ReferencesAuthors

Proofpoint Staff

  • Parasite HTTP RAT cooks up a stew of stealthy tricks - - Proofpoint - Proofpoint Staff Parasite HTTP
  • Hunter Exploit Kit Targets Brazilian Banking Customers - 2015-08-27 - Proofpoint - Proofpoint Staff Hunter
  • Dyre Malware Campaigners Innovate with Distribution Techniques - 2015-10-08 - Proofpoint - Proofpoint Staff
  • Vawtrak and UrlZone Banking Trojans Target Japan - 2016-02-05 - Proofpoint - Proofpoint Staff URLZone Vawtrak Angler
  • Dridex Actors Get In the Ransomware Game With "Locky" - 2016-02-16 - Proofpoint - Proofpoint Staff Locky Neutrino TA505
  • Nymaim Moves Past Its Ransomware Roots - What Is Old Is New Again - 2016-02-26 - Proofpoint - Proofpoint Staff Sagrid Nymaim
  • CryptXXX 2.0: Ransomware Authors Strike Back Against Free Decryption Tool - 2016-05-09 - Proofpoint - Proofpoint Staff CryptXXX GooNky Angler
  • CryptXXX Ransomware Learns the Samba, Other New Tricks With Version 3.100 - 2016-06-01 - Proofpoint - Proofpoint Staff StillerX CryptXXX
  • Threat Actors Using Legitimate PayPal Accounts To Distribute Chthonic Banking Trojan - 2016-07-26 - Proofpoint - Proofpoint Staff Chthonic AZORult
  • Spike in Kovter Ad Fraud Malware Riding on Clever Macro Trick - 2016-10-10 - Proofpoint - Proofpoint Staff Kovter TA530
  • Ostap Bender: 400 Ways to Make the Population Part With Their Money - 2016-12-08 - Proofpoint - Proofpoint Staff Ostap Dridex Gozi ISFB TinyLoader
  • Dridex Campaigns Hitting Millions of Recipients Using Unpatched Microsoft Zero-Day - 2017-04-10 - Proofpoint - Proofpoint Staff CVE-2017-0199 Dridex TA505
  • Threat Actor Profile: TA505, From Dridex to GlobeImposter - 2017-09-27 - Proofpoint - Proofpoint Staff TA505 Dridex Trickbot Shifu
  • Kovter Group malvertising campaign exposes millions to potential malware and fraud - 2017-10-07 - Proofpoint - Kafeine - Proofpoint Staff KovCoreG Kovter
  • Leaked Ammyy Admin Source Code Turned into Malware - 2018-03-07 - Proofpoint - Proofpoint Staff FlawedAmmyy TA505 Quant
  • DanaBot - A new banking Trojan surfaces Down Under - 2018-05-31 - Proofpoint - Proofpoint Staff Danabot TA547 CryptXXX
  • TA505 Abusing SettingContent-ms within PDF files to Distribute FlawedAmmyy RAT - 2018-07-19 - Proofpoint - Proofpoint Staff FlawedAmmyy TA505
  • Kronos Reborn - 2018-07-24 - Proofpoint - Proofpoint Staff Osiris RIG
  • New version of AZORult stealer improves loading features, spreads alongside ransomware in new campaign - 2018-07-30 - Proofpoint - Proofpoint Staff AZORult
  • New modular downloaders fingerprint systems, prepare for more - Part 1: Marap - 2018-08-16 - Proofpoint - Proofpoint Staff Marap TA555
  • New modular downloaders fingerprint systems - Part 2: AdvisorsBot - 2018-08-23 - Proofpoint - Proofpoint Staff AdvisorsBot PoshAdvisor Marap TA555
  • sLoad and Ramnit pairing in sustained campaigns against UK and Italy - 2018-10-23 - Proofpoint - Proofpoint Staff TA554 sLoad Ramnit PsiXBot Gootkit Snatch
  • LCG Kit: Sophisticated builder for Malicious Microsoft Office Documents - 2018-12-13 - Proofpoint - Proofpoint Staff LCG KIT CVE-2018-8174
  • ServHelper and FlawedGrace - New malware introduced by TA505 - 2019-01-09 - Proofpoint - Dennis Schwarz - Proofpoint Staff ServHelper FlawedGrace TA505
  • Fake Jobs: Campaigns Delivering More_eggs Backdoor via Fake Job Offers - 2019-02-21 - Proofpoint - Proofpoint Staff VenomKit Taurus Builder CVE-2017-0199 CVE-2018-8174
  • DanaBot control panel revealed - 2019-03-13 - Proofpoint - Dennis Schwarz - Proofpoint Staff Danabot
  • New KPOT v2.0 stealer brings zero persistence and in-memory features to silently steal credentials - 2019-05-09 - Proofpoint - Dennis Schwarz - Proofpoint Staff KPOT Fallout RIG
  • URLZone top malware in Japan, while Emotet and LINE Phishing round out the landscape - 2019-06-19 - Proofpoint - Proofpoint Staff TA544 URLZone Gozi v3 Vawtrak TA505 FlawedAmmyy
  • TA505 begins summer campaigns with a new pet malware downloader, AndroMut, in the UAE, South Korea, Singapore, and the United States - 2019-07-02 - Proofpoint - Matthew Mesa - Dennis Schwarz - Proofpoint Staff AndroMut FlawedAmmyy TA505
  • Threat Actor Profile: TA544 targets geographies from Italy to Japan with a range of malware - 2019-07-11 - Proofpoint - Proofpoint Staff TA544 Nymaim Gozi ISFB URLZone
  • BrushaLoader still sweeping up victims one year later - 2019-07-22 - Proofpoint - Kafeine - Proofpoint Staff BrushaLoader Danabot Gootkit TA544
  • SystemBC is like Christmas in July for SOCKS5 Malware and Exploit Kits - 2019-08-01 - Proofpoint - Kade Karmon - Kafeine - Dennis Schwarz - Proofpoint Staff SystemBC Fallout RIG Danabot PowerEnum
  • TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader - 2019-10-16 - Proofpoint - Dennis Schwarz - Kafeine - Matthew Mesa - Axel F - Proofpoint Staff Get2 TA505 SDBbot FlawedGrace FlawedAmmyy Snatch ServHelper
  • TA2101 plays government imposter to distribute malware to German, Italian, and US organizations - 2019-11-14 - Proofpoint - Bryan Campbell - Bryan Campbell - Proofpoint Staff TA2101 Cobalt Strike Maze IcedID
  • Buer, a new loader emerges in the underground marketplace - 2019-12-04 - Proofpoint - Kelsey Merriman - Dennis Schwarz - Kafeine - Axel F - Proofpoint Staff Buer Ostap Trickbot Fallout