| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Unit 42 researchers have been tracking Subaat, an attacker, since 2017. Recently Subaat drew our attention due to renewed targeted attack activity. Part of monitoring Subaat included realizing the actor was possibly part of a larger crew of individuals responsible for carrying out targeted attacks against worldwide governmental organizations. Technical analysis on some of the attacks as well as attribution links with Pakistan actors have been already depicted by 360 and Tuisec, in which they found interesting connections to a larger group of attackers Unit 42 researchers have been tracking, which we are calling Gorgon Group.
| 2024-12-02
⋅
Medium b.magnezi
⋅
LokiBot Malware Analysis Loki Password Stealer (PWS) |
| 2024-11-08
⋅
Fortinet
⋅
New Campaign Uses Remcos RAT to Exploit Victims Remcos |
| 2024-11-07
⋅
Logpoint
⋅
Hiding in Plain Sight: The Subtle Art of Loki Malware’s Obfuscation Loki Password Stealer (PWS) |
| 2024-09-04
⋅
ANY.RUN
⋅
AZORult Malware: Technical Analysis Azorult |
| 2024-09-03
⋅
Twitter (@embee_research)
⋅
Advanced Cyberchef Techniques - Defeating Nanocore Obfuscation With Math and Flow Control Nanocore RAT |
| 2024-08-09
⋅
BreachNova
⋅
Full analysis on NJRAT NjRAT |
| 2024-07-29
⋅
loginsoft
⋅
Blue Screen Mayhem: When CrowdStrike's Glitch Became Threat Actor's Playground Daolpu HijackLoader Remcos |
| 2024-07-09
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update January to June 2024 Coper FluBot Hook Bashlite Mirai FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc NjRAT QakBot Quasar RAT RedLine Stealer Remcos Rhadamanthys RisePro Sliver |
| 2024-06-06
⋅
Medium b.magnezi
⋅
Remcos RAT Analysis Remcos |
| 2024-05-14
⋅
Check Point Research
⋅
Foxit PDF “Flawed Design” Exploitation Rafel RAT Agent Tesla AsyncRAT DCRat DONOT Nanocore RAT NjRAT Pony Remcos Venom RAT XWorm |
| 2024-05-10
⋅
Elastic
⋅
Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware, Part Four Remcos |
| 2024-05-03
⋅
Elastic
⋅
Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware, Part Three Remcos |
| 2024-04-30
⋅
Elastic
⋅
Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware, Part Two Remcos |
| 2024-04-24
⋅
Elastic
⋅
Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware, Part One Remcos |
| 2024-04-15
⋅
Positive Technologies
⋅
SteganoAmor campaign: TA558 mass-attacking companies and public institutions all around the world LokiBot 404 Keylogger Agent Tesla CloudEyE Formbook Remcos XWorm |
| 2024-04-11
⋅
Github (jeFF0Falltrades)
⋅
Rat King Configuration Parser AsyncRAT DCRat Quasar RAT Venom RAT |
| 2024-03-26
⋅
K7 Security
⋅
Unknown TTPs of Remcos RAT Remcos |
| 2024-03-19
⋅
Medium b.magnezi
⋅
Malware Analysis NjRat NjRAT |
| 2024-02-28
⋅
Security Intelligence
⋅
X-Force data reveals top spam trends, campaigns and senior superlatives in 2023 404 Keylogger Agent Tesla Black Basta DarkGate Formbook IcedID Loki Password Stealer (PWS) Pikabot QakBot Remcos |
| 2024-02-21
⋅
Medium b.magnezi
⋅
Malware Analysis — Remcos RAT Remcos |
| 2024-01-25
⋅
JSAC 2024
⋅
Threat Intelligence of Abused Public Post-Exploitation Frameworks AsyncRAT DCRat Empire Downloader GRUNT Havoc Koadic Merlin PoshC2 Quasar RAT Sliver |
| 2024-01-15
⋅
DFIR.ch
⋅
Hunting AsyncRAT & QuasarRAT AsyncRAT Quasar RAT |
| 2024-01-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q4 2023 FluBot Hook FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc IcedID Lumma Stealer Meterpreter NjRAT Pikabot QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver |
| 2024-01-12
⋅
cyble
⋅
Sneaky Azorult Back in Action and Goes Undetected Azorult |
| 2024-01-08
⋅
YouTube (Embee Research)
⋅
Malware Analysis - Powershell decoding and .NET C2 Extraction (Quasar RAT) Quasar RAT |
| 2024-01-03
⋅
Uptycs
⋅
Ukraine Targeted by UAC-0050 Using Remcos RAT Pipe Method for Evasion Remcos |
| 2023-12-07
⋅
⋅
Cert-UA
⋅
UAC-0050 mass cyberattack using RemcosRAT/MeduzaStealer against Ukraine and Poland (CERT-UA#8218) Meduza Stealer Remcos |
| 2023-11-23
⋅
Infosec Writeups
⋅
Malware analysis Remcos RAT- 4.9.2 Pro Remcos |
| 2023-11-22
⋅
Twitter (@embee_research)
⋅
Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples) BianLian Xtreme RAT NjRAT QakBot RedLine Stealer Remcos |
| 2023-11-21
⋅
Medium infoSec Write-ups
⋅
Unmasking NJRat: A Deep Dive into a Notorious Remote Access Trojan Part1 NjRAT |
| 2023-11-14
⋅
SOC Prime
⋅
Remcos RAT Detection: UAC-0050 Hackers Launch Phishing Attacks Impersonating the Security Service of Ukraine Remcos UAC-0050 |
| 2023-10-27
⋅
Twitter (@embee_research)
⋅
Remcos Downloader Analysis - Manual Deobfuscation of Visual Basic and Powershell Remcos |
| 2023-10-21
⋅
Infosec Writeups
⋅
Malware analysis NJ RAT 0.7NC & 0.6.4 NjRAT |
| 2023-10-12
⋅
Cluster25
⋅
CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations Agent Tesla Crimson RAT Nanocore RAT SmokeLoader |
| 2023-10-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q3 2023 FluBot AsyncRAT Ave Maria Cobalt Strike DCRat Havoc IcedID ISFB Nanocore RAT NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Stealc Tofsee Vidar |
| 2023-10-05
⋅
Twitter (@embee_research)
⋅
Introduction to DotNet Configuration Extraction - RevengeRAT Revenge RAT |
| 2023-09-21
⋅
Medium shaddy43
⋅
Secrets of commercial RATs! NanoCore dissected Nanocore RAT |
| 2023-09-19
⋅
Checkpoint
⋅
Unveiling the Shadows: The Dark Alliance between GuLoader and Remcos CloudEyE Remcos |
| 2023-09-08
⋅
Uncovering DDGroup — A long-time threat actor AsyncRAT Ave Maria BitRAT DBatLoader NetWire RC Quasar RAT XWorm |
| 2023-07-12
⋅
Fortinet
⋅
LokiBot Campaign Targets Microsoft Office Document Using Vulnerabilities and Macros Loki Password Stealer (PWS) |
| 2023-07-11
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q2 2023 Hydra AsyncRAT Aurora Stealer Ave Maria BumbleBee Cobalt Strike DCRat Havoc IcedID ISFB NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee |
| 2023-07-08
⋅
CloudEyE — From .lnk to Shellcode CloudEyE Remcos |
| 2023-06-08
⋅
Twitter (@embee_research)
⋅
Practical Queries for Identifying Malware Infrastructure: An informal page for storing Censys/Shodan queries Amadey AsyncRAT Cobalt Strike QakBot Quasar RAT Sliver solarmarker |
| 2023-05-16
⋅
CyberRaiju
⋅
Remcos RAT - Malware Analysis Lab Remcos |
| 2023-05-15
⋅
embeeresearch
⋅
Quasar Rat Analysis - Identification of 64 Quasar Servers Using Shodan and Censys Quasar RAT |
| 2023-04-13
⋅
OALabs
⋅
Quasar Chaos: Open Source Ransomware Meets Open Source RAT Chaos Quasar RAT |
| 2023-04-13
⋅
Microsoft
⋅
Threat actors strive to cause Tax Day headaches CloudEyE Remcos |
| 2023-04-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q1 2023 FluBot Amadey AsyncRAT Aurora Ave Maria BumbleBee Cobalt Strike DCRat Emotet IcedID ISFB NjRAT QakBot RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee Vidar |
| 2023-04-10
⋅
Check Point
⋅
March 2023’s Most Wanted Malware: New Emotet Campaign Bypasses Microsoft Blocks to Distribute Malicious OneNote Files Agent Tesla CloudEyE Emotet Formbook Nanocore RAT NjRAT QakBot Remcos Tofsee |
| 2023-03-30
⋅
loginsoft
⋅
From Innocence to Malice: The OneNote Malware Campaign Uncovered Agent Tesla AsyncRAT DOUBLEBACK Emotet Formbook IcedID NetWire RC QakBot Quasar RAT RedLine Stealer XWorm |
| 2023-03-27
⋅
Zscaler
⋅
DBatLoader: Actively Distributing Malwares Targeting European Businesses DBatLoader Remcos |
| 2023-03-16
⋅
Trend Micro
⋅
IPFS: A New Data Frontier or a New Cybercriminal Hideout? Agent Tesla Formbook RedLine Stealer Remcos |
| 2023-03-15
⋅
Lab52
⋅
APT-C-36: from NjRAT to LimeRAT AsyncRAT NjRAT |
| 2023-02-24
⋅
Zscaler
⋅
Snip3 Crypter Reveals New TTPs Over Time DCRat Quasar RAT |
| 2023-02-22
⋅
SOC Prime
⋅
New Phishing Attack Detection Attributed to the UAC-0050 and UAC-0096 Groups Spreading Remcos Spyware Remcos UAC-0050 |
| 2023-02-21
⋅
⋅
Cert-UA
⋅
Cyber attack of the group UAC-0050 (UAC-0096) using the Remcos program (CERT-UA#6011) Remcos UAC-0050 |
| 2023-02-06
⋅
⋅
Cert-UA
⋅
UAC-0050 cyber attack against the state bodies of Ukraine using the program for remote control and surveillance Remcos (CERT-UA#5926) Remcos UAC-0050 |
| 2023-02-03
⋅
Cloudsek
⋅
Threat Actors Abuse AI-Generated Youtube Videos to Spread Stealer Malware Alfonso Stealer Bandit Stealer Cameleon Fabookie Lumma Stealer Nanocore RAT Panda Stealer RecordBreaker RedLine Stealer Stealc STOP Vidar zgRAT |
| 2023-01-30
⋅
Checkpoint
⋅
Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted Malware Agent Tesla Azorult Buer Cerber Cobalt Strike Emotet Formbook HawkEye Keylogger Loki Password Stealer (PWS) Maze NetWire RC Remcos REvil TrickBot |
| 2023-01-24
⋅
Trellix
⋅
Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity Andromeda Formbook Houdini Remcos |
| 2023-01-17
⋅
Trend Micro
⋅
Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures NjRAT |
| 2023-01-09
⋅
YouTube (Embee Research)
⋅
Malware Analysis - VBS Decoding With Cyberchef (Nanocore Loader) Nanocore RAT |
| 2023-01-05
⋅
Symantec
⋅
Bluebottle: Campaign Hits Banks in French-speaking Countries in Africa CloudEyE Cobalt Strike MimiKatz NetWire RC POORTRY Quasar RAT BlueBottle |
| 2022-12-24
⋅
di.sclosu.re
⋅
njRAT malware spreading through Discord CDN and Facebook Ads NjRAT |
| 2022-11-21
⋅
Malwarebytes
⋅
2022-11-21 Threat Intel Report 404 Keylogger Agent Tesla Formbook Hive Remcos |
| 2022-10-13
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q3 2022 FluBot Arkei Stealer AsyncRAT Ave Maria BumbleBee Cobalt Strike DCRat Dridex Emotet Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT QakBot RecordBreaker RedLine Stealer Remcos Socelars Tofsee Vjw0rm |
| 2022-09-22
⋅
Morphisec
⋅
Watch Out For The New NFT-001 Eternity Stealer Remcos |
| 2022-09-13
⋅
Symantec
⋅
New Wave of Espionage Activity Targets Asian Governments MimiKatz PlugX Quasar RAT ShadowPad Trochilus RAT |
| 2022-08-30
⋅
Medium the_abjuri5t
⋅
NanoCore RAT Hunting Guide Nanocore RAT |
| 2022-08-29
⋅
Soc Investigation
⋅
Remcos RAT New TTPS - Detection & Response Remcos |
| 2022-08-25
⋅
splunk
⋅
AppLocker Rules as Defense Evasion: Complete Analysis Azorult |
| 2022-08-21
⋅
Perception Point
⋅
Behind the Attack: Remcos RAT Remcos |
| 2022-08-18
⋅
Sophos
⋅
Cookie stealing: the new perimeter bypass Cobalt Strike Meterpreter MimiKatz Phoenix Keylogger Quasar RAT |
| 2022-08-18
⋅
Proofpoint
⋅
Reservations Requested: TA558 Targets Hospitality and Travel AsyncRAT Loda NjRAT Ozone RAT Revenge RAT Vjw0rm |
| 2022-08-17
⋅
⋅
360
⋅
Kasablanka organizes attacks against political groups and non-profit organizations in the Middle East SpyNote Loda Nanocore RAT NjRAT |
| 2022-08-17
⋅
Secureworks
⋅
DarkTortilla Malware Analysis Agent Tesla AsyncRAT Cobalt Strike DarkTortilla Nanocore RAT RedLine Stealer |
| 2022-08-12
⋅
Brandefense
⋅
Mythic Leopard APT Group Crimson RAT DarkComet NjRAT Oblique RAT Peppy RAT |
| 2022-08-08
⋅
Medium CSIS Techblog
⋅
An inside view of domain anonymization as-a-service — the BraZZZerSFF infrastructure Riltok magecart Anubis Azorult BetaBot Buer CoalaBot CryptBot DiamondFox DreamBot GCleaner ISFB Loki Password Stealer (PWS) MedusaLocker MeguminTrojan Nemty PsiX RedLine Stealer SmokeLoader STOP TinyNuke Vidar Zloader |
| 2022-08-05
⋅
0xIvan
⋅
LokiBot Analysis Loki Password Stealer (PWS) |
| 2022-08-04
⋅
ConnectWise
⋅
Formbook and Remcos Backdoor RAT by ConnectWise CRU Formbook Remcos |
| 2022-08-02
⋅
Recorded Future
⋅
Initial Access Brokers Are Key to Rise in Ransomware Attacks Azorult BlackMatter Conti Mars Stealer Raccoon RedLine Stealer Taurus Stealer Vidar |
| 2022-07-29
⋅
Qualys
⋅
New Qualys Research Report: Evolution of Quasar RAT Quasar RAT |
| 2022-07-27
⋅
Qualys
⋅
Stealthy Quasar Evolving to Lead the RAT Race Quasar RAT |
| 2022-07-20
⋅
Sophos
⋅
OODA: X-Ops Takes On Burgeoning SQL Server Attacks Maoloa Remcos TargetCompany |
| 2022-07-18
⋅
Palo Alto Networks Unit 42
⋅
Pasty Gemini The Gorgon Group |
| 2022-07-13
⋅
Weixin
⋅
Confucius: The Angler Hidden Under CloudFlare Quasar RAT |
| 2022-07-13
⋅
KELA
⋅
The Next Generation of Info Stealers Arkei Stealer Azorult BlackGuard Eternity Stealer Ginzo Stealer Mars Stealer MetaStealer Raccoon RedLine Stealer Vidar |
| 2022-06-30
⋅
CYBER GEEKS All Things Infosec
⋅
How to Expose a Potential Cybercriminal due to Misconfigurations Loki Password Stealer (PWS) |
| 2022-06-30
⋅
Cyber Geeks (CyberMasterV)
⋅
How to Expose a Potential Cybercriminal due to Misconfigurations Loki Password Stealer (PWS) |
| 2022-06-23
⋅
Secureworks
⋅
BRONZE STARLIGHT Ransomware Operations Use HUI Loader ATOMSILO Cobalt Strike HUI Loader LockFile NightSky Pandora PlugX Quasar RAT Rook SodaMaster BRONZE STARLIGHT |
| 2022-06-02
⋅
FortiGuard Labs
⋅
Threat Actors Prey on Eager Travelers AsyncRAT NetWire RC Quasar RAT |
| 2022-05-19
⋅
Blackberry
⋅
.NET Stubs: Sowing the Seeds of Discord Agent Tesla Quasar RAT WhisperGate |
| 2022-05-19
⋅
Blackberry
⋅
.NET Stubs: Sowing the Seeds of Discord (PureCrypter) Aberebot AbstractEmu AdoBot 404 Keylogger Agent Tesla Amadey AsyncRAT Ave Maria BitRAT BluStealer Formbook LimeRAT Loki Password Stealer (PWS) Nanocore RAT Orcus RAT Quasar RAT Raccoon RedLine Stealer WhisperGate |
| 2022-05-16
⋅
JPCERT/CC
⋅
Analysis of HUI Loader HUI Loader PlugX Poison Ivy Quasar RAT |
| 2022-05-12
⋅
Morphisec
⋅
New SYK Crypter Distributed Via Discord AsyncRAT Ave Maria Nanocore RAT NjRAT Quasar RAT RedLine Stealer |
| 2022-05-10
⋅
Checkpoint
⋅
Info-stealer Campaign targets German Car Dealerships and Manufacturers Azorult BitRAT Raccoon |
| 2022-05-09
⋅
Blackberry
⋅
Dirty Deeds Done Dirt Cheap: Russian RAT Offers Backdoor Bargains DCRat NjRAT |
| 2022-05-05
⋅
Github (muha2xmad)
⋅
Analysis of MS Word to drop Remcos RAT | VBA extraction and analysis | IoCs Remcos |
| 2022-04-27
⋅
Trendmicro
⋅
IOCs for Earth Berberoka - Windows AsyncRAT Cobalt Strike PlugX Quasar RAT Earth Berberoka |
| 2022-04-27
⋅
Trend Micro
⋅
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware HelloBot AsyncRAT Ghost RAT HelloBot PlugX Quasar RAT Earth Berberoka |
| 2022-04-27
⋅
Trendmicro
⋅
Operation Gambling Puppet reptile oRAT AsyncRAT Cobalt Strike DCRat Ghost RAT PlugX Quasar RAT Trochilus RAT Earth Berberoka |
| 2022-04-26
⋅
Trend Micro
⋅
How Cybercriminals Abuse Cloud Tunneling Services AsyncRAT Cobalt Strike DarkComet Meterpreter Nanocore RAT |
| 2022-04-17
⋅
Malcat
⋅
Reversing a NSIS dropper using quick and dirty shellcode emulation Loki Password Stealer (PWS) |
| 2022-04-15
⋅
Center for Internet Security
⋅
Top 10 Malware March 2022 Mirai Shlayer Agent Tesla Ghost RAT Nanocore RAT SectopRAT solarmarker Zeus |
| 2022-04-12
⋅
HP
⋅
Malware Campaigns Targeting African Banking Sector CloudEyE Remcos |
| 2022-04-07
⋅
Perception Point
⋅
Revenge RAT Malware is back: From Microsoft Excel macros to Remote Access Trojan Revenge RAT |
| 2022-04-06
⋅
Fortinet
⋅
The Latest Remcos RAT Driven By Phishing Campaign Remcos |
| 2022-03-30
⋅
Morphisec
⋅
New Wave Of Remcos RAT Phishing Campaign Remcos |
| 2022-03-27
⋅
Medium M3H51N
⋅
Malware Analysis — NanoCore Rat Nanocore RAT |
| 2022-03-25
⋅
Trustwave
⋅
Cyber Attackers Leverage Russia-Ukraine Conflict in Multiple Spam Campaigns Remcos |
| 2022-03-24
⋅
Lab52
⋅
Another cyber espionage campaign in the Russia-Ukrainian ongoing cyber attacks Quasar RAT |
| 2022-03-23
⋅
⋅
EcuCert
⋅
APT-C-36 Advanced Persistent Threat Campaign Could be present in Ecuador NjRAT APT-C-36 |
| 2022-03-09
⋅
Lab52
⋅
Very very lazy Lazyscripter’s scripts: double compromise in a single obfuscation NjRAT |
| 2022-03-07
⋅
⋅
LAC WATCH
⋅
I CAN'T HEAR YOU NOW! INTERNAL BEHAVIOR OF INFORMATION-STEALING MALWARE AND JSOC DETECTION TRENDS Xloader Agent Tesla Formbook Loki Password Stealer (PWS) |
| 2022-03-07
⋅
ASEC
⋅
Distribution of Remcos RAT Disguised as Tax Invoice Remcos |
| 2022-03-05
⋅
Bleeping Computer
⋅
Malware now using NVIDIA's stolen code signing certificates Quasar RAT |
| 2022-03-04
⋅
Bitdefender
⋅
Bitdefender Labs Sees Increased Malicious and Scam Activity Exploiting the War in Ukraine Agent Tesla Remcos |
| 2022-03-04
⋅
Bleeping Computer
⋅
Russia-Ukraine war exploited as lure for malware distribution Agent Tesla Remcos |
| 2022-03-01
⋅
VirusTotal
⋅
VirusTotal's 2021 Malware Trends Report Anubis AsyncRAT BlackMatter Cobalt Strike DanaBot Dridex Khonsari MimiKatz Mirai Nanocore RAT Orcus RAT |
| 2022-02-28
⋅
⋅
ASEC
⋅
Remcos RAT malware disseminated by pretending to be tax invoices Remcos |
| 2022-02-22
⋅
China Implicated in Prolonged Supply Chain Attack Targeting Taiwan Financial Sector Quasar RAT |
| 2022-02-21
⋅
⋅
CyCraft
⋅
An in-depth analysis of the Operation Cache Panda organized supply chain attack on Taiwan's financial industry Quasar RAT |
| 2022-02-21
⋅
The Record
⋅
Chinese hackers linked to months-long attack on Taiwanese financial sector Quasar RAT |
| 2022-02-18
⋅
SANS ISC
⋅
Remcos RAT Delivered Through Double Compressed Archive Remcos |
| 2022-02-14
⋅
Morphisec
⋅
Journey of a Crypto Scammer - NFT-001 AsyncRAT BitRAT Remcos |
| 2022-02-11
⋅
blog.rootshell.be
⋅
[SANS ISC] CinaRAT Delivered Through HTML ID Attributes Quasar RAT |
| 2022-02-11
⋅
Cisco Talos
⋅
Threat Roundup for February 4 to February 11 DarkComet Ghost RAT Loki Password Stealer (PWS) Tinba Tofsee Zeus |
| 2022-02-08
⋅
ASEC
⋅
Distribution of Kimsuky Group’s xRAT (Quasar RAT) Confirmed GoldDragon Quasar RAT |
| 2022-02-08
⋅
Intel 471
⋅
PrivateLoader: The first step in many malware schemes Dridex Kronos LockBit Nanocore RAT NjRAT PrivateLoader Quasar RAT RedLine Stealer Remcos SmokeLoader STOP Tofsee TrickBot Vidar |
| 2022-02-08
⋅
RevengeRAT Analysis Revenge RAT |
| 2022-02-08
⋅
Remcos Analysis Remcos |
| 2022-02-07
⋅
RiskIQ
⋅
RiskIQ: Malicious Infrastructure Connected to Particular Windows Host Certificates AsyncRAT BitRAT Nanocore RAT |
| 2022-02-03
⋅
forensicitguy
⋅
njRAT Installed from a MSI NjRAT |
| 2022-01-28
⋅
Atomic Matryoshka
⋅
Malware Headliners: LokiBot Loki Password Stealer (PWS) |
| 2022-01-28
⋅
eSentire
⋅
Remcos RAT Remcos |
| 2022-01-13
⋅
muha2xmad
⋅
Unpacking Remcos malware Remcos |
| 2022-01-12
⋅
Cyber And Ramen blog
⋅
Analysis of njRAT PowerPoint Macros NjRAT |
| 2022-01-12
⋅
Cisco
⋅
Nanocore, Netwire and AsyncRAT spreading campaign uses public cloud infrastructure AsyncRAT Nanocore RAT NetWire RC |
| 2022-01-10
⋅
splunk
⋅
Detecting Malware Script Loaders using Remcos: Threat Research Release December 2021 Remcos |
| 2022-01-08
⋅
Bleeping Computer
⋅
Trojanized dnSpy app drops malware cocktail on researchers, devs Quasar RAT |
| 2022-01-02
⋅
Medium amgedwageh
⋅
Automating The Analysis Of An AutoIT Script That Wraps A Remcos RAT Remcos |
| 2021-12-14
⋅
Trend Micro
⋅
Collecting In the Dark: Tropic Trooper Targets Transportation and Government ChiserClient Ghost RAT Lilith Quasar RAT xPack APT23 |
| 2021-12-13
⋅
RiskIQ
⋅
RiskIQ: Connections between Nanocore, Netwire, and AsyncRAT and Vjw0rm dynamic DNS C2 infrastructure AsyncRAT Nanocore RAT NetWire RC Vjw0rm |
| 2021-12-02
⋅
Cisco
⋅
Magnat campaigns use malvertising to deliver information stealer, backdoor and malicious Chrome extension Azorult RedLine Stealer |
| 2021-11-30
⋅
CYBER GEEKS All Things Infosec
⋅
Just another analysis of the njRAT malware – A step-by-step approach NjRAT |
| 2021-11-29
⋅
Trend Micro
⋅
Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites AsyncRAT Azorult Nanocore RAT NjRAT RedLine Stealer Remcos |
| 2021-11-23
⋅
HP
⋅
RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild AdWind Ratty STRRAT CloudEyE Formbook Houdini Panda Stealer Remcos |
| 2021-11-23
⋅
Morphisec
⋅
Babadeda Crypter targeting crypto, NFT, and DeFi communities Babadeda BitRAT LockBit Remcos |
| 2021-11-17
⋅
Infoblox
⋅
Deep Analysis of a Recent Lokibot Attack Loki Password Stealer (PWS) |
| 2021-11-11
⋅
Microsoft
⋅
HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks AsyncRAT Mekotio NjRAT |
| 2021-11-11
⋅
splunk
⋅
FIN7 Tools Resurface in the Field – Splinter or Copycat? JSSLoader Remcos |
| 2021-10-27
⋅
Proofpoint
⋅
New Threat Actor Spoofs Philippine Government, COVID-19 Health Data in Widespread RAT Campaigns Nanocore RAT Remcos TA2722 |
| 2021-10-26
⋅
Kaspersky
⋅
APT attacks on industrial organizations in H1 2021 8.t Dropper AllaKore AsyncRAT GoldMax LimeRAT NjRAT NoxPlayer Raindrop ReverseRAT ShadowPad Zebrocy |
| 2021-10-19
⋅
Cisco Talos
⋅
Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India DCRat Quasar RAT |
| 2021-10-15
⋅
ESET Research
⋅
Tweet on a malicious campaign targeting governmental and education entities in Colombia using multiple stages to drop AsyncRAT or njRAT Keylogger on their victims AsyncRAT NjRAT |
| 2021-10-06
⋅
zimperium
⋅
Malware Distribution with Mana Tools Agent Tesla Azorult |
| 2021-10-06
⋅
ESET Research
⋅
To the moon and hack: Fake SafeMoon app drops malware to spy on you Remcos |
| 2021-10-01
⋅
HP
⋅
Threat Insights Report Q3 - 2021 STRRAT CloudEyE NetWire RC Remcos TrickBot Vjw0rm |
| 2021-09-20
⋅
Trend Micro
⋅
Water Basilisk Uses New HCrypt Variant to Flood Victims with RAT Payloads Ave Maria BitRAT LimeRAT Nanocore RAT NjRAT Quasar RAT |
| 2021-09-16
⋅
Cisco
⋅
Operation Layover: How we tracked an attack on the aviation industry to five years of compromise AsyncRAT Houdini NjRAT |
| 2021-09-15
⋅
Telsy
⋅
REMCOS and Agent Tesla loaded into memory with Rezer0 loader Agent Tesla Remcos |
| 2021-09-13
⋅
Trend Micro
⋅
APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs AsyncRAT Ave Maria BitRAT Imminent Monitor RAT LimeRAT NjRAT Remcos |
| 2021-09-13
⋅
Trend Micro
⋅
APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs (IOCs) AsyncRAT Ave Maria BitRAT Imminent Monitor RAT LimeRAT NjRAT Remcos |
| 2021-09-08
⋅
RiskIQ
⋅
Bulletproof Hosting Services: Investigating Flowspec Azorult Glupteba |
| 2021-09-06
⋅
cocomelonc
⋅
AV engines evasion for C++ simple malware: part 2 Agent Tesla Amadey Anchor AnchorMTea Carbanak Carberp Cardinal RAT Felixroot Konni Loki Password Stealer (PWS) Maze |
| 2021-09-04
⋅
cocomelonc
⋅
AV engines evasion for C++ simple malware: part 1 4h_rat Azorult BADCALL BadNews BazarBackdoor Cardinal RAT |
| 2021-09-03
⋅
Trend Micro
⋅
The State of SSL/TLS Certificate Usage in Malware C&C Communications AdWind ostap AsyncRAT BazarBackdoor BitRAT Buer Chthonic CloudEyE Cobalt Strike DCRat Dridex FindPOS GootKit Gozi IcedID ISFB Nanocore RAT Orcus RAT PandaBanker Qadars QakBot Quasar RAT Rockloader ServHelper Shifu SManager TorrentLocker TrickBot Vawtrak Zeus Zloader |
| 2021-08-25
⋅
Trend Micro
⋅
New Campaign Sees LokiBot Delivered Via Multiple Methods Loki Password Stealer (PWS) |
| 2021-08-23
⋅
YouTube ( DuMp-GuY TrIcKsTeR)
⋅
[2] Lokibot analyzing - spoofing GULoader and LokiBot C2 [part2] - INetSim + BurpSuite CloudEyE Loki Password Stealer (PWS) |
| 2021-08-19
⋅
Talos
⋅
Malicious Campaign Targets Latin America: The seller, The operator and a curious link AsyncRAT NjRAT |
| 2021-08-18
⋅
AhnLab
⋅
Infostealer Malware Azorult Being Distributed Through Spam Mails Azorult |
| 2021-08-16
⋅
Malcat
⋅
Statically unpacking a simple .NET dropper Loki Password Stealer (PWS) |
| 2021-08-04
⋅
⋅
ASEC
⋅
S/W Download Camouflage, Spreading Various Kinds of Malware Raccoon RedLine Stealer Remcos Vidar |
| 2021-07-30
⋅
Menlo Security
⋅
ISOMorph Infection: In-Depth Analysis of a New HTML Smuggling Campaign AsyncRAT NjRAT |
| 2021-07-27
⋅
Blackberry
⋅
Old Dogs New Tricks: Attackers Adopt Exotic Programming Languages elf.wellmess ElectroRAT BazarNimrod Buer Cobalt Strike Remcos Snake TeleBot WellMess Zebrocy |
| 2021-07-19
⋅
Malwarebytes
⋅
Remcos RAT delivered via Visual Basic Remcos |
| 2021-07-12
⋅
IBM
⋅
RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation 404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos |
| 2021-07-12
⋅
Cipher Tech Solutions
⋅
RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation 404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos |
| 2021-07-09
⋅
Seqrite
⋅
Seqrite uncovers second wave of Operation SideCopy targeting Indian critical infrastructure PSUs NjRAT ReverseRAT |
| 2021-07-07
⋅
Talos
⋅
InSideCopy: How this APT continues to evolve its arsenal AllaKore Lilith NjRAT |
| 2021-07-07
⋅
YouTube ( DuMp-GuY TrIcKsTeR)
⋅
[2] Lokibot analyzing - spoofing GULoader and LokiBot C2 [part1] - Own implementation in Python CloudEyE Loki Password Stealer (PWS) |
| 2021-07-07
⋅
Talos
⋅
InSideCopy: How this APT continues to evolve its arsenal (Network IOCs) AllaKore Lilith NjRAT |
| 2021-07-07
⋅
Talos
⋅
InSideCopy: How this APT continues to evolve its arsenal (IOCs) AllaKore Lilith NjRAT |
| 2021-07-07
⋅
Talos Intelligence
⋅
InSideCopy: How this APT continues to evolve its arsenal AllaKore NjRAT SideCopy |
| 2021-07-06
⋅
YouTube ( DuMp-GuY TrIcKsTeR)
⋅
[1] Lokibot analyzing - defeating GuLoader with Windbg (Kernel debugging) and Live C2 CloudEyE Loki Password Stealer (PWS) |
| 2021-07-02
⋅
Cisco
⋅
InSideCopy: How this APT continues to evolve its arsenal AllaKore CetaRAT Lilith NjRAT ReverseRAT |
| 2021-06-08
⋅
LOKIBOT - A commodity malware Loki Password Stealer (PWS) |
| 2021-05-27
⋅
MinervaLabs
⋅
Trapping A Fat Quasar RAT Quasar RAT |
| 2021-05-20
⋅
Github (microsoft)
⋅
Microsoft 365 Defender Hunting Queries for hunting multiple threat actors' TTPs and malwares STRRAT OceanLotus BabyShark Elise Revenge RAT WastedLocker Zebrocy |
| 2021-05-14
⋅
Morphisec
⋅
AHK RAT Loader Used in Unique Delivery Campaigns AsyncRAT Houdini Revenge RAT |
| 2021-05-13
⋅
Anomali
⋅
Threat Actors Use MSBuild to Deliver RATs Filelessly Remcos |
| 2021-05-07
⋅
Morphisec
⋅
Revealing the ‘Snip3’ Crypter, a Highly Evasive RAT Loader Agent Tesla AsyncRAT NetWire RC Revenge RAT |
| 2021-05-05
⋅
Zscaler
⋅
Catching RATs Over Custom Protocols Analysis of top non-HTTP/S threats Agent Tesla AsyncRAT Crimson RAT CyberGate Ghost RAT Nanocore RAT NetWire RC NjRAT Quasar RAT Remcos |
| 2021-04-27
⋅
Kaspersky
⋅
APT trends report Q1 2021 PAS Artra Downloader BadNews Bozok DILLJUICE Kazuar Quasar RAT SodaMaster |
| 2021-04-21
⋅
Facebook
⋅
Taking Action Against Hackers in Palestine SpyNote Houdini NjRAT |
| 2021-04-21
⋅
Talos
⋅
A year of Fajan evolution and Bloomberg themed campaigns MASS Logger Nanocore RAT NetWire RC Revenge RAT XpertRAT |
| 2021-04-14
⋅
Zscaler
⋅
A look at HydroJiin campaign NetWire RC Quasar RAT |
| 2021-04-07
⋅
F5
⋅
Dissecting the Design and Vulnerabilities in Azorult C&C Panels Azorult |
| 2021-04-06
⋅
InfoSec Handlers Diary Blog
⋅
Malspam with Lokibot vs. Outlook and RFCs Loki Password Stealer (PWS) |
| 2021-03-22
⋅
K7 Security
⋅
MalSpam Campaigns Download njRAT from Paste Sites NjRAT |
| 2021-03-21
⋅
Blackberry
⋅
2021 Threat Report Bashlite FritzFrog IPStorm Mirai Tsunami elf.wellmess AppleJeus Dacls EvilQuest Manuscrypt Astaroth BazarBackdoor Cerber Cobalt Strike Emotet FinFisher RAT Kwampirs MimiKatz NjRAT Ryuk SmokeLoader TrickBot |
| 2021-03-18
⋅
Cybereason
⋅
Cybereason Exposes Campaign Targeting US Taxpayers with NetWire and Remcos Malware NetWire RC Remcos |
| 2021-03-16
⋅
Morphisec
⋅
Tracking HCrypt: An Active Crypter as a Service AsyncRAT LimeRAT Remcos |
| 2021-03-12
⋅
Reversing Labs
⋅
DotNET Loaders Revenge RAT |
| 2021-03-11
⋅
Trustwave
⋅
Image File Trickery Part II: Fake Icon Delivers NanoCore Nanocore RAT |
| 2021-02-25
⋅
Intezer
⋅
Year of the Gopher A 2020 Go Malware Round-Up NiuB WellMail elf.wellmess ArdaMax AsyncRAT CyberGate DarkComet Glupteba Nanocore RAT Nefilim NjRAT Quasar RAT WellMess Zebrocy |
| 2021-02-23
⋅
CrowdStrike
⋅
2021 Global Threat Report RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER |
| 2021-02-18
⋅
PTSecurity
⋅
https://www.ptsecurity.com/ww-en/analytics/antisandbox-techniques/ Poet RAT Gravity RAT Ketrican Okrum OopsIE Remcos RogueRobinNET RokRAT SmokeLoader |
| 2021-02-15
⋅
Medium s2wlab
⋅
Operation SyncTrek AbaddonPOS Azorult Clop DoppelDridex DoppelPaymer Dridex PwndLocker |
| 2021-02-06
⋅
Medium mariohenkel
⋅
Decrypting AzoRult traffic for fun and profit Azorult |
| 2021-02-05
⋅
Morphisec
⋅
CinaRAT Resurfaces with New Evasive Tactics and Techniques Quasar RAT |
| 2021-02-03
⋅
Medium s2wlab
⋅
W1 Feb| EN | Story of the week: Stealers on the Darkweb Azorult Raccoon Vidar |
| 2021-01-28
⋅
Youtube (Virus Bulletin)
⋅
The Bagsu banker case Azorult DreamBot Emotet Pony TrickBot ZeusAction |
| 2021-01-13
⋅
Bitdefender
⋅
Remcos RAT Revisited: A Colombian Coronavirus-Themed Campaign Remcos |
| 2021-01-11
⋅
ESET Research
⋅
Operation Spalax: Targeted malware attacks in Colombia Agent Tesla AsyncRAT NjRAT Remcos |
| 2021-01-09
⋅
Marco Ramilli's Blog
⋅
Command and Control Traffic Patterns ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot |
| 2021-01-06
⋅
Talos
⋅
A Deep Dive into Lokibot Infection Chain Loki Password Stealer (PWS) |
| 2021-01-05
⋅
⋅
Sangfor
⋅
Attack from Mustang Panda? My rabbit is back! NjRAT |
| 2020-12-29
⋅
Uptycs
⋅
Revenge RAT targeting users in South America Revenge RAT |
| 2020-12-28
⋅
⋅
Antiy CERT
⋅
"Civerids" organization vs. Middle East area attack activity analysis report Quasar RAT |
| 2020-12-24
⋅
IronNet
⋅
China cyber attacks: the current threat landscape PLEAD TSCookie FlowCloud Lookback PLEAD PlugX Quasar RAT Winnti |
| 2020-12-21
⋅
Cisco Talos
⋅
2020: The year in malware WolfRAT Prometei Poet RAT Agent Tesla Astaroth Ave Maria CRAT Emotet Gozi IndigoDrop JhoneRAT Nanocore RAT NjRAT Oblique RAT SmokeLoader StrongPity WastedLocker Zloader |
| 2020-12-14
⋅
Blueliv
⋅
Using Qiling Framework to Unpack TA505 packed samples AndroMut Azorult Silence TinyMet |
| 2020-12-10
⋅
Intel 471
⋅
No pandas, just people: The current state of China’s cybercrime underground Anubis SpyNote AsyncRAT Cobalt Strike Ghost RAT NjRAT |
| 2020-12-10
⋅
US-CERT
⋅
Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim REvil Ryuk Zeus |
| 2020-12-10
⋅
JPCERT/CC
⋅
Attack Activities by Quasar Family AsyncRAT Quasar RAT Venom RAT XPCTRA |
| 2020-12-09
⋅
Cybereason
⋅
MOLERATS IN THE CLOUD: New Malware Arsenal Abuses Cloud Platforms in Middle East Espionage Campaign DropBook JhoneRAT Molerat Loader Pierogi Quasar RAT SharpStage Spark |
| 2020-12-09
⋅
Cybereason
⋅
New Malware Arsenal Abusing Cloud Platforms in Middle East Espionage Campaign DropBook MoleNet Quasar RAT SharpStage Spark |
| 2020-12-09
⋅
Palo Alto Networks Unit 42
⋅
njRAT Spreading Through Active Pastebin Command and Control Tunnel NjRAT |
| 2020-12-07
⋅
Proofpoint
⋅
Commodity .NET Packers use Embedded Images to Hide Payloads Agent Tesla Loki Password Stealer (PWS) Remcos |
| 2020-12-02
⋅
DomainTools
⋅
Identifying Network Infrastructure Related to a World Health Organization Spoofing Campaign Azorult Glupteba |
| 2020-12-01
⋅
sonatype
⋅
There’s a RAT in my code: new npm malware with Bladabindi trojan spotted NjRAT |
| 2020-11-19
⋅
Threatpost
⋅
APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies Quasar RAT Ryuk |
| 2020-11-18
⋅
VMRay
⋅
Malware Analysis Spotlight: AZORult Delivered by GuLoader Azorult CloudEyE |
| 2020-11-18
⋅
G Data
⋅
Business as usual: Criminal Activities in Times of a Global Pandemic Agent Tesla Nanocore RAT NetWire RC Remcos |
| 2020-11-17
⋅
Symantec
⋅
Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign Quasar RAT |
| 2020-11-09
⋅
Bleeping Computer
⋅
Fake Microsoft Teams updates lead to Cobalt Strike deployment Cobalt Strike DoppelPaymer NjRAT Predator The Thief Zloader |
| 2020-10-26
⋅
⋅
360 Core Security
⋅
北非狐(APT-C-44)攻击活动揭露 Xtreme RAT Houdini NjRAT Revenge RAT |
| 2020-10-01
⋅
SpiderLabs Blog
⋅
Evasive URLs in Spam: Part 2 Loki Password Stealer (PWS) |
| 2020-09-29
⋅
Zscaler
⋅
Targeted Attacks on Oil and Gas Supply Chain Industries in the Middle East Azorult |
| 2020-09-21
⋅
Trend Micro
⋅
Cybercriminals Distribute Backdoor With VPN Installer NjRAT |
| 2020-09-18
⋅
Symantec
⋅
Elfin: Latest U.S. Indictments Appear to Target Iranian Espionage Group Nanocore RAT |
| 2020-09-17
⋅
FBI
⋅
FBI PIN Number 20200917-001: IRGC-Associated Cyber Operations Against US Company Networks MimiKatz Nanocore RAT |
| 2020-09-10
⋅
Medium mariohenkel
⋅
Decrypting NanoCore config and dump all plugins Nanocore RAT |
| 2020-09-02
⋅
Palo Alto Networks Unit 42
⋅
Cybersquatting: Attackers Mimicking Domains of Major Brands Including Facebook, Apple, Amazon and Netflix to Scam Consumers Azorult |
| 2020-09-01
⋅
nviso
⋅
Epic Manchego – atypical maldoc delivery brings flurry of infostealers Azorult NjRAT |
| 2020-08-26
⋅
Lab52
⋅
A twisted malware infection chain Agent Tesla Loki Password Stealer (PWS) |
| 2020-08-26
⋅
Proofpoint
⋅
Threat Actor Profile: TA2719 Uses Colorful Lures to Deliver RATs in Local Languages AsyncRAT Nanocore RAT TA2719 |
| 2020-08-19
⋅
⋅
AhnLab
⋅
국내 유명 웹하드를 통해 유포되는 njRAT 악성코드 NjRAT |
| 2020-07-30
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q2 2020 AdWind Agent Tesla Arkei Stealer AsyncRAT Ave Maria Azorult DanaBot Emotet IcedID ISFB KPOT Stealer Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Pony Raccoon RedLine Stealer Remcos Zloader |
| 2020-07-29
⋅
ESET Research
⋅
THREAT REPORT Q2 2020 DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos PlugX Pony REvil Socelars STOP Tinba TrickBot WannaCryptor |
| 2020-07-13
⋅
Github (1d8)
⋅
Remcos RAT Macro Dropper Doc Remcos |
| 2020-06-22
⋅
MalwareLab.pl
⋅
VenomRAT - new, hackforums grade, reincarnation of QuassarRAT Quasar RAT Venom RAT |
| 2020-06-22
⋅
njRat Malware Analysis NjRAT |
| 2020-06-11
⋅
Talos Intelligence
⋅
Tor2Mine is up to their old tricks — and adds a few new ones Azorult Remcos |
| 2020-06-07
⋅
Zero2Automated Blog
⋅
Dealing with Obfuscated Macros, Statically - NanoCore Nanocore RAT |
| 2020-05-29
⋅
Zscaler
⋅
ShellReset RAT Spread Through Macro-Based Documents Using AppLocker Bypass Quasar RAT |
| 2020-05-26
⋅
CrowdStrike
⋅
Weaponized Disk Image Files: Analysis, Trends and Remediation Nanocore RAT |
| 2020-05-21
⋅
Malwarebytes
⋅
Cybercrime tactics and techniques Ave Maria Azorult DanaBot Loki Password Stealer (PWS) NetWire RC |
| 2020-05-20
⋅
Zscaler
⋅
Latest Version of Amadey Introduces Screen Capturing and Pushes the Remcos RAT Amadey Remcos |
| 2020-05-14
⋅
360 Total Security
⋅
Vendetta - new threat actor from Europe Nanocore RAT Remcos |
| 2020-05-14
⋅
Lab52
⋅
The energy reserves in the Eastern Mediterranean Sea and a malicious campaign of APT10 against Turkey Cobalt Strike HTran MimiKatz PlugX Quasar RAT |
| 2020-05-14
⋅
SophosLabs
⋅
RATicate: an attacker’s waves of information-stealing malware Agent Tesla BetaBot BlackRemote Formbook Loki Password Stealer (PWS) NetWire RC NjRAT Remcos |
| 2020-04-29
⋅
FR3D.HK
⋅
Gazorp - Thieving from thieves Azorult |
| 2020-04-28
⋅
Trend Micro
⋅
Loki Info Stealer Propagates through LZH Files Loki Password Stealer (PWS) |
| 2020-04-27
⋅
0x00sec
⋅
Master of RATs - How to create your own Tracker Quasar RAT |
| 2020-04-15
⋅
Zscaler
⋅
Multistage FreeDom loader used in Aggah Campaign to spread Nanocore and AZORult Azorult Nanocore RAT |
| 2020-04-13
⋅
Blackberry
⋅
Threat Spotlight: Gootkit Banking Trojan Azorult GootKit |
| 2020-04-04
⋅
MalwareInDepth
⋅
Nanocore & CypherIT Nanocore RAT |
| 2020-04-02
⋅
Cisco Talos
⋅
AZORult brings friends to the party Azorult Remcos |
| 2020-04-01
⋅
Cisco
⋅
Navigating Cybersecurity During a Pandemic: Latest Malware and Threat Actors Azorult CloudEyE Formbook KPOT Stealer Metamorfo Nanocore RAT NetWire RC TrickBot |
| 2020-03-31
⋅
Click All the Things! Blog
⋅
LokiBot: Getting Equation Editor Shellcode Loki Password Stealer (PWS) |
| 2020-03-26
⋅
Telekom
⋅
TA505's Box of Chocolate - On Hidden Gems packed with the TA505 Packer Amadey Azorult Clop FlawedGrace Get2 SDBbot Silence TinyMet TA505 |
| 2020-03-26
⋅
Max Kersten's Blog
⋅
Azorult loader stages Azorult |
| 2020-03-20
⋅
Bitdefender
⋅
5 Times More Coronavirus-themed Malware Reports during March ostap HawkEye Keylogger Koadic Loki Password Stealer (PWS) Nanocore RAT Remcos |
| 2020-03-18
⋅
Proofpoint
⋅
Coronavirus Threat Landscape Update Agent Tesla Get2 ISFB Remcos |
| 2020-02-26
⋅
KELA
⋅
What’s Dead May Never Die: AZORult Infostealer Decommissioned Again Azorult |
| 2020-02-21
⋅
KELA
⋅
Exploring the Genesis Supply Chain for Fun and Profit: Part 1 – Misadventures in GUIDology Azorult |
| 2020-02-21
⋅
ADEO DFIR
⋅
APT10 Threat Analysis Report CHINACHOPPER HTran MimiKatz PlugX Quasar RAT |
| 2020-02-19
⋅
Team Cymru
⋅
Azorult – what we see using our own tools Azorult |
| 2020-02-14
⋅
Virus Bulletin
⋅
LokiBot: dissecting the C&C panel deployments Loki Password Stealer (PWS) |
| 2020-02-13
⋅
Talos
⋅
Threat actors attempt to capitalize on coronavirus outbreak Emotet Nanocore RAT Parallax RAT |
| 2020-02-12
⋅
Twitter (@DrStache_)
⋅
Tweet on ManaBotnet Azorult |
| 2020-02-06
⋅
Prevailion
⋅
The Triune Threat: MasterMana Returns Azorult Loki Password Stealer (PWS) |
| 2020-02-05
⋅
Cybereason
⋅
The Hole in the Bucket: Attackers Abuse Bitbucket to Deliver an Arsenal of Malware Amadey Azorult Predator The Thief STOP Vidar |
| 2020-02-03
⋅
SANS ISC
⋅
Analysis of a triple-encrypted AZORult downloader Azorult |
| 2020-01-31
⋅
ReversingLabs
⋅
RATs in the Library: Remote Access Trojans Hide in Plain "Public" Site CyberGate LimeRAT NjRAT Quasar RAT Revenge RAT |
| 2020-01-27
⋅
Yoroi
⋅
Aggah: How to run a botnet without renting a Server (for more than a year) LokiBot Azorult |
| 2020-01-22
⋅
The malware analyst’s guide to PE timestamps Azorult Gozi IcedID ISFB LOLSnif SUNBURST TEARDROP |
| 2020-01-19
⋅
360
⋅
BayWorld event, Cyber Attack Against Foreign Trade Industry Azorult Formbook Nanocore RAT Revenge RAT |
| 2020-01-17
⋅
JPCERT/CC
⋅
Looking back on the incidents in 2019 TSCookie NodeRAT Emotet PoshC2 Quasar RAT |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE RIVERSIDE Anel ChChes Cobalt Strike PlugX Poison Ivy Quasar RAT RedLeaves APT10 |
| 2020-01-01
⋅
Secureworks
⋅
COBALT TRINITY POWERTON pupy Imminent Monitor RAT Koadic Nanocore RAT NetWire RC PoshC2 APT33 |
| 2020-01-01
⋅
Secureworks
⋅
ALUMINUM SARATOGA BlackShades DarkComet Xtreme RAT Poison Ivy Quasar RAT Molerats |
| 2020-01-01
⋅
Dragos
⋅
Threat Intelligence and the Limits of Malware Analysis Exaramel Exaramel Industroyer Lookback NjRAT PlugX |
| 2020-01-01
⋅
Secureworks
⋅
COPPER FIELDSTONE Crimson RAT DarkComet Luminosity RAT NjRAT Operation C-Major |
| 2019-12-28
⋅
The Tale of the Pija-Droid Firefinch Loki Password Stealer (PWS) |
| 2019-12-24
⋅
Github (itsKindred)
⋅
Bashar Bachir Infection Chain Analysis NjRAT |
| 2019-12-12
⋅
FireEye
⋅
Cyber Threat Landscape in Japan – Revealing Threat in the Shadow Cerberus TSCookie Cobalt Strike Dtrack Emotet Formbook IcedID Icefog IRONHALO Loki Password Stealer (PWS) PandaBanker PLEAD poisonplug TrickBot BlackTech |
| 2019-11-28
⋅
Kaspersky Labs
⋅
RevengeHotels: cybercrime targeting hotel front desks worldwide Revenge RAT ProCC RevengeHotels |
| 2019-11-19
⋅
FireEye
⋅
Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions MESSAGETAP TSCookie ACEHASH CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT HIGHNOON HTran MimiKatz NetWire RC poisonplug Poison Ivy pupy Quasar RAT ZXShell |
| 2019-11-11
⋅
Binary Defense
⋅
Revenge Is A Dish Best Served… Obfuscated? Houdini Revenge RAT |
| 2019-10-28
⋅
Marco Ramilli's Blog
⋅
SWEED Targeting Precision Engineering Companies in Italy Loki Password Stealer (PWS) |
| 2019-10-21
⋅
Fortinet
⋅
New Variant of Remcos RAT Observed In the Wild Remcos |
| 2019-09-26
⋅
Proofpoint
⋅
New WhiteShadow downloader uses Microsoft SQL to retrieve malware WhiteShadow Agent Tesla Azorult Crimson RAT Formbook Nanocore RAT NetWire RC NjRAT Remcos |
| 2019-09-24
⋅
Yoroi
⋅
APT or not APT? What's Behind the Aggah Campaign Azorult |
| 2019-09-23
⋅
MITRE
⋅
APT41 Derusbi MESSAGETAP Winnti ASPXSpy BLACKCOFFEE CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT MimiKatz NjRAT PlugX ShadowPad Winnti ZXShell APT41 |
| 2019-09-19
⋅
NSHC
⋅
Hagga of SectorH01 continues abusing Bitly, Blogger and Pastebin to deliver RevengeRAT and NanoCore Nanocore RAT Revenge RAT |
| 2019-09-07
⋅
Dissecting Malware
⋅
Malicious RATatouille Remcos |
| 2019-08-30
⋅
Github (threatland)
⋅
njRAT builders NjRAT |
| 2019-08-25
⋅
Github (threatland)
⋅
Nanocor Sample Nanocore RAT |
| 2019-08-22
⋅
Youtube (OALabs)
⋅
Remcos RAT Unpacked From VB6 With x64dbg Debugger Remcos |
| 2019-08-15
⋅
Trend Micro
⋅
Analysis: New Remcos RAT Arrives Via Phishing Email Remcos |
| 2019-08-10
⋅
Check Point
⋅
SELECT code_execution FROM * USING SQLite; Azorult Loki Password Stealer (PWS) Pony |
| 2019-08-01
⋅
Kaspersky Labs
⋅
APT trends report Q2 2019 ZooPark magecart POWERSTATS Chaperone COMpfun EternalPetya FinFisher RAT HawkEye Keylogger HOPLIGHT Microcin NjRAT Olympic Destroyer PLEAD RokRAT Triton Zebrocy |
| 2019-07-15
⋅
Cisco Talos
⋅
SWEED: Exposing years of Agent Tesla campaigns Agent Tesla Formbook Loki Password Stealer (PWS) SWEED |
| 2019-07-11
⋅
InfoSec Handlers Diary Blog
⋅
Recent AZORult activity Azorult |
| 2019-06-19
⋅
Check Point
⋅
Check Point’s Threat Emulation Stops Large-Scale Phishing Campaign in Germany Remcos |
| 2019-06-08
⋅
Yoroi
⋅
The Evolution of Aggah: From Roma225 to the RG Campaign Revenge RAT |
| 2019-06-04
⋅
Cylance
⋅
Threat Spotlight: Analyzing AZORult Infostealer Malware Azorult |
| 2019-05-24
⋅
Fortinet
⋅
Uncovering new Activity by APT10 PlugX Quasar RAT |
| 2019-05-20
⋅
Twitter (@struppigel)
⋅
Tweet on Yggdrasil / CinaRAT Quasar RAT |
| 2019-05-08
⋅
VMRay
⋅
Get Smart with Enhanced Memory Dumping in VMRay Analyzer 3.0 Remcos |
| 2019-05-05
⋅
GoggleHeadedHacker Blog
⋅
Unpacking NanoCore Sample Using AutoIT Nanocore RAT |
| 2019-04-17
⋅
Palo Alto Networks Unit 42
⋅
Aggah Campaign: Bit.ly, BlogSpot, and Pastebin Used for C2 in Large Scale Campaign Hagga The Gorgon Group |
| 2019-04-16
⋅
FireEye
⋅
Spear Phishing Campaign Targets Ukraine Government and Military; Infrastructure Reveals Potential Link to So-Called Luhansk People's Republic Quasar RAT Vermin |
| 2019-04-05
⋅
Trustwave
⋅
Spammed PNG file hides LokiBot Loki Password Stealer (PWS) |
| 2019-04-01
⋅
⋅
Macnica Networks
⋅
Trends in Cyber Espionage Targeting Japan 2nd Half of 2018 Anel Cobalt Strike Datper PLEAD Quasar RAT RedLeaves taidoor Zebrocy |
| 2019-03-27
⋅
Symantec
⋅
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S. DarkComet Nanocore RAT pupy Quasar RAT Remcos TURNEDUP APT33 |
| 2019-03-27
⋅
Symantec
⋅
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S. DarkComet MimiKatz Nanocore RAT NetWire RC pupy Quasar RAT Remcos StoneDrill TURNEDUP APT33 |
| 2019-03-25
⋅
⋅
360 Core Security
⋅
Patting the Bear (APT-C-37): Exposure of Continued Attacks Against an Armed Organization Houdini NjRAT |
| 2019-03-22
⋅
Kaspersky Labs
⋅
AZORult++: Rewriting history Azorult |
| 2019-02-14
⋅
CISA
⋅
AR18-352A: Quasar Open-Source Remote Administration Tool Quasar RAT |
| 2019-02-07
⋅
Blueliv
⋅
Sales of AZORult grind to an AZOR-halt Azorult |
| 2019-01-28
⋅
Minerva Labs
⋅
AZORult: Now, as A Signed “Google Update” Azorult |
| 2019-01-01
⋅
MITRE
⋅
Group description: Gorgon Group The Gorgon Group |
| 2018-12-04
⋅
Malspam pushing Lokibot malware Loki Password Stealer (PWS) |
| 2018-10-17
⋅
Check Point
⋅
The Emergence of the New Azorult 3.3 Azorult |
| 2018-10-01
⋅
⋅
Macnica Networks
⋅
Trends in cyber espionage (targeted attacks) targeting Japan | First half of 2018 Anel Cobalt Strike Datper FlawedAmmyy Quasar RAT RedLeaves taidoor Winnti xxmm |
| 2018-08-29
⋅
Kaspersky Labs
⋅
Loki Bot: On a hunt for corporate passwords Loki Password Stealer (PWS) |
| 2018-08-22
⋅
Cisco Talos
⋅
Picking Apart Remcos Botnet-In-A-Box Remcos |
| 2018-08-18
⋅
Bleeping Computer
⋅
AZORult Trojan Serving Aurora Ransomware by MalActor Oktropys Aurora Azorult |
| 2018-08-02
⋅
Palo Alto Networks Unit 42
⋅
The Gorgon Group: Slithering Between Nation State and Cybercrime Loki Password Stealer (PWS) Nanocore RAT NjRAT Quasar RAT Remcos Revenge RAT |
| 2018-08-02
⋅
The Gorgon Group: Slithering Between Nation State and Cybercrime The Gorgon Group |
| 2018-07-30
⋅
Proofpoint
⋅
New version of AZORult stealer improves loading features, spreads alongside ransomware in new campaign Azorult Hermes |
| 2018-07-23
⋅
⋅
360 Threat Intelligence
⋅
Golden Rat Organization-targeted attack in Syria NjRAT APT-C-27 |
| 2018-07-17
⋅
ESET Research
⋅
A deep dive down the Vermin RAThole Quasar RAT Sobaken Vermin |
| 2018-07-06
⋅
Github (d00rt)
⋅
LokiBot Infostealer Jihacked Version Loki Password Stealer (PWS) |
| 2018-06-07
⋅
Volexity
⋅
Patchwork APT Group Targets US Think Tanks Quasar RAT Unidentified 047 QUILTED TIGER |
| 2018-05-17
⋅
Minerva Labs
⋅
Analyzing an AZORult Attack – Evasion in a Cloak of Multiple Layers Azorult |
| 2018-03-30
⋅
⋅
360 Threat Intelligence
⋅
Analysis of the latest cyber attack activity of the APT organization against sensitive institutions in China Quasar RAT |
| 2018-03-02
⋅
KrabsOnSecurity
⋅
Analysing Remcos RAT’s executable Remcos |
| 2018-03-01
⋅
My Online Security
⋅
Fake order spoofed from Finchers ltd Sankyo-Rubber delivers Remcos RAT via ACE attachments Remcos |
| 2018-02-26
⋅
Bleeping Computer
⋅
Nanocore RAT Author Gets 33 Months in Prison Nanocore RAT |
| 2018-01-23
⋅
RiskIQ
⋅
Espionage Campaign Leverages Spear Phishing, RATs Against Turkish Defense Contractors Remcos |
| 2017-12-22
⋅
Malware Traffic Analysis
⋅
MALSPAM USES CVE-2017-0199 TO DISTRIBUTE REMCOS RAT Remcos |
| 2017-12-19
⋅
Lastline
⋅
Novel Excel Spreadsheet Attack Launches Password Stealing Malware Loki Bot Loki Password Stealer (PWS) |
| 2017-12-11
⋅
Trend Micro
⋅
Untangling the Patchwork Cyberespionage Group Quasar RAT |
| 2017-11-12
⋅
Seamless Campaign Delivers Ramnit via RIG EK at 188.225.82.158. Follow-up Malware is AZORult Stealer. Azorult |
| 2017-10-27
⋅
Palo Alto Networks Unit 42
⋅
Tracking Subaat: Targeted Phishing Attack Leads to Threat Actor’s Repository The Gorgon Group |
| 2017-09-20
⋅
FireEye
⋅
Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware DROPSHOT Nanocore RAT NetWire RC SHAPESHIFT TURNEDUP APT33 |
| 2017-07-24
⋅
Malware Breakdown
⋅
The Seamless Campaign Drops Ramnit. Follow-up Malware: AZORult Stealer, Smoke Loader, etc. Azorult |
| 2017-07-24
⋅
Vitali Kremez Blog
⋅
Let's Learn: Reversing Credential and Payment Card Information Stealer 'AZORult V2' Azorult |
| 2017-07-08
⋅
InfoSec Handlers Diary Blog
⋅
A VBScript with Obfuscated Base64 Data Revenge RAT |
| 2017-07-01
⋅
Secrary Blog
⋅
Remcos RAT Remcos |
| 2017-06-22
⋅
SANS Institute Information Security Reading Room
⋅
Loki-Bot: InformationStealer, Keylogger, &More! Loki Password Stealer (PWS) |
| 2017-05-17
⋅
Fortinet
⋅
New Loki Variant Being Spread via PDF File Loki Password Stealer (PWS) |
| 2017-05-07
⋅
R3MRUM
⋅
Loki-Bot: Come out, come out, wherever you are! Loki Password Stealer (PWS) |
| 2017-05-05
⋅
Github (R3MRUM)
⋅
loki-parse Loki Password Stealer (PWS) |
| 2017-04-01
⋅
PricewaterhouseCoopers
⋅
Operation Cloud Hopper: Technical Annex ChChes PlugX Quasar RAT RedLeaves Trochilus RAT |
| 2017-03-23
⋅
Cofense
⋅
Tales from the Trenches: Loki Bot Malware Loki Password Stealer (PWS) |
| 2017-02-16
⋅
Cysinfo
⋅
Nefarious Macro Malware drops “Loki Bot” to steal sensitive information across GCC countries! Loki Password Stealer (PWS) |
| 2017-02-14
⋅
Fortinet
⋅
REMCOS: A New RAT In The Wild Remcos |
| 2017-01-30
⋅
Palo Alto Networks Unit 42
⋅
Downeks and Quasar RAT Used in Recent Targeted Attacks Against Governments Quasar RAT |
| 2016-11-30
⋅
Fortinet
⋅
Bladabindi Remains A Constant Threat By Using Dynamic DNS Services NjRAT |
| 2016-10-26
⋅
Unknown
⋅
Moonlight – Targeted attacks in the Middle East Houdini NjRAT Molerats |
| 2016-10-20
⋅
Twitter (@malwrhunterteam)
⋅
Tweet on Quasar RAT Quasar RAT |
| 2016-07-26
⋅
Proofpoint
⋅
Threat Actors Using Legitimate PayPal Accounts To Distribute Chthonic Banking Trojan Azorult Chthonic |
| 2015-01-22
⋅
Trend Micro
⋅
New RATs Emerge from Leaked Njw0rm Source Code NjRAT |