Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-07-07TalosAsheer Malhotra, Justin Thattil
@online{malhotra:20210707:insidecopy:ac5b778, author = {Asheer Malhotra and Justin Thattil}, title = {{InSideCopy: How this APT continues to evolve its arsenal (Network IOCs)}}, date = {2021-07-07}, organization = {Talos}, url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/594/original/Network_IOCs_list_for_coverage.txt?1625657479}, language = {English}, urldate = {2021-07-09} } InSideCopy: How this APT continues to evolve its arsenal (Network IOCs)
AllaKore Lilith NjRAT
2021-07-07TalosAsheer Malhotra, Justin Thattil
@techreport{malhotra:20210707:insidecopy:107d438, author = {Asheer Malhotra and Justin Thattil}, title = {{InSideCopy: How this APT continues to evolve its arsenal}}, date = {2021-07-07}, institution = {Talos}, url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/591/original/062521_SideCopy_%281%29.pdf}, language = {English}, urldate = {2021-07-09} } InSideCopy: How this APT continues to evolve its arsenal
AllaKore Lilith NjRAT
2021-07-07TalosAsheer Malhotra, Justin Thattil
@online{malhotra:20210707:insidecopy:e6b25bb, author = {Asheer Malhotra and Justin Thattil}, title = {{InSideCopy: How this APT continues to evolve its arsenal (IOCs)}}, date = {2021-07-07}, organization = {Talos}, url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/592/original/Hashes_IOCs_for_coverage.txt}, language = {English}, urldate = {2021-07-09} } InSideCopy: How this APT continues to evolve its arsenal (IOCs)
AllaKore Lilith NjRAT
2021-07-07Talos IntelligenceAsheer Malhotra, Justin Thattil
@online{malhotra:20210707:insidecopy:eca169d, author = {Asheer Malhotra and Justin Thattil}, title = {{InSideCopy: How this APT continues to evolve its arsenal}}, date = {2021-07-07}, organization = {Talos Intelligence}, url = {https://blog.talosintelligence.com/2021/07/sidecopy.html}, language = {English}, urldate = {2021-07-08} } InSideCopy: How this APT continues to evolve its arsenal
AllaKore NjRAT
2021-06-03TalosVanja Svajcer, Caitlin Huey, Kendall McKay
@online{svajcer:20210603:necro:acd2fdf, author = {Vanja Svajcer and Caitlin Huey and Kendall McKay}, title = {{Necro Python bot adds new exploits and Tezos mining to its bag of tricks}}, date = {2021-06-03}, organization = {Talos}, url = {https://blog.talosintelligence.com/2021/06/necro-python-bot-adds-new-tricks.html}, language = {English}, urldate = {2021-06-16} } Necro Python bot adds new exploits and Tezos mining to its bag of tricks
N3Cr0m0rPh
2021-05-26Cisco TalosWarren Mercer, Vitor Ventura
@online{mercer:20210526:elizabethan:40a80e7, author = {Warren Mercer and Vitor Ventura}, title = {{Elizabethan England has nothing on modern-day Russia}}, date = {2021-05-26}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/05/privateer-groups.html}, language = {English}, urldate = {2021-06-16} } Elizabethan England has nothing on modern-day Russia
2021-05-17TalosBrad Garnett
@online{garnett:20210517:case:a8ef9cf, author = {Brad Garnett}, title = {{Case Study: Incident Response is a relationship-driven business}}, date = {2021-05-17}, organization = {Talos}, url = {https://blog.talosintelligence.com/2021/05/ctir-case-study.html}, language = {English}, urldate = {2021-05-25} } Case Study: Incident Response is a relationship-driven business
Cobalt Strike
2021-05-13TalosAsheer Malhotra, Justin Thattil, Kendall McKay
@online{malhotra:20210513:transparent:9993964, author = {Asheer Malhotra and Justin Thattil and Kendall McKay}, title = {{Transparent Tribe APT expands its Windows malware arsenal}}, date = {2021-05-13}, organization = {Talos}, url = {https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html}, language = {English}, urldate = {2021-05-13} } Transparent Tribe APT expands its Windows malware arsenal
Crimson RAT Oblique RAT
2021-05-07Cisco TalosCaitlin Huey, Andrew Windsor, Edmund Brumaghin
@online{huey:20210507:lemon:0d46f81, author = {Caitlin Huey and Andrew Windsor and Edmund Brumaghin}, title = {{Lemon Duck spreads its wings: Actors target Microsoft Exchange servers, incorporate new TTPs}}, date = {2021-05-07}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/05/lemon-duck-spreads-wings.html}, language = {English}, urldate = {2021-05-11} } Lemon Duck spreads its wings: Actors target Microsoft Exchange servers, incorporate new TTPs
CHINACHOPPER Cobalt Strike
2021-04-21TalosVanja Svajcer
@online{svajcer:20210421:year:4741c8e, author = {Vanja Svajcer}, title = {{A year of Fajan evolution and Bloomberg themed campaigns}}, date = {2021-04-21}, organization = {Talos}, url = {https://blog.talosintelligence.com/2021/04/a-year-of-fajan-evolution-and-bloomberg.html}, language = {English}, urldate = {2021-04-28} } A year of Fajan evolution and Bloomberg themed campaigns
MASS Logger Nanocore RAT NetWire RC Revenge RAT XpertRAT
2021-04-07TalosNick Biasini, Edmund Brumaghin, Chris Neal, Paul Eubanks.
@online{biasini:20210407:sowing:2bf94a9, author = {Nick Biasini and Edmund Brumaghin and Chris Neal and Paul Eubanks.}, title = {{Sowing Discord: Reaping the benefits of collaboration app abuse}}, date = {2021-04-07}, organization = {Talos}, url = {https://blog.talosintelligence.com/2021/04/collab-app-abuse.html}, language = {English}, urldate = {2021-04-19} } Sowing Discord: Reaping the benefits of collaboration app abuse
2021-03-09Cisco TalosCisco Talos
@online{talos:20210309:hafnium:55699b2, author = {Cisco Talos}, title = {{Hafnium Update: Continued Microsoft Exchange Server Exploitation}}, date = {2021-03-09}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/03/hafnium-update.html}, language = {English}, urldate = {2021-03-11} } Hafnium Update: Continued Microsoft Exchange Server Exploitation
2021-03-02Cisco TalosAsheer Malhotra
@online{malhotra:20210302:obliquerat:f7504fa, author = {Asheer Malhotra}, title = {{ObliqueRAT returns with new campaign using hijacked websites}}, date = {2021-03-02}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/02/obliquerat-new-campaign.html}, language = {English}, urldate = {2021-03-04} } ObliqueRAT returns with new campaign using hijacked websites
Oblique RAT
2021-02-23TalosVitor Ventura, Warren Mercer
@online{ventura:20210223:gamaredon:3fbfa9b, author = {Vitor Ventura and Warren Mercer}, title = {{Gamaredon - When nation states don’t pay all the bills}}, date = {2021-02-23}, organization = {Talos}, url = {https://blog.talosintelligence.com/2021/02/gamaredonactivities.html}, language = {English}, urldate = {2021-02-25} } Gamaredon - When nation states don’t pay all the bills
2021-02-17Cisco TalosVanja Svajcer
@online{svajcer:20210217:masslogger:cd9e6fb, author = {Vanja Svajcer}, title = {{Masslogger campaigns exfiltrates user credentials}}, date = {2021-02-17}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/02/masslogger-cred-exfil.html}, language = {English}, urldate = {2021-02-20} } Masslogger campaigns exfiltrates user credentials
MASS Logger
2021-02-09TalosWarren Mercer, Chris Neal, Vitor Ventura
@online{mercer:20210209:kasablanka:63078fc, author = {Warren Mercer and Chris Neal and Vitor Ventura}, title = {{Kasablanka Group's LodaRAT improves espionage capabilities on Android and Windows}}, date = {2021-02-09}, organization = {Talos}, url = {https://blog.talosintelligence.com/2021/02/kasablanka-lodarat.html}, language = {English}, urldate = {2021-02-09} } Kasablanka Group's LodaRAT improves espionage capabilities on Android and Windows
Loda
2021-01-06TalosIrshad Muhammad, Holger Unterbrink
@online{muhammad:20210106:deep:8fa3a1f, author = {Irshad Muhammad and Holger Unterbrink}, title = {{A Deep Dive into Lokibot Infection Chain}}, date = {2021-01-06}, organization = {Talos}, url = {https://blog.talosintelligence.com/2021/01/a-deep-dive-into-lokibot-infection-chain.html}, language = {English}, urldate = {2021-01-10} } A Deep Dive into Lokibot Infection Chain
Loki Password Stealer (PWS)
2021-01-04Cisco TalosAzim Khodjibaev, Dmytro Korzhevin, Kendall McKay
@techreport{khodjibaev:20210104:interview:6735752, author = {Azim Khodjibaev and Dmytro Korzhevin and Kendall McKay}, title = {{Interview with a LockBit ransomware operator}}, date = {2021-01-04}, institution = {Cisco Talos}, url = {https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/481/original/010421_LockBit_Interview.pdf}, language = {English}, urldate = {2021-02-17} } Interview with a LockBit ransomware operator
LockBit
2021TalosTalos Incident Response
@techreport{response:2021:cobalt:f4412fa, author = {Talos Incident Response}, title = {{Cobalt Strikes Out}}, date = {2021}, institution = {Talos}, url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/542/original/CTIR_casestudy_2.pdf}, language = {English}, urldate = {2021-05-26} } Cobalt Strikes Out
Cobalt Strike
2021TalosTalos Incident Response
@techreport{response:2021:evicting:c795470, author = {Talos Incident Response}, title = {{Evicting Maze}}, date = {2021}, institution = {Talos}, url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/543/original/CTIR_casestudy_1.pdf}, language = {English}, urldate = {2021-05-26} } Evicting Maze
Cobalt Strike Maze