Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-05-16Malwarebytes LabsThreat Intelligence Team
@online{team:20220516:custom:5fe917a, author = {Threat Intelligence Team}, title = {{Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis}}, date = {2022-05-16}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/05/custom-powershell-rat-targets-germans-seeking-information-about-the-ukraine-crisis/}, language = {English}, urldate = {2022-05-17} } Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis
Unidentified PS 003 (RAT)
2022-05-10Malwarebytes LabsThreat Intelligence Team
@online{team:20220510:apt34:b733b84, author = {Threat Intelligence Team}, title = {{APT34 targets Jordan Government using new Saitama backdoor}}, date = {2022-05-10}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/05/apt34-targets-jordan-government-using-new-saitama-backdoor/}, language = {English}, urldate = {2022-05-13} } APT34 targets Jordan Government using new Saitama backdoor
Saitama Backdoor
2022-05-05Malwarebytes LabsThreat Intelligence Team
@online{team:20220505:nigerian:4c047d9, author = {Threat Intelligence Team}, title = {{Nigerian Tesla: 419 scammer gone malware distributor unmasked}}, date = {2022-05-05}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/05/nigerian-tesla-419-scammer-gone-malware-distributor-unmasked/}, language = {English}, urldate = {2022-05-08} } Nigerian Tesla: 419 scammer gone malware distributor unmasked
Agent Tesla
2022-04-05Malwarebytes LabsAnkur Saini, Hossein Jazi, Jérôme Segura
@online{saini:20220405:colibri:ee97c2e, author = {Ankur Saini and Hossein Jazi and Jérôme Segura}, title = {{Colibri Loader combines Task Scheduler and PowerShell in clever persistence technique}}, date = {2022-04-05}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/04/colibri-loader-combines-task-scheduler-and-powershell-in-clever-persistence-technique/}, language = {English}, urldate = {2022-04-07} } Colibri Loader combines Task Scheduler and PowerShell in clever persistence technique
Colibri Loader Vidar
2022-04-01MalwarebytesAnkur Saini, Roberto Santos, Hossein Jazi
@online{saini:20220401:new:273cbe0, author = {Ankur Saini and Roberto Santos and Hossein Jazi}, title = {{New UAC-0056 activity: There’s a Go Elephant in the room}}, date = {2022-04-01}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/04/new-uac-0056-activity-theres-a-go-elephant-in-the-room/}, language = {English}, urldate = {2022-04-05} } New UAC-0056 activity: There’s a Go Elephant in the room
GrimPlant SaintBear
2022-03-29Malwarebytes LabsHossein Jazi
@online{jazi:20220329:new:21f3605, author = {Hossein Jazi}, title = {{New spear phishing campaign targets Russian dissidents}}, date = {2022-03-29}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/03/new-spear-phishing-campaign-targets-russian-dissidents/}, language = {English}, urldate = {2022-03-31} } New spear phishing campaign targets Russian dissidents
Unidentified PS 002 (RAT) Cobalt Strike
2022-03-18MalwarebytesThreat Intelligence Team
@online{team:20220318:double:fde615f, author = {Threat Intelligence Team}, title = {{Double header: IsaacWiper and CaddyWiper}}, date = {2022-03-18}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/03/double-header-isaacwiper-and-caddywiper/}, language = {English}, urldate = {2022-03-28} } Double header: IsaacWiper and CaddyWiper
CaddyWiper IsaacWiper
2022-03-04MalwarebytesMalwarebytes Threat Intelligence
@online{intelligence:20220304:hermeticwiper:ba69b2a, author = {Malwarebytes Threat Intelligence}, title = {{HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine}}, date = {2022-03-04}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/03/hermeticwiper-a-detailed-analysis-of-the-destructive-malware-that-targeted-ukraine/}, language = {English}, urldate = {2022-03-04} } HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine
HermeticWiper
2022-01-27Malwarebytes LabsAnkur Saini, Hossein Jazi
@online{saini:20220127:north:463e590, author = {Ankur Saini and Hossein Jazi}, title = {{North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign}}, date = {2022-01-27}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/01/north-koreas-lazarus-apt-leverages-windows-update-client-github-in-latest-campaign/}, language = {English}, urldate = {2022-04-07} } North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign
2022-01-26MalwarebytesRoberto Santos
@online{santos:20220126:konni:589b447, author = {Roberto Santos}, title = {{KONNI evolves into stealthier RAT}}, date = {2022-01-26}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/01/konni-evolves-into-stealthier-rat/}, language = {English}, urldate = {2022-01-31} } KONNI evolves into stealthier RAT
Konni
2022-01-07MalwarebytesThreat Intelligence Team
@online{team:20220107:patchwork:84dabfb, author = {Threat Intelligence Team}, title = {{Patchwork APT caught in its own web}}, date = {2022-01-07}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/}, language = {English}, urldate = {2022-01-25} } Patchwork APT caught in its own web
BadNews
2021-12-02MalwarebytesHossein Jazi, Threat Intelligence Team
@online{jazi:20211202:sidecopy:9e7363c, author = {Hossein Jazi and Threat Intelligence Team}, title = {{SideCopy APT: Connecting lures to victims, payloads to infrastructure}}, date = {2021-12-02}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2021/12/sidecopy-apt-connecting-lures-to-victims-payloads-to-infrastructure/}, language = {English}, urldate = {2021-12-06} } SideCopy APT: Connecting lures to victims, payloads to infrastructure
SideCopy
2021-11-16MalwarebytesMalwarebytes Threat Intelligence Team
@online{team:20211116:trickbot:b624694, author = {Malwarebytes Threat Intelligence Team}, title = {{TrickBot helps Emotet come back from the dead}}, date = {2021-11-16}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2021/11/trickbot-helps-emotet-come-back-from-the-dead/}, language = {English}, urldate = {2021-11-17} } TrickBot helps Emotet come back from the dead
Emotet TrickBot
2021-11-15MalwarebytesJovi Umawing
@online{umawing:20211115:evasive:e1fb530, author = {Jovi Umawing}, title = {{Evasive maneuvers: HTML smuggling explained}}, date = {2021-11-15}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/explained/2021/11/evasive-maneuvers-html-smuggling-explained/}, language = {English}, urldate = {2021-11-17} } Evasive maneuvers: HTML smuggling explained
2021-11-12MalwarebytesHossein Jazi
@online{jazi:20211112:multistage:e70f6d0, author = {Hossein Jazi}, title = {{A multi-stage PowerShell based attack targets Kazakhstan}}, date = {2021-11-12}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2021/11/a-multi-stage-powershell-based-attack-targets-kazakhstan/}, language = {English}, urldate = {2021-11-17} } A multi-stage PowerShell based attack targets Kazakhstan
Cobalt Strike
2021-11-03MalwarebytesJérôme Segura
@online{segura:20211103:credit:ab7b79f, author = {Jérôme Segura}, title = {{Credit card skimmer evades Virtual Machines}}, date = {2021-11-03}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2021/11/credit-card-skimmer-evades-virtual-machines/}, language = {English}, urldate = {2021-11-08} } Credit card skimmer evades Virtual Machines
magecart
2021-10-21MalwarebytesPieter Arntz
@online{arntz:20211021:chrome:0f71e05, author = {Pieter Arntz}, title = {{Chrome targeted by Magnitude exploit kit}}, date = {2021-10-21}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/10/magnitude-ek-has-been-spotted-targeting-the-chrome-browser/}, language = {English}, urldate = {2021-10-26} } Chrome targeted by Magnitude exploit kit
2021-10-19MalwarebytesJérôme Segura
@online{segura:20211019:qlogger:4f23de5, author = {Jérôme Segura}, title = {{q-logger skimmer keeps Magecart attacks going}}, date = {2021-10-19}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2021/10/q-logger-skimmer-keeps-magecart-attacks-going/}, language = {English}, urldate = {2021-10-26} } q-logger skimmer keeps Magecart attacks going
magecart
2021-09-13MalwarebytesJérôme Segura
@online{segura:20210913:many:c651ab9, author = {Jérôme Segura}, title = {{The many tentacles of Magecart Group 8}}, date = {2021-09-13}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2021/09/the-many-tentacles-of-magecart-group-8/}, language = {English}, urldate = {2021-09-19} } The many tentacles of Magecart Group 8
magecart
2021-08-20MalwarebytesHossein Jazi
@online{jazi:20210820:new:2efd65e, author = {Hossein Jazi}, title = {{New variant of Konni malware used in campaign targetting Russia}}, date = {2021-08-20}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2021/08/new-variant-of-konni-malware-used-in-campaign-targetting-russia/}, language = {English}, urldate = {2021-08-25} } New variant of Konni malware used in campaign targetting Russia
Konni