Click here to download all references as Bib-File.•
| 2024-11-18
⋅
Kroll
⋅
CARBANAK (aka ANUNAK) Distributed via IDATLOADER (aka HIJACKLOADER) Carbanak HijackLoader |
| 2024-11-12
⋅
Kroll
⋅
LUMMASTEALER Delivered Via PowerShell Social Engineering Lumma Stealer |
| 2024-08-14
⋅
Kroll
⋅
REDLINESTEALER Malware Driving the Initial Access Broker Market RedLine Stealer |
| 2024-07-05
⋅
Kroll
⋅
CLEARFAKE Update Tricks Victim into Executing Malicious PowerShell Code ClearFake |
| 2024-06-24
⋅
Kroll
⋅
Novel Technique Combination Used In IDATLOADER Distribution Emmenhtal HijackLoader |
| 2024-06-11
⋅
Kroll
⋅
PLAY Ransomware Group Gains Access via Citrix Bleed Vulnerability PLAY |
| 2024-03-13
⋅
Kroll
⋅
LESLIELOADER – Undocumented Loader Observed Leslieloader |
| 2024-03-05
⋅
Kroll
⋅
TODDLERSHARK: ScreenConnect Vulnerability Exploited to Deploy BABYSHARK Variant BabyShark |
| 2024-01-19
⋅
Kroll
⋅
Inside the SYSTEMBC Command-and-Control Server SystemBC |
| 2024-01-18
⋅
Kroll
⋅
Open the DARKGATE – Brute Forcing DARKGATE Encodings DarkGate |
| 2023-06-23
⋅
Kroll
⋅
Deep Dive into GOOTLOADER Malware and Its Infection Chain GootLoader |
| 2023-02-13
⋅
Kroll
⋅
Royal Ransomware Deep Dive Cobalt Strike Royal Ransom |
| 2023-02-02
⋅
Kroll
⋅
Hive Ransomware Technical Analysis and Initial Access Discovery BATLOADER Cobalt Strike Hive |
| 2023-01-23
⋅
Kroll
⋅
Black Basta – Technical Analysis Black Basta Cobalt Strike MimiKatz QakBot SystemBC |
| 2022-12-13
⋅
Kroll
⋅
Threat Actors use Google Ads to Deploy VIDAR Stealer Vidar |
| 2022-06-02
⋅
Kroll
⋅
ModPipe POS Malware: New Hooking Targets Extract Card Data ModPipe |
| 2022-05-27
⋅
Kroll
⋅
Emotet Analysis: New LNKs in the Infection Chain – The Monitor, Issue 20 Emotet |
| 2022-04-18
⋅
RiskIQ
⋅
RiskIQ: Trickbot Rickroll TrickBot |
| 2022-03-22
⋅
Kroll
⋅
Analyzing Exmatter: A Ransomware Data Exfiltration Tool ExMatter |