Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-11-10Cisco TalosJungsoo An, Asheer Malhotra, Kendall McKay
@online{an:20211110:north:feab945, author = {Jungsoo An and Asheer Malhotra and Kendall McKay}, title = {{North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets}}, date = {2021-11-10}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/11/kimsuky-abuses-blogs-delivers-malware.html}, language = {English}, urldate = {2021-11-17} } North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets
GoldDragon
2021-11-09Cisco TalosClaudio Bozzato, Lilith Wyatt
@online{bozzato:20211109:cisco:2f6a349, author = {Claudio Bozzato and Lilith Wyatt}, title = {{Cisco Talos finds 10 vulnerabilities in Azure Sphere’s Linux kernel, Security Monitor and Pluton}}, date = {2021-11-09}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/11/cisco-talos-finds-10-vulnerabilities-in.html}, language = {English}, urldate = {2021-11-11} } Cisco Talos finds 10 vulnerabilities in Azure Sphere’s Linux kernel, Security Monitor and Pluton
2021-11-03Cisco TalosChetan Raghuprasad, Vanja Svajcer, Caitlin Huey
@online{raghuprasad:20211103:microsoft:2b6de43, author = {Chetan Raghuprasad and Vanja Svajcer and Caitlin Huey}, title = {{Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk}}, date = {2021-11-03}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/11/babuk-exploits-exchange.html}, language = {English}, urldate = {2021-11-03} } Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk
Babuk CHINACHOPPER
2021-10-26Cisco TalosEdmund Brumaghin, Mariano Graziano, Nick Mavis
@online{brumaghin:20211026:squirrelwaffle:88c5943, author = {Edmund Brumaghin and Mariano Graziano and Nick Mavis}, title = {{SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike}}, date = {2021-10-26}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/10/squirrelwaffle-emerges.html}, language = {English}, urldate = {2021-11-02} } SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike
Cobalt Strike QakBot Squirrelwaffle
2021-10-19Cisco TalosAsheer Malhotra
@online{malhotra:20211019:malicious:6889662, author = {Asheer Malhotra}, title = {{Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India}}, date = {2021-10-19}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html}, language = {English}, urldate = {2021-11-02} } Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India
DCRat Quasar RAT
2021-08-31Cisco TalosEdmund Brumaghin, Vitor Ventura
@online{brumaghin:20210831:attracting:5d141c1, author = {Edmund Brumaghin and Vitor Ventura}, title = {{Attracting flies with Honey(gain): Adversarial abuse of proxyware}}, date = {2021-08-31}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/08/proxyware-abuse.html}, language = {English}, urldate = {2021-09-02} } Attracting flies with Honey(gain): Adversarial abuse of proxyware
2021-08-12Cisco TalosVanja Svajcer
@online{svajcer:20210812:signed:728ea8f, author = {Vanja Svajcer}, title = {{Signed MSI files, Raccoon and Amadey are used for installing ServHelper RAT}}, date = {2021-08-12}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/08/raccoon-and-amadey-install-servhelper.html}, language = {English}, urldate = {2021-08-20} } Signed MSI files, Raccoon and Amadey are used for installing ServHelper RAT
Amadey Raccoon ServHelper
2021-05-26Cisco TalosWarren Mercer, Vitor Ventura
@online{mercer:20210526:elizabethan:40a80e7, author = {Warren Mercer and Vitor Ventura}, title = {{Elizabethan England has nothing on modern-day Russia}}, date = {2021-05-26}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/05/privateer-groups.html}, language = {English}, urldate = {2021-06-16} } Elizabethan England has nothing on modern-day Russia
2021-05-07Cisco TalosCaitlin Huey, Andrew Windsor, Edmund Brumaghin
@online{huey:20210507:lemon:0d46f81, author = {Caitlin Huey and Andrew Windsor and Edmund Brumaghin}, title = {{Lemon Duck spreads its wings: Actors target Microsoft Exchange servers, incorporate new TTPs}}, date = {2021-05-07}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/05/lemon-duck-spreads-wings.html}, language = {English}, urldate = {2021-05-11} } Lemon Duck spreads its wings: Actors target Microsoft Exchange servers, incorporate new TTPs
CHINACHOPPER Cobalt Strike
2021-03-09Cisco TalosCisco Talos
@online{talos:20210309:hafnium:55699b2, author = {Cisco Talos}, title = {{Hafnium Update: Continued Microsoft Exchange Server Exploitation}}, date = {2021-03-09}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/03/hafnium-update.html}, language = {English}, urldate = {2021-03-11} } Hafnium Update: Continued Microsoft Exchange Server Exploitation
2021-03-02Cisco TalosAsheer Malhotra
@online{malhotra:20210302:obliquerat:f7504fa, author = {Asheer Malhotra}, title = {{ObliqueRAT returns with new campaign using hijacked websites}}, date = {2021-03-02}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/02/obliquerat-new-campaign.html}, language = {English}, urldate = {2021-03-04} } ObliqueRAT returns with new campaign using hijacked websites
Oblique RAT
2021-02-17Cisco TalosVanja Svajcer
@online{svajcer:20210217:masslogger:cd9e6fb, author = {Vanja Svajcer}, title = {{Masslogger campaigns exfiltrates user credentials}}, date = {2021-02-17}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/02/masslogger-cred-exfil.html}, language = {English}, urldate = {2021-02-20} } Masslogger campaigns exfiltrates user credentials
MASS Logger
2021-01-04Cisco TalosAzim Khodjibaev, Dmytro Korzhevin, Kendall McKay
@techreport{khodjibaev:20210104:interview:6735752, author = {Azim Khodjibaev and Dmytro Korzhevin and Kendall McKay}, title = {{Interview with a LockBit ransomware operator}}, date = {2021-01-04}, institution = {Cisco Talos}, url = {https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/481/original/010421_LockBit_Interview.pdf}, language = {English}, urldate = {2021-02-17} } Interview with a LockBit ransomware operator
LockBit
2020-12-21Cisco TalosJON MUNSHAW
@online{munshaw:20201221:2020:4a88f84, author = {JON MUNSHAW}, title = {{2020: The year in malware}}, date = {2020-12-21}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/12/2020-year-in-malware.html}, language = {English}, urldate = {2020-12-26} } 2020: The year in malware
WolfRAT Prometei Poet RAT Agent Tesla Astaroth Ave Maria CRAT Emotet Gozi IndigoDrop JhoneRAT Nanocore RAT NjRAT Oblique RAT SmokeLoader StrongPity WastedLocker Zloader
2020-12-14Cisco TalosNick Biasini
@online{biasini:20201214:threat:63acc35, author = {Nick Biasini}, title = {{Threat Advisory: SolarWinds supply chain attack}}, date = {2020-12-14}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/12/solarwinds-supplychain-coverage.html#more}, language = {English}, urldate = {2020-12-19} } Threat Advisory: SolarWinds supply chain attack
SUNBURST TEARDROP
2020-11-17Cisco TalosNikhil Hegde
@online{hegde:20201117:nibiru:7a0faf4, author = {Nikhil Hegde}, title = {{Nibiru ransomware variant decryptor}}, date = {2020-11-17}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/11/Nibiru-ransomware.html}, language = {English}, urldate = {2020-11-19} } Nibiru ransomware variant decryptor
Nibiru
2020-10-29Cisco TalosWarren Mercer, Paul Rascagnères, Vitor Ventura
@online{mercer:20201029:donots:850f31b, author = {Warren Mercer and Paul Rascagnères and Vitor Ventura}, title = {{DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread}}, date = {2020-10-29}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/10/donot-firestarter.html}, language = {English}, urldate = {2020-10-29} } DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread
Unidentified APK 005
2020-09-29Cisco TalosChris Neal
@online{neal:20200929:lodarat:d1cf82f, author = {Chris Neal}, title = {{LodaRAT Update: Alive and Well}}, date = {2020-09-29}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/09/lodarat-update-alive-and-well.html}, language = {English}, urldate = {2020-10-04} } LodaRAT Update: Alive and Well
Loda
2020-09-21Cisco TalosNick Mavis, Joe Marshall, JON MUNSHAW
@techreport{mavis:20200921:art:d9702a4, author = {Nick Mavis and Joe Marshall and JON MUNSHAW}, title = {{The art and science of detecting Cobalt Strike}}, date = {2020-09-21}, institution = {Cisco Talos}, url = {https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf}, language = {English}, urldate = {2020-09-23} } The art and science of detecting Cobalt Strike
Cobalt Strike
2020-09-02Cisco TalosHolger Unterbrink, Edmund Brumaghin
@online{unterbrink:20200902:salfram:74ae3c9, author = {Holger Unterbrink and Edmund Brumaghin}, title = {{Salfram: Robbing the place without removing your name tag}}, date = {2020-09-02}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/09/salfram-robbing-place-without-removing.html}, language = {English}, urldate = {2020-09-03} } Salfram: Robbing the place without removing your name tag
Ave Maria ISFB SmokeLoader Zloader