Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-05-07Cisco TalosCaitlin Huey, Andrew Windsor, Edmund Brumaghin
@online{huey:20210507:lemon:0d46f81, author = {Caitlin Huey and Andrew Windsor and Edmund Brumaghin}, title = {{Lemon Duck spreads its wings: Actors target Microsoft Exchange servers, incorporate new TTPs}}, date = {2021-05-07}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/05/lemon-duck-spreads-wings.html}, language = {English}, urldate = {2021-05-11} } Lemon Duck spreads its wings: Actors target Microsoft Exchange servers, incorporate new TTPs
CHINACHOPPER Cobalt Strike
2021-04-21TalosVanja Svajcer
@online{svajcer:20210421:year:4741c8e, author = {Vanja Svajcer}, title = {{A year of Fajan evolution and Bloomberg themed campaigns}}, date = {2021-04-21}, organization = {Talos}, url = {https://blog.talosintelligence.com/2021/04/a-year-of-fajan-evolution-and-bloomberg.html}, language = {English}, urldate = {2021-04-28} } A year of Fajan evolution and Bloomberg themed campaigns
MASS Logger Nanocore RAT NetWire RC Revenge RAT XpertRAT
2021-04-07TalosNick Biasini, Edmund Brumaghin, Chris Neal, Paul Eubanks.
@online{biasini:20210407:sowing:2bf94a9, author = {Nick Biasini and Edmund Brumaghin and Chris Neal and Paul Eubanks.}, title = {{Sowing Discord: Reaping the benefits of collaboration app abuse}}, date = {2021-04-07}, organization = {Talos}, url = {https://blog.talosintelligence.com/2021/04/collab-app-abuse.html}, language = {English}, urldate = {2021-04-19} } Sowing Discord: Reaping the benefits of collaboration app abuse
2021-03-09Cisco TalosCisco Talos
@online{talos:20210309:hafnium:55699b2, author = {Cisco Talos}, title = {{Hafnium Update: Continued Microsoft Exchange Server Exploitation}}, date = {2021-03-09}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/03/hafnium-update.html}, language = {English}, urldate = {2021-03-11} } Hafnium Update: Continued Microsoft Exchange Server Exploitation
2021-03-02Cisco TalosAsheer Malhotra
@online{malhotra:20210302:obliquerat:f7504fa, author = {Asheer Malhotra}, title = {{ObliqueRAT returns with new campaign using hijacked websites}}, date = {2021-03-02}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/02/obliquerat-new-campaign.html}, language = {English}, urldate = {2021-03-04} } ObliqueRAT returns with new campaign using hijacked websites
Oblique RAT
2021-02-23TalosVitor Ventura, Warren Mercer
@online{ventura:20210223:gamaredon:3fbfa9b, author = {Vitor Ventura and Warren Mercer}, title = {{Gamaredon - When nation states don’t pay all the bills}}, date = {2021-02-23}, organization = {Talos}, url = {https://blog.talosintelligence.com/2021/02/gamaredonactivities.html}, language = {English}, urldate = {2021-02-25} } Gamaredon - When nation states don’t pay all the bills
2021-02-17Cisco TalosVanja Svajcer
@online{svajcer:20210217:masslogger:cd9e6fb, author = {Vanja Svajcer}, title = {{Masslogger campaigns exfiltrates user credentials}}, date = {2021-02-17}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/02/masslogger-cred-exfil.html}, language = {English}, urldate = {2021-02-20} } Masslogger campaigns exfiltrates user credentials
MASS Logger
2021-02-09TalosWarren Mercer, Chris Neal, Vitor Ventura
@online{mercer:20210209:kasablanka:63078fc, author = {Warren Mercer and Chris Neal and Vitor Ventura}, title = {{Kasablanka Group's LodaRAT improves espionage capabilities on Android and Windows}}, date = {2021-02-09}, organization = {Talos}, url = {https://blog.talosintelligence.com/2021/02/kasablanka-lodarat.html}, language = {English}, urldate = {2021-02-09} } Kasablanka Group's LodaRAT improves espionage capabilities on Android and Windows
Loda
2021-01-06TalosIrshad Muhammad, Holger Unterbrink
@online{muhammad:20210106:deep:8fa3a1f, author = {Irshad Muhammad and Holger Unterbrink}, title = {{A Deep Dive into Lokibot Infection Chain}}, date = {2021-01-06}, organization = {Talos}, url = {https://blog.talosintelligence.com/2021/01/a-deep-dive-into-lokibot-infection-chain.html}, language = {English}, urldate = {2021-01-10} } A Deep Dive into Lokibot Infection Chain
Loki Password Stealer (PWS)
2021-01-04Cisco TalosAzim Khodjibaev, Dmytro Korzhevin, Kendall McKay
@techreport{khodjibaev:20210104:interview:6735752, author = {Azim Khodjibaev and Dmytro Korzhevin and Kendall McKay}, title = {{Interview with a LockBit ransomware operator}}, date = {2021-01-04}, institution = {Cisco Talos}, url = {https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/481/original/010421_LockBit_Interview.pdf}, language = {English}, urldate = {2021-02-17} } Interview with a LockBit ransomware operator
LockBit
2021TalosTalos Incident Response
@techreport{response:2021:cobalt:f4412fa, author = {Talos Incident Response}, title = {{Cobalt Strikes Out}}, date = {2021}, institution = {Talos}, url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/542/original/CTIR_casestudy_2.pdf}, language = {English}, urldate = {2021-05-26} } Cobalt Strikes Out
Cobalt Strike
2021TalosTalos Incident Response
@techreport{response:2021:evicting:c795470, author = {Talos Incident Response}, title = {{Evicting Maze}}, date = {2021}, institution = {Talos}, url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/543/original/CTIR_casestudy_1.pdf}, language = {English}, urldate = {2021-05-26} } Evicting Maze
Cobalt Strike Maze
2020-12-21Cisco TalosJON MUNSHAW
@online{munshaw:20201221:2020:4a88f84, author = {JON MUNSHAW}, title = {{2020: The year in malware}}, date = {2020-12-21}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/12/2020-year-in-malware.html}, language = {English}, urldate = {2020-12-26} } 2020: The year in malware
WolfRAT Prometei Poet RAT Agent Tesla Astaroth Ave Maria CRAT Emotet Gozi IndigoDrop JhoneRAT Nanocore RAT NjRAT Oblique RAT SmokeLoader StrongPity WastedLocker Zloader
2020-12-14Cisco TalosNick Biasini
@online{biasini:20201214:threat:63acc35, author = {Nick Biasini}, title = {{Threat Advisory: SolarWinds supply chain attack}}, date = {2020-12-14}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/12/solarwinds-supplychain-coverage.html#more}, language = {English}, urldate = {2020-12-19} } Threat Advisory: SolarWinds supply chain attack
SUNBURST TEARDROP
2020-12-01TalosVanja Svajcer, Adam Pridgen
@online{svajcer:20201201:xanthe:ee9ae54, author = {Vanja Svajcer and Adam Pridgen}, title = {{Xanthe - Docker aware miner}}, date = {2020-12-01}, organization = {Talos}, url = {https://blog.talosintelligence.com/2020/12/xanthe-docker-aware-miner.html}, language = {English}, urldate = {2020-12-08} } Xanthe - Docker aware miner
Xanthe
2020-11-17Cisco TalosNikhil Hegde
@online{hegde:20201117:nibiru:7a0faf4, author = {Nikhil Hegde}, title = {{Nibiru ransomware variant decryptor}}, date = {2020-11-17}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/11/Nibiru-ransomware.html}, language = {English}, urldate = {2020-11-19} } Nibiru ransomware variant decryptor
Nibiru
2020-11-12TalosAsheer Malhotra
@online{malhotra:20201112:crat:1761f4e, author = {Asheer Malhotra}, title = {{CRAT wants to plunder your endpoints}}, date = {2020-11-12}, organization = {Talos}, url = {https://blog.talosintelligence.com/2020/11/crat-and-plugins.html}, language = {English}, urldate = {2020-11-18} } CRAT wants to plunder your endpoints
CRAT
2020-10-29Cisco TalosWarren Mercer, Paul Rascagnères, Vitor Ventura
@online{mercer:20201029:donots:850f31b, author = {Warren Mercer and Paul Rascagnères and Vitor Ventura}, title = {{DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread}}, date = {2020-10-29}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/10/donot-firestarter.html}, language = {English}, urldate = {2020-10-29} } DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread
Unidentified APK 005
2020-10-06TalosWarren Mercer, Paul Rascagnères, Vitor Ventura
@online{mercer:20201006:poetrat:17f845e, author = {Warren Mercer and Paul Rascagnères and Vitor Ventura}, title = {{PoetRAT: Malware targeting public and private sector in Azerbaijan evolves}}, date = {2020-10-06}, organization = {Talos}, url = {https://blog.talosintelligence.com/2020/10/poetrat-update.html}, language = {English}, urldate = {2020-10-07} } PoetRAT: Malware targeting public and private sector in Azerbaijan evolves
Poet RAT
2020-09-29Cisco TalosChris Neal
@online{neal:20200929:lodarat:d1cf82f, author = {Chris Neal}, title = {{LodaRAT Update: Alive and Well}}, date = {2020-09-29}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/09/lodarat-update-alive-and-well.html}, language = {English}, urldate = {2020-10-04} } LodaRAT Update: Alive and Well
Loda