SYMBOLCOMMON_NAMEaka. SYNONYMS

Cobalt  (Back to overview)

aka: Cobalt Group, Cobalt Gang, GOLD KINGSWOOD, COBALT SPIDER

A criminal group dubbed Cobalt is behind synchronized ATM heists that saw machines across Europe, CIS countries (including Russia), and Malaysia being raided simultaneously, in the span of a few hours. The group has been active since June 2016, and their latest attacks happened in July and August.


Associated Families
js.more_eggs win.atmspitter win.cobint win.pony win.formbook

References
2021-11-23HPPatrick Schläpfer
@online{schlpfer:20211123:ratdispenser:4677686, author = {Patrick Schläpfer}, title = {{RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild}}, date = {2021-11-23}, organization = {HP}, url = {https://threatresearch.ext.hp.com/javascript-malware-dispensing-rats-into-the-wild/}, language = {English}, urldate = {2021-11-29} } RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild
AdWind Ratty STRRAT CloudEyE Formbook Houdini Panda Stealer Remcos
2021-11-16YoroiLuigi Martire, Carmelo Ragusa, Luca Mella
@online{martire:20211116:office:2dba65a, author = {Luigi Martire and Carmelo Ragusa and Luca Mella}, title = {{Office Documents: May the XLL technique change the threat Landscape in 2022?}}, date = {2021-11-16}, organization = {Yoroi}, url = {https://yoroi.company/research/office-documents-may-the-xll-technique-change-the-threat-landscape-in-2022/}, language = {English}, urldate = {2021-11-17} } Office Documents: May the XLL technique change the threat Landscape in 2022?
Agent Tesla Dridex Formbook
2021-09-30BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20210930:threat:d31cc55, author = {The BlackBerry Research & Intelligence Team}, title = {{Threat Thursday: xLoader Infostealer}}, date = {2021-09-30}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2021/09/threat-thursday-xloader-infostealer}, language = {English}, urldate = {2021-10-11} } Threat Thursday: xLoader Infostealer
Xloader Formbook
2021-09-29Trend MicroAliakbar Zahravi, William Gamazo Sanchez, Kamlapati Choubey, Peter Girnus
@online{zahravi:20210929:formbook:54b9f08, author = {Aliakbar Zahravi and William Gamazo Sanchez and Kamlapati Choubey and Peter Girnus}, title = {{FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal}}, date = {2021-09-29}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/i/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-404.html}, language = {English}, urldate = {2021-10-05} } FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal
Formbook
2021-09-01YouTube (Black Hat)Tsuyoshi Taniguchi, Christian Doerr
@online{taniguchi:20210901:how:98ed0d5, author = {Tsuyoshi Taniguchi and Christian Doerr}, title = {{How Did the Adversaries Abusing the Bitcoin Blockchain Evade Our Takeover?}}, date = {2021-09-01}, organization = {YouTube (Black Hat)}, url = {https://www.youtube.com/watch?v=y8Z9KnL8s8s}, language = {English}, urldate = {2021-09-12} } How Did the Adversaries Abusing the Bitcoin Blockchain Evade Our Takeover?
Cerber Pony
2021-07-21Quick HealRumana Siddiqui
@online{siddiqui:20210721:formbook:e6e3f64, author = {Rumana Siddiqui}, title = {{FormBook Malware Returns: New Variant Uses Steganography and In-Memory Loading of multiple stages to steal data}}, date = {2021-07-21}, organization = {Quick Heal}, url = {https://blogs.quickheal.com/formbook-malware-returns-new-variant-uses-steganography-and-in-memory-loading-of-multiple-stages-to-steal-data/}, language = {English}, urldate = {2021-07-26} } FormBook Malware Returns: New Variant Uses Steganography and In-Memory Loading of multiple stages to steal data
Formbook
2021-07-12IBMMelissa Frydrych, Claire Zaboeva, Dan Dash
@online{frydrych:20210712:roboski:1f66418, author = {Melissa Frydrych and Claire Zaboeva and Dan Dash}, title = {{RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation}}, date = {2021-07-12}, organization = {IBM}, url = {https://securityintelligence.com/posts/roboski-global-recovery-automation/}, language = {English}, urldate = {2021-07-20} } RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation
404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos
2021-07-12Cipher Tech SolutionsMelissa Frydrych, Claire Zaboeva, Dan Dash
@online{frydrych:20210712:roboski:a3c66bf, author = {Melissa Frydrych and Claire Zaboeva and Dan Dash}, title = {{RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation}}, date = {2021-07-12}, organization = {Cipher Tech Solutions}, url = {https://www.ciphertechsolutions.com/roboski-global-recovery-automation/}, language = {English}, urldate = {2021-07-20} } RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation
404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos
2021-05-06Black HatTsuyoshi Taniguchi, Christian Doerr
@techreport{taniguchi:20210506:how:45b144d, author = {Tsuyoshi Taniguchi and Christian Doerr}, title = {{How Did the Adversaries Abusing Bitcoin Blockchain Evade Our Takeover}}, date = {2021-05-06}, institution = {Black Hat}, url = {https://i.blackhat.com/asia-21/Thursday-Handouts/as21-Taniguchi-How-Did-The-Adversaries-Abusing-The-Bitcoin-Blockchain-Evade-Our-Takeover.pdf}, language = {English}, urldate = {2021-09-12} } How Did the Adversaries Abusing Bitcoin Blockchain Evade Our Takeover
Cerber Pony
2021-04-22FortinetXiaopeng Zhang
@online{zhang:20210422:deep:44cd560, author = {Xiaopeng Zhang}, title = {{Deep Analysis: FormBook New Variant Delivered in Phishing Campaign – Part II}}, date = {2021-04-22}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/deep-analysis-formbook-new-variant-delivered-phishing-campaign-part-ii}, language = {English}, urldate = {2021-04-28} } Deep Analysis: FormBook New Variant Delivered in Phishing Campaign – Part II
Formbook
2021-04-12PTSecurityPTSecurity
@online{ptsecurity:20210412:paas:1d06836, author = {PTSecurity}, title = {{PaaS, or how hackers evade antivirus software}}, date = {2021-04-12}, organization = {PTSecurity}, url = {https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/paas-or-how-hackers-evade-antivirus-software/}, language = {English}, urldate = {2021-04-12} } PaaS, or how hackers evade antivirus software
Amadey Bunitu Cerber Dridex ISFB KPOT Stealer Mailto Nemty Phobos Pony Predator The Thief QakBot Raccoon RTM SmokeLoader Zloader
2021-04-12FortinetXiaopeng Zhang
@online{zhang:20210412:deep:dc35f85, author = {Xiaopeng Zhang}, title = {{Deep Analysis: New FormBook Variant Delivered in Phishing Campaign – Part I}}, date = {2021-04-12}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/deep-analysis-new-formbook-variant-delivered-phishing-campaign-part-I}, language = {English}, urldate = {2021-04-14} } Deep Analysis: New FormBook Variant Delivered in Phishing Campaign – Part I
Formbook
2021-04-05eSentireeSentire
@online{esentire:20210405:hackers:d45f86f, author = {eSentire}, title = {{Hackers Spearphish Professionals on LinkedIn with Fake Job Offers, Infecting them with Malware, Warns eSentire}}, date = {2021-04-05}, organization = {eSentire}, url = {https://www.esentire.com/security-advisories/hackers-spearphish-professionals-on-linkedin-with-fake-job-offers-infecting-them-with-malware-warns-esentire}, language = {English}, urldate = {2021-04-06} } Hackers Spearphish Professionals on LinkedIn with Fake Job Offers, Infecting them with Malware, Warns eSentire
More_eggs
2021-03-17HPHP Bromium
@techreport{bromium:20210317:threat:3aed551, author = {HP Bromium}, title = {{Threat Insights Report Q4-2020}}, date = {2021-03-17}, institution = {HP}, url = {https://threatresearch.ext.hp.com/wp-content/uploads/2021/03/HP_Bromium_Threat_Insights_Report_Q4_2020.pdf}, language = {English}, urldate = {2021-03-19} } Threat Insights Report Q4-2020
Agent Tesla BitRAT ComodoSec Dridex Emotet Ficker Stealer Formbook Zloader
2021-03-11YouTube ( Malware_Analyzing_&_RE_Tips_Tricks)Jiří Vinopal
@online{vinopal:20210311:formbook:31931b9, author = {Jiří Vinopal}, title = {{Formbook Reversing - Part1 [Formbook .NET loader/injector analyzing, decrypting, unpacking, patching]}}, date = {2021-03-11}, organization = {YouTube ( Malware_Analyzing_&_RE_Tips_Tricks)}, url = {https://youtu.be/aQwnHIlGSBM}, language = {English}, urldate = {2021-03-12} } Formbook Reversing - Part1 [Formbook .NET loader/injector analyzing, decrypting, unpacking, patching]
Formbook
2021-01-28Youtube (Virus Bulletin)Benoît Ancel
@online{ancel:20210128:bagsu:7de60de, author = {Benoît Ancel}, title = {{The Bagsu banker case}}, date = {2021-01-28}, organization = {Youtube (Virus Bulletin)}, url = {https://www.youtube.com/watch?v=EyDiIAt__dI}, language = {English}, urldate = {2021-02-01} } The Bagsu banker case
Azorult DreamBot Emotet Pony TrickBot ZeusAction
2021-01-09Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20210109:command:d720b27, author = {Marco Ramilli}, title = {{Command and Control Traffic Patterns}}, date = {2021-01-09}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2021/01/09/c2-traffic-patterns-personal-notes/}, language = {English}, urldate = {2021-05-17} } Command and Control Traffic Patterns
ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot
2021SecureworksSecureWorks
@online{secureworks:2021:threat:c81b928, author = {SecureWorks}, title = {{Threat Profile: GOLD EVERGREEN}}, date = {2021}, organization = {Secureworks}, url = {http://www.secureworks.com/research/threat-profiles/gold-evergreen}, language = {English}, urldate = {2021-05-28} } Threat Profile: GOLD EVERGREEN
CryptoLocker Pony Zeus GOLD EVERGREEN
2021SecureworksSecureWorks
@online{secureworks:2021:threat:9cb31b0, author = {SecureWorks}, title = {{Threat Profile: GOLD GALLEON}}, date = {2021}, organization = {Secureworks}, url = {http://www.secureworks.com/research/threat-profiles/gold-galleon}, language = {English}, urldate = {2021-06-01} } Threat Profile: GOLD GALLEON
Agent Tesla HawkEye Keylogger Pony GOLD GALLEON
2020-11-19SANS ISC InfoSec ForumsXavier Mertens
@online{mertens:20201119:powershell:72b44bf, author = {Xavier Mertens}, title = {{PowerShell Dropper Delivering Formbook}}, date = {2020-11-19}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/diary/26806}, language = {English}, urldate = {2020-11-19} } PowerShell Dropper Delivering Formbook
Formbook
2020-11-05tccontre Blogtcontre
@online{tcontre:20201105:interesting:17c82b2, author = {tcontre}, title = {{Interesting FormBook Crypter - unconventional way to store encrypted data}}, date = {2020-11-05}, organization = {tccontre Blog}, url = {https://tccontre.blogspot.com/2020/11/interesting-formbook-crypter.html}, language = {English}, urldate = {2020-11-06} } Interesting FormBook Crypter - unconventional way to store encrypted data
Formbook
2020-10-16HornetsecurityHornetsecurity Security Lab
@online{lab:20201016:vba:577dd47, author = {Hornetsecurity Security Lab}, title = {{VBA Purging Malspam Campaigns}}, date = {2020-10-16}, organization = {Hornetsecurity}, url = {https://www.hornetsecurity.com/en/threat-research/vba-purging-malspam-campaigns/}, language = {English}, urldate = {2020-12-08} } VBA Purging Malspam Campaigns
Agent Tesla Formbook
2020-09-03Twitter (@Arkbird_SOLG)Arkbird
@online{arkbird:20200903:development:cf8dd7d, author = {Arkbird}, title = {{Tweet on development in more_eggs}}, date = {2020-09-03}, organization = {Twitter (@Arkbird_SOLG)}, url = {https://twitter.com/Arkbird_SOLG/status/1301536930069278727}, language = {English}, urldate = {2020-09-15} } Tweet on development in more_eggs
More_eggs
2020-07-30SpamhausSpamhaus Malware Labs
@techreport{labs:20200730:spamhaus:038546d, author = {Spamhaus Malware Labs}, title = {{Spamhaus Botnet Threat Update Q2 2020}}, date = {2020-07-30}, institution = {Spamhaus}, url = {https://www.spamhaus.org/news/images/botnet-report-2020-q2/2020-q2-spamhaus-botnet-threat-report.pdf}, language = {English}, urldate = {2020-07-30} } Spamhaus Botnet Threat Update Q2 2020
AdWind Agent Tesla Arkei Stealer AsyncRAT Ave Maria Azorult DanaBot Emotet IcedID ISFB KPOT Stealer Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Pony Raccoon RedLine Stealer Remcos Zloader
2020-07-29ESET Researchwelivesecurity
@techreport{welivesecurity:20200729:threat:496355c, author = {welivesecurity}, title = {{THREAT REPORT Q2 2020}}, date = {2020-07-29}, institution = {ESET Research}, url = {https://www.welivesecurity.com/wp-content/uploads/2020/07/ESET_Threat_Report_Q22020.pdf}, language = {English}, urldate = {2020-07-30} } THREAT REPORT Q2 2020
DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos PlugX Pony REvil Socelars STOP Tinba TrickBot WannaCryptor
2020-07-22S2W LAB Inc.S2W LAB INTELLIGENCE TEAM
@online{team:20200722:formbook:6297801, author = {S2W LAB INTELLIGENCE TEAM}, title = {{'FormBook Tracker' unveiled on the Dark Web}}, date = {2020-07-22}, organization = {S2W LAB Inc.}, url = {https://drive.google.com/file/d/1oxINyIJfMtv_upJqRK9vLSchIBaU8wiU/view}, language = {English}, urldate = {2020-08-14} } 'FormBook Tracker' unveiled on the Dark Web
Formbook
2020-07-20QuoIntelligence
@online{quointelligence:20200720:golden:4a88a80, author = {QuoIntelligence}, title = {{Golden Chickens: Evolution Oof the MaaS}}, date = {2020-07-20}, url = {https://quointelligence.eu/2020/07/golden-chickens-evolution-of-the-maas/}, language = {English}, urldate = {2020-07-23} } Golden Chickens: Evolution Oof the MaaS
More_eggs TerraLoader TerraStealer VenomLNK
2020-07-10Github (eset)Matías Porolli
@online{porolli:20200710:evilnumindicators:639ec06, author = {Matías Porolli}, title = {{Evilnum — Indicators of Compromise}}, date = {2020-07-10}, organization = {Github (eset)}, url = {https://github.com/eset/malware-ioc/tree/master/evilnum}, language = {English}, urldate = {2020-07-11} } Evilnum — Indicators of Compromise
EVILNUM More_eggs EVILNUM TerraStealer
2020-07-09ESET ResearchMatías Porolli
@online{porolli:20200709:more:24d8b63, author = {Matías Porolli}, title = {{More evil: A deep look at Evilnum and its toolset}}, date = {2020-07-09}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/}, language = {English}, urldate = {2020-07-11} } More evil: A deep look at Evilnum and its toolset
EVILNUM More_eggs EVILNUM TerraPreter TerraStealer TerraTV Evilnum
2020-06-16PTSecurityPT ESC Threat Intelligence
@online{intelligence:20200616:cobalt:2071fd2, author = {PT ESC Threat Intelligence}, title = {{Cobalt: tactics and tools update}}, date = {2020-06-16}, organization = {PTSecurity}, url = {https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/cobalt_upd_ttps/}, language = {English}, urldate = {2020-06-16} } Cobalt: tactics and tools update
CobInt
2020-06-04Chianxin Virus Response Center
@online{center:20200604::a1c780b, author = {Chianxin Virus Response Center}, title = {{脚本系贼寇之风兴起,买卖体系堪比勒索软件}}, date = {2020-06-04}, url = {https://mp.weixin.qq.com/s/REXBtbnI2zXj4H3u6ofMMw}, language = {Chinese}, urldate = {2020-07-16} } 脚本系贼寇之风兴起,买卖体系堪比勒索软件
EVILNUM More_eggs
2020-05-31Malwarebyteshasherezade
@online{hasherezade:20200531:revisiting:cb8df95, author = {hasherezade}, title = {{Revisiting the NSIS-based crypter}}, date = {2020-05-31}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2021/05/revisiting-the-nsis-based-crypter/}, language = {English}, urldate = {2021-06-09} } Revisiting the NSIS-based crypter
Formbook
2020-05-21Intel 471Intel 471
@online{471:20200521:brief:048d164, author = {Intel 471}, title = {{A brief history of TA505}}, date = {2020-05-21}, organization = {Intel 471}, url = {https://blog.intel471.com/2020/05/21/a-brief-history-of-ta505/}, language = {English}, urldate = {2020-05-23} } A brief history of TA505
AndroMut Bart Dridex FlawedAmmyy FlawedGrace Gandcrab Get2 GlobeImposter Jaff Kegotip Locky Necurs Philadephia Ransom Pony QuantLoader Rockloader SDBbot ServHelper Shifu Snatch TrickBot
2020-05-14SophosLabsMarkel Picado
@online{picado:20200514:raticate:6334722, author = {Markel Picado}, title = {{RATicate: an attacker’s waves of information-stealing malware}}, date = {2020-05-14}, organization = {SophosLabs}, url = {https://news.sophos.com/en-us/2020/05/14/raticate/}, language = {English}, urldate = {2020-05-18} } RATicate: an attacker’s waves of information-stealing malware
Agent Tesla BetaBot BlackRemote Formbook Loki Password Stealer (PWS) NetWire RC NjRAT Remcos
2020-04-07SecurityIntelligenceOle Villadsen
@online{villadsen:20200407:itg08:b0b782d, author = {Ole Villadsen}, title = {{ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework}}, date = {2020-04-07}, organization = {SecurityIntelligence}, url = {https://securityintelligence.com/posts/itg08-aka-fin6-partners-with-trickbot-gang-uses-anchor-framework/}, language = {English}, urldate = {2020-04-13} } ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework
More_eggs Anchor TrickBot
2020-04-01CiscoShyam Sundar Ramaswami, Andrea Kaiser
@online{ramaswami:20200401:navigating:965952a, author = {Shyam Sundar Ramaswami and Andrea Kaiser}, title = {{Navigating Cybersecurity During a Pandemic: Latest Malware and Threat Actors}}, date = {2020-04-01}, organization = {Cisco}, url = {https://umbrella.cisco.com/blog/navigating-cybersecurity-during-a-pandemic-latest-malware-and-threat-actors}, language = {English}, urldate = {2020-08-19} } Navigating Cybersecurity During a Pandemic: Latest Malware and Threat Actors
Azorult CloudEyE Formbook KPOT Stealer Metamorfo Nanocore RAT NetWire RC TrickBot
2020-03-24AviraAvira Protection Labs
@online{labs:20200324:new:88d7b1d, author = {Avira Protection Labs}, title = {{A new technique to analyze FormBook malware infections}}, date = {2020-03-24}, organization = {Avira}, url = {https://insights.oem.avira.com/a-new-technique-to-analyze-formbook-malware-infections/}, language = {English}, urldate = {2020-04-01} } A new technique to analyze FormBook malware infections
Formbook
2020-03-04CrowdStrikeCrowdStrike
@techreport{crowdstrike:20200304:2020:818c85f, author = {CrowdStrike}, title = {{2020 CrowdStrike Global Threat Report}}, date = {2020-03-04}, institution = {CrowdStrike}, url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf}, language = {English}, urldate = {2020-07-24} } 2020 CrowdStrike Global Threat Report
MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot vidar Winnti ANTHROPOID SPIDER APT31 APT39 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group Leviathan MONTY SPIDER Mustang Panda NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER Pirate Panda SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER
2020-03-03PWC UKPWC UK
@techreport{uk:20200303:cyber:1f1eef0, author = {PWC UK}, title = {{Cyber Threats 2019:A Year in Retrospect}}, date = {2020-03-03}, institution = {PWC UK}, url = {https://www.pwc.co.uk/cyber-security/assets/cyber-threats-2019-retrospect.pdf}, language = {English}, urldate = {2020-03-03} } Cyber Threats 2019:A Year in Retrospect
KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare Axiom
2020-02-13QianxinQi Anxin Threat Intelligence Center
@techreport{center:20200213:report:146d333, author = {Qi Anxin Threat Intelligence Center}, title = {{APT Report 2019}}, date = {2020-02-13}, institution = {Qianxin}, url = {https://ti.qianxin.com/uploads/2020/02/13/cb78386a082f465f259b37dae5df4884.pdf}, language = {English}, urldate = {2020-02-27} } APT Report 2019
Chrysaor Exodus Dacls elf.vpnfilter DNSRat Griffon KopiLuwak More_eggs SQLRat AppleJeus BONDUPDATER Agent.BTZ Anchor AndroMut AppleJeus BOOSTWRITE Brambul Carbanak Cobalt Strike Dacls DistTrack DNSpionage Dtrack ELECTRICFISH FlawedAmmyy FlawedGrace Get2 Grateful POS HOPLIGHT Imminent Monitor RAT jason Joanap KerrDown KEYMARBLE Lambert LightNeuron LoJax MiniDuke PolyglotDuke PowerRatankba Rising Sun SDBbot ServHelper Snatch Stuxnet TinyMet tRat TrickBot Volgmer X-Agent Zebrocy
2020-01-19360kate
@online{kate:20200119:bayworld:2cc2212, author = {kate}, title = {{BayWorld event, Cyber Attack Against Foreign Trade Industry}}, date = {2020-01-19}, organization = {360}, url = {https://blog.360totalsecurity.com/en/bayworld-event-cyber-attack-against-foreign-trade-industry/}, language = {English}, urldate = {2020-02-03} } BayWorld event, Cyber Attack Against Foreign Trade Industry
Azorult Formbook Nanocore RAT Revenge RAT
2020SecureworksSecureWorks
@online{secureworks:2020:gold:cf5f9e4, author = {SecureWorks}, title = {{GOLD GALLEON}}, date = {2020}, organization = {Secureworks}, url = {https://www.secureworks.com/research/threat-profiles/gold-galleon}, language = {English}, urldate = {2020-05-23} } GOLD GALLEON
Agent Tesla HawkEye Keylogger Pony Predator The Thief
2020SecureworksSecureWorks
@online{secureworks:2020:gold:65f4550, author = {SecureWorks}, title = {{GOLD ESSEX}}, date = {2020}, organization = {Secureworks}, url = {http://www.secureworks.com/research/threat-profiles/gold-essex}, language = {English}, urldate = {2020-05-27} } GOLD ESSEX
Cutwail Pony Pushdo NARWHAL SPIDER
2020SecureworksSecureWorks
@online{secureworks:2020:gold:1892bc8, author = {SecureWorks}, title = {{GOLD KINGSWOOD}}, date = {2020}, organization = {Secureworks}, url = {https://www.secureworks.com/research/threat-profiles/gold-kingswood}, language = {English}, urldate = {2020-05-23} } GOLD KINGSWOOD
More_eggs ATMSpitter Cobalt Strike CobInt MimiKatz
2020SecureworksSecureWorks
@online{secureworks:2020:gold:983570b, author = {SecureWorks}, title = {{GOLD KINGSWOOD}}, date = {2020}, organization = {Secureworks}, url = {http://www.secureworks.com/research/threat-profiles/gold-kingswood}, language = {English}, urldate = {2020-05-23} } GOLD KINGSWOOD
More_eggs ATMSpitter Cobalt Strike CobInt MimiKatz Cobalt
2020SecureworksSecureWorks
@online{secureworks:2020:gold:cbab642, author = {SecureWorks}, title = {{GOLD EVERGREEN}}, date = {2020}, organization = {Secureworks}, url = {https://www.secureworks.com/research/threat-profiles/gold-evergreen}, language = {English}, urldate = {2020-05-23} } GOLD EVERGREEN
CryptoLocker Pony Zeus
2019-12-12FireEyeChi-en Shen, Oleg Bondarenko
@online{shen:20191212:cyber:e01baca, author = {Chi-en Shen and Oleg Bondarenko}, title = {{Cyber Threat Landscape in Japan – Revealing Threat in the Shadow}}, date = {2019-12-12}, organization = {FireEye}, url = {https://www.slideshare.net/codeblue_jp/cb19-cyber-threat-landscape-in-japan-revealing-threat-in-the-shadow-by-chi-en-shen-ashley-oleg-bondarenko}, language = {English}, urldate = {2020-04-16} } Cyber Threat Landscape in Japan – Revealing Threat in the Shadow
Cerberus TSCookie Cobalt Strike Dtrack Emotet Formbook IcedID Icefog IRONHALO Loki Password Stealer (PWS) PandaBanker PLEAD poisonplug TrickBot BlackTech
2019-11-18QuoScientQuoScient
@techreport{quoscient:20191118:intelligence:953ab5b, author = {QuoScient}, title = {{Intelligence Brief New ATMSpitter}}, date = {2019-11-18}, institution = {QuoScient}, url = {https://quoscient.io/reports/QuoINT_INTBRI_New_ATMSpitter.pdf}, language = {English}, urldate = {2020-01-13} } Intelligence Brief New ATMSpitter
ATMSpitter
2019-11-18QuoScientQuoScient
@techreport{quoscient:20191118:quoint:582f7b8, author = {QuoScient}, title = {{QuoINT INTELBRIEF – Actors Exploiting the RCE Vulnerability}}, date = {2019-11-18}, institution = {QuoScient}, url = {https://quoscient.io/reports/QuoINT_INTBRI_ATMSpitter_v2.pdf}, language = {English}, urldate = {2020-01-13} } QuoINT INTELBRIEF – Actors Exploiting the RCE Vulnerability
ATMSpitter
2019-09-26ProofpointBryan Campbell, Jeremy Hedges, Proofpoint Threat Insight Team
@online{campbell:20190926:new:d228362, author = {Bryan Campbell and Jeremy Hedges and Proofpoint Threat Insight Team}, title = {{New WhiteShadow downloader uses Microsoft SQL to retrieve malware}}, date = {2019-09-26}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/new-whiteshadow-downloader-uses-microsoft-sql-retrieve-malware}, language = {English}, urldate = {2020-02-26} } New WhiteShadow downloader uses Microsoft SQL to retrieve malware
WhiteShadow Agent Tesla Azorult Crimson RAT Formbook Nanocore RAT NetWire RC NjRAT Remcos
2019-08-29Security IntelligenceOle Villadsen, Kevin Henson, Melissa Frydrych, Joey Victorino
@online{villadsen:20190829:moreeggs:8ff7351, author = {Ole Villadsen and Kevin Henson and Melissa Frydrych and Joey Victorino}, title = {{More_eggs, Anyone? Threat Actor ITG08 Strikes Again}}, date = {2019-08-29}, organization = {Security Intelligence}, url = {https://securityintelligence.com/posts/more_eggs-anyone-threat-actor-itg08-strikes-again/}, language = {English}, urldate = {2020-01-13} } More_eggs, Anyone? Threat Actor ITG08 Strikes Again
More_eggs FIN6
2019-08-10Check PointOmer Gull
@online{gull:20190810:select:56061b1, author = {Omer Gull}, title = {{SELECT code_execution FROM * USING SQLite;}}, date = {2019-08-10}, organization = {Check Point}, url = {https://research.checkpoint.com/2019/select-code_execution-from-using-sqlite/}, language = {English}, urldate = {2020-02-09} } SELECT code_execution FROM * USING SQLite;
Azorult Loki Password Stealer (PWS) Pony
2019-07-30int 0xcc blogRaashid Bhat
@online{bhat:20190730:practical:d049779, author = {Raashid Bhat}, title = {{Practical Threat Hunting and Incidence Response : A Case of A Pony Malware Infection}}, date = {2019-07-30}, organization = {int 0xcc blog}, url = {https://int0xcc.svbtle.com/practical-threat-hunting-and-incidence-response-a-case-of-a-pony-malware-infection}, language = {English}, urldate = {2020-01-08} } Practical Threat Hunting and Incidence Response : A Case of A Pony Malware Infection
Pony
2019-07-15Cisco TalosEdmund Brumaghin
@online{brumaghin:20190715:sweed:9725699, author = {Edmund Brumaghin}, title = {{SWEED: Exposing years of Agent Tesla campaigns}}, date = {2019-07-15}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2019/07/sweed-agent-tesla.html}, language = {English}, urldate = {2020-01-08} } SWEED: Exposing years of Agent Tesla campaigns
Agent Tesla Formbook Loki Password Stealer (PWS) SWEED
2019-06-12CyberbitHod Gavriel
@online{gavriel:20190612:formbook:8dc2df9, author = {Hod Gavriel}, title = {{Formbook Research Hints Large Data Theft Attack Brewing}}, date = {2019-06-12}, organization = {Cyberbit}, url = {https://www.cyberbit.com/formbook-research-hints-large-data-theft-attack-brewing/}, language = {English}, urldate = {2020-08-21} } Formbook Research Hints Large Data Theft Attack Brewing
Formbook
2019-06-04BitdefenderBitdefender
@techreport{bitdefender:20190604:blueprint:ce0583c, author = {Bitdefender}, title = {{An APT Blueprint: Gaining New Visibility into Financial Threats}}, date = {2019-06-04}, institution = {Bitdefender}, url = {https://www.bitdefender.com/files/News/CaseStudies/study/262/Bitdefender-WhitePaper-An-APT-Blueprint-Gaining-New-Visibility-into-Financial-Threats-interactive.pdf}, language = {English}, urldate = {2019-12-18} } An APT Blueprint: Gaining New Visibility into Financial Threats
More_eggs Cobalt Strike
2019-05-02Usual Suspect REJohann Aydinbas
@online{aydinbas:20190502:formbook:d1ef715, author = {Johann Aydinbas}, title = {{FormBook - Hiding in plain sight}}, date = {2019-05-02}, organization = {Usual Suspect RE}, url = {https://usualsuspect.re/article/formbook-hiding-in-plain-sight}, language = {English}, urldate = {2020-01-13} } FormBook - Hiding in plain sight
Formbook
2019-02-21ProofpointProofpoint Threat Insight Team
@online{team:20190221:fake:e94f77a, author = {Proofpoint Threat Insight Team}, title = {{Fake Jobs: Campaigns Delivering More_eggs Backdoor via Fake Job Offers}}, date = {2019-02-21}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/fake-jobs-campaigns-delivering-moreeggs-backdoor-fake-job-offers}, language = {English}, urldate = {2019-12-20} } Fake Jobs: Campaigns Delivering More_eggs Backdoor via Fake Job Offers
More_eggs
2019-01Virus BulletinGabriela Nicolao
@online{nicolao:201901:inside:a4c68f3, author = {Gabriela Nicolao}, title = {{Inside Formbook infostealer}}, date = {2019-01}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2019/01/vb2018-paper-inside-formbook-infostealer/}, language = {English}, urldate = {2019-12-18} } Inside Formbook infostealer
Formbook
2019MITREMITRE ATT&CK
@online{attck:2019:cobalt:0e0496e, author = {MITRE ATT&CK}, title = {{Group description: Cobalt Group}}, date = {2019}, organization = {MITRE}, url = {https://attack.mitre.org/groups/G0080/}, language = {English}, urldate = {2019-12-20} } Group description: Cobalt Group
Cobalt
2018-12-05BotconfRémi Jullian
@techreport{jullian:20181205:formbook:40cf2ad, author = {Rémi Jullian}, title = {{FORMBOOK In-depth malware analysis}}, date = {2018-12-05}, institution = {Botconf}, url = {https://www.botconf.eu/wp-content/uploads/2018/12/2018-R-Jullian-In-depth-Formbook-Malware-Analysis.pdf}, language = {English}, urldate = {2019-12-17} } FORMBOOK In-depth malware analysis
Formbook
2018-11-01PeerlystSudhendu
@online{sudhendu:20181101:how:582221a, author = {Sudhendu}, title = {{How to Analyse FormBook - A New Malware-as-a-Service}}, date = {2018-11-01}, organization = {Peerlyst}, url = {https://www.peerlyst.com/posts/how-to-analyse-formbook-a-new-malware-as-a-service-sudhendu?trk=explore_page_resources_recent}, language = {English}, urldate = {2019-12-17} } How to Analyse FormBook - A New Malware-as-a-Service
Formbook
2018-10-25Palo Alto Networks Unit 42Unit42
@online{unit42:20181025:new:cfa7a8a, author = {Unit42}, title = {{New Techniques to Uncover and Attribute Cobalt Gang Commodity Builders and Infrastructure Revealed}}, date = {2018-10-25}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/unit42-new-techniques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed/}, language = {English}, urldate = {2020-01-08} } New Techniques to Uncover and Attribute Cobalt Gang Commodity Builders and Infrastructure Revealed
Cobalt
2018-10-17MITRE ATT&CKMITRE
@online{mitre:20181017:software:84822e8, author = {MITRE}, title = {{Software Description: More_eggs}}, date = {2018-10-17}, organization = {MITRE ATT&CK}, url = {https://attack.mitre.org/software/S0284/}, language = {English}, urldate = {2020-01-10} } Software Description: More_eggs
More_eggs
2018-10-16PeerlystSudhendu
@online{sudhendu:20181016:how:8aa1eed, author = {Sudhendu}, title = {{How to understand FormBook - A New Malware-as-a-Service}}, date = {2018-10-16}, organization = {Peerlyst}, url = {https://www.peerlyst.com/posts/how-to-understand-formbook-a-new-malware-as-a-service-sudhendu?}, language = {English}, urldate = {2020-01-09} } How to understand FormBook - A New Malware-as-a-Service
Formbook
2018-10-08MorphisecMichael Gorelik
@online{gorelik:20181008:cobalt:dece0e0, author = {Michael Gorelik}, title = {{Cobalt Group 2.0}}, date = {2018-10-08}, organization = {Morphisec}, url = {https://blog.morphisec.com/cobalt-gang-2.0}, language = {English}, urldate = {2020-01-05} } Cobalt Group 2.0
More_eggs
2018-09-28CrowdStrikeAdam Meyers
@online{meyers:20180928:meet:3f0bdcc, author = {Adam Meyers}, title = {{Meet CrowdStrike’s Adversary of the Month for September: COBALT SPIDER}}, date = {2018-09-28}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-september-cobalt-spider/}, language = {English}, urldate = {2019-12-20} } Meet CrowdStrike’s Adversary of the Month for September: COBALT SPIDER
Cobalt
2018-09-27SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20180927:cybercriminals:a7f1c24, author = {Counter Threat Unit ResearchTeam}, title = {{Cybercriminals Increasingly Trying to Ensnare the Big Financial Fish}}, date = {2018-09-27}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/cybercriminals-increasingly-trying-to-ensnare-the-big-financial-fish}, language = {English}, urldate = {2020-01-08} } Cybercriminals Increasingly Trying to Ensnare the Big Financial Fish
More_eggs Cobalt
2018-09-11ProofpointProofpoint Staff
@online{staff:20180911:new:14fda4a, author = {Proofpoint Staff}, title = {{New modular downloaders fingerprint systems - Part 3: CobInt}}, date = {2018-09-11}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/new-modular-downloaders-fingerprint-systems-part-3-cobint}, language = {English}, urldate = {2019-12-20} } New modular downloaders fingerprint systems - Part 3: CobInt
CobInt
2018-08-30NetScoutASERT Team
@online{team:20180830:double:8129db5, author = {ASERT Team}, title = {{Double the Infection, Double the Fun}}, date = {2018-08-30}, organization = {NetScout}, url = {https://www.netscout.com/blog/asert/double-infection-double-fun}, language = {English}, urldate = {2020-01-05} } Double the Infection, Double the Fun
CobInt
2018-08-30NetScoutASERT Team
@online{team:20180830:double:e5d9e22, author = {ASERT Team}, title = {{Double the Infection, Double the Fun}}, date = {2018-08-30}, organization = {NetScout}, url = {https://asert.arbornetworks.com/double-the-infection-double-the-fun/}, language = {English}, urldate = {2020-01-08} } Double the Infection, Double the Fun
More_eggs CobInt
2018-08-30Bleeping ComputerIonut Ilascu
@online{ilascu:20180830:cobalt:a5490e1, author = {Ionut Ilascu}, title = {{Cobalt Hacking Group Tests Banks In Russia and Romania}}, date = {2018-08-30}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/cobalt-hacking-group-tests-banks-in-russia-and-romania/}, language = {English}, urldate = {2019-12-20} } Cobalt Hacking Group Tests Banks In Russia and Romania
Cobalt
2018-08-02ComputerWeeklyWarwick Ashford
@online{ashford:20180802:three:1fa3b70, author = {Warwick Ashford}, title = {{Three Carbanak cyber heist gang members arrested}}, date = {2018-08-02}, organization = {ComputerWeekly}, url = {https://www.computerweekly.com/news/252446153/Three-Carbanak-cyber-heist-gang-members-arrested}, language = {English}, urldate = {2020-01-10} } Three Carbanak cyber heist gang members arrested
Cobalt FIN7
2018-07-31Cisco TalosVanja Svajcer
@online{svajcer:20180731:multiple:15a3457, author = {Vanja Svajcer}, title = {{Multiple Cobalt Personality Disorder}}, date = {2018-07-31}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2018/07/multiple-cobalt-personality-disorder.html}, language = {English}, urldate = {2019-12-15} } Multiple Cobalt Personality Disorder
More_eggs
2018-06-22InQuestAswanda
@online{aswanda:20180622:formbook:ce3c98b, author = {Aswanda}, title = {{FormBook stealer: Data theft made easy}}, date = {2018-06-22}, organization = {InQuest}, url = {http://blog.inquest.net/blog/2018/06/22/a-look-at-formbook-stealer/}, language = {English}, urldate = {2020-01-09} } FormBook stealer: Data theft made easy
Formbook
2018-06-20Cisco TalosWarren Mercer, Paul Rascagnères
@online{mercer:20180620:my:9c08115, author = {Warren Mercer and Paul Rascagnères}, title = {{My Little FormBook}}, date = {2018-06-20}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2018/06/my-little-formbook.html}, language = {English}, urldate = {2020-01-06} } My Little FormBook
Formbook
2018-05-29Group-IBRustam Mirkasymov
@online{mirkasymov:20180529:cobalt:b344169, author = {Rustam Mirkasymov}, title = {{Cobalt Renaissance: new attacks and joint operations}}, date = {2018-05-29}, organization = {Group-IB}, url = {https://www.group-ib.com/blog/renaissance}, language = {English}, urldate = {2019-10-22} } Cobalt Renaissance: new attacks and joint operations
CobInt
2018-04-18SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20180418:gold:c342756, author = {Counter Threat Unit ResearchTeam}, title = {{GOLD GALLEON: How a Nigerian Cyber Crew Plunders the Shipping Industry}}, date = {2018-04-18}, organization = {Secureworks}, url = {https://www.secureworks.com/research/gold-galleon-how-a-nigerian-cyber-crew-plunders-the-shipping-industry}, language = {English}, urldate = {2021-06-01} } GOLD GALLEON: How a Nigerian Cyber Crew Plunders the Shipping Industry
Agent Tesla HawkEye Keylogger Pony GOLD GALLEON
2018-03-29StormshieldRémi Jullian
@online{jullian:20180329:indepth:badef63, author = {Rémi Jullian}, title = {{In-depth Formbook malware analysis – Obfuscation and process injection}}, date = {2018-03-29}, organization = {Stormshield}, url = {https://thisissecurity.stormshield.com/2018/03/29/in-depth-formbook-malware-analysis-obfuscation-and-process-injection/}, language = {English}, urldate = {2020-01-10} } In-depth Formbook malware analysis – Obfuscation and process injection
Formbook
2018-03-02ReaqtaReaqta
@online{reaqta:20180302:spearphishing:3d933a4, author = {Reaqta}, title = {{Spear-phishing campaign leveraging on MSXSL}}, date = {2018-03-02}, organization = {Reaqta}, url = {https://reaqta.com/2018/03/spear-phishing-campaign-leveraging-msxsl/}, language = {English}, urldate = {2020-01-08} } Spear-phishing campaign leveraging on MSXSL
More_eggs
2018-01-29Vitali Kremez BlogVitali Kremez
@online{kremez:20180129:lets:450880d, author = {Vitali Kremez}, title = {{Let's Learn: Dissecting FormBook Infostealer Malware: Crypter & "RunLib.dll"}}, date = {2018-01-29}, organization = {Vitali Kremez Blog}, url = {http://www.vkremez.com/2018/01/lets-learn-dissecting-formbook.html}, language = {English}, urldate = {2020-01-10} } Let's Learn: Dissecting FormBook Infostealer Malware: Crypter & "RunLib.dll"
Formbook
2018-01-16RiskIQYonathan Klijnsma
@online{klijnsma:20180116:first:9184887, author = {Yonathan Klijnsma}, title = {{First Activities of Cobalt Group in 2018: Spear Phishing Russian Banks}}, date = {2018-01-16}, organization = {RiskIQ}, url = {https://www.riskiq.com/blog/labs/cobalt-group-spear-phishing-russian-banks/}, language = {English}, urldate = {2019-11-26} } First Activities of Cobalt Group in 2018: Spear Phishing Russian Banks
Cobalt
2017-11-28RiskIQYonathan Klijnsma
@online{klijnsma:20171128:gaffe:7c5097a, author = {Yonathan Klijnsma}, title = {{Gaffe Reveals Full List of Targets in Spear Phishing Attack Using Cobalt Strike Against Financial Institutions}}, date = {2017-11-28}, organization = {RiskIQ}, url = {https://www.riskiq.com/blog/labs/cobalt-strike/}, language = {English}, urldate = {2020-01-13} } Gaffe Reveals Full List of Targets in Spear Phishing Attack Using Cobalt Strike Against Financial Institutions
Cobalt
2017-11-20Trend MicroRonnie Giagone, Lenart Bermejo, Fyodor Yarochkin
@online{giagone:20171120:cobalt:fb5c2ed, author = {Ronnie Giagone and Lenart Bermejo and Fyodor Yarochkin}, title = {{Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks}}, date = {2017-11-20}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/cobalt-spam-runs-use-macros-cve-2017-8759-exploit/}, language = {English}, urldate = {2019-10-29} } Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks
More_eggs Cobalt
2017-10-05FireEyeNart Villeneuve, Randi Eitzman, Sandor Nemes, Tyler Dean
@online{villeneuve:20171005:significant:0b91e49, author = {Nart Villeneuve and Randi Eitzman and Sandor Nemes and Tyler Dean}, title = {{Significant FormBook Distribution Campaigns Impacting the U.S. and South Korea}}, date = {2017-10-05}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2017/10/formbook-malware-distribution-campaigns.html}, language = {English}, urldate = {2019-12-20} } Significant FormBook Distribution Campaigns Impacting the U.S. and South Korea
Formbook
2017-09-20NetScoutDennis Schwarz
@online{schwarz:20170920:formidable:654d8e3, author = {Dennis Schwarz}, title = {{The Formidable FormBook Form Grabber}}, date = {2017-09-20}, organization = {NetScout}, url = {https://www.arbornetworks.com/blog/asert/formidable-formbook-form-grabber/}, language = {English}, urldate = {2019-07-09} } The Formidable FormBook Form Grabber
Formbook
2017-08-15Group-IBVesta Matveeva
@online{matveeva:20170815:secrets:c15cac1, author = {Vesta Matveeva}, title = {{Secrets of Cobalt}}, date = {2017-08-15}, organization = {Group-IB}, url = {https://www.group-ib.com/blog/cobalt}, language = {English}, urldate = {2019-12-15} } Secrets of Cobalt
Cobalt
2017-08-07Trend MicroLenart Bermejo, Ronnie Giagone, Rubio Wu, Fyodor Yarochkin
@online{bermejo:20170807:backdoorcarrying:317ebe3, author = {Lenart Bermejo and Ronnie Giagone and Rubio Wu and Fyodor Yarochkin}, title = {{Backdoor-carrying Emails Set Sights on Russian-speaking Businesses}}, date = {2017-08-07}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/backdoor-carrying-emails-set-sights-on-russian-speaking-businesses/}, language = {English}, urldate = {2020-01-09} } Backdoor-carrying Emails Set Sights on Russian-speaking Businesses
More_eggs
2017-06-01ProofpointMatthew Mesa, Axel F, Pierre T, Travis Green
@online{mesa:20170601:microsoft:77dd3ab, author = {Matthew Mesa and Axel F and Pierre T and Travis Green}, title = {{Microsoft Word Intruder Integrates CVE-2017-0199, Utilized by Cobalt Group to Target Financial Institutions}}, date = {2017-06-01}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/microsoft-word-intruder-integrates-cve-2017-0199-utilized-cobalt-group-target}, language = {English}, urldate = {2019-12-20} } Microsoft Word Intruder Integrates CVE-2017-0199, Utilized by Cobalt Group to Target Financial Institutions
Cobalt
2017-06McAfeeMcAfee
@techreport{mcafee:201706:mcafee:9fb6783, author = {McAfee}, title = {{McAfee Labs Threats Report}}, date = {2017-06}, institution = {McAfee}, url = {https://www.mcafee.com/us/resources/reports/rp-quarterly-threats-jun-2017.pdf}, language = {English}, urldate = {2020-01-06} } McAfee Labs Threats Report
Pony
2017-01-05ReutersJim Finkle, J.R. Wu
@online{finkle:20170105:taiwan:1c7585c, author = {Jim Finkle and J.R. Wu}, title = {{Taiwan ATM heist linked to European hacking spree: security firm}}, date = {2017-01-05}, organization = {Reuters}, url = {https://www.reuters.com/article/us-taiwan-cyber-atms/taiwan-atm-heist-linked-to-european-hacking-spree-security-firm-idUSKBN14P0CX}, language = {English}, urldate = {2020-01-07} } Taiwan ATM heist linked to European hacking spree: security firm
Cobalt
2017Positive TechnologiesPositive Technologies
@techreport{technologies:2017:cobalt:ca8c7aa, author = {Positive Technologies}, title = {{COBALT STRIKES BACK: AN EVOLVING MULTINATIONAL THREAT TO FINANCE}}, date = {2017}, institution = {Positive Technologies}, url = {https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Cobalt-2017-eng.pdf}, language = {English}, urldate = {2019-12-17} } COBALT STRIKES BACK: AN EVOLVING MULTINATIONAL THREAT TO FINANCE
Cobalt
2016-11-22Help Net SecurityZeljka Zorz
@online{zorz:20161122:cobalt:391286f, author = {Zeljka Zorz}, title = {{Cobalt hackers executed massive, synchronized ATM heists across Europe, Russia}}, date = {2016-11-22}, organization = {Help Net Security}, url = {https://www.helpnetsecurity.com/2016/11/22/cobalt-hackers-synchronized-atm-heists/}, language = {English}, urldate = {2020-01-10} } Cobalt hackers executed massive, synchronized ATM heists across Europe, Russia
Cobalt
2016-08UperesiaFelix Weyne
@online{weyne:201608:analysis:10758de, author = {Felix Weyne}, title = {{Analysis of a packed Pony downloader}}, date = {2016-08}, organization = {Uperesia}, url = {https://www.uperesia.com/analysis-of-a-packed-pony-downloader}, language = {English}, urldate = {2020-01-06} } Analysis of a packed Pony downloader
Pony
2016-06clearskysecClearSky Cybersecurity
@online{cybersecurity:201606:operation:eb6c3d9, author = {ClearSky Cybersecurity}, title = {{Operation DustySky Part 2}}, date = {2016-06}, organization = {clearskysec}, url = {https://www.europol.europa.eu/newsroom/news/mastermind-behind-eur-1-billion-cyber-bank-robbery-arrested-in-spain}, language = {English}, urldate = {2019-12-24} } Operation DustySky Part 2
Cobalt FIN7
2016-06Safety First BlogSL4ID3R
@online{sl4id3r:201606:form:53a7823, author = {SL4ID3R}, title = {{Form Grabber 2016 [Crome,FF,Opera,Thunderbird, Outlook IE Safari] Hack the world}}, date = {2016-06}, organization = {Safety First Blog}, url = {http://cambuz.blogspot.de/2016/06/form-grabber-2016-cromeffoperathunderbi.html}, language = {English}, urldate = {2019-11-26} } Form Grabber 2016 [Crome,FF,Opera,Thunderbird, Outlook IE Safari] Hack the world
Formbook
2015-02-25Github (nyx0)nyx0
@online{nyx0:20150225:pony:17f5bd3, author = {nyx0}, title = {{Pony Sourcecode}}, date = {2015-02-25}, organization = {Github (nyx0)}, url = {https://github.com/nyx0/Pony}, language = {English}, urldate = {2020-01-09} } Pony Sourcecode
Pony

Credits: MISP Project