Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-09-07Cisco TalosJung soo An, Asheer Malhotra, Vitor Ventura
@online{an:20220907:magicrat:efb6a3d, author = {Jung soo An and Asheer Malhotra and Vitor Ventura}, title = {{MagicRAT: Lazarus’ latest gateway into victim networks}}, date = {2022-09-07}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/09/lazarus-magicrat.html}, language = {English}, urldate = {2022-09-16} } MagicRAT: Lazarus’ latest gateway into victim networks
MagicRAT Tiger RAT
2022-08-30CiscoVanja Svajcer
@online{svajcer:20220830:modernloader:5b62dce, author = {Vanja Svajcer}, title = {{ModernLoader delivers multiple stealers, cryptominers and RATs}}, date = {2022-08-30}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2022/08/modernloader-delivers-multiple-stealers.html}, language = {English}, urldate = {2022-08-31} } ModernLoader delivers multiple stealers, cryptominers and RATs
Coinminer DCRat ModernLoader RedLine Stealer SapphireMiner SystemBC
2022-08-10CiscoNick Biasini
@online{biasini:20220810:cisco:81eec81, author = {Nick Biasini}, title = {{Cisco Talos shares insights related to recent cyber attack on Cisco}}, date = {2022-08-10}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html}, language = {English}, urldate = {2022-08-11} } Cisco Talos shares insights related to recent cyber attack on Cisco
Yanluowang
2022-08-09CiscoOnur Mustafa Erdogan
@online{erdogan:20220809:raspberry:3652ff7, author = {Onur Mustafa Erdogan}, title = {{Raspberry Robin: Highly Evasive Worm Spreads over External Disks}}, date = {2022-08-09}, organization = {Cisco}, url = {https://blogs.cisco.com/security/raspberry-robin-highly-evasive-worm-spreads-over-external-disks}, language = {English}, urldate = {2022-08-22} } Raspberry Robin: Highly Evasive Worm Spreads over External Disks
Raspberry Robin
2022-08-02Cisco TalosAsheer Malhotra, Vitor Ventura
@online{malhotra:20220802:manjusaka:706c14a, author = {Asheer Malhotra and Vitor Ventura}, title = {{Manjusaka: A Chinese sibling of Sliver and Cobalt Strike}}, date = {2022-08-02}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html}, language = {English}, urldate = {2022-08-02} } Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
Manjusaka Cobalt Strike Manjusaka
2022-07-13CiscoNick Biasini
@online{biasini:20220713:transparent:b83f9dd, author = {Nick Biasini}, title = {{Transparent Tribe begins targeting education sector in latest campaign}}, date = {2022-07-13}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2022/07/transparent-tribe-targets-education.html}, language = {English}, urldate = {2022-07-15} } Transparent Tribe begins targeting education sector in latest campaign
Crimson RAT Oblique RAT
2022-06-21Cisco TalosFlavio Costa, Chris Neal, Guilherme Venere
@online{costa:20220621:avos:b60a2ad, author = {Flavio Costa and Chris Neal and Guilherme Venere}, title = {{Avos ransomware group expands with new attack arsenal}}, date = {2022-06-21}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/06/avoslocker-new-arsenal.html}, language = {English}, urldate = {2022-06-22} } Avos ransomware group expands with new attack arsenal
AvosLocker Cobalt Strike DarkComet MimiKatz
2022-05-18Cisco TalosHolger Unterbrink
@online{unterbrink:20220518:blackbyte:00c8696, author = {Holger Unterbrink}, title = {{The BlackByte ransomware group is striking users all over the globe}}, date = {2022-05-18}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/05/the-blackbyte-ransomware-group-is.html}, language = {English}, urldate = {2022-05-25} } The BlackByte ransomware group is striking users all over the globe
BlackByte
2022-05-12CiscoOnur Mustafa Erdogan, María José Erquiaga
@online{erdogan:20220512:network:3befbe5, author = {Onur Mustafa Erdogan and María José Erquiaga}, title = {{Network Footprints of Gamaredon Group}}, date = {2022-05-12}, organization = {Cisco}, url = {https://blogs.cisco.com/security/network-footprints-of-gamaredon-group}, language = {English}, urldate = {2022-05-17} } Network Footprints of Gamaredon Group
Pteranodon
2022-05-11Cisco TalosCisco Talos
@online{talos:20220511:bitter:c463e99, author = {Cisco Talos}, title = {{Bitter APT adds Bangladesh to their targets}}, date = {2022-05-11}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/05/bitter-apt-adds-bangladesh-to-their.html}, language = {English}, urldate = {2022-05-13} } Bitter APT adds Bangladesh to their targets
AndroRAT Artra Downloader Bitter RAT ZxxZ
2022-05-05Cisco TalosJung soo An, Asheer Malhotra, Justin Thattil, Aliza Berk, Kendall McKay
@online{an:20220505:mustang:cbc06e9, author = {Jung soo An and Asheer Malhotra and Justin Thattil and Aliza Berk and Kendall McKay}, title = {{Mustang Panda deploys a new wave of malware targeting Europe}}, date = {2022-05-05}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/05/mustang-panda-targets-europe.html}, language = {English}, urldate = {2022-05-05} } Mustang Panda deploys a new wave of malware targeting Europe
Cobalt Strike Meterpreter PlugX
2022-05-03CiscoKendall McKay, Paul Eubanks., JAIME FILSON
@online{mckay:20220503:conti:c764c61, author = {Kendall McKay and Paul Eubanks. and JAIME FILSON}, title = {{Conti and Hive ransomware operations: Leveraging victim chats for insights}}, date = {2022-05-03}, organization = {Cisco}, url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/787/original/ransomware-chats.pdf?1651576098}, language = {English}, urldate = {2022-05-04} } Conti and Hive ransomware operations: Leveraging victim chats for insights
Conti Hive
2022-05-02Cisco TalosKendall McKay, Paul Eubanks, JAIME FILSON
@techreport{mckay:20220502:conti:330e34b, author = {Kendall McKay and Paul Eubanks and JAIME FILSON}, title = {{Conti and Hive ransomware operations: Leveraging victim chats for insights}}, date = {2022-05-02}, institution = {Cisco Talos}, url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/787/original/ransomware-chats.pdf}, language = {English}, urldate = {2022-05-04} } Conti and Hive ransomware operations: Leveraging victim chats for insights
Cobalt Strike Conti Hive
2022-04-14Cisco TalosEdmund Brumaghin, Vanja Svajcer, Michael Chen
@online{brumaghin:20220414:threat:45dba55, author = {Edmund Brumaghin and Vanja Svajcer and Michael Chen}, title = {{Threat Spotlight: "Haskers Gang" Introduces New ZingoStealer}}, date = {2022-04-14}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/04/haskers-gang-zingostealer.html}, language = {English}, urldate = {2022-04-15} } Threat Spotlight: "Haskers Gang" Introduces New ZingoStealer
RedLine Stealer
2022-04-05Cisco TalosEdmund Brumaghin, Alex Karkins
@online{brumaghin:20220405:threat:da8955e, author = {Edmund Brumaghin and Alex Karkins}, title = {{Threat Spotlight: AsyncRAT campaigns feature new version of 3LOSH crypter}}, date = {2022-04-05}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/04/asyncrat-3losh-update.html}, language = {English}, urldate = {2022-04-07} } Threat Spotlight: AsyncRAT campaigns feature new version of 3LOSH crypter
AsyncRAT LimeRAT
2022-03-29Cisco TalosAsheer Malhotra, Justin Thattil, Kendall McKay
@online{malhotra:20220329:transparent:dcf66a7, author = {Asheer Malhotra and Justin Thattil and Kendall McKay}, title = {{Transparent Tribe campaign uses new bespoke malware to target Indian government officials}}, date = {2022-03-29}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html?m=1}, language = {English}, urldate = {2022-03-30} } Transparent Tribe campaign uses new bespoke malware to target Indian government officials
Crimson RAT
2022-03-28CiscoMaría José Erquiaga, Onur Erdogan, Adela Jezkova
@online{erquiaga:20220328:emotet:d36774a, author = {María José Erquiaga and Onur Erdogan and Adela Jezkova}, title = {{Emotet is Back}}, date = {2022-03-28}, organization = {Cisco}, url = {https://blogs.cisco.com/security/emotet-is-back}, language = {English}, urldate = {2022-03-30} } Emotet is Back
Emotet
2022-03-24Cisco TalosCisco Talos
@online{talos:20220324:threat:c58db48, author = {Cisco Talos}, title = {{Threat Advisory: DoubleZero}}, date = {2022-03-24}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/03/threat-advisory-doublezero.html}, language = {English}, urldate = {2022-05-04} } Threat Advisory: DoubleZero
DoubleZero
2022-03-17CiscoTiago Pereira, Caitlin Huey
@online{pereira:20220317:from:592c847, author = {Tiago Pereira and Caitlin Huey}, title = {{From BlackMatter to BlackCat: Analyzing two attacks from one affiliate}}, date = {2022-03-17}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2022/03/from-blackmatter-to-blackcat-analyzing.html}, language = {English}, urldate = {2022-03-18} } From BlackMatter to BlackCat: Analyzing two attacks from one affiliate
BlackCat BlackMatter BlackCat BlackMatter
2022-03-16CiscoYuri Kramarz
@online{kramarz:20220316:preparing:18d6601, author = {Yuri Kramarz}, title = {{Preparing for denial-of-service attacks with Talos Incident Response}}, date = {2022-03-16}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2022/03/preparing-for-denial-of-service-attacks.html}, language = {English}, urldate = {2022-03-18} } Preparing for denial-of-service attacks with Talos Incident Response