Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-10-19ProofpointZydeca Cass, Axel F, Crista Giering, Matthew Mesa, Georgi Mladenov, Brandon Murphy
@online{cass:20211019:whatta:4d969e1, author = {Zydeca Cass and Axel F and Crista Giering and Matthew Mesa and Georgi Mladenov and Brandon Murphy}, title = {{Whatta TA: TA505 Ramps Up Activity, Delivers New FlawedGrace Variant}}, date = {2021-10-19}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/whatta-ta-ta505-ramps-activity-delivers-new-flawedgrace-variant}, language = {English}, urldate = {2021-10-24} } Whatta TA: TA505 Ramps Up Activity, Delivers New FlawedGrace Variant
FlawedGrace MirrorBlast
2021-06-24ProofpointDennis Schwarz, Matthew Mesa, Crista Giering
@online{schwarz:20210624:jssloader:ab99f14, author = {Dennis Schwarz and Matthew Mesa and Crista Giering}, title = {{JSSLoader: Recoded and Reloaded}}, date = {2021-06-24}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/jssloader-recoded-and-reloaded}, language = {English}, urldate = {2021-06-25} } JSSLoader: Recoded and Reloaded
JSSLoader
2021-03-10ProofpointDennis Schwarz, Matthew Mesa, Proofpoint Threat Research Team
@online{schwarz:20210310:nimzaloader:f6960d4, author = {Dennis Schwarz and Matthew Mesa and Proofpoint Threat Research Team}, title = {{NimzaLoader: TA800’s New Initial Access Malware}}, date = {2021-03-10}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/nimzaloader-ta800s-new-initial-access-malware}, language = {English}, urldate = {2021-03-12} } NimzaLoader: TA800’s New Initial Access Malware
BazarNimrod Cobalt Strike
2020-05-20ProofpointDennis Schwarz, Matthew Mesa, Proofpoint Threat Research Team
@online{schwarz:20200520:zloader:e3c523e, author = {Dennis Schwarz and Matthew Mesa and Proofpoint Threat Research Team}, title = {{ZLoader Loads Again: New ZLoader Variant Returns}}, date = {2020-05-20}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/zloader-loads-again-new-zloader-variant-returns}, language = {English}, urldate = {2020-05-23} } ZLoader Loads Again: New ZLoader Variant Returns
Zloader
2019-10-16ProofpointDennis Schwarz, Kafeine, Matthew Mesa, Axel F, Proofpoint Threat Insight Team
@online{schwarz:20191016:ta505:9d7155a, author = {Dennis Schwarz and Kafeine and Matthew Mesa and Axel F and Proofpoint Threat Insight Team}, title = {{TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader}}, date = {2019-10-16}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/ta505-distributes-new-sdbbot-remote-access-trojan-get2-downloader}, language = {English}, urldate = {2020-01-10} } TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader
Get2 SDBbot TA505
2019-07-02ProofpointMatthew Mesa, Dennis Schwarz, Proofpoint Threat Insight Team
@online{mesa:20190702:ta505:7f99961, author = {Matthew Mesa and Dennis Schwarz and Proofpoint Threat Insight Team}, title = {{TA505 begins summer campaigns with a new pet malware downloader, AndroMut, in the UAE, South Korea, Singapore, and the United States}}, date = {2019-07-02}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/ta505-begins-summer-campaigns-new-pet-malware-downloader-andromut-uae-south}, language = {English}, urldate = {2019-11-26} } TA505 begins summer campaigns with a new pet malware downloader, AndroMut, in the UAE, South Korea, Singapore, and the United States
AndroMut FlawedAmmyy
2018-08-30Twitter (@mesa_matt)Matthew Mesa
@online{mesa:20180830:psix:18563f6, author = {Matthew Mesa}, title = {{Tweet on PsiX}}, date = {2018-08-30}, organization = {Twitter (@mesa_matt)}, url = {https://twitter.com/mesa_matt/status/1035211747957923840}, language = {English}, urldate = {2019-12-06} } Tweet on PsiX
PsiX
2017-08-25ProofpointDarien Huss, Matthew Mesa
@online{huss:20170825:operation:87e2e2b, author = {Darien Huss and Matthew Mesa}, title = {{Operation RAT Cook: Chinese APT actors use fake Game of Thrones leaks as lures}}, date = {2017-08-25}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/operation-rat-cook-chinese-apt-actors-use-fake-game-thrones-leaks-lures}, language = {English}, urldate = {2019-12-20} } Operation RAT Cook: Chinese APT actors use fake Game of Thrones leaks as lures
9002 RAT
2017-07-31ProofpointMatthew Mesa, Darien Huss
@online{mesa:20170731:fin7carbanak:2eef6f2, author = {Matthew Mesa and Darien Huss}, title = {{FIN7/Carbanak threat actor unleashes Bateleur JScript backdoor}}, date = {2017-07-31}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleashes-bateleur-jscript-backdoor}, language = {English}, urldate = {2019-12-20} } FIN7/Carbanak threat actor unleashes Bateleur JScript backdoor
Bateleur FIN7
2017-06-01ProofpointMatthew Mesa, Axel F, Pierre T, Travis Green
@online{mesa:20170601:microsoft:77dd3ab, author = {Matthew Mesa and Axel F and Pierre T and Travis Green}, title = {{Microsoft Word Intruder Integrates CVE-2017-0199, Utilized by Cobalt Group to Target Financial Institutions}}, date = {2017-06-01}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/microsoft-word-intruder-integrates-cve-2017-0199-utilized-cobalt-group-target}, language = {English}, urldate = {2019-12-20} } Microsoft Word Intruder Integrates CVE-2017-0199, Utilized by Cobalt Group to Target Financial Institutions
Cobalt
2016-05-12ProofpointAxel F, Matthew Mesa
@online{f:20160512:hancitor:9c250c0, author = {Axel F and Matthew Mesa}, title = {{Hancitor and Ruckguv Reappear, Updated and With Vawtrak On Deck}}, date = {2016-05-12}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/hancitor-ruckguv-reappear}, language = {English}, urldate = {2019-12-20} } Hancitor and Ruckguv Reappear, Updated and With Vawtrak On Deck
Hancitor Ruckguv
2016-05-10ProofpointMatthew Mesa, Darien Huss
@online{mesa:20160510:setting:2b54ce3, author = {Matthew Mesa and Darien Huss}, title = {{Setting Sights On Retail: AbaddonPOS Now Targeting Specific POS Software}}, date = {2016-05-10}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/abaddonpos-now-targeting-specific-pos-software}, language = {English}, urldate = {2019-12-20} } Setting Sights On Retail: AbaddonPOS Now Targeting Specific POS Software
AbaddonPOS TinyLoader