Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-06-21Cisco TalosFlavio Costa, Chris Neal, Guilherme Venere
@online{costa:20220621:avos:b60a2ad, author = {Flavio Costa and Chris Neal and Guilherme Venere}, title = {{Avos ransomware group expands with new attack arsenal}}, date = {2022-06-21}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/06/avoslocker-new-arsenal.html}, language = {English}, urldate = {2022-06-22} } Avos ransomware group expands with new attack arsenal
AvosLocker Cobalt Strike DarkComet MimiKatz
2022-05-18Cisco TalosHolger Unterbrink
@online{unterbrink:20220518:blackbyte:00c8696, author = {Holger Unterbrink}, title = {{The BlackByte ransomware group is striking users all over the globe}}, date = {2022-05-18}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/05/the-blackbyte-ransomware-group-is.html}, language = {English}, urldate = {2022-05-25} } The BlackByte ransomware group is striking users all over the globe
BlackByte
2022-05-11Cisco TalosCisco Talos
@online{talos:20220511:bitter:c463e99, author = {Cisco Talos}, title = {{Bitter APT adds Bangladesh to their targets}}, date = {2022-05-11}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/05/bitter-apt-adds-bangladesh-to-their.html}, language = {English}, urldate = {2022-05-13} } Bitter APT adds Bangladesh to their targets
AndroRAT Artra Downloader Bitter RAT ZxxZ
2022-05-05Cisco TalosJung soo An, Asheer Malhotra, Justin Thattil, Aliza Berk, Kendall McKay
@online{an:20220505:mustang:cbc06e9, author = {Jung soo An and Asheer Malhotra and Justin Thattil and Aliza Berk and Kendall McKay}, title = {{Mustang Panda deploys a new wave of malware targeting Europe}}, date = {2022-05-05}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/05/mustang-panda-targets-europe.html}, language = {English}, urldate = {2022-05-05} } Mustang Panda deploys a new wave of malware targeting Europe
Cobalt Strike Meterpreter PlugX
2022-05-02Cisco TalosKendall McKay, Paul Eubanks, JAIME FILSON
@techreport{mckay:20220502:conti:330e34b, author = {Kendall McKay and Paul Eubanks and JAIME FILSON}, title = {{Conti and Hive ransomware operations: Leveraging victim chats for insights}}, date = {2022-05-02}, institution = {Cisco Talos}, url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/787/original/ransomware-chats.pdf}, language = {English}, urldate = {2022-05-04} } Conti and Hive ransomware operations: Leveraging victim chats for insights
Cobalt Strike Conti Hive
2022-04-14Cisco TalosEdmund Brumaghin, Vanja Svajcer, Michael Chen
@online{brumaghin:20220414:threat:45dba55, author = {Edmund Brumaghin and Vanja Svajcer and Michael Chen}, title = {{Threat Spotlight: "Haskers Gang" Introduces New ZingoStealer}}, date = {2022-04-14}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/04/haskers-gang-zingostealer.html}, language = {English}, urldate = {2022-04-15} } Threat Spotlight: "Haskers Gang" Introduces New ZingoStealer
RedLine Stealer
2022-04-05Cisco TalosEdmund Brumaghin, Alex Karkins
@online{brumaghin:20220405:threat:da8955e, author = {Edmund Brumaghin and Alex Karkins}, title = {{Threat Spotlight: AsyncRAT campaigns feature new version of 3LOSH crypter}}, date = {2022-04-05}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/04/asyncrat-3losh-update.html}, language = {English}, urldate = {2022-04-07} } Threat Spotlight: AsyncRAT campaigns feature new version of 3LOSH crypter
AsyncRAT LimeRAT
2022-03-29Cisco TalosAsheer Malhotra, Justin Thattil, Kendall McKay
@online{malhotra:20220329:transparent:dcf66a7, author = {Asheer Malhotra and Justin Thattil and Kendall McKay}, title = {{Transparent Tribe campaign uses new bespoke malware to target Indian government officials}}, date = {2022-03-29}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html?m=1}, language = {English}, urldate = {2022-03-30} } Transparent Tribe campaign uses new bespoke malware to target Indian government officials
Crimson RAT
2022-03-24Cisco TalosCisco Talos
@online{talos:20220324:threat:c58db48, author = {Cisco Talos}, title = {{Threat Advisory: DoubleZero}}, date = {2022-03-24}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/03/threat-advisory-doublezero.html}, language = {English}, urldate = {2022-05-04} } Threat Advisory: DoubleZero
DoubleZero
2022-03-15CiscoCisco Talos
@online{talos:20220315:threat:67922cf, author = {Cisco Talos}, title = {{Threat Advisory: CaddyWiper}}, date = {2022-03-15}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2022/03/threat-advisory-caddywiper.html}, language = {English}, urldate = {2022-03-18} } Threat Advisory: CaddyWiper
CaddyWiper
2022-03-10Cisco TalosChris Neal
@online{neal:20220310:wednesday:fc375b1, author = {Chris Neal}, title = {{WEDNESDAY, MARCH 9, 2022 Threat advisory: Cybercriminals compromise users with malware disguised as pro-Ukraine cyber tools}}, date = {2022-03-10}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/03/threat-advisory-cybercriminals.html}, language = {English}, urldate = {2022-03-14} } WEDNESDAY, MARCH 9, 2022 Threat advisory: Cybercriminals compromise users with malware disguised as pro-Ukraine cyber tools
2022-02-24Cisco TalosTalos
@online{talos:20220224:threat:cdf8dd3, author = {Talos}, title = {{Threat Advisory: Cyclops Blink}}, date = {2022-02-24}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/02/threat-advisory-cyclops-blink.html}, language = {English}, urldate = {2022-03-01} } Threat Advisory: Cyclops Blink
VPNFilter
2022-02-11Cisco TalosTalos
@online{talos:20220211:threat:fcad762, author = {Talos}, title = {{Threat Roundup for February 4 to February 11}}, date = {2022-02-11}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/02/threat-roundup-0204-0211.html}, language = {English}, urldate = {2022-02-14} } Threat Roundup for February 4 to February 11
DarkComet Ghost RAT Loki Password Stealer (PWS) Tinba Tofsee Zeus
2021-11-10Cisco TalosJungsoo An, Asheer Malhotra, Kendall McKay
@online{an:20211110:north:feab945, author = {Jungsoo An and Asheer Malhotra and Kendall McKay}, title = {{North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets}}, date = {2021-11-10}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/11/kimsuky-abuses-blogs-delivers-malware.html}, language = {English}, urldate = {2021-11-17} } North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets
GoldDragon
2021-11-09Cisco TalosClaudio Bozzato, Lilith Wyatt
@online{bozzato:20211109:cisco:2f6a349, author = {Claudio Bozzato and Lilith Wyatt}, title = {{Cisco Talos finds 10 vulnerabilities in Azure Sphere’s Linux kernel, Security Monitor and Pluton}}, date = {2021-11-09}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/11/cisco-talos-finds-10-vulnerabilities-in.html}, language = {English}, urldate = {2021-11-11} } Cisco Talos finds 10 vulnerabilities in Azure Sphere’s Linux kernel, Security Monitor and Pluton
2021-11-03Cisco TalosChetan Raghuprasad, Vanja Svajcer, Caitlin Huey
@online{raghuprasad:20211103:microsoft:2b6de43, author = {Chetan Raghuprasad and Vanja Svajcer and Caitlin Huey}, title = {{Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk}}, date = {2021-11-03}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/11/babuk-exploits-exchange.html}, language = {English}, urldate = {2021-11-03} } Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk
Babuk CHINACHOPPER
2021-10-26Cisco TalosEdmund Brumaghin, Mariano Graziano, Nick Mavis
@online{brumaghin:20211026:squirrelwaffle:88c5943, author = {Edmund Brumaghin and Mariano Graziano and Nick Mavis}, title = {{SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike}}, date = {2021-10-26}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/10/squirrelwaffle-emerges.html}, language = {English}, urldate = {2021-11-02} } SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike
Cobalt Strike QakBot Squirrelwaffle
2021-10-19Cisco TalosAsheer Malhotra
@online{malhotra:20211019:malicious:6889662, author = {Asheer Malhotra}, title = {{Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India}}, date = {2021-10-19}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html}, language = {English}, urldate = {2021-11-02} } Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India
DCRat Quasar RAT
2021-08-31Cisco TalosEdmund Brumaghin, Vitor Ventura
@online{brumaghin:20210831:attracting:5d141c1, author = {Edmund Brumaghin and Vitor Ventura}, title = {{Attracting flies with Honey(gain): Adversarial abuse of proxyware}}, date = {2021-08-31}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/08/proxyware-abuse.html}, language = {English}, urldate = {2021-09-02} } Attracting flies with Honey(gain): Adversarial abuse of proxyware
2021-08-12Cisco TalosVanja Svajcer
@online{svajcer:20210812:signed:728ea8f, author = {Vanja Svajcer}, title = {{Signed MSI files, Raccoon and Amadey are used for installing ServHelper RAT}}, date = {2021-08-12}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/08/raccoon-and-amadey-install-servhelper.html}, language = {English}, urldate = {2021-08-20} } Signed MSI files, Raccoon and Amadey are used for installing ServHelper RAT
Amadey Raccoon ServHelper