Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-01-25ESET ResearchMarc-Etienne M.Léveillé, Anton Cherepanov
@online{mlveill:20220125:watering:e1afb71, author = {Marc-Etienne M.Léveillé and Anton Cherepanov}, title = {{Watering hole deploys new macOS malware, DazzleSpy, in Asia}}, date = {2022-01-25}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2022/01/25/watering-hole-deploys-new-macos-malware-dazzlespy-asia/}, language = {English}, urldate = {2022-01-25} } Watering hole deploys new macOS malware, DazzleSpy, in Asia
2022-01-25TrellixMarc Elias, Christiaan Beek, Alexandre Mundo, Leandro Velasco, Max Kersten
@online{elias:20220125:prime:20a5b0c, author = {Marc Elias and Christiaan Beek and Alexandre Mundo and Leandro Velasco and Max Kersten}, title = {{Prime Minister’s Office Compromised: Details of Recent Espionage Campaign}}, date = {2022-01-25}, organization = {Trellix}, url = {https://www.trellix.com/en-gb/about/newsroom/stories/threat-labs/prime-ministers-office-compromised.html}, language = {English}, urldate = {2022-01-25} } Prime Minister’s Office Compromised: Details of Recent Espionage Campaign
Graphite
2022-01-24Trend MicroTrend Micro
@techreport{micro:20220124:investigating:7727327, author = {Trend Micro}, title = {{Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal}}, date = {2022-01-24}, institution = {Trend Micro}, url = {https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/investigating-apt36-or-earth-karkaddan-attack-chain-and-malware-arsenal/Earth%20Karkaddan%20APT-%20Adversary%20Intelligence%20and%20Monitoring%20Report.pdf}, language = {English}, urldate = {2022-01-25} } Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal
Crimson RAT Oblique RAT
2022-01-24AvastPavlína Kopecká
@online{kopeck:20220124:web:0c4cbcc, author = {Pavlína Kopecká}, title = {{Web Skimming Attacks Using Google Tag Manager}}, date = {2022-01-24}, organization = {Avast}, url = {https://decoded.avast.io/pavlinakopecka/web-skimming-attacks-using-google-tag-manager/}, language = {English}, urldate = {2022-01-25} } Web Skimming Attacks Using Google Tag Manager
2022-01-24Kryptos LogicKryptos Logic Vantage Team
@online{team:20220124:deep:bb877d2, author = {Kryptos Logic Vantage Team}, title = {{Deep Dive into Trickbot's Web Injection}}, date = {2022-01-24}, organization = {Kryptos Logic}, url = {https://www.kryptoslogic.com/blog/2022/01/deep-dive-into-trickbots-web-injection/}, language = {English}, urldate = {2022-01-25} } Deep Dive into Trickbot's Web Injection
TrickBot
2022-01-24The DFIR ReportThe DFIR Report
@online{report:20220124:cobalt:b0b48ee, author = {The DFIR Report}, title = {{Cobalt Strike, a Defender’s Guide – Part 2}}, date = {2022-01-24}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2022/01/24/cobalt-strike-a-defenders-guide-part-2/}, language = {English}, urldate = {2022-01-25} } Cobalt Strike, a Defender’s Guide – Part 2
Cobalt Strike
2022-01-24Trend MicroTrend Micro
@online{micro:20220124:investigating:a7e6049, author = {Trend Micro}, title = {{Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal (IOCs)}}, date = {2022-01-24}, organization = {Trend Micro}, url = {https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/investigating-apt36-or-earth-karkaddan-attack-chain-and-malware-arsenal/IoCs_Investigating%20APT36%20or%20Earth%20Karkaddan%20Attack%20Chain%20and%20Malware%20Arsenal.rtf}, language = {English}, urldate = {2022-01-25} } Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal (IOCs)
Crimson RAT Oblique RAT
2022-01-24IBMMichael Gal, Segev Fogel, Itzik Chimino, Limor Kessem, Charlotte Hammond
@online{gal:20220124:trickbot:8a030b3, author = {Michael Gal and Segev Fogel and Itzik Chimino and Limor Kessem and Charlotte Hammond}, title = {{TrickBot Bolsters Layered Defenses to Prevent Injection Research}}, date = {2022-01-24}, organization = {IBM}, url = {https://securityintelligence.com/posts/trickbot-bolsters-layered-defenses-prevent-injection/}, language = {English}, urldate = {2022-01-25} } TrickBot Bolsters Layered Defenses to Prevent Injection Research
TrickBot
2022-01-24Trend MicroJunestherry Dela Cruz
@online{cruz:20220124:analysis:5807286, author = {Junestherry Dela Cruz}, title = {{Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant}}, date = {2022-01-24}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/a/analysis-and-Impact-of-lockbit-ransomwares-first-linux-and-vmware-esxi-variant.html}, language = {English}, urldate = {2022-01-25} } Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant
LockBit LockBit
2022-01-24Check Point ResearchDikla Barda, Romain Zaikin, Oded Vanunu
@online{barda:20220124:scammers:df4feaf, author = {Dikla Barda and Romain Zaikin and Oded Vanunu}, title = {{Scammers are creating new fraudulent Crypto Tokens and misconfiguring smart contract’s to steal funds}}, date = {2022-01-24}, organization = {Check Point Research}, url = {https://research.checkpoint.com/2022/scammers-are-creating-new-fraudulent-crypto-tokens-and-misconfiguring-smart-contracts-to-steal-funds/}, language = {English}, urldate = {2022-01-25} } Scammers are creating new fraudulent Crypto Tokens and misconfiguring smart contract’s to steal funds
2022-01-24ProofpointProofpoint
@online{proofpoint:20220124:dtpacker:6d34c1b, author = {Proofpoint}, title = {{DTPacker – a .NET Packer with a Curious Password}}, date = {2022-01-24}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/dtpacker-net-packer-curious-password-1}, language = {English}, urldate = {2022-01-25} } DTPacker – a .NET Packer with a Curious Password
Agent Tesla
2022-01-24CleafyCleafy
@online{cleafy:20220124:how:b4fcbab, author = {Cleafy}, title = {{How BRATA is monitoring your bank account}}, date = {2022-01-24}, organization = {Cleafy}, url = {https://www.cleafy.com/cleafy-labs/how-brata-is-monitoring-your-bank-account}, language = {English}, urldate = {2022-01-25} } How BRATA is monitoring your bank account
BRATA
2022-01-24Red CanaryThe Red Canary Team
@online{team:20220124:intelligence:32ceda6, author = {The Red Canary Team}, title = {{Intelligence Insights: January 2022}}, date = {2022-01-24}, organization = {Red Canary}, url = {https://redcanary.com/blog/intelligence-insights-january-2022/}, language = {English}, urldate = {2022-01-25} } Intelligence Insights: January 2022
Blister Conficker
2022-01-24Trend MicroTrend Micro
@online{micro:20220124:investigating:5e9386a, author = {Trend Micro}, title = {{Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal}}, date = {2022-01-24}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/a/investigating-apt36-or-earth-karkaddans-attack-chain-and-malware.html}, language = {English}, urldate = {2022-01-25} } Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal
CapraRAT Crimson RAT Oblique RAT
2022-01-23kienmanowar Blogm4n0w4r, Tran Trung Kien
@online{m4n0w4r:20220123:quicknote:852995b, author = {m4n0w4r and Tran Trung Kien}, title = {{[QuickNote] Emotet epoch4 & epoch5 tactics}}, date = {2022-01-23}, organization = {kienmanowar Blog}, url = {https://kienmanowar.wordpress.com/2022/01/23/quicknote-emotet-epoch4-epoch5-tactics/}, language = {English}, urldate = {2022-01-25} } [QuickNote] Emotet epoch4 & epoch5 tactics
Emotet
2022-01-23forensicitguyTony Lambert
@online{lambert:20220123:hcrypt:0b8945b, author = {Tony Lambert}, title = {{HCrypt Injecting BitRAT using PowerShell, HTAs, and .NET}}, date = {2022-01-23}, organization = {forensicitguy}, url = {https://forensicitguy.github.io/hcrypt-injecting-bitrat-analysis/}, language = {English}, urldate = {2022-01-25} } HCrypt Injecting BitRAT using PowerShell, HTAs, and .NET
BitRAT
2022-01-23abuse.chabuse.ch
@online{abusech:20220123:nw0rm:3ff0a18, author = {abuse.ch}, title = {{N-W0rm malware samples}}, date = {2022-01-23}, organization = {abuse.ch}, url = {https://bazaar.abuse.ch/browse/tag/N-W0rm/}, language = {English}, urldate = {2022-01-25} } N-W0rm malware samples
N-W0rm
2022-01-21Twitte (@s4tan)Antonio Parata
@online{parata:20220121:analyzing:53d0a8a, author = {Antonio Parata}, title = {{Analyzing an IDA Pro anti-decompilation code}}, date = {2022-01-21}, organization = {Twitte (@s4tan)}, url = {https://antonioparata.blogspot.com/2022/01/analyzing-ida-pro-anti-decompilation.html}, language = {English}, urldate = {2022-01-25} } Analyzing an IDA Pro anti-decompilation code
2022-01-21Twitter (@_CPResearch_)Check Point Research
@online{research:20220121:whitelambert:e5581c9, author = {Check Point Research}, title = {{Tweet on WhiteLambert malware}}, date = {2022-01-21}, organization = {Twitter (@_CPResearch_)}, url = {https://twitter.com/_CPResearch_/status/1484502090068242433}, language = {English}, urldate = {2022-01-25} } Tweet on WhiteLambert malware
Lambert
2022-01-21MalGamyGameel Ali
@online{ali:20220121:deep:fe5caf7, author = {Gameel Ali}, title = {{Deep Analysis Agent Tesla Malware}}, date = {2022-01-21}, organization = {MalGamy}, url = {https://malgamy.github.io/malware-analysis/Deep-Analysis-Agent-Tesla/}, language = {English}, urldate = {2022-01-25} } Deep Analysis Agent Tesla Malware
Agent Tesla