Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-10-13Anchored Narratives on Threat Intelligence and GeopoliticsRJM
@online{rjm:20211013:trouble:c988e46, author = {RJM}, title = {{Trouble in Asia and the Middle East. Tracking the TransparentTribe threat actor.}}, date = {2021-10-13}, organization = {Anchored Narratives on Threat Intelligence and Geopolitics}, url = {https://anchorednarratives.substack.com/p/trouble-in-asia-and-the-middle-east}, language = {English}, urldate = {2021-10-14} } Trouble in Asia and the Middle East. Tracking the TransparentTribe threat actor.
Crimson RAT
2021-10-12Boris Larin, Costin Raiu
@online{larin:20211012:mysterysnail:35bdc92, author = {Boris Larin and Costin Raiu}, title = {{MysterySnail attacks with Windows zero-day}}, date = {2021-10-12}, url = {https://securelist.com/mysterysnail-attacks-with-windows-zero-day/104509/}, language = {English}, urldate = {2021-10-14} } MysterySnail attacks with Windows zero-day
MysterySnail
2021-10-08ZscalerTarun Dewan, Lenart Brave
@online{dewan:20211008:new:b97c20c, author = {Tarun Dewan and Lenart Brave}, title = {{New Trickbot and BazarLoader campaigns use multiple delivery vectorsi}}, date = {2021-10-08}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/new-trickbot-and-bazarloader-campaigns-use-multiple-delivery-vectors}, language = {English}, urldate = {2021-10-14} } New Trickbot and BazarLoader campaigns use multiple delivery vectorsi
BazarBackdoor TrickBot
2021-10-080ffset BlogChuong Dong
@online{dong:20211008:squirrelwaffle:4549cd1, author = {Chuong Dong}, title = {{SQUIRRELWAFFLE – Analysing The Main Loader}}, date = {2021-10-08}, organization = {0ffset Blog}, url = {https://www.0ffset.net/reverse-engineering/malware-analysis/squirrelwaffle-main-loader/}, language = {English}, urldate = {2021-10-14} } SQUIRRELWAFFLE – Analysing The Main Loader
Cobalt Strike Squirrelwaffle
2021-10-07S2W Inc.Jaeki Kim, Sojun Ryu, Kyoung-ju Kwak
@online{kim:20211007:operation:6b8234f, author = {Jaeki Kim and Sojun Ryu and Kyoung-ju Kwak}, title = {{Operation Newton: Hi Kimsuky? Did an Apple(seed) really fall on Newton’s head?}}, date = {2021-10-07}, organization = {S2W Inc.}, url = {https://vblocalhost.com/presentations/operation-newton-hi-kimsuky-did-an-appleseed-really-fall-on-newtons-head/}, language = {English}, urldate = {2021-10-14} } Operation Newton: Hi Kimsuky? Did an Apple(seed) really fall on Newton’s head?
Appleseed Kimsuky
2021-10-07Palo Alto Networks Unit 42Peter Renals
@online{renals:20211007:silverterrier:e682411, author = {Peter Renals}, title = {{SilverTerrier – Nigerian Business Email Compromise}}, date = {2021-10-07}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/silverterrier-nigerian-business-email-compromise/}, language = {English}, urldate = {2021-10-11} } SilverTerrier – Nigerian Business Email Compromise
2021-10-07The RecordCatalin Cimpanu
@online{cimpanu:20211007:google:653f25d, author = {Catalin Cimpanu}, title = {{Google notifies 14,000 Gmail users of targeted APT28 attacks}}, date = {2021-10-07}, organization = {The Record}, url = {https://therecord.media/google-notifies-14000-gmail-users-of-targeted-apt28-attacks/}, language = {English}, urldate = {2021-10-13} } Google notifies 14,000 Gmail users of targeted APT28 attacks
2021-10-07MandiantJoshua Shilko, Zach Riddle, Jennifer Brooks, Genevieve Stark, Adam Brunner, Kimberly Goody, Jeremy Kennelly
@online{shilko:20211007:fin12:43d89f5, author = {Joshua Shilko and Zach Riddle and Jennifer Brooks and Genevieve Stark and Adam Brunner and Kimberly Goody and Jeremy Kennelly}, title = {{FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets}}, date = {2021-10-07}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/fin12-ransomware-intrusion-actor-pursuing-healthcare-targets}, language = {English}, urldate = {2021-10-08} } FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets
BazarBackdoor GRIMAGENT Ryuk
2021-10-07MicrosoftMicrosoft
@online{microsoft:20211007:microsoft:793e473, author = {Microsoft}, title = {{Microsoft Digital Defense Report - October 2021}}, date = {2021-10-07}, organization = {Microsoft}, url = {https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWMFIi}, language = {English}, urldate = {2021-10-11} } Microsoft Digital Defense Report - October 2021
2021-10-07ESET ResearchVladislav Hrčka
@online{hrka:20211007:fontonlake:03cadd5, author = {Vladislav Hrčka}, title = {{FontOnLake: Previously unknown malware family targeting Linux}}, date = {2021-10-07}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2021/10/07/fontonlake-previously-unknown-malware-family-targeting-linux/}, language = {English}, urldate = {2021-10-11} } FontOnLake: Previously unknown malware family targeting Linux
FontOnLake
2021-10-07BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20211007:threat:f124dbd, author = {The BlackBerry Research & Intelligence Team}, title = {{Threat Thursday: BluStealer Infostealer}}, date = {2021-10-07}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2021/10/threat-thursday-blustealer-infostealer}, language = {English}, urldate = {2021-10-11} } Threat Thursday: BluStealer Infostealer
BluStealer
2021-10-07NetskopeGustavo Palazolo, Ghanashyam Satpathy
@online{palazolo:20211007:squirrelwaffle:3506816, author = {Gustavo Palazolo and Ghanashyam Satpathy}, title = {{SquirrelWaffle: New Malware Loader Delivering Cobalt Strike and QakBot}}, date = {2021-10-07}, organization = {Netskope}, url = {https://www.netskope.com/blog/squirrelwaffle-new-malware-loader-delivering-cobalt-strike-and-qakbot}, language = {English}, urldate = {2021-10-11} } SquirrelWaffle: New Malware Loader Delivering Cobalt Strike and QakBot
Cobalt Strike QakBot Squirrelwaffle
2021-10-07KasperskyFedor Sinitsyn, Yanis Zinchenko
@online{sinitsyn:20211007:ransomware:b5e74a3, author = {Fedor Sinitsyn and Yanis Zinchenko}, title = {{Ransomware in the CIS}}, date = {2021-10-07}, organization = {Kaspersky}, url = {https://securelist.com/cis-ransomware/104452/}, language = {English}, urldate = {2021-10-11} } Ransomware in the CIS
Cryakl Dharma Hakbit Phobos Void
2021-10-07The RecordCatalin Cimpanu
@online{cimpanu:20211007:netherlands:c716790, author = {Catalin Cimpanu}, title = {{Netherlands can use intelligence or armed forces to respond to ransomware attacks}}, date = {2021-10-07}, organization = {The Record}, url = {https://therecord.media/netherlands-can-use-intelligence-or-armed-forces-to-respond-to-ransomware-attacks/}, language = {English}, urldate = {2021-10-13} } Netherlands can use intelligence or armed forces to respond to ransomware attacks
2021-10-07ANY.RUNANY.RUN
@online{anyrun:20211007:anyrun:c7453bb, author = {ANY.RUN}, title = {{ANY.RUN report for activity of the downloader}}, date = {2021-10-07}, organization = {ANY.RUN}, url = {https://app.any.run/tasks/cd25d8c3-1944-4fa0-a4be-436dc1389fca/}, language = {English}, urldate = {2021-10-11} } ANY.RUN report for activity of the downloader
2021-10-07UptycsSiddharth Sharma
@online{sharma:20211007:team:50e3c4d, author = {Siddharth Sharma}, title = {{Team TNT Deploys Malicious Docker Image On Docker Hub}}, date = {2021-10-07}, organization = {Uptycs}, url = {https://www.uptycs.com/blog/team-tnt-deploys-malicious-docker-image-on-docker-hub-with-pentesting-tools}, language = {English}, urldate = {2021-10-11} } Team TNT Deploys Malicious Docker Image On Docker Hub
TeamTNT
2021-10-06ESET ResearchMartina López
@online{lpez:20211006:to:8e09f8a, author = {Martina López}, title = {{To the moon and hack: Fake SafeMoon app drops malware to spy on you}}, date = {2021-10-06}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2021/10/06/moon-hack-fake-safemoon-cryptocurrency-app-drops-malware-spy/}, language = {English}, urldate = {2021-10-11} } To the moon and hack: Fake SafeMoon app drops malware to spy on you
Remcos
2021-10-06AnomaliTara Gould
@online{gould:20211006:inside:9391014, author = {Tara Gould}, title = {{Inside TeamTNT’s Impressive Arsenal: A Look Into A TeamTNT Server}}, date = {2021-10-06}, organization = {Anomali}, url = {https://www.anomali.com/blog/inside-teamtnts-impressive-arsenal-a-look-into-a-teamtnt-server}, language = {English}, urldate = {2021-10-11} } Inside TeamTNT’s Impressive Arsenal: A Look Into A TeamTNT Server
TeamTNT
2021-10-06zimperiumJordan Herman
@online{herman:20211006:malware:7f7f055, author = {Jordan Herman}, title = {{Malware Distribution with Mana Tools}}, date = {2021-10-06}, organization = {zimperium}, url = {https://community.riskiq.com/article/56e28880}, language = {English}, urldate = {2021-10-11} } Malware Distribution with Mana Tools
Agent Tesla Azorult
2021-10-05FRSecureOscar Minks
@online{minks:20211005:rebol:53830a0, author = {Oscar Minks}, title = {{The REBOL Yell: A New Novel REBOL Exploit}}, date = {2021-10-05}, organization = {FRSecure}, url = {https://frsecure.com/blog/the-rebol-yell-new-rebol-exploit/}, language = {English}, urldate = {2021-10-14} } The REBOL Yell: A New Novel REBOL Exploit
MirrorBlast