Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-04-05Malwarebytes LabsAnkur Saini, Hossein Jazi, Jérôme Segura
@online{saini:20220405:colibri:ee97c2e, author = {Ankur Saini and Hossein Jazi and Jérôme Segura}, title = {{Colibri Loader combines Task Scheduler and PowerShell in clever persistence technique}}, date = {2022-04-05}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/04/colibri-loader-combines-task-scheduler-and-powershell-in-clever-persistence-technique/}, language = {English}, urldate = {2022-04-07} } Colibri Loader combines Task Scheduler and PowerShell in clever persistence technique
Colibri Loader Vidar
2021-11-03MalwarebytesJérôme Segura
@online{segura:20211103:credit:ab7b79f, author = {Jérôme Segura}, title = {{Credit card skimmer evades Virtual Machines}}, date = {2021-11-03}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2021/11/credit-card-skimmer-evades-virtual-machines/}, language = {English}, urldate = {2021-11-08} } Credit card skimmer evades Virtual Machines
magecart
2021-10-19MalwarebytesJérôme Segura
@online{segura:20211019:qlogger:4f23de5, author = {Jérôme Segura}, title = {{q-logger skimmer keeps Magecart attacks going}}, date = {2021-10-19}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2021/10/q-logger-skimmer-keeps-magecart-attacks-going/}, language = {English}, urldate = {2021-10-26} } q-logger skimmer keeps Magecart attacks going
magecart
2021-09-13MalwarebytesJérôme Segura
@online{segura:20210913:many:c651ab9, author = {Jérôme Segura}, title = {{The many tentacles of Magecart Group 8}}, date = {2021-09-13}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2021/09/the-many-tentacles-of-magecart-group-8/}, language = {English}, urldate = {2021-09-19} } The many tentacles of Magecart Group 8
magecart
2021-07-16Malwarebytes LabsJérôme Segura
@online{segura:20210716:vidar:372aace, author = {Jérôme Segura}, title = {{Vidar and GandCrab: stealer and ransomware combo observed in the wild}}, date = {2021-07-16}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-analysis/2019/01/vidar-gandcrab-stealer-and-ransomware-combo-observed-in-the-wild/}, language = {English}, urldate = {2022-04-12} } Vidar and GandCrab: stealer and ransomware combo observed in the wild
Gandcrab Vidar
2021-06-28MalwarebytesJérôme Segura
@online{segura:20210628:lil:e675ba5, author = {Jérôme Segura}, title = {{Lil' skimmer, the Magecart impersonator - Malwarebytes Labs}}, date = {2021-06-28}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/cybercrime/2021/06/lil-skimmer-the-magecart-impersonator/}, language = {English}, urldate = {2021-07-09} } Lil' skimmer, the Magecart impersonator - Malwarebytes Labs
magecart
2021-05-13MalwarebytesJérôme Segura
@online{segura:20210513:newly:396ce52, author = {Jérôme Segura}, title = {{Newly observed PHP-based skimmer shows ongoing Magecart Group 12 activity}}, date = {2021-05-13}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/cybercrime/2021/05/newly-observed-php-based-skimmer-shows-ongoing-magecart-group-12-activity/}, language = {English}, urldate = {2021-05-17} } Newly observed PHP-based skimmer shows ongoing Magecart Group 12 activity
magecart
2021-02-02MalwarebytesJérôme Segura
@online{segura:20210202:credit:e2ea3ca, author = {Jérôme Segura}, title = {{Credit card skimmer piggybacks on Magento 1 hacking spree}}, date = {2021-02-02}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/cybercrime/2021/02/credit-card-skimmer-piggybacks-on-magento-1-hacking-spree/}, language = {English}, urldate = {2021-02-04} } Credit card skimmer piggybacks on Magento 1 hacking spree
2020-11-30Malwarebyteshasherezade, Jérôme Segura
@online{hasherezade:20201130:german:72b40c6, author = {hasherezade and Jérôme Segura}, title = {{German users targeted with Gootkit banker or REvil ransomware}}, date = {2020-11-30}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2020/11/german-users-targeted-with-gootkit-banker-or-revil-ransomware/}, language = {English}, urldate = {2020-12-03} } German users targeted with Gootkit banker or REvil ransomware
GootKit REvil
2020-10-28MalwarebytesJérôme Segura, Hossein Jazi, hasherezade, Marcelo Rivero
@online{segura:20201028:fake:b7a76ac, author = {Jérôme Segura and Hossein Jazi and hasherezade and Marcelo Rivero}, title = {{Fake COVID-19 survey hides ransomware in Canadian university attack}}, date = {2020-10-28}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/cybercrime/2020/10/fake-covid-19-survey-hides-ransomware-in-canadian-university-attack/}, language = {English}, urldate = {2020-10-29} } Fake COVID-19 survey hides ransomware in Canadian university attack
Vaggen
2020-10-06MalwarebytesHossein Jazi, Jérôme Segura
@online{jazi:20201006:release:11f16dc, author = {Hossein Jazi and Jérôme Segura}, title = {{Release the Kraken: Fileless APT attack abuses Windows Error Reporting service}}, date = {2020-10-06}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/malwarebytes-news/2020/10/kraken-attack-abuses-wer-service}, language = {English}, urldate = {2020-10-08} } Release the Kraken: Fileless APT attack abuses Windows Error Reporting service
2020-09-01MalwarebytesJérôme Segura
@online{segura:20200901:new:e31a075, author = {Jérôme Segura}, title = {{New web skimmer steals credit card data, sends to crooks via Telegram}}, date = {2020-09-01}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/web-threats/2020/09/web-skimmer-steals-credit-card-data-via-telegram/}, language = {English}, urldate = {2020-09-03} } New web skimmer steals credit card data, sends to crooks via Telegram
2020-08-10MalwarebytesJérôme Segura
@online{segura:20200810:sba:afdfd32, author = {Jérôme Segura}, title = {{SBA phishing scams: from malware to advanced social engineering}}, date = {2020-08-10}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/scams/2020/08/sba-phishing-scams-from-malware-to-advanced-social-engineering/}, language = {English}, urldate = {2020-08-12} } SBA phishing scams: from malware to advanced social engineering
CloudEyE
2020-07-21MalwarebytesHossein Jazi, Jérôme Segura
@online{jazi:20200721:chinese:da6a239, author = {Hossein Jazi and Jérôme Segura}, title = {{Chinese APT group targets India and Hong Kong using new variant of MgBot malware}}, date = {2020-07-21}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2020/07/chinese-apt-group-targets-india-and-hong-kong-using-new-variant-of-mgbot-malware/}, language = {English}, urldate = {2020-07-22} } Chinese APT group targets India and Hong Kong using new variant of MgBot malware
KSREMOTE Cobalt Strike MgBot
2020-06-25MalwarebytesJérôme Segura
@online{segura:20200625:web:2b712b2, author = {Jérôme Segura}, title = {{Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files}}, date = {2020-06-25}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2020/06/web-skimmer-hides-within-exif-metadata-exfiltrates-credit-cards-via-image-files/}, language = {English}, urldate = {2020-06-29} } Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files
magecart
2020-06-17MalwarebytesHossein Jazi, Jérôme Segura
@online{jazi:20200617:multistage:6358f3f, author = {Hossein Jazi and Jérôme Segura}, title = {{Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature}}, date = {2020-06-17}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2020/06/multi-stage-apt-attack-drops-cobalt-strike-using-malleable-c2-feature/}, language = {English}, urldate = {2020-06-19} } Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature
Cobalt Strike
2020-06-03MalwarebytesHossein Jazi, Jérôme Segura
@online{jazi:20200603:new:96bf302, author = {Hossein Jazi and Jérôme Segura}, title = {{New LNK attack tied to Higaisa APT discovered}}, date = {2020-06-03}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2020/06/higaisa/}, language = {English}, urldate = {2020-06-05} } New LNK attack tied to Higaisa APT discovered
Higaisa
2020-05-06MalwarebytesHossein Jazi, Thomas Reed, Jérôme Segura
@online{jazi:20200506:new:7723083, author = {Hossein Jazi and Thomas Reed and Jérôme Segura}, title = {{New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app}}, date = {2020-05-06}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2020/05/new-mac-variant-of-lazarus-dacls-rat-distributed-via-trojanized-2fa-app/}, language = {English}, urldate = {2020-05-07} } New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app
Dacls
2020-02-10MalwarebytesAdam Kujawa, Wendy Zamora, Jérôme Segura, Thomas Reed, Nathan Collier, Jovi Umawing, Chris Boyd, Pieter Arntz, David Ruiz
@techreport{kujawa:20200210:2020:3fdaf12, author = {Adam Kujawa and Wendy Zamora and Jérôme Segura and Thomas Reed and Nathan Collier and Jovi Umawing and Chris Boyd and Pieter Arntz and David Ruiz}, title = {{2020 State of Malware Report}}, date = {2020-02-10}, institution = {Malwarebytes}, url = {https://resources.malwarebytes.com/files/2020/02/2020_State-of-Malware-Report.pdf}, language = {English}, urldate = {2020-02-13} } 2020 State of Malware Report
magecart Emotet QakBot REvil Ryuk TrickBot WannaCryptor
2019-06-04MalwarebytesJérôme Segura
@online{segura:20190604:magecart:7c1581d, author = {Jérôme Segura}, title = {{Magecart skimmers found on Amazon CloudFront CDN}}, date = {2019-06-04}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2019/06/magecart-skimmers-found-on-amazon-cloudfront-cdn/}, language = {English}, urldate = {2019-12-20} } Magecart skimmers found on Amazon CloudFront CDN
magecart