Cyentia Cybersecurity Research Library
  • Sources
  • Tags
  • About
  • Sponsors
  • More from Cyentia

Downloader

Below you will find reports with the tag of “Downloader”

image from ESET Threat Report Q4 2020

ESET Threat Report Q4 2020

This report reflects on the key threats that emerged or expanded in the 4th quarter of 2020.

Added: February 24, 2021
image from FIN11: A Widespread Ransomware and Extortion Operation

FIN11: A Widespread Ransomware and Extortion Operation

This report provides a look into FIN11, a financially motivated threat group that has conducted some of the largest and longest running malware distribution campaigns to date.

(more available)
Added: October 18, 2020
image from An Insider View to the Increasingly Complex Kingminer Botnet

An Insider View to the Increasingly Complex Kingminer Botnet

A detailed technical analysis of the Kingminer botnet malware, including the C&C network, infection vectors, payload, and auxiliary components.

Added: June 9, 2020
image from Threat Landscape Report Q4 2019

Threat Landscape Report Q4 2019

This is the threat landscape report from Fortinet for the 4th quarter of 2019. It goes into changes in this quarter, including threat detection changes and attack changes.

(more available)
Added: March 15, 2020
image from Operation Sharpshooter

Operation Sharpshooter

This report takes a look at a new global campaign targeting nuclear, defense, energy, and financial companies.

Added: December 29, 2018
image from Cobalt Group

Cobalt Group

Fidelis Threat Research analysts have discovered a new version of ThreadKit, malware notorious for it’s use by the cybercrime organization known as Cobalt Group. This report will provide analysis of a recent campaign, seen October 30th , utilizing the Cobalt Group malware frameworks. Cobalt Group was believed to have suffered a hit earlier this year[1] with the reported arrest of one of its members. After the arrest, the campaigns appear to have slowed significantly however despite this, there has been continued development concerning the groups malware framework.

(more available)
Added: December 14, 2018
image from Magic Hound Campaign Attacks Saudi Targets

Magic Hound Campaign Attacks Saudi Targets

Unit 42 has discovered a persistent attack campaign operating primarily in the Middle East dating back to at least mid-2016 which we have named Magic Hound. This appears to be an attack campaign focused on espionage. We were able to collect over fifty samples of the tools used by the Magic Hound campaign using the AutoFocus threat intelligence tool. The earliest malware sample we were able to collect had a compile timestamp in May 2016. The samples themselves ranged from IRC bots, an open source Python remote access tool, malicious macros, and others. It is believed the use of specific tools may have coincided with specific attack waves by this adversary, with the most recent attacks using weaponized Microsoft Office documents with malicious macros. Due to the large amount of data collected, and limitations on attack telemetry, this blog will focus primarily on the most recent attacks occurring in the latter half of 2016.

(more available)
Added: November 15, 2018
image from The Gamaredon Group Toolset Evolution

The Gamaredon Group Toolset Evolution

Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. We have labelled this threat group the Gamaredon Group and our research shows that the Gamaredon Group has been active since at least 2013.

(more available)
Added: November 15, 2018
image from Dimnie: Hiding In Plain Sight

Dimnie: Hiding In Plain Sight

This post discusses the reports of open-source developers receiving malicious emails.

Added: November 15, 2018
image from MM Core In-Memory Backdoor Returns as "BigBoss" and "SillyGoose"

MM Core In-Memory Backdoor Returns as "BigBoss" and "SillyGoose"

In this blog we will detail our discovery of the next two versions of MM Core, namely “BigBoss” (2.2-LNK) and “SillyGoose” (2.3-LNK). Attacks using “BigBoss” appear likely to have occurred since mid-2015, whereas “SillyGoose” appears to have been distributed since September 2016. Both versions still appear to be active.

(more available)
Added: November 15, 2018
image from Operation BugDrop: CyberX Discovers Large-Scale Cyber-Reconnaissance Operation Targeting Ukrainian Organizations

Operation BugDrop: CyberX Discovers Large-Scale Cyber-Reconnaissance Operation Targeting Ukrainian Organizations

CyberX has discovered a new, large-scale cyber-reconnaissance operation targeting a broad range of targets in the Ukraine. Because it eavesdrops on sensitive conversations by remotely controlling PC microphones – in order to surreptitiously “bug” its targets – and uses Dropbox to store exfiltrated data, CyberX has named it “Operation BugDrop.”

(more available)
Added: November 15, 2018
image from Operation Electric Powder - Who is Targeting Israel Electric Company

Operation Electric Powder - Who is Targeting Israel Electric Company

From April 2016 until at least February 2017, attackers have been spreading malware via fake Facebook profiles and pages, breached websites, self-hosted and cloud based websites. Various artifacts indicate that the main target of this campaign is IEC – Israel Electric Company. These include domains, file names, Java package names, and Facebook activity. We dubbed this campaign “Operation Electric Powder“.

(more available)
Added: November 15, 2018
image from Minerva's 2016 Year In Review

Minerva's 2016 Year In Review

Released in 2017, this report details the cyberthreats that Minerva dealt with in 2016.

Added: October 25, 2018
image from Blackmoon Banking Trojan Overview

Blackmoon Banking Trojan Overview

The Blackmoon Banking Trojan was thought to be shut down in 2016. However, it has re-emerged. This paper provides a brief analysis of the revamped trojan.

(more available)
Added: October 24, 2018
image from ISTR Email Threats 2017

ISTR Email Threats 2017

This special report analyzes Email and the threats that occur in that environment.

Added: October 22, 2018
image from Threat Actor - APT28

Threat Actor - APT28

This report takes a look at ATP28 a recognized state sponsored threat actor operating out of Russia.

Added: October 22, 2018
image from APT37 (Reaper) The Overlooked North Korean Actor

APT37 (Reaper) The Overlooked North Korean Actor

This report takes a look at a North Korean CyberEspionage Groub.

Added: October 21, 2018
image from Cyber Threats To The High Tech And IT Industry

Cyber Threats To The High Tech And IT Industry

Get a threat outlook for high tech and IT sectors as their relevance to economic, intelligence and security concerns make them more valuable targets.

(more available)
Added: October 18, 2018
image from ASEC Report Volume 86 Q1 2017

ASEC Report Volume 86 Q1 2017

This report from the Ahn Lab Security Emergency Response Center provides a review of various Cyber events that took place in the 1st QTR of 2017.

(more available)
Added: October 17, 2018
image from GTIC Monthly Threat Report January 2018

GTIC Monthly Threat Report January 2018

This monthly threat report takes a look at the month of January 2018. Specifically, it looks at two VULNS, the hacking of nuclear weapons, and the increase in suspected Chinese Cyber activity.

(more available)
Added: October 17, 2018
image from Joao Malware Analysis

Joao Malware Analysis

This report provides analysis and information related to Joao Malware which has attacked video gamers.

Added: October 16, 2018
  • ««
  • «
  • 1
  • 2
  • »
  • »»
© Cyentia Institute 2025
Library updated: June 21, 2025 20:08 UTC (build b1d7be4)