Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-11-30Malwarebyteshasherezade, Jérôme Segura
@online{hasherezade:20201130:german:72b40c6, author = {hasherezade and Jérôme Segura}, title = {{German users targeted with Gootkit banker or REvil ransomware}}, date = {2020-11-30}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2020/11/german-users-targeted-with-gootkit-banker-or-revil-ransomware/}, language = {English}, urldate = {2020-12-03} } German users targeted with Gootkit banker or REvil ransomware
GootKit REvil
2020-11-16MalwarebytesThreat Intelligence Team
@online{team:20201116:malsmoke:0cddf67, author = {Threat Intelligence Team}, title = {{Malsmoke operators abandon exploit kits in favor of social engineering scheme}}, date = {2020-11-16}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2020/11/malsmoke-operators-abandon-exploit-kits-in-favor-of-social-engineering-scheme/}, language = {English}, urldate = {2020-11-18} } Malsmoke operators abandon exploit kits in favor of social engineering scheme
Zloader
2020-10-28MalwarebytesJérôme Segura, Hossein Jazi, hasherezade, Marcelo Rivero
@online{segura:20201028:fake:b7a76ac, author = {Jérôme Segura and Hossein Jazi and hasherezade and Marcelo Rivero}, title = {{Fake COVID-19 survey hides ransomware in Canadian university attack}}, date = {2020-10-28}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/cybercrime/2020/10/fake-covid-19-survey-hides-ransomware-in-canadian-university-attack/}, language = {English}, urldate = {2020-10-29} } Fake COVID-19 survey hides ransomware in Canadian university attack
Vaggen
2020-10-14MalwarebytesThreat Intelligence Team
@online{team:20201014:silent:8149a1d, author = {Threat Intelligence Team}, title = {{Silent Librarian APT right on schedule for 20/21 academic year}}, date = {2020-10-14}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/malwarebytes-news/2020/10/silent-librarian-apt-phishing-attack/}, language = {English}, urldate = {2020-10-23} } Silent Librarian APT right on schedule for 20/21 academic year
2020-10-08MalwarebytesThreat Intelligence Team
@online{team:20201008:credit:5e7e0b3, author = {Threat Intelligence Team}, title = {{Credit card skimmer targets virtual conference platform}}, date = {2020-10-08}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/malwarebytes-news/2020/10/credit-card-skimmer-targets-virtual-conference-platform/}, language = {English}, urldate = {2020-10-12} } Credit card skimmer targets virtual conference platform
2020-10-06MalwarebytesHossein Jazi, Jérôme Segura
@online{jazi:20201006:release:11f16dc, author = {Hossein Jazi and Jérôme Segura}, title = {{Release the Kraken: Fileless APT attack abuses Windows Error Reporting service}}, date = {2020-10-06}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/malwarebytes-news/2020/10/kraken-attack-abuses-wer-service}, language = {English}, urldate = {2020-10-08} } Release the Kraken: Fileless APT attack abuses Windows Error Reporting service
2020-09-09MalwarebytesThreat Intelligence Team
@online{team:20200909:malvertising:ed1c3b8, author = {Threat Intelligence Team}, title = {{Malvertising campaigns come back in full swing}}, date = {2020-09-09}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/social-engineering/2020/09/malvertising-campaigns-come-back-in-full-swing/}, language = {English}, urldate = {2020-09-15} } Malvertising campaigns come back in full swing
Raccoon SmokeLoader
2020-09-01MalwarebytesJérôme Segura
@online{segura:20200901:new:e31a075, author = {Jérôme Segura}, title = {{New web skimmer steals credit card data, sends to crooks via Telegram}}, date = {2020-09-01}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/web-threats/2020/09/web-skimmer-steals-credit-card-data-via-telegram/}, language = {English}, urldate = {2020-09-03} } New web skimmer steals credit card data, sends to crooks via Telegram
2020-08-13MalwarebytesPieter Arntz
@online{arntz:20200813:chrome:2120054, author = {Pieter Arntz}, title = {{Chrome extensions that lie about their permissions}}, date = {2020-08-13}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/puppum/2020/08/chrome-extensions-that-lie-about-their-permissions/}, language = {English}, urldate = {2020-08-14} } Chrome extensions that lie about their permissions
2020-08-10MalwarebytesJérôme Segura
@online{segura:20200810:sba:afdfd32, author = {Jérôme Segura}, title = {{SBA phishing scams: from malware to advanced social engineering}}, date = {2020-08-10}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/scams/2020/08/sba-phishing-scams-from-malware-to-advanced-social-engineering/}, language = {English}, urldate = {2020-08-12} } SBA phishing scams: from malware to advanced social engineering
CloudEyE
2020-07-21MalwarebytesHossein Jazi, Jérôme Segura
@online{jazi:20200721:chinese:da6a239, author = {Hossein Jazi and Jérôme Segura}, title = {{Chinese APT group targets India and Hong Kong using new variant of MgBot malware}}, date = {2020-07-21}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2020/07/chinese-apt-group-targets-india-and-hong-kong-using-new-variant-of-mgbot-malware/}, language = {English}, urldate = {2020-07-22} } Chinese APT group targets India and Hong Kong using new variant of MgBot malware
KSREMOTE Cobalt Strike MgBot
2020-07-10MalwarebytesPieter Arntz
@online{arntz:20200710:threat:f64cac0, author = {Pieter Arntz}, title = {{Threat spotlight: WastedLocker, customized ransomware}}, date = {2020-07-10}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-spotlight/2020/07/threat-spotlight-wastedlocker-customized-ransomware/}, language = {English}, urldate = {2020-07-15} } Threat spotlight: WastedLocker, customized ransomware
WastedLocker
2020-06-25MalwarebytesJérôme Segura
@online{segura:20200625:web:2b712b2, author = {Jérôme Segura}, title = {{Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files}}, date = {2020-06-25}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2020/06/web-skimmer-hides-within-exif-metadata-exfiltrates-credit-cards-via-image-files/}, language = {English}, urldate = {2020-06-29} } Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files
magecart
2020-06-17MalwarebytesHossein Jazi, Jérôme Segura
@online{jazi:20200617:multistage:6358f3f, author = {Hossein Jazi and Jérôme Segura}, title = {{Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature}}, date = {2020-06-17}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2020/06/multi-stage-apt-attack-drops-cobalt-strike-using-malleable-c2-feature/}, language = {English}, urldate = {2020-06-19} } Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature
Cobalt Strike
2020-06-09MalwarebytesThreat Intelligence Team
@online{team:20200609:honda:a44da80, author = {Threat Intelligence Team}, title = {{Honda and Enel impacted by cyber attack suspected to be ransomware}}, date = {2020-06-09}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2020/06/honda-and-enel-impacted-by-cyber-attack-suspected-to-be-ransomware/}, language = {English}, urldate = {2020-06-10} } Honda and Enel impacted by cyber attack suspected to be ransomware
Snake Ransomware
2020-06-03MalwarebytesHossein Jazi, Jérôme Segura
@online{jazi:20200603:new:96bf302, author = {Hossein Jazi and Jérôme Segura}, title = {{New LNK attack tied to Higaisa APT discovered}}, date = {2020-06-03}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2020/06/higaisa/}, language = {English}, urldate = {2020-06-05} } New LNK attack tied to Higaisa APT discovered
Higaisa
2020-05-21Malwarebyteshasherezade, prsecurity
@techreport{hasherezade:20200521:silent:95b5ce7, author = {hasherezade and prsecurity}, title = {{The “Silent Night” Zloader/Zbot}}, date = {2020-05-21}, institution = {Malwarebytes}, url = {https://resources.malwarebytes.com/files/2020/05/The-Silent-Night-Zloader-Zbot_Final.pdf}, language = {English}, urldate = {2020-05-23} } The “Silent Night” Zloader/Zbot
Zloader
2020-05-21MalwarebytesMalwarebytes Labs
@techreport{labs:20200521:cybercrime:d38d2da, author = {Malwarebytes Labs}, title = {{Cybercrime tactics and techniques}}, date = {2020-05-21}, institution = {Malwarebytes}, url = {https://resources.malwarebytes.com/files/2020/05/CTNT_Q1_2020_COVID-Report_Final.pdf}, language = {English}, urldate = {2020-06-03} } Cybercrime tactics and techniques
Ave Maria Azorult DanaBot Loki Password Stealer (PWS) NetWire RC
2020-05-06MalwarebytesHossein Jazi, Thomas Reed, Jérôme Segura
@online{jazi:20200506:new:7723083, author = {Hossein Jazi and Thomas Reed and Jérôme Segura}, title = {{New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app}}, date = {2020-05-06}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2020/05/new-mac-variant-of-lazarus-dacls-rat-distributed-via-trojanized-2fa-app/}, language = {English}, urldate = {2020-05-07} } New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app
Dacls
2020-04-16MalwarebytesHossein Jazi
@online{jazi:20200416:new:6b7cb7a, author = {Hossein Jazi}, title = {{New AgentTesla variant steals WiFi credentials}}, date = {2020-04-16}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/cybercrime/2020/04/new-agenttesla-variant-steals-wifi-credentials/}, language = {English}, urldate = {2020-04-16} } New AgentTesla variant steals WiFi credentials
Agent Tesla