Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-03-22Cisco TalosEdmund Brumaghin, Jaeson Schultz
@online{brumaghin:20230322:emotet:fa8054c, author = {Edmund Brumaghin and Jaeson Schultz}, title = {{Emotet Resumes Spam Operations, Switches to OneNote}}, date = {2023-03-22}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/emotet-switches-to-onenote/}, language = {English}, urldate = {2023-03-23} } Emotet Resumes Spam Operations, Switches to OneNote
Emotet
2023-03-14Cisco TalosAsheer Malhotra, Vitor Ventura
@online{malhotra:20230314:talos:f709c24, author = {Asheer Malhotra and Vitor Ventura}, title = {{Talos uncovers espionage campaigns targeting CIS countries, embassies and EU health care agency}}, date = {2023-03-14}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/yorotrooper-espionage-campaign-cis-turkey-europe/}, language = {English}, urldate = {2023-03-20} } Talos uncovers espionage campaigns targeting CIS countries, embassies and EU health care agency
Poet RAT Loda
2023-01-18SANS ISCBrad Duncan
@online{duncan:20230118:malicious:df039e8, author = {Brad Duncan}, title = {{Malicious Google Ad --> Fake Notepad++ Page --> Aurora Stealer malware}}, date = {2023-01-18}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/rss/29448}, language = {English}, urldate = {2023-01-19} } Malicious Google Ad --> Fake Notepad++ Page --> Aurora Stealer malware
Aurora Stealer
2023-01-05PhylumPhylum Research Team
@online{team:20230105:deep:3490e09, author = {Phylum Research Team}, title = {{A Deep Dive Into poweRAT: a Newly Discovered Stealer/RAT Combo Polluting PyPI}}, date = {2023-01-05}, organization = {Phylum}, url = {https://blog.phylum.io/a-deep-dive-into-powerat-a-newly-discovered-stealer/rat-combo-polluting-pypi}, language = {English}, urldate = {2023-02-21} } A Deep Dive Into poweRAT: a Newly Discovered Stealer/RAT Combo Polluting PyPI
poweRAT
2022-12-24di.sclosu.redi.sclosu.re
@online{disclosure:20221224:njrat:0b45969, author = {di.sclosu.re}, title = {{njRAT malware spreading through Discord CDN and Facebook Ads}}, date = {2022-12-24}, organization = {di.sclosu.re}, url = {https://di.sclosu.re/en/njrat-malware-spreading-through-discord-cdn-and-facebook-ads/}, language = {English}, urldate = {2023-01-10} } njRAT malware spreading through Discord CDN and Facebook Ads
NjRAT
2022-12-21Group-IBArtem Grischenko
@online{grischenko:20221221:godfather:fbc2595, author = {Artem Grischenko}, title = {{Godfather: A banking Trojan that is impossible to refuse}}, date = {2022-12-21}, organization = {Group-IB}, url = {https://blog.group-ib.com/godfather-trojan}, language = {English}, urldate = {2022-12-24} } Godfather: A banking Trojan that is impossible to refuse
Godfather
2022-12-20Twitter (@Gi7w0rm)Gi7w0rm
@online{gi7w0rm:20221220:twitter:82cd3da, author = {Gi7w0rm}, title = {{Twitter posts discussing recent sighting of Laplas}}, date = {2022-12-20}, organization = {Twitter (@Gi7w0rm)}, url = {https://twitter.com/Gi7w0rm/status/1604999633792647169}, language = {English}, urldate = {2022-12-20} } Twitter posts discussing recent sighting of Laplas
LaplasClipper
2022-12-18SANS ISCGuy Bruneau
@online{bruneau:20221218:infostealer:12fb43f, author = {Guy Bruneau}, title = {{Infostealer Malware with Double Extension}}, date = {2022-12-18}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/Infostealer+Malware+with+Double+Extension/29354}, language = {English}, urldate = {2022-12-20} } Infostealer Malware with Double Extension
Agent Tesla
2022-12-15ISCBrad Duncan
@online{duncan:20221215:google:179f840, author = {Brad Duncan}, title = {{Google ads lead to fake software pages pushing IcedID (Bokbot)}}, date = {2022-12-15}, organization = {ISC}, url = {https://isc.sans.edu/diary/Google+ads+lead+to+fake+software+pages+pushing+IcedID+Bokbot/29344}, language = {English}, urldate = {2022-12-19} } Google ads lead to fake software pages pushing IcedID (Bokbot)
IcedID
2022-12-08Cisco TalosTiago Pereira
@online{pereira:20221208:breaking:7f00030, author = {Tiago Pereira}, title = {{Breaking the silence - Recent Truebot activity}}, date = {2022-12-08}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/breaking-the-silence-recent-truebot-activity/}, language = {English}, urldate = {2022-12-12} } Breaking the silence - Recent Truebot activity
Clop Cobalt Strike FlawedGrace Raspberry Robin Silence Teleport
2022-12-01mostwanted002
@online{mostwanted002:20221201:malware:c0d4dc7, author = {mostwanted002}, title = {{Malware Analysis and Triage Report : PirateStealer - Discord_beta.exe}}, date = {2022-12-01}, url = {https://mostwanted002.cf/post/malware-analysis-and-triage-report-piratestealer/}, language = {English}, urldate = {2022-12-01} } Malware Analysis and Triage Report : PirateStealer - Discord_beta.exe
PirateStealer
2022-11-21vmwareThreat Analysis Unit
@online{unit:20221121:threat:7972abc, author = {Threat Analysis Unit}, title = {{Threat Analysis: Active C2 Discovery Using Protocol Emulation Part4 (Dacls, aka MATA)}}, date = {2022-11-21}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/11/threat-analysis-active-c2-discovery-using-protocol-emulation-part4-dacls-aka-mata.html}, language = {English}, urldate = {2022-11-28} } Threat Analysis: Active C2 Discovery Using Protocol Emulation Part4 (Dacls, aka MATA)
Dacls
2022-11-09Cisco TalosEdmund Brumaghin
@online{brumaghin:20221109:threat:151d926, author = {Edmund Brumaghin}, title = {{Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns}}, date = {2022-11-09}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/ipfs-abuse/}, language = {English}, urldate = {2022-11-11} } Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns
Agent Tesla
2022-10-24Medium s2wlabLee Sebin, Shin Yeongjae
@online{sebin:20221024:unveil:8034279, author = {Lee Sebin and Shin Yeongjae}, title = {{Unveil the evolution of Kimsuky targeting Android devices with newly discovered mobile malware}}, date = {2022-10-24}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/unveil-the-evolution-of-kimsuky-targeting-android-devices-with-newly-discovered-mobile-malware-280dae5a650f}, language = {English}, urldate = {2022-12-20} } Unveil the evolution of Kimsuky targeting Android devices with newly discovered mobile malware
FastFire FastSpy
2022-09-08Cisco TalosJung soo An, Asheer Malhotra, Vitor Ventura
@online{an:20220908:lazarus:236b4b4, author = {Jung soo An and Asheer Malhotra and Vitor Ventura}, title = {{Lazarus and the tale of three RATs}}, date = {2022-09-08}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/09/lazarus-three-rats.html}, language = {English}, urldate = {2023-01-19} } Lazarus and the tale of three RATs
MagicRAT MimiKatz VSingle YamaBot
2022-09-07Cisco TalosJung soo An, Asheer Malhotra, Vitor Ventura
@online{an:20220907:magicrat:efb6a3d, author = {Jung soo An and Asheer Malhotra and Vitor Ventura}, title = {{MagicRAT: Lazarus’ latest gateway into victim networks}}, date = {2022-09-07}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/09/lazarus-magicrat.html}, language = {English}, urldate = {2022-09-16} } MagicRAT: Lazarus’ latest gateway into victim networks
MagicRAT Tiger RAT
2022-08-30CiscoVanja Svajcer
@online{svajcer:20220830:modernloader:5b62dce, author = {Vanja Svajcer}, title = {{ModernLoader delivers multiple stealers, cryptominers and RATs}}, date = {2022-08-30}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2022/08/modernloader-delivers-multiple-stealers.html}, language = {English}, urldate = {2022-08-31} } ModernLoader delivers multiple stealers, cryptominers and RATs
Coinminer DCRat ModernLoader RedLine Stealer SapphireMiner SystemBC
2022-08-19UptycsSiddharth Sharma, Nischay Hedge
@online{sharma:20220819:is:59a2562, author = {Siddharth Sharma and Nischay Hedge}, title = {{Is Tox The New C&C Method For Coinminers?}}, date = {2022-08-19}, organization = {Uptycs}, url = {https://www.uptycs.com/blog/is-tox-the-new-cc-method-for-coinminers}, language = {English}, urldate = {2022-08-26} } Is Tox The New C&C Method For Coinminers?
Unidentified ELF 006 (Tox Backdoor)
2022-08-19SANS ISCBrad Duncan
@online{duncan:20220819:brazil:ba12b0c, author = {Brad Duncan}, title = {{Brazil malspam pushes Astaroth (Guildma) malware}}, date = {2022-08-19}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/Brazil+malspam+pushes+Astaroth+%28Guildma%29+malware/28962}, language = {English}, urldate = {2022-08-28} } Brazil malspam pushes Astaroth (Guildma) malware
Astaroth
2022-08-12SANS ISCBrad Duncan
@online{duncan:20220812:monster:cbf3101, author = {Brad Duncan}, title = {{Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike}}, date = {2022-08-12}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/rss/28934}, language = {English}, urldate = {2022-08-15} } Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike
Cobalt Strike DarkVNC IcedID