Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2025-08-26GoogleAustin Larsen, Matt Lin, Omar ElAhdan, Tyler McLellan
Widespread Data Theft Targets Salesforce Instances via Salesloft Drift
UNC6395
2025-08-25circleidWhoisXML API
RomCom and TransferLoader IoCs in the Spotlight
ROMCOM RAT TransferLoader
2025-08-19The Wall Street JournalRobert McMillan
Oregon Man Accused of Operating One of Most Powerful Attack ‘Botnets’ Ever Seen
RapperBot
2025-08-11ESET ResearchAnton Cherepanov, Damien Schaeffer, Peter Strýček
Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability
dynamichttp
2025-07-20rmceoin.github.ioRandy McEoin
Perl based macOS/linux Stealer
Pearl Stealer
2025-06-30ProofpointDavid Galazin, Greg Lesnewich, Kelsey Merriman, Proofpoint Threat Research Team, Selena Larson
10 Things I Hate About Attribution: RomCom vs. TransferLoader
DustyHammock MeltingClaw RustyClaw ShadyHammock SlipScreen TransferLoader TA829
2025-06-02Aryaka Networksbikash dash, varadharajan krishnasamy
Remcos on the Wire: Analyzing Network Artifacts and C2 Command Structures
Remcos
2025-04-25Twitter (@teamcymru_S2)TEAM CYMRU S2 THREAT RESEARCH
Tweet on North Korean Cyber Ops Leveraging Russian Infrastructure
2025-03-28Cisco TalosGuilherme Venere
Gamaredon campaign abuses LNK files to distribute Remcos backdoor
Remcos
2025-02-21SonicWallSonicWall
Remcos RAT Targets Europe: New AMSI and ETW Evasion Tactics Uncovered
Remcos
2025-01-30BitdefenderAlexandru Maximciuc, Gheorghe Adrian Schipor, Martin Zugec, Victor Vrabie
UAC-0063: Cyber Espionage Operation Expanding from Central Asia
HATVIBE
2025-01-20Medium walmartglobaltechJason Reaves, Jonathan Mccay, Joshua Platt
Qbot is Back.Connect
ReedBed UNC4393
2024-12-10cybleCyble
Head Mare Group Intensifies Attacks on Russia with PhantomCore Backdoor
PhantomCore Head Mare
2024-12-04Rapid7Tyler McGraw
Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware
Black Basta Cobalt Strike DarkGate SystemBC Zloader
2024-11-08FortinetXiaopeng Zhang
New Campaign Uses Remcos RAT to Exploit Victims
Remcos
2024-10-31Sophos X-OpsRoss McKerchar
Pacific Rim: Inside the Counter-Offensive—The TTPs Used to Neutralize China-Based Threats
Asnarök
2024-10-31Sophos X-OpsAndrew Brandt, Ross McKerchar
Pacific Rim timeline: Information for defenders from a braid of interlocking attack campaigns
Asnarök Tstark
2024-10-23Cisco TalosEdmund Brumaghin, Holger Unterbrink, Jordyn Dunk, Nicole Hoffman
Threat Spotlight: WarmCookie/BadSpace
Cobalt Strike csharp-streamer RAT WarmCookie
2024-10-17Cisco TalosAsheer Malhotra, Dmytro Korzhevin, Vanja Svajcer, Vitor Ventura
UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants
MeltingClaw ROMCOM RAT RustyClaw ShadyHammock RomCom
2024-10-17Hunt.ioHunt.io
From Warm to Burned: Shedding Light on Updated WarmCookie Infrastructure
WarmCookie