aka: C-Major, Transparent Tribe, Mythic Leopard, ProjectM, APT36, APT 36, TMP.Lapis, Green Havildar, COPPER FIELDSTONE
Group targeting Indian Army or related assets in India, as well as activists and civil society in Pakistan. Attribution to a Pakistani connection has been made by TrendMicro and others.
2023-11-22 ⋅ Twitter (@embee_research) ⋅ Embee_research
@online{embeeresearch:20231122:practical:1847814,
author = {Embee_research},
title = {{Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples)}},
date = {2023-11-22},
organization = {Twitter (@embee_research)},
url = {https://embee-research.ghost.io/practical-queries-for-malware-infrastructure-part-3/},
language = {English},
urldate = {2023-11-22}
}
Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples)
BianLian Xtreme RAT NjRAT QakBot RedLine Stealer Remcos |
2023-11-21 ⋅ Medium infoSec Write-ups ⋅ JustAnother-Engineer
@online{justanotherengineer:20231121:unmasking:68727c8,
author = {JustAnother-Engineer},
title = {{Unmasking NJRat: A Deep Dive into a Notorious Remote Access Trojan Part1}},
date = {2023-11-21},
organization = {Medium infoSec Write-ups},
url = {https://infosecwriteups.com/part1-static-code-analysis-of-the-rat-njrat-2f273408df43},
language = {English},
urldate = {2023-11-22}
}
Unmasking NJRat: A Deep Dive into a Notorious Remote Access Trojan Part1
NjRAT |
2023-10-12 ⋅ Cluster25 ⋅ Cluster25 Threat Intel Team
@online{team:20231012:cve202338831:6b50b62,
author = {Cluster25 Threat Intel Team},
title = {{CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations}},
date = {2023-10-12},
organization = {Cluster25},
url = {https://blog.cluster25.duskrise.com/2023/10/12/cve-2023-38831-russian-attack},
language = {English},
urldate = {2023-10-13}
}
CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations
Agent Tesla Crimson RAT Nanocore RAT SmokeLoader |
2023-10-12 ⋅ Spamhaus ⋅ Spamhaus Malware Labs
@techreport{labs:20231012:spamhaus:cc0ff5c,
author = {Spamhaus Malware Labs},
title = {{Spamhaus Botnet Threat Update Q3 2023}},
date = {2023-10-12},
institution = {Spamhaus},
url = {https://info.spamhaus.com/hubfs/Botnet%20Reports/2023%20Q3%20Botnet%20Threat%20Update.pdf},
language = {English},
urldate = {2023-10-17}
}
Spamhaus Botnet Threat Update Q3 2023
FluBot AsyncRAT Ave Maria Cobalt Strike DCRat Havoc IcedID ISFB Nanocore RAT NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Stealc Tofsee Vidar |
2023-09-18 ⋅ SentinelOne ⋅ Alex Delamotte
@online{delamotte:20230918:capratube:77604c8,
author = {Alex Delamotte},
title = {{CapraTube | Transparent Tribe’s CapraRAT Mimics YouTube to Hijack Android Phones}},
date = {2023-09-18},
organization = {SentinelOne},
url = {https://www.sentinelone.com/labs/capratube-transparent-tribes-caprarat-mimics-youtube-to-hijack-android-phones/},
language = {English},
urldate = {2023-09-20}
}
CapraTube | Transparent Tribe’s CapraRAT Mimics YouTube to Hijack Android Phones
CapraRAT |
2023-09-12 ⋅ Zscaler ⋅ Sudeep Singh
@online{singh:20230912:peek:6769a87,
author = {Sudeep Singh},
title = {{A peek into APT36’s updated arsenal}},
date = {2023-09-12},
organization = {Zscaler},
url = {https://www.zscaler.com/blogs/security-research/peek-apt36-s-updated-arsenal},
language = {English},
urldate = {2023-09-18}
}
A peek into APT36’s updated arsenal
ElizaRAT |
2023-07-11 ⋅ Spamhaus ⋅ Spamhaus Malware Labs
@techreport{labs:20230711:spamhaus:4e2885e,
author = {Spamhaus Malware Labs},
title = {{Spamhaus Botnet Threat Update Q2 2023}},
date = {2023-07-11},
institution = {Spamhaus},
url = {https://info.spamhaus.com/hubfs/Botnet%20Reports/2023%20Q2%20Botnet%20Threat%20Update.pdf},
language = {English},
urldate = {2023-07-22}
}
Spamhaus Botnet Threat Update Q2 2023
Hydra AsyncRAT Aurora Stealer Ave Maria BumbleBee Cobalt Strike DCRat Havoc IcedID ISFB NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee |
2023-05-02 ⋅ Seqrite ⋅ Sathwik Ram Prakki
@online{prakki:20230502:transparent:4cb2266,
author = {Sathwik Ram Prakki},
title = {{Transparent Tribe APT actively lures Indian Army amidst increased targeting of Educational Institutions}},
date = {2023-05-02},
organization = {Seqrite},
url = {https://www.seqrite.com/blog/transparent-tribe-apt-actively-lures-indian-army-amidst-increased-targeting-of-educational-institutions},
language = {English},
urldate = {2023-06-09}
}
Transparent Tribe APT actively lures Indian Army amidst increased targeting of Educational Institutions
Crimson RAT |
2023-04-24 ⋅ Kaspersky Labs ⋅ Pierre Delcher, Ivan Kwiatkowski
@online{delcher:20230424:tomiris:2d65352,
author = {Pierre Delcher and Ivan Kwiatkowski},
title = {{Tomiris called, they want their Turla malware back}},
date = {2023-04-24},
organization = {Kaspersky Labs},
url = {https://securelist.com/tomiris-called-they-want-their-turla-malware-back/109552/},
language = {English},
urldate = {2023-04-26}
}
Tomiris called, they want their Turla malware back
KopiLuwak Andromeda Ave Maria GoldMax JLORAT Kazuar Meterpreter QUIETCANARY RATel Roopy Telemiris tomiris Topinambour |
2023-04-12 ⋅ Spamhaus ⋅ Spamhaus Malware Labs
@techreport{labs:20230412:spamhaus:aa309d1,
author = {Spamhaus Malware Labs},
title = {{Spamhaus Botnet Threat Update Q1 2023}},
date = {2023-04-12},
institution = {Spamhaus},
url = {https://info.spamhaus.com/hubfs/Botnet%20Reports/2023%20Q1%20Botnet%20Threat%20Update.pdf},
language = {English},
urldate = {2023-04-18}
}
Spamhaus Botnet Threat Update Q1 2023
FluBot Amadey AsyncRAT Aurora Ave Maria BumbleBee Cobalt Strike DCRat Emotet IcedID ISFB NjRAT QakBot RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee Vidar |
2023-04-10 ⋅ Check Point ⋅ Check Point
@online{point:20230410:march:144c1ad,
author = {Check Point},
title = {{March 2023’s Most Wanted Malware: New Emotet Campaign Bypasses Microsoft Blocks to Distribute Malicious OneNote Files}},
date = {2023-04-10},
organization = {Check Point},
url = {https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/},
language = {English},
urldate = {2023-04-12}
}
March 2023’s Most Wanted Malware: New Emotet Campaign Bypasses Microsoft Blocks to Distribute Malicious OneNote Files
Agent Tesla CloudEyE Emotet Formbook Nanocore RAT NjRAT QakBot Remcos Tofsee |
2023-03-07 ⋅ ESET Research ⋅ Lukáš Štefanko
@online{tefanko:20230307:love:51d570c,
author = {Lukáš Štefanko},
title = {{Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials}},
date = {2023-03-07},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2023/03/07/love-scam-espionage-transparent-tribe-lures-indian-pakistani-officials/},
language = {English},
urldate = {2023-03-13}
}
Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials
CapraRAT |
2023-02-23 ⋅ Bitdefender ⋅ Martin Zugec, Bitdefender Team
@online{zugec:20230223:technical:710242c,
author = {Martin Zugec and Bitdefender Team},
title = {{Technical Advisory: Various Threat Actors Targeting ManageEngine Exploit CVE-2022-47966}},
date = {2023-02-23},
organization = {Bitdefender},
url = {https://businessinsights.bitdefender.com/tech-advisory-manageengine-cve-2022-47966},
language = {English},
urldate = {2023-08-25}
}
Technical Advisory: Various Threat Actors Targeting ManageEngine Exploit CVE-2022-47966
Cobalt Strike DarkComet QuiteRAT RATel |
2023-01-24 ⋅ Trellix ⋅ Daksh Kapur, Tomer Shloman, Robert Venal, John Fokker
@online{kapur:20230124:cyberattacks:0a05372,
author = {Daksh Kapur and Tomer Shloman and Robert Venal and John Fokker},
title = {{Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity}},
date = {2023-01-24},
organization = {Trellix},
url = {https://www.trellix.com/en-us/about/newsroom/stories/research/cyberattacks-targeting-ukraine-increase.html},
language = {English},
urldate = {2023-01-25}
}
Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity
Andromeda Formbook Houdini Remcos |
2023-01-17 ⋅ Trend Micro ⋅ Peter Girnus, Aliakbar Zahravi
@online{girnus:20230117:earth:f1cba60,
author = {Peter Girnus and Aliakbar Zahravi},
title = {{Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures}},
date = {2023-01-17},
organization = {Trend Micro},
url = {https://www.trendmicro.com/en_us/research/23/a/earth-bogle-campaigns-target-middle-east-with-geopolitical-lures.html},
language = {English},
urldate = {2023-01-19}
}
Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures
NjRAT |
2023-01-05 ⋅ Mandiant ⋅ Sarah Hawley, Gabby Roncone, Tyler McLellan, Eduardo Mattos, John Wolfram
@online{hawley:20230105:turla:f1d8f9b,
author = {Sarah Hawley and Gabby Roncone and Tyler McLellan and Eduardo Mattos and John Wolfram},
title = {{Turla: A Galaxy of Opportunity}},
date = {2023-01-05},
organization = {Mandiant},
url = {https://www.mandiant.com/resources/blog/turla-galaxy-opportunity},
language = {English},
urldate = {2023-01-05}
}
Turla: A Galaxy of Opportunity
KopiLuwak Andromeda QUIETCANARY |
2022-12-24 ⋅ di.sclosu.re ⋅ di.sclosu.re
@online{disclosure:20221224:njrat:0b45969,
author = {di.sclosu.re},
title = {{njRAT malware spreading through Discord CDN and Facebook Ads}},
date = {2022-12-24},
organization = {di.sclosu.re},
url = {https://di.sclosu.re/en/njrat-malware-spreading-through-discord-cdn-and-facebook-ads/},
language = {English},
urldate = {2023-01-10}
}
njRAT malware spreading through Discord CDN and Facebook Ads
NjRAT |
2022-11-03 ⋅ Zscaler ⋅ Sudeep Singh
@online{singh:20221103:apt36:33403b8,
author = {Sudeep Singh},
title = {{APT-36 Uses New TTPs and New Tools to Target Indian Governmental Organizations}},
date = {2022-11-03},
organization = {Zscaler},
url = {https://www.zscaler.com/blogs/security-research/apt-36-uses-new-ttps-and-new-tools-target-indian-governmental-organizations},
language = {English},
urldate = {2022-11-12}
}
APT-36 Uses New TTPs and New Tools to Target Indian Governmental Organizations
LimePad |
2022-10-13 ⋅ Spamhaus ⋅ Spamhaus Malware Labs
@techreport{labs:20221013:spamhaus:43e3190,
author = {Spamhaus Malware Labs},
title = {{Spamhaus Botnet Threat Update Q3 2022}},
date = {2022-10-13},
institution = {Spamhaus},
url = {https://info.spamhaus.com/hubfs/Botnet%20Reports/2022%20Q3%20Botnet%20Threat%20Update.pdf},
language = {English},
urldate = {2022-12-29}
}
Spamhaus Botnet Threat Update Q3 2022
FluBot Arkei Stealer AsyncRAT Ave Maria BumbleBee Cobalt Strike DCRat Dridex Emotet Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT QakBot RecordBreaker RedLine Stealer Remcos Socelars Tofsee Vjw0rm |
2022-08-18 ⋅ Proofpoint ⋅ Joe Wise, Selena Larson, Proofpoint Threat Research Team
@online{wise:20220818:reservations:c2f9faf,
author = {Joe Wise and Selena Larson and Proofpoint Threat Research Team},
title = {{Reservations Requested: TA558 Targets Hospitality and Travel}},
date = {2022-08-18},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/blog/threat-insight/reservations-requested-ta558-targets-hospitality-and-travel},
language = {English},
urldate = {2022-08-18}
}
Reservations Requested: TA558 Targets Hospitality and Travel
AsyncRAT Loda NjRAT Ozone RAT Revenge RAT Vjw0rm |
2022-08-17 ⋅ 360 ⋅ 360 Threat Intelligence Center
@online{center:20220817:kasablanka:2a28570,
author = {360 Threat Intelligence Center},
title = {{Kasablanka organizes attacks against political groups and non-profit organizations in the Middle East}},
date = {2022-08-17},
organization = {360},
url = {https://mp.weixin.qq.com/s/mstwBMkS0G3Et4GOji2mwA},
language = {Chinese},
urldate = {2022-08-19}
}
Kasablanka organizes attacks against political groups and non-profit organizations in the Middle East
SpyNote Loda Nanocore RAT NjRAT |
2022-07-13 ⋅ Cisco ⋅ Nick Biasini
@online{biasini:20220713:transparent:b83f9dd,
author = {Nick Biasini},
title = {{Transparent Tribe begins targeting education sector in latest campaign}},
date = {2022-07-13},
organization = {Cisco},
url = {https://blog.talosintelligence.com/2022/07/transparent-tribe-targets-education.html},
language = {English},
urldate = {2022-07-15}
}
Transparent Tribe begins targeting education sector in latest campaign
Crimson RAT Oblique RAT |
2022-06-21 ⋅ Cisco Talos ⋅ Flavio Costa, Chris Neal, Guilherme Venere
@online{costa:20220621:avos:b60a2ad,
author = {Flavio Costa and Chris Neal and Guilherme Venere},
title = {{Avos ransomware group expands with new attack arsenal}},
date = {2022-06-21},
organization = {Cisco Talos},
url = {https://blog.talosintelligence.com/2022/06/avoslocker-new-arsenal.html},
language = {English},
urldate = {2022-06-22}
}
Avos ransomware group expands with new attack arsenal
AvosLocker Cobalt Strike DarkComet MimiKatz |
2022-05-12 ⋅ Morphisec ⋅ Hido Cohen
@online{cohen:20220512:new:6e12278,
author = {Hido Cohen},
title = {{New SYK Crypter Distributed Via Discord}},
date = {2022-05-12},
organization = {Morphisec},
url = {https://blog.morphisec.com/syk-crypter-discord},
language = {English},
urldate = {2022-06-09}
}
New SYK Crypter Distributed Via Discord
AsyncRAT Ave Maria Nanocore RAT NjRAT Quasar RAT RedLine Stealer |
2022-05-11 ⋅ K7 Security ⋅ Saikumaravel
@online{saikumaravel:20220511:transparent:16cdf62,
author = {Saikumaravel},
title = {{Transparent Tribe Targets Educational Institution}},
date = {2022-05-11},
organization = {K7 Security},
url = {https://labs.k7computing.com/index.php/transparent-tribe-targets-educational-institution/},
language = {English},
urldate = {2022-05-17}
}
Transparent Tribe Targets Educational Institution
Crimson RAT |
2022-05-09 ⋅ Blackberry ⋅ The BlackBerry Research & Intelligence Team
@online{team:20220509:dirty:76f87f1,
author = {The BlackBerry Research & Intelligence Team},
title = {{Dirty Deeds Done Dirt Cheap: Russian RAT Offers Backdoor Bargains}},
date = {2022-05-09},
organization = {Blackberry},
url = {https://blogs.blackberry.com/en/2022/05/dirty-deeds-done-dirt-cheap-russian-rat-offers-backdoor-bargains},
language = {English},
urldate = {2022-05-17}
}
Dirty Deeds Done Dirt Cheap: Russian RAT Offers Backdoor Bargains
DCRat NjRAT |
2022-04-27 ⋅ ANSSI ⋅ ANSSI
@techreport{anssi:20220427:le:5d47343,
author = {ANSSI},
title = {{LE GROUPE CYBERCRIMINEL FIN7}},
date = {2022-04-27},
institution = {ANSSI},
url = {https://cert.ssi.gouv.fr/uploads/20220427_NP_TLPWHITE_ANSSI_FIN7.pdf},
language = {French},
urldate = {2022-05-05}
}
LE GROUPE CYBERCRIMINEL FIN7
Bateleur BELLHOP Griffon SQLRat POWERSOURCE Andromeda BABYMETAL BlackCat BlackMatter BOOSTWRITE Carbanak Cobalt Strike DNSMessenger Dridex DRIFTPIN Gameover P2P MimiKatz Murofet Qadars Ranbyus SocksBot |
2022-04-26 ⋅ Trend Micro ⋅ Ryan Flores, Stephen Hilt, Lord Alfred Remorin
@online{flores:20220426:how:28d9476,
author = {Ryan Flores and Stephen Hilt and Lord Alfred Remorin},
title = {{How Cybercriminals Abuse Cloud Tunneling Services}},
date = {2022-04-26},
organization = {Trend Micro},
url = {https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/how-cybercriminals-abuse-cloud-tunneling-services},
language = {English},
urldate = {2022-05-03}
}
How Cybercriminals Abuse Cloud Tunneling Services
AsyncRAT Cobalt Strike DarkComet Meterpreter Nanocore RAT |
2022-03-29 ⋅ Cisco Talos ⋅ Asheer Malhotra, Justin Thattil, Kendall McKay
@online{malhotra:20220329:transparent:dcf66a7,
author = {Asheer Malhotra and Justin Thattil and Kendall McKay},
title = {{Transparent Tribe campaign uses new bespoke malware to target Indian government officials}},
date = {2022-03-29},
organization = {Cisco Talos},
url = {https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html?m=1},
language = {English},
urldate = {2022-03-30}
}
Transparent Tribe campaign uses new bespoke malware to target Indian government officials
Crimson RAT |
2022-03-29 ⋅ Bleeping Computer ⋅ Bill Toulas
@online{toulas:20220329:hackers:06380e1,
author = {Bill Toulas},
title = {{Hackers use modified MFA tool against Indian govt employees}},
date = {2022-03-29},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/hackers-use-modified-mfa-tool-against-indian-govt-employees/},
language = {English},
urldate = {2022-03-30}
}
Hackers use modified MFA tool against Indian govt employees
Crimson RAT Oblique RAT |
2022-03-23 ⋅ EcuCert ⋅ EcuCert
@techreport{ecucert:20220323:aptc36:7f5e46b,
author = {EcuCert},
title = {{APT-C-36 Advanced Persistent Threat Campaign Could be present in Ecuador}},
date = {2022-03-23},
institution = {EcuCert},
url = {https://www.ecucert.gob.ec/wp-content/uploads/2022/03/alerta-APTs-2022-03-23.pdf},
language = {Spanish},
urldate = {2023-12-04}
}
APT-C-36 Advanced Persistent Threat Campaign Could be present in Ecuador
NjRAT |
2022-03-10 ⋅ Twitter (@Katechondic) ⋅ Katechondic
@online{katechondic:20220310:additional:5dd63e9,
author = {Katechondic},
title = {{Tweet on additional computer names "desktop-g1i8n3f" & "desktop-j6llo2k", seen with Crimson RAT C2 infrastructure used by APT36}},
date = {2022-03-10},
organization = {Twitter (@Katechondic)},
url = {https://twitter.com/katechondic/status/1502206599166939137},
language = {English},
urldate = {2022-03-14}
}
Tweet on additional computer names "desktop-g1i8n3f" & "desktop-j6llo2k", seen with Crimson RAT C2 infrastructure used by APT36
Crimson RAT |
2022-03-10 ⋅ Twitter (@teamcymru_S2) ⋅ Team Cymru
@online{cymru:20220310:crimson:a646aac,
author = {Team Cymru},
title = {{Tweet on Crimson RAT infrastructure used by APT36}},
date = {2022-03-10},
organization = {Twitter (@teamcymru_S2)},
url = {https://twitter.com/teamcymru_S2/status/1501955802025836546},
language = {English},
urldate = {2022-03-14}
}
Tweet on Crimson RAT infrastructure used by APT36
Crimson RAT |
2022-03-09 ⋅ Lab52 ⋅ Lab52
@online{lab52:20220309:very:b667537,
author = {Lab52},
title = {{Very very lazy Lazyscripter’s scripts: double compromise in a single obfuscation}},
date = {2022-03-09},
organization = {Lab52},
url = {https://lab52.io/blog/very-very-lazy-lazyscripters-scripts-double-compromise-in-a-single-obfuscation/},
language = {English},
urldate = {2022-03-10}
}
Very very lazy Lazyscripter’s scripts: double compromise in a single obfuscation
NjRAT |
2022-02-11 ⋅ Cisco Talos ⋅ Talos
@online{talos:20220211:threat:fcad762,
author = {Talos},
title = {{Threat Roundup for February 4 to February 11}},
date = {2022-02-11},
organization = {Cisco Talos},
url = {https://blog.talosintelligence.com/2022/02/threat-roundup-0204-0211.html},
language = {English},
urldate = {2022-02-14}
}
Threat Roundup for February 4 to February 11
DarkComet Ghost RAT Loki Password Stealer (PWS) Tinba Tofsee Zeus |
2022-02-09 ⋅ Sentinel LABS ⋅ Tom Hegel
@online{hegel:20220209:modifiedelephant:b004138,
author = {Tom Hegel},
title = {{ModifiedElephant APT and a Decade of Fabricating Evidence}},
date = {2022-02-09},
organization = {Sentinel LABS},
url = {https://www.sentinelone.com/labs/modifiedelephant-apt-and-a-decade-of-fabricating-evidence/},
language = {English},
urldate = {2022-02-14}
}
ModifiedElephant APT and a Decade of Fabricating Evidence
DarkComet Incubator NetWire RC ModifiedElephant |
2022-02-09 ⋅ SentinelOne ⋅ Tom Hegel, Juan Andrés Guerrero-Saade
@techreport{hegel:20220209:modified:3c039c6,
author = {Tom Hegel and Juan Andrés Guerrero-Saade},
title = {{Modified Elephant APT and a Decade of Fabricating Evidence}},
date = {2022-02-09},
institution = {SentinelOne},
url = {https://www.sentinelone.com/wp-content/uploads/2022/02/Modified-Elephant-APT-and-a-Decade-of-Fabricating-Evidence-SentinelLabs.pdf},
language = {English},
urldate = {2022-02-14}
}
Modified Elephant APT and a Decade of Fabricating Evidence
DarkComet Incubator NetWire RC |
2022-02-08 ⋅ Intel 471 ⋅ Intel 471
@online{471:20220208:privateloader:5e226cd,
author = {Intel 471},
title = {{PrivateLoader: The first step in many malware schemes}},
date = {2022-02-08},
organization = {Intel 471},
url = {https://intel471.com/blog/privateloader-malware},
language = {English},
urldate = {2022-05-09}
}
PrivateLoader: The first step in many malware schemes
Dridex Kronos LockBit Nanocore RAT NjRAT PrivateLoader Quasar RAT RedLine Stealer Remcos SmokeLoader STOP Tofsee TrickBot Vidar |
2022-02-03 ⋅ forensicitguy ⋅ Tony Lambert
@online{lambert:20220203:njrat:88ea206,
author = {Tony Lambert},
title = {{njRAT Installed from a MSI}},
date = {2022-02-03},
organization = {forensicitguy},
url = {https://forensicitguy.github.io/njrat-installed-from-msi/},
language = {English},
urldate = {2022-02-04}
}
njRAT Installed from a MSI
NjRAT |
2022-01-24 ⋅ Trend Micro ⋅ Trend Micro
@online{micro:20220124:investigating:a7e6049,
author = {Trend Micro},
title = {{Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal (IOCs)}},
date = {2022-01-24},
organization = {Trend Micro},
url = {https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/investigating-apt36-or-earth-karkaddan-attack-chain-and-malware-arsenal/IoCs_Investigating%20APT36%20or%20Earth%20Karkaddan%20Attack%20Chain%20and%20Malware%20Arsenal.rtf},
language = {English},
urldate = {2022-01-25}
}
Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal (IOCs)
Crimson RAT Oblique RAT |
2022-01-24 ⋅ Trend Micro ⋅ Trend Micro
@online{micro:20220124:investigating:5e9386a,
author = {Trend Micro},
title = {{Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal}},
date = {2022-01-24},
organization = {Trend Micro},
url = {https://www.trendmicro.com/en_us/research/22/a/investigating-apt36-or-earth-karkaddans-attack-chain-and-malware.html},
language = {English},
urldate = {2022-01-25}
}
Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal
CapraRAT Crimson RAT Oblique RAT |
2022-01-24 ⋅ Trend Micro ⋅ Trend Micro
@techreport{micro:20220124:investigating:7727327,
author = {Trend Micro},
title = {{Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal}},
date = {2022-01-24},
institution = {Trend Micro},
url = {https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/investigating-apt36-or-earth-karkaddan-attack-chain-and-malware-arsenal/Earth%20Karkaddan%20APT-%20Adversary%20Intelligence%20and%20Monitoring%20Report.pdf},
language = {English},
urldate = {2022-01-25}
}
Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal
Crimson RAT Oblique RAT |
2022-01-12 ⋅ Cyber And Ramen blog ⋅ Mike R
@online{r:20220112:analysis:2f570a4,
author = {Mike R},
title = {{Analysis of njRAT PowerPoint Macros}},
date = {2022-01-12},
organization = {Cyber And Ramen blog},
url = {https://cyberandramen.net/2022/01/12/analysis-of-njrat-powerpoint-macros/},
language = {English},
urldate = {2022-04-05}
}
Analysis of njRAT PowerPoint Macros
NjRAT |
2021-12-22 ⋅ Know Chuangyu ⋅ Know Chuangyu
@online{chuangyu:20211222:tracking:5b23633,
author = {Know Chuangyu},
title = {{APT Tracking Analytics: Transparent Tribe Attack Activity}},
date = {2021-12-22},
organization = {Know Chuangyu},
url = {https://www.4hou.com/posts/vLzM},
language = {English},
urldate = {2021-12-23}
}
APT Tracking Analytics: Transparent Tribe Attack Activity
Crimson RAT |
2021-11-30 ⋅ CYBER GEEKS All Things Infosec ⋅ CyberMasterV
@online{cybermasterv:20211130:just:d5f53c9,
author = {CyberMasterV},
title = {{Just another analysis of the njRAT malware – A step-by-step approach}},
date = {2021-11-30},
organization = {CYBER GEEKS All Things Infosec},
url = {https://cybergeeks.tech/just-another-analysis-of-the-njrat-malware-a-step-by-step-approach/},
language = {English},
urldate = {2021-12-06}
}
Just another analysis of the njRAT malware – A step-by-step approach
NjRAT |
2021-11-29 ⋅ Trend Micro ⋅ Jaromír Hořejší
@online{hoej:20211129:campaign:6e23cf5,
author = {Jaromír Hořejší},
title = {{Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites}},
date = {2021-11-29},
organization = {Trend Micro},
url = {https://www.trendmicro.com/en_us/research/21/k/campaign-abusing-rats-uses-fake-websites.html},
language = {English},
urldate = {2021-12-07}
}
Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites
AsyncRAT Azorult Nanocore RAT NjRAT RedLine Stealer Remcos |
2021-11-18 ⋅ Red Canary ⋅ The Red Canary Team
@online{team:20211118:intelligence:7b00cb9,
author = {The Red Canary Team},
title = {{Intelligence Insights: November 2021}},
date = {2021-11-18},
organization = {Red Canary},
url = {https://redcanary.com/blog/intelligence-insights-november-2021/},
language = {English},
urldate = {2021-11-19}
}
Intelligence Insights: November 2021
Andromeda Conti LockBit QakBot Squirrelwaffle |
2021-11-11 ⋅ Microsoft ⋅ Microsoft 365 Defender Threat Intelligence Team
@online{team:20211111:html:410a27f,
author = {Microsoft 365 Defender Threat Intelligence Team},
title = {{HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks}},
date = {2021-11-11},
organization = {Microsoft},
url = {https://www.microsoft.com/security/blog/2021/11/11/html-smuggling-surges-highly-evasive-loader-technique-increasingly-used-in-banking-malware-targeted-attacks/},
language = {English},
urldate = {2021-11-12}
}
HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks
AsyncRAT Mekotio NjRAT |
2021-11-10 ⋅ AhnLab ⋅ ASEC Analysis Team
@techreport{team:20211110:analysis:9630125,
author = {ASEC Analysis Team},
title = {{Analysis Report of Lazarus Group’s NukeSped Malware}},
date = {2021-11-10},
institution = {AhnLab},
url = {https://asec.ahnlab.com/wp-content/uploads/2021/11/Lazarus-%EA%B7%B8%EB%A3%B9%EC%9D%98-NukeSped-%EC%95%85%EC%84%B1%EC%BD%94%EB%93%9C-%EB%B6%84%EC%84%9D-%EB%B3%B4%EA%B3%A0%EC%84%9C.pdf},
language = {Korean},
urldate = {2023-08-17}
}
Analysis Report of Lazarus Group’s NukeSped Malware
DarkComet Tiger RAT |
2021-10-26 ⋅ Kaspersky ⋅ Kaspersky Lab ICS CERT
@techreport{cert:20211026:attacks:6f30d0f,
author = {Kaspersky Lab ICS CERT},
title = {{APT attacks on industrial organizations in H1 2021}},
date = {2021-10-26},
institution = {Kaspersky},
url = {https://ics-cert.kaspersky.com/media/Kaspersky-ICS-CERT-APT-attacks-on-industrial-organizations-in-H1-2021-En.pdf},
language = {English},
urldate = {2021-11-08}
}
APT attacks on industrial organizations in H1 2021
8.t Dropper AllaKore AsyncRAT GoldMax LimeRAT NjRAT NoxPlayer Raindrop ReverseRAT ShadowPad Zebrocy |
2021-10-15 ⋅ ESET Research ⋅ ESET Research
@online{research:20211015:malicious:04da9c1,
author = {ESET Research},
title = {{Tweet on a malicious campaign targeting governmental and education entities in Colombia using multiple stages to drop AsyncRAT or njRAT Keylogger on their victims}},
date = {2021-10-15},
organization = {ESET Research},
url = {https://twitter.com/ESETresearch/status/1449132020613922828},
language = {English},
urldate = {2021-11-08}
}
Tweet on a malicious campaign targeting governmental and education entities in Colombia using multiple stages to drop AsyncRAT or njRAT Keylogger on their victims
AsyncRAT NjRAT |
2021-10-13 ⋅ Anchored Narratives on Threat Intelligence and Geopolitics ⋅ RJM
@online{rjm:20211013:trouble:c988e46,
author = {RJM},
title = {{Trouble in Asia and the Middle East. Tracking the TransparentTribe threat actor.}},
date = {2021-10-13},
organization = {Anchored Narratives on Threat Intelligence and Geopolitics},
url = {https://anchorednarratives.substack.com/p/trouble-in-asia-and-the-middle-east},
language = {English},
urldate = {2021-10-14}
}
Trouble in Asia and the Middle East. Tracking the TransparentTribe threat actor.
Crimson RAT |
2021-09-20 ⋅ Trend Micro ⋅ Aliakbar Zahravi, William Gamazo Sanchez
@online{zahravi:20210920:water:63df486,
author = {Aliakbar Zahravi and William Gamazo Sanchez},
title = {{Water Basilisk Uses New HCrypt Variant to Flood Victims with RAT Payloads}},
date = {2021-09-20},
organization = {Trend Micro},
url = {https://www.trendmicro.com/en_us/research/21/i/Water-Basilisk-Uses-New-HCrypt-Variant-to-Flood-Victims-with-RAT-Payloads.html},
language = {English},
urldate = {2021-09-22}
}
Water Basilisk Uses New HCrypt Variant to Flood Victims with RAT Payloads
Ave Maria BitRAT LimeRAT Nanocore RAT NjRAT Quasar RAT |
2021-09-16 ⋅ Cisco ⋅ Tiago Pereira, Vitor Ventura
@online{pereira:20210916:operation:133992d,
author = {Tiago Pereira and Vitor Ventura},
title = {{Operation Layover: How we tracked an attack on the aviation industry to five years of compromise}},
date = {2021-09-16},
organization = {Cisco},
url = {https://blog.talosintelligence.com/2021/09/operation-layover-how-we-tracked-attack.html},
language = {English},
urldate = {2021-09-19}
}
Operation Layover: How we tracked an attack on the aviation industry to five years of compromise
AsyncRAT Houdini NjRAT |
2021-09-13 ⋅ Trend Micro ⋅ Jaromír Hořejší, Daniel Lunghi
@online{hoej:20210913:aptc36:d6456f8,
author = {Jaromír Hořejší and Daniel Lunghi},
title = {{APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs (IOCs)}},
date = {2021-09-13},
organization = {Trend Micro},
url = {https://www.trendmicro.com/content/dam/trendmicro/global/en/research/21/i/apt-c-36-updates-its-long-term-spam-campaign-against-south-american-entities-with-commodity-rats/BlindEagleIOCList.txt},
language = {English},
urldate = {2021-09-14}
}
APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs (IOCs)
AsyncRAT Ave Maria BitRAT Imminent Monitor RAT LimeRAT NjRAT Remcos |
2021-09-13 ⋅ Trend Micro ⋅ Jaromír Hořejší, Daniel Lunghi
@online{hoej:20210913:aptc36:9b97238,
author = {Jaromír Hořejší and Daniel Lunghi},
title = {{APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs}},
date = {2021-09-13},
organization = {Trend Micro},
url = {https://www.trendmicro.com/en_us/research/21/i/apt-c-36-updates-its-long-term-spam-campaign-against-south-ameri.html},
language = {English},
urldate = {2021-09-14}
}
APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs
AsyncRAT Ave Maria BitRAT Imminent Monitor RAT LimeRAT NjRAT Remcos |
2021-09-08 ⋅ Microstep Intelligence Bureau ⋅ Microstep Online Research Response Center
@online{center:20210908:trilateral:aedcf24,
author = {Microstep Online Research Response Center},
title = {{Trilateral operation: years of cyberespionage against countries in south asia and the middle east (APT36)}},
date = {2021-09-08},
organization = {Microstep Intelligence Bureau},
url = {https://mp.weixin.qq.com/s/AhxP5HmROtMsFBiUxj0cFg},
language = {Chinese},
urldate = {2021-09-14}
}
Trilateral operation: years of cyberespionage against countries in south asia and the middle east (APT36)
AndroRAT Crimson RAT |
2021-09-01 ⋅ 360 Threat Intelligence Center ⋅ Advanced Threat Institute
@online{institute:20210901:aptc56:0f08cce,
author = {Advanced Threat Institute},
title = {{APT-C-56 (Transparent Tribe) Latest Attack Analysis and Associated Suspected Gorgon Group Attack Analysis Alert}},
date = {2021-09-01},
organization = {360 Threat Intelligence Center},
url = {https://mp.weixin.qq.com/s/xUM2x89GuB8uP6otN612Fg},
language = {Chinese},
urldate = {2021-09-09}
}
APT-C-56 (Transparent Tribe) Latest Attack Analysis and Associated Suspected Gorgon Group Attack Analysis Alert
Crimson RAT NetWire RC |
2021-08-19 ⋅ Talos ⋅ Asheer Malhotra, Vitor Ventura, Vanja Svajcer
@online{malhotra:20210819:malicious:e04d4c9,
author = {Asheer Malhotra and Vitor Ventura and Vanja Svajcer},
title = {{Malicious Campaign Targets Latin America: The seller, The operator and a curious link}},
date = {2021-08-19},
organization = {Talos},
url = {https://blog.talosintelligence.com/2021/08/rat-campaign-targets-latin-america.html},
language = {English},
urldate = {2021-08-30}
}
Malicious Campaign Targets Latin America: The seller, The operator and a curious link
AsyncRAT NjRAT |
2021-07-30 ⋅ Menlo Security ⋅ MENLO Security
@online{security:20210730:isomorph:83956a0,
author = {MENLO Security},
title = {{ISOMorph Infection: In-Depth Analysis of a New HTML Smuggling Campaign}},
date = {2021-07-30},
organization = {Menlo Security},
url = {https://www.menlosecurity.com/blog/isomorph-infection-in-depth-analysis-of-a-new-html-smuggling-campaign/},
language = {English},
urldate = {2021-08-02}
}
ISOMorph Infection: In-Depth Analysis of a New HTML Smuggling Campaign
AsyncRAT NjRAT |
2021-07-12 ⋅ IBM ⋅ Melissa Frydrych, Claire Zaboeva, Dan Dash
@online{frydrych:20210712:roboski:1f66418,
author = {Melissa Frydrych and Claire Zaboeva and Dan Dash},
title = {{RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation}},
date = {2021-07-12},
organization = {IBM},
url = {https://securityintelligence.com/posts/roboski-global-recovery-automation/},
language = {English},
urldate = {2021-07-20}
}
RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation
404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos |
2021-07-12 ⋅ Cipher Tech Solutions ⋅ Melissa Frydrych, Claire Zaboeva, Dan Dash
@online{frydrych:20210712:roboski:a3c66bf,
author = {Melissa Frydrych and Claire Zaboeva and Dan Dash},
title = {{RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation}},
date = {2021-07-12},
organization = {Cipher Tech Solutions},
url = {https://www.ciphertechsolutions.com/roboski-global-recovery-automation/},
language = {English},
urldate = {2021-07-20}
}
RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation
404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos |
2021-07-09 ⋅ Seqrite ⋅ Chaitanya Haritash, Nihar Deshpande, Shayak Tarafdar
@techreport{haritash:20210709:seqrite:8d36786,
author = {Chaitanya Haritash and Nihar Deshpande and Shayak Tarafdar},
title = {{Seqrite uncovers second wave of Operation SideCopy targeting Indian critical infrastructure PSUs}},
date = {2021-07-09},
institution = {Seqrite},
url = {https://www.seqrite.com/documents/en/white-papers/Whitepaper-OperationSideCopy.pdf},
language = {English},
urldate = {2021-07-20}
}
Seqrite uncovers second wave of Operation SideCopy targeting Indian critical infrastructure PSUs
NjRAT ReverseRAT |
2021-07-07 ⋅ Talos Intelligence ⋅ Asheer Malhotra, Justin Thattil
@online{malhotra:20210707:insidecopy:eca169d,
author = {Asheer Malhotra and Justin Thattil},
title = {{InSideCopy: How this APT continues to evolve its arsenal}},
date = {2021-07-07},
organization = {Talos Intelligence},
url = {https://blog.talosintelligence.com/2021/07/sidecopy.html},
language = {English},
urldate = {2021-07-08}
}
InSideCopy: How this APT continues to evolve its arsenal
AllaKore NjRAT SideCopy |
2021-07-07 ⋅ Talos ⋅ Asheer Malhotra, Justin Thattil
@techreport{malhotra:20210707:insidecopy:107d438,
author = {Asheer Malhotra and Justin Thattil},
title = {{InSideCopy: How this APT continues to evolve its arsenal}},
date = {2021-07-07},
institution = {Talos},
url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/591/original/062521_SideCopy_%281%29.pdf},
language = {English},
urldate = {2021-07-09}
}
InSideCopy: How this APT continues to evolve its arsenal
AllaKore Lilith NjRAT |
2021-07-07 ⋅ Talos ⋅ Asheer Malhotra, Justin Thattil
@online{malhotra:20210707:insidecopy:ac5b778,
author = {Asheer Malhotra and Justin Thattil},
title = {{InSideCopy: How this APT continues to evolve its arsenal (Network IOCs)}},
date = {2021-07-07},
organization = {Talos},
url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/594/original/Network_IOCs_list_for_coverage.txt?1625657479},
language = {English},
urldate = {2021-07-09}
}
InSideCopy: How this APT continues to evolve its arsenal (Network IOCs)
AllaKore Lilith NjRAT |
2021-07-07 ⋅ Talos ⋅ Asheer Malhotra, Justin Thattil
@online{malhotra:20210707:insidecopy:e6b25bb,
author = {Asheer Malhotra and Justin Thattil},
title = {{InSideCopy: How this APT continues to evolve its arsenal (IOCs)}},
date = {2021-07-07},
organization = {Talos},
url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/592/original/Hashes_IOCs_for_coverage.txt},
language = {English},
urldate = {2021-07-09}
}
InSideCopy: How this APT continues to evolve its arsenal (IOCs)
AllaKore Lilith NjRAT |
2021-07-02 ⋅ Team Cymru ⋅ Joshua Picolet
@online{picolet:20210702:transparent:329d046,
author = {Joshua Picolet},
title = {{Transparent Tribe APT Infrastructure Mapping Part 2: A Deeper Dive into the Identification of CrimsonRAT Infrastructure}},
date = {2021-07-02},
organization = {Team Cymru},
url = {https://team-cymru.com/blog/2021/07/02/transparent-tribe-apt-infrastructure-mapping-2/},
language = {English},
urldate = {2021-07-11}
}
Transparent Tribe APT Infrastructure Mapping Part 2: A Deeper Dive into the Identification of CrimsonRAT Infrastructure
Crimson RAT |
2021-07-02 ⋅ Cisco ⋅ Asheer Malhotra, Justin Thattil
@online{malhotra:20210702:insidecopy:c85188c,
author = {Asheer Malhotra and Justin Thattil},
title = {{InSideCopy: How this APT continues to evolve its arsenal}},
date = {2021-07-02},
organization = {Cisco},
url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/591/original/062521_SideCopy_%281%29.pdf?1625657388},
language = {English},
urldate = {2022-01-25}
}
InSideCopy: How this APT continues to evolve its arsenal
AllaKore CetaRAT Lilith NjRAT ReverseRAT |
2021-05-13 ⋅ Talos ⋅ Asheer Malhotra, Justin Thattil, Kendall McKay
@online{malhotra:20210513:transparent:9993964,
author = {Asheer Malhotra and Justin Thattil and Kendall McKay},
title = {{Transparent Tribe APT expands its Windows malware arsenal}},
date = {2021-05-13},
organization = {Talos},
url = {https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html},
language = {English},
urldate = {2021-05-13}
}
Transparent Tribe APT expands its Windows malware arsenal
Crimson RAT Oblique RAT |
2021-05-05 ⋅ Zscaler ⋅ Aniruddha Dolas, Mohd Sadique, Manohar Ghule
@online{dolas:20210505:catching:ace83fc,
author = {Aniruddha Dolas and Mohd Sadique and Manohar Ghule},
title = {{Catching RATs Over Custom Protocols Analysis of top non-HTTP/S threats}},
date = {2021-05-05},
organization = {Zscaler},
url = {https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols},
language = {English},
urldate = {2021-05-08}
}
Catching RATs Over Custom Protocols Analysis of top non-HTTP/S threats
Agent Tesla AsyncRAT Crimson RAT CyberGate Ghost RAT Nanocore RAT NetWire RC NjRAT Quasar RAT Remcos |
2021-04-30 ⋅ Cybleinc ⋅ cybleinc
@online{cybleinc:20210430:transparent:1df2639,
author = {cybleinc},
title = {{Transparent Tribe Operating with a New Variant of Crimson RAT}},
date = {2021-04-30},
organization = {Cybleinc},
url = {https://cybleinc.com/2021/04/30/transparent-tribe-operating-with-a-new-variant-of-crimson-rat/},
language = {English},
urldate = {2021-05-03}
}
Transparent Tribe Operating with a New Variant of Crimson RAT
Crimson RAT |
2021-04-27 ⋅ Kaspersky ⋅ GReAT
@online{great:20210427:trends:e1c92a3,
author = {GReAT},
title = {{APT trends report Q1 2021}},
date = {2021-04-27},
organization = {Kaspersky},
url = {https://securelist.com/apt-trends-report-q1-2021/101967/},
language = {English},
urldate = {2021-04-29}
}
APT trends report Q1 2021
PAS Artra Downloader BadNews Bozok DILLJUICE Kazuar Quasar RAT SodaMaster |
2021-04-21 ⋅ Facebook ⋅ Mike Dvilyanski, David Agranovich
@online{dvilyanski:20210421:taking:23e0fb2,
author = {Mike Dvilyanski and David Agranovich},
title = {{Taking Action Against Hackers in Palestine}},
date = {2021-04-21},
organization = {Facebook},
url = {https://about.fb.com/news/2021/04/taking-action-against-hackers-in-palestine/},
language = {English},
urldate = {2021-04-28}
}
Taking Action Against Hackers in Palestine
SpyNote Houdini NjRAT |
2021-04-20 ⋅ 360 Threat Intelligence Center ⋅ Advanced Threat Institute
@online{institute:20210420:transparent:1033b04,
author = {Advanced Threat Institute},
title = {{Transparent Tribe uses the new crown vaccine hotspot to analyze the targeted attacks on the Indian medical industry}},
date = {2021-04-20},
organization = {360 Threat Intelligence Center},
url = {https://mp.weixin.qq.com/s/ELYDvdMiiy4FZ3KpmAddZQ},
language = {Chinese},
urldate = {2021-04-28}
}
Transparent Tribe uses the new crown vaccine hotspot to analyze the targeted attacks on the Indian medical industry
Crimson RAT |
2021-04-16 ⋅ Team Cymru ⋅ Joshua Picolet
@online{picolet:20210416:transparent:645e443,
author = {Joshua Picolet},
title = {{Transparent Tribe APT Infrastructure Mapping Part 1: A High-Level Study of CrimsonRAT Infrastructure October 2020 – March 2021}},
date = {2021-04-16},
organization = {Team Cymru},
url = {https://team-cymru.com/blog/2021/04/16/transparent-tribe-apt-infrastructure-mapping/},
language = {English},
urldate = {2021-04-19}
}
Transparent Tribe APT Infrastructure Mapping Part 1: A High-Level Study of CrimsonRAT Infrastructure October 2020 – March 2021
Crimson RAT |
2021-03-31 ⋅ Red Canary ⋅ Red Canary
@techreport{canary:20210331:2021:cd81f2d,
author = {Red Canary},
title = {{2021 Threat Detection Report}},
date = {2021-03-31},
institution = {Red Canary},
url = {https://resource.redcanary.com/rs/003-YRU-314/images/2021-Threat-Detection-Report.pdf},
language = {English},
urldate = {2021-04-06}
}
2021 Threat Detection Report
Shlayer Andromeda Cobalt Strike Dridex Emotet IcedID MimiKatz QakBot TrickBot |
2021-03-22 ⋅ K7 Security ⋅ Mary Muthu Francisca
@online{francisca:20210322:malspam:7d33257,
author = {Mary Muthu Francisca},
title = {{MalSpam Campaigns Download njRAT from Paste Sites}},
date = {2021-03-22},
organization = {K7 Security},
url = {https://labs.k7computing.com/?p=21904},
language = {English},
urldate = {2021-03-25}
}
MalSpam Campaigns Download njRAT from Paste Sites
NjRAT |
2021-03-21 ⋅ Blackberry ⋅ Blackberry Research
@techreport{research:20210321:2021:a393473,
author = {Blackberry Research},
title = {{2021 Threat Report}},
date = {2021-03-21},
institution = {Blackberry},
url = {https://www.blackberry.com/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-bb-2021-threat-report.pdf},
language = {English},
urldate = {2021-03-25}
}
2021 Threat Report
Bashlite FritzFrog IPStorm Mirai Tsunami elf.wellmess AppleJeus Dacls EvilQuest Manuscrypt Astaroth BazarBackdoor Cerber Cobalt Strike Emotet FinFisher RAT Kwampirs MimiKatz NjRAT Ryuk SmokeLoader TrickBot |
2021-02-28 ⋅ PWC UK ⋅ PWC UK
@techreport{uk:20210228:cyber:bd780cd,
author = {PWC UK},
title = {{Cyber Threats 2020: A Year in Retrospect}},
date = {2021-02-28},
institution = {PWC UK},
url = {https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf},
language = {English},
urldate = {2021-03-04}
}
Cyber Threats 2020: A Year in Retrospect
elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team |
2021-02-25 ⋅ Intezer ⋅ Intezer
@techreport{intezer:20210225:year:eb47cd1,
author = {Intezer},
title = {{Year of the Gopher A 2020 Go Malware Round-Up}},
date = {2021-02-25},
institution = {Intezer},
url = {https://www.intezer.com/wp-content/uploads/2021/02/Intezer-2020-Go-Malware-Round-Up.pdf},
language = {English},
urldate = {2021-06-30}
}
Year of the Gopher A 2020 Go Malware Round-Up
NiuB WellMail elf.wellmess ArdaMax AsyncRAT CyberGate DarkComet Glupteba Nanocore RAT Nefilim NjRAT Quasar RAT WellMess Zebrocy |
2021-01-18 ⋅ Twitter (@teamcymru) ⋅ Team Cymru
@online{cymru:20210118:apt36:e2e83ce,
author = {Team Cymru},
title = {{Tweet on APT36 CrimsonRAT C2}},
date = {2021-01-18},
organization = {Twitter (@teamcymru)},
url = {https://twitter.com/teamcymru/status/1351228309632385027},
language = {English},
urldate = {2021-01-21}
}
Tweet on APT36 CrimsonRAT C2
Crimson RAT |
2021-01-11 ⋅ ESET Research ⋅ Matías Porolli
@online{porolli:20210111:operation:409662d,
author = {Matías Porolli},
title = {{Operation Spalax: Targeted malware attacks in Colombia}},
date = {2021-01-11},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2021/01/12/operation-spalax-targeted-malware-attacks-colombia/},
language = {English},
urldate = {2021-01-18}
}
Operation Spalax: Targeted malware attacks in Colombia
Agent Tesla AsyncRAT NjRAT Remcos |
2021-01-09 ⋅ Marco Ramilli's Blog ⋅ Marco Ramilli
@online{ramilli:20210109:command:d720b27,
author = {Marco Ramilli},
title = {{Command and Control Traffic Patterns}},
date = {2021-01-09},
organization = {Marco Ramilli's Blog},
url = {https://marcoramilli.com/2021/01/09/c2-traffic-patterns-personal-notes/},
language = {English},
urldate = {2021-05-17}
}
Command and Control Traffic Patterns
ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot |
2021-01-05 ⋅ Sangfor ⋅ Clairvoyance Safety Laboratory
@online{laboratory:20210105:attack:828ee7a,
author = {Clairvoyance Safety Laboratory},
title = {{Attack from Mustang Panda? My rabbit is back!}},
date = {2021-01-05},
organization = {Sangfor},
url = {https://www.4hou.com/posts/VoPM},
language = {Japanese},
urldate = {2021-01-10}
}
Attack from Mustang Panda? My rabbit is back!
NjRAT |
2020-12-21 ⋅ Cisco Talos ⋅ JON MUNSHAW
@online{munshaw:20201221:2020:4a88f84,
author = {JON MUNSHAW},
title = {{2020: The year in malware}},
date = {2020-12-21},
organization = {Cisco Talos},
url = {https://blog.talosintelligence.com/2020/12/2020-year-in-malware.html},
language = {English},
urldate = {2020-12-26}
}
2020: The year in malware
WolfRAT Prometei Poet RAT Agent Tesla Astaroth Ave Maria CRAT Emotet Gozi IndigoDrop JhoneRAT Nanocore RAT NjRAT Oblique RAT SmokeLoader StrongPity WastedLocker Zloader |
2020-12-16 ⋅ CrowdStrike ⋅ David Rojas, Mark Robinson
@online{rojas:20201216:hiding:b5c41f6,
author = {David Rojas and Mark Robinson},
title = {{Hiding in Plain Sight: Remediating “Hidden” Malware with Real Time Response}},
date = {2020-12-16},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/how-to-remediate-hidden-malware-real-time-response/},
language = {English},
urldate = {2021-01-04}
}
Hiding in Plain Sight: Remediating “Hidden” Malware with Real Time Response
Andromeda |
2020-12-10 ⋅ Intel 471 ⋅ Intel 471
@online{471:20201210:no:9fd2ae1,
author = {Intel 471},
title = {{No pandas, just people: The current state of China’s cybercrime underground}},
date = {2020-12-10},
organization = {Intel 471},
url = {https://intel471.com/blog/china-cybercrime-undergrond-deepmix-tea-horse-road-great-firewall/},
language = {English},
urldate = {2020-12-10}
}
No pandas, just people: The current state of China’s cybercrime underground
Anubis SpyNote AsyncRAT Cobalt Strike Ghost RAT NjRAT |
2020-12-09 ⋅ Palo Alto Networks Unit 42 ⋅ Yanhui Jia, Chris Navarrete, Haozhe Zhang
@online{jia:20201209:njrat:f7f3b49,
author = {Yanhui Jia and Chris Navarrete and Haozhe Zhang},
title = {{njRAT Spreading Through Active Pastebin Command and Control Tunnel}},
date = {2020-12-09},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/njrat-pastebin-command-and-control},
language = {English},
urldate = {2020-12-11}
}
njRAT Spreading Through Active Pastebin Command and Control Tunnel
NjRAT |
2020-12-01 ⋅ sonatype ⋅ Ax Sharma
@online{sharma:20201201:theres:9e5f87e,
author = {Ax Sharma},
title = {{There’s a RAT in my code: new npm malware with Bladabindi trojan spotted}},
date = {2020-12-01},
organization = {sonatype},
url = {https://blog.sonatype.com/bladabindi-njrat-rat-in-jdb.js-npm-malware},
language = {English},
urldate = {2020-12-08}
}
There’s a RAT in my code: new npm malware with Bladabindi trojan spotted
NjRAT |
2020-11-09 ⋅ Bleeping Computer ⋅ Ionut Ilascu
@online{ilascu:20201109:fake:c6dd7b3,
author = {Ionut Ilascu},
title = {{Fake Microsoft Teams updates lead to Cobalt Strike deployment}},
date = {2020-11-09},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/fake-microsoft-teams-updates-lead-to-cobalt-strike-deployment/},
language = {English},
urldate = {2020-11-11}
}
Fake Microsoft Teams updates lead to Cobalt Strike deployment
Cobalt Strike DoppelPaymer NjRAT Predator The Thief Zloader |
2020-11-03 ⋅ Kaspersky Labs ⋅ GReAT
@online{great:20201103:trends:febc159,
author = {GReAT},
title = {{APT trends report Q3 2020}},
date = {2020-11-03},
organization = {Kaspersky Labs},
url = {https://securelist.com/apt-trends-report-q3-2020/99204/},
language = {English},
urldate = {2020-11-04}
}
APT trends report Q3 2020
WellMail EVILNUM Janicab Poet RAT AsyncRAT Ave Maria Cobalt Strike Crimson RAT CROSSWALK Dtrack LODEINFO MoriAgent Okrum PlugX poisonplug Rover ShadowPad SoreFang Winnti |
2020-10-26 ⋅ 360 Core Security ⋅ 360
@online{360:20201026:aptc44:a336bf6,
author = {360},
title = {{北非狐(APT-C-44)攻击活动揭露}},
date = {2020-10-26},
organization = {360 Core Security},
url = {https://blogs.360.cn/post/APT-C-44.html},
language = {Chinese},
urldate = {2020-11-09}
}
北非狐(APT-C-44)攻击活动揭露
Xtreme RAT Houdini NjRAT Revenge RAT |
2020-09-21 ⋅ Trend Micro ⋅ Raphael Centeno
@online{centeno:20200921:cybercriminals:0dbaa08,
author = {Raphael Centeno},
title = {{Cybercriminals Distribute Backdoor With VPN Installer}},
date = {2020-09-21},
organization = {Trend Micro},
url = {https://www.trendmicro.com/en_us/research/20/i/wind-up-windscribe-vpn-bundled-with-backdoor.html},
language = {English},
urldate = {2020-09-23}
}
Cybercriminals Distribute Backdoor With VPN Installer
NjRAT |
2020-09-01 ⋅ nviso ⋅ Didier Stevens, Maxime Thiebaut, Dries Boone, Bart Parys, Michel Coene
@online{stevens:20200901:epic:038897f,
author = {Didier Stevens and Maxime Thiebaut and Dries Boone and Bart Parys and Michel Coene},
title = {{Epic Manchego – atypical maldoc delivery brings flurry of infostealers}},
date = {2020-09-01},
organization = {nviso},
url = {https://blog.nviso.eu/2020/09/01/epic-manchego-atypical-maldoc-delivery-brings-flurry-of-infostealers/},
language = {English},
urldate = {2020-09-01}
}
Epic Manchego – atypical maldoc delivery brings flurry of infostealers
Azorult NjRAT |
2020-08-26 ⋅ Kaspersky Labs ⋅ Giampaolo Dedola
@online{dedola:20200826:transparent:b6f0422,
author = {Giampaolo Dedola},
title = {{Transparent Tribe: Evolution analysis, part 2}},
date = {2020-08-26},
organization = {Kaspersky Labs},
url = {https://securelist.com/transparent-tribe-part-2/98233/},
language = {English},
urldate = {2020-08-27}
}
Transparent Tribe: Evolution analysis, part 2
AhMyth Crimson RAT Oblique RAT |
2020-08-25 ⋅ Qianxin ⋅ Qi'anxin Threat Intelligence
@online{intelligence:20200825:apt:0ad132f,
author = {Qi'anxin Threat Intelligence},
title = {{南亚APT组织“透明部落”在移动端上与对手的较量}},
date = {2020-08-25},
organization = {Qianxin},
url = {https://www.secrss.com/articles/24995},
language = {Chinese},
urldate = {2020-08-25}
}
南亚APT组织“透明部落”在移动端上与对手的较量
AhMyth Crimson RAT Oblique RAT |
2020-08-20 ⋅ Kaspersky Labs ⋅ Giampaolo Dedola
@online{dedola:20200820:transparent:b63fac6,
author = {Giampaolo Dedola},
title = {{Transparent Tribe: Evolution analysis, part 1}},
date = {2020-08-20},
organization = {Kaspersky Labs},
url = {https://securelist.com/transparent-tribe-part-1/98127/},
language = {English},
urldate = {2020-08-24}
}
Transparent Tribe: Evolution analysis, part 1
Crimson RAT |
2020-08-19 ⋅ AhnLab ⋅ AhnLab ASEC 분석팀
@online{:20200819:njrat:a8e3234,
author = {AhnLab ASEC 분석팀},
title = {{국내 유명 웹하드를 통해 유포되는 njRAT 악성코드}},
date = {2020-08-19},
organization = {AhnLab},
url = {https://asec.ahnlab.com/1369},
language = {Korean},
urldate = {2020-08-25}
}
국내 유명 웹하드를 통해 유포되는 njRAT 악성코드
NjRAT |
2020-08 ⋅ TG Soft ⋅ TG Soft
@online{soft:202008:tg:88b671c,
author = {TG Soft},
title = {{TG Soft Cyber - Threat Report}},
date = {2020-08},
organization = {TG Soft},
url = {https://www.tgsoft.it/files/report/download.asp?id=7481257469},
language = {Italian},
urldate = {2020-09-15}
}
TG Soft Cyber - Threat Report
DarkComet Darktrack RAT Emotet ISFB |
2020-07-30 ⋅ Spamhaus ⋅ Spamhaus Malware Labs
@techreport{labs:20200730:spamhaus:038546d,
author = {Spamhaus Malware Labs},
title = {{Spamhaus Botnet Threat Update Q2 2020}},
date = {2020-07-30},
institution = {Spamhaus},
url = {https://www.spamhaus.org/news/images/botnet-report-2020-q2/2020-q2-spamhaus-botnet-threat-report.pdf},
language = {English},
urldate = {2020-07-30}
}
Spamhaus Botnet Threat Update Q2 2020
AdWind Agent Tesla Arkei Stealer AsyncRAT Ave Maria Azorult DanaBot Emotet IcedID ISFB KPOT Stealer Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Pony Raccoon RedLine Stealer Remcos Zloader |
2020-07-29 ⋅ ESET Research ⋅ welivesecurity
@techreport{welivesecurity:20200729:threat:496355c,
author = {welivesecurity},
title = {{THREAT REPORT Q2 2020}},
date = {2020-07-29},
institution = {ESET Research},
url = {https://www.welivesecurity.com/wp-content/uploads/2020/07/ESET_Threat_Report_Q22020.pdf},
language = {English},
urldate = {2020-07-30}
}
THREAT REPORT Q2 2020
DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos PlugX Pony REvil Socelars STOP Tinba TrickBot WannaCryptor |
2020-07-17 ⋅ CERT-FR ⋅ CERT-FR
@techreport{certfr:20200717:malware:5c58cdf,
author = {CERT-FR},
title = {{The Malware Dridex: Origins and Uses}},
date = {2020-07-17},
institution = {CERT-FR},
url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-008.pdf},
language = {English},
urldate = {2020-07-20}
}
The Malware Dridex: Origins and Uses
Andromeda CryptoLocker Cutwail DoppelPaymer Dridex Emotet FriedEx Gameover P2P Gandcrab ISFB Murofet Necurs Predator The Thief Zeus |
2020-07-08 ⋅ Seqrite ⋅ Kalpesh Mantri
@online{mantri:20200708:operation:bee5008,
author = {Kalpesh Mantri},
title = {{Operation ‘Honey Trap’: APT36 Targets Defense Organizations in India}},
date = {2020-07-08},
organization = {Seqrite},
url = {https://www.seqrite.com/blog/operation-honey-trap-apt36-targets-defense-organizations-in-india/},
language = {English},
urldate = {2020-07-13}
}
Operation ‘Honey Trap’: APT36 Targets Defense Organizations in India
Crimson RAT |
2020-06-22 ⋅ Anurag
@online{anurag:20200622:njrat:381c066,
author = {Anurag},
title = {{njRat Malware Analysis}},
date = {2020-06-22},
url = {https://malwr-analysis.com/2020/06/21/njrat-malware-analysis/},
language = {English},
urldate = {2020-06-22}
}
njRat Malware Analysis
NjRAT |
2020-05-14 ⋅ SophosLabs ⋅ Markel Picado
@online{picado:20200514:raticate:6334722,
author = {Markel Picado},
title = {{RATicate: an attacker’s waves of information-stealing malware}},
date = {2020-05-14},
organization = {SophosLabs},
url = {https://news.sophos.com/en-us/2020/05/14/raticate/},
language = {English},
urldate = {2020-05-18}
}
RATicate: an attacker’s waves of information-stealing malware
Agent Tesla BetaBot BlackRemote Formbook Loki Password Stealer (PWS) NetWire RC NjRAT Remcos |
2020-03-15 ⋅ The Shadowserver Foundation ⋅ Shadowserver Foundation
@online{foundation:20200315:has:80a92d5,
author = {Shadowserver Foundation},
title = {{Has The Sun Set On The Necurs Botnet?}},
date = {2020-03-15},
organization = {The Shadowserver Foundation},
url = {https://www.shadowserver.org/news/has-the-sun-set-on-the-necurs-botnet/},
language = {English},
urldate = {2020-03-17}
}
Has The Sun Set On The Necurs Botnet?
Andromeda Cutwail Kelihos Necurs Pushdo |
2020-03-03 ⋅ PWC UK ⋅ PWC UK
@techreport{uk:20200303:cyber:1f1eef0,
author = {PWC UK},
title = {{Cyber Threats 2019:A Year in Retrospect}},
date = {2020-03-03},
institution = {PWC UK},
url = {https://www.pwc.co.uk/cyber-security/assets/cyber-threats-2019-retrospect.pdf},
language = {English},
urldate = {2020-03-03}
}
Cyber Threats 2019:A Year in Retrospect
KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA Sea Turtle |
2020-02-21 ⋅ Yoroi ⋅ Luigi Martire, Pietro Melillo, Antonio Pirozzi
@online{martire:20200221:transparent:eb18469,
author = {Luigi Martire and Pietro Melillo and Antonio Pirozzi},
title = {{Transparent Tribe: Four Years Later}},
date = {2020-02-21},
organization = {Yoroi},
url = {https://blog.yoroi.company/research/transparent-tribe-four-years-later},
language = {English},
urldate = {2020-03-06}
}
Transparent Tribe: Four Years Later
Crimson RAT |
2020-01-31 ⋅ ReversingLabs ⋅ Robert Simmons
@online{simmons:20200131:rats:d8a4021,
author = {Robert Simmons},
title = {{RATs in the Library: Remote Access Trojans Hide in Plain "Public" Site}},
date = {2020-01-31},
organization = {ReversingLabs},
url = {https://blog.reversinglabs.com/blog/rats-in-the-library},
language = {English},
urldate = {2020-02-03}
}
RATs in the Library: Remote Access Trojans Hide in Plain "Public" Site
CyberGate LimeRAT NjRAT Quasar RAT Revenge RAT |
2020-01-26 ⋅ Brown Farinholt, Mohammad Rezaeirad, Damon McCoy, Kirill Levchenko
@techreport{farinholt:20200126:dark:9c2f434,
author = {Brown Farinholt and Mohammad Rezaeirad and Damon McCoy and Kirill Levchenko},
title = {{Dark Matter: Uncovering the DarkComet RAT Ecosystem}},
date = {2020-01-26},
institution = {},
url = {https://www.sysnet.ucsd.edu/sysnet/miscpapers/darkmatter-www20.pdf},
language = {English},
urldate = {2020-03-07}
}
Dark Matter: Uncovering the DarkComet RAT Ecosystem
DarkComet |
2020-01 ⋅ Dragos ⋅ Joe Slowik
@techreport{slowik:202001:threat:d891011,
author = {Joe Slowik},
title = {{Threat Intelligence and the Limits of Malware Analysis}},
date = {2020-01},
institution = {Dragos},
url = {https://pylos.co/wp-content/uploads/2020/02/Threat-Intelligence-and-the-Limits-of-Malware-Analysis.pdf},
language = {English},
urldate = {2020-06-10}
}
Threat Intelligence and the Limits of Malware Analysis
Exaramel Exaramel Industroyer Lookback NjRAT PlugX |
2020 ⋅ Secureworks ⋅ SecureWorks
@online{secureworks:2020:copper:e356116,
author = {SecureWorks},
title = {{COPPER FIELDSTONE}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/copper-fieldstone},
language = {English},
urldate = {2020-05-23}
}
COPPER FIELDSTONE
Crimson RAT DarkComet Luminosity RAT NjRAT Operation C-Major |
2020 ⋅ Secureworks ⋅ SecureWorks
@online{secureworks:2020:aluminum:af22ffd,
author = {SecureWorks},
title = {{ALUMINUM SARATOGA}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/aluminum-saratoga},
language = {English},
urldate = {2020-05-23}
}
ALUMINUM SARATOGA
BlackShades DarkComet Xtreme RAT Poison Ivy Quasar RAT Molerats |
2019-12-24 ⋅ Github (itsKindred) ⋅ Derek Kleinhen
@techreport{kleinhen:20191224:bashar:944cfdf,
author = {Derek Kleinhen},
title = {{Bashar Bachir Infection Chain Analysis}},
date = {2019-12-24},
institution = {Github (itsKindred)},
url = {https://github.com/itsKindred/malware-analysis-writeups/blob/master/bashar-bachir-chain/bashar-bachir-analysis.pdf},
language = {English},
urldate = {2020-01-10}
}
Bashar Bachir Infection Chain Analysis
NjRAT |
2019-09-26 ⋅ Proofpoint ⋅ Bryan Campbell, Jeremy Hedges, Proofpoint Threat Insight Team
@online{campbell:20190926:new:d228362,
author = {Bryan Campbell and Jeremy Hedges and Proofpoint Threat Insight Team},
title = {{New WhiteShadow downloader uses Microsoft SQL to retrieve malware}},
date = {2019-09-26},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/threat-insight/post/new-whiteshadow-downloader-uses-microsoft-sql-retrieve-malware},
language = {English},
urldate = {2020-02-26}
}
New WhiteShadow downloader uses Microsoft SQL to retrieve malware
WhiteShadow Agent Tesla Azorult Crimson RAT Formbook Nanocore RAT NetWire RC NjRAT Remcos |
2019-09-23 ⋅ MITRE ⋅ MITRE ATT&CK
@online{attck:20190923:apt41:63b9ff7,
author = {MITRE ATT&CK},
title = {{APT41}},
date = {2019-09-23},
organization = {MITRE},
url = {https://attack.mitre.org/groups/G0096},
language = {English},
urldate = {2022-08-30}
}
APT41
Derusbi MESSAGETAP Winnti ASPXSpy BLACKCOFFEE CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT MimiKatz NjRAT PlugX ShadowPad Winnti ZXShell APT41 |
2019-08-30 ⋅ Github (threatland) ⋅ ThreatLand
@online{threatland:20190830:njrat:995c281,
author = {ThreatLand},
title = {{njRAT builders}},
date = {2019-08-30},
organization = {Github (threatland)},
url = {https://github.com/threatland/TL-TROJAN/tree/master/TL.RAT/RAT.Win.njRAT},
language = {English},
urldate = {2020-01-08}
}
njRAT builders
NjRAT |
2019-08-01 ⋅ Kaspersky Labs ⋅ GReAT
@online{great:20190801:trends:5e25d5b,
author = {GReAT},
title = {{APT trends report Q2 2019}},
date = {2019-08-01},
organization = {Kaspersky Labs},
url = {https://securelist.com/apt-trends-report-q2-2019/91897/},
language = {English},
urldate = {2020-08-13}
}
APT trends report Q2 2019
ZooPark magecart POWERSTATS Chaperone COMpfun EternalPetya FinFisher RAT HawkEye Keylogger HOPLIGHT Microcin NjRAT Olympic Destroyer PLEAD RokRAT Triton Zebrocy |
2019-03-27 ⋅ Symantec ⋅ Critical Attack Discovery and Intelligence Team
@online{team:20190327:elfin:d90a330,
author = {Critical Attack Discovery and Intelligence Team},
title = {{Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.}},
date = {2019-03-27},
organization = {Symantec},
url = {https://symantec-blogs.broadcom.com/blogs/threat-intelligence/elfin-apt33-espionage},
language = {English},
urldate = {2020-04-21}
}
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.
DarkComet MimiKatz Nanocore RAT NetWire RC pupy Quasar RAT Remcos StoneDrill TURNEDUP APT33 |
2019-03-27 ⋅ Symantec ⋅ Security Response Attack Investigation Team
@online{team:20190327:elfin:836cc39,
author = {Security Response Attack Investigation Team},
title = {{Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.}},
date = {2019-03-27},
organization = {Symantec},
url = {https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage},
language = {English},
urldate = {2020-01-06}
}
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.
DarkComet Nanocore RAT pupy Quasar RAT Remcos TURNEDUP APT33 |
2019-03-25 ⋅ 360 Core Security ⋅ zhanghao-ms
@online{zhanghaoms:20190325:patting:92fda17,
author = {zhanghao-ms},
title = {{Patting the Bear (APT-C-37): Exposure of Continued Attacks Against an Armed Organization}},
date = {2019-03-25},
organization = {360 Core Security},
url = {http://blogs.360.cn/post/analysis-of-apt-c-37.html},
language = {Chinese},
urldate = {2020-01-08}
}
Patting the Bear (APT-C-37): Exposure of Continued Attacks Against an Armed Organization
Houdini NjRAT |
2019-03-05 ⋅ Tencent ⋅ Tencent
@online{tencent:20190305:transparenttribe:55798e4,
author = {Tencent},
title = {{TransparentTribe APT organizes 2019 attacks on Indian government and military targets}},
date = {2019-03-05},
organization = {Tencent},
url = {https://s.tencent.com/research/report/669.html},
language = {Chinese},
urldate = {2020-01-08}
}
TransparentTribe APT organizes 2019 attacks on Indian government and military targets
Crimson RAT Unidentified 066 Operation C-Major |
2018-08-02 ⋅ Palo Alto Networks Unit 42 ⋅ Robert Falcone, David Fuertes, Josh Grunzweig, Kyle Wilhoit
@online{falcone:20180802:gorgon:06112b1,
author = {Robert Falcone and David Fuertes and Josh Grunzweig and Kyle Wilhoit},
title = {{The Gorgon Group: Slithering Between Nation State and Cybercrime}},
date = {2018-08-02},
organization = {Palo Alto Networks Unit 42},
url = {https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/},
language = {English},
urldate = {2019-12-20}
}
The Gorgon Group: Slithering Between Nation State and Cybercrime
Loki Password Stealer (PWS) Nanocore RAT NjRAT Quasar RAT Remcos Revenge RAT |
2018-07-23 ⋅ 360 Threat Intelligence ⋅ Qi Anxin Threat Intelligence Center
@online{center:20180723:golden:acfd437,
author = {Qi Anxin Threat Intelligence Center},
title = {{Golden Rat Organization-targeted attack in Syria}},
date = {2018-07-23},
organization = {360 Threat Intelligence},
url = {https://ti.360.net/blog/articles/analysis-of-apt-c-27/},
language = {Chinese},
urldate = {2020-04-28}
}
Golden Rat Organization-targeted attack in Syria
NjRAT APT-C-27 |
2018-07-05 ⋅ National Critical Information Infrastructure Protection Centre ⋅ National Critical Information Infrastructure Protection Centre
@techreport{centre:20180705:nciipc:2796c50,
author = {National Critical Information Infrastructure Protection Centre},
title = {{NCIIPC Newsletter July 2018}},
date = {2018-07-05},
institution = {National Critical Information Infrastructure Protection Centre},
url = {https://nciipc.gov.in/documents/NCIIPC_Newsletter_July18.pdf},
language = {English},
urldate = {2020-01-10}
}
NCIIPC Newsletter July 2018
Operation C-Major |
2018-07 ⋅ Brian Krebs
@online{krebs:201807:luminositylink:1d9ce64,
author = {Brian Krebs},
title = {{‘LuminosityLink RAT’ Author Pleads Guilty}},
date = {2018-07},
url = {https://krebsonsecurity.com/2018/07/luminositylink-rat-author-pleads-guilty/},
language = {English},
urldate = {2019-10-23}
}
‘LuminosityLink RAT’ Author Pleads Guilty
Luminosity RAT |
2018-05-18 ⋅ CrowdStrike ⋅ Adam Meyers
@online{meyers:20180518:meet:79af163,
author = {Adam Meyers},
title = {{Meet CrowdStrike’s Adversary of the Month for May: MYTHIC LEOPARD}},
date = {2018-05-18},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/adversary-of-the-month-for-may/},
language = {English},
urldate = {2019-12-20}
}
Meet CrowdStrike’s Adversary of the Month for May: MYTHIC LEOPARD
Operation C-Major |
2018-05-18 ⋅ Lookout ⋅ Andrew Blaich, Michael Flossman
@online{blaich:20180518:stealth:c96fd9b,
author = {Andrew Blaich and Michael Flossman},
title = {{Stealth Mango and Tangelo: Nation state mobile surveillanceware stealing data from military & government officials}},
date = {2018-05-18},
organization = {Lookout},
url = {https://www.lookout.com/blog/stealth-mango},
language = {English},
urldate = {2022-08-26}
}
Stealth Mango and Tangelo: Nation state mobile surveillanceware stealing data from military & government officials
Stealth Mango Stealth Mango and Tangelo |
2018-05-15 ⋅ Amnesty International ⋅ Amnesty International
@online{international:20180515:pakistan:c41a7ec,
author = {Amnesty International},
title = {{PAKISTAN: HUMAN RIGHTS UNDER SURVEILLANCE}},
date = {2018-05-15},
organization = {Amnesty International},
url = {https://www.amnesty.org/en/documents/asa33/8366/2018/en/},
language = {English},
urldate = {2019-11-28}
}
PAKISTAN: HUMAN RIGHTS UNDER SURVEILLANCE
Operation C-Major |
2018-05-15 ⋅ Amnesty International ⋅ Brave
@techreport{brave:20180515:human:b4396ac,
author = {Brave},
title = {{HUMAN RIGHTS UNDER SURVEILLANCE DIGITAL THREATS AGAINST HUMAN RIGHTS DEFENDERS IN PAKISTAN}},
date = {2018-05-15},
institution = {Amnesty International},
url = {https://www.amnesty.org/download/Documents/ASA3383662018ENGLISH.PDF},
language = {English},
urldate = {2019-12-10}
}
HUMAN RIGHTS UNDER SURVEILLANCE DIGITAL THREATS AGAINST HUMAN RIGHTS DEFENDERS IN PAKISTAN
StealthAgent Crimson RAT |
2018-05-14 ⋅ Lookout ⋅ Lookout
@online{lookout:20180514:stealth:ebcc067,
author = {Lookout},
title = {{Stealth Mango & Tangelo Technical Report}},
date = {2018-05-14},
organization = {Lookout},
url = {https://www.lookout.com/info/stealth-mango-report-ty},
language = {English},
urldate = {2020-01-13}
}
Stealth Mango & Tangelo Technical Report
Stealth Mango |
2018-05 ⋅ FireEye ⋅ Anca Holban
@techreport{holban:201805:mtrends:b30aba2,
author = {Anca Holban},
title = {{M-Trends May 2018: From the field}},
date = {2018-05},
institution = {FireEye},
url = {https://mkd-cirt.mk/wp-content/uploads/2018/08/20181009_3_1_M-Trends2018-May-2018-compressed.pdf},
language = {English},
urldate = {2020-01-06}
}
M-Trends May 2018: From the field
Operation C-Major |
2018-02-08 ⋅ Virus Bulletin ⋅ Bahare Sabouri, He Xu
@online{sabouri:20180208:review:258f981,
author = {Bahare Sabouri and He Xu},
title = {{A review of the evolution of Andromeda over the years before we say goodbye}},
date = {2018-02-08},
organization = {Virus Bulletin},
url = {https://www.virusbulletin.com/virusbulletin/2018/02/review-evolution-andromeda-over-years-we-say-goodbye/},
language = {English},
urldate = {2021-12-01}
}
A review of the evolution of Andromeda over the years before we say goodbye
Andromeda |
2018-02-07 ⋅ Palo Alto Networks Unit 42 ⋅ Simon Conant
@online{conant:20180207:rat:5f1eba8,
author = {Simon Conant},
title = {{RAT Trapped? LuminosityLink Falls Foul of Vermin Eradication Efforts}},
date = {2018-02-07},
organization = {Palo Alto Networks Unit 42},
url = {https://researchcenter.paloaltonetworks.com/2018/02/unit42-rat-trapped-luminositylink-falls-foul-vermin-eradication-efforts/},
language = {English},
urldate = {2019-12-20}
}
RAT Trapped? LuminosityLink Falls Foul of Vermin Eradication Efforts
Luminosity RAT |
2018 ⋅ FireEye ⋅ FireEye
@online{fireeye:2018:apt38:20161b7,
author = {FireEye},
title = {{APT38}},
date = {2018},
organization = {FireEye},
url = {https://content.fireeye.com/apt/rpt-apt38},
language = {English},
urldate = {2020-01-13}
}
APT38
Bitsran BLINDTOAD BOOTWRECK Contopee DarkComet DYEPACK HOTWAX NESTEGG PowerRatankba REDSHAWL WORMHOLE Lazarus Group |
2017-12-04 ⋅ Europol ⋅ Europol
@online{europol:20171204:andromeda:2024e4d,
author = {Europol},
title = {{Andromeda botnet dismantled in international cyber operation}},
date = {2017-12-04},
organization = {Europol},
url = {https://www.europol.europa.eu/newsroom/news/andromeda-botnet-dismantled-in-international-cyber-operation},
language = {English},
urldate = {2020-01-09}
}
Andromeda botnet dismantled in international cyber operation
Andromeda |
2017-12-04 ⋅ Microsoft ⋅ Microsoft Defender ATP Research Team, Microsoft Digital Crimes Unit
@online{team:20171204:microsoft:0cab56d,
author = {Microsoft Defender ATP Research Team and Microsoft Digital Crimes Unit},
title = {{Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda)}},
date = {2017-12-04},
organization = {Microsoft},
url = {https://blogs.technet.microsoft.com/mmpc/2017/12/04/microsoft-teams-up-with-law-enforcement-and-other-partners-to-disrupt-gamarue-andromeda/},
language = {English},
urldate = {2020-01-13}
}
Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda)
Andromeda |
2017-03-13 ⋅ Morphisec ⋅ Roy Moshailov
@online{moshailov:20170313:moving:91556bc,
author = {Roy Moshailov},
title = {{Moving Target Defense Blog}},
date = {2017-03-13},
organization = {Morphisec},
url = {http://blog.morphisec.com/andromeda-tactics-analyzed},
language = {English},
urldate = {2020-01-13}
}
Moving Target Defense Blog
Andromeda |
2017-01-18 ⋅ Cisco ⋅ Andrea Scarfo
@online{scarfo:20170118:finding:d28d23c,
author = {Andrea Scarfo},
title = {{Finding the RAT’s Nest}},
date = {2017-01-18},
organization = {Cisco},
url = {https://umbrella.cisco.com/blog/2017/01/18/finding-the-rats-nest/},
language = {English},
urldate = {2019-11-27}
}
Finding the RAT’s Nest
Luminosity RAT |
2016-11-30 ⋅ Fortinet ⋅ Lilia Elena Gonzalez Medina
@online{medina:20161130:bladabindi:22e025f,
author = {Lilia Elena Gonzalez Medina},
title = {{Bladabindi Remains A Constant Threat By Using Dynamic DNS Services}},
date = {2016-11-30},
organization = {Fortinet},
url = {https://blog.fortinet.com/2016/11/30/bladabindi-remains-a-constant-threat-by-using-dynamic-dns-services},
language = {English},
urldate = {2020-01-09}
}
Bladabindi Remains A Constant Threat By Using Dynamic DNS Services
NjRAT |
2016-10-26 ⋅ Unknown ⋅ Chris Doman
@online{doman:20161026:moonlight:1edffaa,
author = {Chris Doman},
title = {{Moonlight – Targeted attacks in the Middle East}},
date = {2016-10-26},
organization = {Unknown},
url = {https://www.vectra.ai/blogpost/moonlight-middle-east-targeted-attacks},
language = {English},
urldate = {2020-04-06}
}
Moonlight – Targeted attacks in the Middle East
Houdini NjRAT Molerats |
2016-07-30 ⋅ MalwareNailed ⋅ Faisal AM Qureshi
@online{qureshi:20160730:luminosity:705e740,
author = {Faisal AM Qureshi},
title = {{Luminosity RAT - Re-purposed}},
date = {2016-07-30},
organization = {MalwareNailed},
url = {http://malwarenailed.blogspot.com/2016/07/luminosity-rat-re-purposed.html},
language = {English},
urldate = {2020-01-13}
}
Luminosity RAT - Re-purposed
Luminosity RAT |
2016-07-08 ⋅ Palo Alto Networks Unit 42 ⋅ Josh Grunzweig
@online{grunzweig:20160708:investigating:576bb94,
author = {Josh Grunzweig},
title = {{Investigating the LuminosityLink Remote Access Trojan Configuration}},
date = {2016-07-08},
organization = {Palo Alto Networks Unit 42},
url = {https://researchcenter.paloaltonetworks.com/2016/07/unit42-investigating-the-luminositylink-remote-access-trojan-configuration/},
language = {English},
urldate = {2019-12-20}
}
Investigating the LuminosityLink Remote Access Trojan Configuration
Luminosity RAT |
2016-06-03 ⋅ FireEye ⋅ Yin Hong Chang, Sudeep Singh
@online{chang:20160603:sends:176f9ab,
author = {Yin Hong Chang and Sudeep Singh},
title = {{APT Group Sends Spear Phishing Emails to Indian Government Officials}},
date = {2016-06-03},
organization = {FireEye},
url = {https://www.fireeye.com/blog/threat-research/2016/06/apt_group_sends_spea.html},
language = {English},
urldate = {2019-12-20}
}
APT Group Sends Spear Phishing Emails to Indian Government Officials
BreachRAT DarkComet Operation C-Major |
2016-04-06 ⋅ Avast ⋅ Threat Intelligence Team
@online{team:20160406:andromeda:4b7f3e6,
author = {Threat Intelligence Team},
title = {{Andromeda under the microscope}},
date = {2016-04-06},
organization = {Avast},
url = {https://blog.avast.com/andromeda-under-the-microscope},
language = {English},
urldate = {2020-01-13}
}
Andromeda under the microscope
Andromeda |
2016-03-25 ⋅ Palo Alto Networks Unit 42 ⋅ Robert Falcone, Simon Conant
@online{falcone:20160325:projectm:afcff3a,
author = {Robert Falcone and Simon Conant},
title = {{ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe}},
date = {2016-03-25},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/unit42-projectm-link-found-between-pakistani-actor-and-operation-transparent-tribe},
language = {English},
urldate = {2020-01-10}
}
ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe
Bozok Operation C-Major |
2016-03-01 ⋅ Proofpoint ⋅ Darien Huss
@techreport{huss:20160301:operation:65330f0,
author = {Darien Huss},
title = {{Operation Transparent Tribe}},
date = {2016-03-01},
institution = {Proofpoint},
url = {https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf},
language = {English},
urldate = {2019-12-02}
}
Operation Transparent Tribe
Andromeda beendoor Bezigate Crimson RAT Luminosity RAT Operation C-Major |
2016-03 ⋅ Trend Micro ⋅ David Sancho, Feike Hacquebord
@techreport{sancho:201603:operation:b3de3b2,
author = {David Sancho and Feike Hacquebord},
title = {{Operation C-Major: Information Theft Campaign Targets Military Personnel in India}},
date = {2016-03},
institution = {Trend Micro},
url = {http://documents.trendmicro.com/assets/pdf/Indian-military-personnel-targeted-by-information-theft-campaign-cmajor.pdf},
language = {English},
urldate = {2020-01-07}
}
Operation C-Major: Information Theft Campaign Targets Military Personnel in India
Operation C-Major |
2016 ⋅ Cysinfo ⋅ Monnappa K A
@online{a:2016:cyber:140f384,
author = {Monnappa K A},
title = {{CYBER ATTACK IMPERSONATING IDENTITY OF INDIAN THINK TANK TO TARGET CENTRAL BUREAU OF INVESTIGATION (CBI) AND POSSIBLY INDIAN ARMY OFFICIALS}},
date = {2016},
organization = {Cysinfo},
url = {https://cysinfo.com/cyber-attack-targeting-cbi-and-possibly-indian-army-officials},
language = {English},
urldate = {2020-01-07}
}
CYBER ATTACK IMPERSONATING IDENTITY OF INDIAN THINK TANK TO TARGET CENTRAL BUREAU OF INVESTIGATION (CBI) AND POSSIBLY INDIAN ARMY OFFICIALS
Operation C-Major |
2015-09-29 ⋅ InfoSec Institute ⋅ Ayoub Faouzi
@online{faouzi:20150929:andromeda:543098f,
author = {Ayoub Faouzi},
title = {{Andromeda Bot Analysis part 2}},
date = {2015-09-29},
organization = {InfoSec Institute},
url = {http://resources.infosecinstitute.com/andromeda-bot-analysis-part-two/},
language = {English},
urldate = {2020-01-07}
}
Andromeda Bot Analysis part 2
Andromeda |
2015-09-29 ⋅ InfoSec Institute ⋅ Ayoub Faouzi
@online{faouzi:20150929:andromeda:06d70c0,
author = {Ayoub Faouzi},
title = {{Andromeda Bot Analysis part 1}},
date = {2015-09-29},
organization = {InfoSec Institute},
url = {http://resources.infosecinstitute.com/andromeda-bot-analysis/},
language = {English},
urldate = {2020-01-13}
}
Andromeda Bot Analysis part 1
Andromeda |
2015-06-25 ⋅ Proofpoint ⋅ Proofpoint Staff
@online{staff:20150625:sundown:53454bc,
author = {Proofpoint Staff},
title = {{Sundown EK Spreads LuminosityLink RAT: Light After Dark}},
date = {2015-06-25},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/threat-insight/post/Light-After-Dark},
language = {English},
urldate = {2019-12-20}
}
Sundown EK Spreads LuminosityLink RAT: Light After Dark
Luminosity RAT |
2015-04-17 ⋅ Eternal Todo ⋅ Jose Miguel Esparza
@online{esparza:20150417:andromedagamarue:2330f4e,
author = {Jose Miguel Esparza},
title = {{Andromeda/Gamarue bot loves JSON too (new versions details)}},
date = {2015-04-17},
organization = {Eternal Todo},
url = {https://eternal-todo.com/blog/andromeda-gamarue-loves-json},
language = {English},
urldate = {2020-01-10}
}
Andromeda/Gamarue bot loves JSON too (new versions details)
Andromeda |
2015-04-15 ⋅ ByteAtlas
@online{byteatlas:20150415:knowledge:0d028a7,
author = {ByteAtlas},
title = {{Knowledge Fragment: Bruteforcing Andromeda Configuration Buffers}},
date = {2015-04-15},
url = {https://byte-atlas.blogspot.ch/2015/04/kf-andromeda-bruteforcing.html},
language = {English},
urldate = {2020-01-07}
}
Knowledge Fragment: Bruteforcing Andromeda Configuration Buffers
Andromeda |
2015-01-22 ⋅ Trend Micro ⋅ Michael Marcos
@online{marcos:20150122:new:1fdb830,
author = {Michael Marcos},
title = {{New RATs Emerge from Leaked Njw0rm Source Code}},
date = {2015-01-22},
organization = {Trend Micro},
url = {http://blog.trendmicro.com/trendlabs-security-intelligence/new-rats-emerge-from-leaked-njw0rm-source-code/},
language = {English},
urldate = {2019-12-17}
}
New RATs Emerge from Leaked Njw0rm Source Code
NjRAT |
2013-10-31 ⋅ FireEye ⋅ Thoufique Haq, Ned Moran
@online{haq:20131031:know:e772ee9,
author = {Thoufique Haq and Ned Moran},
title = {{Know Your Enemy: Tracking A Rapidly Evolving APT Actor}},
date = {2013-10-31},
organization = {FireEye},
url = {https://www.fireeye.com/blog/threat-research/2013/10/know-your-enemy-tracking-a-rapidly-evolving-apt-actor.html},
language = {English},
urldate = {2019-12-20}
}
Know Your Enemy: Tracking A Rapidly Evolving APT Actor
Bozok Poison Ivy TEMPER PANDA |
2013-09-01 ⋅ Eternal Todo ⋅ Jose Miguel Esparza
@online{esparza:20130901:yet:d6bf0b6,
author = {Jose Miguel Esparza},
title = {{Yet another Andromeda / Gamarue analysis}},
date = {2013-09-01},
organization = {Eternal Todo},
url = {https://eternal-todo.com/blog/yet-another-andromeda-gamarue-analysis},
language = {English},
urldate = {2020-01-10}
}
Yet another Andromeda / Gamarue analysis
Andromeda |
2013-08-01 ⋅ Virus Bulletin ⋅ Suweera De Souza
@online{souza:20130801:andromeda:030b7db,
author = {Suweera De Souza},
title = {{Andromeda 2.7 features}},
date = {2013-08-01},
organization = {Virus Bulletin},
url = {https://www.virusbulletin.com/virusbulletin/2013/08/andromeda-2-7-features},
language = {English},
urldate = {2020-01-09}
}
Andromeda 2.7 features
Andromeda |
2013-03-30 ⋅ 0xEBFE Blog about life ⋅ 0xEBFE
@online{0xebfe:20130330:fooled:88d133a,
author = {0xEBFE},
title = {{Fooled by Andromeda}},
date = {2013-03-30},
organization = {0xEBFE Blog about life},
url = {http://www.0xebfe.net/blog/2013/03/30/fooled-by-andromeda/},
language = {English},
urldate = {2019-07-27}
}
Fooled by Andromeda
Andromeda |
2012-10-05 ⋅ Malwarebytes ⋅ Adam Kujawa
@online{kujawa:20121005:dark:192d4aa,
author = {Adam Kujawa},
title = {{Dark Comet 2: Electric Boogaloo}},
date = {2012-10-05},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-analysis/2012/10/dark-comet-2-electric-boogaloo/},
language = {English},
urldate = {2019-12-20}
}
Dark Comet 2: Electric Boogaloo
DarkComet |
2012-06-21 ⋅ Contagio Dump ⋅ Mila Parkour
@online{parkour:20120621:rat:2186087,
author = {Mila Parkour},
title = {{RAT samples from Syrian Targeted attacks - Blackshades RAT, XTreme RAT, Dark Comet RAT used by Syrian Electronic Army}},
date = {2012-06-21},
organization = {Contagio Dump},
url = {http://contagiodump.blogspot.com/2012/06/rat-samples-from-syrian-targeted.html},
language = {English},
urldate = {2019-12-20}
}
RAT samples from Syrian Targeted attacks - Blackshades RAT, XTreme RAT, Dark Comet RAT used by Syrian Electronic Army
BlackShades DarkComet Terminator RAT |
2012-06-09 ⋅ Malwarebytes ⋅ Adam Kujawa
@online{kujawa:20120609:you:c8d15e0,
author = {Adam Kujawa},
title = {{You dirty RAT! Part 1: DarkComet}},
date = {2012-06-09},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-analysis/2012/06/you-dirty-rat-part-1-darkcomet/},
language = {English},
urldate = {2019-12-20}
}
You dirty RAT! Part 1: DarkComet
DarkComet |