Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-12-14MandiantAdrian McCabe, Geoff Ackerman, Rufus Brown, Ryan Tomcik
Opening a Can of Whoop Ads: Detecting and Disrupting a Malvertising Campaign Distributing Backdoors
DanaBot DarkGate
2023-12-13FortinetAmey Gat, Angelo Cris Deveraturda, Hongkei Chan, Jared Betts, Jayesh Zala, John Simmons, Ken Evans, Mark Robson
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793
GraphDrop
2023-12-13CISACISA
Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally
GraphDrop
2023-12-07Cert-UACert-UA
UAC-0050 mass cyberattack using RemcosRAT/MeduzaStealer against Ukraine and Poland (CERT-UA#8218)
Meduza Stealer Remcos
2023-11-23Infosec WriteupsOsama Ellahi
Malware analysis Remcos RAT- 4.9.2 Pro
Remcos
2023-11-14SOC PrimeVeronika Telychko
Remcos RAT Detection: UAC-0050 Hackers Launch Phishing Attacks Impersonating the Security Service of Ukraine
Remcos UAC-0050
2023-11-09MandiantChris Sistrunk, Daniel Kapellmann Zafra, Jared Wilson, John Wolfram, Keith Lunden, Ken Proska, Nathan Brubaker, Tyler McLellan
Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology
CaddyWiper
2023-10-27Twitter (@embee_research)Embee_research
Remcos Downloader Analysis - Manual Deobfuscation of Visual Basic and Powershell
Remcos
2023-10-26Medium walmartglobaltechJonathan Mccay
SmartApeSG
NetSupportManager RAT
2023-10-18MicrosoftMicrosoft Threat Intelligence
Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability
FeedLoad ForestTiger HazyLoad RollSling Silent Chollima
2023-09-28ConfiantBOZOSLIVEHERE
Exploring ScamClub Payloads via Deobfuscation Using Abstract Syntax Trees
ScamClub
2023-09-21ESET ResearchZuzana Hromcová
OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes
Mango Solar
2023-09-19CheckpointAlexey Bukhteyev, Arie Olshtein
Unveiling the Shadows: The Dark Alliance between GuLoader and Remcos
CloudEyE Remcos
2023-09-08K7 SecuritySudeep Waingankar
RomCom RAT: Not Your Typical Love Story
ROMCOM RAT RomCom
2023-08-31Rapid7 LabsEvan McCann, Natalie Zargarov, Thomas Elkins, Tyler McGraw
Fake Update Utilizes New IDAT Loader To Execute StealC and Lumma Infostealers
FAKEUPDATES Amadey HijackLoader Lumma Stealer SectopRAT
2023-08-26rmceoin.github.ioRandy McEoin
ClearFake Malware Analysis
ClearFake
2023-07-18Medium walmartglobaltechJason Reaves, Jonathan Mccay, Joshua Platt
NemesisProject
Nemesis
2023-07-10MandiantJennifer Guzzetta, Matthew McWhirt, Phil Pearce, Thirumalai Natarajan Muthiah
Defend Against the Latest Active Directory Certificate Services Threats
2023-07-08BlackberryBlackBerry Research & Intelligence Team
RomCom Threat Actor Suspected of Targeting Ukraine's NATO Membership Talks at the NATO Summit
ROMCOM RAT
2023-06-28MandiantAlexander Marvi, Greg Blaum, Ron Craft
Detection, Containment, and Hardening Opportunities for Privileged Guest Operations, Anomalous Behavior, and VMCI Backdoors on Compromised VMware Hosts
UNC3886