Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-09-30YoroiLuigi Martire, Carmelo Ragusa
@online{martire:20220930:dissecting:6f63f37, author = {Luigi Martire and Carmelo Ragusa}, title = {{Dissecting BlueSky Ransomware Payload}}, date = {2022-09-30}, organization = {Yoroi}, url = {https://yoroi.company/research/dissecting-bluesky-ransomware-payload/}, language = {English}, urldate = {2022-09-30} } Dissecting BlueSky Ransomware Payload
BlueSky
2022-09-29ReutersJoel Schectman, Bozorgmehr Sharafedin
@online{schectman:20220929:americas:b89f590, author = {Joel Schectman and Bozorgmehr Sharafedin}, title = {{America’s Throwaway Spies How the CIA failed Iranian informants in its secret war with Tehran}}, date = {2022-09-29}, organization = {Reuters}, url = {https://www.reuters.com/investigates/special-report/usa-spies-iran/}, language = {English}, urldate = {2022-09-30} } America’s Throwaway Spies How the CIA failed Iranian informants in its secret war with Tehran
2022-09-29NTTNTT Security Holdings Corporation
@techreport{corporation:20220929:report:1615dab, author = {NTT Security Holdings Corporation}, title = {{Report on APT Attacks by BlackTech}}, date = {2022-09-29}, institution = {NTT}, url = {https://jp.security.ntt/resources/EN-BlackTech_2021.pdf}, language = {English}, urldate = {2022-09-30} } Report on APT Attacks by BlackTech
Bifrost PLEAD TSCookie Flagpro Gh0stTimes SelfMake Loader SPIDERPIG RAT
2022-09-29MicrosoftMicrosoft Security Threat Intelligence, LinkedIn Threat Prevention and Defense
@online{intelligence:20220929:zinc:4b8e6c0, author = {Microsoft Security Threat Intelligence and LinkedIn Threat Prevention and Defense}, title = {{ZINC weaponizing open-source software}}, date = {2022-09-29}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/29/zinc-weaponizing-open-source-software/}, language = {English}, urldate = {2022-09-30} } ZINC weaponizing open-source software
2022-09-29Perception PointIgal Lytzki
@online{lytzki:20220929:doenerium:06e117e, author = {Igal Lytzki}, title = {{Doenerium: It’s Not a Crime to Steal From Thieves}}, date = {2022-09-29}, organization = {Perception Point}, url = {https://perception-point.io/doenerium-malware/}, language = {English}, urldate = {2022-09-30} } Doenerium: It’s Not a Crime to Steal From Thieves
doenerium
2022-09-29MandiantAlexander Marvi, Jeremy Koppen, Tufail Ahmed, Jonathan Lepore
@online{marvi:20220929:bad:4f02da8, author = {Alexander Marvi and Jeremy Koppen and Tufail Ahmed and Jonathan Lepore}, title = {{Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors}}, date = {2022-09-29}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence}, language = {English}, urldate = {2022-09-30} } Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors
2022-09-29GTSCGTSC SECURITY TEAM
@online{team:20220929:warning:e0972dc, author = {GTSC SECURITY TEAM}, title = {{Warning Campaign Attack Using Zero Day Vulnerability on Microsoft Exchange Server}}, date = {2022-09-29}, organization = {GTSC}, url = {https://www.gteltsc.vn/blog/canh-bao-chien-dich-tan-cong-su-dung-lo-hong-zero-day-tren-microsoft-exchange-server-12714.html}, language = {Vietnamese}, urldate = {2022-09-30} } Warning Campaign Attack Using Zero Day Vulnerability on Microsoft Exchange Server
2022-09-29SymantecThreat Hunter Team
@online{team:20220929:witchetty:628f1c4, author = {Threat Hunter Team}, title = {{Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East}}, date = {2022-09-29}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/witchetty-steganography-espionage}, language = {English}, urldate = {2022-09-30} } Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East
CHINACHOPPER Lookback MimiKatz PlugX Unidentified 096 (Keylogger) x4
2022-09-29MandiantAlexander Marvi, Greg Blaum
@online{marvi:20220929:bad:8fc7be3, author = {Alexander Marvi and Greg Blaum}, title = {{Bad VIB(E)s Part Two: Detection and Hardening within ESXi Hypervisors}}, date = {2022-09-29}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/esxi-hypervisors-detection-hardening}, language = {English}, urldate = {2022-09-30} } Bad VIB(E)s Part Two: Detection and Hardening within ESXi Hypervisors
2022-09-28GigamonRoman Kroshinsky, Pavle Culum
@online{kroshinsky:20220928:investigating:17c6c32, author = {Roman Kroshinsky and Pavle Culum}, title = {{Investigating Web Shells}}, date = {2022-09-28}, organization = {Gigamon}, url = {https://blog.gigamon.com/2022/09/28/investigating-web-shells/}, language = {English}, urldate = {2022-09-30} } Investigating Web Shells
Godzilla Webshell Behinder
2022-09-28SecuronixD. Iuzvyk, T. Peck, O. Kolesnikov
@online{iuzvyk:20220928:securonix:7e14e6e, author = {D. Iuzvyk and T. Peck and O. Kolesnikov}, title = {{Securonix Threat Labs Security Advisory: Detecting STEEP#MAVERICK: New Covert Attack Campaign Targeting Military Contractors}}, date = {2022-09-28}, organization = {Securonix}, url = {https://www.securonix.com/blog/detecting-steepmaverick-new-covert-attack-campaign-targeting-military-contractors/}, language = {English}, urldate = {2022-09-30} } Securonix Threat Labs Security Advisory: Detecting STEEP#MAVERICK: New Covert Attack Campaign Targeting Military Contractors
2022-09-28ArrowRATArrowRat
@online{arrowrat:20220928:arrowrat:05fe8cc, author = {ArrowRat}, title = {{ArrowRat}}, date = {2022-09-28}, organization = {ArrowRAT}, url = {https://www.arrowrat.com}, language = {English}, urldate = {2022-09-29} } ArrowRat
ArrowRAT
2022-09-28LumenBlack Lotus Labs
@online{labs:20220928:chaos:9918c3d, author = {Black Lotus Labs}, title = {{Chaos Is A Go-Based Swiss Army Knife Of Malware}}, date = {2022-09-28}, organization = {Lumen}, url = {https://blog.lumen.com/chaos-is-a-go-based-swiss-army-knife-of-malware/}, language = {English}, urldate = {2022-09-30} } Chaos Is A Go-Based Swiss Army Knife Of Malware
Chaos Kaiji
2022-09-28KasperskyGReAT
@online{great:20220928:prilex:63ddfb7, author = {GReAT}, title = {{Prilex: the pricey prickle credit card complex}}, date = {2022-09-28}, organization = {Kaspersky}, url = {https://securelist.com/prilex-atm-pos-malware-evolution/107551/}, language = {English}, urldate = {2022-09-30} } Prilex: the pricey prickle credit card complex
2022-09-28Recorded FutureInsikt Group®
@techreport{group:20220928:1:eb11b21, author = {Insikt Group®}, title = {{1 KEY FOR 1 LOCK: The Chinese Communist Party’s Strategy for Targeted Propaganda}}, date = {2022-09-28}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/ta-2022-0928.pdf}, language = {English}, urldate = {2022-09-30} } 1 KEY FOR 1 LOCK: The Chinese Communist Party’s Strategy for Targeted Propaganda
2022-09-28BarracudaTushar Richabadas
@online{richabadas:20220928:threat:0e98b73, author = {Tushar Richabadas}, title = {{Threat Spotlight: Continuing attacks on Atlassian Confluence zero day}}, date = {2022-09-28}, organization = {Barracuda}, url = {https://blog.barracuda.com/2022/09/28/threat-spotlight-continuing-attacks-on-atlassian-confluence-zero-day/}, language = {English}, urldate = {2022-09-30} } Threat Spotlight: Continuing attacks on Atlassian Confluence zero day
2022-09-27Github (blacklotuslabs)Black Lotus Labs
@online{labs:20220927:chaos:1389681, author = {Black Lotus Labs}, title = {{Chaos Is A Go-Based Swiss Army Knife Of Malware (IOCs)}}, date = {2022-09-27}, organization = {Github (blacklotuslabs)}, url = {https://github.com/blacklotuslabs/IOCs/blob/main/Chaos_IoCs.txt}, language = {English}, urldate = {2022-09-30} } Chaos Is A Go-Based Swiss Army Knife Of Malware (IOCs)
2022-09-27Cyber GeeksVlad Pasca
@online{pasca:20220927:technical:3b1f571, author = {Vlad Pasca}, title = {{A technical analysis of Pegasus for Android – Part 2}}, date = {2022-09-27}, organization = {Cyber Geeks}, url = {https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-2/}, language = {English}, urldate = {2022-09-29} } A technical analysis of Pegasus for Android – Part 2
Chrysaor
2022-09-27SecurityScorecardVlad Pasca
@online{pasca:20220927:deep:203b1f0, author = {Vlad Pasca}, title = {{A Deep Dive Into the APT28’s stealer called CredoMap}}, date = {2022-09-27}, organization = {SecurityScorecard}, url = {https://securityscorecard.com/research/apt28s-stealer-called-credomap}, language = {English}, urldate = {2022-09-29} } A Deep Dive Into the APT28’s stealer called CredoMap
CredoMap
2022-09-27Palo Alto Networks Unit 42Mark Lim
@online{lim:20220927:more:5992cc3, author = {Mark Lim}, title = {{More Than Meets the Eye: Exposing a Polyglot File That Delivers IcedID}}, date = {2022-09-27}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/polyglot-file-icedid-payload/}, language = {English}, urldate = {2022-09-30} } More Than Meets the Eye: Exposing a Polyglot File That Delivers IcedID
PhotoLoader