Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-11-17Cisco TalosNikhil Hegde
@online{hegde:20201117:nibiru:7a0faf4, author = {Nikhil Hegde}, title = {{Nibiru ransomware variant decryptor}}, date = {2020-11-17}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/11/Nibiru-ransomware.html}, language = {English}, urldate = {2020-11-19} } Nibiru ransomware variant decryptor
Nibiru
2020-10-29Cisco TalosWarren Mercer, Paul Rascagnères, Vitor Ventura
@online{mercer:20201029:donots:850f31b, author = {Warren Mercer and Paul Rascagnères and Vitor Ventura}, title = {{DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread}}, date = {2020-10-29}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/10/donot-firestarter.html}, language = {English}, urldate = {2020-10-29} } DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread
Unidentified APK 005
2020-09-29Cisco TalosChris Neal
@online{neal:20200929:lodarat:d1cf82f, author = {Chris Neal}, title = {{LodaRAT Update: Alive and Well}}, date = {2020-09-29}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/09/lodarat-update-alive-and-well.html}, language = {English}, urldate = {2020-10-04} } LodaRAT Update: Alive and Well
Loda
2020-09-21Cisco TalosNick Mavis, Joe Marshall, JON MUNSHAW
@techreport{mavis:20200921:art:d9702a4, author = {Nick Mavis and Joe Marshall and JON MUNSHAW}, title = {{The art and science of detecting Cobalt Strike}}, date = {2020-09-21}, institution = {Cisco Talos}, url = {https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf}, language = {English}, urldate = {2020-09-23} } The art and science of detecting Cobalt Strike
Cobalt Strike
2020-09-02Cisco TalosHolger Unterbrink, Edmund Brumaghin
@online{unterbrink:20200902:salfram:74ae3c9, author = {Holger Unterbrink and Edmund Brumaghin}, title = {{Salfram: Robbing the place without removing your name tag}}, date = {2020-09-02}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/09/salfram-robbing-place-without-removing.html}, language = {English}, urldate = {2020-09-03} } Salfram: Robbing the place without removing your name tag
Ave Maria ISFB SmokeLoader Zloader
2020-09-01Cisco TalosDavid Liebenberg, Caitlin Huey
@online{liebenberg:20200901:quarterly:c02962b, author = {David Liebenberg and Caitlin Huey}, title = {{Quarterly Report: Incident Response trends in Summer 2020}}, date = {2020-09-01}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/09/CTIR-quarterly-trends-Q4-2020.html}, language = {English}, urldate = {2020-09-03} } Quarterly Report: Incident Response trends in Summer 2020
Cobalt Strike LockBit Mailto Maze Ryuk
2020-07-06Cisco TalosBen Baker, Edmund Brumaghin, JJ Cummings, Arnaud Zobec
@online{baker:20200706:wastedlocker:f33e129, author = {Ben Baker and Edmund Brumaghin and JJ Cummings and Arnaud Zobec}, title = {{WastedLocker Goes "Big-Game Hunting" in 2020}}, date = {2020-07-06}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/07/wastedlocker-emerges.html}, language = {English}, urldate = {2020-07-07} } WastedLocker Goes "Big-Game Hunting" in 2020
WastedLocker
2020-07-01Cisco TalosNick Biasini, Edmund Brumaghin, Mariano Graziano
@online{biasini:20200701:threat:a726b7e, author = {Nick Biasini and Edmund Brumaghin and Mariano Graziano}, title = {{Threat Spotlight: Valak Slithers Its Way Into Manufacturing and Transportation Networks}}, date = {2020-07-01}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/07/valak-emerges.html}, language = {English}, urldate = {2020-08-18} } Threat Spotlight: Valak Slithers Its Way Into Manufacturing and Transportation Networks
Valak IcedID ISFB MyKings Spreader
2020-06-29Cisco TalosWarren Mercer, Paul Rascagnères, Vitor Ventura
@online{mercer:20200629:promethium:e80cd47, author = {Warren Mercer and Paul Rascagnères and Vitor Ventura}, title = {{PROMETHIUM extends global reach with StrongPity3 APT}}, date = {2020-06-29}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/06/promethium-extends-with-strongpity3.html}, language = {English}, urldate = {2020-06-30} } PROMETHIUM extends global reach with StrongPity3 APT
StrongPity
2020-06-15Cisco TalosDavid Liebenberg, Caitlin Huey
@online{liebenberg:20200615:quarterly:c2dcd77, author = {David Liebenberg and Caitlin Huey}, title = {{Quarterly report: Incident Response trends in Summer 2020}}, date = {2020-06-15}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/06/CTIR-trends-q3-2020.html#more}, language = {English}, urldate = {2020-06-19} } Quarterly report: Incident Response trends in Summer 2020
Ryuk
2020-05-19Cisco TalosWarren Mercer, Paul Rascagnères, Vitor Ventura
@online{mercer:20200519:wolf:8e65365, author = {Warren Mercer and Paul Rascagnères and Vitor Ventura}, title = {{The wolf is back...}}, date = {2020-05-19}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html}, language = {English}, urldate = {2020-05-20} } The wolf is back...
WolfRAT
2020-05-11Cisco TalosNick Biasini, Edmund Brumaghin, Nick Lister
@online{biasini:20200511:astaroth:f325070, author = {Nick Biasini and Edmund Brumaghin and Nick Lister}, title = {{Astaroth - Maze of obfuscation and evasion reveals dark stealer}}, date = {2020-05-11}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/05/astaroth-analysis.html}, language = {English}, urldate = {2020-05-11} } Astaroth - Maze of obfuscation and evasion reveals dark stealer
Astaroth
2020-04-23Cisco TalosEdmund Brumaghin, Amit Raut
@online{brumaghin:20200423:threat:4f7f840, author = {Edmund Brumaghin and Amit Raut}, title = {{Threat Spotlight: MedusaLocker}}, date = {2020-04-23}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/04/medusalocker.html}, language = {English}, urldate = {2020-04-26} } Threat Spotlight: MedusaLocker
MedusaLocker
2020-04-16Cisco TalosWarren Mercer, Paul Rascagnères, Vitor Ventura
@online{mercer:20200416:poetrat:ab5659a, author = {Warren Mercer and Paul Rascagnères and Vitor Ventura}, title = {{PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors}}, date = {2020-04-16}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/04/poetrat-covid-19-lures.html}, language = {English}, urldate = {2020-05-05} } PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors
Poet RAT
2020-04-02Cisco TalosVanja Svajcer
@online{svajcer:20200402:azorult:97b15f2, author = {Vanja Svajcer}, title = {{AZORult brings friends to the party}}, date = {2020-04-02}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/04/azorult-brings-friends-to-party.html}, language = {English}, urldate = {2020-04-07} } AZORult brings friends to the party
Azorult Remcos
2020-03-31Cisco TalosChris Neal
@online{neal:20200331:trickbot:dcf5314, author = {Chris Neal}, title = {{Trickbot: A primer}}, date = {2020-03-31}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/03/trickbot-primer.html}, language = {English}, urldate = {2020-04-01} } Trickbot: A primer
TrickBot
2020-03-05Cisco TalosWarren Mercer, Paul Rascagnères, Vitor Ventura
@online{mercer:20200305:bisonal:7885944, author = {Warren Mercer and Paul Rascagnères and Vitor Ventura}, title = {{Bisonal: 10 years of play}}, date = {2020-03-05}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/03/bisonal-10-years-of-play.html}, language = {English}, urldate = {2020-03-05} } Bisonal: 10 years of play
Korlia
2020-02-20Cisco TalosAsheer Malhotra
@online{malhotra:20200220:obliquerat:588aa08, author = {Asheer Malhotra}, title = {{ObliqueRAT: New RAT hits victims' endpoints via malicious documents}}, date = {2020-02-20}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/02/obliquerat-hits-victims-via-maldocs.html}, language = {English}, urldate = {2020-02-25} } ObliqueRAT: New RAT hits victims' endpoints via malicious documents
Oblique RAT
2020-02-18Cisco TalosVanja Svajcer
@online{svajcer:20200218:building:0a80664, author = {Vanja Svajcer}, title = {{Building a bypass with MSBuild}}, date = {2020-02-18}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/02/building-bypass-with-msbuild.html}, language = {English}, urldate = {2020-02-20} } Building a bypass with MSBuild
Cobalt Strike GRUNT MimiKatz
2020-02-12Cisco TalosChris Neal
@online{neal:20200212:loda:3334939, author = {Chris Neal}, title = {{Loda RAT Grows Up}}, date = {2020-02-12}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/02/loda-rat-grows-up.html}, language = {English}, urldate = {2020-02-13} } Loda RAT Grows Up
Loda