Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-11-16MalwarebytesMalwarebytes Threat Intelligence Team
@online{team:20211116:trickbot:b624694, author = {Malwarebytes Threat Intelligence Team}, title = {{TrickBot helps Emotet come back from the dead}}, date = {2021-11-16}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2021/11/trickbot-helps-emotet-come-back-from-the-dead/}, language = {English}, urldate = {2021-11-17} } TrickBot helps Emotet come back from the dead
Emotet TrickBot
2021-11-15MalwarebytesJovi Umawing
@online{umawing:20211115:evasive:e1fb530, author = {Jovi Umawing}, title = {{Evasive maneuvers: HTML smuggling explained}}, date = {2021-11-15}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/explained/2021/11/evasive-maneuvers-html-smuggling-explained/}, language = {English}, urldate = {2021-11-17} } Evasive maneuvers: HTML smuggling explained
2021-11-12MalwarebytesHossein Jazi
@online{jazi:20211112:multistage:e70f6d0, author = {Hossein Jazi}, title = {{A multi-stage PowerShell based attack targets Kazakhstan}}, date = {2021-11-12}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2021/11/a-multi-stage-powershell-based-attack-targets-kazakhstan/}, language = {English}, urldate = {2021-11-17} } A multi-stage PowerShell based attack targets Kazakhstan
Cobalt Strike
2021-11-03MalwarebytesJérôme Segura
@online{segura:20211103:credit:ab7b79f, author = {Jérôme Segura}, title = {{Credit card skimmer evades Virtual Machines}}, date = {2021-11-03}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2021/11/credit-card-skimmer-evades-virtual-machines/}, language = {English}, urldate = {2021-11-08} } Credit card skimmer evades Virtual Machines
magecart
2021-10-21MalwarebytesPieter Arntz
@online{arntz:20211021:chrome:0f71e05, author = {Pieter Arntz}, title = {{Chrome targeted by Magnitude exploit kit}}, date = {2021-10-21}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/10/magnitude-ek-has-been-spotted-targeting-the-chrome-browser/}, language = {English}, urldate = {2021-10-26} } Chrome targeted by Magnitude exploit kit
2021-10-19MalwarebytesJérôme Segura
@online{segura:20211019:qlogger:4f23de5, author = {Jérôme Segura}, title = {{q-logger skimmer keeps Magecart attacks going}}, date = {2021-10-19}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2021/10/q-logger-skimmer-keeps-magecart-attacks-going/}, language = {English}, urldate = {2021-10-26} } q-logger skimmer keeps Magecart attacks going
magecart
2021-09-13MalwarebytesJérôme Segura
@online{segura:20210913:many:c651ab9, author = {Jérôme Segura}, title = {{The many tentacles of Magecart Group 8}}, date = {2021-09-13}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2021/09/the-many-tentacles-of-magecart-group-8/}, language = {English}, urldate = {2021-09-19} } The many tentacles of Magecart Group 8
magecart
2021-08-20MalwarebytesHossein Jazi
@online{jazi:20210820:new:2efd65e, author = {Hossein Jazi}, title = {{New variant of Konni malware used in campaign targetting Russia}}, date = {2021-08-20}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2021/08/new-variant-of-konni-malware-used-in-campaign-targetting-russia/}, language = {English}, urldate = {2021-08-25} } New variant of Konni malware used in campaign targetting Russia
Konni
2021-07-28MalwarebytesHossein Jazi
@online{jazi:20210728:crimea:02098e0, author = {Hossein Jazi}, title = {{Crimea “manifesto” deploys VBA Rat using double attack vectors}}, date = {2021-07-28}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2021/07/crimea-manifesto-deploys-vba-rat-using-double-attack-vectors/}, language = {English}, urldate = {2021-08-02} } Crimea “manifesto” deploys VBA Rat using double attack vectors
2021-07-26MalwarebytesThomas Reed
@online{reed:20210726:osxxloader:b3818a3, author = {Thomas Reed}, title = {{OSX.XLoader hides little except its main purpose: What we learned in the installation process}}, date = {2021-07-26}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/mac/2021/07/osx-xloader-hides-little-except-its-main-purpose-what-we-learned-in-the-installation-process/}, language = {English}, urldate = {2021-08-02} } OSX.XLoader hides little except its main purpose: What we learned in the installation process
Xloader
2021-07-23Malwarebyteshasherezade
@online{hasherezade:20210723:avoslocker:54f3a60, author = {hasherezade}, title = {{AvosLocker enters the ransomware scene, asks for partners}}, date = {2021-07-23}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2021/07/avoslocker-enters-the-ransomware-scene-asks-for-partners/}, language = {English}, urldate = {2021-07-26} } AvosLocker enters the ransomware scene, asks for partners
AvosLocker
2021-07-21MalwarebytesMalwarebytes
@online{malwarebytes:20210721:life:2751d60, author = {Malwarebytes}, title = {{The life and death of the ZeuS Trojan}}, date = {2021-07-21}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/101/2021/07/the-life-and-death-of-the-zeus-trojan/}, language = {English}, urldate = {2021-07-22} } The life and death of the ZeuS Trojan
Zeus
2021-07-19MalwarebytesErika Noerenberg
@online{noerenberg:20210719:remcos:fdf8bd6, author = {Erika Noerenberg}, title = {{Remcos RAT delivered via Visual Basic}}, date = {2021-07-19}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2021/07/remcos-rat-delivered-via-visual-basic/}, language = {English}, urldate = {2021-07-26} } Remcos RAT delivered via Visual Basic
Remcos
2021-07-16Twitter (@MBThreatIntel)Malwarebytes Threat Intelligence
@online{intelligence:20210716:magecart:3ba6f5b, author = {Malwarebytes Threat Intelligence}, title = {{Tweet on Magecart skimmer using steganography}}, date = {2021-07-16}, organization = {Twitter (@MBThreatIntel)}, url = {https://twitter.com/MBThreatIntel/status/1416101496022724609}, language = {English}, urldate = {2021-07-20} } Tweet on Magecart skimmer using steganography
magecart
2021-07-06Twitter (@MBThreatIntel)Malwarebytes Threat Intelligence
@online{intelligence:20210706:malspam:083ba5a, author = {Malwarebytes Threat Intelligence}, title = {{Tweet on a malspam campaign that is taking advantage of Kaseya VSA ransomware attack to drop CobaltStrike}}, date = {2021-07-06}, organization = {Twitter (@MBThreatIntel)}, url = {https://twitter.com/MBThreatIntel/status/1412518446013812737}, language = {English}, urldate = {2021-07-09} } Tweet on a malspam campaign that is taking advantage of Kaseya VSA ransomware attack to drop CobaltStrike
Cobalt Strike
2021-06-28MalwarebytesJérôme Segura
@online{segura:20210628:lil:e675ba5, author = {Jérôme Segura}, title = {{Lil' skimmer, the Magecart impersonator - Malwarebytes Labs}}, date = {2021-06-28}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/cybercrime/2021/06/lil-skimmer-the-magecart-impersonator/}, language = {English}, urldate = {2021-07-09} } Lil' skimmer, the Magecart impersonator - Malwarebytes Labs
magecart
2021-06-01MalwarebytesHossein Jazi
@online{jazi:20210601:kimsuky:922141b, author = {Hossein Jazi}, title = {{Kimsuky APT continues to target South Korean government using AppleSeed backdoor}}, date = {2021-06-01}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2021/06/kimsuky-apt-continues-to-target-south-korean-government-using-appleseed-backdoor/}, language = {English}, urldate = {2021-06-09} } Kimsuky APT continues to target South Korean government using AppleSeed backdoor
Appleseed
2021-05-28Twitter (@MBThreatIntel)Malwarebytes Threat Intelligence
@online{intelligence:20210528:web:bb73260, author = {Malwarebytes Threat Intelligence}, title = {{Tweet on web skimmer hiding JavaScript inside images for exfiltration}}, date = {2021-05-28}, organization = {Twitter (@MBThreatIntel)}, url = {https://twitter.com/MBThreatIntel/status/1398037002923110400?s=20}, language = {English}, urldate = {2021-06-09} } Tweet on web skimmer hiding JavaScript inside images for exfiltration
2021-05-13MalwarebytesJérôme Segura
@online{segura:20210513:newly:396ce52, author = {Jérôme Segura}, title = {{Newly observed PHP-based skimmer shows ongoing Magecart Group 12 activity}}, date = {2021-05-13}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/cybercrime/2021/05/newly-observed-php-based-skimmer-shows-ongoing-magecart-group-12-activity/}, language = {English}, urldate = {2021-05-17} } Newly observed PHP-based skimmer shows ongoing Magecart Group 12 activity
magecart
2021-04-19MalwarebytesHossein Jazi
@online{jazi:20210419:lazarus:dd2c372, author = {Hossein Jazi}, title = {{Lazarus APT conceals malicious code within BMP image to drop its RAT}}, date = {2021-04-19}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/malwarebytes-news/2021/04/lazarus-apt-conceals-malicious-code-within-bmp-file-to-drop-its-rat/}, language = {English}, urldate = {2021-06-25} } Lazarus APT conceals malicious code within BMP image to drop its RAT
BISTROMATH