Cyentia Cybersecurity Research Library
  • Sources
  • Tags
  • About
  • Sponsors
  • More from Cyentia

C2

Below you will find reports with the tag of “C2”

image from Beyond Malware: Detecting The Undetectable

Beyond Malware: Detecting The Undetectable

This report discusses a key issue in a Malware-centric defense approach; it will leave you vulnerable to attacks that don’t leverage malware. (more available)
Added: January 1, 2019
image from Intelligence Report: CSIR-18004 Nigerian Confraternities Emerge

Intelligence Report: CSIR-18004 Nigerian Confraternities Emerge

This paper discuses a particular Business Email Compromise that has appeared out of Nigeria.
Added: January 1, 2019
image from Modern Bank Heists: Cyberattacks & Lateral Movement in the Financial Sector

Modern Bank Heists: Cyberattacks & Lateral Movement in the Financial Sector

In this survey of 40 CISO’s from major financial institutions, revealed trends in lateral movement, counter incident response, integrity attacks and the most concerning threat actors organizations face. (more available)
Added: January 1, 2019
image from The SpyRATs of OceanLotus

The SpyRATs of OceanLotus

This paper takes a look at several bespoke backdoors deployed by OceanLotus Group, as well as evidence of the threat actor using obfuscated CobaltStrik Beacon payloads to perform C2. (more available)
Added: December 29, 2018
image from Cobalt Group

Cobalt Group

Fidelis Threat Research analysts have discovered a new version of ThreadKit, malware notorious for it’s use by the cybercrime organization known as Cobalt Group. (more available)
Added: December 14, 2018
image from Observations From The Front Lines Of Threat Hunting

Observations From The Front Lines Of Threat Hunting

This report provides a summary of OverWatch’s findings from intrusion hunting during the first half (January through June) of 2018. It reviews intrusion trends during that time frame, provides insights into the current landscape of adversary tactics and delivers highlights of notable intrusions OverWatch identified. (more available)
Added: December 5, 2018
image from Necurs Malware Overview

Necurs Malware Overview

The purpose of this document is to briefly describe the features of Necurs malware. During the analysis, we have been able to identify the different “features” and “capabilities” of the Necurs malware. (more available)
Added: December 4, 2018
image from Quarterly Incident Response Threat Report: Destructive Cyberattacks Increase Ahead of 2018 Midterm Elections

Quarterly Incident Response Threat Report: Destructive Cyberattacks Increase Ahead of 2018 Midterm Elections

A trade war with China. A fragile agreement with North Korea. A growing fear of Russian hackers. Ahead of the 2018 U. (more available)
Added: November 21, 2018
image from APT Targets Financial Analysts with CVE-2017-0199

APT Targets Financial Analysts with CVE-2017-0199

On April 20, Proofpoint observed a targeted campaign focused on financial analysts working at top global financial firms operating in Russia and neighboring countries. (more available)
Added: November 15, 2018
image from Tracking Subaat: Targeted Phishing Attack Leads to Threat Actor’s Repository

Tracking Subaat: Targeted Phishing Attack Leads to Threat Actor’s Repository

In mid-July, Palo Alto Networks Unit 42 identified a small targeted phishing campaign aimed at a government organization. While tracking the activities of this campaign, we identified a repository of additional malware, including a web server that was used to host the payloads used for both this attack as well as others. (more available)
Added: November 15, 2018
image from Threat Actors Target Government of Belarus Using CMSTAR Trojan

Threat Actors Target Government of Belarus Using CMSTAR Trojan

Palo Alto Networks Unit 42 has identified a series of phishing emails containing updated versions of the previously discussed CMSTAR malware family targeting various government entities in the country of Belarus. (more available)
Added: November 15, 2018
image from The Blockbuster Sequel

The Blockbuster Sequel

Unit 42 has identified malware with recent compilation and distribution timestamps that has code, infrastructure, and themes overlapping with threats described previously in the Operation Blockbuster report, written by researchers at Novetta. (more available)
Added: November 15, 2018
image from OilRig Deploys "ALMA Communicator" – DNS Tunneling Trojan

OilRig Deploys "ALMA Communicator" – DNS Tunneling Trojan

Unit 42 has been closely tracking the OilRig threat group since May 2016. One technique we’ve been tracking with this threat group is their use of the Clayslide delivery document as attachments to spear-phishing emails in attacks since May 2016. (more available)
Added: November 15, 2018
image from Magic Hound Campaign Attacks Saudi Targets

Magic Hound Campaign Attacks Saudi Targets

Unit 42 has discovered a persistent attack campaign operating primarily in the Middle East dating back to at least mid-2016 which we have named Magic Hound. (more available)
Added: November 15, 2018
image from The Gamaredon Group Toolset Evolution

The Gamaredon Group Toolset Evolution

Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. We have labelled this threat group the Gamaredon Group and our research shows that the Gamaredon Group has been active since at least 2013. (more available)
Added: November 15, 2018
image from Dimnie: Hiding In Plain Sight

Dimnie: Hiding In Plain Sight

This post discusses the reports of open-source developers receiving malicious emails.
Added: November 15, 2018
image from DragonOK Updates Toolset and Targets Multiple Geographic Regions

DragonOK Updates Toolset and Targets Multiple Geographic Regions

The DragonOK group has been actively launching attacks for years. We first discussed them in April 2015 when we witnessed them targeting a number of organizations in Japan. (more available)
Added: November 15, 2018
image from Turla group using Neuron and Nautilus tools alongside Snake malware

Turla group using Neuron and Nautilus tools alongside Snake malware

This report provides new intelligence by the NCSC on two tools used by the Turla group to target the UK. It contains IOCs and signatures for detection by network defenders. (more available)
Added: November 15, 2018
image from ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar

ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar

Using data collected from the Lookout global sensor network, the Lookout research team was able to gain unique visibility into the ViperRAT malware, including 11 new, unreported applications. (more available)
Added: November 15, 2018
image from KingSlayer - A Supply Chain Attack

KingSlayer - A Supply Chain Attack

In this Kingslayer post-mortem report, RSA Research describes a sophisticated software application supply chain attack that may have otherwise gone unnoticed by its targets. (more available)
Added: November 15, 2018
image from From Shamoon To Stonedrill

From Shamoon To Stonedrill

This report provides new insights into the Shamoon 2.0 and StoneDrill attacks, including: 1. The discovery techniques and strategies we used for Shamoon and StoneDrill. (more available)
Added: November 15, 2018
  • ««
  • «
  • 1
  • 2
  • 3
  • 4
  •  … 
  • 8
  • »
  • »»
© Cyentia Institute 2022
Library updated: July 5, 2022 00:08 UTC (build d6199b1)