aka: C-Major, Transparent Tribe, Mythic Leopard, ProjectM, APT36, APT 36, TMP.Lapis, Green Havildar, COPPER FIELDSTONE
Group targeting Indian Army or related assets in India, as well as activists and civil society in Pakistan. Attribution to a Pakistani connection has been made by TrendMicro and others.
2023-11-22 ⋅ Twitter (@embee_research) ⋅ Embee_research @online{embeeresearch:20231122:practical:1847814,
author = {Embee_research},
title = {{Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples)}},
date = {2023-11-22},
organization = {Twitter (@embee_research)},
url = {https://embee-research.ghost.io/practical-queries-for-malware-infrastructure-part-3/},
language = {English},
urldate = {2023-11-22}
}
Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples) BianLian Xtreme RAT NjRAT QakBot RedLine Stealer Remcos |
2023-11-21 ⋅ Medium infoSec Write-ups ⋅ JustAnother-Engineer @online{justanotherengineer:20231121:unmasking:68727c8,
author = {JustAnother-Engineer},
title = {{Unmasking NJRat: A Deep Dive into a Notorious Remote Access Trojan Part1}},
date = {2023-11-21},
organization = {Medium infoSec Write-ups},
url = {https://infosecwriteups.com/part1-static-code-analysis-of-the-rat-njrat-2f273408df43},
language = {English},
urldate = {2023-11-22}
}
Unmasking NJRat: A Deep Dive into a Notorious Remote Access Trojan Part1 NjRAT |
2023-10-12 ⋅ Cluster25 ⋅ Cluster25 Threat Intel Team @online{team:20231012:cve202338831:6b50b62,
author = {Cluster25 Threat Intel Team},
title = {{CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations}},
date = {2023-10-12},
organization = {Cluster25},
url = {https://blog.cluster25.duskrise.com/2023/10/12/cve-2023-38831-russian-attack},
language = {English},
urldate = {2023-10-13}
}
CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations Agent Tesla Crimson RAT Nanocore RAT SmokeLoader |
2023-10-12 ⋅ Spamhaus ⋅ Spamhaus Malware Labs @techreport{labs:20231012:spamhaus:cc0ff5c,
author = {Spamhaus Malware Labs},
title = {{Spamhaus Botnet Threat Update Q3 2023}},
date = {2023-10-12},
institution = {Spamhaus},
url = {https://info.spamhaus.com/hubfs/Botnet%20Reports/2023%20Q3%20Botnet%20Threat%20Update.pdf},
language = {English},
urldate = {2023-10-17}
}
Spamhaus Botnet Threat Update Q3 2023 FluBot AsyncRAT Ave Maria Cobalt Strike DCRat Havoc IcedID ISFB Nanocore RAT NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Stealc Tofsee Vidar |
2023-09-18 ⋅ SentinelOne ⋅ Alex Delamotte @online{delamotte:20230918:capratube:77604c8,
author = {Alex Delamotte},
title = {{CapraTube | Transparent Tribe’s CapraRAT Mimics YouTube to Hijack Android Phones}},
date = {2023-09-18},
organization = {SentinelOne},
url = {https://www.sentinelone.com/labs/capratube-transparent-tribes-caprarat-mimics-youtube-to-hijack-android-phones/},
language = {English},
urldate = {2023-09-20}
}
CapraTube | Transparent Tribe’s CapraRAT Mimics YouTube to Hijack Android Phones CapraRAT |
2023-09-12 ⋅ Zscaler ⋅ Sudeep Singh @online{singh:20230912:peek:6769a87,
author = {Sudeep Singh},
title = {{A peek into APT36’s updated arsenal}},
date = {2023-09-12},
organization = {Zscaler},
url = {https://www.zscaler.com/blogs/security-research/peek-apt36-s-updated-arsenal},
language = {English},
urldate = {2023-09-18}
}
A peek into APT36’s updated arsenal ElizaRAT |
2023-07-11 ⋅ Spamhaus ⋅ Spamhaus Malware Labs @techreport{labs:20230711:spamhaus:4e2885e,
author = {Spamhaus Malware Labs},
title = {{Spamhaus Botnet Threat Update Q2 2023}},
date = {2023-07-11},
institution = {Spamhaus},
url = {https://info.spamhaus.com/hubfs/Botnet%20Reports/2023%20Q2%20Botnet%20Threat%20Update.pdf},
language = {English},
urldate = {2023-07-22}
}
Spamhaus Botnet Threat Update Q2 2023 Hydra AsyncRAT Aurora Stealer Ave Maria BumbleBee Cobalt Strike DCRat Havoc IcedID ISFB NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee |
2023-05-02 ⋅ Seqrite ⋅ Sathwik Ram Prakki @online{prakki:20230502:transparent:4cb2266,
author = {Sathwik Ram Prakki},
title = {{Transparent Tribe APT actively lures Indian Army amidst increased targeting of Educational Institutions}},
date = {2023-05-02},
organization = {Seqrite},
url = {https://www.seqrite.com/blog/transparent-tribe-apt-actively-lures-indian-army-amidst-increased-targeting-of-educational-institutions},
language = {English},
urldate = {2023-06-09}
}
Transparent Tribe APT actively lures Indian Army amidst increased targeting of Educational Institutions Crimson RAT |
2023-04-24 ⋅ Kaspersky Labs ⋅ Pierre Delcher, Ivan Kwiatkowski @online{delcher:20230424:tomiris:2d65352,
author = {Pierre Delcher and Ivan Kwiatkowski},
title = {{Tomiris called, they want their Turla malware back}},
date = {2023-04-24},
organization = {Kaspersky Labs},
url = {https://securelist.com/tomiris-called-they-want-their-turla-malware-back/109552/},
language = {English},
urldate = {2023-04-26}
}
Tomiris called, they want their Turla malware back KopiLuwak Andromeda Ave Maria GoldMax JLORAT Kazuar Meterpreter QUIETCANARY RATel Roopy Telemiris tomiris Topinambour |
2023-04-12 ⋅ Spamhaus ⋅ Spamhaus Malware Labs @techreport{labs:20230412:spamhaus:aa309d1,
author = {Spamhaus Malware Labs},
title = {{Spamhaus Botnet Threat Update Q1 2023}},
date = {2023-04-12},
institution = {Spamhaus},
url = {https://info.spamhaus.com/hubfs/Botnet%20Reports/2023%20Q1%20Botnet%20Threat%20Update.pdf},
language = {English},
urldate = {2023-04-18}
}
Spamhaus Botnet Threat Update Q1 2023 FluBot Amadey AsyncRAT Aurora Ave Maria BumbleBee Cobalt Strike DCRat Emotet IcedID ISFB NjRAT QakBot RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee Vidar |
2023-04-10 ⋅ Check Point ⋅ Check Point @online{point:20230410:march:144c1ad,
author = {Check Point},
title = {{March 2023’s Most Wanted Malware: New Emotet Campaign Bypasses Microsoft Blocks to Distribute Malicious OneNote Files}},
date = {2023-04-10},
organization = {Check Point},
url = {https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/},
language = {English},
urldate = {2023-04-12}
}
March 2023’s Most Wanted Malware: New Emotet Campaign Bypasses Microsoft Blocks to Distribute Malicious OneNote Files Agent Tesla CloudEyE Emotet Formbook Nanocore RAT NjRAT QakBot Remcos Tofsee |
2023-03-07 ⋅ ESET Research ⋅ Lukáš Štefanko @online{tefanko:20230307:love:51d570c,
author = {Lukáš Štefanko},
title = {{Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials}},
date = {2023-03-07},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2023/03/07/love-scam-espionage-transparent-tribe-lures-indian-pakistani-officials/},
language = {English},
urldate = {2023-03-13}
}
Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials CapraRAT |
2023-02-23 ⋅ Bitdefender ⋅ Martin Zugec, Bitdefender Team @online{zugec:20230223:technical:710242c,
author = {Martin Zugec and Bitdefender Team},
title = {{Technical Advisory: Various Threat Actors Targeting ManageEngine Exploit CVE-2022-47966}},
date = {2023-02-23},
organization = {Bitdefender},
url = {https://businessinsights.bitdefender.com/tech-advisory-manageengine-cve-2022-47966},
language = {English},
urldate = {2023-08-25}
}
Technical Advisory: Various Threat Actors Targeting ManageEngine Exploit CVE-2022-47966 Cobalt Strike DarkComet QuiteRAT RATel |
2023-01-24 ⋅ Trellix ⋅ Daksh Kapur, Tomer Shloman, Robert Venal, John Fokker @online{kapur:20230124:cyberattacks:0a05372,
author = {Daksh Kapur and Tomer Shloman and Robert Venal and John Fokker},
title = {{Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity}},
date = {2023-01-24},
organization = {Trellix},
url = {https://www.trellix.com/en-us/about/newsroom/stories/research/cyberattacks-targeting-ukraine-increase.html},
language = {English},
urldate = {2023-01-25}
}
Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity Andromeda Formbook Houdini Remcos |
2023-01-17 ⋅ Trend Micro ⋅ Peter Girnus, Aliakbar Zahravi @online{girnus:20230117:earth:f1cba60,
author = {Peter Girnus and Aliakbar Zahravi},
title = {{Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures}},
date = {2023-01-17},
organization = {Trend Micro},
url = {https://www.trendmicro.com/en_us/research/23/a/earth-bogle-campaigns-target-middle-east-with-geopolitical-lures.html},
language = {English},
urldate = {2023-01-19}
}
Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures NjRAT |
2023-01-05 ⋅ Mandiant ⋅ Sarah Hawley, Gabby Roncone, Tyler McLellan, Eduardo Mattos, John Wolfram @online{hawley:20230105:turla:f1d8f9b,
author = {Sarah Hawley and Gabby Roncone and Tyler McLellan and Eduardo Mattos and John Wolfram},
title = {{Turla: A Galaxy of Opportunity}},
date = {2023-01-05},
organization = {Mandiant},
url = {https://www.mandiant.com/resources/blog/turla-galaxy-opportunity},
language = {English},
urldate = {2023-01-05}
}
Turla: A Galaxy of Opportunity KopiLuwak Andromeda QUIETCANARY |
2022-12-24 ⋅ di.sclosu.re ⋅ di.sclosu.re @online{disclosure:20221224:njrat:0b45969,
author = {di.sclosu.re},
title = {{njRAT malware spreading through Discord CDN and Facebook Ads}},
date = {2022-12-24},
organization = {di.sclosu.re},
url = {https://di.sclosu.re/en/njrat-malware-spreading-through-discord-cdn-and-facebook-ads/},
language = {English},
urldate = {2023-01-10}
}
njRAT malware spreading through Discord CDN and Facebook Ads NjRAT |
2022-11-03 ⋅ Zscaler ⋅ Sudeep Singh @online{singh:20221103:apt36:33403b8,
author = {Sudeep Singh},
title = {{APT-36 Uses New TTPs and New Tools to Target Indian Governmental Organizations}},
date = {2022-11-03},
organization = {Zscaler},
url = {https://www.zscaler.com/blogs/security-research/apt-36-uses-new-ttps-and-new-tools-target-indian-governmental-organizations},
language = {English},
urldate = {2022-11-12}
}
APT-36 Uses New TTPs and New Tools to Target Indian Governmental Organizations LimePad |
2022-10-13 ⋅ Spamhaus ⋅ Spamhaus Malware Labs @techreport{labs:20221013:spamhaus:43e3190,
author = {Spamhaus Malware Labs},
title = {{Spamhaus Botnet Threat Update Q3 2022}},
date = {2022-10-13},
institution = {Spamhaus},
url = {https://info.spamhaus.com/hubfs/Botnet%20Reports/2022%20Q3%20Botnet%20Threat%20Update.pdf},
language = {English},
urldate = {2022-12-29}
}
Spamhaus Botnet Threat Update Q3 2022 FluBot Arkei Stealer AsyncRAT Ave Maria BumbleBee Cobalt Strike DCRat Dridex Emotet Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT QakBot RecordBreaker RedLine Stealer Remcos Socelars Tofsee Vjw0rm |
2022-08-18 ⋅ Proofpoint ⋅ Joe Wise, Selena Larson, Proofpoint Threat Research Team @online{wise:20220818:reservations:c2f9faf,
author = {Joe Wise and Selena Larson and Proofpoint Threat Research Team},
title = {{Reservations Requested: TA558 Targets Hospitality and Travel}},
date = {2022-08-18},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/blog/threat-insight/reservations-requested-ta558-targets-hospitality-and-travel},
language = {English},
urldate = {2022-08-18}
}
Reservations Requested: TA558 Targets Hospitality and Travel AsyncRAT Loda NjRAT Ozone RAT Revenge RAT Vjw0rm |
2022-08-17 ⋅ 360 ⋅ 360 Threat Intelligence Center @online{center:20220817:kasablanka:2a28570,
author = {360 Threat Intelligence Center},
title = {{Kasablanka organizes attacks against political groups and non-profit organizations in the Middle East}},
date = {2022-08-17},
organization = {360},
url = {https://mp.weixin.qq.com/s/mstwBMkS0G3Et4GOji2mwA},
language = {Chinese},
urldate = {2022-08-19}
}
Kasablanka organizes attacks against political groups and non-profit organizations in the Middle East SpyNote Loda Nanocore RAT NjRAT |
2022-07-13 ⋅ Cisco ⋅ Nick Biasini @online{biasini:20220713:transparent:b83f9dd,
author = {Nick Biasini},
title = {{Transparent Tribe begins targeting education sector in latest campaign}},
date = {2022-07-13},
organization = {Cisco},
url = {https://blog.talosintelligence.com/2022/07/transparent-tribe-targets-education.html},
language = {English},
urldate = {2022-07-15}
}
Transparent Tribe begins targeting education sector in latest campaign Crimson RAT Oblique RAT |
2022-06-21 ⋅ Cisco Talos ⋅ Flavio Costa, Chris Neal, Guilherme Venere @online{costa:20220621:avos:b60a2ad,
author = {Flavio Costa and Chris Neal and Guilherme Venere},
title = {{Avos ransomware group expands with new attack arsenal}},
date = {2022-06-21},
organization = {Cisco Talos},
url = {https://blog.talosintelligence.com/2022/06/avoslocker-new-arsenal.html},
language = {English},
urldate = {2022-06-22}
}
Avos ransomware group expands with new attack arsenal AvosLocker Cobalt Strike DarkComet MimiKatz |
2022-05-12 ⋅ Morphisec ⋅ Hido Cohen @online{cohen:20220512:new:6e12278,
author = {Hido Cohen},
title = {{New SYK Crypter Distributed Via Discord}},
date = {2022-05-12},
organization = {Morphisec},
url = {https://blog.morphisec.com/syk-crypter-discord},
language = {English},
urldate = {2022-06-09}
}
New SYK Crypter Distributed Via Discord AsyncRAT Ave Maria Nanocore RAT NjRAT Quasar RAT RedLine Stealer |
2022-05-11 ⋅ K7 Security ⋅ Saikumaravel @online{saikumaravel:20220511:transparent:16cdf62,
author = {Saikumaravel},
title = {{Transparent Tribe Targets Educational Institution}},
date = {2022-05-11},
organization = {K7 Security},
url = {https://labs.k7computing.com/index.php/transparent-tribe-targets-educational-institution/},
language = {English},
urldate = {2022-05-17}
}
Transparent Tribe Targets Educational Institution Crimson RAT |
2022-05-09 ⋅ Blackberry ⋅ The BlackBerry Research & Intelligence Team @online{team:20220509:dirty:76f87f1,
author = {The BlackBerry Research & Intelligence Team},
title = {{Dirty Deeds Done Dirt Cheap: Russian RAT Offers Backdoor Bargains}},
date = {2022-05-09},
organization = {Blackberry},
url = {https://blogs.blackberry.com/en/2022/05/dirty-deeds-done-dirt-cheap-russian-rat-offers-backdoor-bargains},
language = {English},
urldate = {2022-05-17}
}
Dirty Deeds Done Dirt Cheap: Russian RAT Offers Backdoor Bargains DCRat NjRAT |
2022-04-27 ⋅ ANSSI ⋅ ANSSI @techreport{anssi:20220427:le:5d47343,
author = {ANSSI},
title = {{LE GROUPE CYBERCRIMINEL FIN7}},
date = {2022-04-27},
institution = {ANSSI},
url = {https://cert.ssi.gouv.fr/uploads/20220427_NP_TLPWHITE_ANSSI_FIN7.pdf},
language = {French},
urldate = {2022-05-05}
}
LE GROUPE CYBERCRIMINEL FIN7 Bateleur BELLHOP Griffon SQLRat POWERSOURCE Andromeda BABYMETAL BlackCat BlackMatter BOOSTWRITE Carbanak Cobalt Strike DNSMessenger Dridex DRIFTPIN Gameover P2P MimiKatz Murofet Qadars Ranbyus SocksBot |
2022-04-26 ⋅ Trend Micro ⋅ Ryan Flores, Stephen Hilt, Lord Alfred Remorin @online{flores:20220426:how:28d9476,
author = {Ryan Flores and Stephen Hilt and Lord Alfred Remorin},
title = {{How Cybercriminals Abuse Cloud Tunneling Services}},
date = {2022-04-26},
organization = {Trend Micro},
url = {https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/how-cybercriminals-abuse-cloud-tunneling-services},
language = {English},
urldate = {2022-05-03}
}
How Cybercriminals Abuse Cloud Tunneling Services AsyncRAT Cobalt Strike DarkComet Meterpreter Nanocore RAT |
2022-03-29 ⋅ Cisco Talos ⋅ Asheer Malhotra, Justin Thattil, Kendall McKay @online{malhotra:20220329:transparent:dcf66a7,
author = {Asheer Malhotra and Justin Thattil and Kendall McKay},
title = {{Transparent Tribe campaign uses new bespoke malware to target Indian government officials}},
date = {2022-03-29},
organization = {Cisco Talos},
url = {https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html?m=1},
language = {English},
urldate = {2022-03-30}
}
Transparent Tribe campaign uses new bespoke malware to target Indian government officials Crimson RAT |
2022-03-29 ⋅ Bleeping Computer ⋅ Bill Toulas @online{toulas:20220329:hackers:06380e1,
author = {Bill Toulas},
title = {{Hackers use modified MFA tool against Indian govt employees}},
date = {2022-03-29},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/hackers-use-modified-mfa-tool-against-indian-govt-employees/},
language = {English},
urldate = {2022-03-30}
}
Hackers use modified MFA tool against Indian govt employees Crimson RAT Oblique RAT |
2022-03-23 ⋅ EcuCert ⋅ EcuCert @techreport{ecucert:20220323:aptc36:7f5e46b,
author = {EcuCert},
title = {{APT-C-36 Advanced Persistent Threat Campaign Could be present in Ecuador}},
date = {2022-03-23},
institution = {EcuCert},
url = {https://www.ecucert.gob.ec/wp-content/uploads/2022/03/alerta-APTs-2022-03-23.pdf},
language = {Spanish},
urldate = {2023-12-04}
}
APT-C-36 Advanced Persistent Threat Campaign Could be present in Ecuador NjRAT |
2022-03-10 ⋅ Twitter (@Katechondic) ⋅ Katechondic @online{katechondic:20220310:additional:5dd63e9,
author = {Katechondic},
title = {{Tweet on additional computer names "desktop-g1i8n3f" & "desktop-j6llo2k", seen with Crimson RAT C2 infrastructure used by APT36}},
date = {2022-03-10},
organization = {Twitter (@Katechondic)},
url = {https://twitter.com/katechondic/status/1502206599166939137},
language = {English},
urldate = {2022-03-14}
}
Tweet on additional computer names "desktop-g1i8n3f" & "desktop-j6llo2k", seen with Crimson RAT C2 infrastructure used by APT36 Crimson RAT |
2022-03-10 ⋅ Twitter (@teamcymru_S2) ⋅ Team Cymru @online{cymru:20220310:crimson:a646aac,
author = {Team Cymru},
title = {{Tweet on Crimson RAT infrastructure used by APT36}},
date = {2022-03-10},
organization = {Twitter (@teamcymru_S2)},
url = {https://twitter.com/teamcymru_S2/status/1501955802025836546},
language = {English},
urldate = {2022-03-14}
}
Tweet on Crimson RAT infrastructure used by APT36 Crimson RAT |
2022-03-09 ⋅ Lab52 ⋅ Lab52 @online{lab52:20220309:very:b667537,
author = {Lab52},
title = {{Very very lazy Lazyscripter’s scripts: double compromise in a single obfuscation}},
date = {2022-03-09},
organization = {Lab52},
url = {https://lab52.io/blog/very-very-lazy-lazyscripters-scripts-double-compromise-in-a-single-obfuscation/},
language = {English},
urldate = {2022-03-10}
}
Very very lazy Lazyscripter’s scripts: double compromise in a single obfuscation NjRAT |
2022-02-11 ⋅ Cisco Talos ⋅ Talos @online{talos:20220211:threat:fcad762,
author = {Talos},
title = {{Threat Roundup for February 4 to February 11}},
date = {2022-02-11},
organization = {Cisco Talos},
url = {https://blog.talosintelligence.com/2022/02/threat-roundup-0204-0211.html},
language = {English},
urldate = {2022-02-14}
}
Threat Roundup for February 4 to February 11 DarkComet Ghost RAT Loki Password Stealer (PWS) Tinba Tofsee Zeus |
2022-02-09 ⋅ Sentinel LABS ⋅ Tom Hegel @online{hegel:20220209:modifiedelephant:b004138,
author = {Tom Hegel},
title = {{ModifiedElephant APT and a Decade of Fabricating Evidence}},
date = {2022-02-09},
organization = {Sentinel LABS},
url = {https://www.sentinelone.com/labs/modifiedelephant-apt-and-a-decade-of-fabricating-evidence/},
language = {English},
urldate = {2022-02-14}
}
ModifiedElephant APT and a Decade of Fabricating Evidence DarkComet Incubator NetWire RC ModifiedElephant |
2022-02-09 ⋅ SentinelOne ⋅ Tom Hegel, Juan Andrés Guerrero-Saade @techreport{hegel:20220209:modified:3c039c6,
author = {Tom Hegel and Juan Andrés Guerrero-Saade},
title = {{Modified Elephant APT and a Decade of Fabricating Evidence}},
date = {2022-02-09},
institution = {SentinelOne},
url = {https://www.sentinelone.com/wp-content/uploads/2022/02/Modified-Elephant-APT-and-a-Decade-of-Fabricating-Evidence-SentinelLabs.pdf},
language = {English},
urldate = {2022-02-14}
}
Modified Elephant APT and a Decade of Fabricating Evidence DarkComet Incubator NetWire RC |
2022-02-08 ⋅ Intel 471 ⋅ Intel 471 @online{471:20220208:privateloader:5e226cd,
author = {Intel 471},
title = {{PrivateLoader: The first step in many malware schemes}},
date = {2022-02-08},
organization = {Intel 471},
url = {https://intel471.com/blog/privateloader-malware},
language = {English},
urldate = {2022-05-09}
}
PrivateLoader: The first step in many malware schemes Dridex Kronos LockBit Nanocore RAT NjRAT PrivateLoader Quasar RAT RedLine Stealer Remcos SmokeLoader STOP Tofsee TrickBot Vidar |
2022-02-03 ⋅ forensicitguy ⋅ Tony Lambert @online{lambert:20220203:njrat:88ea206,
author = {Tony Lambert},
title = {{njRAT Installed from a MSI}},
date = {2022-02-03},
organization = {forensicitguy},
url = {https://forensicitguy.github.io/njrat-installed-from-msi/},
language = {English},
urldate = {2022-02-04}
}
njRAT Installed from a MSI NjRAT |
2022-01-24 ⋅ Trend Micro ⋅ Trend Micro @online{micro:20220124:investigating:a7e6049,
author = {Trend Micro},
title = {{Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal (IOCs)}},
date = {2022-01-24},
organization = {Trend Micro},
url = {https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/investigating-apt36-or-earth-karkaddan-attack-chain-and-malware-arsenal/IoCs_Investigating%20APT36%20or%20Earth%20Karkaddan%20Attack%20Chain%20and%20Malware%20Arsenal.rtf},
language = {English},
urldate = {2022-01-25}
}
Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal (IOCs) Crimson RAT Oblique RAT |
2022-01-24 ⋅ Trend Micro ⋅ Trend Micro @online{micro:20220124:investigating:5e9386a,
author = {Trend Micro},
title = {{Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal}},
date = {2022-01-24},
organization = {Trend Micro},
url = {https://www.trendmicro.com/en_us/research/22/a/investigating-apt36-or-earth-karkaddans-attack-chain-and-malware.html},
language = {English},
urldate = {2022-01-25}
}
Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal CapraRAT Crimson RAT Oblique RAT |
2022-01-24 ⋅ Trend Micro ⋅ Trend Micro @techreport{micro:20220124:investigating:7727327,
author = {Trend Micro},
title = {{Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal}},
date = {2022-01-24},
institution = {Trend Micro},
url = {https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/investigating-apt36-or-earth-karkaddan-attack-chain-and-malware-arsenal/Earth%20Karkaddan%20APT-%20Adversary%20Intelligence%20and%20Monitoring%20Report.pdf},
language = {English},
urldate = {2022-01-25}
}
Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal Crimson RAT Oblique RAT |
2022-01-12 ⋅ Cyber And Ramen blog ⋅ Mike R @online{r:20220112:analysis:2f570a4,
author = {Mike R},
title = {{Analysis of njRAT PowerPoint Macros}},
date = {2022-01-12},
organization = {Cyber And Ramen blog},
url = {https://cyberandramen.net/2022/01/12/analysis-of-njrat-powerpoint-macros/},
language = {English},
urldate = {2022-04-05}
}
Analysis of njRAT PowerPoint Macros NjRAT |
2021-12-22 ⋅ Know Chuangyu ⋅ Know Chuangyu @online{chuangyu:20211222:tracking:5b23633,
author = {Know Chuangyu},
title = {{APT Tracking Analytics: Transparent Tribe Attack Activity}},
date = {2021-12-22},
organization = {Know Chuangyu},
url = {https://www.4hou.com/posts/vLzM},
language = {English},
urldate = {2021-12-23}
}
APT Tracking Analytics: Transparent Tribe Attack Activity Crimson RAT |
2021-11-30 ⋅ CYBER GEEKS All Things Infosec ⋅ CyberMasterV @online{cybermasterv:20211130:just:d5f53c9,
author = {CyberMasterV},
title = {{Just another analysis of the njRAT malware – A step-by-step approach}},
date = {2021-11-30},
organization = {CYBER GEEKS All Things Infosec},
url = {https://cybergeeks.tech/just-another-analysis-of-the-njrat-malware-a-step-by-step-approach/},
language = {English},
urldate = {2021-12-06}
}
Just another analysis of the njRAT malware – A step-by-step approach NjRAT |
2021-11-29 ⋅ Trend Micro ⋅ Jaromír Hořejší @online{hoej:20211129:campaign:6e23cf5,
author = {Jaromír Hořejší},
title = {{Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites}},
date = {2021-11-29},
organization = {Trend Micro},
url = {https://www.trendmicro.com/en_us/research/21/k/campaign-abusing-rats-uses-fake-websites.html},
language = {English},
urldate = {2021-12-07}
}
Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites AsyncRAT Azorult Nanocore RAT NjRAT RedLine Stealer Remcos |
2021-11-18 ⋅ Red Canary ⋅ The Red Canary Team @online{team:20211118:intelligence:7b00cb9,
author = {The Red Canary Team},
title = {{Intelligence Insights: November 2021}},
date = {2021-11-18},
organization = {Red Canary},
url = {https://redcanary.com/blog/intelligence-insights-november-2021/},
language = {English},
urldate = {2021-11-19}
}
Intelligence Insights: November 2021 Andromeda Conti LockBit QakBot Squirrelwaffle |
2021-11-11 ⋅ Microsoft ⋅ Microsoft 365 Defender Threat Intelligence Team @online{team:20211111:html:410a27f,
author = {Microsoft 365 Defender Threat Intelligence Team},
title = {{HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks}},
date = {2021-11-11},
organization = {Microsoft},
url = {https://www.microsoft.com/security/blog/2021/11/11/html-smuggling-surges-highly-evasive-loader-technique-increasingly-used-in-banking-malware-targeted-attacks/},
language = {English},
urldate = {2021-11-12}
}
HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks AsyncRAT Mekotio NjRAT |
2021-11-10 ⋅ AhnLab ⋅ ASEC Analysis Team @techreport{team:20211110:analysis:9630125,
author = {ASEC Analysis Team},
title = {{Analysis Report of Lazarus Group’s NukeSped Malware}},
date = {2021-11-10},
institution = {AhnLab},
url = {https://asec.ahnlab.com/wp-content/uploads/2021/11/Lazarus-%EA%B7%B8%EB%A3%B9%EC%9D%98-NukeSped-%EC%95%85%EC%84%B1%EC%BD%94%EB%93%9C-%EB%B6%84%EC%84%9D-%EB%B3%B4%EA%B3%A0%EC%84%9C.pdf},
language = {Korean},
urldate = {2023-08-17}
}
Analysis Report of Lazarus Group’s NukeSped Malware DarkComet Tiger RAT |
2021-10-26 ⋅ Kaspersky ⋅ Kaspersky Lab ICS CERT @techreport{cert:20211026:attacks:6f30d0f,
author = {Kaspersky Lab ICS CERT},
title = {{APT attacks on industrial organizations in H1 2021}},
date = {2021-10-26},
institution = {Kaspersky},
url = {https://ics-cert.kaspersky.com/media/Kaspersky-ICS-CERT-APT-attacks-on-industrial-organizations-in-H1-2021-En.pdf},
language = {English},
urldate = {2021-11-08}
}
APT attacks on industrial organizations in H1 2021 8.t Dropper AllaKore AsyncRAT GoldMax LimeRAT NjRAT NoxPlayer Raindrop ReverseRAT ShadowPad Zebrocy |
2021-10-15 ⋅ ESET Research ⋅ ESET Research @online{research:20211015:malicious:04da9c1,
author = {ESET Research},
title = {{Tweet on a malicious campaign targeting governmental and education entities in Colombia using multiple stages to drop AsyncRAT or njRAT Keylogger on their victims}},
date = {2021-10-15},
organization = {ESET Research},
url = {https://twitter.com/ESETresearch/status/1449132020613922828},
language = {English},
urldate = {2021-11-08}
}
Tweet on a malicious campaign targeting governmental and education entities in Colombia using multiple stages to drop AsyncRAT or njRAT Keylogger on their victims AsyncRAT NjRAT |
2021-10-13 ⋅ Anchored Narratives on Threat Intelligence and Geopolitics ⋅ RJM @online{rjm:20211013:trouble:c988e46,
author = {RJM},
title = {{Trouble in Asia and the Middle East. Tracking the TransparentTribe threat actor.}},
date = {2021-10-13},
organization = {Anchored Narratives on Threat Intelligence and Geopolitics},
url = {https://anchorednarratives.substack.com/p/trouble-in-asia-and-the-middle-east},
language = {English},
urldate = {2021-10-14}
}
Trouble in Asia and the Middle East. Tracking the TransparentTribe threat actor. Crimson RAT |
2021-09-20 ⋅ Trend Micro ⋅ Aliakbar Zahravi, William Gamazo Sanchez @online{zahravi:20210920:water:63df486,
author = {Aliakbar Zahravi and William Gamazo Sanchez},
title = {{Water Basilisk Uses New HCrypt Variant to Flood Victims with RAT Payloads}},
date = {2021-09-20},
organization = {Trend Micro},
url = {https://www.trendmicro.com/en_us/research/21/i/Water-Basilisk-Uses-New-HCrypt-Variant-to-Flood-Victims-with-RAT-Payloads.html},
language = {English},
urldate = {2021-09-22}
}
Water Basilisk Uses New HCrypt Variant to Flood Victims with RAT Payloads Ave Maria BitRAT LimeRAT Nanocore RAT NjRAT Quasar RAT |
2021-09-16 ⋅ Cisco ⋅ Tiago Pereira, Vitor Ventura @online{pereira:20210916:operation:133992d,
author = {Tiago Pereira and Vitor Ventura},
title = {{Operation Layover: How we tracked an attack on the aviation industry to five years of compromise}},
date = {2021-09-16},
organization = {Cisco},
url = {https://blog.talosintelligence.com/2021/09/operation-layover-how-we-tracked-attack.html},
language = {English},
urldate = {2021-09-19}
}
Operation Layover: How we tracked an attack on the aviation industry to five years of compromise AsyncRAT Houdini NjRAT |
2021-09-13 ⋅ Trend Micro ⋅ Jaromír Hořejší, Daniel Lunghi @online{hoej:20210913:aptc36:d6456f8,
author = {Jaromír Hořejší and Daniel Lunghi},
title = {{APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs (IOCs)}},
date = {2021-09-13},
organization = {Trend Micro},
url = {https://www.trendmicro.com/content/dam/trendmicro/global/en/research/21/i/apt-c-36-updates-its-long-term-spam-campaign-against-south-american-entities-with-commodity-rats/BlindEagleIOCList.txt},
language = {English},
urldate = {2021-09-14}
}
APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs (IOCs) AsyncRAT Ave Maria BitRAT Imminent Monitor RAT LimeRAT NjRAT Remcos |
2021-09-13 ⋅ Trend Micro ⋅ Jaromír Hořejší, Daniel Lunghi @online{hoej:20210913:aptc36:9b97238,
author = {Jaromír Hořejší and Daniel Lunghi},
title = {{APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs}},
date = {2021-09-13},
organization = {Trend Micro},
url = {https://www.trendmicro.com/en_us/research/21/i/apt-c-36-updates-its-long-term-spam-campaign-against-south-ameri.html},
language = {English},
urldate = {2021-09-14}
}
APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs AsyncRAT Ave Maria BitRAT Imminent Monitor RAT LimeRAT NjRAT Remcos |
2021-09-08 ⋅ Microstep Intelligence Bureau ⋅ Microstep Online Research Response Center @online{center:20210908:trilateral:aedcf24,
author = {Microstep Online Research Response Center},
title = {{Trilateral operation: years of cyberespionage against countries in south asia and the middle east (APT36)}},
date = {2021-09-08},
organization = {Microstep Intelligence Bureau},
url = {https://mp.weixin.qq.com/s/AhxP5HmROtMsFBiUxj0cFg},
language = {Chinese},
urldate = {2021-09-14}
}
Trilateral operation: years of cyberespionage against countries in south asia and the middle east (APT36) AndroRAT Crimson RAT |
2021-09-01 ⋅ 360 Threat Intelligence Center ⋅ Advanced Threat Institute @online{institute:20210901:aptc56:0f08cce,
author = {Advanced Threat Institute},
title = {{APT-C-56 (Transparent Tribe) Latest Attack Analysis and Associated Suspected Gorgon Group Attack Analysis Alert}},
date = {2021-09-01},
organization = {360 Threat Intelligence Center},
url = {https://mp.weixin.qq.com/s/xUM2x89GuB8uP6otN612Fg},
language = {Chinese},
urldate = {2021-09-09}
}
APT-C-56 (Transparent Tribe) Latest Attack Analysis and Associated Suspected Gorgon Group Attack Analysis Alert Crimson RAT NetWire RC |
2021-08-19 ⋅ Talos ⋅ Asheer Malhotra, Vitor Ventura, Vanja Svajcer @online{malhotra:20210819:malicious:e04d4c9,
author = {Asheer Malhotra and Vitor Ventura and Vanja Svajcer},
title = {{Malicious Campaign Targets Latin America: The seller, The operator and a curious link}},
date = {2021-08-19},
organization = {Talos},
url = {https://blog.talosintelligence.com/2021/08/rat-campaign-targets-latin-america.html},
language = {English},
urldate = {2021-08-30}
}
Malicious Campaign Targets Latin America: The seller, The operator and a curious link AsyncRAT NjRAT |
2021-07-30 ⋅ Menlo Security ⋅ MENLO Security @online{security:20210730:isomorph:83956a0,
author = {MENLO Security},
title = {{ISOMorph Infection: In-Depth Analysis of a New HTML Smuggling Campaign}},
date = {2021-07-30},
organization = {Menlo Security},
url = {https://www.menlosecurity.com/blog/isomorph-infection-in-depth-analysis-of-a-new-html-smuggling-campaign/},
language = {English},
urldate = {2021-08-02}
}
ISOMorph Infection: In-Depth Analysis of a New HTML Smuggling Campaign AsyncRAT NjRAT |
2021-07-12 ⋅ IBM ⋅ Melissa Frydrych, Claire Zaboeva, Dan Dash @online{frydrych:20210712:roboski:1f66418,
author = {Melissa Frydrych and Claire Zaboeva and Dan Dash},
title = {{RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation}},
date = {2021-07-12},
organization = {IBM},
url = {https://securityintelligence.com/posts/roboski-global-recovery-automation/},
language = {English},
urldate = {2021-07-20}
}
RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation 404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos |
2021-07-12 ⋅ Cipher Tech Solutions ⋅ Melissa Frydrych, Claire Zaboeva, Dan Dash @online{frydrych:20210712:roboski:a3c66bf,
author = {Melissa Frydrych and Claire Zaboeva and Dan Dash},
title = {{RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation}},
date = {2021-07-12},
organization = {Cipher Tech Solutions},
url = {https://www.ciphertechsolutions.com/roboski-global-recovery-automation/},
language = {English},
urldate = {2021-07-20}
}
RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation 404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos |
2021-07-09 ⋅ Seqrite ⋅ Chaitanya Haritash, Nihar Deshpande, Shayak Tarafdar @techreport{haritash:20210709:seqrite:8d36786,
author = {Chaitanya Haritash and Nihar Deshpande and Shayak Tarafdar},
title = {{Seqrite uncovers second wave of Operation SideCopy targeting Indian critical infrastructure PSUs}},
date = {2021-07-09},
institution = {Seqrite},
url = {https://www.seqrite.com/documents/en/white-papers/Whitepaper-OperationSideCopy.pdf},
language = {English},
urldate = {2021-07-20}
}
Seqrite uncovers second wave of Operation SideCopy targeting Indian critical infrastructure PSUs NjRAT ReverseRAT |
2021-07-07 ⋅ Talos Intelligence ⋅ Asheer Malhotra, Justin Thattil @online{malhotra:20210707:insidecopy:eca169d,
author = {Asheer Malhotra and Justin Thattil},
title = {{InSideCopy: How this APT continues to evolve its arsenal}},
date = {2021-07-07},
organization = {Talos Intelligence},
url = {https://blog.talosintelligence.com/2021/07/sidecopy.html},
language = {English},
urldate = {2021-07-08}
}
InSideCopy: How this APT continues to evolve its arsenal AllaKore NjRAT SideCopy |
2021-07-07 ⋅ Talos ⋅ Asheer Malhotra, Justin Thattil @techreport{malhotra:20210707:insidecopy:107d438,
author = {Asheer Malhotra and Justin Thattil},
title = {{InSideCopy: How this APT continues to evolve its arsenal}},
date = {2021-07-07},
institution = {Talos},
url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/591/original/062521_SideCopy_%281%29.pdf},
language = {English},
urldate = {2021-07-09}
}
InSideCopy: How this APT continues to evolve its arsenal AllaKore Lilith NjRAT |
2021-07-07 ⋅ Talos ⋅ Asheer Malhotra, Justin Thattil @online{malhotra:20210707:insidecopy:ac5b778,
author = {Asheer Malhotra and Justin Thattil},
title = {{InSideCopy: How this APT continues to evolve its arsenal (Network IOCs)}},
date = {2021-07-07},
organization = {Talos},
url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/594/original/Network_IOCs_list_for_coverage.txt?1625657479},
language = {English},
urldate = {2021-07-09}
}
InSideCopy: How this APT continues to evolve its arsenal (Network IOCs) AllaKore Lilith NjRAT |
2021-07-07 ⋅ Talos ⋅ Asheer Malhotra, Justin Thattil @online{malhotra:20210707:insidecopy:e6b25bb,
author = {Asheer Malhotra and Justin Thattil},
title = {{InSideCopy: How this APT continues to evolve its arsenal (IOCs)}},
date = {2021-07-07},
organization = {Talos},
url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/592/original/Hashes_IOCs_for_coverage.txt},
language = {English},
urldate = {2021-07-09}
}
InSideCopy: How this APT continues to evolve its arsenal (IOCs) AllaKore Lilith NjRAT |
2021-07-02 ⋅ Team Cymru ⋅ Joshua Picolet @online{picolet:20210702:transparent:329d046,
author = {Joshua Picolet},
title = {{Transparent Tribe APT Infrastructure Mapping Part 2: A Deeper Dive into the Identification of CrimsonRAT Infrastructure}},
date = {2021-07-02},
organization = {Team Cymru},
url = {https://team-cymru.com/blog/2021/07/02/transparent-tribe-apt-infrastructure-mapping-2/},
language = {English},
urldate = {2021-07-11}
}
Transparent Tribe APT Infrastructure Mapping Part 2: A Deeper Dive into the Identification of CrimsonRAT Infrastructure Crimson RAT |
2021-07-02 ⋅ Cisco ⋅ Asheer Malhotra, Justin Thattil @online{malhotra:20210702:insidecopy:c85188c,
author = {Asheer Malhotra and Justin Thattil},
title = {{InSideCopy: How this APT continues to evolve its arsenal}},
date = {2021-07-02},
organization = {Cisco},
url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/591/original/062521_SideCopy_%281%29.pdf?1625657388},
language = {English},
urldate = {2022-01-25}
}
InSideCopy: How this APT continues to evolve its arsenal AllaKore CetaRAT Lilith NjRAT ReverseRAT |
2021-05-13 ⋅ Talos ⋅ Asheer Malhotra, Justin Thattil, Kendall McKay @online{malhotra:20210513:transparent:9993964,
author = {Asheer Malhotra and Justin Thattil and Kendall McKay},
title = {{Transparent Tribe APT expands its Windows malware arsenal}},
date = {2021-05-13},
organization = {Talos},
url = {https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html},
language = {English},
urldate = {2021-05-13}
}
Transparent Tribe APT expands its Windows malware arsenal Crimson RAT Oblique RAT |
2021-05-05 ⋅ Zscaler ⋅ Aniruddha Dolas, Mohd Sadique, Manohar Ghule @online{dolas:20210505:catching:ace83fc,
author = {Aniruddha Dolas and Mohd Sadique and Manohar Ghule},
title = {{Catching RATs Over Custom Protocols Analysis of top non-HTTP/S threats}},
date = {2021-05-05},
organization = {Zscaler},
url = {https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols},
language = {English},
urldate = {2021-05-08}
}
Catching RATs Over Custom Protocols Analysis of top non-HTTP/S threats Agent Tesla AsyncRAT Crimson RAT CyberGate Ghost RAT Nanocore RAT NetWire RC NjRAT Quasar RAT Remcos |
2021-04-30 ⋅ Cybleinc ⋅ cybleinc @online{cybleinc:20210430:transparent:1df2639,
author = {cybleinc},
title = {{Transparent Tribe Operating with a New Variant of Crimson RAT}},
date = {2021-04-30},
organization = {Cybleinc},
url = {https://cybleinc.com/2021/04/30/transparent-tribe-operating-with-a-new-variant-of-crimson-rat/},
language = {English},
urldate = {2021-05-03}
}
Transparent Tribe Operating with a New Variant of Crimson RAT Crimson RAT |
2021-04-27 ⋅ Kaspersky ⋅ GReAT @online{great:20210427:trends:e1c92a3,
author = {GReAT},
title = {{APT trends report Q1 2021}},
date = {2021-04-27},
organization = {Kaspersky},
url = {https://securelist.com/apt-trends-report-q1-2021/101967/},
language = {English},
urldate = {2021-04-29}
}
APT trends report Q1 2021 PAS Artra Downloader BadNews Bozok DILLJUICE Kazuar Quasar RAT SodaMaster |
2021-04-21 ⋅ Facebook ⋅ Mike Dvilyanski, David Agranovich @online{dvilyanski:20210421:taking:23e0fb2,
author = {Mike Dvilyanski and David Agranovich},
title = {{Taking Action Against Hackers in Palestine}},
date = {2021-04-21},
organization = {Facebook},
url = {https://about.fb.com/news/2021/04/taking-action-against-hackers-in-palestine/},
language = {English},
urldate = {2021-04-28}
}
Taking Action Against Hackers in Palestine SpyNote Houdini NjRAT |
2021-04-20 ⋅ 360 Threat Intelligence Center ⋅ Advanced Threat Institute @online{institute:20210420:transparent:1033b04,
author = {Advanced Threat Institute},
title = {{Transparent Tribe uses the new crown vaccine hotspot to analyze the targeted attacks on the Indian medical industry}},
date = {2021-04-20},
organization = {360 Threat Intelligence Center},
url = {https://mp.weixin.qq.com/s/ELYDvdMiiy4FZ3KpmAddZQ},
language = {Chinese},
urldate = {2021-04-28}
}
Transparent Tribe uses the new crown vaccine hotspot to analyze the targeted attacks on the Indian medical industry Crimson RAT |
2021-04-16 ⋅ Team Cymru ⋅ Joshua Picolet @online{picolet:20210416:transparent:645e443,
author = {Joshua Picolet},
title = {{Transparent Tribe APT Infrastructure Mapping Part 1: A High-Level Study of CrimsonRAT Infrastructure October 2020 – March 2021}},
date = {2021-04-16},
organization = {Team Cymru},
url = {https://team-cymru.com/blog/2021/04/16/transparent-tribe-apt-infrastructure-mapping/},
language = {English},
urldate = {2021-04-19}
}
Transparent Tribe APT Infrastructure Mapping Part 1: A High-Level Study of CrimsonRAT Infrastructure October 2020 – March 2021 Crimson RAT |
2021-03-31 ⋅ Red Canary ⋅ Red Canary @techreport{canary:20210331:2021:cd81f2d,
author = {Red Canary},
title = {{2021 Threat Detection Report}},
date = {2021-03-31},
institution = {Red Canary},
url = {https://resource.redcanary.com/rs/003-YRU-314/images/2021-Threat-Detection-Report.pdf},
language = {English},
urldate = {2021-04-06}
}
2021 Threat Detection Report Shlayer Andromeda Cobalt Strike Dridex Emotet IcedID MimiKatz QakBot TrickBot |
2021-03-22 ⋅ K7 Security ⋅ Mary Muthu Francisca @online{francisca:20210322:malspam:7d33257,
author = {Mary Muthu Francisca},
title = {{MalSpam Campaigns Download njRAT from Paste Sites}},
date = {2021-03-22},
organization = {K7 Security},
url = {https://labs.k7computing.com/?p=21904},
language = {English},
urldate = {2021-03-25}
}
MalSpam Campaigns Download njRAT from Paste Sites NjRAT |
2021-03-21 ⋅ Blackberry ⋅ Blackberry Research @techreport{research:20210321:2021:a393473,
author = {Blackberry Research},
title = {{2021 Threat Report}},
date = {2021-03-21},
institution = {Blackberry},
url = {https://www.blackberry.com/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-bb-2021-threat-report.pdf},
language = {English},
urldate = {2021-03-25}
}
2021 Threat Report Bashlite FritzFrog IPStorm Mirai Tsunami elf.wellmess AppleJeus Dacls EvilQuest Manuscrypt Astaroth BazarBackdoor Cerber Cobalt Strike Emotet FinFisher RAT Kwampirs MimiKatz NjRAT Ryuk SmokeLoader TrickBot |
2021-02-28 ⋅ PWC UK ⋅ PWC UK @techreport{uk:20210228:cyber:bd780cd,
author = {PWC UK},
title = {{Cyber Threats 2020: A Year in Retrospect}},
date = {2021-02-28},
institution = {PWC UK},
url = {https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf},
language = {English},
urldate = {2021-03-04}
}
Cyber Threats 2020: A Year in Retrospect elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team |
2021-02-25 ⋅ Intezer ⋅ Intezer @techreport{intezer:20210225:year:eb47cd1,
author = {Intezer},
title = {{Year of the Gopher A 2020 Go Malware Round-Up}},
date = {2021-02-25},
institution = {Intezer},
url = {https://www.intezer.com/wp-content/uploads/2021/02/Intezer-2020-Go-Malware-Round-Up.pdf},
language = {English},
urldate = {2021-06-30}
}
Year of the Gopher A 2020 Go Malware Round-Up NiuB WellMail elf.wellmess ArdaMax AsyncRAT CyberGate DarkComet Glupteba Nanocore RAT Nefilim NjRAT Quasar RAT WellMess Zebrocy |
2021-01-18 ⋅ Twitter (@teamcymru) ⋅ Team Cymru @online{cymru:20210118:apt36:e2e83ce,
author = {Team Cymru},
title = {{Tweet on APT36 CrimsonRAT C2}},
date = {2021-01-18},
organization = {Twitter (@teamcymru)},
url = {https://twitter.com/teamcymru/status/1351228309632385027},
language = {English},
urldate = {2021-01-21}
}
Tweet on APT36 CrimsonRAT C2 Crimson RAT |
2021-01-11 ⋅ ESET Research ⋅ Matías Porolli @online{porolli:20210111:operation:409662d,
author = {Matías Porolli},
title = {{Operation Spalax: Targeted malware attacks in Colombia}},
date = {2021-01-11},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2021/01/12/operation-spalax-targeted-malware-attacks-colombia/},
language = {English},
urldate = {2021-01-18}
}
Operation Spalax: Targeted malware attacks in Colombia Agent Tesla AsyncRAT NjRAT Remcos |
2021-01-09 ⋅ Marco Ramilli's Blog ⋅ Marco Ramilli @online{ramilli:20210109:command:d720b27,
author = {Marco Ramilli},
title = {{Command and Control Traffic Patterns}},
date = {2021-01-09},
organization = {Marco Ramilli's Blog},
url = {https://marcoramilli.com/2021/01/09/c2-traffic-patterns-personal-notes/},
language = {English},
urldate = {2021-05-17}
}
Command and Control Traffic Patterns ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot |
2021-01-05 ⋅ Sangfor ⋅ Clairvoyance Safety Laboratory @online{laboratory:20210105:attack:828ee7a,
author = {Clairvoyance Safety Laboratory},
title = {{Attack from Mustang Panda? My rabbit is back!}},
date = {2021-01-05},
organization = {Sangfor},
url = {https://www.4hou.com/posts/VoPM},
language = {Japanese},
urldate = {2021-01-10}
}
Attack from Mustang Panda? My rabbit is back! NjRAT |
2020-12-21 ⋅ Cisco Talos ⋅ JON MUNSHAW @online{munshaw:20201221:2020:4a88f84,
author = {JON MUNSHAW},
title = {{2020: The year in malware}},
date = {2020-12-21},
organization = {Cisco Talos},
url = {https://blog.talosintelligence.com/2020/12/2020-year-in-malware.html},
language = {English},
urldate = {2020-12-26}
}
2020: The year in malware WolfRAT Prometei Poet RAT Agent Tesla Astaroth Ave Maria CRAT Emotet Gozi IndigoDrop JhoneRAT Nanocore RAT NjRAT Oblique RAT SmokeLoader StrongPity WastedLocker Zloader |
2020-12-16 ⋅ CrowdStrike ⋅ David Rojas, Mark Robinson @online{rojas:20201216:hiding:b5c41f6,
author = {David Rojas and Mark Robinson},
title = {{Hiding in Plain Sight: Remediating “Hidden” Malware with Real Time Response}},
date = {2020-12-16},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/how-to-remediate-hidden-malware-real-time-response/},
language = {English},
urldate = {2021-01-04}
}
Hiding in Plain Sight: Remediating “Hidden” Malware with Real Time Response Andromeda |
2020-12-10 ⋅ Intel 471 ⋅ Intel 471 @online{471:20201210:no:9fd2ae1,
author = {Intel 471},
title = {{No pandas, just people: The current state of China’s cybercrime underground}},
date = {2020-12-10},
organization = {Intel 471},
url = {https://intel471.com/blog/china-cybercrime-undergrond-deepmix-tea-horse-road-great-firewall/},
language = {English},
urldate = {2020-12-10}
}
No pandas, just people: The current state of China’s cybercrime underground Anubis SpyNote AsyncRAT Cobalt Strike Ghost RAT NjRAT |
2020-12-09 ⋅ Palo Alto Networks Unit 42 ⋅ Yanhui Jia, Chris Navarrete, Haozhe Zhang @online{jia:20201209:njrat:f7f3b49,
author = {Yanhui Jia and Chris Navarrete and Haozhe Zhang},
title = {{njRAT Spreading Through Active Pastebin Command and Control Tunnel}},
date = {2020-12-09},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/njrat-pastebin-command-and-control},
language = {English},
urldate = {2020-12-11}
}
njRAT Spreading Through Active Pastebin Command and Control Tunnel NjRAT |
2020-12-01 ⋅ sonatype ⋅ Ax Sharma @online{sharma:20201201:theres:9e5f87e,
author = {Ax Sharma},
title = {{There’s a RAT in my code: new npm malware with Bladabindi trojan spotted}},
date = {2020-12-01},
organization = {sonatype},
url = {https://blog.sonatype.com/bladabindi-njrat-rat-in-jdb.js-npm-malware},
language = {English},
urldate = {2020-12-08}
}
There’s a RAT in my code: new npm malware with Bladabindi trojan spotted NjRAT |
2020-11-09 ⋅ Bleeping Computer ⋅ Ionut Ilascu @online{ilascu:20201109:fake:c6dd7b3,
author = {Ionut Ilascu},
title = {{Fake Microsoft Teams updates lead to Cobalt Strike deployment}},
date = {2020-11-09},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/fake-microsoft-teams-updates-lead-to-cobalt-strike-deployment/},
language = {English},
urldate = {2020-11-11}
}
Fake Microsoft Teams updates lead to Cobalt Strike deployment Cobalt Strike DoppelPaymer NjRAT Predator The Thief Zloader |
2020-11-03 ⋅ Kaspersky Labs ⋅ GReAT @online{great:20201103:trends:febc159,
author = {GReAT},
title = {{APT trends report Q3 2020}},
date = {2020-11-03},
organization = {Kaspersky Labs},
url = {https://securelist.com/apt-trends-report-q3-2020/99204/},
language = {English},
urldate = {2020-11-04}
}
APT trends report Q3 2020 WellMail EVILNUM Janicab Poet RAT AsyncRAT Ave Maria Cobalt Strike Crimson RAT CROSSWALK Dtrack LODEINFO MoriAgent Okrum PlugX poisonplug Rover ShadowPad SoreFang Winnti |
2020-10-26 ⋅ 360 Core Security ⋅ 360 @online{360:20201026:aptc44:a336bf6,
author = {360},
title = {{北非狐(APT-C-44)攻击活动揭露}},
date = {2020-10-26},
organization = {360 Core Security},
url = {https://blogs.360.cn/post/APT-C-44.html},
language = {Chinese},
urldate = {2020-11-09}
}
北非狐(APT-C-44)攻击活动揭露 Xtreme RAT Houdini NjRAT Revenge RAT |
2020-09-21 ⋅ Trend Micro ⋅ Raphael Centeno @online{centeno:20200921:cybercriminals:0dbaa08,
author = {Raphael Centeno},
title = {{Cybercriminals Distribute Backdoor With VPN Installer}},
date = {2020-09-21},
organization = {Trend Micro},
url = {https://www.trendmicro.com/en_us/research/20/i/wind-up-windscribe-vpn-bundled-with-backdoor.html},
language = {English},
urldate = {2020-09-23}
}
Cybercriminals Distribute Backdoor With VPN Installer NjRAT |
2020-09-01 ⋅ nviso ⋅ Didier Stevens, Maxime Thiebaut, Dries Boone, Bart Parys, Michel Coene @online{stevens:20200901:epic:038897f,
author = {Didier Stevens and Maxime Thiebaut and Dries Boone and Bart Parys and Michel Coene},
title = {{Epic Manchego – atypical maldoc delivery brings flurry of infostealers}},
date = {2020-09-01},
organization = {nviso},
url = {https://blog.nviso.eu/2020/09/01/epic-manchego-atypical-maldoc-delivery-brings-flurry-of-infostealers/},
language = {English},
urldate = {2020-09-01}
}
Epic Manchego – atypical maldoc delivery brings flurry of infostealers Azorult NjRAT |
2020-08-26 ⋅ Kaspersky Labs ⋅ Giampaolo Dedola @online{dedola:20200826:transparent:b6f0422,
author = {Giampaolo Dedola},
title = {{Transparent Tribe: Evolution analysis, part 2}},
date = {2020-08-26},
organization = {Kaspersky Labs},
url = {https://securelist.com/transparent-tribe-part-2/98233/},
language = {English},
urldate = {2020-08-27}
}
Transparent Tribe: Evolution analysis, part 2 AhMyth Crimson RAT Oblique RAT |
2020-08-25 ⋅ Qianxin ⋅ Qi'anxin Threat Intelligence @online{intelligence:20200825:apt:0ad132f,
author = {Qi'anxin Threat Intelligence},
title = {{南亚APT组织“透明部落”在移动端上与对手的较量}},
date = {2020-08-25},
organization = {Qianxin},
url = {https://www.secrss.com/articles/24995},
language = {Chinese},
urldate = {2020-08-25}
}
南亚APT组织“透明部落”在移动端上与对手的较量 AhMyth Crimson RAT Oblique RAT |
2020-08-20 ⋅ Kaspersky Labs ⋅ Giampaolo Dedola @online{dedola:20200820:transparent:b63fac6,
author = {Giampaolo Dedola},
title = {{Transparent Tribe: Evolution analysis, part 1}},
date = {2020-08-20},
organization = {Kaspersky Labs},
url = {https://securelist.com/transparent-tribe-part-1/98127/},
language = {English},
urldate = {2020-08-24}
}
Transparent Tribe: Evolution analysis, part 1 Crimson RAT |
2020-08-19 ⋅ AhnLab ⋅ AhnLab ASEC 분석팀 @online{:20200819:njrat:a8e3234,
author = {AhnLab ASEC 분석팀},
title = {{국내 유명 웹하드를 통해 유포되는 njRAT 악성코드}},
date = {2020-08-19},
organization = {AhnLab},
url = {https://asec.ahnlab.com/1369},
language = {Korean},
urldate = {2020-08-25}
}
국내 유명 웹하드를 통해 유포되는 njRAT 악성코드 NjRAT |
2020-08 ⋅ TG Soft ⋅ TG Soft @online{soft:202008:tg:88b671c,
author = {TG Soft},
title = {{TG Soft Cyber - Threat Report}},
date = {2020-08},
organization = {TG Soft},
url = {https://www.tgsoft.it/files/report/download.asp?id=7481257469},
language = {Italian},
urldate = {2020-09-15}
}
TG Soft Cyber - Threat Report DarkComet Darktrack RAT Emotet ISFB |
2020-07-30 ⋅ Spamhaus ⋅ Spamhaus Malware Labs @techreport{labs:20200730:spamhaus:038546d,
author = {Spamhaus Malware Labs},
title = {{Spamhaus Botnet Threat Update Q2 2020}},
date = {2020-07-30},
institution = {Spamhaus},
url = {https://www.spamhaus.org/news/images/botnet-report-2020-q2/2020-q2-spamhaus-botnet-threat-report.pdf},
language = {English},
urldate = {2020-07-30}
}
Spamhaus Botnet Threat Update Q2 2020 AdWind Agent Tesla Arkei Stealer AsyncRAT Ave Maria Azorult DanaBot Emotet IcedID ISFB KPOT Stealer Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Pony Raccoon RedLine Stealer Remcos Zloader |
2020-07-29 ⋅ ESET Research ⋅ welivesecurity @techreport{welivesecurity:20200729:threat:496355c,
author = {welivesecurity},
title = {{THREAT REPORT Q2 2020}},
date = {2020-07-29},
institution = {ESET Research},
url = {https://www.welivesecurity.com/wp-content/uploads/2020/07/ESET_Threat_Report_Q22020.pdf},
language = {English},
urldate = {2020-07-30}
}
THREAT REPORT Q2 2020 DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos PlugX Pony REvil Socelars STOP Tinba TrickBot WannaCryptor |
2020-07-17 ⋅ CERT-FR ⋅ CERT-FR @techreport{certfr:20200717:malware:5c58cdf,
author = {CERT-FR},
title = {{The Malware Dridex: Origins and Uses}},
date = {2020-07-17},
institution = {CERT-FR},
url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-008.pdf},
language = {English},
urldate = {2020-07-20}
}
The Malware Dridex: Origins and Uses Andromeda CryptoLocker Cutwail DoppelPaymer Dridex Emotet FriedEx Gameover P2P Gandcrab ISFB Murofet Necurs Predator The Thief Zeus |
2020-07-08 ⋅ Seqrite ⋅ Kalpesh Mantri @online{mantri:20200708:operation:bee5008,
author = {Kalpesh Mantri},
title = {{Operation ‘Honey Trap’: APT36 Targets Defense Organizations in India}},
date = {2020-07-08},
organization = {Seqrite},
url = {https://www.seqrite.com/blog/operation-honey-trap-apt36-targets-defense-organizations-in-india/},
language = {English},
urldate = {2020-07-13}
}
Operation ‘Honey Trap’: APT36 Targets Defense Organizations in India Crimson RAT |
2020-06-22 ⋅ Anurag @online{anurag:20200622:njrat:381c066,
author = {Anurag},
title = {{njRat Malware Analysis}},
date = {2020-06-22},
url = {https://malwr-analysis.com/2020/06/21/njrat-malware-analysis/},
language = {English},
urldate = {2020-06-22}
}
njRat Malware Analysis NjRAT |
2020-05-14 ⋅ SophosLabs ⋅ Markel Picado @online{picado:20200514:raticate:6334722,
author = {Markel Picado},
title = {{RATicate: an attacker’s waves of information-stealing malware}},
date = {2020-05-14},
organization = {SophosLabs},
url = {https://news.sophos.com/en-us/2020/05/14/raticate/},
language = {English},
urldate = {2020-05-18}
}
RATicate: an attacker’s waves of information-stealing malware Agent Tesla BetaBot BlackRemote Formbook Loki Password Stealer (PWS) NetWire RC NjRAT Remcos |
2020-03-15 ⋅ The Shadowserver Foundation ⋅ Shadowserver Foundation @online{foundation:20200315:has:80a92d5,
author = {Shadowserver Foundation},
title = {{Has The Sun Set On The Necurs Botnet?}},
date = {2020-03-15},
organization = {The Shadowserver Foundation},
url = {https://www.shadowserver.org/news/has-the-sun-set-on-the-necurs-botnet/},
language = {English},
urldate = {2020-03-17}
}
Has The Sun Set On The Necurs Botnet? Andromeda Cutwail Kelihos Necurs Pushdo |
2020-03-03 ⋅ PWC UK ⋅ PWC UK @techreport{uk:20200303:cyber:1f1eef0,
author = {PWC UK},
title = {{Cyber Threats 2019:A Year in Retrospect}},
date = {2020-03-03},
institution = {PWC UK},
url = {https://www.pwc.co.uk/cyber-security/assets/cyber-threats-2019-retrospect.pdf},
language = {English},
urldate = {2020-03-03}
}
Cyber Threats 2019:A Year in Retrospect KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA Sea Turtle |
2020-02-21 ⋅ Yoroi ⋅ Luigi Martire, Pietro Melillo, Antonio Pirozzi @online{martire:20200221:transparent:eb18469,
author = {Luigi Martire and Pietro Melillo and Antonio Pirozzi},
title = {{Transparent Tribe: Four Years Later}},
date = {2020-02-21},
organization = {Yoroi},
url = {https://blog.yoroi.company/research/transparent-tribe-four-years-later},
language = {English},
urldate = {2020-03-06}
}
Transparent Tribe: Four Years Later Crimson RAT |
2020-01-31 ⋅ ReversingLabs ⋅ Robert Simmons @online{simmons:20200131:rats:d8a4021,
author = {Robert Simmons},
title = {{RATs in the Library: Remote Access Trojans Hide in Plain "Public" Site}},
date = {2020-01-31},
organization = {ReversingLabs},
url = {https://blog.reversinglabs.com/blog/rats-in-the-library},
language = {English},
urldate = {2020-02-03}
}
RATs in the Library: Remote Access Trojans Hide in Plain "Public" Site CyberGate LimeRAT NjRAT Quasar RAT Revenge RAT |
2020-01-26 ⋅ Brown Farinholt, Mohammad Rezaeirad, Damon McCoy, Kirill Levchenko @techreport{farinholt:20200126:dark:9c2f434,
author = {Brown Farinholt and Mohammad Rezaeirad and Damon McCoy and Kirill Levchenko},
title = {{Dark Matter: Uncovering the DarkComet RAT Ecosystem}},
date = {2020-01-26},
institution = {},
url = {https://www.sysnet.ucsd.edu/sysnet/miscpapers/darkmatter-www20.pdf},
language = {English},
urldate = {2020-03-07}
}
Dark Matter: Uncovering the DarkComet RAT Ecosystem DarkComet |
2020-01 ⋅ Dragos ⋅ Joe Slowik @techreport{slowik:202001:threat:d891011,
author = {Joe Slowik},
title = {{Threat Intelligence and the Limits of Malware Analysis}},
date = {2020-01},
institution = {Dragos},
url = {https://pylos.co/wp-content/uploads/2020/02/Threat-Intelligence-and-the-Limits-of-Malware-Analysis.pdf},
language = {English},
urldate = {2020-06-10}
}
Threat Intelligence and the Limits of Malware Analysis Exaramel Exaramel Industroyer Lookback NjRAT PlugX |
2020 ⋅ Secureworks ⋅ SecureWorks @online{secureworks:2020:copper:e356116,
author = {SecureWorks},
title = {{COPPER FIELDSTONE}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/copper-fieldstone},
language = {English},
urldate = {2020-05-23}
}
COPPER FIELDSTONE Crimson RAT DarkComet Luminosity RAT NjRAT Operation C-Major |
2020 ⋅ Secureworks ⋅ SecureWorks @online{secureworks:2020:aluminum:af22ffd,
author = {SecureWorks},
title = {{ALUMINUM SARATOGA}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/aluminum-saratoga},
language = {English},
urldate = {2020-05-23}
}
ALUMINUM SARATOGA BlackShades DarkComet Xtreme RAT Poison Ivy Quasar RAT Molerats |
2019-12-24 ⋅ Github (itsKindred) ⋅ Derek Kleinhen @techreport{kleinhen:20191224:bashar:944cfdf,
author = {Derek Kleinhen},
title = {{Bashar Bachir Infection Chain Analysis}},
date = {2019-12-24},
institution = {Github (itsKindred)},
url = {https://github.com/itsKindred/malware-analysis-writeups/blob/master/bashar-bachir-chain/bashar-bachir-analysis.pdf},
language = {English},
urldate = {2020-01-10}
}
Bashar Bachir Infection Chain Analysis NjRAT |
2019-09-26 ⋅ Proofpoint ⋅ Bryan Campbell, Jeremy Hedges, Proofpoint Threat Insight Team @online{campbell:20190926:new:d228362,
author = {Bryan Campbell and Jeremy Hedges and Proofpoint Threat Insight Team},
title = {{New WhiteShadow downloader uses Microsoft SQL to retrieve malware}},
date = {2019-09-26},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/threat-insight/post/new-whiteshadow-downloader-uses-microsoft-sql-retrieve-malware},
language = {English},
urldate = {2020-02-26}
}
New WhiteShadow downloader uses Microsoft SQL to retrieve malware WhiteShadow Agent Tesla Azorult Crimson RAT Formbook Nanocore RAT NetWire RC NjRAT Remcos |
2019-09-23 ⋅ MITRE ⋅ MITRE ATT&CK @online{attck:20190923:apt41:63b9ff7,
author = {MITRE ATT&CK},
title = {{APT41}},
date = {2019-09-23},
organization = {MITRE},
url = {https://attack.mitre.org/groups/G0096},
language = {English},
urldate = {2022-08-30}
}
APT41 Derusbi MESSAGETAP Winnti ASPXSpy BLACKCOFFEE CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT MimiKatz NjRAT PlugX ShadowPad Winnti ZXShell APT41 |
2019-08-30 ⋅ Github (threatland) ⋅ ThreatLand @online{threatland:20190830:njrat:995c281,
author = {ThreatLand},
title = {{njRAT builders}},
date = {2019-08-30},
organization = {Github (threatland)},
url = {https://github.com/threatland/TL-TROJAN/tree/master/TL.RAT/RAT.Win.njRAT},
language = {English},
urldate = {2020-01-08}
}
njRAT builders NjRAT |
2019-08-01 ⋅ Kaspersky Labs ⋅ GReAT @online{great:20190801:trends:5e25d5b,
author = {GReAT},
title = {{APT trends report Q2 2019}},
date = {2019-08-01},
organization = {Kaspersky Labs},
url = {https://securelist.com/apt-trends-report-q2-2019/91897/},
language = {English},
urldate = {2020-08-13}
}
APT trends report Q2 2019 ZooPark magecart POWERSTATS Chaperone COMpfun EternalPetya FinFisher RAT HawkEye Keylogger HOPLIGHT Microcin NjRAT Olympic Destroyer PLEAD RokRAT Triton Zebrocy |
2019-03-27 ⋅ Symantec ⋅ Critical Attack Discovery and Intelligence Team @online{team:20190327:elfin:d90a330,
author = {Critical Attack Discovery and Intelligence Team},
title = {{Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.}},
date = {2019-03-27},
organization = {Symantec},
url = {https://symantec-blogs.broadcom.com/blogs/threat-intelligence/elfin-apt33-espionage},
language = {English},
urldate = {2020-04-21}
}
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S. DarkComet MimiKatz Nanocore RAT NetWire RC pupy Quasar RAT Remcos StoneDrill TURNEDUP APT33 |
2019-03-27 ⋅ Symantec ⋅ Security Response Attack Investigation Team @online{team:20190327:elfin:836cc39,
author = {Security Response Attack Investigation Team},
title = {{Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.}},
date = {2019-03-27},
organization = {Symantec},
url = {https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage},
language = {English},
urldate = {2020-01-06}
}
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S. DarkComet Nanocore RAT pupy Quasar RAT Remcos TURNEDUP APT33 |
2019-03-25 ⋅ 360 Core Security ⋅ zhanghao-ms @online{zhanghaoms:20190325:patting:92fda17,
author = {zhanghao-ms},
title = {{Patting the Bear (APT-C-37): Exposure of Continued Attacks Against an Armed Organization}},
date = {2019-03-25},
organization = {360 Core Security},
url = {http://blogs.360.cn/post/analysis-of-apt-c-37.html},
language = {Chinese},
urldate = {2020-01-08}
}
Patting the Bear (APT-C-37): Exposure of Continued Attacks Against an Armed Organization Houdini NjRAT |
2019-03-05 ⋅ Tencent ⋅ Tencent @online{tencent:20190305:transparenttribe:55798e4,
author = {Tencent},
title = {{TransparentTribe APT organizes 2019 attacks on Indian government and military targets}},
date = {2019-03-05},
organization = {Tencent},
url = {https://s.tencent.com/research/report/669.html},
language = {Chinese},
urldate = {2020-01-08}
}
TransparentTribe APT organizes 2019 attacks on Indian government and military targets Crimson RAT Unidentified 066 Operation C-Major |
2018-08-02 ⋅ Palo Alto Networks Unit 42 ⋅ Robert Falcone, David Fuertes, Josh Grunzweig, Kyle Wilhoit @online{falcone:20180802:gorgon:06112b1,
author = {Robert Falcone and David Fuertes and Josh Grunzweig and Kyle Wilhoit},
title = {{The Gorgon Group: Slithering Between Nation State and Cybercrime}},
date = {2018-08-02},
organization = {Palo Alto Networks Unit 42},
url = {https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/},
language = {English},
urldate = {2019-12-20}
}
The Gorgon Group: Slithering Between Nation State and Cybercrime Loki Password Stealer (PWS) Nanocore RAT NjRAT Quasar RAT Remcos Revenge RAT |
2018-07-23 ⋅ 360 Threat Intelligence ⋅ Qi Anxin Threat Intelligence Center @online{center:20180723:golden:acfd437,
author = {Qi Anxin Threat Intelligence Center},
title = {{Golden Rat Organization-targeted attack in Syria}},
date = {2018-07-23},
organization = {360 Threat Intelligence},
url = {https://ti.360.net/blog/articles/analysis-of-apt-c-27/},
language = {Chinese},
urldate = {2020-04-28}
}
Golden Rat Organization-targeted attack in Syria NjRAT APT-C-27 |
2018-07-05 ⋅ National Critical Information Infrastructure Protection Centre ⋅ National Critical Information Infrastructure Protection Centre @techreport{centre:20180705:nciipc:2796c50,
author = {National Critical Information Infrastructure Protection Centre},
title = {{NCIIPC Newsletter July 2018}},
date = {2018-07-05},
institution = {National Critical Information Infrastructure Protection Centre},
url = {https://nciipc.gov.in/documents/NCIIPC_Newsletter_July18.pdf},
language = {English},
urldate = {2020-01-10}
}
NCIIPC Newsletter July 2018 Operation C-Major |
2018-07 ⋅ Brian Krebs @online{krebs:201807:luminositylink:1d9ce64,
author = {Brian Krebs},
title = {{‘LuminosityLink RAT’ Author Pleads Guilty}},
date = {2018-07},
url = {https://krebsonsecurity.com/2018/07/luminositylink-rat-author-pleads-guilty/},
language = {English},
urldate = {2019-10-23}
}
‘LuminosityLink RAT’ Author Pleads Guilty Luminosity RAT |
2018-05-18 ⋅ CrowdStrike ⋅ Adam Meyers @online{meyers:20180518:meet:79af163,
author = {Adam Meyers},
title = {{Meet CrowdStrike’s Adversary of the Month for May: MYTHIC LEOPARD}},
date = {2018-05-18},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/adversary-of-the-month-for-may/},
language = {English},
urldate = {2019-12-20}
}
Meet CrowdStrike’s Adversary of the Month for May: MYTHIC LEOPARD Operation C-Major |
2018-05-18 ⋅ Lookout ⋅ Andrew Blaich, Michael Flossman @online{blaich:20180518:stealth:c96fd9b,
author = {Andrew Blaich and Michael Flossman},
title = {{Stealth Mango and Tangelo: Nation state mobile surveillanceware stealing data from military & government officials}},
date = {2018-05-18},
organization = {Lookout},
url = {https://www.lookout.com/blog/stealth-mango},
language = {English},
urldate = {2022-08-26}
}
Stealth Mango and Tangelo: Nation state mobile surveillanceware stealing data from military & government officials Stealth Mango Stealth Mango and Tangelo |
2018-05-15 ⋅ Amnesty International ⋅ Amnesty International @online{international:20180515:pakistan:c41a7ec,
author = {Amnesty International},
title = {{PAKISTAN: HUMAN RIGHTS UNDER SURVEILLANCE}},
date = {2018-05-15},
organization = {Amnesty International},
url = {https://www.amnesty.org/en/documents/asa33/8366/2018/en/},
language = {English},
urldate = {2019-11-28}
}
PAKISTAN: HUMAN RIGHTS UNDER SURVEILLANCE Operation C-Major |
2018-05-15 ⋅ Amnesty International ⋅ Brave @techreport{brave:20180515:human:b4396ac,
author = {Brave},
title = {{HUMAN RIGHTS UNDER SURVEILLANCE DIGITAL THREATS AGAINST HUMAN RIGHTS DEFENDERS IN PAKISTAN}},
date = {2018-05-15},
institution = {Amnesty International},
url = {https://www.amnesty.org/download/Documents/ASA3383662018ENGLISH.PDF},
language = {English},
urldate = {2019-12-10}
}
HUMAN RIGHTS UNDER SURVEILLANCE DIGITAL THREATS AGAINST HUMAN RIGHTS DEFENDERS IN PAKISTAN StealthAgent Crimson RAT |
2018-05-14 ⋅ Lookout ⋅ Lookout @online{lookout:20180514:stealth:ebcc067,
author = {Lookout},
title = {{Stealth Mango & Tangelo Technical Report}},
date = {2018-05-14},
organization = {Lookout},
url = {https://www.lookout.com/info/stealth-mango-report-ty},
language = {English},
urldate = {2020-01-13}
}
Stealth Mango & Tangelo Technical Report Stealth Mango |
2018-05 ⋅ FireEye ⋅ Anca Holban @techreport{holban:201805:mtrends:b30aba2,
author = {Anca Holban},
title = {{M-Trends May 2018: From the field}},
date = {2018-05},
institution = {FireEye},
url = {https://mkd-cirt.mk/wp-content/uploads/2018/08/20181009_3_1_M-Trends2018-May-2018-compressed.pdf},
language = {English},
urldate = {2020-01-06}
}
M-Trends May 2018: From the field Operation C-Major |
2018-02-08 ⋅ Virus Bulletin ⋅ Bahare Sabouri, He Xu @online{sabouri:20180208:review:258f981,
author = {Bahare Sabouri and He Xu},
title = {{A review of the evolution of Andromeda over the years before we say goodbye}},
date = {2018-02-08},
organization = {Virus Bulletin},
url = {https://www.virusbulletin.com/virusbulletin/2018/02/review-evolution-andromeda-over-years-we-say-goodbye/},
language = {English},
urldate = {2021-12-01}
}
A review of the evolution of Andromeda over the years before we say goodbye Andromeda |
2018-02-07 ⋅ Palo Alto Networks Unit 42 ⋅ Simon Conant @online{conant:20180207:rat:5f1eba8,
author = {Simon Conant},
title = {{RAT Trapped? LuminosityLink Falls Foul of Vermin Eradication Efforts}},
date = {2018-02-07},
organization = {Palo Alto Networks Unit 42},
url = {https://researchcenter.paloaltonetworks.com/2018/02/unit42-rat-trapped-luminositylink-falls-foul-vermin-eradication-efforts/},
language = {English},
urldate = {2019-12-20}
}
RAT Trapped? LuminosityLink Falls Foul of Vermin Eradication Efforts Luminosity RAT |
2018 ⋅ FireEye ⋅ FireEye @online{fireeye:2018:apt38:20161b7,
author = {FireEye},
title = {{APT38}},
date = {2018},
organization = {FireEye},
url = {https://content.fireeye.com/apt/rpt-apt38},
language = {English},
urldate = {2020-01-13}
}
APT38 Bitsran BLINDTOAD BOOTWRECK Contopee DarkComet DYEPACK HOTWAX NESTEGG PowerRatankba REDSHAWL WORMHOLE Lazarus Group |
2017-12-04 ⋅ Europol ⋅ Europol @online{europol:20171204:andromeda:2024e4d,
author = {Europol},
title = {{Andromeda botnet dismantled in international cyber operation}},
date = {2017-12-04},
organization = {Europol},
url = {https://www.europol.europa.eu/newsroom/news/andromeda-botnet-dismantled-in-international-cyber-operation},
language = {English},
urldate = {2020-01-09}
}
Andromeda botnet dismantled in international cyber operation Andromeda |
2017-12-04 ⋅ Microsoft ⋅ Microsoft Defender ATP Research Team, Microsoft Digital Crimes Unit @online{team:20171204:microsoft:0cab56d,
author = {Microsoft Defender ATP Research Team and Microsoft Digital Crimes Unit},
title = {{Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda)}},
date = {2017-12-04},
organization = {Microsoft},
url = {https://blogs.technet.microsoft.com/mmpc/2017/12/04/microsoft-teams-up-with-law-enforcement-and-other-partners-to-disrupt-gamarue-andromeda/},
language = {English},
urldate = {2020-01-13}
}
Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda) Andromeda |
2017-03-13 ⋅ Morphisec ⋅ Roy Moshailov @online{moshailov:20170313:moving:91556bc,
author = {Roy Moshailov},
title = {{Moving Target Defense Blog}},
date = {2017-03-13},
organization = {Morphisec},
url = {http://blog.morphisec.com/andromeda-tactics-analyzed},
language = {English},
urldate = {2020-01-13}
}
Moving Target Defense Blog Andromeda |
2017-01-18 ⋅ Cisco ⋅ Andrea Scarfo @online{scarfo:20170118:finding:d28d23c,
author = {Andrea Scarfo},
title = {{Finding the RAT’s Nest}},
date = {2017-01-18},
organization = {Cisco},
url = {https://umbrella.cisco.com/blog/2017/01/18/finding-the-rats-nest/},
language = {English},
urldate = {2019-11-27}
}
Finding the RAT’s Nest Luminosity RAT |
2016-11-30 ⋅ Fortinet ⋅ Lilia Elena Gonzalez Medina @online{medina:20161130:bladabindi:22e025f,
author = {Lilia Elena Gonzalez Medina},
title = {{Bladabindi Remains A Constant Threat By Using Dynamic DNS Services}},
date = {2016-11-30},
organization = {Fortinet},
url = {https://blog.fortinet.com/2016/11/30/bladabindi-remains-a-constant-threat-by-using-dynamic-dns-services},
language = {English},
urldate = {2020-01-09}
}
Bladabindi Remains A Constant Threat By Using Dynamic DNS Services NjRAT |
2016-10-26 ⋅ Unknown ⋅ Chris Doman @online{doman:20161026:moonlight:1edffaa,
author = {Chris Doman},
title = {{Moonlight – Targeted attacks in the Middle East}},
date = {2016-10-26},
organization = {Unknown},
url = {https://www.vectra.ai/blogpost/moonlight-middle-east-targeted-attacks},
language = {English},
urldate = {2020-04-06}
}
Moonlight – Targeted attacks in the Middle East Houdini NjRAT Molerats |
2016-07-30 ⋅ MalwareNailed ⋅ Faisal AM Qureshi @online{qureshi:20160730:luminosity:705e740,
author = {Faisal AM Qureshi},
title = {{Luminosity RAT - Re-purposed}},
date = {2016-07-30},
organization = {MalwareNailed},
url = {http://malwarenailed.blogspot.com/2016/07/luminosity-rat-re-purposed.html},
language = {English},
urldate = {2020-01-13}
}
Luminosity RAT - Re-purposed Luminosity RAT |
2016-07-08 ⋅ Palo Alto Networks Unit 42 ⋅ Josh Grunzweig @online{grunzweig:20160708:investigating:576bb94,
author = {Josh Grunzweig},
title = {{Investigating the LuminosityLink Remote Access Trojan Configuration}},
date = {2016-07-08},
organization = {Palo Alto Networks Unit 42},
url = {https://researchcenter.paloaltonetworks.com/2016/07/unit42-investigating-the-luminositylink-remote-access-trojan-configuration/},
language = {English},
urldate = {2019-12-20}
}
Investigating the LuminosityLink Remote Access Trojan Configuration Luminosity RAT |
2016-06-03 ⋅ FireEye ⋅ Yin Hong Chang, Sudeep Singh @online{chang:20160603:sends:176f9ab,
author = {Yin Hong Chang and Sudeep Singh},
title = {{APT Group Sends Spear Phishing Emails to Indian Government Officials}},
date = {2016-06-03},
organization = {FireEye},
url = {https://www.fireeye.com/blog/threat-research/2016/06/apt_group_sends_spea.html},
language = {English},
urldate = {2019-12-20}
}
APT Group Sends Spear Phishing Emails to Indian Government Officials BreachRAT DarkComet Operation C-Major |
2016-04-06 ⋅ Avast ⋅ Threat Intelligence Team @online{team:20160406:andromeda:4b7f3e6,
author = {Threat Intelligence Team},
title = {{Andromeda under the microscope}},
date = {2016-04-06},
organization = {Avast},
url = {https://blog.avast.com/andromeda-under-the-microscope},
language = {English},
urldate = {2020-01-13}
}
Andromeda under the microscope Andromeda |
2016-03-25 ⋅ Palo Alto Networks Unit 42 ⋅ Robert Falcone, Simon Conant @online{falcone:20160325:projectm:afcff3a,
author = {Robert Falcone and Simon Conant},
title = {{ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe}},
date = {2016-03-25},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/unit42-projectm-link-found-between-pakistani-actor-and-operation-transparent-tribe},
language = {English},
urldate = {2020-01-10}
}
ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe Bozok Operation C-Major |
2016-03-01 ⋅ Proofpoint ⋅ Darien Huss @techreport{huss:20160301:operation:65330f0,
author = {Darien Huss},
title = {{Operation Transparent Tribe}},
date = {2016-03-01},
institution = {Proofpoint},
url = {https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf},
language = {English},
urldate = {2019-12-02}
}
Operation Transparent Tribe Andromeda beendoor Bezigate Crimson RAT Luminosity RAT Operation C-Major |
2016-03 ⋅ Trend Micro ⋅ David Sancho, Feike Hacquebord @techreport{sancho:201603:operation:b3de3b2,
author = {David Sancho and Feike Hacquebord},
title = {{Operation C-Major: Information Theft Campaign Targets Military Personnel in India}},
date = {2016-03},
institution = {Trend Micro},
url = {http://documents.trendmicro.com/assets/pdf/Indian-military-personnel-targeted-by-information-theft-campaign-cmajor.pdf},
language = {English},
urldate = {2020-01-07}
}
Operation C-Major: Information Theft Campaign Targets Military Personnel in India Operation C-Major |
2016 ⋅ Cysinfo ⋅ Monnappa K A @online{a:2016:cyber:140f384,
author = {Monnappa K A},
title = {{CYBER ATTACK IMPERSONATING IDENTITY OF INDIAN THINK TANK TO TARGET CENTRAL BUREAU OF INVESTIGATION (CBI) AND POSSIBLY INDIAN ARMY OFFICIALS}},
date = {2016},
organization = {Cysinfo},
url = {https://cysinfo.com/cyber-attack-targeting-cbi-and-possibly-indian-army-officials},
language = {English},
urldate = {2020-01-07}
}
CYBER ATTACK IMPERSONATING IDENTITY OF INDIAN THINK TANK TO TARGET CENTRAL BUREAU OF INVESTIGATION (CBI) AND POSSIBLY INDIAN ARMY OFFICIALS Operation C-Major |
2015-09-29 ⋅ InfoSec Institute ⋅ Ayoub Faouzi @online{faouzi:20150929:andromeda:543098f,
author = {Ayoub Faouzi},
title = {{Andromeda Bot Analysis part 2}},
date = {2015-09-29},
organization = {InfoSec Institute},
url = {http://resources.infosecinstitute.com/andromeda-bot-analysis-part-two/},
language = {English},
urldate = {2020-01-07}
}
Andromeda Bot Analysis part 2 Andromeda |
2015-09-29 ⋅ InfoSec Institute ⋅ Ayoub Faouzi @online{faouzi:20150929:andromeda:06d70c0,
author = {Ayoub Faouzi},
title = {{Andromeda Bot Analysis part 1}},
date = {2015-09-29},
organization = {InfoSec Institute},
url = {http://resources.infosecinstitute.com/andromeda-bot-analysis/},
language = {English},
urldate = {2020-01-13}
}
Andromeda Bot Analysis part 1 Andromeda |
2015-06-25 ⋅ Proofpoint ⋅ Proofpoint Staff @online{staff:20150625:sundown:53454bc,
author = {Proofpoint Staff},
title = {{Sundown EK Spreads LuminosityLink RAT: Light After Dark}},
date = {2015-06-25},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/threat-insight/post/Light-After-Dark},
language = {English},
urldate = {2019-12-20}
}
Sundown EK Spreads LuminosityLink RAT: Light After Dark Luminosity RAT |
2015-04-17 ⋅ Eternal Todo ⋅ Jose Miguel Esparza @online{esparza:20150417:andromedagamarue:2330f4e,
author = {Jose Miguel Esparza},
title = {{Andromeda/Gamarue bot loves JSON too (new versions details)}},
date = {2015-04-17},
organization = {Eternal Todo},
url = {https://eternal-todo.com/blog/andromeda-gamarue-loves-json},
language = {English},
urldate = {2020-01-10}
}
Andromeda/Gamarue bot loves JSON too (new versions details) Andromeda |
2015-04-15 ⋅ ByteAtlas @online{byteatlas:20150415:knowledge:0d028a7,
author = {ByteAtlas},
title = {{Knowledge Fragment: Bruteforcing Andromeda Configuration Buffers}},
date = {2015-04-15},
url = {https://byte-atlas.blogspot.ch/2015/04/kf-andromeda-bruteforcing.html},
language = {English},
urldate = {2020-01-07}
}
Knowledge Fragment: Bruteforcing Andromeda Configuration Buffers Andromeda |
2015-01-22 ⋅ Trend Micro ⋅ Michael Marcos @online{marcos:20150122:new:1fdb830,
author = {Michael Marcos},
title = {{New RATs Emerge from Leaked Njw0rm Source Code}},
date = {2015-01-22},
organization = {Trend Micro},
url = {http://blog.trendmicro.com/trendlabs-security-intelligence/new-rats-emerge-from-leaked-njw0rm-source-code/},
language = {English},
urldate = {2019-12-17}
}
New RATs Emerge from Leaked Njw0rm Source Code NjRAT |
2013-10-31 ⋅ FireEye ⋅ Thoufique Haq, Ned Moran @online{haq:20131031:know:e772ee9,
author = {Thoufique Haq and Ned Moran},
title = {{Know Your Enemy: Tracking A Rapidly Evolving APT Actor}},
date = {2013-10-31},
organization = {FireEye},
url = {https://www.fireeye.com/blog/threat-research/2013/10/know-your-enemy-tracking-a-rapidly-evolving-apt-actor.html},
language = {English},
urldate = {2019-12-20}
}
Know Your Enemy: Tracking A Rapidly Evolving APT Actor Bozok Poison Ivy TEMPER PANDA |
2013-09-01 ⋅ Eternal Todo ⋅ Jose Miguel Esparza @online{esparza:20130901:yet:d6bf0b6,
author = {Jose Miguel Esparza},
title = {{Yet another Andromeda / Gamarue analysis}},
date = {2013-09-01},
organization = {Eternal Todo},
url = {https://eternal-todo.com/blog/yet-another-andromeda-gamarue-analysis},
language = {English},
urldate = {2020-01-10}
}
Yet another Andromeda / Gamarue analysis Andromeda |
2013-08-01 ⋅ Virus Bulletin ⋅ Suweera De Souza @online{souza:20130801:andromeda:030b7db,
author = {Suweera De Souza},
title = {{Andromeda 2.7 features}},
date = {2013-08-01},
organization = {Virus Bulletin},
url = {https://www.virusbulletin.com/virusbulletin/2013/08/andromeda-2-7-features},
language = {English},
urldate = {2020-01-09}
}
Andromeda 2.7 features Andromeda |
2013-03-30 ⋅ 0xEBFE Blog about life ⋅ 0xEBFE @online{0xebfe:20130330:fooled:88d133a,
author = {0xEBFE},
title = {{Fooled by Andromeda}},
date = {2013-03-30},
organization = {0xEBFE Blog about life},
url = {http://www.0xebfe.net/blog/2013/03/30/fooled-by-andromeda/},
language = {English},
urldate = {2019-07-27}
}
Fooled by Andromeda Andromeda |
2012-10-05 ⋅ Malwarebytes ⋅ Adam Kujawa @online{kujawa:20121005:dark:192d4aa,
author = {Adam Kujawa},
title = {{Dark Comet 2: Electric Boogaloo}},
date = {2012-10-05},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-analysis/2012/10/dark-comet-2-electric-boogaloo/},
language = {English},
urldate = {2019-12-20}
}
Dark Comet 2: Electric Boogaloo DarkComet |
2012-06-21 ⋅ Contagio Dump ⋅ Mila Parkour @online{parkour:20120621:rat:2186087,
author = {Mila Parkour},
title = {{RAT samples from Syrian Targeted attacks - Blackshades RAT, XTreme RAT, Dark Comet RAT used by Syrian Electronic Army}},
date = {2012-06-21},
organization = {Contagio Dump},
url = {http://contagiodump.blogspot.com/2012/06/rat-samples-from-syrian-targeted.html},
language = {English},
urldate = {2019-12-20}
}
RAT samples from Syrian Targeted attacks - Blackshades RAT, XTreme RAT, Dark Comet RAT used by Syrian Electronic Army BlackShades DarkComet Terminator RAT |
2012-06-09 ⋅ Malwarebytes ⋅ Adam Kujawa @online{kujawa:20120609:you:c8d15e0,
author = {Adam Kujawa},
title = {{You dirty RAT! Part 1: DarkComet}},
date = {2012-06-09},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-analysis/2012/06/you-dirty-rat-part-1-darkcomet/},
language = {English},
urldate = {2019-12-20}
}
You dirty RAT! Part 1: DarkComet DarkComet |