Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-05-260xToxin Labs@0xToxin
@online{0xtoxin:20230526:kraken:5536c6f, author = {@0xToxin}, title = {{Kraken - The Deep Sea Lurker Part 2}}, date = {2023-05-26}, organization = {0xToxin Labs}, url = {https://0xtoxin.github.io/threat%20hunting/KrakenKeylogger-pt2/}, language = {English}, urldate = {2023-05-26} } Kraken - The Deep Sea Lurker Part 2
KrakenKeylogger
2023-05-25MandiantKen Proska, Daniel Kapellmann Zafra, Keith Lunden, Corey Hildebrandt, Rushikesh Nandedkar, Nathan Brubaker
@online{proska:20230525:cosmicenergy:bb4b9a9, author = {Ken Proska and Daniel Kapellmann Zafra and Keith Lunden and Corey Hildebrandt and Rushikesh Nandedkar and Nathan Brubaker}, title = {{COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises}}, date = {2023-05-25}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/cosmicenergy-ot-malware-russian-response}, language = {English}, urldate = {2023-05-26} } COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises
LIGHTWORK PIEHOP
2023-05-24BushidoToken BlogBushidoToken
@online{bushidotoken:20230524:unmasking:7b4ab5b, author = {BushidoToken}, title = {{Unmasking Ransomware Using Stylometric Analysis: Shadow, 8BASE, Rancoz}}, date = {2023-05-24}, organization = {BushidoToken Blog}, url = {https://blog.bushidotoken.net/2023/05/unmasking-ransomware-using-stylometric.html}, language = {English}, urldate = {2023-05-25} } Unmasking Ransomware Using Stylometric Analysis: Shadow, 8BASE, Rancoz
2023-05-24SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20230524:chinese:2075fee, author = {Counter Threat Unit ResearchTeam}, title = {{Chinese Cyberespionage Group BRONZE SILHOUETTE Targets U.S. Government and Defense Organizations}}, date = {2023-05-24}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/chinese-cyberespionage-group-bronze-silhouette-targets-us-government-and-defense-organizations}, language = {English}, urldate = {2023-05-26} } Chinese Cyberespionage Group BRONZE SILHOUETTE Targets U.S. Government and Defense Organizations
2023-05-24MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230524:volt:e7b8951, author = {Microsoft Threat Intelligence}, title = {{Volt Typhoon targets US critical infrastructure with living-off-the-land techniques}}, date = {2023-05-24}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/}, language = {English}, urldate = {2023-05-26} } Volt Typhoon targets US critical infrastructure with living-off-the-land techniques
2023-05-24CISACISA
@online{cisa:20230524:aa23144a:ea45fbb, author = {CISA}, title = {{AA23-144a: People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection}}, date = {2023-05-24}, organization = {CISA}, url = {https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a}, language = {English}, urldate = {2023-05-26} } AA23-144a: People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection
2023-05-24ZscalerBrett Stone-Gross, Nikolaos Pantazopoulos
@online{stonegross:20230524:technical:0fd35e0, author = {Brett Stone-Gross and Nikolaos Pantazopoulos}, title = {{Technical Analysis of Pikabot}}, date = {2023-05-24}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/technical-analysis-pikabot}, language = {English}, urldate = {2023-05-26} } Technical Analysis of Pikabot
Pikabot
2023-05-23Kaspersky LabsGiampaolo Dedola
@online{dedola:20230523:meet:aa244e9, author = {Giampaolo Dedola}, title = {{Meet the GoldenJackal APT group. Don’t expect any howls}}, date = {2023-05-23}, organization = {Kaspersky Labs}, url = {https://securelist.com/goldenjackal-apt-group/109677/}, language = {English}, urldate = {2023-05-23} } Meet the GoldenJackal APT group. Don’t expect any howls
Jackal
2023-05-23ESET ResearchLukáš Štefanko
@online{tefanko:20230523:android:7ca1c6e, author = {Lukáš Štefanko}, title = {{Android app breaking bad: From legitimate screen recording to file exfiltration within a year}}, date = {2023-05-23}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2023/05/23/android-app-breaking-bad-legitimate-screen-recording-file-exfiltration/}, language = {English}, urldate = {2023-05-23} } Android app breaking bad: From legitimate screen recording to file exfiltration within a year
2023-05-22kienmanowar Blogm4n0w4r
@online{m4n0w4r:20230522:case:c053ed3, author = {m4n0w4r}, title = {{[Case study] Decrypt strings using Dumpulator}}, date = {2023-05-22}, organization = {kienmanowar Blog}, url = {https://kienmanowar.wordpress.com/2023/05/22/case-study-decrypt-strings-using-dumpulator/}, language = {English}, urldate = {2023-05-25} } [Case study] Decrypt strings using Dumpulator
2023-05-22Check PointAlexey Bukhteyev, Arie Olshtein
@online{bukhteyev:20230522:cloudbased:6c7f9dd, author = {Alexey Bukhteyev and Arie Olshtein}, title = {{Cloud-based Malware Delivery: The Evolution of GuLoader}}, date = {2023-05-22}, organization = {Check Point}, url = {https://research.checkpoint.com/2023/cloud-based-malware-delivery-the-evolution-of-guloader/}, language = {English}, urldate = {2023-05-23} } Cloud-based Malware Delivery: The Evolution of GuLoader
CloudEyE
2023-05-22Cluster25Cluster25 Threat Intel Team
@online{team:20230522:back:fdaaa98, author = {Cluster25 Threat Intel Team}, title = {{Back in Black: BlackByte Ransomware returns with its New Technology (NT) version}}, date = {2023-05-22}, organization = {Cluster25}, url = {https://blog.cluster25.duskrise.com/2023/05/22/back-in-black-blackbyte-nt}, language = {English}, urldate = {2023-05-23} } Back in Black: BlackByte Ransomware returns with its New Technology (NT) version
BlackByte
2023-05-22Trend MicroMahmoud Zohdy, Sherif Magdy, Mohamed Fahmy, Bahaa Yamany
@online{zohdy:20230522:blackcat:d839f8e, author = {Mahmoud Zohdy and Sherif Magdy and Mohamed Fahmy and Bahaa Yamany}, title = {{BlackCat Ransomware Deploys New Signed Kernel Driver}}, date = {2023-05-22}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/23/e/blackcat-ransomware-deploys-new-signed-kernel-driver.html}, language = {English}, urldate = {2023-05-23} } BlackCat Ransomware Deploys New Signed Kernel Driver
BlackCat
2023-05-22The DFIR ReportThe DFIR Report
@online{report:20230522:icedid:ecec658, author = {The DFIR Report}, title = {{IcedID Macro Ends in Nokoyawa Ransomware}}, date = {2023-05-22}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2023/05/22/icedid-macro-ends-in-nokoyawa-ransomware/}, language = {English}, urldate = {2023-05-23} } IcedID Macro Ends in Nokoyawa Ransomware
IcedID Nokoyawa Ransomware
2023-05-21Github (0xThiebaut)Maxime Thiebaut
@online{thiebaut:20230521:pcapeek:f4107bc, author = {Maxime Thiebaut}, title = {{PCAPeek}}, date = {2023-05-21}, organization = {Github (0xThiebaut)}, url = {https://github.com/0xThiebaut/PCAPeek/}, language = {English}, urldate = {2023-05-25} } PCAPeek
IcedID QakBot
2023-05-20@0xToxin
@online{0xtoxin:20230520:kraken:bda38fc, author = {@0xToxin}, title = {{Kraken - The Deep Sea Lurker Part 1}}, date = {2023-05-20}, url = {https://0xtoxin.github.io/malware%20analysis/KrakenKeylogger-pt1/}, language = {English}, urldate = {2023-05-21} } Kraken - The Deep Sea Lurker Part 1
KrakenKeylogger
2023-05-19Twitter (@embee_research)Embee_research
@online{embeeresearch:20230519:analysis:92de1d2, author = {Embee_research}, title = {{Analysis of Amadey Bot Infrastructure Using Shodan}}, date = {2023-05-19}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/amadey-bot-infrastructure/}, language = {English}, urldate = {2023-05-21} } Analysis of Amadey Bot Infrastructure Using Shodan
Amadey
2023-05-19cocomelonccocomelonc
@online{cocomelonc:20230519:malware:3b9112f, author = {cocomelonc}, title = {{Malware source code investigation: AsyncRAT}}, date = {2023-05-19}, organization = {cocomelonc}, url = {https://mssplab.github.io/threat-hunting/2023/05/19/malware-src-asyncrat.html}, language = {English}, urldate = {2023-05-26} } Malware source code investigation: AsyncRAT
AsyncRAT
2023-05-18IntezerRyan Robinson
@online{robinson:20230518:how:3acd352, author = {Ryan Robinson}, title = {{How Hackers Use Binary Padding to Outsmart Sandboxes and Infiltrate Your Systems}}, date = {2023-05-18}, organization = {Intezer}, url = {https://intezer.com/blog/research/how-hackers-use-binary-padding-to-outsmart-sandboxes/}, language = {English}, urldate = {2023-05-25} } How Hackers Use Binary Padding to Outsmart Sandboxes and Infiltrate Your Systems
Emotet
2023-05-18Twitter (@embee_research)Embee_research
@online{embeeresearch:20230518:identifying:a7f1165, author = {Embee_research}, title = {{Identifying Laplas Infrastructure Using Shodan and Censys}}, date = {2023-05-18}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/laplas-clipper-infrastructure/}, language = {English}, urldate = {2023-05-26} } Identifying Laplas Infrastructure Using Shodan and Censys
LaplasClipper