SYMBOL | COMMON_NAME | aka. SYNONYMS |
Cisco Talos recently identified a large number of ongoing malware distribution campaigns linked to a threat actor we're calling "SWEED," including such notable malware as Formbook, Lokibot and Agent Tesla. Based on our research, SWEED — which has been operating since at least 2017 — primarily targets their victims with stealers and remote access trojans. SWEED remains consistent across most of their campaigns in their use of spear-phishing emails with malicious attachments. While these campaigns have featured a myriad of different types of malicious documents, the actor primarily tries to infect its victims with a packed version of Agent Tesla — an information stealer that's been around since at least 2014. The version of Agent Tesla that SWEED is using differs slightly from what we've seen in the past in the way that it is packed, as well as how it infects the system. In this post, we'll run down each campaign we're able to connect to SWEED, and talk about some of the actor's tactics, techniques and procedures (TTPs).
2024-12-11
⋅
Sublime
⋅
Xloader deep dive: Link-based malware delivery via SharePoint impersonation Xloader Formbook |
2024-12-02
⋅
Medium b.magnezi
⋅
LokiBot Malware Analysis Loki Password Stealer (PWS) |
2024-11-13
⋅
TEHTRIS
⋅
Cracking Formbook malware: Blind deobfuscation and quick response techniques Formbook |
2024-11-07
⋅
Logpoint
⋅
Hiding in Plain Sight: The Subtle Art of Loki Malware’s Obfuscation Loki Password Stealer (PWS) |
2024-10-16
⋅
BitSight
⋅
Exfiltration over Telegram Bots: Skidding Infostealer Logs 404 Keylogger Agent Tesla |
2024-06-15
⋅
Medium b.magnezi
⋅
Malware Analysis FormBook Formbook |
2024-06-06
⋅
Medium b.magnezi
⋅
Agent Tesla Analysis Agent Tesla |
2024-05-14
⋅
Check Point Research
⋅
Foxit PDF “Flawed Design” Exploitation Rafel RAT Agent Tesla AsyncRAT DCRat DONOT Nanocore RAT NjRAT Pony Remcos Venom RAT XWorm |
2024-05-06
⋅
Cyber-Forensics
⋅
Agent Tesla Malware Analysis Agent Tesla |
2024-04-15
⋅
Positive Technologies
⋅
SteganoAmor campaign: TA558 mass-attacking companies and public institutions all around the world LokiBot 404 Keylogger Agent Tesla CloudEyE Formbook Remcos XWorm |
2024-04-02
⋅
Check Point Research
⋅
Agent Tesla Targeting United States & Australia: Revealing the Attackers' Identities Agent Tesla Bignosa |
2024-03-26
⋅
EchoCTI
⋅
Agent Tesla Technical Analysis Report Agent Tesla |
2024-02-28
⋅
Security Intelligence
⋅
X-Force data reveals top spam trends, campaigns and senior superlatives in 2023 404 Keylogger Agent Tesla Black Basta DarkGate Formbook IcedID Loki Password Stealer (PWS) Pikabot QakBot Remcos |
2024-02-16
⋅
Medium b.magnezi
⋅
Malware Analysis — AgentTesla Agent Tesla |
2024-02-06
⋅
Medium osamaellahi
⋅
Unfolding Agent Tesla: The Art of Credentials Harvesting. Agent Tesla |
2024-02-02
⋅
Stairwell
⋅
Proactive response: AnyDesk, any breach Agent Tesla |
2024-01-24
⋅
Medium shaddy43
⋅
Layers of Deception: Analyzing the Complex Stages of XLoader 4.3 Malware Evolution Xloader Formbook |
2024-01-09
⋅
BitSight
⋅
Data Insights on AgentTesla and OriginLogger Victims Agent Tesla OriginLogger |
2024-01-08
⋅
YouTube (Embee Research)
⋅
Javascript Malware Analysis - Decoding an AgentTesla Loader Agent Tesla |
2023-12-20
⋅
ropgadget.com
⋅
The Origin of OriginLogger & Agent Tesla Agent Tesla OriginLogger |
2023-10-12
⋅
Cluster25
⋅
CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations Agent Tesla Crimson RAT Nanocore RAT SmokeLoader |
2023-10-01
⋅
Infinitum IT
⋅
Agent Tesla Technical Analysis Report (Paywall) Agent Tesla |
2023-09-29
⋅
Intrinsec
⋅
Ongoing threats targeting the energy industry Agent Tesla CloudEyE |
2023-08-29
⋅
Viuleeenz
⋅
Agent Tesla - Building an effective decryptor Agent Tesla |
2023-07-12
⋅
Fortinet
⋅
LokiBot Campaign Targets Microsoft Office Document Using Vulnerabilities and Macros Loki Password Stealer (PWS) |
2023-07-06
⋅
kienmanowar Blog
⋅
[QuickNote] Examining Formbook Campaign via Phishing Emails Formbook |
2023-06-30
⋅
Github (itaymigdal)
⋅
Formbook unpacking Formbook |
2023-06-05
⋅
Malware Traffic Analysis
⋅
30 DAYS OF FORMBOOK: DAY 1, MONDAY 2023-06-05 Formbook |
2023-05-07
⋅
Twitter (@embee_research)
⋅
AgentTesla - Full Loader Analysis - Resolving API Hashes Using Conditional Breakpoints Agent Tesla |
2023-04-16
⋅
OALabs
⋅
XORStringsNet Agent Tesla RedLine Stealer |
2023-04-10
⋅
Check Point
⋅
March 2023’s Most Wanted Malware: New Emotet Campaign Bypasses Microsoft Blocks to Distribute Malicious OneNote Files Agent Tesla CloudEyE Emotet Formbook Nanocore RAT NjRAT QakBot Remcos Tofsee |
2023-04-07
⋅
Elastic
⋅
Attack chain leads to XWORM and AGENTTESLA Agent Tesla XWorm |
2023-03-30
⋅
loginsoft
⋅
From Innocence to Malice: The OneNote Malware Campaign Uncovered Agent Tesla AsyncRAT DOUBLEBACK Emotet Formbook IcedID NetWire RC QakBot Quasar RAT RedLine Stealer XWorm |
2023-03-30
⋅
Zscaler
⋅
Technical Analysis of Xloader’s Code Obfuscation in Version 4.3 Formbook |
2023-03-23
⋅
Logpoint
⋅
Emerging Threats: AgentTesla – A Review and Detection Strategies Agent Tesla |
2023-03-16
⋅
Trend Micro
⋅
IPFS: A New Data Frontier or a New Cybercriminal Hideout? Agent Tesla Formbook RedLine Stealer Remcos |
2023-02-28
⋅
ANY.RUN
⋅
XLoader/FormBook: Encryption Analysis and Malware Decryption Formbook |
2023-01-30
⋅
Checkpoint
⋅
Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted Malware Agent Tesla Azorult Buer Cerber Cobalt Strike Emotet Formbook HawkEye Keylogger Loki Password Stealer (PWS) Maze NetWire RC Remcos REvil TrickBot |
2023-01-24
⋅
Trellix
⋅
Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity Andromeda Formbook Houdini Remcos |
2023-01-16
⋅
Difesa & Sicurezza
⋅
Cybercrime, RFQ from Turkey carries AgentTesla and zgRAT Agent Tesla zgRAT |
2022-12-18
⋅
SANS ISC
⋅
Infostealer Malware with Double Extension Agent Tesla |
2022-12-08
⋅
Trustwave
⋅
Trojanized OneNote Document Leads to Formbook Malware Formbook |
2022-11-21
⋅
Malwarebytes
⋅
2022-11-21 Threat Intel Report 404 Keylogger Agent Tesla Formbook Hive Remcos |
2022-11-16
⋅
splunk
⋅
Inside the Mind of a ‘Rat’ - Agent Tesla Detection and Analysis Agent Tesla |
2022-11-09
⋅
Cisco Talos
⋅
Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns Agent Tesla |
2022-10-13
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q3 2022 FluBot Arkei Stealer AsyncRAT Ave Maria BumbleBee Cobalt Strike DCRat Dridex Emotet Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT QakBot RecordBreaker RedLine Stealer Remcos Socelars Tofsee Vjw0rm |
2022-10-05
⋅
Fortinet
⋅
Excel Document Delivers Multiple Malware by Exploiting CVE-2017-11882 – Part II Formbook RedLine Stealer |
2022-09-23
⋅
Kaspersky
⋅
Mass email campaign with a pinch of targeted spam Agent Tesla |
2022-09-19
⋅
Fortinet
⋅
Excel Document Delivers Multiple Malware By Exploiting CVE-2017-11882 – Part I Formbook RedLine Stealer |
2022-09-15
⋅
Sekoia
⋅
PrivateLoader: the loader of the prevalent ruzki PPI service Agent Tesla Coinminer DanaBot DCRat Eternity Stealer Glupteba Mars Stealer NetSupportManager RAT Nymaim Nymaim2 Phoenix Keylogger PrivateLoader Raccoon RedLine Stealer SmokeLoader Socelars STOP Vidar YTStealer |
2022-09-13
⋅
Palo Alto Networks Unit 42
⋅
OriginLogger: A Look at Agent Tesla’s Successor Agent Tesla OriginLogger |
2022-08-29
⋅
⋅
360 netlab
⋅
PureCrypter Loader continues to be active and has spread to more than 10 other families 404 Keylogger Agent Tesla AsyncRAT Formbook RedLine Stealer |
2022-08-29
⋅
360 netlab
⋅
PureCrypter is busy pumping out various malicious malware families Agent Tesla PureCrypter RedLine Stealer |
2022-08-17
⋅
Secureworks
⋅
DarkTortilla Malware Analysis Agent Tesla AsyncRAT Cobalt Strike DarkTortilla Nanocore RAT RedLine Stealer |
2022-08-08
⋅
Medium CSIS Techblog
⋅
An inside view of domain anonymization as-a-service — the BraZZZerSFF infrastructure Riltok magecart Anubis Azorult BetaBot Buer CoalaBot CryptBot DiamondFox DreamBot GCleaner ISFB Loki Password Stealer (PWS) MedusaLocker MeguminTrojan Nemty PsiX RedLine Stealer SmokeLoader STOP TinyNuke Vidar Zloader |
2022-08-05
⋅
0xIvan
⋅
LokiBot Analysis Loki Password Stealer (PWS) |
2022-08-04
⋅
ConnectWise
⋅
Formbook and Remcos Backdoor RAT by ConnectWise CRU Formbook Remcos |
2022-07-30
⋅
Malware AV evasion - part 8. Encode payload via Z85 Agent Tesla Carbanak Carberp Cardinal RAT Cobalt Strike donut_injector |
2022-07-25
⋅
⋅
Cert-UA
⋅
Mass distribution of desktops (Formbook, Snake Keylogger) and use of Malware RelicRace/RelicSource as a means of delivery (CERT-UA#5056) 404 Keylogger Formbook RelicRace |
2022-07-20
⋅
⋅
Cert-UA
⋅
Cyberattack on State Organizations of Ukraine using the topic OK "South" and the malicious program AgentTesla (CERT-UA#4987) Agent Tesla |
2022-07-12
⋅
Cyren
⋅
Example Analysis of Multi-Component Malware Emotet Formbook |
2022-07-12
⋅
Team Cymru
⋅
An Analysis of Infrastructure linked to the Hagga Threat Actor Agent Tesla |
2022-07-01
⋅
cyble
⋅
Xloader Returns With New Infection Technique Formbook |
2022-06-30
⋅
CYBER GEEKS All Things Infosec
⋅
How to Expose a Potential Cybercriminal due to Misconfigurations Loki Password Stealer (PWS) |
2022-06-30
⋅
Cyber Geeks (CyberMasterV)
⋅
How to Expose a Potential Cybercriminal due to Misconfigurations Loki Password Stealer (PWS) |
2022-05-19
⋅
Blackberry
⋅
.NET Stubs: Sowing the Seeds of Discord Agent Tesla Quasar RAT WhisperGate |
2022-05-19
⋅
Blackberry
⋅
.NET Stubs: Sowing the Seeds of Discord (PureCrypter) Aberebot AbstractEmu AdoBot 404 Keylogger Agent Tesla Amadey AsyncRAT Ave Maria BitRAT BluStealer Formbook LimeRAT Loki Password Stealer (PWS) Nanocore RAT Orcus RAT Quasar RAT Raccoon RedLine Stealer WhisperGate |
2022-05-12
⋅
Palo Alto Networks Unit 42
⋅
Harmful Help: Analyzing a Malicious Compiled HTML Help File Delivering Agent Tesla Agent Tesla |
2022-05-05
⋅
Malwarebytes Labs
⋅
Nigerian Tesla: 419 scammer gone malware distributor unmasked Agent Tesla |
2022-04-20
⋅
cocomelonc
⋅
Malware development: persistence - part 1. Registry run keys. C++ example. Agent Tesla Amadey BlackEnergy Cobian RAT COZYDUKE Emotet Empire Downloader Kimsuky |
2022-04-17
⋅
Malcat
⋅
Reversing a NSIS dropper using quick and dirty shellcode emulation Loki Password Stealer (PWS) |
2022-04-15
⋅
Center for Internet Security
⋅
Top 10 Malware March 2022 Mirai Shlayer Agent Tesla Ghost RAT Nanocore RAT SectopRAT solarmarker Zeus |
2022-04-12
⋅
Check Point
⋅
March 2022’s Most Wanted Malware: Easter Phishing Scams Help Emotet Assert its Dominance Alien FluBot Agent Tesla Emotet |
2022-03-31
⋅
APNIC
⋅
How to: Detect and prevent common data exfiltration attacks Agent Tesla DNSMessenger PingBack Rising Sun |
2022-03-26
⋅
forensicitguy
⋅
An AgentTesla Sample Using VBA Macros and Certutil Agent Tesla |
2022-03-25
⋅
GOV.UA
⋅
Who is behind the Cyberattacks on Ukraine's Critical Information Infrastructure: Statistics for March 15-22 Xloader Agent Tesla CaddyWiper Cobalt Strike DoubleZero GraphSteel GrimPlant HeaderTip HermeticWiper IsaacWiper MicroBackdoor Pandora RAT |
2022-03-11
⋅
Netskope
⋅
New Formbook Campaign Delivered Through Phishing Emails Formbook |
2022-03-07
⋅
Fortinet
⋅
Fake Purchase Order Used to Deliver Agent Tesla Agent Tesla |
2022-03-07
⋅
⋅
LAC WATCH
⋅
I CAN'T HEAR YOU NOW! INTERNAL BEHAVIOR OF INFORMATION-STEALING MALWARE AND JSOC DETECTION TRENDS Xloader Agent Tesla Formbook Loki Password Stealer (PWS) |
2022-03-04
⋅
Bitdefender
⋅
Bitdefender Labs Sees Increased Malicious and Scam Activity Exploiting the War in Ukraine Agent Tesla Remcos |
2022-03-04
⋅
Bleeping Computer
⋅
Russia-Ukraine war exploited as lure for malware distribution Agent Tesla Remcos |
2022-02-28
⋅
AhnLab
⋅
Change in Distribution Method of Malware Disguised as Estimate (VBS Script) Formbook |
2022-02-23
⋅
⋅
Weixin
⋅
APT-C-58 (Gorgon Group) attack warning Agent Tesla |
2022-02-11
⋅
forensicitguy
⋅
XLoader/Formbook Distributed by Encrypted VelvetSweatshop Spreadsheets Formbook |
2022-02-11
⋅
Cisco Talos
⋅
Threat Roundup for February 4 to February 11 DarkComet Ghost RAT Loki Password Stealer (PWS) Tinba Tofsee Zeus |
2022-02-06
⋅
forensicitguy
⋅
AgentTesla From RTF Exploitation to .NET Tradecraft Agent Tesla |
2022-02-02
⋅
Qualys
⋅
Catching the RAT called Agent Tesla Agent Tesla |
2022-01-28
⋅
Atomic Matryoshka
⋅
Malware Headliners: LokiBot Loki Password Stealer (PWS) |
2022-01-25
⋅
Palo Alto Networks Unit 42
⋅
Weaponization of Excel Add-Ins Part 1: Malicious XLL Files and Agent Tesla Case Studies Agent Tesla |
2022-01-24
⋅
Netskope
⋅
Infected PowerPoint Files Using Cloud Services to Deliver Multiple Malware Agent Tesla |
2022-01-24
⋅
Proofpoint
⋅
DTPacker – a .NET Packer with a Curious Password Agent Tesla TA2536 |
2022-01-21
⋅
Zscaler
⋅
Analysis of Xloader’s C2 Network Encryption Xloader Formbook |
2022-01-21
⋅
MalGamy
⋅
Deep Analysis Agent Tesla Malware Agent Tesla |
2022-01-18
⋅
Elastic
⋅
FORMBOOK Adopts CAB-less Approach Formbook |
2022-01-12
⋅
Malware Analysis - AgentTesla v3 Agent Tesla |
2022-01-12
⋅
2021 Gorgon Group APT Operation Agent Tesla |
2022-01-12
⋅
Deep analysis agent tesla malware Agent Tesla |
2022-01-03
⋅
forensicitguy
⋅
A Tale of Two Dropper Scripts for Agent Tesla Agent Tesla |
2021-12-31
⋅
InfoSec Handlers Diary Blog
⋅
Do you want your Agent Tesla in the 300 MB or 8 kB package? Agent Tesla |
2021-12-30
⋅
InfoSec Handlers Diary Blog
⋅
Agent Tesla Updates SMTP Data Exfiltration Technique Agent Tesla |
2021-12-20
⋅
InfoSec Handlers Diary Blog
⋅
PowerPoint attachments, Agent Tesla and code reuse in malware Agent Tesla |
2021-12-17
⋅
Yoroi
⋅
Serverless InfoStealer delivered in Est European Countries Agent Tesla |
2021-12-08
⋅
YouTube ( DuMp-GuY TrIcKsTeR)
⋅
Full malware analysis Work-Flow of AgentTesla Malware Agent Tesla |
2021-12-06
⋅
MalwareBookReports
⋅
AGENT TESLAGGAH Agent Tesla |
2021-12-02
⋅
⋅
AhnLab
⋅
Spreading AgentTesla through more sophisticated malicious PPT Agent Tesla |
2021-11-23
⋅
HP
⋅
RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild AdWind Ratty STRRAT CloudEyE Formbook Houdini Panda Stealer Remcos |
2021-11-22
⋅
YouTube ( DuMp-GuY TrIcKsTeR)
⋅
Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part1] Agent Tesla |
2021-11-22
⋅
YouTube ( DuMp-GuY TrIcKsTeR)
⋅
Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part2] Agent Tesla |
2021-11-17
⋅
Infoblox
⋅
Deep Analysis of a Recent Lokibot Attack Loki Password Stealer (PWS) |
2021-11-16
⋅
Yoroi
⋅
Office Documents: May the XLL technique change the threat Landscape in 2022? Agent Tesla Dridex Formbook |
2021-11-12
⋅
Living Code
⋅
AgentTesla dropped via NSIS installer Agent Tesla |
2021-11-02
⋅
InQuest
⋅
Adults Only Malware Lures Agent Tesla |
2021-10-06
⋅
zimperium
⋅
Malware Distribution with Mana Tools Agent Tesla Azorult |
2021-09-30
⋅
Blackberry
⋅
Threat Thursday: xLoader Infostealer Xloader Formbook |
2021-09-29
⋅
Trend Micro
⋅
FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal Formbook |
2021-09-15
⋅
Telsy
⋅
REMCOS and Agent Tesla loaded into memory with Rezer0 loader Agent Tesla Remcos |
2021-09-08
⋅
Juniper
⋅
Aggah Malware Campaign Expands to Zendesk and GitHub to Host Its Malware Agent Tesla |
2021-09-06
⋅
cocomelonc
⋅
AV engines evasion for C++ simple malware: part 2 Agent Tesla Amadey Anchor AnchorMTea Carbanak Carberp Cardinal RAT Felixroot Konni Loki Password Stealer (PWS) Maze |
2021-08-25
⋅
Trend Micro
⋅
New Campaign Sees LokiBot Delivered Via Multiple Methods Loki Password Stealer (PWS) |
2021-08-23
⋅
YouTube ( DuMp-GuY TrIcKsTeR)
⋅
[2] Lokibot analyzing - spoofing GULoader and LokiBot C2 [part2] - INetSim + BurpSuite CloudEyE Loki Password Stealer (PWS) |
2021-08-16
⋅
Malcat
⋅
Statically unpacking a simple .NET dropper Loki Password Stealer (PWS) |
2021-07-28
⋅
RiskIQ
⋅
Use of XAMPP Web Component to Identify Agent Tesla Infrastructure Agent Tesla |
2021-07-24
⋅
InfoSec Handlers Diary Blog
⋅
Agent.Tesla Dropped via a .daa Image and Talking to Telegram Agent Tesla |
2021-07-21
⋅
Quick Heal
⋅
FormBook Malware Returns: New Variant Uses Steganography and In-Memory Loading of multiple stages to steal data Formbook |
2021-07-12
⋅
IBM
⋅
RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation 404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos |
2021-07-12
⋅
Cipher Tech Solutions
⋅
RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation 404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos |
2021-07-07
⋅
YouTube ( DuMp-GuY TrIcKsTeR)
⋅
[2] Lokibot analyzing - spoofing GULoader and LokiBot C2 [part1] - Own implementation in Python CloudEyE Loki Password Stealer (PWS) |
2021-07-06
⋅
YouTube ( DuMp-GuY TrIcKsTeR)
⋅
[1] Lokibot analyzing - defeating GuLoader with Windbg (Kernel debugging) and Live C2 CloudEyE Loki Password Stealer (PWS) |
2021-06-29
⋅
Yoroi
⋅
The "WayBack” Campaign: a Large Scale Operation Hiding in Plain Sight Agent Tesla Cobian RAT Oski Stealer |
2021-06-24
⋅
Blackberry
⋅
Threat Thursday: Agent Tesla Infostealer Agent Tesla |
2021-06-24
⋅
Trustwave
⋅
Yet Another Archive Format Smuggling Malware Agent Tesla |
2021-06-11
⋅
⋅
NSFOCUS
⋅
Nigerian Hacker Organization SWEED is Distributing Phishing Documents Targeting the Logistics Industry Agent Tesla |
2021-06-08
⋅
LOKIBOT - A commodity malware Loki Password Stealer (PWS) |
2021-06-04
⋅
Fortinet
⋅
Phishing Malware Hijacks Bitcoin Addresses and Delivers New Agent Tesla Variant Agent Tesla |
2021-06-02
⋅
Sophos
⋅
AMSI bypasses remain tricks of the malware trade Agent Tesla Cobalt Strike Meterpreter |
2021-05-18
⋅
Youtube (AhmedS Kasmani)
⋅
Malware Analysis: Agent Tesla Part 1/2 Extraction of final payload from dropper. Agent Tesla |
2021-05-11
⋅
VMRay
⋅
Threat Bulletin: Exploring the Differences and Similarities of Agent Tesla v2 & v3 Agent Tesla |
2021-05-11
⋅
Twitter (@MsftSecIntel)
⋅
Tweet on Snip3 crypter delivering AsyncRAT or AgentTesla Agent Tesla AsyncRAT |
2021-05-07
⋅
Morphisec
⋅
Revealing the ‘Snip3’ Crypter, a Highly Evasive RAT Loader Agent Tesla AsyncRAT NetWire RC Revenge RAT |
2021-05-05
⋅
Zscaler
⋅
Catching RATs Over Custom Protocols Analysis of top non-HTTP/S threats Agent Tesla AsyncRAT Crimson RAT CyberGate Ghost RAT Nanocore RAT NetWire RC NjRAT Quasar RAT Remcos |
2021-04-22
⋅
Fortinet
⋅
Deep Analysis: FormBook New Variant Delivered in Phishing Campaign – Part II Formbook |
2021-04-21
⋅
SophosLabs Uncut
⋅
Nearly half of malware now use TLS to conceal communications Agent Tesla Cobalt Strike Dridex SystemBC |
2021-04-12
⋅
Fortinet
⋅
Deep Analysis: New FormBook Variant Delivered in Phishing Campaign – Part I Formbook |
2021-04-06
⋅
InfoSec Handlers Diary Blog
⋅
Malspam with Lokibot vs. Outlook and RFCs Loki Password Stealer (PWS) |
2021-04-04
⋅
menshaway blogspot
⋅
Technical report of AgentTesla Agent Tesla |
2021-03-17
⋅
HP
⋅
Threat Insights Report Q4-2020 Agent Tesla BitRAT ComodoSec Dridex Emotet Ficker Stealer Formbook Zloader |
2021-03-11
⋅
YouTube ( Malware_Analyzing_&_RE_Tips_Tricks)
⋅
Formbook Reversing - Part1 [Formbook .NET loader/injector analyzing, decrypting, unpacking, patching] Formbook |
2021-02-28
⋅
PWC UK
⋅
Cyber Threats 2020: A Year in Retrospect elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team |
2021-02-25
⋅
Minerva
⋅
Preventing AgentTelsa Infiltration Agent Tesla |
2021-02-12
⋅
InfoSec Handlers Diary Blog
⋅
AgentTesla Dropped Through Automatic Click in Microsoft Help File Agent Tesla |
2021-02-12
⋅
Trustwave
⋅
The Many Roads Leading To Agent Tesla Agent Tesla |
2021-02-11
⋅
InfoSec Handlers Diary Blog
⋅
Agent Tesla hidden in a historical anti-malware tool Agent Tesla |
2021-01-21
⋅
DENEXUS
⋅
Spear Phishing Targeting ICS Supply Chain - Analysis Agent Tesla |
2021-01-11
⋅
ESET Research
⋅
Operation Spalax: Targeted malware attacks in Colombia Agent Tesla AsyncRAT NjRAT Remcos |
2021-01-09
⋅
Marco Ramilli's Blog
⋅
Command and Control Traffic Patterns ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot |
2021-01-06
⋅
Talos
⋅
A Deep Dive into Lokibot Infection Chain Loki Password Stealer (PWS) |
2021-01-01
⋅
Secureworks
⋅
Threat Profile: GOLD GALLEON Agent Tesla HawkEye Keylogger Pony GOLD GALLEON |
2020-12-21
⋅
Cisco Talos
⋅
2020: The year in malware WolfRAT Prometei Poet RAT Agent Tesla Astaroth Ave Maria CRAT Emotet Gozi IndigoDrop JhoneRAT Nanocore RAT NjRAT Oblique RAT SmokeLoader StrongPity WastedLocker Zloader |
2020-12-18
⋅
Trend Micro
⋅
Negasteal Uses Hastebin for Fileless Delivery of Crysis Ransomware Agent Tesla Dharma |
2020-12-15
⋅
Cofense
⋅
Strategic Analysis: Agent Tesla Expands Targeting and Networking Capabilities Agent Tesla |
2020-12-10
⋅
US-CERT
⋅
Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim REvil Ryuk Zeus |
2020-12-07
⋅
Proofpoint
⋅
Commodity .NET Packers use Embedded Images to Hide Payloads Agent Tesla Loki Password Stealer (PWS) Remcos |
2020-12-04
⋅
Inde
⋅
Inside a .NET Stealer: AgentTesla Agent Tesla |
2020-12-03
⋅
Telsy
⋅
When a false flagdoesn’t work: Exploring the digital-crimeunderground at campaign preparation stage Agent Tesla |
2020-11-27
⋅
HP
⋅
Aggah Campaign’s Latest Tactics: Victimology, PowerPoint Dropper and Cryptocurrency Stealer Agent Tesla |
2020-11-19
⋅
SANS ISC InfoSec Forums
⋅
PowerShell Dropper Delivering Formbook Formbook |
2020-11-18
⋅
Sophos
⋅
SOPHOS 2021 THREAT REPORT Navigating cybersecurity in an uncertain world Agent Tesla Dridex TrickBot Zloader |
2020-11-18
⋅
G Data
⋅
Business as usual: Criminal Activities in Times of a Global Pandemic Agent Tesla Nanocore RAT NetWire RC Remcos |
2020-11-05
⋅
tccontre Blog
⋅
Interesting FormBook Crypter - unconventional way to store encrypted data Formbook |
2020-11-05
⋅
Morphisec
⋅
Agent Tesla: A Day in a Life of IR Agent Tesla |
2020-10-16
⋅
Hornetsecurity
⋅
VBA Purging Malspam Campaigns Agent Tesla Formbook |
2020-10-05
⋅
Juniper
⋅
New pastebin-like service used in multiple malware campaigns Agent Tesla LimeRAT RedLine Stealer |
2020-10-01
⋅
SpiderLabs Blog
⋅
Evasive URLs in Spam: Part 2 Loki Password Stealer (PWS) |
2020-09-03
⋅
Medium mariohenkel
⋅
Decrypting AgentTesla strings and config Agent Tesla |
2020-08-27
⋅
MalWatch
⋅
Win.Trojan.AgentTesla - Malware analysis & threat intelligence report Agent Tesla |
2020-08-26
⋅
Lab52
⋅
A twisted malware infection chain Agent Tesla Loki Password Stealer (PWS) |
2020-08-10
⋅
Seqrite
⋅
Gorgon APT targeting MSME sector in India Agent Tesla |
2020-08-10
⋅
SentinelOne
⋅
Agent Tesla | Old RAT Uses New Tricks to Stay on Top Agent Tesla |
2020-07-30
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q2 2020 AdWind Agent Tesla Arkei Stealer AsyncRAT Ave Maria Azorult DanaBot Emotet IcedID ISFB KPOT Stealer Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Pony Raccoon RedLine Stealer Remcos Zloader |
2020-07-29
⋅
ESET Research
⋅
THREAT REPORT Q2 2020 DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos PlugX Pony REvil Socelars STOP Tinba TrickBot WannaCryptor |
2020-07-22
⋅
S2W LAB Inc.
⋅
'FormBook Tracker' unveiled on the Dark Web Formbook |
2020-06-02
⋅
Lastline Labs
⋅
Evolution of Excel 4.0 Macro Weaponization Agent Tesla DanaBot ISFB TrickBot Zloader |
2020-05-31
⋅
Malwarebytes
⋅
Revisiting the NSIS-based crypter Formbook |
2020-05-23
⋅
InfoSec Handlers Diary Blog
⋅
AgentTesla Delivered via a Malicious PowerPoint Add-In Agent Tesla |
2020-05-22
⋅
Yoroi
⋅
Cyber-Criminal espionage Operation insists on Italian Manufacturing Agent Tesla |
2020-05-21
⋅
Malwarebytes
⋅
Cybercrime tactics and techniques Ave Maria Azorult DanaBot Loki Password Stealer (PWS) NetWire RC |
2020-05-14
⋅
SophosLabs
⋅
RATicate: an attacker’s waves of information-stealing malware Agent Tesla BetaBot BlackRemote Formbook Loki Password Stealer (PWS) NetWire RC NjRAT Remcos |
2020-04-28
⋅
Trend Micro
⋅
Loki Info Stealer Propagates through LZH Files Loki Password Stealer (PWS) |
2020-04-16
⋅
Malwarebytes
⋅
New AgentTesla variant steals WiFi credentials Agent Tesla |
2020-04-15
⋅
How Analysing an AgentTesla Could Lead To Attackers Inbox - Part II Agent Tesla |
2020-04-14
⋅
Palo Alto Networks Unit 42
⋅
Malicious Attackers Target Government and Medical Organizations With COVID-19 Themed Phishing Campaigns Agent Tesla EDA2 |
2020-04-13
⋅
How Analysing an AgentTesla Could Lead To Attackers Inbox - Part I Agent Tesla |
2020-04-05
⋅
MalwrAnalysis
⋅
Trojan Agent Tesla – Malware Analysis Agent Tesla |
2020-04-01
⋅
Cisco
⋅
Navigating Cybersecurity During a Pandemic: Latest Malware and Threat Actors Azorult CloudEyE Formbook KPOT Stealer Metamorfo Nanocore RAT NetWire RC TrickBot |
2020-03-31
⋅
Click All the Things! Blog
⋅
LokiBot: Getting Equation Editor Shellcode Loki Password Stealer (PWS) |
2020-03-24
⋅
RiskIQ
⋅
Exploring Agent Tesla Infrastructure Agent Tesla |
2020-03-24
⋅
Avira
⋅
A new technique to analyze FormBook malware infections Formbook |
2020-03-20
⋅
Bitdefender
⋅
5 Times More Coronavirus-themed Malware Reports during March ostap HawkEye Keylogger Koadic Loki Password Stealer (PWS) Nanocore RAT Remcos |
2020-03-18
⋅
Proofpoint
⋅
Coronavirus Threat Landscape Update Agent Tesla Get2 ISFB Remcos |
2020-02-26
⋅
MalwareLab.pl
⋅
(Ab)using bash-fu to analyze recent Aggah sample Agent Tesla |
2020-02-14
⋅
Virus Bulletin
⋅
LokiBot: dissecting the C&C panel deployments Loki Password Stealer (PWS) |
2020-02-06
⋅
Prevailion
⋅
The Triune Threat: MasterMana Returns Azorult Loki Password Stealer (PWS) |
2020-02-02
⋅
Sophos Labs
⋅
Agent Tesla amps up information stealing attacks Agent Tesla |
2020-01-19
⋅
360
⋅
BayWorld event, Cyber Attack Against Foreign Trade Industry Azorult Formbook Nanocore RAT Revenge RAT |
2020-01-01
⋅
Secureworks
⋅
GOLD GALLEON Agent Tesla HawkEye Keylogger Pony Predator The Thief |
2019-12-28
⋅
The Tale of the Pija-Droid Firefinch Loki Password Stealer (PWS) |
2019-12-12
⋅
FireEye
⋅
Cyber Threat Landscape in Japan – Revealing Threat in the Shadow Cerberus TSCookie Cobalt Strike Dtrack Emotet Formbook IcedID Icefog IRONHALO Loki Password Stealer (PWS) PandaBanker PLEAD poisonplug TrickBot BlackTech |
2019-10-28
⋅
Marco Ramilli's Blog
⋅
SWEED Targeting Precision Engineering Companies in Italy Loki Password Stealer (PWS) |
2019-09-26
⋅
Proofpoint
⋅
New WhiteShadow downloader uses Microsoft SQL to retrieve malware WhiteShadow Agent Tesla Azorult Crimson RAT Formbook Nanocore RAT NetWire RC NjRAT Remcos |
2019-08-10
⋅
Check Point
⋅
SELECT code_execution FROM * USING SQLite; Azorult Loki Password Stealer (PWS) Pony |
2019-07-15
⋅
Cisco Talos
⋅
SWEED: Exposing years of Agent Tesla campaigns Agent Tesla Formbook Loki Password Stealer (PWS) SWEED |
2019-06-12
⋅
Cyberbit
⋅
Formbook Research Hints Large Data Theft Attack Brewing Formbook |
2019-05-02
⋅
Usual Suspect RE
⋅
FormBook - Hiding in plain sight Formbook |
2019-04-05
⋅
Trustwave
⋅
Spammed PNG file hides LokiBot Loki Password Stealer (PWS) |
2019-01-01
⋅
Virus Bulletin
⋅
Inside Formbook infostealer Formbook |
2018-12-05
⋅
Botconf
⋅
FORMBOOK In-depth malware analysis Formbook |
2018-12-04
⋅
Malspam pushing Lokibot malware Loki Password Stealer (PWS) |
2018-11-01
⋅
Peerlyst
⋅
How to Analyse FormBook - A New Malware-as-a-Service Formbook |
2018-10-16
⋅
Peerlyst
⋅
How to understand FormBook - A New Malware-as-a-Service Formbook |
2018-08-29
⋅
Kaspersky Labs
⋅
Loki Bot: On a hunt for corporate passwords Loki Password Stealer (PWS) |
2018-08-02
⋅
Palo Alto Networks Unit 42
⋅
The Gorgon Group: Slithering Between Nation State and Cybercrime Loki Password Stealer (PWS) Nanocore RAT NjRAT Quasar RAT Remcos Revenge RAT |
2018-07-06
⋅
Github (d00rt)
⋅
LokiBot Infostealer Jihacked Version Loki Password Stealer (PWS) |
2018-06-22
⋅
InQuest
⋅
FormBook stealer: Data theft made easy Formbook |
2018-06-20
⋅
Cisco Talos
⋅
My Little FormBook Formbook |
2018-04-18
⋅
Secureworks
⋅
GOLD GALLEON: How a Nigerian Cyber Crew Plunders the Shipping Industry Agent Tesla HawkEye Keylogger Pony GOLD GALLEON |
2018-04-05
⋅
Fortinet
⋅
Analysis of New Agent Tesla Spyware Variant Agent Tesla |
2018-03-29
⋅
Stormshield
⋅
In-depth Formbook malware analysis – Obfuscation and process injection Formbook |
2018-01-29
⋅
Vitali Kremez Blog
⋅
Let's Learn: Dissecting FormBook Infostealer Malware: Crypter & "RunLib.dll" Formbook |
2018-01-12
⋅
Stormshield
⋅
Analyzing an Agent Tesla campaign: from a word document to the attacker credentials Agent Tesla |
2017-12-19
⋅
Lastline
⋅
Novel Excel Spreadsheet Attack Launches Password Stealing Malware Loki Bot Loki Password Stealer (PWS) |
2017-10-05
⋅
FireEye
⋅
Significant FormBook Distribution Campaigns Impacting the U.S. and South Korea Formbook |
2017-09-25
⋅
Palo Alto Networks Unit 42
⋅
Analyzing the Various Layers of AgentTesla’s Packing Agent Tesla |
2017-09-20
⋅
NetScout
⋅
The Formidable FormBook Form Grabber Formbook |
2017-06-28
⋅
Fortinet
⋅
In-Depth Analysis of A New Variant of .NET Malware AgentTesla Agent Tesla |
2017-06-22
⋅
SANS Institute Information Security Reading Room
⋅
Loki-Bot: InformationStealer, Keylogger, &More! Loki Password Stealer (PWS) |
2017-05-17
⋅
Fortinet
⋅
New Loki Variant Being Spread via PDF File Loki Password Stealer (PWS) |
2017-05-07
⋅
R3MRUM
⋅
Loki-Bot: Come out, come out, wherever you are! Loki Password Stealer (PWS) |
2017-05-05
⋅
Github (R3MRUM)
⋅
loki-parse Loki Password Stealer (PWS) |
2017-03-23
⋅
Cofense
⋅
Tales from the Trenches: Loki Bot Malware Loki Password Stealer (PWS) |
2017-02-16
⋅
Cysinfo
⋅
Nefarious Macro Malware drops “Loki Bot” to steal sensitive information across GCC countries! Loki Password Stealer (PWS) |
2016-08-01
⋅
Zscaler
⋅
Agent Tesla Keylogger delivered using cybersquatting Agent Tesla |
2016-06-01
⋅
Safety First Blog
⋅
Form Grabber 2016 [Crome,FF,Opera,Thunderbird, Outlook IE Safari] Hack the world Formbook |