a free decryptor
2021-06-25 - Microsoft signed a malicious Netfilter rootkit
2021-06-25 - New Nobelium activity
2021-06-26 - MODeflattener - Miasm's OLLVM Deflattener
2021-06-27 - Spear Phishing Campaign with New Techniques Aimed at Aviation Companies
2021-06-28 - Analysis of the new P2P botnet PBot
2021-06-28 - Hackers Tricked Microsoft Into Certifying Malware That Could Spy on Users
2021-06-28 - Hancitor Continues to Push Cobalt Strike
2021-06-28 - Lil' skimmer, the Magecart impersonator - Malwarebytes Labs
2021-06-28 - Nefilim Ransomware Attack Through a MITRE Att&ck Lens
2021-06-28 - New Ransomware Variant Uses Golang Packer
2021-06-28 - Snake Keylogger’s Many Skins- Analysing Code Reuse Among Infostealers
2021-06-29 - Cobalt Strike- Favorite Tool from APT to Crimeware
2021-06-29 - Combating E-Commerce Scams and Account Takeover Attacks
2021-06-29 - Danmarks National Bank hacked as part of 'the world's most sophisticated hacker attack' (NOBELIUM)
2021-06-29 - HADES ransomware operators continue attacks
2021-06-29 - Not Laughing- Malicious Office Documents using LoLBins
2021-06-29 - The -WayBack” Campaign- a Large Scale Operation Hiding in Plain Sight
2021-06-30 - Automation in Reverse Engineering- String Decryption
2021-06-30 - Leaked Babuk Locker ransomware builder used in new attacks
2021-06-30 - MTR in Real Time- Hand-to-hand combat with REvil ransomware chasing a $2.5 million pay day
2021-06-30 - REvil Twins Deep Dive into Prolific RaaS Affiliates' TTPs
2021-06-30 - Ransomware-&-CVE- Industry Insights Into Exclusive High-Value Target Adversarial Datasets
2021-06-30 - SMB Worm “Indexsinas” Uses Lateral Movement to Infect Whole Networks
2021-06-30 - Shelob Moonlight – Spinning a Larger Web From IcedID to CONTI, a Trojan and Ransomware collaboration
2021-06-30 - What to expect when you’ve been hit with REvil ransomware
2021-07-01 - Android trojans steal Facebook users’ logins and passwords
2021-07-01 - Babuk ransomware is back, uses new version on corporate networks
2021-07-01 - Backdoored Client from Mongolian CA MonPass
2021-07-01 - Diavol - A New Ransomware Used By Wizard Spider-
2021-07-01 - IndigoZebra APT continues to attack Central Asia with evolving tools
2021-07-01 - Linux Variant of REvil Ransomware Targets VMware’s ESXi, NAS Devices
2021-07-01 - Malware Masquerades as Privacy Tool
2021-07-01 - Mirai_ptea Botnet is Exploiting Undisclosed KGUARD DVR Vulnerability
2021-07-01 - Mongolian certificate authority hacked eight times, compromised with malware
2021-07-01 - PurpleFox Using WPAD to Target Indonesian Users
2021-07-01 - REvil’s new Linux version
2021-07-01 - Suspected HADES organization launched an attack on Ukraine with military themes
2021-07-01 - The Most Prolific Ransomware Families- A Defenders Guide
2021-07-01 - TrickBot and Zeus
2021-07-01 - WARZONE RAT – Beware Of The Trojan Malware Stealing Data Triggering From Various Office Documents
2021-07-02 - Crticial Ransomware Incident in Progress
2021-07-02 - Dissemination of malicious word documents for 'Korean Political Science and Diplomacy' and 'Biography of Policy Advisor' (kimsuky)
2021-07-02 - Geopolitical nation-state threat actor overview June 2021
2021-07-02 - New Ransomware “Diavol” Being Dropped by Trickbot
2021-07-02 - REvil configuration dump used in Kaseya attack
2021-07-02 - REvil ransomware hits 1,000+ companies in MSP supply-chain attack
2021-07-02 - Ransomware attack
2021-07-02 - Skip the Middleman- Dridex Document to Cobalt Strike
2021-07-02 - The Brothers Grim - The reversing tale of GrimAgent malware used by Ryuk
2021-07-02 - Transparent Tribe APT Infrastructure Mapping Part 2- A Deeper Dive into the Identification of CrimsonRAT Infrastructure
2021-07-02 - TrickBot- New attacks see the botnet deploy new banking module, new ransomware
2021-07-03 - Kaseya Ransomware Supply Chain Attack- What You Need To Know
2021-07-03 - Kaseya VSA Detection Tool
2021-07-03 - Threat Brief Kaseya VSA Ransomware Attack
2021-07-03 - US chemical distributor shares info on DarkSide ransomware data theft
2021-07-03 - Uncensored Interview with REvil - Sodinokibi Ransomware Operators
2021-07-03 - Updates Regarding VSA Security Incident
2021-07-03 - [RE023] Quick analysis and removal tool of a series of new malware variant of Panda group that has recently targeted to Vietnam VGCA
2021-07-04 - Babuk Ransomware- The Builder
2021-07-04 - CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack
2021-07-04 - Independence Day- REvil uses supply chain exploit to attack hundreds of businesses
2021-07-04 - Kaseya supply chain attack targeting MSPs to deliver REvil ransomware
2021-07-05 - Analysis of -Bitter Elephant- organization's attack activities against my country in the first half of the year
2021-07-05 - Kaseya supply chain attack delivers mass ransomware
2021-07-05 - Kaseya, Sera. What REvil Shall Encrypt, Shall Encrypt
2021-07-05 - Quick review of Babuk ransomware builder
2021-07-05 - REvil Linux Configuration Extractor
2021-07-05 - REvil ransomware attack against MSPs and its clients around the world
2021-07-05 - Real-Time Prevention of the Kaseya VSA Supply Chain REvil Ransomware Attack
2021-07-05 - Tracking Cobalt Strike- A Trend Micro Vision One Investigation
2021-07-06 - AvosLocker Ransomware
2021-07-06 - Cybereason vs. REvil Ransomware- The Kaseya Chronicles
2021-07-06 - How the Kaseya VSA Zero Day Exploit Worked
2021-07-06 - Is Diavol Ransomware Connected to Wizard Spider-
2021-07-06 - Kaseya Supply Chain Ransomware Attack - Technical Analysis of the REvil Payload
2021-07-06 - Lazarus campaign TTPs and evolution
2021-07-06 - Mars-Deimos- SolarMarker-Jupyter Infostealer (Part 1)
2021-07-06 - Moroccan hacker Dr HeX arrested for phishing attacks, malware distribution
2021-07-06 - New TA402-MOLERATS Malware – Decrypting .NET Reactor Strings
2021-07-06 - Operation Lyrebird- Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide
2021-07-06 - REvil Ransomware Threat Research Update and Detections
2021-07-06 - TA505 adds GoLang crypter for delivering miners and ServHelper
2021-07-06 - The Evolution of PINCHY SPIDER from GandCrab to REvil
2021-07-06 - Understanding REvil- The Ransomware Gang Behind the Kaseya Attack
2021-07-06 - Understanding Russia’s Cyber Strategy
2021-07-07 - BIOPASS RAT- New Malware Sniffs Victims via Live Streaming
2021-07-07 - Bandidos at large- A spying campaign in Latin America
2021-07-07 - Crackonosh - The Hidden Crypto Mining Malware
2021-07-07 - Deep analysis of KPOT Stealer
2021-07-07 - Diving Deeper Into the Kaseya VSA Attack- REvil Returns and Other Hackers Are Riding Their Coattails
2021-07-07 - Elastic Security prevents 100% of REvil ransomware samples
2021-07-07 - Global Phishing Campaign Targets Energy Sector and its Suppliers
2021-07-07 - How CrowdStrike Falcon Stops REvil Ransomware Used in the Kaseya Attack
2021-07-07 - InSideCopy- How this APT continues to evolve its arsenal (IOCs)
2021-07-07 - InSideCopy- How this APT continues to evolve its arsenal (Network IOCs)
2021-07-07 - InSideCopy- How this APT continues to evolve its arsenal
2021-07-07 - Israeli Government Seizes Cryptocurrency Addresses Associated with Hamas Donation Campaigns
2021-07-07 - Magecart Swiper Uses Unorthodox Concatenation
2021-07-07 - Netskope Threat Coverage- REvil
2021-07-07 - WildPressure targets the macOS platform
2021-07-08 - Amadey stealer plugin adds Mikrotik and Outlook harvesting
2021-07-08 - Analysis of Lazarus malware abusing Non-ActiveX Module in South Korea
2021-07-08 - Chinese State-Sponsored Activity Group TAG-22 Targets Nepal, the Philippines, and Taiwan Using Winnti and Other Tooling
2021-07-08 - Conti Unpacked- Understanding Ransomware Development as a Response to Detection - A Detailed Technical Analysis
2021-07-08 - Decoding Cobalt Strike- Understanding Payloads
2021-07-08 - Enriching Threat Intelligence for the Carbine Loader Crypto-jacking Campaign
2021-07-08 - Hancitor Making Use of Cookies to Prevent URL Scraping
2021-07-08 - Inside the FBI, Russia, and Ukraine’s failed cybercrime investigation
2021-07-08 - Malware Analysis Report (AR21-189A)- DarkSide Ransomware
2021-07-08 - Morgan Stanley reports data breach after vendor Accellion hack
2021-07-08 - Observations and Recommendations from the Ongoing REvil-Kaseya Incident
2021-07-08 - Ransomware Gangs are Starting to Look Like Ocean’s 11
2021-07-08 - Threat Thursday- Redline Infostealer
2021-07-08 - Zloader With a New Infection Technique
2021-07-09 - Dark Web User Known As “The Bull” Charged In Insider Trading Scheme
2021-07-09 - Hancitor tries XLL as initial malware file
2021-07-09 - REvil-ution – A Persistent Ransomware Operation
2021-07-09 - Serv-U Remote Memory Escape Vulnerability CVE-2021-35211 (exploited in the wild)
2021-07-09 - Watering hole threat analysis in the public sector of Kazakhstan
2021-07-12 - Attack Exploiting XSS Vulnerability in E-commerce Websites
2021-07-12 - Operation SpoofedScholars- A Conversation with TA453
2021-07-12 - Over 780,000 email accounts compromised by Emotet have been secured
2021-07-12 - PJobRAT
2021-07-12 - RoboSki and Global Recovery- Automation to Combat Evolving Obfuscation
2021-07-12 - SolarWinds patches critical Serv-U vulnerability (CVE-2021-35211) exploited in the wild
2021-07-13 - Guess Fashion Brand Deals With Data Loss After Ransomware Attack
2021-07-13 - Joker Is Still No Laughing Matter
2021-07-13 - Microsoft discovers threat actor (DEV-0322) targeting SolarWinds Serv-U software with 0-day exploit
2021-07-13 - Prometheus Ransomware Decryptor
2021-07-13 - REvil ransomware gang's web sites mysteriously shut down
2021-07-13 - Ransomware Giant REvil’s Sites Disappear
2021-07-13 - Resources for Investigating Cloud and Container Penetration Testing Tools
2021-07-14 - BazarBackdoor sneaks in through nested RAR and ZIP archives
2021-07-14 - How We Protect Users From 0-Day Attacks (CVE-2021-21166, CVE-2021-30551, CVE-2021-33742, CVE-2021-1879)
2021-07-14 - How We Tracked a Threat Group Running an Active Cryptojacking Campaign
2021-07-14 - How cybercriminals create turbulence for the transportation industry
2021-07-14 - Investigating a Suspicious Service
2021-07-14 - LOCKDATA Auction – Another leak marketplace showing the recent shift of ransomware operators
2021-07-14 - LuminousMoth APT- Sweeping attacks for the chosen few
2021-07-14 - Microsoft delivers comprehensive solution to battle rise in consent phishing emails
2021-07-14 - Old trees and new flowers- Analysis of the new version of KGH spy components used by Kimsuky
2021-07-14 - REvil Vanishes From Underground - Infrastructure Down
2021-07-14 - Spain arrests 16 for working with the Mekotio and Grandoreiro malware gangs
2021-07-14 - Targeted Phishing Attack against Ukrainian Government Expands to Georgia
2021-07-14 - The Civil Guard dismantles an important network dedicated to committing scams through the Internet
2021-07-14 - Threat of the Month- IcedID Malware
2021-07-14 - Triage analysis of Serv-U FTP user backdoor deployed by CVE-2021-35211 (DEV-0322)
2021-07-14 - XLS Entanglement
2021-07-15 - APT attack (by Kimsuky) attempt on a specific person using a word document
2021-07-15 - Adjusting the Anchor
2021-07-15 - American Rescue Plan Act Lures in the Wild
2021-07-15 - Data Exfiltrator - A New Tactic for Ransomware Adversaries
2021-07-15 - Fighting cyberweapons built by private businesses
2021-07-15 - Hooking Candiru Another Mercenary Spyware Vendor Comes into Focus
2021-07-15 - Linux version of HelloKitty ransomware targets VMware ESXi servers
2021-07-15 - Mespinoza Ransomware Gang Calls Victims “Partners,” Attacks with Gasket, -MagicSocks- Tools
2021-07-15 - Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware
2021-07-15 - Taking Action Against Hackers in Iran
2021-07-15 - Vidar Stealer C&C Server List
2021-07-15 - Visual investigations - Speed up your IR, Forensic Analysis and Hunting
2021-07-15 - What is Cyber Threat Intelligence-
2021-07-15 - cybereason vs. prometheus ransomware
2021-07-16 - APT-C-61 attacks against South Asia
2021-07-16 - Attacks Are Tailored to You—Your Intelligence Should Be, Too.
2021-07-16 - Mars-Deimos- From Jupiter to Mars and Back again (Part Two)
2021-07-16 - Vidar and GandCrab- stealer and ransomware combo observed in the wild
2021-07-17 - Candiru's Spyware- How It Works And Attacking Journalists, Activists And Many More
2021-07-17 - Ecuador's state-run CNT telco hit by RansomEXX ransomware
2021-07-17 - HelloKitty Linux version malware analysis
2021-07-17 - HelloKitty ransomware is targeting vulnerable SonicWall devices
2021-07-17 - Meet WiFiDemon – iOS WiFi RCE 0-Day Vulnerability, and a Zero-Click Vulnerability That Was Silently Patched
2021-07-18 - About The Pegasus Project
2021-07-18 - Digital Forensics Show S.A.R. Geelani’s Phone Was Hacked, Likely With Zero-Click Exploit
2021-07-18 - Forensic Methodology Report- How to catch NSO Group’s Pegasus
2021-07-18 - Forensic Methodology Report- Pegasus Forensic Traces per Target
2021-07-18 - From Rabat to Paris, Morocco does not let go of journalists
2021-07-18 - Independent Peer Review of Amnesty International’s Forensic Methods for Identifying Pegasus Spyware
2021-07-18 - Massive data leak reveals Israeli NSO Group's spyware used to target activists, journalists, and political leaders globally
2021-07-18 - Mobile Verification Toolkit
2021-07-18 - NSO Group Pegasus Indicator of Compromise
2021-07-18 - Pegasus Project- How Phones of Journalists, Ministers, Activists May Have Been Used to Spy On Them
2021-07-18 - Pegasus- The new global weapon for silencing journalists
2021-07-18 - Revealed- leak uncovers global abuse of cyber-surveillance weapon
2021-07-18 - Revealed- murdered journalist’s number selected by Mexican NSO client
2021-07-18 - Saudis behind NSO spyware attack on Jamal Khashoggi’s family, leak suggests
2021-07-18 - Snoop List Has 40 Indian Journalists, Forensic Tests Confirm Presence of Pegasus Spyware on Some
2021-07-18 - The Guardian's covereage on Pegasus Project
2021-07-18 - The Pegasus Project- A Worldwide Collaboration to Counter a Global Crime
2021-07-18 - The WIre's covereage on Pegasus Project
2021-07-18 - Viktor Orbán using NSO spyware in assault on media, data suggests
2021-07-19 - Alert (AA21-200B)- Chinese State-Sponsored Cyber Operations- Observed TTPs
2021-07-19 - Amazon Shuts Down NSO Group Infrastructure
2021-07-19 - Australia joins international partners in attribution of malicious cyber activity to China
2021-07-19 - Cases of cyberattacks including those by a group known as APT40 which the Chinese government is behind (Statement by Press Secretary YOSHIDA Tomoyuki)
2021-07-19 - China- Declaration by the High Representative on behalf of the European Union urging Chinese authorities to take action against malicious cyber activities undertaken from its territory
2021-07-19 - Evade Sandboxes With a Single Bit – the Trap Flag
2021-07-19 - FickerStealer- A New Rust Player in the Market
2021-07-19 - Fighting an emerging cybercrime trend
2021-07-19 - Fresh Malware Hunts for Crypto Wallet and Credentials
2021-07-19 - IcedID and Cobalt Strike vs Antivirus
2021-07-19 - New Threat Actor Uses Spanish Language Lures to Distribute Seldom Observed Bandook Malware
2021-07-19 - REvil Revealed - Tracking a Ransomware Negotiation and Payment
2021-07-19 - Remcos RAT delivered via Visual Basic
2021-07-19 - Shlayer Malvertising Campaigns Still Using Flash Update Disguise
2021-07-19 - Signed, Sealed, and Delivered – Signed XLL File Delivers Buer Loader
2021-07-19 - Statement on China’s cyber campaigns
2021-07-19 - The United States, Joined by Allies and Partners, Attributes Malicious Cyber Activity and Irresponsible State Behavior to the People’s Republic of China
2021-07-19 - UK and allies hold Chinese state responsible for a pervasive pattern of hacking
2021-07-19 - UK and allies hold Chinese state responsible for pervasive pattern of hacking
2021-07-19 - iPhones running latest iOS hacked to deploy NSO Group spyware
2021-07-20 - Alert (AA21-201A)- Chinese Gas Pipeline Intrusion Campaign, 2011 to 2013
2021-07-20 - Data exfiltration in Latin America
2021-07-20 - Government points finger at China over cyber attacks
2021-07-20 - Hancitor’s Multi-Step Delivery Process
2021-07-20 - Ongoing Campaign Leveraging Exchange Vulnerability Potentially Linked to Iran
2021-07-20 - Researchers- NSO Group’s Pegasus Spyware Should Spark Bans, Apple Accountability
2021-07-20 - Security Researchers’ Hunt to Discover Origins of the Kaseya VSA Mass Ransomware Incident
2021-07-20 - Some URL shortener services distribute Android malware, including banking or SMS trojans
2021-07-20 - The growing threat of ransomware
2021-07-21 - -Le- is not tired of this, IE is really naughty
2021-07-21 - Analysis of malware (wiper) with Japanese file names related to the Tokyo Olympics
2021-07-21 - Detecting Trickbot with Splunk
2021-07-21 - Estonian Citizen Pleads Guilty to Computer Fraud and Abuse (Pavel Tsurkan)
2021-07-21 - FormBook Malware Returns- New Variant Uses Steganography and In-Memory Loading of multiple stages to steal data
2021-07-21 - Groundhog day- NPM package caught stealing browser passwords
2021-07-21 - INDICATEURS DE COMPROMISSION DU CERT-FR
2021-07-21 - LuminousMoth – PlugX, File Exfiltration and Persistence Revisited
2021-07-21 - Malware Targeting Pulse Secure Devices
2021-07-21 - Notorious Cybercrime Gang, FIN7, Lands Malware in Law Firm Using Fake Legal Complaint Against Jack Daniels’ Owner, Brown-Forman Inc.
2021-07-21 - StrongPity APT Group Deploys Android Malware for the First Time
2021-07-21 - The Coper―a new Android banking trojan targeting Colombian users
2021-07-21 - The life and death of the ZeuS Trojan
2021-07-21 - This Chat is Being Recorded- Egregor Ransomware Negotiations Uncovered
2021-07-21 - Top prevalent malware with a thousand campaigns migrates to macOS
2021-07-22 - Analysis of -[Urgent] Damage report regarding the occurrence of cyber attacks, etc. associated with the Tokyo Olympics.exe-
2021-07-22 - Behavorial xbits with Suricata
2021-07-22 - Cyber attack with PHOBOS ransomware application
2021-07-22 - DoNot APT Group Delivers A Spyware Variant Of Chat App
2021-07-22 - Incident report- Spotting SocGholish WordPress injection
2021-07-22 - Kaseya obtains universal decryptor for REvil ransomware victims
2021-07-22 - Malware increasingly targets Discord for abuse
2021-07-22 - Quick analysis of Haron Ransomware (feat. Avaddon and Thanos)
2021-07-22 - Ransomware gang breached CNA’s network via fake browser update
2021-07-22 - Taurus Loader- User-Guided Infection
2021-07-22 - The Fraud Family Fraud-as-a-Service operation targeting Dutch residents
2021-07-22 - Updated XCSSET Malware Targets Telegram, Other Apps
2021-07-22 - W4 July - EN - Story of the week- Ransomware on the Darkweb
2021-07-22 - When coin miners evolve, Part 1- Exposing LemonDuck and LemonCat, modern mining malware infrastructure
2021-07-23 - AvosLocker enters the ransomware scene, asks for partners
2021-07-24 - Agent.Tesla Dropped via a .daa Image and Talking to Telegram
2021-07-24 - Quack Quack- Analysing Qakbot’s Browser Hooking Module – Part 1
2021-07-25 - Ghidra script to decrypt a string array in XOR DDoS
2021-07-25 - Scanning your iPhone for Pegasus, NSO Group's malware
2021-07-26 - Detecting XLoader - A macOS ‘Malware-as-a-Service’ Info Stealer and Keylogger
2021-07-26 - OSX.XLoader hides little except its main purpose- What we learned in the installation process
2021-07-26 - Portable Executable Injection Study
2021-07-26 - WhiteBlackGroup Ransomware (.encrpt3d)
2021-07-26 - Wiper Malware Riding the 2021 Tokyo Olympic Games
2021-07-27 - BlackMatter Ransomware Emerges As Successor to DarkSide, REvil
2021-07-27 - Chatter Indicates BlackMatter as REvil Successor
2021-07-27 - Collecting and operationalizing threat data from the Mozi botnet
2021-07-27 - Deep dive into a FIN8 attack – A forensic investigation
2021-07-27 - Diamondfox Technical Analysis Report
2021-07-27 - Ghosts on the Wire- Expanding Conceptions of Network Anomalies
2021-07-27 - Iran's Secret Cyber Files
2021-07-27 - LockBit ransomware now encrypts Windows domains using group policies
2021-07-27 - Oscorp evolves into UBEL- an advanced Android malware spreading across the globe
2021-07-27 - Oski Stealer Technical Analysis Report
2021-07-27 - Summary of Kimsuky's secret stealing activities in the first half of 2021
2021-07-27 - THOR- Previously Unseen PlugX Variant Deployed During Microsoft Exchange Server Attacks by PKPLUG Group
2021-07-27 - Threat Actors Exploit Misconfigured Apache Hadoop YARN
2021-07-27 - Time-proven tricks in a new environment- the macOS evolution of Formbook
2021-07-27 - UC San Diego Health discloses data breach after phishing attack
2021-07-28 - BlackMatter & Haron- Evil Ransomware Newborns or Rebirths
2021-07-28 - Cert Safari- Leveraging TLS Certificates to Hunt Evil
2021-07-28 - Crimea “manifesto” deploys VBA Rat using double attack vectors
2021-07-28 - DoppelPaymer Continues to Cause Grief Through Rebranding
2021-07-28 - Finding AnchorDNS C2s With Iris Investigate
2021-07-28 - I Knew You Were Trouble- TA456 Targets Defense Contractor with Alluring Social Media Persona
2021-07-28 - New Russian-Speaking Forum – A New Place for RaaS-
2021-07-28 - REvil- Analysis of Competing Hypotheses
2021-07-28 - Stylish Magento Card Stealer loads Without Script Tags
2021-07-28 - Telegram Zeek, you’re my main notice
2021-07-28 - Top Routinely Exploited Vulnerabilities
2021-07-28 - Vultur, with a V for VNC
2021-07-29 - An (in)Competent Cyber Program – A brief cyber history of the 'CCP'
2021-07-29 - BazaCall- Phony call centers lead to exfiltration and ransomware
2021-07-29 - GhostEmperor- Chinese-speaking APT targets high-profile victims using unknown rootkit
2021-07-29 - Magnitude Exploit Kit- Still Alive and Kicking
2021-07-29 - MeteorExpress - Mysterious Wiper Paralyzes Iranian Trains with Epic Troll
2021-07-29 - NTLM Relaying via Cobalt Strike
2021-07-29 - Talos Spotlight- Solarmarker
2021-07-29 - Using the Silent Push app and API to find punycode domains
2021-07-29 - When coin miners evolve, Part 2- Hunting down LemonDuck and LemonCat attacks
2021-07-29 - “Netfilter Rootkit II ” Continues to Hold WHQL Signatures
2021-07-30 - Aberebot on the Rise- New Banking Trojan Targeting Users Through Phishing
2021-07-30 - DOJ- SolarWinds hackers breached emails from 27 US Attorneys’ offices
2021-07-30 - Decrypting BazarLoader strings with a Unicorn
2021-07-30 - Detecting TA551 domains
2021-07-30 - ISOMorph Infection- In-Depth Analysis of a New HTML Smuggling Campaign
2021-07-30 - Novel Meteor Wiper Used in Attack that Crippled Iranian Train System
2021-07-31 - BlackMatter ransomware gang rises from the ashes of DarkSide, REvil
2021-07-31 - DarkSide ransomware gang returns as new BlackMatter operation
2021-08-01 - BazarCall to Conti Ransomware via Trickbot and Cobalt Strike
2021-08-01 - BlackMatter Ransomware
2021-08-02 - A Deep-Dive Analysis Of A New Wiper Malware Disguised As Tokyo Olympics Document
2021-08-02 - All Access Pass- Five Trends with Initial Access Brokers
2021-08-02 - New sophisticated RAT in town- FatalRat analysis
2021-08-02 - Operation Hunting - The latest attack by the CNC (APT-C-48) has been revealed
2021-08-03 - A step-by-step analysis of the new malware used by APT28-Sofacy called SkinnyBoy
2021-08-03 - DeadRinger- Exposing Chinese Threat Actors Targeting Major Telcos
2021-08-03 - Python script for recovering the hashes hardcoded in different samples of the BlackMatter ransomware
2021-08-03 - Ransomware attack hits Italy's Lazio region, affects COVID-19 site
2021-08-03 - Squashing SPIDERS- Threat Intelligence, Threat Hunting and Rapid Response Stops SQL Injection Campaign
2021-08-03 - The Art of Cyberwarfare Chinese APTs attack Russia
2021-08-03 - The Pegasus Project
2021-08-03 - Trash Panda as a Service- Raccoon Stealer steals cookies, cryptocoins, and more
2021-08-04 - A Deep-dive Analysis of VENOMOUS Ransomware
2021-08-04 - Cloudy with a Chance of APTNovel Microsoft 365 Attacks in the Wild
2021-08-04 - Detecting Cobalt Strike- Cybercrime Attacks (GOLD LAGOON)
2021-08-04 - Energy group ERG reports minor disruptions after ransomware attack
2021-08-04 - Hotcobalt – New Cobalt Strike DoS Vulnerability That Lets You Halt Operations
2021-08-04 - ITG18- Operational Security Errors Continue to Plague Sizable Iranian Threat Group
2021-08-04 - LockBit ransomware recruiting insiders to breach corporate networks
2021-08-04 - PROPHET SPIDER Exploits Oracle WebLogic to Facilitate Ransomware Activity
2021-08-04 - Pegasus Spyware- How It Works and What It Collects
2021-08-04 - S-W Download Camouflage, Spreading Various Kinds of Malware
2021-08-04 - See Ya Sharp- A Loader’s Tale
2021-08-04 - Spotting brand impersonation with Swin transformers and Siamese neural networks
2021-08-04 - Supply Chain Attacks from a Managed Detection and Response Perspective
2021-08-04 - Understanding BlackMatter's API Hashing
2021-08-04 - [QuickNote] MountLocker – Some pseudo-code snippets
2021-08-05 - Analysis of the BlackMatter ransomware
2021-08-05 - Angry Conti ransomware affiliate leaks gang's attack playbook
2021-08-05 - BlackMatter Under the Lens- An Emerging Ransomware Group Looking for Affiliates
2021-08-05 - Cryptominer ELFs Using MSR to Boost Mining Process
2021-08-05 - Detecting Cobalt Strike- Government-Sponsored Threat Groups (APT32)
2021-08-05 - Linux version of BlackMatter ransomware targets VMware ESXi servers
2021-08-05 - Prometheus TDS The key to success for Campo Loader, Hancitor, IcedID, and QBot
2021-08-05 - Ransomware Gangs and the Name Game Distraction
2021-08-05 - The Trystero Project
2021-08-05 - The clandestine Horus Eyes RAT- From the underground to criminals’ arsenal
2021-08-05 - When Dridex and Cobalt Strike give you Grief
2021-08-06 - Anatomy of native IIS malware
2021-08-06 - Angry Affiliate Leaks Conti Ransomware Gang Playbook
2021-08-06 - Bold ad campaign
2021-08-06 - Conti ransomware affiliate goes rogue, leaks “gang data”
2021-08-06 - IIStealer- A server‑side threat to e‑commerce transactions
2021-08-06 - Inside DarkSide, the ransomware that attacked Colonial Pipeline
2021-08-06 - Redosdru.v Malware that hides in encrypted DLL Files to avoid Detection by Firewalls
2021-08-08 - Legal and cooperation frameworks between CSIRTs and law enforcement agencies
2021-08-09 - A BazarLoader DGA that Breaks Down in the Summer
2021-08-09 - APT Cobalt Strike Campaign targeting Slovakia (DEF CON talk)
2021-08-09 - BlackMatter ransomware emerges from the shadow of DarkSide
2021-08-09 - Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising
2021-08-09 - CryptBot Infostealer Constantly Changing and Being Distributed
2021-08-09 - FlyTrap Android Malware Compromises Thousands of Facebook Accounts
2021-08-09 - IISpy- A complex server‑side backdoor with anti‑forensic features
2021-08-09 - Synology warns of malware infecting NAS devices with ransomware
2021-08-09 - Thwarting Jupyter Stealer
2021-08-10 - Chaos Ransomware- A Proof of Concept With Potentially Dangerous Applications
2021-08-10 - Crytek confirms Egregor ransomware attack, customer data theft
2021-08-10 - Fast Insights for a Microsoft-Signed Netfilter Rootkit
2021-08-10 - New eCh0raix Ransomware Variant Targets QNAP and Synology Network-Attached Storage Devices
2021-08-10 - REvil Master Key for Kaseya Attack Posted to XSS
2021-08-10 - UNC215- Spotlight on a Chinese Espionage Campaign in Israel
2021-08-11 - Amid Boom in Phishing, Fraudsters Target Customers of Small and Mid-sized Banks
2021-08-11 - DirtyMoe- Rootkit Driver
2021-08-11 - IISerpent- Malware‑driven SEO fraud as a service
2021-08-11 - Kaseya's universal REvil decryption key leaked on a hacking forum
2021-08-11 - MoqHao Part 1.5- High-Level Trends of Recent Campaigns Targeting Japan
2021-08-11 - ReverseRat Reemerges With A (Night)Fury New Campaign And New Developments, Same Familiar Side-Actor
2021-08-11 - Secret -Backdoor- Behind Conti Ransomware Operation- Introducing Atera Agent
2021-08-11 - Teaching an Old Dog New Tricks- 2017 Magniber Ransomware Uses PrintNightmare Vulnerability to Infect Victims in South Korea
2021-08-11 - The Rising Threat from LockBit Ransomware
2021-08-12 - Gootloader’s “mothership” controls malicious content
2021-08-12 - Netskope Threat Coverage- LockBit
2021-08-12 - PrintNightmare vulnerability weaponized by Magniber ransomware gang
2021-08-12 - Signed MSI files, Raccoon and Amadey are used for installing ServHelper RAT
2021-08-12 - Threat Thursday- Ficker Infostealer Malware
2021-08-12 - Uncovering Tetris – a Full Surveillance Kit Running in your Browser
2021-08-12 - Vice Society Leverages PrintNightmare In Ransomware Attacks
2021-08-13 - The Ghostwriter Scenario (UNC1151)
2021-08-13 - When Malware Changes Its Mind - A Study of Variable Program Behaviors
2021-08-14 - Indra — Hackers Behind Recent Attacks on Iran
2021-08-16 - A Deep-dive Analysis of LOCKBIT 2.0
2021-08-16 - LockBit Resurfaces With Version 2.0 Ransomware Detections in Chile, Italy, Taiwan, UK
2021-08-16 - Statically unpacking a simple .NET dropper
2021-08-17 - An insider insights into Conti operations – Part one
2021-08-17 - Analysis of Diavol Ransomware Reveals Possible Link to TrickBot Gang
2021-08-17 - Cobalt Strike Hunting — DLL Hijacking-Attack Analysis
2021-08-17 - Confucius Uses Pegasus Spyware-related Lures to Target Pakistani Military
2021-08-17 - Hunting for Corporate Insurance Policies- Indicators of [Ransom] Exfiltration
2021-08-17 - LockBit Ransomware Analysis Notes
2021-08-17 - North Korean APT37 - InkySquid Infects Victims Using Browser Exploits
2021-08-17 - Resurgent FluBot malware targets German and Polish banks
2021-08-17 - Secrets behind the Lazarus’s VHD ransomware
2021-08-17 - Snakes on a Domain- An Analysis of a Python Malware Loader
2021-08-18 - China Propaganda Network Targets BBC Media, UK in Large-Scale Influence Campaign
2021-08-18 - Cobalt Strike- Detect this Persistent Threat
2021-08-18 - Diavol ransomware sample shows stronger connection to TrickBot gang
2021-08-18 - Infostealer Malware Azorult Being Distributed Through Spam Mails
2021-08-19 - An insider insights into Conti operations – Part two
2021-08-19 - BlackBerry Prevents- Threat Actor Group TA575 and Dridex Malware
2021-08-19 - How to proactively defend against Mozi IoT botnet
2021-08-19 - Malicious Campaign Targets Latin America- The seller, The operator and a curious link
2021-08-19 - Microsoft Exchange Servers Still Vulnerable to ProxyShell Exploit
2021-08-19 - Ragnar Locker – Malware analysis
2021-08-19 - ShadowPad - A Masterpiece of Privately Sold Malware in Chinese Espionage
2021-08-19 - ShinyHunters Selling Alleged AT&T Database with 70 million SSN and Date of birth; AT&T Denies it originated from their systems
2021-08-20 - An Overview of FinTech Threat Landscape
2021-08-20 - LockFile- Ransomware Uses PetitPotam Exploit to Compromise Windows Domain Controllers
2021-08-20 - New variant of Konni malware used in campaign targetting Russia
2021-08-20 - See REvil again-! See how hackers use the same encryption ransomware program REvil to annihilate the attack evidence
2021-08-22 - PEB- Where Magic Is Stored
2021-08-22 - The Bangladesh cyber bank robbery- Tracking down major criminals with malware analysis
2021-08-23 - Heres how to guard your enterprise against ShinyHunters
2021-08-23 - Hive Attacks - Analysis of the Human-Operated Ransomware Targeting Healthcare
2021-08-23 - Kimsuky Espionage Campaign
2021-08-23 - Netskope Threat Coverage- BlackMatter
2021-08-23 - PRISM attacks fly under the radar
2021-08-23 - Paradise Ransomware- The Builder
2021-08-23 - ProxyShell vulnerabilities in Microsoft Exchange- What to do
2021-08-24 - From Pearl to Pegasus Bahraini Government Hacks Activists with NSO Group Zero-Click iPhone Exploits
2021-08-24 - How Data Brokers Sell Access to the Backbone of the Internet
2021-08-24 - LockBit 2.0 Interview with Russian OSINT
2021-08-24 - North Korean BLUELIGHT Special- InkySquid Deploys RokRAT
2021-08-24 - Ransomware Groups to Watch- Emerging Threats
2021-08-24 - Ransomware gang's script shows exactly the files they're after
2021-08-24 - The SideWalk may be as dangerous as the CROSSWALK
2021-08-24 - Triada Trojan in WhatsApp MOD
2021-08-24 - A Deep-dive Analysis of KARMA Ransomware
2021-08-25 - FIN7 still active
2021-08-25 - New Campaign Sees LokiBot Delivered Via Multiple Methods
2021-08-25 - Reverse Engineering Crypto Functions- RC4 and Salsa20
2021-08-25 - LockFile Ransomware- Exploiting Microsoft Exchange Vulnerabilities Using ProxyShell
2021-08-26 - Become A VIP Victim With New Discord Distributed Malware
2021-08-26 - China's Microsoft Hack May Have Had A Bigger Purpose Than Just Spying
2021-08-26 - From Russia With… LockBit Ransomware- Inside Look & Preventive Solutions
2021-08-26 - Hackers are trying to topple Belarus’s dictator, with help from the inside
2021-08-26 - NTLM Keeps Haunting Microsoft
2021-08-26 - Ragnarok ransomware releases master decryptor after shutdown
2021-08-26 - Spies for Hire- China’s New Breed of Hackers Blends Espionage and Entrepreneurship
2021-08-26 - Widespread credential phishing campaign abuses open redirector links
2021-08-27 - Anubis Android Malware Analysis
2021-08-27 - Cobalt Strike Configuration Extractor and Parser
2021-08-27 - Fraude personificando a marca Continente espalha-se através do WhatsApp- Não se deixe enganar!
2021-08-27 - LockFile ransomware’s box of tricks- intermittent encryption and evasion
2021-08-27 - Phorpiex botnet shuts down, source code goes up for sale
2021-08-27 - ProxyShell Exchange Exploitation Now Leads To An Increasing Amount Of Cobaltstrike Backdoors
2021-08-27 - RealTek CVE-2021-35394 Exploited in the Wild
2021-08-28 - LockFile Ransomware Bypasses Protection Using Intermittent File Encryption
2021-08-29 - Cobalt Strike, a Defender’s Guide
2021-08-30 - CARBON SPIDER Embraces Big Game Hunting, Part 1
2021-08-30 - Hypervisor Jackpotting, Part 2- eCrime Actors Increase Targeting of ESXi Servers with Ransomware
2021-08-30 - LockFile ransomware uses intermittent encryption to evade detection
2021-08-30 - New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305)
2021-08-30 - ProxyToken- An Authentication Bypass in Microsoft Exchange Server
2021-08-31 - Analysis of suspected Russian-speaking attackers using COVID-19 vaccine bait to attack the Middle East
2021-08-31 - Attracting flies with Honey(gain)- Adversarial abuse of proxyware
2021-08-31 - Bassterlord (FishEye) Networking Manual (X)
2021-08-31 - BlackMatter - The New Star Of Ransomware
2021-08-31 - Cobalt Strike and Ransomware – Tracking An Effective Ransomware Campaign
2021-08-31 - Financial Institutions in the Sight of New JsOutProx Attack Waves
2021-08-31 - Phishing+Telegram- Solicitação de reembolso da Autoridade Tributária-
2021-08-31 - Sidoh- WIZARD SPIDER’s Mysterious Exfiltration Tool
2021-09-01 - APT-C-56 (Transparent Tribe) Latest Attack Analysis and Associated Suspected Gorgon Group Attack Analysis Alert
2021-09-01 - Analysis of a Phishing Kit (that targets Chase Bank)
2021-09-01 - Confluence enterprise servers targeted with recent vulnerability
2021-09-01 - Diving Deep into UNC1151’s Infrastructure- Ghostwriter and beyond
2021-09-01 - Fake pirated software sites serve up malware droppers as a service
2021-09-01 - LOLBins Are No Laughing Matter- How Attackers Operate Quietly
2021-09-01 - STRRAT- a Java-based RAT that doesn't care if you have Java
2021-09-01 - The Incredible Rise of DPRK’s Cyber Warfare
2021-09-01 - WatchTower - August 2021 TLP- WHITE - Intelligence-Driven Threat Hunting
2021-09-02 - A deep-dive into the SolarWinds Serv-U SSH vulnerability (DEV-0322)
2021-09-02 - Advanced Persistent Threats (APTs)
2021-09-02 - Anatomy and Disruption of Metasploit Shellcode
2021-09-02 - Attacks Continue Against Realtek Vulnerabilities
2021-09-02 - Attacks using metasploit meterpreter
2021-09-02 - Autodesk reveals it was targeted by Russian SolarWinds hackers
2021-09-02 - Cross-Platform Java Dropper- Snake and XLoader (Mac Version)
2021-09-02 - Cybercrime Group FIN7 Using Windows 11 Alpha-Themed Docs to Drop Javascript Backdoor
2021-09-02 - Juniper Breach Mystery Starts to Clear With New Details on Hackers and U.S. Role (APT5)
2021-09-02 - QakBot Technical Analysis
2021-09-02 - Translated- Talos' insights from the recently leaked Conti ransomware playbook
2021-09-03 - Conti affiliates use ProxyShell Exchange exploit in ransomware attacks
2021-09-03 - Dissecting Sodinokibi Ransomware Attacks- Bringing Incident Response and Intelligence Together in the Fight
2021-09-03 - Netwalker ransomware full analysis
2021-09-03 - Phishing Android Malware Targets Taxpayers in India
2021-09-03 - Spyware Variant Disguised as Korean Video App Targets Multiple Asian Countries
2021-09-05 - BlackMatter Ransomware v2.0
2021-09-06 - Quick analysis CobaltStrike loader and shellcode
2021-09-06 - The Ideal Ransomware Victim- What Attackers Are Looking For
2021-09-06 - TrickBot gang developer arrested when trying to leave Korea
2021-09-07 - Analysis of recent attacks by the Lazarus APT organization on the blockchain finance and energy industries
2021-09-07 - BladeHawk group- Android espionage against Kurdish ethnic group
2021-09-07 - Cobalt Strike C2 Hunting with Shodan
2021-09-07 - Fake Income Tax Application Targets Indian Taxpayers
2021-09-07 - Microsoft shares temp fix for ongoing Office 365 zero-day attacks ( CVE-2021-40444)
2021-09-07 - REvil ransomware's servers mysteriously come back online
2021-09-07 - Shellcode Detection Using Real-Time Kernel Monitoring
2021-09-07 - Threat Alert- Mirai-Gafgyt Fork with New DDoS Modules Discovered
2021-09-08 - Advance Fee Fraud- The Emergence of Elaborate Crypto Schemes
2021-09-08 - Aggah Malware Campaign Expands to Zendesk and GitHub to Host Its Malware
2021-09-08 - Groove’s thoughts on Blackmatter, Babuk, and cheese shortages in the Netherlands
2021-09-08 - How Groove Gang is Shaking up the Ransomware-as-a-Service Market to Empower Affiliates
2021-09-08 - Muhstik Takes Aim at Confluence CVE 2021-26084
2021-09-08 - Rapidly Evolving BlackMatter Ransomware Tactics
2021-09-08 - TeamTNT with new campaign aka “Chimaera”
2021-09-08 - Ukrainian Cyber Criminal Extradited For Decrypting The Credentials Of Thousands Of Computers Across The World And Selling Them On A Dark Web Website (Glib Oleksandr Ivanov-Tolpintsev)
2021-09-08 - Zoho patches actively exploited critical ADSelfService Plus bug (CVE-2021-40539)
2021-09-09 - A Spectrum of State Ransomware Responsibility
2021-09-09 - Case Analysis of Suncrypt Ransomware Negotiation and Bitcoin Transaction
2021-09-09 - CloudFall Targets Researchers and Scientists Invited to International Military Conferences in Central Asia and Eastern Europe
2021-09-09 - FluBot Variant Masquerading As The Default Android Voicemail App
2021-09-09 - Grayfly- Chinese Threat Actor Uses Newly-discovered Sidewalk Malware
2021-09-09 - Groove VS Babuk; Groove Ransom Manifesto & RAMP Underground Platform Secret Inner Workings
2021-09-09 - Hancitor Loader - RE & Config Extraction
2021-09-09 - LockBit 2.0- Ransomware Attacks Surge After Successful Affiliate Recruitment
2021-09-09 - Mēris botnet, climbing to the record
2021-09-09 - PYSA Ransomware Gang adds Linux Support
2021-09-09 - Remote Code Execution 0-Day (CVE-2021-40444) Hits Windows, Triggered Via Office Docs
2021-09-09 - Threat Thursday- Get Your Paws Off My Data, Raccoon Infostealer
2021-09-10 - Hive Ransomware- Actively Targeting Hospitals
2021-09-10 - Indonesian intelligence agency compromised in suspected Chinese hack
2021-09-10 - New Dridex Variant Being Spread By Crafted Excel Document
2021-09-10 - PhishingJS- A Deep Learning Model for JavaScript-Based Phishing Detection
2021-09-10 - Rendering Threats- A Network Perspective
2021-09-10 - S.O.V.A. - A new Android Banking trojan with fowl intentions
2021-09-10 - The new maxtrilha trojan is being disseminated and targeting several banks
2021-09-13 - APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs (IOCs)
2021-09-13 - APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs
2021-09-13 - Android malware distributed in Mexico uses Covid-19 to steal financial credentials
2021-09-13 - Attackers exploit CVE-2021-26084 for XMRig crypto mining on affected Confluence servers
2021-09-13 - BazarLoader to Conti Ransomware in 32 Hours
2021-09-13 - FORCEDENTRY NSO Group iMessage Zero-Click Exploit Captured in the Wild (CVE-2021-30860)
2021-09-13 - Hide and Seek - New Zloader Infection Chain Comes With Improved Stealth and Evasion Mechanisms
2021-09-13 - The many tentacles of Magecart Group 8
2021-09-13 - Vermilion Strike- Linux and Windows Re-implementation of Cobalt Strike
2021-09-14 - APT Group Targets Indian Defense Officials Through Enhanced TTPs
2021-09-14 - Big Game Hunting TTPs Continue to Shift After DarkSide Pipeline Attack
2021-09-14 - Deep-dive Analysis of S.O.V.A. Android Banking Trojan
2021-09-14 - Flubot’s Smishing Campaigns under the Microscope
2021-09-14 - More ProxyShell- Web Shells Lead to ZeroLogon and Application Impersonation Attacks
2021-09-14 - North Korea-linked account poses as KBS scriptwriter to dupe DPRK watchers
2021-09-14 - OSX.ZuRu- trojanized apps spread malware, via sponsored search results
2021-09-14 - Operation ‘Harvest’- A Deep Dive into a Long-term Campaign
2021-09-14 - Russia is fully capable of shutting down cybercrime
2021-09-14 - TeamTNT Script Employed to Grab AWS Credentials
2021-09-14 - The Recent iOS 0-Click, CVE-2021-30860, Sounds Familiar. An Unreleased Write-up- One Year Later
2021-09-15 - APT-C-23 Using New Variant Of Android Spyware To Target Users In The Middle East
2021-09-15 - Analyzing The ForcedEntry Zero-Click iPhone Exploit Used By Pegasus (CVE-2021-30860)
2021-09-15 - Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability
2021-09-15 - Bad ASes
2021-09-15 - Mēris botnet
2021-09-15 - Phishing Eager Travelers
2021-09-15 - Shining a Light on DarkOxide
2021-09-16 - APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus
2021-09-16 - Analysis of CVE-2021-30860 the flaw and fix of a zero-click vulnerability, exploited in the wild
2021-09-16 - Exploitation of the CVE-2021-40444 vulnerability in MSHTML
2021-09-16 - No Longer Just Theory- Black Lotus Labs Uncovers Linux Executables Deployed as Stealth Windows Loaders
2021-09-16 - Operation Layover- How we tracked an attack on the aviation industry to five years of compromise
2021-09-16 - Pointer- Hunting Cobalt Strike globally
2021-09-16 - RUNLIR - phishing campaign targeting Netherlands
2021-09-16 - Threat Thursday- NetWire RAT is Coming Down the Line
2021-09-17 - 2021-09-17 - SQUIRRELWAFFLE Loader with Cobalt Strike
2021-09-17 - DirtyMoe- Code Signing Certificate
2021-09-17 - Falcon OverWatch Hunts Down Adversaries Where They Hide
2021-09-17 - Joker
2021-09-17 - Numando- Count once, code twice
2021-09-17 - Scamdemic outbreak Scammers attack users in Middle Eastern countries
2021-09-17 - Sophisticated Spyware Posing as a Banking Application To Target Korean Users
2021-09-18 - Hunting for OMI Vulnerability Exploitation with Azure Sentinel
2021-09-18 - “Squirrelwaffle” Maldoc Analysis
2021-09-19 - Alaska discloses ‘sophisticated’ nation-state cyberattack on health service
2021-09-19 - Discovering Linux ELF Beacon of Cobalt Strike Tool
2021-09-19 - MirrorBlast and TA505- Examining Similarities in Tactics, Techniques and Procedures
2021-09-20 - A guide to combatting human-operated ransomware- Part 1
2021-09-20 - BluStealer- from SpyEx to ThunderFox
2021-09-20 - Building an Open Source IDS IPS service for Gateway Load Balancer
2021-09-20 - Chainalysis in Action- OFAC Sanctions Russian Cryptocurrency OTC Suex that Received Over $160 million from Ransomware Attackers, Scammers, Darknet Markets, and Seized Exchange BTC-e
2021-09-20 - DanaBot Communications Update
2021-09-20 - Defeating macOS Malware Anti-Analysis Tricks with Radare2
2021-09-20 - Hello Lionel Richie – Intrusion Truth
2021-09-20 - How we searched for a connection between Mēris and Glupteba, and gained control over 45 thousand MikroTik devices
2021-09-20 - Water Basilisk Uses New HCrypt Variant to Flood Victims with RAT Payloads
2021-09-21 - BlackMatter Ransomware Technical Analysis and Tools from Nozomi Networks Labs
2021-09-21 - Capturing and Detecting AndroidTester Remote Access Trojan with the Emergency VPN
2021-09-21 - Catching the big fish- Analyzing a large-scale phishing-as-a-service operation
2021-09-21 - Cring ransomware group exploits ancient ColdFusion server
2021-09-21 - Cryptominer z0Miner Uses Newly Discovered Vulnerability CVE-2021-26084 to Its Advantage
2021-09-21 - New Jupyter Evasive Delivery through MSI Installer
2021-09-21 - Publication of Updated Ransomware Advisory; Cyber-related Designation (25 cryptocurrency accounts operated by Suex is sanctioned)
2021-09-21 - Scanning VirusTotal's firehose
2021-09-21 - TinyTurla - Turla deploys new malware to keep a secret backdoor on victim machines
2021-09-21 - Using Zeek to track communication state
2021-09-22 - Alert (AA21-265A) Conti Ransomware
2021-09-22 - BlackMatter Ransomware Analysis; The Dark Side Returns
2021-09-22 - ERMAC - another Cerberus reborn
2021-09-22 - GoSecure Titan Labs Technical Report- BluStealer Malware Threat
2021-09-22 - Intelligence Insights- September 2021
2021-09-22 - REvil Ransomware Reemerges After Shutdown; Universal Decryptor Released
2021-09-22 - The Sysrv Botnet and How It Evolved
2021-09-22 - Threat Analysis Report- PrintNightmare and Magniber Ransomware
2021-09-23 - Detecting and Hunting for the PetitPotam NTLM Relay Attack
2021-09-23 - FamousSparrow- A suspicious hotel guest
2021-09-23 - Financially motivated actor breaks certificate parsing to avoid detection
2021-09-23 - HCRootkit - Sutersu Linux Rootkit Analysis
2021-09-23 - New ZE Loader Targets Online Banking Users
2021-09-23 - Operation “Armor Piercer-” Targeted attacks in the Indian subcontinent using commercial RATs
2021-09-23 - Phishing and malware actors abuse Google Forms for credentials, data exfiltration
2021-09-23 - REVil ransomware devs added a backdoor to cheat affiliates
2021-09-23 - RTL was victim ransomware attack, cyber criminals make 8500 euro loot
2021-09-23 - Raccoon Stealer Pivots Towards Self-Protection
2021-09-23 - TangleBot- New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures
2021-09-23 - Threat Thursday- BlackMatter RaaS - Darker Than DarkSide-
2021-09-23 - Vidar Stealer Evasion Arsenal
2021-09-24 - Daily Ruleset Update Summary 2021-09-24
2021-09-24 - Declaration by the High Representative on behalf of the European Union on respect for the EU’s democratic processes
2021-09-24 - Examining the Cring Ransomware Techniques
2021-09-24 - Flash Report- Colossus Ransomware
2021-09-24 - Hunting the LockBit Gang's Exfiltration Infrastructures
2021-09-26 - Desorden Group claims to have stolen 200 GB of data from ABX Express
2021-09-26 - Insights into Ransomware Spread Using Exchange 1-Day Vulnerabilities 1-2
2021-09-27 - A Virtual Baffle to Battle Squirrelwaffle
2021-09-27 - A guide to combatting human-operated ransomware- Part 2
2021-09-27 - BloodyStealer and gaming assets for sale
2021-09-27 - Deobfuscating PowerShell Malware Droppers
2021-09-27 - DoppelDridex Delivered via Slack and Discord
2021-09-27 - Fake Installers Drop Malware and Open Doors for Opportunistic Attackers
2021-09-27 - FoggyWeb- Targeted NOBELIUM malware leads to persistent backdoor
2021-09-27 - RedLine Infostealer - Detailed Reverse Engineering
2021-09-27 - Threat Analysis Report- Inside the Destructive PYSA Ransomware
2021-09-28 - 4 Chinese APT Groups Identified Targeting Mail Server of Afghan Telecommunications Firm Roshan
2021-09-28 - FinSpy- unseen findings
2021-09-28 - Mirai_ptea_Rimasuta variant is exploiting a new RUIJIE router 0 day to spread
2021-09-28 - REvil’s “Cryptobackdoor” Con- Ransomware Group’s Tactics Roil Affiliates, Sparking a Fallout
2021-09-28 - Squirrelwaffle- New Loader Delivering Cobalt Strike
2021-09-28 - Winter Vivern – all Summer
2021-09-28 - Zircolite vs Defense Evasion & Nobellium FoggyWeb
2021-09-29 - Aria-Body Loader- Is that you-
2021-09-29 - Backup “Removal” Solutions - From Conti Ransomware With Love
2021-09-29 - DarkHalo after SolarWinds- the Tomiris connection (UNC2849)
2021-09-29 - Evaluating the Value of Security Intelligence Feeds with Silent Push
2021-09-29 - Federal Indictment in Chicago Charges Turkish National With Directing Cyber Attack on Multinational Hospitality Company
2021-09-29 - FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal
2021-09-29 - Google Drive abused in document exfiltration operation against Afghanistan
2021-09-29 - GriftHorse Android Trojan Steals Millions from Over 10 Million Victims Globally GriftHorse Android Trojan Steals Millions from Over 10 Million Victims Globally
2021-09-29 - How to defeat the Russian Dukes- A step-by-step analysis of MiniDuke used by APT29-Cozy Bear
2021-09-29 - PixStealer- a new wave of Android banking Trojans abusing Accessibility Services
2021-09-29 - Russian hacker Q&A- An Interview With REvil-Affiliated Ransomware Contractor
2021-09-29 - TA544 Targets Italian Organizations with Ursnif Malware
2021-09-29 - Zloader Campaigns at a Glance (IOCs)
2021-09-29 - Zloader Campaigns at a Glance
2021-09-30 - A wolf in sheep's clothing- Actors spread malware by leveraging trust in Amnesty International and fear of Pegasus
2021-09-30 - All your hashes are belong to us- An overview of malware hashing algorithms
2021-09-30 - Credential Harvesting at Scale Without Malware
2021-09-30 - GhostEmperor- From ProxyLogon to kernel mode
2021-09-30 - Hunting for the Confluence Exploitation- When Falcon OverWatch Becomes the First Line of Defense
2021-09-30 - Mac Users Targeted by Trojanized iTerm2 App
2021-09-30 - Mirai goes Stealth – TLS & IoT Malware
2021-09-30 - New Version Of Apostle Ransomware Reemerges In Targeted Attack On Higher Education
2021-09-30 - Ranion Ransomware - Quiet and Persistent RaaS
2021-09-30 - Threat Thursday- xLoader Infostealer
2021-10-01 - Babuk Ransomware Variant Delta Plus Used in Live Attacks After Source Code Leaked
2021-10-01 - Made In America- Green Lambert for OS X
2021-10-01 - SQUIRRELWAFFLE – Analysing the Custom Packer
2021-10-03 - Using Windows Sandbox for Malware Analysis
2021-10-04 - Atom Silo ransomware actors use Confluence exploit, DLL side-load for stealthy attack
2021-10-04 - BazarLoader and the Conti Leaks
2021-10-04 - How to Write a Hancitor Extractor in Go
2021-10-04 - Malware Gh0stTimes Used by BlackTech
2021-10-04 - Mobile Malware- TangleBot Untangled
2021-10-04 - Phish, Phished, Phisher- A Quick Peek Inside a Telegram Harvester
2021-10-04 - Reverse engineered the Hancitor DLL and built a static config extractor
2021-10-04 - Threat hunting in large datasets by clustering security events
2021-10-05 - Analyzing Ransomware Negotiations with CONTI (X)
2021-10-05 - Chinese Influence Operations A Machiavellian Moment
2021-10-05 - Drawing a Dragon- Connecting the Dots to Find APT41
2021-10-05 - Malware analysis- Details on LockBit ransomware
2021-10-05 - Prometheus x Spook- Prometheus ransomware rebranded Spook ransomware.
2021-10-05 - Python ransomware script targets ESXi server for encryption
2021-10-05 - Ransomware as a Service- Enabler of Widespread Attacks
2021-10-05 - Regarding the Threats Posed by Encrypted Office Files
2021-10-05 - The REBOL Yell- A New Novel REBOL Exploit
2021-10-05 - UEFI threats moving to the ESP- Introducing ESPecter bootkit
2021-10-06 - Inside TeamTNT’s Impressive Arsenal- A Look Into A TeamTNT Server
2021-10-06 - To the moon and hack- Fake SafeMoon app drops malware to spy on you
2021-10-07 - FIN12- The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets
2021-10-07 - FontOnLake- Previously unknown malware family targeting Linux
2021-10-07 - Google notifies 14,000 Gmail users of targeted APT28 attacks
2021-10-07 - Netherlands can use intelligence or armed forces to respond to ransomware attacks
2021-10-07 - Operation Newton- Hi Kimsuky- Did an Apple(seed) really fall on Newton’s head-
2021-10-07 - Ransomware in the CIS
2021-10-07 - Russian cyberattacks pose greater risk to governments and other insights from our annual report
2021-10-07 - SilverTerrier – Nigerian Business Email Compromise
2021-10-07 - SquirrelWaffle- New Malware Loader Delivering Cobalt Strike and QakBot
2021-10-07 - Team TNT Deploys Malicious Docker Image On Docker Hub
2021-10-07 - Threat Thursday- BluStealer Infostealer
2021-10-08 - Actors Target Huawei Cloud Using Upgraded Linux Malware
2021-10-08 - Malware Flagpro used by targeted attack group BlackTech
2021-10-08 - New Trickbot and BazarLoader campaigns use multiple delivery vectorsi
2021-10-08 - SQUIRRELWAFFLE – Analysing The Main Loader
2021-10-11 - Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors
2021-10-11 - Moving Left of the Ransomware Boom
2021-10-11 - Necro Python Botnet Goes After Vulnerable VisualTools DVR
2021-10-11 - SnapMC skips ransomware, steals data
2021-10-12 - Continued Exploitation of CVE-2021-26084
2021-10-12 - Defining Cobalt Strike Components So You Can BEA-CONfident in Your Analysis
2021-10-12 - ECX- Big Game Hunting on the Rise Following a Notable Reduction in Activity
2021-10-12 - Going Coast to Coast - Climbing the Pyramid with the Deimos Implant
2021-10-12 - Malspam Campaign Delivers Dark Crystal RAT (dcRAT)
2021-10-12 - MysterySnail attacks with Windows zero-day
2021-10-12 - The King is Dead, Long Live MyKings! (Part 1 of 2)
2021-10-13 - AtomSilo Ransomware
2021-10-13 - BlackBerry Shines Spotlight on Evolving Cobalt Strike Threat in New Book
2021-10-13 - CetaRAT APT Group – Targeting the Government Agencies
2021-10-13 - The ad blocker that injects ads
2021-10-13 - Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds
2021-10-13 - Trouble in Asia and the Middle East. Tracking the TransparentTribe threat actor.
2021-10-13 - “Spytech Necro” – Keksec’s Latest Python Malware
2021-10-14 - A Handshake with MySQL Bots
2021-10-14 - Alert (AA21-287A) Ongoing Cyber Threats to U.S. Water and Wastewater Systems
2021-10-14 - Analyzing Email Services Abused for Business Email Compromise
2021-10-14 - Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes
2021-10-14 - Countering threats from Iran (APT35)
2021-10-14 - Explosive New MirrorBlast Campaign Targets Financial Companies
2021-10-14 - New Yanluowang ransomware used in targeted attacks
2021-10-14 - Phishers Get Clever, Use Math Symbols for Verizon Logo
2021-10-15 - AtomSilo Ransomware Enters the League of Double Extortion
2021-10-15 - BlackByte Ransomware – Pt 2. Code Obfuscation Analysis
2021-10-15 - BlackByte Ransomware – Pt. 1 In-depth Analysis
2021-10-15 - Memory Forensics R&D Illustrated- Detecting Mimikatz's Skeleton Key Attack
2021-10-15 - Ransomware Operators Found Using New -Franchise- Business Model
2021-10-15 - Recovering registry hives encrypted by LockBit 2.0
2021-10-17 - Building highly interactive honeypots- CVE-2021-41773 case study
2021-10-17 - REvil ransomware shuts down again after Tor sites were hijacked
2021-10-18 - Alert (AA21-291A)- BlackMatter Ransomware
2021-10-18 - Case Study- From BazarLoader to Network Reconnaissance
2021-10-18 - Harvester- Nation-state-backed group uses new toolset to target victims in South Asia
2021-10-18 - IcedID to XingLocker Ransomware in 24 hours
2021-10-18 - Is There Really Such a Thing as a Low-Paid Ransomware Operator-
2021-10-18 - Karma Ransomware - An Emerging Threat With A Hint of Nemty Pedigree
2021-10-18 - Profiling hackers using the Malvertising Attack Matrix by Confiant
2021-10-18 - REvil Disappears Again- ‘Something Is Rotten in the State of Ransomware’
2021-10-18 - Suspected Chinese hackers behind attacks on ten Israeli hospitals
2021-10-18 - ZLoader Reversing
2021-10-19 - Cybercriminals cash in on black market vaccine schemes
2021-10-19 - Good for Evil- DeepBlueMagic Ransomware Group Abuses Legit Encryption Tools
2021-10-19 - LightBasin- A Roaming Threat to Telecommunications Companies
2021-10-19 - Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India
2021-10-19 - PurpleFox Adds New Backdoor That Uses WebSockets
2021-10-19 - STRRAT, ZLoader, and HoneyGain
2021-10-19 - Social Network Account Stealers Hidden in Android Gaming Hacking Tool
2021-10-19 - The layered infrastructure operated by APT29
2021-10-19 - Trickbot module descriptions
2021-10-19 - WeTheNorth- A New Canadian Dark Web Marketplace
2021-10-19 - Whatta TA- TA505 Ramps Up Activity, Delivers New FlawedGrace Variant
2021-10-19 - q-logger skimmer keeps Magecart attacks going
2021-10-20 - Hidden in Plain Sight- Identifying Cryptography in BLACKMATTER Ransomware
2021-10-20 - New Espionage Campaign Targets South East Asia
2021-10-20 - Newly Found npm Malware Mines Cryptocurrency on Windows, Linux, macOS Devices
2021-10-20 - Persistence and Privilege Escalation on Windows via Print Processors
2021-10-20 - Phishing campaign targets YouTube creators with cookie theft malware
2021-10-20 - Russian-speaking cybercrime evolution- What changed from 2016 to 2021
2021-10-20 - TA551 Uses ‘SLIVER’ Red Team Tool in New Activity
2021-10-20 - TM Follow-Up (TAG_APT35_14-10-21)
2021-10-20 - Two Individuals (Pavel Stassi & Aleksandr Skorodumov) Sentenced for Providing “Bulletproof Hosting” for Cybercriminals
2021-10-20 - VNC Malware (TinyNuke, TightVNC) Used by Kimsuky Group
2021-10-21 - Apache HTTP Server CVE-2021-42013 and CVE-2021-41773 Exploited in the Wild
2021-10-21 - Chrome targeted by Magnitude exploit kit
2021-10-21 - Cobalt Strike- Using Known Private Keys To Decrypt Traffic – Part 1
2021-10-21 - DBatLoader- Abusing Discord to Deliver Warzone RAT
2021-10-21 - Evil Corp demands $40 million in new Macaw ransomware attacks
2021-10-21 - FIN7 Recruits Talent For Push Into Ransomware
2021-10-21 - Franken-phish- TodayZoo built from other phishing kits
2021-10-21 - How to- Threat hunting and threat intelligence
2021-10-21 - Initial Access Broker Landscape
2021-10-21 - Massive campaign uses YouTube to push password-stealing malware
2021-10-21 - Multi-Staged JSOutProx RAT Targets Indian Co-operative Banks and Finance Companies
2021-10-21 - Stopping GRACEFUL SPIDER- Falcon Complete’s Fast Response to Recent SolarWinds Serv-U Exploit Campaign
2021-10-21 - Raccoon Stealer Under the Lens- A Deep-dive Analysis
2021-10-21 - “Missed Voice Message,” the Latest Phishing Lure
2021-10-22 - Advanced IP Scanner- the preferred scanner in the A(P)T toolbox
2021-10-22 - Assassinations of -MiniNinja- in Various APAC Countries
2021-10-22 - DarkSide bitcoins on the move following government cyberattack against REvil ransomware group
2021-10-22 - DarkSide ransomware rushes to cash out $7 million in Bitcoin
2021-10-22 - EXCLUSIVE Governments turn tables on ransomware gang REvil by pushing it offline
2021-10-22 - New MultiloginBot Phishing Campaign
2021-10-22 - Recent Attack Uses Vulnerability on Confluence Server
2021-10-22 - Spectre v4.0 - The Speed of Malware Threats After the Pandemics
2021-10-22 - Threat Advisory- Hackers Are Exploiting a Vulnerability in Popular Billing Software to Deploy Ransomware
2021-10-22 - “Page Not Found”- REvil Darknet Services Offline After Attack Last Weekend
2021-10-23 - Links to Previous Attacks in UAParserJS Compromise
2021-10-24 - Breaking the News New York Times Journalist Ben Hubbard Hacked with Pegasus after Reporting on Previous Hacking Attempts
2021-10-24 - New activity from Russian actor Nobelium
2021-10-24 - Node poisoning- hijacked package delivers coin miner and credential-stealing backdoor
2021-10-25 - Bear in the Net- A Network-Focused Perspective on Berserk Bear
2021-10-25 - Conti Ransom Gang Starts Selling Access to Victims
2021-10-25 - Digital banking fraud- how the Gozi malware works
2021-10-25 - NOBELIUM targeting delegated administrative privileges to facilitate broader attacks
2021-10-25 - OverWatch Elite In Action- Prompt Call Escalation Proves Vital to Containing Attack
2021-10-25 - TeamTNT Continues to Target Exposed Docker API
2021-10-25 - UAParser.js npm Package Supply Chain Attack- Impact and Response
2021-10-25 - UltimaSMS- A widespread premium SMS scam on the Google Play Store
2021-10-25 - WebAssembly Is Abused by eCriminals to Hide Malware
2021-10-26 - APT trends report Q3 2021
2021-10-26 - Almost 100 Organizations in Brazil Targeted with Banking Trojan
2021-10-26 - DRIDEX- Analysing API Obfuscation Through VEH
2021-10-26 - Detecting CONTI CobaltStrike Lateral Movement Techniques - Part 1
2021-10-26 - EP 103- Cloud Hopper
2021-10-26 - High(er) Fidelity Software Supply Chain Attack Detection
2021-10-26 - Malware WinDealer used by LuoYu Attack Group
2021-10-26 - Mercenary APTs – An Exploration
2021-10-26 - Protect your business from password sprays with Microsoft DART recommendations
2021-10-26 - SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike
2021-10-27 - Avast releases decryptor for AtomSilo and LockFile ransomware
2021-10-27 - Cobalt Strike- Using Known Private Keys To Decrypt Traffic – Part 2
2021-10-27 - Code similarity analysis with r2diaphora
2021-10-27 - Evading EDR Detection with Reentrancy Abuse
2021-10-27 - Extracting type information from Go binaries
2021-10-27 - New Threat Actor Spoofs Philippine Government, COVID-19 Health Data in Widespread RAT Campaigns
2021-10-27 - Portable Executable File Infecting Malware Is Increasingly Found in OT Networks
2021-10-27 - THREAT ALERT- Malicious Code Implant in the UAParser.js Library
2021-10-27 - Tales From the Cryptojacking Front Lines
2021-10-27 - Vidar stealer campaign targeting Baltic region and NATO entities
2021-10-27 - Wslink- Unique and undocumented malicious loader that runs as a server
2021-10-27 - [RE025] TrickBot ... many tricks
2021-10-28 - A Detailed Walkthrough of Ranzy Locker Ransomware TTPs
2021-10-28 - Chaos Ransomware Variant in Fake Minecraft Alt List Brings Destruction to Japanese Gamers
2021-10-28 - DECAF Ransomware- A New Golang Threat Makes Its Appearance
2021-10-28 - Mutmaßlicher Ransomware-Millionär identifiziert
2021-10-28 - Rooting Malware Makes a Comeback- Lookout Discovers Global Campaign
2021-10-28 - Russian National (Vladimir Dunaev) Extradited to United States to Face Charges for Alleged Role in Cybercriminal Organization
2021-10-28 - Spook Ransomware - Prometheus Derivative Names Those That Pay, Shames Those That Don’t
2021-10-28 - TA575 Uses ‘Squid Game’ Lures to Distribute Dridex malware
2021-10-28 - THREAT ANALYSIS REPORT- Snake Infostealer Malware
2021-10-28 - Termination of Federal Unemployment Programs Represents Turning Point for Fraudsters
2021-10-28 - Urgency, Mail Relay Serve Phishers Well on Craigslist
2021-10-29 - OpenCTI data sharing
2021-10-29 - Pink, a botnet that competed with the vendor to control the massive infected devices
2021-10-29 - TAG Bulletin- Q3 2021
2021-10-30 - Reversing CryptoCrazy Ransomware - PoC Decryptor and some Tricks
2021-10-31 - A detailed analysis of the STOP-Djvu Ransomware
2021-10-31 - Measuring User Behavior
2021-11-01 - BlackMatter- New Data Exfiltration Tool Used in Attacks
2021-11-01 - Cybercrime underground flush with shipping companies credentials
2021-11-01 - Deceive the Heavens to Cross the Sea - Over 300K Infections via Droppers on Google Play Store
2021-11-01 - Diving into double extortion campaigns
2021-11-01 - From Thanos to Prometheus- When Ransomware Encryption Goes Wrong
2021-11-01 - From Zero to Domain Admin
2021-11-01 - The Hack that Changed the World
2021-11-01 - Two Tools for Malware Analysis and Reverse Engineering in Ghidra
2021-11-02 - Adults Only Malware Lures
2021-11-02 - BlackMatter Ransomware- In-Depth Analysis & Recommendations
2021-11-02 - Cobalt Strike Process Injection
2021-11-02 - Detecting CONTI CobaltStrike Lateral Movement Techniques - Part 2
2021-11-02 - FBI Warning- HelloKitty Ransomware Add DDoS to Extortion Arsenal
2021-11-02 - Hunting for potential network beaconing patterns using Apache Spark via Azure Synapse – Part 1
2021-11-02 - Malware analysis- Hands-On Shellbot malware
2021-11-02 - New Malware “Gameloader” in Discord Malspam Campaign Identified by GoSecure Titan Labs
2021-11-02 - US seeks extradition of alleged Ukrainian scammer arrested at Polish border stop
2021-11-02 - Underminer Exploit Kit- The More You Check The More Evasive You Become
2021-11-02 - ‘Destructive’ cyberattack hits National Bank of Pakistan
2021-11-03 - BlackMatter ransomware moves victims to LockBit after shutdown
2021-11-03 - BlackMatter ransomware says its shutting down due to pressure from local authorities
2021-11-03 - Cobalt Strike- Using Process Memory To Decrypt Traffic – Part 3
2021-11-03 - Credit card skimmer evades Virtual Machines
2021-11-03 - DirtyMoe- Deployment
2021-11-03 - Identification of a new cybercriminal group- Lockean
2021-11-03 - Mekotio Banker Returns with Improved Stealth and Ancient Encryption
2021-11-03 - Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk
2021-11-03 - New Tool- cs-extract-key.py
2021-11-03 - TeamTNT Upgrades Arsenal, Refines Focus on Kubernetes and GPU Environments
2021-11-03 - The Darker Things BlackMatter and their victims
2021-11-03 - Use EVTX files on VirusTotal with Timesketch and Sigma (Part1)
2021-11-03 - Webinject Panel Administration- A Vantage Point into Multiple Threat Actor Campaigns - A Case Study on the Value of Threat Reconnaisance
2021-11-04 - Blackboxing Diebold-Nixdorf ATMs
2021-11-04 - CARBON SPIDER Embraces Big Game Hunting, Part 2
2021-11-04 - Caught Beneath the Landline- A 411 on Telephone Oriented Attack Delivery
2021-11-04 - Deep Dive into a Fresh Variant of Snake Keylogger Malware
2021-11-04 - Detecting IcedID... Could It Be A Trickbot Copycat-
2021-11-04 - DoD's 2021 China Military Power Report- How Advances in AI and Emerging Technologies Will Shape China’s Military
2021-11-04 - Google fixes Android zero-day exploited in the wild in targeted attacks (CVE-2021-1048)
2021-11-04 - SSU identified FSB hackers who carried out more than 5,000 cyberattacks on state bodies of Ukraine (video)
2021-11-04 - Threat Thursday- Karma Ransomware
2021-11-04 - Understanding the Windows JavaScript Threat Landscape
2021-11-05 - A Review and Analysis of 2021 Buer Loader Campaigns
2021-11-05 - Hunter Becomes Hunted- Zebra2104 Hides a Herd of Malware
2021-11-05 - Jury Convicts Chinese Intelligence Officer of Espionage Crimes, Attempting to Steal Trade Secrets (Yanjun Xu)
2021-11-05 - Spike in DanaBot Malware Activity
2021-11-05 - The BigBoss Rules- Something about one of the Uroburos’ RPC-based backdoors
2021-11-07 - CONTI Ransomware- Cheat Sheet
2021-11-07 - Selling China's Story
2021-11-07 - Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer
2021-11-07 - Who Will Bend the Knee in RaaS Game of Thrones in 2022-
2021-11-08 - Devices of Palestinian Human Rights Defenders Hacked with NSO Group’s Pegasus Spyware
2021-11-08 - In-Depth Analysis of Ransom Note Files
2021-11-08 - Popular NPM Repositories Compromised in Man-in-the-Middle Attack
2021-11-08 - REvil Ransom Arrest, $6M Seizure, and $10M Reward
2021-11-08 - TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access
2021-11-08 - Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus
2021-11-08 - Treasury Continues to Counter Ransomware as Part of Whole-of-Government Effort; Sanctions Ransomware Operators and Virtual Currency Exchange (Yaroslav Vasinskyi & Yevgeniy Polyanin)
2021-11-08 - Ukrainian Arrested and Charged with Ransomware Attack on Kaseya
2021-11-08 - WANTED poster for Yevhgyeniy Polyanin (REvil affiliate)
2021-11-08 - “A grim outlook”- How cyber surveillance is booming on a global scale
2021-11-09 - A New DatopLoader Delivers QakBot Trojan
2021-11-09 - Cisco Talos finds 10 vulnerabilities in Azure Sphere’s Linux kernel, Security Monitor and Pluton
2021-11-09 - Compromised Docker Hub Accounts Abused for Cryptomining Linked to TeamTNT
2021-11-09 - Scheming with URLs- One-Click Attack Surface in Linux Desktop Environments
2021-11-09 - THREAT ANALYSIS REPORT- From Shatak Emails to the Conti Ransomware
2021-11-09 - The Invisible JavaScript Backdoor
2021-11-09 - Who are latest targets of cyber group Lyceum-
2021-11-09 - [EX008] The exploit chain allows to take control of Zalo user accounts
2021-11-10 - -He does not get in touch-- what is known about Barnaul, wanted by the FBI on charges of cybercrime
2021-11-10 - North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets
2021-11-10 - PhoneSpy- The App-Based Cyberattack Snooping South Korean Citizens
2021-11-10 - Ploutus ATM Malware Case Study- Automated Deobfuscation of a Strongly Obfuscated .NET Binary
2021-11-10 - REvil Under the Microscope
2021-11-10 - Stories from the SOC - Powershell, Proxyshell, Conti TTPs OH MY!
2021-11-10 - TR-64 - Exploited Exchange Servers - Mails with links to malware from known-valid senders
2021-11-10 - The Newest Malicious Actor- “Squirrelwaffle” Malicious Doc.
2021-11-10 - The hunt for NOBELIUM, the most sophisticated nation-state attack in history
2021-11-10 - Use EVTX files on VirusTotal with Timesketch and Sigma (Part 2)
2021-11-10 - Void Balaur and the Rise of the Cybermercenary Industry (IOCs)
2021-11-10 - Walking on APT31 infrastructure footprints
2021-11-10 - Zero-Day Disclosure- Palo Alto Networks GlobalProtect VPN CVE-2021-3064
2021-11-10 - mai1zhi2 - SharpBeacon - CobaltStrike Beacon written in .Net 4
2021-11-11 - A Duck Nightmare Quakbot Strikes with QuakNightmare Exploitation
2021-11-11 - AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits
2021-11-11 - Analyzing a watering hole campaign using macOS exploits
2021-11-11 - BazarLoader ‘call me back’ attack abuses Windows 10 Apps mechanism
2021-11-11 - FIN7 Tools Resurface in the Field – Splinter or Copycat-
2021-11-11 - HTML smuggling surges- Highly evasive loader technique increasingly used in banking malware, targeted attacks
2021-11-11 - Is SquirrelWaffle the New Emotet- How to Detect the Latest MalSpam Loader
2021-11-11 - Magniber ransomware gang now exploits Internet Explorer flaws in attacks
2021-11-11 - OSX.CDDS a sophisticated watering hole campaign drops a new macOS implant!
2021-11-11 - SharkBot- a new generation of Android Trojans is targeting banks in Europe
2021-11-11 - SideCopy organization's recent attack incident analysis using China-India current affairs news
2021-11-11 - Stopping Cybersecurity Threats- Why Databases Matter
2021-11-11 - TeamTNT Upgrades Arsenal, Refines Focus on Kubernetes and GPU Environments
2021-11-11 - Threat Thursday- SquirrelWaffle Takes a Bite Out of Victim's Bank Accounts
2021-11-11 - To Joke or Not to Joke- COVID-22 Brings Disaster to MBR
2021-11-12 - A multi-stage PowerShell based attack targets Kazakhstan
2021-11-12 - AgentTesla dropped via NSIS installer
2021-11-12 - Golang Malware Is More than a Fad- Financial Motivation Drives Adoption
2021-11-12 - Malware Analysis- Syscalls- Examining how to analyse malware that uses syscalls as opposed to API calls
2021-11-12 - New Threat Alert- Krane Malware
2021-11-13 - QAKBOT Loader Returns With New Techniques and Tools
2021-11-13 - Threat Spotlight - Domain Fronting
2021-11-15 - Emotet malware is back and rebuilding its botnet via TrickBot
2021-11-15 - Evasive maneuvers- HTML smuggling explained
2021-11-15 - Exchange Exploit Leads to Domain Wide Ransomware
2021-11-15 - Fake Ransomware Infection Spooks Website Owners
2021-11-15 - Finding Beacons in the Dark - A Guide to CTI (X)
2021-11-15 - Groups Target Alibaba ECS Instances for Cryptojacking
2021-11-15 - Guess who’s back
2021-11-15 - How cryptomixers allow cybercriminals to clean their ransoms
2021-11-15 - Infect If Needed - A Deeper Dive Into Targeted Backdoor macOS.Macma
2021-11-15 - ProxyShell, QBot, and Conti Ransomware Combined in a Series of Cyberattacks
2021-11-15 - Uncovering MosesStaff techniques- Ideology over Money
2021-11-16 - Attackers use domain fronting technique to target Myanmar with Cobalt Strike
2021-11-16 - Comeback of Emotet
2021-11-16 - Emotet Returns
2021-11-16 - Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021
2021-11-16 - Excel 4 macro code obfuscation
2021-11-16 - Global Operations Lead to Arrests of Alleged Members of GandCrab-REvil and Cl0p Cartels
2021-11-16 - Hands-On Muhstik Botnet- crypto-mining attacks targeting Kubernetes
2021-11-16 - How IronNet's Behavioral Analytics Detect REvil and Conti Ransomware
2021-11-16 - New Type of Supply Chain Attack Could Put Popular Admin Tools at Risk
2021-11-16 - Office Documents- May the XLL technique change the threat Landscape in 2022-
2021-11-16 - RAMP Ransomware’s Apparent Overture to Chinese Threat Actors
2021-11-16 - Return of Emotet malware
2021-11-16 - Strategic web compromises in the Middle East with a pinch of Candiru
2021-11-16 - Taking Action Against Hackers in Pakistan and Syria
2021-11-16 - TrickBot helps Emotet come back from the dead
2021-11-16 - UNC1151 Assessed with High Confidence to have Links to Belarus, Ghostwriter Campaign Aligned with Belarusian Government Interests
2021-11-16 - Vulnerability Intelligence- What’s the Word in Dark Web Forums-
2021-11-16 - ‘Ghostwriter’ Looks Like a Purely Russian Op - Except It's Not
2021-11-17 - An in-depth look at hacking back, active defense, and cyber letters of marque
2021-11-17 - Analyzing ProxyShell-related Incidents via Trend Micro Managed XDR
2021-11-17 - Astaroth- Banking Trojan
2021-11-17 - BrazKing Android Malware Upgraded and Targeting Brazilian Banks
2021-11-17 - Cobalt Strike- Decrypting Obfuscated Traffic – Part 4
2021-11-17 - Creating your first Microsoft Sentinel Notebook
2021-11-17 - DNS Over HTTPS for Cobalt Strike
2021-11-17 - Evil Corp- 'My hunt for the world's most wanted hackers'
2021-11-17 - GitHub - cube0x0 - SharpMapExec
2021-11-17 - ProxyNoShell- A Change in Tactics Exploiting ProxyShell Vulnerabilities
2021-11-17 - Ransomware (R)evolution Plagues Organizations, But CrowdStrike Protection Never Wavers
2021-11-17 - Sorveglianza- l’azienda italiana che vuole sfidare i colossi NSO e Palantir
2021-11-18 - APT41 Perfects Code Signing Abuse to Escalate Supply Chain Attacks
2021-11-18 - BlackMatter, LockBit, and THOR
2021-11-18 - Conti Ransomware Group In-Depth Analysis
2021-11-18 - Conti Ransomware Nets at Least $25.5 Million in Four Months
2021-11-18 - Conti Ransomware
2021-11-18 - Emotet Activity Identified
2021-11-18 - Intelligence Insights- November 2021
2021-11-18 - Introducing Mandiant's Digital Forensics and Incident Response Framework for Embedded OT Systems
2021-11-18 - Iranian targeting of IT sector on the rise
2021-11-18 - Linux malware agent hits eCommerce sites
2021-11-18 - Netskope Threat Coverage- The Return of Emotet
2021-11-18 - New ransomware actor uses password protected archives to bypass encryption protection
2021-11-18 - New ransomware actor uses password-protected archives to bypass encryption protection
2021-11-18 - The Art of PerSwaysion Investigation of a Long-Lived Phishing Kit
2021-11-18 - The Pitfall of Threat Intelligence Whitelisting- Specter Botnet is 'taking over' Top Legit DNS Domains By Using ClouDNS Service
2021-11-18 - The awakening- Group-IB uncovers new corporate espionage attacks by RedCurl
2021-11-18 - Threat Thursday- DanaBot’s Evolution from Bank Fraud to DDos Attacks
2021-11-18 - Treasury Sanctions Iran Cyber Actors for Attempting to Influence the 2020 U.S. Presidential Election
2021-11-18 - Triple Threat- North Korea-Aligned TA406 Scams, Spies, and Steals
2021-11-18 - Two Iranian Nationals Charged for Cyber-Enabled Disinformation and Threat Campaign Designed to Influence the 2020 U.S. Presidential Election ( Seyyed Mohammad Hosein Musa Kazemi & Sajjad Kashian )
2021-11-19 - Im Rätsel um gruselige Spionage-Software führt die Spur über Wirecard in den Kreml
2021-11-19 - Is a coordinated cyberattack brewing in the escalating Russian-Ukrainian conflict-
2021-11-19 - It is suspected that the APT-C-55 organization used the commercial software Web Browser Password Viewer to carry out the attack
2021-11-19 - It’s a BEE! It’s a… no, it’s ShadowPad.
2021-11-19 - La Botnet de EMOTET reinicia ataques en Chile y LATAM
2021-11-19 - Malware Emotet resumes its activities for the first time in 10 months, and Japan is also the target of the attack
2021-11-19 - Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains
2021-11-19 - The New Threat- Mallox Ransomware
2021-11-20 - Corporate Loader -Emotet-- History of -X- Project Return for Ransomware
2021-11-21 - Dridex Trojan - Defeating Anti-Analysis - Strings Decryption - C&C Extraction
2021-11-22 - Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part1]
2021-11-22 - Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part2]
2021-11-23 - A Long List Of Arkei Stealer's Crypto Browser Wallets
2021-11-23 - Android APT spyware, targeting Middle East victims, enhances evasiveness
2021-11-23 - Babadeda Crypter targeting crypto, NFT, and DeFi communities
2021-11-23 - BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors
2021-11-23 - HANCITOR- Analysing The Malicious Document
2021-11-23 - Mummy Spider’s Emotet Malware is Back After a Year Hiatus; Wizard Spider’s TrickBot Observed in Its Return
2021-11-23 - RATDispenser- Stealthy JavaScript Loader Dispensing RATs into the Wild
2021-11-24 - CronRAT malware hides behind February 31st
2021-11-24 - From the archive #1- OSTap downloader deobfuscation and analysis
2021-11-24 - New PowerShortShell Stealer Exploits Recent Microsoft MSHTML Vulnerability to Spy on Farsi Speakers
2021-11-25 - A Deep Dive Into SoWaT- APT31’s Multifunctional Router Implant
2021-11-25 - Emotet de retour, POC Exchange, 0-day Windows - à quelle sauce les attaquants prévoient de nous manger cette semaine-
2021-11-27 - Halos Gate Evolves - Tartarus Gate
2021-11-29 - CONTInuing the Bazar Ransomware Story
2021-11-29 - Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites
2021-11-29 - Kitten.gif- Meet the Sabbath Ransomware Affiliate Program, Again
2021-11-29 - Nowhere to Hide- Detecting SILENT CHOLLIMA’s Custom Tooling
2021-11-29 - Pysa Ransomware Under the Lens- A Deep-Dive Analysis
2021-11-29 - ScarCruft surveilling North Korean defectors and human rights activists
2021-11-29 - Unpatched Exchange Servers distribute Phishing Links (SquirrelWaffle)
2021-11-29 - WIRTE’s campaign in the Middle East ‘living off the land’ since at least 2019
2021-11-30 - Cyberspace's Magic Eye- PROMETHIUM Fakes attack activity analysis of NotePads and installation packages
2021-11-30 - Is -KAX17- performing de-anonymization Attacks against Tor Users-
2021-11-30 - Just another analysis of the njRAT malware – A step-by-step approach
2021-11-30 - ProxyShell exploitation leads to BlackByte ransomware
2021-11-30 - The Re-Emergence of Emotet
2021-11-30 - Yanluowang ransomware operation matures with experienced affiliates
2021-11-30 - Yanluowang- Further Insights on New Ransomware Threat
2021-12-01 - Analyzing How TeamTNT Used Compromised Docker Hub Accounts
2021-12-01 - BlackCat Ransomware
2021-12-01 - BlackTech, an East Asian hacking group, has launched attacks in sectors such as finance and education
2021-12-01 - Injection is the New Black- Novel RTF Template Inject Technique Poised for Widespread Adoption Beyond APT Actors
2021-12-01 - Ransomware Spotlight- Conti
2021-12-01 - Smishing Botnets Going Viral in Iran
2021-12-01 - Toss a Coin to your Helper (Part 2 of 2)
2021-12-01 - Tracking a P2P network related to TA505
2021-12-02 - ABC Botnet Attacks on the Rise
2021-12-02 - APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus
2021-12-02 - Alert (AA21-336A)- APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus
2021-12-02 - Magnat campaigns use malvertising to deliver information stealer, backdoor and malicious Chrome extension
2021-12-02 - Revix Linux Ransomware
2021-12-02 - SideCopy APT- Connecting lures to victims, payloads to infrastructure
2021-12-02 - Spreading AgentTesla through more sophisticated malicious PPT
2021-12-02 - Structured threat hunting- One way Microsoft Threat Experts prioritizes customer defense
2021-12-02 - TAG Bulletin- Q4 2021
2021-12-03 - Hive Demo and IoCs
2021-12-03 - Mobile banking fraud- BRATA strikes again
2021-12-03 - TA551 (Shathak) pushes IcedID (Bokbot)
2021-12-03 - TrickBot Leverages Zoom Work from Home Interview Malspam, Heaven’s Gate and… Spamhaus-
2021-12-03 - Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify
2021-12-03 - Who Is the Network Access Broker ‘Babam’-
2021-12-04 - Malicious KMSPico installers steal your cryptocurrency wallets
2021-12-04 - Pivoting through malicious infrastructure- from ZoomPortable to Windscribe
2021-12-06 - AGENT TESLAGGAH
2021-12-06 - APT37 Using a New Android Spyware, Chinotto
2021-12-06 - Attack Lifecycle Detection of an Operational Technology Breach
2021-12-06 - Complaint filed by Microsoft against NICKEL-APT15
2021-12-06 - Magecart Groups Abuse Google Tag Manager
2021-12-06 - Mirai-based Botnet - Moobot Targets Hikvision Vulnerability
2021-12-06 - NICKEL targeting government organizations across Latin America and Europe
2021-12-06 - Phishing campaigns by the Nobelium intrusion set
2021-12-06 - Protecting people from recent cyberattacks
2021-12-06 - Suspected Russian Activity Targeting Government and Business Entities Around the Globe (UNC2452)
2021-12-07 - Critical Hit- How DoppelPaymer Hunts and Kills Windows Processes
2021-12-07 - Disrupting the Glupteba operation
2021-12-07 - Emotet now drops Cobalt Strike, fast forwards ransomware attacks
2021-12-07 - Exploit, steganography and Delphi- unpacking DBatLoader
2021-12-07 - FIN13- A Cybercriminal Threat Actor Focused on Mexico
2021-12-07 - New action to combat cyber crime
2021-12-07 - Revix Linux Ransomware
2021-12-07 - Threat news- TeamTNT stealing credentials using EC2 Instance Metadata
2021-12-07 - University Targeted Credential Phishing Campaigns Use COVID-19, Omicron Themes
2021-12-07 - XE Group – Exposed- 8 Years of Hacking & Card Skimming for Profit
2021-12-08 - Chasing Shadows- A deep dive into the latest obfuscation methods being used by ShadowPad
2021-12-08 - Collector-stealer- a Russian origin credential and information extractor
2021-12-08 - Full malware analysis Work-Flow of AgentTesla Malware
2021-12-08 - The double extortion business- Conti Ransomware Gang finds new avenues of negotiation
2021-12-08 - When old friends meet again- why Emotet chose Trickbot for rebirth
2021-12-09 - A closer look at Qakbot’s latest building blocks (and how to knock them down)
2021-12-09 - A new StrongPity variant hides behind Notepad++ installation
2021-12-09 - Emotet’s Return- What’s Different-
2021-12-09 - Inside the Hive- Deep dive into Hive RaaS, analysis of latest samples
2021-12-09 - The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs
2021-12-10 - BlackCatConf - Static Configuration Extractor for BlackCat Ransomware
2021-12-10 - Karakurt rises from its lair
2021-12-10 - Log4j2 Vulnerability “Log4Shell” (CVE-2021-44228)
2021-12-10 - New Yanluowang Ransomware Found to be Code-Signed, Terminates Database-Related Processes
2021-12-11 - Apache Log4j Zero-Day Being Exploited in the Wild
2021-12-11 - Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability
2021-12-12 - Log4Shell Hell- anatomy of an exploit outbreak
2021-12-12 - Log4Shell- Reconnaissance and post exploitation network detection
2021-12-12 - More Flagpro, More Problems
2021-12-13 - A Look Into Purple Fox’s Server Infrastructure
2021-12-13 - Analysis of Initial In The Wild Attacks Exploiting Log4Shell-Log4J-CVE-2021-44228
2021-12-13 - Diavol Ransomware
2021-12-13 - Now You Serial, Now You Don’t — Systematically Hunting for Deserialization Exploits
2021-12-13 - Return of Emotet- Malware Analysis
2021-12-14 - Analysis of Novel Khonsari Ransomware Deployed by the Log4Shell Vulnerability
2021-12-14 - Azure Run Command for Dummies
2021-12-14 - Collecting In the Dark- Tropic Trooper Targets Transportation and Government
2021-12-14 - Cuba Ransomware Analysis
2021-12-14 - DarkWatchman- A new evolution in fileless techniques
2021-12-14 - Espionage Campaign Targets Telecoms Organizations across Middle East and Asia
2021-12-14 - Full Spectrum Detections for 5 Popular Web Shells- Alfa, SharPyShell, Krypton, ASPXSpy, and TWOFACE
2021-12-14 - Network Security Monitoring Opportunities and Best Practices for Log4j Defense
2021-12-14 - Neutralizing Apache Log4j Exploits with Identity-Based Segmentation
2021-12-14 - Owowa- the add-on that turns your OWA into a credential stealer and remote access panel
2021-12-15 - Log4Shell Initial Exploitation and Mitigation Recommendations
2021-12-15 - No Unaccompanied Miners- Supply Chain Compromises Through Node.js Packages (UNC3379)
2021-12-15 - The dirty dozen of Latin America- From Amavaldo to Zumanek
2021-12-15 - ThreatLabz analysis - Log4Shell CVE-2021-44228 Exploit Attempts
2021-12-15 - Tracking Malicious Glupteba Activity Through the Blockchain
2021-12-16 - Global outbreak of Log4Shell
2021-12-16 - How the -Contact Forms- campaign tricks people
2021-12-16 - Inside the LockBit Arsenal - The StealBit Exfiltration Tool
2021-12-16 - Intelligence Insights- December 2021
2021-12-16 - Noberus- Technical Analysis Shows Sophistication of New Rust-based Ransomware
2021-12-16 - Pegasus vs. Predator- Dissident's Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware
2021-12-16 - Phorpiex botnet is back with a new Twizt- Hijacking Hundreds of crypto transactions
2021-12-16 - PseudoManuscrypt- a mass-scale spyware attack campaign
2021-12-16 - Threat Thursday- Warzone RAT Breeds a Litter of ScriptKiddies
2021-12-17 - Diavol Ransomware
2021-12-17 - Inside the code- How the Log4Shell exploit works
2021-12-17 - Ransomware Advisory- Log4Shell Exploitation for Initial Access & Lateral Movement
2021-12-17 - Serverless InfoStealer delivered in Est European Countries
2021-12-17 - Staging a Quack- Reverse Analyzing a Fileless QAKBOT Stager
2021-12-17 - Wir enthüllen den Staatstrojaner „Subzero“ aus Österreich
2021-12-17 - noPac- A Tale of Two Vulnerabilities That Could End in Ransomware
2021-12-19 - Exposed Docker APIs Abused by DDoS, Cryptojacking Botnet Malware
2021-12-20 - (Don't) Bring Dridex Home for the Holidays
2021-12-20 - Detecting anomalous network traffic resulting from a successful Log4j attack
2021-12-20 - Log4j vulnerability now used to install Dridex banking malware
2021-12-20 - Logjam- Log4j exploit attempts continue in globally distributed scans, attacks
2021-12-20 - PowerPoint attachments, Agent Tesla and code reuse in malware
2021-12-20 - Ransomware Spotlight- REvil
2021-12-20 - STOP-DJVU Ransomware IOC List
2021-12-21 - Attackers test “CAB-less 40444” exploit in a dry run
2021-12-21 - China’s Narrative War on Democracy
2021-12-21 - Ready-made fraud Behind the scenes of targeted scams
2021-12-21 - The Continued Evolution of Abcbot
2021-12-21 - The Log Keeps Rolling On- Evaluating Log4j Developments and Defensive Requirements
2021-12-22 - APT Tracking Analytics- Transparent Tribe Attack Activity
2021-12-22 - Alert (AA21-356A) Mitigating Log4Shell and Other Log4j-Related Vulnerabilities
2021-12-22 - Avos Locker remotely accesses boxes, even running in Safe Mode
2021-12-22 - CrowdStrike Launches Free Targeted Log4j Search Tool
2021-12-22 - Emotet 2.0- Everything you need to know about the new Variant of the Banking Trojan
2021-12-22 - The ‘STOP’ Ransomware Variant
2021-12-23 - COVID-19 Phishing Lure to Steal and Mine Cryptocurrency
2021-12-23 - Cyber Threat Profile MALTEIRO
2021-12-23 - Elastic Security uncovers BLISTER malware campaign
2021-12-23 - Hacker gains access to Hewlett-Packard 9000 EPYC server hardware to mine the cryptocurrency Raptoreum using Java exploit
2021-12-23 - Log4j Vulnerabilities- Attack Insights
2021-12-23 - New Rook Ransomware Feeds Off the Code of Babuk
2021-12-23 - Snip3, an investigation into malware
2021-12-27 - A Deep Dive into DoubleFeature, Equation Group’s Post-Exploitation Dashboard
2021-12-28 - APT Attack Cases of Kimsuky Group (PebbleDash)
2021-12-28 - Attackers are abusing MSBuild to evade defenses and implant Cobalt Strike beacons
2021-12-28 - Cases of Lockis ransomware infection
2021-12-28 - CrowdStrike Strengthens Exploit Protection Using Intel CPU Telemetry
2021-12-28 - Extracting Hancitor’s Configuration with Ghidra part 1
2021-12-28 - Flagpro- The new malware used by BlackTech
2021-12-28 - Iranian hackers behind Cox Media Group ransomware attack (DEV-0270)
2021-12-28 - The attack on ONUS – A real-life case of the Log4Shell vulnerability
2021-12-28 - The hacker-for-hire industry is now too big to fail
2021-12-29 - AsyncRAT Configuration Parser
2021-12-29 - Cobalt Strike DFIR- Listening to the Pipes
2021-12-29 - Japan aerospace cyberattacks show link to Chinese military- police (PLA Unit 61419)
2021-12-29 - OverWatch Exposes AQUATIC PANDA in Possession of Log4Shell Exploit Tools During Hands-on Intrusion Attempt
2021-12-29 - Strategically Aged Domain Detection- Capture APT Attacks With DNS Traffic Trends
2021-12-29 - Threat Alert- Evolving Attack Techniques of Autom Cryptomining Campaign
2021-12-30 - Agent Tesla Updates SMTP Data Exfiltration Technique
2021-12-30 - Lights Out in Isfahan
2021-12-30 - Technical Analysis of Khonsari Ransomware Campaign Exploiting the Log4Shell Vulnerability
2021-12-30 - Vice Society- Ransomware Gang Disrupted Spar Stores
2021-12-31 - Compromised Godaddy Infrastructure Attacking Numerous U.S. Government Websites to Promote “Canadian Pharmacy” Scam Websites
2021-12-31 - Do you want your Agent Tesla in the 300 MB or 8 kB package-
2021-12-31 - HANCITOR- Analysing The Main Loader
2021-12-31 - IKO activation - Malware campaign
Malware Analysis 2022
2022-01-01 - Analyzing an IcedID Loader Document2022-01-01 - Brute Ratel
2022-01-02 - -Cracking Open the Malware Piñata- Series- Intro to Dynamic Analysis with RedLineStealer
2022-01-02 - Analyzing a Magnitude EK Appx Package Dropping Magniber
2022-01-02 - MMON (aka KAPTOXA)
2022-01-02 - Malicious CSV text files used to install BazarBackdoor malware
2022-01-02 - SBIDIOT IoT Malware- miner edition
2022-01-02 - White Rabbit Ransomware and the F5 Backdoor
2022-01-03 - A Tale of Two Dropper Scripts for Agent Tesla
2022-01-03 - Distribution of Redline Stealer Disguised as Software Crack
2022-01-03 - Malicious Telegram Installer Drops Purple Fox Rootkit
2022-01-04 - Extracting Indicators from a Packed Mirai Sample
2022-01-04 - Leveraging the Power of KQL in Incident Response
2022-01-04 - Purple Fox malware is actively distributed via Telegram Installers
2022-01-05 - Analysis Report on Kimsuky Group’s APT Attacks (AppleSeed, PebbleDash)
2022-01-05 - Can You Trust a File’s Digital Signature- New Zloader Campaign exploits Microsoft’s Signature Verification putting users at risk
2022-01-05 - Elephant Beetle- Uncovering an Organized Financial-Theft Operation
2022-01-05 - Malware Analysis Spotlight- Kuzuluy Phishing Kit
2022-01-05 - New Konni Campaign Kicks Off the New Year by Targeting Russian Ministry of Foreign Affairs
2022-01-05 - SIDECOPY APT- From Windows to nix
2022-01-05 - Technical Analysis of CVE-2021-1732
2022-01-05 - Threat Intelligence Report- The Evolution of Doppel Spider from BitPaymer to Grief Ransomware
2022-01-06 - A “GULP” of PlugX
2022-01-06 - Malware Analysis Spotlight- XLoader’ Cross-platform Support Utilizing XBinder
2022-01-06 - NOBELIUM’s EnvyScout infection chain goes in the registry, targeting embassies
2022-01-06 - Night Sky is the latest ransomware targeting corporate networks
2022-01-06 - Rook Ransomware Analysis
2022-01-06 - Unpacking Emotet malware part 01
2022-01-07 - Patchwork APT caught in its own web
2022-01-07 - Technical Analysis of Code-Signed Blister Malware Campaign Part 1
2022-01-07 - Technical Analysis of Code-Signed “Blister” Malware Campaign (Part 1)
2022-01-07 - Unpacking CVE-2021-40444- A Deep Technical Analysis of an Office RCE Exploit
2022-01-07 - Unpacking Emotet malware part 02
2022-01-08 - Trojanized dnSpy app drops malware cocktail on researchers, devs
2022-01-08 - Unpacking Hancitor malware
2022-01-09 - Inspecting a PowerShell Cobalt Strike Beacon
2022-01-09 - Malware Headliners- Dridex
2022-01-09 - Unpacking Vmprotect packer
2022-01-10 - Abcbot - An Evolution of Xanthe
2022-01-10 - COVID Omicron Variant Lure Used to Distribute RedLine Stealer
2022-01-10 - Detecting Malware Script Loaders using Remcos- Threat Research Release December 2021
2022-01-10 - TokyoX- DLL side-loading an unknown artifact
2022-01-11 - APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit
2022-01-11 - New SysJoker Backdoor Targets Windows, Linux, and macOS
2022-01-11 - New SysJoker backdoor targets Windows, macOS, and Linux
2022-01-11 - Reimplementation of Expiro's DGA
2022-01-11 - Signed DLL campaigns as a service
2022-01-11 - Signed kernel drivers – Unguarded gateway to Windows’ core
2022-01-11 - TellYouThePass Ransomware Analysis Reveals a Modern Reinterpretation Using Golang
2022-01-11 - Threat Analysis Report- DatopLoader Exploits ProxyShell to Deliver QBOT and Cobalt Strike
2022-01-11 - Unpacking Dridex malware
2022-01-12 - 2021 Gorgon Group APT Operation
2022-01-12 - Abusing Microsoft Office Using Malicious Web Archive Files
2022-01-12 - Analysis of njRAT PowerPoint Macros
2022-01-12 - Deep analysis agent tesla malware
2022-01-12 - Exploit Kits vs. Google Chrome
2022-01-12 - Forensics Analysis of the NSO Group’s Pegasus Spyware
2022-01-12 - Hackers take over diplomat's email, target Russian deputy minister
2022-01-12 - Iranian intel cyber suite of malware uses open source tools
2022-01-12 - Magniber Ransomware Being Distributed via Microsoft Edge and Google Chrome
2022-01-12 - Nanocore, Netwire and AsyncRAT spreading campaign uses public cloud infrastructure
2022-01-12 - Newly Found Malware Threatens IoT Devices
2022-01-12 - NightSky Ransomware – just a Rook RW fork in VMProtect suit
2022-01-12 - TokyoX- DLL side-loading an unknown artifact (Part 2)
2022-01-12 - Unpacking Ramnit malware
2022-01-12 - Wading Through Muddy Waters - Recent Activity of an Iranian State-Sponsored Threat Actor
2022-01-13 - Decrypting Qakbot’s Encrypted Registry Keys
2022-01-13 - FIN7 Uses Flash Drives to Spread Remote Access Trojan
2022-01-13 - Linux-Targeted Malware Increases by 35% in 2021- XorDDoS, Mirai and Mozi Most Prevalent
2022-01-13 - The BlueNoroff cryptocurrency hunt is still on
2022-01-13 - Threat Thursday- Jupyter Infostealer is a Master of Disguise
2022-01-13 - Unpacking Remcos malware
2022-01-14 - How Attackers Use XLL Malware to Infect Systems
2022-01-14 - Multidex trick to unpack Android-BianLian
2022-01-14 - Storm in -Safe Haven-- Takeaways from Russian Authorities Takedown of REvil
2022-01-15 - BazarLoader - Back from Holiday Break
2022-01-15 - Destructive malware targeting Ukrainian organizations (DEV-0586)
2022-01-15 - Donot Team — Indicators of Compromise
2022-01-15 - Malware Headliners- Qakbot
2022-01-15 - Malware attacks targeting Ukraine government (DEV-0586)
2022-01-15 - Threat Advisory- VMware Horizon Servers Actively Being Hit With Cobalt Strike (by DEV-0401)
2022-01-16 - Analyzing a CACTUSTORCH HTA Leading to Cobalt Strike
2022-01-17 - Android-BianLian payload
2022-01-17 - AvosLocker Ransomware Linux Version Targets VMware ESXi Servers
2022-01-17 - Debugging MBR - IDA + Bochs Emulator (CTF example)
2022-01-17 - Emotet's Excel 4.0 Macros Dropping DLLs
2022-01-17 - IOCs for Astaroth-Guildma malware infection
2022-01-17 - Resources for DFIR Professionals Responding to WhisperGate Malware
2022-01-17 - The Chaos Ransomware Can Be Ravaging
2022-01-18 - Analysis of Destructive Malware (WhisperGate) targeting Ukraine
2022-01-18 - BlackCat Ransomware - Highly-Configurable, Rust-Driven RaaS On The Prowl For Victims
2022-01-18 - DoNot Go! Do not respawn!
2022-01-18 - Dozens of Computers in Ukraine Wiped with Destructive Malware in Coordinated Attack
2022-01-18 - ESET Research investigates Donot Team- Cyberespionage targeting military & governments in South Asia
2022-01-18 - Evolved phishing- Device registration trick adds to phishers’ toolbox for victims without MFA
2022-01-18 - FORMBOOK Adopts CAB-less Approach
2022-01-18 - Info-Stealing Tool Posing As Naver OTP
2022-01-18 - New Ransomware Spotted- White Rabbit and Its Evasion Tactics
2022-01-18 - SideCopy Arsenal Update- Golang-based Linux stealth tools surface
2022-01-19 - 0.0.0.0 in Emotet Spambot Traffic
2022-01-19 - Campaigns abusing corporate trusted infrastructure hunt for corporate credentials on ICS networks
2022-01-19 - Collecting Cobalt Strike Beacons with the Elastic Stack
2022-01-19 - DDoS IRC Bot Malware (GoLang) Being Distributed via Webhards
2022-01-19 - Extracting Cobalt Strike Beacon Configurations
2022-01-19 - Kraken the Code on Prometheus
2022-01-19 - Meet the Malware Families Helping Hackers Steal and Mine Millions in Cryptocurrency
2022-01-19 - New BHUNT malware targets your crypto wallets and passwords
2022-01-19 - One Source to Rule Them All- Chasing AVADDON Ransomware
2022-01-19 - Operation Bleeding Bear
2022-01-19 - Technical Analysis of the WhisperGate Malicious Bootloader
2022-01-19 - WhisperGate
2022-01-19 - Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike
2022-01-20 - Anticipating Cyber Threats as the Ukraine Crisis Escalates
2022-01-20 - Anticipating and Preparing for Russian Cyber Activity
2022-01-20 - Buer Loader Analysis, a Rusted malware program
2022-01-20 - Deep Dive Into Ragnar_locker Ransomware Gang
2022-01-20 - FBI links Diavol ransomware to the TrickBot cybercrime group
2022-01-20 - Fallout from Log4Shell-related Vietnamese Cryptocurrency Exchange Attack- KYC Data for Sale on Dark Web
2022-01-20 - Fresh Phish- Phishers Lure Victims with Fake Invites to Bid on Nonexistent Federal Projects
2022-01-20 - Log4j Exploit Hits Again- Vulnerable VMWare Horizon Servers at Risk
2022-01-20 - MoonBounce- the dark side of UEFI firmware
2022-01-20 - New STRRAT RAT Phishing Campaign
2022-01-20 - New espionage attack by Molerats APT targeting users in the Middle East
2022-01-20 - RedLine Stealer Delivered Through FTP
2022-01-20 - Return of Pseudo Ransomware
2022-01-20 - Threat Brief- Ongoing Russia and Ukraine Cyber Conflict
2022-01-20 - Threat Thursday- Purple Fox Rootkit
2022-01-20 - Treasury Sanctions Russian-Backed Actors Responsible for Destabilization Activities in Ukraine (Taras Kozak, Oleh Voloshyn, Volodymyr Oliynyk, Vladimir Sivkovich)
2022-01-20 - Update on WhisperGate, Destructive Malware Targeting Ukraine – Threat Intelligence & Protections Update
2022-01-20 - [SANS ISC] RedLine Stealer Delivered Through FTP
2022-01-21 - A deeper UEFI dive into MoonBounce
2022-01-21 - Analysis of Xloader’s C2 Network Encryption
2022-01-21 - Analyzing an IDA Pro anti-decompilation code
2022-01-21 - Better Together- The Power of Managed Cybersecurity Services in the Face of Pressing Global Security Challenges
2022-01-21 - Creating a safe dummy C&C to test Android bots
2022-01-21 - Deep Analysis Agent Tesla Malware
2022-01-21 - Disruptive Attacks in Ukraine Likely Linked to Escalating Tensions
2022-01-21 - Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware
2022-01-21 - Hackers Were in Ukraine Systems Months Before Deploying Wiper
2022-01-21 - Ukraine Campaign Delivers Defacement and Wipers, in Continued Escalation
2022-01-21 - WhisperGate Malware
2022-01-21 - WhisperGate- Not NotPetya
2022-01-22 - Analysis of the Cyberattack on Ukrainian Government Resources
2022-01-22 - BazarISO Analysis - Loading with Advpack.dll
2022-01-22 - Malware Headliners- Emotet
2022-01-23 - Analysis of a DLL Downloader
2022-01-23 - HCrypt Injecting BitRAT using PowerShell, HTAs, and .NET
2022-01-23 - [QuickNote] Emotet epoch4 & epoch5 tactics
2022-01-24 - Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant
2022-01-24 - Cobalt Strike, a Defender’s Guide – Part 2
2022-01-24 - DTPacker – a .NET Packer with a Curious Password
2022-01-24 - Deep Dive into Trickbot's Web Injection
2022-01-24 - How BRATA is monitoring your bank account
2022-01-24 - Infected PowerPoint Files Using Cloud Services to Deliver Multiple Malware
2022-01-24 - Intelligence Insights- January 2022
2022-01-24 - Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal
2022-01-24 - Log4Shell- No Mass Abuse, But No Respite, What Happened-
2022-01-24 - New TransparenTribe Operation- Targeting India with weaponized COVID-19 lure documents
2022-01-24 - Scammers are creating new fraudulent Crypto Tokens and misconfiguring smart contract’s to steal funds
2022-01-24 - TrickBot Bolsters Layered Defenses to Prevent Injection Research
2022-01-24 - Web Skimming Attacks Using Google Tag Manager
2022-01-25 - An Exhaustively Analyzed IDB for ComLook
2022-01-25 - Analyzing OSX.DazzleSpy
2022-01-25 - BianLian C&C domain name
2022-01-25 - Chasing Chaes Kill Chain
2022-01-25 - Emotet Stops Using 0.0.0.0 in Spambot Traffic
2022-01-25 - Hacktivist group shares details related to Belarusian Railways hack
2022-01-25 - How to Analyze Malware for Technical Writing
2022-01-25 - New DeadBolt ransomware targets QNAP devices, asks 50 BTC for master key
2022-01-25 - New Threat Campaign Identified- AsyncRAT Introduces a New Delivery Technique
2022-01-25 - Prime Minister’s Office Compromised- Details of Recent Espionage Campaign
2022-01-25 - Ransoms Demanded for Hijacked Instagram Accounts
2022-01-25 - Threats Looming Over the Horizon
2022-01-25 - TianySpy Malware Uses Smishing Disguised as Message From Telco
2022-01-25 - WastedLocker malware analysis
2022-01-25 - Watering hole deploys new macOS malware, DazzleSpy, in Asia
2022-01-25 - Weaponization of Excel Add-Ins Part 1- Malicious XLL Files and Agent Tesla Case Studies
2022-01-25 - Windows services lay the groundwork for a Midas ransomware attack
2022-01-26 - ALPHV (BlackCat) Ransomware
2022-01-26 - ALPHV ransomware gang analysis
2022-01-26 - Analysis of a Management IP Address linked to Molerats APT
2022-01-26 - BotenaGo strikes again - malware source code uploaded to GitHub
2022-01-26 - Financially Motivated Mobile Scamware Exceeds 100M Installations
2022-01-26 - German govt warns of APT27 hackers backdooring business networks
2022-01-26 - Hackers Using New Evasive Technique to Deliver AsyncRAT Malware
2022-01-26 - KONNI evolves into stealthier RAT
2022-01-26 - Log4U, Shell4Me
2022-01-26 - Netskope Threat Coverage- WhisperGate
2022-01-26 - New FluBot and TeaBot Global Malware Campaigns Discovered
2022-01-26 - Vidar Exploiting Social Media Platform (Mastodon)
2022-01-26 - [QuickNote] Analysis of malware suspected to be an APT attack targeting Vietnam
2022-01-27 - Adversary Emulation Diavol Ransomware #ThreatThursday
2022-01-27 - Early Bird Catches the Wormhole- Observations from the StellarParticle Campaign
2022-01-27 - Facestealer – The Rise of Facebook Credential Stealer Malware
2022-01-27 - Focusing on “Left of Boom”
2022-01-27 - GuLoader Executing Shellcode Using Callback Functions
2022-01-27 - Malware Analysis Emotet Infection
2022-01-27 - Malware Analysis —Manual Unpacking of Redaman
2022-01-27 - North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign
2022-01-27 - Programs Hacking Programs- How to Extract Memory Information to Spot Linux Malware
2022-01-27 - Ransomware as a Service Innovation Curve
2022-01-27 - Taiwanese Apple and Tesla contractor hit by Conti ransomware
2022-01-27 - Threat Advisory- STRT-TA02 - Destructive Software
2022-01-27 - Threat Assessment- BlackCat Ransomware
2022-01-27 - Threat Thursday- WhisperGate Wiper Targets Government, Non-profit, and IT Organizations in Ukraine
2022-01-27 - Threat actor of in-Tur-est
2022-01-27 - Widespread FluBot and TeaBot Malware Campaigns Targeting Android Devices
2022-01-28 - Indian Army Personnel Face Remote Access Trojan Attacks
2022-01-28 - Lessons Learned From Successive Use of Offensive Cyber Operations Against Ukraine and What May Be Next
2022-01-28 - Log4j Exploit Hits Again- Vulnerable Unifi Network Application (Ubiquiti) at Risk
2022-01-28 - Malware Headliners- LokiBot
2022-01-28 - Remcos RAT
2022-01-28 - Shedding light on the dark web
2022-01-28 - WhisperGate Malware Corrupts Computers in Ukraine
2022-01-28 - Who Wrote the ALPHV-BlackCat Ransomware Strain-
2022-01-30 - Point-of-Sale malware - RTPOS
2022-01-31 - 1 in 7 Ransomware Extortion Attacks Leak Critical Operational Technology Information
2022-01-31 - A Detailed Analysis Of Lazarus APT Malware Disguised As Notepad++ Shell Extension
2022-01-31 - Analyzing Malware with Hooks, Stomps and Return-addresses
2022-01-31 - Conversation with a top Ukrainian cyber official- What we know, what we don't, what it means
2022-01-31 - CrowdStrike Falcon Proactively Protects Against Wiper Malware as CISA Warns U.S. Companies of Potential Attacks
2022-01-31 - Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables
2022-01-31 - Russian 'Gamaredon' hackers use 8 new malware payloads in attacks
2022-01-31 - Shuckworm Continues Cyber-Espionage Attacks Against Ukraine
2022-01-31 - Taking the bait- The modus operandi of massive social engineering waves impacting banks in Portugal
2022-01-31 - Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data
2022-01-31 - WhisperKill vs WhiteBlackCrypt- un petit soucis de fichiers…
2022-02-01 - Cyberspies linked to Memento ransomware use new PowerShell malware
2022-02-01 - Dumping WhisperGate’s wiper from an Eazfuscator obfuscated loader
2022-02-01 - Inside Trickbot, Russia’s Notorious Ransomware Gang
2022-02-01 - Mars Stealer Oski refactoring
2022-02-01 - N-W0rm analysis (Part 1)
2022-02-01 - PowerLess Trojan- Iranian APT Phosphorus Adds New PowerShell Backdoor for Espionage
2022-02-01 - Sneaky Spies and Backdoor RATs - SysJoker and DazzleSpy Malware Target macOS
2022-02-01 - SolarMarker campaign used novel registry changes to establish persistence
2022-02-01 - StrifeWater RAT- Iranian APT Moses Staff Adds New Trojan to Ransomware Operations
2022-02-01 - Xenomorph - A Newly Hatched Banking Trojan
2022-02-01 - Zoom For You — SEO Poisoning to Distribute BATLOADER and Atera Agent
2022-02-02 - Arid Viper APT targets Palestine with new wave of politically themed phishing attacks, malware
2022-02-02 - BlackCat ransomware implicated in attack on German oil companies
2022-02-02 - Catching the RAT called Agent Tesla
2022-02-02 - CoinStomp Malware Family Targets Asian Cloud Service Providers
2022-02-02 - Experts warn of a spike in APT35 activity and a possible link to Memento ransomware op
2022-02-02 - Malware Analysis Spotlight- Emotet’s Use of Cryptography
2022-02-02 - STRRAT Attached to a MSI File
2022-02-02 - Sandboxing Antimalware Products for Fun and Profit
2022-02-02 - The evolution of a Mac trojan- UpdateAgent’s progression
2022-02-02 - TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware
2022-02-02 - US officials prepare for potential Russian cyberattacks as Ukraine standoff continues
2022-02-02 - White Rabbit Continued- Sardonic and F5
2022-02-03 - Analysis of Attack Against National Games of China Systems
2022-02-03 - Antlion- Chinese APT Uses Custom Backdoor to Target Financial Institutions in Taiwan
2022-02-03 - Investigating Lateral Movement — WMI and Scheduled Tasks
2022-02-03 - QR codes on Twitter deliver malicious Chrome extension
2022-02-03 - Russias Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine
2022-02-03 - Russia’s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine (Updated June 22)
2022-02-03 - State hackers' new malware helped them stay undetected for 250 days
2022-02-03 - Threat Spotlight- WhisperGate Wiper Wreaks Havoc in Ukraine
2022-02-03 - njRAT Installed from a MSI
2022-02-04 - ACTINIUM targets Ukrainian organizations
2022-02-04 - Cyberattack on News Corp, Believed Linked to China, Targeted Emails of Journalists, Others
2022-02-04 - FluBot Malware Persists- Most Prevalent In Germany and Spain
2022-02-04 - HHS- Conti ransomware encrypted 80% of Ireland's HSE IT systems
2022-02-04 - N-W0rm analysis (Part 2)
2022-02-04 - News Corp discloses hack from -persistent- nation state cyber attacks
2022-02-04 - Shortcut to Windows Update
2022-02-06 - AgentTesla From RTF Exploitation to .NET Tradecraft
2022-02-06 - Chinese Hackers Target Taiwanese Financial Institutions with a new Stealthy Backdoor
2022-02-06 - Deep Analysis of Vidar Information Stealer
2022-02-07 - APT27 Group Targets German Organizations with HyperBro
2022-02-07 - Avast released a free decryptor for TargetCompany ransomware
2022-02-07 - Decrypted- TargetCompany Ransomware
2022-02-07 - Exploring Windows UAC Bypasses- Techniques and Detection Strategies
2022-02-07 - Free decryptor released for TargetCompany ransomware victims
2022-02-07 - Medusa- a marriage partner as gunslinger
2022-02-07 - Newly Found Sugar Ransomware is Now Being Offered as RaaS
2022-02-07 - Qbot Likes to Move It, Move It
2022-02-07 - Roaming Mantis reaches Europe
2022-02-07 - Trellix Global Defenders- Invasion of the Information Snatchers - Protecting against RedLine Infostealer
2022-02-08 - Annual Threat trends 2021
2022-02-08 - Attackers Disguise RedLine Stealer as a Windows 11 Upgrade
2022-02-08 - BlackCat Ransomware as a Service - The Cat is certainly out of the bag!
2022-02-08 - Brbbot Analysis
2022-02-08 - Conficker Analysis
2022-02-08 - Cybereason vs. Lorenz Ransomware
2022-02-08 - Distribution of Kimsuky Group’s xRAT (Quasar RAT) Confirmed
2022-02-08 - EP 110- Spam Botnets
2022-02-08 - HawkEye Analysis
2022-02-08 - LolZarus- Lazarus Group Incorporating Lolbins into Campaigns
2022-02-08 - NaturalFreshMall- a mass store hack
2022-02-08 - NetWalker ransomware affiliate sentenced to 80 months in prison
2022-02-08 - Palestinian Hackers Use New NimbleMamba Implant in Recent Attacks
2022-02-08 - PrivateLoader The first step in many malware schemes
2022-02-08 - Qbot needs only 30 minutes to steal your credentials, emails
2022-02-08 - Ransomware Spotlight- LockBit
2022-02-08 - Remcos Analysis
2022-02-08 - RevengeRAT Analysis
2022-02-08 - Ugg Boots 4 Sale- A Tale of Palestinian-Aligned Espionage
2022-02-09 - Dragos ICS-OT Ransomware Analysis- Q4 2021
2022-02-09 - Fake Windows 11 upgrade installers infect you with RedLine malware
2022-02-09 - Iranian Hackers Using New Marlin Backdoor in 'Out to Sea' Espionage Campaign
2022-02-09 - Master decryption keys for Maze, Egregor, and Sekhmet ransomware leaked online
2022-02-09 - Meta and Chime sue Nigerians behind Facebook, Instagram phishing
2022-02-09 - ModifiedElephant APT and a Decade of Fabricating Evidence
2022-02-09 - Ransomware dev releases Egregor, Maze master decryption keys
2022-02-09 - What’s with the shared VBA code between Transparent Tribe and other threat actors-
2022-02-10 - +380-GlowSpark
2022-02-10 - A walk through Project Zero metrics
2022-02-10 - Malicious Chrome Browser Extension Exposed- ChromeBack Leverages Silent Extension Loading
2022-02-10 - Threat Analysis Report- All Paths Lead to Cobalt Strike - IcedID, Emotet and QBot
2022-02-10 - Threat Thursday- BHunt Scavenger Harvests Victims’ Crypto Wallets
2022-02-11 - Indicators of Compromise Associated with BlackByte Ransomware
2022-02-11 - Netwalker- from Powershell reflective loader to injected dll
2022-02-11 - Threat Roundup for February 4 to February 11
2022-02-11 - XLoader-Formbook Distributed by Encrypted VelvetSweatshop Spreadsheets
2022-02-11 - [SANS ISC] CinaRAT Delivered Through HTML ID Attributes
2022-02-12 - Analyzing a Stealer MSI using msitools
2022-02-12 - Full Hancitor malware analysis
2022-02-12 - How RAT Malware Is Using Telegram to Evade Detection
2022-02-13 - Colibri Loader - Back to basics
2022-02-13 - Kovter Analysis
2022-02-13 - Technical Malware Analysis- The Return of Emotet
2022-02-14 - Allcome clipbanker is a newcomer in underground forums
2022-02-14 - Chaos ransomware v4
2022-02-14 - FBI- BlackByte ransomware breached US critical infrastructure
2022-02-14 - NFT Lure Used to Distribute BitRAT
2022-02-14 - PrivateLoader to Anubis Loader
2022-02-14 - Ransomware Becomes Deadlier, Conti Makes the Most Money
2022-02-14 - Sophisticated FritzFrog P2P Botnet Returns After Long Break
2022-02-14 - Staying ahead of REvil’s Ransomware-as-a-Service business model
2022-02-14 - The APT Fallout of Vulnerabilities such as ProxyLogon, OGNL Injection, and log4shell
2022-02-14 - Var tæt på at slukke tusindvis af vindmøller- Nu fortæller Vestas om cyberangreb
2022-02-14 - Wazawaka Goes Waka Waka
2022-02-15 - Analysis of Microsoft CVE-2022-21907
2022-02-15 - Charting TA2541's Flight
2022-02-15 - Guard Your Drive from DriveGuard- Moses Staff Campaigns Against Israeli Organizations Span Several Months
2022-02-15 - How the Russia-Ukraine conflict is impacting cybercrime
2022-02-15 - Increase in Emotet Activity and Cobalt Strike Deployment
2022-02-15 - MATANBUCHUS- Another Loader As A Service Malware
2022-02-15 - New Emotet Infection Method
2022-02-15 - New Evidence Linking Kwampirs Malware to Shamoon APTS (Technical Blog)
2022-02-15 - Researchers Link ShadowPad Malware Attacks to Chinese Ministry and PLA
2022-02-15 - ShadowPad Malware Analysis
2022-02-15 - TA2541- APT Has Been Shooting RATs at Aviation for Years
2022-02-15 - Unskilled hacker linked to years of attacks on aviation, transport sectors
2022-02-15 - Vulnerable Exchange server hit by Squirrelwaffle and financial fraud
2022-02-16 - A Modern Ninja- Evasive Trickbot Attacks Customers of 60 High-Profile Companies
2022-02-16 - Alert (AA22-047A) Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology
2022-02-16 - DDoS Attack Campaign Targeting Multiple Organizations in Ukraine
2022-02-16 - Emotet Now Spreading Through Malicious Excel Files
2022-02-16 - Meet Kraken- A New Golang Botnet in Development
2022-02-16 - Playing with AsyncRAT
2022-02-16 - QBot Malware Detection- Old Dog New Tricks
2022-02-16 - Quick Malware Analysis- Emotet Epoch 5 and Cobalt Strike pcap from 2022-02-08
2022-02-16 - Red Cross blames hack on Zoho vulnerability, suspects APT attack
2022-02-16 - SMS PVA Services' Use of Infected Android Phones Reveals Flaws in SMS Verification
2022-02-16 - The TrickBot Saga’s Finale Has Aired- Spinoff is Already in the Works
2022-02-16 - TrickBot Ravages Customers of Amazon, PayPal and Other Top Brands
2022-02-17 - Detecting Karakurt – an extortion focused threat actor
2022-02-17 - FreeCryptoScam - A New Cryptocurrency Scam That Leads to Installation of Backdoors and Stealers
2022-02-17 - Investigating a Monero Coin Miner
2022-02-17 - Log4j2 In The Wild - Iranian-Aligned Threat Actor “TunnelVision” Actively Exploiting VMware Horizon
2022-02-17 - Looking over the nation-state actors’ shoulders- Even they have a difficult day sometimes
2022-02-17 - Phishers Spoof Power BI to Visualize Your Credential Data
2022-02-17 - Ransomware Windows DarkBit
2022-02-17 - Technical Analysis of Code-Signed Blister Malware Campaign Part 2
2022-02-17 - Technical Analysis of Code-Signed “Blister” Malware Campaign (Part 2)
2022-02-17 - The story of a ransomware builder- from Thanos to Spook and beyond (Part 1)
2022-02-17 - Threat Thursday- Arkei Infostealer Expands Reach Using SmokeLoader to Target Crypto Wallets and MFA
2022-02-17 - VMProtect Analysis 1.0- VMP Mutation Fix
2022-02-18 - A Tale of Two Shells
2022-02-18 - Conti ransomware gang takes over TrickBot malware operation
2022-02-18 - Dynamically extracting the encryption key from a simple ransomware
2022-02-18 - EvilPlayout- Attack Against Iran’s State Broadcaster
2022-02-18 - Executive Overview of Russian Aggression Against Ukraine
2022-02-18 - Hackers No Hashing- Randomizing API Hashes to Evade Cobalt Strike Shellcode Detection
2022-02-18 - How a Saudi woman's iPhone revealed hacking around the world
2022-02-18 - New Golang botnet empties Windows users’ cryptocurrency wallets
2022-02-18 - PseudoManuscrypt Being Distributed in the Same Method as Cryptbot
2022-02-18 - Remcos RAT Delivered Through Double Compressed Archive
2022-02-18 - TeamTNT Cryptomining Explosion
2022-02-19 - Master Key for Hive Ransomware Retrieved Using a Flaw in its Encryption Algorithm
2022-02-20 - Detecting Cobalt Strike Beacons
2022-02-20 - Technical Analysis of the DDoS Attacks against Ukrainian Websites
2022-02-20 - The Conti ransomware group takes over TrickBot malware operation and plans to replace it with BazarBackdoor malware.
2022-02-21 - A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files
2022-02-21 - Chinese hackers linked to months-long attack on Taiwanese financial sector
2022-02-21 - Cobalt Strike Being Distributed to Vulnerable MS-SQL Servers
2022-02-21 - Darkside Ransomware Analysis Report
2022-02-21 - Iranian State Broadcaster IRIB Hit by Destructive Wiper Malware
2022-02-21 - Ousaban MSI Installer Analysis
2022-02-21 - Qbot and Zerologon Lead To Full Domain Compromise
2022-02-21 - Revamped CryptBot malware spread by pirated software sites
2022-02-21 - TTPs used by BlackByte Ransomware Targeting Critical Infrastructure
2022-02-21 - Watch out, the Kraken botnet can easily bypass Defender and steal your crypto
2022-02-22 - China Implicated in Prolonged Supply Chain Attack Targeting Taiwan Financial Sector
2022-02-22 - CrowdStrike Research Investigates Exploit Behavior to Strengthen Customer Protection
2022-02-22 - Cybercrime Moves- Conti Ransomware Absorbs TrickBot Malware
2022-02-22 - Cyberthreats during Russian-Ukrainian tensions- what can we learn from history to be prepared-
2022-02-22 - IcedID to Cobalt Strike In Under 20 Minutes
2022-02-22 - Like Father Like Son- New Mars Stealer
2022-02-22 - Quick Update- Kraken Completes Its Rebrand to Anubis
2022-02-22 - Ransomware Spotlight- Clop
2022-02-22 - Russia-Ukraine Cyberattacks Updated How to Protect Against Related Cyberthreats Including DDoS Hermet
2022-02-22 - Vulnerable Microsoft SQL Servers targeted with Cobalt Strike
2022-02-22 - Week 7- Supposed order confirmation delivers malware and new variants in fake extortion emails
2022-02-23 - (Ex)Change of Pace- UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware
2022-02-23 - 24 Hours From Log4Shell to Local Admin- Deep-Dive Into Conti Gang Attack on Fortune 500 (DFIR)
2022-02-23 - APT-C-58 (Gorgon Group) attack warning
2022-02-23 - Access Brokers- Who Are the Targets, and What Are They Worth-
2022-02-23 - Alert (AA22-054A) New Sandworm Malware Cyclops Blink Replaces VPNFilter
2022-02-23 - Chinese Experts Uncover Details of Equation Group's Bvp47 Covert Hacking Tool
2022-02-23 - Dridex bots deliver Entropy ransomware in recent attacks
2022-02-23 - HermeticWiper - New Destructive Malware Used In Cyber Attacks on Ukraine
2022-02-23 - NSA-linked Bvp47 Linux backdoor widely undetected for 10 years
2022-02-23 - New Sandworm malware Cyclops Blink replaces VPNFilter
2022-02-23 - New Wiper Malware Targeting Ukraine Amid Russia's Military Operation
2022-02-23 - Ransomware Profile- ALPHV
2022-02-23 - Re-cap- The Untold Story of NotPetya, The Most Devastating Cyberattack in History
2022-02-23 - Sanctions Be Damned - From Dridex to Macaw, The Evolution of Evil Corp
2022-02-23 - Second data wiper attack hits Ukraine computer networks
2022-02-23 - Security warning- Hackers are using this new malware to target firewall appliances
2022-02-23 - Shadowserver Special Reports – Cyclops Blink
2022-02-23 - The Bvp47 - a Top-tier Backdoor of US NSA Equation Group
2022-02-23 - What the Pack(er)-
2022-02-24 - Alert (AA22-055A) Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks
2022-02-24 - Cyber-Attacken auf die Ukraine- Wiper-Malware befällt „Hunderte Computer“
2022-02-24 - Defense contractors hit by stealthy SockDetour Windows backdoor
2022-02-24 - HermeticWiper & resurgence of targeted attacks on Ukraine
2022-02-24 - HermeticWiper- New data‑wiping malware hits Ukraine
2022-02-24 - How to Decrypt the Files Encrypted by the Hive Ransomware
2022-02-24 - IBM Security X-Force Research Advisory- New Destructive Malware Used In Cyber Attacks on Ukraine
2022-02-24 - Left On Read- Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity
2022-02-24 - Malware Analysis Report (AR22-055A) MuddyWater
2022-02-24 - Microsoft Exchange servers hacked to deploy Cuba ransomware
2022-02-24 - New Malware Capable of Controlling Social Media Accounts Infects 5,000+ Machines and is actively being Distributed via Gaming Applications on Microsoft’s Official Store
2022-02-24 - New Wave of Emotet – When Project X Turns Into Y
2022-02-24 - Nobelium Returns to the Political World Stage
2022-02-24 - Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure
2022-02-24 - SockDetour - a Silent Fileless Socketless Backdoor - Targets US Defense Contractors
2022-02-24 - Threat Advisory- Current executive guidance for ongoing cyberattacks in Ukraine
2022-02-24 - Threat Advisory- Cyclops Blink
2022-02-24 - Threat Update – Ukraine & Russia conflict
2022-02-24 - TrickBot Gang Likely Shifting Operations to Switch to New Malware
2022-02-24 - TrickBot gang shuts down botnet after months of inactivity
2022-02-24 - Ukraine- Analysis Of The New Disk-Wiping Malware (HermeticWiper)
2022-02-24 - Ukraine- Disk-wiping Attacks Precede Russian Invasion
2022-02-24 - [QuickNote] Techniques for decrypting BazarLoader strings
2022-02-25 - Breaking news! Warning about “HermeticWiper Malware” by Russian APT Groups
2022-02-25 - CrowdStrike Falcon Protects from New Wiper Malware Used in Ukraine Cyberattacks
2022-02-25 - Details of the DDoS attacks we have seen recently against Ukraine and Russia
2022-02-25 - Disruptive HermeticWiper Attacks Targeting Ukrainian Organizations
2022-02-25 - Il ransomware Conti si schiera a favore della Russia.
2022-02-25 - Le ransomware Cuba s’en prend aux serveurs Exchange
2022-02-25 - MuddyWater Targets Critical Infrastructure in Asia, Europe
2022-02-25 - New -SockDetour- Fileless, Socketless Backdoor Targets U.S. Defense Contractors
2022-02-25 - New Infostealer ‘ColdStealer’ Being Distributed
2022-02-25 - Putin Warns Russian Critical Infrastructure to Brace for Potential Cyber Attacks
2022-02-25 - Reverse Engineering - Hermetic Wiper
2022-02-25 - Russia or Ukraine- Hacking groups take sides
2022-02-25 - Some details of the DDoS attacks targeting Ukraine and Russia in recent days
2022-02-25 - Spear Phishing Attacks Target Organizations in Ukraine Payloads Include the Document Stealer OutSteel
2022-02-25 - Technical Analysis of PartyTicket Ransomware
2022-02-25 - The Hunt for the Lost Soul- Unraveling the Evolution of the SoulSearcher Malware
2022-02-25 - Threat updates – A new IcedID GZipLoader variant
2022-02-25 - TrickBot malware suddenly got quiet, researchers say, but it's hardly the end for its operators
2022-02-25 - Trickbot Group’s AnchorDNS Backdoor Upgrades to AnchorMail
2022-02-25 - UKRAINE- Timeline of Cyberattacks
2022-02-25 - What You Need to Know About Russian Cyber Escalation in Ukraine
2022-02-26 - Alert (AA22-057A) Destructive Malware Targeting Organizations in Ukraine
2022-02-26 - DiskKill-HermeticWiper, a disruptive cyber-weapon targeting Ukraine’s critical infrastructures
2022-02-26 - Meta’s Ongoing Efforts Regarding Russia’s Invasion of Ukraine
2022-02-26 - TRENDING EVIL Q1 2022
2022-02-26 - The hidden C2- Lampion trojan release 212 is on the rise and using a C2 server for two years
2022-02-26 - Yours Truly, Signed AV Driver- Weaponizing An Antivirus Driver
2022-02-27 - Conti ransomware's internal chats leaked after siding with Russia
2022-02-28 - Analyzing conti-leaks without speaking russian — only methodology
2022-02-28 - Change in Distribution Method of Malware Disguised as Estimate (VBS Script)
2022-02-28 - Chinese cyberspies target govts with their ‘most advanced’ backdoor
2022-02-28 - CoinMiner Being Distributed to Vulnerable MS-SQL Servers
2022-02-28 - Conti and Karma actors attack healthcare provider at same time through ProxyShell exploits
2022-02-28 - Cyber threat activity in Ukraine- analysis and resources
2022-02-28 - Daxin- Stealthy Backdoor Designed for Attacks Against Hardened Networks
2022-02-28 - Detecting malware kill chains with Defender and Microsoft Sentinel
2022-02-28 - How to Analyze Malicious Documents – Case Study of an Attack Targeting Ukrainian Organization
2022-02-28 - Looking for Penquins in the Wild
2022-02-28 - Meta- Ukrainian officials, military targeted by Ghostwriter hackers
2022-02-28 - Microsoft finds FoxBlade malware on Ukrainian systems, removes RT from Windows app store
2022-02-28 - New Chinese hacking tool found, spurring U.S. warning to allies
2022-02-28 - Remcos RAT malware disseminated by pretending to be tax invoices
2022-02-28 - Threat Actor targeted attack against Finance and Investment industry (ENG)
2022-02-28 - Trellix Global Defenders- Analysis and Protections for BlackByte Ransomware
2022-02-28 - Trellix Global Defenders- Analysis and Protections for RagnarLocker Ransomware
2022-02-28 - Trellix Global Defenders- Cyberattacks Targeting Ukraine and HermeticWiper Protections
2022-02-28 - conti-leaks-englished
2022-03-01 - Asylum Ambuscade_State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement
2022-03-01 - China soll mit präzedenzlos ausgeklügelter Malware Regierungen ausspioniert haben
2022-03-01 - Conti Ransomware source code leaked by Ukrainian researcher
2022-03-01 - Cybereason vs. BlackCat Ransomware
2022-03-01 - Decryptable PartyTicket Ransomware Reportedly Targeting Ukrainian Entities
2022-03-01 - DiskKill-HermeticWiper and NotPetya (Dis)similarities
2022-03-01 - Elastic protects against data wiper malware targeting Ukraine- HERMETICWIPER
2022-03-01 - Elections GoRansom – a smoke screen for the HermeticWiper attack
2022-03-01 - How IoT Botnets Evade Detection and Analysis
2022-03-01 - IsaacWiper and HermeticWizard- New wiper and worm targeting Ukraine
2022-03-01 - Leaks- Conti - Trickbot
2022-03-01 - Python script to decrypt embedded driver used in Daxin
2022-03-01 - Ransomware as a distraction
2022-03-01 - Second New 'IsaacWiper' Data Wiper Targets Ukraine After Russian Invasion
2022-03-01 - TAG Bulletin- Q1 2022
2022-03-01 - Targeted APT Activity- BABYSHARK Is Out for Blood
2022-03-01 - TeaBot is now spreading across the globe
2022-03-01 - Ukraine Hit with Novel ‘FoxBlade’ Trojan Hours Before Invasion
2022-03-01 - Ukrainian Targets Hit by HermeticWiper, New Datawiper Malware
2022-03-01 - What is HermeticWiper – An Analysis of the Malware and Larger Threat Landscape in the Russian Ukrainian War
2022-03-02 - AvosLocker Ransomware Linux Version Analysis
2022-03-02 - Conti Group Leaked!
2022-03-02 - Conti Ransomware Decryptor, TrickBot Source Code Leaked
2022-03-02 - Conti Ransomware Group Diaries, Part II- The Office
2022-03-02 - Conti's Source Code- Deep-Dive Into
2022-03-02 - CrowdStrike cracks PartyTicket ransomware targeting Ukraine
2022-03-02 - Cybercrime bosses warn that they will -fight back- if Russia is hacked
2022-03-02 - DanaBot Launches DDoS Attack Against the Ukrainian Ministry of Defense
2022-03-02 - Digging into HermeticWiper
2022-03-02 - Domains Linked to Phishing Attacks Targeting Ukraine
2022-03-02 - Hackers Begin Weaponizing TCP Middlebox Reflection for Amplified DDoS Attacks
2022-03-02 - Log4shell exploits now used mostly for DDoS botnets, cryptominers
2022-03-02 - TrickBot’s AnchorDNS is Now Upgraded to AnchorMail
2022-03-03 - A Closer Look at the Russian Actors Targeting Organizations in Ukraine
2022-03-03 - Cloud Credential Compromise Campaign Originating from Russian-Affiliated Infrastructure
2022-03-03 - Cyberattacks are Prominent in the Russia-Ukraine Conflict
2022-03-03 - Deep Analysis of Redline Stealer- Leaked Credential with WCF
2022-03-03 - Dissemination of malicious korean documents masquering as press releases for the 20th presidential election
2022-03-03 - Free decryptor released for HermeticRansom victims in Ukraine
2022-03-03 - Help for Ukraine- Free decryptor for HermeticRansom ransomware
2022-03-03 - Luci Spools The Fun With Phobos Ransomware
2022-03-03 - Malware campaign impersonates VC firm looking to buy sites
2022-03-03 - Proofpoint is Closely Monitoring the Rapidly Evolving Threat Landscape Related to Ukraine and Russia
2022-03-03 - SharkBot- a “new” generation Android banking Trojan being distributed on Google Play Store
2022-03-03 - TeaBot Banking Trojan Posted as QR Code app in Google Play Store Targeting US Users
2022-03-03 - Technical Analysis of The Hermetic Wiper Malware Used to Target Ukraine
2022-03-03 - Threat Hunting for Malicious PowerShell Usage in Gigasheet
2022-03-04 - Amazon's assistance in Ukraine
2022-03-04 - Bitdefender Labs Sees Increased Malicious and Scam Activity Exploiting the War in Ukraine
2022-03-04 - Details of another big ransomware group 'Trickbot' leak online, experts say
2022-03-04 - Free HermeticRansom Ransomware Decryptor Released
2022-03-04 - HermeticWiper- A detailed analysis of the destructive malware that targeted Ukraine
2022-03-04 - HermeticWiper-FoxBlade Analysis (in-depth)
2022-03-04 - Imperva Mitigates Ransom DDoS Attack Measuring 2.5 Million Requests per Second
2022-03-04 - Legitimate Sites Used As Cobalt Strike C2s Against Indian Government
2022-03-04 - Massive Meris Botnet Embeds Ransomware Notes from REvil
2022-03-04 - New Wiper Malware Used Against Ukranian Organizations
2022-03-04 - Responses to Russia's Invasion of Ukraine Likely to Spur Retaliation
2022-03-04 - Russia-Ukraine war exploited as lure for malware distribution
2022-03-05 - Malware now using NVIDIA's stolen code signing certificates
2022-03-06 - AvosLocker Ransomware Behavior Examined on Windows & Linux
2022-03-06 - Mozilla Firefox 97.0.2 fixes two actively exploited zero-day bugs (CVE-2022-26485 & CVE-2022-26486)
2022-03-07 - 2021 Year In Review
2022-03-07 - An update on the threat landscape (APT28, UNC1151, MUSTANG PANDA)
2022-03-07 - Distribution of Remcos RAT Disguised as Tax Invoice
2022-03-07 - FBI- Ransomware gang breached 52 US critical infrastructure orgs
2022-03-07 - Fake Purchase Order Used to Deliver Agent Tesla
2022-03-07 - I CAN'T HEAR YOU NOW! INTERNAL BEHAVIOR OF INFORMATION-STEALING MALWARE AND JSOC DETECTION TRENDS
2022-03-07 - Lapsus$ Ransomware gang uses stolen source code to disguise malware files as trustworthy. Check Point customers remain protected
2022-03-07 - MS Office Files Involved Again in Recent Emotet Trojan Campaign – Part I
2022-03-07 - PHOREAL Malware Targets the Southeast Asian Financial Sector
2022-03-07 - PROPHET SPIDER Exploits Citrix ShareFile Remote Code Execution Vulnerability CVE-2021-22941 to Deliver Webshell
2022-03-07 - Ransomware gang Conti has already bounced back from damage caused by chat leaks, experts say
2022-03-07 - The Good, the Bad, and the Web Bug TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates
2022-03-08 - Conti Ransomware source code- a well-designed COTS ransomware
2022-03-08 - Conti-Ransomware-IOC
2022-03-08 - Daxin Backdoor- In-Depth Analysis, Part One
2022-03-08 - Does This Look Infected- A Summary of APT41 Targeting U.S. State Governments
2022-03-08 - Excel Add-ins Deliver JSSLoader Malware
2022-03-08 - GhostWriter - UNC1151 adopts MicroBackdoor Variants in Cyber Operations against Ukraine
2022-03-08 - Live reverse engineering of a trojanized medical app — Android-Joker
2022-03-08 - New RURansom Wiper Targets Russia
2022-03-08 - Record breaking DDoS Potential Discovered- CVE-2022-26143
2022-03-08 - The Media Environment and Domestic Public Opinion in China Toward Russia’s War On Ukraine
2022-03-08 - What Global Network Visibility Reveals about the Resurgence of One of the World’s Most Notorious Botnets
2022-03-09 - BazarLoader Actors Initiate Contact via Website Contact Forms
2022-03-09 - BokBot Technical Analysis
2022-03-09 - CISA updates Conti ransomware alert with nearly 100 domain names
2022-03-09 - Daxin Backdoor- In-Depth Analysis, Part Two
2022-03-09 - Exploitation of VMware Horizon Servers by TunnelVision Threat Actor
2022-03-09 - Hackers fork open-source reverse tunneling tool for persistence
2022-03-09 - New Nokoyawa Ransomware Possibly Related to Hive
2022-03-09 - Raccoon Stealer- “Trash panda” abuses Telegram
2022-03-09 - Ragnar Locker Breached 52 Organizations and Counting, FBI Warns
2022-03-09 - Ragnar ransomware gang hit 52 critical US orgs, says FBI
2022-03-09 - Set up Splunk for Incident Response in GCP in 15 minutes..
2022-03-09 - SodinokibiREvil Ransomware Defendant Extradited to United States and Arraigned in Texas
2022-03-09 - The Conti Leaks - Insight into a Ransomware Unicorn
2022-03-09 - Very very lazy Lazyscripter’s scripts- double compromise in a single obfuscation
2022-03-10 - AbereBot Returns as Escobar
2022-03-10 - BrightTALK- A look at current cyberattacks in Ukraine
2022-03-10 - Corporate website contact forms used to spread BazarBackdoor malware
2022-03-10 - Detecting HermeticWiper
2022-03-10 - Diavol the Enigma of Ransomware
2022-03-10 - HermeticWiper - Technical Analysis Report
2022-03-10 - Iranian Hackers Targeting Turkey and Arabian Peninsula in New Malware Campaign
2022-03-10 - Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
2022-03-10 - Leaks of Conti Ransomware Group Paint Picture of a Surprisingly Normal Tech Start-Up… Sort Of
2022-03-10 - MuddyWater targets Middle Eastern and Asian countries in phishing attacks
2022-03-10 - SecurityScorecard Discovers new botnet, ‘Zhadnost,’ responsible for Ukraine DDoS attacks
2022-03-10 - WEDNESDAY, MARCH 9, 2022 Threat advisory- Cybercriminals compromise users with malware disguised as pro-Ukraine cyber tools
2022-03-11 - Five Things You Need to Know About the Cyberwar in Ukraine
2022-03-11 - In-depth Technical Analysis of Colibri Loader Malware
2022-03-11 - Infamous Russian Troll Farm Appears to Be Source of Anti-Ukraine Propaganda
2022-03-11 - Is this SID taken- Varonis Threat Labs Discovers Synthetic SID Injection Attack
2022-03-11 - IsaacWiper Followed HermeticWiper Attack on Ukraine Orgs
2022-03-11 - LockBit 2.0 Ransomware Bugs and Database Recovery Attempts PART 1
2022-03-11 - LockBit 2.0 Ransomware Bugs and Database Recovery Attempts PART 2
2022-03-11 - LockBit ransomware gang claims attack on Bridgestone Americas
2022-03-11 - Malware Posing as Russia DDoS Tool Bites Ukraine Hackers
2022-03-11 - New Formbook Campaign Delivered Through Phishing Emails
2022-03-11 - New Wiper Malware Attacking Russia- Deep-Dive Into RURansom Malware
2022-03-11 - Part 1- LockBit 2.0 ransomware bugs and database recovery attempts
2022-03-11 - Part 2- LockBit 2.0 ransomware bugs and database recovery attempts
2022-03-12 - Analyzing Malware with Hooks, Stomps, and Return-addresses
2022-03-12 - AsyncRAT RCE vulnerability
2022-03-12 - Iranian APT- New Methods to Target Turkey, Arabian Peninsula
2022-03-13 - APT41 (Double Dragon)- A Dual Espionage and Cyber Crime Operation
2022-03-13 - Cutting corners against a Dridex downloader
2022-03-13 - Fake Valorant cheats on YouTube infect you with RedLine stealer
2022-03-13 - The hidden C2- Lampion trojan release 212 is on the rise and using a C2 server for two years
2022-03-14 - Android malware Escobar steals your Google Authenticator MFA codes
2022-03-14 - Fake antivirus updates used to deploy Cobalt Strike in Ukraine
2022-03-14 - Falcon OverWatch Threat Hunting Uncovers Ongoing NIGHT SPIDER Zloader Campaign
2022-03-14 - Nasty Escobar Banking Trojan Is Targeting Google Authenticator Codes For Android
2022-03-14 - New CaddyWiper data wiping malware hits Ukrainian networks
2022-03-14 - New destructive wiper malware deployed in Ukraine
2022-03-14 - Researchers Find New Evidence Linking Kwampirs Malware to Shamoon APT Hackers
2022-03-14 - Reversing Common Obfuscation Techniques
2022-03-14 - Webinar on cyberattacks in Ukraine – summary and Q&A
2022-03-15 - Alert (AA22-074A) Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability
2022-03-15 - Analysis of CaddyWiper, wiper targeting Ukraine
2022-03-15 - Anti-UPX Unpacking Technique
2022-03-15 - CaddyWiper, a new data wiper hits Ukraine
2022-03-15 - CaddyWiper- New wiper malware discovered in Ukraine
2022-03-15 - CaddyWiper- Third Wiper Malware Targeting Ukrainian Organizations
2022-03-15 - CaddyWiper- Yet Another Data Wiping Malware Targeting Ukrainian Networks
2022-03-15 - Decoding a DanaBot Downloader
2022-03-15 - Deep Dive Analysis - Pandora Ransomware
2022-03-15 - Detecting EnemyBot – Securonix Initial Coverage Advisory
2022-03-15 - Threat Actor UAC-0056 Targeting Ukraine with Fake Translation Software
2022-03-15 - Threat Advisory- CaddyWiper
2022-03-15 - What Wicked Webs We Un-weave
2022-03-16 - BlackBerry says extortionists erase documents if ransom unpaid
2022-03-16 - CVE-2022-23812- RIAEvangelist-node-ipc is malware - protestware
2022-03-16 - China’s Government Is Learning From Russia’s Cyberattacks Against Ukraine
2022-03-16 - Cobalt Strike Analysis and Tutorial- How Malleable C2 Profiles Make Cobalt Strike Difficult to Detect
2022-03-16 - Conti Ransomware - An Analysis of Key Findings (Arctic Wolf)
2022-03-16 - CryptBot - Too good to be true
2022-03-16 - Destructive Data Wiper Malware Targeting high-profile Ukrainian Organizations
2022-03-16 - DirtyMoe- Worming Modules
2022-03-16 - Gh0stCringe RAT Being Distributed to Vulnerable Database Servers
2022-03-16 - Have Your Cake and Eat it Too- An Overview of UNC2891
2022-03-16 - New Ransomware Family Identified- LokiLocker RaaS Targets Windows Systems
2022-03-16 - Preparing for denial-of-service attacks with Talos Incident Response
2022-03-16 - Qakbot infection with Cobalt Strike and VNC activity
2022-03-16 - Quick revs- Pandora Ransomware - The Box has been open for a while...
2022-03-16 - Suspected Conti Ransomware Activity in the Auto Manufacturing Sector
2022-03-16 - The Attack of the Chameleon Phishing Page
2022-03-16 - Uncompromised- When REvil comes knocking
2022-03-16 - Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure
2022-03-17 - ASUS warns of Cyclops Blink malware attacks targeting routers
2022-03-17 - Analysis of CaddyWiper
2022-03-17 - Avira Labs Research Reveals Hydra Banking Trojan 2.0 targeting a wider network of German and Austrian banks
2022-03-17 - BIG sabotage- Famous npm package deletes files to protest Ukraine war
2022-03-17 - Cyclops Blink Sets Sights on Asus Routers
2022-03-17 - Exposing initial access broker with ties to Conti
2022-03-17 - From BlackMatter to BlackCat- Analyzing two attacks from one affiliate
2022-03-17 - IcedID Analysis
2022-03-17 - Meet Lapsus$- An Unusual Group in the Cyber Extortion Business
2022-03-17 - New Unix rootkit used to steal ATM banking data
2022-03-17 - Rook ransomware analysis
2022-03-17 - Suspected DarkHotel APT activity update
2022-03-17 - The Ransomware Threat Intelligence Center
2022-03-17 - Threat Thursday- HermeticWiper Targets Defense Sectors in Ukraine
2022-03-18 - Analysis of Leaked Conti Intrusion Procedures by eSentire’s Threat Response Unit (TRU)
2022-03-18 - Cyclops Blink malware sets up shop in ASUS routers
2022-03-18 - Double header- IsaacWiper and CaddyWiper
2022-03-18 - Mēris and TrickBot standing on the shoulders of giants
2022-03-18 - Open Source Maintainer Sabotages Code to Wipe Russian, Belarusian Computers
2022-03-18 - Ransomware Spotlight- Hive
2022-03-19 - Behind the hack-and-leak scandal in Poland (UNC1151)
2022-03-19 - LockBit Ransomware v2.0
2022-03-19 - New Phishing toolkit lets anyone create fake Chrome browser windows
2022-03-20 - WizardSpider
2022-03-21 - APT35 Automates Initial Access Using ProxyShell
2022-03-21 - Anatomy of An Mirai Botnet Attack
2022-03-21 - BitRAT Disguised as Windows Product Key Verification Tool Being Distributed
2022-03-21 - BitRAT malware now spreading as a Windows 10 license activator
2022-03-21 - Conti Affiliate Exposed- New Domain Names, IP Addresses and Email Addresses Uncovered
2022-03-21 - Conti Ransomware V. 3, Including Decryptor, Leaked
2022-03-21 - Dynamics of Targeted Ransomware Negotiation
2022-03-21 - Emotet Is Back and Is Deadlier Than Ever! A Rundown of the Emotet Malware
2022-03-21 - Facestealer Trojan Hidden in Google Play Plunders Facebook Accounts
2022-03-21 - IoC from Operation Dragon Castling
2022-03-21 - Lorenz ransomware rebound- corruption and irrecoverable files
2022-03-21 - Python script to check a Cyclops Blink C&C
2022-03-21 - Sandworm- A tale of disruption told anew
2022-03-21 - Serpent malware campaign abuses Chocolatey Windows package manager
2022-03-21 - Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain
2022-03-21 - The Art and Science of macOS Malware Hunting with radare2 - Leveraging Xrefs, YARA and Zignatures
2022-03-21 - VPN Appliance Forensics
2022-03-21 - What is Arid Gopher- An Analysis of a New, Never-Before-Seen Malware Variant
2022-03-21 - [QuickNote] Analysis of Pandora ransomware
2022-03-21 - eSentire Threat Intelligence Malware Analysis- HermeticWiper & PartyTicket
2022-03-22 - Analyzing Exmatter- A Ransomware Data Exfiltration Tool
2022-03-22 - BitRAT Malware Seen Spreading Through Unofficial Microsoft Windows Activators
2022-03-22 - Cobalt Strike- Overview – Part 7
2022-03-22 - Conti ransomware leaks - what happens when hackers support Russia
2022-03-22 - DEV-0537 (LAPSUS$-UNC3661) criminal actor targeting organizations for data exfiltration and destruction
2022-03-22 - DEV-0537 (UNC3661) criminal actor targeting organizations for data exfiltration and destruction
2022-03-22 - Dissecting a Phishing Campaign with a Captcha-based URL
2022-03-22 - Hunters Become The Hunted- Clipper Malware Disguised As AvD Crypto Stealer
2022-03-22 - Microsoft and Okta Confirm Breach by LAPSUS$ Extortion Group
2022-03-22 - Microsoft confirms they were hacked by Lapsus$ extortion group
2022-03-22 - Operation Dragon Castling- APT group targeting betting companies
2022-03-22 - Quantum Attack System – NSA -APT-C-40- Hacking Organization High-end Cyber Attack Weapon Technical Analysis Report (I)
2022-03-22 - Storm Cloud on the Horizon- GIMMICK Malware Strikes at macOS
2022-03-22 - This is a BlackCat you don't want crossing your path
2022-03-22 - What does Go-written malware look like- Here's a sample under the microscope
2022-03-23 - A Closer Look at the LAPSUS$ Data Extortion Group
2022-03-23 - Analysis of Attack Activity of PROMETHIUM Disguised
2022-03-23 - Arkei Variants- From Vidar to Mars Stealer
2022-03-23 - Bad Actors Trying to Capitalize on Current Events via Shameless Email Scams
2022-03-23 - Conti puts the organized in organized crime
2022-03-23 - Falcon OverWatch Threat Hunting Contributes to Seamless Protection Against Novel BlackCat Attack
2022-03-23 - GOLD ULRICK Leaks Reveal Organizational Structure and Relationships
2022-03-23 - Gone in 52 Seconds…and 42 Minutes- A Comparative Analysis of Ransomware Encryption Speed
2022-03-23 - Hunting Emotet campaigns with Kusto
2022-03-23 - It’s official, Lapsus$ gang compromised a Microsoft employee’s account
2022-03-23 - LokiLocker Ransomware May Use False Flag to Avoid Identification
2022-03-23 - MS Office Files Involved Again in Recent Emotet Trojan Campaign – Part II
2022-03-23 - Midas Ransomware - Tracing the Evolution of Thanos Ransomware Variants
2022-03-23 - Mustang Panda’s Hodur- Old tricks, new Korplug variant
2022-03-23 - New JSSLoader Trojan Delivered Through XLL Files
2022-03-23 - New Mustang Panda hacking campaign targets diplomats, ISPs
2022-03-23 - Not So Lazarus- Mapping DPRK Cyber Threat Groups to Government Organizations
2022-03-23 - Raccoon Stealer – An Insight into Victim “Gates”
2022-03-23 - Tracking cyber intruders with Jupyter and Python
2022-03-23 - Trustwave’s Action Response- The Lapsus$ Hacker Group Shows Us the Importance of Securing the Digital Supply Chain
2022-03-23 - abuse mikrotik router by GLUPTEBA malware
2022-03-24 - Alert (AA22-083A) Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector
2022-03-24 - Another cyber espionage campaign in the Russia-Ukrainian ongoing cyber attacks
2022-03-24 - Chinese APT Combines Fresh Hodur RAT with Complex Anti-Detection
2022-03-24 - Chinese Threat Actor Scarab Targeting Ukraine
2022-03-24 - Coper Banking Trojan- Android Malware Posing As Google Play Store App Installer
2022-03-24 - Countering threats from North Korea
2022-03-24 - Crypto malware in patched wallets targeting Android and iOS devices
2022-03-24 - GIMMICK Malware Attacks macOS to Attack Organizations Across Asia
2022-03-24 - IsaacWiper Continues Trend of Wiper Attacks Against Ukraine
2022-03-24 - Malicious Microsoft Excel add-ins used to deliver RAT malware
2022-03-24 - Microsoft Help Files Disguise Vidar Malware
2022-03-24 - Microsoft help files repurposed to contain Vidar malware in new campaign
2022-03-24 - Muhstik Gang targets Redis Servers
2022-03-24 - Phishing-kit market- what’s inside “off-the-shelf” phishing packages
2022-03-24 - Ransomware Threat Report 2022
2022-03-24 - Threat Advisory- DoubleZero
2022-03-24 - Threat Brief- Lapsus$ Group
2022-03-24 - Threat Thursday- SunSeed Malware Targets Ukraine Refugee Aid Efforts
2022-03-24 - UK exposes Russian spy agency behind cyber incidents
2022-03-24 - Ukrainian Cyber Lead Says ‘At Least 4 Types of Malware’ in Use to Target Critical Infrastructure and Humanitarian Aid
2022-03-24 - Vidar Malware Launcher Concealed in Help File
2022-03-25 - Conti Ransomware Attacks Persist With an Updated Version Despite Leaks
2022-03-25 - Cyber Attackers Leverage Russia-Ukraine Conflict in Multiple Spam Campaigns
2022-03-25 - Cybercriminal Connected to Multimillion Dollar Ransomware Attacks Sentenced for Online Fraud Schemes
2022-03-25 - Mining data from Cobalt Strike beacons
2022-03-25 - Mustang Panda's Hodur- Old stuff, new variant of Korplug
2022-03-25 - Purple Fox Uses New Arrival Vector and Improves Malware Arsenal (IOCs)
2022-03-25 - Purple Fox Uses New Arrival Vector and Improves Malware Arsenal
2022-03-25 - Raccoon Stealer malware suspends operations due to war in Ukraine
2022-03-25 - Rafel Rat GitHub repository
2022-03-25 - XLSB Files- Because Binary is Stealthier Than XML
2022-03-26 - An AgentTesla Sample Using VBA Macros and Certutil
2022-03-26 - Analysis of a Caddy Wiper Sample Targeting Ukraine
2022-03-27 - A Case of Vidar Infostealer - Part 1 (Unpacking)
2022-03-27 - Conti ransomware source code investigation - part 1
2022-03-27 - Hive ransomware ports its Linux VMware ESXi encryptor to Rust
2022-03-28 - 'Purple Fox' Hackers Spotted Using New Variant of FatalRAT in Recent Malware Attacks
2022-03-28 - A Step-by-Step Analysis of the Russian APT Turla Backdoor called TinyTurla
2022-03-28 - Avast Finds Compromised Philippine Navy Certificate Used in Remote Access Tool
2022-03-28 - Betabot in the Rearview Mirror
2022-03-28 - Emotet is Back
2022-03-28 - Malicious Macros and Zone Identifier Alternate Data Stream Information Bypass
2022-03-28 - Microsoft Exchange targeted for IcedID reply-chain hijacking attacks
2022-03-28 - New Conversation Hijacking Campaign Delivering IcedID
2022-03-28 - New documents for the Okta breach
2022-03-28 - PlugX- A Talisman to Behold
2022-03-28 - Pwning Microsoft Azure Defender for IoT - Multiple Flaws Allow Remote Code Execution for All
2022-03-28 - Spoofed Invoice Used to Drop IcedID
2022-03-28 - SunCrypt Ransomware Gains New Capabilities in 2022
2022-03-28 - SunCrypt ransomware is still alive and kicking in 2022
2022-03-28 - Threat Update DoubleZero Destructor
2022-03-28 - VBS Script Disguised as PDF File Being Distributed (Kimsuky)
2022-03-29 - A Large-Scale Supply Chain Attack Distributed Over 800 Malicious NPM Packages
2022-03-29 - APT Attack Impersonating Defector Resume Form (VBS SCRIPT)
2022-03-29 - Exchange Servers Speared in IcedID Phishing Campaign
2022-03-29 - Exclusive Threat Research- Mars (Stealer) Attacks!
2022-03-29 - From the Front Lines - Hive Ransomware Deploys Novel IPfuscation Technique To Avoid Detection
2022-03-29 - Hackers use modified MFA tool against Indian govt employees
2022-03-29 - Intrusion Truth - Five Years of Naming and Shaming China’s Spies
2022-03-29 - New spear phishing campaign targets Russian dissidents
2022-03-29 - Putin’s hackers gained full access to Hungary’s foreign ministry networks, the Orbán government has been unable to stop them
2022-03-29 - Threat Alert- First Python Ransomware Attack Targeting Jupyter Notebooks
2022-03-29 - Transparent Tribe campaign uses new bespoke malware to target Indian government officials
2022-03-29 - Unmasking China’s State Hackers
2022-03-29 - Verblecon- Sophisticated New Loader Used in Low-level Attacks
2022-03-29 - Woche 12- Schadsoftware «FluBot» in der Schweiz wieder aktiv und Web-Administratoren erhalten Drohmails von angeblich ukrainischen Hackern
2022-03-30 - Analysis of BlackGuard - a new info stealer malware being sold in a Russian hacking forum
2022-03-30 - Cloud Atlas Maldoc
2022-03-30 - Detecting COM Object Tasks by DarkHotel
2022-03-30 - Hive ransomware uses new 'IPfuscation' trick to hide payload
2022-03-30 - Malicious Word File Targeting Corporate Users Being Distributed
2022-03-30 - New Milestones for Deep Panda- Log4Shell and Digitally Signed Fire Chili Rootkits
2022-03-30 - New Wave Of Remcos RAT Phishing Campaign
2022-03-30 - Phishing campaign targets Russian govt dissidents with Cobalt Strike
2022-03-30 - Social Engineering Remains Key Tradecraft for Iranian APTs
2022-03-30 - This new ransomware targets data visualization tool Jupyter Notebook
2022-03-30 - Tracking cyber activity in Eastern Europe
2022-03-30 - Who is EMBER BEAR-
2022-03-31 - AcidRain - A Modem Wiper Rains Down on Europe
2022-03-31 - CVE-2022-22965- Spring Core Remote Code Execution Vulnerability Exploited In the Wild (SpringShell)
2022-03-31 - Cloudy with a Chance of Unclear Mailbox Sync- CrowdStrike Services Identifies Logging Inconsistencies in Microsoft 365
2022-03-31 - Conti Leaks- Examining the Panama Papers of Ransomware
2022-03-31 - Conti-nuation- methods and techniques observed in operations post the leaks
2022-03-31 - Deep Dive Analysis - Borat RAT
2022-03-31 - FORCEDENTRY- Sandbox Escape
2022-03-31 - How to- Detect and prevent common data exfiltration attacks
2022-03-31 - Lazarus Trojanized DeFi app for delivering malware
2022-03-31 - LockBit victim estimates cost of ransomware attack to be $42 million
2022-03-31 - Meet BlackGuard- a new infostealer peddled on Russian hacker forums
2022-03-31 - New BlackGuard password-stealing malware sold on hacker forums
2022-03-31 - New Password-Stealing Malware Sells on Hacking Forum! Chrome, Binance, Outlook, Telegram Users Affected-
2022-03-31 - Novel obfuscation leveraged by Hive ransomware
2022-03-31 - Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965
2022-03-31 - Spring4Shell- Security Analysis of the latest Java RCE '0-day' vulnerabilities in Spring
2022-03-31 - State-sponsored Attack Groups Capitalise on Russia-Ukraine War for Cyber Espionage
2022-03-31 - Suspected AsyncRAT Delivered via ISO Files Using HTML Smuggling Technique
2022-03-31 - Threat Thursday- Malicious Macros Still Causing Chaos
2022-03-31 - VIASAT incident- from speculation to technical details.
2022-03-31 - Viasat confirms satellite modems were wiped with AcidRain malware
2022-03-31 - eSentire Threat Intelligence Malware Analysis- CaddyWiper
2022-04-01 - BERT Embeddings- A Modern Machine-learning Approach for Detecting Malware from Command Lines (Part 2 of 2)
2022-04-01 - Chinese Hackers Target VMware Horizon Servers with Log4Shell to Deploy Rootkit
2022-04-01 - Complete dissection of an APK with a suspicious C2 Server
2022-04-01 - Dissecting Blackguard Info Stealer
2022-04-01 - Fresh TOTOLINK Vulnerabilities Picked Up by Beastmode Mirai Campaign
2022-04-01 - New UAC-0056 activity- There’s a Go Elephant in the room
2022-04-01 - Newly found Android malware records audio, tracks your location
2022-04-01 - Rising Stealer in Q1 2022- BlackGuard Stealer
2022-04-01 - Scammers are Exploiting Ukraine Donations
2022-04-01 - The Week in Ransomware - April 1st 2022 - 'I can fight with a keyboard'
2022-04-01 - Threat Update- CaddyWiper
2022-04-01 - What Our Honeypot Sees Just One Day After The Spring4Shell Advisory
2022-04-02 - Cyber Espionage Actor Deploying Malware Using Excel
2022-04-02 - Emotet Analysis Part 1- Unpacking
2022-04-02 - Malware development tricks. Find kernel32.dll base- asm style. C++ example.
2022-04-02 - Study of targeted attacks on Russian research institutes
2022-04-03 - New Borat remote access malware is no laughing matter
2022-04-04 - AcidRain Wiper Malware hit Routers and Modems, Haults Communication
2022-04-04 - Confirmation of damage to domestic e-commerce sites, actual situation of Web skimming attacks and examples of countermeasures that Rack thinks (Water Pamola)
2022-04-04 - Detailed Analysis of LAPSUS$ Cybercriminal Group that has Compromised Nvidia, Microsoft, Okta, and Globant
2022-04-04 - Elephant Framework Delivered in Phishing Attacks Against Ukrainian Organizations
2022-04-04 - Experts Shed Light on BlackGuard Infostealer Malware Sold on Russian Hacking Forums
2022-04-04 - FIN7 Power Hour Adversary Archaeology and the Evolution of FIN7
2022-04-04 - FIN7 Power Hour- Adversary Archaeology and the Evolution of FIN7
2022-04-04 - Ransomware Spotlight- AvosLocker
2022-04-04 - Sharing is Caring- Abusing Shared Sections for Code Injection
2022-04-04 - Spring4Shell (CVE-2022-22965)- details and mitigations
2022-04-04 - Stolen Images Campaign Ends in Conti Ransomware
2022-04-04 - The Ransomware Files, Episode 6- Kaseya and REvil
2022-04-05 - A New Info Stealer Targeting Over 30 Browsers
2022-04-05 - Azure Active Directory Exposes Internal Information
2022-04-05 - Chinese hackers abuse VLC Media Player to launch malware loader
2022-04-05 - Cicada- Chinese APT Group Widens Targeting in Recent Espionage Activity
2022-04-05 - Colibri Loader combines Task Scheduler and PowerShell in clever persistence technique
2022-04-05 - Incident report- From CLI to console, chasing an attacker in AWS
2022-04-05 - Justice Department Investigation Leads to Shutdown of Largest Online Darknet Marketplace
2022-04-05 - Malicious Word Documents Using MS Media Player (Impersonating AhnLab)
2022-04-05 - Move fast and commit crimes Contis development teams mirror corporate tech
2022-04-05 - New Analysis- The CaddyWiper Malware Attacking Ukraine
2022-04-05 - Peace through Pegasus Jordanian Human Rights Defenders and Journalists Hacked with Pegasus Spyware
2022-04-05 - RTF template injection sample targeting Malaysia
2022-04-05 - Russia's FSB malign activity- factsheet
2022-04-05 - Threat Spotlight- AsyncRAT campaigns feature new version of 3LOSH crypter
2022-04-05 - Thwarting Loaders- From SocGholish to BLISTER’s LockBit Payload (IoCs)
2022-04-05 - Thwarting Loaders- From SocGholish to BLISTER’s LockBit Payload
2022-04-05 - eSentire Threat Intelligence Malware Analysis- DoubleZero
2022-04-05 - eSentire Threat Intelligence Malware Analysis- HeaderTip
2022-04-06 - Attorney General Merrick B. Garland Announces Enforcement Actions to Disrupt and Prosecute Russian Criminal Activity (video)
2022-04-06 - Cado Discovers Denonia- The First Malware Specifically Targeting Lambda
2022-04-06 - Fake e‑shops on the prowl for banking credentials using Android malware
2022-04-06 - Justice Department Announces Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate (GRU)
2022-04-06 - Karakurt Hacking Team Indicators of Compromise (IOC)
2022-04-06 - Lockbit 3.0- Another Upgrade to World’s Most Active Ransomware
2022-04-06 - Operation Bearded Barbie- APT-C-23 Campaign Targeting Israeli Officials
2022-04-06 - TRM Analysis Corroborates Suspected Ties Between Conti and Ryuk Ransomware Groups and Wizard Spider
2022-04-06 - Tax Return Customer Campaign Attempts to Infect Victims with Sorillus RAT
2022-04-06 - The Latest Remcos RAT Driven By Phishing Campaign
2022-04-06 - US disrupts Russian Cyclops Blink botnet before being used in attacks
2022-04-06 - UpdateAgent macOS Malware
2022-04-06 - WannaHusky Malware Analysis w- YARA + TTPs
2022-04-06 - Windows MetaStealer Malware
2022-04-06 - Yanluowang Ransomware Analysis
2022-04-07 - A Bad Luck BlackCat
2022-04-07 - Denys Iarmak, Member of hacking group (FIN7) sentenced for scheme that compromised tens of millions of debit and credit cards
2022-04-07 - Disrupting cyberattacks targeting Ukraine (APT28)
2022-04-07 - First Malware Targeting AWS Lambda Serverless Platform Discovered
2022-04-07 - Google is on guard- sharks shall not pass!
2022-04-07 - Hamas-linked Hackers Targeting High-Ranking Israelis Using 'Catfish' Lures
2022-04-07 - Looking Inside Pandora’s Box
2022-04-07 - Malicious web redirect service infects 16,500 sites to push malware
2022-04-07 - Malpedia Page for GraphSteel
2022-04-07 - Mars, a red-hot information stealer
2022-04-07 - MoqHao Part 2- Continued European Expansion
2022-04-07 - New Octo Banking Trojan Spreading via Fake Apps on Google Play Store
2022-04-07 - North Korea- Intelligence Assessment 2022
2022-04-07 - Parrot TDS takes over web servers and threatens millions
2022-04-07 - Revenge RAT Malware is back- From Microsoft Excel macros to Remote Access Trojan
2022-04-07 - SPM55- Ascending the Ranks of Indonesian Phishing As A Service Offerings
2022-04-07 - Threat Thursday- AvosLocker Prompts Advisory from FBI and FinCEN
2022-04-07 - Ukraine CyberWar Overview
2022-04-07 - You Bet Your Lsass- Hunting LSASS Access
2022-04-08 - CVE-2022-22965- Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware
2022-04-08 - China accused of cyberattacks on Indian power grid
2022-04-08 - ConversingLabs Ep. 2- Conti pivots as ransomware as a service struggles
2022-04-08 - Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware
2022-04-08 - Look out for Octo's tentacles! A new on-device fraud Android Banking Trojan with a rich legacy
2022-04-08 - Microsoft Obtains Court Order to Take Down Domains Used to Target Ukraine
2022-04-08 - New SolarMarker (Jupyter) Campaign Demonstrates the Malware’s Changing Attack Patterns
2022-04-08 - Researchers Connect BlackCat Ransomware with Past BlackMatter Malware Activity
2022-04-08 - Scammers make off with $1.6 million in crypto Fake giveaways hit bitcoiners again. Now on YouTube
2022-04-09 - Hackers use Conti's leaked ransomware to attack Russian companies
2022-04-09 - Method of analyzing and unpacking compressed PE (Portable Executable) files
2022-04-09 - New Android banking malware remotely takes control of your device
2022-04-09 - Two men arrested for impersonating DHS employees. Lets unravel some infrastructure.
2022-04-10 - New Meta information stealer distributed in malspam campaign
2022-04-10 - Qakbot Series- String Obfuscation
2022-04-10 - Threatening Redirect Web Service Instills Malicious Campaigns In Over 16,500 Websites
2022-04-10 - Zebrocy Malware Technical Analysis Report
2022-04-11 - Analysis of the SunnyDay ransomware
2022-04-11 - CISA warns orgs of WatchGuard bug exploited by Russian state hackers
2022-04-11 - Conti ransomware source code investigation - part 2
2022-04-11 - DPRK-Nexus Adversary Targets South-Korean Individuals In A New Chapter of Kitty Phishing Operation
2022-04-11 - Fake Chrome Setup Leads to NetSupportManager RAT and Mars Stealer
2022-04-11 - Fakecalls- a talking Trojan
2022-04-11 - IRQLs Close Encounters of the Rootkit Kind
2022-04-11 - Obfuscated obfuscation
2022-04-11 - Process Injection using CreateRemoteThread API
2022-04-11 - Qbot malware switches to new Windows Installer infection vector
2022-04-11 - Researchers warn of FFDroider and Lightning info-stealers targeting users in the wild
2022-04-11 - Snow Abuse- Analysis of the Suspected Lazarus Attack Activities against South Korean Companies
2022-04-12 - Attackers linger on government agency computers before deploying Lockbit ransomware
2022-04-12 - Enemybot- A Look into Keksec's Latest DDoS Botnet
2022-04-12 - Ghidra script to handle stack strings
2022-04-12 - Industroyer2- Industroyer reloaded
2022-04-12 - Industroyer2- Industroyer reloaded
2022-04-12 - Malware Campaigns Targeting African Banking Sector
2022-04-12 - March 2022’s Most Wanted Malware- Easter Phishing Scams Help Emotet Assert its Dominance
2022-04-12 - Qbot Botnet Deploys Malware Payloads Through Malicious Windows Installers
2022-04-12 - Recent attacks by Bahamut group revealed
2022-04-12 - SystemBC Being Used by Various Attackers
2022-04-12 - Tarrask malware uses scheduled tasks for defense evasion
2022-04-12 - The State of Stalkerware in 2021
2022-04-12 - Threat Profile- Avaddon
2022-04-12 - Threat Profile- Conti
2022-04-12 - Threat Profile- Hive
2022-04-12 - Threat Profile- LockBit
2022-04-12 - Threat Profile- REvil
2022-04-13 - Alert (AA22-103A) APT Cyber Tools Targeting ICS-SCADA Devices
2022-04-13 - Court order for taking down Zloader Infrastructure
2022-04-13 - Dismantling ZLoader- How malicious ads led to disabled security tools and ransomware
2022-04-13 - ESET takes part in global operation to disrupt Zloader botnets
2022-04-13 - Emotet modules and recent attacks
2022-04-13 - Fodcha, a new DDos botnet
2022-04-13 - INCONTROLLER- New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems
2022-04-13 - New Threat- The Muffled Fodcha Botnet
2022-04-13 - Notorious cybercrime gang’s botnet disrupted
2022-04-13 - Qakbot Series- Configuration Extraction
2022-04-13 - What is going on with Lapsus$-
2022-04-13 - Zhadnost strikes again… this time in Finland.
2022-04-14 - -Haskers Gang- Introduces New ZingoStealer
2022-04-14 - 404 — File still found
2022-04-14 - Blinding Snort- Breaking The Modbus OT Preprocessor
2022-04-14 - Hackers target Ukrainian govt with IcedID malware, Zimbra exploits
2022-04-14 - Hacking activity of SectorB Group in 2021 Chinese government supported hacking group SectorB
2022-04-14 - Lazarus Targets Chemical Sector
2022-04-14 - New ZingoStealer infostealer drops more malware, cryptominers
2022-04-14 - Old Gremlins, new methods
2022-04-14 - Orion Threat Alert- Flight of the BumbleBee
2022-04-14 - Threat Spotlight- -Haskers Gang- Introduces New ZingoStealer
2022-04-14 - Threat Thursday- HeaderTip Backdoor Shows Attackers from China Preying on Ukraine
2022-04-14 - Zloader 2- The Silent Night
2022-04-15 - Karakurt revealed as data extortion arm of Conti cybercrime syndicate
2022-04-15 - Revisiting BatLoader C2 structure
2022-04-15 - STRT-TA03 CPE - Destructive Software
2022-04-15 - The Karakurt Web- Threat Intel and Blockchain Analysis Reveals Extension of Conti Business Model
2022-04-15 - Top 10 Malware March 2022
2022-04-15 - Tough Times for Ukrainian Honeypot-
2022-04-16 - Qakbot Series- Process Injection
2022-04-16 - Snip3 Crypter used with DCRat via VBScript
2022-04-17 - Lessons from the Conti Leaks
2022-04-17 - Qakbot Series- API Hashing
2022-04-17 - Reversing a NSIS dropper using quick and dirty shellcode emulation
2022-04-18 - A blueprint for evading industry leading endpoint protection in 2022
2022-04-18 - A new type of malware from the Lazarus attack group that exploits the INITECH process.
2022-04-18 - Alert (AA22-108A)- TraderTraitor- North Korean State-Sponsored APT Targets Blockchain Companies
2022-04-18 - An Investigation of the BlackCat Ransomware via Trend Micro Vision One
2022-04-18 - CatalanGate Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru
2022-04-18 - Conti Group Targets ESXi Hypervisors With its Linux Variant
2022-04-18 - Enter KaraKurt- Data Extortion Arm of Prolific Ransomware Group
2022-04-18 - Free decryptor released for Yanluowang ransomware victims
2022-04-18 - From the Front Lines - Peering into A PYSA Ransomware Attack
2022-04-18 - How to recover files encrypted by Yanlouwang
2022-04-18 - New BotenaGo Variant Discovered by Nozomi Networks Labs
2022-04-18 - Nobelium - Israeli Embassy Maldoc
2022-04-18 - Trends in the Recent Emotet Maldoc Outbreak
2022-04-18 - Under The Lens- Eagle Monitor RAT - Upgraded Version Of RAT With New TTPs
2022-04-18 - Unofficial Windows 11 upgrade installs info-stealing malware
2022-04-19 - BAZARLOADER- Unpacking An ISO File Infection
2022-04-19 - Emotet botnet switches to 64-bit modules, increases activity
2022-04-19 - Extracting Cobalt Strike from Windows Error Reporting
2022-04-19 - Fake MetaMask App Steals Cryptocurrency
2022-04-19 - Hive Ransomware Analysis
2022-04-19 - Stop Crypto Kleptos in Their Tracks
2022-04-19 - Using Emulation Against Anti-Reverse Engineering Techniques
2022-04-20 - 'aa' distribution Qakbot (Qbot) infection with DarkVNC traffic
2022-04-20 - Alert (AA22-110A)- Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
2022-04-20 - Analyzing Attempts to Exploit the Spring4Shell Vulnerability CVE-2022-22965 to Deploy Cryptocurrency Miners
2022-04-20 - Mars Stealer malware analysis
2022-04-20 - Microsoft Exchange servers hacked to deploy Hive ransomware
2022-04-20 - REvil's TOR sites come alive to redirect to new ransomware operation
2022-04-20 - Russian hackers target Czech websites in a series of cyberattacks
2022-04-20 - Shuckworm- Espionage Group Continues Intense Campaign Against Ukraine
2022-04-21 - GOLD ULRICK Continues Conti Operations Despite Public Disclosures
2022-04-21 - Hackers Spearphish Corporate Hiring Managers with Poisoned Resumes, Infecting Them with the More_Eggs Malware, Warns eSentire
2022-04-21 - Nokoyawa Ransomware - New Karma-Nemty Variant Wears Thin Disguise
2022-04-21 - Prynt Stealer Spotted In The Wild
2022-04-21 - Threat Thursday- BlackGuard Infostealer Rises from Russian Underground Markets
2022-04-21 - Understanding Cobalt Strike Profiles - Updated For Cobalt Strike 4.6
2022-04-21 - Warez users fell for Certishell
2022-04-23 - Cryptojacking on the Fly- TeamTNT Using NVIDIA Drivers to Mine Cryptocurrency
2022-04-23 - Industroyer2 in Perspective
2022-04-24 - Github Repository for Stealerium
2022-04-24 - Shortcut to Emotet, an odd TTP change
2022-04-25 - Choziosi Loader- Multi-platform campaign delivering browser extension malware
2022-04-25 - Deep Dive into the Elephant Framework – A New Cyber Threat in Ukraine
2022-04-25 - Defeating BazarLoader Anti-Analysis Techniques
2022-04-25 - Full RedLine malware analysis - IoCs - Stealing information
2022-04-25 - INDUSTROYER.V2- Old Malware Learns New Tricks
2022-04-25 - Industroyer2 IEC-104 Analysis
2022-04-25 - New Core Impact Backdoor Delivered Via VMware Vulnerability
2022-04-25 - Quantum Ransomware
2022-04-25 - Simple PDF Linking to Malicious Content
2022-04-25 - Static unpacker and decoder for Hello Kitty Packer
2022-04-25 - THREAT ANALYSIS REPORT- SocGholish and Zloader – From Fake Updates and Installers to Owning Your Systems
2022-04-25 - [RE026] A Deep Dive into Zloader - the Silent Night
2022-04-26 - A -Naver--ending game of Lazarus APT
2022-04-26 - American Dental Association hit by new Black Basta ransomware
2022-04-26 - Conti and Emotet A constantly destructive duo
2022-04-26 - Emotet Tests New Delivery Techniques
2022-04-26 - Emotet malware now installs via PowerShell in Windows shortcut files
2022-04-26 - Hive0117 Continues Fileless Malware Delivery in Eastern Europe
2022-04-26 - How Cybercriminals Abuse Cloud Tunneling Services
2022-04-27 - A lookback under the TA410 umbrella- Its cyberespionage TTPs and activity
2022-04-27 - Alert (AA22-117A) 2021 Top Routinely Exploited Vulnerabilities
2022-04-27 - Assembling the Russian Nesting Doll- UNC2452 Merged into APT29
2022-04-27 - BRONZE PRESIDENT Targets Russian Speakers with Updated PlugX
2022-04-27 - Detecting Ransomware’s Stealthy Boot Configuration Edits
2022-04-27 - Emotet Returns With New TTPs And Delivers .Lnk Files To Its Victims
2022-04-27 - IOCs for Earth Berberoka - Linux
2022-04-27 - IOCs for Earth Berberoka - MacOS
2022-04-27 - IOCs for Earth Berberoka - Windows
2022-04-27 - IOCs for Earth Berberoka
2022-04-27 - Industroyer2- Nozomi Networks Labs Analyzes the IEC 104 Payload
2022-04-27 - LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility
2022-04-27 - New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
2022-04-27 - New Black Basta ransomware springs into action with a dozen breaches
2022-04-27 - RedLine Stealer Resurfaces in Fresh RIG Exploit Kit Campaign
2022-04-27 - Reverse Engineering PsExec for fun and knowledge
2022-04-27 - Stonefly- North Korea-linked Spying Operation Continues to Hit High-value Targets
2022-04-27 - Targeted attack on Thailand Pass customers delivers AsyncRAT
2022-04-27 - The chronicles of Bumblebee- The Hook, the Bee, and the Trickbot connection
2022-04-27 - eSentire Threat Intelligence Malware Analysis- SolarMarker
2022-04-28 - An Overview of the Increasing Wiper Malware Threat
2022-04-28 - Chinese APT Bronze President Mounts Spy Campaign on Russian Military
2022-04-28 - LAPSUS$- Recent techniques, tactics and procedures
2022-04-28 - New Bumblebee malware replaces Conti's BazarLoader in cyberattacks
2022-04-28 - Peeking into PrivateLoader
2022-04-28 - Ransomware- How Attackers are Breaching Corporate Networks
2022-04-28 - This isn't Optimus Prime's Bumblebee but it's Still Transforming
2022-04-28 - Threat Thursday- BoratRAT
2022-04-28 - Trello From the Other Side- Tracking APT29 Phishing Campaigns
2022-04-29 - Adventures in the land of BumbleBee – a new malicious loader
2022-04-29 - Attack Graph Response to UNC1151 Continued Targeting of Ukraine
2022-04-29 - German wind farm operator confirms cybersecurity incident
2022-04-29 - Sliver Case Study- Assessing Common Offensive Security Tools The Use of the Sliver C2 Framework for Malicious Purposes
2022-04-29 - Stormous- The Pro-Russian, Clout Hungry Ransomware Gang Targets the US and Ukraine
2022-04-29 - The LOTUS PANDA Is Awake, Again. Analysis Of Its Last Strike.
2022-04-29 - Using EPSS to Predict Threats and Secure Your Network
2022-04-29 - Warning- GRIM and Magnus Android Botnets are Underground
2022-04-30 - Fake Windows 10 updates infect you with Magniber ransomware
2022-04-30 - PortDoor- New Chinese APT Backdoor Attack Targets Russian Defense Sector
2022-05-01 - Gamer Cheater Hacker Spy
2022-05-01 - REvil Reborn Ransom Config
2022-05-02 - Analysis on recent wiper attacks- examples and how wiper malware works
2022-05-02 - AsyncRAT Activity
2022-05-02 - Attack Campaigns that Exploit Shortcuts and ISO Files
2022-05-02 - AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell
2022-05-02 - Detecting Hypervisor-assisted Hooking
2022-05-02 - Moshen Dragon’s Triad-and-Error Approach - Abusing Security Software to Sideload PlugX and ShadowPad
2022-05-02 - UNC3524- Eye Spy on Your Email
2022-05-03 - A new BluStealer Loader Uses Direct Syscalls to Evade EDRs
2022-05-03 - Analysis of BlackByte Ransomware's Go-Based Variants
2022-05-03 - Conti and Hive ransomware operations- What we learned from these groups' victim chats
2022-05-03 - SOLARDEFLECTION C2 Infrastructure Used by NOBELIUM in Company Brand Misuse
2022-05-03 - Subdomain Takeovers and 1.1 million “dangling” risks
2022-05-03 - The Hermit Kingdom’s Ransomware play
2022-05-03 - The Strange Link Between A Destructive Malware And A Ransomware-Gang Linked Custom Loader- IsaacWiper Vs Vatet
2022-05-03 - Unpacking Python Executables on Windows and Linux
2022-05-03 - Update on cyber activity in Eastern Europe
2022-05-04 - A new secret stash for “fileless” malware
2022-05-04 - Attacking Emotet’s Control Flow Flattening
2022-05-04 - Chinese Naikon Group Back with New Espionage Attack
2022-05-04 - Compromised Docker Honeypots Used for Pro-Ukrainian DoS Attack
2022-05-04 - Fresh Phish- Britain’s National Health Service Infected by Massive Phishing Campaign
2022-05-04 - Old Services, New Tricks- Cloud Metadata Abuse by UNC2903
2022-05-04 - Operation CuckooBees- A Winnti Malware Arsenal Deep-Dive
2022-05-04 - Operation CuckooBees- Deep-Dive into Stealthy Winnti Techniques
2022-05-04 - Scheduled Task Tampering
2022-05-04 - Tips for Automating IOC Extraction from GootLoader, a Changing JavaScript Malware
2022-05-05 - A Sticky Situation Part 1- The Pervasive Nature of Credit Card Skimmers
2022-05-05 - Analysis of MS Word to drop Remcos RAT - VBA extraction and analysis - IoCs
2022-05-05 - BLISTER Loader
2022-05-05 - Cybercrime loves company Conti cooperated with other ransomware gangs
2022-05-05 - Mustang Panda deploys a new wave of malware targeting Europe
2022-05-05 - NetDooka Framework Distributed via PrivateLoader Malware as Part of Pay-Per-Install Service
2022-05-05 - Nigerian Tesla- 419 scammer gone malware distributor unmasked
2022-05-05 - North Korea’s Lazarus- their initial access trade-craft using social media and social engineering
2022-05-05 - Raspberry Robin gets the worm early
2022-05-05 - Studying “Next Generation Malware” - NightHawk’s Attempt At Obfuscate and Sleep
2022-05-05 - The Sample- Beating the Malware Piñata
2022-05-05 - Threat Thursday- ZingoStealer – The Cost of “Free”
2022-05-05 - Tinker Telco Soldier Spy (to be given 2022-06-27)
2022-05-06 - Cobalt Strike Analysis and Tutorial- CS Metadata Encoding and Decoding
2022-05-06 - Emotet- New Delivery Mechanism to Bypass VBA Protection
2022-05-06 - Mobile subscription Trojans and their little tricks
2022-05-06 - OFAC Sanctions Virtual Asset Mixer For the First Time to Combat North Korea’s Lazarus Group
2022-05-06 - Ransomware- LockBit 3.0 Starts Using in Cyberattacks
2022-05-06 - Rebranded Babuk Ransomware In Action- DarkAngels Ransomware Performs Targeted Attack
2022-05-06 - This New Fileless Malware Hides Shellcode in Windows Event Logs
2022-05-06 - macOS Malware Is More Reality Than Myth- Popular Threats and Challenges in Analysis
2022-05-08 - Tracking Cobalt Strike Servers Used in Cyberattacks on Ukraine
2022-05-08 - Ursnif Malware Banks on News Events for Phishing Attacks
2022-05-09 - Cybereason vs. Quantum Locker Ransomware
2022-05-09 - Dirty Deeds Done Dirt Cheap- Russian RAT Offers Backdoor Bargains
2022-05-09 - Emotet C2 and Spam Traffic Video
2022-05-09 - Examining the Black Basta Ransomware’s Infection Routine
2022-05-09 - From the Front Lines - Unsigned macOS oRAT Malware Gambles For The Win
2022-05-09 - Hiding in Plain Sight- Obscuring C2s by Abusing CDN Services
2022-05-09 - Octopus Backdoor is Back with a New Embedded Obfuscated Bat File
2022-05-09 - REvil Development Adds Confidence About GOLD SOUTHFIELD Reemergence
2022-05-09 - Ransomware-as-a-service- Understanding the cybercrime gig economy and how to protect yourself
2022-05-09 - SEO Poisoning – A Gootloader Story
2022-05-10 - A Malware Analysis in RU-AU conflict
2022-05-10 - A Tale of Two Markets - Investigating the Ransomware Payments Economy
2022-05-10 - APT34 targets Jordan Government using new Saitama backdoor
2022-05-10 - Info-stealer Campaign targets German Car Dealerships and Manufacturers
2022-05-10 - Malicious PDF Document Analysis - Lazyscripter
2022-05-10 - Redline Stealer Masquerades as Photo Editing Software
2022-05-11 - Analysis of an Iranian APTs E400 PowGoop Variant Reveals Dozens of Control Servers Dating Back to 202
2022-05-11 - BPFDoor - An Evasive Linux Backdoor Technical Analysis
2022-05-11 - Bitter APT Hackers Add Bangladesh to Their List of Targets in South Asia
2022-05-11 - Bitter APT adds Bangladesh to their targets
2022-05-11 - Detecting a MUMMY SPIDER campaign and Emotet infection
2022-05-11 - Nerbian RAT Using COVID-19 Themes Features Sophisticated Evasion Techniques
2022-05-11 - New ransomware trends in 2022
2022-05-11 - Operation RestyLink- Targeted attack campaign targeting Japanese companies
2022-05-11 - Please Confirm You Received Our APT
2022-05-11 - Proactive Threat Hunting Bears Fruit- Falcon OverWatch Detects Novel IceApple Post-Exploitation Framework
2022-05-11 - TA578 using thread-hijacked emails to push ISO files for Bumblebee malware
2022-05-11 - Transparent Tribe Targets Educational Institution
2022-05-12 - A Closer Look At Eternity Malware- Threat Actors Leveraging Telegram To Build Malware
2022-05-12 - A closer look at Eternity Malware
2022-05-12 - COBALT MIRAGE Conducts Ransomware Operations in U.S.
2022-05-12 - Eternity malware kit offers stealer miner worm ransomware tools
2022-05-12 - Eternity malware kit offers stealer, miner, worm, ransomware tools
2022-05-12 - Harmful Help- Analyzing a Malicious Compiled HTML Help File Delivering Agent Tesla
2022-05-12 - KurayStealer- A Bandit Using Discord Webhooks
2022-05-12 - Malware targeting latest F5 vulnerability
2022-05-12 - Network Footprints of Gamaredon Group
2022-05-12 - New SYK Crypter Distributed Via Discord
2022-05-12 - Phishing Campaign Delivering Three Fileless Malware- AveMariaRAT - BitRAT - PandoraHVNC – Part I
2022-05-12 - RedLine Stealer Campaign Using Binance Mystery Box Videos to Spread GitHub-Hosted Payload
2022-05-12 - Reversing an Android sample which uses Flutter
2022-05-12 - Suspicious DLL- Raspberry Robin-
2022-05-12 - Taking a look at Bumblebee loader
2022-05-12 - Technical Analysis of Emerging, Sophisticated Pandora Ransomware Group
2022-05-12 - The Goot cause- Detecting Gootloader and its follow-on activity
2022-05-12 - Threat Thursday- Malware Rebooted - How Industroyer2 Takes Aim at Ukraine Infrastructure
2022-05-12 - What malware to look for if you want to prevent a ransomware attack
2022-05-13 - Analyzing a Pirrit adware installer
2022-05-13 - Cozy Smuggled Into The Box- APT29 Abusing Legitimate Software For Targeted Operations In Europe
2022-05-13 - Teabot
2022-05-15 - Fake Pixelmon NFT site infects you with password-stealing malware
2022-05-16 - Analysis of HUI Loader
2022-05-16 - Apollo on Github
2022-05-16 - Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis
2022-05-16 - Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys
2022-05-16 - HTML attachments in phishing e-mails
2022-05-16 - New Ransomware Group- RansomHouse – Is it Real or Fake-
2022-05-16 - Ukraine supporters in Germany targeted with PowerShell RAT malware
2022-05-16 - UpdateAgent Adapts Again
2022-05-17 - A peek behind the BPFDoor
2022-05-17 - Chaos Ransomware Variant Sides with Russia
2022-05-17 - Emotet Summary- November 2021 Through January 2022
2022-05-17 - EternityTeam- a new prominent threat group on underground forums
2022-05-17 - Hydra with Three Heads- BlackByte & The Future of Ransomware Subsidiary Groups
2022-05-17 - In hot pursuit of cryware Defending hot wallets from attacks
2022-05-17 - In hot pursuit of ‘cryware’- Defending hot wallets from attacks
2022-05-17 - Ransomware Spotlight RansomEXX - Security News
2022-05-17 - Space Pirates analyzing the tools and connections of a new hacker group
2022-05-17 - X-Cart Skimmer with DOM-based Obfuscation
2022-05-18 - A deep dive into Eternity Group- A new emerging Cyber Threat
2022-05-18 - The BlackByte ransomware group is striking users all over the globe
2022-05-18 - Uncovering a Kingminer Botnet Attack Using Trend Micro Managed XDR
2022-05-18 - eSentire Threat Intelligence Malware Analysis- Mars Stealer
2022-05-19 - .NET Stubs- Sowing the Seeds of Discord (PureCrypter)
2022-05-19 - .NET Stubs- Sowing the Seeds of Discord (PureCryter)
2022-05-19 - .NET Stubs- Sowing the Seeds of Discord
2022-05-19 - Bruised but Not Broken The Resurgence of the Emotet Botnet Malware
2022-05-19 - CrateDepression - Rust Supply-Chain Attack Infects Cloud CI Pipelines with Go Malware
2022-05-19 - ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups
2022-05-19 - Interactive Phishing- Using Chatbot-like Web Applications to Harvest Information
2022-05-19 - Microsoft Windows 11 help Files have Vidar Spyware
2022-05-19 - Rise in XorDdos- A deeper look at the stealthy DDoS malware targeting Linux devices
2022-05-19 - Scam and Malicious APK targeting Malaysian- MyMaidKL Technical Analysis
2022-05-19 - The IO Offensive Information Operations Surrounding the Russian Invasion of Ukraine
2022-05-19 - Threat Update- AcidRain Wiper
2022-05-19 - Vidar distributed through backdoored Windows 11 downloads and abusing Telegram
2022-05-19 - Weaponization of Excel Add-Ins Part 2- Dridex Infection Chain Case Studies
2022-05-20 - Bumblebee Malware from TransferXL URLs
2022-05-20 - Cytrox's Predator Spyware Targeted Android Users with Zero-Day Exploits
2022-05-20 - DisCONTInued The End of Contis Brand Marks New Chapter For Cybercrime Landscape
2022-05-20 - Malware Campaign Targets InfoSec Community- Threat Actor Uses Fake Proof Of Concept To Deliver Cobalt-Strike Beacon
2022-05-20 - Metastealer – filling the Racoon void
2022-05-20 - Mirai Malware Variants for Linux Double Down on Stronger Chips in Q1 2022
2022-05-20 - Mirai Malware for Linux Double Down on Stronger Chips
2022-05-20 - New 'pymafka' malicious package drops Cobalt Strike on macOS, Windows, Linux
2022-05-20 - PDF Malware Is Not Yet Dead
2022-05-20 - [RE027] China-based APT Mustang Panda might have still continued their attack activities against organizations in Vietnam
2022-05-21 - Deep Analysis of Mars Stealer
2022-05-22 - Google- Predator spyware infected Android devices using zero-days
2022-05-22 - Introduction of a PE file extractor for various situations
2022-05-22 - PDF smuggles Microsoft Word doc to drop Snake Keylogger malware
2022-05-23 - Fake Trading Apps
2022-05-23 - LockBit, Conti, and BlackCat Lead Pack Amid Rise in Active RaaS and Extortion Groups- Ransomware in Q1 2022
2022-05-24 - Blame the Messenger- 4 Types of Dropper Malware in Microsoft Office & How to Detect Them
2022-05-24 - Emotet Botnet Rises Again
2022-05-24 - Gamaredon Group Understanding the Russian APT
2022-05-24 - Gamaredon Group- Understanding the Russian APT
2022-05-24 - Janicab Series- First Steps in the Infection Chain
2022-05-24 - Malware Analysis- Trickbot
2022-05-24 - Twisted Panda- Chinese APT Launch Spy Operation Against Russian Defence Institutes
2022-05-24 - Yashma Ransomware, Tracing the Chaos Family Tree
2022-05-25 - Bablosoft; Lowering the Barrier of Entry for Malicious Actors
2022-05-25 - ChromeLoader- a pushy malvertiser
2022-05-25 - ERMAC Back In Action- Latest Version Of Android Banking Trojan Targets Over 400 Applications
2022-05-25 - Hunting a Global Telecommunications Threat- DecisiveArchitect and Its Custom Implant JustForFun
2022-05-25 - New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices
2022-05-25 - SocGholish Campaigns and Initial Access Kit
2022-05-26 - Black Basta Besting Your Network-
2022-05-26 - Grandoreiro Banking Malware Resurfaces for Tax Season
2022-05-26 - Janicab Series- Further Steps in the Infection Chain
2022-05-26 - Rapidly evolving IoT malware EnemyBot now targeting Content Management System servers and Android devices
2022-05-26 - Worm-like propagation of Sysrv-hello crypto-jacking botnet- Network traffic analysis and latest TTPs
2022-05-27 - BAZARLOADER- Analysing The Main Loader
2022-05-27 - Emotet Analysis- New LNKs in the Infection Chain – The Monitor, Issue 20
2022-05-27 - How bootkits are implemented in modern firmware and how UEFI differs from Legacy BIOS
2022-05-27 - Janicab Series- The Core Artifact
2022-05-28 - A Case of Vidar Infostealer - Part 2
2022-05-28 - Clop ransomware gang is back, hits 21 victims in a single month
2022-05-29 - Full Anubis android malware analysis
2022-05-30 - Automatically Unpacking IcedID Stage 1 with Angr
2022-05-30 - Operation DarkCasino- In-Depth Analysis of Recent Attacks by APT Group EVILNUM
2022-05-31 - Janicab Series- Attibution and IoCs
2022-05-31 - WarzoneRAT Can Now Evade Detection With Process Hollowing
2022-05-31 - XLoader Botnet- Find Me If You Can
2022-05-31 - Yashma Ransomware Report
2022-06-01 - Alert (AA22-152A)- Karakurt Data Extortion Group
2022-06-01 - An In-Depth Look At Black Basta Ransomware
2022-06-01 - Analysis of the attack activities of the Maha grass group using the documents of relevant government agencies in Pakistan as bait
2022-06-01 - Analyzing AsyncRAT distributed in Colombia
2022-06-01 - CUBA Ransomware Campaign Analysis
2022-06-01 - CUBA Ransomware Malware Analysis
2022-06-01 - CVE-2022-30190- Microsoft Support Diagnostic Tool (MSDT) RCE Vulnerability “Follina”
2022-06-01 - Hazard Token Grabber- Upgraded Version Of Stealer Targeting Discord Users
2022-06-01 - Iranian Threat Actor Continues to Develop Mass Exploitation Tools
2022-06-01 - SMSFactory Android Trojan producing high costs for victims
2022-06-01 - SideWinder.AntiBot.Script Analysis of SideWinder's new infrastructure and tool that narrows their reach to Pakistan
2022-06-02 - A SecPro Super Issue- Understanding LockBit
2022-06-02 - Clipminer Botnet Makes Operators at Least $1.7 Million
2022-06-02 - Complaint filed by Microsoft Digital Crimes Unit against BOHRIUM, a Iranian threat actor
2022-06-02 - Conti Targets Critical Firmware
2022-06-02 - CrowdStrike Uncovers New MacOS Browser Hijacking Campaign
2022-06-02 - Exposing POLONIUM activity and infrastructure targeting Israeli organizations
2022-06-02 - ModPipe POS Malware- New Hooking Targets Extract Card Data
2022-06-02 - TRENDING EVIL Q2 2022
2022-06-02 - Threat Actors Prey on Eager Travelers
2022-06-02 - To HADES and Back- UNC2165 Shifts to LOCKBIT to Evade Sanctions
2022-06-02 - WinDealer dealing on the side
2022-06-02 - YourCyanide- A CMD-Based Ransomware With Multiple Layers of Obfuscation
2022-06-03 - Attack Graph Response to US CERT AA22-152A- Karakurt Data Extortion Group
2022-06-03 - CVE-2022-30190 aka -Follina- MSDT- Advisory and Technical Analysis
2022-06-03 - Outbreak of Follina in Australia
2022-06-03 - Trustwave's Action Response- Microsoft zero-day CVE-2022-30190 (aka Follina)
2022-06-04 - [QuickNote] CobaltStrike SMB Beacon Analysis
2022-06-05 - Loading GootLoader
2022-06-06 - Closing the Door- DeadBolt Ransomware Locks Out Vendors With Multitiered Extortion Scheme
2022-06-06 - From the Front Lines - Another Rebrand- Mindware and SFile Ransomware Technical Breakdown
2022-06-06 - Growling Bears Make Thunderous Noise
2022-06-06 - Hunting PrivateLoader- Pay-Per-Install Service
2022-06-06 - SVCReady- A New Loader Gets Ready
2022-06-06 - Shining the Light on Black Basta
2022-06-06 - Will the Real Msiexec Please Stand Up- Exploit Leads to Data Exfiltration
2022-06-07 - BlackCat — In a Shifting Threat Landscape, It Helps to Land on Your Feet- Tech Dive
2022-06-07 - Bumblebee Loader on The Rise
2022-06-07 - Kinsing & Dark.IoT botnet among threats targeting CVE-2022-26134
2022-06-07 - Phishing Campaigns featuring Ursnif Trojan on the Rise
2022-06-08 - Attackers Exploit MSDT Follina Bug to Drop RAT, Infostealer
2022-06-08 - Crypto stealing campaign spread via fake cracked software
2022-06-08 - Cuba Ransomware Group’s New Variant Found Using Optimized Infection Techniques
2022-06-08 - MakeMoney malvertising campaign adds fake update template
2022-06-08 - Not all -Internet Connections- are Equal
2022-06-08 - Operation Tejas- A dying elephant curled up in the Kunlun Mountains
2022-06-09 - Aoqin Dragon - Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years
2022-06-09 - Finding Vulnerabilities with VulFi IDA Plugin
2022-06-09 - LockBit 2.0- How This RaaS Operates and How to Protect Against It
2022-06-09 - Lyceum .NET DNS Backdoor
2022-06-09 - Quick look into a new sample of Android-BianLian
2022-06-09 - Roblox Game Pass store used to sell ransomware decryptor
2022-06-09 - Swiss Army Knife Phishing Group-IB identifies massive campaign capable of targeting clients of major Vietnamese banks
2022-06-09 - Symbiote- A New, Nearly-Impossible-to-Detect Linux Threat
2022-06-09 - TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)
2022-06-09 - Yara- In Search Of Regular Expressions
2022-06-10 - Exposing HelloXD Ransomware and x4k
2022-06-10 - New SVCReady malware loads from Word doc properties – Detection & Response
2022-06-10 - Russia Ukraine Crisis Overview
2022-06-12 - How SeaFlower 藏海花 installs backdoors in iOS-Android web3 wallets to steal your seed phrase
2022-06-13 - A Detailed Analysis Of The Last Version Of REvil Ransomware (Download PDF)
2022-06-13 - BumbleBee- a new trendy loader for Initial Access Brokers
2022-06-13 - GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool
2022-06-13 - Hydra Android Malware Distributed Via Play Store
2022-06-13 - Linux Threat Hunting- ‘Syslogk’ a kernel rootkit found under development in the wild
2022-06-13 - Robin Hood Ransomware ‘GOODWILL’ Forces Victim For Charity
2022-06-13 - Technical Analysis of PureCrypter- A Fully-Functional Loader Distributing Remote Access Trojans and Information Stealers
2022-06-13 - The many lives of BlackCat ransomware
2022-06-13 - Translating Saitama's DNS tunneling messages
2022-06-15 - Attack Graph Emulating the Conti Ransomware Team’s Behaviors
2022-06-15 - DriftingCloud- Zero-Day Sophos Firewall Exploitation and an Insidious Breach
2022-06-15 - F5 Labs Investigates MaliBot
2022-06-15 - First Conti, then Hive- Costa Rica gets hit with ransomware again
2022-06-15 - New IceXLoader 3.0 – Developers Warm Up to Nim
2022-06-16 - Confluence exploits used to drop ransomware on vulnerable servers
2022-06-16 - Houdini is Back Delivered Through a JavaScript Dropper
2022-06-16 - How Emotet is changing tactics in response to Microsoft’s tightening of Office macro security
2022-06-16 - Lookout Uncovers Android Spyware Deployed in Kazakhstan
2022-06-16 - Raccoon Stealer is Back with a New Version
2022-06-16 - Thousands of IDs exposed in yet another data breach in Brazil
2022-06-16 - Threat Thursday- Unique Delivery Method for Snake Keylogger
2022-06-17 - BRATA is evolving into an Advanced Persistent Threat
2022-06-17 - Malspam pushes Matanbuchus malware, leads to Cobalt Strike
2022-06-17 - Resurgence of Voicemail-themed phishing attacks targeting key industry verticals in the US
2022-06-17 - Unpacking Kovter malware
2022-06-18 - Using dotnetfile to get a Sunburst timeline for intelligence gathering
2022-06-19 - Matanbuchus Triage Notes
2022-06-20 - Charming Kitten (APT35)
2022-06-20 - Tracking Android-Joker payloads with Medusa, static analysis (and patience)
2022-06-21 - APT ToddyCat- Unveiling an unknown APT actor attacking high-profile entities in Europe and Asia
2022-06-21 - Avos ransomware group expands with new attack arsenal
2022-06-21 - HTML Application Files are being used to distribute Smoke Loader Malware
2022-06-21 - Microsoft Exchange servers hacked by new ToddyCat APT gang
2022-06-21 - MuddyWater’s “light” first-stager targetting Middle East
2022-06-21 - Qvoid-Token-Grabber
2022-06-21 - Rise of LNK (Shortcut files) Malware
2022-06-21 - Russia’s APT28 uses fear of nuclear war to spread Follina docs in Ukraine
2022-06-23 - BRONZE STARLIGHT Ransomware Operations Use HUI Loader
2022-06-23 - Matanbuchus Loader Resurfaces
2022-06-23 - Spyware vendor targets users in Italy and Kazakhstan
2022-06-23 - The curious tale of a fake Carrier.app
2022-06-23 - The hateful eight- Kaspersky’s guide to modern ransomware groups’ TTPs (Download Form)
2022-06-23 - Threat Update- Industroyer2
2022-06-24 - APT34 - Saitama Agent
2022-06-24 - Deep Analysis of Snake Keylogger
2022-06-24 - IcedID Banking Trojan returns with new TTPS – Detection & Response
2022-06-24 - LockBit Ransomware Disguised as Copyright Claim E-mail Being Distributed
2022-06-24 - There Is More Than One Way to Sleep- Dive Deep Into the Implementations of API Hammering by Various Malware Families
2022-06-24 - We see you, Gozi Hunting the latest TTPs used for delivering the Trojan
2022-06-24 - “We need to talk about subdomain takeovers…”
2022-06-26 - Overview of Russian GRU and SVR Cyberespionage Campaigns 1H 2022
2022-06-27 - Attacks on industrial control systems using ShadowPad
2022-06-27 - Emotet- Still Abusing Microsoft Office Macros
2022-06-27 - GlowSand
2022-06-27 - Return of the Evilnum APT with updated TTPs and new targets
2022-06-27 - Revive- from spyware to Android banking trojan
2022-06-27 - Threat Spotlight- Eternity Project MaaS Goes On and On
2022-06-27 - Unpacking a JsonPacker-packed sample
2022-06-28 - Black Basta Ransomware Emerging From Underground to Attack Corporate Networks
2022-06-28 - Bumblebee- New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem
2022-06-28 - Interactive Phishing Mark II- Messenger Chatbot Leveraged in a New Facebook-Themed Spam
2022-06-28 - New Info-stealer Disguised as Crack Being Distributed
2022-06-28 - Pro-PRC DRAGONBRIDGE Influence Campaign Targets Rare Earths Mining Companies in Attempt to Thwart Rivalry to PRC Market Dominance
2022-06-28 - Raccoon Stealer v2 – Part 1- The return of the dead
2022-06-28 - Smash-and-grab- AstraLocker 2.0 pushes ransomware direct from Office docs
2022-06-28 - Steal(Bit) or exfil, what does it (Ex)Matter- Comparative Analysis of Custom Exfiltration Tools
2022-06-28 - The Link Between AWM Proxy & the Glupteba Botnet
2022-06-28 - ZuoRAT Hijacks SOHO Routers To Silently Stalk Networks
2022-06-29 - Bahamut Android Malware Returns With New Spying Capabilities
2022-06-29 - Burrowing your way into VPNs, Proxies, and Tunnels
2022-06-29 - Fat Cats - An analysis of the BlackCat ransomware affiliate program
2022-06-29 - Flubot- the evolution of a notorious Android Banking Malware
2022-06-29 - Raccoon Stealer v2 – Part 2- In-depth analysis
2022-06-29 - YTStealer Malware- “YouTube Cookies! Om Nom Nom Nom”
2022-06-30 - BRIEF- Raccoon Stealer Version 2.0
2022-06-30 - Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit
2022-06-30 - Countering hack-for-hire groups
2022-06-30 - Github Repository with source code for Pandora hVNC
2022-06-30 - How to Expose a Potential Cybercriminal due to Misconfigurations
2022-06-30 - PennyWise Stealer- An Evasive Infostealer Leveraging YouTube To Infect Users
2022-06-30 - The SessionManager IIS backdoor- a possibly overlooked GELSEMIUM artefact
2022-06-30 - Threat Thursday- China-Based APT Plays Auto-Updater Card to Deliver WinDealer Malware
2022-06-30 - Toll fraud malware- How an Android application can drain your wallet
2022-06-30 - Using process creation properties to catch evasion techniques
2022-07-01 - Alert (AA22-181A)- #StopRansomware- MedusaLocker
2022-07-01 - AstraLocker 2.0 ransomware isn’t going to give you your files back
2022-07-01 - Luna Moth- The Actors Behind the Recent False Subscription Scams
2022-07-01 - Xloader Returns With New Infection Technique
2022-07-04 - AstraLocker ransomware shuts down and releases decryptors
2022-07-05 - Hive ransomware gets upgrades in Rust
2022-07-05 - Lockbit 3.0 – Ransomware Group Launches New Version
2022-07-05 - New RedAlert Ransomware targets Windows, Linux VMware ESXi servers
2022-07-05 - QBot Spreads via LNK Files – Detection & Response
2022-07-05 - Raccoon Stealer Detection- A Novel Malware Version 2.0 Named RecordBreaker Offers Hackers Advanced Password-Stealing Capabilities
2022-07-05 - Ransomware Spotlight- BlackByte
2022-07-05 - VSingle malware that obtains C2 server information from GitHub
2022-07-05 - Whatever floats your Boat – Bitter APT continues to target Bangladesh
2022-07-05 - When Pentest Tools Go Brutal- Red-Teaming Tool Being Abused by Malicious Actors
2022-07-06 - Alert (AA22-187A)- North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector
2022-07-06 - Brand-New HavanaCrypt Ransomware Poses as Google Software Update App, Uses Microsoft Hosting Service IP Address as C&C Server
2022-07-06 - From Follina to Rozena - Leveraging Discord to Distribute a Backdoor
2022-07-06 - LockBit 3.0- “Making The Ransomware Great Again”
2022-07-06 - OrBit- New Undetected Linux Threat Uses Unique Hijack of Execution Flow
2022-07-06 - 变脸, Teng Snake (a.k.a. Code Core)
2022-07-07 - ABCsoup- The Malicious Adware Extension with 350 Variants
2022-07-07 - AstraLocker decryptor
2022-07-07 - Brute Ratel Utilized By Threat Actors In New Ransomware Operations
2022-07-07 - Emotet infection with Cobalt Strike
2022-07-07 - NoMercy Stealer Adding New Features- New Stealer Rapidly Evolving Into Clipper Malware
2022-07-07 - Notable Droppers Emerge in Recent Threat Campaigns
2022-07-07 - THREAT ALERT- Raspberry Robin Worm Abuses Windows Installer and QNAP Devices
2022-07-07 - THREAT ANALYSIS REPORT- LockBit 2.0 - All Paths Lead to Ransom
2022-07-07 - Targets of Interest - Russian Organizations Increasingly Under Attack By Chinese APTs
2022-07-07 - Unprecedented Shift- The Trickbot Group is Systematically Attacking Ukraine
2022-07-07 - YamaBot Malware Used by Lazarus
2022-07-08 - Il malware EnvyScout (APT29) è stato veicolato anche in Italia
2022-07-08 - Ransomware as a Service- Behind the Scenes
2022-07-08 - Vice Society- a discreet but steady double extortion ransomware group
2022-07-09 - Analyzing a Brute Ratel Badger
2022-07-09 - Malware analysis with IDA-Radare2 - Basic Unpacking (Dridex first stage)
2022-07-10 - Lockbit 3.0 AKA Lockbit Black is here, with a new icon, new ransom note, new wallpaper, but less evasiveness-
2022-07-11 - Anubis Networks is back with new C2 server
2022-07-11 - AppleSeed Disguised as Purchase Order and Request Form Being Distributed
2022-07-11 - Predatory Sparrow- Who are the hackers who say they started a fire in Iran-
2022-07-11 - SELECT XMRig FROM SQLServer
2022-07-11 - Threat Actors Delivers New Rozena backdoor with Follina Bug – Detection & Response
2022-07-12 - An Analysis of Infrastructure linked to the Hagga Threat Actor
2022-07-12 - ChromeLoader- New Stubborn Malware Campaign
2022-07-12 - Example Analysis of Multi-Component Malware
2022-07-12 - From cookie theft to BEC- Attackers use AiTM phishing sites as entry point to further financial fraud
2022-07-12 - Malware analysis with IDA-Radare2 - Multiple unpacking (Ramnit worm)
2022-07-12 - New Ransomware Groups On The Rise- “RedAlert,” LILITH And 0mega Leading A Wave Of Ransomware Campaigns
2022-07-12 - Rise in Qakbot attacks traced to evolving threat techniques
2022-07-12 - Spoofed Saudi Purchase Order Drops GuLoader – Part 2
2022-07-12 - TAG Bulletin- Q2 2022
2022-07-13 - Climbing Mount Everest- Black-Byte Bytes Back-
2022-07-13 - Go malware on the rise
2022-07-13 - Lockbit 3.0
2022-07-13 - Targeted Attack on Government Agencies
2022-07-13 - The Long Tail of Log4Shell Exploitation
2022-07-13 - The Next Generation of Info Stealers
2022-07-13 - Transparent Tribe begins targeting education sector in latest campaign
2022-07-13 - Uncovering a macOS App Sandbox escape vulnerability- A deep dive into CVE-2022-26706
2022-07-14 - Above the Fold and in Your Inbox- Tracing State-Aligned Activity Targeting Journalists, Media
2022-07-14 - BlackCat ransomware attacks not merely a byproduct of bad luck
2022-07-14 - GootLoader, From SEO Poisoning to Multi-Stage Downloader
2022-07-14 - North Korean threat actor (H0lyGh0st -DEV-0530) targets small and midsize businesses with H0lyGh0st ransomware
2022-07-14 - Rapid Response- The Ngrok Incident Guide
2022-07-14 - The Trojan Horse Malware & Password “Cracking” Ecosystem Targeting Industrial Operators
2022-07-15 - Stealthy OpenDocument Malware Deployed Against Latin American Hotels
2022-07-17 - Shortcut-Based (LNK) Attacks Delivering Malicious Code On The Rise
2022-07-18 - A Deep Dive Into ALPHV-BlackCat Ransomware
2022-07-18 - From the Front Lines - 8220 Gang Massively Expands Cloud Botnet to 30,000 Infected Hosts
2022-07-18 - Ongoing Roaming Mantis smishing campaign targeting France
2022-07-18 - Ransomware Roundup- Protecting Against New Variants
2022-07-19 - A look into APT29's new early-stage Google Drive downloader
2022-07-19 - Analysis and technical insights on the Coper malware used to attack mobile devices
2022-07-19 - Continued cyber activity in Eastern Europe observed by TAG
2022-07-19 - Development of UNC1151-Ghostwriter attack techniques
2022-07-19 - I see what you did there- A look at the CloudMensis macOS spyware
2022-07-19 - New Variant of QakBot Being Spread by HTML File Attached to Phishing Emails
2022-07-19 - PrestaShop Skimmer Concealed in One Page Checkout Module
2022-07-19 - Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive
2022-07-19 - Yara vs. HyperScan- Alternative pattern-matching engines
2022-07-20 - APT41- A Case Sudy
2022-07-20 - Analysis of a trojanized jQuery script- GootLoader unleashed
2022-07-20 - Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data
2022-07-20 - Anatomy of Attack- Truth Behind the Costa Rica Government Ransomware 5-Day Intrusion
2022-07-20 - Cyber National Mission Force discloses IOCs from Ukrainian networks
2022-07-20 - Evacuation and Humanitarian Documents used to Spear Phish Ukrainian Entities
2022-07-20 - LockBit- Ransomware Puts Servers in the Crosshairs
2022-07-20 - Luna and Black Basta — new ransomware for Windows, Linux and ESXi
2022-07-20 - STIFF#BIZON Detection Using Securonix – New Attack Campaign Observed Possibly Linked to Konni-APT37 (North Korea) - Securonix
2022-07-20 - The Sidewinder (APT-Q-39) uses Google Play to spread an analysis of malicious Android software
2022-07-21 - Alibaba OSS Buckets Compromised to Distribute Malicious Shell Scripts via Steganography
2022-07-21 - Attackers target Ukraine using GoMet backdoor
2022-07-21 - Buy, Sell, Steal, EvilNum Targets Cryptocurrency, Forex, Commodities
2022-07-21 - Dissemination of AppleSeed to Specific Military Maintenance Companies
2022-07-21 - It’s time to close the door on open directories
2022-07-21 - Lightning Framework- New Undetected “Swiss Army Knife” Linux Malware
2022-07-21 - LockBit 3.0 Update - Unpicking the Ransomware’s Latest Anti-Analysis and Evasion Techniques
2022-07-21 - Malware Being Distributed by Disguising Itself as Icon of V3 Lite
2022-07-21 - Malware development tricks. Run shellcode like a Lazarus Group. C++ example.
2022-07-21 - Tecniche per semplificare l’analisi del malware GuLoader
2022-07-21 - The Return of Candiru- Zero-days in the Middle East
2022-07-22 - CALISTO continues its credential harvesting campaign
2022-07-22 - Old cat, new tricks, bad habits An analysis of Charming Kitten’s new tools and OPSEC errors
2022-07-22 - Reverse Engineering a Cobalt Strike Dropper With Binary Ninja
2022-07-23 - North Korean hackers attack EU targets with Konni RAT malware
2022-07-24 - A DGA Seeded by the Bitcoin Genesis Block
2022-07-24 - QBot phishing uses Windows Calculator sideloading to infect devices
2022-07-25 - Burned and Blinded - Escalation Risks of Intelligence Loss from Countercyber Operations in Crisis
2022-07-25 - CosmicStrand- the discovery of a sophisticated UEFI firmware rootkit
2022-07-25 - LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
2022-07-25 - PDF Analysis of Lokibot malware
2022-07-26 - HOW to Analyze Linux Malware - A Case Study of Symbiote
2022-07-26 - How To Analyze Linux Malware – A Case Study Of Symbiote
2022-07-26 - ML Detection of Risky Command Exploit
2022-07-26 - Malicious IIS extensions quietly open persistent backdoors into servers
2022-07-26 - Mandiant Red Team Emulates FIN11 Tactics To Control Operational Technology Servers
2022-07-26 - On the FootSteps of Hive Ransomware
2022-07-27 - Exploring the QBOT Attack Pattern
2022-07-27 - Gootkit Loader’s Updated Tactics and Fileless Delivery of Cobalt Strike
2022-07-27 - IcedID (Bokbot) with Dark VNC and Cobalt Strike
2022-07-27 - PrivateLoader- Network-Based Indicators of Compromise
2022-07-27 - QBOT Configuration Extractor
2022-07-27 - Targeted Attacks Being Carried Out Via DLL SideLoading
2022-07-27 - Threat analysis- Follina exploit fuels 'live-off-the-land' attacks
2022-07-27 - Untangling KNOTWEED- European private-sector offensive actor using 0-day exploits
2022-07-28 - Attackers Profiting from Proxyware
2022-07-28 - IPFS- The New Hotbed of Phishing
2022-07-28 - Living Off Windows Defender - LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool
2022-07-28 - LofyLife- malicious npm packages steal Discord tokens and bank card data
2022-07-28 - New HiddenAds malware affects 1M+ users and hides on the Google Play Store
2022-07-28 - Techniques, Tactics & Procedures (TTPs) Employed by Hacktivist Group DragonForce Malaysia
2022-07-29 - APT trends report Q2 2020
2022-07-29 - ENISA Threat Landscape for Ransomware Attacks
2022-07-29 - Examining New DawDropper Banking Dropper and DaaS on the Dark Web
2022-07-29 - Fake investment scams in Europe How we almost got rich
2022-07-29 - New Qualys Research Report- Evolution of Quasar RAT
2022-07-29 - Raccoon Stealer v2- The Latest Generation of the Raccoon Family
2022-07-29 - SmokeLoader Malware Used to Augment Amadey Infostealer
2022-07-30 - Microsoft Links Raspberry Robin USB Worm to Russian Evil Corp Hackers
2022-07-31 - Space Invaders- Cyber Threats That Are Out Of This World
2022-08-01 - A Detailed Analysis of the RedLine Stealer
2022-08-01 - Here’s a Simple Script to Detect the Stealthy Nation-State BPFDoor
2022-08-01 - Technical Analysis of Industrial Spy Ransomware
2022-08-02 - Fake Atomic Wallet Website Distributing Mars Stealer
2022-08-02 - Large-Scale AiTM Attack targeting enterprise users of Microsoft email services
2022-08-02 - Manjusaka- A Chinese sibling of Sliver and Cobalt Strike
2022-08-02 - SolidBit Ransomware Enters the RaaS Scene and Takes Aim at Gamers and Social Media Users With New Variant
2022-08-02 - Word File Provided as External Link When Replying to Attacker’s Email (Kimsuky)
2022-08-03 - Flight of the Bumblebee- Email Lures and File Sharing Services Lead to Malware
2022-08-03 - Gwisin Ransomware Targeting Korean Companies
2022-08-03 - Journey to Network Protocol Fuzzing – Dissecting Microsoft IMAP Client Protocol
2022-08-03 - PART 3- How I Met Your Beacon – Brute Ratel
2022-08-03 - Reversing Golang Developed Ransomware- SNAKE
2022-08-03 - So RapperBot, What Ya Bruting For-
2022-08-03 - The Price Cybercriminals Charge for Stolen Data
2022-08-04 - Advanced Persistent Threats (APTs)
2022-08-04 - Brata - a tale of three families
2022-08-04 - Flying in the clouds- APT31 renews its attacks on Russian companies through cloud storage
2022-08-04 - Formbook and Remcos Backdoor RAT by ConnectWise CRU
2022-08-04 - GwisinLocker ransomware targets South Korean industrial and pharma firms
2022-08-04 - IcedID leverages PrivateLoader
2022-08-04 - Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations
2022-08-04 - North Korean H0lyGh0st Ransomware Has Ties to Global Geopolitics
2022-08-04 - Ousaban- LATAM Banking Malware Abusing Cloud Services
2022-08-04 - Pro-PRC “HaiEnergy” Information Operations Campaign Leverages Infrastructure from Public Relations Firm to Disseminate Content on Inauthentic News Sites
2022-08-04 - Ransomware Roundup- Redeemer, Beamed, and More
2022-08-04 - Technical Analysis of Bumblebee Malware Loader
2022-08-04 - Top of the Pops- Three common ransomware entry techniques
2022-08-05 - LokiBot Analysis
2022-08-05 - The DGA family Orchard continues to change, and the new version generates DGA domain names using Bitcoin transaction information
2022-08-07 - Analyzing .NET Core Single File Samples (DUCKTAIL Case Study)
2022-08-07 - Config Extractor per DanaBot (PARTE 1)
2022-08-07 - LogoKit Update – The Phishing Kit Leveraging Open Redirect Vulnerabilities
2022-08-07 - Vulnerabilities In E-Commerce Solutions - Hunting On Big Apples
2022-08-08 - An inside view of domain anonymization as-a-service — the BraZZZerSFF infrastructure
2022-08-08 - BumbleBee Roasts Its Way to Domain Admin
2022-08-08 - Life After Death - SmokeLoader Continues to Haunt Using Old Vulnerabilities
2022-08-08 - Malware sandbox evasion in x64 assembly by checking ram size - Part 1
2022-08-08 - YARA for config extraction
2022-08-09 - AiTM phishing attack targeting enterprise users of Gmail
2022-08-09 - Andariel deploys DTrack and Maui ransomware
2022-08-09 - Bitter APT Group Using “Dracarys” Android Spyware
2022-08-09 - Fake Instagram Verification & Twitter Badge Phishing
2022-08-09 - Pivoting on a SharpExt to profile Kimusky panels for great good
2022-08-09 - Raspberry Robin- Highly Evasive Worm Spreads over External Disks
2022-08-10 - BlueSky Ransomware- Fast Encryption via Multithreading
2022-08-10 - Cisco Talos shares insights related to recent cyber attack on Cisco
2022-08-10 - Emotet SMB Spreader is Back
2022-08-10 - Indian Power Sector targeted with latest LockBit 3.0 variant
2022-08-10 - Novel News on Cuba Ransomware- Greetings From Tropical Scorpius
2022-08-10 - Operation(верность) mercenary- a torrent of steel trapped in the plains of Eastern Europe
2022-08-10 - The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I)
2022-08-10 - VileRAT- DeathStalker’s continuous strike at foreign and cryptocurrency exchanges
2022-08-10 - spynote
2022-08-10 - “Pegasus”, the spyware for smartphones. How does it work and how can you protect yourself-
2022-08-11 - APT-C-35 GETS A NEW UPGRADE
2022-08-11 - Alert (AA22-223A) #StopRansomware- Zeppelin Ransomware
2022-08-11 - Challenge accepted Detecting MaliBot, a fresh Android banking trojan, with a Fraud Protection solution
2022-08-11 - CopperStealer Distributes Malicious Chromium-based Browser Extension to Steal Cryptocurrencies
2022-08-11 - How cybercriminals are weaponizing leaked ransomware data for follow-up attacks
2022-08-11 - LNK forensic and config extraction of a cobalt strike beacon
2022-08-11 - MoqHao Android malware analysis and phishing campaign
2022-08-11 - PyPI Package 'secretslib' Drops Fileless Linux Malware to Mine Monero
2022-08-11 - SOVA malware is back and is evolving rapidly
2022-08-11 - State of the Remote Access Tools, Part 1
2022-08-11 - The Increase in Ransomware Attacks on Local Governments
2022-08-11 - “BazarCall” Advisory- Essential Guide to Attack Vector that Revolutionized Data Breaches
2022-08-12 - Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users (IOCs)
2022-08-12 - Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users
2022-08-12 - LuckyMouse uses a backdoored Electron app to target MacOS
2022-08-12 - Monster Libra (TA551-Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike
2022-08-12 - The Anatomy of Wiper Malware, Part 1- Common Techniques
2022-08-12 - The Swan Song for Driver Signature Enforcement Tampering
2022-08-13 - Early Analysis of the Twilio phishing attack-it is the tip of the iceberg
2022-08-15 - A Deep Dive Into Black Basta Ransomware
2022-08-15 - Detecting a Rogue Domain Controller – DCShadow Attack
2022-08-15 - Disrupting SEABORGIUM’s ongoing phishing operations
2022-08-15 - JSSLoader- the shellcode edition
2022-08-15 - Malware sandbox evasion in x64 assembly by checking ram size - Part 2
2022-08-15 - Shuckworm- Russia-Linked Group Maintains Ukraine Focus
2022-08-16 - AsyncRAT C2 Framework- Overview, Technical Analysis & Detection
2022-08-16 - BugDrop- the first malware trying to circumvent Google's security Controls
2022-08-16 - Cleartext Shenanigans- Gifting User Passwords to Adversaries With NPPSPY
2022-08-16 - FluBot Android Malware Analysis
2022-08-16 - SocGholish- 5+ Years of Massive Website Infections
2022-08-16 - Threat in your browser- what dangers innocent-looking extensions hold for users
2022-08-16 - Two more malicious Python packages in the PyPI
2022-08-17 - APT Lazarus Targets Engineers with macOS Malware
2022-08-17 - Bumblebee Loader – The High Road to Enterprise Domain Control
2022-08-17 - DarkTortilla Malware Analysis
2022-08-17 - Hunting Follina
2022-08-17 - IRATA
2022-08-17 - Kasablanka organizes attacks against political groups and non-profit organizations in the Middle East
2022-08-17 - Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy Sectors
2022-08-17 - Switching side jobs Links between ATMZOW JS-sniffer and Hancitor
2022-08-18 - A Sticky Situation Part 2
2022-08-18 - APT41 World Tour 2021 on a tight schedule
2022-08-18 - BianLian- New Ransomware Variant On The Rise
2022-08-18 - Cookie stealing- the new perimeter bypass
2022-08-18 - From Ramnit To Bumblebee (via NeverQuest)- Similarities and Code Overlap Shed Light On Relationships Between Malware Developers
2022-08-18 - Grandoreiro Banking Trojan with New TTPs Targeting Various Industry Verticals
2022-08-18 - Hardware-based threat defense against increasingly complex cryptojackers
2022-08-18 - Luca Stealer Targets Password Managers and Cryptocurrency Wallets
2022-08-18 - New APT group MURENSHARK investigative report- Torpedoes hit Turkish Navy
2022-08-18 - Overview of the Cyber Weapons Used in the Ukraine - Russia War
2022-08-18 - RAT tool disguised as a solution file (.sln) on GitHub
2022-08-18 - Raccoon Infostealer Malware Returns with New TTPS – Detection & Response
2022-08-18 - Ransomware Roundup- Gwisin, Kriptor, Cuba, and More
2022-08-18 - Reservations Requested- TA558 Targets Hospitality and Travel
2022-08-18 - You Can’t Audit Me- APT29 Continues Targeting Microsoft 365
2022-08-19 - Analyzing Attack Data and Trends Targeting Ukrainian Domains
2022-08-19 - Back in Black- Unlocking a LockBit 3.0 Ransomware Attack
2022-08-19 - Brazil malspam pushes Astaroth (Guildma) malware
2022-08-19 - Cybercriminals Are Targeting Law Enforcement Agencies Worldwide
2022-08-19 - EvilCoder Project Selling Multiple Dangerous Tools Online
2022-08-19 - IOCs for Manjusaka
2022-08-19 - Is Tox The New C&C Method For Coinminers-
2022-08-19 - Moisha Ransomware
2022-08-19 - THREAT ALERT- Inside the Redeemer 2.0 Ransomware
2022-08-21 - Behind the Attack- Remcos RAT
2022-08-21 - Escanor Malware Delivered In Weaponized Microsoft Office Documents
2022-08-22 - A Cyber Threat Intelligence Self-Study Plan- Part 2
2022-08-22 - A Tale of PivNoxy and Chinoxy Puppeteer
2022-08-22 - Meow Ransomware
2022-08-23 - Emotet Resurgence- Cross-Industry Campaign Analysis
2022-08-23 - Legitimate SaaS Platforms Being Used to Host Phishing Attacks
2022-08-23 - Making victims pay, infostealer malwares mimick pirated-software download sites
2022-08-23 - New Iranian APT data extraction tool
2022-08-24 - Demystifying Qbot Malware
2022-08-24 - Looking for the ‘Sliver’ lining- Hunting for emerging command-and-control frameworks
2022-08-24 - Looking into the Void - Targeting Bulletproof Hosts to Block Attacks Early in the Kill Chain
2022-08-24 - MagicWeb- NOBELIUM’s post-compromise trick to authenticate as anyone
2022-08-24 - QBOT Malware Analysis
2022-08-24 - Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus (IoCs)
2022-08-24 - Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus
2022-08-24 - The Anatomy of Wiper Malware, Part 2- Third-Party Drivers
2022-08-24 - The Dark Side of Bumblebee Malware Loader
2022-08-25 - AppLocker Rules as Defense Evasion- Complete Analysis
2022-08-25 - BleachGap Revamped
2022-08-25 - BlueSky Ransomware - AD Lateral Movement, Evasion and Fast Encryption Put Threat on the Radar
2022-08-25 - COVID-19 Data Put For Sale In Dark Web
2022-08-25 - Detecting the Unknown- Revealing Uncategorized Ransomware Using Darktrace
2022-08-25 - Kimsuky’s GoldDragon cluster and its C2 operations
2022-08-25 - MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations
2022-08-25 - MORE_EGGS and Some LinkedIn Resumé Spearphishing
2022-08-25 - New Golang Ransomware Agenda Customizes Attacks (IoCs)
2022-08-25 - New Golang Ransomware Agenda Customizes Attacks
2022-08-25 - Roasting 0ktapus- The phishing campaign going after Okta identity credentials
2022-08-25 - SmokeLoader Triage Taking a look how Smoke Loader works
2022-08-25 - Technical analysis of IRATA android malware
2022-08-25 - Threat Assessment- Black Basta Ransomware
2022-08-28 - LockBit ransomware gang gets aggressive with triple-extortion tactic
2022-08-28 - Revealing Europe's NSO
2022-08-29 - A Technical Analysis of Pegasus for Android – Part 1
2022-08-29 - AsyncRAT- Using Fully Undetected Downloader
2022-08-29 - Check Point Research detects Crypto Miner malware disguised as Google translate desktop and other legitimate applications
2022-08-29 - CosmicDuke Malware Analysis Report
2022-08-29 - Crypto miners’ latest techniques
2022-08-29 - Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users
2022-08-29 - Mini Stealer- Possible Predecessor Of Parrot Stealer
2022-08-29 - Office Files, RTF files, Shellcode and more shenanigans
2022-08-29 - PureCrypter Loader continues to be active and has spread to more than 10 other families
2022-08-29 - Remcos RAT New TTPS - Detection & Response
2022-08-29 - Securonix Threat Labs Security Advisory- New Golang Attack Campaign GO#WEBBFUSCATOR Leverages Office Macros and James Webb Images to Infect Systems
2022-08-29 - Tor 101- How Tor Works and its Risks to the Enterprise
2022-08-29 - Traffers- a deep dive into the information stealer ecosystem
2022-08-30 - Brute Force Attempts May Have Preceded Ransomware Attack on School District
2022-08-30 - ChromeLoader Browser Hijacker
2022-08-30 - ModernLoader delivers multiple stealers, cryptominers and RATs
2022-08-30 - NanoCore RAT Hunting Guide
2022-08-30 - Raccoon Stealer 2.0 Malware analysis
2022-08-30 - Rising Tide- Chasing the Currents of Espionage in the South China Sea
2022-08-30 - SmokeLoader - Quick-Analysis
2022-08-31 - Analysis of APT35 Infrastructure Reveals Interest in Egyptian Shipping Companies
2022-08-31 - Asbit- An Emerging Remote Desktop Trojan
2022-08-31 - Deep Dive into a Corporate Espionage Operation
2022-08-31 - ERMAC 2.0- Perfecting the Account Takeover
2022-08-31 - Tracking PrivateLoader- Malware Distribution Service
2022-09-01 - BianLian Ransomware Gang Gives It a Go!
2022-09-01 - No Honor Among Thieves - Prynt Stealer’s Backdoor Exposed
2022-09-01 - PyPI Phishing Campaign - JuiceLedger Threat Actor Pivots From Fake Apps to Supply Chain Attacks
2022-09-01 - Ransomware Spotlight Black Basta
2022-09-01 - Raspberry Robin and Dridex- Two Birds of a Feather
2022-09-01 - SafeBreach Labs Researchers Uncover New Remote Access Trojan (RAT)
2022-09-01 - Technical analysis of SOVA android malware
2022-09-02 - BianLian Ransomware Expanding C2 Infrastructure and Operational Tempo
2022-09-02 - Buzzing in the Background- BumbleBee, a New Modular Backdoor Evolved From BookWorm
2022-09-02 - Sharkbot is back in Google Play
2022-09-02 - What Is Redeemer Ransomware and How Does It Spread- A Technical Analysis
2022-09-03 - PLAY Ransomware
2022-09-05 - Bumblebee Loader Malware Analysis
2022-09-05 - EvilProxy Phishing-As-A-Service With MFA Bypass Emerged In Dark Web
2022-09-05 - Mythic Case Study- Assessing Common Offensive Security Tools
2022-09-05 - Scam Android app steals Bank Credentials and SMS- MyPetronas APK
2022-09-06 - Alert (AA22-249A) #StopRansomware- Vice Society
2022-09-06 - An Obfuscated Beacon – Extra XOR Layer
2022-09-06 - DangerousSavanna- Two-year long campaign targets financial institutions in French-speaking Africa
2022-09-06 - Malware development tricks- parent PID spoofing. Simple Cplusplus example.
2022-09-06 - Mirai Variant MooBot Targeting D-Link Devices
2022-09-06 - Play Ransomware's Attack Playbook Similar to that of Hive, Nokoyawa
2022-09-06 - Pro-Palestinian Hacking Group Compromises Berghof PLCs in Israel
2022-09-06 - Pro-Russian Group Targeting Ukraine Supporters with DDoS Attacks
2022-09-06 - Shikitega - New stealthy malware targeting Linux
2022-09-06 - TTPs Associated With a New Version of the BlackCat Ransomware
2022-09-06 - Technical analysis of SharkBot android malware
2022-09-06 - Worok- The big picture
2022-09-07 - APT42- Crooked Charms, Cons, and Compromises
2022-09-07 - Bumblebee Returns With New Infection Technique
2022-09-07 - Conti vs. Monti- A Reinvention or Just a Simple Rebranding-
2022-09-07 - Initial access broker repurposing techniques in targeted attacks against Ukraine
2022-09-07 - MagicRAT- Lazarus’ latest gateway into victim networks
2022-09-07 - Profiling DEV-0270- PHOSPHORUS’ ransomware operations
2022-09-07 - The Curious Case of “Monti” Ransomware- A Real-World Doppelganger
2022-09-08 - BRONZE PRESIDENT Targets Government Officials
2022-09-08 - Charming Kitten- -Can We Have A Meeting-- Important puzzle pieces of Charming Kitten's cyber espionage operations
2022-09-08 - Crimeware Trends - Ransomware Developers Turn to Intermittent Encryption to Evade Detection
2022-09-08 - How Malicious Actors Abuse Native Linux Tools in Attacks
2022-09-08 - Lazarus and the tale of three RATs
2022-09-08 - Microsoft investigates Iranian attacks against the Albanian government
2022-09-08 - Russian Cyberwarfare- Unpacking the Kremlin’s Capabilities
2022-09-08 - The art and science behind Microsoft threat hunting- Part 1
2022-09-08 - Threat Analysis Report- PlugX RAT Loader Evolution
2022-09-08 - What to Expect When You’re Electing- Preparing for Cyber Threats to the 2022 U.S. Midterm Elections
2022-09-09 - BUGHATCH Malware Analysis
2022-09-09 - Lampion Trojan Utilizes New Delivery through Cloud-Based Sharing
2022-09-10 - Malware development- persistence - part 10. Using Image File Execution Options. Simple C++ example.
2022-09-10 - Realizziamo un C&C Server in Python (Bankshot)
2022-09-12 - Chiseling In- Lorenz Ransomware Group Cracks MiVoice And Calls Back For Free
2022-09-12 - Dead or Alive- An Emotet Story
2022-09-12 - Raccoon Stealer V2 in depth Analysis
2022-09-12 - Raccoon Stealer v2 Malware Analysis
2022-09-12 - Security Breaks- TeamTNT’s DockerHub Credentials Leak
2022-09-12 - The evolution of GuLoader
2022-09-13 - AdvIntel's State of Emotet aka -SpmTools- Displays Over Million Compromised Machines Through 2022
2022-09-13 - Back to School- BEC Group Targets Teachers with Payroll Diversion Attacks
2022-09-13 - Look What You Made Me Do- TA453 Uses Multi-Persona Impersonation to Capitalize on FOMO
2022-09-13 - Magento vendor Fishpig hacked, backdoors added
2022-09-13 - New Wave of Espionage Activity Targets Asian Governments
2022-09-13 - OriginLogger- A Look at Agent Tesla’s Successor
2022-09-14 - A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities
2022-09-14 - Alert (AA22-257A)- Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations
2022-09-14 - It's Time to PuTTY! DPRK Job Opportunity Phishing via WhatsApp
2022-09-14 - Opsec Mistakes Reveal COBALT MIRAGE Threat Actors
2022-09-14 - Pro-Russian Hacktivist Groups Target Ukraine Supporters
2022-09-14 - THREAT ANALYSIS REPORT- Abusing Notepad++ Plugins for Evasion and Persistence
2022-09-14 - You never walk alone- The SideWalk backdoor gets a Linux variant
2022-09-15 - Erbium InfoStealer Enters the Scene- Characteristics and Origins
2022-09-15 - F5 BIG-IP Vulnerability (CVE-2022-1388) Exploited by BlackTech
2022-09-15 - From the Front Lines - Slam! Anatomy of a Publicly-Available Ransomware Builder
2022-09-15 - Gamaredon APT targets Ukrainian government agencies in new campaign
2022-09-15 - PrivateLoader- the loader of the prevalent ruzki PPI service
2022-09-15 - Self-spreading stealer attacks gamers via YouTube
2022-09-15 - Threat Alert- New Malware in the Cloud By TeamTNT
2022-09-15 - Webworm- Espionage Attackers Testing and Using Older Modified RATs
2022-09-16 - Deception in Depth - Building Deceptions from Breaches
2022-09-16 - Recordbreaker- The Resurgence of Raccoon
2022-09-16 - Uber hacked, internal systems breached and vulnerability reports stolen
2022-09-16 - Unflattening ConfuserEx Code in IDA
2022-09-16 - Zero-Day Exploit Detection Using Machine Learning
2022-09-18 - Raccoon back with new claws!
2022-09-19 - Excel Document Delivers Multiple Malware By Exploiting CVE-2017-11882 – Part I
2022-09-20 - Malware development- persistence - part 11. Powershell profile. Simple Cplusplus example.
2022-09-21 - Alert (AA22-264A) Iranian State Actors Conduct Cyber Operations Against the Government of Albania
2022-09-21 - Native function and Assembly Code Invocation
2022-09-21 - Rewards plus- Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices
2022-09-21 - SystemBC- The Multipurpose Proxy Bot Still Breathes
2022-09-21 - Technical Analysis of Crytox Ransomware
2022-09-21 - Technical analysis of Hydra android malware
2022-09-21 - The art and science behind Microsoft threat hunting- Part 2
2022-09-22 - 7 Years of Scarlet Mimic’s Mobile Surveillance Campaign Targeting Uyghurs
2022-09-22 - A Technical Analysis Of The Leaked LOCKBIT 3.0 Builder
2022-09-22 - ALPHV-BlackCat ransomware family becoming more dangerous
2022-09-22 - Alert (AA22-265A) Control System Defense- Know the Opponent
2022-09-22 - Malicious OAuth applications used to compromise email servers and spread spam
2022-09-22 - Noberus Ransomware- Darkside and BlackMatter Successor Continues to Evolve its Tactics
2022-09-22 - Quick Overview of Leaked LockBit 3.0 (Black) builder program
2022-09-22 - Raspberry Robin’s Roshtyak- A Little Lesson in Trickery
2022-09-22 - Technical analysis of Ginp android malware
2022-09-22 - Void Balaur - The Sprawling Infrastructure of a Careless Mercenary
2022-09-22 - Watch Out For The New NFT-001
2022-09-23 - FARGO Ransomware (Mallox) Being Distributed to Unsecured MS-SQL Servers
2022-09-23 - GRU- Rise of the (Telegram) MinIOns
2022-09-23 - In the footsteps of the Fancy Bear- PowerPoint mouse-over event abused to deliver Graphite implants
2022-09-23 - Mass email campaign with a pinch of targeted spam
2022-09-23 - Poseidon’s Offspring- Charybdis and Scylla
2022-09-24 - So Long (Go)Daddy - Tracking BlackTech Infrastructure
2022-09-25 - APT techniques- Access Token manipulation. Token theft. Simple Cplusplus example.
2022-09-25 - Technical analysis of Alien android malware
2022-09-26 - BumbleBee- Round Two
2022-09-26 - DcDcrypt Ransomware Decryptor
2022-09-26 - Hunting for Unsigned DLLs to Find APTs
2022-09-26 - Lazarus ‘Operation In(ter)ception’ Targets macOS Users Dreaming of Jobs in Crypto
2022-09-26 - New Erbium password-stealing malware spreads as game cracks, cheats
2022-09-26 - NullMixer- oodles of Trojans in a single dropper
2022-09-26 - The Anatomy of Wiper Malware, Part 3- Input-Output Controls
2022-09-27 - A Deep Dive Into the APT28’s stealer called CredoMap
2022-09-27 - A technical analysis of Pegasus for Android – Part 2
2022-09-27 - AllcomeClipper samples on MalwareBazaar
2022-09-27 - Chaos Is A Go-Based Swiss Army Knife Of Malware (IOCs)
2022-09-27 - More Than Meets the Eye- Exposing a Polyglot File That Delivers IcedID
2022-09-27 - Solarmarker- The Old is New
2022-09-28 - ArrowRat
2022-09-28 - Chaos Is A Go-Based Swiss Army Knife Of Malware
2022-09-28 - Investigating Web Shells
2022-09-28 - Prilex- the pricey prickle credit card complex
2022-09-28 - Securonix Threat Labs Security Advisory- Detecting STEEP#MAVERICK- New Covert Attack Campaign Targeting Military Contractors
2022-09-28 - Threat Spotlight- Continuing attacks on Atlassian Confluence zero day
2022-09-29 - America’s Throwaway Spies How the CIA failed Iranian informants in its secret war with Tehran
2022-09-29 - Bad VIB(E)s Part One- Investigating Novel Malware Persistence Within ESXi Hypervisors
2022-09-29 - Bad VIB(E)s Part Two- Detection and Hardening within ESXi Hypervisors
2022-09-29 - Doenerium- It’s Not a Crime to Steal From Thieves
2022-09-29 - New Royal Ransomware emerges in multi-million dollar attacks
2022-09-29 - Seychelles, Seychelles, on the C(2) Shore- An overview of a bulletproof hosting provider named ELITETEAM.
2022-09-29 - Warning Campaign Attack Using Zero Day Vulnerability on Microsoft Exchange Server
2022-09-29 - Witchetty- Group Uses Updated Toolset in Attacks on Governments in Middle East
2022-09-29 - ZINC weaponizing open-source software
2022-09-30 - A glimpse into the shadowy realm of a Chinese APT- detailed analysis of a ShadowPad intrusion
2022-09-30 - Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium
2022-09-30 - Diavol resurfaces
2022-09-30 - Dissecting BlueSky Ransomware Payload
2022-09-30 - Malware development- persistence - part 12. Accessibility Features. Simple C++ example.
2022-09-30 - Technical Analysis of MedusaLocker Ransomware
2022-10-01 - DarkCloud Stealer Triage
2022-10-01 - Ladon hacking framework
2022-10-03 - Bumblebee- increasing its capacity and evolving its TTPs
2022-10-03 - DeftTorero- tactics, techniques and procedures of intrusions revealed
2022-10-03 - Some Notes on VIRTUALGATE
2022-10-04 - Alert (AA22-277A) Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization
2022-10-04 - Deliver a Strike by Reversing a Badger- Brute Ratel Detection and Analysis
2022-10-04 - MSSQL, meet Maggie
2022-10-04 - Remove All The Callbacks – BlackByte Ransomware Disables EDR Via RTCore64.sys Abuse
2022-10-05 - Detecting and preventing LSASS credential dumping attacks
2022-10-05 - Excel Document Delivers Multiple Malware by Exploiting CVE-2017-11882 – Part II
2022-10-05 - Sinkholing PseudoManuscrypt- From Zero To 50k Infections - Part 1
2022-10-06 - Alert (AA22-279A) Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors
2022-10-06 - Evolution of BazarCall Social Engineering Tactics
2022-10-06 - Mustang Panda Abuses Legitimate Apps to Target Myanmar Based Victims
2022-10-06 - New Spyware RatMilad Targets Middle Eastern Mobile Devices
2022-10-06 - NullMixer Drops Multiple Malware Families
2022-10-06 - Rhadamanthys Stealer Analysis
2022-10-07 - A Visualizza into Recent IcedID Campaigns- Reconstructing Threat Actor Metrics with Pure Signal™ Recon
2022-10-08 - Nimbo-C2 - A new C2 Framework
2022-10-11 - Hacking group POLONIUM uses ‘Creepy’ malware against Israel
2022-10-11 - POLONIUM targets Israel with Creepy malware
2022-10-11 - The Russian SpyAgent – a Decade Later and RAT Tools Remain at Risk
2022-10-11 - Tracking down Maggie
2022-10-12 - Dissecting the new shellcode-based variant of GuLoader (CloudEyE)
2022-10-12 - IcedID BackConnect Protocol
2022-10-12 - Lazarus Group Uses the DLL Side-Loading Technique (mi.dll)
2022-10-12 - WIP19 Espionage - New Chinese APT Targets IT Service Providers and Telcos With Signed Malware
2022-10-13 - BianLian Ransomware Encrypts Files in the Blink of an Eye
2022-10-13 - Magniber Ransomware Adopts JavaScript, Targeting Home Users with Fake Software Updates
2022-10-13 - QAKBOT BB Configuration and C2 IPs List
2022-10-13 - Ransomware Roundup- Royal Ransomware
2022-10-14 - New “Prestige” ransomware impacts organizations in Ukraine and Poland
2022-10-14 - Technical Analysis of BlueSky Ransomware
2022-10-17 - DiceyF deploys GamePlayerFramework in online casino development studio
2022-10-17 - Stack String Decryption with Ghidra Emulator (Orchard)
2022-10-18 - APT27 – One Year To Exfiltrate Them All- Intrusion In-Depth Analysis
2022-10-18 - Hunting Lockbit Variation
2022-10-19 - From RM3 to LDR4- URSNIF Leaves Banking Fraud Behind
2022-10-20 - Hacking group updates Furball Android spyware to evade detection
2022-10-20 - Mirai, RAR1Ransom, and GuardMiner – Multiple Malware Campaigns Target VMware Vulnerability
2022-10-20 - New Temp Stealer Spreading Via Free & Cracked Software
2022-10-21 - Alert (AA22-294A) #StopRansomware- Daixin Team
2022-10-21 - Exbyte- BlackByte Ransomware Attackers Deploy New Exfiltration Tool
2022-10-23 - Unattributed RomCom Threat Actor Spoofing Popular Apps Now Hits Ukrainian Militaries
2022-10-24 - Malware infection case of Lazarus attack group that neutralizes antivirus program with BYOVD technique
2022-10-24 - Unveil the evolution of Kimsuky targeting Android devices with newly discovered mobile malware
2022-10-25 - Brute Ratel Config Decoding update
2022-10-25 - DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector
2022-10-25 - Newly Unsealed Indictment Charges Ukrainian National with International Cybercrime Operation
2022-10-27 - Fodcha DDoS botnet reaches 1Tbps in power, injects ransoms in packets
2022-10-27 - Microsoft links Raspberry Robin worm to Clop ransomware attacks
2022-10-27 - STRRAT- Malware Analysis of a JAR archive
2022-10-28 - APT techniques- Token theft via UpdateProcThreadAttribute. Simple Cplusplus example.
2022-10-28 - EMOTET dynamic config extraction
2022-10-28 - Malware wars- the attack of the droppers
2022-10-31 - A Technical Analysis of Pegasus for Android - Part 3
2022-10-31 - APT10- Tracking down LODEINFO 2022, part I
2022-10-31 - APT10- Tracking down LODEINFO 2022, part II
2022-10-31 - Banking Trojan Techniques- How Financially Motivated Malware Became Infrastructure
2022-10-31 - ICEDIDs network infrastructure is alive and well
2022-10-31 - Mondelez and Zurich reach settlement in NotPetya cyberattack insurance suit
2022-10-31 - Orion Threat Alert- Qakbot TTPs Arsenal and the Black Basta Ransomware
2022-10-31 - QakBot CCs prioritization and new record types
2022-11-01 - NCSC Annual Review 2022
2022-11-02 - Appleseed Being Distributed to Nuclear Power Plant-Related Companies
2022-11-02 - BlueFox Stealer- a newcomer designed for traffers teams
2022-11-02 - Could Threat Actors Be Downgrading Their Malware to Evade Detection-
2022-11-02 - RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom
2022-11-03 - APT-36 Uses New TTPs and New Tools to Target Indian Governmental Organizations
2022-11-03 - Black Basta Ransomware - Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor
2022-11-03 - Cobalt Strike Analysis and Tutorial- Identifying Beacon Team Servers in the Wild
2022-11-03 - Family Tree- DLL-Sideloading Cases May Be Related
2022-11-03 - GCTI Open Source Detection Signatures
2022-11-03 - What is Orcus RAT- Technical Analysis and Malware Configuration
2022-11-04 - Behinder Mem Shell
2022-11-04 - The Android Malware’s Journey- From Google Play to banking fraud
2022-11-05 - Malware analysis- part 6. Shannon entropy. Simple python script.
2022-11-06 - Analysis Of Netwire RAT
2022-11-07 - Arkei Staler Analysis
2022-11-07 - Inside the Yanluowang Leak- Organization, Members, and Tactics
2022-11-07 - SocGholish Diversifies and Expands Its Malware Staging Infrastructure to Counter Defenders
2022-11-08 - DeimosC2- What SOC Analysts and Incident Responders Need to Know About This C&C Framework
2022-11-08 - LockBit 3.0 Being Distributed via Amadey Bot
2022-11-08 - Massive YouTube Campaign Targeting Over 100 Applications To Deliver Info Stealer
2022-11-08 - ShortAndMalicious- StrelaStealer aims for mail credentials
2022-11-09 - BlackCat Ransomware- Tactics and Techniques From a Targeted Attack
2022-11-09 - Ransomware-as-a-Service Transforms Gangs Into Businesses
2022-11-09 - Threat Spotlight- Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns
2022-11-10 - How LNK Files Are Abused by Threat Actors
2022-11-10 - Penetration and Distribution Method of Gwisin Attacker
2022-11-10 - Ransomware Roundup- New Inlock and Xorist Variants
2022-11-10 - Rise of Banking Trojan Dropper in Google Play
2022-11-11 - Magniber Ransomware Attempts to Bypass MOTW (Mark of the Web)
2022-11-14 - Operation (Đường chín đoạn) typhoon- the cyber sea lotus coveting the nine-dash line in the South China Sea
2022-11-15 - Billbug- State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries
2022-11-15 - DTrack activity targeting Europe and Latin America
2022-11-15 - New RapperBot Campaign – We Know What You Bruting for this Time
2022-11-15 - North Korean hackers targeted Ukraine as it fought off Russia’s invasion- Report
2022-11-15 - Wipermania- An All You Can Wipe Buffet
2022-11-16 - A Comprehensive Look at Emotet Virus’ Fall 2022 Return
2022-11-16 - HZ RAT goes China
2022-11-16 - Inside the Mind of a ‘Rat’ - Agent Tesla Detection and Analysis
2022-11-16 - Malware development- persistence - part 19. Disk Cleanup Utility. Simple Cplusplus example.
2022-11-16 - Writing Tiny, Stealthy & Reliable Malware
2022-11-17 - DEV-0569 finds new ways to deliver Royal ransomware, various payloads
2022-11-17 - Reconstructing the last activities of Royal Ransomware
2022-11-18 - AXLocker, Octocrypt, and Alice- Leading a new wave of Ransomware Campaigns
2022-11-18 - An AI Based Solution to Detecting the DoubleZero .NET Wiper
2022-11-18 - GRU 26165- The Russian cyber unit that hacks targets on-site
2022-11-19 - Malicious Packer pkr_ce1a
2022-11-21 - Aurora- a rising stealer flying under the radar
2022-11-21 - Black Friday Alert- 4 Emerging Skimming Attacks to Watch for This Holiday Season
2022-11-21 - Gamaredon Leverages Microsoft Office Docs to Target Ukraine Government and Military
2022-11-21 - Is Hagga Threat Actor Abusing FSociety Framework -
2022-11-21 - Threat Assessment- Luna Moth Callback Phishing Campaign
2022-11-21 - Tofsee String Decryption Code
2022-11-21 - ViperSoftX- Hiding in System Logs and Spreading VenomSoftX
2022-11-21 - X-Ray of Malware Evasion Techniques - Analysis, Dissection, Cure-
2022-11-22 - Nighthawk- An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice
2022-11-22 - The Yanluowang ransomware group in their own words
2022-11-23 - Bahamut cybermercenary group targets Android users with fake VPN apps
2022-11-23 - Detailing Daily Domain Hunting
2022-11-23 - THREAT ALERT- Aggressive Qakbot Campaign and the Black Basta Ransomware Group Targeting U.S. Companies
2022-11-25 - -In The Box- - Mobile Malware Webinjects Marketplace
2022-11-25 - Python script to decode NightHawk strings
2022-11-25 - Russian hackers targeting Dutch gas terminal
2022-11-26 - Detecting and Fingerprinting Infostealer Malware-as-a-Service platforms
2022-11-28 - Always Another Secret- Lifting the Haze on China-nexus Espionage in Southeast Asia
2022-11-28 - Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware
2022-11-28 - HiveV5 file decryptor PoC
2022-11-29 - CargoBay BlackHat Backdoor Analysis Report (IRIS-14738)
2022-11-29 - Job hunting trap- Analysis of Lazarus attack activities using recruitment information such as Mizuho Bank of Japan as bait
2022-11-29 - Suspected Russian Activity Targeting Government and Business Entities Around the Globe
2022-11-30 - Analysis of APT29's attack activities against Italy
2022-11-30 - Evolution of the PlugX loader
2022-11-30 - Identifying and Defending Against QakBot's Evolving TTPs
2022-11-30 - LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling
2022-11-30 - Malware with Sandbox Evasion Techniques Observed Stealing Browser Cached Credentials
2022-11-30 - Unpacking Colibri Loader- A Russian APT linked Campaign
2022-11-30 - Who’s swimming in South Korean waters- Meet ScarCruft’s Dolphin
2022-12-01 - Back in Black... Basta - Technical Analysis of BlackBasta Ransomware 2.0
2022-12-01 - From Macros to No Macros- Continuous Malware Improvements by QakBot
2022-12-01 - Malware Analysis and Triage Report - PirateStealer - Discord_beta.exe
2022-12-01 - Новый троянец CryWiper прикидывается шифровальщиком
2022-12-02 - Blowing Cobalt Strike Out of the Water With Memory Analysis
2022-12-02 - Hitching a ride with Mustang Panda
2022-12-02 - KoiVM Loader Resurfaces With a Bang
2022-12-02 - Not a SIMulation- CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies
2022-12-02 - The Refinery Files 0x06- Qakbot Decoder
2022-12-03 - Nighthawk DLL Payload Configuration Parser
2022-12-03 - Preparing for a Russian cyber offensive against Ukraine this winter
2022-12-05 - Blue Callisto orbits around US Laboratories in 2022
2022-12-05 - Calisto show interests into entities involved in Ukraine war support
2022-12-05 - Exposing TAG-53’s Credential Harvesting Infrastructure Used for Russia-Aligned Espionage Operations
2022-12-05 - Iran- State-Backed Hacking of Activists, Journalists, Politicians
2022-12-05 - TTPs#9- Analyzing the attack strategy monitoring the daily life of individuals
2022-12-05 - Threat Analysis- MSI - Masquerading as a Software Installer
2022-12-06 - Analysis of suspected APT-C-56 (Transparent Tribe) attacks against terrorism
2022-12-06 - Cova and Nosu- a new loader spreads a new stealer
2022-12-06 - Deep Dive Into a BackdoorDiplomacy Attack – A Study of an Attacker’s Toolkit
2022-12-06 - Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets
2022-12-06 - Technical Analysis of DanaBot Obfuscation Techniques
2022-12-07 - A Closer Look At BlackMagic Ransomware
2022-12-07 - Fantasy – a new Agrius wiper deployed through a supply‑chain attack
2022-12-07 - Internet Explorer 0-day exploited by North Korean actor APT37
2022-12-07 - New Babuk Ransomware Found in Major Attack
2022-12-07 - Russian Threat Actor Impersonates Aerospace and Defense Companies
2022-12-08 - Breaking the silence - Recent Truebot activity
2022-12-08 - Compromised Cloud Compute Credentials- Case Studies From the Wild
2022-12-08 - DeathStalker targets legal entities with new Janicab variant
2022-12-08 - Mallox Ransomware showing signs of Increased Activity
2022-12-08 - New MuddyWater Threat- Old Kitten; New Tricks
2022-12-08 - Ransomware Roundup – New Vohuk, ScareCrow, and AERST Variants
2022-12-08 - Trojanized OneNote Document Leads to Formbook Malware
2022-12-08 - Zombinder- new obfuscation service used by Ermac, now distributed next to desktop stealers
2022-12-09 - APT Cloud Atlas- Unbroken Threat
2022-12-09 - Drokbk Malware Uses GitHub as Dead Drop Resolver
2022-12-09 - Malware development- persistence - part 20. UserInitMprLogonScript (Logon Script). Simple C++ example.
2022-12-12 - Linux Cryptocurrency Mining Attacks Enhanced via CHAOS RAT
2022-12-12 - North Korean cyber spies deploy new tactic- tricking foreign experts into writing research for them
2022-12-12 - Precious Gemstones- The New Generation of Kerberos Attacks
2022-12-12 - Pulling the Curtains on Azov Ransomware- Not a Skidsware but Polymorphic Wiper
2022-12-12 - YARA rule for Vohuk ransomware
2022-12-13 - Analyzing Russian SDK Pushwoosh and Russian Code Contributions
2022-12-13 - Everything You Need to Know about Royal Ransomware
2022-12-13 - I Solemnly Swear My Driver Is Up to No Good- Hunting for Attestation Signed Malware
2022-12-14 - Reassessing cyberwarfare. Lessons learned in 2022
2022-12-14 - Royal Rumble- Analysis of Royal Ransomware
2022-12-14 - Unmasking MirrorFace- Operation LiberalFace targeting Japanese political entities
2022-12-15 - BrasDex- A new Brazilian ATS Android Banker with ties to Desktop malware
2022-12-15 - Google ads lead to fake software pages pushing IcedID (Bokbot)
2022-12-15 - Tracking Malicious Glupteba Activity Through the Blockchain
2022-12-15 - Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government
2022-12-16 - Agenda Ransomware Uses Rust to Target More Vital Industries
2022-12-16 - Russia’s Wartime Cyber Operations in Ukraine- Military Impacts, Influences, and Implications
2022-12-16 - SiestaGraph- New implant uncovered in ASEAN member foreign ministry
2022-12-16 - The DPRK delicate sound of cyber
2022-12-17 - [QuickNote] VidarStealer Analysis
2022-12-18 - Infostealer Malware with Double Extension
2022-12-19 - Malware Analysis- GuLoader Dissection Reveals New Anti-Analysis Techniques and Code Injection Redundancy
2022-12-19 - Ukraine's DELTA military system users targeted by info-stealing malware
2022-12-19 - [Z2A]Bimonthly malware challege – Emotet (Back From the Dead)
2022-12-20 - Lazarus APT’s Operation Interception Uses Signed Binary
2022-12-20 - Nokoyawa Ransomware- Rust or Bust
2022-12-20 - Russian hackers targeted petroleum refining company in NATO state
2022-12-20 - Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine
2022-12-21 - Conti Team One Splinter Group Resurfaces as Royal Ransomware with Callback Phishing Attacks
2022-12-21 - Godfather- A banking Trojan that is impossible to refuse
2022-12-21 - Inside the IcedID BackConnect Protocol
2022-12-21 - Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT
2022-12-21 - Microsoft research uncovers new Zerobot capabilities
2022-12-22 - Custom-Branded Ransomware- The Vice Society Group and the Threat of Outsourced Development
2022-12-22 - New RisePro Stealer distributed by the prominent PrivateLoader
2022-12-22 - Qakbot Being Distributed via Virtual Disk Files (.vhd)
2022-12-22 - Ransomware Roundup – Play Ransomware
2022-12-23 - IcedID Botnet Distributors Abuse Google PPC to Distribute Malware
2022-12-24 - njRAT malware spreading through Discord CDN and Facebook Ads
2022-12-25 - Detect Nokoyawa ransomware With YARA Rule
2022-12-27 - BlueNoroff introduces new methods bypassing MoTW
2022-12-27 - Diving into a PlugX sample of Mustang Panda group
2022-12-27 - Navigating the Vast Ocean of Sandbox Evasions
2022-12-28 - HTML Smuggling Detection
2022-12-28 - PLAYing the game
2022-12-29 - Mars Stealer Analysis
2022-12-29 - New CatB Ransomware Employs 2-Year Old DLL Hijacking Technique To Evade Detection
2022-12-30 - A Quick Look at ELF Bifrose (Part 1)
2022-12-30 - Cyber Threat Report- RambleOn Android Malware - Detailed analysis report of cyber threat targeting journalist in South Korea through APT phishing campaign with malicious APK
2022-12-30 - Russian cyberattacks
Malware Analysis 2023
2023-01-03 - BitRAT Now Sharing Sensitive Bank Data as a Lure2023-01-03 - Raspberry Robin Detected ITW Targeting Insurance & Financial Institutes In Europe
2023-01-04 - An In-Depth Look at PLAY Ransomware
2023-01-04 - Pupy RAT hiding under WerFault’s cover
2023-01-04 - Rackspace confirms Play ransomware was behind recent cyberattack
2023-01-04 - UNC1151 Group Indicators of Compromise (IOC)
2023-01-04 - Unpacking RedLine Stealer
2023-01-05 - A Deep Dive Into poweRAT- a Newly Discovered Stealer-RAT Combo Polluting PyPI
2023-01-05 - A crowning achievement- Exploring the exploit of Royal ransomware
2023-01-05 - Emulating the Highly Sophisticated North Korean Adversary Lazarus Group
2023-01-05 - SpyNote- Spyware with RAT capabilities targeting Financial Institutions
2023-01-05 - Turla- A Galaxy of Opportunity
2023-01-06 - LummaC2 Stealer- A Potent Threat To Crypto Users
2023-01-09 - Dark Web Profile- Royal Ransomware
2023-01-09 - Emotet returns and deploys loaders
2023-01-09 - Gootkit Loader Actively Targets Australian Healthcare Industry
2023-01-09 - Unwrapping Ursnifs Gifts
2023-01-09 - [QuickNote] Another nice PlugX sample
2023-01-10 - Heads up! Xdr33, A Variant Of CIA’s HIVE Attack Kit Emerges
2023-01-10 - StrongPity espionage campaign targeting Android users
2023-01-10 - The Rebranded Crypter- ScrubCrypt
2023-01-11 - Dark Pink - New APT hitting Asia-Pacific, Europe that goes deeper and darker
2023-01-11 - Increasing The Sting of HIVE Ransomware
2023-01-12 - Gootloader Malware Leads to Cobalt Strike and Hand-on-Keyboard Activity
2023-01-12 - NoName057(16) – The Pro-Russian Hacktivist Group Targeting NATO
2023-01-12 - QakBot Malware Used Unpatched Vulnerability to Bypass Windows OS Security Feature
2023-01-12 - Rhadamanthys- New Stealer Spreading Through Google Ads
2023-01-13 - Getting Rusty and Stringy with Luna Ransomware
2023-01-13 - The cyber police exposed a hacker group that attacked foreign companies with an encryption virus
2023-01-16 - Dancing With Shellcodes- Analyzing Rhadamanthys Stealer
2023-01-17 - Batloader Malware Abuses Legitimate Tools, Uses Obfuscated JavaScript Files in Q4 2022 Attacks
2023-01-17 - Kasablanka Group Probably Conducted Compaigns Targeting Russia
2023-01-18 - A long way to SectopRat
2023-01-18 - Chinese Playful Taurus Activity in Iran
2023-01-19 - Gamaredon (Ab)uses Telegram to Target Ukrainian Organizations
2023-01-19 - Suspected Chinese Threat Actors Exploiting FortiOS Vulnerability (CVE-2022-42475)
2023-01-20 - Chinese Hackers Exploited Recent Fortinet Flaw as 0-Day to Drop Malware
2023-01-20 - Emotet Returns With New Methods of Evasion
2023-01-23 - FBI Confirms Lazarus Group Cyber Actors Responsible for Harmony's Horizon Bridge Currency Theft
2023-01-23 - The Titan Stealer- Notorious Telegram Malware Campaign - Uptycs
2023-01-24 - Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity
2023-01-24 - DragonSpark - Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation
2023-01-24 - The Year of the Wiper
2023-01-24 - Unmasking Venom Spider
2023-01-24 - [Urgent] A Chinese hacker organization that declared hacking war on Korea...-KISA will hack- notice
2023-01-25 - Securonix Security Advisory- Python-Based PY#RATION Attack Campaign Leverages Fernet Encryption and Websockets to Avoid Detection
2023-01-25 - TA444- The APT Startup Aimed at Acquisition (of Your Funds)
2023-01-26 - Chinese PlugX Malware Hidden in Your USB Devices-
2023-01-26 - CryptBot Infostealer- Malware Analysis
2023-01-26 - Hiding In PlainSight - Proxying DLL Loads To Hide From ETWTI Stack Tracing
2023-01-26 - New Mimic Ransomware Abuses Everything APIs for its Encryption Process
2023-01-26 - Unpacking Emotet Malware
2023-01-26 - Welcome to Goot Camp- Tracking the Evolution of GOOTLOADER Operations
2023-01-27 - SwiftSlicer- New destructive wiper malware strikes Ukraine
2023-01-29 - Hiding In PlainSight - Indirect Syscall is Dead! Long Live Custom Call Stacks
2023-01-29 - Petya-Not Petya Ransomware Analysis
2023-01-30 - Following the Scent of TrickGate- 6-Year-Old Packer Used to Deploy the Most Wanted Malware
2023-01-31 - Vidar Info-Stealer Malware Distributed via Malvertising on Google
2023-02-01 - New LockBit Green ransomware variant borrows code from Conti ransomware
2023-02-02 - DoNot Team (APT-C-35) Analysis of Latest Campaign- Sophisticated Excel Macro Attack Targeting Pakistan
2023-02-02 - Malware analysis- part 7. Yara rule example for CRC32. CRC32 in REvil ransomware
2023-02-02 - New APT34 Malware Targets The Middle East
2023-02-02 - North Korea hacking organization, Fair Trade Commission impersonation phishing attack in progress
2023-02-03 - Ave Maria and the Chambers of Warzone RAT
2023-02-03 - HookBot – A New Mobile Malware
2023-02-03 - Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide
2023-02-05 - Analysing A Sample Of Arechclient2
2023-02-06 - Behind the Attack- Paradies Clipper Malware
2023-02-06 - Qakbot mechanizes distribution of malicious OneNote notebooks
2023-02-07 - Cl0p Ransomware Targets Linux Systems with Flawed Encryption - Decryptor Available
2023-02-07 - Hide your Hypervisor- Analysis of ESXiArgs Ransomware
2023-02-07 - Released- Decryptor for Cl0p ransomware’s Linux variant
2023-02-07 - The Approach of TA413 for Tibetan Targets
2023-02-08 - AsyncRAT- Analysing the Three Stages of Execution
2023-02-08 - Dota 2 Under Attack- How a V8 Bug Was Exploited in the Game
2023-02-08 - Graphiron- New Russian Information Stealing Malware Deployed Against Ukraine
2023-02-08 - Screentime- Sometimes It Feels Like Somebody's Watching Me
2023-02-08 - SteelClover Attacks Distributing Malware Via Google Ads Increased
2023-02-09 - Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs
2023-02-09 - Technical analysis of Godfather android malware
2023-02-10 - #ShortAndMalicious — PikaBot and the Matanbuchus connection
2023-02-10 - Malware analysis- part 8. Yara rule example for MurmurHash2. MurmurHash2 in Conti ransomware
2023-02-10 - Uncle Sow- Dark Caracal in Latin America
2023-02-11 - AsyncRAT OneNote Dropper
2023-02-12 - TrueBot Analysis Part I - A short glimpse into packed TrueBot samples
2023-02-13 - Beepin’ Out of the Sandbox- Analyzing a New, Extremely Evasive Malware
2023-02-13 - Mylobot- Investigating a proxy botnet
2023-02-14 - Hangeul (HWP) malware using steganography- RedEyes (ScarCruft)
2023-02-14 - Havoc Across the Cyberspace
2023-02-14 - New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated
2023-02-14 - Vice-Society spreads its own ransomware
2023-02-14 - Writing a decryptor for Jaff ransomware
2023-02-15 - DarkBit Ransomware Targets Israel with Command-Line Options and Optimized Encryption Routines
2023-02-15 - How to Identify IcedID Network Traffic
2023-02-15 - Recent TZW Campaigns Revealed As Part of GlobeImposter Malware Family
2023-02-16 - APT SideCopy Targeting Indian Government Entities - Analysis of the new version of ReverseRAT
2023-02-16 - Fog of war- how the Ukraine conflict transformed the cyber threat landscape
2023-02-16 - Invitation to a Secret Event- Uncovering Earth Yako’s Campaigns
2023-02-16 - Operation Silent Watch- Desktop Surveillance in Azerbaijan and Armenia
2023-02-16 - Three Cases of Cyber Attacks on the Security Service of Ukraine and NATO Allies, Likely by Russian State-Sponsored Gamaredon
2023-02-17 - Earth Kitsune Delivers New WhiskerSpy Backdoor via Watering Hole Attack
2023-02-18 - TrueBot Analysis Part II - Static unpacker
2023-02-20 - Stealc- a copycat of Vidar and Raccoon infostealers gaining in popularity – Part 1
2023-02-20 - Vidar Stealer H&M Campaign
2023-02-23 - A tale of Phobos - how we almost cracked a ransomware using CUDA
2023-02-23 - Evasive cryptojacking malware targeting macOS found lurking in pirated applications
2023-02-23 - Getting Dumped- A Trust Relationship Destroyed by Lorenz
2023-02-23 - Technical Advisory- Various Threat Actors Targeting ManageEngine Exploit CVE-2022-47966
2023-02-23 - The DoNot APT
2023-02-23 - WinorDLL64- A backdoor from the vast Lazarus arsenal-
2023-02-24 - Desde Chile con Malware (From Chile with Malware)
2023-02-24 - Qbot testing malvertising campaigns-
2023-02-26 - Emotet Campaign
Other VXUG Links
Official vx-underground Twitter
Official vx-underground Threat Intelligence feed
Support vx-underground monthly
Contents
AV TechMalware Analysis 2003 - 2009
Malware Analysis 2010
Malware Analysis 2011
Malware Analysis 2012
Malware Analysis 2013
Malware Analysis 2014
Malware Analysis 2015
Malware Analysis 2016
Malware Analysis 2017
Malware Analysis 2018
Malware Analysis 2019
Malware Analysis 2020
Malware Analysis 2021
Malware Analysis 2022
Malware Analysis 2023
Sponsor
World's Best Penis Enhancement PillsSponsor
Execute your malware here
 Ransomware Help & Support - _HOW_TO_Decrypt.bmp.pdf){kind=link}
Sponsor
Phantom Overlay, the best COD cheat available!Want to sponsor vx-underground?
Your information could go here