Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-09-07Cisco TalosJung soo An, Asheer Malhotra, Vitor Ventura
@online{an:20220907:magicrat:efb6a3d, author = {Jung soo An and Asheer Malhotra and Vitor Ventura}, title = {{MagicRAT: Lazarus’ latest gateway into victim networks}}, date = {2022-09-07}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/09/lazarus-magicrat.html}, language = {English}, urldate = {2022-09-16} } MagicRAT: Lazarus’ latest gateway into victim networks
MagicRAT Tiger RAT
2022-08-30CiscoVanja Svajcer
@online{svajcer:20220830:modernloader:5b62dce, author = {Vanja Svajcer}, title = {{ModernLoader delivers multiple stealers, cryptominers and RATs}}, date = {2022-08-30}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2022/08/modernloader-delivers-multiple-stealers.html}, language = {English}, urldate = {2022-08-31} } ModernLoader delivers multiple stealers, cryptominers and RATs
Coinminer DCRat ModernLoader RedLine Stealer SapphireMiner SystemBC
2022-08-19UptycsSiddharth Sharma, Nischay Hedge
@online{sharma:20220819:is:59a2562, author = {Siddharth Sharma and Nischay Hedge}, title = {{Is Tox The New C&C Method For Coinminers?}}, date = {2022-08-19}, organization = {Uptycs}, url = {https://www.uptycs.com/blog/is-tox-the-new-cc-method-for-coinminers}, language = {English}, urldate = {2022-08-26} } Is Tox The New C&C Method For Coinminers?
Unidentified ELF 006 (Tox Backdoor)
2022-08-19SANS ISCBrad Duncan
@online{duncan:20220819:brazil:ba12b0c, author = {Brad Duncan}, title = {{Brazil malspam pushes Astaroth (Guildma) malware}}, date = {2022-08-19}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/Brazil+malspam+pushes+Astaroth+%28Guildma%29+malware/28962}, language = {English}, urldate = {2022-08-28} } Brazil malspam pushes Astaroth (Guildma) malware
Astaroth
2022-08-12SANS ISCBrad Duncan
@online{duncan:20220812:monster:cbf3101, author = {Brad Duncan}, title = {{Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike}}, date = {2022-08-12}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/rss/28934}, language = {English}, urldate = {2022-08-15} } Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike
Cobalt Strike DarkVNC IcedID
2022-08-10CiscoNick Biasini
@online{biasini:20220810:cisco:81eec81, author = {Nick Biasini}, title = {{Cisco Talos shares insights related to recent cyber attack on Cisco}}, date = {2022-08-10}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html}, language = {English}, urldate = {2022-08-11} } Cisco Talos shares insights related to recent cyber attack on Cisco
Yanluowang
2022-08-09CiscoOnur Mustafa Erdogan
@online{erdogan:20220809:raspberry:3652ff7, author = {Onur Mustafa Erdogan}, title = {{Raspberry Robin: Highly Evasive Worm Spreads over External Disks}}, date = {2022-08-09}, organization = {Cisco}, url = {https://blogs.cisco.com/security/raspberry-robin-highly-evasive-worm-spreads-over-external-disks}, language = {English}, urldate = {2022-08-22} } Raspberry Robin: Highly Evasive Worm Spreads over External Disks
Raspberry Robin
2022-08-02Cisco TalosAsheer Malhotra, Vitor Ventura
@online{malhotra:20220802:manjusaka:706c14a, author = {Asheer Malhotra and Vitor Ventura}, title = {{Manjusaka: A Chinese sibling of Sliver and Cobalt Strike}}, date = {2022-08-02}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html}, language = {English}, urldate = {2022-08-02} } Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
Manjusaka Cobalt Strike Manjusaka
2022-07-28KasperskyIgor Kuznetsov, Leonid Bezvershenko
@online{kuznetsov:20220728:lofylife:44645c7, author = {Igor Kuznetsov and Leonid Bezvershenko}, title = {{LofyLife: malicious npm packages steal Discord tokens and bank card data}}, date = {2022-07-28}, organization = {Kaspersky}, url = {https://securelist.com/lofylife-malicious-npm-packages/107014}, language = {English}, urldate = {2022-08-28} } LofyLife: malicious npm packages steal Discord tokens and bank card data
2022-07-28Kaspersky LabsIgor Kuznetsov, Leonid Bezvershenko
@online{kuznetsov:20220728:lofylife:0d316b3, author = {Igor Kuznetsov and Leonid Bezvershenko}, title = {{LofyLife: malicious npm packages steal Discord tokens and bank card data}}, date = {2022-07-28}, organization = {Kaspersky Labs}, url = {https://securelist.com/lofylife-malicious-npm-packages/107014/}, language = {English}, urldate = {2022-08-28} } LofyLife: malicious npm packages steal Discord tokens and bank card data
Lofy
2022-07-27SANS ISCBrad Duncan
@online{duncan:20220727:icedid:839e33a, author = {Brad Duncan}, title = {{IcedID (Bokbot) with Dark VNC and Cobalt Strike}}, date = {2022-07-27}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/IcedID+%28Bokbot%29+with+Dark+VNC+and+Cobalt+Strike/28884}, language = {English}, urldate = {2022-07-28} } IcedID (Bokbot) with Dark VNC and Cobalt Strike
DarkVNC IcedID
2022-07-25KasperskyGReAT
@online{great:20220725:cosmicstrand:c1e791b, author = {GReAT}, title = {{CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit}}, date = {2022-07-25}, organization = {Kaspersky}, url = {https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/}, language = {English}, urldate = {2022-07-25} } CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit
2022-07-20U.S. Cyber CommandCyber National Mission Force Public Affairs
@online{affairs:20220720:cyber:b7604e7, author = {Cyber National Mission Force Public Affairs}, title = {{Cyber National Mission Force discloses IOCs from Ukrainian networks}}, date = {2022-07-20}, organization = {U.S. Cyber Command}, url = {https://www.cybercom.mil/Media/News/Article/3098856/cyber-national-mission-force-discloses-iocs-from-ukrainian-networks/}, language = {English}, urldate = {2022-07-25} } Cyber National Mission Force discloses IOCs from Ukrainian networks
Cobalt Strike GraphSteel GrimPlant MicroBackdoor
2022-07-18Palo Alto Networks Unit 42Unit 42
@online{42:20220718:moldy:593ab77, author = {Unit 42}, title = {{Moldy Pisces}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/moldypisces/}, language = {English}, urldate = {2022-07-29} } Moldy Pisces
RokRAT APT37
2022-07-18CensysCensys
@techreport{censys:20220718:russian:dfd4246, author = {Censys}, title = {{Russian Ransomware C2 Network Discovered in Censys Data}}, date = {2022-07-18}, institution = {Censys}, url = {https://5851803.fs1.hubspotusercontent-na1.net/hubfs/5851803/Russian%20Ransomware%20C2%20Network%20Discovered%20in%20Censys%20Data.pdf}, language = {English}, urldate = {2022-07-25} } Russian Ransomware C2 Network Discovered in Censys Data
Cobalt Strike MimiKatz PoshC2
2022-07-13CiscoNick Biasini
@online{biasini:20220713:transparent:b83f9dd, author = {Nick Biasini}, title = {{Transparent Tribe begins targeting education sector in latest campaign}}, date = {2022-07-13}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2022/07/transparent-tribe-targets-education.html}, language = {English}, urldate = {2022-07-15} } Transparent Tribe begins targeting education sector in latest campaign
Crimson RAT Oblique RAT
2022-07-08SekoiaThreat & Detection Research Team
@online{team:20220708:vice:a611407, author = {Threat & Detection Research Team}, title = {{Vice Society: a discreet but steady double extortion ransomware group}}, date = {2022-07-08}, organization = {Sekoia}, url = {https://blog.sekoia.io/vice-society-a-discreet-but-steady-double-extortion-ransomware-group}, language = {English}, urldate = {2022-08-18} } Vice Society: a discreet but steady double extortion ransomware group
HelloKitty
2022-07-07SANS ISCBrad Duncan
@online{duncan:20220707:emotet:3732ca7, author = {Brad Duncan}, title = {{Emotet infection with Cobalt Strike}}, date = {2022-07-07}, organization = {SANS ISC}, url = {https://isc.sans.edu/forums/diary/Emotet%20infection%20with%20Cobalt%20Strike/28824/}, language = {English}, urldate = {2022-07-12} } Emotet infection with Cobalt Strike
Cobalt Strike Emotet
2022-07-06FortinetCara Lin
@online{lin:20220706:from:1196ee3, author = {Cara Lin}, title = {{From Follina to Rozena - Leveraging Discord to Distribute a Backdoor}}, date = {2022-07-06}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/follina-rozena-leveraging-discord-to-distribute-a-backdoor}, language = {English}, urldate = {2022-07-12} } From Follina to Rozena - Leveraging Discord to Distribute a Backdoor
Rozena
2022-06-30CYBER GEEKS All Things InfosecCyberMasterV
@online{cybermasterv:20220630:how:035d973, author = {CyberMasterV}, title = {{How to Expose a Potential Cybercriminal due to Misconfigurations}}, date = {2022-06-30}, organization = {CYBER GEEKS All Things Infosec}, url = {https://cybergeeks.tech/how-to-expose-a-potential-cybercriminal-due-to-misconfigurations}, language = {English}, urldate = {2022-08-31} } How to Expose a Potential Cybercriminal due to Misconfigurations
Loki Password Stealer (PWS)