FAUTLReports

Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows

2025-04-22

Author: Charlie Gardner, Josh Duke, Matthew Meltzer, Sean Koessel, Steven Adair, Tom Lancaster

techniques:phishing cloud_environments:azure

LummaStealer: More Tricks, More Trouble - Part 2

2025-03-05

file_types:dll file_types:zip file_types:txt techniques:phishing file_types:powershell file_types:exe file_types:html architecture:x64 techniques:obfuscation techniques:anti-analysis

Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication

2025-02-13

VOLEXITY

Author: Charlie Gardner, Steven Adair, Tom Lancaster

techniques:phishing

One ClickFix and LummaStealer reCAPTCHA’s Our Attention - Part 1

2025-01-30

RevEng.AI

file_types:dll techniques:phishing file_types:powershell malware_types:loader file_types:html file_types:python malware_types:virus file_types:javascript techniques:sandbox file_types:iso

MMD-0068-2024 - "FHAPPI Campaign" (APT10) FreeHosting APT "PSploit" Poison Ivy

2024-06-19

MalwareMustDie

Author: unixfreaxjp

file_types:dll file_types:bin malware_types:rat file_types:dat techniques:system calls techniques:phishing file_types:powershell malware_types:fileless file_types:pe file_types:exe

CharmingCypress: Innovating Persistence

2024-02-13

VOLEXITY

Author: Ankur Saini, Callum Roxan, Charlie Gardner, Damien Cash

techniques:phishing file_types:so techniques:persistence

Unpacking what's packed: DotRunPeX analysis

2023-09-18

CERT.PL

Author: Jarosław Jedynak

techniques:phishing techniques:unpacking malware_types:dropper source_tag:analysis source_tag:malware source_tag:agenttesla source_tag:dotrunpex

Charming Kitten Updates POWERSTAR with an InterPlanetary Twist

2023-06-28

VOLEXITY

Author: Ankur Saini, Charlie Gardner

techniques:phishing

Operation EmailThief: Active Exploitation of Zero-day XSS Vulnerability in Zimbra

2022-02-03

VOLEXITY

Author: Steven Adair, Thomas Lancaster

techniques:phishing malware_types:zero-day cve:cve-2022-24682

Suspected APT29 Operation Launches Election Fraud Themed Phishing Campaigns

2021-05-27

VOLEXITY

Author: Damien Cash, Josh Grunzweig, Matthew Meltzer, Sean Koessel, Steven Adair, Thomas Lancaster

file_types:dll techniques:phishing file_types:iso file_types:lnk

Remote Mac Exploitation Via Custom URL Schemes

2018-08-30

Objective-See

file_types:zip techniques:phishing file_types:html file_types:javascript file_types:xml file_types:doc platforms:macos platforms:ios file_types:mach-o malware_types:adware

Escaping the Microsoft Office Sandbox

2018-08-15

Objective-See

file_types:bin techniques:phishing file_types:powershell file_types:python file_types:so file_types:cmd techniques:sandbox file_types:xml platforms:macos file_types:docx

New Attack, Old Tricks

2017-02-06

Objective-See

file_types:zip file_types:bin techniques:phishing file_types:python file_types:so techniques:persistence file_types:cmd file_types:xml platforms:macos file_types:dylib

PowerDuke: Widespread Post-Election Spear Phishing Campaigns Targeting Think Tanks and NGOs

2016-11-09

VOLEXITY

Author: Steven Adair

techniques:phishing

APT Group Wekby Leveraging Adobe Flash Exploit (CVE-2015-5119)

2015-07-08

VOLEXITY

Author: Volexity

techniques:phishing cve:cve-2015-5119

AVTOKYO 2013.5 - Threats of Kelihos, CookieBomb, RedKit's and its Bad Actor

2014-02-18

MalwareMustDie

Author: unixfreaxjp

techniques:phishing techniques:code injection malware_types:botnet

MMD-0015-2014 - One upon the time with Phishing Session..

2014-02-05

MalwareMustDie

Author: unixfreaxjp

techniques:phishing file_types:html techniques:honeypot malware_types:botnet file_types:so file_types:go file_types:javascript file_types:js techniques:encryption cloud_environments:aws

Malware Analysis Reports