SYMBOL | COMMON_NAME | aka. SYNONYMS |
Our analysis reveals that APT33 is a capable group that has carried out cyber espionage operations since at least 2013. We assess APT33 works at the behest of the Iranian government.
2024-11-08
⋅
Fortinet
⋅
New Campaign Uses Remcos RAT to Exploit Victims Remcos |
2024-10-23
⋅
ANY.RUN
⋅
DarkComet RAT: Technical Analysis of Attack Chain DarkComet |
2024-09-03
⋅
Twitter (@embee_research)
⋅
Advanced Cyberchef Techniques - Defeating Nanocore Obfuscation With Math and Flow Control Nanocore RAT |
2024-08-14
⋅
cyble
⋅
Cryptocurrency Lures and Pupy RAT: Analysing the UTG-Q-010 Campaign pupy UTG-Q-010 |
2024-07-29
⋅
loginsoft
⋅
Blue Screen Mayhem: When CrowdStrike's Glitch Became Threat Actor's Playground Daolpu HijackLoader Remcos |
2024-07-09
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update January to June 2024 Coper FluBot Hook Bashlite Mirai FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc NjRAT QakBot Quasar RAT RedLine Stealer Remcos Rhadamanthys RisePro Sliver |
2024-06-06
⋅
Medium b.magnezi
⋅
Remcos RAT Analysis Remcos |
2024-05-14
⋅
Check Point Research
⋅
Foxit PDF “Flawed Design” Exploitation Rafel RAT Agent Tesla AsyncRAT DCRat DONOT Nanocore RAT NjRAT Pony Remcos Venom RAT XWorm |
2024-05-10
⋅
Elastic
⋅
Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware, Part Four Remcos |
2024-05-03
⋅
Elastic
⋅
Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware, Part Three Remcos |
2024-04-30
⋅
Elastic
⋅
Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware, Part Two Remcos |
2024-04-24
⋅
Elastic
⋅
Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware, Part One Remcos |
2024-04-15
⋅
Positive Technologies
⋅
SteganoAmor campaign: TA558 mass-attacking companies and public institutions all around the world LokiBot 404 Keylogger Agent Tesla CloudEyE Formbook Remcos XWorm |
2024-04-11
⋅
Github (jeFF0Falltrades)
⋅
Rat King Configuration Parser AsyncRAT DCRat Quasar RAT Venom RAT |
2024-03-26
⋅
K7 Security
⋅
Unknown TTPs of Remcos RAT Remcos |
2024-02-28
⋅
Security Intelligence
⋅
X-Force data reveals top spam trends, campaigns and senior superlatives in 2023 404 Keylogger Agent Tesla Black Basta DarkGate Formbook IcedID Loki Password Stealer (PWS) Pikabot QakBot Remcos |
2024-02-21
⋅
Medium b.magnezi
⋅
Malware Analysis — Remcos RAT Remcos |
2024-01-25
⋅
JSAC 2024
⋅
Threat Intelligence of Abused Public Post-Exploitation Frameworks AsyncRAT DCRat Empire Downloader GRUNT Havoc Koadic Merlin PoshC2 Quasar RAT Sliver |
2024-01-15
⋅
DFIR.ch
⋅
Hunting AsyncRAT & QuasarRAT AsyncRAT Quasar RAT |
2024-01-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q4 2023 FluBot Hook FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc IcedID Lumma Stealer Meterpreter NjRAT Pikabot QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver |
2024-01-08
⋅
YouTube (Embee Research)
⋅
Malware Analysis - Powershell decoding and .NET C2 Extraction (Quasar RAT) Quasar RAT |
2024-01-03
⋅
Uptycs
⋅
Ukraine Targeted by UAC-0050 Using Remcos RAT Pipe Method for Evasion Remcos |
2023-12-07
⋅
⋅
Cert-UA
⋅
UAC-0050 mass cyberattack using RemcosRAT/MeduzaStealer against Ukraine and Poland (CERT-UA#8218) Meduza Stealer Remcos |
2023-11-23
⋅
Infosec Writeups
⋅
Malware analysis Remcos RAT- 4.9.2 Pro Remcos |
2023-11-22
⋅
Twitter (@embee_research)
⋅
Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples) BianLian Xtreme RAT NjRAT QakBot RedLine Stealer Remcos |
2023-11-14
⋅
SOC Prime
⋅
Remcos RAT Detection: UAC-0050 Hackers Launch Phishing Attacks Impersonating the Security Service of Ukraine Remcos UAC-0050 |
2023-10-27
⋅
Twitter (@embee_research)
⋅
Remcos Downloader Analysis - Manual Deobfuscation of Visual Basic and Powershell Remcos |
2023-10-12
⋅
Cluster25
⋅
CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations Agent Tesla Crimson RAT Nanocore RAT SmokeLoader |
2023-10-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q3 2023 FluBot AsyncRAT Ave Maria Cobalt Strike DCRat Havoc IcedID ISFB Nanocore RAT NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Stealc Tofsee Vidar |
2023-09-21
⋅
Medium shaddy43
⋅
Secrets of commercial RATs! NanoCore dissected Nanocore RAT |
2023-09-19
⋅
Checkpoint
⋅
Unveiling the Shadows: The Dark Alliance between GuLoader and Remcos CloudEyE Remcos |
2023-09-14
⋅
Microsoft
⋅
Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets APT33 |
2023-09-08
⋅
Uncovering DDGroup — A long-time threat actor AsyncRAT Ave Maria BitRAT DBatLoader NetWire RC Quasar RAT XWorm |
2023-07-11
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q2 2023 Hydra AsyncRAT Aurora Stealer Ave Maria BumbleBee Cobalt Strike DCRat Havoc IcedID ISFB NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee |
2023-07-08
⋅
CloudEyE — From .lnk to Shellcode CloudEyE Remcos |
2023-06-08
⋅
Twitter (@embee_research)
⋅
Practical Queries for Identifying Malware Infrastructure: An informal page for storing Censys/Shodan queries Amadey AsyncRAT Cobalt Strike QakBot Quasar RAT Sliver solarmarker |
2023-05-16
⋅
CyberRaiju
⋅
Remcos RAT - Malware Analysis Lab Remcos |
2023-05-15
⋅
embeeresearch
⋅
Quasar Rat Analysis - Identification of 64 Quasar Servers Using Shodan and Censys Quasar RAT |
2023-04-13
⋅
OALabs
⋅
Quasar Chaos: Open Source Ransomware Meets Open Source RAT Chaos Quasar RAT |
2023-04-13
⋅
Microsoft
⋅
Threat actors strive to cause Tax Day headaches CloudEyE Remcos |
2023-04-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q1 2023 FluBot Amadey AsyncRAT Aurora Ave Maria BumbleBee Cobalt Strike DCRat Emotet IcedID ISFB NjRAT QakBot RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee Vidar |
2023-04-10
⋅
Check Point
⋅
March 2023’s Most Wanted Malware: New Emotet Campaign Bypasses Microsoft Blocks to Distribute Malicious OneNote Files Agent Tesla CloudEyE Emotet Formbook Nanocore RAT NjRAT QakBot Remcos Tofsee |
2023-03-30
⋅
loginsoft
⋅
From Innocence to Malice: The OneNote Malware Campaign Uncovered Agent Tesla AsyncRAT DOUBLEBACK Emotet Formbook IcedID NetWire RC QakBot Quasar RAT RedLine Stealer XWorm |
2023-03-27
⋅
Zscaler
⋅
DBatLoader: Actively Distributing Malwares Targeting European Businesses DBatLoader Remcos |
2023-03-16
⋅
Trend Micro
⋅
IPFS: A New Data Frontier or a New Cybercriminal Hideout? Agent Tesla Formbook RedLine Stealer Remcos |
2023-03-10
⋅
The Register
⋅
FBI and international cops catch a NetWire RAT NetWire RC |
2023-02-24
⋅
Zscaler
⋅
Snip3 Crypter Reveals New TTPs Over Time DCRat Quasar RAT |
2023-02-23
⋅
Bitdefender
⋅
Technical Advisory: Various Threat Actors Targeting ManageEngine Exploit CVE-2022-47966 Cobalt Strike DarkComet QuiteRAT RATel |
2023-02-22
⋅
SOC Prime
⋅
New Phishing Attack Detection Attributed to the UAC-0050 and UAC-0096 Groups Spreading Remcos Spyware Remcos UAC-0050 |
2023-02-21
⋅
⋅
Cert-UA
⋅
Cyber attack of the group UAC-0050 (UAC-0096) using the Remcos program (CERT-UA#6011) Remcos UAC-0050 |
2023-02-06
⋅
⋅
Cert-UA
⋅
UAC-0050 cyber attack against the state bodies of Ukraine using the program for remote control and surveillance Remcos (CERT-UA#5926) Remcos UAC-0050 |
2023-02-03
⋅
Cloudsek
⋅
Threat Actors Abuse AI-Generated Youtube Videos to Spread Stealer Malware Alfonso Stealer Bandit Stealer Cameleon Fabookie Lumma Stealer Nanocore RAT Panda Stealer RecordBreaker RedLine Stealer Stealc STOP Vidar zgRAT |
2023-01-30
⋅
Checkpoint
⋅
Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted Malware Agent Tesla Azorult Buer Cerber Cobalt Strike Emotet Formbook HawkEye Keylogger Loki Password Stealer (PWS) Maze NetWire RC Remcos REvil TrickBot |
2023-01-24
⋅
Trellix
⋅
Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity Andromeda Formbook Houdini Remcos |
2023-01-09
⋅
YouTube (Embee Research)
⋅
Malware Analysis - VBS Decoding With Cyberchef (Nanocore Loader) Nanocore RAT |
2023-01-05
⋅
Symantec
⋅
Bluebottle: Campaign Hits Banks in French-speaking Countries in Africa CloudEyE Cobalt Strike MimiKatz NetWire RC POORTRY Quasar RAT BlueBottle |
2023-01-04
⋅
K7 Security
⋅
Pupy RAT hiding under WerFault’s cover pupy |
2022-12-18
⋅
ZAYOTEM
⋅
NetWire Technical Analysis Report NetWire RC |
2022-11-21
⋅
Malwarebytes
⋅
2022-11-21 Threat Intel Report 404 Keylogger Agent Tesla Formbook Hive Remcos |
2022-11-06
⋅
LMNTRIX
⋅
Analysis Of Netwire RAT NetWire RC |
2022-10-13
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q3 2022 FluBot Arkei Stealer AsyncRAT Ave Maria BumbleBee Cobalt Strike DCRat Dridex Emotet Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT QakBot RecordBreaker RedLine Stealer Remcos Socelars Tofsee Vjw0rm |
2022-09-22
⋅
Morphisec
⋅
Watch Out For The New NFT-001 Eternity Stealer Remcos |
2022-09-13
⋅
Symantec
⋅
New Wave of Espionage Activity Targets Asian Governments MimiKatz PlugX Quasar RAT ShadowPad Trochilus RAT |
2022-09-06
⋅
Check Point
⋅
DangerousSavanna: Two-year long campaign targets financial institutions in French-speaking Africa AsyncRAT Meterpreter PoshC2 DangerousSavanna |
2022-09-01
⋅
Medium michaelkoczwara
⋅
Hunting C2/Adversaries Infrastructure with Shodan and Censys Brute Ratel C4 Cobalt Strike Deimos GRUNT IcedID Merlin Meterpreter Nighthawk PoshC2 Sliver |
2022-08-30
⋅
Medium the_abjuri5t
⋅
NanoCore RAT Hunting Guide Nanocore RAT |
2022-08-29
⋅
Soc Investigation
⋅
Remcos RAT New TTPS - Detection & Response Remcos |
2022-08-21
⋅
Perception Point
⋅
Behind the Attack: Remcos RAT Remcos |
2022-08-18
⋅
Sophos
⋅
Cookie stealing: the new perimeter bypass Cobalt Strike Meterpreter MimiKatz Phoenix Keylogger Quasar RAT |
2022-08-17
⋅
⋅
360
⋅
Kasablanka organizes attacks against political groups and non-profit organizations in the Middle East SpyNote Loda Nanocore RAT NjRAT |
2022-08-17
⋅
Secureworks
⋅
DarkTortilla Malware Analysis Agent Tesla AsyncRAT Cobalt Strike DarkTortilla Nanocore RAT RedLine Stealer |
2022-08-12
⋅
Brandefense
⋅
Mythic Leopard APT Group Crimson RAT DarkComet NjRAT Oblique RAT Peppy RAT |
2022-08-04
⋅
ConnectWise
⋅
Formbook and Remcos Backdoor RAT by ConnectWise CRU Formbook Remcos |
2022-07-29
⋅
Qualys
⋅
New Qualys Research Report: Evolution of Quasar RAT Quasar RAT |
2022-07-27
⋅
Qualys
⋅
Stealthy Quasar Evolving to Lead the RAT Race Quasar RAT |
2022-07-21
⋅
Censys
⋅
Russian Ransomware C2 Network Discovered in Censys Data DeimosC2 PoshC2 |
2022-07-20
⋅
Sophos
⋅
OODA: X-Ops Takes On Burgeoning SQL Server Attacks Maoloa Remcos TargetCompany |
2022-07-18
⋅
Censys
⋅
Russian Ransomware C2 Network Discovered in Censys Data Cobalt Strike DeimosC2 MimiKatz PoshC2 |
2022-07-13
⋅
Weixin
⋅
Confucius: The Angler Hidden Under CloudFlare Quasar RAT |
2022-06-23
⋅
Secureworks
⋅
BRONZE STARLIGHT Ransomware Operations Use HUI Loader ATOMSILO Cobalt Strike HUI Loader LockFile NightSky Pandora PlugX Quasar RAT Rook SodaMaster BRONZE STARLIGHT |
2022-06-21
⋅
Cisco Talos
⋅
Avos ransomware group expands with new attack arsenal AvosLocker Cobalt Strike DarkComet MimiKatz |
2022-06-20
⋅
⋅
Infinitum IT
⋅
Charming Kitten (APT35) LaZagne DownPaper MimiKatz pupy |
2022-06-15
⋅
Volexity
⋅
DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach pupy Sliver DriftingCloud |
2022-06-02
⋅
FortiGuard Labs
⋅
Threat Actors Prey on Eager Travelers AsyncRAT NetWire RC Quasar RAT |
2022-05-23
⋅
Trend Micro
⋅
Operation Earth Berberoka reptile oRAT Ghost RAT PlugX pupy Earth Berberoka |
2022-05-19
⋅
Blackberry
⋅
.NET Stubs: Sowing the Seeds of Discord Agent Tesla Quasar RAT WhisperGate |
2022-05-19
⋅
Blackberry
⋅
.NET Stubs: Sowing the Seeds of Discord (PureCrypter) Aberebot AbstractEmu AdoBot 404 Keylogger Agent Tesla Amadey AsyncRAT Ave Maria BitRAT BluStealer Formbook LimeRAT Loki Password Stealer (PWS) Nanocore RAT Orcus RAT Quasar RAT Raccoon RedLine Stealer WhisperGate |
2022-05-16
⋅
JPCERT/CC
⋅
Analysis of HUI Loader HUI Loader PlugX Poison Ivy Quasar RAT |
2022-05-12
⋅
Morphisec
⋅
New SYK Crypter Distributed Via Discord AsyncRAT Ave Maria Nanocore RAT NjRAT Quasar RAT RedLine Stealer |
2022-05-05
⋅
Github (muha2xmad)
⋅
Analysis of MS Word to drop Remcos RAT | VBA extraction and analysis | IoCs Remcos |
2022-04-27
⋅
Trendmicro
⋅
IOCs for Earth Berberoka - Windows AsyncRAT Cobalt Strike PlugX Quasar RAT Earth Berberoka |
2022-04-27
⋅
Trend Micro
⋅
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware HelloBot AsyncRAT Ghost RAT HelloBot PlugX Quasar RAT Earth Berberoka |
2022-04-27
⋅
Trendmicro
⋅
IOCs for Earth Berberoka - Linux Rekoobe pupy Earth Berberoka |
2022-04-27
⋅
Trendmicro
⋅
Operation Gambling Puppet reptile oRAT AsyncRAT Cobalt Strike DCRat Ghost RAT PlugX Quasar RAT Trochilus RAT Earth Berberoka |
2022-04-26
⋅
Trend Micro
⋅
How Cybercriminals Abuse Cloud Tunneling Services AsyncRAT Cobalt Strike DarkComet Meterpreter Nanocore RAT |
2022-04-15
⋅
Center for Internet Security
⋅
Top 10 Malware March 2022 Mirai Shlayer Agent Tesla Ghost RAT Nanocore RAT SectopRAT solarmarker Zeus |
2022-04-12
⋅
HP
⋅
Malware Campaigns Targeting African Banking Sector CloudEyE Remcos |
2022-04-06
⋅
Fortinet
⋅
The Latest Remcos RAT Driven By Phishing Campaign Remcos |
2022-03-30
⋅
Morphisec
⋅
New Wave Of Remcos RAT Phishing Campaign Remcos |
2022-03-30
⋅
Recorded Future
⋅
Social Engineering Remains Key Tradecraft for Iranian APTs Liderc pupy |
2022-03-27
⋅
Medium M3H51N
⋅
Malware Analysis — NanoCore Rat Nanocore RAT |
2022-03-25
⋅
Trustwave
⋅
Cyber Attackers Leverage Russia-Ukraine Conflict in Multiple Spam Campaigns Remcos |
2022-03-24
⋅
Lab52
⋅
Another cyber espionage campaign in the Russia-Ukrainian ongoing cyber attacks Quasar RAT |
2022-03-07
⋅
ASEC
⋅
Distribution of Remcos RAT Disguised as Tax Invoice Remcos |
2022-03-05
⋅
Bleeping Computer
⋅
Malware now using NVIDIA's stolen code signing certificates Quasar RAT |
2022-03-04
⋅
Bitdefender
⋅
Bitdefender Labs Sees Increased Malicious and Scam Activity Exploiting the War in Ukraine Agent Tesla Remcos |
2022-03-04
⋅
Bleeping Computer
⋅
Russia-Ukraine war exploited as lure for malware distribution Agent Tesla Remcos |
2022-03-01
⋅
VirusTotal
⋅
VirusTotal's 2021 Malware Trends Report Anubis AsyncRAT BlackMatter Cobalt Strike DanaBot Dridex Khonsari MimiKatz Mirai Nanocore RAT Orcus RAT |
2022-02-28
⋅
⋅
ASEC
⋅
Remcos RAT malware disseminated by pretending to be tax invoices Remcos |
2022-02-22
⋅
China Implicated in Prolonged Supply Chain Attack Targeting Taiwan Financial Sector Quasar RAT |
2022-02-21
⋅
⋅
CyCraft
⋅
An in-depth analysis of the Operation Cache Panda organized supply chain attack on Taiwan's financial industry Quasar RAT |
2022-02-21
⋅
The Record
⋅
Chinese hackers linked to months-long attack on Taiwanese financial sector Quasar RAT |
2022-02-18
⋅
YouTube (John Hammond)
⋅
Uncovering NETWIRE Malware - Discovery & Deobfuscation NetWire RC |
2022-02-18
⋅
SANS ISC
⋅
Remcos RAT Delivered Through Double Compressed Archive Remcos |
2022-02-15
⋅
BleepingComputer
⋅
Unskilled hacker linked to years of attacks on aviation, transport sectors AsyncRAT Houdini NetWire RC Parallax RAT |
2022-02-15
⋅
Threat Post
⋅
TA2541: APT Has Been Shooting RATs at Aviation for Years AsyncRAT Houdini NetWire RC Parallax RAT |
2022-02-14
⋅
Morphisec
⋅
Journey of a Crypto Scammer - NFT-001 AsyncRAT BitRAT Remcos |
2022-02-11
⋅
blog.rootshell.be
⋅
[SANS ISC] CinaRAT Delivered Through HTML ID Attributes Quasar RAT |
2022-02-11
⋅
Cisco Talos
⋅
Threat Roundup for February 4 to February 11 DarkComet Ghost RAT Loki Password Stealer (PWS) Tinba Tofsee Zeus |
2022-02-09
⋅
SentinelOne
⋅
Modified Elephant APT and a Decade of Fabricating Evidence DarkComet Incubator NetWire RC |
2022-02-09
⋅
Sentinel LABS
⋅
ModifiedElephant APT and a Decade of Fabricating Evidence DarkComet Incubator NetWire RC ModifiedElephant |
2022-02-08
⋅
ASEC
⋅
Distribution of Kimsuky Group’s xRAT (Quasar RAT) Confirmed GoldDragon Quasar RAT |
2022-02-08
⋅
Intel 471
⋅
PrivateLoader: The first step in many malware schemes Dridex Kronos LockBit Nanocore RAT NjRAT PrivateLoader Quasar RAT RedLine Stealer Remcos SmokeLoader STOP Tofsee TrickBot Vidar |
2022-02-08
⋅
Remcos Analysis Remcos |
2022-02-07
⋅
RiskIQ
⋅
RiskIQ: Malicious Infrastructure Connected to Particular Windows Host Certificates AsyncRAT BitRAT Nanocore RAT |
2022-01-28
⋅
eSentire
⋅
Remcos RAT Remcos |
2022-01-13
⋅
muha2xmad
⋅
Unpacking Remcos malware Remcos |
2022-01-12
⋅
Cisco
⋅
Nanocore, Netwire and AsyncRAT spreading campaign uses public cloud infrastructure AsyncRAT Nanocore RAT NetWire RC |
2022-01-10
⋅
splunk
⋅
Detecting Malware Script Loaders using Remcos: Threat Research Release December 2021 Remcos |
2022-01-08
⋅
Bleeping Computer
⋅
Trojanized dnSpy app drops malware cocktail on researchers, devs Quasar RAT |
2022-01-02
⋅
Medium amgedwageh
⋅
Automating The Analysis Of An AutoIT Script That Wraps A Remcos RAT Remcos |
2021-12-14
⋅
Trend Micro
⋅
Collecting In the Dark: Tropic Trooper Targets Transportation and Government ChiserClient Ghost RAT Lilith Quasar RAT xPack APT23 |
2021-12-13
⋅
RiskIQ
⋅
RiskIQ: Connections between Nanocore, Netwire, and AsyncRAT and Vjw0rm dynamic DNS C2 infrastructure AsyncRAT Nanocore RAT NetWire RC Vjw0rm |
2021-11-29
⋅
Trend Micro
⋅
Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites AsyncRAT Azorult Nanocore RAT NjRAT RedLine Stealer Remcos |
2021-11-23
⋅
HP
⋅
RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild AdWind Ratty STRRAT CloudEyE Formbook Houdini Panda Stealer Remcos |
2021-11-23
⋅
Morphisec
⋅
Babadeda Crypter targeting crypto, NFT, and DeFi communities Babadeda BitRAT LockBit Remcos |
2021-11-11
⋅
splunk
⋅
FIN7 Tools Resurface in the Field – Splinter or Copycat? JSSLoader Remcos |
2021-11-10
⋅
⋅
AhnLab
⋅
Analysis Report of Lazarus Group’s NukeSped Malware DarkComet Tiger RAT |
2021-10-27
⋅
Proofpoint
⋅
New Threat Actor Spoofs Philippine Government, COVID-19 Health Data in Widespread RAT Campaigns Nanocore RAT Remcos TA2722 |
2021-10-19
⋅
Cisco Talos
⋅
Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India DCRat Quasar RAT |
2021-10-06
⋅
ESET Research
⋅
To the moon and hack: Fake SafeMoon app drops malware to spy on you Remcos |
2021-10-01
⋅
HP
⋅
Threat Insights Report Q3 - 2021 STRRAT CloudEyE NetWire RC Remcos TrickBot Vjw0rm |
2021-09-23
⋅
Talos
⋅
Operation “Armor Piercer:” Targeted attacks in the Indian subcontinent using commercial RATs Ave Maria NetWire RC |
2021-09-20
⋅
Trend Micro
⋅
Water Basilisk Uses New HCrypt Variant to Flood Victims with RAT Payloads Ave Maria BitRAT LimeRAT Nanocore RAT NjRAT Quasar RAT |
2021-09-16
⋅
Blackberry
⋅
Threat Thursday: NetWire RAT is Coming Down the Line NetWire RC |
2021-09-15
⋅
Telsy
⋅
REMCOS and Agent Tesla loaded into memory with Rezer0 loader Agent Tesla Remcos |
2021-09-13
⋅
Trend Micro
⋅
APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs AsyncRAT Ave Maria BitRAT Imminent Monitor RAT LimeRAT NjRAT Remcos |
2021-09-13
⋅
Trend Micro
⋅
APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs (IOCs) AsyncRAT Ave Maria BitRAT Imminent Monitor RAT LimeRAT NjRAT Remcos |
2021-09-06
⋅
⋅
dbappsecurity
⋅
假面行动(Operation MaskFace)-疑似针对境外银行的利用问卷调查为主题的钓鱼攻击事件分析 PoshC2 |
2021-09-03
⋅
Trend Micro
⋅
The State of SSL/TLS Certificate Usage in Malware C&C Communications AdWind ostap AsyncRAT BazarBackdoor BitRAT Buer Chthonic CloudEyE Cobalt Strike DCRat Dridex FindPOS GootKit Gozi IcedID ISFB Nanocore RAT Orcus RAT PandaBanker Qadars QakBot Quasar RAT Rockloader ServHelper Shifu SManager TorrentLocker TrickBot Vawtrak Zeus Zloader |
2021-09-01
⋅
⋅
360 Threat Intelligence Center
⋅
APT-C-56 (Transparent Tribe) Latest Attack Analysis and Associated Suspected Gorgon Group Attack Analysis Alert Crimson RAT NetWire RC |
2021-08-05
⋅
⋅
Twitter (@BaoshengbinCumt)
⋅
Attacks on NCGSA, MOITT, MOD, NSCP and SCO in Pakistan NetWire RC |
2021-08-04
⋅
⋅
ASEC
⋅
S/W Download Camouflage, Spreading Various Kinds of Malware Raccoon RedLine Stealer Remcos Vidar |
2021-07-27
⋅
Blackberry
⋅
Old Dogs New Tricks: Attackers Adopt Exotic Programming Languages elf.wellmess ElectroRAT BazarNimrod Buer Cobalt Strike Remcos Snake TeleBot WellMess Zebrocy |
2021-07-19
⋅
Malwarebytes
⋅
Remcos RAT delivered via Visual Basic Remcos |
2021-07-12
⋅
IBM
⋅
RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation 404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos |
2021-07-12
⋅
Cipher Tech Solutions
⋅
RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation 404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos |
2021-06-10
⋅
ZAYOTEM
⋅
NetWire Technical Analysis Report NetWire RC |
2021-05-27
⋅
MinervaLabs
⋅
Trapping A Fat Quasar RAT Quasar RAT |
2021-05-13
⋅
Anomali
⋅
Threat Actors Use MSBuild to Deliver RATs Filelessly Remcos |
2021-05-07
⋅
Morphisec
⋅
Revealing the ‘Snip3’ Crypter, a Highly Evasive RAT Loader Agent Tesla AsyncRAT NetWire RC Revenge RAT |
2021-05-05
⋅
Zscaler
⋅
Catching RATs Over Custom Protocols Analysis of top non-HTTP/S threats Agent Tesla AsyncRAT Crimson RAT CyberGate Ghost RAT Nanocore RAT NetWire RC NjRAT Quasar RAT Remcos |
2021-04-27
⋅
Kaspersky
⋅
APT trends report Q1 2021 PAS Artra Downloader BadNews Bozok DILLJUICE Kazuar Quasar RAT SodaMaster |
2021-04-21
⋅
Talos
⋅
A year of Fajan evolution and Bloomberg themed campaigns MASS Logger Nanocore RAT NetWire RC Revenge RAT XpertRAT |
2021-04-14
⋅
Zscaler
⋅
A look at HydroJiin campaign NetWire RC Quasar RAT |
2021-03-18
⋅
Cybereason
⋅
Cybereason Exposes Campaign Targeting US Taxpayers with NetWire and Remcos Malware NetWire RC Remcos |
2021-03-16
⋅
Morphisec
⋅
Tracking HCrypt: An Active Crypter as a Service AsyncRAT LimeRAT Remcos |
2021-03-11
⋅
Trustwave
⋅
Image File Trickery Part II: Fake Icon Delivers NanoCore Nanocore RAT |
2021-02-25
⋅
Intezer
⋅
Year of the Gopher A 2020 Go Malware Round-Up NiuB WellMail elf.wellmess ArdaMax AsyncRAT CyberGate DarkComet Glupteba Nanocore RAT Nefilim NjRAT Quasar RAT WellMess Zebrocy |
2021-02-23
⋅
CrowdStrike
⋅
2021 Global Threat Report RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER |
2021-02-18
⋅
PTSecurity
⋅
https://www.ptsecurity.com/ww-en/analytics/antisandbox-techniques/ Poet RAT Gravity RAT Ketrican Okrum OopsIE Remcos RogueRobinNET RokRAT SmokeLoader |
2021-02-08
⋅
Arsenal Consulting
⋅
National Investigation Agency VS Sudhir Pralhad Dhawale & others Report 1 NetWire RC |
2021-02-05
⋅
Morphisec
⋅
CinaRAT Resurfaces with New Evasive Tactics and Techniques Quasar RAT |
2021-01-13
⋅
Bitdefender
⋅
Remcos RAT Revisited: A Colombian Coronavirus-Themed Campaign Remcos |
2021-01-11
⋅
ESET Research
⋅
Operation Spalax: Targeted malware attacks in Colombia Agent Tesla AsyncRAT NjRAT Remcos |
2021-01-09
⋅
Marco Ramilli's Blog
⋅
Command and Control Traffic Patterns ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot |
2021-01-07
⋅
Recorded Future
⋅
Aversary Infrastructure Report 2020: A Defender's View Octopus pupy Cobalt Strike Empire Downloader Meterpreter PoshC2 |
2021-01-06
⋅
Red Canary
⋅
Hunting for GetSystem in offensive security tools Cobalt Strike Empire Downloader Meterpreter PoshC2 |
2020-12-28
⋅
⋅
Antiy CERT
⋅
"Civerids" organization vs. Middle East area attack activity analysis report Quasar RAT |
2020-12-24
⋅
IronNet
⋅
China cyber attacks: the current threat landscape PLEAD TSCookie FlowCloud Lookback PLEAD PlugX Quasar RAT Winnti |
2020-12-21
⋅
Cisco Talos
⋅
2020: The year in malware WolfRAT Prometei Poet RAT Agent Tesla Astaroth Ave Maria CRAT Emotet Gozi IndigoDrop JhoneRAT Nanocore RAT NjRAT Oblique RAT SmokeLoader StrongPity WastedLocker Zloader |
2020-12-10
⋅
US-CERT
⋅
Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim REvil Ryuk Zeus |
2020-12-10
⋅
JPCERT/CC
⋅
Attack Activities by Quasar Family AsyncRAT Quasar RAT Venom RAT XPCTRA |
2020-12-09
⋅
Cybereason
⋅
MOLERATS IN THE CLOUD: New Malware Arsenal Abuses Cloud Platforms in Middle East Espionage Campaign DropBook JhoneRAT Molerat Loader Pierogi Quasar RAT SharpStage Spark |
2020-12-09
⋅
Cybereason
⋅
New Malware Arsenal Abusing Cloud Platforms in Middle East Espionage Campaign DropBook MoleNet Quasar RAT SharpStage Spark |
2020-12-07
⋅
Proofpoint
⋅
Commodity .NET Packers use Embedded Images to Hide Payloads Agent Tesla Loki Password Stealer (PWS) Remcos |
2020-11-19
⋅
Threatpost
⋅
APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies Quasar RAT Ryuk |
2020-11-18
⋅
G Data
⋅
Business as usual: Criminal Activities in Times of a Global Pandemic Agent Tesla Nanocore RAT NetWire RC Remcos |
2020-11-17
⋅
Symantec
⋅
Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign Quasar RAT |
2020-09-22
⋅
vmware
⋅
Detecting Threats in Real-time With Active C2 Information Agent.BTZ Cobalt Strike Dacls NetWire RC PoshC2 Winnti |
2020-09-18
⋅
Symantec
⋅
Elfin: Latest U.S. Indictments Appear to Target Iranian Espionage Group Nanocore RAT |
2020-09-17
⋅
FBI
⋅
FBI PIN Number 20200917-001: IRGC-Associated Cyber Operations Against US Company Networks MimiKatz Nanocore RAT |
2020-09-11
⋅
ThreatConnect
⋅
Research Roundup: Activity on Previously Identified APT33 Domains Emotet PlugX APT33 |
2020-09-10
⋅
Medium mariohenkel
⋅
Decrypting NanoCore config and dump all plugins Nanocore RAT |
2020-08-26
⋅
Proofpoint
⋅
Threat Actor Profile: TA2719 Uses Colorful Lures to Deliver RATs in Local Languages AsyncRAT Nanocore RAT TA2719 |
2020-08-20
⋅
⋅
Seebug Paper
⋅
Use ZoomEye to track multiple Redteam C&C post-penetration attack frameworks Cobalt Strike Empire Downloader PoshC2 |
2020-08-01
⋅
⋅
TG Soft
⋅
TG Soft Cyber - Threat Report DarkComet Darktrack RAT Emotet ISFB |
2020-07-30
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q2 2020 AdWind Agent Tesla Arkei Stealer AsyncRAT Ave Maria Azorult DanaBot Emotet IcedID ISFB KPOT Stealer Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Pony Raccoon RedLine Stealer Remcos Zloader |
2020-07-14
⋅
SophosLabs Uncut
⋅
RATicate upgrades “RATs as a Service” attacks with commercial “crypter” LokiBot BetaBot CloudEyE NetWire RC |
2020-07-13
⋅
FireEye
⋅
SCANdalous! (External Detection Using Network Scan Data and Automation) POWERTON QUADAGENT PoshC2 |
2020-07-13
⋅
Github (1d8)
⋅
Remcos RAT Macro Dropper Doc Remcos |
2020-06-22
⋅
MalwareLab.pl
⋅
VenomRAT - new, hackforums grade, reincarnation of QuassarRAT Quasar RAT Venom RAT |
2020-06-18
⋅
Microsoft
⋅
Inside Microsoft Threat Protection: Mapping attack chains from cloud to endpoint (APT33/HOLMIUM) POWERTON |
2020-06-17
⋅
Nettitude Labs
⋅
Detecting PoshC2 – Indicators of Compromise PoshC2 |
2020-06-15
⋅
Amnesty International
⋅
India: Human Rights Defenders Targeted by a Coordinated Spyware Operation NetWire RC |
2020-06-11
⋅
Talos Intelligence
⋅
Tor2Mine is up to their old tricks — and adds a few new ones Azorult Remcos |
2020-06-07
⋅
Zero2Automated Blog
⋅
Dealing with Obfuscated Macros, Statically - NanoCore Nanocore RAT |
2020-05-29
⋅
Zscaler
⋅
ShellReset RAT Spread Through Macro-Based Documents Using AppLocker Bypass Quasar RAT |
2020-05-26
⋅
CrowdStrike
⋅
Weaponized Disk Image Files: Analysis, Trends and Remediation Nanocore RAT |
2020-05-21
⋅
Malwarebytes
⋅
Cybercrime tactics and techniques Ave Maria Azorult DanaBot Loki Password Stealer (PWS) NetWire RC |
2020-05-20
⋅
Zscaler
⋅
Latest Version of Amadey Introduces Screen Capturing and Pushes the Remcos RAT Amadey Remcos |
2020-05-14
⋅
360 Total Security
⋅
Vendetta - new threat actor from Europe Nanocore RAT Remcos |
2020-05-14
⋅
Lab52
⋅
The energy reserves in the Eastern Mediterranean Sea and a malicious campaign of APT10 against Turkey Cobalt Strike HTran MimiKatz PlugX Quasar RAT |
2020-05-14
⋅
SophosLabs
⋅
RATicate: an attacker’s waves of information-stealing malware Agent Tesla BetaBot BlackRemote Formbook Loki Password Stealer (PWS) NetWire RC NjRAT Remcos |
2020-05-06
⋅
Yoroi
⋅
New Cyber Operation Targets Italy: Digging Into the Netwire Attack Chain NetWire RC |
2020-04-27
⋅
0x00sec
⋅
Master of RATs - How to create your own Tracker Quasar RAT |
2020-04-15
⋅
Zscaler
⋅
Multistage FreeDom loader used in Aggah Campaign to spread Nanocore and AZORult Azorult Nanocore RAT |
2020-04-04
⋅
MalwareInDepth
⋅
Nanocore & CypherIT Nanocore RAT |
2020-04-03
⋅
Palo Alto Networks Unit 42
⋅
GuLoader: Malspam Campaign Installing NetWire RAT CloudEyE NetWire RC |
2020-04-02
⋅
Cisco Talos
⋅
AZORult brings friends to the party Azorult Remcos |
2020-04-01
⋅
Cisco
⋅
Navigating Cybersecurity During a Pandemic: Latest Malware and Threat Actors Azorult CloudEyE Formbook KPOT Stealer Metamorfo Nanocore RAT NetWire RC TrickBot |
2020-03-20
⋅
Bitdefender
⋅
5 Times More Coronavirus-themed Malware Reports during March ostap HawkEye Keylogger Koadic Loki Password Stealer (PWS) Nanocore RAT Remcos |
2020-03-18
⋅
Proofpoint
⋅
Coronavirus Threat Landscape Update Agent Tesla Get2 ISFB Remcos |
2020-03-05
⋅
⋅
VinCSS
⋅
[RE011] Unpack crypter của malware Netwire bằng x64dbg NetWire RC |
2020-02-21
⋅
ADEO DFIR
⋅
APT10 Threat Analysis Report CHINACHOPPER HTran MimiKatz PlugX Quasar RAT |
2020-02-13
⋅
Talos
⋅
Threat actors attempt to capitalize on coronavirus outbreak Emotet Nanocore RAT Parallax RAT |
2020-02-12
⋅
Telsy
⋅
Meeting POWERBAND: The APT33 .NET POWERTON Variant POWERTON POWERBAND |
2020-01-31
⋅
ReversingLabs
⋅
RATs in the Library: Remote Access Trojans Hide in Plain "Public" Site CyberGate LimeRAT NjRAT Quasar RAT Revenge RAT |
2020-01-26
⋅
Dark Matter: Uncovering the DarkComet RAT Ecosystem DarkComet |
2020-01-23
⋅
Recorded Future
⋅
European Energy Sector Organization Targeted by PupyRAT Malware in Late 2019 pupy pupy pupy |
2020-01-19
⋅
360
⋅
BayWorld event, Cyber Attack Against Foreign Trade Industry Azorult Formbook Nanocore RAT Revenge RAT |
2020-01-17
⋅
JPCERT/CC
⋅
Looking back on the incidents in 2019 TSCookie NodeRAT Emotet PoshC2 Quasar RAT |
2020-01-01
⋅
Github (nettitude)
⋅
Repository for Python Server for PoshC2 PoshC2 |
2020-01-01
⋅
Secureworks
⋅
BRONZE RIVERSIDE Anel ChChes Cobalt Strike PlugX Poison Ivy Quasar RAT RedLeaves APT10 |
2020-01-01
⋅
Secureworks
⋅
COBALT TRINITY POWERTON pupy Imminent Monitor RAT Koadic Nanocore RAT NetWire RC PoshC2 APT33 |
2020-01-01
⋅
Secureworks
⋅
ALUMINUM SARATOGA BlackShades DarkComet Xtreme RAT Poison Ivy Quasar RAT Molerats |
2020-01-01
⋅
Secureworks
⋅
COPPER FIELDSTONE Crimson RAT DarkComet Luminosity RAT NjRAT Operation C-Major |
2019-12-12
⋅
Trend Micro
⋅
More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting APT33 |
2019-12-05
⋅
Github (jeFF0Falltrades)
⋅
PoshC2 (specifically as used by APT33) PoshC2 |
2019-11-20
⋅
vmware
⋅
Active C2 Discovery Using Protocol Emulation Part1 (HYDSEVEN NetWire) NetWire RC |
2019-11-19
⋅
FireEye
⋅
Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions MESSAGETAP TSCookie ACEHASH CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT HIGHNOON HTran MimiKatz NetWire RC poisonplug Poison Ivy pupy Quasar RAT ZXShell |
2019-11-18
⋅
Rewterz Information Security
⋅
REWTERZ THREAT ALERT – IRANIAN APT USES JOB SCAMS TO LURE TARGETS PoshC2 |
2019-10-21
⋅
Fortinet
⋅
New Variant of Remcos RAT Observed In the Wild Remcos |
2019-09-26
⋅
Proofpoint
⋅
New WhiteShadow downloader uses Microsoft SQL to retrieve malware WhiteShadow Agent Tesla Azorult Crimson RAT Formbook Nanocore RAT NetWire RC NjRAT Remcos |
2019-09-19
⋅
NSHC
⋅
Hagga of SectorH01 continues abusing Bitly, Blogger and Pastebin to deliver RevengeRAT and NanoCore Nanocore RAT Revenge RAT |
2019-09-12
⋅
Avast
⋅
The tangle of WiryJMPer’s obfuscation NetWire RC |
2019-09-07
⋅
Dissecting Malware
⋅
Malicious RATatouille Remcos |
2019-08-25
⋅
Github (threatland)
⋅
Nanocor Sample Nanocore RAT |
2019-08-22
⋅
Github (n1nj4sec)
⋅
Pupy RAT pupy pupy pupy |
2019-08-22
⋅
Youtube (OALabs)
⋅
Remcos RAT Unpacked From VB6 With x64dbg Debugger Remcos |
2019-08-15
⋅
Trend Micro
⋅
Analysis: New Remcos RAT Arrives Via Phishing Email Remcos |
2019-07-22
⋅
One Night in Norfolk
⋅
APT33 PowerShell Malware POWERTON |
2019-06-24
⋅
Symantec
⋅
Backdoor.Powerton POWERTON |
2019-06-19
⋅
Check Point
⋅
Check Point’s Threat Emulation Stops Large-Scale Phishing Campaign in Germany Remcos |
2019-05-24
⋅
Fortinet
⋅
Uncovering new Activity by APT10 PlugX Quasar RAT |
2019-05-20
⋅
Twitter (@struppigel)
⋅
Tweet on Yggdrasil / CinaRAT Quasar RAT |
2019-05-08
⋅
Dr.Web
⋅
A new threat for macOS spreads as WhatsApp NetWire RC |
2019-05-08
⋅
VMRay
⋅
Get Smart with Enhanced Memory Dumping in VMRay Analyzer 3.0 Remcos |
2019-05-05
⋅
GoggleHeadedHacker Blog
⋅
Unpacking NanoCore Sample Using AutoIT Nanocore RAT |
2019-04-16
⋅
FireEye
⋅
Spear Phishing Campaign Targets Ukraine Government and Military; Infrastructure Reveals Potential Link to So-Called Luhansk People's Republic Quasar RAT Vermin |
2019-04-01
⋅
⋅
Macnica Networks
⋅
Trends in Cyber Espionage Targeting Japan 2nd Half of 2018 Anel Cobalt Strike Datper PLEAD Quasar RAT RedLeaves taidoor Zebrocy |
2019-03-27
⋅
Symantec
⋅
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S. DarkComet Nanocore RAT pupy Quasar RAT Remcos TURNEDUP APT33 |
2019-03-27
⋅
Symantec
⋅
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S. DarkComet MimiKatz Nanocore RAT NetWire RC pupy Quasar RAT Remcos StoneDrill TURNEDUP APT33 |
2019-02-14
⋅
CISA
⋅
AR18-352A: Quasar Open-Source Remote Administration Tool Quasar RAT |
2019-01-30
⋅
Analysis of NetWiredRC trojan NetWire RC |
2019-01-01
⋅
Dragos
⋅
Adversary Reports ALLANITE APT33 CHRYSENE ENERGETIC BEAR Lazarus Group Sandworm |
2019-01-01
⋅
Council on Foreign Relations
⋅
APT 33 APT33 |
2018-12-21
⋅
FireEye
⋅
OVERRULED: Containing a Potentially Destructive Adversary POWERTON PoshC2 pupy |
2018-12-19
⋅
McAfee
⋅
Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems Filerase |
2018-12-14
⋅
Symantec
⋅
Shamoon: Destructive Threat Re-Emerges with New Sting in its Tail DistTrack Filerase StoneDrill OilRig |
2018-10-01
⋅
⋅
Macnica Networks
⋅
Trends in cyber espionage (targeted attacks) targeting Japan | First half of 2018 Anel Cobalt Strike Datper FlawedAmmyy Quasar RAT RedLeaves taidoor Winnti xxmm |
2018-08-22
⋅
Cisco Talos
⋅
Picking Apart Remcos Botnet-In-A-Box Remcos |
2018-08-02
⋅
Palo Alto Networks Unit 42
⋅
The Gorgon Group: Slithering Between Nation State and Cybercrime Loki Password Stealer (PWS) Nanocore RAT NjRAT Quasar RAT Remcos Revenge RAT |
2018-07-17
⋅
ESET Research
⋅
A deep dive down the Vermin RAThole Quasar RAT Sobaken Vermin |
2018-06-18
⋅
Decrypting APT33’s Dropshot Malware with Radare2 and Cutter – Part 2 DROPSHOT |
2018-06-07
⋅
Volexity
⋅
Patchwork APT Group Targets US Think Tanks Quasar RAT Unidentified 047 QUILTED TIGER |
2018-05-21
⋅
MegaBeets
⋅
Decrypting APT33’s Dropshot Malware with Radare2 and Cutter – Part 1 DROPSHOT |
2018-04-18
⋅
MITRE
⋅
APT33 APT33 |
2018-04-11
⋅
Cyberbit
⋅
New ‘Early Bird’ Code Injection Technique Discovered TURNEDUP |
2018-03-30
⋅
⋅
360 Threat Intelligence
⋅
Analysis of the latest cyber attack activity of the APT organization against sensitive institutions in China Quasar RAT |
2018-03-02
⋅
KrabsOnSecurity
⋅
Analysing Remcos RAT’s executable Remcos |
2018-03-01
⋅
Dragos
⋅
INDUSTRIAL CONTROL SYSTEM THREATS APT33 CHRYSENE ENERGETIC BEAR Lazarus Group Sandworm |
2018-03-01
⋅
My Online Security
⋅
Fake order spoofed from Finchers ltd Sankyo-Rubber delivers Remcos RAT via ACE attachments Remcos |
2018-02-26
⋅
Bleeping Computer
⋅
Nanocore RAT Author Gets 33 Months in Prison Nanocore RAT |
2018-01-23
⋅
RiskIQ
⋅
Espionage Campaign Leverages Spear Phishing, RATs Against Turkish Defense Contractors Remcos |
2018-01-01
⋅
FireEye
⋅
APT38 Bitsran BLINDTOAD BOOTWRECK Contopee DarkComet DYEPACK HOTWAX NESTEGG PowerRatankba REDSHAWL WORMHOLE Lazarus Group |
2017-12-22
⋅
Malware Traffic Analysis
⋅
MALSPAM USES CVE-2017-0199 TO DISTRIBUTE REMCOS RAT Remcos |
2017-12-11
⋅
Trend Micro
⋅
Untangling the Patchwork Cyberespionage Group Quasar RAT |
2017-12-06
⋅
Cisco
⋅
Recam Redux - DeConfusing ConfuserEx NetWire RC |
2017-09-21
⋅
FireEye
⋅
APT33: New Insights into Iranian Cyber Espionage Group APT33 |
2017-09-20
⋅
FireEye
⋅
Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware DROPSHOT Nanocore RAT NetWire RC SHAPESHIFT TURNEDUP APT33 |
2017-07-01
⋅
Secrary Blog
⋅
Remcos RAT Remcos |
2017-04-01
⋅
PricewaterhouseCoopers
⋅
Operation Cloud Hopper: Technical Annex ChChes PlugX Quasar RAT RedLeaves Trochilus RAT |
2017-02-16
⋅
SecurityAffairs
⋅
Iranian hackers behind the Magic Hound campaign linked to Shamoon pupy APT35 |
2017-02-15
⋅
Secureworks
⋅
Iranian PupyRAT Bites Middle Eastern Organizations pupy Cleaver |
2017-02-15
⋅
Palo Alto Networks Unit 42
⋅
Magic Hound Campaign Attacks Saudi Targets Leash MPKBot pupy Rocket Kitten |
2017-02-14
⋅
Fortinet
⋅
REMCOS: A New RAT In The Wild Remcos |
2017-02-10
⋅
⋅
JPCERT/CC
⋅
Malware that infects using PowerSploit pupy |
2017-01-30
⋅
Palo Alto Networks Unit 42
⋅
Downeks and Quasar RAT Used in Recent Targeted Attacks Against Governments Quasar RAT |
2016-11-28
⋅
Secureworks
⋅
NetWire RAT Steals Payment Card Data NetWire RC |
2016-10-20
⋅
Twitter (@malwrhunterteam)
⋅
Tweet on Quasar RAT Quasar RAT |
2016-06-03
⋅
FireEye
⋅
APT Group Sends Spear Phishing Emails to Indian Government Officials BreachRAT DarkComet Operation C-Major |
2014-11-26
⋅
CIRCL
⋅
TR-23 Analysis - NetWiredRC malware NetWire RC |
2014-08-04
⋅
Palo Alto Networks Unit 42
⋅
New Release: Decrypting NetWire C2 Traffic NetWire RC |
2012-10-05
⋅
Malwarebytes
⋅
Dark Comet 2: Electric Boogaloo DarkComet |
2012-06-21
⋅
Contagio Dump
⋅
RAT samples from Syrian Targeted attacks - Blackshades RAT, XTreme RAT, Dark Comet RAT used by Syrian Electronic Army BlackShades DarkComet Terminator RAT |
2012-06-09
⋅
Malwarebytes
⋅
You dirty RAT! Part 1: DarkComet DarkComet |