Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-09-19Cisco TalosAsheer Malhotra, Caitlin Huey, Sean Taylor, Vitor Ventura, Arnaud Zobec
@online{malhotra:20230919:new:a39af36, author = {Asheer Malhotra and Caitlin Huey and Sean Taylor and Vitor Ventura and Arnaud Zobec}, title = {{New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants}}, date = {2023-09-19}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/introducing-shrouded-snooper/}, language = {English}, urldate = {2023-09-20} } New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants
HTTPSnoop PipeSnoop
2023-08-24Cisco TalosAsheer Malhotra, Vitor Ventura, Jungsoo An
@online{malhotra:20230824:lazarus:094409b, author = {Asheer Malhotra and Vitor Ventura and Jungsoo An}, title = {{Lazarus Group's infrastructure reuse leads to discovery of new malware}}, date = {2023-08-24}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/lazarus-collectionrat/}, language = {English}, urldate = {2023-08-28} } Lazarus Group's infrastructure reuse leads to discovery of new malware
Collection RAT
2023-08-24Cisco TalosAsheer Malhotra, Vitor Ventura, Jungsoo An
@online{malhotra:20230824:lazarus:f5c3c14, author = {Asheer Malhotra and Vitor Ventura and Jungsoo An}, title = {{Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT}}, date = {2023-08-24}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/lazarus-quiterat/}, language = {English}, urldate = {2023-08-25} } Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT
QuiteRAT
2023-03-14Cisco TalosAsheer Malhotra, Vitor Ventura
@online{malhotra:20230314:talos:f709c24, author = {Asheer Malhotra and Vitor Ventura}, title = {{Talos uncovers espionage campaigns targeting CIS countries, embassies and EU health care agency}}, date = {2023-03-14}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/yorotrooper-espionage-campaign-cis-turkey-europe/}, language = {English}, urldate = {2023-03-20} } Talos uncovers espionage campaigns targeting CIS countries, embassies and EU health care agency
Poet RAT Loda
2022-09-08Cisco TalosJung soo An, Asheer Malhotra, Vitor Ventura
@online{an:20220908:lazarus:236b4b4, author = {Jung soo An and Asheer Malhotra and Vitor Ventura}, title = {{Lazarus and the tale of three RATs}}, date = {2022-09-08}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/09/lazarus-three-rats.html}, language = {English}, urldate = {2023-01-19} } Lazarus and the tale of three RATs
MagicRAT MimiKatz VSingle YamaBot
2022-09-07Cisco TalosJung soo An, Asheer Malhotra, Vitor Ventura
@online{an:20220907:magicrat:efb6a3d, author = {Jung soo An and Asheer Malhotra and Vitor Ventura}, title = {{MagicRAT: Lazarus’ latest gateway into victim networks}}, date = {2022-09-07}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/09/lazarus-magicrat.html}, language = {English}, urldate = {2022-09-16} } MagicRAT: Lazarus’ latest gateway into victim networks
MagicRAT Tiger RAT
2022-08-02Cisco TalosAsheer Malhotra, Vitor Ventura
@online{malhotra:20220802:manjusaka:706c14a, author = {Asheer Malhotra and Vitor Ventura}, title = {{Manjusaka: A Chinese sibling of Sliver and Cobalt Strike}}, date = {2022-08-02}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html}, language = {English}, urldate = {2022-08-02} } Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
Manjusaka Cobalt Strike Manjusaka
2022-03-10TalosVitor Ventura, Asheer Malhotra, Arnaud Zobec
@online{ventura:20220310:iranian:02ae681, author = {Vitor Ventura and Asheer Malhotra and Arnaud Zobec}, title = {{Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups}}, date = {2022-03-10}, organization = {Talos}, url = {https://blog.talosintelligence.com/iranian-supergroup-muddywater/}, language = {English}, urldate = {2022-12-02} } Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
STARWHALE
2022-02-09CiscoVanja Svajcer, Vitor Ventura
@online{svajcer:20220209:whats:91fb2d8, author = {Vanja Svajcer and Vitor Ventura}, title = {{What’s with the shared VBA code between Transparent Tribe and other threat actors?}}, date = {2022-02-09}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2022/02/whats-with-shared-vba-code.html}, language = {English}, urldate = {2022-02-14} } What’s with the shared VBA code between Transparent Tribe and other threat actors?
2022-02-02CiscoAsheer Malhotra, Vitor Ventura
@online{malhotra:20220202:arid:420217a, author = {Asheer Malhotra and Vitor Ventura}, title = {{Arid Viper APT targets Palestine with new wave of politically themed phishing attacks, malware}}, date = {2022-02-02}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2022/02/arid-viper-targets-palestine.html}, language = {English}, urldate = {2022-02-04} } Arid Viper APT targets Palestine with new wave of politically themed phishing attacks, malware
Micropsia
2022-01-31CiscoAsheer Malhotra, Vitor Ventura
@online{malhotra:20220131:iranian:8eb6c17, author = {Asheer Malhotra and Vitor Ventura}, title = {{Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables}}, date = {2022-01-31}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2022/01/iranian-apt-muddywater-targets-turkey.html}, language = {English}, urldate = {2022-02-02} } Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables
2021-09-30CiscoVitor Ventura, Arnaud Zobec
@online{ventura:20210930:wolf:5617c7f, author = {Vitor Ventura and Arnaud Zobec}, title = {{A wolf in sheep's clothing: Actors spread malware by leveraging trust in Amnesty International and fear of Pegasus}}, date = {2021-09-30}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2021/09/fakeantipegasusamnesty.html}, language = {English}, urldate = {2021-10-20} } A wolf in sheep's clothing: Actors spread malware by leveraging trust in Amnesty International and fear of Pegasus
2021-09-16CiscoTiago Pereira, Vitor Ventura
@online{pereira:20210916:operation:133992d, author = {Tiago Pereira and Vitor Ventura}, title = {{Operation Layover: How we tracked an attack on the aviation industry to five years of compromise}}, date = {2021-09-16}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2021/09/operation-layover-how-we-tracked-attack.html}, language = {English}, urldate = {2021-09-19} } Operation Layover: How we tracked an attack on the aviation industry to five years of compromise
AsyncRAT Houdini NjRAT
2021-08-31Cisco TalosEdmund Brumaghin, Vitor Ventura
@online{brumaghin:20210831:attracting:5d141c1, author = {Edmund Brumaghin and Vitor Ventura}, title = {{Attracting flies with Honey(gain): Adversarial abuse of proxyware}}, date = {2021-08-31}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/08/proxyware-abuse.html}, language = {English}, urldate = {2021-09-02} } Attracting flies with Honey(gain): Adversarial abuse of proxyware
2021-08-19TalosAsheer Malhotra, Vitor Ventura, Vanja Svajcer
@online{malhotra:20210819:malicious:e04d4c9, author = {Asheer Malhotra and Vitor Ventura and Vanja Svajcer}, title = {{Malicious Campaign Targets Latin America: The seller, The operator and a curious link}}, date = {2021-08-19}, organization = {Talos}, url = {https://blog.talosintelligence.com/2021/08/rat-campaign-targets-latin-america.html}, language = {English}, urldate = {2021-08-30} } Malicious Campaign Targets Latin America: The seller, The operator and a curious link
AsyncRAT NjRAT
2021-05-26Cisco TalosWarren Mercer, Vitor Ventura
@online{mercer:20210526:elizabethan:40a80e7, author = {Warren Mercer and Vitor Ventura}, title = {{Elizabethan England has nothing on modern-day Russia}}, date = {2021-05-26}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/05/privateer-groups.html}, language = {English}, urldate = {2021-06-16} } Elizabethan England has nothing on modern-day Russia
2021-02-23TalosVitor Ventura, Warren Mercer
@online{ventura:20210223:gamaredon:3fbfa9b, author = {Vitor Ventura and Warren Mercer}, title = {{Gamaredon - When nation states don’t pay all the bills}}, date = {2021-02-23}, organization = {Talos}, url = {https://blog.talosintelligence.com/2021/02/gamaredonactivities.html}, language = {English}, urldate = {2021-02-25} } Gamaredon - When nation states don’t pay all the bills
2021-02-09TalosWarren Mercer, Chris Neal, Vitor Ventura
@online{mercer:20210209:kasablanka:63078fc, author = {Warren Mercer and Chris Neal and Vitor Ventura}, title = {{Kasablanka Group's LodaRAT improves espionage capabilities on Android and Windows}}, date = {2021-02-09}, organization = {Talos}, url = {https://blog.talosintelligence.com/2021/02/kasablanka-lodarat.html}, language = {English}, urldate = {2021-02-09} } Kasablanka Group's LodaRAT improves espionage capabilities on Android and Windows
Loda
2020-10-29Cisco TalosWarren Mercer, Paul Rascagnères, Vitor Ventura
@online{mercer:20201029:donots:850f31b, author = {Warren Mercer and Paul Rascagnères and Vitor Ventura}, title = {{DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread}}, date = {2020-10-29}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/10/donot-firestarter.html}, language = {English}, urldate = {2023-07-24} } DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread
KnSpy
2020-10-06TalosWarren Mercer, Paul Rascagnères, Vitor Ventura
@online{mercer:20201006:poetrat:17f845e, author = {Warren Mercer and Paul Rascagnères and Vitor Ventura}, title = {{PoetRAT: Malware targeting public and private sector in Azerbaijan evolves}}, date = {2020-10-06}, organization = {Talos}, url = {https://blog.talosintelligence.com/2020/10/poetrat-update.html}, language = {English}, urldate = {2020-10-07} } PoetRAT: Malware targeting public and private sector in Azerbaijan evolves
Poet RAT