Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-11-30YoroiZ-Lab
@online{zlab:20201130:shadows:2ef4813, author = {Z-Lab}, title = {{Shadows From The Past Threaten Italian Enterprises}}, date = {2020-11-30}, organization = {Yoroi}, url = {https://yoroi.company/research/shadows-from-the-past-threaten-italian-enterprises/}, language = {English}, urldate = {2020-12-01} } Shadows From The Past Threaten Italian Enterprises
2020-11-30MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20201130:threat:2633df5, author = {Microsoft 365 Defender Threat Intelligence Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Threat actor (BISMUTH) leverages coin miner techniques to stay under the radar – here’s how to spot them}}, date = {2020-11-30}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/11/30/threat-actor-leverages-coin-miner-techniques-to-stay-under-the-radar-heres-how-to-spot-them/}, language = {English}, urldate = {2020-12-01} } Threat actor (BISMUTH) leverages coin miner techniques to stay under the radar – here’s how to spot them
Cobalt Strike
2020-11-30Malwarebyteshasherezade, Jérôme Segura
@online{hasherezade:20201130:german:72b40c6, author = {hasherezade and Jérôme Segura}, title = {{German users targeted with Gootkit banker or REvil ransomware}}, date = {2020-11-30}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2020/11/german-users-targeted-with-gootkit-banker-or-revil-ransomware/}, language = {English}, urldate = {2020-12-03} } German users targeted with Gootkit banker or REvil ransomware
GootKit REvil
2020-11-27Trend MicroLuis Magisa, Steven Du
@online{magisa:20201127:new:851ac9b, author = {Luis Magisa and Steven Du}, title = {{New MacOS Backdoor Connected to OceanLotus Surfaces}}, date = {2020-11-27}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/20/k/new-macos-backdoor-connected-to-oceanlotus-surfaces.html}, language = {English}, urldate = {2020-12-01} } New MacOS Backdoor Connected to OceanLotus Surfaces
OceanLotus APT32
2020-11-27HPAlex Holland
@online{holland:20201127:aggah:7dd38ba, author = {Alex Holland}, title = {{Aggah Campaign’s Latest Tactics: Victimology, PowerPoint Dropper and Cryptocurrency Stealer}}, date = {2020-11-27}, organization = {HP}, url = {https://threatresearch.ext.hp.com/aggah-campaigns-latest-tactics-victimology-powerpoint-dropper-and-cryptocurrency-stealer/}, language = {English}, urldate = {2020-11-27} } Aggah Campaign’s Latest Tactics: Victimology, PowerPoint Dropper and Cryptocurrency Stealer
Agent Tesla
2020-11-27Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20201127:threat:212be73, author = {Marco Ramilli}, title = {{Threat Actor: Unkown}}, date = {2020-11-27}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2020/11/27/threat-actor-unkown/}, language = {English}, urldate = {2020-12-01} } Threat Actor: Unkown
Unidentified JS 004
2020-11-27PTSecurityDenis Goydenko, Alexey Vishnyakov
@online{goydenko:20201127:investigation:7d12cee, author = {Denis Goydenko and Alexey Vishnyakov}, title = {{Investigation with a twist: an accidental APT attack and averted data destruction}}, date = {2020-11-27}, organization = {PTSecurity}, url = {https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/incident-response-polar-ransomware-apt27/}, language = {English}, urldate = {2020-12-01} } Investigation with a twist: an accidental APT attack and averted data destruction
TwoFace CHINACHOPPER HyperBro MegaCortex MimiKatz LuckyMouse
2020-11-27malware.loveRobert Giczewski
@online{giczewski:20201127:having:7cd6ae8, author = {Robert Giczewski}, title = {{Having fun with a Ursnif VBS dropper}}, date = {2020-11-27}, organization = {malware.love}, url = {https://malware.love/malware_analysis/reverse_engineering/2020/11/27/analyzing-a-vbs-dropper.html}, language = {English}, urldate = {2020-12-01} } Having fun with a Ursnif VBS dropper
ISFB Snifula
2020-11-27Fiducia & GAD IT AGFrank Boldewin
@techreport{boldewin:20201127:when:9697611, author = {Frank Boldewin}, title = {{When ransomware hits an ATM giant - The Diebold Nixdorf case dissected}}, date = {2020-11-27}, institution = {Fiducia & GAD IT AG}, url = {https://raw.githubusercontent.com/fboldewin/When-ransomware-hits-an-ATM-giant---The-Diebold-Nixdorf-case-dissected/main/When%20ransomware%20hits%20an%20ATM%20giant%20-%20The%20Diebold%20Nixdorf%20case%20dissected%20-%20Group-IB%20CyberCrimeCon2020.pdf}, language = {English}, urldate = {2020-12-01} } When ransomware hits an ATM giant - The Diebold Nixdorf case dissected
PwndLocker QakBot
2020-11-26Arch Cloud LabsArchCloud
@online{archcloud:20201126:tracking:46717fb, author = {ArchCloud}, title = {{Tracking Cryptocurrency Malware in The Homelab}}, date = {2020-11-26}, organization = {Arch Cloud Labs}, url = {https://www.archcloudlabs.com/projects/tracking_cryptominer_domains/}, language = {English}, urldate = {2020-12-03} } Tracking Cryptocurrency Malware in The Homelab
2020-11-26CheckpointCheck Point Research
@online{research:20201126:bandook:7796023, author = {Check Point Research}, title = {{Bandook: Signed & Delivered}}, date = {2020-11-26}, organization = {Checkpoint}, url = {https://research.checkpoint.com/2020/bandook-signed-delivered/}, language = {English}, urldate = {2020-12-01} } Bandook: Signed & Delivered
Bandook
2020-11-26SUCURILuke Leal
@online{leal:20201126:hackers:7ab5846, author = {Luke Leal}, title = {{Hackers Love Expired Domains}}, date = {2020-11-26}, organization = {SUCURI}, url = {https://blog.sucuri.net/2020/11/hackers-love-expired-domains.html}, language = {English}, urldate = {2020-12-01} } Hackers Love Expired Domains
2020-11-26Medium SebdravenSébastien Larinier
@online{larinier:20201126:actor:449d888, author = {Sébastien Larinier}, title = {{Actor behind Operation LagTime targets Russia}}, date = {2020-11-26}, organization = {Medium Sebdraven}, url = {https://sebdraven.medium.com/actor-behind-operation-lagtime-targets-russia-f8c277dc52a9}, language = {English}, urldate = {2020-12-01} } Actor behind Operation LagTime targets Russia
Unidentified 079 (LagTime Downloader)
2020-11-25AvananMichael Landewe
@online{landewe:20201125:microsoft:8e34f00, author = {Michael Landewe}, title = {{Microsoft Teams: New Attack Form Almost Takes Down Global Financial Institution}}, date = {2020-11-25}, organization = {Avanan}, url = {https://www.avanan.com/blog/proof-of-concept-teams-malware-attack-found-in-wild}, language = {English}, urldate = {2020-12-01} } Microsoft Teams: New Attack Form Almost Takes Down Global Financial Institution
2020-11-24IntezerAvigayil Mechtinger
@online{mechtinger:20201124:stantinkos:0b1bea9, author = {Avigayil Mechtinger}, title = {{Stantinko’s Proxy After Your Apache Server}}, date = {2020-11-24}, organization = {Intezer}, url = {https://www.intezer.com/blog/research/stantinkos-proxy-after-your-apache-server/}, language = {English}, urldate = {2020-11-25} } Stantinko’s Proxy After Your Apache Server
Stantinko
2020-11-24Trend MicroJaromír Hořejší, David Fiser
@online{hoej:20201124:analysis:9e93ede, author = {Jaromír Hořejší and David Fiser}, title = {{Analysis of Kinsing Malware's Use of Rootkit}}, date = {2020-11-24}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/20/k/analysis-of-kinsing-malwares-use-of-rootkit.html}, language = {English}, urldate = {2020-11-25} } Analysis of Kinsing Malware's Use of Rootkit
Kinsing
2020-11-23S2W LAB Inc.TALON
@online{talon:20201123:s2w:97212ec, author = {TALON}, title = {{[S2W LAB] Analysis of Clop Ransomware suspiciously related to the Recent Incident}}, date = {2020-11-23}, organization = {S2W LAB Inc.}, url = {https://www.notion.so/S2W-LAB-Analysis-of-Clop-Ransomware-suspiciously-related-to-the-Recent-Incident-English-088056baf01242409a6e9f844f0c5f2e}, language = {English}, urldate = {2020-12-03} } [S2W LAB] Analysis of Clop Ransomware suspiciously related to the Recent Incident
Clop
2020-11-23ProofpointProofpoint Threat Research Team
@online{team:20201123:ta416:60e8b7e, author = {Proofpoint Threat Research Team}, title = {{TA416 Goes to Ground and Returns with a Golang PlugX Malware Loader}}, date = {2020-11-23}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/ta416-goes-ground-and-returns-golang-plugx-malware-loader}, language = {English}, urldate = {2020-11-25} } TA416 Goes to Ground and Returns with a Golang PlugX Malware Loader
PlugX
2020-11-23FBIFBI
@online{fbi:20201123:alert:b813e71, author = {FBI}, title = {{Alert Number I-112320-PSA: Spoofed FBI Internet Domains Pose Cyber and Disinformation Risks}}, date = {2020-11-23}, organization = {FBI}, url = {https://www.ic3.gov/Media/Y2020/PSA201123}, language = {English}, urldate = {2020-11-25} } Alert Number I-112320-PSA: Spoofed FBI Internet Domains Pose Cyber and Disinformation Risks
2020-11-23BitdefenderLiviu Arsene, Radu Tudorica
@online{arsene:20201123:trickbot:bcf3c42, author = {Liviu Arsene and Radu Tudorica}, title = {{TrickBot is Dead. Long Live TrickBot!}}, date = {2020-11-23}, organization = {Bitdefender}, url = {https://labs.bitdefender.com/2020/11/trickbot-is-dead-long-live-trickbot/}, language = {English}, urldate = {2020-11-25} } TrickBot is Dead. Long Live TrickBot!
TrickBot