Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-08-11CleafyCleafy
@online{cleafy:20220811:sova:e3cc78b, author = {Cleafy}, title = {{SOVA malware is back and is evolving rapidly}}, date = {2022-08-11}, organization = {Cleafy}, url = {https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly}, language = {English}, urldate = {2022-08-11} } SOVA malware is back and is evolving rapidly
S.O.V.A.
2022-08-11MorphisecHido Cohen, Arnold Osipov
@online{cohen:20220811:aptc35:bc731cd, author = {Hido Cohen and Arnold Osipov}, title = {{APT-C-35 GETS A NEW UPGRADE}}, date = {2022-08-11}, organization = {Morphisec}, url = {https://blog.morphisec.com/apt-c-35-new-windows-framework-revealed}, language = {English}, urldate = {2022-08-12} } APT-C-35 GETS A NEW UPGRADE
2022-08-11CISACISA, FBI
@online{cisa:20220811:alert:d9f4fc0, author = {CISA and FBI}, title = {{Alert (AA22-223A) #StopRansomware: Zeppelin Ransomware}}, date = {2022-08-11}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-223a}, language = {English}, urldate = {2022-08-12} } Alert (AA22-223A) #StopRansomware: Zeppelin Ransomware
Zeppelin
2022-08-11AdvIntelAdvIntel
@online{advintel:20220811:bazarcall:1ad6bb2, author = {AdvIntel}, title = {{“BazarCall” Advisory: Essential Guide to Attack Vector that Revolutionized Data Breaches}}, date = {2022-08-11}, organization = {AdvIntel}, url = {https://www.advintel.io/post/bazarcall-advisory-the-essential-guide-to-call-back-phishing-attacks-that-revolutionized-the-data}, language = {English}, urldate = {2022-08-11} } “BazarCall” Advisory: Essential Guide to Attack Vector that Revolutionized Data Breaches
2022-08-11Malcatmalcat team
@online{team:20220811:lnk:29e9765, author = {malcat team}, title = {{LNK forensic and config extraction of a cobalt strike beacon}}, date = {2022-08-11}, organization = {Malcat}, url = {https://malcat.fr/blog/lnk-forensic-and-config-extraction-of-a-cobalt-strike-beacon/}, language = {English}, urldate = {2022-08-12} } LNK forensic and config extraction of a cobalt strike beacon
Cobalt Strike
2022-08-10KasperskyPierre Delcher, Giampaolo Dedola
@online{delcher:20220810:vilerat:a47ce21, author = {Pierre Delcher and Giampaolo Dedola}, title = {{VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges}}, date = {2022-08-10}, organization = {Kaspersky}, url = {https://securelist.com/vilerat-deathstalkers-continuous-strike/107075/}, language = {English}, urldate = {2022-08-12} } VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges
2022-08-10Cybersecurity TrendsCostin Raiu
@online{raiu:20220810:pegasus:7175abc, author = {Costin Raiu}, title = {{“Pegasus”, the spyware for smartphones. How does it work and how can you protect yourself?}}, date = {2022-08-10}, organization = {Cybersecurity Trends}, url = {https://www.cybertrends.it/pegasus-lo-spyware-per-smartphone-come-funziona-e-come-ci-si-puo-proteggere/}, language = {Italian}, urldate = {2022-08-10} } “Pegasus”, the spyware for smartphones. How does it work and how can you protect yourself?
Chrysaor
2022-08-10BitSightJoão Batista
@online{batista:20220810:emotet:2248a42, author = {João Batista}, title = {{Emotet SMB Spreader is Back}}, date = {2022-08-10}, organization = {BitSight}, url = {https://www.bitsight.com/blog/emotet-smb-spreader-back}, language = {English}, urldate = {2022-08-11} } Emotet SMB Spreader is Back
Emotet
2022-08-10Palo Alto Networks Unit 42Muhammad Umer Khan, Lee Wei, Yang Ji, Wenjun Hu
@online{khan:20220810:bluesky:a8e0325, author = {Muhammad Umer Khan and Lee Wei and Yang Ji and Wenjun Hu}, title = {{BlueSky Ransomware: Fast Encryption via Multithreading}}, date = {2022-08-10}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/bluesky-ransomware/}, language = {English}, urldate = {2022-08-12} } BlueSky Ransomware: Fast Encryption via Multithreading
2022-08-10CiscoNick Biasini
@online{biasini:20220810:cisco:81eec81, author = {Nick Biasini}, title = {{Cisco Talos shares insights related to recent cyber attack on Cisco}}, date = {2022-08-10}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html}, language = {English}, urldate = {2022-08-11} } Cisco Talos shares insights related to recent cyber attack on Cisco
Yanluowang
2022-08-10GoogleXingyu Jin, Google Project Zero
@online{jin:20220810:quantum:cbe3e82, author = {Xingyu Jin and Google Project Zero}, title = {{The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I)}}, date = {2022-08-10}, organization = {Google}, url = {https://googleprojectzero.blogspot.com/2022/08/the-quantum-state-of-linux-kernel.html}, language = {English}, urldate = {2022-08-11} } The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I)
2022-08-10Palo Alto Networks Unit 42Anthony Galiette, Daniel Bunce, Doel Santos, Shawn Westfall
@online{galiette:20220810:novel:9849ff4, author = {Anthony Galiette and Daniel Bunce and Doel Santos and Shawn Westfall}, title = {{Novel News on Cuba Ransomware: Greetings From Tropical Scorpius}}, date = {2022-08-10}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cuba-ransomware-tropical-scorpius/}, language = {English}, urldate = {2022-08-11} } Novel News on Cuba Ransomware: Greetings From Tropical Scorpius
Cuba ROMCOM RAT
2022-08-09KasperskyKurt Baumgartner, Seongsu Park
@online{baumgartner:20220809:andariel:89d6b24, author = {Kurt Baumgartner and Seongsu Park}, title = {{Andariel deploys DTrack and Maui ransomware}}, date = {2022-08-09}, organization = {Kaspersky}, url = {https://securelist.com/andariel-deploys-dtrack-and-maui-ransomware/107063/}, language = {English}, urldate = {2022-08-11} } Andariel deploys DTrack and Maui ransomware
Dtrack Maui Ransomware
2022-08-09ZscalerSudeep Singh, Jagadeeswar Ramanukolanu
@online{singh:20220809:aitm:4092645, author = {Sudeep Singh and Jagadeeswar Ramanukolanu}, title = {{AiTM phishing attack targeting enterprise users of Gmail}}, date = {2022-08-09}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/aitm-phishing-attack-targeting-enterprise-users-gmail}, language = {English}, urldate = {2022-08-10} } AiTM phishing attack targeting enterprise users of Gmail
2022-08-09Medium walmartglobaltechJason Reaves, Joshua Platt
@online{reaves:20220809:pivoting:7afbaea, author = {Jason Reaves and Joshua Platt}, title = {{Pivoting on a SharpExt to profile Kimusky panels for great good}}, date = {2022-08-09}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/pivoting-on-a-sharpext-to-profile-kimusky-panels-for-great-good-1920dc1bcef9}, language = {English}, urldate = {2022-08-11} } Pivoting on a SharpExt to profile Kimusky panels for great good
2022-08-08N1ght-W0lf BlogAbdallah Elshinbary
@online{elshinbary:20220808:yara:f9ea382, author = {Abdallah Elshinbary}, title = {{YARA for config extraction}}, date = {2022-08-08}, organization = {N1ght-W0lf Blog}, url = {https://n1ght-w0lf.github.io/tutorials/yara-for-config-extraction/}, language = {English}, urldate = {2022-08-09} } YARA for config extraction
RedLine Stealer
2022-08-08FortinetJames Slaughter
@online{slaughter:20220808:life:5db63b6, author = {James Slaughter}, title = {{Life After Death - SmokeLoader Continues to Haunt Using Old Vulnerabilities}}, date = {2022-08-08}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/smokeloader-using-old-vulnerabilities}, language = {English}, urldate = {2022-08-11} } Life After Death - SmokeLoader Continues to Haunt Using Old Vulnerabilities
SmokeLoader
2022-08-08KasperskyKaspersky Lab ICS CERT
@techreport{cert:20220808:targeted:61c5617, author = {Kaspersky Lab ICS CERT}, title = {{Targeted attack on industrial enterprises and public institutions}}, date = {2022-08-08}, institution = {Kaspersky}, url = {https://ics-cert.kaspersky.com/media/Kaspersky-ICS-CERT-Targeted-attack-on-industrial-enterprises-and-public-institutions-En.pdf}, language = {English}, urldate = {2022-08-11} } Targeted attack on industrial enterprises and public institutions
Cotx RAT Logtu nccTrojan PortDoor
2022-08-08The DFIR ReportThe DFIR Report
@online{report:20220808:bumblebee:74d81a8, author = {The DFIR Report}, title = {{BumbleBee Roasts Its Way to Domain Admin}}, date = {2022-08-08}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/}, language = {English}, urldate = {2022-08-09} } BumbleBee Roasts Its Way to Domain Admin
BumbleBee Cobalt Strike
2022-08-07forensicitguyTony Lambert
@online{lambert:20220807:analyzing:9e98830, author = {Tony Lambert}, title = {{Analyzing .NET Core Single File Samples (DUCKTAIL Case Study)}}, date = {2022-08-07}, organization = {forensicitguy}, url = {https://forensicitguy.github.io/analyzing-net-core-single-file-ducktail/}, language = {English}, urldate = {2022-08-09} } Analyzing .NET Core Single File Samples (DUCKTAIL Case Study)
DUCKTAIL