Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-08-31Rapid7 LabsNatalie Zargarov, Thomas Elkins, Evan McCann, Tyler McGraw
@online{zargarov:20230831:fake:4b8ef57, author = {Natalie Zargarov and Thomas Elkins and Evan McCann and Tyler McGraw}, title = {{Fake Update Utilizes New IDAT Loader To Execute StealC and Lumma Infostealers}}, date = {2023-08-31}, organization = {Rapid7 Labs}, url = {https://www.rapid7.com/blog/post/2023/08/31/fake-update-utilizes-new-idat-loader-to-execute-stealc-and-lumma-infostealers/}, language = {English}, urldate = {2023-11-22} } Fake Update Utilizes New IDAT Loader To Execute StealC and Lumma Infostealers
FAKEUPDATES Amadey HijackLoader Lumma Stealer SectopRAT
2023-07-07Rapid7 LabsCaitlin Condon
@online{condon:20230707:exploitation:1930f05, author = {Caitlin Condon}, title = {{Exploitation of Mitel MiVoice Connect SA CVE-2022-29499}}, date = {2023-07-07}, organization = {Rapid7 Labs}, url = {https://www.rapid7.com/blog/post/2022/07/07/exploitation-of-mitel-mivoice-connect-sa-cve-2022-29499/}, language = {English}, urldate = {2023-08-01} } Exploitation of Mitel MiVoice Connect SA CVE-2022-29499
2023-04-18Rapid7 LabsMatt Green
@online{green:20230418:automating:5252cc0, author = {Matt Green}, title = {{Automating Qakbot Detection at Scale With Velociraptor}}, date = {2023-04-18}, organization = {Rapid7 Labs}, url = {https://www.rapid7.com/blog/post/2023/04/18/automating-qakbot-detection-at-scale-with/}, language = {English}, urldate = {2023-04-25} } Automating Qakbot Detection at Scale With Velociraptor
QakBot
2023-03-30Rapid7 LabsRapid7
@online{rapid7:20230330:backdoored:9d84780, author = {Rapid7}, title = {{Backdoored 3CXDesktopApp Installer Used in Active Threat Campaign}}, date = {2023-03-30}, organization = {Rapid7 Labs}, url = {https://www.rapid7.com/blog/post/2023/03/30/backdoored-3cxdesktopapp-installer-used-in-active-threat-campaign/}, language = {English}, urldate = {2023-04-02} } Backdoored 3CXDesktopApp Installer Used in Active Threat Campaign
3CX Backdoor
2023-01-11Rapid7 LabsEoin Miller
@online{miller:20230111:increasing:b0201c6, author = {Eoin Miller}, title = {{Increasing The Sting of HIVE Ransomware}}, date = {2023-01-11}, organization = {Rapid7 Labs}, url = {https://www.rapid7.com/blog/post/2023/01/11/increasing-the-sting-of-hive-ransomware/}, language = {English}, urldate = {2023-01-13} } Increasing The Sting of HIVE Ransomware
Hive
2021-03-11Rapid7 LabsCaitlin Condon, Spencer McIntyre, William Vu
@online{condon:20210311:2020:3380372, author = {Caitlin Condon and Spencer McIntyre and William Vu}, title = {{2020 Vulnerability Intelligence Report}}, date = {2021-03-11}, organization = {Rapid7 Labs}, url = {https://www.rapid7.com/research/report/vulnerability-intelligence-report/}, language = {English}, urldate = {2021-03-12} } 2020 Vulnerability Intelligence Report
2021-03-02Rapid7 LabsAndrew Christian
@online{christian:20210302:rapid7s:b676aa4, author = {Andrew Christian}, title = {{Rapid7’s InsightIDR Enables Detection And Response to Microsoft Exchange Zero-Day}}, date = {2021-03-02}, organization = {Rapid7 Labs}, url = {https://blog.rapid7.com/2021/03/03/rapid7s-insightidr-enables-detection-and-response-to-microsoft-exchange-0-day}, language = {English}, urldate = {2021-03-10} } Rapid7’s InsightIDR Enables Detection And Response to Microsoft Exchange Zero-Day
CHINACHOPPER HAFNIUM
2020-11-04FireEyeJacob Thompson, Jeffrey Martin, Rapid7
@online{thompson:20201104:in:0931c66, author = {Jacob Thompson and Jeffrey Martin and Rapid7}, title = {{In Wild Critical Buffer Overflow Vulnerability in Solaris Can Allow Remote Takeover — CVE-2020-14871}}, date = {2020-11-04}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/11/critical-buffer-overflow-vulnerability-in-solaris-can-allow-remote-takeover.html}, language = {English}, urldate = {2020-11-09} } In Wild Critical Buffer Overflow Vulnerability in Solaris Can Allow Remote Takeover — CVE-2020-14871
2020-05-28Rapid7 LabsMatthew Berninger
@online{berninger:20200528:masked:44cad71, author = {Matthew Berninger}, title = {{The Masked SYNger: Investigating a Traffic Phenomenon}}, date = {2020-05-28}, organization = {Rapid7 Labs}, url = {https://blog.rapid7.com/2020/05/28/the-masked-synger-investigating-a-traffic-phenomenon/}, language = {English}, urldate = {2020-05-29} } The Masked SYNger: Investigating a Traffic Phenomenon
2019-02-06Recorded FutureInsikt Group, Rapid7
@techreport{group:20190206:apt10:9c61d0b, author = {Insikt Group and Rapid7}, title = {{APT10 Targeted NorwegianMSP and US Companies in Sustained Campaign}}, date = {2019-02-06}, institution = {Recorded Future}, url = {http://go.recordedfuture.com/hubfs/reports/cta-2019-0206.pdf}, language = {English}, urldate = {2020-01-06} } APT10 Targeted NorwegianMSP and US Companies in Sustained Campaign
RedLeaves
2019-02-06Recorded FutureInsikt Group, Rapid7
@techreport{group:20190206:apt10:74d18e7, author = {Insikt Group and Rapid7}, title = {{APT10 Targeted Norwegian MSP and US Companies in Sustained Campaign}}, date = {2019-02-06}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/cta-2019-0206.pdf}, language = {English}, urldate = {2019-12-17} } APT10 Targeted Norwegian MSP and US Companies in Sustained Campaign
Trochilus RAT APT31 HURRICANE PANDA
2013-06-07Rapid7 LabsClaudio Guarnieri, Mark Schloesser
@online{guarnieri:20130607:keyboy:58ebd77, author = {Claudio Guarnieri and Mark Schloesser}, title = {{KeyBoy, Targeted Attacks against Vietnam and India}}, date = {2013-06-07}, organization = {Rapid7 Labs}, url = {https://blog.rapid7.com/2013/06/07/keyboy-targeted-attacks-against-vietnam-and-india/}, language = {English}, urldate = {2019-12-20} } KeyBoy, Targeted Attacks against Vietnam and India
KeyBoy APT23