| SYMBOL | COMMON_NAME | aka. SYNONYMS |
UNC1878 is a financially motivated threat actor that monetizes network access via the deployment of RYUK ransomware. Earlier this year, Mandiant published a blog on a fast-moving adversary deploying RYUK ransomware, UNC1878. Shortly after its release, there was a significant decrease in observed UNC1878 intrusions and RYUK activity overall almost completely vanishing over the summer. But beginning in early fall, Mandiant has seen a resurgence of RYUK along with TTP overlaps indicating that UNC1878 has returned from the grave and resumed their operations.
| 2025-06-24
⋅
Bridewell
⋅
2025 Cyber Threat Intelligence Report AsyncRAT Brute Ratel C4 Cobalt Strike Fog Ghost RAT Lumma Stealer Meduza Stealer Quasar RAT RedLine Stealer Sliver |
| 2025-06-23
⋅
Rushter
⋅
Threat Hunting Introduction: Cobalt Strike Cobalt Strike |
| 2025-06-19
⋅
Hunt.io
⋅
Cobalt Strike Operators Leverage PowerShell Loaders Across Chinese, Russian, and Global Infrastructure Cobalt Strike |
| 2025-06-17
⋅
DARKReading
⋅
Operation Endgame: Do Takedowns and Arrests Matter? BumbleBee Emotet Pikabot SmokeLoader TrickBot |
| 2025-06-15
⋅
Positive Technologies
⋅
Team46 and TaxOff: two sides of the same coin Cobalt Strike |
| 2025-05-27
⋅
Trend Micro
⋅
Earth Lamia Develops Custom Arsenal to Target Multiple Industries BypassBoss Cobalt Strike JuicyPotato PULSEPACK STOWAWAY Vshell |
| 2025-04-29
⋅
Nextron Systems
⋅
Nitrogen Dropping Cobalt Strike – A Combination of “Chemical Elements” Cobalt Strike Nitrogen Loader |
| 2025-04-24
⋅
Mandiant
⋅
M-Trends 2025 Report Akira Black Basta LockBit SystemBC GootLoader LockBit WIREFIRE Akira Black Basta Cobalt Strike LockBit RansomHub SystemBC Pink Sandstorm |
| 2025-03-31
⋅
Trend Micro
⋅
The Espionage Toolkit of Earth Alux: A Closer Look at its Advanced Techniques Godzilla Webshell Cobalt Strike RAILSETTER Earth Alux |
| 2025-03-31
⋅
Seqrite
⋅
Operation HollowQuill: Malware delivered into Russian R&D Networks via Research Decoy PDFs Cobalt Strike HollowQuill |
| 2025-01-21
⋅
Trend Micro
⋅
Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions Cobalt Strike HemiGate ShadowPad SNAPPYBEE SparrowDoor UNC4841 |
| 2025-01-10
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update July to December 2024 Coper FluBot Hook Mirai FAKEUPDATES AsyncRAT BianLian Brute Ratel C4 Cobalt Strike DanaBot DCRat Havoc Latrodectus NjRAT Quasar RAT RedLine Stealer Remcos Rhadamanthys Sliver Stealc |
| 2025-01-07
⋅
Hunt.io
⋅
Golang Beacons and VS Code Tunnels: Tracking a Cobalt Strike Server Leveraging Trusted Infrastructure Cobalt Strike |
| 2024-12-04
⋅
Rapid7
⋅
Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware Black Basta Cobalt Strike DarkGate SystemBC Zloader |
| 2024-12-03
⋅
Hunt.io
⋅
Rare Watermark Links Cobalt Strike 4.10 Team Servers to Ongoing Suspicious Activity Cobalt Strike |
| 2024-11-19
⋅
Trend Micro
⋅
Spot the Difference: Earth Kasha's New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella Cobalt Strike LODEINFO NOOPDOOR MirrorFace |
| 2024-11-12
⋅
Recorded Future
⋅
China-Nexus TAG-112 Compromises Tibetan Websites to Distribute Cobalt Strike Cobalt Strike TAG-112 |
| 2024-11-12
⋅
Recorded Future
⋅
China-Nexus TAG-112 Compromises Tibetan Websites to Distribute Cobalt Strike Cobalt Strike |
| 2024-10-31
⋅
Hunt.io
⋅
Tricks, Treats, and Threats: Cobalt Strike & the Goblin Lurking in Plain Sight Cobalt Strike |
| 2024-10-24
⋅
Seqrite
⋅
Operation Cobalt Whisper: Threat Actor Targets Multiple Industries Across Hong Kong and Pakistan Cobalt Strike Operation Cobalt Whisper |
| 2024-10-23
⋅
Cisco Talos
⋅
Highlighting TA866/Asylum Ambuscade Activity Since 2021 WasabiSeed Cobalt Strike csharp-streamer RAT Resident Rhadamanthys WarmCookie |
| 2024-10-23
⋅
Cisco Talos
⋅
Threat Spotlight: WarmCookie/BadSpace Cobalt Strike csharp-streamer RAT WarmCookie |
| 2024-10-10
⋅
Hunt.io
⋅
Unmasking Adversary Infrastructure: How Certificates and Redirects Exposed Earth Baxia and PlugX Activity Cobalt Strike PlugX |
| 2024-09-19
⋅
Trend Micro
⋅
Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC (IoCs) Cobalt Strike Earth Baxia |
| 2024-09-19
⋅
Trend Micro
⋅
Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC Cobalt Strike Earth Baxia |
| 2024-08-29
⋅
Securonix
⋅
From Cobalt Strike to Mimikatz: A Deep Dive into the SLOW#TEMPEST Campaign Targeting Chinese Users Cobalt Strike MimiKatz |
| 2024-08-26
⋅
The DFIR Report
⋅
BlackSuit Ransomware BlackSuit Cobalt Strike SystemBC |
| 2024-08-23
⋅
TEAMT5
⋅
Sailing the Seven SEAs: Deep Dive into Polaris' Arsenal and Intelligence Insights Cobalt Strike Hodur PlugX TONESHELL |
| 2024-08-23
⋅
ITOCHU
⋅
Pirates of The Nang Hai: Follow the Artifacts No One Know Cobalt Strike Xiangoop |
| 2024-08-22
⋅
⋅
NTT
⋅
AppDomainManager Injectionを悪用したマルウェアによる攻撃について Cobalt Strike Earth Baxia |
| 2024-08-21
⋅
TG Soft
⋅
Chinese APT abuses MSC files with GrimResource vulnerability Cobalt Strike Earth Baxia |
| 2024-08-12
⋅
Rapid7
⋅
Ongoing Social Engineering Campaign Refreshes Payloads Black Basta Cobalt Strike GhostSocks Lumma Stealer SystemBC |
| 2024-08-04
⋅
Twitter (@embee_research)
⋅
Decoding a Cobalt Strike Downloader Script With CyberChef Cobalt Strike |
| 2024-08-01
⋅
Cisco
⋅
APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike Cobalt Strike ShadowPad |
| 2024-07-25
⋅
SOC Prime
⋅
UAC-0057 Attack Detection: A Surge in Adversary Activity Distributing PICASSOLOADER and Cobalt Strike Beacon Cobalt Strike PicassoLoader Ghostwriter |
| 2024-07-22
⋅
Censys
⋅
A Beginner’s Guide to Hunting Malicious Open Directories Cobalt Strike Lumma Stealer Vidar |
| 2024-07-18
⋅
Mandiant
⋅
APT41 Has Arisen From the DUST Cobalt Strike |
| 2024-07-16
⋅
Recorded Future
⋅
TAG-100 Uses Open-Source Tools in Suspected Global Espionage Campaign, Compromising Two Asia-Pacific Intergovernmental Bodies Cobalt Strike |
| 2024-07-10
⋅
Zscaler
⋅
DodgeBox: A deep dive into the updated arsenal of APT41 | Part 1 Cobalt Strike DUSTPAN DUSTTRAP |
| 2024-07-09
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update January to June 2024 Coper FluBot Hook Bashlite Mirai FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc NjRAT QakBot Quasar RAT RedLine Stealer Remcos Rhadamanthys RisePro Sliver |
| 2024-07-02
⋅
Sekoia
⋅
Exposing FakeBat loader: distribution methods and adversary infrastructure BlackCat Royal Ransom EugenLoader Carbanak Cobalt Strike DICELOADER Gozi IcedID Lumma Stealer NetSupportManager RAT Pikabot RedLine Stealer SectopRAT Sliver SmokeLoader Vidar |
| 2024-06-21
⋅
Elastic
⋅
GrimResource - Microsoft Management Console for initial access and evasion Cobalt Strike |
| 2024-06-05
⋅
S-RM
⋅
Exmatter malware levels up: S-RM observes new variant with simultaneous remote code execution and data targeting BlackCat BlackMatter Conti ExMatter LockBit REvil Ryuk |
| 2024-05-30
⋅
Europol
⋅
Largest ever operation against botnets hits dropper malware ecosystem BumbleBee IcedID SmokeLoader SystemBC TrickBot |
| 2024-05-23
⋅
Checkpoint
⋅
Sharp dragon expands towards africa and the caribbean 5.t Downloader Cobalt Strike |
| 2024-05-23
⋅
Check Point
⋅
Chinese Espionage Campaign Expands to Target Africa and The Caribbean 5.t Downloader Cobalt Strike |
| 2024-05-15
⋅
Microsoft
⋅
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware Black Basta Cobalt Strike QakBot UNC4393 |
| 2024-05-15
⋅
Microsoft
⋅
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware Black Basta Cobalt Strike QakBot SystemBC |
| 2024-05-14
⋅
Kaspersky
⋅
QakBot attacks with Windows zero-day (CVE-2024-30051) Cobalt Strike QakBot |
| 2024-05-10
⋅
Rapid7 Labs
⋅
Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators Black Basta Black Basta Cobalt Strike NetSupportManager RAT |
| 2024-05-01
⋅
Natto Thoughts
⋅
Ransom-War: Russian Extortion Operations as Hybrid Warfare, Part One Clop Conti Maze TrickBot |
| 2024-04-24
⋅
Securonix
⋅
Analysis of Ongoing FROZEN#SHADOW Attack Campaign Leveraging SSLoad Malware and RMM Software for Domain Takeover Cobalt Strike Latrodectus |
| 2024-04-01
⋅
The DFIR Report
⋅
From OneNote to RansomNote: An Ice Cold Intrusion Cobalt Strike IcedID Nokoyawa Ransomware PhotoLoader |
| 2024-03-01
⋅
Medium b.magnezi
⋅
Malware Analysis - Cobalt Strike Cobalt Strike |
| 2024-02-09
⋅
Censys
⋅
A Beginners Guide to Tracking Malware Infrastructure AsyncRAT BianLian Cobalt Strike QakBot |
| 2024-02-08
⋅
YouTube (Embee Research)
⋅
Cobalt Strike Decoding and C2 Extraction - 3 Minute Malware Analysis Speedrun Cobalt Strike |
| 2024-01-26
⋅
Trendmicro
⋅
Spot the Difference: An Analysis of the New LODEINFO Campaign by Earth Kasha Anel Cobalt Strike LODEINFO NOOPDOOR |
| 2024-01-13
⋅
YouTube (Embee Research)
⋅
Cobalt Strike Shellcode Analysis and C2 Extraction Cobalt Strike |
| 2024-01-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q4 2023 FluBot Hook FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc IcedID Lumma Stealer Meterpreter NjRAT Pikabot QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver |
| 2024-01-09
⋅
Recorded Future
⋅
2023 Adversary Infrastructure Report AsyncRAT Cobalt Strike Emotet PlugX ShadowPad |
| 2024-01-04
⋅
Netresec
⋅
Hunting for Cobalt Strike in PCAP Cobalt Strike |
| 2023-12-20
⋅
Twitter (@embee_research)
⋅
Defeating Obfuscated Malware Scripts - Cobalt Strike Cobalt Strike |
| 2023-12-19
⋅
Twitter (@embee_research)
⋅
Free Ghidra Tutorials for Beginners Cobalt Strike DarkGate |
| 2023-12-08
⋅
Twitter (@embee_research)
⋅
Ghidra Basics - Manual Shellcode Analysis and C2 Extraction Cobalt Strike |
| 2023-12-06
⋅
MITRE
⋅
Cinnamon Tempest Cobalt Strike HUI Loader PlugX Sliver BRONZE STARLIGHT |
| 2023-12-04
⋅
The DFIR Report
⋅
SQL Brute Force leads to Bluesky Ransomware BlueSky Cobalt Strike |
| 2023-12-01
⋅
The Record
⋅
Russian developer of Trickbot malware pleads guilty, faces 35-year sentence TrickBot |
| 2023-11-26
⋅
Medium shaddy43
⋅
From Infection to Encryption: Tracing the Impact of RYUK Ransomware Ryuk |
| 2023-11-19
⋅
Twitter (@embee_research)
⋅
Combining Pivot Points to Identify Malware Infrastructure - Redline, Smokeloader and Cobalt Strike Amadey Cobalt Strike RedLine Stealer SmokeLoader |
| 2023-11-14
⋅
Medium joshuapenny88
⋅
HostingHunter Series: CHANG WAY TECHNOLOGIES CO. LIMITED Hook Hydra Cobalt Strike SectopRAT |
| 2023-11-10
⋅
NSFOCUS
⋅
The New APT Group DarkCasino and the Global Surge in WinRAR 0-Day Exploits Cobalt Strike Konni DarkCasino Opal Sleet |
| 2023-11-07
⋅
SOCRadar
⋅
New Gootloader Variant “GootBot” Changes the Game in Malware Tactics GootLoader Cobalt Strike UNC2565 |
| 2023-11-06
⋅
Twitter (@embee_research)
⋅
Unpacking Malware With Hardware Breakpoints - Cobalt Strike Cobalt Strike |
| 2023-11-01
⋅
nccgroup
⋅
Popping Blisters for research: An overview of past payloads and exploring recent developments Blister Cobalt Strike |
| 2023-10-23
⋅
Twitter (@embee_research)
⋅
Cobalt Strike .VBS Loader - Decoding with Advanced CyberChef and Emulation Cobalt Strike |
| 2023-10-20
⋅
Twitter (@embee_research)
⋅
Decoding a Cobalt Strike .hta Loader Using CyberChef and Emulation Cobalt Strike |
| 2023-10-18
⋅
Twitter (@embee_research)
⋅
Ghidra Tutorial - Using Entropy To Locate a Cobalt Strike Decryption Function Cobalt Strike |
| 2023-10-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q3 2023 FluBot AsyncRAT Ave Maria Cobalt Strike DCRat Havoc IcedID ISFB Nanocore RAT NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Stealc Tofsee Vidar |
| 2023-10-12
⋅
Netresec
⋅
Forensic Timeline of an IcedID Infection Cobalt Strike IcedID IcedID Downloader |
| 2023-10-10
⋅
Symantec
⋅
Grayling: Previously Unseen Threat Actor Targets Multiple Organizations in Taiwan Cobalt Strike Havoc MimiKatz Grayling |
| 2023-10-03
⋅
Malware Traffic Analysis
⋅
2023-10-03 (Tuesday) - PikaBot infection with Cobalt Strike Cobalt Strike Pikabot |
| 2023-09-22
⋅
Mandiant
⋅
Backchannel Diplomacy: APT29’s Rapidly Evolving Diplomatic Phishing Operations Brute Ratel C4 Cobalt Strike EnvyScout GraphDrop QUARTERRIG sRDI Unidentified 107 (APT29) |
| 2023-09-22
⋅
Palo Alto Networks Unit 42
⋅
Cyberespionage Attacks Against Southeast Asian Government Linked to Stately Taurus, Aka Mustang Panda Cobalt Strike MimiKatz RemCom ShadowPad TONESHELL |
| 2023-09-12
⋅
⋅
ANSSI
⋅
FIN12: A Cybercriminal Group with Multiple Ransomware BlackCat Cobalt Strike Conti Hive MimiKatz Nokoyawa Ransomware PLAY Royal Ransom Ryuk SystemBC |
| 2023-09-07
⋅
Department of Justice
⋅
Multiple Foreign Nationals Charged in Connection with Trickbot Malware and Conti Ransomware Conspiracies Conti Conti TrickBot |
| 2023-08-30
⋅
Nisos
⋅
Trickbot in Light of Trickleaks Data TrickBot |
| 2023-08-30
⋅
Trend Micro
⋅
Earth Estries Targets Government, Tech for Cyberespionage Cobalt Strike HemiGate Earth Estries |
| 2023-08-28
⋅
The DFIR Report
⋅
HTML Smuggling Leads to Domain Wide Ransomware Cobalt Strike IcedID Nokoyawa Ransomware |
| 2023-08-18
⋅
TEAMT5
⋅
Unmasking CamoFei: An In-depth Analysis of an Emerging APT Group Focused on Healthcare Sectors in East Asia CatB Cobalt Strike DoorMe GIMMICK |
| 2023-08-18
⋅
d01a
⋅
Understanding Syscalls: Direct, Indirect, and Cobalt Strike Implementation Cobalt Strike |
| 2023-08-17
⋅
SentinelOne
⋅
Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector Cobalt Strike HUI Loader BRONZE STARLIGHT |
| 2023-08-07
⋅
Recorded Future
⋅
RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale Winnti Brute Ratel C4 Cobalt Strike FunnySwitch PlugX ShadowPad Spyder Earth Lusca |
| 2023-07-29
⋅
Google
⋅
Threat Horizons August 2023 Threat Horizons Report SharkBot Cobalt Strike |
| 2023-07-27
⋅
Bankinfo Security
⋅
Are Akira Ransomware's Crypto-Locking Malware Days Numbered? Akira Ryuk |
| 2023-07-11
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q2 2023 Hydra AsyncRAT Aurora Stealer Ave Maria BumbleBee Cobalt Strike DCRat Havoc IcedID ISFB NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee |
| 2023-07-07
⋅
Lab52
⋅
Beyond appearances: unknown actor using APT29’s TTP against Chinese users Cobalt Strike |
| 2023-06-30
⋅
K7 Security
⋅
Cobalt Strike’s Deployment with Hardware Breakpoint for AMSI Bypass Cobalt Strike |
| 2023-06-27
⋅
SecurityIntelligence
⋅
The Trickbot/Conti Crypters: Where Are They Now? Black Basta Conti Mount Locker PhotoLoader Royal Ransom SystemBC TrickBot |
| 2023-06-16
⋅
SOC Prime
⋅
PicassoLoader and Cobalt Strike Beacon Detection: UAC-0057 aka GhostWriter Hacking Group Attacks the Ukrainian Leading Military Educational Institution Cobalt Strike PicassoLoader Ghostwriter |
| 2023-06-15
⋅
eSentire
⋅
eSentire Threat Intelligence Malware Analysis: Resident Campaign Cobalt Strike Resident Rhadamanthys WarmCookie |
| 2023-06-10
⋅
The DFIR Report
⋅
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment BlackCat Cobalt Strike IcedID |
| 2023-06-08
⋅
Twitter (@embee_research)
⋅
Practical Queries for Identifying Malware Infrastructure: An informal page for storing Censys/Shodan queries Amadey AsyncRAT Cobalt Strike QakBot Quasar RAT Sliver solarmarker |
| 2023-06-08
⋅
VMRay
⋅
Busy Bees - The Transformation of BumbleBee BumbleBee Cobalt Strike Conti Meterpreter Sliver |
| 2023-05-11
⋅
cocomelonc
⋅
Malware development trick - part 28: Dump lsass.exe. Simple C++ example. Cobalt Strike APT3 Keylogger |
| 2023-04-20
⋅
Github (dodo-sec)
⋅
An analysis of syscall usage in Cobalt Strike Beacons Cobalt Strike |
| 2023-04-20
⋅
Secureworks
⋅
Bumblebee Malware Distributed Via Trojanized Installer Downloads BumbleBee Cobalt Strike |
| 2023-04-18
⋅
Mandiant
⋅
M-Trends 2023 QUIETEXIT AppleJeus Black Basta BlackCat CaddyWiper Cobalt Strike Dharma HermeticWiper Hive INDUSTROYER2 Ladon LockBit Meterpreter PartyTicket PlugX QakBot REvil Royal Ransom SystemBC WhisperGate |
| 2023-04-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q1 2023 FluBot Amadey AsyncRAT Aurora Ave Maria BumbleBee Cobalt Strike DCRat Emotet IcedID ISFB NjRAT QakBot RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee Vidar |
| 2023-04-03
⋅
The DFIR Report
⋅
Malicious ISO File Leads to Domain Wide Ransomware Cobalt Strike IcedID Mount Locker |
| 2023-03-30
⋅
United States District Court (Eastern District of New York)
⋅
Cracked Cobalt Strike (1:23-cv-02447) Black Basta BlackCat LockBit RagnarLocker LockBit Black Basta BlackCat Cobalt Strike Cuba Emotet LockBit Mount Locker PLAY QakBot RagnarLocker Royal Ransom Zloader |
| 2023-03-30
⋅
Recorded Future
⋅
With KEYPLUG, China’s RedGolf Spies On, Steals From Wide Field of Targets KEYPLUG Cobalt Strike PlugX RedGolf |
| 2023-03-30
⋅
eSentire
⋅
eSentire Threat Intelligence Malware Analysis: BatLoader BATLOADER Cobalt Strike ISFB SystemBC Vidar |
| 2023-03-28
⋅
ExaTrack
⋅
Mélofée: a new alien malware in the Panda's toolset targeting Linux hosts HelloBot Melofee Winnti Cobalt Strike SparkRAT STOWAWAY |
| 2023-03-10
⋅
Medium walmartglobaltech
⋅
From Royal With Love Cobalt Strike Conti PLAY Royal Ransom Somnia |
| 2023-03-01
⋅
Zscaler
⋅
OneNote: A Growing Threat for Malware Distribution AsyncRAT Cobalt Strike IcedID QakBot RedLine Stealer |
| 2023-02-23
⋅
Bitdefender
⋅
Technical Advisory: Various Threat Actors Targeting ManageEngine Exploit CVE-2022-47966 Cobalt Strike DarkComet QuiteRAT RATel |
| 2023-02-22
⋅
Symantec
⋅
Hydrochasma: Previously Unknown Group Targets Medical and Shipping Organizations in Asia Cobalt Strike |
| 2023-02-14
⋅
Cybereason
⋅
GootLoader - SEO Poisoning and Large Payloads Leading to Compromise GootLoader Cobalt Strike SystemBC |
| 2023-02-13
⋅
AhnLab
⋅
Dalbit (m00nlight): Chinese Hacker Group’s APT Attack Campaign Godzilla Webshell ASPXSpy BlueShell CHINACHOPPER Cobalt Strike Ladon MimiKatz Dalbit |
| 2023-02-13
⋅
Kroll
⋅
Royal Ransomware Deep Dive Cobalt Strike Royal Ransom |
| 2023-02-09
⋅
U.S. Department of the Treasury
⋅
United States and United Kingdom Sanction Members of Russia-Based Trickbot Cybercrime Gang TrickBot |
| 2023-02-08
⋅
Trend Micro
⋅
Earth Zhulong: Familiar Patterns Target Southeast Asian Firms Cobalt Strike MACAMAX 1937CN |
| 2023-02-03
⋅
Mandiant
⋅
Float Like a Butterfly Sting Like a Bee BazarBackdoor BumbleBee Cobalt Strike |
| 2023-02-02
⋅
Kroll
⋅
Hive Ransomware Technical Analysis and Initial Access Discovery BATLOADER Cobalt Strike Hive |
| 2023-01-30
⋅
Checkpoint
⋅
Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted Malware Agent Tesla Azorult Buer Cerber Cobalt Strike Emotet Formbook HawkEye Keylogger Loki Password Stealer (PWS) Maze NetWire RC Remcos REvil TrickBot |
| 2023-01-24
⋅
Fortinet
⋅
The Year of the Wiper Azov Wiper Bruh Wiper CaddyWiper Cobalt Strike Vidar |
| 2023-01-23
⋅
Kroll
⋅
Black Basta – Technical Analysis Black Basta Cobalt Strike MimiKatz QakBot SystemBC |
| 2023-01-16
⋅
Intrinsec
⋅
ProxyNotShell – OWASSRF – Merry Xchange Cobalt Strike SystemBC |
| 2023-01-05
⋅
Symantec
⋅
Bluebottle: Campaign Hits Banks in French-speaking Countries in Africa CloudEyE Cobalt Strike MimiKatz NetWire RC POORTRY Quasar RAT BlueBottle |
| 2022-12-27
⋅
Palo Alto Networks Unit 42
⋅
Navigating the Vast Ocean of Sandbox Evasions TrickBot Zebrocy |
| 2022-12-15
⋅
Mandiant
⋅
Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government Cobalt Strike STOWAWAY |
| 2022-12-08
⋅
Cisco Talos
⋅
Breaking the silence - Recent Truebot activity Clop Cobalt Strike FlawedGrace Raspberry Robin Silence Teleport |
| 2022-12-06
⋅
EuRepoC
⋅
Conti/Wizard Spider BazarBackdoor Cobalt Strike Conti Emotet IcedID Ryuk TrickBot WIZARD SPIDER |
| 2022-12-02
⋅
Palo Alto Networks Unit 42
⋅
Blowing Cobalt Strike Out of the Water With Memory Analysis Cobalt Strike |
| 2022-11-21
⋅
Palo Alto Networks Unit 42
⋅
Threat Assessment: Luna Moth Callback Phishing Campaign BazarBackdoor Conti Luna Moth |
| 2022-11-15
⋅
SOC Prime
⋅
Somnia Malware Detection: UAC-0118 aka FRwL Launches Cyber Attacks Against Organizations in Ukraine Using Enhanced Malware Strains Cobalt Strike Vidar UAC-0118 |
| 2022-11-09
⋅
Trend Micro
⋅
Hack the Real Box: APT41’s New Subgroup Earth Longzhi Cobalt Strike MimiKatz Earth Longzhi |
| 2022-11-03
⋅
paloalto Netoworks: Unit42
⋅
Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild Cobalt Strike |
| 2022-11-03
⋅
Group-IB
⋅
Financially motivated, dangerously activated: OPERA1ER APT in Africa Cobalt Strike Common Raven |
| 2022-11-03
⋅
Github (chronicle)
⋅
GCTI Open Source Detection Signatures Cobalt Strike Sliver |
| 2022-10-31
⋅
Cynet
⋅
Orion Threat Alert: Qakbot TTPs Arsenal and the Black Basta Ransomware Black Basta Cobalt Strike QakBot |
| 2022-10-31
⋅
paloalto Netoworks: Unit42
⋅
Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure Dridex Kronos TrickBot Zeus |
| 2022-10-13
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q3 2022 FluBot Arkei Stealer AsyncRAT Ave Maria BumbleBee Cobalt Strike DCRat Dridex Emotet Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT QakBot RecordBreaker RedLine Stealer Remcos Socelars Tofsee Vjw0rm |
| 2022-10-13
⋅
Microsoft
⋅
Hunting for Cobalt Strike: Mining and plotting for fun and profit Cobalt Strike |
| 2022-10-12
⋅
Trend Micro
⋅
Black Basta Ransomware Gang Infiltrates Networks via QAKBOT, Brute Ratel, and Cobalt Strike Black Basta Brute Ratel C4 Cobalt Strike QakBot |
| 2022-10-06
⋅
Trellix
⋅
Evolution of BazarCall Social Engineering Tactics BazarBackdoor BazarCall |
| 2022-10-03
⋅
Check Point
⋅
Bumblebee: increasing its capacity and evolving its TTPs BumbleBee Cobalt Strike Meterpreter Sliver Vidar |
| 2022-10-03
⋅
Trend Micro
⋅
Water Labbu Abuses Malicious DApps to Steal Cryptocurrency Cobalt Strike Water Labbu |
| 2022-09-26
⋅
The DFIR Report
⋅
BumbleBee: Round Two BumbleBee Cobalt Strike Meterpreter |
| 2022-09-25
⋅
YouTube (Arda Büyükkaya)
⋅
Cobalt Strike Shellcode Loader With Rust (YouTube) Cobalt Strike |
| 2022-09-13
⋅
AdvIntel
⋅
AdvIntel's State of Emotet aka "SpmTools" Displays Over Million Compromised Machines Through 2022 Conti Cobalt Strike Emotet Ryuk TrickBot |
| 2022-09-12
⋅
The DFIR Report
⋅
Dead or Alive? An Emotet Story Cobalt Strike Emotet |
| 2022-09-07
⋅
Google
⋅
Initial access broker repurposing techniques in targeted attacks against Ukraine AnchorMail Cobalt Strike IcedID |
| 2022-09-07
⋅
cyble
⋅
Bumblebee Returns With New Infection Technique BumbleBee Cobalt Strike |
| 2022-09-06
⋅
⋅
INCIBE-CERT
⋅
Estudio del análisis de Nobelium BEATDROP BOOMBOX Cobalt Strike EnvyScout Unidentified 099 (APT29 Dropbox Loader) VaporRage |
| 2022-09-06
⋅
CISA
⋅
Alert (AA22-249A) #StopRansomware: Vice Society Cobalt Strike Empire Downloader FiveHands HelloKitty SystemBC Zeppelin |
| 2022-09-06
⋅
Didier Stevens
⋅
An Obfuscated Beacon – Extra XOR Layer Cobalt Strike |
| 2022-09-06
⋅
cocomelonc
⋅
Malware development tricks: parent PID spoofing. Simple C++ example. Cobalt Strike Konni |
| 2022-09-01
⋅
Medium michaelkoczwara
⋅
Hunting C2/Adversaries Infrastructure with Shodan and Censys Brute Ratel C4 Cobalt Strike Deimos GRUNT IcedID Merlin Meterpreter Nighthawk PoshC2 Sliver |
| 2022-09-01
⋅
Trend Micro
⋅
Ransomware Spotlight Black Basta Black Basta Cobalt Strike MimiKatz QakBot |
| 2022-08-31
⋅
Fourcore
⋅
Ryuk Ransomware: History, Timeline, And Adversary Simulation Ryuk |
| 2022-08-30
⋅
eSentire
⋅
Hacker Infrastructure Used in Cisco Breach Discovered Attacking a Top Workforce Management Corporation & an Affiliate of Russia’s Evil Corp Gang Suspected, Reports eSentire Cobalt Strike FiveHands UNC2447 |
| 2022-08-25
⋅
SentinelOne
⋅
BlueSky Ransomware | AD Lateral Movement, Evasion and Fast Encryption Put Threat on the Radar BlueSky Cobalt Strike JuicyPotato |
| 2022-08-22
⋅
Microsoft
⋅
Extortion Economics - Ransomware’s new business model BlackCat Conti Hive REvil AgendaCrypt Black Basta BlackCat Brute Ratel C4 Cobalt Strike Conti Hive Mount Locker Nokoyawa Ransomware REvil Ryuk |
| 2022-08-19
⋅
nccgroup
⋅
Back in Black: Unlocking a LockBit 3.0 Ransomware Attack FAKEUPDATES Cobalt Strike LockBit |
| 2022-08-18
⋅
⋅
NSFOCUS
⋅
New APT group MURENSHARK investigative report: Torpedoes hit Turkish Navy Cobalt Strike |
| 2022-08-18
⋅
IBM
⋅
From Ramnit To Bumblebee (via NeverQuest): Similarities and Code Overlap Shed Light On Relationships Between Malware Developers BumbleBee Karius Ramnit TrickBot Vawtrak |
| 2022-08-18
⋅
Group-IB
⋅
APT41 World Tour 2021 on a tight schedule Cobalt Strike |
| 2022-08-18
⋅
Sophos
⋅
Cookie stealing: the new perimeter bypass Cobalt Strike Meterpreter MimiKatz Phoenix Keylogger Quasar RAT |
| 2022-08-18
⋅
Trustwave
⋅
Overview of the Cyber Weapons Used in the Ukraine - Russia War AcidRain CaddyWiper Cobalt Strike CredoMap DCRat DoubleZero GraphSteel GrimPlant HermeticWiper INDUSTROYER2 InvisiMole IsaacWiper PartyTicket |
| 2022-08-18
⋅
Trustwave
⋅
Overview of the Cyber Weapons Used in the Ukraine - Russia War AcidRain CaddyWiper Cobalt Strike CredoMap DCRat DoubleZero GraphSteel GrimPlant HermeticWiper INDUSTROYER2 InvisiMole IsaacWiper PartyTicket |
| 2022-08-17
⋅
Cybereason
⋅
Bumblebee Loader – The High Road to Enterprise Domain Control BumbleBee Cobalt Strike |
| 2022-08-17
⋅
Secureworks
⋅
DarkTortilla Malware Analysis Agent Tesla AsyncRAT Cobalt Strike DarkTortilla Nanocore RAT RedLine Stealer |
| 2022-08-15
⋅
SentinelOne
⋅
Detecting a Rogue Domain Controller – DCShadow Attack MimiKatz TrickBot |
| 2022-08-12
⋅
SANS ISC
⋅
Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike Cobalt Strike DarkVNC IcedID |
| 2022-08-11
⋅
Malcat
⋅
LNK forensic and config extraction of a cobalt strike beacon Cobalt Strike |
| 2022-08-11
⋅
SecurityScorecard
⋅
The Increase in Ransomware Attacks on Local Governments BlackCat BlackCat Cobalt Strike LockBit |
| 2022-08-10
⋅
⋅
Weixin
⋅
Operation(верность) mercenary: a torrent of steel trapped in the plains of Eastern Europe BumbleBee Cobalt Strike |
| 2022-08-08
⋅
The DFIR Report
⋅
BumbleBee Roasts Its Way to Domain Admin BumbleBee Cobalt Strike |
| 2022-08-06
⋅
MalwareBookReports
⋅
A LOOK BACK AT BAZARLOADER’S DGA BazarBackdoor |
| 2022-08-04
⋅
YouTube (Arda Büyükkaya)
⋅
LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool Cobalt Strike LockBit |
| 2022-08-03
⋅
Palo Alto Networks Unit 42
⋅
Flight of the Bumblebee: Email Lures and File Sharing Services Lead to Malware BazarBackdoor BumbleBee Cobalt Strike Conti |
| 2022-08-02
⋅
Cisco Talos
⋅
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike Manjusaka Cobalt Strike Manjusaka |
| 2022-07-30
⋅
Malware AV evasion - part 8. Encode payload via Z85 Agent Tesla Carbanak Carberp Cardinal RAT Cobalt Strike donut_injector |
| 2022-07-28
⋅
SentinelOne
⋅
Living Off Windows Defender | LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool Cobalt Strike LockBit |
| 2022-07-27
⋅
ReversingLabs
⋅
Threat analysis: Follina exploit fuels 'live-off-the-land' attacks Cobalt Strike MimiKatz |
| 2022-07-27
⋅
cyble
⋅
Targeted Attacks Being Carried Out Via DLL SideLoading Cobalt Strike QakBot |
| 2022-07-27
⋅
Trend Micro
⋅
Gootkit Loader’s Updated Tactics and Fileless Delivery of Cobalt Strike Cobalt Strike GootKit Kronos REvil SunCrypt |
| 2022-07-22
⋅
Binary Ninja
⋅
Reverse Engineering a Cobalt Strike Dropper With Binary Ninja Cobalt Strike |
| 2022-07-20
⋅
NVISO Labs
⋅
Analysis of a trojanized jQuery script: GootLoader unleashed GootLoader Cobalt Strike |
| 2022-07-20
⋅
U.S. Cyber Command
⋅
Cyber National Mission Force discloses IOCs from Ukrainian networks Cobalt Strike GraphSteel GrimPlant MicroBackdoor |
| 2022-07-20
⋅
Advanced Intelligence
⋅
Anatomy of Attack: Truth Behind the Costa Rica Government Ransomware 5-Day Intrusion Cobalt Strike |
| 2022-07-20
⋅
Mandiant
⋅
Evacuation and Humanitarian Documents used to Spear Phish Ukrainian Entities Cobalt Strike GraphSteel GrimPlant MicroBackdoor |
| 2022-07-19
⋅
Palo Alto Networks Unit 42
⋅
Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive Cobalt Strike EnvyScout Gdrive |
| 2022-07-18
⋅
Palo Alto Networks Unit 42
⋅
Obscure Serpens Cobalt Strike Empire Downloader Meterpreter MimiKatz DarkHydrus |
| 2022-07-18
⋅
Censys
⋅
Russian Ransomware C2 Network Discovered in Censys Data Cobalt Strike DeimosC2 MimiKatz PoshC2 |
| 2022-07-13
⋅
Malwarebytes Labs
⋅
Cobalt Strikes again: UAC-0056 continues to target Ukraine in its latest campaign Cobalt Strike |
| 2022-07-13
⋅
Palo Alto Networks Unit 42
⋅
Cobalt Strike Analysis and Tutorial: CS Metadata Encryption and Decryption Cobalt Strike |
| 2022-07-11
⋅
⋅
Cert-UA
⋅
UAC-0056 attack on Ukrainian state organizations using Cobalt Strike Beacon (CERT-UA#4941) Cobalt Strike |
| 2022-07-07
⋅
SANS ISC
⋅
Emotet infection with Cobalt Strike Cobalt Strike Emotet |
| 2022-07-07
⋅
IBM
⋅
Unprecedented Shift: The Trickbot Group is Systematically Attacking Ukraine AnchorMail BumbleBee Cobalt Strike IcedID Meterpreter |
| 2022-07-06
⋅
⋅
Cert-UA
⋅
UAC-0056 cyberattack on Ukrainian state organizations using Cobalt Strike Beacon (CERT-UA#4914) Cobalt Strike |
| 2022-06-30
⋅
Trend Micro
⋅
Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit Black Basta Cobalt Strike QakBot |
| 2022-06-28
⋅
Lumen
⋅
ZuoRAT Hijacks SOHO Routers To Silently Stalk Networks ZuoRAT Cobalt Strike |
| 2022-06-27
⋅
Kaspersky ICS CERT
⋅
Attacks on industrial control systems using ShadowPad Cobalt Strike PlugX ShadowPad |
| 2022-06-26
⋅
Overview of Russian GRU and SVR Cyberespionage Campaigns 1H 2022 Cobalt Strike CredoMap EnvyScout |
| 2022-06-24
⋅
Palo Alto Networks Unit 42
⋅
There Is More Than One Way to Sleep: Dive Deep Into the Implementations of API Hammering by Various Malware Families BazarBackdoor Zloader |
| 2022-06-23
⋅
cyble
⋅
Matanbuchus Loader Resurfaces Cobalt Strike Matanbuchus |
| 2022-06-23
⋅
Secureworks
⋅
BRONZE STARLIGHT Ransomware Operations Use HUI Loader ATOMSILO Cobalt Strike HUI Loader LockFile NightSky Pandora PlugX Quasar RAT Rook SodaMaster BRONZE STARLIGHT |
| 2022-06-21
⋅
McAfee
⋅
Rise of LNK (Shortcut files) Malware BazarBackdoor Emotet IcedID QakBot |
| 2022-06-21
⋅
Cisco Talos
⋅
Avos ransomware group expands with new attack arsenal AvosLocker Cobalt Strike DarkComet MimiKatz |
| 2022-06-20
⋅
⋅
Cert-UA
⋅
UAC-0098 group cyberattack on critical infrastructure of Ukraine (CERT-UA#4842) Cobalt Strike |
| 2022-06-17
⋅
SANS ISC
⋅
Malspam pushes Matanbuchus malware, leads to Cobalt Strike Cobalt Strike Matanbuchus |
| 2022-06-15
⋅
AttackIQ
⋅
Attack Graph Emulating the Conti Ransomware Team’s Behaviors BazarBackdoor Conti TrickBot |
| 2022-06-12
⋅
Malware development: persistence - part 7. Winlogon. Simple C++ example. BazarBackdoor Gazer TurlaRPC Turla SilentMoon |
| 2022-06-11
⋅
Twitter (@MsftSecIntel)
⋅
Tweet on DEV-0401, DEV-0234 exploiting Confluence RCE CVE-2022-26134 Kinsing Mirai Cobalt Strike Lilac Typhoon |
| 2022-06-07
⋅
AdvIntel
⋅
BlackCat — In a Shifting Threat Landscape, It Helps to Land on Your Feet: Tech Dive BlackCat BlackCat Cobalt Strike |
| 2022-06-07
⋅
cyble
⋅
Bumblebee Loader on The Rise BumbleBee Cobalt Strike |
| 2022-06-06
⋅
Trellix
⋅
Growling Bears Make Thunderous Noise Cobalt Strike HermeticWiper WhisperGate NB65 |
| 2022-06-04
⋅
kienmanowar Blog
⋅
[QuickNote] CobaltStrike SMB Beacon Analysis Cobalt Strike |
| 2022-06-03
⋅
AttackIQ
⋅
Attack Graph Response to US CERT AA22-152A: Karakurt Data Extortion Group Cobalt Strike MimiKatz |
| 2022-06-02
⋅
Mandiant
⋅
TRENDING EVIL Q2 2022 CloudEyE Cobalt Strike CryptBot Emotet IsaacWiper QakBot |
| 2022-06-02
⋅
Eclypsium
⋅
Conti Targets Critical Firmware Conti HermeticWiper TrickBot WhisperGate |
| 2022-06-02
⋅
Mandiant
⋅
To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions FAKEUPDATES Blister Cobalt Strike DoppelPaymer Dridex FriedEx Hades LockBit Macaw MimiKatz Phoenix Locker WastedLocker |
| 2022-06-01
⋅
Elastic
⋅
CUBA Ransomware Campaign Analysis Cobalt Strike Cuba Meterpreter MimiKatz SystemBC |
| 2022-05-27
⋅
0ffset Blog
⋅
BAZARLOADER: Analysing The Main Loader BazarBackdoor |
| 2022-05-25
⋅
Medium walmartglobaltech
⋅
SocGholish Campaigns and Initial Access Kit FAKEUPDATES Blister Cobalt Strike NetSupportManager RAT |
| 2022-05-24
⋅
BitSight
⋅
Emotet Botnet Rises Again Cobalt Strike Emotet QakBot SystemBC |
| 2022-05-24
⋅
The Hacker News
⋅
Malware Analysis: Trickbot Cobalt Strike Conti Ryuk TrickBot |
| 2022-05-22
⋅
R136a1
⋅
Introduction of a PE file extractor for various situations Cobalt Strike Matanbuchus |
| 2022-05-20
⋅
sonatype
⋅
New 'pymafka' malicious package drops Cobalt Strike on macOS, Windows, Linux Cobalt Strike |
| 2022-05-20
⋅
Cybleinc
⋅
Malware Campaign Targets InfoSec Community: Threat Actor Uses Fake Proof Of Concept To Deliver Cobalt-Strike Beacon Cobalt Strike |
| 2022-05-20
⋅
AhnLab
⋅
Why Remediation Alone Is Not Enough When Infected by Malware Cobalt Strike DarkSide |
| 2022-05-19
⋅
InfoSec Handlers Diary Blog
⋅
Bumblebee Malware from TransferXL URLs BumbleBee Cobalt Strike |
| 2022-05-19
⋅
InfoSec Handlers Diary Blog
⋅
Bumblebee Malware from TransferXL URLs BumbleBee Cobalt Strike |
| 2022-05-18
⋅
PRODAFT Threat Intelligence
⋅
Wizard Spider In-Depth Analysis Cobalt Strike Conti WIZARD SPIDER |
| 2022-05-17
⋅
Trend Micro
⋅
Ransomware Spotlight: RansomEXX LaZagne Cobalt Strike IcedID MimiKatz PyXie RansomEXX TrickBot |
| 2022-05-12
⋅
Intel 471
⋅
What malware to look for if you want to prevent a ransomware attack Conti BumbleBee Cobalt Strike IcedID Sliver |
| 2022-05-12
⋅
Red Canary
⋅
The Goot cause: Detecting Gootloader and its follow-on activity GootLoader Cobalt Strike |
| 2022-05-12
⋅
Red Canary
⋅
Gootloader and Cobalt Strike malware analysis GootLoader Cobalt Strike |
| 2022-05-12
⋅
TEAMT5
⋅
The Next Gen PlugX/ShadowPad? A Dive into the Emerging China-Nexus Modular Trojan, Pangolin8RAT (slides) KEYPLUG Cobalt Strike CROSSWALK FunnySwitch PlugX ShadowPad Winnti SLIME29 TianWu |
| 2022-05-11
⋅
InfoSec Handlers Diary Blog
⋅
TA578 using thread-hijacked emails to push ISO files for Bumblebee malware BumbleBee Cobalt Strike IcedID PhotoLoader |
| 2022-05-11
⋅
⋅
NTT
⋅
Operation RestyLink: Targeted attack campaign targeting Japanese companies Cobalt Strike |
| 2022-05-10
⋅
Marco Ramilli's Blog
⋅
A Malware Analysis in RU-AU conflict Cobalt Strike |
| 2022-05-09
⋅
Microsoft
⋅
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker BRONZE STARLIGHT |
| 2022-05-09
⋅
cocomelonc
⋅
Malware development: persistence - part 4. Windows services. Simple C++ example. Anchor AppleJeus Attor BBSRAT BlackEnergy Carbanak Cobalt Strike DuQu |
| 2022-05-09
⋅
Microsoft Security
⋅
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself Griffon BazarBackdoor BlackCat BlackMatter Blister Gozi LockBit Pandora Rook SystemBC TrickBot |
| 2022-05-09
⋅
TEAMT5
⋅
Hiding in Plain Sight: Obscuring C2s by Abusing CDN Services Cobalt Strike |
| 2022-05-09
⋅
The DFIR Report
⋅
SEO Poisoning – A Gootloader Story GootLoader LaZagne Cobalt Strike GootKit |
| 2022-05-08
⋅
IronNet
⋅
Tracking Cobalt Strike Servers Used in Cyberattacks on Ukraine Cobalt Strike |
| 2022-05-06
⋅
Twitter (@MsftSecIntel)
⋅
Twitter Thread on initial infeciton of SocGholish/ FAKEUPDATES campaigns lead to BLISTER Loader, CobaltStrike, Lockbit and followed by Hands On Keyboard activity FAKEUPDATES Blister Cobalt Strike LockBit |
| 2022-05-06
⋅
Palo Alto Networks Unit 42
⋅
Cobalt Strike Analysis and Tutorial: CS Metadata Encoding and Decoding Cobalt Strike |
| 2022-05-06
⋅
The Hacker News
⋅
This New Fileless Malware Hides Shellcode in Windows Event Logs Cobalt Strike |
| 2022-05-05
⋅
Cisco Talos
⋅
Mustang Panda deploys a new wave of malware targeting Europe Cobalt Strike Meterpreter PlugX PUBLOAD |
| 2022-05-05
⋅
YouTube (Chris Greer)
⋅
MALWARE Analysis with Wireshark // TRICKBOT Infection TrickBot |
| 2022-05-05
⋅
Intel 471
⋅
Cybercrime loves company: Conti cooperated with other ransomware gangs LockBit Maze RagnarLocker Ryuk |
| 2022-05-04
⋅
Kaspersky
⋅
A new secret stash for “fileless” malware Cobalt Strike |
| 2022-05-04
⋅
Twitter (@felixw3000)
⋅
Twitter Thread with info on infection chain with IcedId, Cobalt Strike, and Hidden VNC. Cobalt Strike IcedID PhotoLoader |
| 2022-05-03
⋅
Recorded Future
⋅
SOLARDEFLECTION C2 Infrastructure Used by NOBELIUM in Company Brand Misuse Cobalt Strike EnvyScout |
| 2022-05-03
⋅
Cluster25
⋅
The Strange Link Between A Destructive Malware And A Ransomware-Gang Linked Custom Loader: IsaacWiper Vs Vatet Cobalt Strike IsaacWiper PyXie |
| 2022-05-03
⋅
Recorded Future
⋅
SOLARDEFLECTION C2 Infrastructure Used by NOBELIUM in Company Brand Misuse Cobalt Strike |
| 2022-05-02
⋅
Cisco Talos
⋅
Conti and Hive ransomware operations: Leveraging victim chats for insights Cobalt Strike Conti Hive |
| 2022-05-02
⋅
⋅
Macnica
⋅
Attack Campaigns that Exploit Shortcuts and ISO Files Cobalt Strike |
| 2022-04-29
⋅
NCC Group
⋅
Adventures in the land of BumbleBee – a new malicious loader BazarBackdoor BumbleBee Conti |
| 2022-04-28
⋅
Symantec
⋅
Ransomware: How Attackers are Breaching Corporate Networks AvosLocker Conti Emotet Hive IcedID PhotoLoader QakBot TrickBot |
| 2022-04-28
⋅
PWC
⋅
Cyber Threats 2021: A Year in Retrospect (Annex) Cobalt Strike Conti PlugX RokRAT Inception Framework Red Menshen |
| 2022-04-28
⋅
Mandiant
⋅
Trello From the Other Side: Tracking APT29 Phishing Campaigns Cobalt Strike |
| 2022-04-27
⋅
Trendmicro
⋅
IOCs for Earth Berberoka - Windows AsyncRAT Cobalt Strike PlugX Quasar RAT Earth Berberoka |
| 2022-04-27
⋅
⋅
ANSSI
⋅
LE GROUPE CYBERCRIMINEL FIN7 Bateleur BELLHOP Griffon SQLRat POWERSOURCE Andromeda BABYMETAL BlackCat BlackMatter BOOSTWRITE Carbanak Cobalt Strike DNSMessenger Dridex DRIFTPIN Gameover P2P MimiKatz Murofet Qadars Ranbyus SocksBot |
| 2022-04-27
⋅
Mandiant
⋅
Assembling the Russian Nesting Doll: UNC2452 Merged into APT29 Cobalt Strike Raindrop SUNBURST TEARDROP |
| 2022-04-27
⋅
Trendmicro
⋅
Operation Gambling Puppet reptile oRAT AsyncRAT Cobalt Strike DCRat Ghost RAT PlugX Quasar RAT Trochilus RAT Earth Berberoka |
| 2022-04-27
⋅
Medium elis531989
⋅
The chronicles of Bumblebee: The Hook, the Bee, and the Trickbot connection BumbleBee TrickBot |
| 2022-04-27
⋅
Sentinel LABS
⋅
LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility Cobalt Strike LockBit |
| 2022-04-27
⋅
Sentinel LABS
⋅
LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility Cobalt Strike LockBit BRONZE STARLIGHT |
| 2022-04-26
⋅
Trend Micro
⋅
How Cybercriminals Abuse Cloud Tunneling Services AsyncRAT Cobalt Strike DarkComet Meterpreter Nanocore RAT |
| 2022-04-26
⋅
Intel 471
⋅
Conti and Emotet: A constantly destructive duo Cobalt Strike Conti Emotet IcedID QakBot TrickBot |
| 2022-04-25
⋅
The DFIR Report
⋅
Quantum Ransomware Cobalt Strike IcedID |
| 2022-04-25
⋅
paloalto Networks Unit 42
⋅
Defeating BazarLoader Anti-Analysis Techniques BazarBackdoor |
| 2022-04-25
⋅
Morphisec
⋅
New Core Impact Backdoor Delivered Via VMware Vulnerability Cobalt Strike JSSLoader |
| 2022-04-21
⋅
ZeroSec
⋅
Understanding Cobalt Strike Profiles - Updated For Cobalt Strike 4.6 Cobalt Strike |
| 2022-04-20
⋅
CISA
⋅
AA22-110A Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader |
| 2022-04-20
⋅
CISA
⋅
Alert (AA22-110A): Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader Killnet |
| 2022-04-19
⋅
Blake's R&D
⋅
Extracting Cobalt Strike from Windows Error Reporting Cobalt Strike |
| 2022-04-19
⋅
Varonis
⋅
Hive Ransomware Analysis Cobalt Strike Hive MimiKatz |
| 2022-04-19
⋅
0ffset Blog
⋅
BAZARLOADER: Unpacking An ISO File Infection BazarBackdoor |
| 2022-04-18
⋅
AdvIntel
⋅
Enter KaraKurt: Data Extortion Arm of Prolific Ransomware Group AvosLocker BazarBackdoor BlackByte BlackCat Cobalt Strike HelloKitty Hive Karakurt |
| 2022-04-18
⋅
SentinelOne
⋅
From the Front Lines | Peering into A PYSA Ransomware Attack Chisel Chisel Cobalt Strike Mespinoza |
| 2022-04-18
⋅
vanmieghem
⋅
A blueprint for evading industry leading endpoint protection in 2022 Cobalt Strike |
| 2022-04-18
⋅
RiskIQ
⋅
RiskIQ: Trickbot Rickroll TrickBot |
| 2022-04-17
⋅
BushidoToken Blog
⋅
Lessons from the Conti Leaks BazarBackdoor Conti Emotet IcedID Ryuk TrickBot |
| 2022-04-15
⋅
Arctic Wolf
⋅
The Karakurt Web: Threat Intel and Blockchain Analysis Reveals Extension of Conti Business Model Conti Diavol Ryuk TrickBot |
| 2022-04-15
⋅
Bleeping Computer
⋅
Karakurt revealed as data extortion arm of Conti cybercrime syndicate Anchor BazarBackdoor Conti TrickBot |
| 2022-04-14
⋅
Cynet
⋅
Orion Threat Alert: Flight of the BumbleBee BumbleBee Cobalt Strike |
| 2022-04-13
⋅
Microsoft
⋅
Notorious cybercrime gang’s botnet disrupted Ryuk Zloader |
| 2022-04-13
⋅
ESET Research
⋅
ESET takes part in global operation to disrupt Zloader botnets Cobalt Strike Zloader |
| 2022-04-13
⋅
Microsoft
⋅
Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware BlackMatter Cobalt Strike DarkSide Ryuk Zloader |
| 2022-04-08
⋅
ReversingLabs
⋅
ConversingLabs Ep. 2: Conti pivots as ransomware as a service struggles Conti Emotet TrickBot |
| 2022-04-08
⋅
Infinitum Labs
⋅
Threat Spotlight: Conti Ransomware Group Behind the Karakurt Hacking Team Cobalt Strike MimiKatz |
| 2022-04-07
⋅
splunk
⋅
You Bet Your Lsass: Hunting LSASS Access Cobalt Strike MimiKatz |
| 2022-04-07
⋅
InQuest
⋅
Ukraine CyberWar Overview CyclopsBlink Cobalt Strike GraphSteel GrimPlant HermeticWiper HermeticWizard MicroBackdoor PartyTicket Saint Bot Scieron WhisperGate |
| 2022-04-06
⋅
Github (infinitumlabs)
⋅
Karakurt Hacking Team Indicators of Compromise (IOC) Cobalt Strike |
| 2022-04-06
⋅
TRM Labs
⋅
TRM Analysis Corroborates Suspected Ties Between Conti and Ryuk Ransomware Groups and Wizard Spider Conti Ryuk |
| 2022-04-05
⋅
Intel 471
⋅
Move fast and commit crimes: Conti’s development teams mirror corporate tech BazarBackdoor TrickBot |
| 2022-04-04
⋅
Mandiant
⋅
FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7 Griffon BABYMETAL Carbanak Cobalt Strike JSSLoader Termite |
| 2022-03-31
⋅
Trellix
⋅
Conti Leaks: Examining the Panama Papers of Ransomware LockBit Amadey Buer Conti IcedID LockBit Mailto Maze PhotoLoader Ryuk TrickBot |
| 2022-03-31
⋅
nccgroup
⋅
Conti-nuation: methods and techniques observed in operations post the leaks Cobalt Strike Conti QakBot |
| 2022-03-31
⋅
SC Media
⋅
Novel obfuscation leveraged by Hive ransomware Cobalt Strike Hive |
| 2022-03-30
⋅
Bleeping Computer
⋅
Phishing campaign targets Russian govt dissidents with Cobalt Strike Unidentified PS 002 (RAT) Cobalt Strike |
| 2022-03-30
⋅
Prevailion
⋅
Wizard Spider continues to confound BazarBackdoor Cobalt Strike Emotet |
| 2022-03-29
⋅
Malwarebytes Labs
⋅
New spear phishing campaign targets Russian dissidents Unidentified PS 002 (RAT) Cobalt Strike |
| 2022-03-29
⋅
SentinelOne
⋅
From the Front Lines | Hive Ransomware Deploys Novel IPfuscation Technique To Avoid Detection Cobalt Strike Hive |
| 2022-03-28
⋅
Medium walmartglobaltech
⋅
CobaltStrike UUID stager Cobalt Strike |
| 2022-03-25
⋅
nccgroup
⋅
Mining data from Cobalt Strike beacons Cobalt Strike |
| 2022-03-25
⋅
GOV.UA
⋅
Who is behind the Cyberattacks on Ukraine's Critical Information Infrastructure: Statistics for March 15-22 Xloader Agent Tesla CaddyWiper Cobalt Strike DoubleZero GraphSteel GrimPlant HeaderTip HermeticWiper IsaacWiper MicroBackdoor Pandora RAT |
| 2022-03-23
⋅
Secureworks
⋅
GOLD ULRICK Leaks Reveal Organizational Structure and Relationships Conti Emotet IcedID TrickBot |
| 2022-03-23
⋅
splunk
⋅
Gone in 52 Seconds…and 42 Minutes: A Comparative Analysis of Ransomware Encryption Speed Avaddon Babuk BlackMatter Conti DarkSide LockBit Maze Mespinoza REvil Ryuk |
| 2022-03-23
⋅
Secureworks
⋅
Threat Intelligence Executive Report Volume 2022, Number 2 Conti Emotet IcedID TrickBot |
| 2022-03-22
⋅
Red Canary
⋅
2022 Threat Detection Report FAKEUPDATES Silver Sparrow BazarBackdoor Cobalt Strike GootKit Yellow Cockatoo RAT |
| 2022-03-22
⋅
NVISO Labs
⋅
Cobalt Strike: Overview – Part 7 Cobalt Strike |
| 2022-03-21
⋅
Threat Post
⋅
Conti Ransomware V. 3, Including Decryptor, Leaked Cobalt Strike Conti TrickBot |
| 2022-03-21
⋅
eSentire
⋅
Conti Affiliate Exposed: New Domain Names, IP Addresses and Email Addresses Uncovered HelloKitty BazarBackdoor Cobalt Strike Conti FiveHands HelloKitty IcedID |
| 2022-03-18
⋅
Avast
⋅
Mēris and TrickBot standing on the shoulders of giants Glupteba Proxy Glupteba TrickBot |
| 2022-03-17
⋅
Trend Micro
⋅
Navigating New Frontiers Trend Micro 2021 Annual Cybersecurity Report REvil BazarBackdoor Buer IcedID QakBot REvil |
| 2022-03-17
⋅
Google
⋅
Exposing initial access broker with ties to Conti BazarBackdoor BumbleBee Conti EXOTIC LILY |
| 2022-03-17
⋅
Sophos
⋅
The Ransomware Threat Intelligence Center ATOMSILO Avaddon AvosLocker BlackKingdom Ransomware BlackMatter Conti Cring DarkSide dearcry Dharma Egregor Entropy Epsilon Red Gandcrab Karma LockBit LockFile Mailto Maze Nefilim RagnarLocker Ragnarok REvil RobinHood Ryuk SamSam Snatch WannaCryptor WastedLocker |
| 2022-03-17
⋅
Google
⋅
Exposing initial access broker with ties to Conti BazarBackdoor BumbleBee Cobalt Strike Conti |
| 2022-03-16
⋅
paloalto Netoworks: Unit42
⋅
Cobalt Strike Analysis and Tutorial: How Malleable C2 Profiles Make Cobalt Strike Difficult to Detect Cobalt Strike |
| 2022-03-16
⋅
SANS ISC
⋅
Qakbot infection with Cobalt Strike and VNC activity Cobalt Strike QakBot |
| 2022-03-16
⋅
Microsoft
⋅
Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure TrickBot |
| 2022-03-16
⋅
InfoSec Handlers Diary Blog
⋅
Qakbot infection with Cobalt Strike and VNC activity Cobalt Strike QakBot |
| 2022-03-15
⋅
Prevailion
⋅
What Wicked Webs We Un-weave Cobalt Strike Conti |
| 2022-03-15
⋅
SentinelOne
⋅
Threat Actor UAC-0056 Targeting Ukraine with Fake Translation Software Cobalt Strike GraphSteel GrimPlant SaintBear |
| 2022-03-15
⋅
RiskIQ
⋅
RiskIQ: Trickbot Abuse of Compromised MikroTik Routers for Command and Control TrickBot |
| 2022-03-14
⋅
Bleeping Computer
⋅
Fake antivirus updates used to deploy Cobalt Strike in Ukraine Cobalt Strike |
| 2022-03-12
⋅
Arash's Blog
⋅
Analyzing Malware with Hooks, Stomps, and Return-addresses Cobalt Strike |
| 2022-03-11
⋅
⋅
Cyberattack on Ukrainian state authorities using the Cobalt Strike Beacon (CERT-UA#4145) Cobalt Strike |
| 2022-03-10
⋅
Bleeping Computer
⋅
Corporate website contact forms used to spread BazarBackdoor malware BazarBackdoor |
| 2022-03-09
⋅
Abnormal
⋅
BazarLoader Actors Initiate Contact via Website Contact Forms BazarBackdoor |
| 2022-03-09
⋅
Bleeping Computer
⋅
CISA updates Conti ransomware alert with nearly 100 domain names BazarBackdoor Cobalt Strike Conti TrickBot |
| 2022-03-09
⋅
BreachQuest
⋅
The Conti Leaks | Insight into a Ransomware Unicorn Cobalt Strike MimiKatz TrickBot |
| 2022-03-08
⋅
Mandiant
⋅
Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments KEYPLUG Cobalt Strike LOWKEY |
| 2022-03-07
⋅
The DFIR Report
⋅
2021 Year In Review Cobalt Strike |
| 2022-03-04
⋅
Reuters
⋅
Details of another big ransomware group 'Trickbot' leak online, experts say TrickBot |
| 2022-03-04
⋅
Telsy
⋅
Legitimate Sites Used As Cobalt Strike C2s Against Indian Government Cobalt Strike |
| 2022-03-03
⋅
Trend Micro
⋅
Cyberattacks are Prominent in the Russia-Ukraine Conflict BazarBackdoor Cobalt Strike Conti Emotet WhisperGate |
| 2022-03-02
⋅
KrebsOnSecurity
⋅
Conti Ransomware Group Diaries, Part II: The Office Conti Emotet Ryuk TrickBot |
| 2022-03-02
⋅
CyberArk
⋅
Conti Group Leaked! TeamTNT Conti TrickBot |
| 2022-03-02
⋅
⋅
elDiario
⋅
Cybercrime bosses warn that they will "fight back" if Russia is hacked Conti Ryuk |
| 2022-03-02
⋅
Threatpost
⋅
Conti Ransomware Decryptor, TrickBot Source Code Leaked Conti TrickBot |
| 2022-03-01
⋅
Leaks: Conti / Trickbot Conti TrickBot |
| 2022-03-01
⋅
VirusTotal
⋅
VirusTotal's 2021 Malware Trends Report Anubis AsyncRAT BlackMatter Cobalt Strike DanaBot Dridex Khonsari MimiKatz Mirai Nanocore RAT Orcus RAT |
| 2022-02-26
⋅
Mandiant
⋅
TRENDING EVIL Q1 2022 KEYPLUG FAKEUPDATES GootLoader BazarBackdoor QakBot |
| 2022-02-25
⋅
CyberScoop
⋅
TrickBot malware suddenly got quiet, researchers say, but it's hardly the end for its operators BazarBackdoor Emotet TrickBot |
| 2022-02-24
⋅
Cynet
⋅
New Wave of Emotet – When Project X Turns Into Y Cobalt Strike Emotet |
| 2022-02-24
⋅
The Record
⋅
TrickBot gang shuts down botnet after months of inactivity TrickBot |
| 2022-02-24
⋅
Fortinet
⋅
Nobelium Returns to the Political World Stage Cobalt Strike |
| 2022-02-24
⋅
The Hacker News
⋅
TrickBot Gang Likely Shifting Operations to Switch to New Malware BazarBackdoor Emotet QakBot TrickBot |
| 2022-02-24
⋅
kienmanowar Blog
⋅
[QuickNote] Techniques for decrypting BazarLoader strings BazarBackdoor |
| 2022-02-24
⋅
The Hacker News
⋅
Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure BazarBackdoor Emotet TrickBot |
| 2022-02-23
⋅
cyber.wtf blog
⋅
What the Pack(er)? Cobalt Strike Emotet |
| 2022-02-23
⋅
AdvIntel
⋅
24 Hours From Log4Shell to Local Admin: Deep-Dive Into Conti Gang Attack on Fortune 500 (DFIR) Cobalt Strike Conti |
| 2022-02-23
⋅
SophosLabs Uncut
⋅
Dridex bots deliver Entropy ransomware in recent attacks Cobalt Strike Dridex Entropy |
| 2022-02-23
⋅
splunk
⋅
An Empirically Comparative Analysis of Ransomware Binaries Avaddon Babuk BlackMatter Conti DarkSide LockBit Maze Mespinoza REvil Ryuk |
| 2022-02-22
⋅
eSentire
⋅
IcedID to Cobalt Strike In Under 20 Minutes Cobalt Strike IcedID PhotoLoader |
| 2022-02-22
⋅
Bleeping Computer
⋅
Vulnerable Microsoft SQL Servers targeted with Cobalt Strike Cobalt Strike Kingminer Lemon Duck |
| 2022-02-22
⋅
Bankinfo Security
⋅
Cybercrime Moves: Conti Ransomware Absorbs TrickBot Malware Conti TrickBot |
| 2022-02-21
⋅
Cobalt Strike Being Distributed to Vulnerable MS-SQL Servers Cobalt Strike Lemon Duck |
| 2022-02-21
⋅
Qbot and Zerologon Lead To Full Domain Compromise Cobalt Strike QakBot |
| 2022-02-20
⋅
Medium SOCFortress
⋅
Detecting Cobalt Strike Beacons Cobalt Strike |
| 2022-02-20
⋅
Security Affairs
⋅
The Conti ransomware group takes over TrickBot malware operation and plans to replace it with BazarBackdoor malware. Conti TrickBot |
| 2022-02-18
⋅
Huntress Labs
⋅
Hackers No Hashing: Randomizing API Hashes to Evade Cobalt Strike Shellcode Detection Cobalt Strike |
| 2022-02-18
⋅
Bleeping Computer
⋅
Conti ransomware gang takes over TrickBot malware operation Conti TrickBot |
| 2022-02-16
⋅
Threat Post
⋅
TrickBot Ravages Customers of Amazon, PayPal and Other Top Brands TrickBot |
| 2022-02-16
⋅
Advanced Intelligence
⋅
The TrickBot Saga’s Finale Has Aired: Spinoff is Already in the Works TrickBot |
| 2022-02-16
⋅
Check Point Research
⋅
A Modern Ninja: Evasive Trickbot Attacks Customers of 60 High-Profile Companies TrickBot |
| 2022-02-16
⋅
Medium elis531989
⋅
Highway to Conti: Analysis of Bazarloader BazarBackdoor |
| 2022-02-16
⋅
Security Onion
⋅
Quick Malware Analysis: Emotet Epoch 5 and Cobalt Strike pcap from 2022-02-08 Cobalt Strike Emotet |
| 2022-02-15
⋅
eSentire
⋅
Increase in Emotet Activity and Cobalt Strike Deployment Cobalt Strike Emotet |
| 2022-02-10
⋅
Cybereason
⋅
Threat Analysis Report: All Paths Lead to Cobalt Strike - IcedID, Emotet and QBot Cobalt Strike Emotet IcedID QakBot |
| 2022-02-09
⋅
vmware
⋅
Exposing Malware in Linux-Based Multi-Cloud Environments ACBackdoor BlackMatter DarkSide Erebus HelloKitty Kinsing PLEAD QNAPCrypt RansomEXX REvil Sysrv-hello TeamTNT Vermilion Strike Cobalt Strike |
| 2022-02-08
⋅
Intel 471
⋅
PrivateLoader: The first step in many malware schemes Dridex Kronos LockBit Nanocore RAT NjRAT PrivateLoader Quasar RAT RedLine Stealer Remcos SmokeLoader STOP Tofsee TrickBot Vidar |
| 2022-02-02
⋅
IBM
⋅
TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware BazarBackdoor TrickBot |
| 2022-02-01
⋅
Wired
⋅
Inside Trickbot, Russia’s Notorious Ransomware Gang TrickBot |
| 2022-02-01
⋅
Wired
⋅
Inside Trickbot, Russia’s Notorious Ransomware Gang TrickBot |
| 2022-01-31
⋅
CyberArk
⋅
Analyzing Malware with Hooks, Stomps and Return-addresses Cobalt Strike |
| 2022-01-28
⋅
Morphisec
⋅
Log4j Exploit Hits Again: Vulnerable Unifi Network Application (Ubiquiti) at Risk Cobalt Strike |
| 2022-01-27
⋅
JSAC 2021
⋅
What We Can Do against the Chaotic A41APT Campaign CHINACHOPPER Cobalt Strike HUI Loader SodaMaster |
| 2022-01-26
⋅
Blackberry
⋅
Log4U, Shell4Me Cobalt Strike |
| 2022-01-25
⋅
Cynet
⋅
Threats Looming Over the Horizon Cobalt Strike Meterpreter NightSky |
| 2022-01-24
⋅
IBM
⋅
TrickBot Bolsters Layered Defenses to Prevent Injection Research TrickBot |
| 2022-01-24
⋅
The DFIR Report
⋅
Cobalt Strike, a Defender’s Guide – Part 2 Cobalt Strike |
| 2022-01-24
⋅
Kryptos Logic
⋅
Deep Dive into Trickbot's Web Injection TrickBot |
| 2022-01-22
⋅
forensicitguy
⋅
BazarISO Analysis - Loading with Advpack.dll BazarBackdoor |
| 2022-01-20
⋅
Morphisec
⋅
Log4j Exploit Hits Again: Vulnerable VMWare Horizon Servers at Risk Cobalt Strike |
| 2022-01-19
⋅
FBI
⋅
CU-000161-MW: Indicators of Compromise Associated with Diavol Ransomware Diavol TrickBot |
| 2022-01-19
⋅
Elastic
⋅
Extracting Cobalt Strike Beacon Configurations Cobalt Strike |
| 2022-01-19
⋅
Blackberry
⋅
Kraken the Code on Prometheus Prometheus Backdoor BlackMatter Cerber Cobalt Strike DCRat Ficker Stealer QakBot REvil Ryuk |
| 2022-01-19
⋅
Elastic
⋅
Collecting Cobalt Strike Beacons with the Elastic Stack Cobalt Strike |
| 2022-01-19
⋅
Sophos
⋅
Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike Cobalt Strike Zloader |
| 2022-01-18
⋅
Recorded Future
⋅
2021 Adversary Infrastructure Report BazarBackdoor Cobalt Strike Dridex IcedID QakBot TrickBot |
| 2022-01-17
⋅
Trend Micro
⋅
Delving Deep: An Analysis of Earth Lusca’s Operations BIOPASS Cobalt Strike FunnySwitch JuicyPotato ShadowPad Winnti Earth Lusca |
| 2022-01-16
⋅
forensicitguy
⋅
Analyzing a CACTUSTORCH HTA Leading to Cobalt Strike CACTUSTORCH Cobalt Strike |
| 2022-01-15
⋅
MalwareBookReports
⋅
BazarLoader - Back from Holiday Break BazarBackdoor |
| 2022-01-15
⋅
Huntress Labs
⋅
Threat Advisory: VMware Horizon Servers Actively Being Hit With Cobalt Strike (by DEV-0401) Cobalt Strike |
| 2022-01-11
⋅
Medium walmartglobaltech
⋅
Signed DLL campaigns as a service BATLOADER Cobalt Strike ISFB Zloader |
| 2022-01-11
⋅
Twitter (@cglyer)
⋅
Thread on DEV-0401, a china based ransomware operator exploiting VMware Horizon with log4shell and deploying NightSky ransomware Cobalt Strike NightSky |
| 2022-01-11
⋅
Cybereason
⋅
Threat Analysis Report: DatopLoader Exploits ProxyShell to Deliver QBOT and Cobalt Strike Cobalt Strike QakBot Squirrelwaffle |
| 2022-01-09
⋅
forensicitguy
⋅
Inspecting a PowerShell Cobalt Strike Beacon Cobalt Strike |
| 2022-01-06
⋅
Sekoia
⋅
NOBELIUM’s EnvyScout infection chain goes in the registry, targeting embassies Cobalt Strike EnvyScout |
| 2022-01-02
⋅
BleepingComputer
⋅
Malicious CSV text files used to install BazarBackdoor malware BazarBackdoor |
| 2022-01-01
⋅
Silent Push
⋅
Consequences- The Conti Leaks and future problems Cobalt Strike Conti |
| 2021-12-29
⋅
CrowdStrike
⋅
OverWatch Exposes AQUATIC PANDA in Possession of Log4Shell Exploit Tools During Hands-on Intrusion Attempt Cobalt Strike |
| 2021-12-29
⋅
Blake's R&D
⋅
Cobalt Strike DFIR: Listening to the Pipes Cobalt Strike |
| 2021-12-28
⋅
Morphus Labs
⋅
Attackers are abusing MSBuild to evade defenses and implant Cobalt Strike beacons Cobalt Strike |
| 2021-12-22
⋅
Telsy
⋅
Phishing Campaign targeting citizens abroad using COVID-19 theme lures Cobalt Strike |
| 2021-12-16
⋅
TEAMT5
⋅
Winnti is Coming - Evolution after Prosecution Cobalt Strike FishMaster FunnySwitch HIGHNOON ShadowPad Spyder |
| 2021-12-16
⋅
Red Canary
⋅
Intelligence Insights: December 2021 Cobalt Strike QakBot Squirrelwaffle |
| 2021-12-13
⋅
The DFIR Report
⋅
Diavol Ransomware BazarBackdoor Conti Diavol |
| 2021-12-10
⋅
Accenture
⋅
Karakurt rises from its lair Cobalt Strike Karakurt |
| 2021-12-08
⋅
Check Point Research
⋅
When old friends meet again: why Emotet chose Trickbot for rebirth Emotet TrickBot |
| 2021-12-07
⋅
Bleeping Computer
⋅
Emotet now drops Cobalt Strike, fast forwards ransomware attacks Cobalt Strike Emotet |
| 2021-12-06
⋅
CERT-FR
⋅
Phishing campaigns by the Nobelium intrusion set Cobalt Strike |
| 2021-12-06
⋅
Mandiant
⋅
Suspected Russian Activity Targeting Government and Business Entities Around the Globe (UNC2452) Cobalt Strike CryptBot |
| 2021-12-03
⋅
GoSecure
⋅
TrickBot Leverages Zoom Work from Home Interview Malspam, Heaven’s Gate and… Spamhaus? TrickBot |
| 2021-12-02
⋅
CERT-FR
⋅
Phishing Campaigns by the Nobelium Intrusion Set Cobalt Strike |
| 2021-11-30
⋅
Symantec
⋅
Yanluowang: Further Insights on New Ransomware Threat BazarBackdoor Cobalt Strike FiveHands |
| 2021-11-29
⋅
The DFIR Report
⋅
CONTInuing the Bazar Ransomware Story BazarBackdoor Cobalt Strike Conti |
| 2021-11-29
⋅
Mandiant
⋅
Kitten.gif: Meet the Sabbath Ransomware Affiliate Program, Again Cobalt Strike ROLLCOAST |
| 2021-11-23
⋅
Trend Micro
⋅
BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors BazarBackdoor |
| 2021-11-19
⋅
Trend Micro
⋅
Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains Cobalt Strike QakBot Squirrelwaffle |
| 2021-11-18
⋅
Medium 0xchina
⋅
Malware reverse engineering (Ryuk Ransomware) Ryuk |
| 2021-11-17
⋅
nviso
⋅
Cobalt Strike: Decrypting Obfuscated Traffic – Part 4 Cobalt Strike |
| 2021-11-17
⋅
Black Hills Information Security
⋅
DNS Over HTTPS for Cobalt Strike Cobalt Strike |
| 2021-11-17
⋅
Twitter (@Unit42_Intel)
⋅
Tweet on Matanbuchus Loader used to deliver Qakbot (tag obama128b) and follow-up CobaltStrike Cobalt Strike QakBot |
| 2021-11-17
⋅
Trend Micro
⋅
Analyzing ProxyShell-related Incidents via Trend Micro Managed XDR Cobalt Strike Cotx RAT |
| 2021-11-16
⋅
PC's Xcetra Support
⋅
Excel 4 macro code obfuscation BazarBackdoor |
| 2021-11-16
⋅
Malwarebytes
⋅
TrickBot helps Emotet come back from the dead Emotet TrickBot |
| 2021-11-16
⋅
Cisco
⋅
Attackers use domain fronting technique to target Myanmar with Cobalt Strike Cobalt Strike |
| 2021-11-16
⋅
IronNet
⋅
How IronNet's Behavioral Analytics Detect REvil and Conti Ransomware Cobalt Strike Conti IcedID REvil |
| 2021-11-16
⋅
Blackberry
⋅
Finding Beacons in the dark Cobalt Strike |
| 2021-11-15
⋅
TRUESEC
⋅
ProxyShell, QBot, and Conti Ransomware Combined in a Series of Cyberattacks Cobalt Strike Conti QakBot |
| 2021-11-13
⋅
Just Still
⋅
Threat Spotlight - Domain Fronting Cobalt Strike |
| 2021-11-12
⋅
Recorded Future
⋅
The Business of Fraud: Botnet Malware Dissemination Mozi Dridex IcedID QakBot TrickBot |
| 2021-11-12
⋅
Malwarebytes
⋅
A multi-stage PowerShell based attack targets Kazakhstan Cobalt Strike |
| 2021-11-11
⋅
Cynet
⋅
A Duck Nightmare Quakbot Strikes with QuakNightmare Exploitation Cobalt Strike QakBot |
| 2021-11-11
⋅
SophosLabs Uncut
⋅
BazarLoader ‘call me back’ attack abuses Windows 10 Apps mechanism BazarBackdoor |
| 2021-11-10
⋅
AT&T
⋅
Stories from the SOC - Powershell, Proxyshell, Conti TTPs OH MY! Cobalt Strike Conti |
| 2021-11-10
⋅
Sekoia
⋅
Walking on APT31 infrastructure footprints Rekoobe Unidentified ELF 004 Cobalt Strike |
| 2021-11-09
⋅
Cybereason
⋅
THREAT ANALYSIS REPORT: From Shatak Emails to the Conti Ransomware Cobalt Strike Conti |
| 2021-11-05
⋅
Blackberry
⋅
Hunter Becomes Hunted: Zebra2104 Hides a Herd of Malware Cobalt Strike DoppelDridex Mount Locker Phobos StrongPity |
| 2021-11-05
⋅
Twitter (@Unit42_Intel)
⋅
Tweet on TA551 (Shathak) BazarLoader infection with CobaltStrike and DarkVNC drops BazarBackdoor Cobalt Strike |
| 2021-11-03
⋅
Didier Stevens
⋅
New Tool: cs-extract-key.py Cobalt Strike |
| 2021-11-03
⋅
nviso
⋅
Cobalt Strike: Using Process Memory To Decrypt Traffic – Part 3 Cobalt Strike |
| 2021-11-02
⋅
Intel 471
⋅
Cybercrime underground flush with shipping companies’ credentials Cobalt Strike Conti |
| 2021-11-02
⋅
unh4ck
⋅
Detecting CONTI CobaltStrike Lateral Movement Techniques - Part 2 Cobalt Strike Conti |
| 2021-11-02
⋅
boschko.ca blog
⋅
Cobalt Strike Process Injection Cobalt Strike |
| 2021-11-01
⋅
The DFIR Report
⋅
From Zero to Domain Admin Cobalt Strike Hancitor |
| 2021-11-01
⋅
Accenture
⋅
Diving into double extortion campaigns Cobalt Strike MimiKatz |
| 2021-10-29
⋅
Europol
⋅
12 targeted for involvement in ransomware attacks against critical infrastructure Cobalt Strike Dharma LockerGoga MegaCortex TrickBot |
| 2021-10-29
⋅
⋅
Національна поліція України
⋅
Cyberpolice exposes transnational criminal group in causing $ 120 million in damage to foreign companies Cobalt Strike Dharma LockerGoga MegaCortex TrickBot |
| 2021-10-28
⋅
Department of Justice
⋅
Indictment: Russian National (Vladimir Dunaev) Extradited to United States to Face Charges for Alleged Role in Cybercriminal Organization TrickBot |
| 2021-10-28
⋅
Department of Justice
⋅
Russian National (Vladimir Dunaev) Extradited to United States to Face Charges for Alleged Role in Cybercriminal Organization TrickBot |
| 2021-10-27
⋅
VinCSS
⋅
[RE025] TrickBot ... many tricks TrickBot |
| 2021-10-27
⋅
nviso
⋅
Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 2 Cobalt Strike |
| 2021-10-26
⋅
unh4ck
⋅
Detecting CONTI CobaltStrike Lateral Movement Techniques - Part 1 Cobalt Strike Conti |
| 2021-10-26
⋅
Cisco Talos
⋅
SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike Cobalt Strike QakBot Squirrelwaffle |
| 2021-10-26
⋅
Identification of a new cyber criminal group: Lockean Cobalt Strike DoppelPaymer Egregor Maze PwndLocker QakBot REvil |
| 2021-10-22
⋅
HUNT & HACKETT
⋅
Advanced IP Scanner: the preferred scanner in the A(P)T toolbox Conti DarkSide Dharma Egregor Hades REvil Ryuk |
| 2021-10-21
⋅
CrowdStrike
⋅
Stopping GRACEFUL SPIDER: Falcon Complete’s Fast Response to Recent SolarWinds Serv-U Exploit Campaign Cobalt Strike FlawedGrace TinyMet |
| 2021-10-21
⋅
nviso
⋅
Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 1 Cobalt Strike |
| 2021-10-19
⋅
Kaspersky
⋅
Trickbot module descriptions TrickBot |
| 2021-10-18
⋅
The DFIR Report
⋅
IcedID to XingLocker Ransomware in 24 hours Cobalt Strike IcedID Mount Locker |
| 2021-10-18
⋅
Symantec
⋅
Harvester: Nation-state-backed group uses new toolset to target victims in South Asia Cobalt Strike Graphon |
| 2021-10-18
⋅
paloalto Netoworks: Unit42
⋅
Case Study: From BazarLoader to Network Reconnaissance BazarBackdoor Cobalt Strike |
| 2021-10-14
⋅
Medium walmartglobaltech
⋅
Investigation into the state of NIM malware Part 2 Cobalt Strike NimGrabber Nimrev Unidentified 088 (Nim Ransomware) |
| 2021-10-13
⋅
Blackberry
⋅
BlackBerry Shines Spotlight on Evolving Cobalt Strike Threat in New Book Cobalt Strike |
| 2021-10-13
⋅
IBM
⋅
Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds BazarBackdoor TrickBot |
| 2021-10-12
⋅
Mandiant
⋅
Defining Cobalt Strike Components So You Can BEA-CONfident in Your Analysis Cobalt Strike |
| 2021-10-11
⋅
Accenture
⋅
Moving Left of the Ransomware Boom REvil Cobalt Strike MimiKatz RagnarLocker REvil |
| 2021-10-08
⋅
0ffset Blog
⋅
SQUIRRELWAFFLE – Analysing The Main Loader Cobalt Strike Squirrelwaffle |
| 2021-10-08
⋅
Zscaler
⋅
New Trickbot and BazarLoader campaigns use multiple delivery vectorsi BazarBackdoor TrickBot |
| 2021-10-07
⋅
Netskope
⋅
SquirrelWaffle: New Malware Loader Delivering Cobalt Strike and QakBot Cobalt Strike QakBot Squirrelwaffle |
| 2021-10-07
⋅
Mandiant
⋅
FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets BazarBackdoor GRIMAGENT Ryuk |
| 2021-10-07
⋅
Mandiant
⋅
FIN12 Group Profile: FIN12 Priotizes Speed to Deploy Ransomware Aginst High-Value Targets Cobalt Strike Empire Downloader TrickBot |
| 2021-10-06
⋅
Blackberry
⋅
Finding Beacons in the Dark Cobalt Strike |
| 2021-10-05
⋅
Blackberry
⋅
Drawing a Dragon: Connecting the Dots to Find APT41 Cobalt Strike Ghost RAT |
| 2021-10-05
⋅
Trend Micro
⋅
Ransomware as a Service: Enabler of Widespread Attacks Cerber Conti DarkSide Gandcrab Locky Nefilim REvil Ryuk |
| 2021-10-04
⋅
Sophos
⋅
Atom Silo ransomware actors use Confluence exploit, DLL side-load for stealthy attack ATOMSILO Cobalt Strike |
| 2021-10-04
⋅
Cisco
⋅
Threat hunting in large datasets by clustering security events BazarBackdoor TrickBot |
| 2021-10-04
⋅
The DFIR Report
⋅
BazarLoader and the Conti Leaks BazarBackdoor Cobalt Strike Conti |
| 2021-10-03
⋅
Github (0xjxd)
⋅
SquirrelWaffle - From Maldoc to Cobalt Strike Cobalt Strike Squirrelwaffle |
| 2021-10-01
⋅
0ffset Blog
⋅
SQUIRRELWAFFLE – Analysing the Custom Packer Cobalt Strike Squirrelwaffle |
| 2021-10-01
⋅
HP
⋅
Threat Insights Report Q3 - 2021 STRRAT CloudEyE NetWire RC Remcos TrickBot Vjw0rm |
| 2021-09-30
⋅
PTSecurity
⋅
Masters of Mimicry: new APT group ChamelGang and its arsenal Cobalt Strike |
| 2021-09-30
⋅
Masters of Mimicry: new APT group ChamelGang and its arsenal Cobalt Strike |
| 2021-09-30
⋅
CrowdStrike
⋅
Hunting for the Confluence Exploitation: When Falcon OverWatch Becomes the First Line of Defense Cobalt Strike |
| 2021-09-29
⋅
Advanced Intelligence
⋅
Backup “Removal” Solutions - From Conti Ransomware With Love Cobalt Strike Conti |
| 2021-09-29
⋅
Malware Traffic Analysis
⋅
2021-09-29 (Wednesday) - Hancitor with Cobalt Strike Cobalt Strike Hancitor |
| 2021-09-29
⋅
Malware Traffic Analysis
⋅
Hancitor with Cobalt Strike Cobalt Strike Hancitor |
| 2021-09-28
⋅
Zscaler
⋅
Squirrelwaffle: New Loader Delivering Cobalt Strike Cobalt Strike Squirrelwaffle |
| 2021-09-27
⋅
Cynet
⋅
A Virtual Baffle to Battle Squirrelwaffle Cobalt Strike Squirrelwaffle |
| 2021-09-26
⋅
NSFOCUS
⋅
Insights into Ransomware Spread Using Exchange 1-Day Vulnerabilities 1-2 Cobalt Strike LockFile |
| 2021-09-24
⋅
Trend Micro
⋅
Examining the Cring Ransomware Techniques Cobalt Strike Cring MimiKatz |
| 2021-09-22
⋅
CISA
⋅
Alert (AA21-265A) Conti Ransomware Cobalt Strike Conti |
| 2021-09-21
⋅
Medium elis531989
⋅
The Squirrel Strikes Back: Analysis of the newly emerged cobalt-strike loader “SquirrelWaffle” Cobalt Strike Squirrelwaffle |
| 2021-09-21
⋅
skyblue.team blog
⋅
Scanning VirusTotal's firehose Cobalt Strike |
| 2021-09-21
⋅
GuidePoint Security
⋅
A Ransomware Near Miss: ProxyShell, a RAT, and Cobalt Strike Cobalt Strike |
| 2021-09-21
⋅
Sophos
⋅
Cring ransomware group exploits ancient ColdFusion server Cobalt Strike Cring |
| 2021-09-21
⋅
eSentire
⋅
Ransomware Hackers Attack a Top Safety Testing Org. Using Tactics and Techniques Borrowed from Chinese Espionage Groups Cobalt Strike MimiKatz UNC215 |
| 2021-09-17
⋅
CrowdStrike
⋅
Falcon OverWatch Hunts Down Adversaries Where They Hide BazarBackdoor Cobalt Strike |
| 2021-09-17
⋅
Medium inteloperator
⋅
The default: 63 6f 62 61 6c 74 strike Cobalt Strike |
| 2021-09-17
⋅
Malware Traffic Analysis
⋅
2021-09-17 - SQUIRRELWAFFLE Loader with Cobalt Strike Cobalt Strike Squirrelwaffle |
| 2021-09-16
⋅
Twitter (@GossiTheDog)
⋅
Tweet on some unknown threat actor dropping Mgbot, custom IIS modular backdoor and cobalstrike using exploiting ProxyShell Cobalt Strike MgBot |
| 2021-09-16
⋅
Medium Shabarkin
⋅
Pointer: Hunting Cobalt Strike globally Cobalt Strike |
| 2021-09-16
⋅
RiskIQ
⋅
Untangling the Spider Web: The Curious Connection Between WIZARD SPIDER’s Ransomware Infrastructure and a Windows Zero-Day Exploit Cobalt Strike Ryuk |
| 2021-09-15
⋅
Microsoft
⋅
Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability Cobalt Strike |
| 2021-09-14
⋅
Recorded Future
⋅
Full-Spectrum Cobalt Strike Detection Cobalt Strike |
| 2021-09-13
⋅
The DFIR Report
⋅
BazarLoader to Conti Ransomware in 32 Hours BazarBackdoor Cobalt Strike Conti |
| 2021-09-12
⋅
Medium michaelkoczwara
⋅
Mapping and Pivoting from Cobalt Strike C2 Infrastructure Attributed to CVE-2021-40444 Cobalt Strike |
| 2021-09-10
⋅
Gigamon
⋅
Rendering Threats: A Network Perspective BumbleBee Cobalt Strike |
| 2021-09-09
⋅
Trend Micro
⋅
Remote Code Execution 0-Day (CVE-2021-40444) Hits Windows, Triggered Via Office Docs BumbleBee Cobalt Strike |
| 2021-09-08
⋅
Arash's Blog
⋅
Hook Heaps and Live Free Cobalt Strike |
| 2021-09-07
⋅
Medium michaelkoczwara
⋅
Cobalt Strike C2 Hunting with Shodan Cobalt Strike |
| 2021-09-06
⋅
kienmanowar Blog
⋅
Quick analysis CobaltStrike loader and shellcode Cobalt Strike |
| 2021-09-06
⋅
Bleeping Computer
⋅
TrickBot gang developer arrested when trying to leave Korea Diavol TrickBot |
| 2021-09-04
⋅
cocomelonc
⋅
AV engines evasion for C++ simple malware: part 1 4h_rat Azorult BADCALL BadNews BazarBackdoor Cardinal RAT |
| 2021-09-03
⋅
Sophos
⋅
Conti affiliates use ProxyShell Exchange exploit in ransomware attacks Cobalt Strike Conti |
| 2021-09-03
⋅
Trend Micro
⋅
The State of SSL/TLS Certificate Usage in Malware C&C Communications AdWind ostap AsyncRAT BazarBackdoor BitRAT Buer Chthonic CloudEyE Cobalt Strike DCRat Dridex FindPOS GootKit Gozi IcedID ISFB Nanocore RAT Orcus RAT PandaBanker Qadars QakBot Quasar RAT Rockloader ServHelper Shifu SManager TorrentLocker TrickBot Vawtrak Zeus Zloader |
| 2021-09-02
⋅
Medium michaelkoczwara
⋅
Cobalt Strike PowerShell Payload Analysis Cobalt Strike |
| 2021-09-02
⋅
Twitter (@th3_protoCOL)
⋅
Tweet on Confluence Server exploitation (CVE-2021-26084) in the wild and cobaltsrike activity (mentioned in replies by GaborSzappanos) Cobalt Strike |
| 2021-09-01
⋅
YouTube (Black Hat)
⋅
Mem2Img: Memory-Resident Malware Detection via Convolution Neural Network Cobalt Strike PlugX Waterbear |
| 2021-08-31
⋅
BreakPoint Labs
⋅
Cobalt Strike and Ransomware – Tracking An Effective Ransomware Campaign Cobalt Strike |
| 2021-08-30
⋅
⋅
Qianxin
⋅
Operation (Thủy Tinh) OceanStorm: The evil lotus hidden under the abyss Cobalt Strike MimiKatz |
| 2021-08-29
⋅
The DFIR Report
⋅
Cobalt Strike, a Defender’s Guide Cobalt Strike |
| 2021-08-27
⋅
Aon
⋅
Cobalt Strike Configuration Extractor and Parser Cobalt Strike |
| 2021-08-27
⋅
Morphisec
⋅
ProxyShell Exchange Exploitation Now Leads To An Increasing Amount Of Cobaltstrike Backdoors Cobalt Strike |
| 2021-08-25
⋅
Trend Micro
⋅
Earth Baku An APT Group Targeting Indo-Pacific Countries With New Stealth Loaders and Backdoor Cobalt Strike DUSTPAN SideWalk |
| 2021-08-24
⋅
Trend Micro
⋅
Earth Baku Returns Cobalt Strike CROSSWALK DUSTPAN SideWalk |
| 2021-08-24
⋅
ESET Research
⋅
The SideWalk may be as dangerous as the CROSSWALK Cobalt Strike CROSSWALK SideWalk SparklingGoblin |
| 2021-08-23
⋅
Youtube (SANS Digital Forensics and Incident Response)
⋅
Keynote: Cobalt Strike Threat Hunting Cobalt Strike |
| 2021-08-23
⋅
FBI
⋅
Indicators of Compromise Associated with OnePercent Group Ransomware Cobalt Strike MimiKatz |
| 2021-08-19
⋅
Blackberry
⋅
BlackBerry Prevents: Threat Actor Group TA575 and Dridex Malware Cobalt Strike Dridex TA575 |
| 2021-08-19
⋅
Sekoia
⋅
An insider insights into Conti operations – Part two Cobalt Strike Conti |
| 2021-08-18
⋅
Intezer
⋅
Cobalt Strike: Detect this Persistent Threat Cobalt Strike |
| 2021-08-17
⋅
Advanced Intelligence
⋅
Hunting for Corporate Insurance Policies: Indicators of [Ransom] Exfiltration Cobalt Strike Conti |
| 2021-08-17
⋅
Sekoia
⋅
An insider insights into Conti operations – Part one Cobalt Strike Conti |
| 2021-08-17
⋅
Medium michaelkoczwara
⋅
Cobalt Strike Hunting — DLL Hijacking/Attack Analysis Cobalt Strike |
| 2021-08-15
⋅
Symantec
⋅
The Ransomware Threat Babuk BlackMatter DarkSide Avaddon Babuk BADHATCH BazarBackdoor BlackMatter Clop Cobalt Strike Conti DarkSide DoppelPaymer Egregor Emotet FiveHands FriedEx Hades IcedID LockBit Maze MegaCortex MimiKatz QakBot RagnarLocker REvil Ryuk TrickBot WastedLocker |
| 2021-08-11
⋅
Advanced Intelligence
⋅
Secret "Backdoor" Behind Conti Ransomware Operation: Introducing Atera Agent Cobalt Strike Conti |
| 2021-08-09
⋅
Johannes Bader's Blog
⋅
A BazarLoader DGA that Breaks Down in the Summer BazarBackdoor |
| 2021-08-09
⋅
IstroSec
⋅
APT Cobalt Strike Campaign targeting Slovakia (DEF CON talk) Cobalt Strike |
| 2021-08-05
⋅
KrebsOnSecurity
⋅
Ransomware Gangs and the Name Game Distraction DarkSide RansomEXX Babuk Cerber Conti DarkSide DoppelPaymer Egregor FriedEx Gandcrab Hermes Maze RansomEXX REvil Ryuk Sekhmet |
| 2021-08-05
⋅
Secureworks
⋅
Detecting Cobalt Strike: Government-Sponsored Threat Groups (APT32) Cobalt Strike |
| 2021-08-05
⋅
Red Canary
⋅
When Dridex and Cobalt Strike give you Grief Cobalt Strike DoppelDridex DoppelPaymer |
| 2021-08-04
⋅
Sentinel LABS
⋅
Hotcobalt – New Cobalt Strike DoS Vulnerability That Lets You Halt Operations Cobalt Strike |
| 2021-08-04
⋅
Secureworks
⋅
Detecting Cobalt Strike: Cybercrime Attacks (GOLD LAGOON) Cobalt Strike |
| 2021-08-04
⋅
CrowdStrike
⋅
PROPHET SPIDER Exploits Oracle WebLogic to Facilitate Ransomware Activity Cobalt Strike Egregor Mount Locker Prophet Spider |
| 2021-08-03
⋅
Cybereason
⋅
DeadRinger: Exposing Chinese Threat Actors Targeting Major Telcos CHINACHOPPER Cobalt Strike MimiKatz Nebulae |
| 2021-08-02
⋅
Youtube (Forschungsinstitut Cyber Defense)
⋅
The CODE 2021: Workshop presentation and demonstration about CobaltStrike Cobalt Strike |
| 2021-08-01
⋅
The DFIR Report
⋅
BazarCall to Conti Ransomware via Trickbot and Cobalt Strike BazarBackdoor Cobalt Strike Conti TrickBot |
| 2021-07-30
⋅
Medium walmartglobaltech
⋅
Decrypting BazarLoader strings with a Unicorn BazarBackdoor |
| 2021-07-30
⋅
Twitter (@Unit42_Intel)
⋅
Tweet on BazarLoader infection leading to cobaltstrike and Powershell script file for PrintNightmare vulnerability BazarBackdoor Cobalt Strike |
| 2021-07-29
⋅
Rasta Mouse
⋅
NTLM Relaying via Cobalt Strike Cobalt Strike |
| 2021-07-29
⋅
Microsoft
⋅
BazaCall: Phony call centers lead to exfiltration and ransomware BazarBackdoor Cobalt Strike |
| 2021-07-29
⋅
Microsoft
⋅
BazaCall: Phony call centers lead to exfiltration and ransomware BazarBackdoor BazarCall |
| 2021-07-27
⋅
Blackberry
⋅
Old Dogs New Tricks: Attackers Adopt Exotic Programming Languages elf.wellmess ElectroRAT BazarNimrod Buer Cobalt Strike Remcos Snake TeleBot WellMess Zebrocy |
| 2021-07-25
⋅
Medium svch0st
⋅
Guide to Named Pipes and Hunting for Cobalt Strike Pipes Cobalt Strike |
| 2021-07-22
⋅
Medium michaelkoczwara
⋅
Cobalt Strike Hunting — simple PCAP and Beacon Analysis Cobalt Strike |
| 2021-07-21
⋅
splunk
⋅
Detecting Trickbot with Splunk TrickBot |
| 2021-07-19
⋅
The DFIR Report
⋅
IcedID and Cobalt Strike vs Antivirus Cobalt Strike IcedID |
| 2021-07-14
⋅
Google
⋅
How We Protect Users From 0-Day Attacks (CVE-2021-21166, CVE-2021-30551, CVE-2021-33742, CVE-2021-1879) Cobalt Strike |
| 2021-07-14
⋅
MDSec
⋅
Investigating a Suspicious Service Cobalt Strike |
| 2021-07-14
⋅
Kaspersky
⋅
LuminousMoth APT: Sweeping attacks for the chosen few Cobalt Strike |
| 2021-07-14
⋅
Bleeping Computer
⋅
BazarBackdoor sneaks in through nested RAR and ZIP archives BazarBackdoor |
| 2021-07-13
⋅
YouTube ( Matt Soseman)
⋅
Solarwinds and SUNBURST attacks compromised my lab! Cobalt Strike Raindrop SUNBURST TEARDROP |
| 2021-07-12
⋅
Bitdefender
⋅
A Fresh Look at Trickbot’s Ever-Improving VNC Module TrickBot |
| 2021-07-09
⋅
InfoSec Handlers Diary Blog
⋅
Hancitor tries XLL as initial malware file Cobalt Strike Hancitor |
| 2021-07-08
⋅
Avast Decoded
⋅
Decoding Cobalt Strike: Understanding Payloads Cobalt Strike Empire Downloader |
| 2021-07-08
⋅
Recorded Future
⋅
Chinese State-Sponsored Activity Group TAG-22 Targets Nepal, the Philippines, and Taiwan Using Winnti and Other Tooling Cobalt Strike Earth Lusca |
| 2021-07-07
⋅
Trustwave
⋅
Diving Deeper Into the Kaseya VSA Attack: REvil Returns and Other Hackers Are Riding Their Coattails Cobalt Strike REvil |
| 2021-07-07
⋅
Trend Micro
⋅
BIOPASS RAT: New Malware Sniffs Victims via Live Streaming BIOPASS Cobalt Strike Derusbi |
| 2021-07-07
⋅
McAfee
⋅
Ryuk Ransomware Now Targeting Webservers Cobalt Strike Ryuk |
| 2021-07-06
⋅
Twitter (@MBThreatIntel)
⋅
Tweet on a malspam campaign that is taking advantage of Kaseya VSA ransomware attack to drop CobaltStrike Cobalt Strike |
| 2021-07-05
⋅
Trend Micro
⋅
Tracking Cobalt Strike: A Trend Micro Vision One Investigation Cobalt Strike |
| 2021-07-03
⋅
Medium AK1001
⋅
Analyzing Cobalt Strike PowerShell Payload Cobalt Strike |
| 2021-07-02
⋅
MalwareBookReports
⋅
Skip the Middleman: Dridex Document to Cobalt Strike Cobalt Strike Dridex |
| 2021-07-02
⋅
Group-IB
⋅
The Brothers Grim - The reversing tale of GrimAgent malware used by Ryuk GRIMAGENT |
| 2021-07-02
⋅
Group-IB
⋅
The Brothers Grim - The reversing tale of GrimAgent malware used by Ryuk GRIMAGENT |
| 2021-07-02
⋅
The Record
⋅
TrickBot: New attacks see the botnet deploy new banking module, new ransomware TrickBot |
| 2021-07-01
⋅
Kryptos Logic
⋅
TrickBot and Zeus TrickBot Zeus |
| 2021-07-01
⋅
The Record
⋅
Mongolian certificate authority hacked eight times, compromised with malware Cobalt Strike |
| 2021-07-01
⋅
Avast Decoded
⋅
Backdoored Client from Mongolian CA MonPass Cobalt Strike Earth Lusca |
| 2021-07-01
⋅
Avast Decoded
⋅
Backdoored Client from Mongolian CA MonPass Cobalt Strike FishMaster |
| 2021-06-30
⋅
Group-IB
⋅
REvil Twins Deep Dive into Prolific RaaS Affiliates' TTPs Cobalt Strike REvil |
| 2021-06-29
⋅
Accenture
⋅
HADES ransomware operators continue attacks Cobalt Strike Hades MimiKatz |
| 2021-06-29
⋅
Proofpoint
⋅
Cobalt Strike: Favorite Tool from APT to Crimeware Cobalt Strike |
| 2021-06-28
⋅
The DFIR Report
⋅
Hancitor Continues to Push Cobalt Strike Cobalt Strike Hancitor |
| 2021-06-22
⋅
CrowdStrike
⋅
Response When Minutes Matter: Falcon Complete Disrupts WIZARD SPIDER eCrime Operators Cobalt Strike |
| 2021-06-22
⋅
Twitter (@Cryptolaemus1)
⋅
Tweet on TA575, a Dridex affiliate delivering cobaltstrike (packed withe Cryptone) directly via the macro docs Cobalt Strike Dridex |
| 2021-06-20
⋅
The DFIR Report
⋅
From Word to Lateral Movement in 1 Hour Cobalt Strike IcedID |
| 2021-06-18
⋅
SecurityScorecard
⋅
SecurityScorecard Finds USAID Hack Much Larger Than Initially Thought Cobalt Strike |
| 2021-06-17
⋅
Binary Defense
⋅
Analysis of Hancitor – When Boring Begets Beacon Cobalt Strike Ficker Stealer Hancitor |
| 2021-06-16
⋅
Proofpoint
⋅
The First Step: Initial Access Leads to Ransomware BazarBackdoor Egregor IcedID Maze QakBot REvil Ryuk TrickBot WastedLocker TA570 TA575 TA577 |
| 2021-06-16
⋅
Mandiant
⋅
Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise Cobalt Strike SMOKEDHAM |
| 2021-06-16
⋅
Mandiant
⋅
Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise DarkSide Cobalt Strike DarkSide SMOKEDHAM UNC2465 |
| 2021-06-16
⋅
⋅
Національної поліції України
⋅
Cyberpolice exposes hacker group in spreading encryption virus and causing half a billion dollars in damage to foreign companies Clop Cobalt Strike FlawedAmmyy |
| 2021-06-16
⋅
FireEye
⋅
Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise Cobalt Strike SMOKEDHAM |
| 2021-06-15
⋅
vmware
⋅
Detecting UEFI Bootkits in the Wild (Part 1) LoJax MosaicRegressor TrickBot |
| 2021-06-15
⋅
Secureworks
⋅
Hades Ransomware Operators Use Distinctive Tactics and Infrastructure Cobalt Strike Hades |
| 2021-06-12
⋅
Twitter (@AltShiftPrtScn)
⋅
A thread on RagnarLocker ransomware group's TTP seen in an Incident Response Cobalt Strike RagnarLocker |
| 2021-06-10
⋅
Group-IB
⋅
Big airline heist APT41 likely behind massive supply chain attack Cobalt Strike |
| 2021-06-09
⋅
Twitter (@SecurityJoes)
⋅
Tweet on .NET builder of a Ryuk imposter malware Ryuk |
| 2021-06-09
⋅
Twitter (@RedDrip7)
⋅
Tweet on in the wild exploit of CVE-2021-26868 (according to @_clem1) Cobalt Strike |
| 2021-06-07
⋅
Medium walmartglobaltech
⋅
Inside the SystemBC Malware-As-A-Service Ryuk SystemBC TrickBot |
| 2021-06-04
⋅
The Record
⋅
US arrests Latvian woman who worked on Trickbot malware source code TrickBot |
| 2021-06-04
⋅
Department of Justice
⋅
Latvian National Charged for Alleged Role in Transnational Cybercrime Organization TrickBot |
| 2021-06-04
⋅
Twitter (@alex_lanstein)
⋅
Tweet on UNC2652/NOBELIUM targeting IOS users exploiting CVE-2021-1879 Cobalt Strike |
| 2021-06-04
⋅
Inky
⋅
Colonial Pipeline Ransomware Hack Unleashes Flood of Related Phishing Attempts Cobalt Strike |
| 2021-06-02
⋅
Sophos
⋅
AMSI bypasses remain tricks of the malware trade Agent Tesla Cobalt Strike Meterpreter |
| 2021-06-02
⋅
Medium CyCraft
⋅
China-Linked Threat Group Targets Taiwan Critical Infrastructure, Smokescreen Ransomware Cobalt Strike ColdLock |
| 2021-06-01
⋅
Department of Justice
⋅
Justice Department Announces Court-Authorized Seizure of Domain Names Used in Furtherance of Spear-Phishing Campaign Posing as U.S. Agency for International Development Cobalt Strike |
| 2021-06-01
⋅
SentinelOne
⋅
NobleBaron | New Poisoned Installers Could Be Used In Supply Chain Attacks Cobalt Strike |
| 2021-06-01
⋅
SANS
⋅
A Contrarian View on SolarWinds Cobalt Strike Raindrop SUNBURST TEARDROP |
| 2021-06-01
⋅
Microsoft
⋅
New sophisticated email-based attack from NOBELIUM Cobalt Strike |
| 2021-05-29
⋅
Twitter (@elisalem9)
⋅
Tweet on obfuscation mechanism and extraction procedure of COBALTSTRIKE beacon module used by NOBELIUM/UNC2452 Cobalt Strike |
| 2021-05-28
⋅
CISA
⋅
Malware Analysis Report (AR21-148A): Cobalt Strike Beacon Cobalt Strike |
| 2021-05-28
⋅
CISA
⋅
Alert (AA21-148A): Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs Cobalt Strike |
| 2021-05-28
⋅
Microsoft
⋅
Breaking down NOBELIUM’s latest early-stage toolset BOOMBOX Cobalt Strike |
| 2021-05-27
⋅
Volexity
⋅
Suspected APT29 Operation Launches Election Fraud Themed Phishing Campaigns Cobalt Strike |
| 2021-05-26
⋅
DeepInstinct
⋅
A Deep Dive into Packing Software CryptOne Cobalt Strike Dridex Emotet Gozi ISFB Mailto QakBot SmokeLoader WastedLocker Zloader |
| 2021-05-25
⋅
Huntress Labs
⋅
Cobalt Strikes Again: An Analysis of Obfuscated Malware Cobalt Strike |
| 2021-05-22
⋅
Youtube (ACPEnw)
⋅
Lessons Learned from a Cyber Attack System Admin Perspective Ryuk |
| 2021-05-21
⋅
⋅
LAC
⋅
Targeted attack by 'Cobalt Strike loader' that exploits Microsoft's digital signature-Attacker group APT41 Cobalt Strike DUSTPAN |
| 2021-05-21
⋅
blackarrow
⋅
Leveraging Microsoft Teams to persist and cover up Cobalt Strike traffic Cobalt Strike |
| 2021-05-19
⋅
Intel 471
⋅
Look how many cybercriminals love Cobalt Strike BazarBackdoor Cobalt Strike Hancitor QakBot SmokeLoader SystemBC TrickBot |
| 2021-05-19
⋅
Palo Alto Networks Unit 42
⋅
BazarCall: Call Centers Help Spread BazarLoader Malware BazarBackdoor campoloader |
| 2021-05-19
⋅
Medium Mehmet Ergene
⋅
Enterprise Scale Threat Hunting: Network Beacon Detection with Unsupervised ML and KQL — Part 2 Cobalt Strike |
| 2021-05-18
⋅
The Record
⋅
Darkside gang estimated to have made over $90 million from ransomware attacks DarkSide DarkSide Mailto Maze REvil Ryuk |
| 2021-05-18
⋅
Bleeping Computer
⋅
DarkSide ransomware made $90 million in just nine months DarkSide DarkSide Egregor Gandcrab Mailto Maze REvil Ryuk |
| 2021-05-18
⋅
Sophos
⋅
The Active Adversary Playbook 2021 Cobalt Strike MimiKatz |
| 2021-05-17
⋅
Talos
⋅
Case Study: Incident Response is a relationship-driven business Cobalt Strike |
| 2021-05-16
⋅
NCSC Ireland
⋅
Ransomware Attack on Health Sector - UPDATE 2021-05-16 Cobalt Strike Conti |
| 2021-05-14
⋅
GuidePoint Security
⋅
From ZLoader to DarkSide: A Ransomware Story DarkSide Cobalt Strike Zloader |
| 2021-05-14
⋅
Blue Team Blog
⋅
DarkSide Ransomware Operations – Preventions and Detections. Cobalt Strike DarkSide |
| 2021-05-13
⋅
AWAKE
⋅
Catching the White Stork in Flight Cobalt Strike MimiKatz RMS |
| 2021-05-12
⋅
Medium Mehmet Ergene
⋅
Enterprise Scale Threat Hunting: Network Beacon Detection with Unsupervised ML and KQL — Part 1 Cobalt Strike |
| 2021-05-12
⋅
Conti Ransomware Cobalt Strike Conti IcedID |
| 2021-05-11
⋅
Mal-Eats
⋅
Campo, a New Attack Campaign Targeting Japan AnchorDNS BazarBackdoor campoloader Cobalt Strike Phobos Snifula TrickBot Zloader |
| 2021-05-11
⋅
FireEye
⋅
Shining a Light on DARKSIDE Ransomware Operations Cobalt Strike DarkSide |
| 2021-05-10
⋅
Mal-Eats
⋅
Overview of Campo, a new attack campaign targeting Japan AnchorDNS BazarBackdoor Cobalt Strike ISFB Phobos TrickBot Zloader |
| 2021-05-10
⋅
ZERO.BS
⋅
Cobaltstrike-Beacons analyzed Cobalt Strike |
| 2021-05-07
⋅
Cisco Talos
⋅
Lemon Duck spreads its wings: Actors target Microsoft Exchange servers, incorporate new TTPs CHINACHOPPER Cobalt Strike Lemon Duck |
| 2021-05-07
⋅
Medium svch0st
⋅
Stats from Hunting Cobalt Strike Beacons Cobalt Strike |
| 2021-05-07
⋅
TEAMT5
⋅
Mem2Img: Memory-Resident Malware Detection via Convolution Neural Network Cobalt Strike PlugX Waterbear |
| 2021-05-07
⋅
SophosLabs Uncut
⋅
New Lemon Duck variants exploiting Microsoft Exchange Server CHINACHOPPER Cobalt Strike Lemon Duck |
| 2021-05-06
⋅
Sophos Labs
⋅
MTR in Real Time: Pirates pave way for Ryuk ransomware Ryuk |
| 2021-05-06
⋅
Cyborg Security
⋅
Ransomware: Hunting for Inhibiting System Backup or Recovery Avaddon Conti DarkSide LockBit Mailto Maze Mespinoza Nemty PwndLocker RagnarLocker RansomEXX REvil Ryuk Snatch ThunderX |
| 2021-05-05
⋅
TRUESEC
⋅
Are The Notorious Cyber Criminals Evil Corp actually Russian Spies? Cobalt Strike Hades WastedLocker |
| 2021-05-05
⋅
RiskIQ
⋅
Viruses to Violations - TrickBot's Shift in Tactics During the Pandemic TrickBot |
| 2021-05-05
⋅
SophosLabs Uncut
⋅
Intervention halts a ProxyLogon-enabled attack Cobalt Strike |
| 2021-05-04
⋅
Medium sergiusechel
⋅
Improving the network-based detection of Cobalt Strike C2 servers in the wild while reducing the risk of false positives Cobalt Strike |
| 2021-05-02
⋅
The DFIR Report
⋅
Trickbot Brief: Creds and Beacons Cobalt Strike TrickBot |
| 2021-04-29
⋅
FireEye
⋅
UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat Cobalt Strike FiveHands HelloKitty |
| 2021-04-29
⋅
NTT
⋅
The Operations of Winnti group Cobalt Strike ShadowPad Spyder Winnti Earth Lusca |
| 2021-04-27
⋅
Trend Micro
⋅
Legitimate Tools Weaponized for Ransomware in 2021 Cobalt Strike MimiKatz |
| 2021-04-27
⋅
Trend Micro
⋅
Hello Ransomware Uses Updated China Chopper Web Shell, SharePoint Vulnerability CHINACHOPPER Cobalt Strike |
| 2021-04-26
⋅
nviso
⋅
Anatomy of Cobalt Strike’s DLL Stager Cobalt Strike |
| 2021-04-26
⋅
CoveWare
⋅
Ransomware Attack Vectors Shift as New Software Vulnerability Exploits Abound Avaddon Clop Conti DarkSide Egregor LockBit Mailto Phobos REvil Ryuk SunCrypt |
| 2021-04-26
⋅
getrevue
⋅
Hunting Cobalt Strike DNS redirectors by using ZoomEye Cobalt Strike |
| 2021-04-24
⋅
⋅
Non-offensive security
⋅
Detect Cobalt Strike server through DNS protocol Cobalt Strike |
| 2021-04-23
⋅
Twitter (@vikas891)
⋅
Tweet on DOPPEL SPIDER using Intensive/Multiple Injected Cobalt Strike Beacons with varied polling intervals Cobalt Strike DoppelPaymer |
| 2021-04-22
⋅
Twitter (@AltShiftPrtScn)
⋅
Twwet On TTPs seen in IR used by DOPPEL SPIDER Cobalt Strike DoppelPaymer |
| 2021-04-21
⋅
SophosLabs Uncut
⋅
Nearly half of malware now use TLS to conceal communications Agent Tesla Cobalt Strike Dridex SystemBC |
| 2021-04-20
⋅
Medium walmartglobaltech
⋅
CobaltStrike Stager Utilizing Floating Point Math Cobalt Strike |
| 2021-04-19
⋅
Netresec
⋅
Analysing a malware PCAP with IcedID and Cobalt Strike traffic Cobalt Strike IcedID |
| 2021-04-18
⋅
YouTube (dist67)
⋅
Decoding Cobalt Strike Traffic Cobalt Strike |
| 2021-04-17
⋅
Advanced Intelligence
⋅
Adversary Dossier: Ryuk Ransomware Anatomy of an Attack in 2021 Ryuk |
| 2021-04-15
⋅
SophosLabs Uncut
⋅
BazarLoader deploys a pair of novel spam vectors BazarBackdoor |
| 2021-04-15
⋅
Proofpoint
⋅
Threat Actors Pair Tax-Themed Lures With COVID-19, Healthcare Themes Dridex TrickBot |
| 2021-04-14
⋅
InfoSec Handlers Diary Blog
⋅
April 2021 Forensic Quiz: Answers and Analysis Anchor BazarBackdoor Cobalt Strike |
| 2021-04-12
⋅
Trend Micro
⋅
A Spike in BazarCall and IcedID Activity Detected in March BazarBackdoor IcedID |
| 2021-04-12
⋅
Inde
⋅
A Different Kind of Zoombomb Cobalt Strike |
| 2021-04-09
⋅
F-Secure
⋅
Detecting Exposed Cobalt Strike DNS Redirectors Cobalt Strike |
| 2021-04-07
⋅
ANALYST1
⋅
Ransom Mafia Analysis of the World's First Ransomware Cartel Conti Egregor LockBit Maze RagnarLocker Ryuk SunCrypt TA2101 VIKING SPIDER |
| 2021-04-07
⋅
Medium sixdub
⋅
Using Kaitai Struct to Parse Cobalt Strike Beacon Configs Cobalt Strike |
| 2021-04-06
⋅
Intel 471
⋅
EtterSilent: the underground’s new favorite maldoc builder BazarBackdoor ISFB QakBot TrickBot |
| 2021-04-05
⋅
Medium walmartglobaltech
⋅
TrickBot Crews New CobaltStrike Loader Cobalt Strike TrickBot |
| 2021-04-01
⋅
DomainTools
⋅
COVID-19 Phishing With a Side of Cobalt Strike Cobalt Strike |
| 2021-04-01
⋅
Palo Alto Networks Unit 42
⋅
Hancitor’s Use of Cobalt Strike and a Noisy Network Ping Tool Cobalt Strike Hancitor Moskalvzapoe |
| 2021-03-31
⋅
Kaspersky
⋅
Financial Cyberthreats in 2020 BetaBot DanaBot Emotet Gozi Ramnit RTM SpyEye TrickBot Zeus |
| 2021-03-31
⋅
Red Canary
⋅
2021 Threat Detection Report Shlayer Andromeda Cobalt Strike Dridex Emotet IcedID MimiKatz QakBot TrickBot |
| 2021-03-30
⋅
GuidePoint Security
⋅
Yet Another Cobalt Strike Stager: GUID Edition Cobalt Strike |
| 2021-03-30
⋅
YouTube ( malware-traffic-analysis.net)
⋅
2021-03-29 BazaCall (BazarCall) Example BazarBackdoor |
| 2021-03-30
⋅
FR3D.HK
⋅
Campo Loader - Simple but effective BazarBackdoor |
| 2021-03-29
⋅
The DFIR Report
⋅
Sodinokibi (aka REvil) Ransomware Cobalt Strike IcedID REvil |
| 2021-03-21
⋅
YouTube (dist67)
⋅
Finding Metasploit & Cobalt Strike URLs Cobalt Strike |
| 2021-03-21
⋅
Blackberry
⋅
2021 Threat Report Bashlite FritzFrog IPStorm Mirai Tsunami elf.wellmess AppleJeus Dacls EvilQuest Manuscrypt Astaroth BazarBackdoor Cerber Cobalt Strike Emotet FinFisher RAT Kwampirs MimiKatz NjRAT Ryuk SmokeLoader TrickBot |
| 2021-03-18
⋅
DeepInstinct
⋅
Cobalt Strike – Post-Exploitation Attackers Toolkit Cobalt Strike |
| 2021-03-18
⋅
PRODAFT Threat Intelligence
⋅
SilverFish GroupThreat Actor Report Cobalt Strike Dridex Koadic |
| 2021-03-17
⋅
Palo Alto Networks Unit 42
⋅
Ransomware Threat Report 2021 RansomEXX Dharma DoppelPaymer Gandcrab Mailto Maze Phobos RansomEXX REvil Ryuk WastedLocker |
| 2021-03-17
⋅
CISA
⋅
Alert (AA21-076A): TrickBot Malware TrickBot |
| 2021-03-16
⋅
Elastic
⋅
Detecting Cobalt Strike with memory signatures Cobalt Strike |
| 2021-03-16
⋅
McAfee
⋅
Technical Analysis of Operation Diànxùn Cobalt Strike |
| 2021-03-11
⋅
Cyborg Security
⋅
You Don't Know the HAFNIUM of it... CHINACHOPPER Cobalt Strike PowerCat |
| 2021-03-11
⋅
Qurium
⋅
Myanmar – Multi-stage malware attack targets elected lawmakers Cobalt Strike |
| 2021-03-10
⋅
Proofpoint
⋅
NimzaLoader: TA800’s New Initial Access Malware BazarNimrod Cobalt Strike |
| 2021-03-09
⋅
splunk
⋅
Cloud Federated Credential Abuse & Cobalt Strike: Threat Research February 2021 Cobalt Strike |
| 2021-03-08
⋅
Youtube (SANS Digital Forensics and Incident Response)
⋅
STAR Webcast: Making sense of SolarWinds through the lens of MITRE ATT&CK(R) Cobalt Strike SUNBURST TEARDROP |
| 2021-03-08
⋅
The DFIR Report
⋅
Bazar Drops the Anchor Anchor BazarBackdoor Cobalt Strike |
| 2021-03-07
⋅
InfoSec Handlers Diary Blog
⋅
PCAPs and Beacons Cobalt Strike |
| 2021-03-04
⋅
NCC Group
⋅
Deception Engineering: exploring the use of Windows Service Canaries against ransomware Ryuk |
| 2021-03-01
⋅
⋅
CCN-CERT
⋅
Informe Código DañinoCCN-CERT ID-03/21: RyukRansomware Ryuk |
| 2021-03-01
⋅
YouTube ( Malware_Analyzing_&_RE_Tips_Tricks)
⋅
Ryuk Ransomware - Advanced using of Scylla for Imports reconstruction Ryuk |
| 2021-03-01
⋅
Group-IB
⋅
Ransomware Uncovered 2020/2021 RansomEXX BazarBackdoor Buer Clop Conti DoppelPaymer Dridex Egregor IcedID Maze PwndLocker QakBot RansomEXX REvil Ryuk SDBbot TrickBot Zloader |
| 2021-03-01
⋅
Medium walmartglobaltech
⋅
Investigation into the state of Nim malware BazarNimrod Cobalt Strike |
| 2021-03-01
⋅
Medium walmartglobaltech
⋅
Nimar Loader BazarBackdoor BazarNimrod Cobalt Strike |
| 2021-02-28
⋅
PWC UK
⋅
Cyber Threats 2020: A Year in Retrospect elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team |
| 2021-02-27
⋅
4rchibld
⋅
Nice to meet you, too. My name is Ryuk. Ryuk |
| 2021-02-26
⋅
CrowdStrike
⋅
Hypervisor Jackpotting: CARBON SPIDER and SPRITE SPIDER Target ESXi Servers With Ransomware to Maximize Impact DarkSide RansomEXX Griffon Carbanak Cobalt Strike DarkSide IcedID MimiKatz PyXie RansomEXX REvil |
| 2021-02-25
⋅
ANSSI
⋅
Ryuk Ransomware BazarBackdoor Buer Conti Emotet Ryuk TrickBot |
| 2021-02-25
⋅
FireEye
⋅
So Unchill: Melting UNC2198 ICEDID to Ransomware Operations MOUSEISLAND Cobalt Strike Egregor IcedID Maze SystemBC |
| 2021-02-24
⋅
Github (AmnestyTech)
⋅
Overview of Ocean Lotus Samples used to target Vietnamese Human Rights Defenders OceanLotus Cobalt Strike KerrDown |
| 2021-02-24
⋅
IBM
⋅
X-Force Threat Intelligence Index 2021 Emotet QakBot Ramnit REvil TrickBot |
| 2021-02-24
⋅
⋅
VMWare Carbon Black
⋅
Knock, knock, Neo. - Active C2 Discovery Using Protocol Emulation Cobalt Strike |
| 2021-02-23
⋅
CrowdStrike
⋅
2021 Global Threat Report RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER |
| 2021-02-22
⋅
YouTube ( Malware_Analyzing_&_RE_Tips_Tricks)
⋅
Ryuk Ransomware API Resolving in 10 minutes Ryuk |
| 2021-02-16
⋅
Proofpoint
⋅
Q4 2020 Threat Report: A Quarterly Analysis of Cybersecurity Trends, Tactics and Themes Emotet Ryuk NARWHAL SPIDER TA800 |
| 2021-02-12
⋅
Fortinet
⋅
New Bazar Trojan Variant is Being Spread in Recent Phishing Campaign – Part II BazarBackdoor |
| 2021-02-12
⋅
Fortinet
⋅
New Bazar Trojan Variant is Being Spread in Recent Phishing Campaign – Part I BazarBackdoor |
| 2021-02-11
⋅
Proofpoint
⋅
A Baza Valentine’s Day BazarBackdoor |
| 2021-02-11
⋅
CTI LEAGUE
⋅
CTIL Darknet Report – 2021 Conti Mailto Maze REvil Ryuk |
| 2021-02-11
⋅
Twitter (@TheDFIRReport)
⋅
Tweet on Hancitor Activity followed by cobaltsrike beacon Cobalt Strike Hancitor |
| 2021-02-09
⋅
Securehat
⋅
Extracting the Cobalt Strike Config from a TEARDROP Loader Cobalt Strike TEARDROP |
| 2021-02-09
⋅
Cofense
⋅
BazarBackdoor’s Stealthy Infiltration Evades Multiple SEGs BazarBackdoor |
| 2021-02-09
⋅
Cobalt Strike
⋅
Learn Pipe Fitting for all of your Offense Projects Cobalt Strike |
| 2021-02-08
⋅
ESET Research
⋅
THREAT REPORT Q4 2020 TrickBot |
| 2021-02-04
⋅
ClearSky
⋅
CONTI Modus Operandi and Bitcoin Tracking Conti Ryuk |
| 2021-02-03
⋅
InfoSec Handlers Diary Blog
⋅
Excel spreadsheets push SystemBC malware Cobalt Strike SystemBC |
| 2021-02-02
⋅
Twitter (@TheDFIRReport)
⋅
Tweet on recent dridex post infection activity Cobalt Strike Dridex |
| 2021-02-02
⋅
⋅
CRONUP
⋅
De ataque con Malware a incidente de Ransomware Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DanaBot Dharma Dridex Egregor Emotet Empire Downloader FriedEx GootKit IcedID MegaCortex Nemty Phorpiex PwndLocker PyXie QakBot RansomEXX REvil Ryuk SDBbot SmokeLoader TrickBot Zloader |
| 2021-02-02
⋅
Committee to Protect Journalists
⋅
How Vietnam-based hacking operation OceanLotus targets journalists Cobalt Strike |
| 2021-02-01
⋅
Twitter (@IntelAdvanced)
⋅
Tweet on Active Directory Exploitation by RYUK "one" group Ryuk |
| 2021-02-01
⋅
Microsoft
⋅
What tracking an attacker email infrastructure tells us about persistent cybercriminal operations Dridex Emotet Makop Ransomware SmokeLoader TrickBot |
| 2021-02-01
⋅
pkb1s.github.io
⋅
Relay Attacks via Cobalt Strike Beacons Cobalt Strike |
| 2021-02-01
⋅
GoSecure
⋅
BazarLoader Mocks Researchers in December 2020 Malspam Campaign BazarBackdoor |
| 2021-02-01
⋅
Kryptos Logic
⋅
Trickbot masrv Module TrickBot |
| 2021-02-01
⋅
AhnLab
⋅
BlueCrab ransomware, CobaltStrike hacking tool installed in corporate environment Cobalt Strike REvil |
| 2021-01-31
⋅
The DFIR Report
⋅
Bazar, No Ryuk? BazarBackdoor Cobalt Strike Ryuk |
| 2021-01-28
⋅
Huntress Labs
⋅
Analyzing Ryuk Another Link in the Cyber Attack Chain BazarBackdoor Ryuk |
| 2021-01-28
⋅
⋅
AhnLab
⋅
BlueCrab ransomware constantly trying to bypass detection Cobalt Strike REvil |
| 2021-01-28
⋅
Youtube (Virus Bulletin)
⋅
The Bagsu banker case Azorult DreamBot Emotet Pony TrickBot ZeusAction |
| 2021-01-28
⋅
TrustedSec
⋅
Tailoring Cobalt Strike on Target Cobalt Strike |
| 2021-01-28
⋅
Hornetsecurity
⋅
BazarLoader’s Elaborate Flower Shop Lure BazarBackdoor |
| 2021-01-26
⋅
IBM
⋅
TrickBot’s Survival Instinct Prevails — What’s Different About the TrickBoot Version? TrickBot |
| 2021-01-26
⋅
Twitter (@swisscom_csirt)
⋅
Tweet on Cring Ransomware groups using customized Mimikatz sample followed by CobaltStrike and dropping Cring rasomware Cobalt Strike Cring MimiKatz |
| 2021-01-25
⋅
Twitter (@IntelAdvanced)
⋅
Tweet on Ryuk Ransomware group's post exploitation tactics including usage of Keethief tool Ryuk |
| 2021-01-23
⋅
Johannes Bader's Blog
⋅
Yet Another Bazar Loader DGA BazarBackdoor |
| 2021-01-22
⋅
Twitter (@bryceabdo)
⋅
Tweet on GRIMAGENT malware used by UNC1878 during some #RYUK intrusions in 2020 GRIMAGENT |
| 2021-01-20
⋅
Microsoft
⋅
Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop Cobalt Strike SUNBURST TEARDROP |
| 2021-01-20
⋅
Medium walmartglobaltech
⋅
Anchor and Lazarus together again? Anchor TrickBot |
| 2021-01-19
⋅
Palo Alto Networks Unit 42
⋅
Wireshark Tutorial: Examining Emotet Infection Traffic Emotet GootKit IcedID QakBot TrickBot |
| 2021-01-18
⋅
Symantec
⋅
Raindrop: New Malware Discovered in SolarWinds Investigation Cobalt Strike Raindrop SUNBURST TEARDROP |
| 2021-01-17
⋅
Twitter (@AltShiftPrtScn)
⋅
Tweet on Conti Ransomware group exploiting FortiGate VPNs to drop in CobaltStrike loaders Cobalt Strike Conti |
| 2021-01-15
⋅
Medium Dansec
⋅
Detecting Malicious C2 Activity -SpawnAs & SMB Lateral Movement in CobaltStrike Cobalt Strike |
| 2021-01-14
⋅
PTSecurity
⋅
Higaisa or Winnti? APT41 backdoors, old and new Cobalt Strike CROSSWALK FunnySwitch PlugX ShadowPad |
| 2021-01-12
⋅
Cybereason
⋅
Cybereason vs. Conti Ransomware BazarBackdoor Conti |
| 2021-01-12
⋅
BrightTALK (FireEye)
⋅
UNC2452: What We Know So Far Cobalt Strike SUNBURST TEARDROP |
| 2021-01-12
⋅
Minerva Labs
⋅
Slamming The Backdoor On BazarLoader BazarBackdoor |
| 2021-01-12
⋅
Fox-IT
⋅
Abusing cloud services to fly under the radar Cobalt Strike |
| 2021-01-11
⋅
SolarWinds
⋅
New Findings From Our Investigation of SUNBURST Cobalt Strike SUNBURST TEARDROP |
| 2021-01-11
⋅
The DFIR Report
⋅
Trickbot Still Alive and Well Cobalt Strike TrickBot |
| 2021-01-10
⋅
Medium walmartglobaltech
⋅
MAN1, Moskal, Hancitor and a side of Ransomware Cobalt Strike Hancitor SendSafe VegaLocker Moskalvzapoe |
| 2021-01-09
⋅
Marco Ramilli's Blog
⋅
Command and Control Traffic Patterns ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot |
| 2021-01-09
⋅
Connor McGarr's Blog
⋅
Malware Development: Leveraging Beacon Object Files for Remote Process Injection via Thread Hijacking Cobalt Strike |
| 2021-01-07
⋅
Advanced Intelligence
⋅
Crime Laundering Primer: Inside Ryuk Crime (Crypto) Ledger & Risky Asian Crypto Traders Ryuk |
| 2021-01-07
⋅
Recorded Future
⋅
Aversary Infrastructure Report 2020: A Defender's View Octopus pupy Cobalt Strike Empire Downloader Meterpreter PoshC2 |
| 2021-01-06
⋅
Red Canary
⋅
Hunting for GetSystem in offensive security tools Cobalt Strike Empire Downloader Meterpreter PoshC2 |
| 2021-01-06
⋅
DomainTools
⋅
Holiday Bazar: Tracking a TrickBot-Related Ransomware Incident BazarBackdoor TrickBot |
| 2021-01-05
⋅
Trend Micro
⋅
Earth Wendigo Injects JavaScript Backdoor to Service Worker for Mailbox Exfiltration Cobalt Strike Earth Wendigo |
| 2021-01-04
⋅
SentinelOne
⋅
Building a Custom Malware Analysis Lab Environment TrickBot |
| 2021-01-04
⋅
Medium haggis-m
⋅
Malleable C2 Profiles and You Cobalt Strike |
| 2021-01-01
⋅
AWAKE
⋅
Breaking the Ice: Detecting IcedID and Cobalt Strike Beacon with Network Detection and Response (NDR) Cobalt Strike IcedID PhotoLoader |
| 2021-01-01
⋅
Secureworks
⋅
Threat Profile: GOLD WATERFALL Cobalt Strike DarkSide GOLD WATERFALL |
| 2021-01-01
⋅
Mandiant
⋅
M-TRENDS 2021 Cobalt Strike SUNBURST |
| 2021-01-01
⋅
Secureworks
⋅
Threat Profile: GOLD BLACKBURN Buer Dyre TrickBot WIZARD SPIDER |
| 2021-01-01
⋅
⋅
Github (WBGlIl)
⋅
A book on cobaltstrike Cobalt Strike |
| 2021-01-01
⋅
Symantec
⋅
Supply Chain Attacks:Cyber Criminals Target the Weakest Link Cobalt Strike Raindrop SUNBURST TEARDROP |
| 2021-01-01
⋅
Secureworks
⋅
Threat Profile: GOLD WINTER Cobalt Strike Hades Meterpreter GOLD WINTER |
| 2021-01-01
⋅
Talos
⋅
Evicting Maze Cobalt Strike Maze |
| 2021-01-01
⋅
Threat Profile: GOLD DRAKE Cobalt Strike Dridex FriedEx Koadic MimiKatz WastedLocker Evil Corp |
| 2021-01-01
⋅
Talos
⋅
Cobalt Strikes Out Cobalt Strike |
| 2020-12-28
⋅
0xC0DECAFE
⋅
Never upload ransomware samples to the Internet Ryuk |
| 2020-12-26
⋅
Medium grimminck
⋅
Spoofing JARM signatures. I am the Cobalt Strike server now! Cobalt Strike |
| 2020-12-22
⋅
TRUESEC
⋅
Collaboration between FIN7 and the RYUK group, a Truesec Investigation Carbanak Cobalt Strike Ryuk |
| 2020-12-21
⋅
KEYSIGHT TECHNOLOGIES
⋅
TrickBot: A Closer Look TrickBot |
| 2020-12-21
⋅
Fortinet
⋅
What We Have Learned So Far about the “Sunburst”/SolarWinds Hack Cobalt Strike SUNBURST TEARDROP |
| 2020-12-21
⋅
IronNet
⋅
Russian cyber attack campaigns and actors WellMail elf.wellmess Agent.BTZ BlackEnergy EternalPetya Havex RAT Industroyer Ryuk Triton WellMess |
| 2020-12-20
⋅
Randhome
⋅
Analyzing Cobalt Strike for Fun and Profit Cobalt Strike |
| 2020-12-16
⋅
Accenture
⋅
Tracking and combatting an evolving danger: Ransomware extortion DarkSide Egregor Maze Nefilim RagnarLocker REvil Ryuk SunCrypt |
| 2020-12-16
⋅
Johannes Bader's Blog
⋅
Next Version of the Bazar Loader DGA BazarBackdoor |
| 2020-12-15
⋅
Github (sophos-cybersecurity)
⋅
solarwinds-threathunt Cobalt Strike SUNBURST |
| 2020-12-15
⋅
PICUS Security
⋅
Tactics, Techniques, and Procedures (TTPs) Used in the SolarWinds Breach Cobalt Strike SUNBURST |
| 2020-12-14
⋅
Palo Alto Networks Unit 42
⋅
Threat Brief: SolarStorm and SUNBURST Customer Coverage Cobalt Strike SUNBURST |
| 2020-12-11
⋅
Blackberry
⋅
MountLocker Ransomware-as-a-Service Offers Double Extortion Capabilities to Affiliates Cobalt Strike Mount Locker |
| 2020-12-10
⋅
Cybereason
⋅
Cybereason vs. Ryuk Ransomware BazarBackdoor Ryuk TrickBot |
| 2020-12-10
⋅
Palo Alto Networks Unit 42
⋅
Threat Brief: FireEye Red Team Tool Breach Cobalt Strike |
| 2020-12-10
⋅
Intel 471
⋅
No pandas, just people: The current state of China’s cybercrime underground Anubis SpyNote AsyncRAT Cobalt Strike Ghost RAT NjRAT |
| 2020-12-10
⋅
US-CERT
⋅
Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim REvil Ryuk Zeus |
| 2020-12-10
⋅
CyberInt
⋅
Ryuk Crypto-Ransomware Ryuk TrickBot |
| 2020-12-09
⋅
InfoSec Handlers Diary Blog
⋅
Recent Qakbot (Qbot) activity Cobalt Strike QakBot |
| 2020-12-09
⋅
Cisco
⋅
Quarterly Report: Incident Response trends from Fall 2020 Cobalt Strike IcedID Maze RansomEXX Ryuk |
| 2020-12-09
⋅
FireEye
⋅
It's not FINished The Evolving Maturity in Ransomware Operations (SLIDES) Cobalt Strike DoppelPaymer QakBot REvil |
| 2020-12-08
⋅
Cobalt Strike
⋅
A Red Teamer Plays with JARM Cobalt Strike |
| 2020-12-03
⋅
Eclypsium
⋅
TrickBot Now Offers ‘TrickBoot’: Persist, Brick, Profit TrickBot |
| 2020-12-02
⋅
Red Canary
⋅
Tweet on increased #Qbot activity delivering Cobalt Strike & #Egregor ransomware Cobalt Strike Egregor QakBot |
| 2020-12-01
⋅
mez0.cc
⋅
Cobalt Strike PowerShell Execution Cobalt Strike |
| 2020-12-01
⋅
360.cn
⋅
Hunting Beacons Cobalt Strike |
| 2020-11-30
⋅
FireEye
⋅
It's not FINished The Evolving Maturity in Ransomware Operations Cobalt Strike DoppelPaymer MimiKatz QakBot REvil |
| 2020-11-30
⋅
Microsoft
⋅
Threat actor (BISMUTH) leverages coin miner techniques to stay under the radar – here’s how to spot them Cobalt Strike |
| 2020-11-27
⋅
⋅
Macnica
⋅
Analyzing Organizational Invasion Ransom Incidents Using Dtrack Cobalt Strike Dtrack |
| 2020-11-26
⋅
Cybereason
⋅
Cybereason vs. Egregor Ransomware Cobalt Strike Egregor IcedID ISFB QakBot |
| 2020-11-25
⋅
SentinelOne
⋅
Egregor RaaS Continues the Chaos with Cobalt Strike and Rclone Cobalt Strike Egregor |
| 2020-11-23
⋅
Bitdefender
⋅
TrickBot is Dead. Long Live TrickBot! TrickBot |
| 2020-11-22
⋅
malware.love
⋅
Trickbot tricks again [UPDATE] TrickBot |
| 2020-11-20
⋅
ZDNet
⋅
The malware that usually installs ransomware and you need to remove right away Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DoppelPaymer Dridex Egregor Emotet FriedEx MegaCortex Phorpiex PwndLocker QakBot Ryuk SDBbot TrickBot Zloader |
| 2020-11-20
⋅
Bleeping Computer
⋅
LightBot: TrickBot’s new reconnaissance malware for high-value targets LightBot TrickBot |
| 2020-11-20
⋅
F-Secure Labs
⋅
Detecting Cobalt Strike Default Modules via Named Pipe Analysis Cobalt Strike |
| 2020-11-20
⋅
⋅
360 netlab
⋅
Blackrota, a highly obfuscated backdoor developed by Go Cobalt Strike |
| 2020-11-19
⋅
Threatpost
⋅
APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies Quasar RAT Ryuk |
| 2020-11-18
⋅
Sophos
⋅
SOPHOS 2021 THREAT REPORT Navigating cybersecurity in an uncertain world Agent Tesla Dridex TrickBot Zloader |
| 2020-11-18
⋅
DomainTools
⋅
Analyzing Network Infrastructure as Composite Objects Ryuk |
| 2020-11-17
⋅
Salesforce Engineering
⋅
Easily Identify Malicious Servers on the Internet with JARM Cobalt Strike TrickBot |
| 2020-11-17
⋅
malware.love
⋅
Trickbot tricks again TrickBot |
| 2020-11-17
⋅
Twitter (@VK_intel)
⋅
Tweet on a new fileless TrickBot loading method using code from MemoryModule TrickBot |
| 2020-11-17
⋅
cyble
⋅
OceanLotus Continues With Its Cyber Espionage Operations Cobalt Strike Meterpreter |
| 2020-11-16
⋅
Intel 471
⋅
Ransomware-as-a-service: The pandemic within a pandemic Avaddon Clop Conti DoppelPaymer Egregor Hakbit Mailto Maze Mespinoza RagnarLocker REvil Ryuk SunCrypt ThunderX |
| 2020-11-15
⋅
Trustnet
⋅
From virus alert to PowerShell Encrypted Loader Cobalt Strike |
| 2020-11-14
⋅
Medium 0xastrovax
⋅
Deep Dive Into Ryuk Ransomware Hermes Ryuk |
| 2020-11-12
⋅
Hurricane Labs
⋅
Splunking with Sysmon Part 4: Detecting Trickbot TrickBot |
| 2020-11-10
⋅
Intel 471
⋅
Trickbot down, but is it out? BazarBackdoor TrickBot |
| 2020-11-09
⋅
Area 1
⋅
Phishing Campaign Threatens Job Security, Drops Bazar and Buer Malware BazarBackdoor Buer |
| 2020-11-09
⋅
Bleeping Computer
⋅
Fake Microsoft Teams updates lead to Cobalt Strike deployment Cobalt Strike DoppelPaymer NjRAT Predator The Thief Zloader |
| 2020-11-06
⋅
Cobalt Strike
⋅
Cobalt Strike 4.2 – Everything but the kitchen sink Cobalt Strike |
| 2020-11-06
⋅
Palo Alto Networks Unit 42
⋅
Indicators of Compromise related to Cobaltstrike, PyXie Lite, Vatet and Defray777 Cobalt Strike PyXie RansomEXX |
| 2020-11-06
⋅
Advanced Intelligence
⋅
Anatomy of Attack: Inside BazarBackdoor to Ryuk Ransomware "one" Group via Cobalt Strike BazarBackdoor Cobalt Strike Ryuk |
| 2020-11-06
⋅
Volexity
⋅
OceanLotus: Extending Cyber Espionage Operations Through Fake Websites Cobalt Strike KerrDown APT32 |
| 2020-11-05
⋅
Github (scythe-io)
⋅
Ryuk Adversary Emulation Plan Ryuk |
| 2020-11-05
⋅
SCYTHE
⋅
#ThreatThursday - Ryuk BazarBackdoor Ryuk |
| 2020-11-05
⋅
Twitter (@ffforward)
⋅
Tweet on Zloader infection leads to Cobaltstrike Installation and deployment of RYUK Cobalt Strike Ryuk Zloader |
| 2020-11-05
⋅
The DFIR Report
⋅
Ryuk Speed Run, 2 Hours to Ransom BazarBackdoor Cobalt Strike Ryuk |
| 2020-11-04
⋅
VMRay
⋅
Trick or Threat: Ryuk ransomware targets the health care industry BazarBackdoor Cobalt Strike Ryuk TrickBot |
| 2020-11-03
⋅
InfoSec Handlers Diary Blog
⋅
Attackers Exploiting WebLogic Servers via CVE-2020-14882 to install Cobalt Strike Cobalt Strike |
| 2020-11-03
⋅
Kaspersky Labs
⋅
APT trends report Q3 2020 WellMail EVILNUM Janicab Poet RAT AsyncRAT Ave Maria Cobalt Strike Crimson RAT CROSSWALK Dtrack LODEINFO MoriAgent Okrum PlugX POISONPLUG Rover ShadowPad SoreFang Winnti |
| 2020-10-31
⋅
splunk
⋅
Ryuk and Splunk Detections Ryuk |
| 2020-10-30
⋅
Cofense
⋅
The Ryuk Threat: Why BazarBackdoor Matters Most BazarBackdoor Ryuk |
| 2020-10-30
⋅
Github (ThreatConnect-Inc)
⋅
UNC 1878 Indicators from Threatconnect BazarBackdoor Cobalt Strike Ryuk |
| 2020-10-30
⋅
YouTube (Kaspersky Tech)
⋅
Around the world in 80 days 4.2bn packets Cobalt Strike Derusbi HyperBro Poison Ivy ShadowPad Winnti |
| 2020-10-29
⋅
RiskIQ
⋅
Ryuk Ransomware: Extensive Attack Infrastructure Revealed Cobalt Strike Ryuk |
| 2020-10-29
⋅
Red Canary
⋅
A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak Cobalt Strike Ryuk TrickBot |
| 2020-10-29
⋅
Twitter (@anthomsec)
⋅
Tweet on UNC1878 activity BazarBackdoor Ryuk TrickBot UNC1878 |
| 2020-10-29
⋅
Twitter (@SophosLabs)
⋅
Tweet on similarities between BUER in-memory loader & RYUK in-memory loader Buer Ryuk |
| 2020-10-29
⋅
Github (Swisscom)
⋅
List of CobaltStrike C2's used by RYUK Cobalt Strike |
| 2020-10-29
⋅
McAfee
⋅
McAfee Labs Threat Advisory Ransom-Ryuk Ryuk |
| 2020-10-29
⋅
CNN
⋅
Several hospitals targeted in new wave of ransomware attacks Ryuk |
| 2020-10-29
⋅
Bleeping Computer
⋅
Hacking group is targeting US hospitals with Ryuk ransomware Ryuk |
| 2020-10-29
⋅
Reuters
⋅
Building wave of ransomware attacks strike U.S. hospitals Ryuk |
| 2020-10-29
⋅
Palo Alto Networks Unit 42
⋅
Threat Assessment: Ryuk Ransomware and Trickbot Targeting U.S. Healthcare and Public Health Sector Anchor BazarBackdoor Ryuk TrickBot |
| 2020-10-28
⋅
Youtube (SANS Digital Forensics and Incident Response)
⋅
STAR Webcast: Spooky RYUKy: The Return of UNC1878 Ryuk |
| 2020-10-28
⋅
KrebsOnSecurity
⋅
FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals Ryuk |
| 2020-10-28
⋅
Youtube (SANS Institute)
⋅
Spooky RYUKy: The Return of UNC1878 | SANS STAR Webcast Ryuk UNC1878 |
| 2020-10-28
⋅
Github (aaronst)
⋅
UNC1878 indicators Ryuk UNC1878 |
| 2020-10-28
⋅
CISA
⋅
AA20-302A: Ransomware Activity Targeting the Healthcare and Public Health Sector AnchorDNS Anchor BazarBackdoor Ryuk |
| 2020-10-28
⋅
SophosLabs Uncut
⋅
Hacks for sale: inside the Buer Loader malware-as-a-service Buer Ryuk Zloader |
| 2020-10-28
⋅
FireEye
⋅
Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser BazarBackdoor Cobalt Strike Ryuk UNC1878 |
| 2020-10-27
⋅
Bleeping Computer
⋅
Steelcase furniture giant hit by Ryuk ransomware attack Ryuk |
| 2020-10-27
⋅
Sophos Managed Threat Response (MTR)
⋅
MTR Casebook: An active adversary caught in the act Cobalt Strike |
| 2020-10-26
⋅
ThreatConnect
⋅
ThreatConnect Research Roundup: Ryuk and Domains Spoofing ESET and Microsoft Ryuk |
| 2020-10-26
⋅
Arbor Networks
⋅
Dropping the Anchor AnchorDNS Anchor TrickBot |
| 2020-10-22
⋅
Sentinel LABS
⋅
An Inside Look at How Ryuk Evolved Its Encryption and Evasion Techniques Ryuk |
| 2020-10-22
⋅
Bleeping Computer
⋅
French IT giant Sopra Steria hit by Ryuk ransomware Ryuk |
| 2020-10-20
⋅
⋅
Bundesamt für Sicherheit in der Informationstechnik
⋅
Die Lage der IT-Sicherheit in Deutschland 2020 Clop Emotet REvil Ryuk TrickBot |
| 2020-10-20
⋅
Microsoft
⋅
An update on disruption of Trickbot TrickBot |
| 2020-10-20
⋅
Intel 471
⋅
Global Trickbot disruption operation shows promise TrickBot |
| 2020-10-18
⋅
The DFIR Report
⋅
Ryuk in 5 Hours BazarBackdoor Cobalt Strike Ryuk |
| 2020-10-16
⋅
CrowdStrike
⋅
WIZARD SPIDER Update: Resilient, Reactive and Resolute BazarBackdoor Conti Ryuk TrickBot |
| 2020-10-16
⋅
ThreatConnect
⋅
ThreatConnect Research Roundup: Possible Ryuk Infrastructure Ryuk |
| 2020-10-16
⋅
Duo
⋅
Trickbot Up to Its Old Tricks TrickBot |
| 2020-10-15
⋅
Intel 471
⋅
That was quick: Trickbot is back after disruption attempts TrickBot |
| 2020-10-15
⋅
Department of Justice
⋅
Officials Announce International Operation Targeting Transnational Criminal Organization QQAAZZ that Provided Money Laundering Services to High-Level Cybercriminals Dridex ISFB TrickBot |
| 2020-10-14
⋅
RiskIQ
⋅
A Well-Marked Trail: Journeying through OceanLotus's Infrastructure Cobalt Strike |
| 2020-10-14
⋅
Sophos
⋅
They’re back: inside a new Ryuk ransomware attack Cobalt Strike Ryuk SystemBC |
| 2020-10-13
⋅
VirusTotal
⋅
Tracing fresh Ryuk campaigns itw Ryuk |
| 2020-10-13
⋅
Hornetsecurity
⋅
BazarLoader Campaign with Fake Termination Emails BazarBackdoor |
| 2020-10-12
⋅
Microsoft
⋅
New action to combat ransomware ahead of U.S. elections Ryuk TrickBot |
| 2020-10-12
⋅
Symantec
⋅
Trickbot: U.S. Court Order Hits Botnet’s Infrastructure Ryuk TrickBot |
| 2020-10-12
⋅
Advanced Intelligence
⋅
"Front Door" into BazarBackdoor: Stealthy Cybercrime Weapon BazarBackdoor Cobalt Strike Ryuk |
| 2020-10-12
⋅
Lumen
⋅
A Look Inside The TrickBot Botnet TrickBot |
| 2020-10-12
⋅
ESET Research
⋅
ESET takes part in global operation to disrupt Trickbot TrickBot |
| 2020-10-12
⋅
Microsoft
⋅
Trickbot disrupted TrickBot |
| 2020-10-12
⋅
TRICKBOT complaint TrickBot |
| 2020-10-11
⋅
Github (StrangerealIntel)
⋅
Chimera, APT19 under the radar ? Cobalt Strike Meterpreter |
| 2020-10-10
⋅
The Washington Post
⋅
Cyber Command has sought to disrupt the world’s largest botnet, hoping to reduce its potential impact on the election TrickBot |
| 2020-10-08
⋅
Bayerischer Rundfunk
⋅
There is no safe place Cobalt Strike |
| 2020-10-08
⋅
Bromium
⋅
Droppers, Downloaders and TrickBot: Detecting a Stealthy COVID-19-themed Campaign using Toolmarks TrickBot |
| 2020-10-08
⋅
The DFIR Report
⋅
Ryuk’s Return BazarBackdoor Cobalt Strike Ryuk |
| 2020-10-02
⋅
Health Sector Cybersecurity Coordination Center (HC3)
⋅
Report 202010021600: Recent Bazarloader Use in Ransomware Campaigns BazarBackdoor Cobalt Strike Ryuk TrickBot |
| 2020-10-02
⋅
KrebsOnSecurity
⋅
Attacks Aimed at Disrupting the Trickbot Botnet TrickBot |
| 2020-10-01
⋅
Wired
⋅
Russia’s Fancy Bear Hackers Likely Penetrated a US Federal Agency Cobalt Strike Meterpreter |
| 2020-10-01
⋅
US-CERT
⋅
Alert (AA20-275A): Potential for China Cyber Response to Heightened U.S.-China Tensions CHINACHOPPER Cobalt Strike Empire Downloader MimiKatz Poison Ivy |
| 2020-10-01
⋅
KELA
⋅
To Attack or Not to Attack: Targeting the Healthcare Sector in the Underground Ecosystem Conti DoppelPaymer Mailto Maze REvil Ryuk SunCrypt |
| 2020-09-29
⋅
PWC UK
⋅
What's behind the increase in ransomware attacks this year? DarkSide Avaddon Clop Conti DoppelPaymer Dridex Emotet FriedEx Mailto PwndLocker QakBot REvil Ryuk SMAUG SunCrypt TrickBot WastedLocker |
| 2020-09-29
⋅
Microsoft
⋅
Microsoft Digital Defense Report Emotet IcedID Mailto Maze QakBot REvil RobinHood TrickBot |
| 2020-09-29
⋅
Github (Apr4h)
⋅
CobaltStrikeScan Cobalt Strike |
| 2020-09-29
⋅
CrowdStrike
⋅
Getting the Bacon from the Beacon Cobalt Strike |
| 2020-09-29
⋅
Zscaler
⋅
Spear Phishing Campaign Delivers Buer and Bazar Malware BazarBackdoor Buer |
| 2020-09-24
⋅
Kaspersky Labs
⋅
Threat landscape for industrial automation systems - H1 2020 Poet RAT Mailto Milum RagnarLocker REvil Ryuk Snake |
| 2020-09-24
⋅
US-CERT
⋅
Analysis Report (AR20-268A): Federal Agency Compromised by Malicious Cyber Actor Cobalt Strike Meterpreter |
| 2020-09-22
⋅
OSINT Fans
⋅
What Service NSW has to do with Russia? TrickBot |
| 2020-09-22
⋅
vmware
⋅
Detecting Threats in Real-time With Active C2 Information Agent.BTZ Cobalt Strike Dacls NetWire RC PoshC2 Winnti |
| 2020-09-21
⋅
Cisco Talos
⋅
The art and science of detecting Cobalt Strike Cobalt Strike |
| 2020-09-18
⋅
Trend Micro
⋅
U.S. Justice Department Charges APT41 Hackers over Global Cyberattacks Cobalt Strike ColdLock |
| 2020-09-16
⋅
Intel 471
⋅
Partners in crime: North Koreans and elite Russian-speaking cybercriminals TrickBot |
| 2020-09-03
⋅
⋅
Viettel Cybersecurity
⋅
APT32 deobfuscation arsenal: Deobfuscating một vài loại Obfucation Toolkit của APT32 (Phần 2) Cobalt Strike |
| 2020-09-01
⋅
Cisco Talos
⋅
Quarterly Report: Incident Response trends in Summer 2020 Cobalt Strike LockBit Mailto Maze Ryuk |
| 2020-08-31
⋅
The DFIR Report
⋅
NetWalker Ransomware in 1 Hour Cobalt Strike Mailto MimiKatz |
| 2020-08-31
⋅
cyber.wtf blog
⋅
Trickbot rdpscanDll – Transforming Candidate Credentials for Brute-Forcing RDP Servers TrickBot |
| 2020-08-20
⋅
sensecy
⋅
Global Ransomware Attacks in 2020: The Top 4 Vulnerabilities Clop Maze REvil Ryuk |
| 2020-08-20
⋅
⋅
Seebug Paper
⋅
Use ZoomEye to track multiple Redteam C&C post-penetration attack frameworks Cobalt Strike Empire Downloader PoshC2 |
| 2020-08-20
⋅
CERT-FR
⋅
Development of the Activity of the TA505 Cybercriminal Group AndroMut Bart Clop Dridex FlawedAmmyy FlawedGrace Get2 Locky Marap QuantLoader SDBbot ServHelper tRat TrickBot |
| 2020-08-19
⋅
⋅
TEAMT5
⋅
調查局 08/19 公布中國對台灣政府機關駭侵事件說明 Cobalt Strike Waterbear |
| 2020-08-18
⋅
Arete
⋅
Is Conti the New Ryuk? Conti Ryuk |
| 2020-08-14
⋅
Twitter (@VK_intel)
⋅
Tweet on Zloader infection leading to Cobaltstrike Installation Cobalt Strike Zloader |
| 2020-08-09
⋅
F5 Labs
⋅
Banking Trojans: A Reference Guide to the Malware Family Tree BackSwap Carberp Citadel DanaBot Dridex Dyre Emotet Gozi Kronos PandaBanker Ramnit Shylock SpyEye Tinba TrickBot Vawtrak Zeus |
| 2020-08-06
⋅
Wired
⋅
Chinese Hackers Have Pillaged Taiwan's Semiconductor Industry Cobalt Strike MimiKatz Winnti Red Charon |
| 2020-08-04
⋅
BlackHat
⋅
Operation Chimera - APT Operation Targets Semiconductor Vendors Cobalt Strike MimiKatz Winnti Red Charon |
| 2020-08-01
⋅
Temple University
⋅
Critical Infrastructure Ransomware Attacks CryptoLocker Cryptowall DoppelPaymer FriedEx Mailto Maze REvil Ryuk SamSam WannaCryptor |
| 2020-07-29
⋅
ESET Research
⋅
THREAT REPORT Q2 2020 DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos PlugX Pony REvil Socelars STOP Tinba TrickBot WannaCryptor |
| 2020-07-29
⋅
Kaspersky Labs
⋅
APT trends report Q2 2020 PhantomLance Dacls Penquin Turla elf.wellmess AppleJeus Dacls AcidBox Cobalt Strike Dacls EternalPetya Godlike12 Olympic Destroyer PlugX shadowhammer ShadowPad Sinowal VHD Ransomware Volgmer WellMess X-Agent XTunnel |
| 2020-07-26
⋅
Shells.System blog
⋅
In-Memory shellcode decoding to evade AVs/EDRs Cobalt Strike |
| 2020-07-22
⋅
On the Hunt
⋅
Analysing Fileless Malware: Cobalt Strike Beacon Cobalt Strike |
| 2020-07-22
⋅
SentinelOne
⋅
Enter the Maze: Demystifying an Affiliate Involved in Maze (SNOW) ISFB Maze TrickBot Zloader |
| 2020-07-21
⋅
Malwarebytes
⋅
Chinese APT group targets India and Hong Kong using new variant of MgBot malware KSREMOTE Cobalt Strike MgBot Evasive Panda |
| 2020-07-20
⋅
Bleeping Computer
⋅
Emotet-TrickBot malware duo is back infecting Windows machines Emotet TrickBot |
| 2020-07-16
⋅
Cybereason
⋅
A Bazar of Tricks: Following Team9’s Development Cycles (IOCs) BazarBackdoor |
| 2020-07-16
⋅
Cybereason
⋅
A Bazar of Tricks: Following Team9’s Development Cycles BazarBackdoor |
| 2020-07-15
⋅
Johannes Bader's Blog
⋅
The Defective Domain Generation Algorithm of BazarBackdoor BazarBackdoor |
| 2020-07-14
⋅
Johannes Bader's Blog
⋅
The Domain Generation Algorithm of BazarBackdoor BazarBackdoor |
| 2020-07-13
⋅
JoeSecurity
⋅
TrickBot's new API-Hammering explained TrickBot |
| 2020-07-11
⋅
Advanced Intelligence
⋅
TrickBot Group Launches Test Module Alerting on Fraud Activity TrickBot |
| 2020-07-11
⋅
BleepingComputer
⋅
TrickBot malware mistakenly warns victims that they are infected TrickBot |
| 2020-07-07
⋅
MWLab
⋅
Cobalt Strike stagers used by FIN6 Cobalt Strike |
| 2020-07-06
⋅
NTT
⋅
TrickBot variant “Anchor_DNS” communicating over DNS AnchorDNS TrickBot |
| 2020-07-01
⋅
Contextis
⋅
DLL Search Order Hijacking Cobalt Strike PlugX |
| 2020-06-23
⋅
NCC Group
⋅
WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group Cobalt Strike ISFB WastedLocker |
| 2020-06-23
⋅
Symantec
⋅
Sodinokibi: Ransomware Attackers also Scanning for PoS Software, Leveraging Cobalt Strike Cobalt Strike REvil |
| 2020-06-23
⋅
Bleeping Computer
⋅
Ryuk ransomware deployed two weeks after Trickbot infection Ryuk |
| 2020-06-22
⋅
Talos Intelligence
⋅
IndigoDrop spreads via military-themed lures to deliver Cobalt Strike Cobalt Strike IndigoDrop |
| 2020-06-22
⋅
Sentinel LABS
⋅
Inside a TrickBot Cobalt Strike Attack Server Cobalt Strike TrickBot |
| 2020-06-22
⋅
⋅
CERT-FR
⋅
Évolution De Lactivité du Groupe Cybercriminel TA505 Amadey AndroMut Bart Clop Dridex FlawedGrace Gandcrab Get2 GlobeImposter Jaff Locky Marap Philadephia Ransom QuantLoader Scarab Ransomware SDBbot ServHelper Silence tRat TrickBot |
| 2020-06-19
⋅
Zscaler
⋅
Targeted Attack Leverages India-China Border Dispute to Lure Victims Cobalt Strike |
| 2020-06-19
⋅
Youtube (Raphael Mudge)
⋅
Beacon Object Files - Luser Demo Cobalt Strike |
| 2020-06-18
⋅
Australian Cyber Security Centre
⋅
Advisory 2020-008: Copy-Paste Compromises –tactics, techniques and procedures used to target multiple Australian networks TwoFace Cobalt Strike Empire Downloader |
| 2020-06-17
⋅
Malwarebytes
⋅
Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature Cobalt Strike |
| 2020-06-17
⋅
Youtube (Red Canary)
⋅
ATT&CK® Deep Dive: Process Injection ISFB Ramnit TrickBot |
| 2020-06-15
⋅
Fortinet
⋅
Global Malicious Spam Campaign Using Black Lives Matter as a Lure TrickBot |
| 2020-06-15
⋅
NCC Group
⋅
Striking Back at Retired Cobalt Strike: A look at a legacy vulnerability Cobalt Strike |
| 2020-06-15
⋅
Cisco Talos
⋅
Quarterly report: Incident Response trends in Summer 2020 Ryuk |
| 2020-06-12
⋅
Hornetsecurity
⋅
Trickbot Malspam Leveraging Black Lives Matter as Lure TrickBot |
| 2020-06-11
⋅
Cofense
⋅
All You Need Is Text: Second Wave TrickBot |
| 2020-06-09
⋅
Github (Sentinel-One)
⋅
CobaltStrikeParser Cobalt Strike |
| 2020-06-02
⋅
Lastline Labs
⋅
Evolution of Excel 4.0 Macro Weaponization Agent Tesla DanaBot ISFB TrickBot Zloader |
| 2020-06-02
⋅
NCC Group
⋅
In-depth analysis of the new Team9 malware family BazarBackdoor |
| 2020-06-02
⋅
Fox-IT
⋅
In-depth analysis of the new Team9 malware family BazarBackdoor |
| 2020-05-28
⋅
Palo Alto Networks Unit 42
⋅
Goodbye Mworm, Hello Nworm: TrickBot Updates Propagation Module TrickBot |
| 2020-05-21
⋅
Intel 471
⋅
A brief history of TA505 AndroMut Bart Dridex FlawedAmmyy FlawedGrace Gandcrab Get2 GlobeImposter Jaff Kegotip Locky Necurs Philadephia Ransom Pony QuantLoader Rockloader SDBbot ServHelper Shifu Snatch TrickBot |
| 2020-05-19
⋅
AlienLabs
⋅
TrickBot BazarLoader In-Depth Anchor BazarBackdoor TrickBot |
| 2020-05-14
⋅
SentinelOne
⋅
Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant TrickBot |
| 2020-05-14
⋅
Lab52
⋅
The energy reserves in the Eastern Mediterranean Sea and a malicious campaign of APT10 against Turkey Cobalt Strike HTran MimiKatz PlugX Quasar RAT |
| 2020-05-11
⋅
SentinelOne
⋅
The Anatomy of an APT Attack and CobaltStrike Beacon’s Encoded Configuration Cobalt Strike |
| 2020-05-05
⋅
N1ght-W0lf Blog
⋅
Deep Analysis of Ryuk Ransomware Ryuk |
| 2020-04-27
⋅
Trend Micro
⋅
Group Behind TrickBot Spreads Fileless BazarBackdoor BazarBackdoor |
| 2020-04-24
⋅
TrickBot "BazarBackdoor" Process Hollowing Injection Primer BazarBackdoor |
| 2020-04-24
⋅
Bleeping Computer
⋅
BazarBackdoor: TrickBot gang’s new stealthy network-hacking malware BazarBackdoor |
| 2020-04-24
⋅
The DFIR Report
⋅
Ursnif via LOLbins Cobalt Strike LOLSnif TeamSpy |
| 2020-04-19
⋅
SecurityLiterate
⋅
Reversing Ryuk: A Technical Analysis of Ryuk Ransomware Ryuk |
| 2020-04-16
⋅
Medium CyCraft
⋅
Taiwan High-Tech Ecosystem Targeted by Foreign APT Group: Digital Skeleton Key Bypasses Security Measures Cobalt Strike MimiKatz Red Charon |
| 2020-04-14
⋅
Intel 471
⋅
Understanding the relationship between Emotet, Ryuk and TrickBot Emotet Ryuk TrickBot |
| 2020-04-14
⋅
Intrinsec
⋅
Deobfuscating and hunting for OSTAP, Trickbot’s dropper and best friend ostap TrickBot |
| 2020-04-09
⋅
Zscaler
⋅
TrickBot Emerges with a Few New Tricks TrickBot |
| 2020-04-08
⋅
SentinelOne
⋅
Deep Dive Into TrickBot Executor Module “mexec”: Hidden “Anchor” Bot Nexus Operations Anchor TrickBot |
| 2020-04-07
⋅
SecurityIntelligence
⋅
ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework More_eggs Anchor TrickBot |
| 2020-04-02
⋅
Darktrace
⋅
Catching APT41 exploiting a zero-day vulnerability Cobalt Strike |
| 2020-04-01
⋅
Cisco
⋅
Navigating Cybersecurity During a Pandemic: Latest Malware and Threat Actors Azorult CloudEyE Formbook KPOT Stealer Metamorfo Nanocore RAT NetWire RC TrickBot |
| 2020-03-31
⋅
FireEye
⋅
It’s Your Money and They Want It Now - The Cycle of Adversary Pursuit Ryuk TrickBot UNC1878 |
| 2020-03-31
⋅
Cisco Talos
⋅
Trickbot: A primer TrickBot |
| 2020-03-30
⋅
Intezer
⋅
Fantastic payloads and where we find them Dridex Emotet ISFB TrickBot |
| 2020-03-26
⋅
VMWare Carbon Black
⋅
The Dukes of Moscow Cobalt Strike LiteDuke MiniDuke OnionDuke PolyglotDuke PowerDuke |
| 2020-03-25
⋅
FireEye
⋅
This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits Speculoos Cobalt Strike |
| 2020-03-25
⋅
Wilbur Security
⋅
Trickbot to Ryuk in Two Hours Cobalt Strike Ryuk TrickBot |
| 2020-03-22
⋅
Malware and Stuff
⋅
Mustang Panda joins the COVID-19 bandwagon Cobalt Strike |
| 2020-03-20
⋅
RECON INFOSEC
⋅
Analysis Of Exploitation: CVE-2020-10189 ( exploited by APT41) Cobalt Strike |
| 2020-03-18
⋅
Bitdefender
⋅
New TrickBot Module Bruteforces RDP Connections, Targets Select Telecommunication Services in US and Hong Kong TrickBot |
| 2020-03-09
⋅
Fortinet
⋅
New Variant of TrickBot Being Spread by Word Document TrickBot |
| 2020-03-05
⋅
Microsoft
⋅
Human-operated ransomware attacks: A preventable disaster Dharma DoppelPaymer Dridex EternalPetya Gandcrab Hermes LockerGoga MegaCortex MimiKatz REvil RobinHood Ryuk SamSam TrickBot WannaCryptor PARINACOTA |
| 2020-03-04
⋅
Cobalt Strike
⋅
Cobalt Strike joins Core Impact at HelpSystems, LLC Cobalt Strike |
| 2020-03-04
⋅
Bleeping Computer
⋅
Ryuk Ransomware Attacked Epiq Global Via TrickBot Infection Ryuk TrickBot |
| 2020-03-04
⋅
CrowdStrike
⋅
2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER |
| 2020-03-03
⋅
PWC UK
⋅
Cyber Threats 2019:A Year in Retrospect KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA Sea Turtle |
| 2020-03-02
⋅
⋅
c't
⋅
Was Emotet anrichtet – und welche Lehren die Opfer daraus ziehen Emotet Ryuk |
| 2020-02-28
⋅
Morphisec
⋅
Trickbot Delivery Method Gets a New Upgrade Focusing on Windows 10 TrickBot |
| 2020-02-26
⋅
SentinelOne
⋅
Revealing the Trick | A Deep Dive into TrickLoader Obfuscation TrickBot |
| 2020-02-25
⋅
RSA Conference
⋅
Feds Fighting Ransomware: How the FBI Investigates and How You Can Help FastCash Cerber Defray Dharma FriedEx Gandcrab GlobeImposter Mamba Phobos Rapid Ransom REvil Ryuk SamSam Zeus |
| 2020-02-20
⋅
McAfee
⋅
CSI: Evidence Indicators for Targeted Ransomware Attacks – Part II Cobalt Strike LockerGoga Maze MegaCortex |
| 2020-02-19
⋅
FireEye
⋅
M-Trends 2020 Cobalt Strike Grateful POS LockerGoga QakBot TrickBot |
| 2020-02-18
⋅
Cisco Talos
⋅
Building a bypass with MSBuild Cobalt Strike GRUNT MimiKatz |
| 2020-02-18
⋅
Sophos Labs
⋅
Nearly a quarter of malware now communicates using TLS Dridex IcedID TrickBot |
| 2020-02-18
⋅
Trend Micro
⋅
Uncovering DRBControl: Inside the Cyberespionage Campaign Targeting Gambling Operations Cobalt Strike HyperBro PlugX Trochilus RAT Operation DRBControl |
| 2020-02-13
⋅
Qianxin
⋅
APT Report 2019 Chrysaor Exodus Dacls VPNFilter DNSRat Griffon KopiLuwak More_eggs SQLRat AppleJeus BONDUPDATER Agent.BTZ Anchor AndroMut AppleJeus BOOSTWRITE Brambul Carbanak Cobalt Strike Dacls DistTrack DNSpionage Dtrack ELECTRICFISH FlawedAmmyy FlawedGrace Get2 Grateful POS HOPLIGHT Imminent Monitor RAT jason Joanap KerrDown KEYMARBLE Lambert LightNeuron LoJax MiniDuke PolyglotDuke PowerRatankba Rising Sun SDBbot ServHelper Snatch Stuxnet TinyMet tRat TrickBot Volgmer X-Agent Zebrocy |
| 2020-02-13
⋅
Quick Heal
⋅
A Deep Dive Into Wakeup On Lan (WoL) Implementation of Ryuk Ryuk |
| 2020-02-12
⋅
VMWare Carbon Black
⋅
Ryuk Ransomware Technical Analysis Ryuk |
| 2020-02-10
⋅
Malwarebytes
⋅
2020 State of Malware Report magecart Emotet QakBot REvil Ryuk TrickBot WannaCryptor |
| 2020-01-30
⋅
Bleeping Computer
⋅
TrickBot Uses a New Windows 10 UAC Bypass to Launch Quietly TrickBot |
| 2020-01-30
⋅
Morphisec
⋅
Trickbot Trojan Leveraging a New Windows 10 UAC Bypass TrickBot |
| 2020-01-29
⋅
ANSSI
⋅
État de la menace rançongiciel Clop Dharma FriedEx Gandcrab LockerGoga Maze MegaCortex REvil RobinHood Ryuk SamSam |
| 2020-01-29
⋅
ZDNet
⋅
DOD contractor suffers ransomware infection Ryuk |
| 2020-01-29
⋅
Bleeping Computer
⋅
Malware Tries to Trump Security Software With POTUS Impeachment TrickBot |
| 2020-01-27
⋅
⋅
T-Systems
⋅
Vorläufiger forensischer Abschlussbericht zur Untersuchung des Incidents beim Berliner Kammergericht Emotet TrickBot |
| 2020-01-24
⋅
Bleeping Computer
⋅
New Ryuk Info Stealer Targets Government and Military Secrets Ryuk |
| 2020-01-24
⋅
ReversingLabs
⋅
Hunting for Ransomware Ryuk |
| 2020-01-23
⋅
Bleeping Computer
⋅
TrickBot Now Steals Windows Active Directory Credentials TrickBot |
| 2020-01-17
⋅
Battle Against Ursnif Malspam Campaign targeting Japan Cutwail ISFB TrickBot UrlZone |
| 2020-01-17
⋅
Secureworks
⋅
Is It Wrong to Try to Find APT Techniques in Ransomware Attack? Defray Dharma FriedEx Gandcrab GlobeImposter Matrix Ransom MedusaLocker Phobos REvil Ryuk SamSam Scarab Ransomware |
| 2020-01-16
⋅
Bleeping Computer
⋅
TrickBot Now Uses a Windows 10 UAC Bypass to Evade Detection TrickBot |
| 2020-01-14
⋅
Bleeping Computer
⋅
Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices Ryuk |
| 2020-01-10
⋅
CSIS
⋅
Threat Matrix H1 2019 Gustuff magecart Emotet Gandcrab Ramnit TrickBot |
| 2020-01-09
⋅
SentinelOne
⋅
Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets TrickBot WIZARD SPIDER |
| 2020-01-01
⋅
Secureworks
⋅
GOLD KINGSWOOD More_eggs ATMSpitter Cobalt Strike CobInt MimiKatz |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE PRESIDENT CHINACHOPPER Cobalt Strike PlugX MUSTANG PANDA |
| 2020-01-01
⋅
Secureworks
⋅
GOLD BLACKBURN Dyre TrickBot |
| 2020-01-01
⋅
Secureworks
⋅
GOLD SWATHMORE GlobeImposter Gozi IcedID TrickBot LUNAR SPIDER |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE RIVERSIDE Anel ChChes Cobalt Strike PlugX Poison Ivy Quasar RAT RedLeaves APT10 |
| 2020-01-01
⋅
Secureworks
⋅
GOLD DUPONT Cobalt Strike Defray PyXie GOLD DUPONT |
| 2020-01-01
⋅
Secureworks
⋅
GOLD NIAGARA Bateleur Griffon Carbanak Cobalt Strike DRIFTPIN TinyMet FIN7 |
| 2020-01-01
⋅
Secureworks
⋅
GOLD KINGSWOOD More_eggs ATMSpitter Cobalt Strike CobInt MimiKatz Cobalt |
| 2020-01-01
⋅
Secureworks
⋅
TIN WOODLAWN Cobalt Strike KerrDown MimiKatz PHOREAL RatSnif Remy SOUNDBITE APT32 |
| 2020-01-01
⋅
Secureworks
⋅
GOLD ULRICK Empire Downloader Ryuk TrickBot WIZARD SPIDER |
| 2020-01-01
⋅
Blackberry
⋅
State of Ransomware Maze MedusaLocker Nefilim Phobos REvil Ryuk STOP |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE MOHAWK AIRBREAK scanbox BLACKCOFFEE CHINACHOPPER Cobalt Strike Derusbi homefry murkytop SeDll APT40 |
| 2019-12-26
⋅
Bleeping Computer
⋅
Ryuk Ransomware Stops Encrypting Linux Folders Ryuk |
| 2019-12-21
⋅
Decrypt
⋅
How ransomware exploded in the age of Bitcoin Ryuk |
| 2019-12-19
⋅
Malwarebytes
⋅
Threat spotlight: the curious case of Ryuk ransomware Ryuk |
| 2019-12-15
⋅
Bleeping Computer
⋅
Ryuk Ransomware Likely Behind New Orleans Cyberattack Ryuk |
| 2019-12-12
⋅
FireEye
⋅
Cyber Threat Landscape in Japan – Revealing Threat in the Shadow Cerberus TSCookie Cobalt Strike Dtrack Emotet Formbook IcedID Icefog IRONHALO Loki Password Stealer (PWS) PandaBanker PLEAD POISONPLUG TrickBot BlackTech |
| 2019-12-09
⋅
Emsisoft
⋅
Caution! Ryuk Ransomware decryptor damages larger files, even if you pay Ryuk |
| 2019-12-09
⋅
Palo Alto Networks Unit 42
⋅
TrickBot Campaign Uses Fake Payroll Emails to Conduct Phishing Attacks TrickBot |
| 2019-12-05
⋅
⋅
Github (blackorbird)
⋅
APT32 Report Cobalt Strike |
| 2019-12-05
⋅
Cobalt Strike 4.0 – Bring Your Own Weaponization Cobalt Strike |
| 2019-11-29
⋅
Deloitte
⋅
Cyber Threat Intelligence & Incident Response Cobalt Strike |
| 2019-11-27
⋅
Twitter (@Prosegur)
⋅
Tweet on Incident of Information Security Ryuk |
| 2019-11-22
⋅
Palo Alto Networks Unit 42
⋅
Trickbot Updates Password Grabber Module TrickBot |
| 2019-11-19
⋅
FireEye
⋅
Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions MESSAGETAP TSCookie ACEHASH CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT HIGHNOON HTran MimiKatz NetWire RC POISONPLUG Poison Ivy pupy Quasar RAT ZXShell |
| 2019-11-13
⋅
CrowdStrike
⋅
Through the Eyes of the Adversary TrickBot CLOCKWORK SPIDER |
| 2019-11-08
⋅
Palo Alto Networks Unit 42
⋅
Wireshark Tutorial: Examining Trickbot Infections TrickBot |
| 2019-11-06
⋅
⋅
Heise Security
⋅
Emotet, Trickbot, Ryuk – ein explosiver Malware-Cocktail Emotet Ryuk TrickBot |
| 2019-11-05
⋅
tccontre Blog
⋅
CobaltStrike - beacon.dll : Your No Ordinary MZ Header Cobalt Strike |
| 2019-11-05
⋅
Information Age
⋅
Hospital cyberattack could have been avoided Ryuk |
| 2019-11-01
⋅
⋅
CCN-CERT
⋅
Informe Código Dañino CCN-CERT ID-26/19 Ryuk |
| 2019-11-01
⋅
CrowdStrike
⋅
WIZARD SPIDER Adds New Features to Ryuk for Targeting Hosts on LAN Ryuk WIZARD SPIDER |
| 2019-10-29
⋅
SneakyMonkey Blog
⋅
TRICKBOT - Analysis Part II TrickBot |
| 2019-10-24
⋅
Sentinel LABS
⋅
How TrickBot Malware Hooking Engine Targets Windows 10 Browsers TrickBot |
| 2019-09-25
⋅
GovCERT.ch
⋅
Trickbot - An analysis of data collected from the botnet TrickBot |
| 2019-09-23
⋅
MITRE
⋅
APT41 Derusbi MESSAGETAP Winnti ASPXSpy BLACKCOFFEE CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT MimiKatz NjRAT PlugX ShadowPad Winnti ZXShell APT41 |
| 2019-09-22
⋅
Check Point Research
⋅
Rancor: The Year of The Phish 8.t Dropper Cobalt Strike |
| 2019-08-27
⋅
Secureworks
⋅
TrickBot Modifications Target U.S. Mobile Users TrickBot WIZARD SPIDER |
| 2019-08-26
⋅
InQuest
⋅
Memory Analysis of TrickBot TrickBot |
| 2019-08-05
⋅
Trend Micro
⋅
Latest Trickbot Campaign Delivered via Highly Obfuscated JS File ostap TrickBot |
| 2019-07-12
⋅
DeepInstinct
⋅
TrickBooster – TrickBot’s Email-Based Infection Module TrickBot |
| 2019-07-11
⋅
NTT Security
⋅
Targeted TrickBot activity drops 'PowerBrace' backdoor PowerBrace TrickBot |
| 2019-06-13
⋅
Sekoia
⋅
Hunting and detecting Cobalt Strike Cobalt Strike |
| 2019-06-04
⋅
Bitdefender
⋅
An APT Blueprint: Gaining New Visibility into Financial Threats More_eggs Cobalt Strike |
| 2019-06-04
⋅
SlideShare
⋅
Inside Cybercrime Groups Harvesting Active Directory for Fun and Profit - Vitali Kremez TrickBot |
| 2019-05-22
⋅
TRICKBOT - Analysis TrickBot |
| 2019-05-09
⋅
GovCERT.ch
⋅
Severe Ransomware Attacks Against Swiss SMEs Emotet LockerGoga Ryuk TrickBot |
| 2019-05-08
⋅
Verizon Communications Inc.
⋅
2019 Data Breach Investigations Report BlackEnergy Cobalt Strike DanaBot Gandcrab GreyEnergy Mirai Olympic Destroyer SamSam |
| 2019-05-02
⋅
CERT.PL
⋅
Detricking TrickBot Loader TrickBot |
| 2019-04-24
⋅
Weixin
⋅
"Sea Lotus" APT organization's attack techniques against China in the first quarter of 2019 revealed Cobalt Strike SOUNDBITE |
| 2019-04-15
⋅
PenTestPartners
⋅
Cobalt Strike. Walkthrough for Red Teamers Cobalt Strike |
| 2019-04-05
⋅
FireEye
⋅
Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware LockerGoga Ryuk FIN6 |
| 2019-04-05
⋅
Medium vishal_thakur
⋅
Trickbot — a concise treatise TrickBot |
| 2019-04-02
⋅
Cybereason
⋅
Triple Threat: Emotet Deploys Trickbot to Steal Data & Spread Ryuk Ryuk TrickBot |
| 2019-04-01
⋅
⋅
Macnica Networks
⋅
OceanLotus Attack on Southeast Asian Automotive Industry CACTUSTORCH Cobalt Strike |
| 2019-04-01
⋅
⋅
Macnica Networks
⋅
Trends in Cyber Espionage Targeting Japan 2nd Half of 2018 Anel Cobalt Strike Datper PLEAD Quasar RAT RedLeaves taidoor Zebrocy |
| 2019-03-26
⋅
⋅
ANSSI
⋅
INFORMATIONS CONCERNANTLES RANÇONGICIELSLOCKERGOGA ET RYUK Ryuk |
| 2019-03-24
⋅
One Night in Norfolk
⋅
JEShell: An OceanLotus (APT32) Backdoor Cobalt Strike KerrDown |
| 2019-03-05
⋅
PepperMalware Blog
⋅
Quick Analysis of a Trickbot Sample with NSA's Ghidra SRE Framework TrickBot |
| 2019-02-27
⋅
Morphisec
⋅
New Global Cyber Attack on Point of Sale Sytem Cobalt Strike |
| 2019-02-26
⋅
Fox-IT
⋅
Identifying Cobalt Strike team servers in the wild Cobalt Strike |
| 2019-02-15
⋅
CrowdStrike
⋅
“Sin”-ful SPIDERS: WIZARD SPIDER and LUNAR SPIDER Sharing the Same Web Dyre IcedID TrickBot Vawtrak LUNAR SPIDER WIZARD SPIDER |
| 2019-02-12
⋅
Trend Micro
⋅
Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire TrickBot |
| 2019-01-11
⋅
FireEye
⋅
A Nasty Trick: From Credential Theft Malware to Business Disruption Ryuk TrickBot GRIM SPIDER WIZARD SPIDER |
| 2019-01-10
⋅
CrowdStrike
⋅
Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware Ryuk GRIM SPIDER MUMMY SPIDER STARDUST CHOLLIMA WIZARD SPIDER |
| 2019-01-09
⋅
McAfee
⋅
Ryuk Ransomware Attack: Rush to Attribution Misses the Point Ryuk |
| 2019-01-01
⋅
Virus Bulletin
⋅
Shinigami's Revenge: The Long Tail of Ryuk Malware Ryuk |
| 2018-12-29
⋅
Los Angeles Times
⋅
Malware attack disrupts delivery of L.A. Times and Tribune papers across the U.S. Ryuk |
| 2018-12-12
⋅
SecureData
⋅
The TrickBot and MikroTik connection TrickBot |
| 2018-12-05
⋅
VIPRE
⋅
Trickbot’s Tricks TrickBot |
| 2018-11-19
⋅
FireEye
⋅
Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign Cobalt Strike |
| 2018-11-18
⋅
Stranded on Pylos Blog
⋅
CozyBear – In from the Cold? Cobalt Strike APT29 |
| 2018-11-12
⋅
Malwarebytes
⋅
What’s new in TrickBot? Deobfuscating elements TrickBot |
| 2018-11-08
⋅
Fortinet
⋅
Deep Analysis of TrickBot New Module pwgrab TrickBot |
| 2018-11-01
⋅
Trend Micro
⋅
Trickbot Shows Off New Trick: Password Grabber Module TrickBot |
| 2018-10-01
⋅
⋅
Macnica Networks
⋅
Trends in cyber espionage (targeted attacks) targeting Japan | First half of 2018 Anel Cobalt Strike Datper FlawedAmmyy Quasar RAT RedLeaves taidoor Winnti xxmm |
| 2018-10-01
⋅
FireEye
⋅
ATT&CKing FIN7 Bateleur BELLHOP Griffon ANTAK POWERPIPE POWERSOURCE HALFBAKED BABYMETAL Carbanak Cobalt Strike DNSMessenger DRIFTPIN PILLOWMINT SocksBot |
| 2018-10-01
⋅
Group-IB
⋅
Hi-Tech Crime Trends 2018 BackSwap Cobalt Strike Cutlet Meterpreter |
| 2018-08-20
⋅
Check Point
⋅
Ryuk Ransomware: A Targeted Campaign Break-Down Ryuk |
| 2018-08-14
⋅
Cyberbit
⋅
Latest Trickbot Variant has New Tricks Up Its Sleeve TrickBot |
| 2018-08-03
⋅
JPCERT/CC
⋅
Volatility Plugin for Detecting Cobalt Strike Beacon Cobalt Strike |
| 2018-07-31
⋅
Github (JPCERTCC)
⋅
Scanner for CobaltStrike Cobalt Strike |
| 2018-07-03
⋅
Talos Intelligence
⋅
Smoking Guns - Smoke Loader learned new tricks SmokeLoader TrickBot |
| 2018-06-20
⋅
Unpacking and Extracting TrickBot Malware Configuration With x64dbg and Python TrickBot |
| 2018-06-13
⋅
Github (JR0driguezB)
⋅
TrickBot config files TrickBot |
| 2018-05-21
⋅
⋅
LAC
⋅
Confirmed new attacks by APT attacker group menuPass (APT10) Cobalt Strike |
| 2018-04-16
⋅
Random RE
⋅
TrickBot & UACME TrickBot |
| 2018-04-03
⋅
Vitali Kremez Blog
⋅
Let's Learn: Trickbot Implements Network Collector Module Leveraging CMD, WMI & LDAP TrickBot |
| 2018-03-31
⋅
Youtube (hasherezade)
⋅
Deobfuscating TrickBot's strings with libPeConv TrickBot |
| 2018-03-27
⋅
Trend Micro
⋅
Evolving Trickbot Adds Detection Evasion and Screen-Locking Features TrickBot |
| 2018-03-21
⋅
Webroot
⋅
TrickBot Banking Trojan Adapts with New Module TrickBot |
| 2018-02-15
⋅
SecurityIntelligence
⋅
TrickBot’s Cryptocurrency Hunger: Tricking the Bitcoin Out of Wallets TrickBot |
| 2018-02-01
⋅
Malware Traffic Analysis
⋅
Quick Test Drive of Trickbot (It now has a Monero Module) TrickBot |
| 2017-12-30
⋅
Youtube (hasherezade)
⋅
Unpacking TrickBot with PE-sieve TrickBot |
| 2017-12-19
⋅
Vitali Kremez Blog
⋅
Let's Learn: Introducing New Trickbot LDAP "DomainGrabber" Module TrickBot |
| 2017-11-22
⋅
Flashpoint
⋅
Trickbot Gang Evolves, Incorporates Account Checking Into Hybrid Attack Model TrickBot |
| 2017-11-21
⋅
Let's Learn: Trickbot Socks5 Backconnect Module In Detail TrickBot |
| 2017-10-06
⋅
Blueliv
⋅
TrickBot banking trojan using EFLAGS as an anti-hook technique TrickBot |
| 2017-08-01
⋅
Malwarebytes
⋅
TrickBot comes up with new tricks: attacking Outlook and browsing data TrickBot |
| 2017-07-27
⋅
Flashpoint
⋅
New Version of “Trickbot” Adds Worm Propagation Module TrickBot |
| 2017-07-01
⋅
Ring Zero Labs
⋅
TrickBot Banking Trojan - DOC00039217.doc TrickBot |
| 2017-06-15
⋅
F5
⋅
Trickbot Expands Global Targets Beyond Banks and Payment Processors to CRMs TrickBot |
| 2017-06-12
⋅
⋅
Security Art Work
⋅
Evolución de Trickbot TrickBot |
| 2017-06-06
⋅
FireEye
⋅
Privileges and Credentials: Phished at the Request of Counsel Cobalt Strike |
| 2017-06-06
⋅
Mandiant
⋅
Privileges and Credentials: Phished at the Request of Counsel Cobalt Strike APT19 |
| 2017-05-26
⋅
PWC
⋅
TrickBot’s bag of tricks TrickBot |
| 2017-05-15
⋅
Secureworks
⋅
Evolution of the GOLD EVERGREEN Threat Group CryptoLocker Dridex Dyre Gameover P2P Murofet TrickBot Zeus GOLD EVERGREEN |
| 2017-04-26
⋅
Youtube (Kaspersky)
⋅
China's Evolving Cyber Operations: A Look into APT19's Shift in Tactics Cobalt Strike APT19 |
| 2017-03-01
⋅
FraudWatch International
⋅
How Does the Trickbot Malware Work? TrickBot |
| 2016-12-07
⋅
Botconf
⋅
The TrickBot Evolution TrickBot |
| 2016-12-06
⋅
Fortinet
⋅
Deep Analysis of the Online Banking Botnet TrickBot TrickBot |
| 2016-11-09
⋅
Tricks of the Trade: A Deeper Look Into TrickBot’s Machinations TrickBot |
| 2016-11-07
⋅
F5 Labs
⋅
Little Trickbot Growing Up: New Campaign TrickBot |
| 2016-10-25
⋅
NetScout
⋅
TrickBot Banker Insights Godzilla Loader TrickBot |
| 2016-10-24
⋅
Malwarebytes
⋅
Introducing TrickBot, Dyreza’s successor TrickBot |
| 2016-10-15
⋅
Fidelis Cybersecurity
⋅
TrickBot: We Missed you, Dyre TrickBot |
| 2016-10-11
⋅
Symantec
⋅
Odinaff: New Trojan used in high level financial attacks Cobalt Strike KLRD MimiKatz Odinaff |
| 2012-01-01
⋅
Cobalt Strike
⋅
Cobalt Strike Website Cobalt Strike |