Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-08-17LumenBlack Lotus Labs
@online{labs:20230817:no:8cc16d8, author = {Black Lotus Labs}, title = {{No Rest For The Wicked: HiatusRAT Takes Little Time Off In A Return To Action}}, date = {2023-08-17}, organization = {Lumen}, url = {https://blog.lumen.com/hiatusrat-takes-little-time-off-in-a-return-to-action/}, language = {English}, urldate = {2023-08-21} } No Rest For The Wicked: HiatusRAT Takes Little Time Off In A Return To Action
HiatusRAT
2023-07-27X (@BlackLotusLabs)Black Lotus Labs
@online{labs:20230727:update:67b9dd6, author = {Black Lotus Labs}, title = {{Tweet on update on AVrecon bot's migration to new infrastructure}}, date = {2023-07-27}, organization = {X (@BlackLotusLabs)}, url = {https://twitter.com/BlackLotusLabs/status/1684290046235484160}, language = {English}, urldate = {2023-07-31} } Tweet on update on AVrecon bot's migration to new infrastructure
AVrecon
2023-07-12LumenBlack Lotus Labs
@online{labs:20230712:routers:e2ed598, author = {Black Lotus Labs}, title = {{Routers From The Underground: Exposing AVrecon}}, date = {2023-07-12}, organization = {Lumen}, url = {https://blog.lumen.com/routers-from-the-underground-exposing-avrecon/}, language = {English}, urldate = {2023-07-21} } Routers From The Underground: Exposing AVrecon
AVrecon
2023-06-01LumenBlack Lotus Labs
@online{labs:20230601:qakbot:5dbdbb8, author = {Black Lotus Labs}, title = {{Qakbot: Retool, Reinfect, Recycle}}, date = {2023-06-01}, organization = {Lumen}, url = {https://blog.lumen.com/qakbot-retool-reinfect-recycle/}, language = {English}, urldate = {2023-06-02} } Qakbot: Retool, Reinfect, Recycle
QakBot
2023-03-06LumenBlack Lotus Labs
@online{labs:20230306:new:5e68769, author = {Black Lotus Labs}, title = {{New HiatusRAT Router Malware Covertly Spies On Victims}}, date = {2023-03-06}, organization = {Lumen}, url = {https://blog.lumen.com/new-hiatusrat-router-malware-covertly-spies-on-victims/}, language = {English}, urldate = {2023-03-13} } New HiatusRAT Router Malware Covertly Spies On Victims
HiatusRAT
2022-09-28LumenBlack Lotus Labs
@online{labs:20220928:chaos:9918c3d, author = {Black Lotus Labs}, title = {{Chaos Is A Go-Based Swiss Army Knife Of Malware}}, date = {2022-09-28}, organization = {Lumen}, url = {https://blog.lumen.com/chaos-is-a-go-based-swiss-army-knife-of-malware/}, language = {English}, urldate = {2022-09-30} } Chaos Is A Go-Based Swiss Army Knife Of Malware
Chaos Kaiji
2022-09-27Github (blacklotuslabs)Black Lotus Labs
@online{labs:20220927:chaos:1389681, author = {Black Lotus Labs}, title = {{Chaos Is A Go-Based Swiss Army Knife Of Malware (IOCs)}}, date = {2022-09-27}, organization = {Github (blacklotuslabs)}, url = {https://github.com/blacklotuslabs/IOCs/blob/main/Chaos_IoCs.txt}, language = {English}, urldate = {2022-09-30} } Chaos Is A Go-Based Swiss Army Knife Of Malware (IOCs)
2022-06-28LumenBlack Lotus Labs
@online{labs:20220628:zuorat:f60583e, author = {Black Lotus Labs}, title = {{ZuoRAT Hijacks SOHO Routers To Silently Stalk Networks}}, date = {2022-06-28}, organization = {Lumen}, url = {https://blog.lumen.com/zuorat-hijacks-soho-routers-to-silently-stalk-networks/}, language = {English}, urldate = {2022-06-30} } ZuoRAT Hijacks SOHO Routers To Silently Stalk Networks
ZuoRAT Cobalt Strike
2022-03-08LumenBlack Lotus Labs
@online{labs:20220308:what:c99735b, author = {Black Lotus Labs}, title = {{What Global Network Visibility Reveals about the Resurgence of One of the World’s Most Notorious Botnets}}, date = {2022-03-08}, organization = {Lumen}, url = {https://blog.lumen.com/emotet-redux/}, language = {English}, urldate = {2022-03-10} } What Global Network Visibility Reveals about the Resurgence of One of the World’s Most Notorious Botnets
Emotet
2021-09-16LumenBlack Lotus Labs
@online{labs:20210916:no:7a40fbb, author = {Black Lotus Labs}, title = {{No Longer Just Theory: Black Lotus Labs Uncovers Linux Executables Deployed as Stealth Windows Loaders}}, date = {2021-09-16}, organization = {Lumen}, url = {https://blog.lumen.com/no-longer-just-theory-black-lotus-labs-uncovers-linux-executables-deployed-as-stealth-windows-loaders/}, language = {English}, urldate = {2022-01-25} } No Longer Just Theory: Black Lotus Labs Uncovers Linux Executables Deployed as Stealth Windows Loaders
PrivetSanya Meterpreter
2021-08-11LumenBlack Lotus Labs
@online{labs:20210811:reverserat:f7b36de, author = {Black Lotus Labs}, title = {{ReverseRat Reemerges With A (Night)Fury New Campaign And New Developments, Same Familiar Side-Actor}}, date = {2021-08-11}, organization = {Lumen}, url = {https://blog.lumen.com/reverserat-reemerges-with-a-nightfury-new-campaign-and-new-developments-same-familiar-side-actor/}, language = {English}, urldate = {2022-01-25} } ReverseRat Reemerges With A (Night)Fury New Campaign And New Developments, Same Familiar Side-Actor
ReverseRAT
2021-06-22LumenBlack Lotus Labs
@online{labs:20210622:suspected:b50b23e, author = {Black Lotus Labs}, title = {{Suspected Pakistani Actor Compromises Indian Power Company with New ReverseRat}}, date = {2021-06-22}, organization = {Lumen}, url = {https://blog.lumen.com/suspected-pakistani-actor-compromises-indian-power-company-with-new-reverserat/}, language = {English}, urldate = {2021-12-15} } Suspected Pakistani Actor Compromises Indian Power Company with New ReverseRat
ReverseRAT
2020-11-20DomainToolsJoe Slowik, Black Lotus Labs, Lumen
@online{slowik:20201120:current:f9956c6, author = {Joe Slowik and Black Lotus Labs and Lumen}, title = {{Current Events to Widespread Campaigns: Pivoting from Samples to Identify Activity}}, date = {2020-11-20}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/current-events-to-widespread-campaigns-pivoting-from-samples-to-identify}, language = {English}, urldate = {2020-11-23} } Current Events to Widespread Campaigns: Pivoting from Samples to Identify Activity
2020-10-12LumenBlack Lotus Labs
@online{labs:20201012:look:7b422f7, author = {Black Lotus Labs}, title = {{A Look Inside The TrickBot Botnet}}, date = {2020-10-12}, organization = {Lumen}, url = {https://blog.lumen.com/a-look-inside-the-trickbot-botnet/}, language = {English}, urldate = {2020-10-12} } A Look Inside The TrickBot Botnet
TrickBot
2020-07-01CenturylinkBlack Lotus Labs
@online{labs:20200701:alina:1c5d0e8, author = {Black Lotus Labs}, title = {{Alina Point of Sale Malware Still Lurking in DNS}}, date = {2020-07-01}, organization = {Centurylink}, url = {https://blog.centurylink.com/alina-point-of-sale-malware-still-lurking-in-dns/}, language = {English}, urldate = {2020-07-06} } Alina Point of Sale Malware Still Lurking in DNS
Alina POS
2020-04-13CenturylinkBlack Lotus Labs
@online{labs:20200413:new:f16a8b5, author = {Black Lotus Labs}, title = {{New Mozi Malware Family Quietly Amasses IoT Bots}}, date = {2020-04-13}, organization = {Centurylink}, url = {https://blog.centurylink.com/new-mozi-malware-family-quietly-amasses-iot-bots/}, language = {English}, urldate = {2020-04-26} } New Mozi Malware Family Quietly Amasses IoT Bots
Mozi
2018-11-15CenturylinkLabsBlack Lotus Labs
@online{labs:20181115:mylobot:4f8ccb3, author = {LabsBlack Lotus Labs}, title = {{Mylobot Continues Global Infections}}, date = {2018-11-15}, organization = {Centurylink}, url = {https://blog.centurylink.com/mylobot-continues-global-infections/}, language = {English}, urldate = {2019-12-24} } Mylobot Continues Global Infections
MyloBot