Cyentia Cybersecurity Research Library

Sources
Tags
About
Sponsors
More from Cyentia

Cyentia Cybersecurity Research Library

Subscribe to the Library Newsletter

List

Library

Search the Library

Report missing? Write to us today!

APT Targets Financial Analysts with CVE-2017-0199

On April 20, Proofpoint observed a targeted campaign focused on financial analysts working at top global financial firms operating in Russia and neighboring countries. (more available)

Added: November 15, 2018

Tracking Subaat: Targeted Phishing Attack Leads to Threat Actor’s Repository

In mid-July, Palo Alto Networks Unit 42 identified a small targeted phishing campaign aimed at a government organization. While tracking the activities of this campaign, we identified a repository of additional malware, including a web server that was used to host the payloads used for both this attack as well as others. (more available)

Added: November 15, 2018

Threat Actors Target Government of Belarus Using CMSTAR Trojan

Palo Alto Networks Unit 42 has identified a series of phishing emails containing updated versions of the previously discussed CMSTAR malware family targeting various government entities in the country of Belarus. (more available)

Added: November 15, 2018

The Blockbuster Sequel

Unit 42 has identified malware with recent compilation and distribution timestamps that has code, infrastructure, and themes overlapping with threats described previously in the Operation Blockbuster report, written by researchers at Novetta. (more available)

Added: November 15, 2018

OilRig Deploys "ALMA Communicator" – DNS Tunneling Trojan

Unit 42 has been closely tracking the OilRig threat group since May 2016. One technique we’ve been tracking with this threat group is their use of the Clayslide delivery document as attachments to spear-phishing emails in attacks since May 2016. (more available)

Added: November 15, 2018

Magic Hound Campaign Attacks Saudi Targets

Unit 42 has discovered a persistent attack campaign operating primarily in the Middle East dating back to at least mid-2016 which we have named Magic Hound. (more available)

Added: November 15, 2018

The Gamaredon Group Toolset Evolution

Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. We have labelled this threat group the Gamaredon Group and our research shows that the Gamaredon Group has been active since at least 2013. (more available)

Added: November 15, 2018

Dimnie: Hiding In Plain Sight

This post discusses the reports of open-source developers receiving malicious emails.

Added: November 15, 2018

DragonOK Updates Toolset and Targets Multiple Geographic Regions

The DragonOK group has been actively launching attacks for years. We first discussed them in April 2015 when we witnessed them targeting a number of organizations in Japan. (more available)

Added: November 15, 2018

Turla group using Neuron and Nautilus tools alongside Snake malware

This report provides new intelligence by the NCSC on two tools used by the Turla group to target the UK. It contains IOCs and signatures for detection by network defenders. (more available)

Added: November 15, 2018

PLATINUM continues to evolve, find ways to maintain invisibility

Microsoft has come across an evolution of PLATINUM’s file-transfer tool, one that uses the Intel® Active Management Technology (AMT) Serial-over-LAN (SOL) channel for communication. (more available)

Added: November 15, 2018

Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack

During our monitoring of activities around the APT28 threat group, McAfee Advanced Threat Research analysts identified a malicious Word document that appears to leverage the Microsoft Office Dynamic Data Exchange (DDE) technique that has been previously reported by Advanced Threat Research. (more available)

Added: November 15, 2018

ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar

Using data collected from the Lookout global sensor network, the Lookout research team was able to gain unique visibility into the ViperRAT malware, including 11 new, unreported applications. (more available)

Added: November 15, 2018

KingSlayer - A Supply Chain Attack

In this Kingslayer post-mortem report, RSA Research describes a sophisticated software application supply chain attack that may have otherwise gone unnoticed by its targets. (more available)

Added: November 15, 2018

A gut feeling of old acquaintances, new tools, and a common battleground

This blog post discusses how WannaCry is a pet project of the Lazarus group.

Added: November 15, 2018

From Shamoon To Stonedrill

This report provides new insights into the Shamoon 2.0 and StoneDrill attacks, including: 1. The discovery techniques and strategies we used for Shamoon and StoneDrill. (more available)

Added: November 15, 2018

Lazarus Under The Hood

This paper is the result of forensic investigations by Kaspersky Lab at banks in two countries far apart. It reveals new modules used by Lazarus group and strongly links the tools used to attack systems supporting SWIFT to the Lazarus Group’s arsenal of lateral movement tools. (more available)

Added: November 15, 2018

Introducing WhiteBear

“As a part of our Kaspersky APT Intelligence Reporting subscription, customers received an update in mid-February 2017 on some interesting APT activity that we called WhiteBear. (more available)

Added: November 15, 2018

Breaking The Weekest Link Of The Strongest Chain

This post regards the following event - “Around July last year, more than a 100 Israeli servicemen were hit by a cunning threat actor. (more available)

Added: November 15, 2018

BlackOasis APT and new targeted attacks leveraging zeroday exploit

This post discusses the following event - “On October 10, 2017, Kaspersky Lab’s advanced exploit prevention systems identified a new Adobe Flash zero day exploit used in the wild against our customers. (more available)

Added: November 15, 2018

ChChes – Malware that Communicates with C&C Servers Using Cookie Headers

Since around October 2016, JPCERT/CC has been confirming emails that are sent to Japanese organisations with a ZIP file attachment containing executable files. (more available)

Added: November 15, 2018

83
84
85
86
87

© Cyentia Institute 2025

Library updated: February 28, 2025 16:13 UTC (build a2778e0)