Cisco Talos recently identified a large number of ongoing malware distribution campaigns linked to a threat actor we're calling "SWEED," including such notable malware as Formbook, Lokibot and Agent Tesla. Based on our research, SWEED — which has been operating since at least 2017 — primarily targets their victims with stealers and remote access trojans.
SWEED remains consistent across most of their campaigns in their use of spear-phishing emails with malicious attachments. While these campaigns have featured a myriad of different types of malicious documents, the actor primarily tries to infect its victims with a packed version of Agent Tesla — an information stealer that's been around since at least 2014. The version of Agent Tesla that SWEED is using differs slightly from what we've seen in the past in the way that it is packed, as well as how it infects the system. In this post, we'll run down each campaign we're able to connect to SWEED, and talk about some of the actor's tactics, techniques and procedures (TTPs).
2023-07-12 ⋅ Fortinet ⋅ Cara Lin @online{lin:20230712:lokibot:f77d705,
author = {Cara Lin},
title = {{LokiBot Campaign Targets Microsoft Office Document Using Vulnerabilities and Macros}},
date = {2023-07-12},
organization = {Fortinet},
url = {https://www.fortinet.com/blog/threat-research/lokibot-targets-microsoft-office-document-using-vulnerabilities-and-macros},
language = {English},
urldate = {2023-07-19}
}
LokiBot Campaign Targets Microsoft Office Document Using Vulnerabilities and Macros Loki Password Stealer (PWS) |
2023-07-06 ⋅ kienmanowar Blog ⋅ Tran Trung Kien, m4n0w4r @online{kien:20230706:quicknote:20dc1f1,
author = {Tran Trung Kien and m4n0w4r},
title = {{[QuickNote] Examining Formbook Campaign via Phishing Emails}},
date = {2023-07-06},
organization = {kienmanowar Blog},
url = {https://kienmanowar.wordpress.com/2023/07/06/quicknote-examining-formbook-campaign-via-phishing-emails/},
language = {English},
urldate = {2023-07-13}
}
[QuickNote] Examining Formbook Campaign via Phishing Emails Formbook |
2023-06-30 ⋅ Github (itaymigdal) ⋅ Itay Migdal @online{migdal:20230630:formbook:9f7bd1b,
author = {Itay Migdal},
title = {{Formbook unpacking}},
date = {2023-06-30},
organization = {Github (itaymigdal)},
url = {https://github.com/itaymigdal/malware-analysis-writeups/blob/main/FormBook/FormBook.md},
language = {English},
urldate = {2023-07-05}
}
Formbook unpacking Formbook |
2023-06-05 ⋅ Malware Traffic Analysis ⋅ Brad Duncan @online{duncan:20230605:30:f0b7756,
author = {Brad Duncan},
title = {{30 DAYS OF FORMBOOK: DAY 1, MONDAY 2023-06-05}},
date = {2023-06-05},
organization = {Malware Traffic Analysis},
url = {https://www.malware-traffic-analysis.net/2023/06/05/index.html},
language = {English},
urldate = {2023-06-06}
}
30 DAYS OF FORMBOOK: DAY 1, MONDAY 2023-06-05 Formbook |
2023-05-07 ⋅ Twitter (@embee_research) ⋅ Matthew @online{matthew:20230507:agenttesla:65bf8af,
author = {Matthew},
title = {{AgentTesla - Full Loader Analysis - Resolving API Hashes Using Conditional Breakpoints}},
date = {2023-05-07},
organization = {Twitter (@embee_research)},
url = {https://embee-research.ghost.io/agenttesla-full-analysis-api-hashing/},
language = {English},
urldate = {2023-05-08}
}
AgentTesla - Full Loader Analysis - Resolving API Hashes Using Conditional Breakpoints Agent Tesla |
2023-04-16 ⋅ OALabs ⋅ Sergei Frankoff @online{frankoff:20230416:xorstringsnet:79d9991,
author = {Sergei Frankoff},
title = {{XORStringsNet}},
date = {2023-04-16},
organization = {OALabs},
url = {https://research.openanalysis.net/dotnet/xorstringsnet/agenttesla/2023/04/16/xorstringsnet.html},
language = {English},
urldate = {2023-05-02}
}
XORStringsNet Agent Tesla RedLine Stealer |
2023-04-10 ⋅ Check Point ⋅ Check Point @online{point:20230410:march:144c1ad,
author = {Check Point},
title = {{March 2023’s Most Wanted Malware: New Emotet Campaign Bypasses Microsoft Blocks to Distribute Malicious OneNote Files}},
date = {2023-04-10},
organization = {Check Point},
url = {https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/},
language = {English},
urldate = {2023-04-12}
}
March 2023’s Most Wanted Malware: New Emotet Campaign Bypasses Microsoft Blocks to Distribute Malicious OneNote Files Agent Tesla CloudEyE Emotet Formbook Nanocore RAT NjRAT QakBot Remcos Tofsee |
2023-04-07 ⋅ Elastic ⋅ Salim Bitam @online{bitam:20230407:attack:aed6a32,
author = {Salim Bitam},
title = {{Attack chain leads to XWORM and AGENTTESLA}},
date = {2023-04-07},
organization = {Elastic},
url = {https://www.elastic.co/security-labs/attack-chain-leads-to-xworm-and-agenttesla},
language = {English},
urldate = {2023-05-08}
}
Attack chain leads to XWORM and AGENTTESLA Agent Tesla XWorm |
2023-03-30 ⋅ Zscaler ⋅ Javier Vicente, Brett Stone-Gross, Nikolaos Pantazopoulos @online{vicente:20230330:technical:99c71e1,
author = {Javier Vicente and Brett Stone-Gross and Nikolaos Pantazopoulos},
title = {{Technical Analysis of Xloader’s Code Obfuscation in Version 4.3}},
date = {2023-03-30},
organization = {Zscaler},
url = {https://www.zscaler.com/blogs/security-research/technical-analysis-xloaders-code-obfuscation-version-43},
language = {English},
urldate = {2023-09-07}
}
Technical Analysis of Xloader’s Code Obfuscation in Version 4.3 Formbook |
2023-03-30 ⋅ loginsoft ⋅ Saharsh Agrawal @online{agrawal:20230330:from:7b46ae0,
author = {Saharsh Agrawal},
title = {{From Innocence to Malice: The OneNote Malware Campaign Uncovered}},
date = {2023-03-30},
organization = {loginsoft},
url = {https://research.loginsoft.com/threat-research/from-innocence-to-malice-the-onenote-malware-campaign-uncovered/},
language = {English},
urldate = {2023-04-14}
}
From Innocence to Malice: The OneNote Malware Campaign Uncovered Agent Tesla AsyncRAT DOUBLEBACK Emotet Formbook IcedID NetWire RC QakBot Quasar RAT RedLine Stealer XWorm |
2023-03-23 ⋅ Logpoint ⋅ Anish Bogati @online{bogati:20230323:emerging:3b75884,
author = {Anish Bogati},
title = {{Emerging Threats: AgentTesla – A Review and Detection Strategies}},
date = {2023-03-23},
organization = {Logpoint},
url = {https://www.logpoint.com/en/blog/agentteslas-capabilities-review-detection-strategies/},
language = {English},
urldate = {2023-04-12}
}
Emerging Threats: AgentTesla – A Review and Detection Strategies Agent Tesla |
2023-03-16 ⋅ Trend Micro ⋅ Cedric Pernet, Jaromír Hořejší, Loseway Lu @online{pernet:20230316:ipfs:6f479ce,
author = {Cedric Pernet and Jaromír Hořejší and Loseway Lu},
title = {{IPFS: A New Data Frontier or a New Cybercriminal Hideout?}},
date = {2023-03-16},
organization = {Trend Micro},
url = {https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/ipfs-a-new-data-frontier-or-a-new-cybercriminal-hideout},
language = {English},
urldate = {2023-03-20}
}
IPFS: A New Data Frontier or a New Cybercriminal Hideout? Agent Tesla Formbook RedLine Stealer Remcos |
2023-02-28 ⋅ ANY.RUN ⋅ ANY.RUN @online{anyrun:20230228:xloaderformbook:bdcb64a,
author = {ANY.RUN},
title = {{XLoader/FormBook: Encryption Analysis and Malware Decryption}},
date = {2023-02-28},
organization = {ANY.RUN},
url = {https://any.run/cybersecurity-blog/xloader-formbook-encryption-analysis-and-malware-decryption/},
language = {English},
urldate = {2023-09-07}
}
XLoader/FormBook: Encryption Analysis and Malware Decryption Formbook |
2023-01-30 ⋅ Checkpoint ⋅ Arie Olshtein @online{olshtein:20230130:following:e442fcc,
author = {Arie Olshtein},
title = {{Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted Malware}},
date = {2023-01-30},
organization = {Checkpoint},
url = {https://research.checkpoint.com/2023/following-the-scent-of-trickgate-6-year-old-packer-used-to-deploy-the-most-wanted-malware/},
language = {English},
urldate = {2023-01-31}
}
Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted Malware Agent Tesla Azorult Buer Cerber Cobalt Strike Emotet Formbook HawkEye Keylogger Loki Password Stealer (PWS) Maze NetWire RC Remcos REvil TrickBot |
2023-01-24 ⋅ Trellix ⋅ Daksh Kapur, Tomer Shloman, Robert Venal, John Fokker @online{kapur:20230124:cyberattacks:0a05372,
author = {Daksh Kapur and Tomer Shloman and Robert Venal and John Fokker},
title = {{Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity}},
date = {2023-01-24},
organization = {Trellix},
url = {https://www.trellix.com/en-us/about/newsroom/stories/research/cyberattacks-targeting-ukraine-increase.html},
language = {English},
urldate = {2023-01-25}
}
Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity Andromeda Formbook Houdini Remcos |
2023-01-16 ⋅ Difesa & Sicurezza ⋅ Francesco Bussoletti @online{bussoletti:20230116:cybercrime:56e622c,
author = {Francesco Bussoletti},
title = {{Cybercrime, RFQ from Turkey carries AgentTesla and zgRAT}},
date = {2023-01-16},
organization = {Difesa & Sicurezza},
url = {https://www.difesaesicurezza.com/cyber/cybercrime-rfq-dalla-turchia-veicola-agenttesla-e-zgrat/},
language = {English},
urldate = {2023-09-18}
}
Cybercrime, RFQ from Turkey carries AgentTesla and zgRAT Agent Tesla zgRAT |
2022-12-18 ⋅ SANS ISC ⋅ Guy Bruneau @online{bruneau:20221218:infostealer:12fb43f,
author = {Guy Bruneau},
title = {{Infostealer Malware with Double Extension}},
date = {2022-12-18},
organization = {SANS ISC},
url = {https://isc.sans.edu/diary/Infostealer+Malware+with+Double+Extension/29354},
language = {English},
urldate = {2022-12-20}
}
Infostealer Malware with Double Extension Agent Tesla |
2022-12-08 ⋅ Trustwave ⋅ Rodel Mendrez, Phil Hay, Diana Lopera @online{mendrez:20221208:trojanized:bd135b7,
author = {Rodel Mendrez and Phil Hay and Diana Lopera},
title = {{Trojanized OneNote Document Leads to Formbook Malware}},
date = {2022-12-08},
organization = {Trustwave},
url = {https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trojanized-onenote-document-leads-to-formbook-malware/},
language = {English},
urldate = {2022-12-19}
}
Trojanized OneNote Document Leads to Formbook Malware Formbook |
2022-11-21 ⋅ Malwarebytes ⋅ Malwarebytes @techreport{malwarebytes:20221121:20221121:f4c6d35,
author = {Malwarebytes},
title = {{2022-11-21 Threat Intel Report}},
date = {2022-11-21},
institution = {Malwarebytes},
url = {https://www.malwarebytes.com/blog/threat-intelligence/2022/20221121-threat-intel-report-final.pdf},
language = {English},
urldate = {2022-11-25}
}
2022-11-21 Threat Intel Report 404 Keylogger Agent Tesla Formbook Hive Remcos |
2022-11-16 ⋅ splunk ⋅ Splunk Threat Research Team @online{team:20221116:inside:6c4f291,
author = {Splunk Threat Research Team},
title = {{Inside the Mind of a ‘Rat’ - Agent Tesla Detection and Analysis}},
date = {2022-11-16},
organization = {splunk},
url = {https://www.splunk.com/en_us/blog/security/inside-the-mind-of-a-rat-agent-tesla-detection-and-analysis.html},
language = {English},
urldate = {2022-11-28}
}
Inside the Mind of a ‘Rat’ - Agent Tesla Detection and Analysis Agent Tesla |
2022-11-09 ⋅ Cisco Talos ⋅ Edmund Brumaghin @online{brumaghin:20221109:threat:151d926,
author = {Edmund Brumaghin},
title = {{Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns}},
date = {2022-11-09},
organization = {Cisco Talos},
url = {https://blog.talosintelligence.com/ipfs-abuse/},
language = {English},
urldate = {2022-11-11}
}
Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns Agent Tesla |
2022-10-13 ⋅ Spamhaus ⋅ Spamhaus Malware Labs @techreport{labs:20221013:spamhaus:43e3190,
author = {Spamhaus Malware Labs},
title = {{Spamhaus Botnet Threat Update Q3 2022}},
date = {2022-10-13},
institution = {Spamhaus},
url = {https://info.spamhaus.com/hubfs/Botnet%20Reports/2022%20Q3%20Botnet%20Threat%20Update.pdf},
language = {English},
urldate = {2022-12-29}
}
Spamhaus Botnet Threat Update Q3 2022 FluBot Arkei Stealer AsyncRAT Ave Maria BumbleBee Cobalt Strike DCRat Dridex Emotet Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT QakBot RecordBreaker RedLine Stealer Remcos Socelars Tofsee Vjw0rm |
2022-10-05 ⋅ Fortinet ⋅ Xiaopeng Zhang @online{zhang:20221005:excel:ac2668c,
author = {Xiaopeng Zhang},
title = {{Excel Document Delivers Multiple Malware by Exploiting CVE-2017-11882 – Part II}},
date = {2022-10-05},
organization = {Fortinet},
url = {https://www.fortinet.com/blog/threat-research/excel-document-delivers-multiple-malware-exploiting-cve-2017-11882-part-two},
language = {English},
urldate = {2022-11-15}
}
Excel Document Delivers Multiple Malware by Exploiting CVE-2017-11882 – Part II Formbook RedLine Stealer |
2022-09-23 ⋅ Kaspersky ⋅ Roman Dedenok, Artem Ushkov @online{dedenok:20220923:mass:217302e,
author = {Roman Dedenok and Artem Ushkov},
title = {{Mass email campaign with a pinch of targeted spam}},
date = {2022-09-23},
organization = {Kaspersky},
url = {https://securelist.com/agent-tesla-malicious-spam-campaign/107478/},
language = {English},
urldate = {2022-09-27}
}
Mass email campaign with a pinch of targeted spam Agent Tesla |
2022-09-19 ⋅ Fortinet ⋅ Xiaopeng Zhang @online{zhang:20220919:excel:0e222e2,
author = {Xiaopeng Zhang},
title = {{Excel Document Delivers Multiple Malware By Exploiting CVE-2017-11882 – Part I}},
date = {2022-09-19},
organization = {Fortinet},
url = {https://www.fortinet.com/blog/threat-research/excel-document-delivers-malware-by-exploiting-cve-2017-11882},
language = {English},
urldate = {2022-11-15}
}
Excel Document Delivers Multiple Malware By Exploiting CVE-2017-11882 – Part I Formbook RedLine Stealer |
2022-09-15 ⋅ Sekoia ⋅ Threat & Detection Research Team @online{team:20220915:privateloader:d88c7b2,
author = {Threat & Detection Research Team},
title = {{PrivateLoader: the loader of the prevalent ruzki PPI service}},
date = {2022-09-15},
organization = {Sekoia},
url = {https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/},
language = {English},
urldate = {2022-09-19}
}
PrivateLoader: the loader of the prevalent ruzki PPI service Agent Tesla Coinminer DanaBot DCRat Eternity Stealer Glupteba Mars Stealer NetSupportManager RAT Nymaim Nymaim2 Phoenix Keylogger PrivateLoader Raccoon RedLine Stealer SmokeLoader Socelars STOP Vidar YTStealer |
2022-09-13 ⋅ Palo Alto Networks Unit 42 ⋅ Jeff White @online{white:20220913:originlogger:92a4758,
author = {Jeff White},
title = {{OriginLogger: A Look at Agent Tesla’s Successor}},
date = {2022-09-13},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/originlogger/},
language = {English},
urldate = {2022-09-16}
}
OriginLogger: A Look at Agent Tesla’s Successor Agent Tesla OriginLogger |
2022-08-29 ⋅ 360 netlab ⋅ wanghao @online{wanghao:20220829:purecrypter:4d81329,
author = {wanghao},
title = {{PureCrypter Loader continues to be active and has spread to more than 10 other families}},
date = {2022-08-29},
organization = {360 netlab},
url = {https://blog.netlab.360.com/purecrypter},
language = {Chinese},
urldate = {2022-09-06}
}
PureCrypter Loader continues to be active and has spread to more than 10 other families 404 Keylogger Agent Tesla AsyncRAT Formbook RedLine Stealer |
2022-08-17 ⋅ Secureworks ⋅ Counter Threat Unit ResearchTeam @online{researchteam:20220817:darktortilla:9a00612,
author = {Counter Threat Unit ResearchTeam},
title = {{DarkTortilla Malware Analysis}},
date = {2022-08-17},
organization = {Secureworks},
url = {https://www.secureworks.com/research/darktortilla-malware-analysis},
language = {English},
urldate = {2023-01-05}
}
DarkTortilla Malware Analysis Agent Tesla AsyncRAT Cobalt Strike DarkTortilla Nanocore RAT RedLine Stealer |
2022-08-08 ⋅ Medium CSIS Techblog ⋅ Benoît Ancel @online{ancel:20220808:inside:67ef9a0,
author = {Benoît Ancel},
title = {{An inside view of domain anonymization as-a-service — the BraZZZerSFF infrastructure}},
date = {2022-08-08},
organization = {Medium CSIS Techblog},
url = {https://medium.com/csis-techblog/inside-view-of-brazzzersff-infrastructure-89b9188fd145},
language = {English},
urldate = {2022-08-28}
}
An inside view of domain anonymization as-a-service — the BraZZZerSFF infrastructure Riltok magecart Anubis Azorult BetaBot Buer CoalaBot CryptBot DiamondFox DreamBot GCleaner ISFB Loki Password Stealer (PWS) MedusaLocker MeguminTrojan Nemty PsiX RedLine Stealer SmokeLoader STOP TinyNuke Vidar Zloader |
2022-08-05 ⋅ 0xIvan ⋅ Twitter (@viljoenivan) @online{viljoenivan:20220805:lokibot:bb5fd5d,
author = {Twitter (@viljoenivan)},
title = {{LokiBot Analysis}},
date = {2022-08-05},
organization = {0xIvan},
url = {https://ivanvza.github.io/posts/lokibot_analysis},
language = {English},
urldate = {2022-08-17}
}
LokiBot Analysis Loki Password Stealer (PWS) |
2022-08-04 ⋅ ConnectWise ⋅ Stu Gonzalez @online{gonzalez:20220804:formbook:f3addb8,
author = {Stu Gonzalez},
title = {{Formbook and Remcos Backdoor RAT by ConnectWise CRU}},
date = {2022-08-04},
organization = {ConnectWise},
url = {https://www.connectwise.com/resources/formbook-remcos-rat},
language = {English},
urldate = {2022-08-08}
}
Formbook and Remcos Backdoor RAT by ConnectWise CRU Formbook Remcos |
2022-07-30 ⋅ cocomelonc @online{cocomelonc:20220730:malware:0f84be1,
author = {cocomelonc},
title = {{Malware AV evasion - part 8. Encode payload via Z85}},
date = {2022-07-30},
url = {https://cocomelonc.github.io/malware/2022/07/30/malware-av-evasion-8.html},
language = {English},
urldate = {2022-12-01}
}
Malware AV evasion - part 8. Encode payload via Z85 Agent Tesla Carbanak Carberp Cardinal RAT Cobalt Strike donut_injector |
2022-07-25 ⋅ Cert-UA ⋅ Cert-UA @online{certua:20220725:mass:92104f0,
author = {Cert-UA},
title = {{Mass distribution of desktops (Formbook, Snake Keylogger) and use of Malware RelicRace/RelicSource as a means of delivery (CERT-UA#5056)}},
date = {2022-07-25},
organization = {Cert-UA},
url = {https://cert.gov.ua/article/955924},
language = {Ukrainian},
urldate = {2022-07-28}
}
Mass distribution of desktops (Formbook, Snake Keylogger) and use of Malware RelicRace/RelicSource as a means of delivery (CERT-UA#5056) 404 Keylogger Formbook RelicRace |
2022-07-20 ⋅ Cert-UA ⋅ Cert-UA @online{certua:20220720:cyberattack:3450ba8,
author = {Cert-UA},
title = {{Cyberattack on State Organizations of Ukraine using the topic OK "South" and the malicious program AgentTesla (CERT-UA#4987)}},
date = {2022-07-20},
organization = {Cert-UA},
url = {https://cert.gov.ua/article/861292},
language = {Ukrainian},
urldate = {2022-07-25}
}
Cyberattack on State Organizations of Ukraine using the topic OK "South" and the malicious program AgentTesla (CERT-UA#4987) Agent Tesla |
2022-07-12 ⋅ Team Cymru ⋅ Kyle Krejci @online{krejci:20220712:analysis:de83dd7,
author = {Kyle Krejci},
title = {{An Analysis of Infrastructure linked to the Hagga Threat Actor}},
date = {2022-07-12},
organization = {Team Cymru},
url = {https://team-cymru.com/blog/2022/07/12/an-analysis-of-infrastructure-linked-to-the-hagga-threat-actor},
language = {English},
urldate = {2022-07-15}
}
An Analysis of Infrastructure linked to the Hagga Threat Actor Agent Tesla |
2022-07-12 ⋅ Cyren ⋅ Kervin Alintanahin @online{alintanahin:20220712:example:ae62e81,
author = {Kervin Alintanahin},
title = {{Example Analysis of Multi-Component Malware}},
date = {2022-07-12},
organization = {Cyren},
url = {https://www.cyren.com/blog/articles/example-analysis-of-multi-component-malware},
language = {English},
urldate = {2022-07-18}
}
Example Analysis of Multi-Component Malware Emotet Formbook |
2022-07-01 ⋅ cyble ⋅ Cyble @online{cyble:20220701:xloader:dd3b118,
author = {Cyble},
title = {{Xloader Returns With New Infection Technique}},
date = {2022-07-01},
organization = {cyble},
url = {https://blog.cyble.com/2022/07/01/xloader-returns-with-new-infection-technique/},
language = {English},
urldate = {2022-07-01}
}
Xloader Returns With New Infection Technique Formbook |
2022-06-30 ⋅ Cyber Geeks (CyberMasterV) ⋅ Vlad Pasca @online{pasca:20220630:how:78e5c24,
author = {Vlad Pasca},
title = {{How to Expose a Potential Cybercriminal due to Misconfigurations}},
date = {2022-06-30},
organization = {Cyber Geeks (CyberMasterV)},
url = {https://cybergeeks.tech/how-to-expose-a-potential-cybercriminal-due-to-misconfigurations/},
language = {English},
urldate = {2022-07-05}
}
How to Expose a Potential Cybercriminal due to Misconfigurations Loki Password Stealer (PWS) |
2022-06-30 ⋅ CYBER GEEKS All Things Infosec ⋅ CyberMasterV @online{cybermasterv:20220630:how:035d973,
author = {CyberMasterV},
title = {{How to Expose a Potential Cybercriminal due to Misconfigurations}},
date = {2022-06-30},
organization = {CYBER GEEKS All Things Infosec},
url = {https://cybergeeks.tech/how-to-expose-a-potential-cybercriminal-due-to-misconfigurations},
language = {English},
urldate = {2022-08-31}
}
How to Expose a Potential Cybercriminal due to Misconfigurations Loki Password Stealer (PWS) |
2022-05-19 ⋅ Blackberry ⋅ The BlackBerry Research & Intelligence Team @online{team:20220519:net:ecf311c,
author = {The BlackBerry Research & Intelligence Team},
title = {{.NET Stubs: Sowing the Seeds of Discord (PureCrypter)}},
date = {2022-05-19},
organization = {Blackberry},
url = {https://blogs.blackberry.com/en/2022/05/dot-net-stubs-sowing-the-seeds-of-discord},
language = {English},
urldate = {2022-06-09}
}
.NET Stubs: Sowing the Seeds of Discord (PureCrypter) Aberebot AbstractEmu AdoBot 404 Keylogger Agent Tesla Amadey AsyncRAT Ave Maria BitRAT BluStealer Formbook LimeRAT Loki Password Stealer (PWS) Nanocore RAT Orcus RAT Quasar RAT Raccoon RedLine Stealer WhisperGate |
2022-05-19 ⋅ Blackberry ⋅ The BlackBerry Research & Intelligence Team @online{team:20220519:net:64662b5,
author = {The BlackBerry Research & Intelligence Team},
title = {{.NET Stubs: Sowing the Seeds of Discord}},
date = {2022-05-19},
organization = {Blackberry},
url = {https://blogs.blackberry.com/en/2022/05/dot-net-stubs-sowing-the-seeds-of-discord?},
language = {English},
urldate = {2022-05-23}
}
.NET Stubs: Sowing the Seeds of Discord Agent Tesla Quasar RAT WhisperGate |
2022-05-12 ⋅ Palo Alto Networks Unit 42 ⋅ Tyler Halfpop @online{halfpop:20220512:harmful:163b756,
author = {Tyler Halfpop},
title = {{Harmful Help: Analyzing a Malicious Compiled HTML Help File Delivering Agent Tesla}},
date = {2022-05-12},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/malicious-compiled-html-help-file-agent-tesla/},
language = {English},
urldate = {2022-05-17}
}
Harmful Help: Analyzing a Malicious Compiled HTML Help File Delivering Agent Tesla Agent Tesla |
2022-05-05 ⋅ Malwarebytes Labs ⋅ Threat Intelligence Team @online{team:20220505:nigerian:4c047d9,
author = {Threat Intelligence Team},
title = {{Nigerian Tesla: 419 scammer gone malware distributor unmasked}},
date = {2022-05-05},
organization = {Malwarebytes Labs},
url = {https://blog.malwarebytes.com/threat-intelligence/2022/05/nigerian-tesla-419-scammer-gone-malware-distributor-unmasked/},
language = {English},
urldate = {2022-05-08}
}
Nigerian Tesla: 419 scammer gone malware distributor unmasked Agent Tesla |
2022-04-20 ⋅ cocomelonc ⋅ cocomelonc @online{cocomelonc:20220420:malware:b20963e,
author = {cocomelonc},
title = {{Malware development: persistence - part 1. Registry run keys. C++ example.}},
date = {2022-04-20},
organization = {cocomelonc},
url = {https://cocomelonc.github.io/tutorial/2022/04/20/malware-pers-1.html},
language = {English},
urldate = {2022-12-01}
}
Malware development: persistence - part 1. Registry run keys. C++ example. Agent Tesla Amadey BlackEnergy Cobian RAT COZYDUKE Emotet Empire Downloader Kimsuky |
2022-04-17 ⋅ Malcat ⋅ malcat team @online{team:20220417:reversing:4e53a3a,
author = {malcat team},
title = {{Reversing a NSIS dropper using quick and dirty shellcode emulation}},
date = {2022-04-17},
organization = {Malcat},
url = {https://malcat.fr/blog/reversing-a-nsis-dropper-using-quick-and-dirty-shellcode-emulation/},
language = {English},
urldate = {2022-04-29}
}
Reversing a NSIS dropper using quick and dirty shellcode emulation Loki Password Stealer (PWS) |
2022-04-15 ⋅ Center for Internet Security ⋅ CIS @online{cis:20220415:top:62c8245,
author = {CIS},
title = {{Top 10 Malware March 2022}},
date = {2022-04-15},
organization = {Center for Internet Security},
url = {https://www.cisecurity.org/insights/blog/top-10-malware-march-2022},
language = {English},
urldate = {2023-02-17}
}
Top 10 Malware March 2022 Mirai Shlayer Agent Tesla Ghost RAT Nanocore RAT SectopRAT solarmarker Zeus |
2022-04-12 ⋅ Check Point ⋅ Check Point Research @online{research:20220412:march:2c56dc6,
author = {Check Point Research},
title = {{March 2022’s Most Wanted Malware: Easter Phishing Scams Help Emotet Assert its Dominance}},
date = {2022-04-12},
organization = {Check Point},
url = {https://www.checkpoint.com/press/2022/march-2022s-most-wanted-malware-easter-phishing-scams-help-emotet-assert-its-dominance/},
language = {English},
urldate = {2022-04-20}
}
March 2022’s Most Wanted Malware: Easter Phishing Scams Help Emotet Assert its Dominance Alien FluBot Agent Tesla Emotet |
2022-03-31 ⋅ APNIC ⋅ Debashis Pal @online{pal:20220331:how:c5195a9,
author = {Debashis Pal},
title = {{How to: Detect and prevent common data exfiltration attacks}},
date = {2022-03-31},
organization = {APNIC},
url = {https://blog.apnic.net/2022/03/31/how-to-detect-and-prevent-common-data-exfiltration-attacks/},
language = {English},
urldate = {2022-05-05}
}
How to: Detect and prevent common data exfiltration attacks Agent Tesla DNSMessenger PingBack Rising Sun |
2022-03-26 ⋅ forensicitguy ⋅ Tony Lambert @online{lambert:20220326:agenttesla:edea93d,
author = {Tony Lambert},
title = {{An AgentTesla Sample Using VBA Macros and Certutil}},
date = {2022-03-26},
organization = {forensicitguy},
url = {https://forensicitguy.github.io/agenttesla-vba-certutil-download/},
language = {English},
urldate = {2022-03-28}
}
An AgentTesla Sample Using VBA Macros and Certutil Agent Tesla |
2022-03-25 ⋅ GOV.UA ⋅ State Service of Special Communication and Information Protection of Ukraine (CIP) @online{cip:20220325:who:e75f0ac,
author = {State Service of Special Communication and Information Protection of Ukraine (CIP)},
title = {{Who is behind the Cyberattacks on Ukraine's Critical Information Infrastructure: Statistics for March 15-22}},
date = {2022-03-25},
organization = {GOV.UA},
url = {https://cip.gov.ua/en/news/khto-stoyit-za-kiberatakami-na-ukrayinsku-kritichnu-informaciinu-infrastrukturu-statistika-15-22-bereznya},
language = {English},
urldate = {2022-08-05}
}
Who is behind the Cyberattacks on Ukraine's Critical Information Infrastructure: Statistics for March 15-22 Xloader Agent Tesla CaddyWiper Cobalt Strike DoubleZero GraphSteel GrimPlant HeaderTip HermeticWiper IsaacWiper MicroBackdoor Pandora RAT |
2022-03-11 ⋅ Netskope ⋅ Gustavo Palazolo @online{palazolo:20220311:new:68467fb,
author = {Gustavo Palazolo},
title = {{New Formbook Campaign Delivered Through Phishing Emails}},
date = {2022-03-11},
organization = {Netskope},
url = {https://www.netskope.com/blog/new-formbook-campaign-delivered-through-phishing-emails},
language = {English},
urldate = {2022-03-14}
}
New Formbook Campaign Delivered Through Phishing Emails Formbook |
2022-03-07 ⋅ Fortinet ⋅ James Slaughter, Fred Gutierrez, Val Saengphaibul @online{slaughter:20220307:fake:8999835,
author = {James Slaughter and Fred Gutierrez and Val Saengphaibul},
title = {{Fake Purchase Order Used to Deliver Agent Tesla}},
date = {2022-03-07},
organization = {Fortinet},
url = {https://www.fortinet.com/blog/threat-research/fake-purchase-order-used-to-deliver-agent-tesla},
language = {English},
urldate = {2022-03-08}
}
Fake Purchase Order Used to Deliver Agent Tesla Agent Tesla |
2022-03-07 ⋅ LAC WATCH ⋅ Cyber Emergency Center @online{center:20220307:i:aadcf34,
author = {Cyber Emergency Center},
title = {{I CAN'T HEAR YOU NOW! INTERNAL BEHAVIOR OF INFORMATION-STEALING MALWARE AND JSOC DETECTION TRENDS}},
date = {2022-03-07},
organization = {LAC WATCH},
url = {https://www.lac.co.jp/lacwatch/report/20220307_002893.html},
language = {Japanese},
urldate = {2022-04-05}
}
I CAN'T HEAR YOU NOW! INTERNAL BEHAVIOR OF INFORMATION-STEALING MALWARE AND JSOC DETECTION TRENDS Xloader Agent Tesla Formbook Loki Password Stealer (PWS) |
2022-03-04 ⋅ Bleeping Computer ⋅ Bill Toulas @online{toulas:20220304:russiaukraine:60c3069,
author = {Bill Toulas},
title = {{Russia-Ukraine war exploited as lure for malware distribution}},
date = {2022-03-04},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/russia-ukraine-war-exploited-as-lure-for-malware-distribution/},
language = {English},
urldate = {2022-03-04}
}
Russia-Ukraine war exploited as lure for malware distribution Agent Tesla Remcos |
2022-03-04 ⋅ Bitdefender ⋅ Alina Bizga @online{bizga:20220304:bitdefender:44d1f32,
author = {Alina Bizga},
title = {{Bitdefender Labs Sees Increased Malicious and Scam Activity Exploiting the War in Ukraine}},
date = {2022-03-04},
organization = {Bitdefender},
url = {https://www.bitdefender.com/blog/hotforsecurity/bitdefender-labs-sees-increased-malicious-and-scam-activity-exploiting-the-war-in-ukraine},
language = {English},
urldate = {2022-03-04}
}
Bitdefender Labs Sees Increased Malicious and Scam Activity Exploiting the War in Ukraine Agent Tesla Remcos |
2022-02-28 ⋅ AhnLab ⋅ ASEC Analysis Team @online{team:20220228:change:c9b5e5c,
author = {ASEC Analysis Team},
title = {{Change in Distribution Method of Malware Disguised as Estimate (VBS Script)}},
date = {2022-02-28},
organization = {AhnLab},
url = {https://asec.ahnlab.com/en/32149/},
language = {English},
urldate = {2022-03-02}
}
Change in Distribution Method of Malware Disguised as Estimate (VBS Script) Formbook |
2022-02-23 ⋅ Weixin ⋅ 360 Threat Intelligence Center @online{center:20220223:aptc58:fb10a0a,
author = {360 Threat Intelligence Center},
title = {{APT-C-58 (Gorgon Group) attack warning}},
date = {2022-02-23},
organization = {Weixin},
url = {https://mp.weixin.qq.com/s/X0kAIHOSldiFDthb4IsmbQ},
language = {Chinese},
urldate = {2022-03-01}
}
APT-C-58 (Gorgon Group) attack warning Agent Tesla |
2022-02-11 ⋅ Cisco Talos ⋅ Talos @online{talos:20220211:threat:fcad762,
author = {Talos},
title = {{Threat Roundup for February 4 to February 11}},
date = {2022-02-11},
organization = {Cisco Talos},
url = {https://blog.talosintelligence.com/2022/02/threat-roundup-0204-0211.html},
language = {English},
urldate = {2022-02-14}
}
Threat Roundup for February 4 to February 11 DarkComet Ghost RAT Loki Password Stealer (PWS) Tinba Tofsee Zeus |
2022-02-11 ⋅ forensicitguy ⋅ Tony Lambert @online{lambert:20220211:xloaderformbook:1f69d72,
author = {Tony Lambert},
title = {{XLoader/Formbook Distributed by Encrypted VelvetSweatshop Spreadsheets}},
date = {2022-02-11},
organization = {forensicitguy},
url = {https://forensicitguy.github.io/xloader-formbook-velvetsweatshop-spreadsheet/},
language = {English},
urldate = {2022-02-14}
}
XLoader/Formbook Distributed by Encrypted VelvetSweatshop Spreadsheets Formbook |
2022-02-06 ⋅ forensicitguy ⋅ Tony Lambert @online{lambert:20220206:agenttesla:6d362f7,
author = {Tony Lambert},
title = {{AgentTesla From RTF Exploitation to .NET Tradecraft}},
date = {2022-02-06},
organization = {forensicitguy},
url = {https://forensicitguy.github.io/agenttesla-rtf-dotnet-tradecraft/},
language = {English},
urldate = {2022-02-07}
}
AgentTesla From RTF Exploitation to .NET Tradecraft Agent Tesla |
2022-02-02 ⋅ Qualys ⋅ Ghanshyam More @online{more:20220202:catching:aca19c0,
author = {Ghanshyam More},
title = {{Catching the RAT called Agent Tesla}},
date = {2022-02-02},
organization = {Qualys},
url = {https://blog.qualys.com/vulnerabilities-threat-research/2022/02/02/catching-the-rat-called-agent-tesla},
language = {English},
urldate = {2022-02-04}
}
Catching the RAT called Agent Tesla Agent Tesla |
2022-01-28 ⋅ Atomic Matryoshka ⋅ z3r0day_504 @online{z3r0day504:20220128:malware:3628b1b,
author = {z3r0day_504},
title = {{Malware Headliners: LokiBot}},
date = {2022-01-28},
organization = {Atomic Matryoshka},
url = {https://www.atomicmatryoshka.com/post/malware-headliners-lokibot},
language = {English},
urldate = {2022-02-01}
}
Malware Headliners: LokiBot Loki Password Stealer (PWS) |
2022-01-25 ⋅ Palo Alto Networks Unit 42 ⋅ Yaron Samuel @online{samuel:20220125:weaponization:3f900f4,
author = {Yaron Samuel},
title = {{Weaponization of Excel Add-Ins Part 1: Malicious XLL Files and Agent Tesla Case Studies}},
date = {2022-01-25},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/excel-add-ins-malicious-xll-files-agent-tesla/},
language = {English},
urldate = {2022-01-28}
}
Weaponization of Excel Add-Ins Part 1: Malicious XLL Files and Agent Tesla Case Studies Agent Tesla |
2022-01-24 ⋅ Netskope ⋅ Gustavo Palazolo, Ghanashyam Satpathy @online{palazolo:20220124:infected:65db665,
author = {Gustavo Palazolo and Ghanashyam Satpathy},
title = {{Infected PowerPoint Files Using Cloud Services to Deliver Multiple Malware}},
date = {2022-01-24},
organization = {Netskope},
url = {https://www.netskope.com/blog/infected-powerpoint-files-using-cloud-services-to-deliver-multiple-malware},
language = {English},
urldate = {2022-01-28}
}
Infected PowerPoint Files Using Cloud Services to Deliver Multiple Malware Agent Tesla |
2022-01-24 ⋅ Proofpoint ⋅ Proofpoint @online{proofpoint:20220124:dtpacker:6d34c1b,
author = {Proofpoint},
title = {{DTPacker – a .NET Packer with a Curious Password}},
date = {2022-01-24},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/blog/threat-insight/dtpacker-net-packer-curious-password-1},
language = {English},
urldate = {2022-01-25}
}
DTPacker – a .NET Packer with a Curious Password Agent Tesla |
2022-01-21 ⋅ Zscaler ⋅ Javier Vicente, Brett Stone-Gross @online{vicente:20220121:analysis:419182f,
author = {Javier Vicente and Brett Stone-Gross},
title = {{Analysis of Xloader’s C2 Network Encryption}},
date = {2022-01-21},
organization = {Zscaler},
url = {https://www.zscaler.com/blogs/security-research/analysis-xloaders-c2-network-encryption},
language = {English},
urldate = {2022-01-25}
}
Analysis of Xloader’s C2 Network Encryption Xloader Formbook |
2022-01-21 ⋅ MalGamy ⋅ Gameel Ali @online{ali:20220121:deep:fe5caf7,
author = {Gameel Ali},
title = {{Deep Analysis Agent Tesla Malware}},
date = {2022-01-21},
organization = {MalGamy},
url = {https://malgamy.github.io/malware-analysis/Deep-Analysis-Agent-Tesla/},
language = {English},
urldate = {2022-01-25}
}
Deep Analysis Agent Tesla Malware Agent Tesla |
2022-01-18 ⋅ Elastic ⋅ Derek Ditch, Daniel Stepanic, Andrew Pease, Seth Goodwin @online{ditch:20220118:formbook:3f03c56,
author = {Derek Ditch and Daniel Stepanic and Andrew Pease and Seth Goodwin},
title = {{FORMBOOK Adopts CAB-less Approach}},
date = {2022-01-18},
organization = {Elastic},
url = {https://elastic.github.io/security-research/intelligence/2022/01/01.formbook-adopts-cabless-approach/article/},
language = {English},
urldate = {2022-01-25}
}
FORMBOOK Adopts CAB-less Approach Formbook |
2022-01-12 ⋅ MalGamy @online{malgamy:20220112:deep:e4c8f1e,
author = {MalGamy},
title = {{Deep analysis agent tesla malware}},
date = {2022-01-12},
url = {https://malgamy.github.io/malware-analysis/Deep-Analysis-Agent-Tesla/},
language = {English},
urldate = {2022-01-25}
}
Deep analysis agent tesla malware Agent Tesla |
2022-01-12 ⋅ Guillaume Orlando @online{orlando:20220112:2021:d68b80f,
author = {Guillaume Orlando},
title = {{2021 Gorgon Group APT Operation}},
date = {2022-01-12},
url = {https://guillaumeorlando.github.io/GorgonInfectionchain},
language = {English},
urldate = {2022-01-13}
}
2021 Gorgon Group APT Operation Agent Tesla |
2022-01-03 ⋅ forensicitguy ⋅ Tony Lambert @online{lambert:20220103:tale:bfd0711,
author = {Tony Lambert},
title = {{A Tale of Two Dropper Scripts for Agent Tesla}},
date = {2022-01-03},
organization = {forensicitguy},
url = {https://forensicitguy.github.io/a-tale-of-two-dropper-scripts/},
language = {English},
urldate = {2022-01-25}
}
A Tale of Two Dropper Scripts for Agent Tesla Agent Tesla |
2021-12-31 ⋅ InfoSec Handlers Diary Blog ⋅ Jan Kopriva @online{kopriva:20211231:do:8a36b66,
author = {Jan Kopriva},
title = {{Do you want your Agent Tesla in the 300 MB or 8 kB package?}},
date = {2021-12-31},
organization = {InfoSec Handlers Diary Blog},
url = {https://isc.sans.edu/diary/28202},
language = {English},
urldate = {2022-01-05}
}
Do you want your Agent Tesla in the 300 MB or 8 kB package? Agent Tesla |
2021-12-30 ⋅ InfoSec Handlers Diary Blog ⋅ Brad Duncan @online{duncan:20211230:agent:2b24ea4,
author = {Brad Duncan},
title = {{Agent Tesla Updates SMTP Data Exfiltration Technique}},
date = {2021-12-30},
organization = {InfoSec Handlers Diary Blog},
url = {https://isc.sans.edu/diary/rss/28190},
language = {English},
urldate = {2022-01-03}
}
Agent Tesla Updates SMTP Data Exfiltration Technique Agent Tesla |
2021-12-20 ⋅ InfoSec Handlers Diary Blog ⋅ Jan Kopriva, Alef Nula @online{kopriva:20211220:powerpoint:917c614,
author = {Jan Kopriva and Alef Nula},
title = {{PowerPoint attachments, Agent Tesla and code reuse in malware}},
date = {2021-12-20},
organization = {InfoSec Handlers Diary Blog},
url = {https://isc.sans.edu/forums/diary/PowerPoint+attachments+Agent+Tesla+and+code+reuse+in+malware/28154/},
language = {English},
urldate = {2021-12-31}
}
PowerPoint attachments, Agent Tesla and code reuse in malware Agent Tesla |
2021-12-17 ⋅ Yoroi ⋅ Luigi Martire, Carmelo Ragusa, Luca Mella @online{martire:20211217:serverless:1d4e81c,
author = {Luigi Martire and Carmelo Ragusa and Luca Mella},
title = {{Serverless InfoStealer delivered in Est European Countries}},
date = {2021-12-17},
organization = {Yoroi},
url = {https://yoroi.company/research/serverless-infostealer-delivered-in-est-european-countries/},
language = {English},
urldate = {2021-12-17}
}
Serverless InfoStealer delivered in Est European Countries Agent Tesla |
2021-12-08 ⋅ YouTube ( DuMp-GuY TrIcKsTeR) ⋅ Jiří Vinopal @online{vinopal:20211208:full:4bf6148,
author = {Jiří Vinopal},
title = {{Full malware analysis Work-Flow of AgentTesla Malware}},
date = {2021-12-08},
organization = {YouTube ( DuMp-GuY TrIcKsTeR)},
url = {https://youtu.be/QQuRp7Qiuzg},
language = {English},
urldate = {2021-12-08}
}
Full malware analysis Work-Flow of AgentTesla Malware Agent Tesla |
2021-12-06 ⋅ MalwareBookReports ⋅ muzi @online{muzi:20211206:agent:5a2c732,
author = {muzi},
title = {{AGENT TESLAGGAH}},
date = {2021-12-06},
organization = {MalwareBookReports},
url = {https://malwarebookreports.com/agent-teslaggah/},
language = {English},
urldate = {2021-12-07}
}
AGENT TESLAGGAH Agent Tesla |
2021-12-02 ⋅ AhnLab ⋅ ASEC Analysis Team @online{team:20211202:spreading:82866e8,
author = {ASEC Analysis Team},
title = {{Spreading AgentTesla through more sophisticated malicious PPT}},
date = {2021-12-02},
organization = {AhnLab},
url = {https://asec.ahnlab.com/ko/29133/},
language = {Korean},
urldate = {2021-12-07}
}
Spreading AgentTesla through more sophisticated malicious PPT Agent Tesla |
2021-11-23 ⋅ HP ⋅ Patrick Schläpfer @online{schlpfer:20211123:ratdispenser:4677686,
author = {Patrick Schläpfer},
title = {{RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild}},
date = {2021-11-23},
organization = {HP},
url = {https://threatresearch.ext.hp.com/javascript-malware-dispensing-rats-into-the-wild/},
language = {English},
urldate = {2021-11-29}
}
RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild AdWind Ratty STRRAT CloudEyE Formbook Houdini Panda Stealer Remcos |
2021-11-22 ⋅ YouTube ( DuMp-GuY TrIcKsTeR) ⋅ Jiří Vinopal @online{vinopal:20211122:powershell:37baf25,
author = {Jiří Vinopal},
title = {{Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part1]}},
date = {2021-11-22},
organization = {YouTube ( DuMp-GuY TrIcKsTeR)},
url = {https://youtu.be/hxaeWyK8gMI},
language = {English},
urldate = {2021-11-26}
}
Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part1] Agent Tesla |
2021-11-22 ⋅ YouTube ( DuMp-GuY TrIcKsTeR) ⋅ Jiří Vinopal @online{vinopal:20211122:powershell:b15c355,
author = {Jiří Vinopal},
title = {{Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part2]}},
date = {2021-11-22},
organization = {YouTube ( DuMp-GuY TrIcKsTeR)},
url = {https://youtu.be/BM38OshcozE},
language = {English},
urldate = {2021-11-26}
}
Powershell and DnSpy tricks in .NET reversing – AgentTesla [Part2] Agent Tesla |
2021-11-17 ⋅ Infoblox ⋅ Gaetano Pellegrino @techreport{pellegrino:20211117:deep:404458b,
author = {Gaetano Pellegrino},
title = {{Deep Analysis of a Recent Lokibot Attack}},
date = {2021-11-17},
institution = {Infoblox},
url = {https://www.infoblox.com/wp-content/uploads/infoblox-whitepaper-deep-analysis-of-a-recent-lokibot-attack.pdf},
language = {English},
urldate = {2022-01-03}
}
Deep Analysis of a Recent Lokibot Attack Loki Password Stealer (PWS) |
2021-11-16 ⋅ Yoroi ⋅ Luigi Martire, Carmelo Ragusa, Luca Mella @online{martire:20211116:office:2dba65a,
author = {Luigi Martire and Carmelo Ragusa and Luca Mella},
title = {{Office Documents: May the XLL technique change the threat Landscape in 2022?}},
date = {2021-11-16},
organization = {Yoroi},
url = {https://yoroi.company/research/office-documents-may-the-xll-technique-change-the-threat-landscape-in-2022/},
language = {English},
urldate = {2021-11-17}
}
Office Documents: May the XLL technique change the threat Landscape in 2022? Agent Tesla Dridex Formbook |
2021-11-12 ⋅ Living Code ⋅ Dominik Degroot @online{degroot:20211112:agenttesla:d69002b,
author = {Dominik Degroot},
title = {{AgentTesla dropped via NSIS installer}},
date = {2021-11-12},
organization = {Living Code},
url = {http://l1v1ngc0d3.wordpress.com/2021/11/12/agenttesla-dropped-via-nsis-installer/},
language = {English},
urldate = {2021-11-17}
}
AgentTesla dropped via NSIS installer Agent Tesla |
2021-11-02 ⋅ InQuest ⋅ Dmitry Melikov @online{melikov:20211102:adults:cc39000,
author = {Dmitry Melikov},
title = {{Adults Only Malware Lures}},
date = {2021-11-02},
organization = {InQuest},
url = {https://inquest.net/blog/2021/11/02/adults-only-malware-lures},
language = {English},
urldate = {2021-11-08}
}
Adults Only Malware Lures Agent Tesla |
2021-10-06 ⋅ zimperium ⋅ Jordan Herman @online{herman:20211006:malware:7f7f055,
author = {Jordan Herman},
title = {{Malware Distribution with Mana Tools}},
date = {2021-10-06},
organization = {zimperium},
url = {https://community.riskiq.com/article/56e28880},
language = {English},
urldate = {2021-10-11}
}
Malware Distribution with Mana Tools Agent Tesla Azorult |
2021-09-30 ⋅ Blackberry ⋅ The BlackBerry Research & Intelligence Team @online{team:20210930:threat:d31cc55,
author = {The BlackBerry Research & Intelligence Team},
title = {{Threat Thursday: xLoader Infostealer}},
date = {2021-09-30},
organization = {Blackberry},
url = {https://blogs.blackberry.com/en/2021/09/threat-thursday-xloader-infostealer},
language = {English},
urldate = {2021-10-11}
}
Threat Thursday: xLoader Infostealer Xloader Formbook |
2021-09-29 ⋅ Trend Micro ⋅ Aliakbar Zahravi, William Gamazo Sanchez, Kamlapati Choubey, Peter Girnus @online{zahravi:20210929:formbook:54b9f08,
author = {Aliakbar Zahravi and William Gamazo Sanchez and Kamlapati Choubey and Peter Girnus},
title = {{FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal}},
date = {2021-09-29},
organization = {Trend Micro},
url = {https://www.trendmicro.com/en_us/research/21/i/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-404.html},
language = {English},
urldate = {2021-10-05}
}
FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal Formbook |
2021-09-15 ⋅ Telsy ⋅ Telsy @online{telsy:20210915:remcos:83c0670,
author = {Telsy},
title = {{REMCOS and Agent Tesla loaded into memory with Rezer0 loader}},
date = {2021-09-15},
organization = {Telsy},
url = {https://www.telsy.com/download/4832/},
language = {English},
urldate = {2021-09-23}
}
REMCOS and Agent Tesla loaded into memory with Rezer0 loader Agent Tesla Remcos |
2021-09-08 ⋅ Juniper ⋅ Paul Kimayong @online{kimayong:20210908:aggah:8508369,
author = {Paul Kimayong},
title = {{Aggah Malware Campaign Expands to Zendesk and GitHub to Host Its Malware}},
date = {2021-09-08},
organization = {Juniper},
url = {https://blogs.juniper.net/en-us/security/aggah-malware-campaign-expands-to-zendesk-and-github-to-host-its-malware},
language = {English},
urldate = {2021-09-10}
}
Aggah Malware Campaign Expands to Zendesk and GitHub to Host Its Malware Agent Tesla |
2021-09-06 ⋅ cocomelonc ⋅ cocomelonc @online{cocomelonc:20210906:av:215e5aa,
author = {cocomelonc},
title = {{AV engines evasion for C++ simple malware: part 2}},
date = {2021-09-06},
organization = {cocomelonc},
url = {https://cocomelonc.github.io/tutorial/2021/09/06/simple-malware-av-evasion-2.html},
language = {English},
urldate = {2023-07-24}
}
AV engines evasion for C++ simple malware: part 2 Agent Tesla Amadey Anchor AnchorMTea Carbanak Carberp Cardinal RAT Felixroot Konni Loki Password Stealer (PWS) Maze |
2021-08-25 ⋅ Trend Micro ⋅ William Gamazo Sanchez, Bin Lin @online{sanchez:20210825:new:f09ef7d,
author = {William Gamazo Sanchez and Bin Lin},
title = {{New Campaign Sees LokiBot Delivered Via Multiple Methods}},
date = {2021-08-25},
organization = {Trend Micro},
url = {https://www.trendmicro.com/en_us/research/21/h/new-campaign-sees-lokibot-delivered-via-multiple-methods.html},
language = {English},
urldate = {2021-08-31}
}
New Campaign Sees LokiBot Delivered Via Multiple Methods Loki Password Stealer (PWS) |
2021-08-23 ⋅ YouTube ( DuMp-GuY TrIcKsTeR) ⋅ Jiří Vinopal @online{vinopal:20210823:2:0b5dba8,
author = {Jiří Vinopal},
title = {{[2] Lokibot analyzing - spoofing GULoader and LokiBot C2 [part2] - INetSim + BurpSuite}},
date = {2021-08-23},
organization = {YouTube ( DuMp-GuY TrIcKsTeR)},
url = {https://www.youtube.com/watch?v=N0wAh26wShE},
language = {English},
urldate = {2021-08-25}
}
[2] Lokibot analyzing - spoofing GULoader and LokiBot C2 [part2] - INetSim + BurpSuite CloudEyE Loki Password Stealer (PWS) |
2021-08-16 ⋅ Malcat ⋅ malcat team @online{team:20210816:statically:665b400,
author = {malcat team},
title = {{Statically unpacking a simple .NET dropper}},
date = {2021-08-16},
organization = {Malcat},
url = {https://malcat.fr/blog/statically-unpacking-a-simple-net-dropper/},
language = {English},
urldate = {2022-01-05}
}
Statically unpacking a simple .NET dropper Loki Password Stealer (PWS) |
2021-07-28 ⋅ RiskIQ ⋅ Jennifer Grob, Jordan Herman @online{grob:20210728:use:8287989,
author = {Jennifer Grob and Jordan Herman},
title = {{Use of XAMPP Web Component to Identify Agent Tesla Infrastructure}},
date = {2021-07-28},
organization = {RiskIQ},
url = {https://community.riskiq.com/article/40000d46},
language = {English},
urldate = {2021-07-29}
}
Use of XAMPP Web Component to Identify Agent Tesla Infrastructure Agent Tesla |
2021-07-24 ⋅ InfoSec Handlers Diary Blog ⋅ Xavier Mertens @online{mertens:20210724:agenttesla:2876aef,
author = {Xavier Mertens},
title = {{Agent.Tesla Dropped via a .daa Image and Talking to Telegram}},
date = {2021-07-24},
organization = {InfoSec Handlers Diary Blog},
url = {https://isc.sans.edu/diary/27666},
language = {English},
urldate = {2021-07-26}
}
Agent.Tesla Dropped via a .daa Image and Talking to Telegram Agent Tesla |
2021-07-21 ⋅ Quick Heal ⋅ Rumana Siddiqui @online{siddiqui:20210721:formbook:e6e3f64,
author = {Rumana Siddiqui},
title = {{FormBook Malware Returns: New Variant Uses Steganography and In-Memory Loading of multiple stages to steal data}},
date = {2021-07-21},
organization = {Quick Heal},
url = {https://blogs.quickheal.com/formbook-malware-returns-new-variant-uses-steganography-and-in-memory-loading-of-multiple-stages-to-steal-data/},
language = {English},
urldate = {2021-07-26}
}
FormBook Malware Returns: New Variant Uses Steganography and In-Memory Loading of multiple stages to steal data Formbook |
2021-07-12 ⋅ IBM ⋅ Melissa Frydrych, Claire Zaboeva, Dan Dash @online{frydrych:20210712:roboski:1f66418,
author = {Melissa Frydrych and Claire Zaboeva and Dan Dash},
title = {{RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation}},
date = {2021-07-12},
organization = {IBM},
url = {https://securityintelligence.com/posts/roboski-global-recovery-automation/},
language = {English},
urldate = {2021-07-20}
}
RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation 404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos |
2021-07-12 ⋅ Cipher Tech Solutions ⋅ Melissa Frydrych, Claire Zaboeva, Dan Dash @online{frydrych:20210712:roboski:a3c66bf,
author = {Melissa Frydrych and Claire Zaboeva and Dan Dash},
title = {{RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation}},
date = {2021-07-12},
organization = {Cipher Tech Solutions},
url = {https://www.ciphertechsolutions.com/roboski-global-recovery-automation/},
language = {English},
urldate = {2021-07-20}
}
RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation 404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos |
2021-07-07 ⋅ YouTube ( DuMp-GuY TrIcKsTeR) ⋅ Jiří Vinopal @online{vinopal:20210707:2:85ce7e9,
author = {Jiří Vinopal},
title = {{[2] Lokibot analyzing - spoofing GULoader and LokiBot C2 [part1] - Own implementation in Python}},
date = {2021-07-07},
organization = {YouTube ( DuMp-GuY TrIcKsTeR)},
url = {https://www.youtube.com/watch?v=-FxyzuRv6Wg},
language = {English},
urldate = {2021-07-20}
}
[2] Lokibot analyzing - spoofing GULoader and LokiBot C2 [part1] - Own implementation in Python CloudEyE Loki Password Stealer (PWS) |
2021-07-06 ⋅ YouTube ( DuMp-GuY TrIcKsTeR) ⋅ Jiří Vinopal @online{vinopal:20210706:1:be25f45,
author = {Jiří Vinopal},
title = {{[1] Lokibot analyzing - defeating GuLoader with Windbg (Kernel debugging) and Live C2}},
date = {2021-07-06},
organization = {YouTube ( DuMp-GuY TrIcKsTeR)},
url = {https://www.youtube.com/watch?v=K3Yxu_9OUxU},
language = {English},
urldate = {2021-07-20}
}
[1] Lokibot analyzing - defeating GuLoader with Windbg (Kernel debugging) and Live C2 CloudEyE Loki Password Stealer (PWS) |
2021-06-29 ⋅ Yoroi ⋅ Luigi Martire, Luca Mella @online{martire:20210629:wayback:fc8fa84,
author = {Luigi Martire and Luca Mella},
title = {{The "WayBack” Campaign: a Large Scale Operation Hiding in Plain Sight}},
date = {2021-06-29},
organization = {Yoroi},
url = {https://yoroi.company/research/the-wayback-campaign-a-large-scale-operation-hiding-in-plain-sight/},
language = {English},
urldate = {2021-06-29}
}
The "WayBack” Campaign: a Large Scale Operation Hiding in Plain Sight Agent Tesla Cobian RAT Oski Stealer |
2021-06-24 ⋅ Trustwave ⋅ Diana Lopera @online{lopera:20210624:yet:5a8a4c5,
author = {Diana Lopera},
title = {{Yet Another Archive Format Smuggling Malware}},
date = {2021-06-24},
organization = {Trustwave},
url = {https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/another-archive-format-smuggling-malware/},
language = {English},
urldate = {2021-06-29}
}
Yet Another Archive Format Smuggling Malware Agent Tesla |
2021-06-24 ⋅ Blackberry ⋅ The BlackBerry Research and Intelligence Team @online{team:20210624:threat:54b5162,
author = {The BlackBerry Research and Intelligence Team},
title = {{Threat Thursday: Agent Tesla Infostealer}},
date = {2021-06-24},
organization = {Blackberry},
url = {https://blogs.blackberry.com/en/2021/06/threat-thursday-agent-tesla-infostealer-malware},
language = {English},
urldate = {2021-07-02}
}
Threat Thursday: Agent Tesla Infostealer Agent Tesla |
2021-06-11 ⋅ NSFOCUS ⋅ Fuying Laboratory @online{laboratory:20210611:nigerian:201d2fa,
author = {Fuying Laboratory},
title = {{Nigerian Hacker Organization SWEED is Distributing Phishing Documents Targeting the Logistics Industry}},
date = {2021-06-11},
organization = {NSFOCUS},
url = {http://blog.nsfocus.net/sweed-611/},
language = {Chinese},
urldate = {2021-06-16}
}
Nigerian Hacker Organization SWEED is Distributing Phishing Documents Targeting the Logistics Industry Agent Tesla |
2021-06-08 ⋅ ilbaroni @online{ilbaroni:20210608:lokibot:26e4005,
author = {ilbaroni},
title = {{LOKIBOT - A commodity malware}},
date = {2021-06-08},
url = {http://reversing.fun/posts/2021/06/08/lokibot.html},
language = {English},
urldate = {2022-01-05}
}
LOKIBOT - A commodity malware Loki Password Stealer (PWS) |
2021-06-04 ⋅ Fortinet ⋅ Xiaopeng Zhang @online{zhang:20210604:phishing:20bdfa5,
author = {Xiaopeng Zhang},
title = {{Phishing Malware Hijacks Bitcoin Addresses and Delivers New Agent Tesla Variant}},
date = {2021-06-04},
organization = {Fortinet},
url = {https://www.fortinet.com/blog/threat-research/phishing-malware-hijacks-bitcoin-addresses-delivers-new-agent-tesla-variant},
language = {English},
urldate = {2021-06-16}
}
Phishing Malware Hijacks Bitcoin Addresses and Delivers New Agent Tesla Variant Agent Tesla |
2021-06-02 ⋅ Sophos ⋅ Sean Gallagher @online{gallagher:20210602:amsi:084d0ba,
author = {Sean Gallagher},
title = {{AMSI bypasses remain tricks of the malware trade}},
date = {2021-06-02},
organization = {Sophos},
url = {https://news.sophos.com/en-us/2021/06/02/amsi-bypasses-remain-tricks-of-the-malware-trade/},
language = {English},
urldate = {2021-06-09}
}
AMSI bypasses remain tricks of the malware trade Agent Tesla Cobalt Strike Meterpreter |
2021-05-18 ⋅ Youtube (AhmedS Kasmani) ⋅ AhmedS Kasmani @online{kasmani:20210518:malware:5921c55,
author = {AhmedS Kasmani},
title = {{Malware Analysis: Agent Tesla Part 1/2 Extraction of final payload from dropper.}},
date = {2021-05-18},
organization = {Youtube (AhmedS Kasmani)},
url = {https://www.youtube.com/watch?v=Q9_1xNbVQPY},
language = {English},
urldate = {2021-05-19}
}
Malware Analysis: Agent Tesla Part 1/2 Extraction of final payload from dropper. Agent Tesla |
2021-05-11 ⋅ VMRay ⋅ VMRay Labs Team, Mateusz Lukaszewski @online{team:20210511:threat:2b02a9b,
author = {VMRay Labs Team and Mateusz Lukaszewski},
title = {{Threat Bulletin: Exploring the Differences and Similarities of Agent Tesla v2 & v3}},
date = {2021-05-11},
organization = {VMRay},
url = {https://www.vmray.com/cyber-security-blog/threat-bulletin-agent-tesla/},
language = {English},
urldate = {2021-08-20}
}
Threat Bulletin: Exploring the Differences and Similarities of Agent Tesla v2 & v3 Agent Tesla |
2021-05-11 ⋅ Twitter (@MsftSecIntel) ⋅ Microsoft Security Intelligence @online{intelligence:20210511:snip3:69a4650,
author = {Microsoft Security Intelligence},
title = {{Tweet on Snip3 crypter delivering AsyncRAT or AgentTesla}},
date = {2021-05-11},
organization = {Twitter (@MsftSecIntel)},
url = {https://twitter.com/MsftSecIntel/status/1392219299696152578},
language = {English},
urldate = {2021-05-13}
}
Tweet on Snip3 crypter delivering AsyncRAT or AgentTesla Agent Tesla AsyncRAT |
2021-05-07 ⋅ Morphisec ⋅ Nadav Lorber @online{lorber:20210507:revealing:add3b8a,
author = {Nadav Lorber},
title = {{Revealing the ‘Snip3’ Crypter, a Highly Evasive RAT Loader}},
date = {2021-05-07},
organization = {Morphisec},
url = {https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader},
language = {English},
urldate = {2021-05-13}
}
Revealing the ‘Snip3’ Crypter, a Highly Evasive RAT Loader Agent Tesla AsyncRAT NetWire RC Revenge RAT |
2021-05-05 ⋅ Zscaler ⋅ Aniruddha Dolas, Mohd Sadique, Manohar Ghule @online{dolas:20210505:catching:ace83fc,
author = {Aniruddha Dolas and Mohd Sadique and Manohar Ghule},
title = {{Catching RATs Over Custom Protocols Analysis of top non-HTTP/S threats}},
date = {2021-05-05},
organization = {Zscaler},
url = {https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols},
language = {English},
urldate = {2021-05-08}
}
Catching RATs Over Custom Protocols Analysis of top non-HTTP/S threats Agent Tesla AsyncRAT Crimson RAT CyberGate Ghost RAT Nanocore RAT NetWire RC NjRAT Quasar RAT Remcos |
2021-04-22 ⋅ Fortinet ⋅ Xiaopeng Zhang @online{zhang:20210422:deep:44cd560,
author = {Xiaopeng Zhang},
title = {{Deep Analysis: FormBook New Variant Delivered in Phishing Campaign – Part II}},
date = {2021-04-22},
organization = {Fortinet},
url = {https://www.fortinet.com/blog/threat-research/deep-analysis-formbook-new-variant-delivered-phishing-campaign-part-ii},
language = {English},
urldate = {2021-04-28}
}
Deep Analysis: FormBook New Variant Delivered in Phishing Campaign – Part II Formbook |
2021-04-21 ⋅ SophosLabs Uncut ⋅ Sean Gallagher, Suriya Natarajan, Anand Aijan, Michael Wood, Sivagnanam Gn, Markel Picado, Andrew Brandt @online{gallagher:20210421:nearly:53964a7,
author = {Sean Gallagher and Suriya Natarajan and Anand Aijan and Michael Wood and Sivagnanam Gn and Markel Picado and Andrew Brandt},
title = {{Nearly half of malware now use TLS to conceal communications}},
date = {2021-04-21},
organization = {SophosLabs Uncut},
url = {https://news.sophos.com/en-us/2021/04/21/nearly-half-of-malware-now-use-tls-to-conceal-communications/},
language = {English},
urldate = {2021-04-28}
}
Nearly half of malware now use TLS to conceal communications Agent Tesla Cobalt Strike Dridex SystemBC |
2021-04-12 ⋅ Fortinet ⋅ Xiaopeng Zhang @online{zhang:20210412:deep:dc35f85,
author = {Xiaopeng Zhang},
title = {{Deep Analysis: New FormBook Variant Delivered in Phishing Campaign – Part I}},
date = {2021-04-12},
organization = {Fortinet},
url = {https://www.fortinet.com/blog/threat-research/deep-analysis-new-formbook-variant-delivered-phishing-campaign-part-I},
language = {English},
urldate = {2021-04-14}
}
Deep Analysis: New FormBook Variant Delivered in Phishing Campaign – Part I Formbook |
2021-04-06 ⋅ InfoSec Handlers Diary Blog ⋅ Jan Kopriva @online{kopriva:20210406:malspam:817a035,
author = {Jan Kopriva},
title = {{Malspam with Lokibot vs. Outlook and RFCs}},
date = {2021-04-06},
organization = {InfoSec Handlers Diary Blog},
url = {https://isc.sans.edu/diary/27282},
language = {English},
urldate = {2021-04-06}
}
Malspam with Lokibot vs. Outlook and RFCs Loki Password Stealer (PWS) |
2021-04-04 ⋅ menshaway blogspot ⋅ Mahmoud Morsy @online{morsy:20210404:technical:197b7c7,
author = {Mahmoud Morsy},
title = {{Technical report of AgentTesla}},
date = {2021-04-04},
organization = {menshaway blogspot},
url = {https://menshaway.blogspot.com/2021/04/agenttesla-malware.html},
language = {English},
urldate = {2021-04-06}
}
Technical report of AgentTesla Agent Tesla |
2021-03-17 ⋅ HP ⋅ HP Bromium @techreport{bromium:20210317:threat:3aed551,
author = {HP Bromium},
title = {{Threat Insights Report Q4-2020}},
date = {2021-03-17},
institution = {HP},
url = {https://threatresearch.ext.hp.com/wp-content/uploads/2021/03/HP_Bromium_Threat_Insights_Report_Q4_2020.pdf},
language = {English},
urldate = {2021-03-19}
}
Threat Insights Report Q4-2020 Agent Tesla BitRAT ComodoSec Dridex Emotet Ficker Stealer Formbook Zloader |
2021-03-11 ⋅ YouTube ( Malware_Analyzing_&_RE_Tips_Tricks) ⋅ Jiří Vinopal @online{vinopal:20210311:formbook:31931b9,
author = {Jiří Vinopal},
title = {{Formbook Reversing - Part1 [Formbook .NET loader/injector analyzing, decrypting, unpacking, patching]}},
date = {2021-03-11},
organization = {YouTube ( Malware_Analyzing_&_RE_Tips_Tricks)},
url = {https://youtu.be/aQwnHIlGSBM},
language = {English},
urldate = {2021-03-12}
}
Formbook Reversing - Part1 [Formbook .NET loader/injector analyzing, decrypting, unpacking, patching] Formbook |
2021-02-28 ⋅ PWC UK ⋅ PWC UK @techreport{uk:20210228:cyber:bd780cd,
author = {PWC UK},
title = {{Cyber Threats 2020: A Year in Retrospect}},
date = {2021-02-28},
institution = {PWC UK},
url = {https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf},
language = {English},
urldate = {2021-03-04}
}
Cyber Threats 2020: A Year in Retrospect elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team |
2021-02-25 ⋅ Minerva ⋅ Minerva Labs @online{labs:20210225:preventing:c968dbc,
author = {Minerva Labs},
title = {{Preventing AgentTelsa Infiltration}},
date = {2021-02-25},
organization = {Minerva},
url = {https://blog.minerva-labs.com/preventing-agenttesla},
language = {English},
urldate = {2021-02-25}
}
Preventing AgentTelsa Infiltration Agent Tesla |
2021-02-12 ⋅ InfoSec Handlers Diary Blog ⋅ Xavier Mertens @online{mertens:20210212:agenttesla:228400f,
author = {Xavier Mertens},
title = {{AgentTesla Dropped Through Automatic Click in Microsoft Help File}},
date = {2021-02-12},
organization = {InfoSec Handlers Diary Blog},
url = {https://isc.sans.edu/diary/rss/27092},
language = {English},
urldate = {2021-02-18}
}
AgentTesla Dropped Through Automatic Click in Microsoft Help File Agent Tesla |
2021-02-12 ⋅ Trustwave ⋅ Rodel Mendrez, Diana Lopera @online{mendrez:20210212:many:560778f,
author = {Rodel Mendrez and Diana Lopera},
title = {{The Many Roads Leading To Agent Tesla}},
date = {2021-02-12},
organization = {Trustwave},
url = {https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/the-many-roads-leading-to-agent-tesla/},
language = {English},
urldate = {2021-02-18}
}
The Many Roads Leading To Agent Tesla Agent Tesla |
2021-02-11 ⋅ InfoSec Handlers Diary Blog ⋅ Jan Kopriva @online{kopriva:20210211:agent:e27e397,
author = {Jan Kopriva},
title = {{Agent Tesla hidden in a historical anti-malware tool}},
date = {2021-02-11},
organization = {InfoSec Handlers Diary Blog},
url = {https://isc.sans.edu/diary/27088},
language = {English},
urldate = {2021-02-20}
}
Agent Tesla hidden in a historical anti-malware tool Agent Tesla |
2021-01-21 ⋅ DENEXUS ⋅ Markel Picado @techreport{picado:20210121:spear:3893769,
author = {Markel Picado},
title = {{Spear Phishing Targeting ICS Supply Chain - Analysis}},
date = {2021-01-21},
institution = {DENEXUS},
url = {https://www.denexus.io/wp-content/uploads/2021/02/Threat-actor-targeting-gas-oil-supply-chains_public.pdf},
language = {English},
urldate = {2021-03-05}
}
Spear Phishing Targeting ICS Supply Chain - Analysis Agent Tesla |
2021-01-11 ⋅ ESET Research ⋅ Matías Porolli @online{porolli:20210111:operation:409662d,
author = {Matías Porolli},
title = {{Operation Spalax: Targeted malware attacks in Colombia}},
date = {2021-01-11},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2021/01/12/operation-spalax-targeted-malware-attacks-colombia/},
language = {English},
urldate = {2021-01-18}
}
Operation Spalax: Targeted malware attacks in Colombia Agent Tesla AsyncRAT NjRAT Remcos |
2021-01-09 ⋅ Marco Ramilli's Blog ⋅ Marco Ramilli @online{ramilli:20210109:command:d720b27,
author = {Marco Ramilli},
title = {{Command and Control Traffic Patterns}},
date = {2021-01-09},
organization = {Marco Ramilli's Blog},
url = {https://marcoramilli.com/2021/01/09/c2-traffic-patterns-personal-notes/},
language = {English},
urldate = {2021-05-17}
}
Command and Control Traffic Patterns ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot |
2021-01-06 ⋅ Talos ⋅ Irshad Muhammad, Holger Unterbrink @online{muhammad:20210106:deep:8fa3a1f,
author = {Irshad Muhammad and Holger Unterbrink},
title = {{A Deep Dive into Lokibot Infection Chain}},
date = {2021-01-06},
organization = {Talos},
url = {https://blog.talosintelligence.com/2021/01/a-deep-dive-into-lokibot-infection-chain.html},
language = {English},
urldate = {2021-01-10}
}
A Deep Dive into Lokibot Infection Chain Loki Password Stealer (PWS) |
2021 ⋅ Secureworks ⋅ SecureWorks @online{secureworks:2021:threat:9cb31b0,
author = {SecureWorks},
title = {{Threat Profile: GOLD GALLEON}},
date = {2021},
organization = {Secureworks},
url = {http://www.secureworks.com/research/threat-profiles/gold-galleon},
language = {English},
urldate = {2021-06-01}
}
Threat Profile: GOLD GALLEON Agent Tesla HawkEye Keylogger Pony GOLD GALLEON |
2020-12-21 ⋅ Cisco Talos ⋅ JON MUNSHAW @online{munshaw:20201221:2020:4a88f84,
author = {JON MUNSHAW},
title = {{2020: The year in malware}},
date = {2020-12-21},
organization = {Cisco Talos},
url = {https://blog.talosintelligence.com/2020/12/2020-year-in-malware.html},
language = {English},
urldate = {2020-12-26}
}
2020: The year in malware WolfRAT Prometei Poet RAT Agent Tesla Astaroth Ave Maria CRAT Emotet Gozi IndigoDrop JhoneRAT Nanocore RAT NjRAT Oblique RAT SmokeLoader StrongPity WastedLocker Zloader |
2020-12-18 ⋅ Trend Micro ⋅ Matthew Camacho, Raphael Centeno, Junestherry Salvador @online{camacho:20201218:negasteal:e5b291f,
author = {Matthew Camacho and Raphael Centeno and Junestherry Salvador},
title = {{Negasteal Uses Hastebin for Fileless Delivery of Crysis Ransomware}},
date = {2020-12-18},
organization = {Trend Micro},
url = {https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/negasteal-uses-hastebin-for-fileless-delivery-of-crysis-ransomware},
language = {English},
urldate = {2020-12-26}
}
Negasteal Uses Hastebin for Fileless Delivery of Crysis Ransomware Agent Tesla Dharma |
2020-12-15 ⋅ Cofense ⋅ Aaron Riley @online{riley:20201215:strategic:653455d,
author = {Aaron Riley},
title = {{Strategic Analysis: Agent Tesla Expands Targeting and Networking Capabilities}},
date = {2020-12-15},
organization = {Cofense},
url = {https://cofense.com/strategic-analysis-agent-tesla-expands-targeting-and-networking-capabilities/},
language = {English},
urldate = {2020-12-17}
}
Strategic Analysis: Agent Tesla Expands Targeting and Networking Capabilities Agent Tesla |
2020-12-10 ⋅ US-CERT ⋅ US-CERT, FBI, MS-ISAC @online{uscert:20201210:alert:a5ec77e,
author = {US-CERT and FBI and MS-ISAC},
title = {{Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data}},
date = {2020-12-10},
organization = {US-CERT},
url = {https://us-cert.cisa.gov/ncas/alerts/aa20-345a},
language = {English},
urldate = {2020-12-11}
}
Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim REvil Ryuk Zeus |
2020-12-07 ⋅ Proofpoint ⋅ Proofpoint Threat Research Team @online{team:20201207:commodity:027b864,
author = {Proofpoint Threat Research Team},
title = {{Commodity .NET Packers use Embedded Images to Hide Payloads}},
date = {2020-12-07},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/blog/threat-insight/commodity-net-packers-use-embedded-images-hide-payloads},
language = {English},
urldate = {2020-12-10}
}
Commodity .NET Packers use Embedded Images to Hide Payloads Agent Tesla Loki Password Stealer (PWS) Remcos |
2020-12-04 ⋅ Inde ⋅ Chris Campbell @online{campbell:20201204:inside:9f2f036,
author = {Chris Campbell},
title = {{Inside a .NET Stealer: AgentTesla}},
date = {2020-12-04},
organization = {Inde},
url = {https://www.inde.nz/blog/inside-agenttesla},
language = {English},
urldate = {2022-04-29}
}
Inside a .NET Stealer: AgentTesla Agent Tesla |
2020-12-03 ⋅ Telsy ⋅ Telsy Research Team @techreport{team:20201203:when:0269579,
author = {Telsy Research Team},
title = {{When a false flagdoesn’t work: Exploring the digital-crimeunderground at campaign preparation stage}},
date = {2020-12-03},
institution = {Telsy},
url = {https://www.telsy.com/wp-content/uploads/ATR_82599-1.pdf},
language = {English},
urldate = {2020-12-14}
}
When a false flagdoesn’t work: Exploring the digital-crimeunderground at campaign preparation stage Agent Tesla |
2020-11-27 ⋅ HP ⋅ Alex Holland @online{holland:20201127:aggah:7dd38ba,
author = {Alex Holland},
title = {{Aggah Campaign’s Latest Tactics: Victimology, PowerPoint Dropper and Cryptocurrency Stealer}},
date = {2020-11-27},
organization = {HP},
url = {https://threatresearch.ext.hp.com/aggah-campaigns-latest-tactics-victimology-powerpoint-dropper-and-cryptocurrency-stealer/},
language = {English},
urldate = {2020-11-27}
}
Aggah Campaign’s Latest Tactics: Victimology, PowerPoint Dropper and Cryptocurrency Stealer Agent Tesla |
2020-11-19 ⋅ SANS ISC InfoSec Forums ⋅ Xavier Mertens @online{mertens:20201119:powershell:72b44bf,
author = {Xavier Mertens},
title = {{PowerShell Dropper Delivering Formbook}},
date = {2020-11-19},
organization = {SANS ISC InfoSec Forums},
url = {https://isc.sans.edu/diary/26806},
language = {English},
urldate = {2020-11-19}
}
PowerShell Dropper Delivering Formbook Formbook |
2020-11-18 ⋅ Sophos ⋅ Sophos @techreport{sophos:20201118:sophos:8fd201e,
author = {Sophos},
title = {{SOPHOS 2021 THREAT REPORT Navigating cybersecurity in an uncertain world}},
date = {2020-11-18},
institution = {Sophos},
url = {https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2021-threat-report.pdf},
language = {English},
urldate = {2020-11-19}
}
SOPHOS 2021 THREAT REPORT Navigating cybersecurity in an uncertain world Agent Tesla Dridex TrickBot Zloader |
2020-11-18 ⋅ G Data ⋅ G-Data @online{gdata:20201118:business:f4eda3a,
author = {G-Data},
title = {{Business as usual: Criminal Activities in Times of a Global Pandemic}},
date = {2020-11-18},
organization = {G Data},
url = {https://www.gdatasoftware.com/blog/global-pandemic-remcos-tesla-netwire},
language = {English},
urldate = {2020-11-23}
}
Business as usual: Criminal Activities in Times of a Global Pandemic Agent Tesla Nanocore RAT NetWire RC Remcos |
2020-11-05 ⋅ Morphisec ⋅ Michael Gorelik @online{gorelik:20201105:agent:1cefe08,
author = {Michael Gorelik},
title = {{Agent Tesla: A Day in a Life of IR}},
date = {2020-11-05},
organization = {Morphisec},
url = {https://blog.morphisec.com/agent-tesla-a-day-in-a-life-of-ir},
language = {English},
urldate = {2020-11-09}
}
Agent Tesla: A Day in a Life of IR Agent Tesla |
2020-11-05 ⋅ tccontre Blog ⋅ tcontre @online{tcontre:20201105:interesting:17c82b2,
author = {tcontre},
title = {{Interesting FormBook Crypter - unconventional way to store encrypted data}},
date = {2020-11-05},
organization = {tccontre Blog},
url = {https://tccontre.blogspot.com/2020/11/interesting-formbook-crypter.html},
language = {English},
urldate = {2020-11-06}
}
Interesting FormBook Crypter - unconventional way to store encrypted data Formbook |
2020-10-16 ⋅ Hornetsecurity ⋅ Hornetsecurity Security Lab @online{lab:20201016:vba:577dd47,
author = {Hornetsecurity Security Lab},
title = {{VBA Purging Malspam Campaigns}},
date = {2020-10-16},
organization = {Hornetsecurity},
url = {https://www.hornetsecurity.com/en/threat-research/vba-purging-malspam-campaigns/},
language = {English},
urldate = {2020-12-08}
}
VBA Purging Malspam Campaigns Agent Tesla Formbook |
2020-10-05 ⋅ Juniper ⋅ Paul Kimayong @online{kimayong:20201005:new:739309f,
author = {Paul Kimayong},
title = {{New pastebin-like service used in multiple malware campaigns}},
date = {2020-10-05},
organization = {Juniper},
url = {https://blogs.juniper.net/en-us/threat-research/new-pastebin-like-service-used-in-multiple-malware-campaigns},
language = {English},
urldate = {2020-10-07}
}
New pastebin-like service used in multiple malware campaigns Agent Tesla LimeRAT RedLine Stealer |
2020-10-01 ⋅ SpiderLabs Blog ⋅ Diana Lopera @online{lopera:20201001:evasive:c15da47,
author = {Diana Lopera},
title = {{Evasive URLs in Spam: Part 2}},
date = {2020-10-01},
organization = {SpiderLabs Blog},
url = {https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/evasive-urls-in-spam-part-2/},
language = {English},
urldate = {2020-10-12}
}
Evasive URLs in Spam: Part 2 Loki Password Stealer (PWS) |
2020-09-03 ⋅ Medium mariohenkel ⋅ Mario Henkel @online{henkel:20200903:decrypting:16cd7a9,
author = {Mario Henkel},
title = {{Decrypting AgentTesla strings and config}},
date = {2020-09-03},
organization = {Medium mariohenkel},
url = {https://medium.com/@mariohenkel/decrypting-agenttesla-strings-and-config-b9000b18c996?sk=fcead9538516eeb3daa7b53cb537f6f4},
language = {English},
urldate = {2020-09-03}
}
Decrypting AgentTesla strings and config Agent Tesla |
2020-08-27 ⋅ MalWatch ⋅ MalWatch @online{malwatch:20200827:wintrojanagenttesla:8c6e4f6,
author = {MalWatch},
title = {{Win.Trojan.AgentTesla - Malware analysis & threat intelligence report}},
date = {2020-08-27},
organization = {MalWatch},
url = {https://malwatch.github.io/posts/agent-tesla-malware-analysis/},
language = {English},
urldate = {2020-08-28}
}
Win.Trojan.AgentTesla - Malware analysis & threat intelligence report Agent Tesla |
2020-08-26 ⋅ Lab52 ⋅ Jagaimo Kawaii @online{kawaii:20200826:twisted:b91cfb5,
author = {Jagaimo Kawaii},
title = {{A twisted malware infection chain}},
date = {2020-08-26},
organization = {Lab52},
url = {https://lab52.io/blog/a-twisted-malware-infection-chain/},
language = {English},
urldate = {2020-08-31}
}
A twisted malware infection chain Agent Tesla Loki Password Stealer (PWS) |
2020-08-10 ⋅ Seqrite ⋅ Pavankumar Chaudhari @online{chaudhari:20200810:gorgon:3a961be,
author = {Pavankumar Chaudhari},
title = {{Gorgon APT targeting MSME sector in India}},
date = {2020-08-10},
organization = {Seqrite},
url = {https://www.seqrite.com/blog/gorgon-apt-targeting-msme-sector-in-india/},
language = {English},
urldate = {2020-08-13}
}
Gorgon APT targeting MSME sector in India Agent Tesla |
2020-08-10 ⋅ SentinelOne ⋅ Jim Walter @online{walter:20200810:agent:d09f042,
author = {Jim Walter},
title = {{Agent Tesla | Old RAT Uses New Tricks to Stay on Top}},
date = {2020-08-10},
organization = {SentinelOne},
url = {https://labs.sentinelone.com/agent-tesla-old-rat-uses-new-tricks-to-stay-on-top/},
language = {English},
urldate = {2020-08-13}
}
Agent Tesla | Old RAT Uses New Tricks to Stay on Top Agent Tesla |
2020-07-30 ⋅ Spamhaus ⋅ Spamhaus Malware Labs @techreport{labs:20200730:spamhaus:038546d,
author = {Spamhaus Malware Labs},
title = {{Spamhaus Botnet Threat Update Q2 2020}},
date = {2020-07-30},
institution = {Spamhaus},
url = {https://www.spamhaus.org/news/images/botnet-report-2020-q2/2020-q2-spamhaus-botnet-threat-report.pdf},
language = {English},
urldate = {2020-07-30}
}
Spamhaus Botnet Threat Update Q2 2020 AdWind Agent Tesla Arkei Stealer AsyncRAT Ave Maria Azorult DanaBot Emotet IcedID ISFB KPOT Stealer Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Pony Raccoon RedLine Stealer Remcos Zloader |
2020-07-29 ⋅ ESET Research ⋅ welivesecurity @techreport{welivesecurity:20200729:threat:496355c,
author = {welivesecurity},
title = {{THREAT REPORT Q2 2020}},
date = {2020-07-29},
institution = {ESET Research},
url = {https://www.welivesecurity.com/wp-content/uploads/2020/07/ESET_Threat_Report_Q22020.pdf},
language = {English},
urldate = {2020-07-30}
}
THREAT REPORT Q2 2020 DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos PlugX Pony REvil Socelars STOP Tinba TrickBot WannaCryptor |
2020-07-22 ⋅ S2W LAB Inc. ⋅ S2W LAB INTELLIGENCE TEAM @online{team:20200722:formbook:6297801,
author = {S2W LAB INTELLIGENCE TEAM},
title = {{'FormBook Tracker' unveiled on the Dark Web}},
date = {2020-07-22},
organization = {S2W LAB Inc.},
url = {https://drive.google.com/file/d/1oxINyIJfMtv_upJqRK9vLSchIBaU8wiU/view},
language = {English},
urldate = {2020-08-14}
}
'FormBook Tracker' unveiled on the Dark Web Formbook |
2020-06-02 ⋅ Lastline Labs ⋅ James Haughom, Stefano Ortolani @online{haughom:20200602:evolution:3286d87,
author = {James Haughom and Stefano Ortolani},
title = {{Evolution of Excel 4.0 Macro Weaponization}},
date = {2020-06-02},
organization = {Lastline Labs},
url = {https://www.lastline.com/labsblog/evolution-of-excel-4-0-macro-weaponization/},
language = {English},
urldate = {2020-06-03}
}
Evolution of Excel 4.0 Macro Weaponization Agent Tesla DanaBot ISFB TrickBot Zloader |
2020-05-31 ⋅ Malwarebytes ⋅ hasherezade @online{hasherezade:20200531:revisiting:cb8df95,
author = {hasherezade},
title = {{Revisiting the NSIS-based crypter}},
date = {2020-05-31},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-analysis/2021/05/revisiting-the-nsis-based-crypter/},
language = {English},
urldate = {2021-06-09}
}
Revisiting the NSIS-based crypter Formbook |
2020-05-23 ⋅ InfoSec Handlers Diary Blog ⋅ Xavier Mertens @online{mertens:20200523:agenttesla:eba0b0c,
author = {Xavier Mertens},
title = {{AgentTesla Delivered via a Malicious PowerPoint Add-In}},
date = {2020-05-23},
organization = {InfoSec Handlers Diary Blog},
url = {https://isc.sans.edu/forums/diary/AgentTesla+Delivered+via+a+Malicious+PowerPoint+AddIn/26162/},
language = {English},
urldate = {2020-05-27}
}
AgentTesla Delivered via a Malicious PowerPoint Add-In Agent Tesla |
2020-05-22 ⋅ Yoroi ⋅ Luigi Martire, Giacomo d'Onofrio, Antonio Pirozzi, Luca Mella @online{martire:20200522:cybercriminal:97a41b3,
author = {Luigi Martire and Giacomo d'Onofrio and Antonio Pirozzi and Luca Mella},
title = {{Cyber-Criminal espionage Operation insists on Italian Manufacturing}},
date = {2020-05-22},
organization = {Yoroi},
url = {https://yoroi.company/research/cyber-criminal-espionage-operation-insists-on-italian-manufacturing/},
language = {English},
urldate = {2022-02-02}
}
Cyber-Criminal espionage Operation insists on Italian Manufacturing Agent Tesla |
2020-05-21 ⋅ Malwarebytes ⋅ Malwarebytes Labs @techreport{labs:20200521:cybercrime:d38d2da,
author = {Malwarebytes Labs},
title = {{Cybercrime tactics and techniques}},
date = {2020-05-21},
institution = {Malwarebytes},
url = {https://resources.malwarebytes.com/files/2020/05/CTNT_Q1_2020_COVID-Report_Final.pdf},
language = {English},
urldate = {2020-06-03}
}
Cybercrime tactics and techniques Ave Maria Azorult DanaBot Loki Password Stealer (PWS) NetWire RC |
2020-05-14 ⋅ SophosLabs ⋅ Markel Picado @online{picado:20200514:raticate:6334722,
author = {Markel Picado},
title = {{RATicate: an attacker’s waves of information-stealing malware}},
date = {2020-05-14},
organization = {SophosLabs},
url = {https://news.sophos.com/en-us/2020/05/14/raticate/},
language = {English},
urldate = {2020-05-18}
}
RATicate: an attacker’s waves of information-stealing malware Agent Tesla BetaBot BlackRemote Formbook Loki Password Stealer (PWS) NetWire RC NjRAT Remcos |
2020-04-28 ⋅ Trend Micro ⋅ Miguel Ang @online{ang:20200428:loki:169b27e,
author = {Miguel Ang},
title = {{Loki Info Stealer Propagates through LZH Files}},
date = {2020-04-28},
organization = {Trend Micro},
url = {https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/loki-info-stealer-propagates-through-lzh-files},
language = {English},
urldate = {2020-08-14}
}
Loki Info Stealer Propagates through LZH Files Loki Password Stealer (PWS) |
2020-04-16 ⋅ Malwarebytes ⋅ Hossein Jazi @online{jazi:20200416:new:6b7cb7a,
author = {Hossein Jazi},
title = {{New AgentTesla variant steals WiFi credentials}},
date = {2020-04-16},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/cybercrime/2020/04/new-agenttesla-variant-steals-wifi-credentials/},
language = {English},
urldate = {2020-04-16}
}
New AgentTesla variant steals WiFi credentials Agent Tesla |
2020-04-15 ⋅ Suraj Malhotra @online{malhotra:20200415:how:6cfc199,
author = {Suraj Malhotra},
title = {{How Analysing an AgentTesla Could Lead To Attackers Inbox - Part II}},
date = {2020-04-15},
url = {https://mrt4ntr4.github.io/How-Analysing-an-AgentTesla-Could-Lead-To-Attackers-Inbox-2/},
language = {English},
urldate = {2020-04-20}
}
How Analysing an AgentTesla Could Lead To Attackers Inbox - Part II Agent Tesla |
2020-04-14 ⋅ Palo Alto Networks Unit 42 ⋅ Adrian McCabe, Vicky Ray, Juan Cortes @online{mccabe:20200414:malicious:9481b60,
author = {Adrian McCabe and Vicky Ray and Juan Cortes},
title = {{Malicious Attackers Target Government and Medical Organizations With COVID-19 Themed Phishing Campaigns}},
date = {2020-04-14},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/covid-19-themed-cyber-attacks-target-government-and-medical-organizations/},
language = {English},
urldate = {2020-04-14}
}
Malicious Attackers Target Government and Medical Organizations With COVID-19 Themed Phishing Campaigns Agent Tesla EDA2 |
2020-04-13 ⋅ Suraj Malhotra @online{malhotra:20200413:how:6ea81f8,
author = {Suraj Malhotra},
title = {{How Analysing an AgentTesla Could Lead To Attackers Inbox - Part I}},
date = {2020-04-13},
url = {https://mrt4ntr4.github.io/How-Analysing-an-AgentTesla-Could-Lead-To-Attackers-Inbox-1/},
language = {English},
urldate = {2020-04-15}
}
How Analysing an AgentTesla Could Lead To Attackers Inbox - Part I Agent Tesla |
2020-04-05 ⋅ MalwrAnalysis ⋅ Anurag @online{anurag:20200405:trojan:2bb6584,
author = {Anurag},
title = {{Trojan Agent Tesla – Malware Analysis}},
date = {2020-04-05},
organization = {MalwrAnalysis},
url = {https://malwr-analysis.com/2020/04/05/trojan-agent-tesla-malware-analysis/},
language = {English},
urldate = {2020-04-08}
}
Trojan Agent Tesla – Malware Analysis Agent Tesla |
2020-04-01 ⋅ Cisco ⋅ Shyam Sundar Ramaswami, Andrea Kaiser @online{ramaswami:20200401:navigating:965952a,
author = {Shyam Sundar Ramaswami and Andrea Kaiser},
title = {{Navigating Cybersecurity During a Pandemic: Latest Malware and Threat Actors}},
date = {2020-04-01},
organization = {Cisco},
url = {https://umbrella.cisco.com/blog/navigating-cybersecurity-during-a-pandemic-latest-malware-and-threat-actors},
language = {English},
urldate = {2020-08-19}
}
Navigating Cybersecurity During a Pandemic: Latest Malware and Threat Actors Azorult CloudEyE Formbook KPOT Stealer Metamorfo Nanocore RAT NetWire RC TrickBot |
2020-03-31 ⋅ Click All the Things! Blog ⋅ Jamie @online{jamie:20200331:lokibot:f927742,
author = {Jamie},
title = {{LokiBot: Getting Equation Editor Shellcode}},
date = {2020-03-31},
organization = {Click All the Things! Blog},
url = {https://clickallthethings.wordpress.com/2020/03/31/lokibot-getting-equation-editor-shellcode/},
language = {English},
urldate = {2020-04-07}
}
LokiBot: Getting Equation Editor Shellcode Loki Password Stealer (PWS) |
2020-03-24 ⋅ RiskIQ ⋅ Wes Smiley @online{smiley:20200324:exploring:3a3c04b,
author = {Wes Smiley},
title = {{Exploring Agent Tesla Infrastructure}},
date = {2020-03-24},
organization = {RiskIQ},
url = {https://community.riskiq.com/article/6337984e},
language = {English},
urldate = {2021-04-09}
}
Exploring Agent Tesla Infrastructure Agent Tesla |
2020-03-24 ⋅ Avira ⋅ Avira Protection Labs @online{labs:20200324:new:88d7b1d,
author = {Avira Protection Labs},
title = {{A new technique to analyze FormBook malware infections}},
date = {2020-03-24},
organization = {Avira},
url = {https://insights.oem.avira.com/a-new-technique-to-analyze-formbook-malware-infections/},
language = {English},
urldate = {2020-04-01}
}
A new technique to analyze FormBook malware infections Formbook |
2020-03-20 ⋅ Bitdefender ⋅ Liviu Arsene @online{arsene:20200320:5:46813c6,
author = {Liviu Arsene},
title = {{5 Times More Coronavirus-themed Malware Reports during March}},
date = {2020-03-20},
organization = {Bitdefender},
url = {https://labs.bitdefender.com/2020/03/5-times-more-coronavirus-themed-malware-reports-during-march/?utm_campaign=twitter&utm_medium=twitter&utm_source=twitter},
language = {English},
urldate = {2020-03-26}
}
5 Times More Coronavirus-themed Malware Reports during March ostap HawkEye Keylogger Koadic Loki Password Stealer (PWS) Nanocore RAT Remcos |
2020-03-18 ⋅ Proofpoint ⋅ Axel F, Sam Scholten @online{f:20200318:coronavirus:8fe12a3,
author = {Axel F and Sam Scholten},
title = {{Coronavirus Threat Landscape Update}},
date = {2020-03-18},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/threat-insight/post/coronavirus-threat-landscape-update},
language = {English},
urldate = {2020-03-26}
}
Coronavirus Threat Landscape Update Agent Tesla Get2 ISFB Remcos |
2020-02-26 ⋅ MalwareLab.pl ⋅ Maciej Kotowicz @online{kotowicz:20200226:abusing:2a32e8e,
author = {Maciej Kotowicz},
title = {{(Ab)using bash-fu to analyze recent Aggah sample}},
date = {2020-02-26},
organization = {MalwareLab.pl},
url = {https://blog.malwarelab.pl/posts/basfu_aggah/},
language = {English},
urldate = {2020-02-27}
}
(Ab)using bash-fu to analyze recent Aggah sample Agent Tesla |
2020-02-14 ⋅ Virus Bulletin ⋅ Aditya K. Sood @online{sood:20200214:lokibot:c4e5d9d,
author = {Aditya K. Sood},
title = {{LokiBot: dissecting the C&C panel deployments}},
date = {2020-02-14},
organization = {Virus Bulletin},
url = {https://www.virusbulletin.com/virusbulletin/2020/02/lokibot-dissecting-cc-panel-deployments/},
language = {English},
urldate = {2020-02-25}
}
LokiBot: dissecting the C&C panel deployments Loki Password Stealer (PWS) |
2020-02-06 ⋅ Prevailion ⋅ Danny Adamitis @online{adamitis:20200206:triune:ada8ad3,
author = {Danny Adamitis},
title = {{The Triune Threat: MasterMana Returns}},
date = {2020-02-06},
organization = {Prevailion},
url = {https://blog.prevailion.com/2020/02/the-triune-threat-mastermana-returns.html},
language = {English},
urldate = {2020-04-13}
}
The Triune Threat: MasterMana Returns Azorult Loki Password Stealer (PWS) |
2020-02-02 ⋅ Sophos Labs ⋅ Sean Gallagher, Markel Picado @online{gallagher:20200202:agent:81dd245,
author = {Sean Gallagher and Markel Picado},
title = {{Agent Tesla amps up information stealing attacks}},
date = {2020-02-02},
organization = {Sophos Labs},
url = {https://news.sophos.com/en-us/2021/02/02/agent-tesla-amps-up-information-stealing-attacks/},
language = {English},
urldate = {2021-02-04}
}
Agent Tesla amps up information stealing attacks Agent Tesla |
2020-01-19 ⋅ 360 ⋅ kate @online{kate:20200119:bayworld:2cc2212,
author = {kate},
title = {{BayWorld event, Cyber Attack Against Foreign Trade Industry}},
date = {2020-01-19},
organization = {360},
url = {https://blog.360totalsecurity.com/en/bayworld-event-cyber-attack-against-foreign-trade-industry/},
language = {English},
urldate = {2020-02-03}
}
BayWorld event, Cyber Attack Against Foreign Trade Industry Azorult Formbook Nanocore RAT Revenge RAT |
2020 ⋅ Secureworks ⋅ SecureWorks @online{secureworks:2020:gold:cf5f9e4,
author = {SecureWorks},
title = {{GOLD GALLEON}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/gold-galleon},
language = {English},
urldate = {2020-05-23}
}
GOLD GALLEON Agent Tesla HawkEye Keylogger Pony Predator The Thief |
2019-12-28 ⋅ Paul Burbage @online{burbage:20191228:tale:2e5f361,
author = {Paul Burbage},
title = {{The Tale of the Pija-Droid Firefinch}},
date = {2019-12-28},
url = {https://medium.com/@paul.k.burbage/the-tale-of-the-pija-droid-firefinch-4d304fde5ca2},
language = {English},
urldate = {2020-02-14}
}
The Tale of the Pija-Droid Firefinch Loki Password Stealer (PWS) |
2019-12-12 ⋅ FireEye ⋅ Chi-en Shen, Oleg Bondarenko @online{shen:20191212:cyber:e01baca,
author = {Chi-en Shen and Oleg Bondarenko},
title = {{Cyber Threat Landscape in Japan – Revealing Threat in the Shadow}},
date = {2019-12-12},
organization = {FireEye},
url = {https://www.slideshare.net/codeblue_jp/cb19-cyber-threat-landscape-in-japan-revealing-threat-in-the-shadow-by-chi-en-shen-ashley-oleg-bondarenko},
language = {English},
urldate = {2020-04-16}
}
Cyber Threat Landscape in Japan – Revealing Threat in the Shadow Cerberus TSCookie Cobalt Strike Dtrack Emotet Formbook IcedID Icefog IRONHALO Loki Password Stealer (PWS) PandaBanker PLEAD poisonplug TrickBot BlackTech |
2019-10-28 ⋅ Marco Ramilli's Blog ⋅ Marco Ramilli @online{ramilli:20191028:sweed:bce7adf,
author = {Marco Ramilli},
title = {{SWEED Targeting Precision Engineering Companies in Italy}},
date = {2019-10-28},
organization = {Marco Ramilli's Blog},
url = {https://marcoramilli.com/2019/10/28/sweed-targeting-precision-engineering-companies-in-italy/},
language = {English},
urldate = {2019-12-17}
}
SWEED Targeting Precision Engineering Companies in Italy Loki Password Stealer (PWS) |
2019-09-26 ⋅ Proofpoint ⋅ Bryan Campbell, Jeremy Hedges, Proofpoint Threat Insight Team @online{campbell:20190926:new:d228362,
author = {Bryan Campbell and Jeremy Hedges and Proofpoint Threat Insight Team},
title = {{New WhiteShadow downloader uses Microsoft SQL to retrieve malware}},
date = {2019-09-26},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/threat-insight/post/new-whiteshadow-downloader-uses-microsoft-sql-retrieve-malware},
language = {English},
urldate = {2020-02-26}
}
New WhiteShadow downloader uses Microsoft SQL to retrieve malware WhiteShadow Agent Tesla Azorult Crimson RAT Formbook Nanocore RAT NetWire RC NjRAT Remcos |
2019-08-10 ⋅ Check Point ⋅ Omer Gull @online{gull:20190810:select:56061b1,
author = {Omer Gull},
title = {{SELECT code_execution FROM * USING SQLite;}},
date = {2019-08-10},
organization = {Check Point},
url = {https://research.checkpoint.com/2019/select-code_execution-from-using-sqlite/},
language = {English},
urldate = {2020-02-09}
}
SELECT code_execution FROM * USING SQLite; Azorult Loki Password Stealer (PWS) Pony |
2019-07-15 ⋅ Cisco Talos ⋅ Edmund Brumaghin @online{brumaghin:20190715:sweed:9725699,
author = {Edmund Brumaghin},
title = {{SWEED: Exposing years of Agent Tesla campaigns}},
date = {2019-07-15},
organization = {Cisco Talos},
url = {https://blog.talosintelligence.com/2019/07/sweed-agent-tesla.html},
language = {English},
urldate = {2020-01-08}
}
SWEED: Exposing years of Agent Tesla campaigns Agent Tesla Formbook Loki Password Stealer (PWS) SWEED |
2019-06-12 ⋅ Cyberbit ⋅ Hod Gavriel @online{gavriel:20190612:formbook:8dc2df9,
author = {Hod Gavriel},
title = {{Formbook Research Hints Large Data Theft Attack Brewing}},
date = {2019-06-12},
organization = {Cyberbit},
url = {https://www.cyberbit.com/formbook-research-hints-large-data-theft-attack-brewing/},
language = {English},
urldate = {2020-08-21}
}
Formbook Research Hints Large Data Theft Attack Brewing Formbook |
2019-05-02 ⋅ Usual Suspect RE ⋅ Johann Aydinbas @online{aydinbas:20190502:formbook:d1ef715,
author = {Johann Aydinbas},
title = {{FormBook - Hiding in plain sight}},
date = {2019-05-02},
organization = {Usual Suspect RE},
url = {https://usualsuspect.re/article/formbook-hiding-in-plain-sight},
language = {English},
urldate = {2020-01-13}
}
FormBook - Hiding in plain sight Formbook |
2019-04-05 ⋅ Trustwave ⋅ Phil Hay, Rodel Mendrez @online{hay:20190405:spammed:82cb5e3,
author = {Phil Hay and Rodel Mendrez},
title = {{Spammed PNG file hides LokiBot}},
date = {2019-04-05},
organization = {Trustwave},
url = {https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/spammed-png-file-hides-lokibot/},
language = {English},
urldate = {2022-08-15}
}
Spammed PNG file hides LokiBot Loki Password Stealer (PWS) |
2019-01 ⋅ Virus Bulletin ⋅ Gabriela Nicolao @online{nicolao:201901:inside:a4c68f3,
author = {Gabriela Nicolao},
title = {{Inside Formbook infostealer}},
date = {2019-01},
organization = {Virus Bulletin},
url = {https://www.virusbulletin.com/virusbulletin/2019/01/vb2018-paper-inside-formbook-infostealer/},
language = {English},
urldate = {2019-12-18}
}
Inside Formbook infostealer Formbook |
2018-12-05 ⋅ Botconf ⋅ Rémi Jullian @techreport{jullian:20181205:formbook:40cf2ad,
author = {Rémi Jullian},
title = {{FORMBOOK In-depth malware analysis}},
date = {2018-12-05},
institution = {Botconf},
url = {https://www.botconf.eu/wp-content/uploads/2018/12/2018-R-Jullian-In-depth-Formbook-Malware-Analysis.pdf},
language = {English},
urldate = {2019-12-17}
}
FORMBOOK In-depth malware analysis Formbook |
2018-12-04 ⋅ Brad Duncan @online{duncan:20181204:malspam:8e2d810,
author = {Brad Duncan},
title = {{Malspam pushing Lokibot malware}},
date = {2018-12-04},
url = {https://isc.sans.edu/diary/24372},
language = {English},
urldate = {2019-10-29}
}
Malspam pushing Lokibot malware Loki Password Stealer (PWS) |
2018-11-01 ⋅ Peerlyst ⋅ Sudhendu @online{sudhendu:20181101:how:582221a,
author = {Sudhendu},
title = {{How to Analyse FormBook - A New Malware-as-a-Service}},
date = {2018-11-01},
organization = {Peerlyst},
url = {https://www.peerlyst.com/posts/how-to-analyse-formbook-a-new-malware-as-a-service-sudhendu?trk=explore_page_resources_recent},
language = {English},
urldate = {2019-12-17}
}
How to Analyse FormBook - A New Malware-as-a-Service Formbook |
2018-10-16 ⋅ Peerlyst ⋅ Sudhendu @online{sudhendu:20181016:how:8aa1eed,
author = {Sudhendu},
title = {{How to understand FormBook - A New Malware-as-a-Service}},
date = {2018-10-16},
organization = {Peerlyst},
url = {https://www.peerlyst.com/posts/how-to-understand-formbook-a-new-malware-as-a-service-sudhendu?},
language = {English},
urldate = {2020-01-09}
}
How to understand FormBook - A New Malware-as-a-Service Formbook |
2018-08-29 ⋅ Kaspersky Labs ⋅ Tatyana Shcherbakova @online{shcherbakova:20180829:loki:c239728,
author = {Tatyana Shcherbakova},
title = {{Loki Bot: On a hunt for corporate passwords}},
date = {2018-08-29},
organization = {Kaspersky Labs},
url = {https://securelist.com/loki-bot-stealing-corporate-passwords/87595/},
language = {English},
urldate = {2019-12-20}
}
Loki Bot: On a hunt for corporate passwords Loki Password Stealer (PWS) |
2018-08-02 ⋅ Palo Alto Networks Unit 42 ⋅ Robert Falcone, David Fuertes, Josh Grunzweig, Kyle Wilhoit @online{falcone:20180802:gorgon:06112b1,
author = {Robert Falcone and David Fuertes and Josh Grunzweig and Kyle Wilhoit},
title = {{The Gorgon Group: Slithering Between Nation State and Cybercrime}},
date = {2018-08-02},
organization = {Palo Alto Networks Unit 42},
url = {https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/},
language = {English},
urldate = {2019-12-20}
}
The Gorgon Group: Slithering Between Nation State and Cybercrime Loki Password Stealer (PWS) Nanocore RAT NjRAT Quasar RAT Remcos Revenge RAT |
2018-07-06 ⋅ Github (d00rt) ⋅ d00rt @techreport{d00rt:20180706:lokibot:6508667,
author = {d00rt},
title = {{LokiBot Infostealer Jihacked Version}},
date = {2018-07-06},
institution = {Github (d00rt)},
url = {https://github.com/d00rt/hijacked_lokibot_version/blob/master/doc/LokiBot_hijacked_2018.pdf},
language = {English},
urldate = {2020-01-10}
}
LokiBot Infostealer Jihacked Version Loki Password Stealer (PWS) |
2018-06-22 ⋅ InQuest ⋅ Aswanda @online{aswanda:20180622:formbook:ce3c98b,
author = {Aswanda},
title = {{FormBook stealer: Data theft made easy}},
date = {2018-06-22},
organization = {InQuest},
url = {http://blog.inquest.net/blog/2018/06/22/a-look-at-formbook-stealer/},
language = {English},
urldate = {2020-01-09}
}
FormBook stealer: Data theft made easy Formbook |
2018-06-20 ⋅ Cisco Talos ⋅ Warren Mercer, Paul Rascagnères @online{mercer:20180620:my:9c08115,
author = {Warren Mercer and Paul Rascagnères},
title = {{My Little FormBook}},
date = {2018-06-20},
organization = {Cisco Talos},
url = {https://blog.talosintelligence.com/2018/06/my-little-formbook.html},
language = {English},
urldate = {2020-01-06}
}
My Little FormBook Formbook |
2018-04-18 ⋅ Secureworks ⋅ Counter Threat Unit ResearchTeam @online{researchteam:20180418:gold:c342756,
author = {Counter Threat Unit ResearchTeam},
title = {{GOLD GALLEON: How a Nigerian Cyber Crew Plunders the Shipping Industry}},
date = {2018-04-18},
organization = {Secureworks},
url = {https://www.secureworks.com/research/gold-galleon-how-a-nigerian-cyber-crew-plunders-the-shipping-industry},
language = {English},
urldate = {2021-06-01}
}
GOLD GALLEON: How a Nigerian Cyber Crew Plunders the Shipping Industry Agent Tesla HawkEye Keylogger Pony GOLD GALLEON |
2018-04-05 ⋅ Fortinet ⋅ Xiaopeng Zhang @online{zhang:20180405:analysis:a048b77,
author = {Xiaopeng Zhang},
title = {{Analysis of New Agent Tesla Spyware Variant}},
date = {2018-04-05},
organization = {Fortinet},
url = {https://www.fortinet.com/blog/threat-research/analysis-of-new-agent-tesla-spyware-variant.html},
language = {English},
urldate = {2019-11-26}
}
Analysis of New Agent Tesla Spyware Variant Agent Tesla |
2018-03-29 ⋅ Stormshield ⋅ Rémi Jullian @online{jullian:20180329:indepth:badef63,
author = {Rémi Jullian},
title = {{In-depth Formbook malware analysis – Obfuscation and process injection}},
date = {2018-03-29},
organization = {Stormshield},
url = {https://thisissecurity.stormshield.com/2018/03/29/in-depth-formbook-malware-analysis-obfuscation-and-process-injection/},
language = {English},
urldate = {2020-01-10}
}
In-depth Formbook malware analysis – Obfuscation and process injection Formbook |
2018-01-29 ⋅ Vitali Kremez Blog ⋅ Vitali Kremez @online{kremez:20180129:lets:450880d,
author = {Vitali Kremez},
title = {{Let's Learn: Dissecting FormBook Infostealer Malware: Crypter & "RunLib.dll"}},
date = {2018-01-29},
organization = {Vitali Kremez Blog},
url = {http://www.vkremez.com/2018/01/lets-learn-dissecting-formbook.html},
language = {English},
urldate = {2020-01-10}
}
Let's Learn: Dissecting FormBook Infostealer Malware: Crypter & "RunLib.dll" Formbook |
2018-01-12 ⋅ Stormshield ⋅ Rémi Jullian @online{jullian:20180112:analyzing:572a942,
author = {Rémi Jullian},
title = {{Analyzing an Agent Tesla campaign: from a word document to the attacker credentials}},
date = {2018-01-12},
organization = {Stormshield},
url = {https://thisissecurity.stormshield.com/2018/01/12/agent-tesla-campaign/},
language = {English},
urldate = {2019-07-10}
}
Analyzing an Agent Tesla campaign: from a word document to the attacker credentials Agent Tesla |
2017-12-19 ⋅ Lastline ⋅ Andy Norton @online{norton:20171219:novel:2a852a7,
author = {Andy Norton},
title = {{Novel Excel Spreadsheet Attack Launches Password Stealing Malware Loki Bot}},
date = {2017-12-19},
organization = {Lastline},
url = {https://www.lastline.com/blog/password-stealing-malware-loki-bot/},
language = {English},
urldate = {2020-01-13}
}
Novel Excel Spreadsheet Attack Launches Password Stealing Malware Loki Bot Loki Password Stealer (PWS) |
2017-10-05 ⋅ FireEye ⋅ Nart Villeneuve, Randi Eitzman, Sandor Nemes, Tyler Dean @online{villeneuve:20171005:significant:0b91e49,
author = {Nart Villeneuve and Randi Eitzman and Sandor Nemes and Tyler Dean},
title = {{Significant FormBook Distribution Campaigns Impacting the U.S. and South Korea}},
date = {2017-10-05},
organization = {FireEye},
url = {https://www.fireeye.com/blog/threat-research/2017/10/formbook-malware-distribution-campaigns.html},
language = {English},
urldate = {2019-12-20}
}
Significant FormBook Distribution Campaigns Impacting the U.S. and South Korea Formbook |
2017-09-25 ⋅ Palo Alto Networks Unit 42 ⋅ Jeff White @online{white:20170925:analyzing:92167ce,
author = {Jeff White},
title = {{Analyzing the Various Layers of AgentTesla’s Packing}},
date = {2017-09-25},
organization = {Palo Alto Networks Unit 42},
url = {https://researchcenter.paloaltonetworks.com/2017/09/unit42-analyzing-various-layers-agentteslas-packing/},
language = {English},
urldate = {2019-12-20}
}
Analyzing the Various Layers of AgentTesla’s Packing Agent Tesla |
2017-09-20 ⋅ NetScout ⋅ Dennis Schwarz @online{schwarz:20170920:formidable:654d8e3,
author = {Dennis Schwarz},
title = {{The Formidable FormBook Form Grabber}},
date = {2017-09-20},
organization = {NetScout},
url = {https://www.arbornetworks.com/blog/asert/formidable-formbook-form-grabber/},
language = {English},
urldate = {2019-07-09}
}
The Formidable FormBook Form Grabber Formbook |
2017-06-28 ⋅ Fortinet ⋅ Xiaopeng Zhang @online{zhang:20170628:indepth:51d37ec,
author = {Xiaopeng Zhang},
title = {{In-Depth Analysis of A New Variant of .NET Malware AgentTesla}},
date = {2017-06-28},
organization = {Fortinet},
url = {https://blog.fortinet.com/2017/06/28/in-depth-analysis-of-net-malware-javaupdtr},
language = {English},
urldate = {2020-01-08}
}
In-Depth Analysis of A New Variant of .NET Malware AgentTesla Agent Tesla |
2017-06-22 ⋅ SANS Institute Information Security Reading Room ⋅ Rob Pantazopoulos @online{pantazopoulos:20170622:lokibot:cb24973,
author = {Rob Pantazopoulos},
title = {{Loki-Bot: InformationStealer, Keylogger, &More!}},
date = {2017-06-22},
organization = {SANS Institute Information Security Reading Room},
url = {https://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850},
language = {English},
urldate = {2019-07-11}
}
Loki-Bot: InformationStealer, Keylogger, &More! Loki Password Stealer (PWS) |
2017-05-17 ⋅ Fortinet ⋅ Xiaopeng Zhang, Hua Liu @online{zhang:20170517:new:15004ed,
author = {Xiaopeng Zhang and Hua Liu},
title = {{New Loki Variant Being Spread via PDF File}},
date = {2017-05-17},
organization = {Fortinet},
url = {https://blog.fortinet.com/2017/05/17/new-loki-variant-being-spread-via-pdf-file},
language = {English},
urldate = {2020-01-05}
}
New Loki Variant Being Spread via PDF File Loki Password Stealer (PWS) |
2017-05-07 ⋅ R3MRUM ⋅ R3MRUM @online{r3mrum:20170507:lokibot:5a6975d,
author = {R3MRUM},
title = {{Loki-Bot: Come out, come out, wherever you are!}},
date = {2017-05-07},
organization = {R3MRUM},
url = {https://r3mrum.wordpress.com/2017/05/07/loki-bot-atrifacts/},
language = {English},
urldate = {2020-01-12}
}
Loki-Bot: Come out, come out, wherever you are! Loki Password Stealer (PWS) |
2017-05-05 ⋅ Github (R3MRUM) ⋅ R3MRUM @online{r3mrum:20170505:lokiparse:c8a2916,
author = {R3MRUM},
title = {{loki-parse}},
date = {2017-05-05},
organization = {Github (R3MRUM)},
url = {https://github.com/R3MRUM/loki-parse},
language = {English},
urldate = {2019-11-29}
}
loki-parse Loki Password Stealer (PWS) |
2017-03-23 ⋅ Cofense ⋅ Cofense @online{cofense:20170323:tales:cbdee9a,
author = {Cofense},
title = {{Tales from the Trenches: Loki Bot Malware}},
date = {2017-03-23},
organization = {Cofense},
url = {https://phishme.com/loki-bot-malware/},
language = {English},
urldate = {2019-12-02}
}
Tales from the Trenches: Loki Bot Malware Loki Password Stealer (PWS) |
2017-02-16 ⋅ Cysinfo ⋅ Winston M @online{m:20170216:nefarious:a0ed57b,
author = {Winston M},
title = {{Nefarious Macro Malware drops “Loki Bot” to steal sensitive information across GCC countries!}},
date = {2017-02-16},
organization = {Cysinfo},
url = {https://cysinfo.com/nefarious-macro-malware-drops-loki-bot-across-gcc-countries/},
language = {English},
urldate = {2019-10-23}
}
Nefarious Macro Malware drops “Loki Bot” to steal sensitive information across GCC countries! Loki Password Stealer (PWS) |
2016-08 ⋅ Zscaler ⋅ Deepen Desai @online{desai:201608:agent:d527844,
author = {Deepen Desai},
title = {{Agent Tesla Keylogger delivered using cybersquatting}},
date = {2016-08},
organization = {Zscaler},
url = {https://www.zscaler.com/blogs/research/agent-tesla-keylogger-delivered-using-cybersquatting},
language = {English},
urldate = {2019-11-26}
}
Agent Tesla Keylogger delivered using cybersquatting Agent Tesla |
2016-06 ⋅ Safety First Blog ⋅ SL4ID3R @online{sl4id3r:201606:form:53a7823,
author = {SL4ID3R},
title = {{Form Grabber 2016 [Crome,FF,Opera,Thunderbird, Outlook IE Safari] Hack the world}},
date = {2016-06},
organization = {Safety First Blog},
url = {http://cambuz.blogspot.de/2016/06/form-grabber-2016-cromeffoperathunderbi.html},
language = {English},
urldate = {2019-11-26}
}
Form Grabber 2016 [Crome,FF,Opera,Thunderbird, Outlook IE Safari] Hack the world Formbook |