Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-08-31Cisco TalosEdmund Brumaghin
@online{brumaghin:20230831:sapphirestealer:59b335d, author = {Edmund Brumaghin}, title = {{SapphireStealer: Open-source information stealer enables credential and data theft}}, date = {2023-08-31}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/sapphirestealer-goes-open-source/}, language = {English}, urldate = {2023-09-01} } SapphireStealer: Open-source information stealer enables credential and data theft
2023-04-04Cisco TalosEdmund Brumaghin
@online{brumaghin:20230404:typhon:8666307, author = {Edmund Brumaghin}, title = {{Typhon Reborn V2: Updated stealer features enhanced anti-analysis and evasion capabilities}}, date = {2023-04-04}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/typhon-reborn-v2-features-enhanced-anti-analysis/}, language = {English}, urldate = {2023-04-08} } Typhon Reborn V2: Updated stealer features enhanced anti-analysis and evasion capabilities
Typhon Stealer
2023-03-22Cisco TalosEdmund Brumaghin, Jaeson Schultz
@online{brumaghin:20230322:emotet:fa8054c, author = {Edmund Brumaghin and Jaeson Schultz}, title = {{Emotet Resumes Spam Operations, Switches to OneNote}}, date = {2023-03-22}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/emotet-switches-to-onenote/}, language = {English}, urldate = {2023-03-23} } Emotet Resumes Spam Operations, Switches to OneNote
Emotet
2022-11-09Cisco TalosEdmund Brumaghin
@online{brumaghin:20221109:threat:151d926, author = {Edmund Brumaghin}, title = {{Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns}}, date = {2022-11-09}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/ipfs-abuse/}, language = {English}, urldate = {2022-11-11} } Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns
Agent Tesla
2022-08-04Cisco TalosEdmund Brumaghin, Azim Khodjibaev, Matt Thaxton, Arnaud Zobec
@online{brumaghin:20220804:attackers:682f446, author = {Edmund Brumaghin and Azim Khodjibaev and Matt Thaxton and Arnaud Zobec}, title = {{Attackers leveraging Dark Utilities "C2aaS" platform in malware campaigns}}, date = {2022-08-04}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/dark-utilities/}, language = {English}, urldate = {2023-03-23} } Attackers leveraging Dark Utilities "C2aaS" platform in malware campaigns
2022-04-14Cisco TalosEdmund Brumaghin, Vanja Svajcer
@online{brumaghin:20220414:haskers:77516e0, author = {Edmund Brumaghin and Vanja Svajcer}, title = {{"Haskers Gang" Introduces New ZingoStealer}}, date = {2022-04-14}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/haskers-gang-zingostealer/}, language = {English}, urldate = {2022-11-02} } "Haskers Gang" Introduces New ZingoStealer
Ginzo Stealer ZingoStealer
2022-04-14Cisco TalosEdmund Brumaghin, Vanja Svajcer, Michael Chen
@online{brumaghin:20220414:threat:45dba55, author = {Edmund Brumaghin and Vanja Svajcer and Michael Chen}, title = {{Threat Spotlight: "Haskers Gang" Introduces New ZingoStealer}}, date = {2022-04-14}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/04/haskers-gang-zingostealer.html}, language = {English}, urldate = {2022-04-15} } Threat Spotlight: "Haskers Gang" Introduces New ZingoStealer
RedLine Stealer
2022-04-05Cisco TalosEdmund Brumaghin, Alex Karkins
@online{brumaghin:20220405:threat:da8955e, author = {Edmund Brumaghin and Alex Karkins}, title = {{Threat Spotlight: AsyncRAT campaigns feature new version of 3LOSH crypter}}, date = {2022-04-05}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/04/asyncrat-3losh-update.html}, language = {English}, urldate = {2022-04-07} } Threat Spotlight: AsyncRAT campaigns feature new version of 3LOSH crypter
AsyncRAT LimeRAT
2021-10-26Cisco TalosEdmund Brumaghin, Mariano Graziano, Nick Mavis
@online{brumaghin:20211026:squirrelwaffle:88c5943, author = {Edmund Brumaghin and Mariano Graziano and Nick Mavis}, title = {{SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike}}, date = {2021-10-26}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/10/squirrelwaffle-emerges.html}, language = {English}, urldate = {2021-11-02} } SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike
Cobalt Strike QakBot Squirrelwaffle
2021-08-31Cisco TalosEdmund Brumaghin, Vitor Ventura
@online{brumaghin:20210831:attracting:5d141c1, author = {Edmund Brumaghin and Vitor Ventura}, title = {{Attracting flies with Honey(gain): Adversarial abuse of proxyware}}, date = {2021-08-31}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/08/proxyware-abuse.html}, language = {English}, urldate = {2021-09-02} } Attracting flies with Honey(gain): Adversarial abuse of proxyware
2021-08-12Edmund Brumaghin, Joe Marshall, Arnaud Zobec
@online{brumaghin:20210812:vice:c55624f, author = {Edmund Brumaghin and Joe Marshall and Arnaud Zobec}, title = {{Vice Society Leverages PrintNightmare In Ransomware Attacks}}, date = {2021-08-12}, url = {https://blog.talosintelligence.com/2021/08/vice-society-ransomware-printnightmare.html}, language = {English}, urldate = {2021-08-15} } Vice Society Leverages PrintNightmare In Ransomware Attacks
2021-05-07Cisco TalosCaitlin Huey, Andrew Windsor, Edmund Brumaghin
@online{huey:20210507:lemon:0d46f81, author = {Caitlin Huey and Andrew Windsor and Edmund Brumaghin}, title = {{Lemon Duck spreads its wings: Actors target Microsoft Exchange servers, incorporate new TTPs}}, date = {2021-05-07}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/05/lemon-duck-spreads-wings.html}, language = {English}, urldate = {2022-02-16} } Lemon Duck spreads its wings: Actors target Microsoft Exchange servers, incorporate new TTPs
CHINACHOPPER Cobalt Strike Lemon Duck
2021-04-07TalosNick Biasini, Edmund Brumaghin, Chris Neal, Paul Eubanks.
@online{biasini:20210407:sowing:2bf94a9, author = {Nick Biasini and Edmund Brumaghin and Chris Neal and Paul Eubanks.}, title = {{Sowing Discord: Reaping the benefits of collaboration app abuse}}, date = {2021-04-07}, organization = {Talos}, url = {https://blog.talosintelligence.com/2021/04/collab-app-abuse.html}, language = {English}, urldate = {2021-04-19} } Sowing Discord: Reaping the benefits of collaboration app abuse
2020-11-18CiscoNick Biasini, Edmund Brumaghin, Jaeson Schultz
@online{biasini:20201118:back:178d20d, author = {Nick Biasini and Edmund Brumaghin and Jaeson Schultz}, title = {{Back from vacation: Analyzing Emotet’s activity in 2020}}, date = {2020-11-18}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2020/11/emotet-2020.html}, language = {English}, urldate = {2020-11-19} } Back from vacation: Analyzing Emotet’s activity in 2020
Emotet
2020-09-02Cisco TalosHolger Unterbrink, Edmund Brumaghin
@online{unterbrink:20200902:salfram:74ae3c9, author = {Holger Unterbrink and Edmund Brumaghin}, title = {{Salfram: Robbing the place without removing your name tag}}, date = {2020-09-02}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/09/salfram-robbing-place-without-removing.html}, language = {English}, urldate = {2020-09-03} } Salfram: Robbing the place without removing your name tag
Ave Maria ISFB SmokeLoader Zloader
2020-07-06Cisco TalosBen Baker, Edmund Brumaghin, JJ Cummings, Arnaud Zobec
@online{baker:20200706:wastedlocker:f33e129, author = {Ben Baker and Edmund Brumaghin and JJ Cummings and Arnaud Zobec}, title = {{WastedLocker Goes "Big-Game Hunting" in 2020}}, date = {2020-07-06}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/07/wastedlocker-emerges.html}, language = {English}, urldate = {2020-07-07} } WastedLocker Goes "Big-Game Hunting" in 2020
WastedLocker
2020-07-01Cisco TalosNick Biasini, Edmund Brumaghin, Mariano Graziano
@online{biasini:20200701:threat:a726b7e, author = {Nick Biasini and Edmund Brumaghin and Mariano Graziano}, title = {{Threat Spotlight: Valak Slithers Its Way Into Manufacturing and Transportation Networks}}, date = {2020-07-01}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/07/valak-emerges.html}, language = {English}, urldate = {2020-08-18} } Threat Spotlight: Valak Slithers Its Way Into Manufacturing and Transportation Networks
Valak IcedID ISFB MyKings Spreader
2020-05-11Cisco TalosNick Biasini, Edmund Brumaghin, Nick Lister
@online{biasini:20200511:astaroth:f325070, author = {Nick Biasini and Edmund Brumaghin and Nick Lister}, title = {{Astaroth - Maze of obfuscation and evasion reveals dark stealer}}, date = {2020-05-11}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/05/astaroth-analysis.html}, language = {English}, urldate = {2020-05-11} } Astaroth - Maze of obfuscation and evasion reveals dark stealer
Astaroth
2020-04-23Cisco TalosEdmund Brumaghin, Amit Raut
@online{brumaghin:20200423:threat:4f7f840, author = {Edmund Brumaghin and Amit Raut}, title = {{Threat Spotlight: MedusaLocker}}, date = {2020-04-23}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/04/medusalocker.html}, language = {English}, urldate = {2020-04-26} } Threat Spotlight: MedusaLocker
MedusaLocker
2020-02-13TalosNick Biasini, Edmund Brumaghin
@online{biasini:20200213:threat:443d687, author = {Nick Biasini and Edmund Brumaghin}, title = {{Threat actors attempt to capitalize on coronavirus outbreak}}, date = {2020-02-13}, organization = {Talos}, url = {https://blog.talosintelligence.com/2020/02/coronavirus-themed-malware.html}, language = {English}, urldate = {2020-03-19} } Threat actors attempt to capitalize on coronavirus outbreak
Emotet Nanocore RAT Parallax RAT