Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-01-12CiscoChetan Raghuprasad, Vanja Svajcer
@online{raghuprasad:20220112:nanocore:938e93c, author = {Chetan Raghuprasad and Vanja Svajcer}, title = {{Nanocore, Netwire and AsyncRAT spreading campaign uses public cloud infrastructure}}, date = {2022-01-12}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2022/01/nanocore-netwire-and-asyncrat-spreading.html}, language = {English}, urldate = {2022-01-18} } Nanocore, Netwire and AsyncRAT spreading campaign uses public cloud infrastructure
AsyncRAT Nanocore RAT NetWire RC
2021-12-03SANS ISC InfoSec ForumsBrad Duncan
@online{duncan:20211203:ta551:f71be57, author = {Brad Duncan}, title = {{TA551 (Shathak) pushes IcedID (Bokbot)}}, date = {2021-12-03}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/forums/diary/TA551+Shathak+pushes+IcedID+Bokbot/28092/}, language = {English}, urldate = {2021-12-06} } TA551 (Shathak) pushes IcedID (Bokbot)
IcedID
2021-12-02CiscoTiago Pereira
@online{pereira:20211202:magnat:15dcabb, author = {Tiago Pereira}, title = {{Magnat campaigns use malvertising to deliver information stealer, backdoor and malicious Chrome extension}}, date = {2021-12-02}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2021/12/magnat-campaigns-use-malvertising-to.html}, language = {English}, urldate = {2021-12-07} } Magnat campaigns use malvertising to deliver information stealer, backdoor and malicious Chrome extension
Azorult RedLine Stealer
2021-11-16CiscoChetan Raghuprasad, Vanja Svajcer, Asheer Malhotra
@online{raghuprasad:20211116:attackers:c31ad77, author = {Chetan Raghuprasad and Vanja Svajcer and Asheer Malhotra}, title = {{Attackers use domain fronting technique to target Myanmar with Cobalt Strike}}, date = {2021-11-16}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2021/11/attackers-use-domain-fronting-technique.html}, language = {English}, urldate = {2021-11-17} } Attackers use domain fronting technique to target Myanmar with Cobalt Strike
Cobalt Strike
2021-11-10RandoriRandori Attack Team
@online{team:20211110:zeroday:3c362f3, author = {Randori Attack Team}, title = {{Zero-Day Disclosure: Palo Alto Networks GlobalProtect VPN CVE-2021-3064}}, date = {2021-11-10}, organization = {Randori}, url = {https://www.randori.com/blog/cve-2021-3064/}, language = {English}, urldate = {2021-11-17} } Zero-Day Disclosure: Palo Alto Networks GlobalProtect VPN CVE-2021-3064
2021-11-10Twitter (@ESETresearch)ESET Research
@online{research:20211110:discovery:c5ef2c6, author = {ESET Research}, title = {{Tweet on a discovery of a trojanized IDA Pro installer, distributed by the LABYRINTH CHOLLIMA group.}}, date = {2021-11-10}, organization = {Twitter (@ESETresearch)}, url = {https://twitter.com/ESETresearch/status/1458438155149922312}, language = {English}, urldate = {2021-12-01} } Tweet on a discovery of a trojanized IDA Pro installer, distributed by the LABYRINTH CHOLLIMA group.
2021-11-10Cisco TalosJungsoo An, Asheer Malhotra, Kendall McKay
@online{an:20211110:north:feab945, author = {Jungsoo An and Asheer Malhotra and Kendall McKay}, title = {{North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets}}, date = {2021-11-10}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/11/kimsuky-abuses-blogs-delivers-malware.html}, language = {English}, urldate = {2021-11-17} } North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets
GoldDragon
2021-11-09Cisco TalosClaudio Bozzato, Lilith Wyatt
@online{bozzato:20211109:cisco:2f6a349, author = {Claudio Bozzato and Lilith Wyatt}, title = {{Cisco Talos finds 10 vulnerabilities in Azure Sphere’s Linux kernel, Security Monitor and Pluton}}, date = {2021-11-09}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/11/cisco-talos-finds-10-vulnerabilities-in.html}, language = {English}, urldate = {2021-11-11} } Cisco Talos finds 10 vulnerabilities in Azure Sphere’s Linux kernel, Security Monitor and Pluton
2021-11-03Cisco TalosChetan Raghuprasad, Vanja Svajcer, Caitlin Huey
@online{raghuprasad:20211103:microsoft:2b6de43, author = {Chetan Raghuprasad and Vanja Svajcer and Caitlin Huey}, title = {{Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk}}, date = {2021-11-03}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/11/babuk-exploits-exchange.html}, language = {English}, urldate = {2021-11-03} } Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk
Babuk CHINACHOPPER
2021-11-02GoSecureLilly Chalupowski
@online{chalupowski:20211102:new:b68bd68, author = {Lilly Chalupowski}, title = {{New Malware “Gameloader” in Discord Malspam Campaign Identified by GoSecure Titan Labs}}, date = {2021-11-02}, organization = {GoSecure}, url = {https://www.gosecure.net/blog/2021/11/02/new-malware-gameloader-in-discord-malspam-campaign-identified-by-gosecure-titan-labs/}, language = {English}, urldate = {2021-11-03} } New Malware “Gameloader” in Discord Malspam Campaign Identified by GoSecure Titan Labs
2021-10-28LookoutKristina Balaam, Paul Shunk
@online{balaam:20211028:rooting:fbbe47f, author = {Kristina Balaam and Paul Shunk}, title = {{Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign}}, date = {2021-10-28}, organization = {Lookout}, url = {https://blog.lookout.com/lookout-discovers-global-rooting-malware-campaign}, language = {English}, urldate = {2021-11-03} } Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign
AbstractEmu
2021-10-26Cisco TalosEdmund Brumaghin, Mariano Graziano, Nick Mavis
@online{brumaghin:20211026:squirrelwaffle:88c5943, author = {Edmund Brumaghin and Mariano Graziano and Nick Mavis}, title = {{SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike}}, date = {2021-10-26}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/10/squirrelwaffle-emerges.html}, language = {English}, urldate = {2021-11-02} } SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike
Cobalt Strike QakBot Squirrelwaffle
2021-10-21NetskopeGustavo Palazolo
@online{palazolo:20211021:dbatloader:7074875, author = {Gustavo Palazolo}, title = {{DBatLoader: Abusing Discord to Deliver Warzone RAT}}, date = {2021-10-21}, organization = {Netskope}, url = {https://www.netskope.com/blog/dbatloader-abusing-discord-to-deliver-warzone-rat}, language = {English}, urldate = {2021-10-26} } DBatLoader: Abusing Discord to Deliver Warzone RAT
Ave Maria DBatLoader
2021-10-20RiskIQJennifer Grob
@online{grob:20211020:overview:f51c170, author = {Jennifer Grob}, title = {{Overview of Malware Hosted on Discord's Content Delivery Network}}, date = {2021-10-20}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/fe25847f}, language = {English}, urldate = {2021-10-26} } Overview of Malware Hosted on Discord's Content Delivery Network
2021-10-19Cisco TalosAsheer Malhotra
@online{malhotra:20211019:malicious:6889662, author = {Asheer Malhotra}, title = {{Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India}}, date = {2021-10-19}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html}, language = {English}, urldate = {2021-11-02} } Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India
DCRat Quasar RAT
2021-10-19CiscoArtsiom Holub
@online{holub:20211019:strrat:4522f11, author = {Artsiom Holub}, title = {{STRRAT, ZLoader, and HoneyGain}}, date = {2021-10-19}, organization = {Cisco}, url = {https://umbrella.cisco.com/blog/cybersecurity-threat-spotlight-strrat-zloader-honeygain}, language = {English}, urldate = {2021-10-26} } STRRAT, ZLoader, and HoneyGain
STRRAT Zloader
2021-10-04CiscoTiago Pereira
@online{pereira:20211004:threat:9f493e1, author = {Tiago Pereira}, title = {{Threat hunting in large datasets by clustering security events}}, date = {2021-10-04}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2021/10/threat-hunting-in-large-datasets-by.html}, language = {English}, urldate = {2021-10-20} } Threat hunting in large datasets by clustering security events
BazarBackdoor TrickBot
2021-09-30CiscoVitor Ventura, Arnaud Zobec
@online{ventura:20210930:wolf:5617c7f, author = {Vitor Ventura and Arnaud Zobec}, title = {{A wolf in sheep's clothing: Actors spread malware by leveraging trust in Amnesty International and fear of Pegasus}}, date = {2021-09-30}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2021/09/fakeantipegasusamnesty.html}, language = {English}, urldate = {2021-10-20} } A wolf in sheep's clothing: Actors spread malware by leveraging trust in Amnesty International and fear of Pegasus
2021-09-27Security Soup BlogRyan Campbell
@online{campbell:20210927:doppeldridex:daa5f69, author = {Ryan Campbell}, title = {{DoppelDridex Delivered via Slack and Discord}}, date = {2021-09-27}, organization = {Security Soup Blog}, url = {https://security-soup.net/doppeldridex-delivered-via-slack-and-discord/}, language = {English}, urldate = {2021-09-29} } DoppelDridex Delivered via Slack and Discord
DoppelDridex
2021-09-21Trend MicroNikki Madayag, Josefino Fajilago IV
@online{madayag:20210921:cryptominer:39afc6e, author = {Nikki Madayag and Josefino Fajilago IV}, title = {{Cryptominer z0Miner Uses Newly Discovered Vulnerability CVE-2021-26084 to Its Advantage}}, date = {2021-09-21}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/i/cryptominer-z0miner-uses-newly-discovered-vulnerability-cve-2021.html}, language = {English}, urldate = {2021-09-28} } Cryptominer z0Miner Uses Newly Discovered Vulnerability CVE-2021-26084 to Its Advantage