Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-07-13Malwarebytes LabsRoberto Santos, Hossein Jazi
@online{santos:20220713:cobalt:5d47ba1, author = {Roberto Santos and Hossein Jazi}, title = {{Cobalt Strikes again: UAC-0056 continues to target Ukraine in its latest campaign}}, date = {2022-07-13}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/07/cobalt-strikes-again-uac-0056-continues-to-target-ukraine-in-its-latest-campaign/}, language = {English}, urldate = {2022-07-14} } Cobalt Strikes again: UAC-0056 continues to target Ukraine in its latest campaign
Cobalt Strike
2022-07-01Malwarebytes LabsChristopher Boyd
@online{boyd:20220701:astralocker:7ef70a2, author = {Christopher Boyd}, title = {{AstraLocker 2.0 ransomware isn’t going to give you your files back}}, date = {2022-07-01}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/ransomware/2022/07/astralocker-2-0-ransomware-isnt-going-to-give-you-your-files-back/}, language = {English}, urldate = {2022-07-05} } AstraLocker 2.0 ransomware isn’t going to give you your files back
AstraLocker
2022-06-21Malwarebytes LabsThreat Intelligence Team
@online{team:20220621:russias:a934a10, author = {Threat Intelligence Team}, title = {{Russia’s APT28 uses fear of nuclear war to spread Follina docs in Ukraine}}, date = {2022-06-21}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/06/russias-apt28-uses-fear-of-nuclear-war-to-spread-follina-docs-in-ukraine/}, language = {English}, urldate = {2022-06-22} } Russia’s APT28 uses fear of nuclear war to spread Follina docs in Ukraine
2022-06-08Malwarebytes LabsThreat Intelligence Team
@online{team:20220608:makemoney:a8f6163, author = {Threat Intelligence Team}, title = {{MakeMoney malvertising campaign adds fake update template}}, date = {2022-06-08}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/06/makemoney-malvertising-campaign-adds-fake-update-template/}, language = {English}, urldate = {2022-06-15} } MakeMoney malvertising campaign adds fake update template
FAKEUPDATES
2022-05-16Malwarebytes LabsThreat Intelligence Team
@online{team:20220516:custom:5fe917a, author = {Threat Intelligence Team}, title = {{Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis}}, date = {2022-05-16}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/05/custom-powershell-rat-targets-germans-seeking-information-about-the-ukraine-crisis/}, language = {English}, urldate = {2022-05-17} } Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis
Unidentified PS 003 (RAT)
2022-05-10Malwarebytes LabsThreat Intelligence Team
@online{team:20220510:apt34:b733b84, author = {Threat Intelligence Team}, title = {{APT34 targets Jordan Government using new Saitama backdoor}}, date = {2022-05-10}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/05/apt34-targets-jordan-government-using-new-saitama-backdoor/}, language = {English}, urldate = {2022-05-13} } APT34 targets Jordan Government using new Saitama backdoor
Saitama Backdoor
2022-05-05Malwarebytes LabsThreat Intelligence Team
@online{team:20220505:nigerian:4c047d9, author = {Threat Intelligence Team}, title = {{Nigerian Tesla: 419 scammer gone malware distributor unmasked}}, date = {2022-05-05}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/05/nigerian-tesla-419-scammer-gone-malware-distributor-unmasked/}, language = {English}, urldate = {2022-05-08} } Nigerian Tesla: 419 scammer gone malware distributor unmasked
Agent Tesla
2022-04-05Malwarebytes LabsAnkur Saini, Hossein Jazi, Jérôme Segura
@online{saini:20220405:colibri:ee97c2e, author = {Ankur Saini and Hossein Jazi and Jérôme Segura}, title = {{Colibri Loader combines Task Scheduler and PowerShell in clever persistence technique}}, date = {2022-04-05}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/04/colibri-loader-combines-task-scheduler-and-powershell-in-clever-persistence-technique/}, language = {English}, urldate = {2022-06-09} } Colibri Loader combines Task Scheduler and PowerShell in clever persistence technique
Colibri Loader Mars Stealer
2022-03-29Malwarebytes LabsHossein Jazi
@online{jazi:20220329:new:21f3605, author = {Hossein Jazi}, title = {{New spear phishing campaign targets Russian dissidents}}, date = {2022-03-29}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/03/new-spear-phishing-campaign-targets-russian-dissidents/}, language = {English}, urldate = {2022-03-31} } New spear phishing campaign targets Russian dissidents
Unidentified PS 002 (RAT) Cobalt Strike
2022-01-27Malwarebytes LabsAnkur Saini, Hossein Jazi
@online{saini:20220127:north:463e590, author = {Ankur Saini and Hossein Jazi}, title = {{North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign}}, date = {2022-01-27}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/01/north-koreas-lazarus-apt-leverages-windows-update-client-github-in-latest-campaign/}, language = {English}, urldate = {2022-04-07} } North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign
2021-07-16Malwarebytes LabsJérôme Segura
@online{segura:20210716:vidar:372aace, author = {Jérôme Segura}, title = {{Vidar and GandCrab: stealer and ransomware combo observed in the wild}}, date = {2021-07-16}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-analysis/2019/01/vidar-gandcrab-stealer-and-ransomware-combo-observed-in-the-wild/}, language = {English}, urldate = {2022-04-12} } Vidar and GandCrab: stealer and ransomware combo observed in the wild
Gandcrab Vidar
2021-06-28MalwarebytesJérôme Segura
@online{segura:20210628:lil:e675ba5, author = {Jérôme Segura}, title = {{Lil' skimmer, the Magecart impersonator - Malwarebytes Labs}}, date = {2021-06-28}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/cybercrime/2021/06/lil-skimmer-the-magecart-impersonator/}, language = {English}, urldate = {2021-07-09} } Lil' skimmer, the Magecart impersonator - Malwarebytes Labs
magecart
2021-03-25MalwarebytesMalwarebytes Labs
@online{labs:20210325:perkiler:3733a75, author = {Malwarebytes Labs}, title = {{Perkiler malware turns to SMB brute force to spread}}, date = {2021-03-25}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/trojans/2021/03/perkiler-malware-turns-to-smb-brute-force-to-spread/}, language = {English}, urldate = {2021-03-30} } Perkiler malware turns to SMB brute force to spread
PurpleFox
2020-10-12Malwarebytes LabsRoberto Santos, Hossein Jazi, Jérôme Segura, Malwarebytes Threat Intelligence Team
@techreport{santos:20201012:winnti:597eacc, author = {Roberto Santos and Hossein Jazi and Jérôme Segura and Malwarebytes Threat Intelligence Team}, title = {{Winnti APT group docks in Sri Lanka for new campaign}}, date = {2020-10-12}, institution = {Malwarebytes Labs}, url = {https://www.malwarebytes.com/blog/threat-intelligence/2022/winnti-apt-group-docks-in-sri-lanka-for-new-campaign-final.pdf}, language = {English}, urldate = {2022-11-18} } Winnti APT group docks in Sri Lanka for new campaign
DBoxAgent SerialVlogger Winnti
2020-07-21Malwarebytes LabsHossein Jazi, Jérôme Segura
@online{jazi:20200721:chinese:1cac516, author = {Hossein Jazi and Jérôme Segura}, title = {{Chinese APT group targets India and Hong Kong using new variant of MgBot malware}}, date = {2020-07-21}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-analysis/2020/07/chinese-apt-group-targets-india-and-hong-kong-using-new-variant-of-mgbot-malware}, language = {English}, urldate = {2022-07-25} } Chinese APT group targets India and Hong Kong using new variant of MgBot malware
MgBot BRONZE HIGHLAND
2020-05-21MalwarebytesMalwarebytes Labs
@techreport{labs:20200521:cybercrime:d38d2da, author = {Malwarebytes Labs}, title = {{Cybercrime tactics and techniques}}, date = {2020-05-21}, institution = {Malwarebytes}, url = {https://resources.malwarebytes.com/files/2020/05/CTNT_Q1_2020_COVID-Report_Final.pdf}, language = {English}, urldate = {2020-06-03} } Cybercrime tactics and techniques
Ave Maria Azorult DanaBot Loki Password Stealer (PWS) NetWire RC
2019-04-09MalwarebytesMalwarebytes Labs
@online{labs:20190409:say:9be09c3, author = {Malwarebytes Labs}, title = {{Say hello to Baldr, a new stealer on the market}}, date = {2019-04-09}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2019/04/say-hello-baldr-new-stealer-market/}, language = {English}, urldate = {2019-12-20} } Say hello to Baldr, a new stealer on the market
Baldr
2019MalwarebytesMalwarebytes Labs
@online{labs:2019:ransommegacortex:5d35576, author = {Malwarebytes Labs}, title = {{Ransom.Megacortex}}, date = {2019}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/detections/ransom-megacortex/}, language = {English}, urldate = {2020-01-10} } Ransom.Megacortex
MegaCortex
2018-07-16Malwarebytes Labshasherezade, Jérôme Segura
@online{hasherezade:20180716:magniber:60ffbb3, author = {hasherezade and Jérôme Segura}, title = {{Magniber ransomware improves, expands within Asia}}, date = {2018-07-16}, organization = {Malwarebytes Labs}, url = {https://www.malwarebytes.com/blog/news/2018/07/magniber-ransomware-improves-expands-within-asia}, language = {English}, urldate = {2023-09-12} } Magniber ransomware improves, expands within Asia
Magniber
2018-04-10Malwarebytes LabsJérôme Segura
@online{segura:20180410:fakeupdates:1a86e1d, author = {Jérôme Segura}, title = {{‘FakeUpdates’ campaign leverages multiple website platforms}}, date = {2018-04-10}, organization = {Malwarebytes Labs}, url = {https://blog.malwarebytes.com/threat-analysis/2018/04/fakeupdates-campaign-leverages-multiple-website-platforms/}, language = {English}, urldate = {2022-05-04} } ‘FakeUpdates’ campaign leverages multiple website platforms
FAKEUPDATES