Click here to download all references as Bib-File.
2023-07-19 ⋅ Twitter (@h2jazi) ⋅ Tweet on observation with Korean targeting, suspecting Lazarus Unidentified 105 |
2023-05-10 ⋅ Malwarebytes ⋅ Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020 PowerMagic |
2022-08-03 ⋅ Malwarebytes ⋅ Woody RAT: A new feature-rich malware spotted in the wild Woody RAT |
2022-07-13 ⋅ Malwarebytes Labs ⋅ Cobalt Strikes again: UAC-0056 continues to target Ukraine in its latest campaign Cobalt Strike |
2022-04-05 ⋅ Malwarebytes Labs ⋅ Colibri Loader combines Task Scheduler and PowerShell in clever persistence technique Colibri Loader Mars Stealer |
2022-04-01 ⋅ Malwarebytes ⋅ New UAC-0056 activity: There’s a Go Elephant in the room GrimPlant SaintBear |
2022-03-29 ⋅ Malwarebytes Labs ⋅ New spear phishing campaign targets Russian dissidents Unidentified PS 002 (RAT) Cobalt Strike |
2022-01-27 ⋅ Malwarebytes Labs ⋅ North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign |
2021-12-02 ⋅ Malwarebytes ⋅ SideCopy APT: Connecting lures to victims, payloads to infrastructure SideCopy |
2021-11-12 ⋅ Malwarebytes ⋅ A multi-stage PowerShell based attack targets Kazakhstan Cobalt Strike |
2021-08-20 ⋅ Malwarebytes ⋅ New variant of Konni malware used in campaign targetting Russia Konni |
2021-07-28 ⋅ Malwarebytes ⋅ Crimea “manifesto” deploys VBA Rat using double attack vectors |
2021-06-01 ⋅ Malwarebytes ⋅ Kimsuky APT continues to target South Korean government using AppleSeed backdoor Appleseed |
2021-04-19 ⋅ Malwarebytes ⋅ Lazarus APT conceals malicious code within BMP image to drop its RAT TigerLite |
2021-04-19 ⋅ Malwarebytes ⋅ Lazarus APT conceals malicious code within BMP image to drop its RAT BISTROMATH |
2021-04-06 ⋅ Malwarebytes ⋅ Aurora campaign: Attacking Azerbaijan using multiple RATs |
2021-03-05 ⋅ Malwarebytes ⋅ New steganography attack targets Azerbaijan |
2021-02-24 ⋅ Malwarebytes ⋅ LazyScripter: From Empire to double RAT Octopus Koadic |
2021-01-06 ⋅ Malwarebytes ⋅ Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat RokRAT |
2020-10-28 ⋅ Malwarebytes ⋅ Fake COVID-19 survey hides ransomware in Canadian university attack Vaggen |