Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-10-27Twitter (@embee_research)Embee_research
Remcos Downloader Analysis - Manual Deobfuscation of Visual Basic and Powershell
Remcos
2023-10-26Medium walmartglobaltechJonathan Mccay
SmartApeSG
SmartApeSG NetSupportManager RAT
2023-10-18MicrosoftMicrosoft Threat Intelligence
Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability
FeedLoad ForestTiger HazyLoad RollSling Silent Chollima
2023-09-28ConfiantBOZOSLIVEHERE
Exploring ScamClub Payloads via Deobfuscation Using Abstract Syntax Trees
ScamClub
2023-09-21ESET ResearchZuzana Hromcová
OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes
Mango Solar
2023-09-19CheckpointAlexey Bukhteyev, Arie Olshtein
Unveiling the Shadows: The Dark Alliance between GuLoader and Remcos
CloudEyE Remcos
2023-09-08K7 SecuritySudeep Waingankar
RomCom RAT: Not Your Typical Love Story
ROMCOM RAT RomCom
2023-08-31Rapid7 LabsEvan McCann, Natalie Zargarov, Thomas Elkins, Tyler McGraw
Fake Update Utilizes New IDAT Loader To Execute StealC and Lumma Infostealers
FAKEUPDATES Amadey HijackLoader Lumma Stealer SectopRAT
2023-08-26rmceoin.github.ioRandy McEoin
ClearFake Malware Analysis
ClearFake
2023-07-18Medium walmartglobaltechJason Reaves, Jonathan Mccay, Joshua Platt
NemesisProject
Nemesis
2023-07-10MandiantJennifer Guzzetta, Matthew McWhirt, Phil Pearce, Thirumalai Natarajan Muthiah
Defend Against the Latest Active Directory Certificate Services Threats
2023-07-08BlackberryBlackBerry Research & Intelligence Team
RomCom Threat Actor Suspected of Targeting Ukraine's NATO Membership Talks at the NATO Summit
ROMCOM RAT
2023-06-28MandiantAlexander Marvi, Greg Blaum, Ron Craft
Detection, Containment, and Hardening Opportunities for Privileged Guest Operations, Anomalous Behavior, and VMCI Backdoors on Compromised VMware Hosts
UNC3886
2023-06-15GoogleAlyssa Glickman, Austin Larsen, Fernando Tomlinson, Jakub Jozwiak, John Palmisano, John Wolfram, Josh Villanueva, Mathew Potaczek, Matthew McWhirt
Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China
SALTWATER SEASPY WHIRLPOOL UNC4841
2023-06-15MandiantAustin Larsen, John Palmisano, John Wolfram, Mathew Potaczek, Matthew McWhirt
Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China
SALTWATER SEASPY UNC4841
2023-06-02MandiantDAN NUTTING, Genevieve Stark, Greg Blaum, Jeremy Kennelly, JOE PISANO, Josh Murchie, Juraj Sucik, Justin Moore, Kimberly Goody, Matthew McWhirt, Nader Zaveri, NICHOLAS BENNETT, OLLIE STYLES, PETER UKHANOV, WILL SILVERSTONE, ZACH SCHRAMM, Zander Work
Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft
2023-05-30SANS ISCBrad Duncan
Malspam pushes ModiLoader (DBatLoader) infection for Remcos RAT
DBatLoader
2023-05-30Trend MicroFeike Hacquebord, Fernando Mercês, Lord Alfred Remorin, Stephen Hilt
Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals
ROMCOM RAT RomCom
2023-05-16CyberRaijuJai Minton
Remcos RAT - Malware Analysis Lab
Remcos
2023-05-10BitdefenderAlexandru Maximciuc, Gheorghe Adrian Schipor, Martin Zugec, Victor Vrabie
Deep Dive Into DownEx Espionage Operation in Central Asia
DownEx