Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-06-29BusinessWireDaria Zhukova
@online{zhukova:20230629:dark:d58f892, author = {Daria Zhukova}, title = {{Dark Web Intelligence Shows Everest Ransomware Group Increasing Initial Access Broker Activity}}, date = {2023-06-29}, organization = {BusinessWire}, url = {https://www.businesswire.com/news/home/20230629610565/en/Dark-Web-Intelligence-Shows-Everest-Ransomware-Group-Increasing-Initial-Access-Broker-Activity}, language = {English}, urldate = {2023-08-28} } Dark Web Intelligence Shows Everest Ransomware Group Increasing Initial Access Broker Activity
2023-05-01Check Point ResearchCheck Point Research
@online{research:20230501:chain:855e7fa, author = {Check Point Research}, title = {{Chain Reaction: RokRAT's Missing Link}}, date = {2023-05-01}, organization = {Check Point Research}, url = {https://research.checkpoint.com/2023/chain-reaction-rokrats-missing-link/}, language = {English}, urldate = {2023-05-02} } Chain Reaction: RokRAT's Missing Link
Amadey RokRAT
2023-04-26AhnLabbghjmun
@online{bghjmun:20230426:rokrat:e241546, author = {bghjmun}, title = {{RokRAT Malware Distributed Through LNK Files (*.lnk): RedEyes (ScarCruft)}}, date = {2023-04-26}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/51751/}, language = {English}, urldate = {2023-04-26} } RokRAT Malware Distributed Through LNK Files (*.lnk): RedEyes (ScarCruft)
RokRAT
2023-04-19Bleeping ComputerBill Toulas
@online{toulas:20230419:march:2c99c12, author = {Bill Toulas}, title = {{March 2023 broke ransomware attack records with 459 incidents}}, date = {2023-04-19}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/march-2023-broke-ransomware-attack-records-with-459-incidents/}, language = {English}, urldate = {2023-04-28} } March 2023 broke ransomware attack records with 459 incidents
Clop WhiteRabbit BianLian Black Basta BlackCat LockBit MedusaLocker PLAY Royal Ransom
2023-02-09NSA, FBI, CISA, HHS, ROK, DSA
@techreport{nsa:20230209:stopransomware:87d3a94, author = {NSA and FBI and CISA and HHS and ROK and DSA}, title = {{#StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities}}, date = {2023-02-09}, institution = {}, url = {https://media.defense.gov/2023/Feb/09/2003159161/-1/-1/0/CSA_RANSOMWARE_ATTACKS_ON_CI_FUND_DPRK_ACTIVITIES.PDF}, language = {English}, urldate = {2023-08-25} } #StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities
Dtrack MagicRAT Maui Ransomware SiennaBlue SiennaPurple Tiger RAT YamaBot
2023ThreatMonThreatMon Malware Research Team, Seyit Sigirci (@h3xecute)
@online{team:2023:reverse:4c743dd, author = {ThreatMon Malware Research Team and Seyit Sigirci (@h3xecute)}, title = {{Reverse Engineering RokRAT: A Closer Look at APT37’s Onedrive-Based Attack Vector}}, date = {2023}, organization = {ThreatMon}, url = {https://threatmon.io/reverse-engineering-rokrat-a-closer-look-at-apt37s-onedrive-based-attack-vector/}, language = {English}, urldate = {2023-11-22} } Reverse Engineering RokRAT: A Closer Look at APT37’s Onedrive-Based Attack Vector
RokRAT
2022-12-09SecureworksSecureWorks' Counter Threat Unit Research Team
@online{team:20221209:drokbk:0f8a8ad, author = {SecureWorks' Counter Threat Unit Research Team}, title = {{Drokbk Malware Uses GitHub as Dead Drop Resolver}}, date = {2022-12-09}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/drokbk-malware-uses-github-as-dead-drop-resolver}, language = {English}, urldate = {2023-01-03} } Drokbk Malware Uses GitHub as Dead Drop Resolver
Drokbk
2022-12-09Positive TechnologiesPTSecurity
@online{ptsecurity:20221209:cloud:8e95b60, author = {PTSecurity}, title = {{APT Cloud Atlas: Unbroken Threat}}, date = {2022-12-09}, organization = {Positive Technologies}, url = {https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt-cloud-atlas-unbroken-threat/}, language = {English}, urldate = {2022-12-20} } APT Cloud Atlas: Unbroken Threat
2022-11-04DataBreaches.netDissent
@online{dissent:20221104:malaysian:1a51997, author = {Dissent}, title = {{Malaysian online stock brokerage firm victim of cyberattack}}, date = {2022-11-04}, organization = {DataBreaches.net}, url = {https://www.databreaches.net/malaysian-online-stock-brokerage-firm-victim-of-cyberattack/}, language = {English}, urldate = {2023-11-27} } Malaysian online stock brokerage firm victim of cyberattack
2022-09-28Twitter (@ESETresearch)ESET Research
@online{research:20220928:twitter:e0277dd, author = {ESET Research}, title = {{Twitter Thread linking CloudMensis to RokRAT / ScarCruft}}, date = {2022-09-28}, organization = {Twitter (@ESETresearch)}, url = {https://twitter.com/ESETresearch/status/1575103839115804672}, language = {English}, urldate = {2023-03-24} } Twitter Thread linking CloudMensis to RokRAT / ScarCruft
CloudMensis RokRAT
2022-09-07GooglePierre-Marc Bureau, Google Threat Analysis Group
@online{bureau:20220907:initial:d1975b3, author = {Pierre-Marc Bureau and Google Threat Analysis Group}, title = {{Initial access broker repurposing techniques in targeted attacks against Ukraine}}, date = {2022-09-07}, organization = {Google}, url = {https://blog.google/threat-analysis-group/initial-access-broker-repurposing-techniques-in-targeted-attacks-against-ukraine/}, language = {English}, urldate = {2022-09-13} } Initial access broker repurposing techniques in targeted attacks against Ukraine
AnchorMail Cobalt Strike IcedID
2022-09-06ESET ResearchThibaut Passilly
@online{passilly:20220906:worok:0c106ac, author = {Thibaut Passilly}, title = {{Worok: The big picture}}, date = {2022-09-06}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2022/09/06/worok-big-picture/}, language = {English}, urldate = {2022-09-10} } Worok: The big picture
MimiKatz PNGLoad reGeorg ShadowPad Worok
2022-08-17Group-IBVictor Okorokov
@online{okorokov:20220817:switching:1ffd85f, author = {Victor Okorokov}, title = {{Switching side jobs Links between ATMZOW JS-sniffer and Hancitor}}, date = {2022-08-17}, organization = {Group-IB}, url = {https://blog.group-ib.com/switching-side-jobs}, language = {English}, urldate = {2022-08-22} } Switching side jobs Links between ATMZOW JS-sniffer and Hancitor
Hancitor
2022-08-02Recorded FutureInsikt Group
@techreport{group:20220802:initial:5caddb5, author = {Insikt Group}, title = {{Initial Access Brokers Are Key to Rise in Ransomware Attacks}}, date = {2022-08-02}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/cta-2022-0802.pdf}, language = {English}, urldate = {2022-08-05} } Initial Access Brokers Are Key to Rise in Ransomware Attacks
Azorult BlackMatter Conti Mars Stealer Raccoon RedLine Stealer Taurus Stealer Vidar
2022-07-14SophosAlexander Giles
@online{giles:20220714:rapid:f667bce, author = {Alexander Giles}, title = {{Rapid Response: The Ngrok Incident Guide}}, date = {2022-07-14}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/07/14/rapid-response-the-ngrok-incident-guide/}, language = {English}, urldate = {2022-07-25} } Rapid Response: The Ngrok Incident Guide
2022-06-13SekoiaThreat & Detection Research Team
@online{team:20220613:bumblebee:0a56342, author = {Threat & Detection Research Team}, title = {{BumbleBee: a new trendy loader for Initial Access Brokers}}, date = {2022-06-13}, organization = {Sekoia}, url = {https://blog.sekoia.io/bumblebee-a-new-trendy-loader-for-initial-access-brokers/}, language = {English}, urldate = {2022-06-17} } BumbleBee: a new trendy loader for Initial Access Brokers
BumbleBee
2022-05-23Trend MicroDaniel Lunghi, Jaromír Hořejší
@techreport{lunghi:20220523:operation:e3c402b, author = {Daniel Lunghi and Jaromír Hořejší}, title = {{Operation Earth Berberoka}}, date = {2022-05-23}, institution = {Trend Micro}, url = {https://documents.trendmicro.com/assets/white_papers/wp-operation-earth-berberoka.pdf}, language = {English}, urldate = {2022-07-25} } Operation Earth Berberoka
reptile oRAT Ghost RAT PlugX pupy Earth Berberoka
2022-05-19Trend MicroAdolph Christian Silverio, Jeric Miguel Abordo, Khristian Joseph Morales, Maria Emreen Viray
@online{silverio:20220519:bruised:f5c6775, author = {Adolph Christian Silverio and Jeric Miguel Abordo and Khristian Joseph Morales and Maria Emreen Viray}, title = {{Bruised but Not Broken: The Resurgence of the Emotet Botnet Malware}}, date = {2022-05-19}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/e/bruised-but-not-broken--the-resurgence-of-the-emotet-botnet-malw.html}, language = {English}, urldate = {2022-05-25} } Bruised but Not Broken: The Resurgence of the Emotet Botnet Malware
Emotet QakBot
2022-04-27Trend MicroDaniel Lunghi, Jaromír Hořejší
@online{lunghi:20220427:new:9068f6e, author = {Daniel Lunghi and Jaromír Hořejší}, title = {{New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware}}, date = {2022-04-27}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/d/new-apt-group-earth-berberoka-targets-gambling-websites-with-old.html}, language = {English}, urldate = {2023-04-18} } New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
HelloBot AsyncRAT Ghost RAT HelloBot PlugX Quasar RAT Earth Berberoka
2022-04-27TrendmicroTrendmicro
@online{trendmicro:20220427:iocs:18f7e31, author = {Trendmicro}, title = {{IOCs for Earth Berberoka - Windows}}, date = {2022-04-27}, organization = {Trendmicro}, url = {https://documents.trendmicro.com/assets/txt/earth-berberoka-windows-iocs-2.txt}, language = {English}, urldate = {2022-07-25} } IOCs for Earth Berberoka - Windows
AsyncRAT Cobalt Strike PlugX Quasar RAT Earth Berberoka