Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-08-03MalwarebytesAnkur Saini, Hossein Jazi
@online{saini:20220803:woody:0b4bbb8, author = {Ankur Saini and Hossein Jazi}, title = {{Woody RAT: A new feature-rich malware spotted in the wild}}, date = {2022-08-03}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/08/woody-rat-a-new-feature-rich-malware-spotted-in-the-wild/}, language = {English}, urldate = {2022-08-05} } Woody RAT: A new feature-rich malware spotted in the wild
Woody RAT
2022-07-13Malwarebytes LabsRoberto Santos, Hossein Jazi
@online{santos:20220713:cobalt:5d47ba1, author = {Roberto Santos and Hossein Jazi}, title = {{Cobalt Strikes again: UAC-0056 continues to target Ukraine in its latest campaign}}, date = {2022-07-13}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/07/cobalt-strikes-again-uac-0056-continues-to-target-ukraine-in-its-latest-campaign/}, language = {English}, urldate = {2022-07-14} } Cobalt Strikes again: UAC-0056 continues to target Ukraine in its latest campaign
Cobalt Strike
2022-04-05Malwarebytes LabsAnkur Saini, Hossein Jazi, Jérôme Segura
@online{saini:20220405:colibri:ee97c2e, author = {Ankur Saini and Hossein Jazi and Jérôme Segura}, title = {{Colibri Loader combines Task Scheduler and PowerShell in clever persistence technique}}, date = {2022-04-05}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/04/colibri-loader-combines-task-scheduler-and-powershell-in-clever-persistence-technique/}, language = {English}, urldate = {2022-06-09} } Colibri Loader combines Task Scheduler and PowerShell in clever persistence technique
Colibri Loader Mars Stealer
2022-04-01MalwarebytesAnkur Saini, Roberto Santos, Hossein Jazi
@online{saini:20220401:new:273cbe0, author = {Ankur Saini and Roberto Santos and Hossein Jazi}, title = {{New UAC-0056 activity: There’s a Go Elephant in the room}}, date = {2022-04-01}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/04/new-uac-0056-activity-theres-a-go-elephant-in-the-room/}, language = {English}, urldate = {2022-04-05} } New UAC-0056 activity: There’s a Go Elephant in the room
GrimPlant SaintBear
2022-03-29Malwarebytes LabsHossein Jazi
@online{jazi:20220329:new:21f3605, author = {Hossein Jazi}, title = {{New spear phishing campaign targets Russian dissidents}}, date = {2022-03-29}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/03/new-spear-phishing-campaign-targets-russian-dissidents/}, language = {English}, urldate = {2022-03-31} } New spear phishing campaign targets Russian dissidents
Unidentified PS 002 (RAT) Cobalt Strike
2022-01-27Malwarebytes LabsAnkur Saini, Hossein Jazi
@online{saini:20220127:north:463e590, author = {Ankur Saini and Hossein Jazi}, title = {{North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign}}, date = {2022-01-27}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/01/north-koreas-lazarus-apt-leverages-windows-update-client-github-in-latest-campaign/}, language = {English}, urldate = {2022-04-07} } North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign
2021-12-02MalwarebytesHossein Jazi, Threat Intelligence Team
@online{jazi:20211202:sidecopy:9e7363c, author = {Hossein Jazi and Threat Intelligence Team}, title = {{SideCopy APT: Connecting lures to victims, payloads to infrastructure}}, date = {2021-12-02}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2021/12/sidecopy-apt-connecting-lures-to-victims-payloads-to-infrastructure/}, language = {English}, urldate = {2021-12-06} } SideCopy APT: Connecting lures to victims, payloads to infrastructure
SideCopy
2021-11-12MalwarebytesHossein Jazi
@online{jazi:20211112:multistage:e70f6d0, author = {Hossein Jazi}, title = {{A multi-stage PowerShell based attack targets Kazakhstan}}, date = {2021-11-12}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2021/11/a-multi-stage-powershell-based-attack-targets-kazakhstan/}, language = {English}, urldate = {2021-11-17} } A multi-stage PowerShell based attack targets Kazakhstan
Cobalt Strike
2021-08-20MalwarebytesHossein Jazi
@online{jazi:20210820:new:2efd65e, author = {Hossein Jazi}, title = {{New variant of Konni malware used in campaign targetting Russia}}, date = {2021-08-20}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2021/08/new-variant-of-konni-malware-used-in-campaign-targetting-russia/}, language = {English}, urldate = {2021-08-25} } New variant of Konni malware used in campaign targetting Russia
Konni
2021-07-28MalwarebytesHossein Jazi
@online{jazi:20210728:crimea:02098e0, author = {Hossein Jazi}, title = {{Crimea “manifesto” deploys VBA Rat using double attack vectors}}, date = {2021-07-28}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2021/07/crimea-manifesto-deploys-vba-rat-using-double-attack-vectors/}, language = {English}, urldate = {2021-08-02} } Crimea “manifesto” deploys VBA Rat using double attack vectors
2021-06-01MalwarebytesHossein Jazi
@online{jazi:20210601:kimsuky:922141b, author = {Hossein Jazi}, title = {{Kimsuky APT continues to target South Korean government using AppleSeed backdoor}}, date = {2021-06-01}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2021/06/kimsuky-apt-continues-to-target-south-korean-government-using-appleseed-backdoor/}, language = {English}, urldate = {2021-06-09} } Kimsuky APT continues to target South Korean government using AppleSeed backdoor
Appleseed
2021-04-19MalwarebytesHossein Jazi
@online{jazi:20210419:lazarus:dd2c372, author = {Hossein Jazi}, title = {{Lazarus APT conceals malicious code within BMP image to drop its RAT}}, date = {2021-04-19}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/malwarebytes-news/2021/04/lazarus-apt-conceals-malicious-code-within-bmp-file-to-drop-its-rat/}, language = {English}, urldate = {2021-06-25} } Lazarus APT conceals malicious code within BMP image to drop its RAT
BISTROMATH
2021-04-06MalwarebytesHossein Jazi
@online{jazi:20210406:aurora:af2fbd7, author = {Hossein Jazi}, title = {{Aurora campaign: Attacking Azerbaijan using multiple RATs}}, date = {2021-04-06}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2021/04/aurora-campaign-attacking-azerbaijan-using-multiple-rats/}, language = {English}, urldate = {2021-04-09} } Aurora campaign: Attacking Azerbaijan using multiple RATs
2021-03-05MalwarebytesHossein Jazi
@online{jazi:20210305:new:eb1e365, author = {Hossein Jazi}, title = {{New steganography attack targets Azerbaijan}}, date = {2021-03-05}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2021/03/new-steganography-attack-targets-azerbaijan/}, language = {English}, urldate = {2021-03-22} } New steganography attack targets Azerbaijan
2021-02-24MalwarebytesHossein Jazi
@techreport{jazi:20210224:lazyscripter:433f4bc, author = {Hossein Jazi}, title = {{LazyScripter: From Empire to double RAT}}, date = {2021-02-24}, institution = {Malwarebytes}, url = {https://resources.malwarebytes.com/files/2021/02/LazyScripter.pdf}, language = {English}, urldate = {2021-02-25} } LazyScripter: From Empire to double RAT
Octopus Koadic
2021-01-06MalwarebytesHossein Jazi
@online{jazi:20210106:retrohunting:65f1492, author = {Hossein Jazi}, title = {{Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat}}, date = {2021-01-06}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2021/01/retrohunting-apt37-north-korean-apt-used-vba-self-decode-technique-to-inject-rokrat/}, language = {English}, urldate = {2021-01-11} } Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat
RokRAT
2020-10-28MalwarebytesJérôme Segura, Hossein Jazi, hasherezade, Marcelo Rivero
@online{segura:20201028:fake:b7a76ac, author = {Jérôme Segura and Hossein Jazi and hasherezade and Marcelo Rivero}, title = {{Fake COVID-19 survey hides ransomware in Canadian university attack}}, date = {2020-10-28}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/cybercrime/2020/10/fake-covid-19-survey-hides-ransomware-in-canadian-university-attack/}, language = {English}, urldate = {2020-10-29} } Fake COVID-19 survey hides ransomware in Canadian university attack
Vaggen
2020-10-12Malwarebytes LabsRoberto Santos, Hossein Jazi, Jérôme Segura, Malwarebytes Threat Intelligence Team
@techreport{santos:20201012:winnti:597eacc, author = {Roberto Santos and Hossein Jazi and Jérôme Segura and Malwarebytes Threat Intelligence Team}, title = {{Winnti APT group docks in Sri Lanka for new campaign}}, date = {2020-10-12}, institution = {Malwarebytes Labs}, url = {https://www.malwarebytes.com/blog/threat-intelligence/2022/winnti-apt-group-docks-in-sri-lanka-for-new-campaign-final.pdf}, language = {English}, urldate = {2022-11-18} } Winnti APT group docks in Sri Lanka for new campaign
DBoxAgent SerialVlogger Winnti
2020-10-06MalwarebytesHossein Jazi, Jérôme Segura
@online{jazi:20201006:release:11f16dc, author = {Hossein Jazi and Jérôme Segura}, title = {{Release the Kraken: Fileless APT attack abuses Windows Error Reporting service}}, date = {2020-10-06}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/malwarebytes-news/2020/10/kraken-attack-abuses-wer-service}, language = {English}, urldate = {2020-10-08} } Release the Kraken: Fileless APT attack abuses Windows Error Reporting service
2020-09-30MalwarebytesHossein Jazi, Jérôme Segura
@techreport{jazi:20200930:evasive:7d02ab3, author = {Hossein Jazi and Jérôme Segura}, title = {{Evasive Panda}}, date = {2020-09-30}, institution = {Malwarebytes}, url = {https://vb2020.vblocalhost.com/uploads/VB2020-43.pdf}, language = {English}, urldate = {2022-07-25} } Evasive Panda
MgBot BRONZE HIGHLAND