Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-02-25DomainToolsJoe Slowik
@online{slowik:20210225:continuous:34f997e, author = {Joe Slowik}, title = {{The Continuous Conundrum of Cloud Atlas}}, date = {2021-02-25}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/the-continuous-conundrum-of-cloud-atlas}, language = {English}, urldate = {2021-02-25} } The Continuous Conundrum of Cloud Atlas
2021-02-25JPCERT/CCKen Sajo
@online{sajo:20210225:emotet:f78fb4e, author = {Ken Sajo}, title = {{Emotet Disruption and Outreach to Affected Users}}, date = {2021-02-25}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2021/02/emotet-notice.html}, language = {English}, urldate = {2021-02-25} } Emotet Disruption and Outreach to Affected Users
Emotet
2021-02-25MicrosoftMicrosoft
@online{microsoft:20210225:codeql:a43a525, author = {Microsoft}, title = {{CodeQL queries to hunt for Solorigate activity}}, date = {2021-02-25}, organization = {Microsoft}, url = {https://github.com/github/codeql/tree/main/csharp/ql/src/experimental/Security%20Features/campaign}, language = {English}, urldate = {2021-02-25} } CodeQL queries to hunt for Solorigate activity
SUNBURST
2021-02-25MicrosoftMicrosoft Identity Security Team
@online{team:20210225:microsoft:bd11fce, author = {Microsoft Identity Security Team}, title = {{Microsoft open sources CodeQL queries used to hunt for Solorigate activity}}, date = {2021-02-25}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/02/25/microsoft-open-sources-codeql-queries-used-to-hunt-for-solorigate-activity/}, language = {English}, urldate = {2021-02-25} } Microsoft open sources CodeQL queries used to hunt for Solorigate activity
SUNBURST
2021-02-25360 Total Securitykate
@online{kate:20210225:darkworld:c49b538, author = {kate}, title = {{DarkWorld Ransomware}}, date = {2021-02-25}, organization = {360 Total Security}, url = {https://blog.360totalsecurity.com/en/darkworld-ransomware/}, language = {English}, urldate = {2021-02-25} } DarkWorld Ransomware
2021-02-25BrightTALK (FireEye)Andrew Rector, Matt Bromiley, Mandiant
@online{rector:20210225:light:005aa58, author = {Andrew Rector and Matt Bromiley and Mandiant}, title = {{Light in the Dark: Hunting for SUNBURST}}, date = {2021-02-25}, organization = {BrightTALK (FireEye)}, url = {https://www.brighttalk.com/webcast/7451/469525}, language = {English}, urldate = {2021-02-20} } Light in the Dark: Hunting for SUNBURST
SUNBURST
2021-02-25Kaspersky LabsVyacheslav Kopeytsev, Seongsu Park
@online{kopeytsev:20210225:lazarus:c887c21, author = {Vyacheslav Kopeytsev and Seongsu Park}, title = {{Lazarus targets defense industry with ThreatNeedle}}, date = {2021-02-25}, organization = {Kaspersky Labs}, url = {https://securelist.com/lazarus-threatneedle/100803/}, language = {English}, urldate = {2021-02-25} } Lazarus targets defense industry with ThreatNeedle
Volgmer
2021-02-25IntezerIntezer
@techreport{intezer:20210225:year:eb47cd1, author = {Intezer}, title = {{Year of the Gopher A 2020 Go Malware Round-Up}}, date = {2021-02-25}, institution = {Intezer}, url = {https://www.intezer.com/wp-content/uploads/2021/02/Intezer-2020-Go-Malware-Round-Up.pdf}, language = {English}, urldate = {2021-02-25} } Year of the Gopher A 2020 Go Malware Round-Up
WellMail elf.wellmess ArdaMax AsyncRAT CyberGate DarkComet Glupteba Nanocore RAT Nefilim Ransomware NjRAT Quasar RAT WellMess Zebrocy
2021-02-25Recorded FutureInsikt GroupĀ®
@techreport{group:20210225:business:9e4763a, author = {Insikt GroupĀ®}, title = {{The Business of Fraud: An Overview of How Cybercrime Gets Monetized}}, date = {2021-02-25}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/cta-2021-0224.pdf}, language = {English}, urldate = {2021-02-26} } The Business of Fraud: An Overview of How Cybercrime Gets Monetized
2021-02-25ProofpointMichael Raggi, Proofpoint Threat Research Team
@online{raggi:20210225:ta413:400254c, author = {Michael Raggi and Proofpoint Threat Research Team}, title = {{TA413 Leverages New FriarFox Browser Extension to Target the Gmail Accounts of Global Tibetan Organizations}}, date = {2021-02-25}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/ta413-leverages-new-friarfox-browser-extension-target-gmail-accounts-global}, language = {English}, urldate = {2021-02-25} } TA413 Leverages New FriarFox Browser Extension to Target the Gmail Accounts of Global Tibetan Organizations
scanbox Sepulcher
2021-02-25MinervaMinerva Labs
@online{labs:20210225:preventing:c968dbc, author = {Minerva Labs}, title = {{Preventing AgentTelsa Infiltration}}, date = {2021-02-25}, organization = {Minerva}, url = {https://blog.minerva-labs.com/preventing-agenttesla}, language = {English}, urldate = {2021-02-25} } Preventing AgentTelsa Infiltration
Agent Tesla
2021-02-25FireEyeBryce Abdo, Brendan McKeague, Van Ta
@online{abdo:20210225:so:88f3400, author = {Bryce Abdo and Brendan McKeague and Van Ta}, title = {{So Unchill: Melting UNC2198 ICEDID to Ransomware Operations}}, date = {2021-02-25}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html}, language = {English}, urldate = {2021-02-25} } So Unchill: Melting UNC2198 ICEDID to Ransomware Operations
Cobalt Strike IcedID Maze SystemBC
2021-02-24MalwarebytesHossein Jazi
@techreport{jazi:20210224:lazyscripter:433f4bc, author = {Hossein Jazi}, title = {{LazyScripter: From Empire to double RAT}}, date = {2021-02-24}, institution = {Malwarebytes}, url = {https://resources.malwarebytes.com/files/2021/02/LazyScripter.pdf}, language = {English}, urldate = {2021-02-25} } LazyScripter: From Empire to double RAT
Octopus Koadic
2021-02-24VMWare Carbon BlackTakahiro Haruyama
@techreport{haruyama:20210224:knock:f4903a2, author = {Takahiro Haruyama}, title = {{Knock, knock, Neo. - Active C2 Discovery Using Protocol Emulation}}, date = {2021-02-24}, institution = {VMWare Carbon Black}, url = {https://jsac.jpcert.or.jp/archive/2021/pdf/JSAC2021_201_haruyama_jp.pdf}, language = {Japanese}, urldate = {2021-02-26} } Knock, knock, Neo. - Active C2 Discovery Using Protocol Emulation
Cobalt Strike
2021-02-24US-CERTUS-CERT, CISA
@online{uscert:20210224:malware:a4ab797, author = {US-CERT and CISA}, title = {{Malware Analysis Report (AR21-055A): Accellion FTA}}, date = {2021-02-24}, organization = {US-CERT}, url = {https://us-cert.cisa.gov/ncas/analysis-reports/ar21-055a}, language = {English}, urldate = {2021-02-25} } Malware Analysis Report (AR21-055A): Accellion FTA
DEWMODE
2021-02-24AllsafeShota Nakajima, Hara Hiroaki
@techreport{nakajima:20210224:malware:0f5ff88, author = {Shota Nakajima and Hara Hiroaki}, title = {{Malware Analysis at Scale - Defeating Emotet by Ghidra}}, date = {2021-02-24}, institution = {Allsafe}, url = {https://jsac.jpcert.or.jp/archive/2021/pdf/JSAC2021_workshop_malware-analysis_jp.pdf}, language = {English}, urldate = {2021-02-26} } Malware Analysis at Scale - Defeating Emotet by Ghidra
Emotet
2021-02-24RiskIQJordan Herman
@online{herman:20210224:turkey:2d3f340, author = {Jordan Herman}, title = {{Turkey Dog: Cerberus and Anubis Banking Trojans Target Turkish Speakers}}, date = {2021-02-24}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/85b3db8c}, language = {English}, urldate = {2021-02-25} } Turkey Dog: Cerberus and Anubis Banking Trojans Target Turkish Speakers
Anubis Cerberus
2021-02-24US-CERTUS-CERT, CISA
@online{uscert:20210224:alert:2a6aea5, author = {US-CERT and CISA}, title = {{Alert (AA21-055A): Exploitation of Accellion File Transfer Appliance}}, date = {2021-02-24}, organization = {US-CERT}, url = {https://us-cert.cisa.gov/ncas/alerts/aa21-055a}, language = {English}, urldate = {2021-02-25} } Alert (AA21-055A): Exploitation of Accellion File Transfer Appliance
2021-02-24Yusuke Niwa, Motohiko Sato, Hajime Yanagishita, Charles Li, Suguru Ishimaru
@techreport{niwa:20210224:a41apt:d20a784, author = {Yusuke Niwa and Motohiko Sato and Hajime Yanagishita and Charles Li and Suguru Ishimaru}, title = {{A41APT case - Analysis of the Stealth APT Campaign Threatening Japan}}, date = {2021-02-24}, institution = {}, url = {https://jsac.jpcert.or.jp/archive/2021/pdf/JSAC2021_202_niwa-yanagishita_en.pdf}, language = {English}, urldate = {2021-02-26} } A41APT case - Analysis of the Stealth APT Campaign Threatening Japan
SodaMaster
2021-02-24Bleeping ComputerSergiu Gatlan
@online{gatlan:20210224:nasa:646b084, author = {Sergiu Gatlan}, title = {{NASA and the FAA were also breached by the SolarWinds hackers}}, date = {2021-02-24}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/nasa-and-the-faa-were-also-breached-by-the-solarwinds-hackers/}, language = {English}, urldate = {2021-02-25} } NASA and the FAA were also breached by the SolarWinds hackers
SUNBURST