Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-11-16CiscoChetan Raghuprasad, Vanja Svajcer, Asheer Malhotra
@online{raghuprasad:20211116:attackers:c31ad77, author = {Chetan Raghuprasad and Vanja Svajcer and Asheer Malhotra}, title = {{Attackers use domain fronting technique to target Myanmar with Cobalt Strike}}, date = {2021-11-16}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2021/11/attackers-use-domain-fronting-technique.html}, language = {English}, urldate = {2021-11-17} } Attackers use domain fronting technique to target Myanmar with Cobalt Strike
Cobalt Strike
2021-11-10Cisco TalosJungsoo An, Asheer Malhotra, Kendall McKay
@online{an:20211110:north:feab945, author = {Jungsoo An and Asheer Malhotra and Kendall McKay}, title = {{North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets}}, date = {2021-11-10}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/11/kimsuky-abuses-blogs-delivers-malware.html}, language = {English}, urldate = {2021-11-17} } North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets
GoldDragon
2021-10-19Cisco TalosAsheer Malhotra
@online{malhotra:20211019:malicious:6889662, author = {Asheer Malhotra}, title = {{Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India}}, date = {2021-10-19}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html}, language = {English}, urldate = {2021-11-02} } Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India
DCRat Quasar RAT
2021-09-23TalosAsheer Malhotra, Vanja Svajcer, Justin Thattil
@online{malhotra:20210923:operation:056c76c, author = {Asheer Malhotra and Vanja Svajcer and Justin Thattil}, title = {{Operation “Armor Piercer:” Targeted attacks in the Indian subcontinent using commercial RATs}}, date = {2021-09-23}, organization = {Talos}, url = {https://blog.talosintelligence.com/2021/09/operation-armor-piercer.html}, language = {English}, urldate = {2021-10-05} } Operation “Armor Piercer:” Targeted attacks in the Indian subcontinent using commercial RATs
Ave Maria NetWire RC
2021-08-19TalosAsheer Malhotra, Vitor Ventura, Vanja Svajcer
@online{malhotra:20210819:malicious:e04d4c9, author = {Asheer Malhotra and Vitor Ventura and Vanja Svajcer}, title = {{Malicious Campaign Targets Latin America: The seller, The operator and a curious link}}, date = {2021-08-19}, organization = {Talos}, url = {https://blog.talosintelligence.com/2021/08/rat-campaign-targets-latin-america.html}, language = {English}, urldate = {2021-08-30} } Malicious Campaign Targets Latin America: The seller, The operator and a curious link
AsyncRAT NjRAT
2021-07-07TalosAsheer Malhotra, Justin Thattil
@online{malhotra:20210707:insidecopy:ac5b778, author = {Asheer Malhotra and Justin Thattil}, title = {{InSideCopy: How this APT continues to evolve its arsenal (Network IOCs)}}, date = {2021-07-07}, organization = {Talos}, url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/594/original/Network_IOCs_list_for_coverage.txt?1625657479}, language = {English}, urldate = {2021-07-09} } InSideCopy: How this APT continues to evolve its arsenal (Network IOCs)
AllaKore Lilith NjRAT
2021-07-07TalosAsheer Malhotra, Justin Thattil
@techreport{malhotra:20210707:insidecopy:107d438, author = {Asheer Malhotra and Justin Thattil}, title = {{InSideCopy: How this APT continues to evolve its arsenal}}, date = {2021-07-07}, institution = {Talos}, url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/591/original/062521_SideCopy_%281%29.pdf}, language = {English}, urldate = {2021-07-09} } InSideCopy: How this APT continues to evolve its arsenal
AllaKore Lilith NjRAT
2021-07-07TalosAsheer Malhotra, Justin Thattil
@online{malhotra:20210707:insidecopy:e6b25bb, author = {Asheer Malhotra and Justin Thattil}, title = {{InSideCopy: How this APT continues to evolve its arsenal (IOCs)}}, date = {2021-07-07}, organization = {Talos}, url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/592/original/Hashes_IOCs_for_coverage.txt}, language = {English}, urldate = {2021-07-09} } InSideCopy: How this APT continues to evolve its arsenal (IOCs)
AllaKore Lilith NjRAT
2021-07-07Talos IntelligenceAsheer Malhotra, Justin Thattil
@online{malhotra:20210707:insidecopy:eca169d, author = {Asheer Malhotra and Justin Thattil}, title = {{InSideCopy: How this APT continues to evolve its arsenal}}, date = {2021-07-07}, organization = {Talos Intelligence}, url = {https://blog.talosintelligence.com/2021/07/sidecopy.html}, language = {English}, urldate = {2021-07-08} } InSideCopy: How this APT continues to evolve its arsenal
AllaKore NjRAT SideCopy
2021-05-13TalosAsheer Malhotra, Justin Thattil, Kendall McKay
@online{malhotra:20210513:transparent:9993964, author = {Asheer Malhotra and Justin Thattil and Kendall McKay}, title = {{Transparent Tribe APT expands its Windows malware arsenal}}, date = {2021-05-13}, organization = {Talos}, url = {https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html}, language = {English}, urldate = {2021-05-13} } Transparent Tribe APT expands its Windows malware arsenal
Crimson RAT Oblique RAT
2021-03-02Cisco TalosAsheer Malhotra
@online{malhotra:20210302:obliquerat:f7504fa, author = {Asheer Malhotra}, title = {{ObliqueRAT returns with new campaign using hijacked websites}}, date = {2021-03-02}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/02/obliquerat-new-campaign.html}, language = {English}, urldate = {2021-03-04} } ObliqueRAT returns with new campaign using hijacked websites
Oblique RAT
2020-11-12TalosAsheer Malhotra
@online{malhotra:20201112:crat:1761f4e, author = {Asheer Malhotra}, title = {{CRAT wants to plunder your endpoints}}, date = {2020-11-12}, organization = {Talos}, url = {https://blog.talosintelligence.com/2020/11/crat-and-plugins.html}, language = {English}, urldate = {2020-11-18} } CRAT wants to plunder your endpoints
CRAT
2020-06-22Talos IntelligenceAsheer Malhotra
@online{malhotra:20200622:indigodrop:6d5e7e1, author = {Asheer Malhotra}, title = {{IndigoDrop spreads via military-themed lures to deliver Cobalt Strike}}, date = {2020-06-22}, organization = {Talos Intelligence}, url = {https://blog.talosintelligence.com/2020/06/indigodrop-maldocs-cobalt-strike.html}, language = {English}, urldate = {2020-06-24} } IndigoDrop spreads via military-themed lures to deliver Cobalt Strike
Cobalt Strike IndigoDrop
2020-02-20Cisco TalosAsheer Malhotra
@online{malhotra:20200220:obliquerat:588aa08, author = {Asheer Malhotra}, title = {{ObliqueRAT: New RAT hits victims' endpoints via malicious documents}}, date = {2020-02-20}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/02/obliquerat-hits-victims-via-maldocs.html}, language = {English}, urldate = {2020-02-25} } ObliqueRAT: New RAT hits victims' endpoints via malicious documents
Oblique RAT
2018-12-12McAfeeRyan Sherstobitoff, Asheer Malhotra
@online{sherstobitoff:20181212:operation:df0b2d2, author = {Ryan Sherstobitoff and Asheer Malhotra}, title = {{‘Operation Sharpshooter’ Targets Global Defense, Critical Infrastructure}}, date = {2018-12-12}, organization = {McAfee}, url = {https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/operation-sharpshooter-targets-global-defense-critical-infrastructure/}, language = {English}, urldate = {2020-01-13} } ‘Operation Sharpshooter’ Targets Global Defense, Critical Infrastructure
Rising Sun Lazarus Group Operation Sharpshooter
2018-12-12McAfeeRyan Sherstobitoff, Asheer Malhotra
@techreport{sherstobitoff:20181212:operation:f8b490f, author = {Ryan Sherstobitoff and Asheer Malhotra}, title = {{Operation Sharpshooter: Campaign Targets Global Defense, Critical Infrastructure}}, date = {2018-12-12}, institution = {McAfee}, url = {https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-sharpshooter.pdf}, language = {English}, urldate = {2019-12-18} } Operation Sharpshooter: Campaign Targets Global Defense, Critical Infrastructure
Rising Sun
2018-10-18McAfeeRyan Sherstobitoff, Asheer Malhotra
@techreport{sherstobitoff:20181018:operation:f7a178c, author = {Ryan Sherstobitoff and Asheer Malhotra}, title = {{‘Operation Oceansalt’ Attacks South Korea, U.S., and Canada With Source Code From Chinese Hacker Group}}, date = {2018-10-18}, institution = {McAfee}, url = {https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-oceansalt.pdf}, language = {English}, urldate = {2020-01-07} } ‘Operation Oceansalt’ Attacks South Korea, U.S., and Canada With Source Code From Chinese Hacker Group
Oceansalt Comment Crew
2018-04-24McAfeeRyan Sherstobitoff, Asheer Malhotra
@online{sherstobitoff:20180424:analyzing:9aac21f, author = {Ryan Sherstobitoff and Asheer Malhotra}, title = {{Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide}}, date = {2018-04-24}, organization = {McAfee}, url = {https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/}, language = {English}, urldate = {2020-01-10} } Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide
Lazarus Group
2018-03-08McAfeeRyan Sherstobitoff, Asheer Malhotra, Charles Crawford, Jessica Saavedra-Morales
@online{sherstobitoff:20180308:hidden:c1459ef, author = {Ryan Sherstobitoff and Asheer Malhotra and Charles Crawford and Jessica Saavedra-Morales}, title = {{Hidden Cobra Targets Turkish Financial Sector With New Bankshot Implant}}, date = {2018-03-08}, organization = {McAfee}, url = {https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/hidden-cobra-targets-turkish-financial-sector-new-bankshot-implant/}, language = {English}, urldate = {2019-10-14} } Hidden Cobra Targets Turkish Financial Sector With New Bankshot Implant
Lazarus Group
2018-03-02McAfeeRyan Sherstobitoff, Jessica Saavedra-Morales, Thomas Roccia, Asheer Malhotra
@online{sherstobitoff:20180302:mcafee:979740e, author = {Ryan Sherstobitoff and Jessica Saavedra-Morales and Thomas Roccia and Asheer Malhotra}, title = {{McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups}}, date = {2018-03-02}, organization = {McAfee}, url = {https://securingtomorrow.mcafee.com/mcafee-labs/mcafee-uncovers-operation-honeybee-malicious-document-campaign-targeting-humanitarian-aid-groups/}, language = {English}, urldate = {2019-07-09} } McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups
Syscon