SYMBOLCOMMON_NAMEaka. SYNONYMS

The Gorgon Group  (Back to overview)

aka: ATK92, G0078, Gorgon Group, Pasty Gemini, Subaat

Unit 42 researchers have been tracking Subaat, an attacker, since 2017. Recently Subaat drew our attention due to renewed targeted attack activity. Part of monitoring Subaat included realizing the actor was possibly part of a larger crew of individuals responsible for carrying out targeted attacks against worldwide governmental organizations. Technical analysis on some of the attacks as well as attribution links with Pakistan actors have been already depicted by 360 and Tuisec, in which they found interesting connections to a larger group of attackers Unit 42 researchers have been tracking, which we are calling Gorgon Group.


Associated Families
win.revenge_rat win.nanocore win.quasar_rat win.azorult win.njrat win.lokipws win.remcos

References
2024-12-02Medium b.magnezi0xMrMagnezi
LokiBot Malware Analysis
Loki Password Stealer (PWS)
2024-11-08FortinetXiaopeng Zhang
New Campaign Uses Remcos RAT to Exploit Victims
Remcos
2024-11-07LogpointAnish Bogati
Hiding in Plain Sight: The Subtle Art of Loki Malware’s Obfuscation
Loki Password Stealer (PWS)
2024-09-04ANY.RUNANY.RUN, Mostafa ElSheimy
AZORult Malware: Technical Analysis
Azorult
2024-09-03Twitter (@embee_research)Embee_research
Advanced Cyberchef Techniques - Defeating Nanocore Obfuscation With Math and Flow Control
Nanocore RAT
2024-08-09BreachNovaOsama Ellahi
Full analysis on NJRAT
NjRAT
2024-07-29loginsoftSaharsh Agrawal
Blue Screen Mayhem: When CrowdStrike's Glitch Became Threat Actor's Playground
Daolpu HijackLoader Remcos
2024-07-09SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update January to June 2024
Coper FluBot Hook Bashlite Mirai FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc NjRAT QakBot Quasar RAT RedLine Stealer Remcos Rhadamanthys RisePro Sliver
2024-06-06Medium b.magnezi0xMrMagnezi
Remcos RAT Analysis
Remcos
2024-05-14Check Point ResearchAntonis Terefos, Tera0017
Foxit PDF “Flawed Design” Exploitation
Rafel RAT Agent Tesla AsyncRAT DCRat DONOT Nanocore RAT NjRAT Pony Remcos Venom RAT XWorm
2024-05-10ElasticCyril François, Samir Bousseaden
Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware, Part Four
Remcos
2024-05-03ElasticCyril François, Samir Bousseaden
Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware, Part Three
Remcos
2024-04-30ElasticCyril François, Samir Bousseaden
Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware, Part Two
Remcos
2024-04-24ElasticCyril François, Samir Bousseaden
Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware, Part One
Remcos
2024-04-15Positive TechnologiesAleksandr Badaev, Kseniya Naumova
SteganoAmor campaign: TA558 mass-attacking companies and public institutions all around the world
LokiBot 404 Keylogger Agent Tesla CloudEyE Formbook Remcos XWorm
2024-04-11Github (jeFF0Falltrades)Jeff Archer
Rat King Configuration Parser
AsyncRAT DCRat Quasar RAT Venom RAT
2024-03-26K7 SecurityVigneshwaran P
Unknown TTPs of Remcos RAT
Remcos
2024-03-19Medium b.magnezi0xMrMagnezi
Malware Analysis NjRat
NjRAT
2024-02-28Security IntelligenceGolo Mühr, Ole Villadsen
X-Force data reveals top spam trends, campaigns and senior superlatives in 2023
404 Keylogger Agent Tesla Black Basta DarkGate Formbook IcedID Loki Password Stealer (PWS) Pikabot QakBot Remcos
2024-02-21Medium b.magnezi0xMrMagnezi
Malware Analysis — Remcos RAT
Remcos
2024-01-25JSAC 2024Masafumi Takeda, Tomoya Furukawa
Threat Intelligence of Abused Public Post-Exploitation Frameworks
AsyncRAT DCRat Empire Downloader GRUNT Havoc Koadic Merlin PoshC2 Quasar RAT Sliver
2024-01-15DFIR.chStephan Berger
Hunting AsyncRAT & QuasarRAT
AsyncRAT Quasar RAT
2024-01-12SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q4 2023
FluBot Hook FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc IcedID Lumma Stealer Meterpreter NjRAT Pikabot QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver
2024-01-12cybleCyble
Sneaky Azorult Back in Action and Goes Undetected
Azorult
2024-01-08YouTube (Embee Research)Embee_research
Malware Analysis - Powershell decoding and .NET C2 Extraction (Quasar RAT)
Quasar RAT
2024-01-03UptycsKarthickkumar Kathiresan, Shilpesh Trivedi
Ukraine Targeted by UAC-0050 Using Remcos RAT Pipe Method for Evasion
Remcos
2023-12-07Cert-UACert-UA
UAC-0050 mass cyberattack using RemcosRAT/MeduzaStealer against Ukraine and Poland (CERT-UA#8218)
Meduza Stealer Remcos
2023-11-23Infosec WriteupsOsama Ellahi
Malware analysis Remcos RAT- 4.9.2 Pro
Remcos
2023-11-22Twitter (@embee_research)Embee_research
Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples)
BianLian Xtreme RAT NjRAT QakBot RedLine Stealer Remcos
2023-11-21Medium infoSec Write-upsJustAnother-Engineer
Unmasking NJRat: A Deep Dive into a Notorious Remote Access Trojan Part1
NjRAT
2023-11-14SOC PrimeVeronika Telychko
Remcos RAT Detection: UAC-0050 Hackers Launch Phishing Attacks Impersonating the Security Service of Ukraine
Remcos UAC-0050
2023-10-27Twitter (@embee_research)Embee_research
Remcos Downloader Analysis - Manual Deobfuscation of Visual Basic and Powershell
Remcos
2023-10-21Infosec WriteupsOsama Ellahi
Malware analysis NJ RAT 0.7NC & 0.6.4
NjRAT
2023-10-12Cluster25Cluster25 Threat Intel Team
CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations
Agent Tesla Crimson RAT Nanocore RAT SmokeLoader
2023-10-12SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q3 2023
FluBot AsyncRAT Ave Maria Cobalt Strike DCRat Havoc IcedID ISFB Nanocore RAT NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Stealc Tofsee Vidar
2023-10-05Twitter (@embee_research)Embee_research
Introduction to DotNet Configuration Extraction - RevengeRAT
Revenge RAT
2023-09-21Medium shaddy43Shayan Ahmed Khan
Secrets of commercial RATs! NanoCore dissected
Nanocore RAT
2023-09-19CheckpointAlexey Bukhteyev, Arie Olshtein
Unveiling the Shadows: The Dark Alliance between GuLoader and Remcos
CloudEyE Remcos
2023-09-08Gi7w0rm
Uncovering DDGroup — A long-time threat actor
AsyncRAT Ave Maria BitRAT DBatLoader NetWire RC Quasar RAT XWorm
2023-07-12FortinetCara Lin
LokiBot Campaign Targets Microsoft Office Document Using Vulnerabilities and Macros
Loki Password Stealer (PWS)
2023-07-11SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q2 2023
Hydra AsyncRAT Aurora Stealer Ave Maria BumbleBee Cobalt Strike DCRat Havoc IcedID ISFB NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee
2023-07-08Gi7w0rm
CloudEyE — From .lnk to Shellcode
CloudEyE Remcos
2023-06-08Twitter (@embee_research)Embee_research
Practical Queries for Identifying Malware Infrastructure: An informal page for storing Censys/Shodan queries
Amadey AsyncRAT Cobalt Strike QakBot Quasar RAT Sliver solarmarker
2023-05-16CyberRaijuJai Minton
Remcos RAT - Malware Analysis Lab
Remcos
2023-05-15embeeresearchEmbee_research
Quasar Rat Analysis - Identification of 64 Quasar Servers Using Shodan and Censys
Quasar RAT
2023-04-13OALabsSergei Frankoff
Quasar Chaos: Open Source Ransomware Meets Open Source RAT
Chaos Quasar RAT
2023-04-13MicrosoftMicrosoft Threat Intelligence
Threat actors strive to cause Tax Day headaches
CloudEyE Remcos
2023-04-12SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q1 2023
FluBot Amadey AsyncRAT Aurora Ave Maria BumbleBee Cobalt Strike DCRat Emotet IcedID ISFB NjRAT QakBot RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee Vidar
2023-04-10Check PointCheck Point
March 2023’s Most Wanted Malware: New Emotet Campaign Bypasses Microsoft Blocks to Distribute Malicious OneNote Files
Agent Tesla CloudEyE Emotet Formbook Nanocore RAT NjRAT QakBot Remcos Tofsee
2023-03-30loginsoftSaharsh Agrawal
From Innocence to Malice: The OneNote Malware Campaign Uncovered
Agent Tesla AsyncRAT DOUBLEBACK Emotet Formbook IcedID NetWire RC QakBot Quasar RAT RedLine Stealer XWorm
2023-03-27ZscalerMeghraj Nandanwar, Satyam Singh
DBatLoader: Actively Distributing Malwares Targeting European Businesses
DBatLoader Remcos
2023-03-16Trend MicroCedric Pernet, Jaromír Hořejší, Loseway Lu
IPFS: A New Data Frontier or a New Cybercriminal Hideout?
Agent Tesla Formbook RedLine Stealer Remcos
2023-03-15Lab52Lab52
APT-C-36: from NjRAT to LimeRAT
AsyncRAT NjRAT
2023-02-24ZscalerAvinash Kumar, Niraj Shivtarkar
Snip3 Crypter Reveals New TTPs Over Time
DCRat Quasar RAT
2023-02-22SOC PrimeDaryna Olyniychuk
New Phishing Attack Detection Attributed to the UAC-0050 and UAC-0096 Groups Spreading Remcos Spyware
Remcos UAC-0050
2023-02-21Cert-UACert-UA
Cyber ​​attack of the group UAC-0050 (UAC-0096) using the Remcos program (CERT-UA#6011)
Remcos UAC-0050
2023-02-06Cert-UACert-UA
UAC-0050 cyber attack against the state bodies of Ukraine using the program for remote control and surveillance Remcos (CERT-UA#5926)
Remcos UAC-0050
2023-02-03CloudsekDeepanjli Paulraj, Pavan Karthick M
Threat Actors Abuse AI-Generated Youtube Videos to Spread Stealer Malware
Alfonso Stealer Bandit Stealer Cameleon Fabookie Lumma Stealer Nanocore RAT Panda Stealer RecordBreaker RedLine Stealer Stealc STOP Vidar zgRAT
2023-01-30CheckpointArie Olshtein
Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted Malware
Agent Tesla Azorult Buer Cerber Cobalt Strike Emotet Formbook HawkEye Keylogger Loki Password Stealer (PWS) Maze NetWire RC Remcos REvil TrickBot
2023-01-24TrellixDaksh Kapur, John Fokker, Robert Venal, Tomer Shloman
Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity
Andromeda Formbook Houdini Remcos
2023-01-17Trend MicroAliakbar Zahravi, Peter Girnus
Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures
NjRAT
2023-01-09YouTube (Embee Research)Embee_research
Malware Analysis - VBS Decoding With Cyberchef (Nanocore Loader)
Nanocore RAT
2023-01-05SymantecThreat Hunter Team
Bluebottle: Campaign Hits Banks in French-speaking Countries in Africa
CloudEyE Cobalt Strike MimiKatz NetWire RC POORTRY Quasar RAT BlueBottle
2022-12-24di.sclosu.redi.sclosu.re
njRAT malware spreading through Discord CDN and Facebook Ads
NjRAT
2022-11-21MalwarebytesMalwarebytes
2022-11-21 Threat Intel Report
404 Keylogger Agent Tesla Formbook Hive Remcos
2022-10-13SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q3 2022
FluBot Arkei Stealer AsyncRAT Ave Maria BumbleBee Cobalt Strike DCRat Dridex Emotet Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT QakBot RecordBreaker RedLine Stealer Remcos Socelars Tofsee Vjw0rm
2022-09-22MorphisecMorphisec Labs
Watch Out For The New NFT-001
Eternity Stealer Remcos
2022-09-13SymantecThreat Hunter Team
New Wave of Espionage Activity Targets Asian Governments
MimiKatz PlugX Quasar RAT ShadowPad Trochilus RAT
2022-08-30Medium the_abjuri5tJohn F
NanoCore RAT Hunting Guide
Nanocore RAT
2022-08-29Soc InvestigationBalaGanesh
Remcos RAT New TTPS - Detection & Response
Remcos
2022-08-25splunkSplunk Threat Research Team
AppLocker Rules as Defense Evasion: Complete Analysis
Azorult
2022-08-21Perception PointIgal Lytzki
Behind the Attack: Remcos RAT
Remcos
2022-08-18SophosSean Gallagher
Cookie stealing: the new perimeter bypass
Cobalt Strike Meterpreter MimiKatz Phoenix Keylogger Quasar RAT
2022-08-18ProofpointJoe Wise, Proofpoint Threat Research Team, Selena Larson
Reservations Requested: TA558 Targets Hospitality and Travel
AsyncRAT Loda NjRAT Ozone RAT Revenge RAT Vjw0rm
2022-08-17360360 Threat Intelligence Center
Kasablanka organizes attacks against political groups and non-profit organizations in the Middle East
SpyNote Loda Nanocore RAT NjRAT
2022-08-17SecureworksCounter Threat Unit ResearchTeam
DarkTortilla Malware Analysis
Agent Tesla AsyncRAT Cobalt Strike DarkTortilla Nanocore RAT RedLine Stealer
2022-08-12BrandefenseBrandefense
Mythic Leopard APT Group
Crimson RAT DarkComet NjRAT Oblique RAT Peppy RAT
2022-08-08Medium CSIS TechblogBenoît Ancel
An inside view of domain anonymization as-a-service — the BraZZZerSFF infrastructure
Riltok magecart Anubis Azorult BetaBot Buer CoalaBot CryptBot DiamondFox DreamBot GCleaner ISFB Loki Password Stealer (PWS) MedusaLocker MeguminTrojan Nemty PsiX RedLine Stealer SmokeLoader STOP TinyNuke Vidar Zloader
2022-08-050xIvanTwitter (@viljoenivan)
LokiBot Analysis
Loki Password Stealer (PWS)
2022-08-04ConnectWiseStu Gonzalez
Formbook and Remcos Backdoor RAT by ConnectWise CRU
Formbook Remcos
2022-08-02Recorded FutureInsikt Group
Initial Access Brokers Are Key to Rise in Ransomware Attacks
Azorult BlackMatter Conti Mars Stealer Raccoon RedLine Stealer Taurus Stealer Vidar
2022-07-29QualysViren Chaudhari
New Qualys Research Report: Evolution of Quasar RAT
Quasar RAT
2022-07-27QualysViren Chaudhari
Stealthy Quasar Evolving to Lead the RAT Race
Quasar RAT
2022-07-20SophosColin Cowie, Gabor Szappanos
OODA: X-Ops Takes On Burgeoning SQL Server Attacks
Maoloa Remcos TargetCompany
2022-07-18Palo Alto Networks Unit 42Unit 42
Pasty Gemini
The Gorgon Group
2022-07-13WeixinAntiy CERT
Confucius: The Angler Hidden Under CloudFlare
Quasar RAT
2022-07-13KELAKELA Cyber Intelligence Center
The Next Generation of Info Stealers
Arkei Stealer Azorult BlackGuard Eternity Stealer Ginzo Stealer Mars Stealer MetaStealer Raccoon RedLine Stealer Vidar
2022-06-30CYBER GEEKS All Things InfosecCyberMasterV
How to Expose a Potential Cybercriminal due to Misconfigurations
Loki Password Stealer (PWS)
2022-06-30Cyber Geeks (CyberMasterV)Vlad Pasca
How to Expose a Potential Cybercriminal due to Misconfigurations
Loki Password Stealer (PWS)
2022-06-23SecureworksCounter Threat Unit ResearchTeam
BRONZE STARLIGHT Ransomware Operations Use HUI Loader
ATOMSILO Cobalt Strike HUI Loader LockFile NightSky Pandora PlugX Quasar RAT Rook SodaMaster BRONZE STARLIGHT
2022-06-02FortiGuard LabsFred Gutierrez, Gergely Revay, James Slaughter, Shunichi Imano
Threat Actors Prey on Eager Travelers
AsyncRAT NetWire RC Quasar RAT
2022-05-19BlackberryThe BlackBerry Research & Intelligence Team
.NET Stubs: Sowing the Seeds of Discord
Agent Tesla Quasar RAT WhisperGate
2022-05-19BlackberryThe BlackBerry Research & Intelligence Team
.NET Stubs: Sowing the Seeds of Discord (PureCrypter)
Aberebot AbstractEmu AdoBot 404 Keylogger Agent Tesla Amadey AsyncRAT Ave Maria BitRAT BluStealer Formbook LimeRAT Loki Password Stealer (PWS) Nanocore RAT Orcus RAT Quasar RAT Raccoon RedLine Stealer WhisperGate
2022-05-16JPCERT/CCShusei Tomonaga
Analysis of HUI Loader
HUI Loader PlugX Poison Ivy Quasar RAT
2022-05-12MorphisecHido Cohen
New SYK Crypter Distributed Via Discord
AsyncRAT Ave Maria Nanocore RAT NjRAT Quasar RAT RedLine Stealer
2022-05-10CheckpointCheckpoint
Info-stealer Campaign targets German Car Dealerships and Manufacturers
Azorult BitRAT Raccoon
2022-05-09BlackberryThe BlackBerry Research & Intelligence Team
Dirty Deeds Done Dirt Cheap: Russian RAT Offers Backdoor Bargains
DCRat NjRAT
2022-05-05Github (muha2xmad)Muhammad Hasan Ali
Analysis of MS Word to drop Remcos RAT | VBA extraction and analysis | IoCs
Remcos
2022-04-27TrendmicroTrendmicro
IOCs for Earth Berberoka - Windows
AsyncRAT Cobalt Strike PlugX Quasar RAT Earth Berberoka
2022-04-27Trend MicroDaniel Lunghi, Jaromír Hořejší
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
HelloBot AsyncRAT Ghost RAT HelloBot PlugX Quasar RAT Earth Berberoka
2022-04-27TrendmicroDaniel Lunghi, Jaromír Hořejší
Operation Gambling Puppet
reptile oRAT AsyncRAT Cobalt Strike DCRat Ghost RAT PlugX Quasar RAT Trochilus RAT Earth Berberoka
2022-04-26Trend MicroLord Alfred Remorin, Ryan Flores, Stephen Hilt
How Cybercriminals Abuse Cloud Tunneling Services
AsyncRAT Cobalt Strike DarkComet Meterpreter Nanocore RAT
2022-04-17Malcatmalcat team
Reversing a NSIS dropper using quick and dirty shellcode emulation
Loki Password Stealer (PWS)
2022-04-15Center for Internet SecurityCIS
Top 10 Malware March 2022
Mirai Shlayer Agent Tesla Ghost RAT Nanocore RAT SectopRAT solarmarker Zeus
2022-04-12HPPatrick Schläpfer
Malware Campaigns Targeting African Banking Sector
CloudEyE Remcos
2022-04-07Perception PointIgal Lytzki
Revenge RAT Malware is back: From Microsoft Excel macros to Remote Access Trojan
Revenge RAT
2022-04-06FortinetXiaopeng Zhang
The Latest Remcos RAT Driven By Phishing Campaign
Remcos
2022-03-30MorphisecHido Cohen
New Wave Of Remcos RAT Phishing Campaign
Remcos
2022-03-27Medium M3H51NM3H51N
Malware Analysis — NanoCore Rat
Nanocore RAT
2022-03-25TrustwaveTrustwave SpiderLabs
Cyber Attackers Leverage Russia-Ukraine Conflict in Multiple Spam Campaigns
Remcos
2022-03-24Lab52freyit
Another cyber espionage campaign in the Russia-Ukrainian ongoing cyber attacks
Quasar RAT
2022-03-23EcuCertEcuCert
APT-C-36 Advanced Persistent Threat Campaign Could be present in Ecuador
NjRAT APT-C-36
2022-03-09Lab52Lab52
Very very lazy Lazyscripter’s scripts: double compromise in a single obfuscation
NjRAT
2022-03-07LAC WATCHCyber ​​Emergency Center
I CAN'T HEAR YOU NOW! INTERNAL BEHAVIOR OF INFORMATION-STEALING MALWARE AND JSOC DETECTION TRENDS
Xloader Agent Tesla Formbook Loki Password Stealer (PWS)
2022-03-07ASECASEC
Distribution of Remcos RAT Disguised as Tax Invoice
Remcos
2022-03-05Bleeping ComputerLawrence Abrams
Malware now using NVIDIA's stolen code signing certificates
Quasar RAT
2022-03-04BitdefenderAlina Bizga
Bitdefender Labs Sees Increased Malicious and Scam Activity Exploiting the War in Ukraine
Agent Tesla Remcos
2022-03-04Bleeping ComputerBill Toulas
Russia-Ukraine war exploited as lure for malware distribution
Agent Tesla Remcos
2022-03-01VirusTotalVirusTotal
VirusTotal's 2021 Malware Trends Report
Anubis AsyncRAT BlackMatter Cobalt Strike DanaBot Dridex Khonsari MimiKatz Mirai Nanocore RAT Orcus RAT
2022-02-28ASECASEC
Remcos RAT malware disseminated by pretending to be tax invoices
Remcos
2022-02-22CyCraft Technology Corp
China Implicated in Prolonged Supply Chain Attack Targeting Taiwan Financial Sector
Quasar RAT
2022-02-21CyCraftCyCraft AI
An in-depth analysis of the Operation Cache Panda organized supply chain attack on Taiwan's financial industry
Quasar RAT
2022-02-21The RecordCatalin Cimpanu
Chinese hackers linked to months-long attack on Taiwanese financial sector
Quasar RAT
2022-02-18SANS ISCXavier Mertens
Remcos RAT Delivered Through Double Compressed Archive
Remcos
2022-02-14MorphisecArnold Osipov, Hido Cohen
Journey of a Crypto Scammer - NFT-001
AsyncRAT BitRAT Remcos
2022-02-11blog.rootshell.beXavier Mertens
[SANS ISC] CinaRAT Delivered Through HTML ID Attributes
Quasar RAT
2022-02-11Cisco TalosTalos
Threat Roundup for February 4 to February 11
DarkComet Ghost RAT Loki Password Stealer (PWS) Tinba Tofsee Zeus
2022-02-08ASECASEC
Distribution of Kimsuky Group’s xRAT (Quasar RAT) Confirmed
GoldDragon Quasar RAT
2022-02-08Intel 471Intel 471
PrivateLoader: The first step in many malware schemes
Dridex Kronos LockBit Nanocore RAT NjRAT PrivateLoader Quasar RAT RedLine Stealer Remcos SmokeLoader STOP Tofsee TrickBot Vidar
2022-02-08Itay Migdal
RevengeRAT Analysis
Revenge RAT
2022-02-08Itay Migdal
Remcos Analysis
Remcos
2022-02-07RiskIQRiskIQ
RiskIQ: Malicious Infrastructure Connected to Particular Windows Host Certificates
AsyncRAT BitRAT Nanocore RAT
2022-02-03forensicitguyTony Lambert
njRAT Installed from a MSI
NjRAT
2022-01-28Atomic Matryoshkaz3r0day_504
Malware Headliners: LokiBot
Loki Password Stealer (PWS)
2022-01-28eSentireeSentire Threat Response Unit (TRU)
Remcos RAT
Remcos
2022-01-13muha2xmadMuhammad Hasan Ali
Unpacking Remcos malware
Remcos
2022-01-12Cyber And Ramen blogMike R
Analysis of njRAT PowerPoint Macros
NjRAT
2022-01-12CiscoChetan Raghuprasad, Vanja Svajcer
Nanocore, Netwire and AsyncRAT spreading campaign uses public cloud infrastructure
AsyncRAT Nanocore RAT NetWire RC
2022-01-10splunkSplunk Threat Research Team
Detecting Malware Script Loaders using Remcos: Threat Research Release December 2021
Remcos
2022-01-08Bleeping ComputerLawrence Abrams
Trojanized dnSpy app drops malware cocktail on researchers, devs
Quasar RAT
2022-01-02Medium amgedwagehAmged Wageh
Automating The Analysis Of An AutoIT Script That Wraps A Remcos RAT
Remcos
2021-12-14Trend MicroNick Dai, Ted Lee, Vickie Su
Collecting In the Dark: Tropic Trooper Targets Transportation and Government
ChiserClient Ghost RAT Lilith Quasar RAT xPack APT23
2021-12-13RiskIQJordan Herman
RiskIQ: Connections between Nanocore, Netwire, and AsyncRAT and Vjw0rm dynamic DNS C2 infrastructure
AsyncRAT Nanocore RAT NetWire RC Vjw0rm
2021-12-02CiscoTiago Pereira
Magnat campaigns use malvertising to deliver information stealer, backdoor and malicious Chrome extension
Azorult RedLine Stealer
2021-11-30CYBER GEEKS All Things InfosecCyberMasterV
Just another analysis of the njRAT malware – A step-by-step approach
NjRAT
2021-11-29Trend MicroJaromír Hořejší
Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites
AsyncRAT Azorult Nanocore RAT NjRAT RedLine Stealer Remcos
2021-11-23HPPatrick Schläpfer
RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild
AdWind Ratty STRRAT CloudEyE Formbook Houdini Panda Stealer Remcos
2021-11-23MorphisecArnold Osipov, Hido Cohen
Babadeda Crypter targeting crypto, NFT, and DeFi communities
Babadeda BitRAT LockBit Remcos
2021-11-17InfobloxGaetano Pellegrino
Deep Analysis of a Recent Lokibot Attack
Loki Password Stealer (PWS)
2021-11-11MicrosoftMicrosoft 365 Defender Threat Intelligence Team
HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks
AsyncRAT Mekotio NjRAT
2021-11-11splunkSplunk Threat Research Team
FIN7 Tools Resurface in the Field – Splinter or Copycat?
JSSLoader Remcos
2021-10-27ProofpointJoe Wise, Selena Larson
New Threat Actor Spoofs Philippine Government, COVID-19 Health Data in Widespread RAT Campaigns
Nanocore RAT Remcos TA2722
2021-10-26KasperskyKaspersky Lab ICS CERT
APT attacks on industrial organizations in H1 2021
8.t Dropper AllaKore AsyncRAT GoldMax LimeRAT NjRAT NoxPlayer Raindrop ReverseRAT ShadowPad Zebrocy
2021-10-19Cisco TalosAsheer Malhotra
Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India
DCRat Quasar RAT
2021-10-15ESET ResearchESET Research
Tweet on a malicious campaign targeting governmental and education entities in Colombia using multiple stages to drop AsyncRAT or njRAT Keylogger on their victims
AsyncRAT NjRAT
2021-10-06zimperiumJordan Herman
Malware Distribution with Mana Tools
Agent Tesla Azorult
2021-10-06ESET ResearchMartina López
To the moon and hack: Fake SafeMoon app drops malware to spy on you
Remcos
2021-10-01HPHP Wolf Security
Threat Insights Report Q3 - 2021
STRRAT CloudEyE NetWire RC Remcos TrickBot Vjw0rm
2021-09-20Trend MicroAliakbar Zahravi, William Gamazo Sanchez
Water Basilisk Uses New HCrypt Variant to Flood Victims with RAT Payloads
Ave Maria BitRAT LimeRAT Nanocore RAT NjRAT Quasar RAT
2021-09-16CiscoTiago Pereira, Vitor Ventura
Operation Layover: How we tracked an attack on the aviation industry to five years of compromise
AsyncRAT Houdini NjRAT
2021-09-15TelsyTelsy
REMCOS and Agent Tesla loaded into memory with Rezer0 loader
Agent Tesla Remcos
2021-09-13Trend MicroDaniel Lunghi, Jaromír Hořejší
APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs
AsyncRAT Ave Maria BitRAT Imminent Monitor RAT LimeRAT NjRAT Remcos
2021-09-13Trend MicroDaniel Lunghi, Jaromír Hořejší
APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs (IOCs)
AsyncRAT Ave Maria BitRAT Imminent Monitor RAT LimeRAT NjRAT Remcos
2021-09-08RiskIQJennifer Grob
Bulletproof Hosting Services: Investigating Flowspec
Azorult Glupteba
2021-09-06cocomelonccocomelonc
AV engines evasion for C++ simple malware: part 2
Agent Tesla Amadey Anchor AnchorMTea Carbanak Carberp Cardinal RAT Felixroot Konni Loki Password Stealer (PWS) Maze
2021-09-04cocomelonccocomelonc
AV engines evasion for C++ simple malware: part 1
4h_rat Azorult BADCALL BadNews BazarBackdoor Cardinal RAT
2021-09-03Trend MicroMohamad Mokbel
The State of SSL/TLS Certificate Usage in Malware C&C Communications
AdWind ostap AsyncRAT BazarBackdoor BitRAT Buer Chthonic CloudEyE Cobalt Strike DCRat Dridex FindPOS GootKit Gozi IcedID ISFB Nanocore RAT Orcus RAT PandaBanker Qadars QakBot Quasar RAT Rockloader ServHelper Shifu SManager TorrentLocker TrickBot Vawtrak Zeus Zloader
2021-08-25Trend MicroBin Lin, William Gamazo Sanchez
New Campaign Sees LokiBot Delivered Via Multiple Methods
Loki Password Stealer (PWS)
2021-08-23YouTube ( DuMp-GuY TrIcKsTeR)Jiří Vinopal
[2] Lokibot analyzing - spoofing GULoader and LokiBot C2 [part2] - INetSim + BurpSuite
CloudEyE Loki Password Stealer (PWS)
2021-08-19TalosAsheer Malhotra, Vanja Svajcer, Vitor Ventura
Malicious Campaign Targets Latin America: The seller, The operator and a curious link
AsyncRAT NjRAT
2021-08-18AhnLabASEC Analysis Team
Infostealer Malware Azorult Being Distributed Through Spam Mails
Azorult
2021-08-16Malcatmalcat team
Statically unpacking a simple .NET dropper
Loki Password Stealer (PWS)
2021-08-04ASECASEC
S/W Download Camouflage, Spreading Various Kinds of Malware
Raccoon RedLine Stealer Remcos Vidar
2021-07-30Menlo SecurityMENLO Security
ISOMorph Infection: In-Depth Analysis of a New HTML Smuggling Campaign
AsyncRAT NjRAT
2021-07-27BlackberryBlackBerry Research & Intelligence Team
Old Dogs New Tricks: Attackers Adopt Exotic Programming Languages
elf.wellmess ElectroRAT BazarNimrod Buer Cobalt Strike Remcos Snake TeleBot WellMess Zebrocy
2021-07-19MalwarebytesErika Noerenberg
Remcos RAT delivered via Visual Basic
Remcos
2021-07-12IBMClaire Zaboeva, Dan Dash, Melissa Frydrych
RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation
404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos
2021-07-12Cipher Tech SolutionsClaire Zaboeva, Dan Dash, Melissa Frydrych
RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation
404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos
2021-07-09SeqriteChaitanya Haritash, Nihar Deshpande, Shayak Tarafdar
Seqrite uncovers second wave of Operation SideCopy targeting Indian critical infrastructure PSUs
NjRAT ReverseRAT
2021-07-07TalosAsheer Malhotra, Justin Thattil
InSideCopy: How this APT continues to evolve its arsenal
AllaKore Lilith NjRAT
2021-07-07YouTube ( DuMp-GuY TrIcKsTeR)Jiří Vinopal
[2] Lokibot analyzing - spoofing GULoader and LokiBot C2 [part1] - Own implementation in Python
CloudEyE Loki Password Stealer (PWS)
2021-07-07TalosAsheer Malhotra, Justin Thattil
InSideCopy: How this APT continues to evolve its arsenal (Network IOCs)
AllaKore Lilith NjRAT
2021-07-07TalosAsheer Malhotra, Justin Thattil
InSideCopy: How this APT continues to evolve its arsenal (IOCs)
AllaKore Lilith NjRAT
2021-07-07Talos IntelligenceAsheer Malhotra, Justin Thattil
InSideCopy: How this APT continues to evolve its arsenal
AllaKore NjRAT SideCopy
2021-07-06YouTube ( DuMp-GuY TrIcKsTeR)Jiří Vinopal
[1] Lokibot analyzing - defeating GuLoader with Windbg (Kernel debugging) and Live C2
CloudEyE Loki Password Stealer (PWS)
2021-07-02CiscoAsheer Malhotra, Justin Thattil
InSideCopy: How this APT continues to evolve its arsenal
AllaKore CetaRAT Lilith NjRAT ReverseRAT
2021-06-08ilbaroni
LOKIBOT - A commodity malware
Loki Password Stealer (PWS)
2021-05-27MinervaLabsTom Roter
Trapping A Fat Quasar RAT
Quasar RAT
2021-05-20Github (microsoft)Microsoft
Microsoft 365 Defender Hunting Queries for hunting multiple threat actors' TTPs and malwares
STRRAT OceanLotus BabyShark Elise Revenge RAT WastedLocker Zebrocy
2021-05-14MorphisecArnold Osipov
AHK RAT Loader Used in Unique Delivery Campaigns
AsyncRAT Houdini Revenge RAT
2021-05-13AnomaliGage Mele, Tara Gould
Threat Actors Use MSBuild to Deliver RATs Filelessly
Remcos
2021-05-07MorphisecNadav Lorber
Revealing the ‘Snip3’ Crypter, a Highly Evasive RAT Loader
Agent Tesla AsyncRAT NetWire RC Revenge RAT
2021-05-05ZscalerAniruddha Dolas, Manohar Ghule, Mohd Sadique
Catching RATs Over Custom Protocols Analysis of top non-HTTP/S threats
Agent Tesla AsyncRAT Crimson RAT CyberGate Ghost RAT Nanocore RAT NetWire RC NjRAT Quasar RAT Remcos
2021-04-27KasperskyGReAT
APT trends report Q1 2021
PAS Artra Downloader BadNews Bozok DILLJUICE Kazuar Quasar RAT SodaMaster
2021-04-21FacebookDavid Agranovich, Mike Dvilyanski
Taking Action Against Hackers in Palestine
SpyNote Houdini NjRAT
2021-04-21TalosVanja Svajcer
A year of Fajan evolution and Bloomberg themed campaigns
MASS Logger Nanocore RAT NetWire RC Revenge RAT XpertRAT
2021-04-14ZscalerAtinderpal Singh, Rohit Chaturvedi, Tarun Dewan
A look at HydroJiin campaign
NetWire RC Quasar RAT
2021-04-07F5Aditya K. Sood
Dissecting the Design and Vulnerabilities in Azorult C&C Panels
Azorult
2021-04-06InfoSec Handlers Diary BlogJan Kopriva
Malspam with Lokibot vs. Outlook and RFCs
Loki Password Stealer (PWS)
2021-03-22K7 SecurityMary Muthu Francisca
MalSpam Campaigns Download njRAT from Paste Sites
NjRAT
2021-03-21BlackberryBlackberry Research
2021 Threat Report
Bashlite FritzFrog IPStorm Mirai Tsunami elf.wellmess AppleJeus Dacls EvilQuest Manuscrypt Astaroth BazarBackdoor Cerber Cobalt Strike Emotet FinFisher RAT Kwampirs MimiKatz NjRAT Ryuk SmokeLoader TrickBot
2021-03-18CybereasonDaniel Frank
Cybereason Exposes Campaign Targeting US Taxpayers with NetWire and Remcos Malware
NetWire RC Remcos
2021-03-16MorphisecNadav Lorber
Tracking HCrypt: An Active Crypter as a Service
AsyncRAT LimeRAT Remcos
2021-03-12Reversing LabsRobert Simmons
DotNET Loaders
Revenge RAT
2021-03-11TrustwaveDiana Lopera
Image File Trickery Part II: Fake Icon Delivers NanoCore
Nanocore RAT
2021-02-25IntezerIntezer
Year of the Gopher A 2020 Go Malware Round-Up
NiuB WellMail elf.wellmess ArdaMax AsyncRAT CyberGate DarkComet Glupteba Nanocore RAT Nefilim NjRAT Quasar RAT WellMess Zebrocy
2021-02-23CrowdStrikeCrowdStrike
2021 Global Threat Report
RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER
2021-02-18PTSecurityPTSecurity
https://www.ptsecurity.com/ww-en/analytics/antisandbox-techniques/
Poet RAT Gravity RAT Ketrican Okrum OopsIE Remcos RogueRobinNET RokRAT SmokeLoader
2021-02-15Medium s2wlabSojun Ryu
Operation SyncTrek
AbaddonPOS Azorult Clop DoppelDridex DoppelPaymer Dridex PwndLocker
2021-02-06Medium mariohenkelMario Henkel
Decrypting AzoRult traffic for fun and profit
Azorult
2021-02-05MorphisecNadav Lorber
CinaRAT Resurfaces with New Evasive Tactics and Techniques
Quasar RAT
2021-02-03Medium s2wlabHyunmin Suh, Minjei Cho
W1 Feb| EN | Story of the week: Stealers on the Darkweb
Azorult Raccoon Vidar
2021-01-28Youtube (Virus Bulletin)Benoît Ancel
The Bagsu banker case
Azorult DreamBot Emotet Pony TrickBot ZeusAction
2021-01-13BitdefenderJanos Gergo Szeles
Remcos RAT Revisited: A Colombian Coronavirus-Themed Campaign
Remcos
2021-01-11ESET ResearchMatías Porolli
Operation Spalax: Targeted malware attacks in Colombia
Agent Tesla AsyncRAT NjRAT Remcos
2021-01-09Marco Ramilli's BlogMarco Ramilli
Command and Control Traffic Patterns
ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot
2021-01-06TalosHolger Unterbrink, Irshad Muhammad
A Deep Dive into Lokibot Infection Chain
Loki Password Stealer (PWS)
2021-01-05SangforClairvoyance Safety Laboratory
Attack from Mustang Panda? My rabbit is back!
NjRAT
2020-12-29UptycsAbhijit Mohanta
Revenge RAT targeting users in South America
Revenge RAT
2020-12-28Antiy CERTAntiy CERT
"Civerids" organization vs. Middle East area attack activity analysis report
Quasar RAT
2020-12-24IronNetAdam Hlavek
China cyber attacks: the current threat landscape
PLEAD TSCookie FlowCloud Lookback PLEAD PlugX Quasar RAT Winnti
2020-12-21Cisco TalosJON MUNSHAW
2020: The year in malware
WolfRAT Prometei Poet RAT Agent Tesla Astaroth Ave Maria CRAT Emotet Gozi IndigoDrop JhoneRAT Nanocore RAT NjRAT Oblique RAT SmokeLoader StrongPity WastedLocker Zloader
2020-12-14BluelivAlberto Marín, Blueliv Labs Team, Carlos Rubio
Using Qiling Framework to Unpack TA505 packed samples
AndroMut Azorult Silence TinyMet
2020-12-10Intel 471Intel 471
No pandas, just people: The current state of China’s cybercrime underground
Anubis SpyNote AsyncRAT Cobalt Strike Ghost RAT NjRAT
2020-12-10US-CERTFBI, MS-ISAC, US-CERT
Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data
PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim REvil Ryuk Zeus
2020-12-10JPCERT/CCKota Kino
Attack Activities by Quasar Family
AsyncRAT Quasar RAT Venom RAT XPCTRA
2020-12-09CybereasonCybereason Nocturnus Team
MOLERATS IN THE CLOUD: New Malware Arsenal Abuses Cloud Platforms in Middle East Espionage Campaign
DropBook JhoneRAT Molerat Loader Pierogi Quasar RAT SharpStage Spark
2020-12-09CybereasonCybereason Nocturnus
New Malware Arsenal Abusing Cloud Platforms in Middle East Espionage Campaign
DropBook MoleNet Quasar RAT SharpStage Spark
2020-12-09Palo Alto Networks Unit 42Chris Navarrete, Haozhe Zhang, Yanhui Jia
njRAT Spreading Through Active Pastebin Command and Control Tunnel
NjRAT
2020-12-07ProofpointProofpoint Threat Research Team
Commodity .NET Packers use Embedded Images to Hide Payloads
Agent Tesla Loki Password Stealer (PWS) Remcos
2020-12-02DomainToolsJoe Slowik
Identifying Network Infrastructure Related to a World Health Organization Spoofing Campaign
Azorult Glupteba
2020-12-01sonatypeAx Sharma
There’s a RAT in my code: new npm malware with Bladabindi trojan spotted
NjRAT
2020-11-19ThreatpostElizabeth Montalbano
APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies
Quasar RAT Ryuk
2020-11-18VMRayMateusz Lukaszewski, Pascal Brackmann, VMRay Labs Team
Malware Analysis Spotlight: AZORult Delivered by GuLoader
Azorult CloudEyE
2020-11-18G DataG-Data
Business as usual: Criminal Activities in Times of a Global Pandemic
Agent Tesla Nanocore RAT NetWire RC Remcos
2020-11-17SymantecThreat Hunter Team
Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign
Quasar RAT
2020-11-09Bleeping ComputerIonut Ilascu
Fake Microsoft Teams updates lead to Cobalt Strike deployment
Cobalt Strike DoppelPaymer NjRAT Predator The Thief Zloader
2020-10-26360 Core Security360
北非狐(APT-C-44)攻击活动揭露
Xtreme RAT Houdini NjRAT Revenge RAT
2020-10-01SpiderLabs BlogDiana Lopera
Evasive URLs in Spam: Part 2
Loki Password Stealer (PWS)
2020-09-29ZscalerSahil Antil, Sudeep Singh
Targeted Attacks on Oil and Gas Supply Chain Industries in the Middle East
Azorult
2020-09-21Trend MicroRaphael Centeno
Cybercriminals Distribute Backdoor With VPN Installer
NjRAT
2020-09-18SymantecThreat Hunter Team
Elfin: Latest U.S. Indictments Appear to Target Iranian Espionage Group
Nanocore RAT
2020-09-17FBIFBI
FBI PIN Number 20200917-001: IRGC-Associated Cyber Operations Against US Company Networks
MimiKatz Nanocore RAT
2020-09-10Medium mariohenkelMario Henkel
Decrypting NanoCore config and dump all plugins
Nanocore RAT
2020-09-02Palo Alto Networks Unit 42Janos Szurdi, Zhanhao Chen
Cybersquatting: Attackers Mimicking Domains of Major Brands Including Facebook, Apple, Amazon and Netflix to Scam Consumers
Azorult
2020-09-01nvisoBart Parys, Didier Stevens, Dries Boone, Maxime Thiebaut, Michel Coene
Epic Manchego – atypical maldoc delivery brings flurry of infostealers
Azorult NjRAT
2020-08-26Lab52Jagaimo Kawaii
A twisted malware infection chain
Agent Tesla Loki Password Stealer (PWS)
2020-08-26ProofpointProofpoint Threat Research Team
Threat Actor Profile: TA2719 Uses Colorful Lures to Deliver RATs in Local Languages
AsyncRAT Nanocore RAT TA2719
2020-08-19AhnLabAhnLab ASEC 분석팀
국내 유명 웹하드를 통해 유포되는 njRAT 악성코드
NjRAT
2020-07-30SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q2 2020
AdWind Agent Tesla Arkei Stealer AsyncRAT Ave Maria Azorult DanaBot Emotet IcedID ISFB KPOT Stealer Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Pony Raccoon RedLine Stealer Remcos Zloader
2020-07-29ESET Researchwelivesecurity
THREAT REPORT Q2 2020
DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos PlugX Pony REvil Socelars STOP Tinba TrickBot WannaCryptor
2020-07-13Github (1d8)1d8
Remcos RAT Macro Dropper Doc
Remcos
2020-06-22MalwareLab.plMaciej Kotowicz
VenomRAT - new, hackforums grade, reincarnation of QuassarRAT
Quasar RAT Venom RAT
2020-06-22Anurag
njRat Malware Analysis
NjRAT
2020-06-11Talos IntelligenceJoe Marshall, Kendall McKay
Tor2Mine is up to their old tricks — and adds a few new ones
Azorult Remcos
2020-06-07Zero2Automated Blog0verfl0w_
Dealing with Obfuscated Macros, Statically - NanoCore
Nanocore RAT
2020-05-29ZscalerSudeep Singh
ShellReset RAT Spread Through Macro-Based Documents Using AppLocker Bypass
Quasar RAT
2020-05-26CrowdStrikeGuillermo Taibo
Weaponized Disk Image Files: Analysis, Trends and Remediation
Nanocore RAT
2020-05-21MalwarebytesMalwarebytes Labs
Cybercrime tactics and techniques
Ave Maria Azorult DanaBot Loki Password Stealer (PWS) NetWire RC
2020-05-20ZscalerAmandeep Kumar, Rohit Chaturvedi
Latest Version of Amadey Introduces Screen Capturing and Pushes the Remcos RAT
Amadey Remcos
2020-05-14360 Total Securitykate
Vendetta - new threat actor from Europe
Nanocore RAT Remcos
2020-05-14Lab52Dex
The energy reserves in the Eastern Mediterranean Sea and a malicious campaign of APT10 against Turkey
Cobalt Strike HTran MimiKatz PlugX Quasar RAT
2020-05-14SophosLabsMarkel Picado
RATicate: an attacker’s waves of information-stealing malware
Agent Tesla BetaBot BlackRemote Formbook Loki Password Stealer (PWS) NetWire RC NjRAT Remcos
2020-04-29FR3D.HKFred HK
Gazorp - Thieving from thieves
Azorult
2020-04-28Trend MicroMiguel Ang
Loki Info Stealer Propagates through LZH Files
Loki Password Stealer (PWS)
2020-04-270x00secDan Lisichkin
Master of RATs - How to create your own Tracker
Quasar RAT
2020-04-15ZscalerSudeep Singh
Multistage FreeDom loader used in Aggah Campaign to spread Nanocore and AZORult
Azorult Nanocore RAT
2020-04-13BlackberryMasaki Kasuya, Tatsuya Hasegawa
Threat Spotlight: Gootkit Banking Trojan
Azorult GootKit
2020-04-04MalwareInDepthMyrtus 0x0
Nanocore & CypherIT
Nanocore RAT
2020-04-02Cisco TalosVanja Svajcer
AZORult brings friends to the party
Azorult Remcos
2020-04-01CiscoAndrea Kaiser, Shyam Sundar Ramaswami
Navigating Cybersecurity During a Pandemic: Latest Malware and Threat Actors
Azorult CloudEyE Formbook KPOT Stealer Metamorfo Nanocore RAT NetWire RC TrickBot
2020-03-31Click All the Things! BlogJamie
LokiBot: Getting Equation Editor Shellcode
Loki Password Stealer (PWS)
2020-03-26TelekomThomas Barabosch
TA505's Box of Chocolate - On Hidden Gems packed with the TA505 Packer
Amadey Azorult Clop FlawedGrace Get2 SDBbot Silence TinyMet TA505
2020-03-26Max Kersten's BlogMax Kersten
Azorult loader stages
Azorult
2020-03-20BitdefenderLiviu Arsene
5 Times More Coronavirus-themed Malware Reports during March
ostap HawkEye Keylogger Koadic Loki Password Stealer (PWS) Nanocore RAT Remcos
2020-03-18ProofpointAxel F, Sam Scholten
Coronavirus Threat Landscape Update
Agent Tesla Get2 ISFB Remcos
2020-02-26KELALeon Kurolapnik, Raveed Laeb
What’s Dead May Never Die: AZORult Infostealer Decommissioned Again
Azorult
2020-02-21KELARaveed Laeb
Exploring the Genesis Supply Chain for Fun and Profit: Part 1 – Misadventures in GUIDology
Azorult
2020-02-21ADEO DFIRADEO DFIR
APT10 Threat Analysis Report
CHINACHOPPER HTran MimiKatz PlugX Quasar RAT
2020-02-19Team CymruTeam Cymru
Azorult – what we see using our own tools
Azorult
2020-02-14Virus BulletinAditya K. Sood
LokiBot: dissecting the C&C panel deployments
Loki Password Stealer (PWS)
2020-02-13TalosEdmund Brumaghin, Nick Biasini
Threat actors attempt to capitalize on coronavirus outbreak
Emotet Nanocore RAT Parallax RAT
2020-02-12Twitter (@DrStache_)DrStache
Tweet on ManaBotnet
Azorult
2020-02-06PrevailionDanny Adamitis
The Triune Threat: MasterMana Returns
Azorult Loki Password Stealer (PWS)
2020-02-05CybereasonAssaf Dahan, Lior Rochberger
The Hole in the Bucket: Attackers Abuse Bitbucket to Deliver an Arsenal of Malware
Amadey Azorult Predator The Thief STOP Vidar
2020-02-03SANS ISCJan Kopriva
Analysis of a triple-encrypted AZORult downloader
Azorult
2020-01-31ReversingLabsRobert Simmons
RATs in the Library: Remote Access Trojans Hide in Plain "Public" Site
CyberGate LimeRAT NjRAT Quasar RAT Revenge RAT
2020-01-27YoroiLuca Mella, Luigi Martire
Aggah: How to run a botnet without renting a Server (for more than a year)
LokiBot Azorult
2020-01-22Thomas Barabosch
The malware analyst’s guide to PE timestamps
Azorult Gozi IcedID ISFB LOLSnif SUNBURST TEARDROP
2020-01-19360kate
BayWorld event, Cyber Attack Against Foreign Trade Industry
Azorult Formbook Nanocore RAT Revenge RAT
2020-01-17JPCERT/CCTakayoshi Shiigi
Looking back on the incidents in 2019
TSCookie NodeRAT Emotet PoshC2 Quasar RAT
2020-01-01SecureworksSecureWorks
BRONZE RIVERSIDE
Anel ChChes Cobalt Strike PlugX Poison Ivy Quasar RAT RedLeaves APT10
2020-01-01SecureworksSecureWorks
COBALT TRINITY
POWERTON pupy Imminent Monitor RAT Koadic Nanocore RAT NetWire RC PoshC2 APT33
2020-01-01SecureworksSecureWorks
ALUMINUM SARATOGA
BlackShades DarkComet Xtreme RAT Poison Ivy Quasar RAT Molerats
2020-01-01DragosJoe Slowik
Threat Intelligence and the Limits of Malware Analysis
Exaramel Exaramel Industroyer Lookback NjRAT PlugX
2020-01-01SecureworksSecureWorks
COPPER FIELDSTONE
Crimson RAT DarkComet Luminosity RAT NjRAT Operation C-Major
2019-12-28Paul Burbage
The Tale of the Pija-Droid Firefinch
Loki Password Stealer (PWS)
2019-12-24Github (itsKindred)Derek Kleinhen
Bashar Bachir Infection Chain Analysis
NjRAT
2019-12-12FireEyeChi-en Shen, Oleg Bondarenko
Cyber Threat Landscape in Japan – Revealing Threat in the Shadow
Cerberus TSCookie Cobalt Strike Dtrack Emotet Formbook IcedID Icefog IRONHALO Loki Password Stealer (PWS) PandaBanker PLEAD poisonplug TrickBot BlackTech
2019-11-28Kaspersky LabsGReAT
RevengeHotels: cybercrime targeting hotel front desks worldwide
Revenge RAT ProCC RevengeHotels
2019-11-19FireEyeKelli Vanderlee, Nalani Fraser
Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions
MESSAGETAP TSCookie ACEHASH CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT HIGHNOON HTran MimiKatz NetWire RC poisonplug Poison Ivy pupy Quasar RAT ZXShell
2019-11-11Binary DefenseBinary Defense
Revenge Is A Dish Best Served… Obfuscated?
Houdini Revenge RAT
2019-10-28Marco Ramilli's BlogMarco Ramilli
SWEED Targeting Precision Engineering Companies in Italy
Loki Password Stealer (PWS)
2019-10-21FortinetChris Navarrete, Xiaopeng Zhang
New Variant of Remcos RAT Observed In the Wild
Remcos
2019-09-26ProofpointBryan Campbell, Jeremy Hedges, Proofpoint Threat Insight Team
New WhiteShadow downloader uses Microsoft SQL to retrieve malware
WhiteShadow Agent Tesla Azorult Crimson RAT Formbook Nanocore RAT NetWire RC NjRAT Remcos
2019-09-24YoroiAntonio Farina, Luca Mella
APT or not APT? What's Behind the Aggah Campaign
Azorult
2019-09-23MITREMITRE ATT&CK
APT41
Derusbi MESSAGETAP Winnti ASPXSpy BLACKCOFFEE CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT MimiKatz NjRAT PlugX ShadowPad Winnti ZXShell APT41
2019-09-19NSHCThreatRecon Team
Hagga of SectorH01 continues abusing Bitly, Blogger and Pastebin to deliver RevengeRAT and NanoCore
Nanocore RAT Revenge RAT
2019-09-07Dissecting MalwareMarius Genheimer
Malicious RATatouille
Remcos
2019-08-30Github (threatland)ThreatLand
njRAT builders
NjRAT
2019-08-25Github (threatland)ThreatLand
Nanocor Sample
Nanocore RAT
2019-08-22Youtube (OALabs)Sergei Frankoff
Remcos RAT Unpacked From VB6 With x64dbg Debugger
Remcos
2019-08-15Trend MicroAliakbar Zahravi
Analysis: New Remcos RAT Arrives Via Phishing Email
Remcos
2019-08-10Check PointOmer Gull
SELECT code_execution FROM * USING SQLite;
Azorult Loki Password Stealer (PWS) Pony
2019-08-01Kaspersky LabsGReAT
APT trends report Q2 2019
ZooPark magecart POWERSTATS Chaperone COMpfun EternalPetya FinFisher RAT HawkEye Keylogger HOPLIGHT Microcin NjRAT Olympic Destroyer PLEAD RokRAT Triton Zebrocy
2019-07-15Cisco TalosEdmund Brumaghin
SWEED: Exposing years of Agent Tesla campaigns
Agent Tesla Formbook Loki Password Stealer (PWS) SWEED
2019-07-11InfoSec Handlers Diary BlogBrad Duncan
Recent AZORult activity
Azorult
2019-06-19Check PointKobi Eisenkraft, Moshe Hayun
Check Point’s Threat Emulation Stops Large-Scale Phishing Campaign in Germany
Remcos
2019-06-08YoroiDavide Testa, Luca Mella, Luigi Martire, ZLAB-Yoroi
The Evolution of Aggah: From Roma225 to the RG Campaign
Revenge RAT
2019-06-04CylanceCylance Threat Research Team
Threat Spotlight: Analyzing AZORult Infostealer Malware
Azorult
2019-05-24FortinetBen Hunter
Uncovering new Activity by APT10
PlugX Quasar RAT
2019-05-20Twitter (@struppigel)Karsten Hahn
Tweet on Yggdrasil / CinaRAT
Quasar RAT
2019-05-08VMRayFrancis Montesino
Get Smart with Enhanced Memory Dumping in VMRay Analyzer 3.0
Remcos
2019-05-05GoggleHeadedHacker BlogJacob Pimental
Unpacking NanoCore Sample Using AutoIT
Nanocore RAT
2019-04-17Palo Alto Networks Unit 42Brittany Ash, Robert Falcone
Aggah Campaign: Bit.ly, BlogSpot, and Pastebin Used for C2 in Large Scale Campaign
Hagga The Gorgon Group
2019-04-16FireEyeBen Read, Chi-en Shen, John Hultquist, Oleg Bondarenko
Spear Phishing Campaign Targets Ukraine Government and Military; Infrastructure Reveals Potential Link to So-Called Luhansk People's Republic
Quasar RAT Vermin
2019-04-05TrustwavePhil Hay, Rodel Mendrez
Spammed PNG file hides LokiBot
Loki Password Stealer (PWS)
2019-04-01Macnica NetworksMacnica Networks
Trends in Cyber ​​Espionage Targeting Japan 2nd Half of 2018
Anel Cobalt Strike Datper PLEAD Quasar RAT RedLeaves taidoor Zebrocy
2019-03-27SymantecSecurity Response Attack Investigation Team
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.
DarkComet Nanocore RAT pupy Quasar RAT Remcos TURNEDUP APT33
2019-03-27SymantecCritical Attack Discovery and Intelligence Team
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.
DarkComet MimiKatz Nanocore RAT NetWire RC pupy Quasar RAT Remcos StoneDrill TURNEDUP APT33
2019-03-25360 Core Securityzhanghao-ms
Patting the Bear (APT-C-37): Exposure of Continued Attacks Against an Armed Organization
Houdini NjRAT
2019-03-22Kaspersky LabsAlexander Eremin
AZORult++: Rewriting history
Azorult
2019-02-14CISACISA
AR18-352A: Quasar Open-Source Remote Administration Tool
Quasar RAT
2019-02-07BluelivBlueliv Labs Team
Sales of AZORult grind to an AZOR-halt
Azorult
2019-01-28Minerva LabsAsaf Aprozper, Gal Bitensky
AZORult: Now, as A Signed “Google Update”
Azorult
2019-01-01MITREMITRE ATT&CK
Group description: Gorgon Group
The Gorgon Group
2018-12-04Brad Duncan
Malspam pushing Lokibot malware
Loki Password Stealer (PWS)
2018-10-17Check PointIsrael Gubi
The Emergence of the New Azorult 3.3
Azorult
2018-10-01Macnica NetworksMacnica Networks
Trends in cyber espionage (targeted attacks) targeting Japan | First half of 2018
Anel Cobalt Strike Datper FlawedAmmyy Quasar RAT RedLeaves taidoor Winnti xxmm
2018-08-29Kaspersky LabsTatyana Shcherbakova
Loki Bot: On a hunt for corporate passwords
Loki Password Stealer (PWS)
2018-08-22Cisco TalosEdmund Brumaghin, Eric Kuhla, Holger Unterbrink, Lilia Gonzalez Medina
Picking Apart Remcos Botnet-In-A-Box
Remcos
2018-08-18Bleeping ComputerVishal Thakur
AZORult Trojan Serving Aurora Ransomware by MalActor Oktropys
Aurora Azorult
2018-08-02Palo Alto Networks Unit 42David Fuertes, Josh Grunzweig, Kyle Wilhoit, Robert Falcone
The Gorgon Group: Slithering Between Nation State and Cybercrime
Loki Password Stealer (PWS) Nanocore RAT NjRAT Quasar RAT Remcos Revenge RAT
2018-08-02David Fuertes, Josh Grunzweig, Kyle Wilhoit, Robert Falcone
The Gorgon Group: Slithering Between Nation State and Cybercrime
The Gorgon Group
2018-07-30ProofpointProofpoint Staff
New version of AZORult stealer improves loading features, spreads alongside ransomware in new campaign
Azorult Hermes
2018-07-23360 Threat IntelligenceQi Anxin Threat Intelligence Center
Golden Rat Organization-targeted attack in Syria
NjRAT APT-C-27
2018-07-17ESET ResearchKaspars Osis
A deep dive down the Vermin RAThole
Quasar RAT Sobaken Vermin
2018-07-06Github (d00rt)d00rt
LokiBot Infostealer Jihacked Version
Loki Password Stealer (PWS)
2018-06-07VolexityMatthew Meltzer, Sean Koessel, Steven Adair
Patchwork APT Group Targets US Think Tanks
Quasar RAT Unidentified 047 QUILTED TIGER
2018-05-17Minerva LabsGal Bitensky
Analyzing an AZORult Attack – Evasion in a Cloak of Multiple Layers
Azorult
2018-03-30360 Threat IntelligenceQi Anxin Threat Intelligence Center
Analysis of the latest cyber attack activity of the APT organization against sensitive institutions in China
Quasar RAT
2018-03-02KrabsOnSecurityMr. Krabs
Analysing Remcos RAT’s executable
Remcos
2018-03-01My Online SecurityMy Online Security
Fake order spoofed from Finchers ltd Sankyo-Rubber delivers Remcos RAT via ACE attachments
Remcos
2018-02-26Bleeping ComputerCatalin Cimpanu
Nanocore RAT Author Gets 33 Months in Prison
Nanocore RAT
2018-01-23RiskIQYonathan Klijnsma
Espionage Campaign Leverages Spear Phishing, RATs Against Turkish Defense Contractors
Remcos
2017-12-22Malware Traffic AnalysisBrad Duncan
MALSPAM USES CVE-2017-0199 TO DISTRIBUTE REMCOS RAT
Remcos
2017-12-19LastlineAndy Norton
Novel Excel Spreadsheet Attack Launches Password Stealing Malware Loki Bot
Loki Password Stealer (PWS)
2017-12-11Trend MicroCedric Pernet, Daniel Lunghi, Jaromír Hořejší
Untangling the Patchwork Cyberespionage Group
Quasar RAT
2017-11-12MalwareBreakdown
Seamless Campaign Delivers Ramnit via RIG EK at 188.225.82.158. Follow-up Malware is AZORult Stealer.
Azorult
2017-10-27Palo Alto Networks Unit 42Unit42
Tracking Subaat: Targeted Phishing Attack Leads to Threat Actor’s Repository
The Gorgon Group
2017-09-20FireEyeJacqueline O’Leary, Josiah Kimble, Kelli Vanderlee, Nalani Fraser
Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware
DROPSHOT Nanocore RAT NetWire RC SHAPESHIFT TURNEDUP APT33
2017-07-24Malware BreakdownMalware Breakdown
The Seamless Campaign Drops Ramnit. Follow-up Malware: AZORult Stealer, Smoke Loader, etc.
Azorult
2017-07-24Vitali Kremez BlogVitali Kremez
Let's Learn: Reversing Credential and Payment Card Information Stealer 'AZORult V2'
Azorult
2017-07-08InfoSec Handlers Diary BlogXavier Mertens
A VBScript with Obfuscated Base64 Data
Revenge RAT
2017-07-01Secrary Bloglasha
Remcos RAT
Remcos
2017-06-22SANS Institute Information Security Reading RoomRob Pantazopoulos
Loki-Bot: InformationStealer, Keylogger, &More!
Loki Password Stealer (PWS)
2017-05-17FortinetHua Liu, Xiaopeng Zhang
New Loki Variant Being Spread via PDF File
Loki Password Stealer (PWS)
2017-05-07R3MRUMR3MRUM
Loki-Bot: Come out, come out, wherever you are!
Loki Password Stealer (PWS)
2017-05-05Github (R3MRUM)R3MRUM
loki-parse
Loki Password Stealer (PWS)
2017-04-01PricewaterhouseCoopersPricewaterhouseCoopers
Operation Cloud Hopper: Technical Annex
ChChes PlugX Quasar RAT RedLeaves Trochilus RAT
2017-03-23CofenseCofense
Tales from the Trenches: Loki Bot Malware
Loki Password Stealer (PWS)
2017-02-16CysinfoWinston M
Nefarious Macro Malware drops “Loki Bot” to steal sensitive information across GCC countries!
Loki Password Stealer (PWS)
2017-02-14FortinetFloser Bacurio, Joie Salvio
REMCOS: A New RAT In The Wild
Remcos
2017-01-30Palo Alto Networks Unit 42Mashav Sapir, Netanel Rimer, Simon Conant, Taras Malivanchuk, Tomer Bar, Yaron Samuel
Downeks and Quasar RAT Used in Recent Targeted Attacks Against Governments
Quasar RAT
2016-11-30FortinetLilia Elena Gonzalez Medina
Bladabindi Remains A Constant Threat By Using Dynamic DNS Services
NjRAT
2016-10-26UnknownChris Doman
Moonlight – Targeted attacks in the Middle East
Houdini NjRAT Molerats
2016-10-20Twitter (@malwrhunterteam)MalwareHunterTeam
Tweet on Quasar RAT
Quasar RAT
2016-07-26ProofpointProofpoint
Threat Actors Using Legitimate PayPal Accounts To Distribute Chthonic Banking Trojan
Azorult Chthonic
2015-01-22Trend MicroMichael Marcos
New RATs Emerge from Leaked Njw0rm Source Code
NjRAT

Credits: MISP Project