Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-04-06MalwarebytesHossein Jazi
@online{jazi:20210406:aurora:af2fbd7, author = {Hossein Jazi}, title = {{Aurora campaign: Attacking Azerbaijan using multiple RATs}}, date = {2021-04-06}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2021/04/aurora-campaign-attacking-azerbaijan-using-multiple-rats/}, language = {English}, urldate = {2021-04-09} } Aurora campaign: Attacking Azerbaijan using multiple RATs
2021-04-06MalwarebytesThreat Intelligence Team
@online{team:20210406:deep:6279974, author = {Threat Intelligence Team}, title = {{A deep dive into Saint Bot, a new downloader}}, date = {2021-04-06}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2021/04/a-deep-dive-into-saint-bot-downloader/}, language = {English}, urldate = {2021-04-12} } A deep dive into Saint Bot, a new downloader
Saint Bot
2021-03-25MalwarebytesMalwarebytes Labs
@online{labs:20210325:perkiler:3733a75, author = {Malwarebytes Labs}, title = {{Perkiler malware turns to SMB brute force to spread}}, date = {2021-03-25}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/trojans/2021/03/perkiler-malware-turns-to-smb-brute-force-to-spread/}, language = {English}, urldate = {2021-03-30} } Perkiler malware turns to SMB brute force to spread
win.purplefox
2021-03-24MalwarebytesThreat Intelligence Team
@online{team:20210324:software:f896085, author = {Threat Intelligence Team}, title = {{Software renewal scammers unmasked}}, date = {2021-03-24}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/cybercrime/2021/03/software-renewal-scammers-unmasked/}, language = {English}, urldate = {2021-03-25} } Software renewal scammers unmasked
2021-03-18MalwarebytesJovi Umawing
@online{umawing:20210318:hellokitty:1527547, author = {Jovi Umawing}, title = {{HelloKitty: When Cyberpunk met cy-purr-crime}}, date = {2021-03-18}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-spotlight/2021/03/hellokitty-when-cyberpunk-met-cy-purr-crime/}, language = {English}, urldate = {2021-03-19} } HelloKitty: When Cyberpunk met cy-purr-crime
HelloKitty
2021-03-09MalwarebytesPieter Arntz
@online{arntz:20210309:microsoft:9f7d246, author = {Pieter Arntz}, title = {{Microsoft Exchange attacks cause panic as criminals go shell collecting}}, date = {2021-03-09}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/malwarebytes-news/2021/03/microsoft-exchange-attacks-cause-panic-as-criminals-go-shell-collecting/}, language = {English}, urldate = {2021-03-11} } Microsoft Exchange attacks cause panic as criminals go shell collecting
2021-03-05MalwarebytesHossein Jazi
@online{jazi:20210305:new:eb1e365, author = {Hossein Jazi}, title = {{New steganography attack targets Azerbaijan}}, date = {2021-03-05}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2021/03/new-steganography-attack-targets-azerbaijan/}, language = {English}, urldate = {2021-03-22} } New steganography attack targets Azerbaijan
2021-02-24MalwarebytesHossein Jazi
@techreport{jazi:20210224:lazyscripter:433f4bc, author = {Hossein Jazi}, title = {{LazyScripter: From Empire to double RAT}}, date = {2021-02-24}, institution = {Malwarebytes}, url = {https://resources.malwarebytes.com/files/2021/02/LazyScripter.pdf}, language = {English}, urldate = {2021-02-25} } LazyScripter: From Empire to double RAT
Octopus Koadic
2021-02-12MalwarebytesThreat Intelligence Team
@online{team:20210212:malvertising:6f4c197, author = {Threat Intelligence Team}, title = {{Malvertising campaign on PornHub and other top adult brands exposes users to tech support scams}}, date = {2021-02-12}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/cybercrime/2021/02/malvertising-campaign-on-top-adult-brands-exposes-users-to-tech-support-scams/}, language = {English}, urldate = {2021-02-18} } Malvertising campaign on PornHub and other top adult brands exposes users to tech support scams
2021-02-02MalwarebytesJérôme Segura
@online{segura:20210202:credit:e2ea3ca, author = {Jérôme Segura}, title = {{Credit card skimmer piggybacks on Magento 1 hacking spree}}, date = {2021-02-02}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/cybercrime/2021/02/credit-card-skimmer-piggybacks-on-magento-1-hacking-spree/}, language = {English}, urldate = {2021-02-04} } Credit card skimmer piggybacks on Magento 1 hacking spree
2021-01-29MalwarebytesThreat Intelligence Team
@online{team:20210129:cleaning:489c8b3, author = {Threat Intelligence Team}, title = {{Cleaning up after Emotet: the law enforcement file}}, date = {2021-01-29}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2021/01/cleaning-up-after-emotet-the-law-enforcement-file/}, language = {English}, urldate = {2021-02-02} } Cleaning up after Emotet: the law enforcement file
Emotet
2021-01-19MalwarebytesMarcin Kleczynski
@online{kleczynski:20210119:malwarebytes:2fe3d7d, author = {Marcin Kleczynski}, title = {{Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments}}, date = {2021-01-19}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/}, language = {English}, urldate = {2021-01-21} } Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments
2021-01-06MalwarebytesHossein Jazi
@online{jazi:20210106:retrohunting:65f1492, author = {Hossein Jazi}, title = {{Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat}}, date = {2021-01-06}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2021/01/retrohunting-apt37-north-korean-apt-used-vba-self-decode-technique-to-inject-rokrat/}, language = {English}, urldate = {2021-01-11} } Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat
RokRAT
2020-12-15MalwarebytesPieter Arntz
@online{arntz:20201215:threat:8286d80, author = {Pieter Arntz}, title = {{Threat profile: Egregor ransomware is making a name for itself}}, date = {2020-12-15}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/ransomware/2020/12/threat-profile-egregor-ransomware-is-making-a-name-for-itself/}, language = {English}, urldate = {2021-01-11} } Threat profile: Egregor ransomware is making a name for itself
Egregor
2020-11-30Malwarebyteshasherezade, Jérôme Segura
@online{hasherezade:20201130:german:72b40c6, author = {hasherezade and Jérôme Segura}, title = {{German users targeted with Gootkit banker or REvil ransomware}}, date = {2020-11-30}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2020/11/german-users-targeted-with-gootkit-banker-or-revil-ransomware/}, language = {English}, urldate = {2020-12-03} } German users targeted with Gootkit banker or REvil ransomware
GootKit REvil
2020-11-16MalwarebytesThreat Intelligence Team
@online{team:20201116:malsmoke:0cddf67, author = {Threat Intelligence Team}, title = {{Malsmoke operators abandon exploit kits in favor of social engineering scheme}}, date = {2020-11-16}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2020/11/malsmoke-operators-abandon-exploit-kits-in-favor-of-social-engineering-scheme/}, language = {English}, urldate = {2020-11-18} } Malsmoke operators abandon exploit kits in favor of social engineering scheme
Zloader
2020-10-28MalwarebytesJérôme Segura, Hossein Jazi, hasherezade, Marcelo Rivero
@online{segura:20201028:fake:b7a76ac, author = {Jérôme Segura and Hossein Jazi and hasherezade and Marcelo Rivero}, title = {{Fake COVID-19 survey hides ransomware in Canadian university attack}}, date = {2020-10-28}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/cybercrime/2020/10/fake-covid-19-survey-hides-ransomware-in-canadian-university-attack/}, language = {English}, urldate = {2020-10-29} } Fake COVID-19 survey hides ransomware in Canadian university attack
Vaggen
2020-10-14MalwarebytesThreat Intelligence Team
@online{team:20201014:silent:8149a1d, author = {Threat Intelligence Team}, title = {{Silent Librarian APT right on schedule for 20/21 academic year}}, date = {2020-10-14}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/malwarebytes-news/2020/10/silent-librarian-apt-phishing-attack/}, language = {English}, urldate = {2020-10-23} } Silent Librarian APT right on schedule for 20/21 academic year
2020-10-08MalwarebytesThreat Intelligence Team
@online{team:20201008:credit:5e7e0b3, author = {Threat Intelligence Team}, title = {{Credit card skimmer targets virtual conference platform}}, date = {2020-10-08}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/malwarebytes-news/2020/10/credit-card-skimmer-targets-virtual-conference-platform/}, language = {English}, urldate = {2020-10-12} } Credit card skimmer targets virtual conference platform
2020-10-06MalwarebytesHossein Jazi, Jérôme Segura
@online{jazi:20201006:release:11f16dc, author = {Hossein Jazi and Jérôme Segura}, title = {{Release the Kraken: Fileless APT attack abuses Windows Error Reporting service}}, date = {2020-10-06}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/malwarebytes-news/2020/10/kraken-attack-abuses-wer-service}, language = {English}, urldate = {2020-10-08} } Release the Kraken: Fileless APT attack abuses Windows Error Reporting service