Click here to download all references as Bib-File.•
| 2023-03-29
⋅
Krakz
⋅
BumbleBee notes BumbleBee |
| 2023-02-20
⋅
Sekoia
⋅
Stealc: a copycat of Vidar and Raccoon infostealers gaining in popularity – Part 1 Stealc |
| 2022-12-22
⋅
Sekoia
⋅
New RisePro Stealer distributed by the prominent PrivateLoader RisePro |
| 2022-11-21
⋅
Sekoia
⋅
Aurora: a rising stealer flying under the radar Aurora Stealer |
| 2022-09-07
⋅
Google
⋅
Initial access broker repurposing techniques in targeted attacks against Ukraine AnchorMail Cobalt Strike IcedID |
| 2022-08-10
⋅
Kaspersky
⋅
VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges |
| 2022-06-30
⋅
Kaspersky
⋅
The SessionManager IIS backdoor: a possibly overlooked GELSEMIUM artefact MimiKatz Owlproxy SessionManager |
| 2022-06-29
⋅
Sekoia
⋅
Raccoon Stealer v2 – Part 2: In-depth analysis Raccoon |
| 2022-06-28
⋅
Sekoia
⋅
Raccoon Stealer v2 – Part 1: The return of the dead Raccoon |
| 2022-06-13
⋅
Sekoia
⋅
BumbleBee: a new trendy loader for Initial Access Brokers BumbleBee |
| 2022-04-07
⋅
Sekoia
⋅
Mars, a red-hot information stealer Mars Stealer |
| 2021-12-14
⋅
Kaspersky Labs
⋅
Owowa: the add-on that turns your OWA into a credential stealer and remote access panel Owowa |
| 2021-09-29
⋅
Kaspersky Labs
⋅
DarkHalo after SolarWinds: the Tomiris connection (UNC2849) tomiris Storm-0473 |
| 2021-04-05
⋅
Kaspersky
⋅
The leap of a Cycldek-related threat actor |
| 2021-01-12
⋅
pierrekim blog
⋅
Multiple vulnerabilities found in FiberHome HG6245D routers |
| 2020-12-03
⋅
Kaspersky Labs
⋅
What did DeathStalker hide between two ferns? PowerPepper Evilnum |
| 2020-10-15
⋅
Kaspersky Labs
⋅
IAmTheKing and the SlothfulMedia malware family SlothfulMedia |
| 2020-08-24
⋅
Kaspersky Labs
⋅
Lifting the veil on DeathStalker, a mercenary triumvirate EVILNUM Janicab Evilnum |
| 2020-07-28
⋅
Kaspersky Labs
⋅
Lazarus on the hunt for big game Dacls Dacls Dacls VHD Ransomware |
| 2020-03-31
⋅
Kaspersky Labs
⋅
Holy water: ongoing targeted water-holing attack in Asia Godlike12 |
| 2019-04-30
⋅
Cisco Talos
⋅
Sodinokibi ransomware exploits WebLogic Server vulnerability REvil |
| 2017-10-19
⋅
Proofpoint
⋅
APT28 racing to exploit CVE-2017-11292 Flash vulnerability before patches are deployed Seduploader |
| 2017-10-16
⋅
Proofpoint
⋅
Leviathan: Espionage actor spearphishes maritime and defense targets NanHaiShu SeDll APT40 |
| 2017-06-01
⋅
Proofpoint
⋅
Microsoft Word Intruder Integrates CVE-2017-0199, Utilized by Cobalt Group to Target Financial Institutions Cobalt |
| 2017-02-02
⋅
Proofpoint
⋅
Oops, they did it again: APT Targets Russia and Belarus with ZeroT and PlugX ZeroT |
| 2014-03-18
⋅
ESET Research
⋅
Operation Windigo – the vivisection of a large Linux server‑side credential‑stealing malware campaign Boaxxe Glupteba |
| 2014-03-01
⋅
ESET Research
⋅
OPERATION WINDIGO Ebury |
| 2013-09-25
⋅
ESET Research
⋅
Win32/Napolar – A new bot on the block Solarbot |
| 2013-04-26
⋅
ESET Research
⋅
Linux/Cdorked.A: New Apache backdoor being used in the wild to serve Blackhole CDorked |
| 2012-12-18
⋅
ESET Research
⋅
Malicious Apache module used for content injection: Linux/Chapro.A Chapro |